Network Router User Manual
Table Of Contents
- About This Document
- Introduction
- Common Commands
- In this chapter
- Common commands
- show
- autoinstall
- banner
- commands
- crypto
- environment
- history
- interfaces
- ip
- ldap
- licenses
- logging
- mac
- mac-address-table
- management
- mobility
- ntp
- port-channel
- power
- privilege
- radius
- redundancy dynamic-ap-load-balance
- redundancy group
- redundancy history
- redundancy members
- rtls
- smtp-notification
- snmp
- snmp-server
- spanning-tree
- static-channel-group
- terminal
- timezone
- traffic-shape
- users
- version
- wireless
- (config-wireless) Executable Mode
- wlan-acl
- access-list
- aclstats
- alarm-log
- boot
- clock
- debugging
- dhcp
- file
- ftp
- password-encryption
- running-config
- securitymgr
- sessions
- startup-config
- upgrade-status
- mac-name
- firewall
- role
- virtual-IP
- wwan
- aap-wlan-acl
- aap-wlan-acl-stats
- protocol-list
- service-list
- User Exec Commands
- Privileged Exec Commands
- Global Configuration Commands
- In this chapter
- Global Configuration commands
- aaa
- access-list
- autoinstall
- banner
- boot
- bridge
- country-code
- crypto
- do
- end
- errdisable
- ftp
- hostname
- interface
- ip
- license
- line
- local
- logging
- mac
- mac-address-table
- mac-name
- management
- ntp
- prompt
- radius-server
- ratelimit
- redundancy
- role
- rtls
- service
- smtp-notification
- snmp-server
- spanning-tree
- timezone
- traffic-shape
- username
- vpn
- wireless
- wlan-acl
- network-element-id
- firewall
- virtual-ip
- wwan
- aap-wlan-acl
- arp
- power
- aap-ipfilter-list
- whitelist
- Crypto-isakmp Instance
- Crypto-group Instance
- Crypto-peer Instance
- Crypto-ipsec Instance
- Crypto-map Instance
- Crypto-trustpoint Instance
- Interface Instance
- Spanning tree-mst Instance
- Extended ACL Instance
- Standard ACL Instance
- Extended MAC ACL Instance
- DHCP Server Instance
- DHCP Class Instance
- Radius Server Instance
- Wireless Instance
- In this chapter
- Wireless configuration commands
- aap
- admission-control
- adopt-unconf-radio
- adoption-pref-id
- ap
- ap-containment
- ap-detection
- ap-image
- ap-ip
- ap-standby-attempts-threshold
- ap-timeout
- ap-udp-port
- auto-select-channels
- broadcast-tx-speed
- client
- clrscr
- cluster-master-support
- convert-ap
- country-code
- debug
- dhcp-one-portal-forward
- dhcp-sniff-state
- dot11-shared-key-auth
- end
- exit
- fix-broadcast-dhcp-rsp
- help
- hotspot
- load-balance
- mac-auth-local
- manual-wlan-mapping
- wireless-client
- mobility
- multicast-packet-limit
- multicast-throttle-watermark
- nas-id
- nas-port-id
- no
- proxy-arp
- qos-mapping
- radio
- rate-limit
- secure-wispe-default-secret
- self-heal
- sensor
- service
- show
- smart-rf
- smart-scan-channels
- wlan
- wlan-bw-allocation
- dot11k
- wips
- non-preferred-ap-attempts-threshold
- test
- RTLS Instance
- ESPI Instance
- RFID Instance
- SOLE Instance
- Smart RF Instance
- Role Instance
- AAP IP Filtering
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 381
53-1001931-01
Crypto Map config commands
10
Parameters
localid [dn|hostname]
<name>
Sets the local identity
• dn <name> – Defines the distinguished dn name
• hostname <name> – Sets the hostname
• <name> – The distinguished name or hostname
mode [aggressive|main] Sets the mode of the tunnels for this Crypto Map
• aggressive – Initiates aggressive mode
• main – Initiates main mode
peer
[ipaddress|
<host name>]
Sets the IP address of the peer device. This can be set for multiple
remote peers. The remote peer can be either an IP address.
In manual mode, only one remote peer can be added for a crypto
map
• IP address – Enter the IP address of the peer device. If not
configured, it implies responder only to any peer
• <host name> – Displays host name of the peer
pfs [1|2|5] Use the set pfs command to choose the type of perfect forward
secrecy (if any) required during IPSec negotiation of SAs for this
crypto map. Use the no form of this command to require no PFS.
• group 1 – IPSec is required to use the Diffie-Hellman Group 1
(768-bit modulus) exchange during IPSec SA key generation
• group 2 – IPSec is required to use the Diffie-Hellman Group 2
(1024-bit modulus) exchange during IPSec SA key
generation
• group 5 – IPSec is required to use Diffie-Hellman Group 5
remote-type [ipsec-l2tp|
xauth]
Sets the remote VPN client type
• ipsec-l2tp – Specify the remote VPN client as using
IPSEC/L2TP
• xauth – Specify the remote VPN client as using XAUTH with
mode config
security-association [level
perhost|lifetime
{kilobyte|seconds}]
Defines the lifetime (in kilobytes and/or seconds) of the IPSec SAs
created by this crypto map
• level perhost – Specifies the security association granularity
level for identities
• lifetime [kilobyte|seconds] – Security an association lifetime