M Motorola RFS Series Wireless LAN Switches WiNG CLI Reference Guide
© 2009 Motorola, Inc. All rights reserved. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.
About This Guide This Motorola RF Switch CLI Reference Guide and contains the following sections: • Who Should Use this Guide • How to Use this Guide • Conventions Used in this Guide • Motorola Service Information • Motorola, Inc. End-User License Agreement Who Should Use this Guide The Motorola RF Switch CLI Reference Guide is intended for administrators responsible for implementing, configuring, and maintaining a RFS6000 or RFS7000 model switch using the switch’s command line interface (CLI).
viii Motorola RF Switch CLI Reference Guide The syntax, parameters and descriptions within this guide can also be used generically for a RFS6000 and RFS7000 model switch. However, some subtle differences do exist amongst these baselines. These differences are strongly noted within the specific commands impacted. When these differences are noted, the options available to each switch baseline are described in detail.
ix Chapter Jump to this section if you want to... Chapter 10, “Crypto-map Instance” Understand the (crypto-map) commands within the switch CLI. Chapter 11, “Cryptotrustpoint Instance” Summarize the (crypto trustpoint) commands within the switch CLI. Chapter 12, “Interface Instance” Understand the (config-if) commands within the switch CLI. Chapter 13, “Spanning treemst Instance” Summarize the (config-mst) instance commands within the switch CLI.
x Motorola RF Switch CLI Reference Guide Chapter Jump to this section if you want to...
xi Conventions Used in this Guide This section describes the following topics: • Annotated Symbols • Notational Conventions Annotated Symbols The following document conventions are used in this document: NOTE: Indicates tips or special requirements. ! CAUTION: Indicates conditions that can cause equipment damage or data loss. SWITCH NOTE: Indicates caveats unique to a RFS6000 or RFS7000 model switch. WARNING! Indicates a condition or procedure that could result in personal injury or equipment damage.
xii Motorola RF Switch CLI Reference Guide Notational Conventions The following notational conventions are used in this document: • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related documents. • Bullets (•) indicate: • action items • lists of alternatives • lists of required steps that are not necessarily sequential • Sequential lists (those describing step-by-step procedures) appear as numbered lists.
xiii | The pipe symbol. This is used to separate the variables/keywords in a list. For example, the command RFSwitch> show ..... is documented as show [autoinstall|banner|ip|ldap|......] where: • set – The command • [autoinstall|banner|ip|ldap|......] – Indicates the different commands that can be combined with the show command. However, only one of the above list can be used at a time. show show show show [] autoinstall ... banner ... ip ... ldap ...
xiv Motorola RF Switch CLI Reference Guide {} Any command/keyword/variable or a combination of them inside a ‘{‘ & ‘}’ pair is optional. All optional commands follow the same conventions as listed above. However they are displayed italicized. For example, the command RFSwitch> show autoinstall .... is documented as show autoinstall {status} Here: • show autostatus– The command. This command can also be used as show autostatus • {status} – The optional keyword status.
xv Motorola Service Information Use the Motorola Support Center as the primary contact for any technical problem, question, or support issue involving Motorola products. Motorola Support Center responds to calls by email, telephone or fax within the time limits set forth in individual contractual agreements: Telephone (North America): 1-800-653-5350 Telephone (International): +1-631-738-6213 Fax: (631) 738-5410 Email: emb.support@motorola.
xvi Motorola RF Switch CLI Reference Guide General Information For general information, contact Motorola at: Telephone (North America): 1-800-722-6234 Telephone (International): +1-631-738-5200 Website: http://www.motorola.
xvii Motorola, Inc. End-User License Agreement BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE DESCRIBED IN THIS DOCUMENT, YOU OR THE ENTITY OR COMPANY THAT YOU REPRESENT ("LICENSEE") ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS LICENSE AGREEMENT ("AGREEMENT"). LICENSEE'S USE OR CONTINUED USE OF THE DOWNLOADED OR INSTALLED MATERIALS SHALL ALSO CONSTITUTE ASSENT TO THE TERMS OF THIS AGREEMENT.
xviii Motorola RF Switch CLI Reference Guide 3. INTELLECTUAL PROPERTY; CONTENT. All title and intellectual property rights in and to the Software (including but not limited to any images, photographs, animations, video, audio, music, text and "applets" incorporated into the Software), and any copies you are permitted to make herein are owned by Licensor or its suppliers.
xix 6. DISCLAIMER OF WARRANTIES.
xx Motorola RF Switch CLI Reference Guide 9. INDEMNITY. Licensee agrees that Licensor shall have no liability whatsoever for any use Licensee makes of the Software. Licensee shall indemnify and hold harmless Licensor from any claims, damages, liabilities, costs and fees (including reasonable attorney fees) arising from Licensee's use of the Software as well as from Licensee's failure to comply with any term of this Agreement. 10. FAULT TOLERANCE.
xxi waiver. This Agreement shall be governed by the laws of the State of New York without regard to the conflicts of law provisions thereof. The application the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded.
xxii Motorola RF Switch CLI Reference Guide
Contents Chapter 1. Introduction 1.1 CLI Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 1.2 Getting Context Sensitive Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 1.3 Using the No and Default Command Forms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 1.3.1 Basic Conventions . . .
TOC-2 Motorola RF Switch CLI Reference Guide 2.2.4 2.2.5 2.2.6 2.2.7 2.2.8 2.2.9 2.2.10 2.2.11 2.2.12 2.2.13 2.2.14 2.2.15 2.2.16 2.2.17 2.2.18 2.2.19 2.2.20 2.2.21 2.2.22 2.2.23 2.2.24 2.2.25 2.2.26 2.2.27 2.2.28 2.2.29 2.2.30 2.2.31 2.2.32 2.2.33 2.2.34 2.2.35 2.2.36 2.2.37 2.2.38 2.2.39 2.2.40 2.2.41 crypto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-45 environment . . . . . . . . . . . . . . . . . . . . .
Contents - TOC-3 2.2.42 2.2.43 2.2.44 2.2.45 2.2.46 2.2.47 2.2.48 2.2.49 2.2.50 2.2.51 2.2.52 2.2.53 2.2.54 2.2.55 2.2.56 2.2.57 2.2.58 clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-117 debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-118 dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TOC-4 Motorola RF Switch CLI Reference Guide 4.1.3 4.1.4 4.1.5 4.1.6 4.1.7 4.1.8 4.1.9 4.1.10 4.1.11 4.1.12 4.1.13 4.1.14 4.1.15 4.1.16 4.1.17 4.1.18 4.1.19 4.1.20 4.1.21 4.1.22 4.1.23 4.1.24 4.1.25 4.1.26 4.1.27 4.1.28 4.1.29 4.1.30 4.1.31 4.1.32 4.1.33 4.1.34 4.1.35 4.1.36 cd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 change-passwd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents - TOC-5 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.1.8 5.1.9 5.1.10 5.1.11 5.1.12 5.1.13 5.1.14 5.1.15 5.1.16 5.1.17 5.1.18 5.1.19 5.1.20 5.1.21 5.1.22 5.1.23 5.1.24 5.1.25 5.1.26 5.1.27 5.1.28 5.1.29 5.1.30 5.1.31 5.1.32 5.1.33 5.1.34 5.1.35 5.1.36 aaa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 access-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TOC-6 Motorola RF Switch CLI Reference Guide 5.1.37 username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-115 5.1.37.1 Encrypting a Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-116 5.1.38 vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-118 5.1.39 wireless . . . .
Contents - TOC-7 8.1.2 8.1.3 8.1.4 8.1.5 8.1.6 8.1.7 8.1.8 end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4 exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5 help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TOC-8 Motorola RF Switch CLI Reference Guide 11.1.6 11.1.7 11.1.8 11.1.9 11.1.10 11.1.11 11.1.12 11.1.13 11.1.14 fqdn. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8 help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9 ip-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents - TOC-9 Chapter 13. Spanning tree-mst Instance 13.1 mst Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 13.1.1 clrscr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 13.1.2 end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TOC-10 Motorola RF Switch CLI Reference Guide Chapter 15. Standard ACL Instance 15.1 Standard ACL Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 15.1.1 clrscr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3 15.1.2 deny . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents - TOC-11 16.1.8.3 Permitting IP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-17 16.1.9 service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-18 16.1.10 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-20 16.2 Configuring MAC Extended ACL . . . . .
TOC-12 Motorola RF Switch CLI Reference Guide 17.2.2 Creating a Host Pool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-37 17.2.3 Troubleshooting DHCP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-38 17.2.4 Creating a DHCP Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-40 Chapter 18. DHCP Class Instance 18.
Contents - TOC-13 19.1.7.11 service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-18 19.1.7.12 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-19 19.1.7.13 Example–Creating a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-20 19.1.8 help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TOC-14 Motorola RF Switch CLI Reference Guide 20.1.19 20.1.20 20.1.21 20.1.22 20.1.23 20.1.24 20.1.25 20.1.26 20.1.27 20.1.28 20.1.29 20.1.30 20.1.31 20.1.32 20.1.33 20.1.34 20.1.35 20.1.36 20.1.37 20.1.38 20.1.39 20.1.40 20.1.41 20.1.42 20.1.43 20.1.44 20.1.45 20.1.46 20.1.47 20.1.48 20.1.49 20.1.50 20.1.51 20.1.52 country-code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-33 debug . . . . . . . . . . . . . . . . . . . .
Contents - TOC-15 21.1.1 21.1.2 21.1.3 21.1.4 21.1.5 21.1.6 21.1.7 21.1.8 21.1.9 21.1.10 21.1.11 21.1.12 21.1.13 21.1.14 21.1.15 21.1.16 21.1.17 21.1.18 aeroscout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-3 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-4 clrscr . . . . . . . . . . . . . . . . . . . . . . . . . .
TOC-16 Motorola RF Switch CLI Reference Guide 23.1.6 23.1.7 23.1.8 23.1.9 no . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-8 reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-9 service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents - TOC-17 25.1.16 25.1.17 25.1.18 25.1.19 25.1.20 25.1.21 schedule-calibrate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-27 select-channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-28 service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-29 show . . .
TOC-18 Motorola RF Switch CLI Reference Guide
Introduction This chapter describes the commands defined by the switch Command Line Interface (CLI). Access the CLI (on the supported RFS6000 and RFS7000 models) by running a terminal emulation program on a computer connected to the serial port on the front of the switch, or by using a Telnet session via secure shell (SSH) to access the switch over the network. The default CLI user designation is cli. The default username and password are admin and superuser respectively.
1-2 Motorola RF Switch CLI Reference Guide 1.1 CLI Overview The CLI is used for configuring, monitoring, and maintaining the switch managed network. The user interface allows you to execute commands (on the supported RFS6000 and RFS7000 models) using either a serial console or a remote access method. This chapter describes the basic features of the CLI. Topics covered include an introduction to command modes, navigation and editing features, help features, and command history.
Introduction Table 1.1 summarizes the commands available from the switch. Table 1.
1-4 Motorola RF Switch CLI Reference Guide Table 1.
Introduction 1-5 Table 1.1 RF Switch CLI Hierarchy User Exec Mode Priv Exec Mode Global Configuration Mode vpn wireless wireless-acl firewall network-element-id ratelimit role 1.2 Getting Context Sensitive Help Enter a question mark (?) at the system prompt to display a list of commands available for each mode. Obtain a list of arguments and keywords for any command using the CLI context-sensitive help.
1-6 Motorola RF Switch CLI Reference Guide Command Description (prompt)# command keyword ? Lists the next available syntax option for the command NOTE: The system prompt varies depending on which configuration mode you are in. NOTE: Enter Ctrl + V to use ? as a regular character and not as a character used for displaying context sensitive help. This is required when the user has to enter a URL that ends with a ? NOTE: The escape character used through out the CLI is “\”.
Introduction 1-7 It is possible to abbreviate commands and keywords to allow a unique abbreviation. For example, “configure terminal” can be abbreviated as config t. Since the abbreviated command is unique, the switch accepts the abbreviation and executes the command. Enter the help command (available in any command mode) to provide the following description: RFSwitch>help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
1-8 Motorola RF Switch CLI Reference Guide • Enter commands in uppercase, lowercase, or mixed case. Only passwords are case sensitive • If an instance name (or other parameter) contains whitespace, the name must be enclosed in quotes RFSwitch.(Cfg)> spol "Default Switch Policy" RFSwitch.(Cfg).SPolicy.[Default Switch Policy]> NOTE: Commands starting with # at the RFSwitch# prompt are ignored and not executed. Any space before a CLI command is ignored in execution. 1.
Introduction 1-9 Table 1.2 Key Combinations Used to Move the Cursor Keystrokes Function Summary Left Arrow or Ctrl-B Back character Moves the cursor one character to the left When entering a command that extends beyond a single line, press the Left Arrow or Ctrl-B keys repeatedly to scroll back to the system prompt and verify the beginning of the command entry. You can press the Ctrl-A key combination.
1-10 Motorola RF Switch CLI Reference Guide Keystrokes Function Summary Function Details Ctrl-Z Enters the command and returns to the root prompt Ctrl-L Refreshes the input line 1.4.2 Completing a Partial Command Name If you cannot remember a command name (or if you want to reduce the amount of typing you have to perform) enter the first few letters of a command, then press the Tab key. The command line parser completes the command if the string entered is unique to the command mode.
Introduction 1-11 RFSwitch# co NOTE: The characters entered before the question mark are reprinted to the screen to complete the command entry. 1.4.
1-12 Motorola RF Switch CLI Reference Guide 1.4.6 Transposing Mistyped Characters If you have mistyped a command entry, you can transpose the mistyped characters. To transpose characters, use the following key combination: Keystrokes Purpose Ctrl-T Transposes the character to the left of the cursor with the character located at the cursor 1.4.7 Controlling Capitalization Capitalize or lowercase words with a few simple key sequences.
Common Commands This chapter describes the CLI commands used in the USER EXEC, PRIV EXEC, and GLOBAL CONFIG modes. The PRIV EXEC command set contains those commands available within the USER EXEC mode. Some commands can be entered in either mode. Commands entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands. If a user or privilege is not specified, the referenced command can be entered in either mode. 2.1 Common Commands Table 2.
2-2 Motorola RF Switch CLI Reference Guide 2.1.
Common Commands 2.1.
2-4 Motorola RF Switch CLI Reference Guide 2.1.3 help Common Commands Use this command to access the advanced help feature. Use “?” anytime at the command prompt to access the help topic. Two kinds of help are provided: 1. Full help is available when ready to enter a command argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (for example 'show ve?').
Common Commands 2.1.
2-6 Motorola RF Switch CLI Reference Guide country-code Clear the currently configured country code.
Common Commands 2-7 2.1.5 service Common Commands Service commands are used to manage the switch configuration in all modes. Depending on the mode, different service commands will display.
2-8 Motorola RF Switch CLI Reference Guide service show [cli|command-history|crash-info|info|memory| process|reboot-history|startup-log|upgrade-history| watchdog] service show diag [hardware|led-status|limits|period|stats| tech-support-period|tech-support-url|top] service show rtls [location-history|rfid] service show rtls location-history service show rtls rfid events reader {<1-48>} service undefine ecspec {} service wireless
Common Commands 2-9 Parameters (User Executable Mode) diag [enable|identify|limit| period| tech-support-period| tech-support-url] Diagnostics commands • enable – Enables in-service diagnostics • identify – Identifies a switch by flashing its LEDs • limit [buffer|fan|filesys|inodes|load|maxFDs| pkbuffers|procRAM|ram|routecache|temperature] – Sets the diagnostic limit command • buffer []<0-65535> – Configures the buffer usage warning limit.
2-10 Motorola RF Switch CLI Reference Guide • routecache <0-65535> – Configures IP route cache usage. Set a value between 0 and 65553. • temperature <1-6> [critical|high|low] – Sets the number of temperature sensors for the switch. • critical <0.0 - 250.0> – Critical temperature limit • high <0.0 - 250.0> – high temperature limit • low <0.0 - 250.0> – low temperature limit • period <100-30000> – Configures the diagnostics period. Set a value between 100-30000 milliseconds.
Common Commands 2-11 save-cli Saves the CLI tree for all modes in HTML show [cli|commandhistory|crash-info|diag| info|memory|process| reboot-history|rtls| startup-log| upgrade-history| watchdog] Displays running system information • cli – Shows the CLI tree of the current mode • command-history – Displays the command (except show commands) history • crash-info – Displays information about core, panic and AP dump files • diag [hardware|led-status|limits|period|stats |tech-support-period|tech-support-url
2-12 Motorola RF Switch CLI Reference Guide • • • • • • • • info – Shows a snapshot of available support information memory – Shows memory statistics watchdog – Shows watchdog status process – Shows processes (sorted by memory usage) reboot-history – Shows a reboot history startup-log – Shows the startup log upgrade-history – Shows an upgrade history rtls [location-history|rfid] – Real Time Locationing System commands • location-history – Show location engine history • rfid events – RFID Configuration •
Common Commands 2-13 service diag [enable|identify|limit|period| tech-support-period|tech-support-url] service encrypt secret 2 service firewall disable service kill conncection {<1-64>} service pktcap on [bridge|deny|drop|interface|router|vlan] service pktcap on [bridge|drop] {[count <199999>|filter|hex|snap|verbose|write]} service pktcap on bridge filter on [|arp|capwap|dst|ether|host|icmp|igmp|ip|ip6|l2|l3| l4|net|not|port|src|tcp|udp|vlan|wlan] service pktcap on bridge
2-14 Motorola RF Switch CLI Reference Guide service pktcap on bridge filter tcp {[[and|or] |[ack|fin|or|rst|syn] {[and|or] ]} service pktcap on bridge filter vlan <1-4095> {[and|or] } service pktcap on bridge filter wlan <1-2> {[and|or] } service pktcap on bridge [hex|verbose] {[count <1-1000000>| filter [...] |snap <1-1518>]} service pktcap on bridge snap <1-1518> {filter [...]} service pktcap on bridge write [|] {[count <1-1000000>|filter [...
Common Commands 2-15 service show securitymgr flows [details|source] service show securitymgr flows details {source [|any] destination [|any] protocol [any|icmp|tcp|udp]} service show securitymgr flows source [|any] destination [|any] protocol [any|icmp|tcp|udp] service show smart-rf [debug-config|sensitivity] service show smart-rf debug-config service show smart-rf sensitivity [mu|pattern|rates] service show smart-rf sensitivity mu {<1-8192>|} service show smart-rf sensitivity patter
2-16 Motorola RF Switch CLI Reference Guide service undefine ecspec {} service wireless [ap-history|clear-ap-log|custom-cli|dot11i| dump-core|enhanced-beacon-table|enhanced-probe-table| free-packet-watermark|idle-radio-send-multicast| legacy-load-balance|map-radios|radio-misc-cfg|rate-scale| request-ap-log|save-ap-log|snmp-trap-throttle| sync-radio-entries|vlan-cache] service wireless [dumpcore|legacy-load-balance|rate-scale| save-ap-log|sync-radio-entries] service wireless ap-history [clear|ena
Common Commands 2-17 service wireless snmp-trap-throttle <1-20> service wireless vlan-cache enable Parameters (Privilege Executable Mode) clear [all|aplogs|clitree|cores| dumps|fw|panics| snooptable|wireless] Performs a variety of reset functions • all – Removes all core, dump and panic files • aplogs – Removes all AP log files • clitree – Removes clitree.
2-18 Motorola RF Switch CLI Reference Guide copy tech-support [|] [tftp|ftp|sftp] Copies files for tech support purposes • tech-support [|] [tftp|ftp|sftp] – Copies extensive system information useful to technical support for troubleshooting.
Common Commands diag [enable|identify| limit|period| tech-support-period| tech-support-url] 2-19 Sets or displays switch diagnostic values • enable – Enables in-service diagnostics • fanduty <40-100> – CPU fan PWM duty cycle. Set a value between 40-100%. Setting a value below 60 is considered unreliable.
2-20 Motorola RF Switch CLI Reference Guide • routecache <0-65535> – Configures IP route cache usage. Set between 0 and 65553. • temperature <1-6> [critical|high|low] – Sets the number of temperature sensors for the switch. • critical <0.0 - 250.0> – Critical temperature limit • high <0.0 - 250.0> – high temperature limit • low <0.0 - 250.0> – low temperature limit • period <100-30000> – Configures the diagnostics period. Set a value between 100-30000 milli seconds. The default value is 1000 milliseconds.
Common Commands pktcap on [bridge|interface|router| vpn] [count|filter|verbose| write] 2-21 Packet capturing • on – Defines the packet capture location • bridge [count|hex|snap|verbose|write|filter] – Captures packet at the bridge • count <1-1000000> – Limits the captured packet count • filter [|arp|capwap|dst|ether|host|icmp|igmp| ip|ip6|l2|l3|l4|net|not|port|src|tcp|udp|vlan|wlan] – Filters packets based on specified criteria.
2-22 Motorola RF Switch CLI Reference Guide • verbose <1-1000000> – Displays full packet body • filter – Captures the filter • snap <1-1518>– Captured data length • write [|URL] – Captures to a file • FILE – File to which to copy • cf:/path/file • usb1:/path/file • usb2:/path/file • URL– Target URL from which to copy • tftp:///path/file • ftp://:@ /path/file • sftp://@/path/file • interface [|ge|me1|sa|vlan] – C
Common Commands 2-23 • • • • • • count <1-1000000> – Limits capture packet count filter – Captures filter verbose – Displays full packet body write – Captures to a file snap <1-1518> – Captured data length hex – Show full packet body • count – Limits capture packet count • filter – Captures the filter • snap – Captured data length • vpn – Captures at the VPN • count – Limits capture packet count • filter – Captures the filter • inbound – Captures ingress direction only • outbound – Captures egress direct
2-24 Motorola RF Switch CLI Reference Guide show [cli| command-history| crash-info|diag|fw|info| ip|last-passwd|memory| pm|process| reboot-history|rtls| securitymgr|smart-rf| startup-log| upgrade-history| watchdog|wireless] Displays running system information • cli – Shows the CLI tree of the current mode • command-history – Displays a command (except show commands) history • crash-info – Displays information about core, panic and AP dump files • diag [hardware|period|limits|stats|tech-support-period| te
Common Commands 2-25 • pm history – Process Monitor • history [WORD|all] – Displays state changes for a process, the time they happened and events • WORD – Process name • all – All processes • process – Shows processes (sorted by memory usage) • reboot-history – Shows a reboot history • rtls [grid|location-history|rfid] – Locationing Configuration • grid [all|x] – Displays RSSI values in grid • all – Displays all grids • x <0-9000> – Displays grid x coordinates • y<0-9000> – Displays grid y coordinates •
2-26 Motorola RF Switch CLI Reference Guide show securitymgr flows Service Security Manager parameters • flows [details|source] – Sessions established • details – Shows detail flow statistics • source [A.B.C.D|any] – Shows the source IP address • [A.B.C.D|any] – Flows where source address is A.B.C.D or flows with any source address • destination [A.B.C.D|any] – Destination IP address • [A.B.C.D|any] – Flows where the destination address is A.B.C.
Common Commands 2-27 smart-rf [clearDisplays Smart-RF Management Commands history|load-from• clear-history– clears assignment history file|replay|rescue|restore| • load-from-file – load record from file save-to-file|simulate] • replay enable – set replay mode • enable – enable replay mode • rescue – force rescue operation • – A single radio-mac-address, a single index • restore – remove any recovering operation on given mode • – A single radio-mac-address a single index • save-to-f
2-28 Motorola RF Switch CLI Reference Guide watchdog Enables the switch watchdog wireless [ap-history| clear-ap-log |custom-cli|dot11i| dump-core| enhanced-beacon-table| enhanced-probe-table| free-packet-watermark |idle-radio-sendmulticast| legacy-load-balance |map-radios| radio-misc-cfg |rate-scale| request-ap-log |save-ap-log |snmp-trap-throttle| sync-radio-entries| vlan-cache] Wireless parameters • ap-history [clear|enable] – Access-port history • clear – Delete all history of all APs • enable – Ena
Common Commands 2-29 • radio-desc – description of radio where the mobileunit is associated • radio-id – The radio index to which the mobile-unit is associated • ssid – The ssid of the mobile-units wlan • state – The current state of the mobile-unit • username – The Radius username of the user connected through this device (shown only if applicable and available) • vlan – The vlan-id assigned to the mobile-unit • wlan-desc – The wlan description the mobile-unit is using • wlan-id – The wlan index the mobi
2-30 Motorola RF Switch CLI Reference Guide • num-mu – The number of mobile devices associated with this radio • power – The configured and current transmit power of the radio • pref-id – The adoption preference id of the radio • radio-desc – The description of the radio • radio-id – The radio index in configuration • state – The current operational state of the radio • dot11i – modify dot11i service parameters • dump-core – Creates a core file of the ccsrvr process • enhanced-beacon-table [channel-set|en
Common Commands 2-31 • enhanced-probe-table [enable|erase-report|max-mu| preferred|window-time] – Enhanced probe table for MU locationing. • enable – Enables the Enhanced Probe Table feature for MU locationing. • erase-report – Erases the reports for Enhanced Probe Table feature. • max-mu <0-512> – Sets the maximum MUs in the Enhance Probe Table report. • preferred – Add the MAC to the preferred MU list.
2-32 Motorola RF Switch CLI Reference Guide service [advanced-vty|dhcp|diag|password-encryption|pm| prompt|radius|redundancy|set|show|terminal-length| watchdog] service [advanced-vty|dhcp|watchdog] service diag [enable|limit|period|tech-support-period| tech-support-url] service password-encryption secret 2 service pm sys-restart service prompt crash-info service radius {restart} service redundancy dynamic-ap-load-balance start service set [command-history|reboot-history|upgrade-history] <10-
Common Commands 2-33 pm sys-restart Process Monitor • sys-restart – Enables the PM to restart the system when a processes fails prompt crash-info Enable crash-info prompt • crash-info – Enables a crash-info prompt radius restart Enable radius server • restart – Restarts the radius server with an updated configuration redundancy dynamic-apload-balance start Configure redundancy group parameters • dynamic-ap-load-balance start – Enables the Dynamic AP Load Balance feature • start – Start dynamic AP l
2-34 Motorola RF Switch CLI Reference Guide Usage Guidelines The service password-encryption set by the user cannot be disabled without knowing the old password. Refer the note below for more clarification. NOTE: The no service password-encryption command used to disable the encryption, now requires the user to know the old password. The user will have to enter the old password to disable the encryption.
Common Commands 2-35 RFSwitch#service diag led 2 amber flashing RFSwitch#service diag limit ? buffer buffer usage warning limit fan Fan speed limit filesys file system freespace limit load agregate processor load maxFDs maximum number of file descriptors pkbuffers packet buffer head cache procRAM percent RAM used by a process ram percent free RAM routecache IP route cache usage temperature temperature limit RFSwitch#service diag limit buffer ? 128 128 byte buffer limit 128k 128k byte buffer limit 16k 16k
2-36 Motorola RF Switch CLI Reference Guide May May May May May 24 May May May May May May May May May May May May May May 31 31 29 29 29 18:31:48 18:31:45 15:40:04 15:23:43 15:23:36 2007 2007 2007 2007 2007 admin admin admin admin admin con con vty con con 0 0 131 0 0 configure terminal enable enable exit ip address 10.10.10.
Common Commands 2-37 2.2 show Common Commands Displays the settings for the specified system component. There are a number of ways to invoke the show command: • When invoked without any arguments, it displays information about the current context. If the current context contains instances, the show command (usually) displays a list of these instances. • When invoked with the display_parameter, it displays information about that component.
2-38 Motorola RF Switch CLI Reference Guide Display Parameters Description Mode Example ip Displays the internet protocol Common page 2-52 ldap Displays the LDAP server configuration Common page 2-59 licenses Displays the installed licenses, if any Common page 2-61 logging Displays the logging configuration and buffer Common page 2-62 mac Displays the media access control IP configuration Common page 2-63 mac-addresstable Displays the MAC address table Common page 2-64 manageme
Common Commands 2-39 Display Parameters Description Mode Example redundancy group Displays redundancy group parameters Common page 2-76 redundancyhistory Displays the state transition history of the switch Common page 2-79 redundancy members Displays redundancy group members in detail Common page 2-80 rtls Displays Real Time Location System (RTLS) commands Common page 2-81 smtp-notification Displays trap enable flags (new) Common page 2-84 snmp Displays SNMP engine parameters Com
2-40 Motorola RF Switch CLI Reference Guide Display Parameters Description Mode Example wlan-acl Displays WLAN ACL information Common page 2-112 access-list Displays the access list Internet Protocol (IP) configuration Privilege/ page 2-113 Global Config aclstats Displays ACL statistics Privilege/ page 2-114 Global Config alarm-log Displays all the alarms currently in the system Privilege/ page 2-115 Global Config boot Displays the boot configuration Privilege/ page 2-116 Global Config
Common Commands Display Parameters 2-41 Description Mode Example startup-config Displays the content of the startup configuration Privilege/ page 2-129 Global Config upgrade-status Displays the status of the last image upgrade Privilege/ page 2-131 Global Config mac-name Displays the configured MAC names for this device Privilege/ page 2-132 Global Config access-list Displays the access list information Privilege/ page 2-133 Global Config aclstats Displays the ACL statistics for a particu
2-42 Motorola RF Switch CLI Reference Guide 2.2.1 autoinstall Common to all modes Displays the autoinstall configuration information.
Common Commands 2-43 2.2.2 banner Common to all modes Displays the message of the day string. This string can be used to alert the user to specific information that might be of interest.
2-44 Motorola RF Switch CLI Reference Guide 2.2.3 commands Common to all modes Displays the available commands for the current mode. Syntax RFSwitch>show commands Parameters None Example RFSwitch#show commands acknowledge alarm-log (all|<1-65535>) acknowledge alarm-log (all|<1-65535>) archive tar /create (FILE|URL) .FILE archive tar /create (FILE|URL) .
Common Commands 2-45 2.2.4 crypto Common to all modes Displays the encryption mode information.
2-46 Motorola RF Switch CLI Reference Guide pki [request|trustpoints] Displays Public Key Infrastructure (PKI) commands • request – Displays the certificate requests • trustpoints – Displays the trustpoints and their configuration Usage Guidelines The security engine periodically updates the IPSec and Isakamp statistics (every 60 seconds) Example RFSwitch(config)#show crypto pki request tptest -----BEGIN CERTIFICATE REQUEST----MIIB2zCCAUQCAQAwaDELMAkGA1UEBhMCaW4xEjAQBgNVBAgTCWthcm5h
Common Commands Subject Name: Common Name: Symbol Technologies Issuer Name: Common Name: Symbol Technologies Valid From: Sep 13 16:14:49 2006 GMT Valid Until: Sep 13 16:14:49 2007 GMT Trustpoint :tptest ----------------------------------------------CA certificate configured Subject Name: Common Name: monarch Organizational Unit: wid Organization: symbol Location: bangalore State: karnataka Country: in email: testuser@domain.
2-48 Motorola RF Switch CLI Reference Guide 2.2.5 environment Common to all modes Displays the environmental information such as fan speed, ambient temperature inside the switch and CPU temperature. Syntax show environment Parameters None Example RFSwitch>show environment upwind of CPU temperature : 30.0 C CPU die temperature : 49.0 C left side temperature : 29.0 C by FPGA temperature : 28.0 C front right temperature : 26.0 C front left temperature : 26.
Common Commands 2.2.
2-50 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands RFSwitch# RFSwitch(config)#show interfaces switchport eth1 Interface eth1 Switchport Settings: Mode: Access, Access Vlan: 2100 RFSwitch(config)#show interfaces switchport vlan1 Interface vlan1 Switchport Settings: Mode: Access, Access Vlan: 0 2-51
2-52 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2-53 Parameters access-group [ |all|ge|me1|role|sa|> |vlan <1-4094>] Displays the ACLs attached to an interface • – Enter the name of the interface to which the ACL is associated. access-group lists the details of the ACLs configured on the particular Layer 3 or Layer 2 interface.
2-54 Motorola RF Switch CLI Reference Guide http [secure-server|server] Hyper Text Transfer Protocol (HTTP) • secure-server – Secure HTTP server • server – HTTP server interface [|brief|ge|me1|sa| vlan] Use the show ip interface command to display the administrative and operational status of all Layer-3 interfaces or a specified Layer-3 interface.
Common Commands 2-55 route [| |detail] Display IP routing table entries • – Network in the IP routing table • – Number of valid bits in the network prefix IP prefix /, e.g., 35.0.0.0/8 • detail – Displays the IP routing table in detail routing IP routing status ssh Secured Shell (SSH) server telnet Telnet server Usage Guidelines 1. The interface and VLAN status is displayed as UP regardless of a disconnection. In such a case, shutdown the VLAN. a.
2-56 Motorola RF Switch CLI Reference Guide 2. The above example could also occur when a DHCP interface is disconnected. DHCP is not effected though, because it runs on a virtual interface and not on a physical interface. In this case, it is the physical interface that is disconnected not the virtual interface. When the ethernet interface comes back up, it will restart the DHCP client on any virtual interfaces (SVIs) of which the physical interface is a member port.
Common Commands ! ip dhcp class RFSwitchDHCPclass option user-class MC800 RFSwitch(config)# RFSwitch#show ip dhcp pool ! ip dhcp pool pl ! ip dhcp pool pool1 domain-name test.com bootfile 123 network 10.10.10.0/24 address range 10.10.10.2 10.10.10.30 ! ip dhcp pool poo110 next-server 1.1.1.1 netbios-node-type b-node RFSwitch#show ip dhcp-vendor-options Server Info: Firmware Image File: Config File: Cluster Config File: RFSwitch#show ip domain-name IP domain-lookup : Enable Domain Name : motorola.
2-58 Motorola RF Switch CLI Reference Guide RFSwitch#show ip interface tunnel 1 brief Interface IP-Address Status Protocol tunnel1 unassigned up up RFSwitch#show ip interface vlan 1 brief Interface IP-Address Status Protocol vlan1 157.235.208.233 (DHCP)up up RFSwitch#show ip name-server 157.235.3.195 dynamic 157.235.3.
Common Commands 2-59 2.2.9 ldap Common to all modes Displays LDAP information Syntax show ldap configuration [primary|secondary] Parameters ldap configuration [primary|secondary] Displays LDAP information.
2-60 Motorola RF Switch CLI Reference Guide (sAMAccountName=%{Stripped-User-Name:-%{User-Name}}) Bind DN : cn=kumar,ou=symbol,dc=activedirectory,dc=com Base DN : ou=symbol,dc=activedirectory,dc=com Password : 0 symbol@123 Password Attribute : UserPassword Group Name : cn Group Membership Filter: (&(objectClass=group)(member=%{Ldap-UserDn})) Group Member Attr : radiusGroupName Net timeout : 1 second(s)
Common Commands 2.2.
2-62 Motorola RF Switch CLI Reference Guide 2.2.11 logging Common to all modes Displays logging status and other information Syntax show logging Parameters None Example RFSwitch(config)#show logging Logging module: enabled Aggregation time: disabled Console logging: level debugging Buffered logging: level informational Syslog logging: level debugging Facility: local7 Logging to: 157.235.203.37 Logging to: 10.0.0.
Common Commands 2-63 2.2.
2-64 Motorola RF Switch CLI Reference Guide 2.2.13 mac-address-table Common to all modes Displays the MAC address table entries Syntax show mac-address-table Parameters None Example RFSwitch(config)#show mac-address-table Bridge VLAN Port Mac Fwd ------------ ---- ------------ -------------- --1 10 ge1 00a0.f865.ea8f 1 1 10 ge1 0015.7038.0653 1 1 10 ge1 0015.7014.fec4 1 1 10 ge1 0015.7041.
Common Commands 2.2.
2-66 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2-67 global Global Mobility parameters mobile-unit Mobile-units in the Mobility Database peer Mobility peers statistics Mobile-unit Statistics RFSwitch(config)#show mobility event-log mobile-unit Time Event Evt-Src-IP MU-Mac MU-IP HS-IP CS-IP 09/14 19:17:52 IP-UPD-MU n/a 00-0f-3d-e9-a6-54 157.235.208.134 157.235.208.16 157.235.208.16 09/14 19:17:51 ADD-MU n/a 00-0f-3d-e9-a6-54 0.0.0.0 157.235.208.16 157.235.208.16 09/14 19:17:51 DEL-MU n/a 00-0f-3d-e9-a6-54 0.0.0.0 157.235.208.16 157.235.
2-68 Motorola RF Switch CLI Reference Guide Foreign MU Database: Total=0 RFSwitch(config)#show mobility peer detail Mobility Peers: Total=1, Established=0 Peer: 1.1.1.
Common Commands 2-69 2.2.
2-70 Motorola RF Switch CLI Reference Guide rcv time 00000000.00000000 (Feb 07 06:28:16 UTC 2036) xmt time c8b42a7e.6eb04252 (Sep 14 19:22:38 UTC 2006) filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 RFSwitch>show ntp status Clock is synchronized, stratum 0, actual frequency is 0.0000 Hz, precision is 2^0 reference time is 00000000.00000000 (Feb 07 06:28:16 UTC 2036) clock offset is 0.000 msec, root delay is 0.000 msec root dispersion is 0.
Common Commands 2.2.
2-72 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2.2.
2-74 Motorola RF Switch CLI Reference Guide 2.2.20 radius Common to all modes Displays RADIUS status and information Syntax show radius [configuration|eap configuration|group| nas A.B.C.
Common Commands 2-75 2.2.
2-76 Motorola RF Switch CLI Reference Guide 2.2.22 redundancy -group Common to all modes This command displays the switch’s IP address, number of active neighbors, group license, installed license, cluster AP adoption count, switch adoption count, hold time, discovery time, heartbeat interval, cluster id and switch mode. In a cluster, this command displays the redundancy runtime and configuration of the “self-switch”. Use config to view only configuration information and/or runtime parameters.
Common Commands Redundancy Protocol Version : 2.
2-78 Motorola RF Switch CLI Reference Guide Redundancy Protocol Version : 2.
Common Commands 2-79 2.2.23 redundancy-history Common to all modes Displays the switch state transition history Syntax show redundancy -history Parameters None Example RFSwitch>show redundancy -history State Transition History Time Event Triggered state --------------------------------------------------------Sat Oct 06 12:07:55 Redundancy Enabled Startup Sat Oct 06 12.07.
2-80 Motorola RF Switch CLI Reference Guide 2.2.24 redundancy -members Common to all modes Displays the member switches in the cluster. The user can provide the IP address of the switch in cluster whose information alone is needed.
Common Commands 2.2.
2-82 Motorola RF Switch CLI Reference Guide Parameters rtls [aeroscout|espi|filter| Displays the Real Time Locating System status and ekahau| information.
Common Commands 2-83 rtls tags [| aeroscout|all|ekahau|g2| mobile-unit| |rfid|uri|zone|] Displays Tags/Assets (passive, active, wi-fi, uwb) Information • – Displays detailed tag information for specific tag ID • aeroscout – Displays located aeroscout tags • all – Displays all tags • ekahau – Displays located ekahau tags • g2 – Displays located g2 tags • mobile-unit – Displays located mobile units • rfid - Displays located RFID gen2 tags • uri – Displays RFID tags for given notifica
2-84 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2-85 redundancy memberMisConfigured N redundancy adoptionExceeded N redundancy grpAuthLevelChanged N redundancy resourceUp N redundancy resourceDown N misc lowFsSpace N misc processMaxRestartsReached N misc savedConfigModified N misc serverCertExpired N misc caCertExpired N misc periodicHeartbeat N misc switchEvent N wireless station associated N wireless station disassociated N wireless station deniedAssociationOnCapability N wireless station deniedAssociationOnShortPream N wireless stati
2-86 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2-87 2.2.
2-88 Motorola RF Switch CLI Reference Guide redundancy grpAuthLevelChanged N misc lowFsSpace N misc processMaxRestartsReached N wireless station associated N wireless station disassociated N wireless station deniedAssociationOnCapability N wireless station deniedAssociationOnShortPream N wireless station deniedAssociationOnSpectrum N wireless station deniedAssociationOnErr N wireless station deniedAssociationOnSSID N wireless station deniedAssociationOnRates N wireless station deniedAssociationOnInvalidWP
Common Commands gave-up-percent-greater-than avg-retry-greater-than undecrypt-percent-greater-than num-stations-greater-than RFSwitch> disabled disabled disabled disabled RFSwitch>show snmp-server traps wireless-statistics wireless-switch pktsps-greater-than disabled tput-greater-than disabled num-stations-greater-than disabled RFSwitch> RFSwitch>show snmp-server traps wireless-statistics wlan pktsps-greater-than disabled tput-greater-than disabled avg-bit-speed-less-than disabled avg-signal-less-than di
2-90 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2-91 %-----------------------------------------------------RFSwitch(config)# RFSwitch(config)#show spanning-tree mst detail interface eth 1 % Bridge up - Spanning Tree Disabled % CIST Root Path Cost 0 - CIST Root Port 0 - CIST Bridge Priority 32768 % Forward Delay 15 - Hello Time 2 - Max Age 20 - Max-hops 20 % 1: CIST Root Id 8000000000000000 % 1: CIST Reg Root Id 8000000000000000 % 1: CST Bridge Id 800000a0f865ea8e % portfast bpdu-filter disabled % portfast bpdu-guard disabled % portfast
2-92 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2.2.
2-94 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2-95 2.2.33 traffic-shape Common to all modes Displays traffic shaping parameters Supported in the following platforms: • RFS7000 SWITCH NOTE: This command is not supported in: • RFS6000 Syntax show traffic-shape [config|priority-map|statistics] Parameters [config| priority-map| statistics] • config class – Displays traffic shaping configuration • statistics class – Displays traffic shaping statistics • class <1-4> – Displays traffic shaping class number • priority-map – Displays .
2-96 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2.2.35 version Common to all modes Displays the current software & hardware version on the device Syntax show version {verbose} Parameters verbose Displays software and hardware version information Example RFSwitch>show version RFSwitch version 3.2.0.0-024D MIB=01a Copyright (c) 2006-2007 Motorola, Inc. Booted from secondary. Switch uptime is 1 days, 20 hours 53 minutes CPU is Intel(R) Pentium(R) 4 CPU 2.
2-98 Motorola RF Switch CLI Reference Guide 2.2.36 wireless Common to all modes The radio-group range differs from switch to switch.
Common Commands 2-99 show wireless mobile-unit roaming database show wireless mobile-unit statistics [<1-4096>| {detail}|summary|voice [<1-4096>|]] show wireless mobile-unit voice show wireless mobile-unit vlan <1-256> show wireless multicast-packet-limit show wireless phrase-to-key [wep64|wep128] show wireless qos-mapping {[wired-to-wireless| wireless-to-wired]} show wireless radio {[<1-4096>|admission-control|all| beacon-table|config|monitor-table|statistics|unadopted| uptime|voi
2-100 Motorola RF Switch CLI Reference Guide ap [<1-48>|| config [<1-48>|]] Status of the adopted access port • <1-48> – Defines the index of the access port • – Sets the MAC address of a access port • config [<1-1024>|] – Status of the configured access port. • <1-1024> – AP index from the “show wireless ap” command • – MAC address of the ap.
Common Commands 2-101 default-ap Displays default access-port information hotspot query Displays hotspot query string configuration hotspot-config <1-256> WLAN hotspot configuration for specified index ids [configured-bad-essids| filter-list] Displays intrusion detection configuration parameters • configured-bad-essids – Displays a list of configured bad essids • filter-list – Displays the list of currently filtered mobile units known {ap statistics {<1-1024>}} Displays known AP parameters.
2-102 Motorola RF Switch CLI Reference Guide mobile-unit {[<18192>||associatio n-history| association-stats|probehistory|radio|roaming|sta tistics| voice|wlan]} Displays the parameters of associated mobile units. All parameters are optional. • <1-8192> – Index of mobile unit • – MAC address of mobile unit • association-history {}– Displays the association history of the Mobile Units with the MAC address and its configured name.
Common Commands 2-103 multicast-packet-limit Displays the multicast-packet-limit phrase-to-key [wep128|wep64] Displays the WEP keys generated by a passphrase • wep128 – Displays WEP128 keys • wep64 – Displays WEP64 keys • – The passphrase to generate the keys for. qos-mapping {[ wired-to-wireless| wireless-to-wired]} Quality of service mappings used for mapping WMM access categories and 802.
2-104 Motorola RF Switch CLI Reference Guide radio {[<1-4096>| admission-control|all| beacon-table|config| monitor-table|statistics| unadopted|uptime|voice] } Radio related commands. All parameters are optional. • <1-4096> – Defines information on a single radio’s index • admission-control voice {<1-4096>} – Displays summary information for all radios that have admission control enabled. Optionally select the radio.
Common Commands 2-105 • unadopted – Displays a list of unadopted radios • uptime – Displays the uptime of all adopted radios • voice <1-4094> – Displays voice call details • <1-4094> – Optional. Defines a single radio’s index radio-group {<1-256>} Displays radios in specified group • <1-256> – Optional. A single radio index between < 1256>. The index range varies based on the switch being used. regulatory Regulatory (allowed channel/power) information for a particular country.
2-106 Motorola RF Switch CLI Reference Guide smart-rf [calibration-status| configuration| history|radio] Displays smart-rf related management information • calibration-status – Displays smart-rf calibration status. • configuration – Displays smart-rf configuration information. • history – Displays smart-rf assignment history since last calibration. • radio [config|local-status|map|masterstatus|neighbors|spectrum] {[<1-4096>|| all-11a|all-11bg]} – Displays smart-rf radio commands.
Common Commands wlan [config|statistics] 2-107 Displays wireless LAN parameters. The following information is displayed: • config [<1-256>|all|enabled] – Displays the wireless LAN configuration information. All parameters optional. • <1-256> – The selected wlan • all – all wlans in the configuration • enabled – all wlans that are enabled. Configuration information for disabled wlans are not displayed. • statistics <1-256> – Displays the wireless LAN statistics for: • <1-256> {detail} – The selected wlan.
2-108 Motorola RF Switch CLI Reference Guide RFSwitch> RFSwitch>show wireless ap-unadopted RFSwitch> RFSwitch>show wireless approved-aps access-port detection is disabled RFSwitch> RFSwitch>show wireless channel-power 11a indoor RFSwitch> RFSwitch(config)#show wireless config country-code : None secure-wispe-default-secret default adoption-pref-id : 1 proxy-arp : enabled adopt-unconf-radio : enabled dot11-shared-key-auth : disabled ap-detection : disabled manual-wlan-mapping : disabled dhcp sniff state :
Common Commands 2-109 RFSwitch>show wireless ids detect-window : 10 seconds Excessive Operations:: Threshold(mu radio switch) Ageout probe-requests : 0 0 0 60 Sec association-requests : 0 0 0 60 Sec disassociations : 0 0 0 60 Sec authentication-fails : 0 0 0 60 Sec crypto-replay-fails : 0 0 0 60 Sec 80211-replay-fails : 0 0 0 60 Sec decryption-fails : 0 0 0 60 Sec unassoc-frames : 0 0 0 60 Sec eap-starts : 0 0 0 60 Sec Filter- Anomaly Detection:: Status Filter-Ageout probe-requests : disabled 60 Sec ass
2-110 Motorola RF Switch CLI Reference Guide Pkts per sec: 1.73 0.00 0.87 0.00 0.87 0.00 pps Throughput: 0.00 0.00 0.00 0.00 0.00 0.00 Mbps Avg bit speed: 9.19 0.00 Mbps % Non-unicast pkts: N/A N/A ------ RF Status-------------------------------------------30s 1hr Avg mobile-unit signal: -78.00 0.00 dBm Avg mobile-unit noise: -94.00 0.00 dBm -- MORE --, next page: Space, next line: Enter, quit: Control-C Avg mobile-unit SNR(dB): 16.00 0.
Common Commands 2-111 RFSwitch(config)#show wireless mobile-unit radio 1 index MAC-address radio type wlan vlan/tunnel ready IPaddress last active Posture Status 2 00-0E-9B-98-F9-34 1 11g 1 vlan 1 Y 192.168.2.
2-112 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2-113 2.2.38 access-list Privilege / Global Config Displays the access lists (numbered and named) configured on the switch. The numbered access list displays numbered ACLs. The named access list displays named ACL details. Syntax show access-list [<1-99>|<100-199>|<1300-1999>| <2000-2699>|] Parameters access-list [<1-99>|<100199>|<13001999>|<20002699>|] Displays access-list entries.
2-114 Motorola RF Switch CLI Reference Guide 2.2.39 aclstats Privilege / Global Config Displays the statistics of configured access lists Syntax aclstats [access-list|vlan <1-4094>] aclstats {<1-99>|<100-199>|<1300-1999>|<2000-2699>| } aclstats vlan <1-4094> Parameters access-list {<199>|<100-199>|<13001999>|<2000-2699>| } Displays configured access lists.
Common Commands 2-115 2.2.40 alarm-log Privilege / Global Config Displays the contents of the alarm log on the device Syntax show alarm-log {<1-65535>|acknowledged|all|count|new| severity-to-limit} show alarm-log severity-to-limit {critical| informational|major|normal|warning} Parameters alarm-log [<1-65535>| acknowledged|all|count| new| severity-to-limit] Displays the contents of the alarm log on the device.
2-116 Motorola RF Switch CLI Reference Guide 2.2.41 boot Privilege / Global Config Displays the boot configuration of the device Syntax show boot Parameters None Example RFSwitch#show boot Image Build Date Install Date Version ------------------------ -------------------------------Primary Oct 16 03:55:43 2008 Sep 15 00:53:56 2008 1.3.0.0-018B Secondary Sep 30 00:14:30 2008 Aug 27 01:46:32 2008 1.3.0.
Common Commands 2.2.
2-118 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2.2.44 dhcp Privilege / Global Config Displays existing DHCP server configurations Syntax show dhcp [config|status] Parameters config Displays the current DHCP server configuration status Displays whether the DHCP server is running Example RFSwitch#show dhcp config service dhcp ! ip dhcp pool vlan6 default-router xxx.xxx.xxx.2 network xxx.xxx.xx.0/24 address range xxx.xxx.xx.xx aaa.aaa.aa.
2-120 Motorola RF Switch CLI Reference Guide 2.2.45 file Privilege / Global Config Displays the filesystem information Syntax show file [information|systems] Parameters file [information|systems] Displays the filesystem information.
Common Commands 2.2.
2-122 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2-123 2.2.
2-124 Motorola RF Switch CLI Reference Guide snmp-server user snmptrap v3 encrypted auth md5 0x7be2cb56f6060226f15974c936e2739b snmp-server user snmpmanager v3 encrypted auth md5 0x7be2cb56f6060226f15974c936e2739b snmp-server user snmpoperator v3 encrypted auth md5 0x49c451c7c6893ffcede0491bbd0a12c4 crypto isakmp keepalive 10 crypto ipsec security-association lifetime kilobytes 4608000 fallback enable ip http server ip http secure-trustpoint default-trustpoint ip http secure-server ip ssh ip telnet no ser
Common Commands RFSwitch(config)# RFSwitch(config)#show running-config include-factory ! ! configuration of RFSwitch version 4.0.0.0-008D ! version 1.
2-126 Motorola RF Switch CLI Reference Guide ................................................ ................................................ ................................................ ................................................ no radio default-11b enhanced-beacon-table no radio default-11b enhanced-probe-table no radio 1 neighbor-smart-scan no radio 2 neighbor-smart-scan no ap-detection enable ................................................ ................................................ .
Common Commands 2.2.
2-128 Motorola RF Switch CLI Reference Guide 2.2.50 sessions Privilege / Global Config Displays the list of current active open sessions on the device Syntax show sessions Parameters None Example RFSwitch#show sessions SESSION USER LOCATION IDLE START TIME 1 cli Console 06:24m May 31 18:31:36 2007 ** 2 cli 10.10.10.
Common Commands 2-129 2.2.51 startup-config Privilege / Global Config Displays the complete startup configuration script on the console Syntax show startup-config Parameters None Example RFSwitch#show startup-config ! ! configuration of RFSwitch version 4.0.0.0-008D ! version 1.
2-130 Motorola RF Switch CLI Reference Guide fallback enable ip http server ip http secure-trustpoint default-trustpoint ip http secure-server ip ssh ip telnet no service pm sys-restart ! wireless wlan 1 enable wlan 1 ssid sardarjee radio add 1 00-A0-F8-BF-8A-4B 11bg ap300 radio 1 enhanced-beacon-table radio 1 enhanced-probe-table radio add 2 00-A0-F8-BF-8A-4B 11a ap300 ap-detection approved add 1 any any enhanced-beacon-table enable enhanced-beacon-table channel-set a 36 44 149 enhanced-beacon-table chan
Common Commands 2.2.
2-132 Motorola RF Switch CLI Reference Guide 2.2.
Common Commands 2-133 2.2.54 access-list Priv Exec Displays the access control list entries based on the ACL name or index Supported in the following platforms: • RFS7000 • RFS6000 Syntax show access-list {<1-99>|<100-199>|<1300-1999>| <2000-2699>|} Parameters access-list {<1-99>| <100-199>|<1300-1999>| <2000-2699>|} Displays ACL entry details.
2-134 Motorola RF Switch CLI Reference Guide 2.2.55 aclstats Displays the ACL statistics for the selected vlan Supported in the following platforms: • RFS7000 • RFS6000 Syntax show aclstats [access-list|vlan] show aclstats access-list [<1-99>|<100-199>|<13001999>|<2000-2699>|] show aclstats vlan <1-4094> Parameters aclstats [access-list|vlan] Displays the ACL statistics.
Common Commands 2-135 2.2.
2-136 Motorola RF Switch CLI Reference Guide Example RFSwitch#show alarm-log 1 RFSwitch# RFSwitch#show alarm-log acknowledged RFSwitch# RFSwitch#show alarm-log severity-to-limit
Common Commands 2.2.57 firewall Priv Exe Mode Displays wireless firewall Supported in the following platforms: • RFS7000 • RFS6000 Syntax show firewall [config|flow] show firewall [config|flow timeouts] Parameters firewall [config| flow timeouts] Displays firewall configuration information.
2-138 Motorola RF Switch CLI Reference Guide 2.2.
User Exec Commands Logging in to the switch places you within the USER EXEC command mode. Typically, a login requires a user name and password. You have three login attempts before a connection attempt is refused. USER EXEC commands (available at the user level) are a subset of the commands available at the privileged level. In general, USER EXEC commands allow you to connect to remote devices, perform basic tests and list system information.
3-2 Motorola RF Switch CLI Reference Guide Table 3.1 User Exec Mode Command Summary Command Description Ref.
User Exec Commands 3-3 3.1.1 clear User Exec Commands Resets the previous (last saved) command Supported in the following platforms: • RFS7000 • RFS6000 NOTE: Refer to the interface details below when using clear counter interface.
3-4 Motorola RF Switch CLI Reference Guide mobility [event-log| mobile-unit| peer-statistics] Clears mobility attributes • event-log [mobile-unit|peer]– Clears the event log • mobile-unit – Clears MU event-logs for • peer – Clears peer event logs • mobile-unit [|all|foreign-database| home-database] – Clears MU information.
User Exec Commands 3-5 3.1.2 cluster-cli User Exec Commands Use this command to enter the cluster-cli context. The cluster-cli context provides centralized management to configure all cluster members from any one member. Any command executed under this context will be executed to all the switches in the cluster. A new context redundancy supports the cluster-cli. Any commands executed under this context are executed on all members of the cluster.
3-6 Motorola RF Switch CLI Reference Guide 3.1.
User Exec Commands mobility [cc|error|forwarding|mu| packet|peer|system] L3 mobility debug messages.
3-8 Motorola RF Switch CLI Reference Guide 3.1.4 disable User Exec Commands Enables the PRIV mode to use the disable command.
User Exec Commands 3.1.
3-10 Motorola RF Switch CLI Reference Guide 3.1.6 logout User Exec Commands Use this command instead of the exit command to exit the EXEC mode Supported in the following platforms: • RFS7000 • RFS6000 Syntax logout Parameters None Example The RFSwitch Series Switch logs off on execution of this command.
User Exec Commands 3-11 3.1.7 page User Exec Commands Use the command to toggle the switch paging function. Enabling this command displays the CLI command output page by page, instead of running the entire output at once.
3-12 Motorola RF Switch CLI Reference Guide 3.1.8 ping User Exec Commands Sends ICMP echo messages to a user-specified location Supported in the following platforms: • RFS7000 • RFS6000 Syntax ping {[|]} Parameters ping {[|]} Pings the specified destination IP address or hostname. When entered without any parameters, this command prompts you for an IP/Host-name to ping. Example RFSwitch>ping 192.168.2.100 PING 192.168.2.100 (192.168.2.
User Exec Commands 3.1.
3-14 Motorola RF Switch CLI Reference Guide 3.1.10 telnet User Exec Commands Opens a telnet session Supported in the following platforms: • RFS7000 • RFS6000 Syntax telnet port Parameters telnet port Defines the IP address or hostname of a remote system • port – Displays TCP port number Example RFS7000>telnet 172.16.10.3 Entering character mode Escape character is '^]'. RFS6000 release 4.0.0.0-037D Login as 'cli' to access CLI.
User Exec Commands 3.1.11 terminal User Exec Commands Sets the length/number of lines displayed within the terminal window Supported in the following platforms: • RFS7000 • RFS6000 Syntax terminal [length <0-512>|no [length <0-512>|width]| width <0-512>] Parameters length <0-512> Sets the number of lines on a screen no [length <0-512>| width] Negates a command or sets its defaults.
3-16 Motorola RF Switch CLI Reference Guide 3.1.12 traceroute User Exec Commands Traces the route to its defined destination Supported in the following platforms: • RFS7000 • RFS6000 Syntax traceroute [[|]|ip [|]] Parameters [|] Traces the route to a destination IP address or a hostname ip [|] IP trace to a destination IP address or a hostname Example RFSwitch#traceroute 157.222.333.33 traceroute to 157.235.208.39 (157.235.208.
Privileged Exec Commands Most PRIV EXEC commands set operating parameters. Privileged-level access should be password protected to prevent unauthorized use. The PRIV EXEC command set includes commands contained within the USER EXEC mode. The PRIV EXEC mode also provides access to configuration modes, and includes advanced testing commands. The PRIV EXEC mode prompt consists of the host name of the device followed by a pound sign (#).
4-2 Motorola RF Switch CLI Reference Guide Table 4.1 Priv Exec Mode Command Summary Command Description Ref.
Privileged Exec Commands 4-3 Table 4.1 Priv Exec Mode Command Summary Command Description Ref.
4-4 Motorola RF Switch CLI Reference Guide 4.1.1 acknowledge Priv Exec Command Acknowledges alarms Supported in the following platforms: • RFS7000 • RFS6000 Syntax acknowledge alarm-log [<1-65535>|all] Parameters alarm-log [<1-65535>|all] Acknowledges alarms • <1-65535> – Acknowledges the specific alarm ID • all – Acknowledges all alarms Example RFSwitch#acknowledge alarm-log all No corresponding record found in the Alarm Log.
Privileged Exec Commands 4-5 4.1.
4-6 Motorola RF Switch CLI Reference Guide RFSwitch#dir flash:/ How to view the output tar file? Directory of flash:/ drwx 1024 Thu drwx 120 Fri drwx 1024 Thu drwx 1024 Wed -rw173056 Fri Apr 17 08:25:50 2007 Apr 8 12:27:20 2007 Apr 7 16:23:34 2007 May 23 15:30:19 2007 May 8 14:39:48 2007 hotspot log crashinfo backup out.tar How to see which files are in the tar file? RFSwitch#archive tar /table flash:/out.
Privileged Exec Commands 4-7 4.1.3 cd Priv Exec Command Changes the current directory Supported in the following platforms: • RFS7000 • RFS6000 Syntax cd {
} Parameters Changes current directory to DIR. This parameter is optional. When this parameter is not provided, the current directory name is displayed.4-8 Motorola RF Switch CLI Reference Guide 4.1.4 change-passwd Priv Exec Command Changes the password of a logged user Supported in the following platforms: • RFS7000 • RFS6000 Syntax change-passwd Parameters None Usage Guidelines A password must be between 8 to 32 characters in length. For security, the console does not display user entered key words or the old password and new password fields. Verify the console displays a “password successfully changed” message.
Privileged Exec Commands 4-9 4.1.
4-10 Motorola RF Switch CLI Reference Guide alarm-log [<1-65535>| acknowledge|all|new] Clears the alarm-log • <1-65535> – Clears the specific alarm ID • acknowledge – Clears acknowledged alarms • all – Clear all alarms • new – Clear new alarms arp-cache Clears the ARP cache counters [all|bridge|firewall| igmp-snooping|interface| router|thread] Clears counters • all – Clears all counters • bridge – Clears bridge counters • firewall – Clears firewall counters • interface [|all|ge <1-8>|me1|s
Privileged Exec Commands 4-11 mac-address-table [dynamic|multicast|static] [address
| bridge <1-32>| interface | vlan ] Clears entries in the forwarding database • dynamic – Clears all dynamic entries • multicast – Clears all multicast entries • static – Clears all management configured entries • address – Clears a specified MAC address • bridge <1-32> – Clears bridge group commands • interface – Clears all MAC addresses for the specified interface • vlan <4-12 Motorola RF Switch CLI Reference Guide Example RFSwitch#clear RFSwitch# RFSwitch#clear RFSwitch# RFSwitch#clear RFSwitch# RFSwitch#clear RFSwitch# RFSwitch#clear RFSwitch# RFSwitch#clear RFSwitch# alarm-log new alarm-log acknowledged arp-cache logging mobility event-log peer ip dhcp binding *
Privileged Exec Commands 4.1.6 clock Priv Exec Command Configures the software system clock Supported in the following platforms: • RFS7000 • RFS6000 Syntax clock set HH:MM:SS <1-31> <1993-2035> Parameters HH:MM:SS Sets the time in hours, minutes, and seconds <1-31> Sets the number of days in the month. Sets the month in the format Jan, Feb, Mar,..., Dec.
4-14 Motorola RF Switch CLI Reference Guide 4.1.7 cluster-cli Priv Exec Command Use this command to access the cluster-cli context. The cluster-cli context provides centralized management to configure all members of cluster from one member. Any command executed under this context is executed on all switches in the cluster. A new context (redundancy) is available to support the cluster-cli. Any commands executed under this context are executed on each cluster member.
Privileged Exec Commands 4-15 4.1.8 configure Priv Exec Command Enters the configuration mode Supported in the following platforms: • RFS7000 • RFS6000 Syntax configure terminal Parameters terminal Enables configuration from the terminal Example RFSwitch#configure terminal Enter configuration commands, one per line. End with CNTL/Z.
4-16 Motorola RF Switch CLI Reference Guide 4.1.9 copy Priv Exec Command Copies any file (config,log,txt ...etc) from any location to the switch and vice-versa NOTE: Copying a new config file onto an existing running-config file merges it with the existing running-config on the switch. Both, the existing running-config and the new config file are applied as the current running-config.
Privileged Exec Commands 4-17 4.1.
4-18 Motorola RF Switch CLI Reference Guide cc [access-port|all|alt| ap-containment| apetect|capwap|cluster| config|dot11|eap|ids| kerberos|l3-mob|loc-ap| loc-mu|media| mobile-unit|radio|radius| self-heal|smart|snmp| system|wips|wisp|wlan] {[debug|err|info|warn]} Cellcontroller (wireless) debugging message • access-port [debug|err|info|warn] – Debugs access port logs • debug – Debugs all default messages • err – Debugs error and higher severity messages • info – Debugs information and higher severity mes
Privileged Exec Commands 4-19 ccstats Cellcontroller statistics (wireless) debugging messages • stats-module [debug|error|info|warn] – Statistics Module to be debugged.
4-20 Motorola RF Switch CLI Reference Guide ip [https|ssh] Internet protocol debugging messages • https – Secure HTTP Server • ssh – Secure Shell Server logging [all|errors|init|monitor| subagent] Modify message logging facilities for debugging messages • all – All debugging • error – errors • init – Logging module Initialization • monitor – Logging to monitors • sub-agent – Subagent mgmt [all|debug|err|info|sys| warning] Management daemon debugging messages • all – All debugging • debu
Privileged Exec Commands 4-21 mstp [all|cli|packet|protocol| timer] Multiple Spanning Tree Protocol (MSTP) debugging message • all – all • cli – CLI commands • packet [rx|tx] – MSTP packets • rx – receive packet • tx – transmit packet • protocol detail – Protocol • timer detail – MSTP timers • detail – Detailed output nsm {[all|events|kernel| packet]} Network Service Module (NSM) debugging messages. All parameters are optional.
4-22 Motorola RF Switch CLI Reference Guide redundancy [all|ccmsg|config|errors| general|heartbeats|init| packets|proc|shutdown| states|subagent|timer| warnings] Redundancy protocol debugging messages • all – Debugging all • ccmsg – Msg exchange with CC • config – Configuration processing • errors – Errors • general – General • heartbeats – Heartbeats processing • init – Redundancy initialization • packets – Packet processing • proc – Process flow • shutdown – Shutdown process • states – Redundancy state
Privileged Exec Commands securitymgr [acldebug|aclerror|all| debug|dosdebug| doserror|error|ikedebug| natdebug|naterror| packet-forwarding| pmdebug|pmerror| rulesdebug|ruleserror| user] 4-23 Security manager debugging messages • acldebug – Trace debug messages from ACL module • aclerror – Trace error messages from ACL module • all – Trace all messages from Security Manager • debug – Trace general debug messages from Security Manager • dosdebug – Trace debug messages from DOS module • doserror – Trace err
4-24 Motorola RF Switch CLI Reference Guide sole [adapters|aeroscout| Location engine debugging messages algo|all|cclib|ekahau|erro • adapters – SOLE Adapter manager logs rs|info|init] • aeroscout – Aeroscout logs • algo – Location algorithm logs • all – All module logs • cclib – cc library logs • errors – Error and higher severity logs • info – SOLE info logs • init – Initialization logs • ekahau – Ekahau logs Example RFSwitch#debug all cc ccstats certmgr dhcpsvr imi ip logging mgmt mobility mstp nsm pk
Privileged Exec Commands 4.1.11 delete Priv Exec Command Deletes a specified file from the system Supported in the following platforms: • RFS7000 • RFS6000 Syntax delete [/force |/recursive |] Parameters /force Forces deletion without a prompt /recursive Performs a recursive delete Specifies the filename(s) to be deleted Example RFSwitch#delete flash:/out.tar flash:/out.tar.gz Delete flash:/out.tar [y/n]? y Delete flash:/out.tar.
4-26 Motorola RF Switch CLI Reference Guide 4.1.12 diff Priv Exec Command Displays the differences between 2 files Supported in the following platforms: • RFS7000 • RFS6000 Syntax diff [|] [|] Parameters The first is the source file for the diff. The second is the file to compare. The first is the source URL for the diff. The second is the URL to compare.
Privileged Exec Commands + + policy vlan 44 policy wlan 10 group kumar3 4-27
4-28 Motorola RF Switch CLI Reference Guide 4.1.
Privileged Exec Commands 4.1.
4-30 Motorola RF Switch CLI Reference Guide 4.1.15 edit Priv Exec Command Edits a text file Supported in the following platforms: • RFS7000 • RFS6000 Syntax edit Parameters Name of the file to be modified Example RFSwitch#edit startup-config GNU nano 1.2.
Privileged Exec Commands 4.1.
4-32 Motorola RF Switch CLI Reference Guide 4.1.
Privileged Exec Commands 4.1.
4-34 Motorola RF Switch CLI Reference Guide 4.1.19 kill Priv Exec Command Kills (terminates) a specified session and stops (halts) the switch Supported in the following platforms: • RFS7000 • RFS6000 Syntax kill session <1-16> Parameters session Active session (16 active sessions can be terminated) Example Telnet to switch [xyz@xyz xyz]$ telnet 157.235.208.93 Trying 157.235.208.93... Connected to 157.235.208.93 (157.235.208.93). Escape character is '^]'. RFSwitch release 3.1.0.
Privileged Exec Commands 4.1.20 logout Priv Exec Command Exits the EXEC mode and stops (halts) the switch Supported in the following platforms: • RFS7000 • RFS6000 Syntax logout Parameters None Example RFSwitch#logout RFSwitch release 3.0.0.0-200B Login as 'cli' to access CLI.
4-36 Motorola RF Switch CLI Reference Guide 4.1.
Privileged Exec Commands 4.1.22 more Priv Exec Command Displays the contents of a file Supported in the following platforms: • RFS7000 • RFS6000 Syntax more Parameters Displays the contents of the file Example RFSwitch#more flash:/log/messages.
4-38 Motorola RF Switch CLI Reference Guide of ' superuser' from auth source 'local' Sep 08 12:28:01 2006: %NSM-6-DHCPDEFRT: Default route with gateway 157.235.208.246 learnt via DHCP Sep 08 12:28:01 2006: %NSM-6-DHCPIP: Interface vlan1 acquired IP address 157.235.208.
Privileged Exec Commands 4-39 4.1.23 page Priv Exec Command Toggles switch paging. Enabling this command displays the command output page by page instead of running the entire output at once.
4-40 Motorola RF Switch CLI Reference Guide 4.1.24 ping Priv Exec Command Send (transmits) ICMP echo messages Supported in the following platforms: • RFS7000 • RFS6000 Syntax ping {} Parameters Sets the ping destination address or hostname Example RFSwitch#ping 157.235.208.39 PING 157.235.208.39 (157.235.208.39): 100 data bytes 128 bytes from 157.235.208.39: icmp_seq=0 ttl=64 time=2.3 128 bytes from 157.235.208.39: icmp_seq=1 ttl=64 time=0.2 128 bytes from 157.235.208.
Privileged Exec Commands 4.1.
4-42 Motorola RF Switch CLI Reference Guide 4.1.26 quit Priv Exec Command Exits the current mode and moves to the previous mode Supported in the following platforms: • RFS7000 • RFS6000 Syntax quit Parameters None Example RFSwitch#quit RFSwitch release 4.0.0.0-XXXX Login as 'cli' to access CLI.
Privileged Exec Commands 4.1.
4-44 Motorola RF Switch CLI Reference Guide 4.1.28 rename Priv Exec Command Renames a file in the existing filesystem Supported in the following platforms: • RFS7000 • RFS6000 Syntax rename Parameters Specifies the file to rename. The first is the old file name. The second is the new file name.
Privileged Exec Commands 4-45 4.1.
4-46 Motorola RF Switch CLI Reference Guide 4.1.30 telnet Priv Exec Command Opens a telnet session Supported in the following platforms: • RFS7000 • RFS6000 Syntax telnet {} Parameters telnet {} Defines the IP address or hostname of a remote system • - Optional. Displays TCP Port Number Example RFSwitch#telnet 157.111.222.33 Entering character mode Escape character is '^]'. Red Hat Linux release 9 (Shrike) Kernel 2.4.
Privileged Exec Commands 4-47 4.1.
4-48 Motorola RF Switch CLI Reference Guide 4.1.32 traceroute Priv Exec Command Traces a route to a destination Supported in the following platforms: • RFS7000 • RFS6000 Syntax traceroute [[|]|ip [|]] Parameters [|] Traces the route to a destination IP address or a hostname ip [|] IP trace to a destination IP address or a hostname Example RFSwitch#traceroute 157.222.333.33 traceroute to 157.235.208.39 (157.235.208.
Privileged Exec Commands 4-49 4.1.33 upgrade Priv Exec Command Upgrades the software image Supported in the following platforms: • RFS7000 • RFS6000 Syntax upgrade {background} Parameters Location of the target firmware image used in upgrade background Optional. Specifies that the upgrade should occur in the background. Example RFSwitch#upgrade tftp://157.235.208.
4-50 Motorola RF Switch CLI Reference Guide "logd" is not responding Jan 08 15:58:44 2009: %PM-4-PROCNORESP: Process "logd" is not responding Jan08 15:58:44 2009: %PM-4-PROCNORESP: Process "logd" is not responding Jan 08 15:58:44 2009: %PM-4-PROCNORESP: Process "logd" is not responding Version of firmware update file is 4.0.0.0-03D 19193X Jan08 15:58:44 2009: %KERN-6-INFO: EXT3 FS on hda1, internal journal.
Privileged Exec Commands 4.1.
4-52 Motorola RF Switch CLI Reference Guide 4.1.35 write Priv Exec Command Writes the running configuration to memory or a terminal Supported in the following platforms: • RFS7000 • RFS6000 Syntax write [memory|terminal] Parameters memory Writes to NV memory terminal Writes to terminal Example RFSwitch#write terminal ! ! configuration of RFSwitch version 3.0.0.0-200B! version 1.
Privileged Exec Commands 4-53 ip ssh ip telnet snmp-server manager v2 snmp-server manager v3 crypto isakmp identity address crypto isakmp keepalive 10 crypto ipsec security-association lifetime kilobytes 4608000 !.......................................
4-54 Motorola RF Switch CLI Reference Guide 4.1.
Global Configuration Commands The term global is used to indicate characteristics or features effecting the system as a whole. Use the Global Configuration Mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols). Use the configure terminal command (under PRIV EXEC) to enter the global configuration mode.
5-2 Motorola RF Switch CLI Reference Guide 5.1 Global Configuration Commands Table 5.1 summarizes the Global Config commands Table 5.1 Global Config Mode Command Summary Command Description Ref.
Global Configuration Commands 5-3 Table 5.1 Global Config Mode Command Summary Command Description Ref.
5-4 Motorola RF Switch CLI Reference Guide Table 5.1 Global Config Mode Command Summary Command Description Ref.
Global Configuration Commands 5-5 5.1.
5-6 Motorola RF Switch CLI Reference Guide vpn-authentication [primary|secondary] [ key [0 | 2 |] {authport <1024-65535>} Sets the configuration for VPN authentication using RADIUS. • primary – Sets the configuration for the primary server. • secondary – Sets the configuration for the secondary server. • key [0 |2 |] – Sets the secret key settings. • 0 – Indicates that the password is specified unencrypted.
Global Configuration Commands 5-7 5.1.2 access-list Global Configuration Commands Adds an Access List (ACL) entry. Use the access-list command (under Global Configuration) to configure the access list mechanism for filtering frames by protocol type or vendor code. ACLs control access to the network through a set of rules. Each rule specifies an action which is taken when a packet matches it within the given set of rules.
5-8 Motorola RF Switch CLI Reference Guide For Extended IP ACLs: access-list [<100-199>|<2000-2699>] [deny|permit|mark] [icmp|ip|tcp|upd] access-list [<100-199>|<2000-2699>] [deny|permit|mark] icmp [|any|host ] [|any|host ] { {}} {log} {rule-precedence <15000>} access-list [<100-199>|<2000-2699>] [deny|permit|mark]ip [|any|host ] [|any|host ] {log} {rule-precedence <1-5000>} access-list [<100-199>|<2000-2699>
Global Configuration Commands 5-9 Parameters access-list [<1-99>|<1300-1999>] [permit|deny] [|any| host ] {[ruleprecedence <1-5000> {log}|log]} Adds a standard access list entry. • [<1-99>|<1300-1999>] – Defines access list number from 1-99 or 1300-1999. • [deny|permit] – Defines action types on an ACL. • [| host | any] – is the source address of the network or host in dotted decimal format. For example, 10.1.1.
5-10 Motorola RF Switch CLI Reference Guide access-list [<199>|<1300-1999>] mark [8021p <07>|dscp <0-63>|tos <0-255>] [|any|host ] {[rule-precedence <15000> {log}|log]} Adds a standard access list entry. • [<1-99>|<1300-1999>] – Defines access list number from 1-99 or 1300-1999. • mark – Marks a packet. The action type mark is functional only over a Port ACL. • 8021p <0-7> – Used only with the action type mark to specify 8021p priority values.
Global Configuration Commands access-list [<100-199>|<20002699>] [permit|deny] [icmp|ip|tcp|udp] [|any| host ] {[ruleprecedence <1-5000> {log}|log]} 5-11 Adds an Extended IP access list entry. • (<100-199>|<2000-2699>) – For ICMP extended ACLs, the ACL must be between 2000-2699 • [deny|permit] – Defines action types on an ACL. • [icmp|ip|tcp|udp] – The protocol type for the extended ACL entry.
5-12 Motorola RF Switch CLI Reference Guide access-list [<100-199>|<20002699>] mask [8021p <0-7>|dscp <0-63>|tos <0-255>] [icmp|ip|tcp|udp] [|any| host ] {[ruleprecedence <1-5000> {log}|log]} Adds an Extended IP access list entry. • (<100-199>|<2000-2699>) – For ICMP extended ACLs, the ACL must be between 2000-2699 • mark – Marks a packet. The action type mark is functional only over a Port ACL. • 8021p <0-7> – Used only with the action type mark to specify 8021p priority values.
Global Configuration Commands 5-13 Use an access list command under the global configuration to create an access list. The switch supports port, router and WLAN ACLs • When the access list is applied on an Ethernet port, it becomes a port ACL • When the access list is applied on a VLAN interface, it becomes a router ACL • When the access list is applied on a WLAN index, it becomes a WLAN ACL A MAC access list (to allow arp), is mandatory for both port and WLAN ACL’s.
5-14 Motorola RF Switch CLI Reference Guide 5.1.
Global Configuration Commands 5-15 config {url } Autoinstalls a config setup. • url – Optional. Sets the URL of the item. • URL – Remote/external location of the file. URLS: tftp://[:port]/path/file ftp://:@[:port]/ path/file http://[:port]/path/file cf:/path/file usb1:/path/file usb2:/path/file image {[url | version ]} Autoinstalls the image setup. • url – Optional. Sets the URL of the item.
5-16 Motorola RF Switch CLI Reference Guide 5.1.4 banner Global Configuration Commands Defines a login banner for the switch. Use {no} banner to delete a previously configured banner. Supported in the following platforms: • RFS7000 • RFS6000 Syntax {no} banner motd [|default] Parameters motd [| default] Sets the message of the day (MOTD) banner. is the custom message to be displayed.Use default to set the MOTD string to the default message for the switch.
Global Configuration Commands 5-17 5.1.
5-18 Motorola RF Switch CLI Reference Guide 5.1.
Global Configuration Commands 5-19 Parameters bridge address [discard|forward] [|ge <1-8>| me1|sa <1-4>|up1| vlan <1-4094>] bridge ageing-time [0|<10-1000000>] Bridge groups available for bridging. • – Bridge group value between 1 and 32. • address – Unique hardware address in the HHHH.HHHH.HHHH format. • [discard|forward] – Either discard or forward the interface on which the configured rule is applied.
5-20 Motorola RF Switch CLI Reference Guide RFSwitch(config)#bridge 2 address 1a2b:3c4d:5e6f forward eth 1 vlan 2 RFSwitch(config)#
Global Configuration Commands 5-21 5.1.7 country-code Global Configuration Commands Sets the country of operation Supported in the following platforms: • RFS7000 • RFS6000 Syntax {no} country-code Parameters A two (2) letter ISO-3166 country code. To view country codes, use the show wireless country-code-list command. Usage Guidelines {no} country-code erases all existing radio configuration.
5-22 Motorola RF Switch CLI Reference Guide 5.1.8 crypto Global Configuration Commands Use crypto to define system level local ID for ISAKMP negotiation and to enter the ISAKMP Policy, ISAKMP Client or ISAKMP Peer command set. NOTE: crypto isakmp(policy)Priority moves to the config-crypto-isakmp instance. For more information, see Crypto-isakmp Instance on page 6-1. crypto isakmp client configuration group default moves you to the config-crypto-group instance.
Global Configuration Commands 5-23 crypto isakmp [client|keepalive|key|peer|policy] crypto isakmp client configuration group default crypto isakmp keepalive <10-3600> crypto isakmp key [0 |2 |] [address |hostname ] crypto isakmp peer [address |dn | hostname ] crypto isakmp policy <1-10000> crypto key [export|generate|import|zeroize] crypto key export rsa {} crypto key generate rsa <1024-2048
5-24 Motorola RF Switch CLI Reference Guide Parameters ipsec (securityassociation| transformset) Configures IPSEC policies. • security-association – Defines the security association parameter used to define its lifetime. • lifetime (kilobyte | seconds) – The lifetime of IPSEC security association. It can be defined in either: kilobytes – Volume-based key duration, the minimum is 500 KB and maximum is 2147483646 KB .
Global Configuration Commands isakmp [client|keepalive|key| peer|policy] 5-25 Configures the Internet Security Association and Key Management Protocol (ISAKMP) policy. • client configuration (group) (default) – Leads to the config-cryptogroup instance. For more details see Crypto-group Instance on page 7-1. • keepalive <10-3600> – Sets a keepalive interval for use with remote peers. It defines the number of seconds between DPD messages.
5-26 Motorola RF Switch CLI Reference Guide key [export|generate|import| zeroize] Authentication key management functions. • export rsa URL [tftp|ftp] – Exports a keypair related configuration. • generate rsa <1024-2048> – Generates a keypair. • <1024-2048> – Size of keypair in bits. • import rsa URL [tftp|ftp] – Imports keypair related configuration • zeroize rsa – Deletes a keypair. • rsa – RSA keypair identifier associated with keypair.
Global Configuration Commands pki [authenticate|enroll| export|import|trustpoint] 5-27 Configures certificate parameters. The public key infrastructure is a protocol that creates encrypted public keys using digital certificates from certificate authorities. The PKI ensures each online party is who they claim to be. • authenticate (terminal|tftp|ftp) – Defines the authenticate and import CA certificate.
5-28 Motorola RF Switch CLI Reference Guide Usage Guidelines Follow the table to calculate how many character are required to add the key size for authentication and encryption. This is used while configuring Manual IPSEC only. For example, To create a key with authentication type as ESP-SHA and encryption type as AES-192, enter 20+16=36 characters. The key size for all the 3 different AES combinations is 128 bits or 16 bytes.
Global Configuration Commands 5-29 RFSwitch(config-crypto-map)#set session-key inbound esp 257 cipher 12345678901234567890123456789012345678901234 authenticator 12345678901234567890123456789012345678901234 RFSwitch(config-crypto-map)#set session-key outbound esp 258 cipher 12345678901234567890123456789012345678901234 authenticator 12345678901234567890123456789012345678901234 RFSwitch(config-crypto-map)#exit RFSwitch(config)#interface vlan11 RFSwitch(config-if)#crypto map manual RFSwitch(config-if)#show
5-30 Motorola RF Switch CLI Reference Guide crypto isakmp key 0 12345678 address 21.1.1.1 ............................................................ . ............................................................ . crypto ipsec transform-set tfset1 esp-3des esp-sha-hmac mode tunnel crypto ipsec transform-set tfset-manual esp-3des esp-shahmac mode tunnel ! crypto map MAP1 10 ipsec-isakmp set peer 11.1.1.
Global Configuration Commands 5-31 set transform-set tfset-manual ! ............................................................ . ............................................................ . interface vlan11 ip address 11.1.1.2/24 crypto map manual ! ............................................................ . ............................................................ . RFSwitch(config-if)# Usage Guidelines A peer address can be deleted with a wrong isakmp value.
5-32 Motorola RF Switch CLI Reference Guide Example RFSwitch(config)#crypto pki ? authenticate Authenticate and import CA Certificate enroll Enroll export Export import Import trustpoint Define a CA trustpoint RFSwitch(config)#crypto pki trustpoint ? WORD Trustpoint Name RFSwitch(config)#crypto pki trustpoint Test RFSwitch(config-trustpoint)#? Trustpoint Config commands: clrscr Clears the display screen company-name Company Name(Applicable only for request) email email end End current mode and change to
Global Configuration Commands 5-33 5.1.8.1 Use Case 1: Configuring Remote VPN Let us review an example of a mobile unit connected to the switch. Assume it wants access to the corporate (trusted network) using IPSec VPN functionality. In the figure above, a Motorola client is associated to a WLAN (say wlan1) attached to vlan2 on the switch. vlan2 is on subnet 10.1.1.x and is running a DHCP server that assigns IP addresses for this subnet. The corporate is on vlan3 of the switch, which has 192.168.0.
5-34 Motorola RF Switch CLI Reference Guide access to the network. The IPSec tunnel is only between the client and the switch. After that the packets on the trusted side are sent without encryption. NOTE: The example below is for a IPSec-L2TP connection over a mobile unit. Use a windows default client for this configuration. 1. Create and configure a WLAN.
Global Configuration Commands 5-35 RFSwitch(config-crypto-group)#dns 10.1.1.1 RFSwitch(config-crypto-group)#wins 10.1.1.1 5. Specify the authentication type. RFSwitch(config)# aaa vpn-authentication local RFSwitch(config)# local username harry password symbol123 6. Create a transform set. RFSwitch(config)#crypto ipsec transform-set windows esp-3des esp-sha-hmac RFSwitch(config-crypto-ipsec)#mode transport 7. Specify a dynamic crypto map.
5-36 Motorola RF Switch CLI Reference Guide wired LAN in the branch office to bridge directly to the central site while maintaining full security. This example requires two switches. It can be configured with the following commands: 1. Configuration required on switch 1: a.Create an extended ACL. This is used to define the tunnel used by the traffic. RFSwitch(config)#access-list 150 permit ip 12.1.1.0/24 13.1.1.0/24 rule-precedence b.Create and configure ISAKMP parameters.
Global Configuration Commands 5-37 RFSwitch(config-crypto-ipsec)#mode tunnel e.Create and configure a crypto map. RFSwitch(config)#crypto map THIRDMAP 435 isakmp RFSwitch(config-crypto-map)#set peer 15.1.1.20 RFSwitch(config-crypto-map)#match address 150 RFSwitch(config-crypto-map)#set transformset TFSET RFSwitch(config-crypto-map)#set security-association lifetime seconds 3600 f.Associate the crypto map with a VLAN interface. RFSwitch(config)#interface vlan1 RFSwitch(config-if)#ip address 11.1.1.
5-38 Motorola RF Switch CLI Reference Guide e.Create and configure a crypto map. RFSwitch(config)#crypto map THIRDMAP 435 isakmp RFSwitch(config-crypto-map)#set peer 11.1.1.10 RFSwitch(config-crypto-map)#match address 150 RFSwitch(config-crypto-map)#set transformset TFSET RFSwitch(config-crypto-map)#set security-association lifetime seconds 3600 f.Associate the crypto map with a VLAN interface. RFSwitch(config)#interface vlan1 RFSwitch(config-if)#ip address 15.1.1.
Global Configuration Commands 5-39 5.1.9 do Global Configuration Commands Runs commands from either the User Exec or Priv Exec mode Supported in the following platforms: • RFS7000 • RFS6000 Syntax do Parameters None Example RFSwitch(config)#do ping 157.235.208.69 PING 157.235.208.69 (157.235.208.69): 100 128 bytes from 157.235.208.69: icmp_seq=0 128 bytes from 157.235.208.69: icmp_seq=1 128 bytes from 157.235.208.69: icmp_seq=2 128 bytes from 157.235.208.
5-40 Motorola RF Switch CLI Reference Guide 5.1.10 end Global Configuration Commands Ends the current mode and changes to the EXEC mode Supported in the following platforms: • RFS7000 • RFS6000 Syntax end Parameters None. Example RFSwitch(config)#end RFSwitch#? Priv Exec commands: acknowledge Acknowledge alarms archive Manage archive files autoinstall autoinstall configuration command cd Change current directory ............................................ ............................................
Global Configuration Commands 5-41 5.1.11 errdisable Global Configuration Commands Enables the timeout mechanism for the port to be enabled back after an error Supported in the following platforms: • RFS7000 • RFS6000 Syntax errdisable recovery [cause bpduguard|interval <10-1000000>] Parameters recovery [cause bpduguard| interval <10-1000000>] Enables the timeout mechanism for the port to recover after an error. • cause bpduguard – Recover from an error condition caused due to bpduguard.
5-42 Motorola RF Switch CLI Reference Guide 5.1.12 ftp Global Configuration Commands Configures the switch as an FTP server Supported in the following platforms: • RFS7000 • RFS6000 Syntax ftp [enable|password|rootdir] ftp password [0 |1 |] ftp rootdir Parameters enable Enables the FTP server password [0 | 1 |] Configures the FTP password.
Global Configuration Commands 5-43 5.1.13 hostname Global Configuration Commands Changes the system’s network name Supported in the following platforms: • RFS7000 • RFS6000 Syntax hostname Parameters The name of the switch. This name is displayed when the switch is accessed from any network.
5-44 Motorola RF Switch CLI Reference Guide 5.1.14 interface Global Configuration Commands Configures a selected interface This command is used to enter the interface configuration mode for the specified physical Switch Virtual Interface (SVI) interface. If the VLANx (SVI) interface does not exist, it is automatically created.
Global Configuration Commands me1 Fast Ethernet interface sa <1-4> Static Aggregate interface (in RFS7000 only) up1 WAN interface (in RFS6000 only) vlan <1-4094> Defines the VLAN interface 5-45 Usage Guidelines Use the no interface to delete the specified SVI. Valid interfaces include all VLAN interfaces.
5-46 Motorola RF Switch CLI Reference Guide 5.1.15 ip Global Configuration Commands Configures a selected Internet Protocol (IP) component Supported in the following platforms: • RFS7000 • RFS6000 NOTE: Using access-list extended moves you to the (config-ext-nacl) instance. For more information, see Chapter 14, Extended ACL Instance. Using access-list standard moves you to the (config-stdnacl) instance. For more information, see Chapter 15, Standard ACL Instance.
Global Configuration Commands 5-47 ip dhcp ping timeout <1-10> ip dhcp pool ip domain-name ip dos [ascend|bcast-mcast-icmp|chargen|enable|fraggle| ftp-bounce|invalid-protocol|option-route|router-advt| smurf|snork|tcp-intercept|tcp-max-incomplete|twinge] log [<0-8>|alerts|critical|debugging|emergencies|error| informational|none|notifications|warnings] ip http [secure-server|secure-trustpoint|server] ip http [secure-server|server] ip http secure-trustpoint ip igmp
5-48 Motorola RF Switch CLI Reference Guide ip nat inside source static ip nat outside destination static [tcp|udp] { {}} ip nat outside destination static { } ip nat outside source list interface [|vlan <1-4094>] overload ip nat inside source static ip route [ |
Global Configuration Commands 5-49 ip dhcp [bootp|class| DHCP server configuration. excluded-address|option| • bootp ignore – Defines the BOOTP specific configuration. ping|pool] • ignore – Configures the DHCP server to ignore BOOTP requests. • class – Defines a DHCP class and enters the DHCP class configuration mode. • – The DHCP class name. • excluded-address {} – Prevents the DHCP server from assigning certain addresses.
5-50 Motorola RF Switch CLI Reference Guide http [secure-server| secure-trustpoint| server] Hyper Text Transfer Protocol (HTTP) configuration. • secure-server – Sets the device to start the Secure HTTP Server (HTTPS). • secure-trustpoint – Sets the name of the trustpoint used for secure connection to . • server – Sets device to start the HTTP server.
Global Configuration Commands nat [inside|outside] [destination|source] 5-51 Defines Network Address Translation (NAT) configuration values. These following commands are possible for NAT • ip nat [inside|outside] destination static [tcp|udp] {} – Sets the parameters for translation for inside destination. • ip nat [inside|outside] destination static {}– Sets the parameters for translation for inside destination.
5-52 Motorola RF Switch CLI Reference Guide • ip nat [inside|outside] source static – Sets the parameters for translation for inside sources. • inside – Indicates inside address translation. • outside – Indicates outside address translation. • source – Indicates source address translation. • static – Specifies local -> global address mapping. • – The static global IP address to map from. • – The local IP address to map to.
Global Configuration Commands dos [ascend| bcast-mcast-icmp| chargen|enable|fraggle| ftp-bounce| invalid-protocol| option-route|router-advt| router-solicit|smurf| snork|tcp-intercept| tcp-max-incomplete| twinge] log [<0-8>| alerts| critical| debugging| |emergencies| errors| informational| none| notifications| warnings] 5-53 Configures the Denial of Service (DOS) attack parameters. • ascend – Enables Ascend DoS checks. • bcast-mcast-icmp – Detects Broadcast/Multicast Icmp traffic as attack.
5-54 Motorola RF Switch CLI Reference Guide • tcp -max-incomplete –Configures the maximum half-open TCP connections in the system • high <1-1000> – Sets the upper threshold value between 1 and 1000.
Global Configuration Commands igmp snooping {[querier|unknownmulticast-fwd|vlan]} 5-55 Configures IGMP Snooping parameters. • unknown-multicast-fwd – Optional. Forwards packets from unregistered multicast servers. • querier {[address|max-response-time|queryinterval|timer|version]}}– Configures IGMP querier. All options are optional.
5-56 Motorola RF Switch CLI Reference Guide Usage Guidelines 1 1. Use the no command along with ip to undo any IP based configuration. [no] ip(access-list|default-gateway|dhcp|domain-lookup| domain-name|http|local|name-server|nat|route|routing|ssh|telnet) 2. When using the ip access-list parameter, enter the following contexts: • ext-nacl – Extended ACL. For more information, see Chapter 14, Extended ACL Instance • std-nacl – Standard ACL.
Global Configuration Commands 5-57 5. The switch leads you to a new mode (config-dhcp-class). Use this mode to add an address range used with the DHCP class associated with the pool. RFSwitch(config-dhcp-class)#address range 11.22.33.
5-58 Motorola RF Switch CLI Reference Guide 5.1.16 license Global Configuration Commands Adds a feature license Supported in the following platforms: • RFS7000 • RFS6000 Syntax license Parameters The feature for which the license is to be added The license key for the feature.
Global Configuration Commands 5-59 5.1.17 line Global Configuration Commands Configures the terminal line Opens the config-line mode, where you can configure the various parameters for the selected terminal. Supported in the following platforms: • RFS7000 • RFS6000 Syntax line [console|vty] line console <0-0> line vty <0-871> {<0-871>} Parameters line console <0-0> Set the primary terminal line to 0 line vty <0-871> {<0-871>} Sets the virtual terminal line to a value between 0 and 871.
5-60 Motorola RF Switch CLI Reference Guide 5.1.18 local Global Configuration Commands Sets the username and password for local user authentication Supported in the following platforms: • RFS7000 • RFS6000 Syntax local username password [|0 | 2 ] Parameters username The username. A character string of up to 64 characters password The password for the selected username . is a character string of up to 21 characters.
Global Configuration Commands 5-61 5.1.
5-62 Motorola RF Switch CLI Reference Guide buffered [<0-7>|alerts| critical|debugging| emergencies|errors| informational| notifications|warnings] Sets the buffered logging level • <0-7> – Enter the logging severity level (0-7) • alerts – Immediate action needed, (severity=1) • critical – Critical conditions, (severity=2) • debugging – Debugging messages, (severity=7) • emergencies – System is unusable, (severity=0) • errors – Error conditions, (severity=3) • informational – Informational messages, (seve
Global Configuration Commands monitor [<0-7>|alerts| critical|debugging| emergencies|errors| informational| notifications|warnings] Sets the terminal lines logging level. on Enables the logging of system messages. syslog [<0-7>|alerts| critical|debugging| emergencies|errors| informational| notifications|warnings] Sets the syslog servers logging level.
5-64 Motorola RF Switch CLI Reference Guide 5.1.20 mac Global Configuration Commands Configures MAC access lists (goes to the MAC ACL mode) For more information on this mode, see Chapter 16, Extended MAC ACL Instance.
Global Configuration Commands 5-65 5.1.
5-66 Motorola RF Switch CLI Reference Guide 5.1.22 mac-name Global Configuration Commands Sets a name to the MAC address Supported in the following platforms: • RFS7000 • RFS6000 Syntax mac-name Parameters The MAC address to set a ease-of-use name for. Sets the name to the MAC address for ease of use. must be configured following the DNS naming convention. Usage Guidelines Use (no) mac-name to configure the MUs name to its default.
Global Configuration Commands 5-67 5.1.23 management Global Configuration Commands Sets management interface properties Limits local access (through web/telnet) to management interfaces only. Supported in the following platforms: • RFS7000 • RFS6000 Syntax management secure Parameters secure Limits local access (Web/Telnet etc.) to the management interface.
5-68 Motorola RF Switch CLI Reference Guide 5.1.
Global Configuration Commands 5-69 Parameters access-group [peer|query-only|serve| serve-only] [<1-99>| <100-199>|<1300-1999>| <2000-2699>] Controls NTP access. • peer – Provides full access. • query-only – Allows only control queries. • serve – Provides server and query access. • serve-only – Provides only server access. • <1-99> – Defines the standard IP access list. • <100-199> – Extended IP access list. • <1300-1999> – Standard IP access list (expanded range).
5-70 Motorola RF Switch CLI Reference Guide broadcast [client|destination] Configures the NTP broadcast service. • client – Listens to NTP broadcasts. • destination {[key <1-65534>|version <1-4>]}– Configures broadcast destination address. • IP Address – Defines the destination broadcast IP address. • key <1-65536> – Optional. Sets the broadcast key number. • version <1-4> – Sets the NTP version number.
Global Configuration Commands 5-71 • prefer {version <1-4>} – Sets the preference for autokey. Optionally set the NTP version to use. • version <1-4> {prefer} – Sets the NTP version to use. Optionally set this peer as preferred peer. server Configures the NTP server. • – Sets the IP address or name of the peer. • autokey {[prefer {version <1-4>}|version <1-4> {prefer}]} – Configures an autokey peer authentication scheme • prefer – Optional. Prefers this peer when possible.
5-72 Motorola RF Switch CLI Reference Guide RFSwitch(config)#ntp peer TestPeer autokey ? prefer Prefer this peer when possible version Configure NTP version RFSwitch(config)#ntp peer TestPeer autokey prefer ? version Configure NTP version RFSwitch(config)#ntp peer TestPeer autokey prefer version ? <1-4> NTP version number RFSwitch(config)#ntp peer TestPeer autokey prefer version 3 RFSwitch(config)# RFSwitch(config)#ntp peer TestPeer key ? <1-65534> Peer key number RFSwitch(config)#ntp peer TestP
Global Configuration Commands 5.1.25 prompt Global Configuration Commands Configures and sets the systems prompt Supported in the following platforms: • RFS7000 • RFS6000 Syntax prompt Parameters Enter the new prompt displayed by the system. The following operational modifiers are available. • %% – Displays the % sign. • %h – Displays the host name. • %m – Displays the current configuration mode. • %n – Displays the CLI line. • %p – Displays the privilege mode prompt sign.
5-74 Motorola RF Switch CLI Reference Guide 5.1.26 radius-server Global Configuration Commands Enters the RADIUS server mode, the system prompt changes from the default config mode to the RADIUS server mode Supported in the following platforms: • RFS7000 • RFS6000 NOTE: radius-server local mode takes you to the RADIUS server context. For more details see Chapter 19, Radius Server Instance.
Global Configuration Commands retransmit <1-100> Specifies the number of retries to active server. • <0-100> – Number of retries for a transaction (default is 3). timeout <1-1000> Time to wait for a RADIUS server to reply. • <1-1000> – Wait time (default 5 seconds). 5-75 Usage Guidelines The RADIUS server host is used to configure RADIUS server details.
5-76 Motorola RF Switch CLI Reference Guide 5.1.27 ratelimit Global Configuration Commands Configures rate limit parameters Supported in the following platforms: • RFS7000 • RFS6000 Syntax ratelimit [arp|bcast|mcast|ucast] [<0-7>|alerts|critical| debugging|emergencies|errors|informational|notifications| warnings] Parameters ratelimit [arp|bcast|mcast|ucast] [<0-7>|alerts|critical| debugging|emergencies| errors|informational| notifications|warnings] Sets the logging levels for ratelimit feature.
Global Configuration Commands 5-77 5.1.
5-78 Motorola RF Switch CLI Reference Guide Parameters auto-revert enable Enables auto-revert. auto-revert-period <1-1800> Sets the redundancy auto-revert delay interval in minutes. The default is 5 minutes. critical-resource-ip Sets critical resource IP address. • – IP address of the critical resource. dhcp-server enable Enables the DHCP redundancy protocol. discovery-period <10-60> Sets the redundancy discovery interval in seconds. The default is 30 seconds.
Global Configuration Commands 5-79 interface-ip Sets the redundancy interface IP address. manual-revert Reverts standby to non-active mode. member-ip Adds a member with the IP to this redundancy group. mode [primary|standby] Sets the mode to either primary or standby.
5-80 Motorola RF Switch CLI Reference Guide 5.1.29 role Global Configuration Commands Configures role parameters Opens the role configuration mode (confi-role) to enable further configuration of the role. For more information, see Chapter 26, Role Instance. NOTE: Avance Security Licence must be installed for Role Based Firewall to work. Please contact customer support to purchase license for the same.
Global Configuration Commands RFSwitch(config)#role assignment immediate enable RFS7000(config)#show role role officeuser 10 authentication-type any encryption-type any ap-location exact "office" essid office mu-mac any group any role globaluser 11 authentication-type any encryption-type any ap-location any essid any mu-mac any group any role default-role 10001 authentication-type any encryption-type any ap-location any essid any mu-mac any group any 5-81
5-82 Motorola RF Switch CLI Reference Guide 5.1.30 rtls Global Configuration Commands Configures Real Time Location System (RTLS) parameters This enables the Switch to provide complete visibility to the location of assets and thereby enabling location based service. Supported in the following platforms: • RFS7000 • RFS6000 NOTE: rtls command instantiates (config-rtls) instance. For more details see Chapter 21, RTLS Instance.
Global Configuration Commands 5-83 5.1.31 service Global Configuration Commands Retrieves system data (tables, log files, configuration, status and operation) for debugging and problem resolution Supported in the following platforms: • RFS7000 • RFS6000 To view the service command of User Exec and Priv Exec Mode, refer to Chapter 2, service command.
5-84 Motorola RF Switch CLI Reference Guide diag [enable|limit|period| tech-support-period| tech-support-url] Services diagnostics configuration. • enable – Enable in service diagnostics. • limit – Displays diagnostic limit command. • period <100-30000> – Sets diagnostics period. • tech-support-period <10-10080> – Sets the tech support period. Default is 1440 minutes (1day). • tech-support-url – Sets the tech support URL to . This is used during auto generated tech support dumps.
Global Configuration Commands 5-85 set [commandhistory|reboothistory|upgrade-history] Sets service parameters. • command-history <10-300> – Sets the number of previous commands to remember. Default 200. • reboot-history <10-100> – Sets the number of previous reboot details to remember. Default 50. • upgrade-history <10-100> – Sets the number of previous upgrade details to remember. Default 50. show cli Shows running system information. Shows the CLI commands for the current mode.
5-86 Motorola RF Switch CLI Reference Guide 5.1.
Global Configuration Commands 5-87 smtp-notification enable traps wireless ids {[muExcessiveEvents|radioExcessiveEvents| switchExcessiveEvents]} smtp-notification enable traps wireless radio {[adopted|unadopted|detectedRadar]} smtp-notification enable traps wireless self-healing activated smtp-notification enable traps wireless station {[associated|deniedAssociationAsPortCapacityReached| deniedAssociationOnCapability|deniedAssociationOnErr| deniedAssociationOnInvalidWPAWPA2IE| deniedAssociationOnRates|den
5-88 Motorola RF Switch CLI Reference Guide Parameters authenticate enable Enables SMTP Server authentication. enable traps [all| dhcp-server|diagnostics| miscellaneous|mobility| nsm|radius-server| redundancy|snmp |wireless] Enables SMTP notification for traps. • all – Enables SMTP Notification for all traps. • dhcp-server [dhcpServerDown|dhcpServerUp]– Enables dhcp-server traps. • dhcpServerDown – DHCP Server down. • dhcpServerUp – DHCP Server up.
Global Configuration Commands 5-89 • miscellaneous [caCertExpired|lowFsSpace|periodicHeartbeat| processMaxRestartsReached|savedConfigModified| serverCertExpired|switchEvent] – Enables miscellaneous traps. • caCertExpired – CA certificate has expired. • lowFsSpace – Available file system space is lower than the limit. • periodicHeartbeat – Periodic Heartbeat. • processMaxRestartsReached – Process has reached max restart. • savedConfigModified – Saved configuration has been modified.
5-90 Motorola RF Switch CLI Reference Guide • nsm [dhcpIPChanged] – Enables nsm traps and changes the DHCP IP. • radius-server [radiusServerDown|radiusServerUp] – Enables radius-server traps. • radiusServerDown – Radius Server is down. • radiusServerUp – Radius Server is up. • redundancy [adoptionExceeded|criticalResourceDown| criticalResourceUp|grpAuthLevelChanged|memberDown| memberMisConfigured|memberUp] – Enables redundancy traps. • adoptionExceeded – Redundancy port adoption exceeded.
Global Configuration Commands 5-91 • wireless [ap-detection|ids|radio|self-healing|station| wlan] – Enables wireless traps. • ap-detection [externalAPDetected| externalAPRemoved] – Enables wireless AP detection traps. • externalAPDetected – Detects an external AP. • externalAPRemoved – Removes an external AP. • id [muExcessiveEvents|radioExcessiveEvents| switchExcessiveEvents] – Enables wireless IDS traps. • muExcessiveEvents – Excessive and Anomaly MU events.
5-92 Motorola RF Switch CLI Reference Guide • associated – Wireless station associated. • deniedAssociationAsPortCapacity Reached – Wireless station denied association due to port capacity reached. • deniedAssociationOnCapability – Wireless station denied association due to unsupported capability. • deniedAssociationOnErr – Wireless station denied association due to internal error. • deniedAssociationOnInvalidWPAWPA2IE – Wireless station denied association due to invalid/ absent WPA/WPA2 IE.
Global Configuration Commands 5-93 • wlan [vlanUserLimitReached|webPortalUnavailable| webPortalUnconnected||webPortalUnreachable] – Enables wireless wlan traps when: • vlanUserLimitReached – WLAN-VLAN user limit is reached. • webPortalUnavailable – Web portal unavailable. • webPortalUnconnected – Web portal disconnected. • webPortalUnreachable – Web portal unreachable. password 0 SMTP Authentication Password. • 0 – Password is specified unencrypted.
5-94 Motorola RF Switch CLI Reference Guide 5.1.
Global Configuration Commands 5-95 snmp-server enable traps wireless ids {[muExcessiveEvents|radioExcessiveEvents| switchExcessiveEvents]} snmp-server enable traps wireless radio {[adopted|unadopted|detectedRadar]} snmp-server enable traps wireless self-healing activated snmp-server enable traps wireless station {[associated|deniedAssociationAsPortCapacityReached| deniedAssociationOnCapability|deniedAssociationOnErr| deniedAssociationOnInvalidWPAWPA2IE| deniedAssociationOnRates|deniedAssociationOnShortPre
5-96 Motorola RF Switch CLI Reference Guide pktsps-greater-than|tput-greater-than| undecrypt-percent-greater-than] snmp-server snmp-server snmp-server snmp-server snmp-server snmp-server engineid [netsnmp {}|text ] host [v2c|v3] {<1-65535>} location manager [all|v2|v3] periodic-heartbeat-interval sysname snmp-server user [snmpmanager|snmpoperator|snmptrap] Parameters community [ro|rw] Sets the community string and access privileges.
Global Configuration Commands enable traps dhcp-server {[dhcpServerDown| dhcpServerUp]} Enables dhcp-server traps. • dhcpServerDown – DHCP server down. • dhcpServerUp – DHCP server up. enable traps diagnostics {[cpuLoad1Min| cpuLoad5Min| cpuLoad15Min| fanSpeedLow| fileDescriptors| ipRouteCache| packetBuffers| processMemoryUsage| ramFree|tempHigh| tempOver| usedKernelBuffer]} Enables diagnostics traps.
5-98 Motorola RF Switch CLI Reference Guide enable traps mobility {[operationallyDown| operationallyUp| peerDown|peerUp]} Enable mobility traps. • operationallyDown – Mobility down • operationallyUp – Mobility up • peerDown – Mobility peer down • peerUp – Mobility peer up enable traps nsm {dhcpIPChanged} Enables nsm traps. • dhcpIPChanged – DHCP IP changed enable traps radius-server {[radiusServerDown| radiusServerUp]} Enables radius-server traps.
Global Configuration Commands enable traps wireless {[ap-detection|ids| radio|self-healing| station|wlan]} Enables wireless traps. • ap-detection {[externalAPDetected| externalAPRemoved]} – Enables wireless AP detection traps. • externalAPDetected – External AP detected. • externalAPRemoved – External AP detected. • ids {[muExcessiveEvents| radioExcessiveEvents|switchExcessiveEvents]} – Enables wireless IDS traps. • muExcessiveEvents – Excessive MU events. • radioExcessiveEvents – Excessive radio events.
5-100 Motorola RF Switch CLI Reference Guide • associated– Wireless station associated. • deniedAssociationAsPortCapacityReached – Wireless station denied association - port capacity reached. • deniedAssociationOnCapability – Wireless station denied association due to unsupported capability. • deniedAssociationOnErr – Wireless station denied association due to internal error. • deniedAssociationOnInvalidWPAWPA2IE – Wireless station denied association due to invalid/absent WPA/WPA2 IE.
Global Configuration Commands 5-101 • wlan {[vlanUserLimitReached|webPortal Unavailable|webPortalUnreachable|webPortal Unconnected]}– Enables wireless wlan traps. • vlanUserLimitReached – WALN/VLAN user limit reached. • webPortalUnavailable – Webportal is unavailable. • webPortalUnreachable – Webportal is unreachable. • webPortalUnconnected – Webportal is not connected.
5-102 Motorola RF Switch CLI Reference Guide snmp-server enable traps wireless-statistics [mesh| min-packets|mobile-unit| radio|wireless-switch|wlan] Modifies wireless-stats rate traps. • mesh [avg-bit-speed-less-than| avg-retry-greater-than|avg-signal-less-than| gave-up-percent-greater-than| nu-percent-greater-than| num-mobile-units-greater-than| pktsps-greater-than|tput-greater-than| undecrypt-percent-greater-than] – Modifies mesh rate traps.
Global Configuration Commands 5-103 • min-packets <1-65535> – Minimum packets required for sending the trap. • <1-65535> – Defines the minimum packets for sending the trap. This can be set with a decimal number in the range of <1-65535>. • mobile-unit [avg-bit-speed-less-than| avg-retry-greater-than|avg-signal-less-than| gave-up-percent-greater-than| nu-percent-greater-than|pktsps-greater-than| tput-greater-than| undecrypt-percent-greater-than] – Modifies mobile-unit rate traps.
5-104 Motorola RF Switch CLI Reference Guide engineid [netsnmp {}| text ] Sets the SNMP server engine ID. • netsnmp – Sets the engine id to a hexadecimal string. • text – Sets the engine id to a text string. host [v2c|v3] {<1-65535>} SNMP server host. • – SNMP server host IP address. • v2c <1-65535> – Use snmp version 2c. • v3 <1-65535> – Use snmp version 3. location Text for mib object sysLocation. manager [all|v2|v3] Enables the SNMP manager.
Global Configuration Commands user [snmpmanager| snmpoperator|snmptrap] 5-105 Defines a user who can access the SNMP engine. • snmpmanager v3– Manager user • v3 [auth|encrypted] – User using v3 security model • auth md5 – Sets authentication parameters for the user.
5-106 Motorola RF Switch CLI Reference Guide RFSwitch(config)#snmp-server enable traps wireless detection externalAPDetected RFSwitch(config)# ap- RFSwitch(config)#snmp-server enable traps wireless excessiveProbes RFSwitch(config)# ids RFSwitch(config)#snmp-server enable traps wireless radio adopted RFSwitch(config)# RFSwitch(config)#snmp-server enable traps wireless selfhealing activated RFSwitch(config)# RFSwitch(config)#snmp-server enable traps wireless station tkipCounterMeasures RFSwitch(config)#
Global Configuration Commands 5.1.
5-108 Motorola RF Switch CLI Reference Guide Parameters mst [<0-15> priority <0-61440>| cisco-interoperability [enable|disable]| configuration| forward-time <4-30>| hello-time <1-10>| max-age <6-40>| max-hops <7-127>] Enables the Multiple Spanning Tree Protocol on a bridge. • <0-15> priority <0-61440> – Set the bridge priority for an MST instance to the value specified. Use the no parameter with this command to restore the default bridge priority value.
Global Configuration Commands 5-109 • max-age <6-40> – Max-age is the maximum time in seconds for which (if a bridge is the root bridge) a message is considered valid. This prevents the frames from looping indefinitely. The value of max-age must be greater than twice the value of hello time plus one, but less than twice the value of forward delay minus one. The permissible range for max-age is 6-40 seconds.
5-110 Motorola RF Switch CLI Reference Guide portfast [bpdufilter|bpduguard] default Enables the portfast feature on a bridge. It has the following options: • bpdufilter default – Use the bpdu-filter command to set the portfast BPDU filter for the port. Use the no parameter with this command to revert the port BPDU filter value to default. The Spanning Tree Protocol sends BPDUs from all ports. Enabling the BPDU Filter feature ensures PortFastenabled ports do not transmit or receive BPDUs.
Global Configuration Commands 5-111 5.1.35 timezone Global Configuration Commands Configures switch timezone settings Supported in the following platforms: • RFS7000 • RFS6000 Syntax timezone Parameters Press to traverse a list of files. This displays a list of files containing timezone information.
5-112 Motorola RF Switch CLI Reference Guide 5.1.
Global Configuration Commands 5-113 Parameters class max-buffers ... red-level ... class max-buffers ... redpercent ... class max-latency ... [msec|usec] class rate {[Kbps|Mbps|bps]} Traffic shaping packet class. Select an identifier between 1-4. Traffic shaping also uses queues numbered 0-7. • max-buffers – Maximum traffic-shape queue length in packets. • <1-2000> – Maximum length of lowest or all priority queues.
5-114 Motorola RF Switch CLI Reference Guide RFSSwitch(config)#show traffic-shape config Traffic shaping class 1 Rate: 10 Mbps Prio-| max | RED | max rity | pkts | pkts pcnt | latency 0 | 1000 | 750 75% | 1 | 1000 | 750 75% | 2 | 1000 | 750 75% | 3 | 1000 | 750 75% | 4 | 500 | 375 75% | 5 | 500 | 375 75% | 6 | 500 | 375 75% | 7 | 500 | 375 75% | Traffic shaping class 2 Not configured Traffic shaping class 3 Not configured Traffic shaping class 4 Not configured RFS7000(config)#show traffic-shape priority
Global Configuration Commands 5-115 5.1.
5-116 Motorola RF Switch CLI Reference Guide • privilege [helpdesk|monitor|nwadmin|superuser| sysadmin|webadmin] – Sets user access privilege.
Global Configuration Commands 5-117 ! username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f username Jiri password 1 399f01e13e372ba2dc02f37d869021873e60aa85 3. The password in the above running configuration is displayed in an encrypted format even though it was entered as plain text in Step 1.
5-118 Motorola RF Switch CLI Reference Guide 5.1.38 vpn Global Configuration Commands Configures VPN authentication settings Supported in the following platforms: • RFS7000 • RFS6000 Syntax vpn authentication-method [local|radius] Parameters authentication-method [local|radius] Selects the authentication scheme. • local – Used for user based authentication. • radius – Used for RADIUS server authentication.
Global Configuration Commands 5-119 5.1.39 wireless Global Configuration Commands Configures switch wireless parameters This command moves you to the config-wireless instance. For more information, see Chapter 20, Wireless Instance. Supported in the following platforms: • RFS7000 • RFS6000 Syntax wireless Parameters None Usage Guidelines The wireless command is used to enter the config-wireless instance wherein you can configure wireless parameters.
5-120 Motorola RF Switch CLI Reference Guide 5.1.
Global Configuration Commands 5-121 When a packet goes out of a access port, it becomes outbound traffic to the wireless LAN index. Apply an ACL to a WLAN index in outbound direction to filter traffic from both wired and wireless interfaces. wlan-acl can be attached both in the inbound and outbound directions. NOTE: Most of the Wireless LAN related configuration are performed using the Chapter 20, Wireless Instance. Use wlan-acl (in the global configuration mode) to apply an ACL on a wireless LAN index .
5-122 Motorola RF Switch CLI Reference Guide ip access-list standard stdacl3 deny host 30.0.0.14 rule-precedence 54 no access-list stdacl wlan-acl 5 stdacl1 in wlan-acl 6 stdacl2 in The stdacl must be detached from the interface to which it was associated and stdacl3 must be attached to that interface. When the user explicitly creates ACL rules with WLAN index as selector, the switch consumes that ACL without WLAN index selector.
Global Configuration Commands 5.1.
5-124 Motorola RF Switch CLI Reference Guide 5.1.42 firewall Global Configuration Commands Use this command to set system’s network-element-ID Supported in the following platforms: • RFS7000 • RFS6000 Syntax firewall [802.2-encapsulation|clamp|enable|flow| virtual-defrag|vlan-stacking] firewall enable firewall 802.
Global Configuration Commands 5-125 clamp [path-mtu| tcp-mss] Configures wireless firewall • clamp [path-mtu|tcp-mss] – Displays clamp value • path-mtu – Displays limit discovered path-mtu • tcp-mss – Displays limit TCP to inner path-mtu. flow timeout [icmp|other|tcp|udp] Configures firewall flow of packets. • timeout [icmp|other|udp] <1-32400> – Sets the timeout value for type ICMP, UDP, and Other to a value between 1 and 32400 seconds.
5-126 Motorola RF Switch CLI Reference Guide vlan-stacking permit Configures 802.1q VLAN stacking. • permit – Permits 802.1q VLAN stacking that can bypass the firewall. Motorola does not recommend the use of this option.
Crypto-isakmp Instance The (config-crypto-isakmp) instance is used to configure ISAKMP policies. To enter this instance, use this command: RFSwitch(config)#crypto isakmp policy <1-10000> RFSwitch(config-crypto-isakmp)# 6.1 Crypto ISAKMP Config Commands Table 6.1 summarizes crypto-isakmp commands Table 6.1 Crypto ISAKMP Command Summary Command Description Ref.
6-2 Motorola RF Switch CLI Reference Guide Table 6.1 Crypto ISAKMP Command Summary Command Description Ref.
Crypto-isakmp Instance 6.1.
6-4 Motorola RF Switch CLI Reference Guide 6.1.2 clrscr Crypto ISAKMP Config Commands Clears the display screen Supported in the following platforms: • RFS7000 • RFS6000 Syntax clrscr Parameters None.
Crypto-isakmp Instance 6.1.
6-6 Motorola RF Switch CLI Reference Guide 6.1.4 end Crypto ISAKMP Config Commands Ends and exits the current mode and changes to the PRIV EXEC mode. The prompt changes to RFSwitch# Supported in the following platforms: • RFS7000 • RFS6000 Syntax end Parameters None.
Crypto-isakmp Instance 6-7 6.1.5 exit Crypto ISAKMP Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to RFSwitch(config)# Supported in the following platforms: • RFS7000 • RFS6000 Syntax exit Parameters None.
6-8 Motorola RF Switch CLI Reference Guide 6.1.
Crypto-isakmp Instance 6-9 6.1.
6-10 Motorola RF Switch CLI Reference Guide 6.1.8 help Crypto ISAKMP Config Commands Displays the system’s interactive help system Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None. Example RFSwitch(config-crypto-isakmp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Crypto-isakmp Instance 6-11 6.1.9 lifetime Crypto ISAKMP Config Commands Specifies how long an IKE SA is valid before it expires • RFS7000 • RFS6000 Syntax lifetime Parameters Specifies how many seconds an IKE SA lasts before it expires. A time stamp (in seconds) can be configured between 60 and 2147483646.
6-12 Motorola RF Switch CLI Reference Guide 6.1.10 no Crypto ISAKMP Config Commands Negates a command or sets its defaults Supported in the following platforms: • RFS7000 • RFS6000 Syntax no [authentication|encryption|group|hash|lifetime] Parameters None.
Crypto-isakmp Instance 6-13 6.1.11 service Crypto ISAKMP Config Commands Invokes service commands to troubleshoot or debug the (config-crypto-isakmp) instance configurations.
6-14 Motorola RF Switch CLI Reference Guide +-2 [group (1|2|5)] +-5 [group (1|2|5)] +-hash +-md5 [hash (sha|md5)] ...................
Crypto-isakmp Instance 6-15 6.1.
6-16 Motorola RF Switch CLI Reference Guide clock commands crypto debugging dhcp environment file firewall ftp history interfaces ip ldap licenses logging buffer mac mac-address-table mac-name management mobility ntp password-encryption port-channel privilege radius redundancy role rtls running-config securitymgr sessions connections smtp-notifications snmp snmp-server spanning-tree startup-config static-channel-group terminal parameters timezone traffic-shape upgrade-status Display system clock Show com
Crypto-isakmp Instance 6-17 users Display information about currently logged in users version Display software & hardware version wireless Wireless configuration commands wlan-acl wlan based acl RFSwitch(config-crypto-isakmp)#show
6-18 Motorola RF Switch CLI Reference Guide
Crypto-group Instance The (config-crypto-group) instance configures the default group properties of the ISAKMP client. To navigate to this instance, use the command: RFSwitch(config)#crypto isakmp client configuration group default RFSwitch(config-crypto-group)# 7.1 Crypto Group Config Commands Table 7.1 summarizes the switch config-crypto-group commands Table 7.1 Crypto Group Command Summary Command Description Ref.
7-2 Motorola RF Switch CLI Reference Guide Table 7.1 Crypto Group Command Summary Command Description Ref.
Crypto-group Instance 7.1.
7-4 Motorola RF Switch CLI Reference Guide 7.1.2 dns Crypto Group Config Commands Specifies the DNS server address(es) to assign to a client Supported in the following platforms: • RFS7000 • RFS6000 Syntax dns The first DNS server address to assign Example RFSwitch(config-crypto-group)#dns-server 172.1.17.
Crypto-group Instance 7-5 7.1.3 end Crypto Group Config Commands Ends and exits the current mode and changes to the PRIV EXEC mode.
7-6 Motorola RF Switch CLI Reference Guide 7.1.4 exit Crypto Group Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
Crypto-group Instance 7-7 7.1.5 help Crypto Group Config Commands Displays the system’s interactive help system Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-crypto-group)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
7-8 Motorola RF Switch CLI Reference Guide 7.1.6 service Crypto Group Config Commands Invokes service commands used troubleshoot or debug (config-crypto-isakmp) instance configurations Supported in the following platforms: • RFS7000 • RFS6000 Syntax service show cli Parameters cli Displays the CLI tree of current mode Example RFSwitch(config-crypto-group)#service show cli Crypto Client Config mode: +-clrscr [clrscr] +-dns +-A.B.C.D [dns A.B.C.
Crypto-group Instance 7-9 7.1.
7-10 Motorola RF Switch CLI Reference Guide clock commands crypto debugging dhcp environment file firewall ftp history interfaces ip ldap licenses logging buffer mac mac-address-table mac-name management mobility ntp password-encryption port-channel privilege radius redundancy role rtls running-config securitymgr sessions connections smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group terminal parameters timezone traffic-shape upgrade-status Display system clock Show comm
Crypto-group Instance users logged in users version wireless wlan-acl 7-11 Display information about currently Display software & hardware version Wireless configuration commands wlan based acl RFSwitch(config-crypto-group)#show
7-12 Motorola RF Switch CLI Reference Guide 7.1.8 wins Crypto Group Config Commands Specifies the Windows Internet Naming Service (WINS) servers to assign to a client Supported in the following platforms: • RFS7000 • RFS6000 Syntax wins Parameters The first WINS server address to assign Example RFSwitch(config-crypto-group)#wins 128.2.11.
Crypto-peer Instance The (config-crypto-peer) instance to configure ISAKMP peers. To enter this instance, use the command: RFSwitch(config)#crypto isakmp peer [address|dn|hostname] RFSwitch(config-crypto-peer)# 8.1 Crypto Peer Config Commands Table 8.1 summarizes the config-crypto-peer commands Table 8.1 Crypto Peer Command Summary Command Description Ref.
8-2 Motorola RF Switch CLI Reference Guide Table 8.1 Crypto Peer Command Summary (Continued) Command show Description Displays running system Ref.
Crypto-peer Instance 8.1.
8-4 Motorola RF Switch CLI Reference Guide 8.1.2 end Crypto Peer Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
Crypto-peer Instance 8-5 8.1.3 exit Crypto Peer Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
8-6 Motorola RF Switch CLI Reference Guide 8.1.4 help Crypto Peer Config Commands Accesses the system’s interactive help system Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-crypto-peer)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Crypto-peer Instance 8.1.
8-8 Motorola RF Switch CLI Reference Guide 8.1.6 service Crypto Peer Config Commands Invokes service commands to troubleshoot or debug the (config-crypto-peer) instance configuration.
Crypto-peer Instance 8-9 8.1.7 set Crypto Peer Config Commands Configures the aggressive-mode of config-crypto-peer • RFS7000 • RFS6000 Syntax set aggerssive-mode password [0 |2 | ] Parameters aggressive-mode password [0 |2 | Defines aggressive mode attributes • password – Specifies a tunnel-password attribute • 0 – Password is specified unencrypted.
8-10 Motorola RF Switch CLI Reference Guide 8.1.
Crypto-peer Instance 8-11 clock Display system clock commands Show command lists crypto encryption module debugging Debugging information outputs dhcp DHCP Server Configuration environment show environmental information file Display filesystem information firewall Wireless firewall ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and
8-12 Motorola RF Switch CLI Reference Guide version wireless wlan-acl Display software & hardware version Wireless configuration commands wlan based acl RFSwitch(config-crypto-peer)#show
Crypto-ipsec Instance Use the (config-crypto-ipsec) instance to define the transform configuration for securing data (esp-3des, esp-sha-hmac etc.). To navigate to this instance, use the command RFSwitch(config)#crypto ipsec transform-set RFSwitch(config-crypto-ipsec)# The transform set is assigned to a crypto map using the map’s transform-set command. For more details, see crypto-map transform set on page 10-12. 9.
9-2 Motorola RF Switch CLI Reference Guide Table 9.1 Crypto IPsec Command Summary (Continued) Command Description Ref.
Crypto-ipsec Instance 9-3 9.1.1 end Crypto IPSec Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
9-4 Motorola RF Switch CLI Reference Guide 9.1.2 exit Crypto IPSec Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
Crypto-ipsec Instance 9-5 9.1.3 help Crypto IPSec Config Commands Accesses the system’s interactive help system Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-crypto-peer)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
9-6 Motorola RF Switch CLI Reference Guide 9.1.
Crypto-ipsec Instance 9.1.5 no Crypto IPSec Config Commands Negates a command or sets it’s defaults Supported in the following platforms: • RFS7000 • RFS6000 Syntax no mode Parameters mode Sets default to tunnel mode.
9-8 Motorola RF Switch CLI Reference Guide 9.1.
Crypto-ipsec Instance 9-9 environment show environmental information file Display filesystem information firewall Wireless firewall ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol (IP) mac-address-table Display MAC address table mac-name Displays the configured MAC names management Display L3 Managme
9-10 Motorola RF Switch CLI Reference Guide 9.1.
Crypto-map Instance The (config-crypto-map) commands define a Certificate Authority (CA) trustpoint. This is a separate instance, but belongs to the crypto pki trustpoint mode under the config instance. To navigate to this instance, use the command: RFSwitch(config)#crypto map [ipsec-isakmp|ipsec-manual] {dynamic} RFSwitch(config-crypto-map)# 10.1 Crypto Map Config Commands Table 10.1 summarizes config-crypto-map commands: Table 10.
10-2 Motorola RF Switch CLI Reference Guide Table 10.1 Crypto Map Command Summary (Continued) Command Description Ref.
Crypto-map Instance 10.1.
10-4 Motorola RF Switch CLI Reference Guide 10.1.2 end Crypto Map Config Commands Ends and exits the current mode and moves to the to PRIV EXEC mode.
Crypto-map Instance 10-5 10.1.3 exit Crypto Map Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
10-6 Motorola RF Switch CLI Reference Guide 10.1.4 help Crypto Map Config Commands Displays the system’s interactive help system Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-crypto-map)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Crypto-map Instance 10-7 10.1.5 match Crypto Map Config Commands Use this command to assign an IP access-list to a crypto map definition. The access-list designates the IP packets to be encrypted by this crypto map. A crypto map entry is a single policy that describes how certain traffic is secured. There are two types of crypto map entries: ipsec-manual and ipsec-ike entries. Each entry is given an index (used to sort the ordered list).
10-8 Motorola RF Switch CLI Reference Guide Usage Guidelines Crypto map entries do not directly contain the selectors used to determine which data to secure. Instead, the crypto map entry refers to an access control list. An access control list (ACL) is assigned to the crypto map using the match address command. If no ACL is configured for a crypto map, the entry is incomplete and will have no effect on the system.
Crypto-map Instance 10.1.6 no Crypto Map Config Commands Negates a command or sets its defaults Supported in the following platforms: • RFS7000 • RFS6000 Syntax no [match|set] Parameters Use the commands configured under this instance.
10-10 Motorola RF Switch CLI Reference Guide 10.1.
Crypto-map Instance 10-11 +-level +-perhost [no set security-association level perhost] +-lifetime [no set security-association lifetime] +-session-key +-inbound +-ah [no set session-key ( inbound | outbound ) ah] +-esp [no set session-key ( inbound | outbound ) esp] ............................................................ ............................................................ ............................................................ .....................
10-12 Motorola RF Switch CLI Reference Guide 10.1.
Crypto-map Instance 10-13 mode [aggressive|main] Sets the mode of the tunnels for this Crypto Map • aggressive – Initiates aggressive mode • main – Initiates main mode peer [ipaddress| ] Sets the IP address of the peer device. This can be set for multiple remote peers. The remote peer can be either an IP address. Note: In manual mode, only one remote peer can be added for a crypto map • IP address – Enter the IP address of the peer device.
10-14 Motorola RF Switch CLI Reference Guide security-association [level perhost|lifetime {kilobyte|seconds}] Defines the lifetime (in kilobytes and/or seconds) of the IPSec SAs created by this crypto map • level perhost – Specifies the security association granularity level for identities • lifetime [kilobyte|seconds] – Security an association lifetime session-key [inbound|outbound] {ah|esp} <256-4294967295> cipher Use the set session-key command to define the encryption and authentication keys for th
Crypto-map Instance 10-15 RFSwitch(config-crypto-map)#set pfs If left at the default setting, no perfect forward secrecy (PFS) is used during IPSec SA key generation. If PFS is specified, the specified Diffie-Hellman Group exchange is used for the initial (and all subsequent) key generations. This means no data linkage between prior keys and future keys. RFSwitch(config-crypto-map)#set security-association lifetime (kilobytes|seconds) Values can be entered in both kilobytes and seconds.
10-16 Motorola RF Switch CLI Reference Guide 10.1.
Crypto-map Instance 10-17 environment show environmental information file Display filesystem information firewall Wireless firewall ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol (IP) mac-name Displays the configured MAC names mac-address-table Display MAC address table management Display L3 Managme
10-18 Motorola RF Switch CLI Reference Guide
Crypto-trustpoint Instance The (config-crypto-trustpoint)commands define a Certificate Authority (CA) trustpoint. This is a separate instance, but belongs to the crypto pki trustpoint mode under the config instance. To navigate to this instance, use the command RFSwitch(config)#crypto pki trustpoint RFSwitch(config-trustpoint)# 11.1 Trustpoint (PKI) Config Commands Table 11.1 summarizes config-crypto-trustpoint commands: Table 11.
11-2 Motorola RF Switch CLI Reference Guide Table 11.1 Trustpoint (PKI) Config Command Summary Command Description Ref.
Crypto-trustpoint Instance 11.1.
11-4 Motorola RF Switch CLI Reference Guide 11.1.
Crypto-trustpoint Instance 11-5 11.1.3 email Trustpoint (PKI) Config Commands Sets the e-mail ID for the trustpoint Supported in the following platforms: • RFS7000 • RFS6000 Syntax email Parameters Sets email address (2 to 64 characters) for the trustpoint Example RFSwitch(config-trustpoint)#email abcTestemailID@symbol.
11-6 Motorola RF Switch CLI Reference Guide 11.1.4 end Trustpoint (PKI) Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
Crypto-trustpoint Instance 11-7 11.1.5 exit Trustpoint (PKI) Config Commands Ends the current mode and moves to previous the mode (GLOBAL-CONFIG).
11-8 Motorola RF Switch CLI Reference Guide 11.1.6 fqdn Trustpoint (PKI) Config Commands Configures the domain name of the trustpoint (FQDN stands for Fully Qualified Domain Name) Supported in the following platforms: • RFS7000 • RFS6000 Syntax fqdn Parameters The fully qualified domain name (between 9 and 64 characters long) Example RFSwitch(config-trustpoint)#fqdn RetailKing.
Crypto-trustpoint Instance 11-9 11.1.7 help Trustpoint (PKI) Config Commands Displays the systems interactive help system Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-trustpoint)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
11-10 Motorola RF Switch CLI Reference Guide 11.1.8 ip-address Trustpoint (PKI) Config Commands Sets an IP address for the trustpoint Supported in the following platforms: • RFS7000 • RFS6000 Syntax ip-address Parameters Enter the IP address for the trustpoint Example RFSwitch(config-trustpoint)#ip-address 157.200.200.
Crypto-trustpoint Instance 11.1.9 no Trustpoint (PKI) Config Commands Negates a command or sets its defaults Supported in the following platforms: • RFS7000 • RFS6000 Syntax no [company-name|email|fqdn|ip-address|subject-name] Parameters None.
11-12 Motorola RF Switch CLI Reference Guide 11.1.
Crypto-trustpoint Instance 11-13 11.1.11 rsakeypair Trustpoint (PKI) Config Commands Configures a RSA Keypair to associate with the trustpoint Supported in the following platforms: • RFS7000 • RFS6000 Syntax rsakeypair Parameters RSA Keypair Identifier Usage Guidelines The RSA key pair configures the switch to have Rivest, Shamir, and Adelman (RSA) key pairs. Thus, the switch software can maintain a different key pair for each identity certificate.
11-14 Motorola RF Switch CLI Reference Guide 11.1.
Crypto-trustpoint Instance 11-15 11.1.
11-16 Motorola RF Switch CLI Reference Guide environment show environmental information file Display filesystem information firewall Wireless firewall ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol (IP) mac-address-table Display MAC address table mac-name Displays the configured MAC names management
Crypto-trustpoint Instance 11-17 11.1.
11-18 Motorola RF Switch CLI Reference Guide RFSwitch(config-trustpoint)#subject-name TestPool US OH PB SYMBOL ? WORD Organization Unit( 2 to 64 characters ) RFSwitch(config-trustpoint)#subject-name TestPool US OH PB SYMBOL WID ? RFSwitch(config-trustpoint)#subject-name TestPool US OH PB SYMBOL WID RFSwitch(config-trustpoint)#
Interface Instance Use the (config-if) instance to configure the interfaces – Ethernet, VLAN and tunnel associated with the switch. To switch to this mode, use the command: RFSwitch(config)#interface [|ge <1-4>|me1| sa <1-4>|vlan <1-4094> RFSwitch(config-if)# 12.1 Interface Config Commands Table 12.1 summarizes the (config-if) commands: Table 12.1 Interface Config Command Summary Command Description Ref.
12-2 Motorola RF Switch CLI Reference Guide Table 12.1 Interface Config Command Summary (Continued) Command Description Ref.
Interface Instance 12.1.
12-4 Motorola RF Switch CLI Reference Guide 12.1.2 crypto Interface Config Commands Sets the encryption module to use for this interface Supported in the following platforms: • RFS7000 • RFS6000 Syntax crypto map Parameters map Assigns a Crypto Map • – Crypto Map tag Usage Guidelines At any given instance you can add one crypto mapset to an single interface. The switch does not allow the same cryptomap set to be attached to multiple interfaces.
Interface Instance 12-5 12.1.
12-6 Motorola RF Switch CLI Reference Guide 12.1.4 duplex Interface Config Commands Specifies the duplex mode for the interface NOTE: • Duplexity can only be set for an Ethernet Interface. Enter the (config-if) instance using the eth parameter of the interface mode • The duplex cannot be set until the speed is set to a non-auto value Supported in the following platforms: • RFS7000 • RFS6000 Syntax duplex [auto|full|half] Parameters auto Sets the ports duplexity automatically.
Interface Instance 12-7 12.1.5 end Interface Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
12-8 Motorola RF Switch CLI Reference Guide 12.1.6 exit Interface Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
Interface Instance 12-9 12.1.7 help Interface Config Commands Displays the system’s interactive help Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-if)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
12-10 Motorola RF Switch CLI Reference Guide 12.1.
Interface Instance ip address [ {secondary}|dhcp] 12-11 Sets a static IP address and network mask for a Layer 3 SVI (Switch Virtual Interface) • {secondary} – Sets the IP address (10.0.0.
12-12 Motorola RF Switch CLI Reference Guide Use the {no} ip [options] command to undo IP based interface configurations Example RFSwitch(config-if)#ip access-group 110 in RFSwitch(config-if)# RFSwitch(config-if)#ip address 192.168.234.1/24 RFSwitch(config-if)# 12.1.8.1 Creating Helper Address using DHCP Server Follow the steps below to create a helper address on VLAN 2000 for using a DHCP server on VLAN 1000: RFSwitch(config)#interface vlan 1000 RFSwitch(config-if)#ip address 172.168.100.
Interface Instance 12-13 12.1.9 mac Interface Config Commands Applies a MAC access list (ACL) to Gigabit Ethernet interface NOTE: The access list cannot be applied on a management interface (me1).
12-14 Motorola RF Switch CLI Reference Guide 12.1.10 management Interface Config Commands Sets the selected interface as management interface. It can only be used on a VLANx interface. The TFTP/FTP server providing the switch its config file at startup must be accessible via this interface. VLAN 1 is the default management interface for the switch.
Interface Instance 12-15 12.1.
12-16 Motorola RF Switch CLI Reference Guide 12.1.12 port-channel Interface Config Commands Selects the load-balance criteria of an aggregated port Supported in the following platforms: • RFS7000 SWITCH NOTE: RFS6000 does not support this command.
Interface Instance 12-17 12.1.12.1 Configuring a Port Aggregation Use static-channel-group and port-channel for configuring port aggregation. Follow the steps below to configure port aggregation: 1. Create a static channel group for port aggregation and associate an interface with it. RFSwitch(config)#interface ge 1 RFSwitch(config-if)#static-channel-group 1 2. Execute show static-channel-group and ensure the virtual static aggregation sa 1 has been created and associated with ge 1. 3.
12-18 Motorola RF Switch CLI Reference Guide How src-dst-mac mode works When the switch sends a packet out of a SA, it selects the egress port as a function of the packet's source MAC, destination MAC, and the set of ports in the SA which are running. It XORs the bottom bits of the two MACs and indexes it into a table of the running ports.
Interface Instance 12-19 12.1.13 power Interface Config Commands Invokes PoE commands to configure PoE power limit and priority for a port. By default the value for a GE port is set to low. Power is applied in order of priority, power overlaods are removed in reverse order of priority.
12-20 Motorola RF Switch CLI Reference Guide RFSwitch(config)#interface ge3 RFSwitch(config-if)#power priority critical RFSwitch(config-if)#exit RFSwitch(config)#show power configuration Power usage trap at 80% of max power (148 of 185 Watts) port Priority Power limit Enabled ge1 high 29.7W no ge2 high 14.0W yes ge3 crit 29.7W yes ge4 high 29.7W yes ge5 high 29.7W yes ge6 high 29.7W yes ge7 high 29.7W yes ge8 high 29.
Interface Instance 12.1.14 service Interface Config Commands Invokes service commands to troubleshoot or debug the (config-if) instance configuration.
12-22 Motorola RF Switch CLI Reference Guide 12.1.
Interface Instance 12-23 environment show environmental information file Display filesystem information firewall Wireless firewall ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol (IP) mac-address-table Display MAC address table mac-name Displays the configured MAC names management Display L3 Managmen
12-24 Motorola RF Switch CLI Reference Guide 12.1.
Interface Instance 12-25 12.1.17 spanning-tree Interface Config Commands Configures spanning tree parameters Displays current system information running on the switch.
12-26 Motorola RF Switch CLI Reference Guide bpduguard [disable|enable] Use this command to enable or disable the BPDU guard feature on a port. Use the no parameter with this command to set the BPDU guard feature to default values. When the BPDU guard is set for a bridge, all portfastenabled ports that have the BPDU-guard set to default shut down the port upon receiving a BPDU. If this occurs, the BPDU is not processed.
Interface Instance 12-27 mst [<0-15> [cost <1-200000000>| port-priority <0-240>]| port-cisco-interoperability [disable|enable]] Configures MST values on a spanning tree • <0-15> [cost <1-200000000>|port-priority <0-240>] – Defines the Instance ID • cost <1-200000000> – Defines the path cost for a port • port-priority <0-240> – Defines the port priority for a bridge • port-cisco-interoperability [disable|enable] – Enables or disables interoperability with Cisco's version of MSTP (which is incompatible wit
12-28 Motorola RF Switch CLI Reference Guide 12.1.18 speed Interface Config Commands Specifies the speed of a fast-ethernet (10/100) or a gigabit-ethernet port (10/100/1000) Displays current system information running on the switch.
Interface Instance 12-29 12.1.19 static-channel-group Interface Config Commands Adds an interface to a static channel group Displays current system information running on the switch.
12-30 Motorola RF Switch CLI Reference Guide 12.1.20 switchport Interface Config Commands Sets switching mode characteristics for the selected interface.
Interface Instance trunk [allowed |native] 12-31 Sets the trunking mode characteristics • allowed vlan – Configures trunk characteristics when the port is in trunk-mode • vlan [add|none|remove] – Sets allowed vlans • none – Allows no vlans to Xmit/Rx through the Layer2 interface • add – Adds vlans to the current list • remove – Removes vlans from the current list • – vlan-ids added or removed. Can be either a range of vlans (55-60) or a list of comma separated vlan-ids (35, 41 etc.
12-32 Motorola RF Switch CLI Reference Guide 12.1.21 storm-control Interface config commands Sets storm-control for broadcasting Supported in the following platforms: • RFS7000 • RFS6000 Syntax storm-control [bcast|mcast|ucast] rate-limit <1-1000000> Parameters bcast rate-limit <1-1000000> Configures storm-control of broadcast packets.
Spanning tree-mst Instance Use the (config-mst) instance to configure the switch’s Multi Spanning Tree Protocol (MSTP) configuration. To switch to this instance, use the command: RFSwitch(config)#spanning-tree mst configuration RFSwitch(config-mst)# 13.1 mst Config Commands Table 13.1 summarizes the (config-mst) commands: Table 13.1 MSTI configuration commands Command Description Ref.
13-2 Motorola RF Switch CLI Reference Guide Command Description Ref.
Spanning tree-mst Instance 13.1.
13-4 Motorola RF Switch CLI Reference Guide 13.1.2 end mst Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
Spanning tree-mst Instance 13-5 13.1.3 exit mst Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
13-6 Motorola RF Switch CLI Reference Guide 13.1.4 help mst Config Commands Displays the system’s interactive help system Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-mst)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
Spanning tree-mst Instance 13-7 13.1.5 instance mst Config Commands Associates VLAN(s) with an instance Supported in the following platforms: • RFS7000 • RFS6000 Syntax instance <1-15> vlan Parameters <1-15> Defines the instance ID to which the VLAN is associated vlan Sets the VLAN ID for its association with an instance Usage Guidelines MSTP works based on instances. An instance is a group of VLANs with a common spanning tree.
13-8 Motorola RF Switch CLI Reference Guide 13.1.
Spanning tree-mst Instance 13-9 13.1.
13-10 Motorola RF Switch CLI Reference Guide 13.1.
Spanning tree-mst Instance 13-11 13.1.
13-12 Motorola RF Switch CLI Reference Guide +-full [show running-config full] +-include-factory [show running-config include-factory] +-service +-show +-cli [service show cli] +-show +-access-list [show access-list] +-<1-99> [show access-list (<1-99>|<100-199>|<13001999>|<2000-2699>|WORD)] +-<100-199> [show access-list (<1-99>|<100-199>|<13001999>|<2000-2699>|WORD)] +-<1300-1999> [show access-list (<1-99>|<100-199>|<13001999>|<2000-2699>|WORD)] +-<2000-2699> [show access-list (<1-99>|<100-199>|<13001999>
Spanning tree-mst Instance 13-13 13.1.
13-14 Motorola RF Switch CLI Reference Guide environment show environmental information file Display filesystem information firewall Wireless firewall ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol (IP) mac-address-table Display MAC address table mac-name Displays the configured MAC names management
Extended ACL Instance The Extended ACL instance (config-ext-nacl) is used to manage the extended Access Control List entries associated with the switch. To navigate to this instance, use the command RFSwitch(config)#ip access-list extended [| <100-199>|<2000-2699>] RFSwitch(config-ext-nacl)# 14.1 Extended ACL Config Commands Table 14.1 summarizes config-ext-nacl commands: Table 14.1 Extended ACL Config Command Summary Command Description Ref.
14-2 Motorola RF Switch CLI Reference Guide Table 14.1 Extended ACL Config Command Summary (Continued) Command Description Ref.
Extended ACL Instance 14.1.
14-4 Motorola RF Switch CLI Reference Guide 14.1.
Extended ACL Instance 14-5 Parameters deny ip [|any|host ][|any|host ] {log} {rule-precedence <15000>} Use with a deny command to reject IP packets • deny – Sets the action type on an ACL • ip – Specifies an IP (to match to a protocol) • |any|host – The keyword is the source IP address of the network or host in dotted decimal format. The is the network mask. For example, 10.1.1.
14-6 Motorola RF Switch CLI Reference Guide deny icmp [|any|host ] [|any|host ] { {}} {log} {rule-precedence <15000>} Use with the deny command to reject ICMP packets • deny – Rejects ICMP packets • icmp – Specifies ICMP as the protocol • [|any|host ] – The source is the source IP address of the network or host (in dotted decimal format). The is the network mask. For example, 10.1.1.
Extended ACL Instance deny [tcp|udp] [|any|host ] {eq |range } []{eq } {range } {log} {ruleprecedence <1-5000>} 14-7 Use with the deny command to reject TCP or UDP packets • deny – Rejects TCP or UDP packets • tcp|udp – Specifies TCP or UDP as the protocol • |any|host – The source is the source IP address of the network or host
14-8 Motorola RF Switch CLI Reference Guide Usage Guidelines Use this command to deny traffic between networks/hosts based on the protocol type selected in the access list configuration. The following protocol types are supported: • ip • icmp • tcp • udp The last ACE in the access list is an implicit deny statement. Whenever the interface receives the packet, its content is checked against the ACEs in the ACL. It is allowed/denied based on the ACL configuration.
Extended ACL Instance 14-9 14.1.2.3 Example - Denying UDP Based Traffic The following example denies UDP traffic with a source port range between 20 - 23 (from the source subnet to destination subnet): RFSwitch(config-ext-nacl)#deny udp range 20 23 192.168.1.0/24 192.168.2.0/24 RFSwitch(config-ext-nacl)#permit ip any any RFSwitch(config-ext-nacl)# 14.1.2.4 Example - Denying ICMP Based Traffic The following example denies ICMP traffic from any source to any destination.
14-10 Motorola RF Switch CLI Reference Guide 14.1.
Extended ACL Instance 14-11 14.1.4 exit Extended ACL Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
14-12 Motorola RF Switch CLI Reference Guide 14.1.5 help Extended ACL Config Commands Displays the system’s interactive help system Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-ext-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Extended ACL Instance 14-13 14.1.
14-14 Motorola RF Switch CLI Reference Guide ip [|any|host ] [| any|host ] {log} {rule-precedence <1-5000>} Use with mark command to mark a packet. • ip – Specifies an IP (to match to a protocol) • |any|host – The keyword is the source IP address of the network or host in dotted decimal format. The is the network mask. For example, 10.1.1.10/24 indicates the first 24 bits of the source IP is used for matching.
Extended ACL Instance icmp [|any|host ] [|any| host ] { {}} {log} {rule-precedence <1-5000>]} 14-15 Use with the mark command to mark ICMP packets • deny – Rejects ICMP packets • icmp – Specifies ICMP as the protocol • [|any|host ] – The source is the source IP address of the network or host (in dotted decimal format). The is the network mask. For example, 10.1.1.
14-16 Motorola RF Switch CLI Reference Guide [tcp|udp] [|any|host ] {eq |range } [] {eq } {range } {log} {ruleprecedence <1-5000>} Use with the mark command to mark TCP or UDP packets • deny – Rejects TCP or UDP packets • tcp|udp – Specifies TCP or UDP as the protocol • |any|host – The source is the source IP address of the netw
Extended ACL Instance 14-17 Usage Guidelines Marks traffic between networks/hosts based on the protocol type selected in the access list configuration Use the mark option to specify the type of service (tos) and priority value. The tos value is marked in the IP header and the 802.1p priority value is marked in the dot1q frame. The following types of protocols are supported: • ip • icmp • tcp • udp Whenever the interface receives the packet, its content is checked against all ACEs in the ACL.
14-18 Motorola RF Switch CLI Reference Guide RFSwitch(config-ext-nacl)# mark tos 160 udp 192.168.2.0/24 range 5060 5061 RFSwitch(config-ext-nacl)# RFSwitch(config-ext-nacl)# mark dscp 40 udp 192.168.2.
Extended ACL Instance 14-19 14.1.7 no Extended ACL Config Commands Negates a command or sets its defaults Supported in the following platforms: • RFS7000 • RFS6000 Syntax no [deny|mark|permit] Negates all the syntax combinations used in the deny, mark and permit designations to configure the Extended ACL Parameters deny Specifies packets to reject mark Specifies packets to mark permit Specifies packets to forward Usage Guidelines Removes an access list control entry.
14-20 Motorola RF Switch CLI Reference Guide 14.1.8 permit Extended ACL Config Commands Permits specific packets. NOTE: ACLs do not allow DHCP messages to flow by default. Configure an Access Control Entry (ACE) to allow DHCP messages to flow through. RFSwitch(config-ext-nacl)#permit ip xxx.xxx.xxx.xxx/ x 192.168.2.0/24 RFSwitch(config-ext-nacl)#permit ip any host xxx.xxx.xxx.
Extended ACL Instance 14-21 Parameters permit ip [|any|host ] [|any|host ] {log} {ruleprecedence <1-5000>} Use with a permit command to allow IP packets • deny – Sets the action type on an ACL • IP – Specifies an IP (to match to a protocol) • |any|host – The keyword is the source IP address of the network or host in dotted decimal format. The is the network mask. For example, 10.1.1.
14-22 Motorola RF Switch CLI Reference Guide permit icmp [|any|host ] [|any| host ] { {}} {log} {rule-precedence <1-5000>]} Use with the permit command to allow ICMP packets • deny – Rejects ICMP packets • icmp – Specifies ICMP as the protocol • [|any|host ] – The source is the source IP address of the network or host (in dotted decimal format). The is the network mask. For example, 10.1.1.
Extended ACL Instance permit [tcp|udp] [|any|host ] {eq |range } [] {eq } {range } {log} {ruleprecedence <1-5000>} 14-23 Use with the permit command to allow TCP or UDP packets • deny – Rejects TCP or UDP packets • tcp|udp – Specifies TCP or UDP as the protocol • |any|host – The source is the source IP address of the network or ho
14-24 Motorola RF Switch CLI Reference Guide • icmp • tcp • udp The last ACE in the access list is an implicit deny statement. Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL. It is allowed based on the ACL configuration. • Filtering on TCP/UDP allows the user to specify port numbers as filtering criteria • Select ICMP to allow/deny packets.
Extended ACL Instance 14-25 14.1.9 service Extended ACL Config Commands Invokes service commands to troubleshoot or debug the (config-if) instance configurations Supported in the following platforms: • RFS7000 • RFS6000 Syntax service show cli Parameters None Example RFSwitch(config-ext-nacl)#service show cli Extended ACL Config mode: +-clrscr [clrscr] +-deny +-icmp +-A.B.C.D/M +-A.B.C.D/M [(deny|permit|mark (8021p <0-7> | tos <0255>)) (icmp) (A.B.C.D/M | host A.B.C.D | any)(A.B.C.D/M | host A.B.C.
14-26 Motorola RF Switch CLI Reference Guide 14.1.
Extended ACL Instance 14-27 environment show environmental information file Display filesystem information firewall Wireless firewall ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol (IP) mac-address-table Display MAC address table mac-name Displays the configured MAC names management Display L3 Manag
14-28 Motorola RF Switch CLI Reference Guide 14.2 Configuring IP Extended ACL IP Extended ACLs contain rules based on the following parameters: • Source IP address • Destination IP address • IP Protocol • Source Port–if protocol is TCP or UDP • Destination Port–if protocol is TCP or UDP • ICMP Type–if protocol is ICMP • ICMP Code–if protocol is ICMP IP protocol, Source IP and Destination IP are mandatory parameters.You can create either a Numbered IP Extended ACL or a Named IP Extended IP Address.
Standard ACL Instance The Standard ACL instance (config-std-acl) is used to manage the standard Access Control List entries associated with the switch. To navigate to this instance, use the command: RFSwitch(config)#ip access-list standard [| <1-99>|<1300-1999>] RFSwitch(config-std-acl)# 15.1 Standard ACL Config Commands Table 15.1 summarizes the config-std-nacl commands: Table 15.1 Standard ACL Config Command Summary Command Description Ref.
15-2 Motorola RF Switch CLI Reference Guide Table 15.1 Standard ACL Config Command Summary (Continued) Command Description Ref.
Standard ACL Instance 15.1.
15-4 Motorola RF Switch CLI Reference Guide 15.1.2 deny Standard ACL Config Commands Specifies packets to reject Supported in the following platforms: • RFS7000 • RFS6000 Syntax deny [|any|host ] {log} {rule-precedence <1-5000>} Parameters [|any|host ] {log} {rule-precedence <1-5000>} Use with a deny command to reject packets • |any|host – The keyword is the source IP address of the network or host in dotted decimal format.
Standard ACL Instance 15-5 Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL. It is allowed/denied based on the ACL configuration. NOTE: The log option is functional only for router ACL’s. The log option results in an informational logging message for the packet matching the entry sent to the console. 15.1.2.
15-6 Motorola RF Switch CLI Reference Guide 15.1.3 end Standard ACL Config Commands Ends and exits from the current mode and moves to the PRIV EXEC mode.
Standard ACL Instance 15-7 15.1.4 exit Standard ACL Config Commands Ends the current mode and moves to previous mode (GLOBAL-CONFIG).
15-8 Motorola RF Switch CLI Reference Guide 15.1.5 help Standard ACL Config Commands Displays the system’s interactive help in HTML format Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-std-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Standard ACL Instance 15-9 15.1.6 mark Standard ACL Config Commands Specifies packets to mark Supported in the following platforms: • RFS7000 • RFS6000 Syntax mark [8021p|dscp|tos] mark 8021p mark dscp mark tos [|any|host ] {log} {rule-precedence <1-5000>} Parameters 8021p Sets the 802.1p VLAN user priority value to (0-7).
15-10 Motorola RF Switch CLI Reference Guide [| any|host ] {log} {rule-precedence <1-5000>} Use with a mark command to mark packets • |any|host – The keyword is the source IP address of the network or host in dotted decimal format. The is the network mask. For example, 10.1.1.10/24 indicates the first 24 bits of the source IP is used for matching. • any – any is an abbreviation for a source IP of 0.0.0.
Standard ACL Instance 15-11 15.1.7 no Standard ACL Config Commands Negates a command or sets its defaults Supported in the following platforms: • RFS7000 • RFS6000 Syntax no [deny|mark|permit] Negates all the syntax combinations used in deny, mark and permit designations.
15-12 Motorola RF Switch CLI Reference Guide 15.1.
Standard ACL Instance 15-13 Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL. It is allowed based on the ACL’s configuration. NOTE: The log option is functional only for router ACLs. The log option displays an informational logging message about the packet matching the entry sent to the console. 15.1.8.
15-14 Motorola RF Switch CLI Reference Guide 15.1.9 service Standard ACL Config Commands Invokes service commands to troubleshoot or debug (config-if) instance configurations Supported in the following platforms: • RFS7000 • RFS6000 Syntax service show cli Parameters cli Displays the CLI tree of the current mode Example RFSwitch(config-std-nacl)#service show cli Standard ACL Config mode: +-clrscr [clrscr] +-deny +-A.B.C.D/M [(deny|permit|mark (8021p <0-7> | tos <0255>))(A.B.C.D/M | host A.B.C.
Standard ACL Instance 15-15 +-<1-5000> [(deny|permit|mark (8021p <0-7> | tos <0255>))(A.B.C.D/M | host A.B.C.D | any)(log|)(rule-precedence <1-5000> |)] +-rule-precedence +-<1-5000> [(deny|permit|mark (8021p <0-7> | tos <0255>))(A.B.C.D/M | host A.B.C.D | any)(log|)(rule-precedence <1-5000> |)] ............................................................ ............................................................ ............................................................ .....................
15-16 Motorola RF Switch CLI Reference Guide 15.1.
Standard ACL Instance 15-17 environment show environmental information file Display filesystem information firewall Wireless firewall ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol (IP) mac-address-table Display MAC address table mac-name Displays the configured MAC names management Display L3 Manag
15-18 Motorola RF Switch CLI Reference Guide 15.2 Use Case: Configuring IP Standard ACL IP Standard ACLs contain rules based on Source IP Address. You can create either a Numbered IP Standard ACL or a Named IP Standard IP Address. Execute the following CLI commands to configure an IP based standard ACL: 1. To configure numbered IP Standard ACL: RFSwitch(config)#access-list 2 deny host 1.2.3.4 rule-precedence 10 RFSwitch(config)#access-list 3 deny host 1.2.3.
Extended MAC ACL Instance Use the (config-ext-macl) instance to configure mac access-list extended ACLs. To navigate to this instance, use the command: RFSwitch(config)#mac access-list extended RFSwitch(config-ext-macl)# 16.1 MAC Extended ACL Config Commands Table summarizes config-ext-macl commands: Table 16.1 MAC Extended ACL Config Command Summary Command Description Ref.
16-2 Motorola RF Switch CLI Reference Guide Table 16.1 MAC Extended ACL Config Command Summary (Continued) Command Description Ref.
Extended MAC ACL Instance 16.1.
16-4 Motorola RF Switch CLI Reference Guide 16.1.2 deny MAC Extended ACL Config Commands Specifies packets to reject NOTE: Use a decimal value representation of ethertypes to implement a permit/deny/mark designation for a packet. The command set for Extended MAC ACLs provide the hexadecimal values for each listed ethertype. The switch supports all ethertypes. Use the decimal equivalent of the ethertype listed for any other ethertype.
Extended MAC ACL Instance 16-5 Parameters deny [|any|host ] [|any| host ] {[dot1p| rule-precedence|type|vlan]} Define a source and destination MAC address and Mask specifying the bits to match. The source and destination wildcards can be any one of the following: • [|any|host ]– Source MAC address and mask in the format xx:xx:xx:xx:xx:xx/ xx:xx:xx:xx:xx:xx. • any – Any source host • host – Exact source MAC address to match dot1p <0-7> Determine a 802.
16-6 Motorola RF Switch CLI Reference Guide vlan<1-4095> Set a VLAN tag ID to match Usage Guidelines The deny command disallows traffic based on layer 2 (data-link layer) data. The MAC access list denies traffic from a particular source MAC address or any MAC address. It can also disallow traffic from a list of MAC addresses based on the source mask. The MAC access list can disallow traffic based on the VLAN and ethertype. The most common ethertypes are: • • • • arp wisp ip 802.
Extended MAC ACL Instance 16-7 RFSwitch(config-ext-macl)#deny host 01:02:fe:45:76:89 host 01:02:89:78:78:45 RFSwitch(config-ext-macl)#
16-8 Motorola RF Switch CLI Reference Guide 16.1.3 end MAC Extended ACL Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
Extended MAC ACL Instance 16-9 16.1.4 exit MAC Extended ACL Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
16-10 Motorola RF Switch CLI Reference Guide 16.1.5 help MAC Extended ACL Config Commands Displays the system’s interactive help (in HTML format) Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-ext-macl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Extended MAC ACL Instance 16-11 16.1.6 mark MAC Extended ACL Config Commands Specifies the packet to mark NOTE: Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. An Extended MAC ACL provides the hexadecimal values for each listed ethertype. The switch supports all ethertypes. Use the decimal equivalent of the ethertype listed in the CLI or any other type of ethertype.
16-12 Motorola RF Switch CLI Reference Guide Parameters 8021p<0-7> Modifies the 802.1p VLAN user priority • xx:xx:xx:xx:xx:xx/ xx:xx:xx:xx:xx:xx–Source MAC address and mask • any – Any source host • host – Exact source MAC address to match tos<0-255> Modifies the TOS bits in an IP header • xx:xx:xx:xx:xx:xx/ xx:xx:xx:xx:xx:xx–Destination MAC address and mask • any – Any destination host • host – Exact destination MAC address to match mark [ |any|host] Specifies the bits to match.
Extended MAC ACL Instance 16-13 type [8021q|<1-65535>| arp|appletalk|ip|ipv6ipx|rarp| vlan|wisp] Defines an ethertype value represented as an integer or keyword for well-known ethertypes (like IP, IPv6, ARP etc.
16-14 Motorola RF Switch CLI Reference Guide 16.1.
Extended MAC ACL Instance 16-15 16.1.8 permit MAC Extended ACL Config Commands Specifies packets to forward NOTE: Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. An Extended MAC ACL provides the hexadecimal values for each listed ethertype. The switch supports all ethertypes. Use the decimal equivalent of the ethertype listed in the CLI or any other type of ethertype.
16-16 Motorola RF Switch CLI Reference Guide permit [|any|host ] { {}} Bit mask specifying the bits to match. The destination wildcard can be one of the following: • xx:xx:xx:xx:xx:xx/ xx:xx:xx:xx:xx:xx–Destination MAC address and mask • any – Uses any available destination host • host – Defines the destination MAC address dot1p<0-7> Establishes the 802.
Extended MAC ACL Instance 16-17 permit any any type wisp NOTE: Use the following command to attach a MAC access list to a port on a layer 2 interface: mac access-group in The permit command in the MAC ACL disallows traffic based on layer 2 (data-link layer) information. A MAC access list permits traffic from a source MAC address or any MAC address. It also has an option to allow traffic from a list of MAC addresses (based on the source mask).
16-18 Motorola RF Switch CLI Reference Guide 16.1.8.2 Example - Permitting ARP Traffic The example below permits arp based traffic from any source MAC address to any destination MAC address: RFSwitch(config-ext-macl)#permit any any type arp RFSwitch(config-ext-macl)# 16.1.8.
Extended MAC ACL Instance 16-19 16.1.
16-20 Motorola RF Switch CLI Reference Guide +-rule-precedence +-<1-5000> [(deny|permit|mark (8021p <0-7> | tos <0-255>))(XX:XX:XX: XX:XX:XX/XX:XX:XX:XX:XX:XX | host XX:XX:XX:XX:XX:XX | any)(XX:XX:XX:XX:XX:XX/XX: XX:XX:XX:XX:XX | host XX:XX:XX:XX:XX:XX | any)(vlan <1-4095> | dot1p <0-7> |) (t ype (<1-65535> | ip | ipv6 | arp | wisp | 8021q | rarp | aarp | appleta lk | ipx ) |)(rule-precedence <1-5000> |)] +-type ............................................................ .................................
Extended MAC ACL Instance 16-21 16.1.
16-22 Motorola RF Switch CLI Reference Guide clock commands crypto debugging dhcp dpd environment file firewall ftp history interfaces ip ldap licenses logging buffer mac mac-address-table mac-name management mobility ntp password-encryption port-channel privilege radius redundancy rtls role running-config securitymgr sessions connections smtp-notofication snmp snmp-server spanning-tree startup-config static-channel-group terminal parameters traffic-shape timezone upgrade-status Display system clock Show
Extended MAC ACL Instance users logged in users version wireless wlan-acl 16-23 Display information about currently Display software & hardware version Wireless configuration commands wlan based acl RFSwitch(config-ext-macl)#show
16-24 Motorola RF Switch CLI Reference Guide 16.2 Configuring MAC Extended ACL MAC Extended ACLs contain rules based on the following parameters: • Source MAC address • Destination MAC address • Ethertype– accepts well known types like IP, ARP, VLAN or an integer value between 1-65535. • VLAN-ID • VLAN 802.1p user priority Source and Destination MAC address are mandatory parameters.
DHCP Server Instance Use the (config-dhcp) instance to configure the DHCP server address pool associated with the switch. To move to this instance, use the command. RFSwitch(config)#ip dhcp pool RFSwitch(config-dhcp)# Also refer to Chapter12, section 12.1.8 ip on page 12-20 for other DHCP related configurations. 17.1 DHCP Config Commands Table 17.1 summarizes config-dhcp commands: Table 17.1 DHCP Server Command Summary Command Description Ref.
17-2 Motorola RF Switch CLI Reference Guide Table 17.1 DHCP Server Command Summary Command Description Ref.
DHCP Server Instance 17-3 Table 17.1 DHCP Server Command Summary Command Description Ref.
17-4 Motorola RF Switch CLI Reference Guide 17.1.
DHCP Server Instance 17-5 17.1.2 bootfile DHCP Config Commands Assigns a bootfile name for the DHCP configuration on the network pool Supported in the following platforms: • RFS7000 • RFS6000 Syntax bootfile Parameters bootfile Sets the boot image for BOOTP clients. The file name can contain letters, numbers, dots and hyphens. Consecutive dots and hyphens are not permitted. Usage Guidelines Use the bootfile command to specify the boot image.
17-6 Motorola RF Switch CLI Reference Guide 17.1.3 class DHCP Config Commands Associates a DHCP class with a pool This command is used in Step 4 of Creating a DHCP User Class. The CLI prompt moves to a sub-instance(config-dhcp-class).The configuration mode changes from (config-dhcp)# class to (config-dhcp-class). Refer to config-dhcp-class on page 17-7 for a (config-dhcp-class) command summary.
DHCP Server Instance 17-7 3. Create a Pool named WID, using (config)# mode. RFSwitch(config)#ip dhcp pool WID RFSwitch(config-dhcp)# 4. Associate the DHCP class, created in Step 1 with the pool created in Step 3. The switch supports the association of 8 DHCP classes with a pool. RFSwitch(config-dhcp)#class RFS7000DHCPclass RFSwitch(config-dhcp-class)# 5. The switch moves to a new mode (config-dhcp-class). Use this mode to add an address range used for the DHCP class associated with the pool.
17-8 Motorola RF Switch CLI Reference Guide address config-dhcp-class Sets an address range for a DHCP class within a DHCP server address pool Syntax address range Parameters range Assigns an address range for the DHCP class • – Defines the low IP address • – Defines the high IP address Example RFSwitch(config-dhcp-class)#address range 11.22.13.14 11.22.33.
DHCP Server Instance 17.1.4 client-identifier DHCP Config Commands Assigns a name to the client-identifier A client identifier is used to reserve an IP address for a DHCP client. Supported in the following platforms: • RFS7000 • RFS6000 Syntax client-identifier Parameters client-identifier Prepends a null character.
17-10 Motorola RF Switch CLI Reference Guide 17.1.
DHCP Server Instance 17.1.
17-12 Motorola RF Switch CLI Reference Guide 17.1.
DHCP Server Instance Example RFSwitch(config-dhcp)#ddns domainname TestDomain.
17-14 Motorola RF Switch CLI Reference Guide 17.1.8 default-router DHCP Config Commands Configures the default router or gateway IP address for the network pool. To remove the default router list, use the no default-router command.
DHCP Server Instance 17-15 17.1.9 dns-server DHCP Config Commands Sets the DNS server’s IP address available to all DHCP clients connected to the pool. Use the no dns-server command to remove the DNS server list. Supported in the following platforms: • RFS7000 • RFS6000 Syntax dns-server Parameters dns-server Configures the DNS server’s IP address • – Sets the server's IP address. Up to 8 IPs can be set.
17-16 Motorola RF Switch CLI Reference Guide 17.1.10 domain-name DHCP Config Commands Sets the domain name for the network pool. Use the no domain-name command to remove the domain name. Supported in the following platforms: • RFS7000 • RFS6000 Syntax domain-name Parameters domain-name Defines the domain name for the network pool Usage Guidelines The domain name cannot exceed 256 characters.
DHCP Server Instance 17.1.11 end DHCP Config Commands Exits the current mode and moves to the PRIV EXEC mode.
17-18 Motorola RF Switch CLI Reference Guide 17.1.12 exit DHCP Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
DHCP Server Instance 17-19 17.1.13 hardware-address DHCP Config Commands Reserves an IP address (manually) based on a DHCP client’s hardware address. Use the no hardware-address command to remove this from the DHCP pool. Supported in the following platforms: • RFS7000 • RFS6000 Syntax hardware-address {[ethernet|token-ring]} Parameters hardware-address {ethernet|token-ring} Sets the client's hardware address to .
17-20 Motorola RF Switch CLI Reference Guide 17.1.14 help DHCP Config Commands Displays the system’s interactive help in HTML format Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-dhcp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
DHCP Server Instance 17-21 17.1.15 host DHCP Config Commands Defines a fixed IP address for the host in dotted decimal format Use the no host command to remove the host from the DHCP pool.
17-22 Motorola RF Switch CLI Reference Guide 17.1.16 lease DHCP Config Commands Sets a valid lease time for the IP address used by DHCP clients in the network pool Supported in the following platforms: • RFS7000 • RFS6000 Syntax lease [{<0-365> <0-23> <0-59>}|infinite] Parameters lease [ {<0-365> <0-23> <0-59>} |infinite] Sets the lease time for an IP address • <0-365> –Sets the lease period in days. Days can be made as 0 only when hours and/or mins are greater than 0.
DHCP Server Instance 17-23 NOTE: The factory default lease period for a pool – network pool or host pool is configured as 1 day. Example RFSwitch(config-dhcp)#lease 1 0 0 RFSwitch(config-dhcp)# RFSwitch(config)#show running-config .......................................... .......................................... .......................................... ip dhcp pool Test4lease host 3.33.33.3 client-name test4lease client-identifier tested4lease .......................................... .............
17-24 Motorola RF Switch CLI Reference Guide 17.1.17 netbios-name-server DHCP Config Commands Sets the netbios-name server’s IP address Supported in the following platforms: • RFS7000 • RFS6000 Syntax netbios-name-server Parameters netbios-name-server Defines the NetBIOS (WINS) name server • – Sets the NetBIOS name server's IP address Example RFSwitch(config-dhcp)#netbios-name-server 2.2.2.
DHCP Server Instance 17.1.
17-26 Motorola RF Switch CLI Reference Guide 17.1.19 network DHCP Config Commands Sets the network pool’s IP address This address maps the current DHCP pool with a specific network.
DHCP Server Instance 17.1.20 next-server DHCP Config Commands Sets the IP address of the next server in the boot process Supported in the following platforms: • RFS7000 • RFS6000 Syntax next-server Parameters next-server Sets the next server in boot process • – Defines the server's IP address Example RFSwitch(config-dhcp)#next-server 2.2.2.
17-28 Motorola RF Switch CLI Reference Guide 17.1.21 no DHCP Config Commands Negates a command or sets its defaults Supported in the following platforms: • RFS7000 • RFS6000 Syntax no [address|bootfile|class|client-identifier|client-name| ddns|default-router|dns-server|domain-name|hardware-address| host|lease|netbios-name-server|netbios-node-type|network| next-server|option|update|unicast-table] Parameters The no command negates any command associated with it.
DHCP Server Instance 17-29 17.1.
17-30 Motorola RF Switch CLI Reference Guide 17.1.23 service DHCP Config Commands Invokes service commands to troubleshoot or debug (config-dhcp) instance configurations Supported in the following platforms: • RFS7000 • RFS6000 Syntax service show cli Parameters show cli Displays the CLI tree of the current mode Example RFSwitch(config-dhcp)#service show cli DHCP Server Config mode: +-address +-range +-A.B.C.D [address range A.B.C.D ( A.B.C.D |)] +-A.B.C.D [address range A.B.C.D ( A.B.C.
DHCP Server Instance 17-31 17.1.
17-32 Motorola RF Switch CLI Reference Guide firewall ftp history interfaces ip ldap licenses logging buffer mac mac-address-table mac-name management mobility ntp password-encryption port port-channel privilege radius redundancy rtls role running-config securitymgr sessions connections smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group terminal parameters timezone traffic-shape upgrade-status users logged version wireless wlan-acl RFSwitch(config-dhcp)# Wireless firewal
DHCP Server Instance 17-33 17.1.25 update DHCP Config Commands Controls the usage of the DDNS service Supported in the following platforms: • RFS7000 • RFS6000 Syntax update dns override Parameters update dns override Controls the usage of the DDNS service • dns override – Dynamic DNS Configuration • override – Enable Dynamic Updates by onboard DHCP Server Usage Guidelines A DHCP client cannot perform updates for RR’s A, TXT and PTR.
17-34 Motorola RF Switch CLI Reference Guide 17.1.
DHCP Server Instance 17-35 17.2 Configuring the DHCP Server using Switch CLI The switch DHCP configuration is conducted by creating pools and mapping them to L3 interfaces (SVI). • A Network pool is the pool with “include” ranges. When the network pool is mapped to a L3 interface, DHCP clients requesting IPs from the L3 interface get an IP from the configured range. • A host pool is the pool used to assign static/fixed IP address to DHCP clients.
17-36 Motorola RF Switch CLI Reference Guide 17.2.1 Creating network pool To create a network pool: 1. Create a DHCP server dynamic address pool. RFSwitch(config)#ip dhcp pool test 2. Map the DHCP pool to the network pool. RFSwitch(config-dhcp)#network 192.168.0.0/24 3. Add the address range for the dynamic pool. RFSwitch(config-dhcp)#address range 192.168.0.30 192.168.0.60 4. Assign a domain name (as appropriate) to this dynamic pool. RFSwitch(config-dhcp)#domain-name test.com 5.
DHCP Server Instance 17.2.2 Creating a Host Pool To create a host pool: 1. Create a DHCP server host address pool. RFSwitch(config)#ip dhcp pool hostpool 2. Assign the client name of the host for which static allocation is required. RFSwitch(config-dhcp)#client-name linuxbox 3. Assign an IP address for the host. RFSwitch(config-dhcp)#host 192.168.0.50 4. Configure the hardware address of the host. RFSwitch(config-dhcp)#hardware 00:a0:f8:6f:6b:88 5.
17-38 Motorola RF Switch CLI Reference Guide 17.2.3 Troubleshooting DHCP Configuration 1. The DHCP Server is disabled by default. Use the following command to enable the DHCP Server: RFSwitch(config)#service dhcp This command administratively enables the DHCP server. If the DHCP configuration is incomplete, it is possible the DHCP server will be disabled even after the execution of this command. 2. Use the network command to map the network pool to interface. network 192.168.0.
DHCP Server Instance 17-39 5. A host pool should have its corresponding network pool configured, otherwise the host pool is useless. The fixed IP address configured in the host pool must be in the subnet of the corresponding network pool. 6. If you create a pool and map it to an interface, it automatically gets enabled, provided DHCP is enabled at a global level. Use the no network command to disable DHCP on a per pool/interface basis. 7.
17-40 Motorola RF Switch CLI Reference Guide 17.2.4 Creating a DHCP Option To create a DHCP option: 1. To create a non standard option named “tftp-server”. RFSwitch(config)#ip dhcp option tftp-server 183 ip 2. Enter the DHCP pool —”test”. RFSwitch(config)#ip dhcp pool test 3. Assign a value to the DHCP option configured above. RFSwitch(config-dhcp)#option tftp-server 192.168.0.100 4. Exit the DHCP instance.
DHCP Class Instance Use the (config-dhcpclass) instance to configure DHCP user classes. The switch supports a maximum of 8 user classes per DHCP class. To navigate to this instance use the command: RFSwitch(config)#ip dhcp class RFSwitch(config-dhcpclass)# Refer to ip on page 12-10 and DHCP Class Instance on page 18-1 for other DHCP related configurations. 18.1 DHCP Server Class Config Commands Table 18.1 summarizes config-std-nacl commands: Table 18.
18-2 Motorola RF Switch CLI Reference Guide Table 18.1 DHCP Server Class Config Commands Command Description Ref.
DHCP Class Instance 18.1.
18-4 Motorola RF Switch CLI Reference Guide 18.1.2 end DHCP Server Class Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
DHCP Class Instance 18-5 18.1.3 exit DHCP Server Class Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
18-6 Motorola RF Switch CLI Reference Guide 18.1.4 help DHCP Server Class Config Commands Displays the system’s interactive help in HTML format Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-dhcpclass)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
DHCP Class Instance 18.1.
18-8 Motorola RF Switch CLI Reference Guide 18.1.
DHCP Class Instance 18-9 18.1.7 option DHCP Server Class Config Commands Specifies a value for DHCP user class options Supported in the following platforms: • RFS7000 • RFS6000 Syntax option user-class Parameters user-class Creates/modifies DHCP server user class options • – ASCII value of user-class option Example RFSwitch(config-dhcpclass)#option user-class MC800 RFSwitch(config-dhcpclass)# 18.1.7.
18-10 Motorola RF Switch CLI Reference Guide 4. Associate the DHCP class, created in Step 1 with the pool created in Step 3. The switch supports the association of 8 DHCP classes with a pool. RFSwitch(config-dhcp)#class RFS7000DHCPclass RFSwitch(config-dhcp-class)# 5. The switch moves to a new mode (config-dhcp-class). Use this mode to add an address range for the DHCP class associated with the pool. RFSwitch(config-dhcp-class)#address range 11.22.33.
DHCP Class Instance 18-11 18.1.
18-12 Motorola RF Switch CLI Reference Guide 18.1.
DHCP Class Instance 18-13 dhcp DHCP Server Configuration environment show environmental information file Display filesystem information firewall Wireless firewall ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol (IP) mac-address-table Display MAC address table mac-name Display the configured MAC names
18-14 Motorola RF Switch CLI Reference Guide wlan-acl wlan based acl RFSwitch(config-dhcpclass)#show RFSwitch(config-dhcpclass)#show ip dhcp binding IP MAC/Client-Id Expiry Time -----------------------RFSwitch(config-dhcpclass)# RFSwitch(config-dhcpclass)#show ip dhcp class RFS7000DHCPclass ! ip dhcp class DHCPclass option user-class MC800 RFSwitch(config-dhcpclass)# RFSwitch(config-dhcpclass)#show ip dhcp pool WID ! ip dhcp pool WID class RFS7000DHCPclass address range 11.22.33.
Radius Server Instance Use the (config-radsrv) instance to configure local RADIUS server parameters. Local (Onboard) RADIUS server commands are listed under this mode. To navigate to this instance, use the command: RFSwitch(config)#radius-server local RFSwitch(config-radsrv)# 19.1 Radius Configuration Commands Table 19.1 summarizes the Global Config command: Table 19.1 RADIUS Server Command Summary Command Description Ref.
19-2 Motorola RF Switch CLI Reference Guide Table 19.1 RADIUS Server Command Summary Command group Description Sets RADIUS user group parameters. Ref. page 19-10 NOTE: This command navigates to another sub-instance called config-radsrv-group with its own command summary.
Radius Server Instance 19-3 19.1.
19-4 Motorola RF Switch CLI Reference Guide Usage Guidelines Set eap-auth-type to all to service RADIUS requests received from mobile units. Setting eap-auth-type to peap-gtc/peap-mschapv2 ensures peap-gtc/peap-mschapv2 service only. Similarly, setting eap-auth-type to ttls-md5/ttls-mschapv2/ttls-pap services all ttls authentication requests from mobile units. Setting eap-auth-type to tls ensures only tls authentication is serviced.
Radius Server Instance 19-5 19.1.2 ca Radius Configuration Commands Configures CA (Certificate Authority) parameters Supported in the following platforms: • RFS7000 • RFS6000 Syntax ca trust-point Parameters trust-point Defines the trustpoint configuration • – Displays the existing trustpoint name Usage Guidelines Configures the trustpoint used by the local RADIUS server.
19-6 Motorola RF Switch CLI Reference Guide 19.1.
Radius Server Instance 19-7 19.1.4 crl-check Radius Configuration Commands Enables a Certificate Revocation List (CRL) check To enable the certificate revocation list, ensure the crl list is loaded using a crypto pki import crl command. Supported in the following platforms: • RFS7000 • RFS6000 Syntax crl-check enable Parameters enable Enables the CRL check Usage Guidelines TLS uses certificates for authentication.
19-8 Motorola RF Switch CLI Reference Guide 19.1.5 end Radius Configuration Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
Radius Server Instance 19-9 19.1.6 exit Radius Configuration Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
19-10 Motorola RF Switch CLI Reference Guide 19.1.7 group Radius Configuration Commands Configures RADIUS user groups The CLI moves to the config-radsrv-group sub-instance to create a new group. The prompt changes from RFSwitch(config-radsrv)# to RFSwitch(config-radsrv-group)# Supported in the following platforms: • RFS7000 • RFS6000 Table 19.2 summarizes the RADIUS user group commands within the (config-radsrv-group) sub-instance. Table 19.2 RADIUS User Group Command Summary Command Description Ref.
Radius Server Instance 19-11 Table 19.2 RADIUS User Group Command Summary Command show Description Displays running system information Ref. page 19-19 19.1.7.1 clrscr group Clears the display screen Syntax clrscr Parameters None Example RFSwitch(config-radsrv-group)#clrscr RFSwitch(config-radsrv-group)# 19.1.7.2 end group Ends and exits the current mode and changes to the PRIV EXEC mode.
19-12 Motorola RF Switch CLI Reference Guide Syntax exit Parameters None Example RFSwitch(config-radsrv-group)#exit RFSwitch(config-radsrv)#group 19.1.7.4 group group Establishes RADIUS user group parameters. This command creates a group within the existing RADIUS group Syntax group Parameters Defines the RADIUS group name Example RFSwitch(config-radsrv-group)#group TestGroup RFSwitch(config-radsrv-group)# 19.1.7.
Radius Server Instance 19-13 Usage Guidelines Creates a guest group. The guest user created using rad-user can only be part of the guest group. Example RFSwitch(config-radsrv-group)#guest-group enable RFSwitch(config-radsrv-group)# 19.1.7.6 help group Displays the system’s interactive help in HTML format. Syntax help Parameters None Example RFSwitch(config-radsrv-group)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
19-14 Motorola RF Switch CLI Reference Guide 19.1.7.
Radius Server Instance 19-15 RFSwitch(config-radsrv-group)# RFSwitch(config-radsrv-group)#no policy vlan RFSwitch(config-radsrv-group)# RFSwitch(config-radsrv-group)#no policy wlan 2 5 RFSwitch(config-radsrv-group)# RFSwitch(config-radsrv-group)#no rad-user all RFSwitch(config-radsrv-group)# RFSwitch(config-radsrv-group)#no service radius %%Info: Radius service stopped... RFSwitch(config-radsrv-group)# 19.1.7.
19-16 Motorola RF Switch CLI Reference Guide Parameters day [all|su|mo|tu|we|th|fr|sa| weekdays] Day of access policy configuration • all – All days (from Sunday to Saturday) • su – Sunday • mo – Monday • tu – Tuesday • we – Wednesday • th – Thursday • fr – Friday • sa – Saturday • weekdays – Allows access only during weekdays (M-F) time [start <0-23> <0-59>] [end <0-23> <0-59>] Sets the access policy time for this group • start – Sets the start time • end – Defines the end time (must be greater than
Radius Server Instance 19-17 RFSwitch(config-radsrv-group)#policy wlan 20 21 22 23 RFSwitch(config-radsrv-group)# 19.1.7.9 rad-user Radius Configuration Commands Adds an existing RADIUS user to this group. If the RADIUS user is not available in the Onboard RADIUS server’s database, create a new RADIUS user using the rad-user command from within the (config-radsrv) mode. For more information, see rad-user on page 19-31.
19-18 Motorola RF Switch CLI Reference Guide wireless-to-wired <100-100000> Up link direction from wireless client to network • <100-100000> – Rate in the range of <100-100000> kbps Usage Guidelines Use [no] rate-limit [wired-to-wireless|wireless-to-wired]to remove the rate limit applied to the group.
Radius Server Instance 19-19 +-enable [guest-group enable] +-help [help] ............................................................ ............................................................ ............................................................ ..................... RFSwitch(config-radsrv-group)# 19.1.7.
19-20 Motorola RF Switch CLI Reference Guide ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol (IP) mac-name Displays the co nfigured MAC names mac-address-table Display MAC address table management Display L3 Managment Interface name mobility Display Mobility parameters ntp Network time protocol password-encryption password encryption power show power over ethernet command privilege Show current privilege le
Radius Server Instance 19-21 19.1.7.13 Example–Creating a Group The (config-radsrv-group) sub-instance is explained in the example below: 1. Create a group called Sales in the local RADIUS server database. RFSwitch(config-radsrv)#group sales 2. Check the RADIUS user group’s configuration. RFSwitch(config-radsrv-group)#? RADIUS user group configuration commands: 3. Use a policy command to configure group policies for the group created in Step 1.
19-22 Motorola RF Switch CLI Reference Guide key Radius client shared secret RFSwitch(config-radsrv)#nas 10.10.10.0/24 key ? 0 Password is specified UNENCRYPTED 2 Password is encrypted with password-encryption secret LINE The secret(client shared secret), upto 32 characters RFSwitch(config-radsrv)#nas 10.10.10.0/24 key 0 very-secret!! 8. Use (config-radsrv)#proxy to add a realm name for the group. RFSwitch(config-radsrv)#proxy realm mydomain.com server 10.10.1.10 port 1812 secret 0 testing 9.
Radius Server Instance 19-23 19.1.8 help Radius Configuration Commands Displays the system’s interactive help in HTML format Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-radsrv)#help? help Description of the interactive help system RFSwitch(config-radsrv)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
19-24 Motorola RF Switch CLI Reference Guide 19.1.9 ldap-server Radius Configuration Commands Sets the LDAP server configuration It uses the existing external database (active directory with the onboard RADIUS server) instead of the local database on the switch.
Radius Server Instance 19-25 Parameters ldap-server primary host port <1-65535> login bind-dn base-dn passwd {| | } passwd-attr group-attr group-filter group-membership net-timeout <1-10> Sets the primary LDAP server’s configuration • host < IP> – Sets the LDAP server’s IP configuration • – Defines the LDAP server IP address • port – Enter t
19-26 Motorola RF Switch CLI Reference Guide ldap-server secondary host Defines the secondary LDAP server’s configuration.
Radius Server Instance 19-27 19.1.
19-28 Motorola RF Switch CLI Reference Guide 19.1.
Radius Server Instance 19-29 19.1.
19-30 Motorola RF Switch CLI Reference Guide Example RFSwitch(config-radsrv)#proxy realm Test server 10.10.10.
Radius Server Instance 19-31 19.1.
19-32 Motorola RF Switch CLI Reference Guide password [0|2|] group guest expiry-time expiry-date start-time start-date ] Sets the RADIUS user password • 0 – Defines the password as UNENCRYPTED • 2 – The password is encrypted with a password encryption secret • – Sets a password up to 21 characters in length • group – Radius server group configuration • – Existing group name in local datab
Radius Server Instance privilege [helpdesk|monitor| nwadmin|superuser| sysadmin|webadmin] 19-33 Set management user access privilege • helpdesk [monitor|nwadmin|superuser|sysadmin|webadmin]– helpdesk (troubleshooting) access • monitor [helpdesk|nwadmin|superuser|sysadmin|webadmin]– Monitor (read-only) access • nwadmin [helpdesk|monitor|superuser|sysadmin|webadmin]– Network (wired&wireless) admin access superuser[helpdesk|monitor|nwadmin|sysadmin|webad min– Superuser (root) access • sysadmin [helpdesk|mon
19-34 Motorola RF Switch CLI Reference Guide 19.1.14 server Radius Configuration Commands Configures server certificate parameters used by a RADIUS server The server certificate is a part of a trustpoint created using crypto on page 5-22.
Radius Server Instance 19-35 19.1.15 service Radius Configuration Commands Invokes the service commands to troubleshoot or debug the (config-radsrv) instance configuration This command is also used to enable the RADIUS server.
19-36 Motorola RF Switch CLI Reference Guide 19.1.
Radius Server Instance 19-37 environment show environmental information file Display filesystem information firewall Wireless firewall ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol (IP) mac-address-table Display MAC address table mac-name Displays the configured MAC names management Display L3 Mana
19-38 Motorola RF Switch CLI Reference Guide 19.1.
Wireless Instance Use the (config-wireless) instance to configure local RADIUS server parameters associated with the switch. To navigate to this instance, use the command from the Global Config mode. RFSwitch(config)#wireless RFSwitch(config-wireless)# 20.1 Wireless Configuration Commands This table summarizes (config-wireless) commands: Command Description Ref.
20-2 Motorola RF Switch CLI Reference Guide Command Description Ref.
Wireless Instance Command 20-3 Description Ref. dhcp-one-portalforward Enables forwarding of DHCP responses to one portal. page 20-37 dhcp-sniff-state Records mobile unit DHCP state information page 20-38 dot11-shared-key-auth Enables support for 802.
20-4 Motorola RF Switch CLI Reference Guide Command Description Ref. nas-id Configures the NAS ID to be sent to the RADIUS server. page 20-58 nas-port-id Configures the NAS port to be sent to the RADIUS server.
Wireless Instance 20-5 20.1.1 aap Wireless Configuration Commands Defines the AAP configuration Supported in the following platforms: • RFS7000 • RFS6000 The number of AAP’s supported differ from switch to switch.
20-6 Motorola RF Switch CLI Reference Guide config-apply [def-delay|mesh-delay] <30-10000> Applies AAP configuration settings • def-delay – Sets the default time to delay before applying AAP configuration • <30 -10000> – Set the delay time (in seconds) • mesh-delay – Defines the interval to delay before applying AAP configuration to Mesh APs • <3--10000> – Set the delay time (in seconds) fwupdate [|| unadopted] Manually upgrades the specified Advanced AP.
Wireless Instance 20-7 20.1.2 admission-control Wireless Configuration Commands Enable admission control for voice traffic across all radios Supported in the following platforms: • RFS7000 • RFS6000 Syntax admission-control voice enable Parameters voice enable Enables admission control for voice on all radios. Usage Guidelines Use {no} admission-control voice enable to disable Admission Control for voice or video on all radios.
20-8 Motorola RF Switch CLI Reference Guide 20.1.3 adopt-unconf-radio Wireless Configuration Commands Adopts a radio (even if not yet configured). Default templates are used for configuring the adopted radio Supported in the following platforms: • RFS7000 • RFS6000 Syntax adopt-unconf-radio enable Parameters None Usage Guidelines Use the {no} adopt-unconf-radio command to switch off adopting unconfigured radios.
Wireless Instance 20-9 20.1.4 adoption-pref-id Wireless Configuration Commands Preference identifier for the switch All radios configured with this preference identifier are more likely to be adopted by this switch.
20-10 Motorola RF Switch CLI Reference Guide 20.1.
Wireless Instance 20-11 Parameters [adoption-policy| country-code|location| name|secure-code| secure-mode-stagging] Sets a single AP index. Use the show wireless ap command to view the AP’s index value. • adoption-policy [allow|deny]– Specifies adoption policy • allow – Allow adoption • deny – Deny adoption • country-code – Defines the country of operation for the ap. Regulatory configurations such as channels will be configured automatically.
20-12 Motorola RF Switch CLI Reference Guide • secure-mode-staging enable – WISPe secure mode staging • enable – Configure secure-mode staging to a set of APs (specified by LIST). The AP's MAC, and staging mode will be saved in the running configuration. In this mode, switch will send configured shared secret in the clear in the Join response to the AP. • Use the {no} secure-mode-staging enable command to negate.
Wireless Instance 20-13 20.1.6 ap-containment Wireless Configuration Commands Sets the rogue AP containment parameters Supported in the following platforms: • RFS7000 • RFS6000 Syntax ap-containment [add |enable|interval ) Parameters add Adds an AP’s MAC Address into the rogue AP containment list. enable Enables the Rogue AP Containment feature. interval Sets the time , a value in the rage of 20-5000, between two Rogue AP containment processes.
20-14 Motorola RF Switch CLI Reference Guide 20.1.
Wireless Instance ap-detection timeout [approved|unapproved] 20-15 Sets the amount of time (in seconds ) an AP remains in the list after it is no longer seen • approved – The timeout in seconds for approved APs.
20-16 Motorola RF Switch CLI Reference Guide 20.1.8 ap-image Wireless Configuration Commands Defines the path to upload the new image over an AP Supported in the following platforms: • RFS7000 • RFS6000 Syntax ap-image [ap100|ap300-ids-sensor|ap300-wisp|ap300-wispe| ap4131|ap5131|ap7131|revert-ap4131] Parameters [ap100| ap300-ids-sensor| ap300-wisp| ap300-wispe| ap4131|ap5131|ap7131| revert-ap4131] The interface to upload new AP image.
Wireless Instance 20-17 20.1.
20-18 Motorola RF Switch CLI Reference Guide default-ap switch-ip [ add | delete [|]| set-default] Sets the default static switch IP address • switch-ip – Static switch IP address • add – Adds a static switch IP address • delete[|] – Deletes a static switch IP address • – A single switch IP address • – A single IP address • set-default – Sets a default switch IP address Example RFSwitch(config-wireless)#ap-ip 1 static-ip 192.168.10.25/24 192.168.10.
Wireless Instance 20-19 20.1.10 ap-standby-attempts-threshold Wireless Configuration Commands Sets the number of attempts after which the standby switch starts adopting APs. Supported in the following platforms: • RFS7000 • RFS6000 Syntax ap-standby-attempts-threshold Parameters Sets the number of attempts to in the range 5–200.
20-20 Motorola RF Switch CLI Reference Guide 20.1.11 ap-timeout Wireless Configuration Commands Changes the default inactivity timeout for access ports Supported in the following platforms: • RFS7000 • RFS6000 Syntax ap-timeout Parameters • – Access-ports identified by a single index or by a list of indices. Use show wireless ap to view the AP’s index or MAC address • – Sets the new inactivity timeout (in seconds) to a value between 40 and 180.
Wireless Instance 20-21 20.1.12 ap-udp-port Wireless Configuration Commands Configures the UDP port for layer 3 adoption of APs You also need to configure the DHCP server providing the APs the same parameter. Supported in the following platforms: • RFS7000 • RFS6000 Syntax ap-udp-port Parameters Sets the port number for layer 3 adoption of APs. is a value in the range 1-65535.
20-22 Motorola RF Switch CLI Reference Guide 20.1.13 auto-select-channels Wireless Configuration Commands Specifies a list of channels that will be used when automatic channel scan (ACS) and dynamic frequency selection (DFS) Supported in the following platforms: • RFS7000 • RFS6000 Syntax auto-select-channels [11a|11bg] [| add |remove ] Parameters [11a|11bg] [| add | remove ] A comma separated list of 802.11a or 802.
Wireless Instance 20-23 20.1.
20-24 Motorola RF Switch CLI Reference Guide 20.1.15 client Wireless Configuration Commands Use this command to configure a wireless client This command creates an exclude-list or include list. Creating a list moves the user to a new mode config-wireless-client-list. Refer section config-wireless-client-list Commands on page 20-26 for (config-wireless-client-list) command summary.
Wireless Instance 20-25 20.1.15.1 Configuring a Client Refer to the configurations below to: • Create an exclude list. RFSwitch(config-wireless)#client exclude-list protected-hosts RFSwitch(config-wireless-client-list)# • Add a host entry into the exclude list. RFSwitch(config-wireless-client-list)# station printers 00:00:AA:DD:EE:11/00:00:FF:DD:EE:11 RFSwitch(config-wireless-client-list)# station testing-host1 00:11:AA:03:1B:FE • Associate the exclude list to a WLAN.
20-26 Motorola RF Switch CLI Reference Guide 20.1.15.2 config-wireless-client-list Commands Use (config-wireless)# client to enter the (config-wireless-client-list) instance. Use this instance, to create an exclude list or include list.
Wireless Instance 20-27 Parameters [|] Defines an index for this host entry in the client list. The host station name must be of size 1-21 characters. • –Sets the MU mac address in AA-BB-CC-DD-EEFF or AA:BB:CC:DD:EE:FF or AABB.CCDD.EEFF format. • – Sets the MU MAC address and mask in AA-BB-CC-DD-EE-FF or AA:BB:CC:DD:EE:FF or AABB.CCDD.EEFF format.
20-28 Motorola RF Switch CLI Reference Guide 20.1.
Wireless Instance 20-29 20.1.17 cluster-master-support Wireless Configuration Commands Sets the parameters for cluster master support This is required for cluster level functions. Supported in the following platforms: • RFS7000 • RFS6000 Syntax cluster-master-support enable Parameters enable Enables the cluster master support. This is required for cluster level functions. Usage Guidelines Use the {no} cluster-master-support enable command to disable this feature. By default, it is disabled.
20-30 Motorola RF Switch CLI Reference Guide 20.1.18 convert-ap Wireless Configuration Commands Changes the mode of operation of an AP to either sensor or standalone Supported in the following platforms: • RFS7000 • RFS6000 NOTE: The number of APs supported by convert-ap command differs for each switch.
Wireless Instance 20-31 Parameters [default|sensor| standalone] Sets the indices of the APs to be converted. • – The index of the AP to be converted. This index can be found from the 'show wireless ap' command. • default – Does not force conversion. Lets the AP negotiate its normal mode of operation with the switch. • sensor {static-ip {}}– Converts an AP300 to operate as an IPS (Intrusion Prevention System) sensor. • static-ip – Optional.
20-32 Motorola RF Switch CLI Reference Guide Example RFSwitch(config-wireless)#convert-ap 1 default 20.1.18.1 Converting an AP to Sensor To convert an AP300 to a sensor: 1. Use sensor command to setup the sensor. RFSwitch(config-wireless)#sensor default-config ? ip-mode configure the IP address mode of the sensors wips-server-ip specify IP addresses of the WIPS server Select either ip-mode or wips-server-ip as the sensor parameter. 2. Specify the VLAN over which the sensors are available.
Wireless Instance 20-33 20.1.19 country-code Wireless Configuration Commands Sets the country of operation All existing radio configurations will be erased Supported in the following platforms: • RFS7000 • RFS6000 Syntax country-code Parameters Configures the switch to operate in a defined country. is the 2 letter ISO-3166 country code.
20-34 Motorola RF Switch CLI Reference Guide 20.1.
Wireless Instance 20-35 loc-mu Sets the parameters for the MU locationing logs media Sets the parameters for the encapsulation media logs mobile-unit Sets the parameters for the mobile-unit logs radio Sets the parameters for the radio logs radius Sets the parameters for the radius client logs self-heal Sets the parameters for the self healing logs smart Sets the parameters for the smart-rf logs snmp Sets the parameters for the snmp logs system Sets the parameters for the system call logs
20-36 Motorola RF Switch CLI Reference Guide config dot11 eap ids kerberos l3-mob loc-ap loc-mu media mobile-unit radio radius self-heal smart snmp system wips wisp wlan configuration change logs datapath logs 802.
Wireless Instance 20-37 20.1.21 dhcp-one-portal-forward Wireless Configuration Commands Enables the option to forward DHCP responses to one portal when the destination mobileunit is known from the response content Supported in the following platforms: • RFS7000 • RFS6000 Syntax dhcp-one-portal-forward enable Parameters enable Enables the option to forward DHCP responses to one portal when the destination mobile-unit is known from the response content.
20-38 Motorola RF Switch CLI Reference Guide 20.1.22 dhcp-sniff-state Wireless Configuration Commands Records mobile unit DHCP state information Supported in the following platforms: • RFS7000 • RFS6000 Syntax dhcp-sniff-state enable Parameters enable Allows support for recording DHCP state information for mobile units Use the {no} dhcp-sniff-state enable command to disable recording mobile unit DHCP state information.
Wireless Instance 20-39 20.1.23 dot11-shared-key-auth Wireless Configuration Commands Enables support for 802.11 shared key authentication NOTE: Shared key authentication has known weaknesses that can compromise your WEP key. It should only be configured to accommodate wireless stations unable to carry out Open-System authentication.
20-40 Motorola RF Switch CLI Reference Guide 20.1.24 end Wireless Configuration Commands Ends and exits the current mode and changes to the PRIV EXEC mode.
Wireless Instance 20-41 20.1.25 exit Wireless Configuration Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
20-42 Motorola RF Switch CLI Reference Guide 20.1.26 fix-broadcast-dhcp-rsp Wireless Configuration Commands Converts broadcast DHCP server responses to unicast Supported in the following platforms: • RFS7000 • RFS6000 Syntax fix-broadcast-dhcp-rsp enable Parameters enable Enables support for converting broadcast DHCP server responses to unicast Usage Guidelines Use the {no} fix-broadcast-dhcp-rsp enable command to disable converting broadcast DHCP server responses to unicast.
Wireless Instance 20-43 20.1.27 help Wireless Configuration Commands Displays the system’s interactive help (in HTML format) Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-wireless)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
20-44 Motorola RF Switch CLI Reference Guide 20.1.28 hotspot Wireless Configuration Commands Configures the WLAN hotspot configuration This overrides or adds to the existing hotspot configuration on the WLAN. Supported in the following platforms: • RFS7000 • RFS6000 Syntax hotspot query [mu-ip|ssid| switch-ip|switch-name|user-string] Parameters The index of this query in the query list. Can be in the range of 1 and 10.
Wireless Instance 20-45 20.1.
20-46 Motorola RF Switch CLI Reference Guide Parameters anomaly-detection [all|bad-essid-frame| beacon-broadcast-essid| deauth-broadcast-smac| detect-adhoc-networks| invalid-8021x-frame| invalid-frame-length| invalid-frame-type| invalid-sequencenumber| multicast-source| non-chaining-wep-iv| null-destination| same-sourcedestination| tkip-countermeasures| unencrypted-traffic| weak-wep-iv] [enable|filter-ageout] Configures parameters related to the detection of anomalous frames on the RF network.
Wireless Instance 20-47 For all the above options, the following values are set • enable – Enables monitoring and filtering • filter-ageout – Sets the number of seconds mobile units are filtered out in the range 0-86400. detect-window Sets the number of seconds information is collected before analysis (all thresholds are a function of this window size). Value in the range 5-300.
20-48 Motorola RF Switch CLI Reference Guide ex-ops [80211-replay-fails|all| association-requests| authentication-fails| crypto-replay-fails| decryption-fails| disassociations| eap-naks|eap-starts| probe-requests| unassoc-frames] [filter-ageout <0-86400>| threshold [mu|radio| switch] <0-65535>] Sets values related to the detection of excessive operations on the RF network • 80211-replay-fails – 802.11 replay check failure • all – Changes for all types of excessive operations • association-requests – 802.
Wireless Instance Example RFSwitch(config-wireless)#ids anomaly-detection tkipcountermeasures enable RFSwitch(config-wireless)# RFSwitch(config-wireless)#ids detect-window 250 RFSwitch(config-wireless)# RFSwitch(config-wireless)#ids ex-ops 80211-replay-fails filter-ageout 5200 RFSwitch(config-wireless)# 20-49
20-50 Motorola RF Switch CLI Reference Guide 20.1.30 load-balance Wireless Configuration Commands Configures the user load balance mode Supported in the following platforms: • RFS7000 • RFS6000 Syntax load-balance [by-count|by-throughput] Parameters by-count In load balance by user count, the load on the radio is measured by the number of MUs associated. The desired balance is to have equal number of MUs on the radios in the group.
Wireless Instance 20-51 20.1.
20-52 Motorola RF Switch CLI Reference Guide zone [<1-48>|default| unknown] Optional GeoFencing location information for devices matching this ACL information. • <1-48> – Administrator defined-id. • default – The user has been located within the site in the default zone. • unknown – If the users location is currently unknown or out of bounds of the site.
Wireless Instance 20-53 20.1.32 manual-wlan-mapping Wireless Configuration Commands Manually maps WLANs configured on a radio Supported in the following platforms: • RFS7000 • RFS6000 Syntax manual-wlan-mapping enable Parameters enable Enables support for manual WLAN mapping. Usage Guidelines Use the {no} manual-wlan-mapping enable command to disable manual mapping of WLANs configured on a radio.
20-54 Motorola RF Switch CLI Reference Guide 20.1.33 mobile-unit Wireless Configuration Commands Configures mobile unit related parameters Supported in the following platforms: • RFS7000 • RFS6000 Syntax mobile-unit [association-history|probe-history] mobile-unit association-history [enable|clear] mobile-unit probe-history [enable|add <1-200> ] Parameters association-history [enable|clear] Enables a mobile unit’s association history. • enable – Enables a mobile unit’s association history.
Wireless Instance 20-55 20.1.34 mobility Wireless Configuration Commands Sets mobility parameters Supported in the following platforms: • RFS7000 • RFS6000 Syntax mobility [enable|local-address|max-roam-period|peer] mobility enable mobility local-address mobility max-roam-period <1-15> mobililty peer Parameters enable Enables mobility globally local-address Sets the local address for mobility • – IP address in A.B.C.
20-56 Motorola RF Switch CLI Reference Guide 20.1.35 multicast-packet-limit Wireless Configuration Commands Sets a multicast packet limit, per second, for a VLAN. This limits the broadcast/multicast packets per VLAN. The default value is 32 broadcast/multicast packets per second. Setting the limit to 0 disables this control.
Wireless Instance 20-57 20.1.36 multicast-throttle-watermark Wireless Configuration Commands Configures watermarks for supporting bursts of broadcast/multicast frames Supported in the following platforms: • RFS7000 • RFS6000 Syntax multicast-throttle-watermarks low <0-100> high <0-100> Parameters low <0-100> Sets the low water-mark. If the percentage of free packets in the system is lower than this threshold, the incoming frame is dropped. high <0-100> Sets the high water-mark.
20-58 Motorola RF Switch CLI Reference Guide 20.1.37 nas-id Wireless Configuration Commands Configures the NAS ID to be sent to the RADIUS server Supported in the following platforms: • RFS7000 • RFS6000 Syntax nas-id To override nas-id on a per WLAN basis: wlan <1-4098> nas-id Parameters A character string to be used as the NAS ID. Can be up to 256 characters long.
Wireless Instance 20.1.38 nas-port-id Wireless Configuration Commands Configures the NAS port ID that must be sent to the RADIUS server Supported in the following platforms: • RFS7000 • RFS6000 Syntax nas-port-id Parameters The port ID to be sent to the RADIUS server.
20-60 Motorola RF Switch CLI Reference Guide 20.1.39 no Wireless Configuration Commands Negates a command or sets its defaults. All the parameters mentioned in the syntax can be negated using the no command.
Wireless Instance 20.1.40 proxy-arp Wireless Configuration Commands Responds to ARP requests from the RON to the WLAN on behalf of mobile units Supported in the following platforms: • RFS7000 • RFS6000 Syntax proxy-arp enable Parameters enable Enables the support for proxy arp Usage Guidelines Use the no proxy-arp enable command to disable.
20-62 Motorola RF Switch CLI Reference Guide 20.1.
Wireless Instance wireless-to-wired [tid0|tid1|tid2|tid3| tid4|tid5|tid6|tid7] dot1p <0-7> 20-63 Mappings used while switching wireless traffic to the wired side. • tid0, tid3– best effort category traffic • tid1, tid2 – background category traffic • tid4, tid5 – video traffic category traffic • tid6, tid7 – voice traffic category traffic • dot1p <0-7> – Configures the mapping of 802.1p tags to access categories. You can specify more than one 802.1p tags with in the range 0 and 7.
20-64 Motorola RF Switch CLI Reference Guide 20.1.42 radio Wireless Configuration Commands Sets radio related parameters Supported in the following platforms: • RFS7000 • RFS6000 The radios group-id range differs from switch to switch.
Wireless Instance radio <1-4096> tx-limit] radio <1-4096> radio <1-4096> radio <1-4096> radio <1-4096> 20-65 ampdu [min-spacing|rx-limit|tx-enable| ampdu ampdu ampdu ampdu min-spacing [.25|.
20-66 Motorola RF Switch CLI Reference Guide radio <1-4096> max-mobile-units radio <1-4096> mu-power <0-20> radio <1-4096> moto-simple-voice enable radio <1-4096> nas-id radio <1-4096> nas-port-id radio <1-4096> on-channel-scan radio radio radio radio radio radio radio radio <1-4096> <1-4096> <1-4096> <1-4096> <1-4096> <1-4096> <1-4096> <1-4096> radio-number <0-2> reset reset-ap rf-function wips rf-mode [a|an|b|bg|bgn|custom|g|n] rss enable rts-threshold <0-2346> run-acs
Wireless Instance 20-67 radio [all-llan|default-11an] [adoption-policy|ampdu| antenna-mode|bss|channel-power|rf-mode|speed|tunnel| short-gi] radio [all-11b|default-11b] [adoption-policy| antenna-mode|base-bridge|beacon-interval|bridge-fwd-delay| bridge-hello|bridge-max-ageout|bridge-msg-age| bridge-priority|bss|channel-power|client-bridge|detector| dtim-period|enhanced-beacon-table|enhanced-probe-table| location-message|max-mobile-units|mu-power| on-channel-scan|reset|reset-ap|rf-function|rf-mode|rss| rts
20-68 Motorola RF Switch CLI Reference Guide add <1-4096> [11a|11an|11b|11bg| 11bgn] {[aap5131| aap5181|ap300|aap7131| aap7181|ap100|ap4131]} Adds the specified radio to the radio list at index specified for the value in the range 1-4096. • [11a|11an|11b|11bg|11bgn] – The radio type • [aap5131|aap5181|ap300|aap7131|aap7181|ap100| ap4131] – Optional. The radio model. The options available will depend on the radio type selected.
Wireless Instance 20-69 admission-control voice [max-mus <0-256>| max-perc <0-100>| max-roamed-mus <0256>| res-roam-perc <0-100>] Sets the admission control parameters for voice. The following options are configured: • max-mus <0-256> – Configure the maximum number of MUs to be admitted. • max-perc <0-100> – Configure the maximum percentage of air time allotted to voice traffic. • max-roamed-mus <0-256> – Configure the maximum number of roamed MUs to be admitted.
20-70 Motorola RF Switch CLI Reference Guide antenna-mode [diversity|mimo|primary| secondary] Defines the antenna diversity mode. Select from the following options: • diversity–Full diversity (both antennas) • mimo – MIMO • primary–Primary antenna only • secondary–Secondary antenna only Note: Before executing this command, ensure the radio is present and is a AP300 model.
Wireless Instance 20-71 bss [<1-4>|add-wlans| auto] Maps WLANs to radio BSSIDs • <1-4>– Sets the BSS where WLANs are mapped • add-wlans – Adds new WLANs to existing radios. The other WLANs on the radios are left as is. • auto – Sets the automatic assignment of a BSS. The user selects WLANs, and the system assigns them to a BSS automatically. • – Defines a list (1,3,7) or range (3-7) of WLAN indices. When a BSS is also specified, the first WLAN is used as the primary WLAN.
20-72 Motorola RF Switch CLI Reference Guide client-bridge [bb-radio| bridge-selectmode| enable| mesh-timeout <2-200>| ssid ] Defines client bridge settings. • bb-radio <1-16> – add the preferred base bridge details.
Wireless Instance 20-73 dtim-period<1-50> {bss <1-4>} Set the DTIM period (number of beacons between successive DTIMs). • <1-50> – Sets the DTIM period • bss <1-4>– Optional BSS index enforce-spec-mgmt enable Enforces spectrum management checks on specified radios. Only mobile units that advertise spectrum management capabilities will be allowed to associate on this radio. enhanced-beacon-table Enables the enhanced beacon table for AP locationing.
20-74 Motorola RF Switch CLI Reference Guide nas-id Configures a NAS ID for this radio. can be up to 256 characters long. nas-port-id Configures a NAS port id for this radio. can be up to 256 characters long. on-channel-scan Enables rogue scanning on this radio. radio-number <0-2> Enter the radio number only if there are two similar radios on the AP. Enter 0 (zero) or omit when there is no ambiguity.
Wireless Instance short-preamble 20-75 Enables support for the short preamble. NOTE: This disables support for long preamble. Mobiles that only support long preamble will not be able to associate.
20-76 Motorola RF Switch CLI Reference Guide • • • • • basic54 basic 54-Mbps basic5p5 basic 5.5-Mbps basic6 basic 6-Mbps basic9 basic 9-Mbps default {mcs } – Factory default rates based on radio-type. • throughput {mcs } – All rates basic (only 802.11g clients are allowed on 802.11bg radios).
Wireless Instance wmm [background| best-effort|video|voice] [aifsn<1-15>|burst <0-65535>| cw<0-15>] wmm [video|voice] acm [enable|max-mus <1-64>] 20-77 Sets 802.11e/Wireless Multi Media (WMM) parameters (supported only on AP300). • background – Prioritizes Background category traffic. • best-effort– Prioritizes Best Effort category traffic. • video – Prioritizes Video category traffic. • voice – Prioritizes Voice category traffic. • acm [enable|max-mus <1-64>] – Admission control parameters.
20-78 Motorola RF Switch CLI Reference Guide 20.1.
Wireless Instance 20-79 20.1.44 secure-wispe-default-secret Wireless Configuration Commands Configures the default shared secret for secure WISPE If a new shared secret is not configured for an AP or a list of APs, then a default shared secret will be assigned. The value of default shared secret is the string "default".
20-80 Motorola RF Switch CLI Reference Guide 20.1.45 self-heal Wireless Configuration Commands Configures self healing values Supported in the following platforms: • RFS7000 • RFS6000 Syntax self-heal [interference-avoidance|neighbor-recovery] self-heal interference-avoidance [enable|hold-time <30-65535>|retries <0.0-15.
Wireless Instance 20-81 action [both|none| open-rates|raise-power] radio [<1-4096>| ] Defines the radio’s self healing action when neighbors are detected as down. • both – Raises the power to max and open all rates. • none – No action taken. • open-rates – Opens all rates. • raise-power – Raises the power to maximum. • radio [<1-4096>|] – Modifies the action for specified radio(s). • <1-4096> – Sets a single radio index.
20-82 Motorola RF Switch CLI Reference Guide 20.1.
Wireless Instance 20-83 default-config [ gateway-ip|ip-mode| wips-server-ip] Invokes the default configuration sent to sensors when configured. • gateway-ip – Configure the gateway IP address for sensors to . • ip-mode [dhcp|static ] – Configures the IP address of the sensors. • dhcp – Sensors use DHCP to obtain an IP address. • static – Sensors use the specific static IP address. • – Sets the sensor IP address and network mask.
20-84 Motorola RF Switch CLI Reference Guide 20.1.47 service Wireless Configuration Commands Invokes service commands to troubleshoot or debug (config-wireless) instance configurations For more information, see Chapter 2, Section 2.1.5 service on page 2-7.
Wireless Instance service service service service show show show show wireless wireless wireless wireless 20-85 radio {[<1-4094>|description|mapping]} radio-cache-entry {} vlan-cache-entry {[<1-8192>|]} waiting {<0-99> {<0-99>}} service smart-rf [clear-history|load-from-file|replay| rescue|restore|save-to-file|simulate] service smart-rf [clear-history|load-from-file|save-to-file] service smart-rf replay enable service smart-rf rescue [|<1-4094>|] service smart-rf restore [
20-86 Motorola RF Switch CLI Reference Guide service wireless enhanced-probe-table max-mu|preferred|window-time] service wireless enhanced-probe-table service wireless enhanced-probe-table service wireless enhanced-probe-table service wireless enhanced-probe-table service service service service service service service wireless wireless wireless wireless wireless wireless wireless [enable|erase-report| [enable|erase-report] max-mu <0-512> preferred window-time <10-60> free-packet-watermark <0-100
Wireless Instance show [cli|smart-rf| wireless] 20-87 Displays the current running system information for this mode. • cli – Shows the CLI commands available in this mode. • smart-rf [debug-config|sensitivity] – Displays smart-rf management commands. • debug-config – Displays smart-rf debug configuration information • sensitivity [mu|pattern|rates] – Displays the smart-rf sensitivity table. • mu {[<0-8192>|]} – Displays smart-rf sensitivity information for a selected MU. • <0-8192> – Optional.
20-88 Motorola RF Switch CLI Reference Guide • enhanced-beacon-table [config|report] – Displays Enhanced Beacon Table information. • config – Displays Enhanced Beacon Table configuration information. • report – Displays Enhanced Beacon Table reports. • enhanced-probe-table [config|report] – Displays Enhanced Probe Table information. • config – Displays Enhanced Probe Table configuration information. • report – Displays Enhanced Probe Table reports • group <1-256> – Displays information on a radio group.
Wireless Instance 20-89 • radio-cache-entry {} – Displays Radio Cache information. Dumps the whole table if no parameter is given. • – MAC address of radio-cache entry to show. • radio-hash-buckets – Displays Wireless Radio Hash Buckets. • snmp-trap-throttle – Displays statistics and parameters related to SNMP Trap Throttling. • vlan-cache-buckets – Displays wireless VLAN Cache Buckets. • vlan-cache-entry [<1-8192>|] – Displays MU VLAN Cache information.
20-90 Motorola RF Switch CLI Reference Guide • restore [|<1-4094>|] – Removes radio rescue operation on a given radio. • – MAC address of a single radio. • <1-4094> – Radio index. • – List of radio indices. • save-to-file – Saves smart-rf records to the file smart.bin. • simulate [coverage-hole|interference] – Simulates radio events for smart-rf.
Wireless Instance wireless [ap-history| clear-ap-log|custom-cli| dot11i|dump-core| enhanced-beacon-table| enhanced-probe-table| free-packet-watermark| idle-radio-sendmulticast| legacy-loadbalance|map-radios| radio-misc-cfg| rate-scale| request-ap-log| save-ap-log| snmp-trap-throttle| sync-radio-entries| vlan-cache] 20-91 Configures wireless parameters. • ap-history [clear|enable] – Configures access port history. • clear – Clears all history of all APs. • enable – Enables tracking of AP history.
20-92 Motorola RF Switch CLI Reference Guide • username – The Radius username of the user connected through this device (shown only if applicable and available). • vlan – The VLAN-ID assigned to the mobile-unit. • wlan-desc – The WLAN description the mobile-unit is using. • wlan-id – The WLAN index the mobile-unit is using. • sh-wi-radio [adopt-info|ap-locn|ap-mac| ap-name|bss|channel|dot11-type|num-mu|power| radio-desc|radio-id|state] – Customize the output of the "show wireless radio" command.
Wireless Instance 20-93 • dot11i – modify dot11i service parameters. • dump-core – Creates a core file of the ccsrvr process. • enhanced-beacon-table [channel-set|enable| erase-report|max-ap|scan-interval|scan-time] – Enhanced beacon table for AP locationing. • channel-set [a|an|b|bg|bgn] <1-200> – Adds channels to the different radio types. Channel types are a, an, b, bg, bgn. The channel number must be in the range 1 to 200. • enable – Enables the Enhance Beacon Table feature for AP locationing.
20-94 Motorola RF Switch CLI Reference Guide • free-packet-watermark <0-100>– The free packets threshold in percent. If the percentage of free packets is lower than this number, then additional packets will not be queued in the datapath. • idle-radio-send-multicast enable – Enables forwarding multicast packets to radios without associated mobile units. • legacy-load-balance – Invoke legacy load balance algorithm.
Wireless Instance 20-95 Example RFSwitch(config-wireless)#service show wireless ap-history AP MAC Radio Timestamp Event Reason ============================================================ ======= 00-A0-F8-BF-8A-4B N/A 20070926-20:23:10 Adoption N/A RFSwitch(config-wireless)# RFSwitch(config-wireless)#service show wireless mvlan 20 Wlan 20: pool_size =1 ----------------------------------------------------[ 0]: wlan=20, vlan_id=1, limit=0, users=0, log_sent=0 [ 1]: wlan=20, vlan_id=0, limit=0, users=0, log
20-96 Motorola RF Switch CLI Reference Guide RFSwitch(config-wireless)# RFSwitch(config-wireless)#service show wireless radio description # access-port MAC start BSS radio description coordinates 1] 00-A0-F8-BF-8A-4B 00-A0-F8-BF-EF-B0 11bg RADIO1 0 0 0 2] 00-A0-F8-BF-8A-4B 00-A0-F8-BF-ED-BC 11a RADIO2 0 0 0 RFSwitch(config-wireless)# RFSwitch(config-wireless)#service show wireless snmp-trapthrottle throttle : 10 (default = 10) traps allowed through throttle: 9 traps dropped through throttle: 0 RFSwitch(co
Wireless Instance 20-97 20.1.48 show Wireless Configuration Commands Displays current system information running on the switch For other show commands, see Chapter 2, Section 2.2 show on page 2-37.
20-98 Motorola RF Switch CLI Reference Guide file firewall ftp history history interfaces ip ldap licenses logging buffer mac mac-address-table mac-name names management name mobility ntp password-encryption port interface Display filesystem information Wireless firewall Display FTP Server configuration Display the session command Interface status Internet Protocol (IP) LDAP server Show any installed licenses Show logging configuration and Internet Protocol (IP) Display MAC address table Displays th
Wireless Instance wireless wlan-acl 20-99 Wireless configuration commands wlan based acl RFSwitch(config-wireless)#show RFSwitch(config-wireless)#show wireless config country-code : us adoption-pref-id : 1 proxy-arp : enabled adopt-unconf-radio : disabled dot11-shared-key-auth : disabled ap-detection : disabled manual-wlan-mapping : disabled dhcp sniff state : disabled dhcp fix broadcast-rsp : disabled broadcast-tx-speed : optimize-for-range wlan bw allocation : enabled Adaptive ap parameters: config-ap
20-100 Motorola RF Switch CLI Reference Guide 20.1.49 smart-rf Wireless Configuration Commands Configures Smart-RF Management parameters and moves to the (config-wireless-smart-rf) instance Supported in the following platforms: • RFS7000 • RFS6000 NOTE: smart-rf initiates the(config-wireless-smart-rf) instance. For more details see Chapter 25, Smart RF Instance.
Wireless Instance 20-101 20.1.
20-102 Motorola RF Switch CLI Reference Guide 20.1.
Wireless Instance 20-103 wlan <1-256> dot11i second-key [enable|key|phrase] wlan <1-256> dot11i second-key enable wlan <1-256> dot11i second-key [key|phrase] [0 | 2 |] wlan <1-256> dot11i tkip-cntrmeas-hold-time <0-65535> wlan <1-256> dot11i wap2-tkip enable wlan <1-256> encryption-type [ccmp|keyguard|none|tkip| tkip-ccmp|wep128|wep128-keyguard|wep64] wlan <1-256> hold-time <1-300> wlan <1-256> hotspot [allow-eap|allow-list|cache-ageout| ntf-logout-port|query|redirect-t
20-104 Motorola RF Switch CLI Reference Guide wlan <1-256> nac-server [primary|secondary] [ {auth-port }|radius-key [0 | 2 |]] wlan <1-256> nac-server timeout <1-300> retransmit <1-100> wlan <1-256> nas-id wlan <1-256> nas-port-id wlan <1-256> qos [classification|mcast-with-dot11i|mcast1| mcast2|prioritize-voice|rate-limit|svp|weight|wmm] wlan <1-256> qos classification [low|normal|video|voice|wmm] wlan <1-256> qos mcast-with-dot11i enable wlan <1-256> qos
Wireless Instance 20-105 wlan <1-256> radius server [primary|secondary] [ {auth-port <1024-65535>}|radius-key [0 |2 | ] wlan <1-256> radius server timeout <1-60> retransmit <1-10> wlan <1-256> secure-beacon wlan <1-256> set-vlan-user-limit [<1-4094>|] <0-8192> wlan <1-256> smart-scan-channels [|add |remove ] wlan <1-256> ssid wlan <1-256> storm-control [bcast|mcast|ucast] rate-limit <1-1000000> wlan <1-256> syslog accounting se
20-106 Motorola RF Switch CLI Reference Guide accounting [none|radius|syslog] Defines the accounting configuration on this WLAN. • none – No accounting performed on this WLAN. • radius – Uses RADIUS accounting on this WLAN. • syslog – Uses Syslog accounting on this WLAN. acl exceed-rate mudenied-traffic <0-1000000> disassociate Sets the actions taken based on the ACL configuration. • exceed-rate – Action is taken when rate exceeds a set value.
Wireless Instance 20-107 authentication-type [eap|hotspot|kerberos| mac-auth|none] Sets the authentication type for this WLAN. • eap – EAP authentication (802.1X). • hotspot – Web based authentication. • kerberos – Kerberos authentication (encryption will change to WEP128 if its not already wep128/keyguard). • mac-auth – MAC authentication (RADIUS lookup of MAC address). • none – No authentication is used. client-bridge-backhaul enable Enables the client bridge backhaul capability on this wlan.
20-108 Motorola RF Switch CLI Reference Guide dot11i [handshake | key| key-rotation | key-rotation-interval| opp-pmk-caching | phrase|pmk-caching | preauthentication | second-key| tkip-cntrmeas-hold-time| wpa2-tkip] Modifies tkip/ccmp (802.11i) related parameters. • handshake timeout <100-5000> retransmit <1-10> – Sets a handshake for the timeout and retransmission intervals. • timeout <100-5000> – Sets the timeout (in milliseconds) between retries.
Wireless Instance 20-109 • second-key [enable|key|phrase] – Configures a secondary set of key/passphrase for this WLAN. • enable – Enables the use of a secondary key/passphrase. • key [0 |2 |] – Configures the key (PMK). • phrase [0 |2 |] – Configures the passphrase. • 0 – Password is specified as unencrypted. • 2 – Password is encrypted with passwordencryption secret.
20-110 Motorola RF Switch CLI Reference Guide encryption-type [ccmp|keyguard| none|tkip|tkip-ccmp| wep128|wep64| web128-keyguard] Sets the encryption type for this WLAN. Options include: • ccmp – AES Counter Mode CBC-MAC Protocol (AES-CCM CCMP). • keyguard – Keyguard-MCM (Mobile Computing Mode). • none – No encryption. • tkip – Enables Temporal Key Integrity Protocol (TKIP). • tkip-ccmp – Enables both TKIP and CCMP on this WLAN. • wep128 – Enables Wired Equivalence Privacy (WEP) with 128 bit keys.
Wireless Instance hotspot [allow-eap| allow-list|cache-ageout| ntf-logout-port| redirect-to-hostname| simultaneous-users| query|webpage| webpage-location) 20-111 Modifies hotspot related parameters • allow-eap – allow EAP authentication in addition to web based login. • allow-list <1-32> – Specifies the allowed list that user can access without prior authentication. Typically this would be the external web-page's IP address. • <1-32> – Allow-list Rule index value. • – Allow-list IP address.
20-112 Motorola RF Switch CLI Reference Guide • webpage external [failure|login|welcome] – Modifies hotspot page parameters. • external – Modifies a hotspot’s External Web page. • failure – When login fails. • login – When login succeeds. • welcome – The page to display to welcome user. • – Sets the path to the file to be displayed.
Wireless Instance 20-113 Note: The full syntax for the internal page definition is as follows: • wlan 1 hotspot webpage internal welcome title Welcome to hotspot page. You have logged on successfullyfailure – Users are redirected to this Web page if they fail authentication. File must be named fail.html. • login – Users are prompted for their username and password within this Web page. File must be named login.html. • welcome – Users are redirected to this Web page after they authenticate successfully.
20-114 Motorola RF Switch CLI Reference Guide ip [arp|dhcp] Sets Internet Protocol settings for ARP and DHCP packets. • arp [rate-limit <1-1000000>|trust] – Address Resolution Protocol configuration. • dhcp trust – Dynamic Host Resolution Protocol configuration. • trust – Sets the arp/dhcp responses as trusted for this wlan/range. • rate-limit <1-1000000> – Does packet rate limiting on ARP packets to a value in the range 1 and 1000000.
Wireless Instance 20-115 kdc [password|realm|server] Modifies KDC related parameters. • password [0 |2 |] – Create a KDC server password (up to 127 characters) • 0 – Password is specified unencrypted. • 2 – Password is encrypted with a passwordencryption secret. • – Defines a KDC server password (up to 127 characters). • realm – Defines a KDC realm (up to 127 characters).
20-116 Motorola RF Switch CLI Reference Guide nac-mode [bypass-nacexcept-include-list| do-nac-except-excludelist|none] Sets the Network Access Control (NAC) mode configuration • bypass-nac-except-include-list – No MU NAC check is done except for those in include list. Devices in the include list have NAC checks. • do-nac-except-exclude-list – A MU NAC check is done except for those in the exclude list. Devices in the exclude list will not have any NAC checks. • none – NAC disabled, no NAC is done.
Wireless Instance 20-117 nac-server [primary|secondary| timeout] Configure a NAC server IP address and an optional authentication port number.
20-118 Motorola RF Switch CLI Reference Guide qos [classification | mcast-with-dot11i| mcast1|mcast2| prioritize-voice| rate-limit|svp|weight| wmm] Quality of Service commands. • classification [background|best-effort|video|voice|wmm] – Select how traffic on this WLAN is classified (relative prioritization on the access port). • low – All traffic on this wlan is treated as low priority traffic (Background). • normal – All traffic on this wlan is treated with normal priority (Best Effort).
Wireless Instance 20-119 • rate-limit [wired-to-wireless|wireless-to-wired] <100-1000000> – Sets traffic rate limit for users on the selected WLAN. • wired-to-wireless – Down link direction - from network to wireless client. • wireless-to-wired – Up link direction - from wireless client to network. • <100-1000000> – The rate to limit to in kbps. • svp enable – Enables support for Spectralink Voice Prioritization. • weight <1-10> – The egress weight (relative priority to other WLANs) of this WLAN.
20-120 Motorola RF Switch CLI Reference Guide • aisfn <2-15> – Arbitration Inter Frame Spacing Number (AIFSN) is the wait time in milliSeconds between data frames. This value is derived using AIFSN and the slot-time. • <2-15> – The AIFSN spacing number. • cw <0-15> <0-15> – Contention Window (CW) parameters. Wireless stations pick a number between 0 and the minimum contention window to wait before retrying transmission.
Wireless Instance radius [accounting| authentication-protocol| dscp| dynamic-authorization| dynamic-vlanassignment| mac-auth-format| mobile-unit| reauth|server] 20-121 Configures RADIUS parameters for the select WLAN. • accounting [mode|server|timeout] – Sets RADIUS accounting parameters. • mode [start-stop|stop-only|start-interim-stop] – Sets the Accounting Mode. • start-stop – Sends accounting start-stop. • stop-only – Sends accounting stop-only.
20-122 Motorola RF Switch CLI Reference Guide • authentication-protocol [chap|pap] – Sets the RADIUS Authentication Protocol for RADIUS request. Select from CHAP or PAP. • dscp <0-63> – Specify a Differentiated Services Code Point (DSCP) value to provide QoS to RADIUS packets. Set a value in the range 0 to 63. • dynamic-authorization enable – Configures support for RADIUS dynamic authorization extensions such as Disconnect Message, and Change-Of-Authorization, as described in RFC 3576.
Wireless Instance 20-123 • server [primary|secondary] [ {acct-port }| radius-key [0 |2 |]] – Sets the primary or secondary RADIUS server for the selected WLAN. • primary – Sets primary RADIUS server information • secondary – Sets secondary RADIUS server information. • – Sets the IP address of the RADIUS server. • acct-port – Sets the optional radius server accounting port. Default is 1813. • radius-key [0 |2 |] – Sets the radiuskey for the RADIUS server.
20-124 Motorola RF Switch CLI Reference Guide smart-scan-channels [| add | remove ] Specifies a list of channels to motorola clients to perform a smart-scan. The following are the options set: • – A comma separated list of channels to scan. Can also contain a single channel number. • add – Adds the specified channel(s) to the smart-scan list. • remove – Removes the specified channel(s) from the smart-scan list.
Wireless Instance wep128 [key|phrase| wep-default-key] 20-125 Configures WEP128 parameters. • key <1-4> [ascii|hex] – Configures pre-shared hex keys. • ascii [0 |1 |] – Sets keys as ascii characters (5 characters for wep64, 13 for wep128). • hex [0 |1 |] – Sets keys as hexadecimal characters (10 characters for wep64, 26 for wep128). • 0 – Password is specified unencrypted. • 2 – Password is encrypted with passwordencryption secret.
20-126 Motorola RF Switch CLI Reference Guide wep64 [key|phrase| wep-default-key] Configures WEP64 parameters. • key <1-4> [ascii|hex] – Configures pre-shared hex keys. • ascii [0 |1 |] – Sets keys as ascii characters (5 characters for wep64, 13 for wep128). • hex [0 |1 |] – Sets keys as hexadecimal characters (10 characters for wep64, 26 for wep128). • 0 – Password is specified unencrypted. • 2 – Password is encrypted with passwordencryption secret.
Wireless Instance 20-127 RFSwitch(config-wireless)#wlan 25 dot11i key-rotation enable RFSwitch(config-wireless)# RFSwitch(config-wireless)#wlan 25 dot11i key-rotationinterval 2000 RFSwitch(config-wireless)# RFSwitch(config-wireless)#wlan 25 enable RFSwitch(config-wireless)# RFSwitch(config-wireless)#wlan 25 hotspot webpage external failure "This feature is under development" RFSwitch(config-wireless)# RFSwitch(config-wireless)#wlan 25 kdc server primary 1.2.3.
20-128 Motorola RF Switch CLI Reference Guide RFSwitch(config-wireless)#wlan 25 syslog accounting server 12.13.14.
Wireless Instance 20.1.52 wlan-bw-allocation Wireless Configuration Commands Enables WLAN bandwidth allocation on all radios Supported in the following platforms: • RFS7000 • RFS6000 Syntax wlan-bw-allocation enable Parameters enable Enables WLAN bandwidth allocation on all radios.
20-130 Motorola RF Switch CLI Reference Guide
RTLS Instance Use the (config-rtls) instance to configure Real Time Location System (RTLS) parameters. To navigate to this instance, use the command RFSwitch(config)#rtls RFSwitch(config-rtls)# 21.1 RTLS Config Commands This summarizes config-rtls commands: Command Description Ref.
21-2 Motorola RF Switch CLI Reference Guide Command Description Ref.
RTLS Instance 21-3 21.1.1 aeroscout RTLS Config Commands Configure support for Aeroscout RTLS engine. Supported in the following platforms: • RFS7000 • RFS6000 Syntax aeroscout [enable|multicast-listen-addr] Parameters enable Enables and configures external Aeroscout RTLS engine multicast-listen-addr Configures multicast MAC address to which Aeroscout tags packets are destined • – Multicast MAC address.
21-4 Motorola RF Switch CLI Reference Guide 21.1.2 clear RTLS Config Commands Clears tags/assets information associated with aeroscout, mu, rfid and/or zone.
RTLS Instance 21.1.
21-6 Motorola RF Switch CLI Reference Guide 21.1.4 end RTLS Config Commands Ends and exits the current mode and changes to the PRIV EXEC mode.
RTLS Instance 21.1.5 espi RTLS Config Commands Configures Enterprise Services Programming Interface (ESPI) related parameters NOTE: espi command instantiates (config-rtls-espi) subinstance. For more details see ESPI Instance on page 22-1.
21-8 Motorola RF Switch CLI Reference Guide 21.1.6 exit RTLS Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
RTLS Instance 21-9 21.1.7 help RTLS Config Commands Displays the interactive help system for RTLS instance Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-rtls)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
21-10 Motorola RF Switch CLI Reference Guide 21.1.
RTLS Instance 21-11 21.1.
21-12 Motorola RF Switch CLI Reference Guide service [filter <1-100> {length| memory-bank|offset }|inventory {<1100>|default] Negates service configuration for: • filter <1-100> {length|memory-bank|offset} – Negates RFID tag filter configuration for the selected index • length – Length of tag filter • memory-bank – Tag memory bank • offset – Offset into the tag memory bank • inventory [<1-100>|default] – Negates tag inventory for the selected index or the default index • filter – Configures tag filter fo
RTLS Instance RFSwitch(config-rtls)#no ekahau enable RFSwitch(config-rtls)# RFSwitch(config-rtls)#no RFSwitch(config-rtls)# ekahau engine RFSwitch(config-rtls)#no service inventory 1 zone 1 RFSwitch(config-rtls)# 21-13
21-14 Motorola RF Switch CLI Reference Guide 21.1.
RTLS Instance Example RFSwitch(config-rtls)#reference-tag rfid Symbol-Moto coordinates x 600 y 600 orientation 180 range 40 RFSwitch(config-rtls)# 21-15
21-16 Motorola RF Switch CLI Reference Guide 21.1.11 rfid RTLS Config Commands Configures RFID reader parameters Supported in the following platforms: • RFS7000 • RFS6000 NOTE: rfid command instantiates (config-rtls-rfid) subinstance. For more details see RFID Instance on page 23-1.
RTLS Instance 21-17 21.1.
21-18 Motorola RF Switch CLI Reference Guide Parameters service filter <1-100> [action|length <1128>|mask| memorybank|name|offset<0-32>] Configures RFID tag filter • action [allow|deny] – Configures action for tag filter.
RTLS Instance 21-19 • start-trigger – Configures start trigger for tag inventory • gpi – Configures GPI event based start trigger • port <1-65535> – Configures GPI port number • event <0-1> – Configures a boolean GPI event value that causes GPI event to trigger • timeout <0-65535> – Configures trigger1 timeout in miliiseconds • immediate – Starts tag inventory immediately • periodic – Configures periodic tag inventory • offset <0-65535> – Configures time offset in milliseconds • period <0-65535> – Configu
21-20 Motorola RF Switch CLI Reference Guide 21.1.
RTLS Instance 21-21 Example RFSwitch(config-rtls)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration.
21-22 Motorola RF Switch CLI Reference Guide smtp-notifications Display SNMP engine parameters snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters spanning-tree Display spanning tree information startup-config Contents of startup configuration static-channel-group static channel group membership terminal Display terminal configuration parameters timezone Display timezone traffic-shape Display traffic shaping upgrade-status Display last image upgrade status users Display informat
RTLS Instance 21-23 21.1.
21-24 Motorola RF Switch CLI Reference Guide Usage Guidelines Use [no] site [description |dimension|name]to rollback the configurations made using the site command Example RFSwitch(config-rtls)#site description "Motorola RMZ Ecospace, India, 5th Floor" RFSwitch(config-rtls)# RFSwitch(config-rtls)#site name "BLR-RMZ Ecospace" RFSwitch(config-rtls)#
RTLS Instance 21.1.15 sole RTLS Config Commands Sets Smart Opportunistic Location Engine (SOLE) related configuration commands This command leads you to the (config-rtls-sole)# sub-instance. Supported in the following platforms: • RFS7000 • RFS6000 NOTE: sole command instantiates (config-rtls-sole) sub-instance. For more details see SOLE Instance on page 24-1.
21-26 Motorola RF Switch CLI Reference Guide 21.1.16 switch RTLS Config Commands Configures the switch’s geographical location parameters Supported in the following platforms: • RFS7000 • RFS6000 Syntax switch [coordinates|geo-coordinates] switch coordinates x <0-65535> y <0-65535> z <0-65535> switch geo-coordinates longitude <-180.00-80.00> latitude <-90.00 - 90.
RTLS Instance 21-27 21.1.17 zone RTLS Config Commands Configures the zone. Maximum of 16 zones can be configured for a site.
21-28 Motorola RF Switch CLI Reference Guide 21.1.
ESPI Instance Use the (config-rtls-espi) instance to configure Enterprise Services Programming Interface (ESPI) related configuration commands. To navigate to this instance, use the commands RFSwitch(config)#rtls RFSwitch(config-rtls)#espi RFSwitch(config-rtls-espi)# 22.1 ESPI Config Commands Table 22.1 summarizes config-rtls-espi commands: Table 22.1 ESPI Config Command Summary Command Description Ref.
22-2 Motorola RF Switch CLI Reference Guide Table 22.1 ESPI Config Command Summary (Continued) Command show Description Shows running system information Ref.
ESPI Instance 22-3 22.1.1 adapter ESPI Config Commands Enables/disables a specified adapter or all adapters Supported in the following platforms: • RFS7000 • RFS6000 Syntax adapter ale-tcp [enable|port <3000-3100>] Parameters adapter ale-tcp [enable|port <30003100>] Application side protocol implemented by adapter.
22-4 Motorola RF Switch CLI Reference Guide 22.1.
ESPI Instance 22-5 22.1.3 end ESPI Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
22-6 Motorola RF Switch CLI Reference Guide 22.1.4 exit ESPI Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
ESPI Instance 22-7 22.1.5 help ESPI Config Commands Displays the system’s interactive help in HTML format Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-rtls-espi)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
22-8 Motorola RF Switch CLI Reference Guide 22.1.6 no ESPI Config Commands Defines the name of the adapter or disables the adapter(s) Supported in the following platforms: • RFS7000 • RFS6000 Syntax no adapter ale-tcp [enable|port <3000-3100>] Parameters adapter ale-tcp [enable|port <30003100>] Negates ESPI adapter configurations. • adapter – Application side Protocol implemented by adapter.
ESPI Instance 22-9 22.1.
22-10 Motorola RF Switch CLI Reference Guide 22.1.
ESPI Instance environment file firewall ftp history interfaces ip ldap licenses logging buffer mac mac-address-table mac-name management mobility ntp password-encryption port port-channel privilege radius role redundancy 22-11 show environmental information Display filesystem information Wireless firewall Display FTP Server configuration Display the session command history Interface status Internet Protocol (IP) LDAP server Show any installed licenses Show logging configuration and Internet Protocol (IP)
22-12 Motorola RF Switch CLI Reference Guide wireless wlan-acl Wireless configuration commands wlan based acl RFSwitch(config-rtls-espi)#show RFSwitch(config-rtls-espi)#show rtls espi ? adapter Adapter Configuration ecspecs ECSpecs configuration subscriber Show info for giver subsriber's IP tags Tags/Assets (passive, active, wi-fi, uwb) Information RFSwitch(config-rtls-espi)#show rtls espi
RFID Instance The (config-rtls-rfid) instance is used to configure RFID reader related configuration parameters. To navigate to this instance, use the commands RFSwitch(config)#rtls RFSwitch(config-rtls)#rfid RFSwitch(config-rtls-rfid)# 23.1 RFID Config Commands Table 23.1 summarizes config-rtls-rfid commands: Table 23.1 RFID Config Commands Command Description Ref.
23-2 Motorola RF Switch CLI Reference Guide Table 23.1 RFID Config Commands Command Description Ref.
RFID Instance 23.1.
23-4 Motorola RF Switch CLI Reference Guide 23.1.
RFID Instance 23-5 23.1.3 end RFID Instance Ends and exits the current mode and changes to the PRIV EXEC mode.
23-6 Motorola RF Switch CLI Reference Guide 23.1.4 exit RFID Instance Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
RFID Instance 23-7 23.1.5 help RFID Instance Displays the interactive help system for RTLS instance Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-rtls-rfid)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
23-8 Motorola RF Switch CLI Reference Guide 23.1.6 no RFID Instance Supported in the following platforms:Negates a RTLS command or set its defaults • RFS7000 • RFS6000 Syntax no [activate|reader|service] Parameters activate Deactivates/disables RTLS adapter reader Disables RFID reader configuration commands service Disables service commands Usage Guidelines Use [no] command to undo the configurations on the parameters mentioned in the table.
RFID Instance 23-9 23.1.
23-10 Motorola RF Switch CLI Reference Guide antenna [|] coordinates x y z Configures the RFID readers antenna. Select a antenna using its index, between <1-8> or range (eg:3-7) of antenna indices or any RFID reader antenna • coordinates - Sets the coordinates for the antenna • x – Configures the x coordinate for the antenna for the RFID reader.
RFID Instance reader [|] name 23-11 Sets a user friendly name to a RFID reader or a group of RFID readers to (1-20 characters).
23-12 Motorola RF Switch CLI Reference Guide 23.1.
RFID Instance 23-13 service reader [| ] antenna [||any] filter [|] Displays the RFID reader configuration information. • – The RFID reader index. • – A list of comma separated RFID reader indices. • antenna [||all] – The antenna information. • – The antenna index in case of readers with multiple antennae.
23-14 Motorola RF Switch CLI Reference Guide Example RFSwitch(config-rtls-rfid)#service show cli RFID readers Config mode: +-activate [activate] +-adopt-unconf-readers [adopt-unconf-readers] +-clrscr [clrscr] +-do +-LINE [do LINE] +-end [end] +-exit [exit] +-help [help] +-no +-activate [no activate] +-adopt-unconf-readers [no adopt-unconf-readers] +-reader +-<1-48> +-antenna +-<1-8> +-coordinates [no reader (<1-48>|READER) antenna (<1-8>|ANTENNA) coordinates] +-filter [no reader (<1-48>|READER) antenna (
RFID Instance 23-15 23.1.
23-16 Motorola RF Switch CLI Reference Guide dpd environment file firewall ftp history interfaces ip ldap licenses logging buffer mac mac-address-table mac-name management mobility ntp password-encryption port port-channel privilege radius redundancy-group redundancy-history the redundancy-members detail role rtls running-config securitymgr sessions connections smtp-connections snmp snmp-server spanning-tree startup-config static-channel-group terminal parameters timezone traffic-shape upgrade-status wio
RFID Instance users logged version wireless wlan-acl 23-17 Display information about currently in users Display software & hardware version Wireless configuration commands wlan based acl RFSwitch(config-rtls-rfid)#show RFSwitch(config-rtls-rfid)#show rtls rfid ? LLRP Reader protocol statistics (LLRP) inventory RFID Tag Inventory reader RFID Reader configuration commands RFSwitch(config-rtls-rfid)#
23-18 Motorola RF Switch CLI Reference Guide
SOLE Instance Use the (config-rtls-sole) instance to configure SOLE Location Engine related parameters. To navigate to this instance, use the commands RFSwitch(config)#rtls RFSwitch(config-rtls)#sole RFSwitch(config-rtls-sole)# 24.1 SOLE Config Commands Table 24.1 summarizes config-rtls-sole commands: Table 24.1 Location Engine Config Command Summary Command Description Ref.
24-2 Motorola RF Switch CLI Reference Guide Table 24.1 Location Engine Config Command Summary (Continued) Command Description Ref.
SOLE Instance 24.1.
24-4 Motorola RF Switch CLI Reference Guide 24.1.2 end SOLE Instance Ends and exits the current mode and changes to the PRIV EXEC mode.
SOLE Instance 24-5 24.1.3 exit SOLE Instance Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
24-6 Motorola RF Switch CLI Reference Guide 24.1.4 help SOLE Instance Displays the interactive help system for RTLS instance Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-rtls-sole)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
SOLE Instance 24-7 24.1.
24-8 Motorola RF Switch CLI Reference Guide Example RFSwitch(config-rtls-sole)#locate aeroscout enable RFSwitch(config-rtls-sole)# RFSwitch(config-rtls-sole)#locate aeroscout interval 300 RFSwitch(config-rtls-sole)#
SOLE Instance 24-9 24.1.
24-10 Motorola RF Switch CLI Reference Guide 24.1.
SOLE Instance 24-11 24.1.
24-12 Motorola RF Switch CLI Reference Guide 24.1.
SOLE Instance 24-13 dhcp DHCP Server Configuration environment show environmental information file Display filesystem information firewall Wireless firewall ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol (IP) mac-address-table Display MAC address table management Display L3 Managment Interface name
24-14 Motorola RF Switch CLI Reference Guide RFSwitch(config-rtls-sole)#show RFSwitch(config-rtls-sole)#show rtls sole ? peers Show SOLE peer information probes Show probe information RFSwitch(config-rtls-sole)# RFSwitch(config-rtls-sole)#show rtls sole peers SOLE-WCCP status :DOWN SOLE-WCCP IP address:0.0.0.
SOLE Instance 24.1.
24-16 Motorola RF Switch CLI Reference Guide 24.1.
SOLE Instance 24-17 24.1.
24-18 Motorola RF Switch CLI Reference Guide
Smart RF Instance Use the (config-wireless-smart-rf) instance to configure Smart RF related configuration commands. To navigate to the config-wireless-smart-rf instance, use the following commands: RFSwitch(config)#wireless RFSwitch(config-wireless)#smart-rf RFSwitch(config-wireless-smart-rf)# 25.1 smart-rf Config Commands The following table summarizes config-wireless-smart-rf commands: Command Description Ref.
25-2 Motorola RF Switch CLI Reference Guide Command Description Ref.
Smart RF Instance 25-3 25.1.1 assignable-power-range Smart RF Instance Specifies the power range during power assignment. Supported in the following platforms: • RFS7000 • RFS6000 Syntax assignable-power-range [ ] Parameters assignable-power-range [ ] Specifies the power range during power assignment. • lower bound – The lower bound of the power range. Value is between 4 and 20. • Upper bound – The upper bound of the power range.
25-4 Motorola RF Switch CLI Reference Guide 25.1.2 auto-assign Smart RF Instance Enables individual RF parameters to be auto-assigned Supported in the following platforms: • RFS7000 • RFS6000 Syntax auto-assign [all|channel|detector|power|rescuer] enable Parameters auto-assign [all|channel|detector|power| rescuer] enable Enables individual RF parameters to be auto-assigned.
Smart RF Instance 25.1.
25-6 Motorola RF Switch CLI Reference Guide 25.1.4 end Smart RF Instance Ends and exits the current mode and moves to the PRIV EXEC mode.
Smart RF Instance 25-7 25.1.5 exit Smart RF Instance Ends the current mode and moves to the previous mode (config-wireless).
25-8 Motorola RF Switch CLI Reference Guide 25.1.6 extensive-scan Smart RF Instance Enters the extensive scan mode The device needs calibration at every tx-power level. Supported in the following platforms: • RFS7000 • RFS6000 Syntax extensive-scan enable Parameters extensive enable Enables the extensive scan mode.
Smart RF Instance 25-9 25.1.7 help Smart RF Instance Displays the system’s interactive help in HTML format Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFS7000(config-wireless-smart-rf)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
25-10 Motorola RF Switch CLI Reference Guide 25.1.8 hold-time Smart RF Instance Defines the number of seconds to disable interference avoidance after a detection This prevents a radio from changing channels continuously. Supported in the following platforms: • RFS7000 • RFS6000 Syntax hold-time <30-65535> Parameters hold-time <30-65535> The number of seconds to disable interface avoidance after a detection. This prevents the radio from changing channels continuously.
Smart RF Instance 25.1.
25-12 Motorola RF Switch CLI Reference Guide auto-assign [all |channel |detector|power|rescuer] enable Negates the auto-assign commands • all - Disables all auto-assignment features • channel enable – Disables channel assignments • detector enable – Disables detector assignments • power enable – Disables power assignments • rescuer enable – Disables rescuer assignments extensive-scan enable Disables the extensive scan mode hold-time <30-65535> Disables hold-time for interference avoidance.
Smart RF Instance radio [<1-4096>| MAC- Address|RADIO| all-11a|all-11b|all-11bg] 25-13 Negates all radio related commands. • <1-4096> – For each of the radio, the following values are negated or reset: • antenna-gain – Resets the set antenna gain value. • coverage-rate [1|2|5p5|6|9|11|12|18|24|36|48|54 ] – Resets the selected coverage rate value. • lock-auto-assign [all | channel | detector | power | rescuer] – Resets the lock auto assign value.
25-14 Motorola RF Switch CLI Reference Guide radio [<1-4096>|MAC Address|RADIO| all-11a|all-11b|all-11bg] (contd....) • all-11a - for all 802.11a radios, the following values are negated or reset: • antenna-gain – Resets the set antenna gain value. • coverage-rate [1|2|5p5|6|9|11|12|18|24|36|48|54)]Resets the selected coverage rate value. • lock-auto-assign [all | channel | detector | power | rescuer] - Resets the lock auto assign value. • all-11b - for all 802.
Smart RF Instance 25-15 scan-dwell-time <1-10> Resets the time a scan dwells on a channel during scan. schedule-calibrate [enable|interval| start-time] Resets the calibration schedule parameters. • enable – Disables the calibration schedule feature. • interval – Negates the calibration schedule interval. • start-time – Negates the calibration schedule start time. service smart-rf [max-history|replay (enable)|rescue] Resets the Smart RF related service commands.
25-16 Motorola RF Switch CLI Reference Guide retry-threshold The average number retries to cause a radio to re-run channel selection scan-dwell-time schedule-calibrate parameters select-channels service smart-rf-module verbose assignment The number of seconds to dwell on a channel during scan configure calibration schedule Revert selected-channels to default Service Commands smart-rf module verbose mode, record every RFSwitch(config-wireless-smart-rf)# RFSwitch(config-wireless-smart-rf)#no RFSwitch(conf
Smart RF Instance 25-17 RFSwitch(config-wireless-smart-rf)# RFSwitch(config-wireless-smart-rf)#no smart-rf-module enable RFSwitch(config-wireless-smart-rf)# RFSwitch(config-wireless-smart-rf)#no verbose enable RFSwitch(config-wireless-smart-rf)#
25-18 Motorola RF Switch CLI Reference Guide 25.1.10 number-of-rescuers Smart RF Instance Configures the number of rescuers to cover faulty radio conditions Supported in the following platforms: • RFS7000 • RFS6000 Syntax number-of-rescuers <1-5> Parameters number-of-rescuers <1-5> The number of rescuers to use to cover faulty radio conditions.
Smart RF Instance 25-19 25.1.
25-20 Motorola RF Switch CLI Reference Guide radio all-11b coverage-rate [1|2|5p5|6|9|11|12|18|24|36|48|54] radio all-11b lock-auto-assign [all|channel|detector|power|rescuer] radio all-11bg anternna-gain radio all-11bg coverage-rate [1|2|5p5|6|9|11|12|18|24|36|48|54] radio all-11bg lock-auto-assign [all|channel|detector|power|rescuer] Parameters <1-4096> [antenna-gain | coverage-rate | lock-auto-assign | radio-mac | rescuer] Sets the following parameters for the selected radio: • antenna-gain
Smart RF Instance 25-21 AA-BB-CC-DD-EE-FF [antenna-gain | coverage-rate | lock-auto-assign | rescuer] Sets the following parameters for the selected radio. • antenna-gain – Sets the antenna-gain value to GAIN for the selected radio. • coverage-rate [1|2|5p5|6|9|11|12|18|24|36|48|54] – Sets the coverage rate threshold value for under-coverage detection to the selected value from the list.
25-22 Motorola RF Switch CLI Reference Guide all-11a [antenna-gain| coverage-rate|lock-autoassign] Sets the radio parameters for all 802.11a radios. • antenna-gain – Sets the antenna-gain value to GAIN for the selected radio. • coverage-rate [1|2|5p5|6|9|11|12|18|24|36|48|54] – Sets the coverage rate threshold value for under-coverage detection to the selected value from the list. • lock-auto-assign [all|channel|detector|power|rescuer] – Locks rf configuration from automatic smart rf assignments.
Smart RF Instance 25-23 Example RFSwitch(config-wireless-smart-rf)#radio RFSwitch(config-wireless-smart-rf)#radio RFSwitch(config-wireless-smart-rf)#radio channel RFSwitch(config-wireless-smart-rf)#radio 4-5-6 RFSwitch(config-wireless-smart-rf)#radio 5-6 20 30 RFSwitch(config-wireless-smart-rf)#radio antenna-gain 20 RFSwitch(config-wireless-smart-rf)#radio antenna-gain 20 RFSwitch(config-wireless-smart-rf)#radio rate 5p5 RFSwitch(config-wireless-smart-rf)#radio assign power RFSwitch(config-wireless-smart
25-24 Motorola RF Switch CLI Reference Guide 25.1.
Smart RF Instance 25-25 25.1.13 retry-threshold Smart RF Instance Sets the threshold for the average number of retries performed before a radio re-runs a channel scan Supported in the following platforms: • RFS7000 • RFS6000 Syntax retry-threshold <0.0-15.0> Parameters <0.0-15.0> The value in decimal number. This is the average number of retries a radio makes before it re-runs the channel scan. Example RFSwitch(config-wireless-smart-rf)#retry-threshold 8.
25-26 Motorola RF Switch CLI Reference Guide 25.1.
Smart RF Instance 25-27 25.1.15 scan-dwell-time Smart RF Instance Sets the time in seconds to dwell on a channel during a channel scan Supported in the following platforms: • RFS7000 • RFS6000 Syntax scan-dwell-time <1-10> Parameters scan-dwell-time <1-10> The duration in seconds to dwell on a channel during a channel scan.
25-28 Motorola RF Switch CLI Reference Guide 25.1.16 schedule-calibrate Smart RF Instance Configures the calibrate schedule parameters This is used to configure parameters that schedule the automatic configuration of the Smart RF feature.
Smart RF Instance 25-29 25.1.17 select-channels Smart RF Instance Selects a list of channels for Automatic Channel Scan and Smart RF Use this command to add channels or remove them from the channel list. Supported in the following platforms: • RFS7000 • RFS6000 Syntax select-channel [|add|remove ] Parameters A comma separated list of channel numbers. add ) Add a channel or a list of channels to the channel list.
25-30 Motorola RF Switch CLI Reference Guide 25.1.
Smart RF Instance 25-31 Parameters show cli Displays the CLI tree of the current mode. smart-rf [clear-history | load-from-file| max-history|replay| rescue|restore| save-to-file|simulate| step-calibrate] Smart RF related commands are executed from this service command. • clear-history – Clears assignment history • load-from-file – Loads Smart RF record from file smart.bin • max-history <0-65535> – Sets the number of assignment items to be retained as history.
25-32 Motorola RF Switch CLI Reference Guide • assign-prepare – Prepares assignment • assign-rescuers – Assigns rescuers along with recovering power • collect-data – Collects site measurement data • prepare-detectors – Prepare prior to assign detectors • pull-rf-config – Pull RF-configuration from cluster members • push-rf-config – Push Rf-configuration to cluster members • sync-rf-config – Sync RF-configuration of cluster members Example RFSwitch(config-wireless-smart-rf)#service show cli Smart-RF Confi
Smart RF Instance 25-33 +-help [help] +-hold-time +-<30-65535> [hold-time <30-65535>] +-no +-assignable-power-range [no assignable-power-range] +-auto-assign +-all +-enable [no auto-assign (detector|channel|power|rescuer|all) enable] +-channel +-enable [no auto-assign (detector|channel|power|rescuer|all) enable] +-detector +-enable [no auto-assign (detector|channel|power|rescuer|all) enable] +-power +-enable [no auto-assign (detector|channel|power|rescuer|all) enable] +-rescuer +-enable [no auto-assign (d
25-34 Motorola RF Switch CLI Reference Guide 25.1.
Smart RF Instance 25-35 Parameters ? Displays the parameters for which information can be viewed using the show command Example RFSwitch(config-wireless-smart-rf)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration.
25-36 Motorola RF Switch CLI Reference Guide role Configure role parameters rtls Real Time Locating System commands running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters spanning-tree Display spanning tree information startup-config Contents of startup configuration static-channel-group static channel group membership terminal Display terminal configur
Smart RF Instance default-ap access-port hotspot-config ids known mac-auth-local entries mesh mobile-unit units multicast-packet-limit phrase-to-key by a qos-mapping used for radio radio-group regulatory power) 25-37 Information for default Wlan hotspot configuration Intrusion detection parameters Known AP related parameters list out the mac-auth-local Mesh related parameters Details of associated mobilemulticast-packet-limit display the WEP keys generated passphrase Quality of Service mappings mapping
25-38 Motorola RF Switch CLI Reference Guide radio Radio related commands RFSwitch(config-wireless-smart-rf)# RFSwitch(config-wireless-smart-rf)#show wireless smart-rf configuration Smart-RF Module : disabled Smart-RF Calibration configuration: auto-assign detector : enabled auto-assign channel : disabled auto-assign power : enabled auto-assign rescuer : enabled channels selected : channels excluded : assignable-power-range : [ 4 - 16 ] dBm number of rescuers : 3 scan dwell time : 1 second retry-threshol
Smart RF Instance My IP: Cluster Master : 25-39 0.0.0.0 yes Last Calibration Started at: Sun Sep 7 06:01:48 2008 Last Calibration Ended at: Sun Sep 7 06:01:48 2008 Next calibration Starts at: not scheduled RFSwitch(config-wireless-smart-rf)# RFSwitch(config-wireless-smart-rf)#show wireless smart-rf history Smart Master IP: My IP: Cluster Master : 0.0.0.0 0.0.0.
25-40 Motorola RF Switch CLI Reference Guide 25.1.20 smart-rf-module Smart RF Instance Enables the Smart RF feature Supported in the following platforms: • RFS7000 • RFS6000 Syntax smart-rf-module enable Parameters smart-rf-module enable Enables Smart RF.
Smart RF Instance 25.1.21 verbose Smart RF Instance Enables the verbose mode that records every Smart RF assignment Supported in the following platforms: • RFS7000 • RFS6000 Syntax verbose enable Parameters verbose enable Enables the verbose mode where every Smart RF assignment is recorded.
25-42 Motorola RF Switch CLI Reference Guide
Role Instance Use the (config-role) instance to configure Role related configuration commands. To navigate to the config-role instance, use the following commands: RFSwitch(config)#role RFSwitch(config-role)# For more information on the role command, see role on page 5-80. 26.1 Role Config Commands The following table summarizes config-role commands: Command Description mRef.
26-2 Motorola RF Switch CLI Reference Guide Command Description mRef. mu-mac Sets MU MAC configuration properties page 26-12 no Negates role commands.
Role Instance 26-3 26.1.1 ap-location Role Config Commands Sets the AP location configuration • This requires the location engine to be enabled on the RF Switch with a site, appropriate zones defined and AP co-ordinates defined. The role based firewall has to know which zone the MU is located when it associates for the ap-parameter option to work. • The ‘ap-location’ parameter defines the zone or zones you wish to match.
26-4 Motorola RF Switch CLI Reference Guide RFSwitch(config-role)#ap-location not-contains office RFSwitch(config-role)#
Role Instance 26-5 26.1.2 authentication-type Role Config Commands Selects authentication type for the role Supported in the following platforms: • RFS6000 • RFS7000 Syntax authentication-type [any|eq|neq] authentication-type any authentication-type eq [eap|hotspot|kerberos|mac-auth|none] authentication-type neq[eap|hotspot|kerberos|mac-auth|none] Parameters any Any type of authentication.
26-6 Motorola RF Switch CLI Reference Guide 26.1.
Role Instance neq [ccmp|keyguard|none|tki p|tkip-ccmp| wep128|wep128keyguard|wep64] 26-7 Encryption type must not be one of the listed options.
26-8 Motorola RF Switch CLI Reference Guide 26.1.4 essid Role Config Commands Sets ESSID configuration for the role Supported in the following platforms: • RFS6000 • RFS7000 Syntax essid [any|contains|exact|not-contains] essid essid essid essid any contains exact not-contains Parameters any Any ESSID. contains ESSID contains the string .
Role Instance 26.1.5 group Role Config Commands Sets group configuration for the role Supported in the following platforms: • RFS6000 • RFS7000 Syntax group group group group group [any|contains|exact|not-contains] any contains exact not-contains Parameters any Any group. contains Group contains the string .
26-10 Motorola RF Switch CLI Reference Guide 26.1.
Role Instance 26-11 26.1.
26-12 Motorola RF Switch CLI Reference Guide 26.1.8 mu-mac Role Config Commands Configures the MU MAC addresses for role based firewall Syntax mu-mac [|/|any] Parameters The address of the MU that is allowed. MAC address can be in the format AA:BB:CC:DD:EE:FF or AA-BB-CC-DD-EE-FF or AABB.CCDD.EEFF. / The address and mask combination for the mu to be allowed.
Role Instance 26.1.
26-14 Motorola RF Switch CLI Reference Guide 26.1.
Role Instance 26.1.11 end Role Config Commands Exits the current mode and moves to the PRIV EXEC mode.
26-16 Motorola RF Switch CLI Reference Guide 26.1.12 exit Role Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
Role Instance 26-17 26.1.13 help Role Config Commands Displays the system’s interactive help in HTML format Supported in the following platforms: • RFS7000 • RFS6000 Syntax help Parameters None Example RFSwitch(config-role)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
26-18 Motorola RF Switch CLI Reference Guide 26.1.14 service Role Config Commands Invokes service commands to troubleshoot or debug (config-role) instance configurations Supported in the following platforms: • RFS7000 • RFS6000 Syntax service show cli Parameters None Example RFSwitch(config-role#service show cli DHCP Server Config mode: +-address +-range +-A.B.C.D [address range A.B.C.D ( A.B.C.D |)] +-A.B.C.D [address range A.B.C.D ( A.B.C.
Role Instance 26-19 26.1.
26-20 Motorola RF Switch CLI Reference Guide firewall Wireless firewall ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol (IP) mac-address-table Display MAC address table mac-name Displays the configured mac names management Display L3 Managment Interface name mobility Display Mobility parameters ntp N
MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.
