Network Router User Manual

ManualsBrandsBrocade Communications Systems ManualsNetwork RouterBrocade Mobility Controller RFS6000

Table Of Contents

About This Document
- In this chapter
- Audience
- How to use this guide
- Supported hardware and software
- Document conventions
- Notice to the reader
- Web support sites
Introduction
- In this chapter
- CLI overview
  - Configuration for connecting to the CLI using a terminal emulator
  - CLI Modes
- Getting context sensitive help
- Using the no and default command forms
Common Commands
- In this chapter
- Common commands
- show
User Exec Commands
- In this chapter
- User exec commands
Privileged Exec Commands
- In this chapter
- Priv Exec command
Global Configuration Commands
- In this chapter
- Global Configuration commands
Crypto-isakmp Instance
- In this chapter
- Crypto ISAKMP config commands
Crypto-group Instance
- In this chapter
- Crypto Group config commands
  - clrscr
  - dns
  - end
  - exit
  - help
  - service
  - show
  - wins
Crypto-peer Instance
- In this chapter
- Crypto Peer config commands
  - clrscr
  - end
  - exit
  - help
  - no
  - service
  - set
  - show
Crypto-ipsec Instance
- In this chapter
- Crypto IPSec config commands
  - end
  - exit
  - help
  - mode
  - no
  - show
  - service
Crypto-map Instance
- In this chapter
- Crypto Map config commands
  - clrscr
  - end
  - exit
  - help
  - match
  - no
  - service
  - set
  - show
Crypto-trustpoint Instance
- In this chapter
- Trustpoint (PKI) config commands
Interface Instance
- In this chapter
- Interface config commands
Spanning tree-mst Instance
- In this chapter
- mst config commands
  - clrscr
  - end
  - exit
  - help
  - instance
  - name
  - no
  - revision
  - service
  - show
Extended ACL Instance
- In this chapter
- Extended ACL config commands
  - clrscr
  - deny
  - end
  - exit
  - help
  - mark
  - no
  - permit
  - service
  - show
- Configuring IP Extended ACL
Standard ACL Instance
- In this chapter
- Standard ACL config commands
  - clrscr
  - deny
  - end
  - exit
  - help
  - mark
  - no
  - permit
  - service
  - show
- Use case: configuring IP standard ACL
Extended MAC ACL Instance
- In this chapter
- MAC Extended ACL config commands
  - clrscr
  - deny
  - end
  - exit
  - help
  - mark
  - no
  - permit
  - service
  - show
- Configuring MAC Extended ACL
DHCP Server Instance
- In this chapter
- DHCP Config commands
- Configuring the DHCP server using controller CLI
DHCP Class Instance
- In this chapter
- DHCP Server Class config commands
Radius Server Instance
- In this chapter
- Radius configuration commands
Wireless Instance
- In this chapter
- Wireless configuration commands
RTLS Instance
- In this chapter
- RTLS config commands
  - aeroscout
  - clear
  - clrscr
  - end
  - espi
  - exit
  - help
  - ekahau
  - no
  - reference-tag
  - rfid
  - service
  - show
  - site
  - sole
  - controller
  - zone
  - ap
ESPI Instance
- In this chapter
- ESPI config commands
  - adapter
  - clrscr
  - end
  - exit
  - help
  - no
  - service
  - show
RFID Instance
- In this chapter
- RFID config commands
  - activate
  - clrscr
  - end
  - exit
  - help
  - no
  - reader
  - service
  - show
SOLE Instance
- In this chapter
- SOLE config commands
Smart RF Instance
- In this chapter
- smart-rf config commands
Role Instance
- In this chapter
- Role config commands
AAP IP Filtering
- In this chapter
- AAP IP Filter config commands

53-1001931-01

Sept 2010

Brocade Mobility RFS4000,

RFS6000 and RFS7000

CLI Reference Guide

Supporting software release 4.3.0.0 and later

Summary of content (839 pages)

PAGE 1
53-1001931-01 Sept 2010 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide Supporting software release 4.3.0.
PAGE 2
Copyright © 2010 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron, SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
PAGE 3
About This Document 13 In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 How to use this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Product downloads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 4
port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 country-code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 crypto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336 no . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337 service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 8
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384 11 Crypto-trustpoint Instance 387 In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 Trustpoint (PKI) config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 9
instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440 name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441 no . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 10
17 DHCP Server Instance 507 In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 DHCP Config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 11
ca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558 clrscr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559 crl-check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 12
nas-port-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640 no . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641 proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 13
23 RFID Instance 739 In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739 RFID config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739 activate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 14
26 Role Instance 801 In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801 Role config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801 ap-location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 15
About This Document In this chapter • Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Web support sites . . . . . . . . . .
PAGE 16
How to use this guide How to use this guide This guide will help you implement, configure, and administer the controller and associated network elements. This guide is organized into the following sections: 14 Chapter Jump to this section if you want to... Chapter 1, “Introduction” Review the overall feature-set of the controller, as well as the many configuration options available.
PAGE 17
How to use this guide Chapter Jump to this section if you want to...
PAGE 18
How to use this guide For readability, command names in the narrative portions of this guide are presented in mixed lettercase: for example, controllerShow. In actual examples, command lettercase is often all lowercase. Otherwise, this manual specifically notes those cases in which a command is case sensitive.
PAGE 19
How to use this guide . Command syntax conventions command / keyword The first word is always a command. Keywords are words that must be entered as is. Commands and keywords are mandatory. For example, the command, RFController>show wlan 1 is documented as show wlan where: • show – The command • wlan – The keyword Variables are described with a short description enclosed within a ‘<‘ and a ‘>’ pair.
PAGE 20
How to use this guide {} Any command/keyword/variable or a combination of them inside a ‘{‘ & ‘}’ pair is optional. All optional commands follow the same conventions as listed above. However they are displayed italicized. For example, the command RFController> show autoinstall .... is documented as show autoinstall {status} Here: • show autostatus– The command. This command can also be used as show autostatus • {status} – The optional keyword status.
PAGE 21
How to use this guide These references are made for informational purposes only. Corporation Referenced trademarks and products Phillips Screw Company, Inc. Phillips Web support sites Product downloads http://www.brocade.com Manuals http://www.brocade.com Additional information http://www.brocade.
PAGE 22
How to use this guide 20 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 23
Chapter 1 Introduction In this chapter • CLI overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 • Getting context sensitive help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 • Using the no and default command forms . . . . . . . . . . . . . . . . . . . . . . . . . . 26 This chapter describes the commands defined by the controller Command Line Interface (CLI).
PAGE 24
1 CLI overview Configuration for connecting to the CLI using a terminal emulator Use the following settings to configure your terminal emulator for connecting to the controller’s CLI. Bits Per Second 19200 Data Bits 8 Parity None Stop Bit 1 Flow Control None When a CLI session is established, to access the controller, do as follows (user input is in bold) login as: cli User Access Verification Username: Use the following credentials when logging to the CLI for the first time.
PAGE 25
CLI overview 1 Access the GLOBAL CONFIG mode from the PRIV EXEC mode. In GLOBAL CONFIG mode, enter commands that set general system characteristics. Configuration modes, allow you to change the running configuration. If you save the configuration later, these commands are stored across controller reboots. Access a variety of protocol-specific (or feature-specific) modes from the global configuration mode.
PAGE 26
1 Getting context sensitive help TABLE 1 RF Controller CLI Hierarchy User Exec Mode Priv Exec Mode Global Configuration Mode ping ntp pwd prompt quit radius-server reload redundancy rename rtls rmdir service service show show smtp-notification telnet snmp-server terminal spanning-tree traceroute timezone upgrade traffic-shape upgrade-abort username write vpn format wireless wireless-acl firewall network-element-id ratelimit role virtual-ip wwan To return from the Global
PAGE 27
Getting context sensitive help 1 Use the following commands to obtain help specific to a command mode, command name, keyword or argument: Command Description (prompt)# help Displays a brief description of the help system (prompt)# abbreviated-command-entry? Lists commands in the current mode that begin with a particular character string (prompt)# abbreviated-command-entry Completes a partial command name (prompt)# ? Lists all commands available in the command mode (prompt)# command ? Lists
PAGE 28
1 Using the no and default command forms anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'show ve?'.
PAGE 29
Using the no and default command forms 1 Moving the cursor on the command line Table 2 shows the key combinations or sequences to move the cursor on the command line. Ctrl defines the Control key, which must be pressed simultaneously with its associated letter key. Esc supports the Escape key (which must be pressed first), followed by its associated letter key. Keys are not case sensitive. Specific letters are used to provide an easy way of remembering their functions.
PAGE 30
1 Using the no and default command forms The CLI recognizes a command once you have entered enough characters to make the command unique. If you enter “conf” within the privileged EXEC mode, the CLI associates the entry with the configure command, since only the configure command begins with conf.
PAGE 31
Using the no and default command forms 1 Command output pagination Output often extends beyond the visible screen length. For cases where output continues beyond the screen, the output is paused and a Press Any Key to Continue (Q to Quit) prompt displays at the bottom of the screen. To resume the output, press the Return key to scroll down one line or press the Spacebar to display the next full screen of output.
PAGE 32
1 30 Using the no and default command forms Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 33
Chapter 2 Common Commands In this chapter • Common commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 • show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 This chapter describes the CLI commands used in the USER EXEC, PRIV EXEC, and GLOBAL CONFIG modes. The PRIV EXEC command set contains those commands available within the USER EXEC mode. Some commands can be entered in either mode.
PAGE 34
2 Common commands clrscr Common commands Clears the screen and refreshes the prompt (#) Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController#clrscr RFController# 32 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 35
Common commands 2 exit Common commands Ends the current mode and moves to the previous mode Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax exit Parameters None Example RFController(config)#exit RFController# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 33
PAGE 36
2 Common commands help Common commands Use this command to access the advanced help feature. Use “?” anytime at the command prompt to access the help topic. Two kinds of help are provided: 1. Full help is available when ready to enter a command argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (for example 'show ve?').
PAGE 37
Common commands 2 no Common commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no Parameters None Example (User Exec) RFController>no ? cluster-cli Cluster context mobile-unit mobile-unit index page Toggle paging service Service Commands RFController>no Example (Priv Exec) RFController#no ? cluster-cli Cluster context debug Debugging functions wireless-client wireless-clie
PAGE 38
2 Common commands ip Internet Protocol (IP) line Configure a terminal line local Local user authentication database for VPN logging Modify message logging facilities mac MAC configuration mac-address-table Configure MAC address table mac-name Remove a configured MAC Address name management sets properties of the management interface network-element-id Reset system’s network element ntp Configure NTP prompt Reset system's prompt radius-server RADIUS server configuration commands ratelimit ratelimit role Co
PAGE 39
Common commands 2 service Common commands Service commands are used to manage the controller configuration in all modes. Depending on the mode, different service commands will display.
PAGE 40
2 Common commands service show rtls [location-history|rfid] service show rtls location-history service show rtls rfid events reader {<1-48>} service undefine ecspec {} service wireless Parameters(User Executable Mode) clear [command-history| reboot-history| upgrade-history] diag [enable|identify|limit| period|poe tech-support-period| tech-support-url] 38 Resets functions command-history - Clears upgrade history reboot-history - Clears reboot history upgrade-history - Clears upgrade history
PAGE 41
Common commands 2 • • • • • routecache <0-65535> – Configures IP route cache usage. Set a value between 0 and 65553. • temperature <1-6> [critical|high|low] – Sets the number of temperature sensors for the controller. • critical <0.0 - 250.0> – Critical temperature limit • high <0.0 - 250.0> – high temperature limit • low <0.0 - 250.0> – low temperature limit period <100-30000> – Configures the diagnostics period. Set a value between 100-30000 milliseconds. The default value is 1000 milliseconds.
PAGE 42
2 Common commands show [cli|command-history|crash -info|diag| info|memory|process| reboot-history|rtls| startup-log| upgrade-history| watchdog] Displays running system information cli – Shows the CLI tree of the current mode command-history – Displays the command (except show commands) history • crash-info – Displays information about core, panic and AP dump files • diag [hardware|led-status|limits|period|stats |tech-support-period|tech-support-url|top] – Sets or displays controller diagnostics • hardwar
PAGE 43
Common commands 2 service clear [all|aplogs|clitree|cores|dumps|fw|panics| snooptable|securitymgr|wireless] service clear fw flows service clear securitymgr flows [|| all|ge |me1|sa |vlan ] service copy tech-support [|] [tftp|ftp|sftp] service diag [enable|identify|limit|period| tech-support-period|tech-support-url] service service service service encrypt secret 2 firewall disable firewall ip igmp snooping robustnes
PAGE 44
2 Common commands service pktcap on deny [access-list|count|filter| hex|inbound|outbound|snap|verbose|write] service pktcap on deny access-list {[and|or] } service pktcap on deny [inbound|outbound] {[access-list| count|filter|hex|[inbound|outbound]|snap|verbose|write]} {[and|or] } service pktcap on interface [|ge <1-4>|me1| sa <1-4>|vlan <1-4094>] {[count|filter|hex|inbound| outbound|snap|verbose|write]} {[and|or] } service pktcap on router {[count|filter|hex|snap|
PAGE 45
Common commands 2 service show wireless ap-history service show wireless[enhanced-beacon-table| enhance-probe-table] [config|report] service show wireless group <1-256> service show wireless client-cache-entry {<1-8192>|} service show wireless mvlan <1-256> service show wireless radio [<1-4096>|description|mapping] service show wireless radio-cache-entry {} service show wireless vlan-cache-entry {[<1-8192>|]} service show wireless waiting {<1-99>} service smart-rf [clear-history|load-
PAGE 46
2 Common commands service wireless enhanced-probe-table preferred service wireless enhanced-probe-table window-time <10-60> service service service service service service service 44 wireless wireless wireless wireless wireless wireless wireless free-packet-watermark <0-100> idle-radio-send-multicast enable map-radios <1-127> radio-misc-cfg request-ap-log snmp-trap-throttle <1-20> vlan-cache enable Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931
PAGE 47
Common commands 2 Parameters (Privilege Executable Mode) clear [all|aplogs|clitree|cores| dumps|fw|panics| snooptable|wireless] Performs a variety of reset functions all – Removes all core, dump and panic files aplogs – Removes all AP log files clitree – Removes clitree.
PAGE 48
2 Common commands diag [enable|identify| limit|period| tech-support-period| tech-support-url] Sets or displays controller diagnostic values enable – Enables in-service diagnostics fanduty <40-100> – CPU fan PWM duty cycle. Set a value between 40-100%. Setting a value below 60 is considered unreliable.
PAGE 49
Common commands pktcap on [bridge|interface|router| vpn] [count|filter|verbose| write] 2 Packet capturing on – Defines the packet capture location bridge [count|hex|snap|verbose|write|filter] – Captures packet at the bridge • count <1-1000000> – Limits the captured packet count • filter [|arp|capwap|dst|ether|host|icmp|igmp| ip|ip6|l2|l3|l4|net|not|port|src|tcp|udp|vlan|wlan] – Filters packets based on specified criteria.
PAGE 50
2 Common commands • • • verbose <1-1000000> – Displays full packet body • filter – Captures the filter • snap <1-1518>– Captured data length • write [|URL] – Captures to a file • FILE – File to which to copy • cf:/path/file • usb1:/path/file • usb2:/path/file • URL– Target URL from which to copy • tftp:///path/file • ftp://:@ /path/file • sftp://@/path/file interface [|ge|me1|sa|vlan] – Captures at an interfa
PAGE 51
Common commands save-cli securitymgr [disable| disable-flow-rate-limit| dump-core| enable-http-stats] show [cli| command-history| crash-info|diag|fw|info| ip|last-passwd|memory| pm|process| reboot-history|rtls| securitymgr|smart-rf| startup-log| upgrade-history| watchdog|wireless] 2 Saves the CLI tree for all modes in HTML Securitymgr parameters disable – Disables securitymgr disable-flow-rate-limit – Disables flow rate limiting dump-core – Creates a core file of the securitymgr process enable-http-stat
PAGE 52
2 Common commands • • • • • • • • • • show securitymgr flows 50 pm history – Process Monitor • history [WORD|all] – Displays state changes for a process, the time they happened and events • WORD – Process name • all – All processes process – Shows processes (sorted by memory usage) reboot-history – Shows a reboot history rtls [grid|location-history|rfid] – Locationing Configuration • grid [all|x] – Displays RSSI values in grid • all – Displays all grids • x <0-9000> – Displays grid x coordinates • y<
PAGE 53
Common commands 2 smart-rf Displays Smart-RF Management Commands [clear-history|load-from-file| • clear-history– clears assignment history replay|rescue|restore|save • load-from-file – load record from file -to-file|simulate] • replay enable – set replay mode • enable – enable replay mode • rescue – force rescue operation • – A single radio-mac-address, a single index • restore – remove any recovering operation on given mode • – A single radio-mac-address a single index • save-to-f
PAGE 54
2 Common commands wireless [ap-history| clear-ap-log |custom-cli|dot11i| dump-core| enhanced-beacon-table| enhanced-probe-table| free-packet-watermark |idle-radio-send-multicast| legacy-load-balance |map-radios| radio-misc-cfg |rate-scale| request-ap-log |save-ap-log |snmp-trap-throttle| sync-radio-entries| vlan-cache] 52 Wireless parameters ap-history [clear|enable] – Access-point history • clear – Delete all history of all APs • enable – Enable the tracking of AP history • clear-ap-log <1-1024> – Clea
PAGE 55
Common commands 2 • • radio-desc – description of radio where the wireless-client is associated • radio-id – The radio index to which the wireless-client is associated • ssid – The ssid of the wireless-clients wlan • state – The current state of the wireless-client • username – The Radius username of the user connected through this device (shown only if applicable and available) • vlan – The vlan-id assigned to the wireless-client • wlan-desc – The wlan description the wireless-client is using • wlan-id
PAGE 56
2 Common commands • • • • 54 num-client – The number of mobile devices associated with this radio • power – The configured and current transmit power of the radio • pref-id – The adoption preference id of the radio • radio-desc – The description of the radio • radio-id – The radio index in configuration • state – The current operational state of the radio dot11i – modify dot11i service parameters dump-core – Creates a core file of the ccsrvr process enhanced-beacon-table [channel-set|enable| erase-repo
PAGE 57
Common commands • enhanced-probe-table [enable|erase-report|max-client| preferred|window-time] – Enhanced probe table for Client locationing. • enable – Enables the Enhanced Probe Table feature for Client locationing. • erase-report – Erases the reports for Enhanced Probe Table feature. • max-client <0-512> – Sets the maximum clients in the Enhance Probe Table report. • preferred – Add the MAC to the preferred Client list.
PAGE 58
2 Common commands Parameters (GLOBAL Config) advanced-vty Enables advanced mode vty interface dhcp Enables the DHCP server diag[enable|limit|period| tech-support-period| Displays diagnostics • enable – Enables in-service diagnostics • limit – Diagnostic limit command • period – Sets the diagnostics period • tech-support-period – Sets diagnostics tech-support-period • tech-support-url – Sets the URL to use during auto generated technical support dumps tech-support-url] password-encryption [secret|2|
PAGE 59
Common commands 2 NOTE The no service password-encryption command used to disable the encryption, now requires the user to know the old password. The user will have to enter the old password to disable the encryption. Earlier, using no service password-encryption disabled the encryption and show running config displayed the passwords as plaintext. Now, the user has to user no service password-encryption to disable or change the password.
PAGE 60
2 Common commands May May May May May May May May May May May May May May May May May May May May May May May May May May 31 31 31 31 31 31 31 31 31 29 29 29 29 29 29 29 29 25 25 24 24 23 23 23 21 21 20:30:11 20:27:08 20:18:03 20:17:32 20:17:26 18:32:42 18:32:29 18:31:48 18:31:45 15:40:04 15:23:43 15:23:36 15:23:19 15:23:19 15:23:03 15:22:48 15:22:45 21:32:27 21:32:21 18:34:36 18:34:21 19:07:35 19:06:59 14:36:09 16:37:13 16:34:36 2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 201
PAGE 61
show 2 show Common commands Displays the settings for the specified system component. There are a number of ways to invoke the show command: • When invoked without any arguments, it displays information about the current context. If the current context contains instances, the show command (usually) displays a list of these instances. • When invoked with the display_parameter, it displays information about that component.
PAGE 62
2 show Display Parameters 60 Description Mode Example radius Displays RADIUS configuration commands Common page 88 redundancy dynamic-ap-load-bal ance Display configuration details for dynamic Common AP Load Balance page 89 redundancy group Displays redundancy group parameters Common page 90 redundancy history Displays the state transition history of the controller Common page 92 redundancy members Displays redundancy group members in detail Common page 93 rtls Displays Real Time
PAGE 63
show Display Parameters Description Mode ftp Displays the FTP server configuration Privilege/Global page 134 Config Example password-encryption Displays password encryption data Privilege/Global page 135 Config running-config Displays the current operating configuration Privilege/Global page 136 Config securitymgr Displays debug information for ACL, VPN Privilege/Global page 139 and NAT Config sessions Displays currently open and active connections Privilege/Global page 140 Config startup-
PAGE 64
2 show autoinstall Common to all modes Displays the autoinstall configuration information.
PAGE 65
show 2 banner Common to all modes Displays the message of the day string. This string can be used to alert the user to specific information that might be of interest.
PAGE 66
2 show commands Common to all modes Displays the available commands for the current mode. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax RFController>show commands Parameters None Example RFController#show commands acknowledge alarm-log (all|<1-65535>) acknowledge alarm-log (all|<1-65535>) archive tar /create (FILE|URL) .FILE archive tar /create (FILE|URL) .
PAGE 67
show 2 crypto Common to all modes Displays the encryption mode information.
PAGE 68
2 show Example RFController(config)#show crypto pki request tptest -----BEGIN CERTIFICATE REQUEST----MIIB2zCCAUQCAQAwaDELMAkGA1UEBhMCaW4xEjAQBgNVBAgTCWthcm5hdGFrYTES MBAGA1UEBxMJYmFuZ2Fsb3JlMQ8wDQYDVQQKEwZzeW1ib2wxDDAKBgNVBAsTA3dp ZDESMBAGA1UEAxMJdGVzdC1jZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQC3qisZdTn7rKzv5TrGtKt7fwMwaYpgehyl52I4fDLZYY/WTTTJFyKwW6s+Pq2R mM9oiqX8mCZeSEIJIATpAVT2M5Ukb4Br9YQDcWHs84oXRJxKPeZ3WscBld2soPvK ui1LoizZH9iqawmkXED1TFMBbDWiOcfnqQKn8Tddeax/JQIDAQABoDMwMQYJKoZI hvcNAQkOMSQwIjALBgN
PAGE 69
show 2 environment Common to all modes Displays the environmental information such as fan speed, ambient temperature inside the controller and CPU temperature. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show environment Parameters None Example RFController>show environment upwind of CPU temperature : 30.0 C CPU die temperature : 49.0 C left side temperature : 29.0 C by FPGA temperature : 28.
PAGE 70
2 show history Common to all modes Displays the command history Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show history Parameters None Example RFController>show history 1 admin 2 enable 3 con ter 4 exit 5 show autoinstall 6 con ter 7 show autoinstall 8 show banner 9 show banner motd 10 show command 11 show crypto 12 show environment 13 show history RFController> 68 Brocade Mobility RFS4000, RFS6000 and RFS7000
PAGE 71
show 2 interfaces Common to all modes Displays the status of the different controller interfaces Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show interfaces [WORD|ge|me1|sa|controllerport|vlan] Parameters show interfaces [WORD|ge|me1|sa| controllerport|vlan] Displays the interface name • WORD– Displays interface name • ge – Displays Gigabit Ethernet interface information • me1 – Displays fast ethernet information
PAGE 72
2 show input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 184, bytes 17618, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 index=8, metric=1, mtu=1500, (PAL-IF) inet 166.129.246.245/32 pointopoint 10.64.64.
PAGE 73
show 2 ip Common to all modes Displays Internet Protocol (IP) related information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show ip [access-group|arp|ddns|dhcp| dhcp-vendor-options|domain-name|dos|http|igmp|interface| name-server|nat|route|routing|ssh|telnet] show ip access-group [|all|ge|me1|role|sa| vlan <1-4094>] show ip arp show ip ddnsbinding show ip dhcp[binding|class|pool|sharednetwork] sho
PAGE 74
2 show Parameters access-group [ |all|ge|me1|role|sa|> |vlan <1-4094>] Displays the ACLs attached to an interface • – Enter the name of the interface to which the ACL is associated. access-group lists the details of the ACLs configured on the particular Layer 3 or Layer 2 interface.
PAGE 75
show nat [interfaces|translations] route [| |detail] 2 Displays Network Address Translation interfaces – Displays NAT Configuration on interfaces translations [inside|outside|verbose] – Displays NAT translations • inside [source|destination]– Inside • outside [source|destination] – Outside • source – Displays Source • destination – Displays Destination • verbose – Displays NAT Translations in real-time • • Display IP routing table entries – Network in the IP routing table –
PAGE 76
2 show Example RFController(config)#show ip access-group ge 3 Interface ge3 Inbound IP Access List : RFController(config)#show ip access-group vlan 1 Interface vlan1 Inbound IP Access List : RFController#show ip dhcp binding IP MAC/Client-Id Type Expiry Time --------------------------RFController(config)#show ip dhcp class ! ip dhcp class TestClass2 option user-class MC900 ! ip dhcp class ImportantClass ! ip dhcp class ClassNameTest option user-class UserClassTest ! ip dhcp class TestDHCPclass ! ip dhcp c
PAGE 77
show 2 HTTP server: Running Config status: Enabled RFController#show ip http secure-server HTTP secure server: Running Config status: Enabled Trustpoint: default-trustpoint RFController#show ip interface brief Interface IP-Address/Mask Status me1 10.1.1.100/24 up vlan1 192.168.1.1/24 up vlan11 192.168.11.1/24 up vlan2 64.171.249.249/24 up wan 166.129.246.245/32 up RFController# Protocol down up up up up RFController#show ip interface vlan 1 brief Interface IP-Address Status Protocol vlan1 157.235.208.
PAGE 78
2 show ldap Common to all modes Displays LDAP information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show ldap configuration [primary|secondary] Parameters ldap configuration [primary|secondary] Displays LDAP information.
PAGE 79
show 2 licenses Common to all modes Displays the different licenses installed on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show licenses Parameters None Example RFController(config)#show licenses feature usage license string license value AP 2FFD7fE9 CD016155 14A92C70 48 1 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 usage 77
PAGE 80
2 show logging Common to all modes Displays logging status and other information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show logging Parameters None Example RFController(config)#show logging Logging module: enabled Aggregation time: disabled Console logging: level debugging Buffered logging: level informational Syslog logging: level debugging Facility: local7 Logging to: 157.235.203.37 Logging to: 10.0.0.
PAGE 81
show 2 mac Common to all modes Shows all MAC information with respect to groups and access lists Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show mac [access-list|access-group] show mac access-group [|all|ge <1-4>| me1|sa <1-4>|vlan <1-4094>] Parameters mac [access-list access-group] Displays MAC information • access-list – Displays existing MAC access lists • access-group [|all|ge <1-4>| m
PAGE 82
2 show mac-address-table Common to all modes Displays the MAC address table entries Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show mac-address-table Parameters None Example RFController(config)#show mac-address-table Bridge VLAN Port Mac Fwd ------------ ---- ------------ -------------- --1 10 ge1 00a0.f865.ea8f 1 1 10 ge1 0015.7038.0653 1 1 10 ge1 0015.7014.fec4 1 1 10 ge1 0015.7041.
PAGE 83
show 2 management Common to all modes Displays the L3 management interface name Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show management Parameters None Example RFController>show management Mgmt Interface: vlan1 Management access permitted via any vlan interface RFController> Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 81
PAGE 84
2 show mobility Common to all modes Displays the mobility parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show mobility [event-log|forwarding|global| wireless-client|peer|statistics] show mobility event-log [wireless-client|peer] show mobility forwarding show mobility wireless-client [MAC>|detail] show mobility peer [|detail] show mobility statistics Parameters event-log[ wireless-client|pee
PAGE 85
show 09/14 19:17:51 157.235.208.16 09/14 19:17:50 157.235.208.16 DEL-CLIENT n/a 157.235.208.16 ADD-CLIENT n/a 157.235.208.16 2 00-0f-3d-e9-a6-54 0.0.0.0 00-0f-3d-e9-a6-54 0.0.0.
PAGE 86
2 show ntp Common to all modes Displays NTP protocol information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show ntp [association|status] Parameters ntp [association detail|status] Displays the Network Time Protocol (NTP) configuration • association detail – Displays existing NTP associations • detail – Displays NTP association details • status – Displays NTP status Example RFController>show ntp associations ad
PAGE 87
show 2 port-channel Common to all modes Displays port-channel load-balance information • Mobility RFS7000 Controller • Mobility RFS4000 Controller NOTE This command is not supported on the Mobility RFS6000 Controller.
PAGE 88
2 show power Common to all modes Displays the power configuration and status for the Mobility RFS6000 Controller controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller NOTE This command is not supported on the Mobility RFS7000 Controller.
PAGE 89
show 2 privilege Common to all modes Displays the privileges of the current user Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show privilege Parameters None Example RFController>show privilege Current user privilege: superuser RFController> Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 87
PAGE 90
2 show radius Common to all modes Displays RADIUS status and information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show radius [configuration|eap configuration|group| nas A.B.C.
PAGE 91
show 2 redundancy dynamic-ap-load-balance Common to all modes Displays the configuration for the Dynamic AP Load Balancing feature Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show redundancy dynamic-ap-load-balance config Parameters config Displays configuration details for dynamic AP load balance Example RFController(config)#show redundancy dynamic-ap-load-balance config Dynamic AP Load Balance Configuration: L
PAGE 92
2 show redundancy group Common to all modes This command displays the controller’s IP address, number of active neighbors, group license, installed license, cluster AP adoption count, controller adoption count, hold time, discovery time, heartbeat interval, cluster id and controller mode. In a cluster, this command displays the redundancy runtime and configuration of the “self-controller”. Use config to view only configuration information and/or runtime parameters.
PAGE 93
show 2 Selfhealing RPs in this Group : Not Applicable Selfhealing APs in this Controller : Not Applicable Group maximum AP adoption capacity : Not Applicable Controller Adoption capacity : Not Applicable Established Peer(s) Count : Not Applicable Redundancy Group Connectivity status : Not Applicable DHCP Server in group : Not Applicable RFController(config)# RFController(config)#show redundancy group config Redundancy Group Configuration Detail Redundancy Feature : Disabled Redundancy group ID : 1 Redund
PAGE 94
2 show redundancy history Common to all modes Displays the controller state transition history Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show redundancy history Parameters None Example RFController>show redundancy history State Transition History Time Event Triggered state --------------------------------------------------------Sat Oct 06 12:07:55 Redundancy Enabled Startup Sat Oct 06 12.07.
PAGE 95
show 2 redundancy members Common to all modes Displays the member controllers in the cluster. The user can provide the IP address of the controller in cluster whose information alone is needed.
PAGE 96
2 show rtls Common to all modes Displays the Real Time Locating System status and information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show rtls [aeroscout|espi|filter|ekahau| reference-tags|rfid|site|sole|tags|zone] 94 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 97
show 2 Parameters rtls [aeroscout|espi|filter| ekahau| reference-tags| rfid|site|sole|tags|zone] Displays the Real Time Locating System status and information.
PAGE 98
2 show zone Show logical reader statistics RFController(config)#show rtls 96 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 99
show 2 smtp-notification Common to all modes Displays the set smtp-notification parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show smtp-notification traps Parameters traps Displays trap enable flags Example RFController(config)#show smtp-notification traps ------------------------------------------------------------------Gl obal enable flag for Trap SMTP-Notification Disabled ---------------------------
PAGE 100
2 show redundancy resourceDown N misc lowFsSpace N misc processMaxRestartsReached N misc savedConfigModified N misc serverCertExpired N misc caCertExpired N misc periodicHeartbeat N misc controllerEvent N wireless station associated N wireless station disassociated N wireless station deniedAssociationOnCapability N wireless station deniedAssociationOnShortPream N wireless station deniedAssociationOnSpectrum N wireless station deniedAssociationOnErr N wireless station deniedAssociationOnSSID N wireless sta
PAGE 101
show 2 snmp Common to all modes Displays SNMP user information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show snmp user [snmpmanager|snmpoperator|snmptrap] Parameters snmp user [snmpmanager| snmpoperator|snmptrap Displays SNMP user information • snmpmanager – Shows SNMP manager information • snmpoperator – Shows SNMP operator information • snmptrap – Shows SNMP trap information Example RFController>show snmp u
PAGE 102
2 show snmp-server Common to all modes Displays SNMP server information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show snmp-server traps wireless-statistics[mesh|wireless-client| radio|wireless-controller|wlan] Parameters traps wireless-statistics [mesh| wireless-client| radio| wireless-controller|wlan] Displays existing wireless-stats rate trap enabled flags • mesh – Displays existing mesh rate traps • wireles
PAGE 103
show wireless station tkipCounterMeasures wireless station deniedAuthentication wireless station radiusAuthFailed wireless radio adopted wireless radio unadopted wireless radio detectedRadar wireless ap-detection externalAPDetected wireless self-healing activated wireless ids excessiveAuthAssociation wireless ids excessiveProbes misc savedConfigModified RFController> 2 N N N N N N N N N N N RFController>show snmp-server traps wireless-statistics wireless-client pktsps-greater-than disabled tput-greater-
PAGE 104
2 show spanning-tree Common to all modes Displays Spanning Tree information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show spanning-tree mst [config|detail|instance] show spanning-tree mst detail interface [|ge|me1|sa|vlan <1-4094>] show spanning-tree mst instance <1-15> interface ||vlan <1-4094>}] Parameters config Displays MST configuration information detail interface [
PAGE 105
show 2 % portfast bpdu-guard disabled % portfast errdisable timeout disabled % portfast errdisable timeout interval 300 sec % cisco interoperability configured - Current cisco interoperability off % ge2: Port 2002 - Id 87d2 - Role Disabled - State Discarding % ge2: Designated External Path Cost 0 -Internal Path Cost 0 % ge2: Configured Path Cost 20000000 - Add type Explicit ref count 1 % ge2: Designated Port Id 0 - CST Priority 128 % ge2: CIST Root 0000000000000000 % ge2: Regional Root 0000000000000000 %
PAGE 106
2 show static-channel-group Common to all modes Displays the members of the static channel groups Supported in the following platforms: • Mobility RFS7000 Controller • Mobility RFS4000 Controller NOTE This command is not supported on the Mobility RFS6000 Controller Syntax show static-channel-group Parameters None Example RFController(config)#show static-channel-group RFController(config)# 104 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 107
show 2 terminal Common to all modes Displays the terminal information for the device Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show terminal Parameters None Example RFController>show terminal Terminal Type: vt102 Length: 44 Width: 125 RFController> Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 105
PAGE 108
2 show timezone Common to all modes Displays the timezone set on the device Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show timezone Parameters None Example RFController>show timezone Timezone is Etc/UTC RFController> 106 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 109
show 2 traffic-shape Common to all modes Displays traffic shaping parameters Supported in the following platforms: • Mobility RFS7000 Controller • Mobility RFS4000 Controller NOTE This command is not supported on the Mobility RFS6000 Controller Syntax show traffic-shape [config|priority-map|statistics] Parameters [config| priority-map| statistics] • • • config class – Displays traffic shaping configuration statistics class – Displays traffic shaping statistics • class <1-4> – Displays traffic shaping
PAGE 110
2 show users Common to all modes Displays a list of users connected to the device Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show users Parameters None Example RFController>show users Line PID User Uptime Location 0 con 0 316 admin 06:08:11 ttyS0 130 vty 0 2308 admin 00:35:18 0 RFController> 108 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 111
show 2 version Common to all modes Displays the current software & hardware version on the device Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show version {verbose} Parameters verbose Displays software and hardware version information Example RFController>show version RFController version 4.3.0.0-046B MIB=01a Copyright (c) 2009 Brocade, Inc. Booted from secondary.
PAGE 112
2 show wireless Common to all modes NOTE The radio-group range differs from controller to controller: Mobility RFS7000 Controller – Supports a range between 0-255 Mobility RFS6000 Controller – Supports a range between 0-64 Mobility RFS4000 Controller – Supports a range between 1-6 Displays the wireless configuration parameters and information Syntax show wireless [aap-version|ap|ap-containment| ap-detection-config|ap-images|ap-radio-config| ap-unadopted||authorized-aps| channel-power|client|config|countr
PAGE 113
show 2 show wireless multicast-packet-limit show wireless phrase-to-key [wep64|wep128] show wireless qos-mapping {[wired-to-wireless| wireless-to-wired]} show wireless radio {[<1-4096>|admission-control|all|beacon-table|config|monitor-table|statistics |unadopted| uptime|voice]} show wireless radio {[<1-4096>|all|beacon-table|monitor-table|unadopted|uptime]} show wireless radio admission-control voice {<1-4096>} show wireless radio config {[<1-4096>|default-11a|default-11an| default-11b|defau
PAGE 114
2 show channel-power [11a|11b|11bg] [indoor|outdoor] client [exclude-list|include-list] Wireless client configuration exclude-list – Sets the exclude list configuration include-list – Sets the include list configuration • • config Displays wireless configuration information country-code-list Displays the list of supported country names and their 2 letter IS0 3166 codes default-ap Displays default access-point information hotspot query Displays hotspot query string configuration hotspot-config
PAGE 115
show 2 wireless-client {[<1-8192>||associ ation-history| Displays the parameters of associated wireless clients. All parameters are optional. • <1-8192> – Index of wireless client • – MAC address of wireless client association-stats|probe-hist • association-history {}– Displays the association history ory|radio|roaming|statistics of the wireless clients with the MAC address and its | configured name.
PAGE 116
2 show radio {[<1-4096>| admission-control|all| beacon-table|config| monitor-table|statistics| unadopted|uptime|voice]} Radio related commands. All parameters are optional. • <1-4096> – Defines information on a single radio’s index • admission-control voice {<1-4096>} – Displays summary information for all radios that have admission control enabled. Optionally select the radio.
PAGE 117
show smart-rf [calibration-status| configuration| history|radio] Displays smart-rf related management information • calibration-status – Displays smart-rf calibration status • configuration – Displays smart-rf configuration information • history – Displays smart-rf assignment history since last calibration. • radio [config|local-status|map|master-status|neighbors|spectru m] {[<1-4096>|| all-11a|all-11bg]} – Displays smart-rf radio commands.
PAGE 118
2 show (config-wireless) Executable Mode Displays the (config- wireless) configuration parameters and information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show wireless ap [LIST|config] show wireless config [<1-1024>|LIST] show wireless radio [<1-4096>|admission-control|all| beacon-table|config|monitor-table|statistics|unadopted| uptime|voice]} show wireless wlan [config|statistics] show wireless wlan config [<1
PAGE 119
show 2 RFController(config)#show wireless ap config 2 ap mac address : 00-A0-F8-BF-89-45 ap adoption-policy: allow ap name : AP-00-A0-F8-BF-89-45 ap location : AP-00-A0-F8-BF-89-45-Location ap on-board-radios: 0 ap secure WISPe mode : disable ap secure WISPe mode staging : disable ap shared WISPe secret : 0 defaultS ap country-code : "" RFController(config)# RFController>show wireless ap-detection-config Rogue AP timeout : 300 seconds Approved AP timeout : 300 seconds client-assisted scan : enabled client
PAGE 120
2 show RFController(config)#show wireless config country-code : None secure-wispe-default-secret default adoption-pref-id : 1 proxy-arp : enabled adopt-unconf-radio : enabled dot11-shared-key-auth : disabled ap-detection : disabled manual-wlan-mapping : disabled dhcp sniff state : disabled dhcp one portal forward : enabled dhcp fix broadcast-rsp : disabled broadcast-tx-speed : optimize-for-range wlan bw allocation : disabled smart-channels used : smart-channels excluded : Adaptive ap parameters: config-ap
PAGE 121
show Violation\Event Excessive Operations probe-requests association-requests disassociations authentication-fails crypto-replay-fails 80211-replay-fails decryption-fails unassoc-frames eap-starts eap-naks eap-flood Threshold MU RA SW 30 25 25 5 10 10 25 2 10 10 15 200 45 45 20 25 25 75 0 20 20 40 0 0 0 Filter Ageout (Sec) A 2 Trigger U I N Y N N N N N Y N N N - : 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Anomaly Detection: null-destination disabled 0 same-source-destination disabled 0 multic
PAGE 122
2 show 30s 1hr Avg wireless-client signal: -78.00 0.00 dBm Avg wireless-client noise: -94.00 0.00 dBm -- MORE --, next page: Space, next line: Enter, quit: Control-C Avg wireless-client SNR(dB): 16.00 0.00 ------ Errors----------------------------------------------30s 1hr Avg number of retries: 0.42 0.00 % gave up pkts: 0.00 0.00 % Non-decryptable pkts: 0.00 0.
PAGE 123
show 2 query : smart-channels used : 1,6,11,36,40,44,48,149,153,157,161,165 smart-channels excluded : 2,3,4,5,7,8,9,10 mu-mu-disallow: disabled, secure-beacon: disabled, answer-bcast-ess: enabled, weight: 1, prioritize-voice: disabled, spectralink-voice-protocol: disabled multicast mask1: 00-00-00-00-00-00, mask2: 00-00-00-00-00-00 traffic-classification : normal, wmm-mapping: 8021p, L3-mobility: disabled rate-limit: wired-to-wireless: unlimited wireless-to-wired: unlimited Client Bridge Backhaul is disab
PAGE 124
2 show 1.0 0 0 2.0 0 0 5.5 0 0 6.0 0 0 9.0 0 0 11.0 0 0 12.0 0 0 18.0 0 0 22.0 0 0 24.0 0 0 36.0 0 0 48.0 0 0 54.
PAGE 125
show 2 ----------- ---------- ---------- ---------- ---------1.0 2 0 0 0 2.0 0 0 0 0 5.5 0 0 0 0 6.0 0 0 0 0 9.0 0 0 0 0 11.0 0 0 0 0 12.0 0 0 0 0 18.0 0 0 0 0 22.0 0 0 0 0 24.0 0 0 0 0 36.0 0 0 0 0 48.0 0 0 0 0 54.
PAGE 126
2 show BF-61-6E ***** mobile-unit 1: <00-A0-F8-BF-61-6E>********************* WLAN : wlan-4 ------ Traffic ------------------------------------------------Total Rx Tx ---------------- ---------------- -------30s 1hr 30s 1hr 30s 1hr Pkts per sec: 0.00 0.01 0.00 0.00 0.00 0.00 pps Throughput: 0.00 0.00 0.00 0.00 0.00 0.00 Mbps Avg bit speed: 0.00 1.51 Mbps % Non-unicast pkts: 0.00 71.43 ------ RF Status-----------------------------------------------30s 1hr Avg mobile-unit signal: -82.00 -81.
PAGE 127
show 2 wlan-acl Common to all modes Displays the WLAN based access control list information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show wlan-acl [<1-256>|all] Parameters wlan-acl [ <1-256>|all] Displays WLAN based access control list information • <1-256> – Displays ACLs attached to the specified WLAN ID • all – Displays all ACLs attached to a WLAN port Example RFController>show wlan-acl 20 WLAN port: 20 In
PAGE 128
2 show access-list Privilege / Global Config Displays the access lists (numbered and named) configured on the controller. The numbered access list displays numbered ACLs. The named access list displays named ACL details. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show access-list [<1-99>|<100-199>|<1300-1999>| <2000-2699>|] Parameters access-list Displays access-list entries.
PAGE 129
show 2 aclstats Privilege / Global Config Displays the statistics of configured access lists Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show aclstats [access-list|vlan <1-4094>] show aclstats {<1-99>|<100-199>|<1300-1999>|<2000-2699>| } show aclstats vlan <1-4094> Parameters access-list {<1-99>|<100-199>|<130 0-1999>|<2000-2699>| } vlan <1-4094> Displays configured access lists.
PAGE 130
2 show alarm-log Privilege / Global Config Displays the contents of the alarm log on the device Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show alarm-log {<1-65535>|acknowledged|all|count|new| severity-to-limit} show alarm-log severity-to-limit {critical| informational|major|normal|warning} Parameters alarm-log [<1-65535>| Displays the contents of the alarm log on the device.
PAGE 131
show 2 boot Privilege / Global Config Displays the boot configuration of the device Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show boot Parameters None Example RFController#show boot Image ----Primary Secondary Build Date -------------------Oct 16 03:55:43 2008 Sep 30 00:14:30 2008 Install Date -------------------Sep 15 00:53:56 2008 Aug 27 01:46:32 2008 Version -------------4.2.1.0 4.2.1.
PAGE 132
2 show clock Privilege / Global Config Displays the system clock Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show clock Parameters None Example RFController#show clock Jun 01 00:51:34 UTC 2010 RFController# 130 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 133
show 2 debugging Privilege / Global Config Displays the debugging configuration information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show debugging mstp Parameters mstp Displays the current MSTP configuration Example RFController(config)#show debugging mstp MSTP debugging status: RFController(config)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 131
PAGE 134
2 show dhcp Privilege / Global Config Displays existing DHCP server configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show dhcp [config|status] Parameters config Displays the current DHCP server configuration status Displays whether the DHCP server is running Example RFController#show dhcp config service dhcp ! ip dhcp pool vlan6 default-router xxx.xxx.xxx.2 network xxx.xxx.xx.0/24 address range xxx.
PAGE 135
show 2 file Privilege / Global Config Displays the file system information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show file [information|systems] Parameters file [information|systems] Displays the filesystem information.
PAGE 136
2 show ftp Privilege / Global Config Displays the FTP server configuration Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show ftp Parameters None Example RFController#show ftp FTP Server: Disabled User Name: anonymous or ftpuser Password: ******** Root dir: flash:/ RFController# 134 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 137
show 2 password-encryption Privilege / Global Config Displays the global password encryption status Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show password-encryption status Parameters status Displays the existing password-encryption status Example RFController#show password-encryption status Password encryption is disabled RFController# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-100
PAGE 138
2 show running-config Privilege / Global Config Displays the contents of those configuration files wherein all configured MAC and IP access lists are applied to an interface Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show running-config [full|include-factory] Parameters running-config [full|include-factory] Displays the contents of the configuration files • full – Displays the file’s full (complete) configuratio
PAGE 139
show 2 firewall dhcp-snoop-conflict-detection disable firewall dhcp-snoop-conflict-logging disable ip http server ip http secure-trustpoint default-trustpoint ip http secure-server ip ssh ip telnet no service pm sys-restart ! wireless secure-wispe-default-secret 0 defaultS no ap-ip default-ap controller-ip smart-rf wireless ! ! radius-server local ! interface ge1 controllerport access vlan 1 ip dhcp trust ! interface ge2 controllerport access vlan 1 ip dhcp trust ! interface ge3 controllerport access vlan
PAGE 140
2 show no service set reboot-history no service set upgrade-history ! hostname RFController ! banner motd Welcome to CLI! username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin access console web ssh telnet username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f username operator access console web ssh telnet username operator privilege monitor ! ! ! ! spanning-tree mst config name My Name ! no management secure ip domain-lookup s
PAGE 141
show 2 securitymgr Privilege / Global Config Displays the security manager event-logs Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show securitymgr event-logs Parameters None Example RFController#show securitymgr event-log RFController# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 139
PAGE 142
2 show sessions Privilege / Global Config Displays the list of current active open sessions on the device Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show sessions Parameters None Example RFController#show sessions SESSION USER LOCATION IDLE START TIME 1 cli Console 06:24m May 31 18:31:36 2010 ** 2 cli 10.10.10.
PAGE 143
show 2 startup-config Privilege / Global Config Displays the complete startup configuration script on the console Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show startup-config Parameters None Example RFController(config)#show startup-config ! ! configuration of Mobility RFS7000 version 4.3.0.0 ! version 1.
PAGE 144
2 show ip http secure-trustpoint default-trustpoint ip http secure-server ip ssh ip telnet no service pm sys-restart ! wireless secure-wispe-default-secret 0 defaultS no ap-ip default-ap controller-ip smart-rf wireless ! ! radius-server local ! interface ge1 controllerport access vlan 1 ip dhcp trust ! interface ge2 controllerport access vlan 1 ip dhcp trust ! interface ge3 controllerport access vlan 1 ip dhcp trust ! interface ge4 controllerport access vlan 1 ip dhcp trust ! interface me1 ip address 10.
PAGE 145
show 2 upgrade-status Privilege / Global Config Displays the last image-upgrade status Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show upgrade-status {detail} Parameters None Example RFController#show upgrade-status Last Image Upgrade Status : Successful Last Image Upgrade Time : Mon May 21 16:27:40 2010 RFController# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 143
PAGE 146
2 show mac-name User/Privilege Exec Displays the configured MAC name Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show mac-name Parameters None Example RFController(config-wireless)#show mac-name Index MAC Address MAC Name 1 00-18-DE-82-78-6B GE1PortMACAddress Number of MAC names configured = 1 RFController(config-wireless)# 144 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 147
show 2 firewall Priv Exe Mode Displays wireless firewall Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show firewall [config|dhcp|flow] show firewall [config|dhcp snoop-table|flow timeouts] Parameters firewall [config| dhcp snoop-table| flow timeouts] Displays firewall configuration information.
PAGE 148
2 show role Priv Exe Mode Displays existing role name Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show role [|wireless-clients] Parameters role [| wireless-clients] Displays existing role name • – Displays existing role name • wireless-clients – Displays wireless-clients assigned with these roles Example RFController#show role RFController# RFController#show role word RFControll
PAGE 149
show 2 virtual-IP Global Config Mode Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show virtual-ip [config|status] Parameters show virtual-ip [config|status] Displays all the virtual-ip’s present in the configuration. config – Displays the configuration details. status – Displays current status of the controller.
PAGE 150
2 show RFController> RFS7K-1(config)#show virtual-ip status Virtual-IP State : Master Virtual-IP Config Status : Enabled Virtual-IP Runtime Status : Enabled Cluster Redundancy Status : Enabled Advertisement Length : 176 Total Advertisements Sent : 1619309 Total Learning Advts Sent : 0 Total Advertisements Recvd : 0 DHCP Server status : Active Total Number of Peers : 1 Peer Status Information : +----------------------------------------------------------------------+ | Peer IP | Status | Advts Sent | Advts
PAGE 151
show 2 wwan Common to all modes Configures wireless wan feature Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show wwan [config|dns-server] Parameters config Displays wwan signal configuration dns-server Displays wwan DNS server addresses Example RFController#show wwan config Access Point Name : isp.cingular Auth-type: chap Username : isp@cingulargprs.
PAGE 152
2 show aap-wlan-acl Privilege / Global Config Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax In Mobility RFS4000 Controller, show aap-wlan-acl [<1-24>|all] In Mobility RFS6000 Controller, show aap-wlan-acl [<1-32>|all] In Mobility RFS7000 Controller, show aap-wlan-acl [<1-256>|all] Parameters aap-wlan-acl [<1-32>|all] Applies an ACL on wlan for an aap.
PAGE 153
show 2 aap-wlan-acl-stats Privilege / Global Config Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show aap-wlan-acl-stats Parameters aap-wlan-acl-stats Displays IP filtering wlan based statistics Example RFController(config)#show aap-wlan-acl-stats RFController(config)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 151
PAGE 154
2 show protocol-list Common to all Modes Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show protocol-list Parameters show protocol-list Displays the list of protocols Example RFController(config)#show protocol-list Protocol Name Protocol Number ip 0 icmp 1 igmp 2 ggp 3 ipencap 4 st 5 tcp 6 egp 8 igp 9 pup 12 udp 17 hmp 20 xns-idp 22 rdp 27 iso-tp4 29 xtp 36 ddp 37 idpr-cmtp 38 ipv6 41 ipv6-route 43 ipv6-frag 44 RF
PAGE 155
show 2 service-list Common to all Modes Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show service-list Parameters show service-list Displays the list of services Example RFController#show service-list Service Name Port Number tcpmux 1/tcp rtmp 1/ddp nbp 2/ddp echo 4/ddp zip 6/ddp echo 7/tcp echo 7/udp discard 9/tcp discard 9/udp systat 11/tcp daytime 13/tcp daytime 13/udp telnet 23/tcp smtp 25/tcp RFController#
PAGE 156
2 154 show Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 157
Chapter 3 User Exec Commands In this chapter • User exec commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Logging in to the controller places you within the USER EXEC command mode. Typically, a login requires a user name and password. You have three login attempts before a connection attempt is refused. USER EXEC commands (available at the user level) are a subset of the commands available at the privileged level.
PAGE 158
3 User exec commands TABLE 3 156 User Exec Mode Command Summary Command Description Ref.
PAGE 159
User exec commands 3 clear User exec commands Resets the previous (last saved) command Supported on the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE Refer to the interface details below when using clear counter interface.
PAGE 160
3 User exec commands Parameters crypto [ipsec|isakmp] sa {} mobility [event-log| wireless-client| peer-statistics] spanning-tree detected-protocols {interface } Clears IPSec/ISAKMP SAs for a given peer ipsec sa { } – Clears IPSec SA’s isakmp sa { } – Clears ISAKMP SA’s • sa – Clears all IPSec/ISAKMP SA's • – Optional.
PAGE 161
User exec commands 3 cluster-cli User exec commands Use this command to enter the cluster-cli context. The cluster-cli context provides centralized management to configure all cluster members from any one member. Any command executed under this context will be executed to all the controllers in the cluster. A new context redundancy supports the cluster-cli. Any commands executed under this context are executed on all members of the cluster.
PAGE 162
3 User exec commands disable User exec commands Enables the PRIV mode to use the disable command.
PAGE 163
User exec commands 3 enable User exec commands Use the enable command to enter the PRIV mode Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax enable Parameters None Example RFController>enable RFController# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 161
PAGE 164
3 User exec commands logout User exec commands Use this command instead of the exit command to exit the EXEC mode Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax logout Parameters None Example The RFController Series Controller logs off on execution of this command.
PAGE 165
User exec commands 3 page User exec commands Use the command to toggle the controller paging function. Enabling this command displays the CLI command output page by page, instead of running the entire output at once.
PAGE 166
3 User exec commands ping User exec commands Sends ICMP echo messages to a user-specified location Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ping {[|]} Parameters ping {[|]} Pings the specified destination IP address or hostname. When entered without any parameters, this command prompts you for an IP/Host-name to ping. Example RFController>ping 192.168.2.100 PING 192.168.2.100 (192.
PAGE 167
User exec commands 3 quit User exec commands Use this command to exit the current mode and move to the previous mode Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax quit Parameters None Example The controller logs off upon execution of the command Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 165
PAGE 168
3 User exec commands telnet User exec commands Opens a telnet session Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax telnet port Parameters telnet port Defines the IP address or hostname of a remote system • port – Displays TCP port number Example Mobility RFS6000 Controller>telnet 172.16.10.3 Entering character mode Escape character is '^]'. Mobility RFS6000 Controller release 4.0.0.
PAGE 169
User exec commands 3 terminal User exec commands Sets the length/number of lines displayed within the terminal window Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax terminal [length <0-512>|no [length <0-512>|width]| width <0-512>] Parameters length <0-512> no [length <0-512>| width] width <0-512> Sets the number of lines on a screen Negates a command or sets its defaults.
PAGE 170
3 User exec commands traceroute User exec commands Traces the route to its defined destination Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax traceroute [[|]|ip [|]] Parameters [|] Traces the route to a destination IP address or a hostname ip [|] IP trace to a destination IP address or a hostname Example RFController#traceroute 157.222.333.
PAGE 171
Chapter 4 Privileged Exec Commands In this chapter • Priv Exec command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Most PRIV EXEC commands set operating parameters. Privileged-level access should be password protected to prevent unauthorized use. The PRIV EXEC command set includes commands contained within the USER EXEC mode. The PRIV EXEC mode also provides access to configuration modes, and includes advanced testing commands.
PAGE 172
4 Priv Exec command TABLE 4 170 Priv Exec Commands Command Description Ref.
PAGE 173
Priv Exec command 4 acknowledge Priv Exec command Acknowledges alarms Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax acknowledge alarm-log [<1-65535>|all] Parameters alarm-log [<1-65535>|all] Acknowledges alarms • <1-65535> – Acknowledges the specific alarm ID • all – Acknowledges all alarms Example RFController#acknowledge alarm-log all No corresponding record found in the Alarm Log.
PAGE 174
4 Priv Exec command archive Priv Exec command Manages file archive operations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax archive tar /table [|] archive tar /create [|] [|
] archive tar /xtract [|] Parameters tar Manipulates (creates, lists or extracts) a tar file /table Lists the files in a tar file /create Creates a tar file /xtract Extracts content from a
PAGE 175
Priv Exec command -rw-r--r-- 0/0 drwxrwxrwt 0/600 4 17318 2010-05-08 12:27:29 flash/log/startup.log 0 2010-05-08 12:27:14 flash/log/radius If Untar fails..? RFController#archive tar /xtract flash:/out.tar flash:/out/ tar: flash:/out.
PAGE 176
4 Priv Exec command cd Priv Exec command Changes the current directory Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax cd {
} Parameters Changes current directory to DIR. This parameter is optional. When this parameter is not provided, the current directory name is displayed.
PAGE 177
Priv Exec command 4 change-passwd Priv Exec command Changes the password of a logged user Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax change-passwd Parameters None Usage Guidelines A password must be between 8 to 32 characters in length. For security, the console does not display user entered key words or the old password and new password fields.
PAGE 178
4 Priv Exec command clear Priv Exec command Resets the current context Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clear [aclstats|alarm-log|arp-cache|counters|crypto| dosstats|ip|logging|mac-address-table|mobility| spanning-tree] clear [aclstats|arp-cache|dosstats|logging] clear alarm-log [<1-65535>|acknowledge|all|new] clear counters [all|bridge|firewall|igmp-snooping|interface| router|thread] clear counters inte
PAGE 179
Priv Exec command 4 Parameters aclstats alarm-log [<1-65535>| acknowledge|all|new] arp-cache counters [all|bridge|firewall| igmp-snooping|interface| router|thread] crypto [ipsec|isakmp] sa {} Clears ACl statistics Clears the alarm-log <1-65535> – Clears the specific alarm ID acknowledge – Clears acknowledged alarms all – Clear all alarms new – Clear new alarms • • • • Clears the ARP cache Clears counters all – Clears all counters bridge – Clears bridge counters firewall – Clears firewall counters
PAGE 180
4 Priv Exec command mobility [event-log| wireless-client| peer-statistics] • Clears mobility attributes event-log [wireless-client|peer]– Clears the event log • wireless-client – Clears Client event-logs for • peer – Clears peer event logs • wireless-client [|all|foreign-database home-database] – Clears Client information.
PAGE 181
Priv Exec command 4 clock Priv Exec command Configures the software system clock Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clock set HH:MM:SS <1-31> <1993-2035> Parameters HH:MM:SS Sets the time in hours, minutes, and seconds <1-31> Sets the number of days in the month. Sets the month in the format Jan, Feb, Mar,..., Dec.
PAGE 182
4 Priv Exec command cluster-cli Priv Exec command Use this command to access the cluster-cli context. The cluster-cli context provides centralized management to configure all members of cluster from one member. Any command executed under this context is executed on all controllers in the cluster. A new context (redundancy) is available to support the cluster-cli. Any commands executed under this context are executed on each cluster member. Use no cluster-cli to exit the cluster-cli context.
PAGE 183
Priv Exec command 4 configure Priv Exec command Enters the configuration mode Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax configure terminal Parameters terminal Enables configuration from the terminal Example RFController#configure terminal Enter configuration commands, one per line. End with CNTL/Z.
PAGE 184
4 Priv Exec command copy Priv Exec command Copies any file (config,log,txt ...etc) from any location to the controller and vice-versa NOTE Copying a new config file onto an existing running-config file merges it with the existing running-config on the controller. Both, the existing running-config and the new config file are applied as the current running-config. Copying a new config file onto a start-up config files replaces the existing start-up config file with the parameters of the new file.
PAGE 185
Priv Exec command 4 debug Priv Exec command Use this command for debugging Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax debug [all|cc|ccstats|certmgr|dhcpsvr|imi|ip|logging|mgmt| mobility|mstp|nsm|radius|redundancy|rns|securitymgr|sole] debug all debug cc [access-point|all|alt|ap-containment|ap-detect| capwap|cluster|config|dot11|eap|ids|kerberos|l3-mob| loc-ap|loc-client|media|wireless-client|radio|radius|self-heal
PAGE 186
4 Priv Exec command Parameters all cc [access-point|all|alt| ap-containment| apetect|capwap|cluster| config|dot11|eap|ids| kerberos|l3-mob|loc-ap| loc-client|media| wireless-client|radio|radius |self-heal|smart|snmp| system|wips|wisp|wlan] {[debug|err|info|warn]} ccstats certmgr [all|error|info] dhcpsvr [all|error|info] 184 Enables debugging controller (wireless) debugging message access-point [debug|err|info|warn] – Debugs access point logs • debug – Debugs all default messages • err
PAGE 187
Priv Exec command imi [all|cli-client| cli-server|errors|init|ntp] ip [https|ssh] 4 Integrated management interface debugging messages all – All debugging cli-client – CLI responses from Protocol modules to IMI Server • cli-server – CLI commands from IMI server to protocol module • error – errors • init – Initialization process • ntp – Net debug messages • • Internet protocol debugging messages https – Secure HTTP Server ssh – Secure Shell Server • • logging [all|errors|init|monitor| s
PAGE 188
4 186 Priv Exec command nsm {[all|events|kernel| packet]} Network Service Module (NSM) debugging messages. All parameters are optional.
PAGE 189
Priv Exec command securitymgr [acldebug|aclerror|all| debug|dosdebug| doserror|error|ikedebug| natdebug|naterror| packet-forwarding| pmdebug|pmerror| rulesdebug|ruleserror| user] sole [adapters|aeroscout| algo|all|cclib|ekahau|error s|info|init] 4 Security manager debugging messages acldebug – Trace debug messages from ACL module aclerror – Trace error messages from ACL module all – Trace all messages from Security Manager debug – Trace general debug messages from Security Manager • dosdebug – Trace deb
PAGE 190
4 Priv Exec command delete Priv Exec command Deletes a specified file from the system Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax delete [/force |/recursive |] Parameters /force Forces deletion without a prompt /recursive Performs a recursive delete Specifies the filename(s) to be deleted Example RFController#delete flash:/out.tar flash:/out.tar.gz Delete flash:/out.
PAGE 191
Priv Exec command 4 diff Priv Exec command Displays the differences between 2 files Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax diff [|] [|] Parameters The first is the source file for the diff. The second is the file to compare. The first is the source URL for the diff. The second is the URL to compare.
PAGE 192
4 Priv Exec command dir Priv Exec command View the list of files on a filesystem Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax dir {[/all|/recursive] [
|all-filesystems]} Parameters /all Lists all files /recursive Lists files recursively Lists files in the named file path all-filesystems Lists the files on all filesystems Example RFController#dir Directory of flash:/ drwx drwx drwx -rw-rwdrwx -rw-r
PAGE 193
Priv Exec command 4 disable Priv Exec command Turns off the privileged mode command Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax disable Parameters None Example RFController#disable RFController> Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 191
PAGE 194
4 Priv Exec command edit Priv Exec command Edits a text file Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax edit Parameters Name of the file to be modified Example RFController#edit startup-config GNU nano 1.2.
PAGE 195
Priv Exec command 4 enable Priv Exec command Turns on the privileged mode command Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax enable Parameters None Example RFController#enable RFController# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 193
PAGE 196
4 Priv Exec command erase Priv Exec command Erases a target filesystem Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax erase [nvram:|flash:|startup-config|usb1:|usb2:|cf:] Parameters nvram: Erases everything in nvram flash: Erases everything in flash startup-config Resets the configuration to factory default usb1: Erases everything in usb1 usb2: Erases everything in usb2 cf: Erases everything in cf Example
PAGE 197
Priv Exec command 4 halt Priv Exec command Stops (halts) the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax halt Parameters None Example RFController#halt Wireless Controller will be halted, do you want to continue? (y/n): y Do you want to save current configuration? (y/n/d): y [OK] Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 195
PAGE 198
4 Priv Exec command kill Priv Exec command Kills (terminates) a specified session and stops (halts) the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax • kill session <1-16> session Active session (16 active sessions can be terminated) Example Telnet to controller [xyz@xyz xyz]$ telnet 157.235.208.93 Trying 157.235.208.93... Connected to 157.235.208.93 (157.235.208.93). Escape character is '^]'.
PAGE 199
Priv Exec command 4 logout Priv Exec command Exits the EXEC mode and stops (halts) the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax logout Parameters None Example RFController#logout RFController release 4.3.0.0 Login as 'cli' to access CLI.
PAGE 200
4 Priv Exec command mkdir Priv Exec command Creates a new directory in the filesystem Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax mkdir
Parameters Directory name Example RFController#mkdir TestDIR RFController# 198 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 201
Priv Exec command 4 more Priv Exec command Displays the contents of a file Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax more Parameters Displays the contents of the file Example RFController#more flash:/log/messages.
PAGE 202
4 Priv Exec command radio on AP 00-A0-F8-BF-8A-A2 adopted Sep 08 12:29:12 2010: %MOB-6-MUADD: Station 00 -0F-3D-E9-A6-54: Added to Mobility Database Sep 08 12:29:12 2010: %CC-6-STATIONASSOC: 200 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 203
Priv Exec command 4 page Priv Exec command Toggles controller paging. Enabling this command displays the command output page by page instead of running the entire output at once.
PAGE 204
4 Priv Exec command ping Priv Exec command Send (transmits) ICMP echo messages Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ping {} Parameters Sets the ping destination address or hostname Example RFController#ping 157.235.208.39 PING 157.235.208.39 (157.235.208.39): 100 data bytes 128 bytes from 157.235.208.39: icmp_seq=0 ttl=64 time=2.3 128 bytes from 157.235.208.39: icmp_seq=1 ttl=64 time=0.
PAGE 205
Priv Exec command 4 pwd Priv Exec command View the contents of the current directory Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax pwd Parameters None Example RFController#pwd flash:/ RFController# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 203
PAGE 206
4 Priv Exec command quit Priv Exec command Exits the current mode and moves to the previous mode Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax quit Parameters None Example RFController#quit RFController release 4.3.0.0 Login as 'cli' to access CLI.
PAGE 207
Priv Exec command 4 reload Priv Exec command Halts the controller and performs a warm reboot Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax reload Parameters None Example RFController#reload Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 205
PAGE 208
4 Priv Exec command rename Priv Exec command Renames a file in the existing filesystem Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax rename Parameters Specifies the file to rename. The first is the old file name. The second is the new file name.
PAGE 209
Priv Exec command 4 rmdir Priv Exec command Deletes an existing file from the file system Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax rmdir
Parameters Defines the name of the directory to delete Example RFController#rmdir flash:/NewTestDir/ RFController#DIR Directory of flash:/ drwx drwx drwx -rw-rwdrwx -rw-rw-rw-rw-rw-rw- 1024 120 1024 14271 14271 1024 3426 13163 80898 65015 65154 32 Wed Wed Thu T
PAGE 210
4 Priv Exec command telnet Priv Exec command Opens a telnet session Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax telnet {} Parameters telnet {} Defines the IP address or hostname of a remote system • - Optional. Displays TCP Port Number Example RFController#telnet 157.111.222.33 Entering character mode Escape character is '^]'. Red Hat Linux release 9 (Shrike) Kernel 2.4.
PAGE 211
Priv Exec command 4 terminal Priv Exec command Sets the length/number of lines displayed within the terminal window Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax terminal [length <0-512>|no [length <0-512>|width]| width <0-512>] Parameters length <0-512> Sets the number of lines on a screen • <0-512> – Number of lines on a screen no [length <0-512>| width] Negates a command or sets its defaults • length <0-512> –
PAGE 212
4 Priv Exec command traceroute Priv Exec command Traces a route to a destination Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax traceroute [[|]|ip [|]] Parameters [|] Traces the route to a destination IP address or a hostname ip [|] IP trace to a destination IP address or a hostname Example RFController#traceroute 157.222.333.33 traceroute to 157.235.208.
PAGE 213
Priv Exec command 4 upgrade Priv Exec command Upgrades the software image Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax upgrade {background} Parameters Location of the target firmware image used in upgrade background Optional. Specifies that the upgrade should occur in the background. Example RFController#upgrade tftp://157.235.208.
PAGE 214
4 Priv Exec command hda1, internal journal. Creating LILO files Running LILO Successful Jan 08 15:58:46 2009: %FWU-6-FWUDONE: Firmware update successful, new version is 4.3.0.
PAGE 215
Priv Exec command 4 upgrade - abort Priv Exec command Aborts an ongoing upgrade process Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax upgrade-abort Parameters None Example RFController#upgrade-abort Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 213
PAGE 216
4 Priv Exec command write Priv Exec command Writes the running configuration to memory or a terminal Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax write [memory|terminal] Parameters memory Writes to NV memory terminal Writes to terminal Example RFController#write terminal ! ! configuration of RFController version 4.3.0.0 version 1.
PAGE 217
Priv Exec command 4 format Priv Exec command Formats file system Supported in the following platforms: • Mobility RFS7000 Controller NOTE This command is not supported on the Mobility RFS4000 Controller and on the Mobility RFS6000 Controller.
PAGE 218
4 216 Priv Exec command Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 219
Chapter 5 Global Configuration Commands In this chapter • Global Configuration commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 The term global is used to indicate characteristics or features effecting the system as a whole. Use the Global Configuration Mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols).
PAGE 220
5 Global Configuration commands TABLE 5 218 Global Config Commands Command Description Ref.
PAGE 221
Global Configuration commands TABLE 5 5 Global Config Commands Command Description Ref.
PAGE 222
5 Global Configuration commands aaa Global Configuration commands Configures the current Authentication, Authorization and Accounting (AAA) login settings Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax aaa [authentication|nas|vpn-authentication] aaa authentication login default [local|none|radius] aaa nas aaa vpn-authentication [primary|secondary] key [0 |2 |] {authport <1024-65535>
PAGE 223
Global Configuration commands 5 access-list Global Configuration commands Adds an Access List (ACL) entry. Use the access-list command (under Global Configuration) to configure the access list mechanism for filtering frames by protocol type or vendor code. ACLs control access to the network through a set of rules. Each rule specifies an action which is taken when a packet matches it within the given set of rules.
PAGE 224
5 Global Configuration commands access-list [<100-199>|<2000-2699>] [deny|permit|mark] [tcp|udp] [|any|host ] {eq |range } [] {eq } {range } {log} {rule-precedence <1-5000>} NOTE Using access-list [<100-199>|<2000-2699>] moves you to the (config-ext-nacl) instance. For additional information, see Extended ACL Instance on page 449.
PAGE 225
Global Configuration commands 5 Parameters access-list [<1-99>|<1300-1999>] [permit|deny] [|any| host ] {[rule-precedence <1-5000> {log}|log]} Adds a standard access list entry.
PAGE 226
5 Global Configuration commands access-list [<100-199>|<2000-269 9>] [permit|deny] [icmp|ip|tcp|udp] [|any| host ] {[rule-precedence <1-5000> {log}|log]} Adds an Extended IP access list entry. access-list [<100-199>|<2000-269 9>] mask [8021p <0-7>|dscp <0-63>|tos <0-255>] [icmp|ip|tcp|udp] [|any| host ] {[rule-precedence <1-5000> {log}|log]} Adds an Extended IP access list entry.
PAGE 227
Global Configuration commands 5 • When the access list is applied on an Ethernet port, it becomes a port ACL • When the access list is applied on a VLAN interface, it becomes a router ACL • When the access list is applied on a WLAN index, it becomes a WLAN ACL A MAC access list (to allow arp), is mandatory for both port and WLAN ACL’s. For more information on how to configure a MAC access list, see permit on page 499.
PAGE 228
5 Global Configuration commands autoinstall Global Configuration commands Autoinstalls the controller image Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax autoinstall [clear-config-history|cluster-config|config| image|reset-config|start] autoinstall [clear-config-history|reset-config|start] autoinstall [cluster-config|config] {url } autoinstall image {[url |version ]} 226 Brocade Mobility RFS4000,
PAGE 229
Global Configuration commands 5 Parameters clear-config-history cluster-config {url } Autoinstalls a clear configuration history, resulting in a reversion. Autoinstalls a cluster-config setup. url – Optional.
PAGE 230
5 Global Configuration commands banner Global Configuration commands Defines a login banner for the controller. Use {no} banner to delete a previously configured banner. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax {no} banner motd [|default] Parameters motd [| default] Sets the message of the day (MOTD) banner. is the custom message to be displayed.
PAGE 231
Global Configuration commands 5 boot Global Configuration commands Reboots the controller with an image in the mentioned partition (either the primary or secondary partition) Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax boot system [primary|secondary] Parameters system [primary|secondary] Specifies the boot image used after reboot primary – Specifies the primary image secondary – Specifies the secondary image • •
PAGE 232
5 Global Configuration commands bridge Global Configuration commands Configures bridge specific commands Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The interfaces mentioned below are supported in the following platforms: - ge – Mobility RFS4000 Controller and Mobility RFS4000 Controller support 4 GEs and Mobility RFS6000 Controller supports 8 GEs - sa <1-4> – Supported on Mobility RFS7000 Controller - sa <1-
PAGE 233
Global Configuration commands 5 Parameters bridge address [discard|forward] [|ge <1-8>| me1|sa <1-4>|up1| vlan <1-4094>] bridge ageing-time [0|<10-1000000>] multiple-spanning-tree enable Bridge groups available for bridging. – Bridge group value between 1 and 32 address – Unique hardware address in the HHHH.HHHH.HHHH format • [discard|forward] – Either discard or forward the interface on which the configured rule is applied.
PAGE 234
5 Global Configuration commands country-code Global Configuration commands Sets the country of operation Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax {no} country-code Parameters A two (2) letter ISO-3166 country code. To view country codes, use the show wireless country-code-list command. Usage Guidelines {no} country-code erases all existing radio configuration.
PAGE 235
Global Configuration commands 5 crypto Global Configuration commands Use crypto to define system level local ID for ISAKMP negotiation and to enter the ISAKMP Policy, ISAKMP Client or ISAKMP Peer command set. NOTE crypto isakmp(policy)Priority moves to the config-crypto-isakmp instance. For more information, see Crypto-isakmp Instance on page 327. crypto isakmp client configuration group default moves you to the config-crypto-group instance. For more details, see Crypto-group Instance on page 341.
PAGE 236
5 Global Configuration commands crypto key generate rsa <1024-2048> crypto key import rsa {} crypto key zeroize rsa crypto map <1-1000> [ipsec-isakmp|ipsec-manual] {dynamic} crypt pki [authenticate|enroll|export|import|trustpoint] crypto pki authenticate [terminal|] crypto pki enroll [request|self-signed] crypto pki export [request|trustpoint] cry
PAGE 237
Global Configuration commands 5 Parameters ipsec (security-association| transform-set) isakmp [client|keepalive|key| peer|policy] Configures IPSEC policies. security-association – Defines the security association parameter used to define its lifetime • lifetime (kilobyte | seconds) – The lifetime of IPSEC security association. It can be defined in either: kilobytes – Volume-based key duration, the minimum is 500 KB and maximum is 2147483646 KB .
PAGE 238
5 Global Configuration commands key [export|generate|import| zeroize] 236 Authentication key management functions.
PAGE 239
Global Configuration commands 5 Usage Guidelines Follow the table to calculate how many character are required to add the key size for authentication and encryption. This is used while configuring Manual IPSEC only. For example, To create a key with authentication type as ESP-SHA and encryption type as AES-192, enter 20+16=36 characters. The key size for all the 3 different AES combinations is 128 bits or 16 bytes.
PAGE 240
5 Global Configuration commands RFController(config-if)#show running-config ! ! configuration of Mobility RFS6000 Controller version 4.3.0.0 ! ! aaa authentication login default none service prompt crash-info ! username "admin" password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username "admin" privilege superuser username "operator" password 1 fe96dd39756ac41b74283a9292652d366d73931f ! ! access-list 30 deny 11.1.1.0/24 log rule-precedence 10 access-list 101 permit ip 12.1.1.0/24 10.1.1.
PAGE 241
Global Configuration commands 5 set session-key out esp 258 cipher 12345678901234567890123456789012345678901234 authenticator 12345678901234567890123456789012345678901234 match address 101 set transform-set tfset-manual ! ............................................................. ............................................................. interface vlan11 ip address 11.1.1.2/24 crypto map manual ! ............................................................. ..........................................
PAGE 242
5 Global Configuration commands RFController(config-trustpoint)#? Trustpoint Config commands: clrscr Clears the display screen company-name Company Name(Applicable only for request) email email end End current mode and change to EXEC mode exit End current mode and down to previous mode fqdn Domain Name Configuration help Description of the interactive help system ip-address Internet Protocol (IP) no Negate a command or set its defaults password Challenge Password(Applicable only for request) rsakeypair Rs
PAGE 243
Global Configuration commands 5 In case the client is VPN enabled, it initiates a connection with the VPN server on our controller, the “conversation” that occurs between the peers consists of device authentication via Internet Key Exchange (IKE), followed by user authentication using IKE Extended Authentication (Xauth), push client relate configuration (using Mode Configuration), and IPsec security association (SA) creation.
PAGE 244
5 Global Configuration commands RFController(config)#crypto isakmp client configuration group default RFController(config-crypto-group)#dns 10.1.1.1 RFController(config-crypto-group)#wins 10.1.1.1 5. Specify the authentication type. RFController(config)# aaa vpn-authentication local RFController(config)# local username harry password brocade123 6. Create a transform set. RFController(config)#crypto ipsec transform-set windows esp-3des esp-sha-hmac RFController(config-crypto-ipsec)#mode transport 7.
PAGE 245
Global Configuration commands 5 1. Configuration required on controller 1: a. Create an extended ACL. This is used to define the tunnel used by the traffic. RFController(config)#access-list 150 permit ip 12.1.1.0/24 13.1.1.0/24 rule-precedence b. Create and configure ISAKMP parameters. RFController(config)#crypto isakmp keepalive 10 RFController(config)#crypto isakmp key ADBROCADE address 15.1.1.20 RFController(config)#crypto ipsec security-association lifetime kilobytes 4608000 c.
PAGE 246
5 Global Configuration commands RFController(config)#crypto isakmp policy 100 RFController(config-crypto-isakmp)#encryption aes RFController(config-crypto-isakmp)#hash sha RFController(config-crypto-isakmp)#authentication pre-share RFController(config-crypto-isakmp)#group 5 RFController(config-crypto-isakmp)#lifetime 9496 d. Create and configure IPSec an transform set.
PAGE 247
Global Configuration commands 5 do Global Configuration commands Runs commands from either the User Exec or Priv Exec mode Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax do Parameters None Example RFController(config)#do ping 157.235.208.69 PING 157.235.208.69 (157.235.208.69): 100 data bytes 128 bytes from 157.235.208.69: icmp_seq=0 ttl=64 time=0.1 128 bytes from 157.235.208.
PAGE 248
5 Global Configuration commands end Global Configuration commands Ends the current mode and changes to the EXEC mode Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax end Parameters None. Example RFController(config)#end RFController#? Priv Exec commands: acknowledge Acknowledge alarms archive Manage archive files autoinstall autoinstall configuration command cd Change current directory .................................
PAGE 249
Global Configuration commands 5 errdisable Global Configuration commands Enables the timeout mechanism for the port to be enabled back after an error Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax errdisable recovery [cause bpduguard|interval <10-1000000>] Parameters recovery [cause bpduguard| interval <10-1000000>] Enables the timeout mechanism for the port to recover after an error.
PAGE 250
5 Global Configuration commands ftp Global Configuration commands Configures the controller as an FTP server Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ftp ftp ftp ftp [enable|password|rootdir|username] password [0 |1 |] rootdir
username Parameters enable Enables the FTP server password [0 | 1 |] Configures the FTP password.
PAGE 251
Global Configuration commands 5 hostname Global Configuration commands Changes the system’s network name Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax hostname Parameters The name of the controller.
PAGE 252
5 Global Configuration commands interface Global Configuration commands Configures a selected interface This command is used to enter the interface configuration mode for the specified physical Controller Virtual Interface (SVI) interface. If the VLANx (SVI) interface does not exist, it is automatically created.
PAGE 253
Global Configuration commands 5 Parameters The name of the interface that is selected. ge <1-8> Gigabit Ethernet interface (4 for Mobility RFS7000 Controller and 8 for Mobility RFS6000 Controller) me1 Fast Ethernet interface sa <1-4> Static Aggregate interface (in Mobility RFS7000 Controller only) up1 WAN interface (in Mobility RFS6000 Controller only) vlan <1-4094> Defines the VLAN interface Usage Guidelines Use the no interface to delete the specified SVI.
PAGE 254
5 Global Configuration commands ip Global Configuration commands Configures a selected Internet Protocol (IP) component Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE Using access-list extended moves you to the (config-ext-nacl) instance. For more information, see Chapter 14, Extended ACL Instance. Using access-list standard moves you to the (config-std-nacl) instance.
PAGE 255
Global Configuration commands 5 ip http-https [inactivity-timeout <1-1440>| max-simultaneous-sessions-per-user <1-100>] ip igmp snooping {[querier|unknown-multicast-fwd|vlan]} ip igmp snooping {querier {[address|max-response-time| query-interval|timer|version]}} ip igmp snooping {querier {address }} ip igmp snooping {querier {max-response-time <1-25>}} ip igmp snooping {querier {query-interval <1-18000>}} ip igmp snooping {querier {timer expiry <60-300>}} ip igmp snooping {querier {version <1-3>}} ip
PAGE 256
5 Global Configuration commands Parameters ip access-list extended [<100-199|<2000-2699>| ] ip access-list standard [<1-99>|<1300-1999>|] default-gateway 254 Using the access list parameter options to enter the ext-nacl context and the std-nacl context. The prompt changes to the context entered.
PAGE 257
Global Configuration commands local pool default low-ip-address {high-ip-address } 5 Sets the VPN local IP pool configuration pool default low-ip-address {high-ip-address } – Specifies the address range for the default group tag • low-ip-address – Specifies the lowest range for IP address assignment • high-ip-address – Optional. Specifies the highest range for IP address assignment • name-server Specifies the DNS server for the DHCP client.
PAGE 258
5 Global Configuration commands route [ |] 256 Adds a static route entry in the routing table.
PAGE 259
Global Configuration commands • igmp snooping {[querier|unknown-multicas t-fwd|vlan]} 5 tcp -max-incomplete –Configures the maximum half-open TCP connections in the system • high <1-1000> – Sets the upper threshold value between 1 and 1000 • low <1 - 1000> – Sets the lower threshold value between 1 and1000 Configures IGMP Snooping parameters. • unknown-multicast-fwd – Optional.
PAGE 260
5 Global Configuration commands • dhcpclass – DHCP User Class instance. For more information, see Chapter 18, DHCP Class Instance • Clear the IP DHCP Binding using the clear command NOTE To delete Standard/Extended and MAC ACL use no access-list under the Global Config mode. Usage Guidelines To create a DHCP User Class: Create a DHCP class Create a USER class named MC800. The privilege mode changes to (config-dhcpclass).
PAGE 261
Global Configuration commands 5 license Global Configuration commands Adds a feature license Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax license Parameters The feature for which the license is to be added The license key for the feature.
PAGE 262
5 Global Configuration commands line Global Configuration commands Configures the terminal line Opens the config-line mode, where you can configure the various parameters for the selected terminal.
PAGE 263
Global Configuration commands 5 local Global Configuration commands Sets the username and password for local user authentication Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax local username password [|0 | 2 ] Parameters username The username. A character string of up to 64 characters password The password for the selected username .
PAGE 264
5 Global Configuration commands logging Global Configuration commands Modifies message logging facilities Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax logging [aggregation-time|buffered|cli-commands|console|facility| host|monitor|on|snmp-set|syslog] logging aggregation-time <1-60> logging [buffered|console|monitor|syslog] [<0-7>|alerts| critical|debugging|emergencies|errors|informational| notifications|warnings] log
PAGE 265
Global Configuration commands 5 Parameters aggregation-time <1-60> buffered [<0-7>|alerts| critical|debugging| emergencies|errors| informational| notifications|warnings] Sets the number of seconds for aggregating repeated messages. The value can be configured between 1-60 seconds.
PAGE 266
5 Global Configuration commands Aggregation time: 30 seconds Console logging: level warnings Monitor logging: level emergencies Buffered logging: level warnings Syslog logging: level notifications Facility: local4 Log Buffer (75 bytes): June 22 11:21:56 2010: %PM-6-PROCSTART: Starting Process “/usr/sbin/thttpd” RFController(config)# 264 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 267
Global Configuration commands 5 mac Global Configuration commands Configures MAC access lists (goes to the MAC ACL mode) For more information on this mode, see Chapter 16, Extended MAC ACL Instance.
PAGE 268
5 Global Configuration commands mac-address-table Global Configuration commands Configures the MAC address table Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax mac-address-table aging-time [0|<10-1000000>] Parameters aging-time [0|<10-1000000>] The duration for which a learned mac address persists after the last update • 0 – Disables aging • <10-1000000> – Sets the aging time in seconds Example RFController(config)
PAGE 269
Global Configuration commands 5 mac-name Global Configuration commands Sets a name to the MAC address Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax mac-name Parameters The MAC address to set a ease-of-use name for. Sets the name to the MAC address for ease of use. must be configured following the DNS naming convention.
PAGE 270
5 Global Configuration commands management Global Configuration commands Sets management interface properties Limits local access (through web/telnet) to management interfaces only. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax management secure Parameters secure Limits local access (Web/Telnet etc.) to the management interface.
PAGE 271
Global Configuration commands 5 ntp Global Configuration commands Configure Network Time Protocol (NTP) values Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ntp [access-group|authenticate|authentication-key|autokey| broadcast|broadcastdelay|master|peer|server|trusted-key] ntp access-group [peer|query-only|serve|serve-only] [<1-99>|<100-199>|<1300-1999>|<2000-2699>] ntp authenticate ntp authentication-key md5 [0
PAGE 272
5 Global Configuration commands Parameters access-group [peer|query-only|serve| serve-only] [<1-99>| <100-199>|<1300-1999> | <2000-2699>] • • • • authenticate Authenticates time sources. authentication-key md5 [0 | 2 |] • autokey [client-only|host] broadcast [client|destination] Controls NTP access.
PAGE 273
Global Configuration commands • • server trusted-key <1-65534> 5 prefer {version <1-4>} – Sets the preference for autokey. Optionally set the NTP version to use version <1-4> {prefer} – Sets the NTP version to use. Optionally set this peer as preferred peer Configures the NTP server. – Sets the IP address or name of the peer autokey {[prefer {version <1-4>}|version <1-4> {prefer}]} – Configures an autokey peer authentication scheme • prefer – Optional.
PAGE 274
5 Global Configuration commands RFController(config)#ntp peer TestPeer key 20 prefer ? version Configure NTP version RFController(config)#ntp peer TestPeer key 20 prefer version ? <1-4> NTP version number RFController(config)#ntp peer TestPeer key 20 prefer version 2 Invalid server name "TestPeer" provided.
PAGE 275
Global Configuration commands 5 prompt Global Configuration commands Configures and sets the systems prompt Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax prompt Parameters Enter the new prompt displayed by the system. The following operational modifiers are available.
PAGE 276
5 Global Configuration commands radius-server Global Configuration commands Enters the RADIUS server mode, the system prompt changes from the default config mode to the RADIUS server mode Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE radius-server local mode takes you to the RADIUS server context. For more details see Chapter 19, Radius Server Instance.
PAGE 277
Global Configuration commands 5 ratelimit Global Configuration commands Configures rate limit parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ratelimit [arp|bcast|mcast|ucast] [<0-7>|alerts|critical| debugging|emergencies|errors|informational|notifications| warnings] Parameters ratelimit [arp|bcast|mcast|ucast] [<0-7>|alerts|critical| debugging|emergencies| errors|informational| notifications|warnings] Set
PAGE 278
5 Global Configuration commands redundancy Global Configuration commands Configures redundancy group parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax redundancy [auto-revert|auto-revert-period| critical-resource-ip|dhcp-server|discovery-period| dynamic-ap-load-balance|enable|group-id|handle-stp| heartbeat-period|hold-period|interface-ip|manual-revert| member-ip|mode] redundancy redundancy redundancy redundanc
PAGE 279
Global Configuration commands 5 Parameters auto-revert enable Enables auto-revert. auto-revert-period <1-1800> Sets the redundancy auto-revert delay interval in minutes. The default is 5 minutes. critical-resource-ip Sets critical resource IP address. • – IP address of the critical resource dhcp-server enable Enables the DHCP redundancy protocol. discovery-period <10-60> Sets the redundancy discovery interval in seconds. The default is 30 seconds.
PAGE 280
5 Global Configuration commands role Global Configuration commands Configures role parameters NOTE Opens the role configuration mode (config-role) to enable further configuration of the role. For Avance Security Licence must be installed for Role Based Firewall to work. Please contact customer support to purchase license for the same.
PAGE 281
Global Configuration commands 5 encryption-type any ap-location any essid any client-mac any group any role default-role 10001 authentication-type any encryption-type any ap-location any essid any client-mac any group any Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 279
PAGE 282
5 Global Configuration commands rtls Global Configuration commands Configures Real Time Location System (RTLS) parameters This enables the Controller to provide complete visibility to the location of assets and thereby enabling location based service. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE rtls command instantiates (config-rtls) instance. For more details see Chapter 21, RTLS Instance.
PAGE 283
Global Configuration commands 5 service Global Configuration commands Retrieves system data (tables, log files, configuration, status and operation) for debugging and problem resolution Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller To view the service command of User Exec and Priv Exec Mode, refer to Chapter 2, service command.
PAGE 284
5 Global Configuration commands Parameters advanced-vty Enables advanced mode vty interface dhcp Enables the DHCP server service diag [enable|limit|period| tech-support-period| tech-support-url] password-encryption secret 2 pm sys-restart Services diagnostics configuration. enable – Enable in service diagnostics limit – Displays diagnostic limit command period <100-30000> – Sets diagnostics period tech-support-period <10-10080> – Sets the tech support period.
PAGE 285
Global Configuration commands 5 NOTE The no service password-encryption command used to disable the encryption, now requires the user to know the old password. The user will have to enter the old password to disable the encryption. Earlier, using no service password-encryption disabled the encryption and show running config displayed the passwords as plaintext. Now, the user has to user no service password-encryption to disable or change the password.
PAGE 286
5 Global Configuration commands smtp-notification Global Configuration commands Modifies SMTP notification parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax smtp-notification [authenticate|enable|password|port|prefix| recipient|sender|smtp-server-address|user] smtp-notification authentication enable smtp-notification enable {traps [all|dhcp-server| diagnostics|miscellaneous|mobility|nsm|radius-server| redundan
PAGE 287
Global Configuration commands 5 deniedAssociationOnRates|deniedAssociationOnShortPream| deniedAssociationOnSpectrum|deniedAssociationOnSSID| deniedAuthentication|disassociated|radiusAuthFailed| tkipCounterMeasures|vlanChanged]} smtp-notification enable traps wireless wlan {[vlanUserLimitReached|webPortalUnavailable| webPortalUnreachable|webPortalUnconnected]} smtp-notification smtp-notification smtp-notification smtp-notification smtp-notification smtp-notification smtp-notification password 0
PAGE 288
5 Global Configuration commands Parameters authenticate enable enable traps [all| dhcp-server|diagnostics| miscellaneous|mobility| nsm|radius-server| redundancy|snmp |wireless] Enables SMTP Server authentication. Enables SMTP notification for traps.
PAGE 289
Global Configuration commands • • • • 5 nsm [dhcpIPChanged] – Enables nsm traps and changes the DHCP IP radius-server [radiusServerDown|radiusServerUp] – Enables radius-server traps • radiusServerDown – Radius Server is down • radiusServerUp – Radius Server is up redundancy [adoptionExceeded|criticalResourceDown| criticalResourceUp|grpAuthLevelChanged|memberDown| memberMisConfigured|memberUp] – Enables redundancy traps • adoptionExceeded – Redundancy port adoption exceeded • criticalResourceDown – Redu
PAGE 290
5 Global Configuration commands • 288 wireless [ap-detection|ids|radio|self-healing|station| wlan] – Enables wireless traps • ap-detection [externalAPDetected| externalAPRemoved] – Enables wireless AP detection traps • externalAPDetected – Detects an external AP • externalAPRemoved – Removes an external AP • id [muExcessiveEvents|radioExcessiveEvents| controllerExcessiveEvents] – Enables wireless IDS traps • muExcessiveEvents – Excessive and Anomaly Client events • radioExcessiveEvents – Excessive radio
PAGE 291
Global Configuration commands • • • • • • • • • • • • • • • 5 associated – Wireless station associated deniedAssociationAsPortCapacity Reached – Wireless station denied association due to port capacity reached deniedAssociationOnCapability – Wireless station denied association due to unsupported capability deniedAssociationOnErr – Wireless station denied association due to internal error deniedAssociationOnInvalidWPAWPA2IE – Wireless station denied association due to invalid/absent WPA/WPA2 IE deniedAsso
PAGE 292
5 Global Configuration commands Example RFController(config)#smtp-notification enable RFController(config)#smtp-notification enable traps dhcp-server dhcpServerDown RFController(config)#snmp-notification recipient 1 admin@serveradmin.
PAGE 293
Global Configuration commands 5 snmp-server Global Configuration commands Modifies SNMP engine parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax snmp-server [community|contact|enable|engine-id|host| location|manager|periodic-heartbeat-interval|sysname|user] snmp-server community [ro|rw] snmp-server contact snmp-server enable traps {[all|dhcp-server|diagnostics| miscellaneous
PAGE 294
5 Global Configuration commands deniedAssociationOnRates|deniedAssociationOnShortPream| deniedAssociationOnSpectrum|deniedAssociationOnSSID| deniedAuthentication|disassociated|radiusAuthFailed| tkipCounterMeasures|vlanChanged]} snmp-server enable traps wireless wlan {[vlanUserLimitReached|webPortalUnavailable| webPortalUnreachable|webPortalUnconnected]} snmp-server enable traps wireless-statistics [mesh| min-packets|wireless-client|radio|wireless-controller|wlan] snmp-server enable traps wireless-statisti
PAGE 295
Global Configuration commands 5 Parameters community Sets the community string and access privileges.
PAGE 296
5 Global Configuration commands enable traps nsm {dhcpIPChanged} enable traps radius-server {[radiusServerDown| radiusServerUp]} enable traps redundancy {[adoptionExceeded| criticalResourceUp| grpAuthLevelChanged| memberDown| memberMisConfigured| memberUp| criticalResourceDown]} 294 Enables nsm traps. dhcpIPChanged – DHCP IP changed • Enables radius-server traps. radiusServerDown – RADIUS server down radiusServerUp – RADIUS server up • • Enables redundancy traps.
PAGE 297
Global Configuration commands enable traps snmp {[authenticationFail| linkdown|linkup| coldstart]} enable traps wireless {[ap-detection|ids| radio|self-healing| station|wlan]} 5 Enables SNMP traps. authenticationFail – Enables authentication failure trap • coldstart – Enables coldStart trap • linkdown – Enables linkDown trap • linkup – Enables linkUp trap • Enables wireless traps.
PAGE 298
5 Global Configuration commands • • • • • • • • • • • • • • 296 associated– Wireless station associated deniedAssociationAsPortCapacityReached – Wireless station denied association - port capacity reached deniedAssociationOnCapability – Wireless station denied association due to unsupported capability deniedAssociationOnErr – Wireless station denied association due to internal error deniedAssociationOnInvalidWPAWPA2IE – Wireless station denied association due to invalid/absent WPA/WPA2 IE deniedAssociat
PAGE 299
Global Configuration commands snmp-server enable traps wireless-statistics [mesh| min-packets|wireless-client| radio|wireless-controller|wlan] 5 Modifies wireless-stats rate traps.
PAGE 300
5 Global Configuration commands • • engineid [netsnmp {}| text ] 298 min-packets <1-65535> – Minimum packets required for sending the trap • <1-65535> – Defines the minimum packets for sending the trap.
PAGE 301
Global Configuration commands sysname The SNMP system name. user [snmpmanager| snmpoperator|snmptrap] • 5 Defines a user who can access the SNMP engine.
PAGE 302
5 Global Configuration commands RFController(config)# RFController(config)#snmp-server location "Located at thh 5th FLoor" RFController(config)# RFController(config)#snmp-server sysname "Gold Mine" RFController(config)# RFController(config)#snmp-server periodic-heartbeat-interval 120 RFController(config)# RFController(config)#snmp-server engineid netsnmp RFController(config)# 300 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 303
Global Configuration commands 5 spanning-tree Global Configuration commands Configures spanning-tree commands Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax spanning-tree [mst|portfast] spanning-tree mst [<0-15> priority <0-61440>| cisco-interoperability [enable|disable]|configuration| forward-time <4-30>|hello-time <1-10>|max-age <6-40>| max-hops <7-127>] spanning-tree portfast [bpdufilter|bpduguard] default Brocade
PAGE 304
5 Global Configuration commands Parameters mst [<0-15> priority <0-61440>| cisco-interoperability [enable|disable]| configuration| forward-time <4-30>| hello-time <1-10>| max-age <6-40>| max-hops <7-127>] 302 Enables the Multiple Spanning Tree Protocol on a bridge. <0-15> priority <0-61440> – Set the bridge priority for an MST instance to the value specified.
PAGE 305
Global Configuration commands • • portfast [bpdufilter|bpduguard] default 5 max-age <6-40> – Max-age is the maximum time in seconds for which (if a bridge is the root bridge) a message is considered valid. This prevents the frames from looping indefinitely. The value of max-age must be greater than twice the value of hello time plus one, but less than twice the value of forward delay minus one. The permissible range for max-age is 6-40 seconds.
PAGE 306
5 Global Configuration commands timezone Global Configuration commands Configures controller timezone settings Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax timezone Parameters Press to traverse a list of files. This displays a list of files containing timezone information.
PAGE 307
Global Configuration commands 5 traffic-shape Global Configuration commands Optimizes network traffic Supported in the following platforms: • Mobility RFS7000 Controller NOTE This command is not supported on the Mobility RFS4000 Controller and on the Mobility RFS6000 Controller.
PAGE 308
5 Global Configuration commands Parameters class max-buffers ... red-level ... class max-buffers ... red-percent ... class max-latency ... [msec|usec] class rate {[Kbps|Mbps|bps]} Traffic shaping packet class. Select an identifier between 1-4. Traffic shaping also uses queues numbered 0-7.
PAGE 309
Global Configuration commands 5 6 7 | | | 5 3 6 4 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 307
PAGE 310
5 Global Configuration commands username Global Configuration commands Establishes user name authentication Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax username [access|password|privilege] username access [console|ssh|telnet|web] username password [0 |1 | ] username privilege [helpdesk|monitor|nwadmin| superuser|sysadmin|webadmin] Parameters Enter a
PAGE 311
Global Configuration commands 5 Encrypting a Password To encrypt a password: 1. Enable password encryption and provide the passphrase required for encrypting the passwords. RFController(config)#service password-encryption secret 2 Brocade RFController(config)#username Jiri password admin 2. On completion of the above step, all the passwords, crypto keys, shared secrets etc are displayed in an encrypted format in the running/startup configuration.
PAGE 312
5 Global Configuration commands vpn Global Configuration commands Configures VPN authentication settings Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax vpn authentication-method [local|radius] Parameters authentication-method [local|radius] Selects the authentication scheme.
PAGE 313
Global Configuration commands 5 wireless Global Configuration commands Configures controller wireless parameters This command moves you to the config-wireless instance. For more information, see Chapter 20, Wireless Instance.
PAGE 314
5 Global Configuration commands wlan-acl Global Configuration commands Applies an ACL on a WLAN index Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax wlan-acl <1-256> [<1-99>|<100-199>|<1300-1999>| <2000-2699>|] [in|out] Parameters <1-32> [<1-99>|<100-199>|<130 0|1999>|<2000|2699>| word] [in|out] WLAN number <1-99> — IP standard access list <100-199> — IP extended access list <1300-1999> — IP standard acces
PAGE 315
Global Configuration commands 5 NOTE All ACLs which had WLAN index are now replaced with ones that don't have WLAN index. In the above process, the acl "110" had two rules which got replaced by only one rule because after removal of WLAN index selector, both the rules look similar. Follow the procedure below to manually upgrade the ACLs to the same configuration: 1. If all the rules in ACL have same WLAN index as selector and there are no other ACL rules, then attach the ACL to the WLAN port.
PAGE 316
5 Global Configuration commands NOTE A MAC access list entry to allow arp is mandatory to apply an IP based ACL to an interface. MAC ACL always takes precedence over IP based ACL’s. The example below applies an ACL to WLAN index 200 in outbound direction from the global config mode.
PAGE 317
Global Configuration commands 5 network-element-id Global Configuration commands Use this command to set system’s network-element-ID Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax network-element-id Parameters Specifies system’s network element ID Example RFController(config)#network-element-id test RFController(config)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53
PAGE 318
5 Global Configuration commands firewall Global Configuration commands Use this command to set system’s network-element-ID Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax firewall [802.2-encapsulation|dhcp-snoop-conflict-detection|dhcp-snoop-conflict-loggin g|clamp|enable|flow|virtual-defrag|vlan-stacking] firewall enable firewall 802.
PAGE 319
Global Configuration commands 5 Parameters enable Enables the firewall for this controller. 802.2.-encapsulation permit Sets 802.2 packet encapsulation. • permit – Allow 802.2 packet encapsulations which can bypass the firewall.
PAGE 320
5 Global Configuration commands virtual-ip Global Configuration commands Displays virtual-ip configuration of the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax virtual-ip [|advt-timeout <1-5>|enable| garp-timeout <30-600>|learning-timeout <2-5>|priority|vmac] virtual-ip vlan <1-4096> virual-ip priority [<1-256>|auto] virual-ip vmac Parameters
PAGE 321
Global Configuration commands 5 Controller IP : 192.168.11.4 Controller Id : 192.168.11.4 Reserved VMAC Address Range : 00-15-70-88-8A-90 to 00-15-70-88-8B-8F DHCP Server status : Not Running on this Controller ================================================================= Vlan | Priority | ControllerID | VIP | VMAC ================================================================= 11 | 3232238340 | 192.168.11.4 | 192.168.11.
PAGE 322
5 Global Configuration commands wwan Global Configuration commands Configures wireless wan interface Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller NOTE This command is not supported on the Mobility RFS7000 Controller. Syntax wwan [apn|disable|enable|password |username] Parameters apn Enter the access point name provided by the service provider.
PAGE 323
Global Configuration commands 5 aap-wlan-acl Global Configuration commands Applies an acl on wlan for aap Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax aap-wlan-acl <1-256> [<100-199>|]{in/out} Syntax (Mobility RFS6000 Controller) aap-wlan-acl <1-32>[<100-199>|]{in/out} Parameters aap-wlan-acl <1-256> [<100-199>| {in|out} Applies an acl on wlan for an aap <1-256> – Displays wlan index <100-199> D
PAGE 324
5 Global Configuration commands arp Global Configuration commands Configures Address Resolution Protocol Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax arp [|ge <1-5>|sa <1-6>|up1|vlan <1-4094| wwan]{ } Parameters arp [|ge <1-5>|sa <1-6>|up1|vlan <1-4094| wwan] { } Configures address resolution protocol.
PAGE 325
Global Configuration commands 5 power Global Configuration commands Configures PoE commands Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller NOTE This command is not supported on the Mobility RFS7000 Controller.
PAGE 326
5 Global Configuration commands aap-ipfilter-list Global Configuration commands Applies ipfilter to WLAN/LAN Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE aap-ipfilter-list command initiates (config-aap-ip-filter-list) instance. For more details see Chapter 27, AAP IP Filtering. The prompt changes from RFController (config)# to RFController (config-aap-ipfilter).
PAGE 327
Global Configuration commands 5 whitelist Global Configuration commands White list is a list of host names and IP addresses that are permitted access by default. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE whitelist command instantiates (config-whitelist) instance.
PAGE 328
5 326 Global Configuration commands Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 329
Chapter 6 Crypto-isakmp Instance In this chapter • Crypto ISAKMP config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327 The (config-crypto-isakmp) instance is used to configure ISAKMP policies. To enter this instance, use this command: RFController(config)#crypto isakmp policy <1-10000> RFController(config-crypto-isakmp)# Crypto ISAKMP config commands Table 6 summarizes crypto-isakmp commands TABLE 6 Crypto-isakmp Instance Command Description Ref.
PAGE 330
6 Crypto ISAKMP config commands authentication Crypto ISAKMP config commands Authenticates rsa-sig and pre-share keys Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax authentication [pre-share|rsa-sig] Parameters pre-share pre shared key rsa-sig rsa signature Example RFController(config-crypto-isakmp)#authentication pre-share RFController(config-crypto-isakmp)# RFController(config-crypto-isakmp)#authentication rsa-
PAGE 331
Crypto ISAKMP config commands 6 clrscr Crypto ISAKMP config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None.
PAGE 332
6 Crypto ISAKMP config commands encryption Crypto ISAKMP config commands Configures the encryption level of the data transmitted using the crypto-isakmp command Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax encryption [3des|aes|aes-192|aes-256|des] Parameters 3des Triple data encryption standard aes Advanced data encryption standard aes-192 Advanced data encryption standard aes-256 Advanced data encryption st
PAGE 333
Crypto ISAKMP config commands 6 end Crypto ISAKMP config commands Ends and exits the current mode and changes to the PRIV EXEC mode. The prompt changes to RFController# Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax end Parameters None.
PAGE 334
6 Crypto ISAKMP config commands exit Crypto ISAKMP config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to RFController(config)# Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax exit Parameters None.
PAGE 335
Crypto ISAKMP config commands 6 group Crypto ISAKMP config commands Specifies the Diffie-Hellman group (1 or 2) used by the IKE policy to generate keys (which is then used to create an IPSec SA) Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax group [1|2|5] Parameters 1 Diffie-Hellman group 1 2 Diffie-Hellman group 2 5 Diffie-Hellman group 5 Usage Guidelines The local IKE policy and the peer IKE policy must have
PAGE 336
6 Crypto ISAKMP config commands hash Crypto ISAKMP config commands Specifies the hash algorithm used to authenticate data transmitted over the IKE SA Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax hash [md5|sha] Parameters md5 Choose the MD5 hash algorithm sha Choose the SHA hash algorithm Example RFController(config-crypto-isakmp)#hash sha RFController(config-crypto-isakmp)# 334 Brocade Mobility RFS4000, RFS60
PAGE 337
Crypto ISAKMP config commands 6 help Crypto ISAKMP config commands Displays the system’s interactive help system Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None. Example RFController(config-crypto-isakmp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 338
6 Crypto ISAKMP config commands lifetime Crypto ISAKMP config commands Specifies how long an IKE SA is valid before it expires Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax lifetime Parameters Specifies how many seconds an IKE SA lasts before it expires. A time stamp (in seconds) can be configured between 60 and 2147483646.
PAGE 339
Crypto ISAKMP config commands 6 no Crypto ISAKMP config commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [authentication|encryption|group|hash|lifetime] Parameters None.
PAGE 340
6 Crypto ISAKMP config commands service Crypto ISAKMP config commands Invokes service commands to troubleshoot or debug the (config-crypto-isakmp) instance configurations.
PAGE 341
Crypto ISAKMP config commands 6 show Crypto ISAKMP config commands Displays current system information running on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - stati
PAGE 342
6 Crypto ISAKMP config commands mac Internet Protocol (IP) mac-address-table Display MAC address table mac-name Displays the configured MAC names management Display L3 Managment Interface name mobility Display Mobility parameters ntp Network time protocol password-encryption Password encryption port Physical/Aggregate port interface port-channel Portchannel commands privilege Show current privilege level protocol-list List of protocols radius RADIUS configuration commands redundancy Display redundancy gro
PAGE 343
Chapter 7 Crypto-group Instance In this chapter • Crypto Group config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 The (config-crypto-group) instance configures the default group properties of the ISAKMP client.
PAGE 344
7 Crypto Group config commands clrscr Crypto Group config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-crypto-group)#clr RFController(config-crypto-group)# 342 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 345
Crypto Group config commands 7 dns Crypto Group config commands Specifies the DNS server address(es) to assign to a client Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax dns The first DNS server address to assign Example RFController(config-crypto-group)#dns-server 172.1.17.
PAGE 346
7 Crypto Group config commands end Crypto Group config commands Ends and exits the current mode and changes to the PRIV EXEC mode.
PAGE 347
Crypto Group config commands 7 exit Crypto Group config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 348
7 Crypto Group config commands help Crypto Group config commands Displays the system’s interactive help system Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-crypto-group)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 349
Crypto Group config commands 7 service Crypto Group config commands Invokes service commands used troubleshoot or debug (config-crypto-isakmp) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters cli Displays the CLI tree of current mode Example RFController(config-crypto-group)#service show cli Crypto Client Config mode: +-clrscr [clrscr] +-dns +-A.B.C.D [dns A.B.C.
PAGE 350
7 Crypto Group config commands show Crypto Group config commands Displays current system information running on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller: - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - static
PAGE 351
Crypto Group config commands mac mac-address-table mac-name management mobility ntp password-encryption port-channel port privilege protocol-list radius redundancy role rtls running-config securitymgr sessions smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users version virtual-ip wireless wlan-acl wwan 7 Internet Protocol (IP) Display MAC address table Displays the configured MAC Names Display L3 Managment Interface nam
PAGE 352
7 Crypto Group config commands wins Crypto Group config commands Specifies the Windows Internet Naming Service (WINS) servers to assign to a client Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax wins Parameters The first WINS server address to assign Example RFController(config-crypto-group)#wins 128.2.11.
PAGE 353
Chapter 8 Crypto-peer Instance In this chapter • Crypto Peer config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 The (config-crypto-peer) instance to configure ISAKMP peers. To enter this instance, use the command: RFController(config)#crypto isakmp peer [address|dn|hostname] RFController(config-crypto-peer)# Crypto Peer config commands Table 8 summarizes the config-crypto-peer commands TABLE 8 Crypto Peer Command Summary Command Description Ref.
PAGE 354
8 Crypto Peer config commands clrscr Crypto Peer config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-crypto-peer)#clrscr RFController(config-crypto-peer) 352 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 355
Crypto Peer config commands 8 end Crypto Peer config commands Ends and exits the current mode and moves to the PRIV EXEC mode.
PAGE 356
8 Crypto Peer config commands exit Crypto Peer config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 357
Crypto Peer config commands 8 help Crypto Peer config commands Accesses the system’s interactive help system Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-crypto-peer)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 358
8 Crypto Peer config commands no Crypto Peer config commands Negates a command or sets it’s defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no set aggressive-mode password Parameters See set command for parameters details Example RFController(config-crypto-peer)#no set aggrerssive-mode password RFController(config-crypto-peer)# 356 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931
PAGE 359
Crypto Peer config commands 8 service Crypto Peer config commands Invokes service commands to troubleshoot or debug the (config-crypto-peer) instance configuration.
PAGE 360
8 Crypto Peer config commands set Crypto Peer config commands Configures the aggressive-mode of config-crypto-peer Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax set aggressive-mode password [0 |2 | ] Parameters aggressive-mode password [0 |2 | Defines aggressive mode attributes password – Specifies a tunnel-password attribute • 0 – Password
PAGE 361
Crypto Peer config commands 8 show Crypto Peer config commands Displays current system information running on the controller Supported in the following platforms: Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller: - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000
PAGE 362
8 Crypto Peer config commands logging mac mac-address-table mac-name management mobility ntp password-encryption port port-channel privilege protocol-list radius role redundancy rtls running-config securitymgr service-list smtp-notifications sessions snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone upgrade-status users version virtual-ip wireless wlan-acl wwan Show logging configuration and buffer Internet Protocol (IP) Display MAC address table Displays the configured
PAGE 363
Chapter 9 Crypto-ipsec Instance In this chapter • Crypto IPSec config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Use the (config-crypto-ipsec) instance to define the transform configuration for securing data (esp-3des, esp-sha-hmac etc.).
PAGE 364
9 Crypto IPSec config commands end Crypto IPSec config commands Ends and exits the current mode and moves to the PRIV EXEC mode.
PAGE 365
Crypto IPSec config commands 9 exit Crypto IPSec config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 366
9 Crypto IPSec config commands help Crypto IPSec config commands Accesses the system’s interactive help system Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-crypto-peer)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 367
Crypto IPSec config commands 9 mode Crypto IPSec config commands Configures the IPSec mode of operation Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax mode [transport|tunnel] Parameters transport Transport mode tunnel Tunnel mode Example RFController(config-crypto-ipsec)#mode transport RFController(config-crypto-ipsec)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 365
PAGE 368
9 Crypto IPSec config commands no Crypto IPSec config commands Negates a command or sets it’s defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no mode Parameters mode Sets default to tunnel mode.
PAGE 369
Crypto IPSec config commands 9 show Crypto IPSec config commands Use this command to view current system information running on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller: - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-
PAGE 370
9 Crypto IPSec config commands ntp password-encryption port port-channel privilege protocol-list radius role redundancy rtls running-config securitymgr service-list smtp-notifications sessions snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone upgrade-status users version virtual-ip wireless wlan-acl wwan Network time protocol password encryption Physical/Aggregate port interface Portchannel commands Show current privilege level List of protocols RADIUS configuration com
PAGE 371
Crypto IPSec config commands 9 service Crypto IPSec config commands Invokes service commands to troubleshoot or debug the (config-crypto-peer) instance configuration Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters cli Displays the CLI tree of current mode Example RFController(config-crypto-ipsec)#service show cli Crypto Ipsec Config mode: +-help [help] +-show +-commands [show commands] +-
PAGE 372
9 370 Crypto IPSec config commands Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 373
Chapter 10 Crypto-map Instance In this chapter • Crypto Map config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 The (config-crypto-map) commands define a Certificate Authority (CA) trustpoint. This is a separate instance, but belongs to the crypto pki trustpoint mode under the config instance.
PAGE 374
10 Crypto Map config commands clrscr Crypto Map config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-crypto-map)#clrscr RFController(config-crypto-map)# 372 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 375
Crypto Map config commands 10 end Crypto Map config commands Ends and exits the current mode and moves to the to PRIV EXEC mode.
PAGE 376
10 Crypto Map config commands exit Crypto Map config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 377
Crypto Map config commands 10 help Crypto Map config commands Displays the system’s interactive help system Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-crypto-map)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 378
10 Crypto Map config commands match Crypto Map config commands Use this command to assign an IP access-list to a crypto map definition. The access-list designates the IP packets to be encrypted by this crypto map. A crypto map entry is a single policy that describes how certain traffic is secured. There are two types of crypto map entries: ipsec-manual and ipsec-ike entries. Each entry is given an index (used to sort the ordered list).
PAGE 379
Crypto Map config commands 10 (config-ext-nacl)#exit RFController(config)#crypto map TestMap 220 isakmp dynamic RFController(config-crypto-map)# RFController(config-crypto-map)#match address TestMap RFController(config-crypto-map)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 377
PAGE 380
10 Crypto Map config commands no Crypto Map config commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [match|set] Parameters Use the commands configured under this instance.
PAGE 381
Crypto Map config commands 10 service Crypto Map config commands Invokes service commands to troubleshoot or debug the (config-crypto-peer) instance configuration Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters cli Displays the CLI tree of the current mode Example RFController(config-crypto-map)#service show cli Crypto Map Config mode: +-clrscr [clrscr] +-do +-LINE [do LINE] +-end [end] +
PAGE 382
10 Crypto Map config commands set Crypto Map config commands Configures set parameters for the peer device Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax set [localid|mode|peer|pfs|remote-type {ipsec-l2tp|xauth}| security-association|session-key|transform-set) set localid [dn|hostname] set pfs [1|2|5] set mode [aggressive|main] set security-association [level|lifetime] set security-association level perhost set
PAGE 383
Crypto Map config commands 10 Parameters localid [dn|hostname] mode [aggressive|main] Sets the local identity dn – Defines the distinguished dn name hostname – Sets the hostname • – The distinguished name or hostname • • Sets the mode of the tunnels for this Crypto Map aggressive – Initiates aggressive mode main – Initiates main mode • • peer [ipaddress| Sets the IP address of the peer device. This can be set for multiple remote peers.
PAGE 384
10 Crypto Map config commands session-key [inbound|outbound] {ah|esp} <256-4294967295> cipher Use the set session-key command to define the encryption and authentication keys for this crypto map • inbound [ah|esp] – Defines encryption keys for inbound traffic • outbound [ah|esp] – Defines encryption keys for outbound traffic For information on how to create a key for authentication and encryption, refer Usage Guideline in Global Configuration commands under crypto on page 233.
PAGE 385
Crypto Map config commands 10 Crypto map entries do not directly contain the transform configuration for securing data. Instead, the crypto map is associated with transform sets which contain specific security algorithms. If a transform-set is not configured for a crypto map, the entry is incomplete and has no effect. For manual key crypto maps, only one transform set can be specified.
PAGE 386
10 Crypto Map config commands show Crypto Map config commands Displays current system information running on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller: - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - static-ch
PAGE 387
Crypto Map config commands mobility ntp password-encryption port port-channel privilege protocol-list radius role redundancy rtls running-config securitymgr service-list smtp-notifications sessions snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone upgrade-status users version virtual-ip wireless wlan-acl wwan 10 Display Mobility parameters Network time protocol password encryption Physical/Aggregate port interface Portchannel commands Show current privilege level List o
PAGE 388
10 386 Crypto Map config commands Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 389
Chapter 11 Crypto-trustpoint Instance In this chapter • Trustpoint (PKI) config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 The (config-crypto-trustpoint)commands define a Certificate Authority (CA) trustpoint. This is a separate instance, but belongs to the crypto pki trustpoint mode under the config instance.
PAGE 390
11 Trustpoint (PKI) config commands clrscr Trustpoint (PKI) config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-trustpoint)#clrscr RFController(config-trustpoint)# 388 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 391
Trustpoint (PKI) config commands 11 company-name Trustpoint (PKI) config commands Sets the company name (Applicable only for request) Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax company-name Parameters Company name (2 to 64 characters) Example RFController(config-trustpoint)#company-name RetailKing RFController(config-trustpoint)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI R
PAGE 392
11 Trustpoint (PKI) config commands email Trustpoint (PKI) config commands Sets the e-mail ID for the trustpoint Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax email Parameters Sets email address (2 to 64 characters) for the trustpoint Example RFController(config-trustpoint)#email abcTestemailID@brocade.
PAGE 393
Trustpoint (PKI) config commands 11 end Trustpoint (PKI) config commands Ends and exits the current mode and moves to the PRIV EXEC mode.
PAGE 394
11 Trustpoint (PKI) config commands exit Trustpoint (PKI) config commands Ends the current mode and moves to previous the mode (GLOBAL-CONFIG).
PAGE 395
Trustpoint (PKI) config commands 11 fqdn Trustpoint (PKI) config commands Configures the domain name of the trustpoint (FQDN stands for Fully Qualified Domain Name) Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax fqdn Parameters The fully qualified domain name (between 9 and 64 characters long) Example RFController(config-trustpoint)#fqdn RetailKing.
PAGE 396
11 Trustpoint (PKI) config commands help Trustpoint (PKI) config commands Displays the systems interactive help system Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-trustpoint)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 397
Trustpoint (PKI) config commands 11 ip-address Trustpoint (PKI) config commands Sets an IP address for the trustpoint Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ip-address Parameters Enter the IP address for the trustpoint Example RFController(config-trustpoint)#ip-address 157.200.200.
PAGE 398
11 Trustpoint (PKI) config commands no Trustpoint (PKI) config commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [company-name|email|fqdn|ip-address|subject-name] Parameters None.
PAGE 399
Trustpoint (PKI) config commands 11 password Trustpoint (PKI) config commands Sets the challenge password (applicable only for requests) to access the trustpoint Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax password [0|2|] Parameters 0 Password is specified as unencrypted, the password should be between 4 to 20 characters 2 Password is enc
PAGE 400
11 Trustpoint (PKI) config commands rsakeypair Trustpoint (PKI) config commands Configures a RSA Keypair to associate with the trustpoint Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax rsakeypair Parameters RSA Keypair Identifier Usage Guidelines The RSA key pair configures the controller to have Rivest, Shamir, and Adelman (RSA) key pairs.
PAGE 401
Trustpoint (PKI) config commands 11 service Trustpoint (PKI) config commands Invokes service commands to troubleshoot or debug the crypto pki trustpoint instance configuration Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters None Example RFController(config-trustpoint)#service show cli Trustpoint Config mode: +-clrscr [clrscr] +-company-name +-WORD [company-name WORD] +-do +-LINE [do LINE] +
PAGE 402
11 Trustpoint (PKI) config commands show Trustpoint (PKI) config commands Displays current system information running on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller: - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel
PAGE 403
Trustpoint (PKI) config commands mobility ntp password-encryption port port-channel privilege protocol-list radius redundancy role rtls running-config securitymgr sessions smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group service-list terminal traffic-shape timezone upgrade-status users version virtual-ip wireless wlan-acl wwan 11 Display Mobility parameters Network time protocol password encryption Physical/Aggregate port interface Portchannel commands Show current pri
PAGE 404
11 Trustpoint (PKI) config commands subject-name Trustpoint (PKI) config commands Creates a subject name to configure a trustpoint (the subject name is a collection of required parameters to configure a trustpoint) Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax subject-name Parameters Name of this set of parameters for configuring trust points The 2
PAGE 405
Chapter 12 Interface Instance In this chapter • Interface config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 Use the (config-if) instance to configure the interfaces – Ethernet, VLAN and tunnel associated with the controller.
PAGE 406
12 Interface config commands TABLE 12 404 Interface Config Commands Command Description Ref.
PAGE 407
Interface config commands 12 clrscr Interface config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-if)#clrscr RFController(config-if)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 405
PAGE 408
12 Interface config commands crypto Interface config commands Sets the encryption module to use for this interface Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax crypto map Parameters map Assigns a Crypto Map • – Crypto Map tag Usage Guidelines At any given instance you can add one crypto mapset to an single interface.
PAGE 409
Interface config commands 12 description Interface config commands Creates an interface specific description Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax description Parameters Defines the characters describing this interface Example RFController(config-if)#description "interface for RetailKing" RFController(config-if)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
PAGE 410
12 Interface config commands duplex Interface config commands Specifies the duplex mode for the interface NOTE Duplexity can only be set for an Ethernet Interface.
PAGE 411
Interface config commands 12 end Interface config commands Ends and exits the current mode and moves to the PRIV EXEC mode.
PAGE 412
12 Interface config commands exit Interface config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 413
Interface config commands 12 help Interface config commands Displays the system’s interactive help Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-if)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 414
12 Interface config commands ip Interface config commands Sets the IP address for the assigned Fast Ethernet interface (ME) and VLAN Interface Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ip [access-group|address|arp|dhcp|helper-address|nat] ip access-group [<1-99>|<100-199>|<1300-1999>| <2000-2699>|WORD in] ip arp [rate-limit|trust] ip dhcp trust ip address [ {secondary}|dhcp] ip helper-address ip nat
PAGE 415
Interface config commands 12 Parameters access-group Defines the access group • <1-99> – Sets the IP standard access list • <100-199> – Sets the IP extended access list • <1300-1999> – Sets the IP standard access list (expanded range) • <2000-2699> – Sets the IP extended access list (expanded range) • WORD in – Defines the access list name • in – Sets incoming packets ip address [ {secondary}|dhcp] Sets a static IP address and network mask for a Layer 3 SVI (Controller Virtual Interface) •
PAGE 416
12 Interface config commands Creating helper address using DHCP server Follow the steps below to create a helper address on VLAN 2000 for using a DHCP server on VLAN 1000: RFController(config)#interface vlan 1000 RFController(config-if)#ip address 172.168.100.1/24 RFController(config-if)#interface vlan 2000 RFController(config-if)#ip address 172.168.200.1/24 RFController(config-if)#ip helper-address 172.168.100.
PAGE 417
Interface config commands 12 mac Interface config commands Applies a MAC access list (ACL) to Gigabit Ethernet interface NOTE The access list cannot be applied on a management interface (me1).
PAGE 418
12 Interface config commands management Interface config commands Sets the selected interface as management interface. It can only be used on a VLANx interface. The TFTP/FTP server providing the controller its config file at startup must be accessible via this interface. VLAN 1 is the default management interface for the controller.
PAGE 419
Interface config commands 12 no Interface config commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller: - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - static-channel-group Syntax no [cryp
PAGE 420
12 Interface config commands port-channel Interface config commands Selects the load-balance criteria of an aggregated port Supported in the following platforms: • Mobility RFS7000 Controller • Mobility RFS4000 Controller NOTE This command is not supported on the Mobility RFS6000 Controller.
PAGE 421
Interface config commands 12 3. Select the other interface required for port aggregation and associate the static channel group to it. RFController(config)#interface ge 2 RFController(config-if)#static-channel-group 1 4. Execute show static-channel-group and ensure the virtual static aggregation sa 1 has been created and associated with ge 2. Both ge 1 and ge 2 are now aggregated and ready for use. 5.
PAGE 422
12 Interface config commands power Interface config commands Invokes PoE commands to configure PoE power limit and priority for a port. By default the value for a GE port is set to low. Power is applied in order of priority, power overlaods are removed in reverse order of priority.
PAGE 423
Interface config commands 12 service Interface config commands Invokes service commands to troubleshoot or debug the (config-if) instance configuration.
PAGE 424
12 Interface config commands show Interface config commands Displays current system information running on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller: - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - static-chan
PAGE 425
Interface config commands mac-name management mobility ntp password-encryption port-channel privilege protocol-list radius redundancy role rtls running-config securitymgr service-list sessions snmp snmp-server smtp-notification spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users version wireless wlan-acl wwan 12 Displays the configured MAC names Display L3 Managment Interface name Display Mobility parameters Network time protocol password encryption Port
PAGE 426
12 Interface config commands shutdown Interface config commands Disables the selected interface, the interface is administratively enabled unless explicitly disabled using this command Displays current system information running on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax shutdown Parameters None Example RFController(config-if)#shutdown RFController(config-if)# 424 Brocade Mobility RFS4000, RFS
PAGE 427
Interface config commands 12 spanning-tree Interface config commands Configures spanning tree parameters Displays current system information running on the controller.
PAGE 428
12 Interface config commands Parameters bpdufilter [disable|enable] Use this command to set a portfast BPDU filter for the port. Use the no parameter with this command to revert the port BPDU filter to default. The spanning tree protocol sends BPDUs from all ports. Enabling the BPDU filter ensures PortFastenabled ports do not transmit or receive BPDUs. bpduguard [disable|enable] Use this command to enable or disable the BPDU guard feature on a port.
PAGE 429
Interface config commands 12 RFController(config-if)#spanning-tree guard root RFController(config-if)# RFController(config-if)#spanning-tree link-type point-to-point RFController(config-if)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 427
PAGE 430
12 Interface config commands speed Interface config commands Specifies the speed of a fast-ethernet (10/100) or a gigabit-ethernet port (10/100/1000) Displays current system information running on the controller.
PAGE 431
Interface config commands 12 static-channel-group Interface config commands Adds an interface to a static channel group Displays current system information running on the controller. Supported in the following platforms: • Mobility RFS7000 Controller • Mobility RFS4000 Controller NOTE The Mobility RFS6000 Controller does not support this command.
PAGE 432
12 Interface config commands controllerport Interface config commands Sets controller mode characteristics for the selected interface.
PAGE 433
Interface config commands 12 Parameters access vlan <1-4094> Configures the access vlan of an access-mode port • vlan <1-4094> – Sets the vlan when interface is in access mode mode [access|trunk] Sets the mode of the interface to access or trunk mode (can only be used on physical (layer2) interfaces) • access – If access mode is selected, the access vlan is automatically set to vlan1. In this mode, only untagged packets in the access vlan (vlan1) are accepted on this port.
PAGE 434
12 Interface config commands storm-control Interface config commands Sets storm-control for broadcasting Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax storm-control [bcast|mcast|ucast] rate-limit <1-1000000> Parameters bcast rate-limit <1-1000000> • Configures storm-control of broadcast packets.
PAGE 435
Interface config commands 12 tunneling Interface config commands Sets protocol-over protocol tunneling. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax tunnel [destination |source |ttls <1-255>] Parameters destination source ttl<1-255> Destination of the tunnel packet. • – Specifies the IP address of the destination. Source of tunnel packets.
PAGE 436
12 434 Interface config commands Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 437
Chapter 13 Spanning tree-mst Instance In this chapter • mst config commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 Use the (config-mst) instance to configure the controllers Multi Spanning Tree Protocol (MSTP) configuration.
PAGE 438
13 mst config commands clrscr mst config commands Clears the display Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-mst)#clrscr RFController(config-mst)# 436 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 439
mst config commands 13 end mst config commands Ends and exits the current mode and moves to the PRIV EXEC mode.
PAGE 440
13 mst config commands exit mst config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 441
mst config commands 13 help mst config commands Displays the system’s interactive help system Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-mst)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
PAGE 442
13 mst config commands instance mst config commands Associates VLAN(s) with an instance Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax instance <1-15> vlan Parameters <1-15> Defines the instance ID to which the VLAN is associated vlan Sets the VLAN ID for its association with an instance Usage Guidelines MSTP works based on instances.
PAGE 443
mst config commands 13 name mst config commands Sets the name for the MST region Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax name Parameters Sets MST region name Example RFController(config-mst)#name MyRegion RFController(config-mst)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 441
PAGE 444
13 mst config commands no mst config commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [instance|name|revision] Parameters instance Sets the MST Instance • vlan – Delete the association of vlan with this instance • – List of vlan IDs name Assigns a name to the MST region revision Defines the revision number for configuration information Usage Guidelines
PAGE 445
mst config commands 13 revision mst config commands Sets the revision number of the MST bridge Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax revision <0-255> Parameters revision <0-255> Defines the revision number for configuration information Example RFController(config-mst)#revision 20 RFController(config-mst)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 443
PAGE 446
13 mst config commands service mst config commands Invokes service commands needed to troubleshoot or debug (config-if) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters None Example RFController(config-mst)#service show cli MSTI configuration mode: +-clrscr [clrscr] +-end [end] +-exit [exit] +-help [help] +-instance +-<1-15> [instance <1-15>] +-vlan +-VLAN_ID [instanc
PAGE 447
mst config commands 13 +-<1300-1999> [show access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)] +-<2000-2699> [show access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)] +-WORD [show access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)] +-aclstats +-vlan +-<1-4094> [show aclstats ( vlan <1-4094> )]................. ................................................................... ...................................................................
PAGE 448
13 mst config commands show mst config commands Displays current system information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller: - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - static-channel-group Syntax show Par
PAGE 449
mst config commands 13 mobility ntp password-encryption port port-channel privilege radius redundancy role rtls running-config securitymgr sessions snmp smtp-notification snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users Display Mobility parameters Network time protocol password encryption Physical/Aggregate port interface Portchannel commands Show current privilege level RADIUS configuration commands Display redundancy group parameters Con
PAGE 450
13 448 mst config commands Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 451
Chapter 14 Extended ACL Instance In this chapter • Extended ACL config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449 • Configuring IP Extended ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469 The Extended ACL instance (config-ext-nacl) is used to manage the extended Access Control List entries associated with the controller.
PAGE 452
14 Extended ACL config commands clrscr Extended ACL config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-ext-nacl)#clrscr RFController(config-ext-nacl)# 450 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 453
Extended ACL config commands 14 deny Extended ACL config commands Specifies packets to reject Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax deny [icmp|ip|tcp|upd|proto] deny icmp [|any|host ] [|any|host ] { {}} {log} {rule-precedence <1-5000>} deny ip [|any|host ] [|any|host ] {log} {rule-precedence <1-5000>} deny [tcp|u
PAGE 454
14 Extended ACL config commands Parameters deny ip [|any|ho st ][|any| host ] {log} {rule-precedence <1-5000>} Use with a deny command to reject IP packets • • • • • • • • deny icmp [|any|ho st ] [|any|host ] { {}} {log} {rule-precedence <1-5000>} 452 deny – Sets the action type on an ACL ip – Specifies an IP (to match to a protocol) |any|host – The keyword is the source
PAGE 455
Extended ACL config commands deny [tcp|udp] [|any|ho st ] {eq |range } []{eq } {range } {log} {rule-precedence <1-5000>} 14 Use with the deny command to reject TCP or UDP packets deny – Rejects TCP or UDP packets tcp|udp – Specifies TCP or UDP as the protocol |any|host – The source is the source IP address of the network or hos
PAGE 456
14 Extended ACL config commands RFController(config-ext-nacl)#deny ip 192.168.2.0/24 192.168.1.0/24 RFController(config-ext-nacl)#permit ip any any RFController(config-ext-nacl)# Example - denying TCP based traffic The following example denies TCP traffic with a source port range between 20 - 23 (from the source subnet to destination subnet): RFController(config-ext-nacl)#deny tcp range 20 23 192.168.1.0/24 192.168.2.
PAGE 457
Extended ACL config commands 14 end Extended ACL config commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to RFController# Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax end Parameters None Example RFController(config-ext-nacl)#end RFController# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 455
PAGE 458
14 Extended ACL config commands exit Extended ACL config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 459
Extended ACL config commands 14 help Extended ACL config commands Displays the system’s interactive help system Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-ext-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 460
14 Extended ACL config commands mark Extended ACL config commands Specifies packets to mark Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax mark [8021p|dscp|tos] mark [8021p |dscp |tos ] [icmp|ip|tcp|udp] mark [8021p |dscp |tos ] icmp [|any|host ] [|any|host ] { {<
PAGE 461
Extended ACL config commands 14 Parameters 8021p Sets the 802.1p VLAN user priority value to (0-7). dscp Sets the Differentiated Services Code Point code-point value to (0-63) tos Sets the TOS value to . The least significant two bits of the must be 0.
PAGE 462
14 Extended ACL config commands [tcp|udp] Use with the mark command to mark TCP or UDP packets [|any|ho • deny – Rejects TCP or UDP packets st ] {eq • tcp|udp – Specifies TCP or UDP as the protocol |range • |any|host – The source is the source IP address of the network or host (in dotted decimal } format). The source-mask is the network mask. For example, [
PAGE 463
Extended ACL config commands 14 Example - marking dot1p on TCP based traffic The example below marks the dot1p priority value in the ethernet header to 5 on all TCP traffic coming from the source subnet: RFController(config-ext-nacl)# mark 8021p 6 udp 192.168.2.
PAGE 464
14 Extended ACL config commands no Extended ACL config commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [deny|mark|permit] Parameters deny Specifies packets to reject mark Specifies packets to mark permit Specifies packets to forward Usage Guidelines Removes an access list control entry. Provide the rule-precedence value when using the no command.
PAGE 465
Extended ACL config commands 14 permit Extended ACL config commands Permits specific packets. NOTE ACLs do not allow DHCP messages to flow by default. Configure an Access Control Entry (ACE) to allow DHCP messages to flow through. RFController(config-ext-nacl)#permit ip xxx.xxx.xxx.xxx/x 192.168.2.0/24 RFController(config-ext-nacl)#permit ip any host xxx.xxx.xxx.
PAGE 466
14 Extended ACL config commands Parameters permit ip [|any|ho st ] [|any|host ] {log} {rule-precedence <1-5000>} Use with a permit command to allow IP packets • • • • • • • • permit icmp [|any|ho st ] [|any| host ] { {}} {log} {rule-precedence <1-5000>]} 464 deny – Sets the action type on an ACL IP – Specifies an IP (to match to a protocol) |any|host – The keyword is the
PAGE 467
Extended ACL config commands permit [tcp|udp] [|any|ho st ] {eq |range } [] {eq } {range } {log} {rule-precedence <1-5000>} 14 Use with the permit command to allow TCP or UDP packets deny – Rejects TCP or UDP packets tcp|udp – Specifies TCP or UDP as the protocol |any|host – The source is the source IP address of the network or
PAGE 468
14 Extended ACL config commands RFController(config-ext-nacl)#permit ip 192.168.1.10/24 192.168.2.0/24 rule-precedence 40 RFController(config-ext-nacl)# Permitting Telnet based traffic The example below permits Telnet traffic from the source subnet and the destination subnet and denies all other traffic over an interface: RFController(config-ext-nacl)#permit tcp 192.168.4.0/24 192.168.5.
PAGE 469
Extended ACL config commands 14 service Extended ACL config commands Invokes service commands to troubleshoot or debug the (config-if) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters None Example RFController(config-ext-nacl)#service show cli Extended ACL Config mode: +-clrscr [clrscr] +-deny +-icmp +-A.B.C.D/M +-A.B.C.
PAGE 470
14 Extended ACL config commands show Extended ACL config commands Displays current system information running on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller: - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - stati
PAGE 471
Configuring IP Extended ACL 14 management mobility ntp password-encryption port-channel privilege radius redundancy role rtls running-config securitymgr service-list sessions smtp-notifications snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users Display L3 Managment Interface name Display Mobility parameters Network time protocol password encryption Portchannel commands Show current privilege level RADIUS configuration commands Display r
PAGE 472
14 Configuring IP Extended ACL 1. To configure a numbered IP Extended ACL: RFController(config)#access-list 2 deny ip host 1.2.3.4 any rule-precedence 10 RFController(config)#access-list 2 permit tcp any host 2.3.4.5 eq 80 rule-precedence 20 RFController(config)#access-list 2 deny icmp any host 2.3.4.5 rule-precedence 30 2. To configure named IP Extended ACL: RFController(config)#ip access-list extended ipextacl RFController(config-ext-nacl)#deny ip host 1.2.3.
PAGE 473
Chapter 15 Standard ACL Instance In this chapter • Standard ACL config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471 • Use case: configuring IP standard ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485 The Standard ACL instance (config-std-acl) is used to manage the standard Access Control List entries associated with the controller.
PAGE 474
15 Standard ACL config commands clrscr Standard ACL config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-std-nacl)#clrscr RFController(config-std-nacl)# 472 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 475
Standard ACL config commands 15 deny Standard ACL config commands Specifies packets to reject Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax deny [|any|host ] {log} {rule-precedence <1-5000>} Parameters [|any|ho st ] {log} {rule-precedence <1-5000>} Use with a deny command to reject packets • • • • • |any|host – The keyword is the source IP
PAGE 476
15 Standard ACL config commands Example - denying traffic only from source network The example below denies traffic from the source network (xxx.xxx.1.0/24) and allows all other traffic to flow through the interface: RFController(config-std-nacl)#deny xxx.xxx.1.
PAGE 477
Standard ACL config commands 15 end Standard ACL config commands Ends and exits from the current mode and moves to the PRIV EXEC mode.
PAGE 478
15 Standard ACL config commands exit Standard ACL config commands Ends the current mode and moves to previous mode (GLOBAL-CONFIG).
PAGE 479
Standard ACL config commands 15 help Standard ACL config commands Displays the system’s interactive help in HTML format Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-std-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 480
15 Standard ACL config commands mark Standard ACL config commands Specifies packets to mark Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax mark [8021p|dscp|tos] mark 8021p mark dscp mark tos [|any|host ] {log} {rule-precedence <1-5000>} Parameters 8021p Sets the 802.
PAGE 481
Standard ACL config commands 15 NOTE The log option is functional only for router ACLs. The log option results in an informational logging message about the packet matching the entry sent to the console. Marking tos for Source Network Traffic The example below marks the type of service (TOS) value to 254 for all traffic coming from the source network: RFController(config)#access-list 3 mark tos 254 xxx.xxx.3.
PAGE 482
15 Standard ACL config commands no Standard ACL config commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [deny|mark|permit] Negates all the syntax combinations used in deny, mark and permit designations.
PAGE 483
Standard ACL config commands 15 permit Standard ACL config commands Specifies packet to forward Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax permit [|any|host ] {log} {rule-precedence <1-5000>} Parameters [| any|host ] {log} {rule-precedence <1-5000>} Use with a permit command to allow packets • • • • • |any|host – The keyword is the sourc
PAGE 484
15 Standard ACL config commands Permitting Traffic from source network The example below permits traffic from the source network and provides a log message: RFController(config-std-nacl)#permit xxx.xxx.1.
PAGE 485
Standard ACL config commands 15 service Standard ACL config commands Invokes service commands to troubleshoot or debug (config-if) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters cli Displays the CLI tree of the current mode Example RFController(config-std-nacl)#service show cli Standard ACL Config mode: +-clrscr [clrscr] +-deny +-A.B.C.
PAGE 486
15 Standard ACL config commands show Standard ACL config commands Displays current system information running on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller: - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - stati
PAGE 487
15 Use case: configuring IP standard ACL mobility Display Mobility parameters ntp Network time protocol password-encryption password encryption port Physical/Aggregate port interface port-channel Portchannel commands privilege Show current privilege level protocol-list List of protocols radius RADIUS configuration commands redundancy Display redundancy group parameters rtls Real Time Locating System commands role Configure role parameters running-config Current Operating configuration securitymgr Security
PAGE 488
15 486 Use case: configuring IP standard ACL Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 489
Chapter 16 Extended MAC ACL Instance In this chapter • MAC Extended ACL config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487 • Configuring MAC Extended ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 Use the (config-ext-macl) instance to configure mac access-list extended ACLs.
PAGE 490
16 MAC Extended ACL config commands clrscr MAC Extended ACL config commands Clears the display screens Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-ext-macl)#clrscr RFController(config-ext-macl)# 488 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 491
MAC Extended ACL config commands 16 deny MAC Extended ACL config commands Specifies packets to reject NOTE Use a decimal value representation of ethertypes to implement a permit/deny/mark designation for a packet. The command set for Extended MAC ACLs provide the hexadecimal values for each listed ethertype. The controller supports all ethertypes. Use the decimal equivalent of the ethertype listed for any other ethertype.
PAGE 492
16 MAC Extended ACL config commands Parameters deny [|any|host ] [|any| host ] {[dot1p| rule-precedence|type|vlan]} Define a source and destination MAC address and Mask specifying the bits to match. The source and destination wildcards can be any one of the following: • [|any|host ]– Source MAC address and mask in the format xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx • any – Any source host • host – Exact source MAC address to match dot1p <0-7> Determine a 802.
PAGE 493
MAC Extended ACL config commands 16 RFController(config-ext-macl)#deny any host 00:01:ae:00:22:11 RFController(config-ext-macl)# Example - denying dot1q tagged traffic The MAC ACL (in the example below) denies dot1q tagged traffic from VLAN interface 5: RFController(config-ext-macl)#deny any any vlan 5 type 8021q RFController(config-ext-macl)# Example - denying traffic between two MAC based hosts The example below denies traffic between two hosts based on MAC addresses: RFController(config-ext-macl)#den
PAGE 494
16 MAC Extended ACL config commands end MAC Extended ACL config commands Ends and exits the current mode and moves to the PRIV EXEC mode.
PAGE 495
MAC Extended ACL config commands 16 exit MAC Extended ACL config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 496
16 MAC Extended ACL config commands help MAC Extended ACL config commands Displays the system’s interactive help (in HTML format) Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-ext-macl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 497
MAC Extended ACL config commands 16 mark MAC Extended ACL config commands Specifies the packet to mark NOTE Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. An Extended MAC ACL provides the hexadecimal values for each listed ethertype. The controller supports all ethertypes. Use the decimal equivalent of the ethertype listed in the CLI or any other type of ethertype.
PAGE 498
16 MAC Extended ACL config commands Parameters 8021p<0-7> Modifies the 802.1p VLAN user priority xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx Source MAC address and mask • any – Any source host • host – Exact source MAC address to match • tos<0-255> Modifies the TOS bits in an IP header • xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx Destination MAC address and mask • any – Any destination host • host – Exact destination MAC address to match mark [ |any|host] Specifies the bits to match.
PAGE 499
MAC Extended ACL config commands 16 Example - marking tos for IP traffic The example below marks the tos field to 254 for IP traffic coming from the source MAC : RFController(config-ext-macl)#mark tos 254 host 00:33:44:55:66:77 any type ip RFController(config-ext-macl)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 497
PAGE 500
16 MAC Extended ACL config commands no MAC Extended ACL config commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [deny|mark|permit] Negates all the syntax combinations used in deny, mark and permit designations to configure the Extended ACL Parameters deny Specifies packets to reject mark Specifies packets to mark permit Specifies packets to forward Example RFCont
PAGE 501
MAC Extended ACL config commands 16 permit MAC Extended ACL config commands Specifies packets to forward NOTE Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. An Extended MAC ACL provides the hexadecimal values for each listed ethertype. The controller supports all ethertypes. Use the decimal equivalent of the ethertype listed in the CLI or any other type of ethertype.
PAGE 502
16 MAC Extended ACL config commands Parameters permit [|any|host ] Specifies the bits to match. The source wildcard can be any one of the following: • xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx Source MAC address and mask • any – Uses any source host • host – Defines the MAC address to match permit [|any|host ] { {}} Bit mask specifying the bits to match.
PAGE 503
MAC Extended ACL config commands 16 The controller (by default) does not allow layer 2 traffic to pass through the interface. To adopt an access point through an interface, configure an access control list to allow an ethernet WISP. .v NOTE To apply an IP based ACL to an interface, a MAC access list entry to allow ARP is mandatory. A MAC ACL always takes precedence over IP based ACLs. The last ACE in the access list is an implicit deny statement.
PAGE 504
16 MAC Extended ACL config commands service MAC Extended ACL config commands Invokes service commands to troubleshoot or debug (config-if) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters show cli Displays running system information Example RFController(config-ext-macl)#service show cli MAC Extended ACL Config mode: +-clrscr [clrscr] +-deny +-XX:XX:XX:XX:XX:XX/XX:XX
PAGE 505
MAC Extended ACL config commands 16 RFController(config-ext-macl)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 503
PAGE 506
16 MAC Extended ACL config commands show MAC Extended ACL config commands Displays current system information running on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller: - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel
PAGE 507
Configuring MAC Extended ACL licenses logging mac mac-address-table mac-name management mobility ntp password-encryption port-channel protocol-list privilege radius redundancy rtls role running-config securitymgr service-list sessions mtp-notofication snmp snmp-server spanning-tree startup-config static-channel-group terminal traffic-shape timezone upgrade-status users version virtual-ip wireless wlan-acl 16 Show any installed licenses Show logging configuration and buffer Internet Protocol (IP) Display
PAGE 508
16 Configuring MAC Extended ACL RFController(config)#mac access-list extended macextacl RFController(config-ext-macl)#permit 00:a0:f8:00:00:00 ff:ff:ff:00:00:00 any rule-precedence 10 RFController(config-ext-macl)#deny any any type arp rule-precedence 20 RFController(config-ext-macl)#deny any any vlan 23 rule-precedence 30 506 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 509
Chapter 17 DHCP Server Instance In this chapter • DHCP Config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 • Configuring the DHCP server using controller CLI. . . . . . . . . . . . . . . . . . . . 537 Use the (config-dhcp) instance to configure the DHCP server address pool associated with the controller. To move to this instance, use the command.
PAGE 510
17 DHCP Config commands TABLE 17 508 DHCP Config Commands Command Description Ref.
PAGE 511
DHCP Config commands 17 address DHCP Config commands Specifies a range of addresses for the DHCP network pool Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax address range Parameters range Adds an address range for the DHCP server low IP address – Defines the first IP address in the address range • high IP address – Defines the last IP address in t
PAGE 512
17 DHCP Config commands bootfile DHCP Config commands Assigns a bootfile name for the DHCP configuration on the network pool Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax bootfile Parameters bootfile Sets the boot image for BOOTP clients. The file name can contain letters, numbers, dots and hyphens. Consecutive dots and hyphens are not permitted.
PAGE 513
DHCP Config commands 17 class DHCP Config commands Associates a DHCP class with a pool This command is used in Step 4 of Creating a DHCP User Class. The CLI prompt moves to a sub-instance(config-dhcp-class).The configuration mode changes from (config-dhcp)# class to (config-dhcp-class). Refer to config-dhcp-class on page 512 for a (config-dhcp-class) command summary.
PAGE 514
17 DHCP Config commands RFController(config-dhcp-class)#address range 11.22.33.44 config-dhcp-class Use (config-dhcp)# class to enter the (config-dhcp-class) instance. Use this instance to set an address range for a DHCP user class within a DHCP server address pool. Table 18 summarizes config-dhcp-class commands.
PAGE 515
DHCP Config commands 17 client-identifier DHCP Config commands Assigns a name to the client-identifier A client identifier is used to reserve an IP address for a DHCP client. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax client-identifier Parameters client-identifier Prepends a null character.
PAGE 516
17 DHCP Config commands client-name DHCP Config commands Adds name for DHCP clients Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax client-name Parameters client-name Use client-name to add a client name (the domain name must not be included) Example RFController(config-dhcp)#client-name testpc RFController(config-dhcp)# 514 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931
PAGE 517
DHCP Config commands 17 clrscr DHCP Config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-dhcp)#clrscr RFController(config-dhcp)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 515
PAGE 518
17 DHCP Config commands ddns DHCP Config commands Sets dynamic DNS parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ddns [domainname|multiple-user-class|server|ttl] ddns ddns ddns ddns domainname multiple-user-class server ttl <1-864000> Parameters domainname Sets the domain name used for DDNS updates multiple-user-class Enables the multiple user class option server Spe
PAGE 519
DHCP Config commands 17 default-router DHCP Config commands Configures the default router or gateway IP address for the network pool. To remove the default router list, use the no default-router command.
PAGE 520
17 DHCP Config commands dns-server DHCP Config commands Sets the DNS server’s IP address available to all DHCP clients connected to the pool. Use the no dns-server command to remove the DNS server list. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax dns-server Parameters dns-server Configures the DNS server’s IP address – Sets the server's IP address. Up to 8 IPs can be set.
PAGE 521
DHCP Config commands 17 domain-name DHCP Config commands Sets the domain name for the network pool. Use the no domain-name command to remove the domain name. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax domain-name Parameters domain-name Defines the domain name for the network pool Usage Guidelines The domain name cannot exceed 256 characters.
PAGE 522
17 DHCP Config commands end DHCP Config commands Exits the current mode and moves to the PRIV EXEC mode.
PAGE 523
DHCP Config commands 17 exit DHCP Config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 524
17 DHCP Config commands hardware-address DHCP Config commands Reserves an IP address (manually) based on a DHCP client’s hardware address. Use the no hardware-address command to remove this from the DHCP pool. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax hardware-address {[ethernet|token-ring]} Parameters hardware-address {ethernet|token-ring} Sets the client's hardware address to .
PAGE 525
DHCP Config commands 17 help DHCP Config commands Displays the system’s interactive help in HTML format Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-dhcp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 526
17 DHCP Config commands host DHCP Config commands Defines a fixed IP address for the host in dotted decimal format Use the no host command to remove the host from the DHCP pool.
PAGE 527
DHCP Config commands 17 lease DHCP Config commands Sets a valid lease time for the IP address used by DHCP clients in the network pool Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax lease [{<0-365> <0-23> <0-59>}|infinite] Parameters lease [ {<0-365> <0-23> <0-59>} |infinite] Sets the lease time for an IP address <0-365> –Sets the lease period in days.
PAGE 528
17 DHCP Config commands RFController(config)#show running-config include-factory .......................................... ip dhcp pool Test4lease lease 1 0 0 no domain-name no bootfile no dns-server no default-router no next-server no netbios-name-server no netbios-node-type no unicast-enable no update dns no ddns domainname no ddns ttl no ddns multiple-user-class host 3.33.33.3 client-name test4lease client-identifier tested4lease no hardware-address ..........................................
PAGE 529
DHCP Config commands 17 netbios-name-server DHCP Config commands Sets the netbios-name server’s IP address Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax netbios-name-server Parameters netbios-name-server Defines the NetBIOS (WINS) name server – Sets the NetBIOS name server's IP address • Example RFController(config-dhcp)#netbios-name-server 2.2.2.
PAGE 530
17 DHCP Config commands netbios-node-type DHCP Config commands Defines the netbios-node type Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax netbios-node-type [b-node|h-node|m-node|p-node] Parameters netbios-node-type [b-node | h-node | m-node | p-node] Defines the NetBIOS (WINS) name servers • b-node – Broadcast node • h-node – Hybrid node • m-node – Mixed node • p-node – Peer-to-peer node Example RFController(conf
PAGE 531
DHCP Config commands 17 network DHCP Config commands Sets the network pool’s IP address This address maps the current DHCP pool with a specific network.
PAGE 532
17 DHCP Config commands next-server DHCP Config commands Sets the IP address of the next server in the boot process Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax next-server Parameters next-server Sets the next server in boot process – Defines the server's IP address • Example RFController(config-dhcp)#next-server 2.2.2.
PAGE 533
DHCP Config commands 17 no DHCP Config commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [address|bootfile|class|client-identifier|client-name| ddns|default-router|dns-server|domain-name|hardware-address| host|lease|netbios-name-server|netbios-node-type|network| next-server|option|update|unicast-table] Parameters The no command negates any command associated with it.
PAGE 534
17 DHCP Config commands option DHCP Config commands Defines the DHCP option used in DHCP pools Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax option [|] Parameters option name [| ] Sets raw DHCP options – Sets the name of the DHCP option • – Sets the IP value of the DHCP option • – Sets the ASCII value of the DHCP option • Usage Guide
PAGE 535
DHCP Config commands 17 service DHCP Config commands Invokes service commands to troubleshoot or debug (config-dhcp) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters show cli Displays the CLI tree of the current mode Example RFController(config-dhcp)#service show cli DHCP Server Config mode: +-address +-range +-A.B.C.D [address range A.B.C.D ( A.B.C.D |)] +-A.B.C.
PAGE 536
17 DHCP Config commands show DHCP Config commands Displays current system information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller: - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - static-channel-group Syntax show P
PAGE 537
DHCP Config commands mobility ntp password-encryption port port-channel privilege protocol-list radius redundancy rtls role running-config securitymgr service-list sessions smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users version virtual-ip wireless wlan-acl 17 Display Mobility parameters Network time protocol password encryption Physical/Aggregate port interface Portchannel commands Show current privilege level List
PAGE 538
17 DHCP Config commands update DHCP Config commands Controls the usage of the DDNS service Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax update dns override Parameters update dns override Controls the usage of the DDNS service dns override – Dynamic DNS Configuration • override – Enable Dynamic Updates by onboard DHCP Server • Usage Guidelines A DHCP client cannot perform updates for RR’s A, TXT and PTR.
PAGE 539
Configuring the DHCP server using controller CLI 17 unitcast-enable DHCP Config commands Enables unicast for DHCP offer and DHCP Ack Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax unicast-enable Parameters None Example RFController(config-dhcp)#unicast-enable RFController(config-dhcp)# Configuring the DHCP server using controller CLI The controller DHCP configuration is conducted by creating pools and mapping them
PAGE 540
17 Configuring the DHCP server using controller CLI Creating network pool To create a network pool: 1. Create a DHCP server dynamic address pool. RFController(config)#ip dhcp pool test 2. Map the DHCP pool to the network pool. RFController(config-dhcp)#network 192.168.0.0/24 3. Add the address range for the dynamic pool. RFController(config-dhcp)#address range 192.168.0.30 192.168.0.60 4. Assign a domain name (as appropriate) to this dynamic pool. RFController(config-dhcp)#domain-name test.com 5.
PAGE 541
Configuring the DHCP server using controller CLI 17 Creating a Host Pool To create a host pool: 1. Create a DHCP server host address pool. RFController(config)#ip dhcp pool hostpool 2. Assign the client name of the host for which static allocation is required. RFController(config-dhcp)#client-name linuxbox 3. Assign an IP address for the host. RFController(config-dhcp)#host 192.168.0.50 4. Configure the hardware address of the host. RFController(config-dhcp)#hardware 00:a0:f8:6f:6b:88 5.
PAGE 542
17 Configuring the DHCP server using controller CLI Troubleshooting DHCP Configuration 1. The DHCP Server is disabled by default. Use the following command to enable the DHCP Server: RFController(config)#service dhcp This command administratively enables the DHCP server. If the DHCP configuration is incomplete, it is possible the DHCP server will be disabled even after the execution of this command. 2. Use the network command to map the network pool to interface. network 192.168.0.
PAGE 543
Configuring the DHCP server using controller CLI 17 • client-name (For example, client-name "MailUsers") • client-identifier (For example, client-identifier "aabb:ccdd") • hardware-address (For example, hardware-address “aa:bb:cc:dd:ee:ff”) 9. A pool can be configured either as the host pool or network pool, but not both. 10. A host pool can have either client-identifier or hardware-address configured, but not both. 11. An excluded address range has a higher precedence than an included address range.
PAGE 544
17 Configuring the DHCP server using controller CLI Creating a DHCP Option To create a DHCP option: 1. To create a non standard option named “tftp-server”. RFController(config)#ip dhcp option tftp-server 183 ip 2. Enter the DHCP pool —”test”. RFController(config)#ip dhcp pool test 3. Assign a value to the DHCP option configured above. RFController(config-dhcp)#option tftp-server 192.168.0.100 4. Exit the DHCP instance.
PAGE 545
Chapter 18 DHCP Class Instance In this chapter • DHCP Server Class config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543 Use the (config-dhcpclass) instance to configure DHCP user classes. The controller supports a maximum of 8 user classes per DHCP class. To navigate to this instance use the command: RFController(config)#ip dhcp class RFController(config-dhcpclass)# Refer to ip on page 412 and DHCP Config commands on page 507 for other DHCP related configurations.
PAGE 546
18 DHCP Server Class config commands clrscr DHCP Server Class config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-dhcpclass)#clrscr RFController(config-dhcpclass)# 544 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 547
DHCP Server Class config commands 18 end DHCP Server Class config commands Ends and exits the current mode and moves to the PRIV EXEC mode.
PAGE 548
18 DHCP Server Class config commands exit DHCP Server Class config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 549
DHCP Server Class config commands 18 help DHCP Server Class config commands Displays the system’s interactive help in HTML format Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-dhcpclass)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 550
18 DHCP Server Class config commands multiple-user-class DHCP Server Class config commands Enables the multiple-user-class option Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax multiple-user-class Parameters None Example RFController(config-dhcpclass)#multiple-user-class RFController(config-dhcpclass)# 548 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 551
DHCP Server Class config commands 18 no DHCP Server Class config commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [multiple-user-class|option] np option user-class Parameters multiple-user-class Disables the multiple user class option option user-class Modifies the parameters of existing DHCP server options • user-class – Conf
PAGE 552
18 DHCP Server Class config commands option DHCP Server Class config commands Specifies a value for DHCP user class options Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax option user-class Parameters user-class Creates/modifies DHCP server user class options • – ASCII value of user-class option Example RFController(config-dhcpclass)#option user-class MC800 RFController(config
PAGE 553
DHCP Server Class config commands 18 service DHCP Server Class config commands Invokes service commands to troubleshoot or debug (config-if) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters None Example RFController(config-dhcpclass)#service show cli DHCP Server Class Config mode: +-clrscr [clrscr] +-do +-LINE [do LINE] +-end [end] +-exit [exit] +-help [help] +-multip
PAGE 554
18 DHCP Server Class config commands show DHCP Server Class config commands Displays current system information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - static-channel-group S
PAGE 555
DHCP Server Class config commands mobility ntp password-encryption port port-channel privilege protocol-list radius redundancy rtls role running-config securitymgr service-list sessions smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users version virtual-ip wireless wlan-acl 18 Display Mobility parameters Network time protocol password encryption Physical/Aggregate port interface Portchannel commands Show current privile
PAGE 556
18 554 DHCP Server Class config commands Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 557
Chapter 19 Radius Server Instance In this chapter • Radius configuration commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555 Use the (config-radsrv) instance to configure local RADIUS server parameters. Local (Onboard) RADIUS server commands are listed under this mode.
PAGE 558
19 Radius configuration commands TABLE 20 556 RADIUS Server Command Summary Command Description Ref.
PAGE 559
Radius configuration commands 19 authentication Radius configuration commands Configures the authentication scheme used with the RADIUS server Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax authentication [data-source|eap-auth-type] authentication data-source [ldap|local] authentication eap-auth-type [all|peap-gtc| peap-mschapv2|tls|ttls-md5|ttls-mschapv2|ttls-pap] Parameters authentication data-source [ldap|local]
PAGE 560
19 Radius configuration commands ca Radius configuration commands Configures CA (Certificate Authority) parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ca trust-point Parameters trust-point Defines the trustpoint configuration – Displays the existing trustpoint name • Usage Guidelines Configures the trustpoint used by the local RADIUS server.
PAGE 561
Radius configuration commands 19 clrscr Radius configuration commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-radsrv)#clrscr RFController(config-radsrv)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 559
PAGE 562
19 Radius configuration commands crl-check Radius configuration commands Enables a Certificate Revocation List (CRL) check To enable the certificate revocation list, ensure the crl list is loaded using a crypto pki import crl command. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax crl-check enable Parameters enable Enables the CRL check Usage Guidelines TLS uses certificates for authentication.
PAGE 563
Radius configuration commands 19 end Radius configuration commands Ends and exits the current mode and moves to the PRIV EXEC mode.
PAGE 564
19 Radius configuration commands exit Radius configuration commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 565
Radius configuration commands 19 group Radius configuration commands Configures RADIUS user groups The CLI moves to the config-radsrv-group sub-instance to create a new group. The prompt changes from RFController(config-radsrv)# to RFController(config-radsrv-group)# Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Table 21 summarizes the RADIUS user group commands within the (config-radsrv-group) sub-instance.
PAGE 566
19 Radius configuration commands end group Ends and exits the current mode and changes to the PRIV EXEC mode. The prompt changes to RFController# Syntax end Parameters None Example RFController(config-radsrv-group)#end RFController# exit group Ends the current mode and moves to the previous mode (config-radsrv)). The prompt changes to RFController(config)#.
PAGE 567
Radius configuration commands 19 guest-group group Manages a guest user linked with a hotspot. Create a guest-user and associate it with the guest-group. The guest-user and the policies of the guest group are used for hotspot authentication/authorization. Syntax guest-group enable Parameters guest-group enable Defines this group as a guest group Usage Guidelines Creates a guest group. The guest user created using rad-user can only be part of the guest group.
PAGE 568
19 Radius configuration commands no group Use this command to negate a command or set its defaults Syntax no no no no [policy|rad-user|rate-limit] policy [day|time|vlan|wlan] policy wlan [<1-256>|all] <1-256> rate-limit [wired-to-wireless|wireless-to-wired] Parameters policy [day|time|vlan| wlan] rad-user [|all] rate-limit [wired-to-wireless| wireless-to-wired] Defines the RADIUS group access policy configuration day – Resets the access policy (days of permitted access) for this group • time –
PAGE 569
Radius configuration commands 19 Sets the authorization policies for a particular group (like day/time of access, WLANs allowed etc.). NOTE A user-based VLAN is effective only if dynamic VLAN authorization is enabled for the WLAN (as defined within the WLAN Configuration screen).
PAGE 570
19 Radius configuration commands rad-user Radius configuration commands Adds an existing RADIUS user to this group. If the RADIUS user is not available in the Onboard RADIUS server’s database, create a new RADIUS user using the rad-user command from within the (config-radsrv) mode. For more information, see rad-user on page 580. NOTE It is strictly recommended to set hotspot simultaneous-users to 1 for corresponding WLAN as guest user is being assigned access-duration.
PAGE 571
Radius configuration commands 19 RFController(config-radsrv-group)# service Radius configuration commands Invokes RADIUS service commands (if they have been stopped). This command enables the RADIUS server. A RADIUS restart is executed only from the config mode.
PAGE 572
19 Radius configuration commands arpi autoinstall banner boot clock commands crypto debugging dhcp environment espi file firewall ftp history interfaces ip ldap licenses logging mac mac-name mac-address-table management mobility ntp password-encryption power privilege radius redundancy redundancy-history role securitymgr sessions smtp-notifications snmp snmp-server sole ARPI Configuration autoinstall configuration Display Message of the Day Login banner Display boot configuration.
PAGE 573
Radius configuration commands 19 Example–creating a group The (config-radsrv-group) sub-instance is explained in the example below: 1. Create a group called Sales in the local RADIUS server database. RFController(config-radsrv)#group sales 2. Check the RADIUS user group’s configuration. RFController(config-radsrv-group)#? RADIUS user group configuration commands: 3. Use a policy command to configure group policies for the group created in Step 1.
PAGE 574
19 Radius configuration commands 9. Save the changes and restart the RADIUS server. RFController(config-radsrv)#service radius restart Mar 07 17:48:04 2010: %PM-5-PROCSTOP: Process "radiusd" has been stopped Mar 07 17:48:05 2010: RADCONF: radius config files generated successfully RFController(config-radsrv)#Mar 07 17:48:05 2010: %DAEMON-6-INFO: radiusd[8830]: Ready to process requests.
PAGE 575
Radius configuration commands 19 help Radius configuration commands Displays the system’s interactive help in HTML format Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-radsrv)#help? help Description of the interactive help system RFController(config-radsrv)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 576
19 Radius configuration commands ldap-server Radius configuration commands Sets the LDAP server configuration It uses the existing external database (active directory with the onboard RADIUS server) instead of the local database on the controller.
PAGE 577
Radius configuration commands 19 Parameters ldap-server primary host port <1-65535> login bind-dn base-dn passwd {| |} passwd-attr group-attr group-filter group-membership net-timeout <1-10> Sets the primary LDAP server’s configuration host < IP> – Sets the LDAP server’s IP configuration • – Defines the LDAP server IP address • port – Enter t
PAGE 578
19 Radius configuration commands Example RFController(config)#ldap-server primary host xxx.xxx.x.
PAGE 579
Radius configuration commands 19 nas Radius configuration commands Sets the configuration of the RADIUS client Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax nas key [0|2|] Parameters Sets the RADIUS client’s IP address [0|2|] Sets the RADIUS client’s shared key • 0 – Defines the Password as UNENCRYPTED • 2 – Password is encrypted with password-encryption secret •
PAGE 580
19 Radius configuration commands no Radius configuration commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [authentication|ca|crl-check|group|ldap-server|nas|proxy| rad-user|server] Parameters None Example RFController(config-radsrv)#no authentication data-source RFController(config-radsrv)# RFController(config-radsrv)#no ca trust-point RFController(config-radsrv)# 578
PAGE 581
Radius configuration commands 19 proxy Radius configuration commands Configures a proxy RADIUS server based on the realm/suffix Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax proxy [realm|retry-count|retry-delay] proxy realm server port <1024-65535> secret{||} Parameters realm server port <1024-65535> secret {|| } • • • The realm na
PAGE 582
19 Radius configuration commands rad-user Radius configuration commands Sets RADIUS user parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax rad-user rad-user [access|password|privilege] rad-user access [console|ssh|telnet|web] rad-user password [0|2 |] group guest expiry-time expiry-date start-time start-d
PAGE 583
Radius configuration commands 19 Parameters [access|console|ssh |telnet|web>] password [0|2|] group guest expiry-time expiry-date start-time start-date ] access-duration <30-35791390> privilege [helpdesk|monitor| nwadmin|superuser| sysadmin|webadmin] Enter a user name up to 64 characters in length access [console|ssh|telnet|web>] – Set management user access mode • console – Only allowed from console • ssh – Only allowe
PAGE 584
19 Radius configuration commands Example RFController(config-radsrv)#rad-user TestRadUser password "I SPY U" RFController(config-radsrv)# RFController(config-radsrv)#rad-user guest1 password 0 password1 group guest-group guest expiry-time 12:12 expiry-date 05:12:2010 start-time 12:12 start-date 05:11:2010 RFController(config-radsrv)# 582 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 585
Radius configuration commands 19 server Radius configuration commands Configures server certificate parameters used by a RADIUS server The server certificate is a part of a trustpoint created using crypto on page 233.
PAGE 586
19 Radius configuration commands service Radius configuration commands Invokes the service commands to troubleshoot or debug the (config-radsrv) instance configuration This command is also used to enable the RADIUS server.
PAGE 587
Radius configuration commands 19 show Radius configuration commands Displays current system information running on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - stat
PAGE 588
19 Radius configuration commands mobility ntp password-encryption port port-channel privilege protocol-list radius redundancy rtls role running-config securitymgr service-list sessions smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users Display Mobility parameters Network time protocol password encryption Physical/Aggregate port interface Portchannel commands Show current privilege level List of protocols RADIUS configu
PAGE 589
Radius configuration commands 19 ldap-group-verification Radius configuration commands Displays ldap group verification settings Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ldap-group-verification [disable|enable] Parameters ldap-group-verification [disable|enable] Displays ldap group verification settings disable – Disables group verification enable – Enables group verification • • Example RFController(config-
PAGE 590
19 588 Radius configuration commands Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 591
Chapter 20 Wireless Instance In this chapter • Wireless configuration commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589 Use the (config-wireless) instance to configure local RADIUS server parameters associated with the controller. To navigate to this instance, use the command from the Global Config mode.
PAGE 592
20 Wireless configuration commands TABLE 22 590 Wireless Configuration Commands Command Description Ref. broadcast-tx-speed Sets the rate at which broadcast and multicast traffic is transmitted page 611 client Defines the wireless client configuration page 612 clrscr Clears the display screen page 615 cluster-master-support Changes settings for cluster master support.
PAGE 593
Wireless configuration commands TABLE 22 20 Wireless Configuration Commands Command Description Ref.
PAGE 594
20 Wireless configuration commands aap Wireless configuration commands Defines the AAP configuration Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The number of AAPs supported differ from controller to controller.
PAGE 595
Wireless configuration commands 20 Parameters aap-version [br7131] auto-upgrade enable config-apply [def-delay|mesh-delay] <30-10000> fwupdate [<1-256>| |ip-address|location|mode password|stagger-count| unadopted|username] Enables version number br7131 • – Configures minimum ap version required for adoption. A firm version string in the format X.X.X.
PAGE 596
20 Wireless configuration commands admission-control Wireless configuration commands Enable admission control for voice traffic across all radios Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax admission-control voice enable Parameters voice enable Enables admission control for voice on all radios. Usage Guidelines Use {no} admission-control voice enable to disable Admission Control for voice or video on all radios.
PAGE 597
Wireless configuration commands 20 adopt-unconf-radio Wireless configuration commands Adopts a radio (even if not yet configured). Default templates are used for configuring the adopted radio Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax adopt-unconf-radio enable Parameters None Usage Guidelines Use the {no} adopt-unconf-radio command to switch off adopting unconfigured radios.
PAGE 598
20 Wireless configuration commands adoption-pref-id Wireless configuration commands Preference identifier for the controller All radios configured with this preference identifier are more likely to be adopted by this controller.
PAGE 599
Wireless configuration commands 20 ap Wireless configuration commands Defines the name, location and other parameters of access points Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ap [<1-256>||] [ABG Scan|aap-log-storage|aap-admin-passwd| ||adoption-policy| |aap-ipfilter-list|aap-lan1-ipf-rules |aap-lan1-trunking|aap-syslog-srvr|country-code|lan-acl|location|name|radio-c onfig|secure-mode||secure-
PAGE 600
20 Wireless configuration commands ap aap-ipfilter-list ap aap-lan1-ipf-rules [in|out] {<1-20>|} ap aap-lan1-trunking [disable|enable mgmt-vlan-id <1-4094> native-vlan-id <1-4094> native-tagging [tagged|untagged]] ap radio-config [2-4-wlan-5-0-wlan|2-4-wlan-5-0-wlan-sensor| 2-4-wlan-only|2-4-wlan-sensor|5-0-wlan-only| 5-0-wlan-sensor|all-radios-off|sensor-only] 598 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Re
PAGE 601
Wireless configuration commands 20 Parameters <1-256> Sets a single AP index. Use the show wireless ap command to [ABG view the AP’s index value.
PAGE 602
20 Wireless configuration commands • aap-lan1-trunking [disable|enable] – Configures trunking on LAN1 of AAP • disable – Disables trunking on AAP LAN 1 inerface • enable mgt-valn-id – Enables trunking on AAP LAN 1 inerface • mgmt-vlan-id <1-4094> native -vlan-id – Configures management VLAN ID on AAP between 1 and 4094 • native-vlan-id <1-4094> native-tagging – Configures native VLAN ID on AAP between 1 and 4094 • native-tagging [tagged|untagged] – Configures native VLAN tagging on AAP between 1 and 4094
PAGE 603
Wireless configuration commands 20 Example RFController(config-wireless)#ap 00-15-70-14-FE-C4 location 5th Floor SalesUnit RFController(config-wireless)#ap 1 location SJ NewPark RFController(config-wireless)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 601
PAGE 604
20 Wireless configuration commands ap-containment Wireless configuration commands Sets the rogue AP containment parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ap-containment [add |enable|interval ) Parameters add Adds an AP’s MAC Address into the rogue AP containment list. enable Enables the Rogue AP Containment feature.
PAGE 605
Wireless configuration commands 20 ap-detection Wireless configuration commands Configures access point detection parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ap-detection ap-detection ap-detection ap-detection ap-detection ap-detection [add|detect-wired-rouge|enable| mu-assisted-scan|timeout] add [authorized|ignored] [|any] |any] detect-wired-rouge enable enable mu-assisted-scan [
PAGE 606
20 Wireless configuration commands ap-image Wireless configuration commands Defines the path to upload the new image over an AP Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ap-image [br300-ids-sensor|br300-wisp|br300-wispe|br650-wispe| br7131] Parameters [br300-ids-sensor| br300-wisp| br300-wispe| br300-wispe| |br7131] The interface to upload new AP image.
PAGE 607
Wireless configuration commands 20 ap-ip Wireless configuration commands Modifies the static IP address for an access point Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ap-ip [|default-ap] ap-ip [static-ip|controller-ip] ap-ip static-ip ap-ip controller-ip [add | delete [|]||set-default] ap-ip default-ap controller-ip
PAGE 608
20 Wireless configuration commands RFController(config-wireless)# RFController(config-wireless)#ap-ip default-ap controller-ip set-default RFController(config-wireless)# 606 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 609
Wireless configuration commands 20 ap-standby-attempts-threshold Wireless configuration commands Sets the number of attempts after which the standby controller starts adopting APs. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ap-standby-attempts-threshold Parameters Sets the number of attempts to in the range 5–200.
PAGE 610
20 Wireless configuration commands ap-timeout Wireless configuration commands Changes the default inactivity timeout for access points Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ap-timeout Parameters • • – Access-points identified by a single index or by a list of indices.
PAGE 611
Wireless configuration commands 20 ap-udp-port Wireless configuration commands Configures the UDP port for layer 3 adoption of APs You also need to configure the DHCP server providing the APs the same parameter. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ap-udp-port Parameters Sets the port number for layer 3 adoption of APs. is a value in the range 1-65535.
PAGE 612
20 Wireless configuration commands auto-select-channels Wireless configuration commands Specifies a list of channels that will be used when automatic channel scan (ACS) and dynamic frequency selection (DFS) Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax auto-select-channels [11a|11bg] [| add |remove ] Parameters [11a|11bg] [| add | remove
PAGE 613
Wireless configuration commands 20 broadcast-tx-speed Wireless configuration commands Configure the rate at which broadcast and multicast traffic is transmitted between the controller and wireless client Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax broadcast-tx-speed [range|throughput] Parameters range Uses a lowest basic rate, but provides the maximum range (default) throughput Uses a highest basic rate, but pr
PAGE 614
20 Wireless configuration commands client Wireless configuration commands Use this command to configure a wireless client This command creates an exclude-list or include list. Creating a list moves the user to a new mode config-wireless-client-list. Refer section config-wireless-client-list commands on page 613 for (config-wireless-client-list) command summary.
PAGE 615
Wireless configuration commands RFController(config-wireless)# RFController(config-wireless)# RFController(config-wireless)# RFController(config-wireless)# • Enable NAC for a WLAN. wlan wlan wlan wlan 1 1 1 1 nac-server nac-server nac-server nac-server 20 primary 192.168.0.1 primary secret 0 testing secondary 192.168.1.1 secondary secret 0 testing123 RFController(config-wireless)# wlan 1 nac-mode do-nac-except-exclude-list • Undo a configuration.
PAGE 616
20 Wireless configuration commands Parameters [|] Defines an index for this host entry in the client list. The host station name must be of size 1-21 characters. • –Sets the Client mac address in AA-BB-CC-DD-EE-FF or AA:BB:CC:DD:EE:FF or AABB.CCDD.EEFF format. • – Sets the Client MAC address and mask in AA-BB-CC-DD-EE-FF or AA:BB:CC:DD:EE:FF or AABB.CCDD.EEFF format.
PAGE 617
Wireless configuration commands 20 clrscr Wireless configuration commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-wireless)#clrscr RFController(config-wireless)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 615
PAGE 618
20 Wireless configuration commands cluster-master-support Wireless configuration commands Sets the parameters for cluster master support This is required for cluster level functions. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax cluster-master-support enable Parameters enable Enables the cluster master support. This is required for cluster level functions.
PAGE 619
Wireless configuration commands 20 convert-ap Wireless configuration commands Changes the mode of operation of an AP to either sensor or standalone Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The number of APs supported by convert-ap command differs for each controller.
PAGE 620
20 Wireless configuration commands 1. Use sensor command to setup the sensor. RFController(config-wireless)#sensor default-config ? ip-mode configure the IP address mode of the sensors wips-server-ip specify IP addresses of the WIPS server Select either ip-mode or wips-server-ip as the sensor parameter. 2. Specify the VLAN over which the sensors are available. This will help the controller detect them. RFController(config-wireless)#sensor vlan 10 3.
PAGE 621
Wireless configuration commands 20 country-code Wireless configuration commands Sets the country of operation All existing radio configurations will be erased Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax country-code Parameters Configures the controller to operate in a defined country. is the 2 letter ISO-3166 country code.
PAGE 622
20 Wireless configuration commands debug Wireless configuration commands Debugging functions for the controller (wireless) Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax debug cc [access-point|all|alt|ap-containment|ap-detect| capwap|cluster|config|dot11|eap|ids|kerberos|l3-mob|loc-ap| loc-client|media|wireless-client|radio|radius|self-heal|smart|snmp| system|wips|wisp|wlan] {debug|err|info|warn} 620 Brocade Mobilit
PAGE 623
Wireless configuration commands 20 Parameters access-point Sets the parameters for the access-point logs all Sets the parameters for all the modules alt Sets the parameters for the address lookup logs ap-containment Sets the parameters for the ap-containment logs ap-detect Sets the parameters for the Rogue AP detection logs capwap Sets the parameters for the CAPWAP logs cluster Sets the parameters for the cluster related logs config Sets the parameters for the configuration change logs dot
PAGE 624
20 Wireless configuration commands ap-containment ap-detect capwap cluster config dot11 eap ids kerberos l3-mob loc-ap loc-client media wireless-client radio radius self-heal smart snmp system wips wisp wlan rogue AP containment logs rogue AP detection logs capwap logs cluster related logs configuration change logs datapath logs 802.
PAGE 625
Wireless configuration commands 20 dhcp-one-portal-forward Wireless configuration commands Enables the option to forward DHCP responses to one portal when the destination wireless-client is known from the response content Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax dhcp-one-portal-forward enable Parameters enable Enables the option to forward DHCP responses to one portal when the destination wireless-client is kn
PAGE 626
20 Wireless configuration commands dhcp-sniff-state Wireless configuration commands Records wireless client DHCP state information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax dhcp-sniff-state enable Parameters enable Allows support for recording DHCP state information for wireless clients Use the {no} dhcp-sniff-state enable command to disable recording wireless client DHCP state information.
PAGE 627
Wireless configuration commands 20 dot11-shared-key-auth Wireless configuration commands Enables support for 802.11 shared key authentication NOTE Shared key authentication has known weaknesses that can compromise your WEP key. It should only be configured to accommodate wireless stations unable to carry out Open-System authentication.
PAGE 628
20 Wireless configuration commands end Wireless configuration commands Ends and exits the current mode and changes to the PRIV EXEC mode.
PAGE 629
Wireless configuration commands 20 exit Wireless configuration commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 630
20 Wireless configuration commands fix-broadcast-dhcp-rsp Wireless configuration commands Converts broadcast DHCP server responses to unicast Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax fix-broadcast-dhcp-rsp enable Parameters enable Enables support for converting broadcast DHCP server responses to unicast Usage Guidelines Use the {no} fix-broadcast-dhcp-rsp enable command to disable converting broadcast DHCP se
PAGE 631
Wireless configuration commands 20 help Wireless configuration commands Displays the system’s interactive help (in HTML format) Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-wireless)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 632
20 Wireless configuration commands hotspot Wireless configuration commands Configures the WLAN hotspot configuration This overrides or adds to the existing hotspot configuration on the WLAN. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax hotspot query [ap-mac|mu-mac||ssid|mu-ip|controller-ip|controller-name|user-string] Parameters The index of this query in the query list.
PAGE 633
Wireless configuration commands 20 load-balance Wireless configuration commands Configures the user load balance mode Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax load-balance [by-count|by-throughput] Parameters by-count In load balance by user count, the load on the radio is measured by the number of clients associated. The desired balance is to have equal number of clients on the radios in the group.
PAGE 634
20 Wireless configuration commands mac-auth-local Wireless configuration commands Configures the local MAC authentication list Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax mac-auth-local <1-1000> [allow|deny|rate-limit] mac-auth-local <1-1000> [allow|deny] [|not-mapped] {| zone [<1-48>|default|unknown]} mac-auth-local <1-1000> rate-limit [wired-to-wireless|wireless-to-wi
PAGE 635
Wireless configuration commands 20 Parameters <1-1000> Sets the mac-auth-local entry index to a value between 1 and 1000. allow Allows wireless clients that match this rule to associate. deny Denies association to wireless clients that match this rule. rate-limit Sets the rate limit value for this ACL entry. Starting MAC address in AA-BB-CC-DD-EE-FF or AA:BB:CC:DD:EE:FF format. Ending MAC address in AA-BB-CC-DD-EE-FF or AA:BB:CC:DD:EE:FF format.
PAGE 636
20 Wireless configuration commands manual-wlan-mapping Wireless configuration commands Manually maps WLANs configured on a radio Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax manual-wlan-mapping enable Parameters enable Enables support for manual WLAN mapping. Usage Guidelines Use the {no} manual-wlan-mapping enable command to disable manual mapping of WLANs configured on a radio.
PAGE 637
Wireless configuration commands 20 wireless-client Wireless configuration commands Configures wireless client related parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax wireless-client [association-history|probe-history] wireless-client association-history [enable|clear] wireless-client probe-history [enable|add <1-200> ] Parameters association-history [enable|clear] probe-history [enable|add <1-200>
PAGE 638
20 Wireless configuration commands mobility Wireless configuration commands Sets mobility parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax mobility [enable|local-address|max-roam-period|peer] mobility enable mobility local-address mobility max-roam-period <1-300> mobililty peer Parameters enable local-address Enables mobility globally Sets the local address for mobility – IP address in A
PAGE 639
Wireless configuration commands 20 multicast-packet-limit Wireless configuration commands Sets a multicast packet limit, per second, for a VLAN. This limits the broadcast/multicast packets per VLAN. The default value is 32 broadcast/multicast packets per second. Setting the limit to 0 disables this control.
PAGE 640
20 Wireless configuration commands multicast-throttle-watermark Wireless configuration commands Configures watermarks for supporting bursts of broadcast/multicast frames Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax multicast-throttle-watermarks low <0-100> high <0-100> Parameters low <0-100> Sets the low water-mark.
PAGE 641
Wireless configuration commands 20 nas-id Wireless configuration commands Configures the NAS ID to be sent to the RADIUS server Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax nas-id To override nas-id on a per WLAN basis: wlan <1-4098> nas-id Parameters A character string to be used as the NAS ID. Can be up to 256 characters long.
PAGE 642
20 Wireless configuration commands nas-port-id Wireless configuration commands Configures the NAS port ID that must be sent to the RADIUS server Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax nas-port-id Parameters The port ID to be sent to the RADIUS server.
PAGE 643
Wireless configuration commands 20 no Wireless configuration commands Negates a command or sets its defaults. All the parameters mentioned in the syntax can be negated using the no command.
PAGE 644
20 Wireless configuration commands proxy-arp Wireless configuration commands Responds to ARP requests from the RON to the WLAN on behalf of wireless clients Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax proxy-arp enable Parameters enable Enables the support for proxy arp Usage Guidelines Use the no proxy-arp enable command to disable.
PAGE 645
Wireless configuration commands 20 qos-mapping Wireless configuration commands Configures QoS mappings between the wired and wireless domains Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax qos-mapping [wired-to-wireless|wireless-to-wired] qos-mapping wired-to-wireless [dot1p <0-7>|dscp <0-63>] [<0-7>|tid0|tid1|tid2|tid3|tid4|tid5|tid6|tid7] qos-mapping wireless-to-wired [tid0|tid1|tid2|tid3|tid4|tid5|tid6|tid7] dot1p
PAGE 646
20 Wireless configuration commands radio Wireless configuration commands Sets radio related parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The radios group-id range differs from controller to controller.
PAGE 647
Wireless configuration commands 20 radio <1-4096> amsdu [rx-limit|tx-enable] [<3839>|<7935>] radio <1-4096> antenna-mode [diversity|mimo|primary| secondary] radio radio radio radio radio radio radio radio <1-4096> <1-4096> <1-4096> <1-4096> <1-4096> <1-4096> <1-4096> <1-4096> bss [<1-4>|add-wlans|auto] base-bridge [enable|max-clients <1-12>] beacon-interval <50-200> bridge-fwd-delay <4-30> bridge-hello <1-10> bridge-max-ageout <4-3600> bridge-msg-age <6-40> bridge-priority <0-65535> radio <1
PAGE 648
20 Wireless configuration commands radio <1-4096> rss enable radio <1-4096> rts-threshold <0-2346> radio <1-4096> run-acs radio <1-4096> self-heal-offset <0-30> radio <1-4096> short-gi enable radio <1-4096> short-preamble radio <1-4096> speed [1|11|12|18|2|24|36|48|54|5p5|6|9| basic1|basic11|basic11a|basic11an|basic11b1|basic11b2| basic11bg|basic11bgn|basic11g|basic11gn|basic11n| basic12|basic18|basic2|basic24|basic36|basic48|basic54| basic5p5|basic6|basic9|default|range|throughput] radio <1-4096> timeout
PAGE 649
Wireless configuration commands 20 radio add <1-4096> [11a|11an|11b|11bg|11bgn] {[aap5131|aap5181|ap300|ap650|aap7131|aap7181|ap100|ap4131]} radio antenna-mode [diversity|mimo|primary|secondary] radio configure-8021X {} radio radio radio radio radio dns-name {} lldp [hold-time|mode|refresh-interval] lldp hold-time <4-10> lldp mode disable lldp refresh-interval <30-32768> Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 647
PAGE 650
20 Wireless configuration commands Parameters <1-4096> Defines a single radio index. Creates a list (1,3,7) or range (3-7) of radio indices. add <1-4096> [11a|11an|11b|11bg| 11bgn] [br5181|br300| br7131]} Adds the specified radio to the radio list at index specified for the value in the range 1-4096. • [11a|11an|11b|11bg|11bgn] – The radio type • [br5181|br300|br7131] – Optional. The radio model. The options available will depend on the radio type selected.
PAGE 651
Wireless configuration commands 20 The following is the list of parameters for the radio <1-4096>, radio [all-11a|all-11an|all-11b|all-11bg|all-11bgn|default-11a||default-11an|defau lt-11b|default-11bg|default-11bgn] commands. admission-control voice [max-clients <0-256>| max-perc <0-100>| max-roamed-clients <0-256>| res-roam-perc <0-100>] Sets the admission control parameters for voice. The following options are configured: • max-clients <0-256> – Configure the maximum number of clients to be admitted.
PAGE 652
20 650 Wireless configuration commands base-bridge [enable| max-clients <1-12>] Sets base bridge values • enable – Allows the given radio to act as a base bridge and accept connections from client bridges. • max-clients <1-12> – Configures a base-bridge. Enter maximum client bridges allowed.
PAGE 653
Wireless configuration commands client-bridge [bb-radio| bridge-selectmode| enable| mesh-timeout <2-200>| ssid ] Defines client bridge settings. • bb-radio <1-16> – add the preferred base bridge details.
PAGE 654
20 Wireless configuration commands group-id <1-256> Specifies the radio groups to balance user load. • For Mobility RFS7000 Controller, <0-255> – Radio group identifier used for an access-point, 0 disables the grouping. • For Mobility RFS6000 Controller, <0-64> – Radio group identifier used for an access-point, 0 disables the grouping. location-led [start-flashing| stop-flashing] Changes the mode of operation of the LEDs on an AP.
PAGE 655
Wireless configuration commands short-gi enable short-preamble 20 Enables the Short GI value for both the 20 MHz and the 40 MHz channels for the 11n radio. Enables support for the short preamble. NOTE: This disables support for long preamble. Mobiles that only support long preamble will not be able to associate.
PAGE 656
20 Wireless configuration commands tunnel tx-rate-class <1-4> The tunnel transmit rate class for the radio. Select a value from 1 to 4. wmm [background| best-effort|video|voice] [aifsn<1-15>|burst <0-65535>| cw<0-15>] Sets 802.11e/Wireless Multi Media (WMM) parameters (supported only on BR300). • background – Prioritizes Background category traffic. • best-effort– Prioritizes Best Effort category traffic. • video – Prioritizes Video category traffic. • voice – Prioritizes Voice category traffic.
PAGE 657
Wireless configuration commands 20 rate-limit Wireless configuration commands Sets the default rate limit per user in kbps, and applies to all enabled WLANs Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax rate-limit [wired-to-wireless|wireless-to-wired] <0-100000> Parameters wired-to-wireless <100-100000> • Down link direction from network to wireless client <100-100000> – rate in the range of <100-100000> kbps wir
PAGE 658
20 Wireless configuration commands secure-wispe-default-secret Wireless configuration commands Configures the default shared secret for secure WISPE If a new shared secret is not configured for an AP or a list of APs, then a default shared secret will be assigned. The value of default shared secret is the string "default".
PAGE 659
Wireless configuration commands 20 self-heal Wireless configuration commands Configures self healing values Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax self-heal [interference-avoidance|neighbor-recovery] self-heal interference-avoidance [enable|hold-time <30-65535>|retries <0.0-15.
PAGE 660
20 Wireless configuration commands Parameters interference-avoidance Interference avoidance configuration. enable Enables/disables interference avoidance. hold-time <30-65535> The number of seconds to disable interference avoidance after a detection. This prevents a radio from changing channels continuously. Set the hold-time between 30-65535 seconds. retries <0.0-15.0> Defines the average number retries (0-15) causing a radio to re-run auto channel selection.
PAGE 661
Wireless configuration commands 20 sensor Wireless configuration commands Configures Wireless Intrusion Protection System (WIPS) parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax sensor [<1-48>|default-config|ping-interval|vlan] sensor <1-48> [default-config|request-config|revert-to-ap] default-config [gateway-ip|ip-mode|wips-server-ip] default-config gateway-ip default-config ip-mode [dhcp|static
PAGE 662
20 Wireless configuration commands Parameters <1-48> [default-config| requestconfig| revert-to-ap] Select a sensor to reset/revert the AP to its original state. Use the show wireless sensor command to view the sensor index. • • • default-config – Restores the internal configuration of the sensor to default values. This sends the configuration to the sensor. request-config – Polls the sensor for its latest configuration.
PAGE 663
Wireless configuration commands 20 service Wireless configuration commands Invokes service commands to troubleshoot or debug (config-wireless) instance configurations For more information, see “service” on page 37.
PAGE 664
20 Wireless configuration commands service smart-rf simulate [coverage-hole|interference] service smart-rf simulate coverage-hole <1-4096> [|pattern-11a| pattern-11b|pattern-11bgn|pattern-2-mbps] service smart-rf simulate interference [|<1-4094>| ] service wireless [ap-history|clear-ap-log|custom-cli|dot11i| dump-core|enhanced-beacon-table|enhanced-probe-table| free-packet-watermark|idle-radio-send-multicast| legacy-load-balance|map-radios|radio-misc-cfg
PAGE 665
Wireless configuration commands 20 Parameters clear wireless wireless-client association-statistics show [radio-neighbor|cli|smart-rf |wireless] Clears statistics for wireless wireless client associations and dis-associations. Displays the current running system information for this mode. cli – Shows the CLI commands available in this mode. radio-neighbor mu – Displays neighboring radios for a station • mu – Specify the MAC address of the MU.
PAGE 666
20 Wireless configuration commands • • • • • • • • • • • • • • • 664 enhanced-beacon-table [config|report] – Displays Enhanced Beacon Table information. • config – Displays Enhanced Beacon Table configuration information. • report – Displays Enhanced Beacon Table reports. enhanced-probe-table [config|report] – Displays Enhanced Probe Table information. • config – Displays Enhanced Probe Table configuration information.
PAGE 667
Wireless configuration commands smart-rf [clear-history| load-from-file|replay| rescue|restore| save-to-file|simulate] 20 Configures smart-rf parameters. clear-history – Clears assignment history. load-from-file – Loads smart-rf configuration from the file smart.bin. • replay enable – Enables replay mode for smart-rf • rescue [|<1-4094>|] – Forces radio rescue operation. • – MAC address of a single radio. • <1-4094> – Radio index. • – List of radio indices.
PAGE 668
20 Wireless configuration commands wireless [ap-history| clear-ap-log|custom-cli| dot11i|dump-core| enhanced-beacon-table| enhanced-probe-table| free-packet-watermark| idle-radio-send-multicast| legacy-load-balance|map-ra dios| radio-misc-cfg| rate-scale| request-ap-log| save-ap-log| snmp-trap-throttle| sync-radio-entries| vlan-cache] 666 Configures wireless parameters. ap-history [clear|enable] – Configures access point history. • clear – Clears all history of all APs.
PAGE 669
Wireless configuration commands 20 • • username – The Radius username of the user connected through this device (shown only if applicable and available). • vlan – The VLAN-ID assigned to the wireless-client. • wlan-desc – The WLAN description the wireless-client is using. • wlan-id – The WLAN index the wireless-client is using. sh-wi-radio [adopt-info|ap-locn|ap-mac| ap-name|bss|channel|dot11-type|num-client|power| radio-desc|radio-id|state] – Customize the output of the "show wireless radio" command.
PAGE 670
20 Wireless configuration commands • • • • 668 dot11i – modify dot11i service parameters. dump-core – Creates a core file of the ccsrvr process. enhanced-beacon-table [channel-set|enable| erase-report|max-ap|scan-interval|scan-time] – Enhanced beacon table for AP locationing. • channel-set [a|an|b|bg|bgn] <1-200> – Adds channels to the different radio types. Channel types are a, an, b, bg, bgn. The channel number must be in the range 1 to 200.
PAGE 671
Wireless configuration commands • • • • • • • • • • • 20 free-packet-watermark <0-100>– The free packets threshold in percent. If the percentage of free packets is lower than this number, then additional packets will not be queued in the datapath. idle-radio-send-multicast enable – Enables forwarding multicast packets to radios without associated wireless clients. legacy-load-balance – Invoke legacy load balance algorithm.
PAGE 672
20 Wireless configuration commands [16]: wlan=20, vlan_id=0, limit=0, [17]: wlan=20, vlan_id=0, limit=0, [18]: wlan=20, vlan_id=0, limit=0, [19]: wlan=20, vlan_id=0, limit=0, [20]: wlan=20, vlan_id=0, limit=0, [21]: wlan=20, vlan_id=0, limit=0, [22]: wlan=20, vlan_id=0, limit=0, [23]: wlan=20, vlan_id=0, limit=0, [24]: wlan=20, vlan_id=0, limit=0, [25]: wlan=20, vlan_id=0, limit=0, [26]: wlan=20, vlan_id=0, limit=0, [27]: wlan=20, vlan_id=0, limit=0, [28]: wlan=20, vlan_id=0, limit=0, [29]: wlan=20, vlan_
PAGE 673
Wireless configuration commands 20 show Wireless configuration commands Displays current system information running on the controller For other show commands, see Chapter 2, Section show on page 2-59.
PAGE 674
20 Wireless configuration commands mac mac-address-table mac-name management mobility ntp password-encryption port port-channel privilege protocol-list radius redundancy role rtls running-config securitymgr service-list sessions smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users version virtual-ip wireless wlan-acl Internet Protocol (IP) Display MAC address table Displays the configured mac names Display L3 Managment I
PAGE 675
Wireless configuration commands 20 RFController(config-wireless)#show wireless radio-group group_id | radios ---------------------------------------------------------11 | 1,4 RFController(config-wireless)# RFController(config-wireless)#show Number of access-ports adopted : Number of AAPs adopted : Available AP licenses : Available AAP licenses : Redundancy enabled : Redundancy mode : RFController(config-wireless)# wireless ap 0 0 0 0 N active RFController(config-wireless)show service-list qmtp 209/tcp q
PAGE 676
20 Wireless configuration commands klogin kshell afpovertcp afpovertcp remotefs nntps nntps nqs npmp-local npmp-local npmp-gui npmp-gui 543/tcp 544/tcp 548/tcp 548/udp 556/tcp 563/tcp 563/udp 607/tcp 610/tcp 610/udp 611/tcp 611/udp RFController(config-wireless)#show wireless radio IDX AP MAC RADIO-BSSID TYPE STATE CHANNEL POWER ADOPTED-BY 1 00-A0-F8-00-00-00 00-23-68-2E-7E-F8 11bgn normal 6 (acs) 8 (8 ) current-controller 2 00-A0-F8-00-00-00 00-23-68-2E-7A-18 11an normal 104(rnd) 18(20) current-controll
PAGE 677
Wireless configuration commands 20 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 11 0 12 0 13 0 14 0 15 0 Voice failed : 0 Tx BCMC drops : 0 RFController(config-wireless)#show wireless wlan statistics 1 detail Rates(Mbps) Tx packets Rx Packets ------------------------------------------ ---------- ------802.11b rates (1, 2, 5.5, 6) 0 0 802.11a/g low rates (9, 11, 12) 0 0 802.11a/g low rates (18, 22, 24) 0 0 802.11a/g high rates (36, 48, 54) 0 0 802.11n (MCS 0-3) 0 0 802.11n (MCS 4-7) 0 0 802.
PAGE 678
20 Wireless configuration commands 11 0 12 0 13 0 14 0 15 0 Voice failed : 0 RFController#show wireless client IDX MAC/NAME RADIO TYPE WLAN VLAN READY IP-ADDRESS LAST ACTIVE 2 00-1E-E5-EA-1D-60 2 11bg 1 1 Y 192.168.1.194 359 Sec Number of clients associated: 1 RFController#show wireless client statistics 00-1E-E5-EA-1D-60 detail mu_idx = 1 Voice Rates(Mbps) Tx packets Rx Packets Tx packets Rx Packets ----------- ---------- ---------- ---------- ---------1.0 0 8 0 0 2.0 0 0 0 0 5.5 0 0 0 0 6.0 0 0 0 0 9.
PAGE 679
Wireless configuration commands 20 Number of clients associated: 1 RFController#show wireless client statistics 00-1E-E5-EA-1D-60 detail mu_idx = 1 Rates(Mbps) Tx packets Rx Packets ------------------------------------------ ---------- ------802.11b rates (1, 2, 5.5, 6) 0 18 802.11a/g low rates (9, 11, 12) 0 0 802.11a/g low rates (18, 22, 24) 0 5 802.11a/g high rates (36, 48, 54) 0 5 Voice: Rates(Mbps) Tx packets Rx Packets ----------- ---------- ---------1.0 0 0 2.0 0 0 5.5 0 0 6.0 0 0 9.0 0 0 11.
PAGE 680
20 Wireless configuration commands 802.11a/g low rates (9, 11, 12) 802.11a/g low rates (18, 22, 24) 802.11a/g high rates (36, 48, 54) 802.11n (MCS 0-3) 802.11n (MCS 4-7) 802.11n (MCS 8-11) 802.11n (MCS 12-15) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Voice: Rates(Mbps) Tx packets Rx Packets ----------- ---------- ---------1.0 0 0 2.0 0 0 5.5 0 0 6.0 0 0 9.0 0 0 11.0 0 0 12.0 0 0 18.0 0 0 22.0 0 0 24.0 0 0 36.0 0 0 48.0 0 0 54.
PAGE 681
Wireless configuration commands 20 smart-rf Wireless configuration commands Configures Smart-RF Management parameters and moves to the (config-wireless-smart-rf) instance Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE smart-rf initiates the(config-wireless-smart-rf) instance. For more details see Chapter 25, Smart RF Instance.
PAGE 682
20 Wireless configuration commands smart-scan-channels Wireless configuration commands Specifies a list of channels for Brocade clients to do smart-scan Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax smart-scan-channels [|add | remove ] Parameters A comma-separated list of channels add Add one or more channels to existing channel list remove
PAGE 683
Wireless configuration commands 20 wlan Wireless configuration commands Configures Wireless LAN related commands Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE Manual mapping of wlan will be erased when the actual wlan is disabled and enabled. Syntax wlan [<1-256>|] [80211-extensions|802.
PAGE 684
20 Wireless configuration commands wlan <1-256> dot11i key-rotation enable wlan <1-256> dot11i key-rotation-interval <30-86400> wlan <1-256> dot11i phrase [0 |2 | ] wlan <1-256> dot11i second-key [enable|key|phrase] wlan <1-256> dot11i second-key enable wlan <1-256> dot11i second-key [key|phrase] [0 | 2 |] wlan <1-256> dot11i tkip-cntrmeas-hold-time <0-65535> wlan <1-256> dot11i wap2-tkip enable wlan <1-256> encryption-type [ccmp|keyg
PAGE 685
Wireless configuration commands 20 wlan <1-256> qos [classification|mcast-with-dot11i|mcast1| mcast2|prioritize-voice|rate-limit|svp|weight|wmm] wlan <1-256> qos classification [low|normal|video|voice|wmm] wlan <1-256> qos mcast-with-dot11i enable wlan <1-256> qos [mcast1|mcast2] wlan <1-256> qos prioritize-voice wlan <1-256> qos rate-limit [wired-to-wireless| wireless-to-wired] <100-1000000> wlan <1-256> qos svp enable wlan <1-256> qos weight <1-10> wlan <1-256> qos wmm [8021p|background|best-effor
PAGE 686
20 Wireless configuration commands Parameters <1-256> Defines a single WLAN index Sets a list (1,3,7) or range (3-7) of WLAN indices For each of the options <1-256> and the following commands are available. 80211-extensions move-command enable 802.11w-mfp optional required sa-query aap-proxy-radius enable realm strip Enables support for 802.11 extensions. move-command – Enables support for fast roaming. enable – Enables this extension. • • Enables 802.
PAGE 687
Wireless configuration commands authentication-type [eap|hotspot|kerberos| mac-auth|none] Sets the authentication type for this WLAN. eap – EAP authentication (802.1X). hotspot – Web based authentication. kerberos – Kerberos authentication (encryption will change to WEP128 if its not already wep128/keyguard). • mac-auth – MAC authentication (RADIUS lookup of MAC address). • none – No authentication is used.
PAGE 688
20 Wireless configuration commands • • • second-key [enable|key|phrase] – Configures a secondary set of key/passphrase for this WLAN. • enable – Enables the use of a secondary key/passphrase. • key [0 |2 |] – Configures the key (PMK). • phrase [0 |2 |] – Configures the passphrase. • 0 – Password is specified as unencrypted. • 2 – Password is encrypted with password-encryption secret.
PAGE 689
Wireless configuration commands hotspot [allow-eap| allow-list|authentication|dn -whitelist|cache-ageout| connection-mode| ntf-logout-port|portal-api|pr e-auth-vlan| redirect-to-hostname| simultaneous-users| query|webpage| webpage-location] 20 Modifies hotspot related parameters allow-eap – allow EAP authentication in addition to web based login. • allow-list <1-32> – Specifies the allowed list that user can access without prior authentication.
PAGE 690
20 Wireless configuration commands • webpage external [failure|login|welcome] – Modifies hotspot page parameters. • external – Modifies a hotspot’s External Web page. • failure – When login fails. • login – When login succeeds. • welcome – The page to display to welcome user. • – Sets the path to the file to be displayed.
PAGE 691
Wireless configuration commands 20 NOTE: The full syntax for the internal page definition is as follows: • • ip [arp|dhcp] wlan 1 hotspot webpage internal welcome title Welcome to hotspot page. You have logged on successfullyfailure – Users are redirected to this Web page if they fail authentication. File must be named fail.html. • login – Users are prompted for their username and password within this Web page. File must be named login.html.
PAGE 692
20 690 Wireless configuration commands kdc [password|realm|server] • Modifies KDC related parameters. password [0 |2 |] – Create a KDC server password (up to 127 characters) • 0 – Password is specified unencrypted. • 2 – Password is encrypted with a password-encryption secret. • – Defines a KDC server password (up to 127 characters). • realm – Defines a KDC realm (up to 127 characters).
PAGE 693
Wireless configuration commands nac-server [primary|secondary| timeout] 20 Configure a NAC server IP address and an optional authentication port number.
PAGE 694
20 Wireless configuration commands • • • • rate-limit [wired-to-wireless|wireless-to-wired] <100-1000000> – Sets traffic rate limit for users on the selected WLAN. • wired-to-wireless – Down link direction - from network to wireless client. • wireless-to-wired – Up link direction - from wireless client to network. • <100-1000000> – The rate to limit to in kbps. svp enable – Enables support for Spectralink Voice Prioritization.
PAGE 695
Wireless configuration commands radius [accounting| authentication-protocol| dscp| dynamic-authorization| dynamic-vlan-assignment| mac-auth-format| wireless-client| reauth|server] 20 Configures RADIUS parameters for the select WLAN. accounting [mode|server|timeout] – Sets RADIUS accounting parameters. • mode [start-stop|stop-only|start-interim-stop] – Sets the Accounting Mode. • start-stop – Sends accounting start-stop. • stop-only – Sends accounting stop-only.
PAGE 696
20 Wireless configuration commands • • • • • • 694 authentication-protocol [chap|pap] – Sets the RADIUS Authentication Protocol for RADIUS request. Select from CHAP or PAP. dscp <0-63> – Specify a Differentiated Services Code Point (DSCP) value to provide QoS to RADIUS packets. Set a value in the range 0 to 63. dynamic-authorization enable – Configures support for RADIUS dynamic authorization extensions such as Disconnect Message, and Change-Of-Authorization, as described in RFC 3576.
PAGE 697
Wireless configuration commands • • • 20 server [primary|secondary] [ {acct-port }| radius-key [0 |2 |]] – Sets the primary or secondary RADIUS server for the selected WLAN. • primary – Sets primary RADIUS server information • secondary – Sets secondary RADIUS server information. • – Sets the IP address of the RADIUS server. • acct-port – Sets the optional radius server accounting port. Default is 1813.
PAGE 698
20 Wireless configuration commands vlan [<1-4094>| ] {limit <0-8192>} wep128 [key|phrase| wep-default-key] wep64 [key|phrase| wep-default-key] Sets the VLAN assignment of this WLAN. This command starts a new VLAN assignment for a WLAN index. All prior VLAN settings are erased. • [<1-4094>|] –Establishes the VLAN range list. It can be either a single index, a list (1,3,7) or a range (3-7). • limit <0 -8192> – Sets user limits on VLANs for this WLAN. Configures WEP128 parameters.
PAGE 699
Wireless configuration commands 20 RFController(config-wireless)# RFController(config-wireless)#wlan 25 dot11i handshake timeout 2500 retransmit 5 RFController(config-wireless)# RFController(config-wireless)#wlan 25 dot11i key-rotation enable RFController(config-wireless)# RFController(config-wireless)#wlan 25 dot11i key-rotation-interval 2000 RFController(config-wireless)# RFController(config-wireless)#wlan 25 enable RFController(config-wireless)# RFController(config-wireless)#wlan 25 hotspot webpage ext
PAGE 700
20 Wireless configuration commands wlan-bw-allocation Wireless configuration commands Enables WLAN bandwidth allocation on all radios Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax wlan-bw-allocation enable Parameters enable Enables WLAN bandwidth allocation on all radios.
PAGE 701
Wireless configuration commands 20 dot11k Wireless configuration commands Displays dot11k related commands Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax dot11k send-beacon-req [<1-8192>|CLIENT|client] dot11k send-beacon-req <1-8192> measurement-duration <100-10000> dot11k send-beacon-req [client|CLIENT] measurement-duration <100-10000> Parameters dot11k send-beacon-req [<1-8192>|CLIENT|client] Triggers the Be
PAGE 702
20 Wireless configuration commands wips Wireless configuration commands Configures wips parameters Supported in the following platforms: • Mobility RFS7000 Controller NOTE This command is not supported on the Mobility RFS6000 Controller and Mobility RFS4000 Controller platform.
PAGE 703
Wireless configuration commands 20 Syntax detect-window Configures the number of seconds for which information is collected before analysis.Value in the range <5-300> disable Disables WIPS without affecting configuration wips events Configures parameters related to the detection of anomalous 80211-replay-check-failure| frames on the RF network. The parameters are: ad-hoc-advertising-authorized- • 80211-replay-check-failure – Detects 802.
PAGE 704
20 Wireless configuration commands wips events [identical-source-and-destina tion-addresses | impersonation-attack-detect ed|non-changing-wep-iv|rep lay-injection-attack | suspicious-ap-high-rssi|tkipmic-counter-measures-cause d-by-station |transmitting-device-using-in valid-mac |unauthorized-ap-using-auth orized-ssid|unencrypted-stat ion-transmission-detected] {enable|filter-out|threshold} {authorized|ignored|unauth orized} • • • • • • • • • • • • • • • • • fake-ap-flood– Detects suspected ap flood (ba
PAGE 705
Wireless configuration commands 20 non-preferred-ap-attempts-threshold Wireless configuration commands Displays the number of attempts after which controller will adopt non preferred APs Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax non-preferred-ap-attempts-threshold <0-20> Parameters non-preferred-ap-attempts-th Displays the number of attempts after which controller will adopt reshold <0-20> non preferred APs • <0
PAGE 706
20 Wireless configuration commands test Wireless configuration commands Testing neighbor report on air Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax RFSController(config-wireless)test dot11k [make-bcn-rep| send-beacon-req|send-nbr-rep] RFSController(config-wireless) test dot11k make-bcn-rep mu neighbor RFSController(config-wireless) test dot11k send-beacon-req <1-8192> measurement-duration <100-10000> RFS
PAGE 707
Chapter 21 RTLS Instance In this chapter • RTLS config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705 Use the (config-rtls) instance to configure Real Time Location System (RTLS) parameters. To navigate to this instance, use the command RFController(config)#rtls RFController(config-rtls)# RTLS config commands This summarizes config-rtls commands: TABLE 23 RTLS Commands Command Description Ref.
PAGE 708
21 RTLS config commands aeroscout RTLS config commands Configure support for Aeroscout RTLS engine.
PAGE 709
RTLS config commands 21 clear RTLS config commands Clears tags/assets information associated with aeroscout, client, rfid and/or zone.
PAGE 710
21 RTLS config commands clrscr RTLS config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-rtls)#clrscr RFController(config-rtls)# 708 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 711
RTLS config commands 21 end RTLS config commands Ends and exits the current mode and changes to the PRIV EXEC mode.
PAGE 712
21 RTLS config commands espi RTLS config commands Configures Enterprise Services Programming Interface (ESPI) related parameters NOTE espi command instantiates (config-rtls-espi) sub-instance. For more details see ESPI Instance on page 729.
PAGE 713
RTLS config commands 21 exit RTLS config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 714
21 RTLS config commands help RTLS config commands Displays the interactive help system for RTLS instance Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-rtls)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 715
RTLS config commands 21 ekahau RTLS config commands Enables and configures the external ekahau location engine Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ekahau [enable|engine ip port|multicast-listen-addr] Parameters enable Enables and configures external ekahau RTLS engine engine ip port Configures the IP address and port number of the external ekahau RTLS engine • ip – Configures e
PAGE 716
21 RTLS config commands no RTLS config commands Negates a RTLS command or set its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [aeroscout|ekahau|reference-tag|service|site| controller|ap|zone] Parameters aeroscout [enable| multi-cast-listen|addr] ekahau [enable|engine|multicast] reference-tag [rfid] 714 Negates aeroscout configuration enable – Disable SOLE adapter multicast-listen-addr– Configure mul
PAGE 717
RTLS config commands 21 Usage Guidelines Use no command to undo the configurations on the parameters mentioned in the table. Refer to the parameters, within this chapter, for complete syntax.
PAGE 718
21 RTLS config commands reference-tag RTLS config commands Configures fixed RFID tag as reference tag and sets its coordinates within a specified location Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax reference-tag rfid coordinates x <0-65535> y <0-65535> {[z<0-65535>]}{orientation [0|90|180|270]} {range <1-50>} Parameters rfid coordinates x Configures rfid tag as a reference tag <0-65535> y <0-655
PAGE 719
RTLS config commands 21 rfid RTLS config commands Configures RFID reader parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE rfid command instantiates (config-rtls-rfid) sub-instance. For more details see RFID Instance on page 739.
PAGE 720
21 RTLS config commands service RTLS config commands Invokes service commands to troubleshoot or debug (config-rtls) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service [filter|inventory|show] service filter <1-100> [action|length|mask| memory-bank|name|offset] service filter <1-100> action [allow|deny] service filter <1-100> length <1-128> service filter <1-100> mask service fil
PAGE 721
RTLS config commands 21 Parameters Configures RFID tag filter service filter <1-100> • action [allow|deny] – Configures action for tag filter.
PAGE 722
21 RTLS config commands Use [no] service [options] to rollback any service related configurations.
PAGE 723
RTLS config commands 21 show RTLS config commands Displays current system information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show show rtls [aeroscout|espi|filter|ekahau|reference-tags| rfid|site|sole|tags|zone] Parameters ? Suffix ? to the parameter to view its options and their related configuration details.
PAGE 724
21 RTLS config commands port port-channel privilege protocol-list radius role redundancy rtls running-config securitymgr service-list sessions smtp-notifications snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users version virtual-ip wireless wlan-acl Physical/Aggregate port interface Portchannel commands Show current privilege level List of protocols RADIUS configuration commands Configure role parameters Display redundancy group paramet
PAGE 725
RTLS config commands 21 site RTLS config commands Configures RTLS site dimensions Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax site [description|dimension|name|scale] site description site dimension [unit [feet|meters]|x <1-9000> y <1-9000> z <0-180>] site name site scale [<1-90>|auto] Parameters description Configures site description – Enter a description for
PAGE 726
21 RTLS config commands sole RTLS config commands Sets Smart Opportunistic Location Engine (SOLE) related configuration commands This command leads you to the (config-rtls-sole)# sub-instance. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE sole command instantiates (config-rtls-sole) sub-instance. For more details see SOLE Instance on page 753.
PAGE 727
RTLS config commands 21 controller RTLS config commands Configures the controller’s geographical location parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax controller [coordinates|geo-coordinates] controller coordinates x <0-65535> y <0-65535> z <0-65535> controller geo-coordinates longitude <-180.00-80.00> latitude <-90.00 - 90.00> Parameters coordinates x <0-65535> y <0-65535> z <0-65535> longitude <-180.
PAGE 728
21 RTLS config commands zone RTLS config commands Configures the zone. Maximum of 16 zones can be configured for a site.
PAGE 729
RTLS config commands 21 ap RTLS config commands Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ap coordinates x <0-9000> y <0-9000> z <0-180> Parameters coordinates x <0-9000> y <0-9000> z <0-180> Select a single zone index for configuration – Configures access point MAC Address • x <0-9000> – Defines X coordinate • y <0-9000> – Defines Y coordinate • z <0-180> – Defines Z coordinate • Example RF
PAGE 730
21 728 RTLS config commands Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 731
Chapter 22 ESPI Instance In this chapter • ESPI config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729 Use the (config-rtls-espi) instance to configure Enterprise Services Programming Interface (ESPI) related configuration commands.
PAGE 732
22 ESPI config commands adapter ESPI config commands Enables/disables a specified adapter or all adapters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax adapter ale-tcp [enable|port <3000-3100>] Parameters adapter ale-tcp [enable|port <3000-3100>] Application side protocol implemented by adapter.
PAGE 733
ESPI config commands 22 clrscr ESPI config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-rtls-espi)#clrscr RFController(config-rtls-espi)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 731
PAGE 734
22 ESPI config commands end ESPI config commands Ends and exits the current mode and moves to the PRIV EXEC mode.
PAGE 735
ESPI config commands 22 exit ESPI config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 736
22 ESPI config commands help ESPI config commands Displays the system’s interactive help in HTML format Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-rtls-espi)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 737
ESPI config commands 22 no ESPI config commands Defines the name of the adapter or disables the adapter(s) Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no adapter ale-tcp [enable|port <3000-3100>] Parameters adapter ale-tcp [enable|port <3000-3100>] Negates ESPI adapter configurations. adapter – Application side Protocol implemented by adapter.
PAGE 738
22 ESPI config commands service ESPI config commands Invokes service commands to troubleshoot or debug (config-if) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters None Example RFController(config-rtls-espi)#service show cli ESPI Config mode: +-adapter +-ADAPTER +-activate [adapter ADAPTER activate] +-port +-<3000-3100> [adapter ADAPTER port <3000-3100>] +-clrscr [clr
PAGE 739
ESPI config commands 22 show ESPI config commands Displays current system information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command Example RFController(config-rtls-espi)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the sys
PAGE 740
22 ESPI config commands running-config securitymgr service-list sessions smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape virtual-ip upgrade-status users version virtual-ip wireless wlan-acl Current Operating configuration Securitymgr parameters List of services Display current active open connections Display SNMP engine parameters Display SNMP engine parameters Display SNMP engine parameters Display spanning tree information Contents of
PAGE 741
Chapter 23 RFID Instance In this chapter • RFID config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739 The (config-rtls-rfid) instance is used to configure RFID reader related configuration parameters.
PAGE 742
23 RFID config commands activate RFID config commands Activates and enables the Real Time Location System (RTLS ) adapter Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax activate Parameters None Usage Guidelines Use [no] to disable and deactivate the RTLS adapter Example RFController(config-rtls-rfid)#activate RFController(config-rtls-rfid)# 740 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-10
PAGE 743
RFID config commands 23 clrscr RFID config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-rtls-rfid)#clrscr RFController(config-rtls-rfid)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 741
PAGE 744
23 RFID config commands end RFID config commands Ends and exits the current mode and changes to the PRIV EXEC mode.
PAGE 745
RFID config commands 23 exit RFID config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 746
23 RFID config commands help RFID config commands Displays the interactive help system for RTLS instance Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-rtls-rfid)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 747
RFID config commands 23 no RFID config commands Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [activate|reader|service] Parameters activate Deactivates/disables RTLS adapter reader Disables RFID reader configuration commands service Disables service commands Usage Guidelines Use [no] command to undo the configurations on the parameters mentioned in the table.
PAGE 748
23 RFID config commands reader RFID config commands Configures RFID Readers parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax reader [|] reader [antenna|coordinates|description| enable|id|name] reader antenna [|] reader antenna [coordinates x y z | power ] reader
PAGE 749
RFID config commands 23 Parameters reader [| ] Enter a single RFID reader index or a list (1,3,7) or range ( 3-7) of RFID reader indices antenna [|] coordinates x y z Configures the RFID readers antenna.
PAGE 750
23 RFID config commands service RFID config commands Invokes service commands to troubleshoot or debug (config-if) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli service reader [|] [antenna|upgrade] service reader [|] antenna [||any] filter [|] servi
PAGE 751
RFID config commands 23 Parameters show cli service reader [| ] antenna [||any] filter [|] service reader [|] upgrade ipaddr ftp-username ftp-password ftp-path username password Displays the CLI tree of the current mode Displays the RFID reader configuration informa
PAGE 752
23 RFID config commands +-filter [no reader (<1-48>|READER) antenna (<1-............................................................... ............................................................... ............................................................... ...............................................................
PAGE 753
RFID config commands 23 show RFID config commands Displays current system information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command Example RFController(config-rtls-rfid)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the syst
PAGE 754
23 RFID config commands running-config securitymgr service-list sessions smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape virtual-ip upgrade-status users version virtual-ip wireless wlan-acl Current Operating configuration Securitymgr parameters List of services Display current active open connections Display SNMP engine parameters Display SNMP engine parameters Display SNMP engine parameters Display spanning tree information Contents of
PAGE 755
Chapter 24 SOLE Instance In this chapter • SOLE config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753 Use the (config-rtls-sole) instance to configure SOLE Location Engine related parameters.
PAGE 756
24 SOLE config commands clrscr SOLE config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-rtls-sole)#clrscr RFController(config-rtls-sole)# 754 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 757
SOLE config commands 24 end SOLE config commands Ends and exits the current mode and changes to the PRIV EXEC mode.
PAGE 758
24 SOLE config commands exit SOLE config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 759
SOLE config commands 24 help SOLE config commands Displays the interactive help system for RTLS instance Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-rtls-sole)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 760
24 SOLE config commands locate SOLE config commands Configures location commands Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax locate [aeroscout|wireless-client|ekahau] locate wireless-client [|enable|interval] locate ekahau [enable|interval] Parameters Locates aeroscout tags aeroscout [enable|interval <5-3600> • enable – Enables on-board aeroscout location engine service • wireless-client [| e
PAGE 761
SOLE config commands 24 no SOLE config commands Disables the locationing adapter(s) and its configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [aap-rssi-update-interval|locate|mobile-nit|redundancy| rssi-filter] Parameters aap-rssi-update-interval Disables AAP probe packet interval locate [aeroscout|ekahau|wireles s-client] Negates Location commands wireless-client [
PAGE 762
24 SOLE config commands redundancy SOLE config commands Enables redundancy support across cluster members for SOLE Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax redundancy enable Parameterse redundancy enable Enables the redundancy support across cluster members for SOLE Usage Guidelines This command is disabled by default Example RFController(config-rtls-sole)#redundancy enable RFController(config-rtls-sole)# 76
PAGE 763
SOLE config commands 24 service SOLE config commands Invokes service commands to troubleshoot or debug (config-rtls) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters None Example RFController(config-rtls-sole)#service show cli Location Engine Config mode: +-clrscr [clrscr] +-end [end] +-exit [exit] +-help [help] +-locate +-aeroscout +-enable [locate (aeroscout|ekahau)
PAGE 764
24 SOLE config commands show SOLE config commands Displays current system information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command Example RFController(config-rtls-sole)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the sys
PAGE 765
SOLE config commands rtls running-config securitymgr service-list sessions smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users version virtual-ip wireless wlan-acl 24 Real Time Locating System commands Current Operating configuration Securitymgr parameters List of services Display current active open connections Display SNMP engine parameters Display SNMP engine parameters Display SNMP engine parameters Display spanning
PAGE 766
24 SOLE config commands rssi-filter SOLE config commands Filters rssi values below this threshold Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax rssi-filter <-100-0> Parameters <-100-0> Displays rssi filter value in dbm Example RFController(config-rtls-sole)#rssi-filter -9 RFController(config-rtls-sole)# 764 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 767
SOLE config commands 24 aap-rssi-update-interval SOLE config commands Displays AAP probe packet interval value in seconds Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax aap-rssi-update-interval <5-3600> Parameters aap-rssi-update-interval <5-3600> Displays aap-rssi filter value in seconds Example RFController(config-rtls-sole)#aap-rssi-update-interval 99 RFController(config-rtls-sole)# Brocade Mobility RFS4000,
PAGE 768
24 SOLE config commands wireless-client SOLE config commands Displays wireless-client configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax wireless-client power-level <1-100> Parameters wireless-client powerlevel <1-100>] Displays wireless-client configurations power-level <1-100> – Displays wireless-client power-level • Example RFController(config-rtls-sole)#wireless-client powerlevel 9 RFController(co
PAGE 769
Chapter 25 Smart RF Instance In this chapter • smart-rf config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767 Use the (config-wireless-smart-rf) instance to configure Smart RF related configuration commands.
PAGE 770
25 smart-rf config commands TABLE 27 Smart-RF Configuration Commands Command 768 Description Ref.
PAGE 771
smart-rf config commands 25 assignable-power-range smart-rf config commands Specifies the power range during power assignment. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax assignable-power-range [ ] Parameters assignable-power-range [ ] Specifies the power range during power assignment. lower bound – The lower bound of the power range. Value is between 4 and 20.
PAGE 772
25 smart-rf config commands auto-assign smart-rf config commands Enables individual RF parameters to be auto-assigned Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax auto-assign [all|channel|detector|power|rescuer] enable Parameters auto-assign [all|channel|detector|powe r| rescuer] enable Enables individual RF parameters to be auto-assigned.
PAGE 773
smart-rf config commands 25 clrscr smart-rf config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-wireless-smart-rf)#clrscr RFController(config-wireless-smart-rf)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 771
PAGE 774
25 smart-rf config commands end smart-rf config commands Ends and exits the current mode and moves to the PRIV EXEC mode.
PAGE 775
smart-rf config commands 25 exit smart-rf config commands Ends the current mode and moves to the previous mode (config-wireless).
PAGE 776
25 smart-rf config commands extensive-scan smart-rf config commands Enters the extensive scan mode The device needs calibration at every tx-power level. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax extensive-scan enable Parameters extensive enable Enables the extensive scan mode.
PAGE 777
smart-rf config commands 25 help smart-rf config commands Displays the system’s interactive help in HTML format Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-wireless-smart-rf)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 778
25 smart-rf config commands hold-time smart-rf config commands Defines the number of seconds to disable interference avoidance after a detection This prevents a radio from changing channels continuously. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax hold-time <30-65535> Parameters hold-time <30-65535> The number of seconds to disable interface avoidance after a detection.
PAGE 779
smart-rf config commands 25 no smart-rf config commands Disables the Smart RF configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [assignable-power-range|auto-assign|extensive-scan| hold-time|number-of-rescuers|radio|recover| retry-threshold|scan-dwell-time|schedule-calibrate| select-channels|service|smart-rf-module|verbose] no assignable-power-range [<4-20> <4-20>] no auto-assign [all|channel|detector|p
PAGE 780
25 smart-rf config commands Parameters assignable-power-range <4-20> <4-20> auto-assign [all |channel |detector|power|rescuer] enable 778 Negates the power range assignment.
PAGE 781
smart-rf config commands radio [<1-4096>|MAC Address|RADIO| all-11a|all-11b|all-11bg] (contd....) • • • recover [coverage-hole| interference|neighbor] enable 25 all-11a - for all 802.11a radios, the following values are negated or reset: • antenna-gain – Resets the set antenna gain value. • coverage-rate [1|2|5p5|6|9|11|12|18|24|36|48|54)]- Resets the selected coverage rate value. • lock-auto-assign [all | channel | detector | power | rescuer] - Resets the lock auto assign value.
PAGE 782
25 smart-rf config commands Example RFController(config-wireless-smart-rf)#no ? assignable-power-range reset the power range to default auto-assign disable individual RF parameters to beauto-assigned extensive-scan extensive scan mode, calibrate at everytx-power level hold-time The number of seconds to disable interference avoidance after a detection.
PAGE 783
smart-rf config commands 25 number-of-rescuers smart-rf config commands Configures the number of rescuers to cover faulty radio conditions Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax number-of-rescuers <1-5> Parameters number-of-rescuers <1-5> The number of rescuers to use to cover faulty radio conditions.
PAGE 784
25 smart-rf config commands radio smart-rf config commands Configures the different Smart RF radio parameters Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax radio [<1-4096>|MAC-ADDRESS|RADIO|all-11a|all-11b|all-11bg] radio <1-4096> [antenna-gain|coverage-rate| lock-auto-assign | radio-mac | rescuer | width] radio <1-4096> anternna-gain radio <1-4096> coverage-rate [1|2|5p5|6|9|11|12|18|24|36|48|54] radio <1-409
PAGE 785
smart-rf config commands 25 Parameters <1-4096> [antenna-gain | coverage-rate | lock-auto-assign | radio-mac | rescuer] AA-BB-CC-DD-EE-FF [antenna-gain | coverage-rate | lock-auto-assign | rescuer] Sets the following parameters for the selected radio: antenna-gain – Sets the antenna-gain value to GAIN for the selected radio. • coverage-rate [1|2|5p5|6|9|11|12|18|24|36|48|54] – Sets the coverage rate threshold value for under-coverage detection to the selected value from the list.
PAGE 786
25 smart-rf config commands all-11b [antenna-gain| coverage-rate| lock-auto-assign] all-11bg [antenna-gain| coverage-rate| lock-auto-assign] Sets the radio parameters for all 802.11b radios. antenna-gain – Sets the antenna-gain value to GAIN for the selected radio. • coverage-rate [1|2|5p5|6|9|11|12|18|24|36|48|54] – Sets the coverage rate threshold value for under-coverage detection to the selected value from the list.
PAGE 787
smart-rf config commands 25 recover smart-rf config commands Enables individual self-recovery features Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax recover [coverage-hole|interference|neighbor] Parameters recover [coverage-hole| interference|neighbor] enable Enables individual self recovery features: coverage-hole enable – Enables recovery from coverage-hole errors • interference enable – Enables recovery from int
PAGE 788
25 smart-rf config commands retry-threshold smart-rf config commands Sets the threshold for the average number of retries performed before a radio re-runs a channel scan Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax retry-threshold <0.0-15.0> Parameters <0.0-15.0> The value in decimal number. This is the average number of retries a radio makes before it re-runs the channel scan.
PAGE 789
smart-rf config commands 25 run-calibrate smart-rf config commands Starts an automatic RF configuration process Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax run-caliberate Parameters None Example run-caliberate Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 787
PAGE 790
25 smart-rf config commands scan-dwell-time smart-rf config commands Sets the time in seconds to dwell on a channel during a channel scan Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax scan-dwell-time <1-10> Parameters scan-dwell-time <1-10> The duration in seconds to dwell on a channel during a channel scan. The default scan dwell time value is 1 second.
PAGE 791
smart-rf config commands 25 schedule-calibrate smart-rf config commands Configures the calibrate schedule parameters This is used to configure parameters that schedule the automatic configuration of the Smart RF feature.
PAGE 792
25 smart-rf config commands select-channels smart-rf config commands Selects a list of channels for Automatic Channel Scan and Smart RF Use this command to add channels or remove them from the channel list. Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax select-channel [|add|remove ] Parameters A comma separated list of channel numbers.
PAGE 793
smart-rf config commands 25 service smart-rf config commands Invokes service commands to troubleshoot or debug (config-wireless-smart-rf) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli service smart-rf [clear-history|load-from-file|max-history |replay|rescue|restore|save-to-file|simulate|step-calibrate] service smart-rf clear-history service smart-rf load-from-file service smar
PAGE 794
25 smart-rf config commands Parameters show cli Displays the CLI tree of the current mode. smart-rf [clear-history | load-from-file| max-history|replay| rescue|restore| save-to-file|simulate| step-calibrate] Smart RF related commands are executed from this service command. • clear-history – Clears assignment history • load-from-file – Loads Smart RF record from file smart.bin • max-history <0-65535> – Sets the number of assignment items to be retained as history.
PAGE 795
smart-rf config commands 25 +-enable [auto-assign (detector|channel|power|rescuer|all) enable] +-power +-enable [auto-assign (detector|channel|power|rescuer|all) enable] +-rescuer +-enable [auto-assign (detector|channel|power|rescuer|all) enable] +-clrscr [clrscr] +-end [end] +-exit [exit] +-extensive-scan +-enable [(smart-rf-module|verbose|extensive-scan) enable] +-help [help] +-hold-time +-<30-65535> [hold-time <30-65535>] +-no +-assignable-power-range [no assignable-power-range] +-auto-assign +-all +-e
PAGE 796
25 smart-rf config commands show smart-rf config commands Displays current system information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - static-channel-group Syntax show show sh
PAGE 797
smart-rf config commands autoinstall banner boot clock commands crypto debugging dhcp environment file firewall ftp history interfaces ip ldap licenses logging mac mac-address-table management mobility ntp password-encryption port port-channel privilege protocol-list radius role redundancy rtls running-config securitymgr sessions service-list snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users version virtual-ip wireless wlan-acl 25 auto
PAGE 798
25 smart-rf config commands approved-aps Approved APs seen by access-point scans channel-power List of available channel and power levels for a radio client wireless client configuration config Wireless Configuration Parameters country-code-list List of supported country names and 2 letter IS0 3166 codes default-ap Information for default access-point hotspot-config Wlan hotspot configuration ids Intrusion detection parameters known Known AP related parameters mac-auth-local list out the mac-auth-local e
PAGE 799
smart-rf config commands retry-threshold hold-time 25 : 14.
PAGE 800
25 smart-rf config commands smart-rf-module smart-rf config commands Enables the Smart RF feature Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax smart-rf-module enable Parameters smart-rf-module enable Enables Smart RF.
PAGE 801
smart-rf config commands 25 verbose smart-rf config commands Enables the verbose mode that records every Smart RF assignment Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax verbose enable Parameters verbose enable Enables the verbose mode where every Smart RF assignment is recorded.
PAGE 802
25 800 smart-rf config commands Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 803
Chapter 26 Role Instance In this chapter • Role config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801 Use the (config-role) instance to configure Role related configuration commands. To navigate to the config-role instance, use the following commands: RFController(config)#role RFController(config-role)# For more information on the role command, see role on page 278.
PAGE 804
26 Role config commands ap-location Role config commands Sets the AP location configuration • This requires the location engine to be enabled on the controller with a site, appropriate zones defined and AP co-ordinates defined. The role based firewall has to know which zone the Client is located when it associates for the ap-parameter option to work. • The ‘ap-location’ parameter defines the zone or zones you wish to match.
PAGE 805
Role config commands 26 authentication-type Role config commands Selects authentication type for the role Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax authentication-type [any|eq|neq] authentication-type any authentication-type eq [eap|hotspot|kerberos|mac-auth|none] authentication-type neq[eap|hotspot|kerberos|mac-auth|none] Parameters any Any type of authentication.
PAGE 806
26 Role config commands encryption-type Role config commands Selects encryption for the role Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax encryption-type [any|eq|neq] encryption-type any encryption-type eq [ccmp|keyguard|none|tkip|tkip-ccmp| wep128|wep128-keyguard|wep64] encryption-type neq [ccmp|keyguard|none|tkip|tkip-ccmp| wep128|wep128-keyguard|wep64] Parameters any Encryption type can be any eq [ccmp|keyguar
PAGE 807
Role config commands 26 essid Role config commands Sets ESSID configuration for the role Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax essid [any|contains|exact|not-contains] essid essid essid essid any contains exact not-contains Parameters any Any ESSID. contains ESSID contains the string .
PAGE 808
26 Role config commands group Role config commands Sets group configuration for the role Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax group group group group group [any|contains|exact|not-contains] any contains exact not-contains Parameters any Any group. contains Group contains the string .
PAGE 809
Role config commands 26 ip Role config commands Sets IP parameters for the role Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax ip access-group [<1-99>|<100-199>|<1300-1999>| <2000-2699>|] [in|out] acl-precedence <1-100> Parameters access-group [<1-99>| <100-199>|<1300-1999> | <2000-2699>|] [in|out] acl-precedence <1-100> Sets the ACL precedence for the following ACL List entries <1-99> – IP standard acce
PAGE 810
26 Role config commands mac Role config commands Sets MAC access group configuration commands Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax mac access-group [in|out] acl-precedence <1-100> Parameters access-group [in|out] acl-precedence <1-100> Sets MAC access group configuration parameters – The ACL name in – Apply grouping to incoming packets out – Apply grouping to outgoing packets acl-prece
PAGE 811
Role config commands 26 client-mac Role config commands Configures the Client MAC addresses for role based firewall Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax client-mac [|/|any] Parameters The address of the Client that is allowed. MAC address can be in the format AA:BB:CC:DD:EE:FF or AA-BB-CC-DD-EE-FF or AABB.CCDD.EEFF.
PAGE 812
26 Role config commands clrscr Role config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-role)#clrscr RFController(config-role)# 810 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 813
Role config commands 26 no Role config commands Negates role commands Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no [ap-location|authentication-type|encryption-type|essid| group|ip|mac|client-mac] no ap-location no authentication-type no encryption-type no essid no group no ip access-group [<1-99>|<100-199>|<1300-1999>| <2000-2699>|] [in|out] acl-precedence <1-100> no mac [in|out] acl-precedence <1-10
PAGE 814
26 Role config commands end Role config commands Exits the current mode and moves to the PRIV EXEC mode.
PAGE 815
Role config commands 26 exit Role config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 816
26 Role config commands help Role config commands Displays the system’s interactive help in HTML format Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-role)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 817
Role config commands 26 service Role config commands Invokes service commands to troubleshoot or debug (config-role) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters None Example RFController(config-role#service show cli DHCP Server Config mode: +-address +-range +-A.B.C.D [address range A.B.C.D ( A.B.C.D |)] +-A.B.C.D [address range A.B.C.D ( A.B.C.
PAGE 818
26 Role config commands show Role config commands Displays current system information Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax show Parameters ? Displays parameters for which information can be viewed using the show command Example RFController(config-role)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoin
PAGE 819
Role config commands securitymgr sessions service-list snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users version virtual-ip wireless wlan-acl 26 Securitymgr parameters Display current active open connections List of services Display SNMP engine parameters Display SNMP engine parameters Display spanning tree information Contents of startup configuration static channel group membership Display terminal configuration parameters Display ti
PAGE 820
26 818 Role config commands Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 821
Chapter 27 AAP IP Filtering In this chapter • AAP IP Filter config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 819 The AAP IP Filter list mechanism (config-aap-ipfilter) creates filters based on the request received from the controller. It then applies those filters to the specified WLAN/LAN.
PAGE 822
27 AAP IP Filter config commands clear-all-rules AAP IP Filter config commands Clears all configured rules Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clear-all-rules Parameters None Example RFController(config-crypto-group)#clear-all-rules RFController(config-crypto-group)# 820 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 823
AAP IP Filter config commands 27 clrscr AAP IP Filter config commands Clears the display screen Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax clrscr Parameters None Example RFController(config-crypto-group)#clrscr RFController(config-crypto-group)# Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01 821
PAGE 824
27 AAP IP Filter config commands deny AAP IP Filter config commands Specifies packets to reject Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax deny [all|icmp|tcp|upd|protocol] deny [all|icmp|tcp|udp] [any|src-start-ip src-end-ip ] [any|dst-start-ip dst-end-ip ] [all|dst-start-port <1-65535> dst-end-port <1-65535>] rule <1-20> deny protocol <1-254> [any|src-start-ip src-end-ip ] [any|dst-star
PAGE 825
AAP IP Filter config commands 27 Parameters deny [all|icmp|tcp|udp] [any|src-start-ip srcend-ip ] [any|dst-startip dst-end-ip ] [all|dst-start-port <1-65535> dst-end-port <1-65535>] rule <1-20> Use with a deny command to reject IP packets deny all - Denies all the protocols deny icmp - Specifies ICMP as the protocol deny [tcp|udp] - Specifies TCP or UDP as the protocol The following parameters are common to all the protocols: • [any|src-start-ip src-end-ip ]- any is an abbrevia
PAGE 826
27 AAP IP Filter config commands Example RFSController(config-aap-ipfilter)#deny all any dst-start-ip 172.16.10.9 dst-end-ip 172.16.10.11 dst-start-port 99 dst-end-port 100 RFSController(config-aap-ipfilter)#permit tcp src-start-ip 192.168.1.234 src-end-ip 192.168.1.9 dst-start-ip 10.0.0.0 dst-end-ip 10.0.0.
PAGE 827
AAP IP Filter config commands 27 end AAP IP Filter config commands Ends and exits the current mode and changes to the PRIV EXEC mode.
PAGE 828
27 AAP IP Filter config commands exit AAP IP Filter config commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
PAGE 829
AAP IP Filter config commands 27 help AAP IP Filter config commands Displays the system’s interactive help system Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax help Parameters None Example RFController(config-aap-ipfilter)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
PAGE 830
27 AAP IP Filter config commands no AAP IP Filter config commands Negates a command or sets its defaults Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax no rule <1-20> Parameters rule <1-20> Specifies the rule to reject Example RFController(config-aap-ipfilter)#no rule 10 +-clrscr [clrscr] 828 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 831
AAP IP Filter config commands 27 permit AAP IP Filter config commands Specifies packets to permit Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax permit [all|icmp|tcp|upd|protocol] permit [all|icmp|tcp|udp] [any|src-start-ip src-end-ip ] [any|dst-start-ip dst-end-ip ] [all|dst-start-port <1-65535> dst-end-port <1-65535>] rule <1-20> permit protocol <1-254> [any|src-start-ip src-end-ip ] [any|
PAGE 832
27 AAP IP Filter config commands Parameters 830 permit [all|icmp|tcp|udp] [any|src-start-ip srcend-ip ] [any|dst-startip dst-end-ip ] [all|dst-start-port <1-65535> dst-end-port <1-65535>] rule <1-20> Use with a permit command to allow IP packets permit all - Permits all the protocols permit icmp - Specifies ICMP as the protocol permit [tcp|udp] - Specifies TCP or UDP as the protocol The following parameters are common to all the protocols: • [any|src-start-ip src-end-ip ]- an
PAGE 833
AAP IP Filter config commands 27 Example RFSController(config-aap-ipfilter)#permit tcp src-start-ip 192.168.1.234 src-end-ip 192.168.1.9 dst-start-ip 10.0.0.0 dst-end-ip 10.0.0.
PAGE 834
27 AAP IP Filter config commands service AAP IP Filter config commands Invokes service commands used troubleshoot or debug (config-if) instance configurations Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller Syntax service show cli Parameters None Example RFController(config-aap-ipfilter)#service show cli AAP IPFilter Config mode: +-clrscr [clrscr] +-help [help] +-show +-commands [show commands] +-WORD [show commands WORD] +-
PAGE 835
AAP IP Filter config commands 27 +-pool [show ip dhcp pool ( WORD | )] +-WORD [show ip dhcp pool ( WORD | )] +-sharednetwork [show ip dhcp sharednetwork] +-dhcp-vendor-options [show ip dhcp-vendor-options] +-domain-name [show ip domain-name] +-dos +-config [show ip dos config] +-stats [show ip dos stats] +-igmp +-snooping [show ip igmp snooping] +-mrouter +-vlan +-<1-4094> [show ip igmp snooping mrouter vlan(<1-4094>|VLAN)].........................
PAGE 836
27 AAP IP Filter config commands show AAP IP Filter config commands Displays current system information running on the controller Supported in the following platforms: • Mobility RFS4000 Controller • Mobility RFS6000 Controller • Mobility RFS7000 Controller NOTE The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000 Controller - power The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000 Controller: - port-channel - stat
PAGE 837
AAP IP Filter config commands mac mac-address-table mac-name management mobility ntp password-encryption port-channel port privilege protocol-list radius redundancy role rtls running-config securitymgr sessions smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users version virtual-ip wireless wlan-acl wwan 27 Internet Protocol (IP) Display MAC address table Displays the configured MAC Names Display L3 Managment Interface n
PAGE 838
27 836 AAP IP Filter config commands Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 53-1001931-01
PAGE 839