Network Router User Manual
Table Of Contents
- About This Document
- Introduction
- Common Commands
- In this chapter
- Common commands
- show
- autoinstall
- banner
- commands
- crypto
- environment
- history
- interfaces
- ip
- ldap
- licenses
- logging
- mac
- mac-address-table
- management
- mobility
- ntp
- port-channel
- power
- privilege
- radius
- redundancy dynamic-ap-load-balance
- redundancy group
- redundancy history
- redundancy members
- rtls
- smtp-notification
- snmp
- snmp-server
- spanning-tree
- static-channel-group
- terminal
- timezone
- traffic-shape
- users
- version
- wireless
- (config-wireless) Executable Mode
- wlan-acl
- access-list
- aclstats
- alarm-log
- boot
- clock
- debugging
- dhcp
- file
- ftp
- password-encryption
- running-config
- securitymgr
- sessions
- startup-config
- upgrade-status
- mac-name
- firewall
- role
- virtual-IP
- wwan
- aap-wlan-acl
- aap-wlan-acl-stats
- protocol-list
- service-list
- User Exec Commands
- Privileged Exec Commands
- Global Configuration Commands
- In this chapter
- Global Configuration commands
- aaa
- access-list
- autoinstall
- banner
- boot
- bridge
- country-code
- crypto
- do
- end
- errdisable
- ftp
- hostname
- interface
- ip
- license
- line
- local
- logging
- mac
- mac-address-table
- mac-name
- management
- ntp
- prompt
- radius-server
- ratelimit
- redundancy
- role
- rtls
- service
- smtp-notification
- snmp-server
- spanning-tree
- timezone
- traffic-shape
- username
- vpn
- wireless
- wlan-acl
- network-element-id
- firewall
- virtual-ip
- wwan
- aap-wlan-acl
- arp
- power
- aap-ipfilter-list
- whitelist
- Crypto-isakmp Instance
- Crypto-group Instance
- Crypto-peer Instance
- Crypto-ipsec Instance
- Crypto-map Instance
- Crypto-trustpoint Instance
- Interface Instance
- Spanning tree-mst Instance
- Extended ACL Instance
- Standard ACL Instance
- Extended MAC ACL Instance
- DHCP Server Instance
- DHCP Class Instance
- Radius Server Instance
- Wireless Instance
- In this chapter
- Wireless configuration commands
- aap
- admission-control
- adopt-unconf-radio
- adoption-pref-id
- ap
- ap-containment
- ap-detection
- ap-image
- ap-ip
- ap-standby-attempts-threshold
- ap-timeout
- ap-udp-port
- auto-select-channels
- broadcast-tx-speed
- client
- clrscr
- cluster-master-support
- convert-ap
- country-code
- debug
- dhcp-one-portal-forward
- dhcp-sniff-state
- dot11-shared-key-auth
- end
- exit
- fix-broadcast-dhcp-rsp
- help
- hotspot
- load-balance
- mac-auth-local
- manual-wlan-mapping
- wireless-client
- mobility
- multicast-packet-limit
- multicast-throttle-watermark
- nas-id
- nas-port-id
- no
- proxy-arp
- qos-mapping
- radio
- rate-limit
- secure-wispe-default-secret
- self-heal
- sensor
- service
- show
- smart-rf
- smart-scan-channels
- wlan
- wlan-bw-allocation
- dot11k
- wips
- non-preferred-ap-attempts-threshold
- test
- RTLS Instance
- ESPI Instance
- RFID Instance
- SOLE Instance
- Smart RF Instance
- Role Instance
- AAP IP Filtering
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 233
53-1001931-01
Global Configuration commands
5
crypto
Global Configuration commands
Use crypto to define system level local ID for ISAKMP negotiation and to enter the ISAKMP Policy,
ISAKMP Client or ISAKMP Peer command set.
NOTE
crypto isakmp(policy)Priority moves to the
config-crypto-isakmp instance. For more information, see
Crypto-isakmp Instance on page 327.
crypto isakmp client configuration group default moves you to the
config-crypto-group instance. For more details, see
Crypto-group Instance on page 341.
crypto isakmp peer IP Address moves to the
config-crypto-peer instance. For more details, see Crypto-peer Instance on page 351.
crypto ipsec transformset <tag> <value> leads you to
crypto-ipsec. Use the crypto ipsec transform-set command to define the transform
configuration for securing data (for example, esp-3des, esp-sha-hmac, etc.). The transform-set is
assigned to a crypto map using the map’s set transform-set command. For more details, see
Crypto-trustpoint Instance on page 387.
crypto pki trustpoint mode leads to the config-trustpoint instance. For more details, see
Crypto-trustpoint Instance on page 387.
Supported in the following platforms:
• Mobility RFS4000 Controller
• Mobility RFS6000 Controller
• Mobility RFS7000 Controller
Syntax
crypto [ipsec|isakmp|key|map|pki]
crypto ipsec [security-association|transform-set]
crypto ipsec security-association lifetime
[kilobyte|seconds] <lifetime>
crypto ipsec transform-set <transform-set-tag>
[ah-md5-hmac|ah-sha-hmac|esp-3des|esp-aes|esp-aes-192|
esp-aes-256|esp-des|esp-md5-hmac|esp-sha-hmac]
crypto isakmp [client|keepalive|key|peer|policy]
crypto isakmp client configuration group default
crypto isakmp keepalive <10-3600>
crypto isakmp key [0 <secret>|2 <secret>|<secret>]
[address <IP>|hostname <HOST>]
crypto isakmp peer [address <IP>|dn <distinguished-name>|
hostname <HOST>]
crypto isakmp policy <1-10000>
crypto key [export|generate|import|zeroize]
crypto key export rsa <rsa-keypair> <URL>
{<pass-phrase>}