Brocade Communications Systems Network Router RFS4000 User Manual

Clears the display screen

Ends the current mode and moves to the previous mode

Displays the interactive help system

Negates a command or sets its defaults

Services or debugs the controller

Shows running system information

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

clrscr

Clears the screen and refreshes the prompt (#)

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController#clrscr

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

exit

Ends the current mode and moves to the previous mode

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config)#exit

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

help

Use this command to access the advanced help feature. Use “?” anytime at the command prompt

to access the help topic.

Two kinds of help are provided:

1. Full help is available when ready to enter a command argument.

2. Partial help is provided when an abbreviated argument is entered and you want to know what

arguments match the input (for example 'show ve?').

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController>service ?

diag

Diagnostics

encrypt

kill

Encrypt password or key with secret

Kill a connection

locator

flash all LEDS to locate controller visually

save-cli Save CLI tree for all modes in html format

show Show running system information

undefine Undefine non active Event Cycle spec

wireless Wireless parameters

RFController>service

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

Negates a command or sets its defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

Parameters

None

Example (User Exec)

RFController>no ?

cluster-cli Cluster context

mobile-unit mobile-unit index

page

Toggle paging

service

Service Commands

RFController>no

Example (Priv Exec)

RFController#no ?

cluster-cli Cluster context

debug

Debugging functions

wireless-client wireless-client index

page

Toggle paging

service

upgrade

Service Commands

Name of the patch to remove

RFController#no

Example (Global Config)

RFController(config)#no ?

aaa

VPN AAA authentication settings

aap-ipfilter-list

AAP ipfilter

aap-wlan-acl

arp

access-list

autoinstall

banner

Remove an ACL from WLAN for AAP

Address Resolution Protocol

Configure access-lists

autoinstall configuration command

Reset login banner to nothing

Bridge group commands

bridge

country-code

Clear the currently configured country code. All existing

configurations will be erased

encryption module

crypto

errdisable

firewall

ftp

errdisable

Wireless firewall

Configure FTP Server

hostname

interface

Reset system's network name to default

Delete a virtual interface

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

Internet Protocol (IP)

line

Configure a terminal line

local

logging

mac

Local user authentication database for VPN

Modify message logging facilities

MAC configuration

mac-address-table Configure MAC address table

mac-name

Remove a configured MAC Address name

management

sets properties of the management interface

network-element-id Reset system’s network element

ntp

Configure NTP

prompt

Reset system's prompt

radius-server RADIUS server configuration commands

ratelimit

role

redundancy

service

ratelimit

Configure role parameters

Configure redundancy group parameters

Service Commands

smtp-notification Modify SMTP-Notification parameters

snmp-server Modify SNMP engine parameters

spanning-tree Spanning tree

timezone

Revert the timezone to default (UTC)

traffic-shape Traffic shaping

username

vpn

Establish User Name Authentication

vpn

virtual-ip

wlan-acl

white-list

wlan-acl

wwan

Virtual IP

Remove an ACL from WLAN

Host whitelist

Remove an ACL from WLAN

Wireless WAN interface

RFController(config)#no

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

service

Service commands are used to manage the controller configuration in all modes. Depending on the

mode, different service commands will display.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax(User Executable Mode)

wireless]

service [locator|save-cli|undefine]

service clear [command-history|reboot-history|upgrade-history]

service diag [enable|identify|limit|period|poe

tech-support-period|tech-support-url]

service diag [enable|identify]

service diag poe debug

pkbuffers|procRAM|ram|routecache|temperature]

service diag limit buffer

[128|128k|16k|1k|256|2k|32|32k|4k|512|64|64k|8k] <0-65535>

service diag limit fan <1-3> low <1000-15000>

service diag limit filesys [etc2|flash|var]

<limit-as-percent>

service diag limit inodes [etc2|flash|var]

<limit-as-percent>

service diag limit load [01|05|15] <load-as-percent>

service diag limit maxFDs <0-32767>

service diag limit pkbuffers <0-65535>

service diag limit procRAM <0.0-100.0>

service diag limit ram <0.0-25.0>

service diag limit routecache <0-65535>

service diag limit temperature <temp-sensor-number> [critical|high|low]

service diag period <100-30000>

service diag tech-support-period <10-10080>

service diag tech-support-url <URL>

service encrypt secret 2 <passphrase> plaintext <plaintext>

service kill connection {<1-64>}

upgrade-history|watchdog]

process|reboot-history|startup-log|upgrade-history|

watchdog]

tech-support-period|tech-support-url|top]

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

service show rtls [location-history|rfid]

service show rtls location-history

service show rtls rfid events reader {<1-48>}

service undefine ecspec {<ECSpec-name>}

service wireless

Parameters(User Executable Mode)

clear [command-history|

reboot-history|

upgrade-history]

Resets functions

•

command-history - Clears upgrade history

reboot-history - Clears reboot history

upgrade-history - Clears upgrade history

diag [enable|identify|limit| Diagnostics commands

period|poe

•

enable – Enables in-service diagnostics

tech-support-period|

tech-support-url]

identify – Identifies a controller by flashing its LEDs

pkbuffers|procRAM|ram|routecache|temperature] – Sets

the diagnostic limit command

•

buffer []<0-65535> – Configures the buffer usage

warning limit. The warning limit can be set to a buffer

limit size [128|128k|16k|1k|256|2k|32|32k|4k|

512|64|64k|8k].

•

<0-65535>– Configures buffer usage warning

limit. Set between 0 and 65535.

•

fan <1 -3> low <1000-15000> – Sets the fan speed

limit for the fans on the controller.

•

low <1000-15000> – Sets the low speed limit of

the selected fan in RPMs.

filesys [etc2|flash|var] – Sets the file system freespace

limit

•

inodes[etc2|flash|var] – File system inode limit

load [01|05|15] – Aggregate processor load

maxFDs <0-32767> – Configures the maximum

number of file descriptors. Set between 0 to 32767

pkbuffers <0-65535> – Configures the packet buffer

head cache limit. Set between 0 and 65535.

procRAM <0-100.0> – Defines the RAM space used by

a process. Set the percentage <percent> of RAM space

used by the processor between 0.0 and 100.0 percent.

ram <0.0-25.0> – Configures free space for the RAM.

Configures the free space to any value between 0.0 to

25.0 percent.

•

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

•

routecache <0-65535> – Configures IP route cache

usage. Set a value between 0 and 65553.

temperature <1-6> [critical|high|low] – Sets the

number of temperature sensors for the controller.

•

critical <0.0 - 250.0> – Critical temperature limit

high <0.0 - 250.0> – high temperature limit

low <0.0 - 250.0> – low temperature limit

•

period <100-30000> – Configures the diagnostics period.

Set a value between 100-30000 milliseconds. The default

value is 1000 milliseconds.

•

poe debug - Power over Ethernet

•

debug - Enables debugging

tech-support-period <10-10080> – Sets diagnostics

tech-support-period

•

<10-10080> – The default 1440 minutes (1 day)

tech-support-url <URL>– Set the URL to use during auto

•

generated technical support dumps

•

<URL> – URL to which to copy

•

tftp://<hostname|IP>[:port]/path/file

ftp://<user>:<passwd>@<hostname|IP>[:port]/p

ath/file

•

sftp://<user>@<hostname|IP>[:port]>/path/file

encrypt secret 2

<pass-phrase> plaintext

<plain-text>

Encrypts a password or key with a secret passphrase

•

secret – Encrypts passwords/keys with a secret phrase

2 – Type of encryption SHA256-AES256

<pass-phrase> – Defines the passphrase used for

encryption

•

<plain-text> – Defines the plain text password or key to

encrypt

kill connection {<1-64>}

Kills a connection using ESPI Adapter index

•

connection {<1-64>} – A single optional ESPI Adapter index

<1-64>

locator

save-cli

Locates the controller by flashing all LEDs.

Saves the CLI tree for all modes in HTML

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

show

Displays running system information

[cli|command-history|crash

-info|diag|

•

cli – Shows the CLI tree of the current mode

command-history – Displays the command (except show

commands) history

crash-info – Displays information about core, panic and AP

dump files

diag [hardware|led-status|limits|period|stats

|tech-support-period|tech-support-url|top] – Sets or

displays controller diagnostics

info|memory|process|

reboot-history|rtls|

startup-log|

upgrade-history|

watchdog]

•

hardware – Shows the system hardware configuration

led-status – Shows LED state variables and the current

state

•

limits – Shows limit values

period – Shows the period (ms) for

in-service diagnostics

•

stats – Shows current diagnostics statistics

top – Shows the top processes (sorted by memory

usage)

•

tech-support-period <10-10080> – Shows diagnostics

tech-support-period

•

<10-10080> – The default 1440 minutes (1 day)

tech-support-url <URL> –Shows the URL to use during

auto generated technical support dumps

•

<URL> – URL to which to copy

tftp://<hostname|IP>[:port]/path/file

ftp://<user>:<passwd>@<hostname|IP>[:port]/path

/file

•

sftp://<user>@<hostname|IP>[:port]>/path/file

info – Shows a snapshot of available support information

•

memory – Shows memory statistics

watchdog – Shows watchdog status

process – Shows processes (sorted by memory usage)

reboot-history – Shows a reboot history

startup-log – Shows the startup log

upgrade-history – Shows an upgrade history

rtls [location-history|rfid] – Real Time Locationing System

commands

•

location-history – Show location engine history

rfid events – RFID Configuration

events reader – RFID reader events

reader <1-48> – A single RFID reader index

•

watchdog – Shows watch dog status

undefine ecspec

Undefines non active Event Cycle Specification

{<SPECNAME>}

•

ecspec {<SPECNAME>} – Name of optional ECSpecs

configuration

wireless

Displays current wireless parameters

Syntax (Privilege Executable Mode) (Priv Exec)

service [clear|copy|diag|

watchdog|wireless]

watchdog]

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

snooptable|securitymgr|wireless]

service clear fw flows

service clear securitymgr flows [<flow-index>|<interface>|

all|ge <ge-index>|me1|sa <sa-index>|vlan <vlan-id>]

service copy tech-support [<file>|<URL>] [tftp|ftp|sftp]

service diag [enable|identify|limit|period|

tech-support-period|tech-support-url]

service encrypt secret 2 <pass-phrase> <plain-text>

service firewall disable

service firewall ip igmp snooping robustness-variable <1-7>

service kill conncection {<1-64>}

service pktcap on [bridge|drop] {[count <1-1000000>|filter|hex|snap

<1-1518>|verbose|write]}

service pktcap on bridge filter on

[<LINE>|arp|capwap|dst|ether|host|icmp|igmp|ip|ip6|l2|l3|

l4|net|not|port|src|tcp|udp|vlan|wlan]

igmp|udp] {[and|or]

<LINE>}

service pktcap on bridge filter capwap {[ctrl|data] [and|or] <LINE>}

service pktcap on bridge filter dst [A.B.C.D|net|port]

{[and|or] <LINE>}

service pktcap on bridge filter ether [broadcast|dst|host|

multicast|proto|src]

service pktcap on bridge filter ether [broadcast|multicast]

{[and|or] <LINE>}

service pktcap on bridge filter ether [dst|host|src] <MAC>

{[and|or] <LINE>}

service pktcap on bridge filter ether proto <0-65535>

{[and|or] <LINE>}

service pktcap on bridge filter ether host <IP> {[and|or] <LINE>}

service pktcap on bridge filter ip multicast {[and|or] <LINE>}

service pktcap on bridge filter ip proto [<0-255>|

<protocol>] {[and|or] <LINE>}

service pktcap on bridge filter [l2|l3|l4] [u16 <0-126>|

u32 <0-124>|u8 <0-127>]

service pktcap on bridge filter net <IP/MASK> {[and|or] <LINE>}

service pktcap on bridge filter not [arp|capwap|dst|ether|

host|icmp|igmp|ip|ip6|l2|l3|l4|net|not|port|src|tcp|udp|

vlan|wlan]

service pktcap on bridge filter port <0-65535> {[and|or] <LINE>}

service pktcap on bridge filter src [<IP>|net <IP/MASK>|

port <0-65536>] {[and|or] <LINE>}

service pktcap on bridge filter tcp {[[and|or] <LINE>|[ack|fin|or|rst|syn]

{[and|or] <LINE>]}

service pktcap on bridge filter vlan <1-4095> {[and|or] <LINE>}

service pktcap on bridge filter wlan <1-2> {[and|or] <LINE>}

service pktcap on bridge [hex|verbose] {[count <1-1000000>|

filter [...] |snap <1-1518>]}

service pktcap on bridge snap <1-1518> {filter [...]}

service pktcap on bridge write [<FILE>|<URL>]

{[count <1-1000000>|filter [...] |snap <1-1518>]}

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

service pktcap on deny [access-list|count|filter|

service pktcap on deny access-list <ACL-index> {[and|or]

<LINE>}

service pktcap on deny [inbound|outbound] {[access-list|

count|filter|hex|[inbound|outbound]|snap|verbose|write]}

{[and|or] <LINE>}

service pktcap on interface [<INTERFACE>|ge <1-4>|me1|

sa <1-4>|vlan <1-4094>] {[count|filter|hex|inbound|

outbound|snap|verbose|write]} {[and|or] <LINE>}

service pktcap on router {[count|filter|hex|snap|verbose|

write]} {[and|or] <LINE>}

service pktcap on vpn {[count|filter|hex|inbound|outbound|

snap|verbose|write]} {[and|or] <LINE>}

service securitymgr [disable|disable-flow-rate-limit|

dump-core|enable-http-stats|tftplag]

wireless]

upgrade-history|watchdog]

service show fw flows brief

service show ip igmp snooping vlan <1-4094> {<MULTICAST-IP>}

service show last-passwd

service show pm {history [<process-name>|all]

service show rtls [grid|location-history|rfid]

service show rtls grid [all|x]

service show rtls grid all

service show rtls grid x <0-9000> y <0-9000>

service show rtls rfid events reader {<1-48>}

service show securitymgr flows [details|source]

service show securitymgr flows details {source [<IP>|any]

destination [<IP>|any] protocol [any|icmp|tcp|udp]}

service show securitymgr flows source [<IP>|any] destination [<IP>|any]

protocol [any|icmp|tcp|udp]

service show smart-rf [debug-config|sensitivity]

service show smart-rf debug-config

service show smart-rf sensitivity [client|pattern|rates]

service show smart-rf sensitivity client {<1-8192>|<MAC>}

service show smart-rf sensitivity pattern

[pattern-11a|pattern-11b|pattern-11bg|pattern-2-mbps]

service show wireless [ap-history|buffer-counters|

enhanced-beacon-table|enhanced-probe-table|group|

group-stats|legacy-load-balance|client-cache-buckets|

client-cache-entry|mvlan|radio|radio-cache-entry|

radio-hash-buckets|snmp-trap-throttle|vlan-cache-buckets|

vlan-cache-entry|waiting]

service show wireless [buffer-counters|group-stats|

legacy-load-balance|client-cache-buckets|radio-hash-buckets|

snmp-trap-throttle|vlan-cache-buckets]

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

service show wireless ap-history <MAC>

service show wireless[enhanced-beacon-table|

enhance-probe-table] [config|report]

service show wireless group <1-256>

service show wireless client-cache-entry {<1-8192>|<MAC>}

service show wireless mvlan <1-256>

service show wireless radio [<1-4096>|description|mapping]

service show wireless radio-cache-entry {<MAC>}

service show wireless vlan-cache-entry {[<1-8192>|<MAC>]}

service show wireless waiting {<1-99>}

service smart-rf

service smart-rf replay enable

service smart-rf [rescue|restore] [<radio-mac>|

<radio-index>|<radio-index-list>]

service smart-rf simulate [coverage-hole|interference]

service smart-rf simulate coverage-hole <1-4096>

<unit-range> [<unit-range>|pattern-11a|pattern-11b|

pattern-11bg|pattern-2-mbps]

service smart-rf interference [<radio-mac>|<radio-index>|

<radio-index-list>]

service undefine ecspec {<SPECNAME>}

service wireless [ap-history|clear-ap-log|custom-cli|dot11i|

dump-core|enhanced-beacon-table|enhanced-probe-table|

free-packet-watermark|idle-radio-send-multicast|

legacy-load-balance|map-radios|radio-misc-cfg|rate-scale|

request-ap-log|save-ap-log|snmp-trap-throttle|

sync-radio-entries|vlan-cache]

service wireless [dumpcore|legacy-load-balance|rate-scale|

save-ap-log|sync-radio-entries]

service wireless ap-history [clear|enable]

service wireless clear-ap-log {<1-1024>}

service wireless custom-cli [sh-wi-wireless-client|sh-wi-radio]

service wireless custom-cli sh-wi-wireless-client [ap-locn|

username]

service wireless custom-cli sh-wi-radio [adopt-info|

power|radio-desc|radio-id|state]

service wireless dot11i enforce pmkid-validation

service wireless enhanced-beacon-table [channel-set|enable|

erase-report|max-ap|scan-interval|scan-time]

service wireless enhanced-beacon-table [enable|erase-report]

service wireless enhanced-beacon-table channel-set

[a|an|bg|bgn] <1-200>

service wireless enhanced-beacon-table max-ap <0-512>

service wireless enhanced-beacon-table scan-interval <10-60>

service wireless enhanced-beacon-table scan-time <100-1000>

service wireless enhanced-probe-table

[enable|erase-report|max-client|preferred|window-time]

service wireless enhanced-probe-table [enable|erase-report]

service wireless enhanced-probe-table max-client <0-512>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

service wireless enhanced-probe-table preferred <MAC>

service wireless enhanced-probe-table window-time <10-60>

service wireless free-packet-watermark <0-100>

service wireless idle-radio-send-multicast enable

service wireless map-radios <1-127>

service wireless radio-misc-cfg <hex-mask>

service wireless request-ap-log <ap-index>

service wireless snmp-trap-throttle <1-20>

service wireless vlan-cache enable

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

Parameters (Privilege Executable Mode)

clear

Performs a variety of reset functions

[all|aplogs|clitree|cores|

dumps|fw|panics|

snooptable|wireless]

•

all – Removes all core, dump and panic files

aplogs – Removes all AP log files

clitree – Removes clitree.html (created by the save-cli

command)

•

cores – Removes all core files

dumps – Removes all dump files

fw flows – Clears firewall sessions

•

flows – Firewall established sessions

panics – Removes all kernel panic files

•

securitymgr flows – Securitymgr parameters

•

flows [<0-349>|ge me1|sa|vlan|all] – Sessions

established

•

<0-349> – Flow Index

WORD – Interface name

all – All established sessions

vlan <1-4094> – VLAN

me1 - Fast Ethernet interface

sa <1-4> – Static Aggregate interface

ge <1-4> – Gigabit Ethernet interface

•

snooptable – Clear Static and Dynamic Snoop entries

wireless – wireless related parameters

•

wireless-client association-statistics– Clears wireless

client related parameters

•

association-statistics – Clears association and

reassociation statistics

copy tech-support

[<file>|<URL>]

[tftp|ftp|sftp]

Copies files for tech support purposes

•

tech-support [<file>|<URL>] [tftp|ftp|sftp] – Copies

extensive system information useful to technical support for

troubleshooting.

•

FILE – File to which to copy

•

cf:/path/file

usb1:/path/file

usb2:/path/file

•

URL– Target URL from which to copy

•

tftp://<hostname:port or IP>/path/file

ftp://<user>:<passwd>@

<hostname:port or IP>/path/file

•

sftp://<user>@<hostname:port or IP>/path/file

dhcp-snoop-conflict-detectio IP Address, MAC Address conflict detection based on DHCP Snoop

n disable

Table

•

disable – Disable packet drop based on conflict detection

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

diag [enable|identify|

Sets or displays controller diagnostic values

limit|period|

tech-support-period|

tech-support-url]

•

enable – Enables in-service diagnostics

fanduty <40-100> – CPU fan PWM duty cycle.

Set a value between 40-100%. Setting a value below 60 is

considered unreliable.

•

identify – Identifies a controller by flashing the LEDs

limit [buffer|fan|filesys|inodesload|maxFDs

Diagnostic limit commands

•

buffer [] – Configures the buffer usage warning limit.

The warning limit can be set to the buffer limit size of

[128|128k|16k|1k|256|2k|32|32k|4k|512|64|

64k|8k]

•

fan <1-3> low <1000-150000> – Sets the fan speed

limit for the fans on the controller.

•

low <1000-15000> – Sets limit value from 1000

to 15000

•

filesys [etc2|flash|var] – Sets the file system freespace

limit

inodes [etc2|flash|var] – Sets the file system inode

limit

•

load [01|10|15] – Aggregate processor load

maxFDs <0-32767> – Configures the maximum

number of file descriptors between 0 - 32767.

pkbuffers <0-65535>– Sets the packet buffer head

cache limit between 0 - 65535.

procRAM <0.0-100.0> – Configures the RAM space

used by a process. Set the percentage of RAM space

between 0.0 and 100.0 percent .

•

ram <0.0-25.0> – Configures the free space for the

RAM. Configure the free space between 0.0 and 25.0

percent.

•

routecache <0-65535> – Configures IP route cache

usage. Set between 0 and 65553.

temperature <1-6> [critical|high|low] – Sets the

number of temperature sensors for the controller.

•

critical <0.0 - 250.0> – Critical temperature limit

high <0.0 - 250.0> – high temperature limit

low <0.0 - 250.0> – low temperature limit

•

period <100-30000> – Configures the diagnostics period.

Set a value between 100-30000 milli seconds. The default

value is 1000 milliseconds

diag-shell

Provides diag shell access

encrypt[secret|2|

<pass-phrase>|

<encryption-key>]

Encrypt password or key with secret

•

secret – Encrypt passwords/keys with secret phrase

2 – Type of encryption SHA256-AES256

<pass-phrase> – Passphrase for encryption

<encryption-key> – Plaintext password or key to encrypt

firewall disable

Configures firewall parameters

disable – Disable firewall

•

kill connection {<1-64>}

Kills a connection using ESPI Adapter index

•

connection <1-64> – A single optional ESPI Adapter index

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

pktcap on

Packet capturing

[bridge|interface|router|

vpn]

[count|filter|verbose|

write]

•

on – Defines the packet capture location

packet at the bridge

•

count <1-1000000> – Limits the captured packet

count

•

filter

ip|ip6|l2|l3|l4|net|not|port|src|tcp|udp|vlan|wlan]

– Filters packets based on specified criteria.

•

<LINE> – Defines user defined packet capture

filter

•

arp – Match arp packets

capwap – Match Capwap packets

dst – Match IP destination

ether – Ethernet

host – Match IP address

icmp – Match icmp packets

igmp – Match igmp packets

ip – Match IPV4 packets

ip6 – Match IPV6 packets

l2 – Match L2 header

l3 – Match L3 header

l4 – Match L4 header

net – Match IP in subnet

not – Logical not

port – Match TCP or UDP port

src – Match IP source

tcp – Match TCP packets

udp – Match UDP packets

vlan – Match vlan

wlan – Match wlan

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

•

verbose <1-1000000> – Displays full packet body

•

filter – Captures the filter

snap <1-1518>– Captured data length

write [<FILE>|URL] – Captures to a file

•

FILE – File to which to copy

cf:/path/file

usb1:/path/file

usb2:/path/file

URL– Target URL from which to copy

tftp://<hostname:port or IP>/path/file

ftp://<user>:<passwd>@

<hostname:port or IP>/path/file

sftp://<user>@<hostname:port or IP>/path/file

•

interface [<WORD>|ge|me1|sa|vlan] – Captures at an

interface

•

WORD – Interface name

ge <1-4> – Gigabit Ethernet interface

me1 – Fast Ethernet interface

sa <1-4> – Static Aggregate interface

vlan <1-4094> – VLAN

•

count – Limits capture packet count

filter – Filters on criteria

inbound – Captures inbound packets only

outbound – Captures outbound packets only

verbose – Displays full packet body

write – Captures to a file

snap – Captured data length

hex – Show full packet body

•

packets at the router.

•

count <1-1000000> – Limits capture packet count

filter – Captures filter

verbose – Displays full packet body

write – Captures to a file

snap <1-1518> – Captured data length

hex – Show full packet body

•

count – Limits capture packet count

filter – Captures the filter

snap – Captured data length

•

vpn – Captures at the VPN

•

count – Limits capture packet count

filter – Captures the filter

inbound – Captures ingress direction only

outbound – Captures egress direction only

verbose – Displays full packet body

write – Captures to a file

snap – Captured data length

hex – Show full packet body

•

count – Limits capture packet count

filter – Captures the filter

snap – Captured data length

pm stop

Process Monitor

stop – Stops the PM from monitoring all daemons

•

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

save-cli

Saves the CLI tree for all modes in HTML

Securitymgr parameters

securitymgr [disable|

disable-flow-rate-limit|

dump-core|

•

disable – Disables securitymgr

disable-flow-rate-limit – Disables flow rate limiting

dump-core – Creates a core file of the securitymgr process

enable-http-stats – Enables the securitymgr HTTP statistics

interface

enable-http-stats]

show [cli|

Displays running system information

command-history|

crash-info|diag|fw|info|

ip|last-passwd|memory|

pm|process|

reboot-history|rtls|

securitymgr|smart-rf|

startup-log|

•

cli – Shows the CLI tree of the current mode

command-history – Displays a command (except show

commands) history

crash-info – Displays information about core, panic and AP

dump files

•

tech-support-url|top] – Displays diagnostics

upgrade-history|

watchdog|wireless]

•

hardware – Displays the hardware system configuration

period – Displays the period (ms) for the in service

diagnostics

•

limits – Displays limits value

stats – Displays current diagnostics statistics

tech-support-period – Displays the tech-support period

(minutes) for the in service diagnostics

tech-support-url – Displays the tech-support-url

top –Displays top processes

•

fw flows – Firewall

•

flows brief– Sessions Established

brief – Summary of active flows

•

info – Shows a snapshot of available support information

last-passwd – Displays the last password used to enter the

shell

•

memory – Shows memory statistics

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

•

pm history – Process Monitor

•

history [WORD|all] – Displays state changes for a

process, the time they happened and events

•

WORD – Process name

all – All processes

process – Shows processes (sorted by memory usage)

reboot-history – Shows a reboot history

•

rtls [grid|location-history|rfid] – Locationing Configuration

•

grid [all|x] – Displays RSSI values in grid

all – Displays all grids

x <0-9000> – Displays grid x coordinates

•

y<0-9000> – Displays grid y coordinates

•

location-history [events] – Displays location engine

history

rfid [events]– RFID Configuration

•

events <1-48> – Displays RFID reader events

<1-48> – A single RFID reader index

•

securitymgr – Security manager information displays

smart-rf [ debug-config| sensitivity] – Smart-RF Management

commands

•

debug-config – Displays smart-rf debug configuration

sensitivity [client|pattern|rates] – Displays sensitivity

table

•

client[<1-8192>|WORD]– for given client

<1-8192> – A single index

WORD – MAC address of client-cache entry to

show

•

pattern|rates – for common client pattern

startup-log – Shows the startup log

•

upgrade-history – Shows an upgrade history

watchdog – Shows the watchdog status

wireless – Displays wireless parameters

show securitymgr flows

Service Security Manager parameters

flows [details|source] – Sessions established

•

details – Shows detail flow statistics

source [A.B.C.D|any] – Shows the source IP address

•

[A.B.C.D|any] – Flows where source address is

A.B.C.D or flows with any source address

•

destination [A.B.C.D|any] – Destination IP address

•

[A.B.C.D|any] – Flows where the destination

address is A.B.C.D or flows with any destination

address

protocol [any|icmp|tcp|udp] – Protocol type

•

[any|icmp|tcp|udp] – Flows having any or icmp or

tcp or udp protocol

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

smart-rf

Displays Smart-RF Management Commands

[clear-history|load-from-file|

replay|rescue|restore|save

-to-file|simulate]

•

clear-history– clears assignment history

load-from-file – load record from file

replay enable – set replay mode

•

enable – enable replay mode

rescue <MAC> – force rescue operation

<MAC> – A single radio-mac-address, a single index

•

restore <MAC> – remove any recovering operation on given

mode

•

<MAC> – A single radio-mac-address a single index

•

save-to-file – save records to file smart.bin

simulate [coverage-hole|interference] – Simulate radio

events

•

coverage-hole <1-4096> – Simulate coverage hole

•

experienced-rate transmit-rate – Provide the

experienced rate in mbps

•

transmit-rate [patter-11a|pattern-11b|

pattern-11bg|pattern-2-mbps] – Provide the

simulated clients’s allowed transmit rates in

hexadecimal format

•

pattern-11a – 11a Unit

pattern-11b – 11b Unit

pattern-11bg – 11bg Unit

pattern-2-mbps – 2 Mbps Unit

•

interference <MAC> – Simulate interference on radio

•

<MAC> – A single radio-mac-address, a single

index

start-shell

test

Provides shell access

Provides test parameters

undefine ecspec

Undefines non active Event Cycle Specification

•

ecspec <SPECNAME> – Name of ECSpecs configuration

watchdog

Enables the controller watchdog

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

wireless [ap-history|

Wireless parameters

clear-ap-log

|custom-cli|dot11i|

dump-core|

enhanced-beacon-table|

enhanced-probe-table|

free-packet-watermark

|idle-radio-send-multicast|

legacy-load-balance

|map-radios|

radio-misc-cfg

|rate-scale|

request-ap-log

|save-ap-log

•

ap-history [clear|enable] – Access-point history

•

clear – Delete all history of all APs

enable – Enable the tracking of AP history

clear-ap-log <1-1024> – Clears the AP logs

•

custom-cli [sh-wi-wireless-client|sh-wi-radio] – Customize the

output of some summary cli commands in wireless

•

sh-wi-wireless-client [ap-locn|ap-name|channel|

|wlan-desc|wlan-id|username] – Customize the output

of the "show wireless wireless-client’ command

•

ap-locn – The location of the AP where the

wireless-client is associated

ap-name – The name of the AP where the

wireless-client is associated

channel – The channel of the radio where the

wireless-client is associated

dot11-type –The dot11 radio type of the

wireless-client

|snmp-trap-throttle|

sync-radio-entries|

vlan-cache]

•

ip – The IP address of the wireless-client

last-heard – the time when a packet was last

received from the wireless-client

mac – MAC address of wireless-client

radio-bss – the bssid of the radio where the

wireless-client is associated

•

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

•

radio-desc – description of radio where the

wireless-client is associated

radio-id – The radio index to which the

wireless-client is associated

•

ssid – The ssid of the wireless-clients wlan

state – The current state of the wireless-client

username – The Radius username of the user

connected through this device (shown only if

applicable and available)

•

vlan – The vlan-id assigned to the wireless-client

wlan-desc – The wlan description the

wireless-client is using

•

wlan-id – The wlan index the wireless-client is

using

•

sh-wi-radio [adopt-info|ap-locn|ap-mac|

radio-desc|radio-id|state] – Customize the output of

the "show wireless radio" command

•

adopt-info – The adoption information about the

radio

ap-locn – The location of the AP to which this radio

belongs

ap-mac – The MAC address of AP to which the

radio belongs

ap-name – The name of the AP to which this radio

belongs

•

bss – The bssid of the radio

channel –The configured and current channel of

the radio

•

dot11-type – The the dot11 type (11a/11g etc) of

the radio

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

•

num-client – The number of mobile devices

associated with this radio

power – The configured and current transmit

power of the radio

•

pref-id – The adoption preference id of the radio

radio-desc – The description of the radio

radio-id – The radio index in configuration

state – The current operational state of the radio

•

dot11i – modify dot11i service parameters

dump-core – Creates a core file of the ccsrvr process

enhanced-beacon-table [channel-set|enable|

erase-report|max-ap|scan-interval|scan-time]– Enhanced

beacon table for AP locationing.

•

channel-set [a|an|b|bg|bgn] <1-200> – Adds

channels to the different radio types. Channel types are

a, an, b, bg, bgn. The channel number must be in the

range 1 to 200.

•

enable – Enables the Enhance Beacon Table feature for

AP locationing

erase-report – Erases the reports for Enhanced Beacon

Table feature.

max-ap <0-512> – Sets the maximum number of APs to

be recorded in the Enhanced Beacon Table. Set a value

in the range 0 -512.

•

scan-interval <10-60>– The time duration between two

enhanced beacon table for AP locationing scans in

seconds.

scan-time <100-1000>– The time duration of an

Enhanced Beacon Table scan in millisecond.s

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

•

enhanced-probe-table [enable|erase-report|max-client|

preferred|window-time] – Enhanced probe table for Client

locationing.

•

enable – Enables the Enhanced Probe Table feature for

Client locationing.

erase-report – Erases the reports for Enhanced Probe

Table feature.

max-client <0-512> – Sets the maximum clients in the

Enhance Probe Table report.

preferred <MAC> – Add the MAC <MAC> to the

preferred Client list.

window-time – Sets the Window Time for probe

collection in seconds to a value in the range 10 to 60

seconds.

•

free-packet-watermark – It is free packets threshold. If the

percentage of free packets is lower than this number, then

additional packets will not be queued up in the datapath

idle-radio-send-multicast – Forward multicast packets to

radios without associated wireless clients

legacy-load-balance – Invoke legacy load balance algorithm

map-radios – Set radio-to-cpu mapping constant

radio-misc-cfg – radio specific misc configuration U16 for all

radios

•

rate-scale – Enable wireless rate scaling (default)

request-ap-log – Request ap Log

save-ap-log – Saves debug/error logs sent by the

access-point

•

snmp-trap-throttle – Limits the number of SNMP traps

generated from the wireless module

•

sync-radio-entries – sync radio configuration at cluster levels

vlan-cache – VLAN-cache mode

Syntax (Global Config Mode) (Global Config)

watchdog]

service [advanced-vty|dhcp|watchdog]

service diag [enable|limit|period|tech-support-period|

tech-support-url]

service password-encryption secret 2 <pass-phrase>

service pm sys-restart

service prompt crash-info

service radius {restart}

service redundancy dynamic-ap-load-balance start

service set [command-history|reboot-history|upgrade-history]

<10-100>

service show cli

service terminal-length <0-512>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

Parameters (GLOBAL Config)

advanced-vty

dhcp

Enables advanced mode vty interface

Enables the DHCP server

diag[enable|limit|period|

tech-support-period|

Displays diagnostics

•

enable – Enables in-service diagnostics

limit – Diagnostic limit command

period – Sets the diagnostics period

tech-support-period – Sets diagnostics

tech-support-period

tech-support-url]

•

tech-support-url – Sets the URL to use during auto generated

technical support dumps

password-encryption

[secret|2|<pass-phrase>

|<encryption-key>]

Encrypts passwords

•

secret – Encrypts passwords/keys with a secret phrase

2 – Type of encryption SHA256-AES256

<pass-phrase> – Passphrase for encryption

<encryption-key> – Plaintext password or key to encrypt

pm sys-restart

Process Monitor

sys-restart – Enables the PM to restart the system when a

processes fails

Enable crash-info prompt

crash-info – Enables a crash-info prompt

Enable radius server

•

prompt crash-info

radius restart

•

restart – Restarts the radius server with an updated

configuration

redundancy

Configure redundancy group parameters

dynamic-ap-load-balance

start

•

dynamic-ap-load-balance start – Enables the Dynamic AP

Load Balance feature

•

start – Start dynamic AP load balance

set [command-history

|reboot-history|

upgrade-history]

Set service parameters.

•

command-history <10-300> – Sets the size of the command

history (default is 200)

reboot-history <10-100> – Sets the size of the reboot history

(default is 50)

upgrade-history <10-100> – Sets the size of the upgrade

history (default is 50)

show

Shows running system information

cli – Shows the CLI tree of the current mode

System wide terminal length configuration

<0-512> – Number of lines of VTY (0 means no line control)

Enables the watchdog

•

terminal-length <0-512>

watchdog

•

Usage Guidelines

The service password-encryptionset by the user cannot be disabled without knowing the old

password. Refer the note below for more clarification.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

NOTE

The no service password-encryptioncommand used to disable the encryption, now requires the

user to know the old password. The user will have to enter the old password to disable the

encryption.

Earlier, using no service password-encryptiondisabled the encryption and show running config

displayed the passwords as plaintext.

Now, the user has to user no service password-encryption <old password key>to disable or

change the password.

Example

RFController#service diag ?

enable

identify

Enable in service diagnostics

Identify this controller by flashing the LEDs in a

rapidly changing pattern

limit

diagnostic limit command

period

Set diagnostics period

tech-support-period Set diagnostics tech-support period

tech-support-url Set the URL to use during auto generated technical

support dumps

RFController#service diag enable

RFController#service diag limit ?

buffer

fan

buffer usage warning limit

Fan speed limit

filesys

load

file system freespace limit

agregate processor load

maxFDs

maximum number of file descriptors

pkbuffers packet buffer head cache

procRAM

ram

percent RAM used by a process

percent free RAM

routecache IP route cache usage

temperature temperature limit

RFController#service diag limit buffer ?

128 128 byte buffer limit

128k 128k byte buffer limit

16k 16k byte buffer limit

1k 1k byte buffer limit

256 256 byte buffer limit

2k 2k byte buffer limit

32 32 byte buffer limit

32k 32k byte buffer limit

4k 4k byte buffer limit

512 512 byte buffer limit

64 64 byte buffer limit

64k 64k byte buffer limit

8k 8k byte buffer limit

RFController>service show command-history

Configured size of command history is 200

Date & Time

User Location Command

===========================================================

May 31 21:57:44 2010 admin

vty 130

exit

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Common commands

May 31 20:30:11 2010 admin

vty 130

con 0

vty 131 enable

con 0

vty 131

vty 130

con 0

configure terminal

enable

exit

configure terminal

enable

May 31 20:27:08 2010 admin

May 31 20:18:03 2010 admin

May 31 20:17:32 2010 admin

May 31 20:17:26 2010 admin

May 31 18:32:42 2010 admin

May 31 18:32:29 2010 admin

May 31 18:31:48 2010 admin

May 31 18:31:45 2010 admin

May 29 15:40:04 2010 admin

May 29 15:23:43 2010 admin

May 29 15:23:36 2010 admin

May 29 15:23:19 2010 admin

May 29 15:23:03 2010 admin

May 29 15:22:48 2010 admin

May 29 15:22:45 2010 admin

May 25 21:32:27 2010 admin

May 25 21:32:21 2010 admin

May 24 18:34:36 2010 admin

May 24 18:34:21 2010 admin

May 23 19:07:35 2010 admin

May 23 19:06:59 2010 admin

May 23 14:36:09 2010 admin

May 21 16:37:13 2010 admin

May 21 16:34:36 2010 admin

ip address 10.10.10.2/24

interface vlan 1

configure terminal

enable

exit

ip address 10.10.10.2/24

exit

interface vlan 1

configure terminal

enable

configure terminal

enable

configure terminal

enable

configure terminal

enable

RFController>service show reboot-history

Configured size of reboot history is 50

Date & Time

=====================================================

May 31 18:29:42 2010 startup

- - - shutdown (ungraceful:unexpected cold restart)

May 31 15:42:23 2010 startup

- - - shutdown (ungraceful:unexpected cold restart)

May 31 12:35:18 2010 startup

- - - shutdown (ungraceful:unexpected cold restart)

May 30 17:15:13 2010 startup

- - - shutdown (ungraceful:unexpected cold restart)

May 29 15:10:51 2010 startup

- - - shutdown (ungraceful:unexpected cold restart)

May 28 20:06:31 2010 startup

- - - shutdown (ungraceful:unexpected cold restart)

May 25 14:21:35 2010 startup

- - - shutdown (ungraceful:unexpected cold restart)

May 24 14:20:09 2010 startup

- - - shutdown (ungraceful:unexpected cold restart)

May 23 14:07:21 2010 startup

- - - shutdown (ungraceful:unexpected cold

Event

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

•User exec commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Displays the settings for the specified system component. There are a number of ways to invoke

the show command:

•

When invoked without any arguments, it displays information about the current context. If the

current context contains instances, the show command (usually) displays a list of these

instances.

•

When invoked with the display_parameter, it displays information about that component.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show <parameter>

Parameters

Display

Parameters

Description

Mode

Example

autoinstall

banner

Displays the autoinstall configuration

Common

page 62

page 63

Displays the message of the day login

banner

commands

crypto

Displays command lists

Common

Displays current encryption details

Displays environmental information

Displays the session command history

environment

history

interfaces

Displays the current interface status and Common

configuration

Displays the internet protocol

Common

Displays the LDAP server configuration

Displays the installed licenses, if any

licenses

logging

Displays the logging configuration and

buffer

mac

Displays the media access control IP

configuration

Common

page 79

mac-address-table

management

Displays the MAC address table

Common

page 80

page 81

Displays L3 management interface

name

mobility

ntp

Displays mobility parameters

Common

page 82

page 84

Displays network time protocol

information

port-channel

power

Displays port channel commands

Common

page 85

page 86

page 87

Displays power over ethernet command Common

Displays the current privilege level Common

privilege

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

Display

Parameters

Description

Mode

Example

radius

Displays RADIUS configuration

commands

Common

page 88

redundancy

Display configuration details for dynamic Common

page 89

dynamic-ap-load-bal AP Load Balance

ance

redundancy group

redundancy history

Displays redundancy group parameters Common

page 90

page 92

Displays the state transition history of

the controller

Common

redundancy

members

Displays redundancy group members in Common

detail

page 93

page 94

rtls

Displays Real Time Location System

Common

(RTLS) commands

smtp-notification

snmp

Displays trap enable flags (new)

Displays SNMP engine parameters

Displays the spanning tree information

Common

static-channel-group Displays static channel group

membership information

terminal

Displays terminal configuration

parameters

Common

Displays the timezone

Common

page 106

page 107

page 108

Displays traffic shaping configuration

Displays information about terminal

lines

version

Displays software and hardware version Common

information

Displays wireless configuration

commands

Common

wlan-acl

Displays WLAN ACL information

Common

access-list

Displays the access list Internet Protocol Privilege/Global page 126

(IP) configuration

Config

aclstats

alarm-log

boot

Displays ACL statistics

Privilege/Global page 127

Config

Displays all the alarms currently in the

system

Privilege/Global page 128

Config

Displays the boot configuration

Privilege/Global page 129

Config

clock

Displays the system clock

Privilege/Global page 130

Config

debugging

dhcp

Displays the current debugging settings Privilege/Global page 131

Config

Displays DHCP server configurations

Displays filesystem information

Privilege/Global page 132

Config

file

Privilege/Global page 133

Config

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

Display

Parameters

Description

Mode

Example

ftp

Displays the FTP server configuration

Privilege/Global page 134

Config

password-encryption Displays password encryption data

Privilege/Global page 135

Config

running-config

securitymgr

sessions

Displays the current operating

configuration

Privilege/Global page 136

Config

Displays debug information for ACL, VPN Privilege/Global page 139

and NAT

Config

Displays currently open and active

connections

Privilege/Global page 140

Config

Displays the content of the startup

configuration

Privilege/Global page 141

Config

Displays the status of the last image

upgrade

Privilege/Global page 143

Config

Displays the configured MAC names for Privilege/Global page 144

this device

Config

Displays the access list information

Privilege/Global page 126

Config

aclstats

Displays the ACL statistics for a

particular WLAN

Privilege/Global page 127

Config

alarm-log

firewall

role

Displays the alarm log on the device

Displays wireless firewall

Privilege

Common

page 128

page 145

page 146

Configures role parameters

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

autoinstall

Common to all modes

Displays the autoinstall configuration information.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show autoinstall status

Parameters

status

Displays status of autoinstall

Syntax

RFController>show autoinstall

RFController>feature enabled

URL

config

cluster cfg yes

image yes

yes

--not-set--

expected image version --not-set--

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

banner

Common to all modes

Displays the message of the day string. This string can be used to alert the user to specific

information that might be of interest.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show banner motd

Parameters

motd

Displays the Message of the Day banner

Example

RFController>show banner motd

Welcome to CLI

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

commands

Common to all modes

Displays the available commands for the current mode.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

RFController>show commands

Parameters

None

Example

RFController#show commands

acknowledge alarm-log (all|<1-65535>)

archive tar /create (FILE|URL) .FILE

archive tar /table (FILE|URL)

archive tar /xtract (FILE|URL) DIR

cd (DIR|)

change-passwd

clear aclstats

clear alarm-log (new|all|acknowledged|<1-65535>)

clear arp-cache

clear crypto ipsec sa (A.B.C.D |)

clear crypto isakmp sa ( A.B.C.D |)

clear ip dhcp binding (*|A.B.C.D)

.....................................................(contd)

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

crypto

Common to all modes

Displays the encryption mode information.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show crypto[ipsec|isakmp|key|map|pki]

show crypto ipsec[sa|

security-association|transformset]

show crypto isakmp[policy <1-10000>|sa]

show crypto keymy pubkey rsa

show crypto map[interface <interface-name>|tag <tag-name>]

show crypto pki[request <trustpoint-name>|trustpoints]

Parameters

ipsec

Displays the IPSEC policy

[sa|securityassociation

|transformset]

•

sa – IPSec security association

security-association lifetime – Security association

lifetime – Defines the lifetime

transformset <name> – Transformset

•

<name> – Defines the transform set name or all

transform sets

isakmp

Displays ISAKMP policies

[policy <1-10000>|sa]

•

policy <1-10000> – Displays the priority of all the isakmp

policies

•

sa – All crypto ISAKMP security associations

key mypubkey rsa

Displays authentication key management

•

mypubkey rsa – Shows the public keys associated with the

controller

•

rsa – Displays the RSA public keys

map [interface|tag]

pki [request|trustpoints]

Displays crypto maps

•

interface <interface-name> – Sets crypto maps for an

interface

tag <tag-name> – Sets crypto maps with a given tag

Displays Public Key Infrastructure (PKI) commands

•

request <trustpoint-name> – Displays the certificate

requests

•

trustpoints – Displays the trustpoints and their configuration

Usage Guidelines

The security engine periodically updates the IPSec and Isakamp statistics (every 60 seconds)

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

Example

RFController(config)#show crypto pki request tptest

-----BEGIN CERTIFICATE REQUEST-----

MIIB2zCCAUQCAQAwaDELMAkGA1UEBhMCaW4xEjAQBgNVBAgTCWthcm5hdGFrYTES

MBAGA1UEBxMJYmFuZ2Fsb3JlMQ8wDQYDVQQKEwZzeW1ib2wxDDAKBgNVBAsTA3dp

ZDESMBAGA1UEAxMJdGVzdC1jZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB

gQC3qisZdTn7rKzv5TrGtKt7fwMwaYpgehyl52I4fDLZYY/WTTTJFyKwW6s+Pq2R

mM9oiqX8mCZeSEIJIATpAVT2M5Ukb4Br9YQDcWHs84oXRJxKPeZ3WscBld2soPvK

ui1LoizZH9iqawmkXED1TFMBbDWiOcfnqQKn8Tddeax/JQIDAQABoDMwMQYJKoZI

hvcNAQkOMSQwIjALBgNVHQ8EBAMCBLAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJ

KoZIhvcNAQEEBQADgYEAoJMylm3aaY1CnkOO5TbxB+qL4F4MKL6+o/m0yRPqy/2S

gkk/OwxHvc3TbA9WjbKkFWIDyqU7X0d+c8f9KogwxDwWHll2IBiTCtBAq6hpgKOv

Um9GFvMFps9XVkKtYttN3fer9tA+6xY9CKlr12mNGOYFHyVjMc3Pic0ODFiPHAU=

-----END CERTIFICATE REQUEST-----

RFController(config)#show crypto pki trustpoints

Trustpoint :default-trustpoint

-----------------------------------------------

Server certificate configured

Subject Name:

Common Name:

Issuer Name:

Common Name:

Brocade

Valid From: Sep 13 16:14:49 2010 GMT

Valid Until: Sep 13 16:14:49 2010 GMT

Trustpoint :tptest

-----------------------------------------------

CA certificate configured

Subject Name:

Common Name:

monarch

Organizational Unit: wid

Organization:

Location:

State:

Brocade

bangalore

karnataka

Country:

email:

[email protected]

Issuer Name:

Common Name:

monarch

Organizational Unit: wid

Organization:

Location:

State:

Country:

email:

Brocade

bangalore

karnataka

[email protected]

Valid From: Sep 11 05:48:52 2010 GMT

Valid Until: Sep 11 05:48:52 2010 GMT

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

environment

Common to all modes

Displays the environmental information such as fan speed, ambient temperature inside the

controller and CPU temperature.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show environment

Parameters

None

Example

RFController>show environment

upwind of CPU temperature : 30.0 C

CPU die temperature : 49.0 C

left side temperature : 29.0 C

by FPGA temperature : 28.0 C

front right temperature : 26.0 C

front left temperature : 26.0 C

fan 1 fan

fan 2 fan

fan 3 fan

: 6480 rpm

: 6600 rpm

: 6420 rpm

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

history

Common to all modes

Displays the command history

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show history

Parameters

None

Example

RFController>show history

1 admin

2 enable

3 con ter

4 exit

5 show autoinstall

6 con ter

7 show autoinstall

8 show banner

9 show banner motd

10 show command

11 show crypto

12 show environment

13 show history

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

interfaces

Common to all modes

Displays the status of the different controller interfaces

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show interfaces [WORD|ge|me1|sa|controllerport|vlan]

Parameters

show interfaces

Displays the interface name

[WORD|ge|me1|sa|

controllerport|vlan]

•

WORD– Displays interface name

ge – Displays Gigabit Ethernet interface information

me1 – Displays fast ethernet information

sa – Displays Static Aggregate information

controllerport – Displays native VLAN(s) and allowed VLAN

information on controller ports

•

vlan[WORD|ge|me1| sa|vlan <1-4094> – Displays VLAN

interface details

Usage Guidelines

Use the show interfacecommand to display the administrative and operational status of all the

interfaces or a specified interface

Example

RFController#show interfaces ge 3

Interface ge3

Hardware Type Ethernet, Interface Mode Layer 2, address is 00-a0-f8-65-ea-8e

index=2001, metric=1, mtu=1500, (HAL-IF) <UP,BROADCAST,MULTICAST>

Speed: Admin Auto, Operational Unknown, Maximum 1G

Duplex: Admin Auto, Operational Unknown

Active Medium: Unknown

Controllerport Settings: access, access-vlan: 1

Input packets 0, bytes 0, dropped 0,

Received 0 broadcasts, 0 multicasts

Input errors 0, runts 0, giants 0,

CRC 0, frame 0, fragment 0, jabber 0

Output packets 0, bytes 0, dropped 0

Sent 0 broadcasts, 0 multicasts

Output errors 0, collisions 0, late collisions 0,

excessive collisions 0

RFController#show interfaces wan

Interface wan

Hardware Type PPP, Interface Mode Layer 3

index=8, metric=1, mtu=1500, (PAL-IF) <UP,POINTOPOINT,RUNNING,NOARP,MULTICAST

inet 166.129.246.245/32 pointopoint 10.64.64.64

input packets 0, bytes 0, dropped 0, multicast packets 0

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0

output packets 184, bytes 17618, dropped 0

output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0

collisions 0

index=8, metric=1, mtu=1500, (PAL-IF) <UP,POINTOPOINT,RUNNING,NOARP,MULTICAST

inet 166.129.246.245/32 pointopoint 10.64.64.64

input packets 0, bytes 0, dropped 0, multicast packets 0

input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0

output packets 184, bytes 17618, dropped 0

output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0

collisions 0

RFController(config)#show interfaces controllerport vlan1

Interface vlan1

Controllerport Settings: Mode: Access, Access Vlan: 0

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

Common to all modes

Displays Internet Protocol (IP) related information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show ip [access-group|arp|ddns|dhcp|

show ip access-group [<interface-name>|all|ge|me1|role|sa|

vlan <1-4094>]

show ip arp

show ip ddnsbinding

show ip dhcp[binding|class|pool|sharednetwork]

show ip dhcp-vendor-options

show ip domain-name

show ip dos [config|stats]

show ip http [secure-server|server]

show ip igmp snooping [mrouter|querier|vlan]

show ip interface [<interface-name>|brief|ge|me1|sa|vlan]

show ip name-server

show ip nat [interfaces|translations]

show ip nat translations [inside|outside|verbose]

show ip nat translations inside [source|destination]

show ip nat translations outside [source|destination]

show ip route [<IP>|<IP-prefix-len>|detail]

show ip routing

show ip ssh

show ip telnet

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

Parameters

access-group

Displays the ACLs attached to an interface

[<interface-name>

|all|ge|me1|role|sa|>

|vlan <1-4094>]

•

<interface-name> – Enter the name of the interface to which

the ACL is associated. access-group lists the details of the

ACLs configured on the particular Layer 3 or Layer 2

interface.

•

vlan <1-4094> – Enter the name of the VLAN interface to

which the ACL is associated

•

all – Display ACLs attached on all interfaces

ge <1-4> – Gigabit Ethernet interface

me1– FastEthernet interface

role <role-name> – Specify role name

sa <1-4> – Static Aggregate interface

arp

Displays existing entries in the Address Resolution Protocol (ARP)

table

ddns binding

Displays the DDNS configuration

•

binding – DNS address bindings

dhcp [binding|class|pool

|sharednetwork]

Displays the DHCP server configuration

•

binding manual – DNS address bindings

manual – Static DHCP Address Bindings class – Configures

the DHCP server class

•

pool – DHCP pool designation

sharednetwork – Shared network information

dhcp-vendor-options

domain-name

DHCP Option 43 parameters received from DHCP server

Displays domain name information

dos [config|stats]

Denial of Service configuration

•

config – Displays ip dos configuration

stats – Displays ip dos stats

http

Hyper Text Transfer Protocol (HTTP)

[secure-server|server]

•

secure-server – Secure HTTP server

server – HTTP server

interface

Use the show ip interface command to display the administrative

[<interface-name>|brief|ge and operational status of all Layer-3 interfaces or a specified

|me1|sa|

vlan]

Layer-3 interface.

•

<interface-name> – Interface name

brief – Brief summary of the IP status and its configuration

vlan <1-4094> – VLAN Interface

ge <1-4>– GigabitEthernet interface

me1– FastEthernet interface

sa <1-4> – Static Aggregate interface

igmp snooping

Displays Internet Group Management Protocol

[mrouter|querier|vlan]

•

snooping – IGMP Snooping

•

mrouter – Displays Multicast Router

querier – Configure IGMP querier

vlan [ <1-4094>|<vlan-list>] – Identify the vlan to use

name-server

Displays static and dynamic name-server entries

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

nat [interfaces|translations] Displays Network Address Translation

•

interfaces – Displays NAT Configuration on interfaces

translations [inside|outside|verbose] – Displays NAT

translations

•

inside [source|destination]– Inside

outside [source|destination] – Outside

•

source – Displays Source

destination – Displays Destination

verbose – Displays NAT Translations in real-time

•

route [<IP>|<IP/Mask>

|detail]

Display IP routing table entries

•

<IP> – Network in the IP routing table

<IP/Mask> – Number of valid bits in the network prefix IP

prefix <network>/<length>, e.g., 35.0.0.0/8

detail – Displays the IP routing table in detail

•

routing

ssh

IP routing status

Secured Shell (SSH) server

Telnet server

telnet

Usage Guidelines

1. The interface and VLAN status is displayed as UP regardless of a disconnection. In such a case,

shutdown the VLAN.

a. Check the status of an interface and VLAN using:

RFController(config)#show ip interface brief

Interface

vlan1

IP-Address

157.235.208.69(DHCP) up

unassigned up

Status

Protocol

vlan3

RFController(config)#

If the status of the VLAN is UP, shutdown the VLAN associated with eth1 using:

RFController(config-if)#show ip interface vlan 3 brief

Interface

vlan3

IP-Address

unassigned

Status

Protocol

RFController(config-if)#shutdown

b. Check the status. Note that the VLAN has now been disassociated and the status is

DOWN.

RFController(config)#show ip interface brief

Interface

vlan1

IP-Address

157.235.208.69(DHCP) up

unassigned

Status

Protocol

vlan3

administratively down down

RFController(config)#

2. The above example could also occur when a DHCP interface is disconnected. DHCP is not

effected though, because it runs on a virtual interface and not on a physical interface. In this

case, it is the physical interface that is disconnected not the virtual interface. When the

ethernet interface comes back up, it will restart the DHCP client on any virtual interfaces (SVIs)

of which the physical interface is a member port. This ensures if the interface was

disconnected and reconnected to a different interface, it obtains a new IP address, route,

name server, domain name etc.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

Example

RFController(config)#show ip access-group ge 3

Interface ge3

Inbound IP Access List :

RFController(config)#show ip access-group vlan 1

Interface vlan1

Inbound IP Access List :

RFController#show ip dhcp binding

MAC/Client-Id

-------------

Type

----

Expiry Time

-----------

RFController(config)#show ip dhcp class

ip dhcp class TestClass2

option user-class MC900

ip dhcp class ImportantClass

ip dhcp class ClassNameTest

option user-class UserClassTest

ip dhcp class TestDHCPclass

ip dhcp class Add-DHCP-class1

ip dhcp class MonarchDHCPclas

option user-class MC9000

ip dhcp class RFControllerDHCPclass

option user-class MC800

RFController(config)#

RFController#show ip dhcp pool

ip dhcp pool pl

ip dhcp pool pool1

domain-name test.com

bootfile 123

network 10.10.10.0/24

address range 10.10.10.2 10.10.10.30

ip dhcp pool poo110

next-server 1.1.1.1

netbios-node-type b-node

RFController#show ip dhcp-vendor-options

Server Info:

Firmware Image File:

Config File:

Cluster Config File:

RFController#show ip domain-name

IP domain-lookup : Enable

Domain Name : brocade.com

RFController#show ip http server

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

HTTP server: Running

Config status: Enabled

RFController#show ip http secure-server

HTTP secure server: Running

Config status: Enabled

Trustpoint: default-trustpoint

RFController#show ip interface brief

Interface

me1

vlan1

vlan11

vlan2

wan

IP-Address/Mask Status Protocol

10.1.1.100/24

192.168.1.1/24

192.168.11.1/24

down

64.171.249.249/24 up

166.129.246.245/32 up

RFController#

RFController#show ip interface vlan 1 brief

Interface

vlan1

IP-Address

157.235.208.233 (DHCP)up up

Status

Protocol

RFController#show ip name-server

157.235.3.195

157.235.3.196

dynamic

RFController#show ip routing

IP routing is on

RFController(config)#show ip route detail

Codes: K - kernel/icmp, C - connected, S - static, D - DHCP

> - Active route, - Next-hop in FIB, p - stale info

1.1.0.0/16 [1/0] via 1.1.1.1 inactive

1.1.1.0/24 [1/0] via 1.1.1.2 inactive

10.0.0.0/8 [1/0] via 10.10.10.10 inactive

157.235.208.0/24 [1/0] via 157.235.208.246 inactive

RFController#show ip ssh

SSH server: enabled

Status: running

Keypair name: default_ssh_rsa_key

Port: 22

RFController#show ip telnet

Telnet server: enabled

Status: running

Port: 23

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

ldap

Common to all modes

Displays LDAP information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show ldap configuration [primary|secondary]

Parameters

ldap configuration

Displays LDAP information.

[primary|secondary]

•

Configuration [primary|secondary] – Sets the LDAP

configuration server parameters

•

primary – Defines the Primary LDAP server

secondary – Defines the Secondary LDAP server

Example

RFController(config-radsrv)#show ldap configuration

LDAP Server Config Details

Primary LDAP Server configuration

IP Address

Port

: 10.10.10.1

: 369

(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})

Bind DN

Base DN

Password

: cn=kumar,ou=brocade,dc=activedirectory,dc=com

: ou=brocade,dc=activedirectory,dc=com

: 0 brocade@123

Password Attribute

Group Name : cn

Group Membership Filter: (&(objectClass=group)(member=%{Ldap-UserDn}))

: UserPassword

Group Member Attr

Net timeout

: radiusGroupName

: 1 second(s)

Secondary LDAP

IP Address

Port

: 10.10.10.5

: 369

(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})

Bind DN

Base DN

Password

: cn=kumar,ou=brocade,dc=activedirectory,dc=com

: ou=brocade,dc=activedirectory,dc=com

: 0 brocade@123

Password Attribute

Group Name : cn

Group Membership Filter: (&(objectClass=group)(member=%{Ldap-UserDn}))

: UserPassword

Group Member Attr

Net timeout

: radiusGroupName

: 1 second(s)

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

licenses

Common to all modes

Displays the different licenses installed on the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show licenses

Parameters

None

Example

RFController(config)#show licenses

feature usage license string

license value usage

2FFD7fE9 CD016155 14A92C70 48 1

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

logging

Common to all modes

Displays logging status and other information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show logging

Parameters

None

Example

RFController(config)#show logging

Logging module: enabled

Aggregation time: disabled

Console logging: level debugging

Buffered logging: level informational

Syslog logging: level debugging

Facility: local7

Logging to: 157.235.203.37

Logging to: 10.0.0.2

Log Buffer (6520 bytes):

Sep 14 19:11:59 2010: %DAEMON-6-INFO: radiusd[4643]: Ready to process

requests.

Sep 14 19:11:58 2010: %PM-5-PROCSTOP: Process "radiusd" has been stopped

Sep 14 18:51:14 2010: %CC-5-RADIOADOPTED: 11a radio on AP 00-A0-F8-BF-8A-A2

adopted

Sep 14 18:51:14 2010: %CC-5-RADIOADOPTED: 11bg radio on AP 00-A0-F8-BF-8A-A2

adopted

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

mac

Common to all modes

Shows all MAC information with respect to groups and access lists

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show mac [access-list|access-group]

show mac access-group [<interface>|all|ge <1-4>|

me1|sa <1-4>|vlan <1-4094>]

Parameters

mac [access-list

access-group]

Displays MAC information

•

access-list – Displays existing MAC access lists

access-group [<Interface>|all|ge <1-4>|

me1|sa <1-4>|vlan<1-4094>] – Displays MACs access

control lists (ACLs) attached the specified interface where:

•

<interface> – Name of the interface

all interfaces

ge <1-4> – The specified Gigabit interface

me1 – The fast ethernet interface

sa <1-4> – The specified Static Aggregate interface

vlan <1-4094> – VLAN

•

<1-4094> – Displays VID

Example

RFController(config)#show mac access-list

RFController(config)#show mac access-group all

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

mac-address-table

Common to all modes

Displays the MAC address table entries

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show mac-address-table

Parameters

None

Example

RFController(config)#show mac-address-table

Bridge

VLAN Port

Mac

Fwd

------------ ---- ------------ -------------- ---

10 ge1

00a0.f865.ea8f 1

0015.7038.0653 1

0015.7014.fec4 1

0015.7041.9f7f 1

RFController(config)

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

management

Common to all modes

Displays the L3 management interface name

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show management

Parameters

None

Example

RFController>show management

Mgmt Interface: vlan1

Management access permitted via any vlan interface

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

mobility

Common to all modes

Displays the mobility parameters

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show mobility [event-log|forwarding|global|

wireless-client|peer|statistics]

show mobility event-log [wireless-client|peer]

show mobility forwarding <MAC>

show mobility wireless-client [MAC>|detail]

show mobility peer [<IP>|detail]

show mobility statistics <MAC>

Parameters

event-log[

Displays mobility event logs

wireless-client|peer]

•

wireless-client – Client event logs

peer – Peer event logs

forwarding <MAC>

global

Displays and defines wireless clients in the forwarding plane

•

<MAC> – MAC address of the wireless client

Displays and defines global mobility parameters

wireless-client [<MAC>|

detail]

wireless clients in the mobility database

•

<MAC> – MAC address of the wireless client

detail – Displays detailed information

peer [<IP>|detail]

statistics <MAC>

Mobility peers

•

<IP> – IP address of Peer

detail – Displays detailed peer information

Mobility statistics

•

<MAC> – MAC address of the wireless client

Example

RFController(config)#show mobility ?

event-log Event Log

forwarding Wireless-client information in the forwarding plane

global

wireless-client Wireless-clients in the Mobility Database

peer Mobility peers

Global Mobility parameters

statistics Wireless-client Statistics

RFController(config)#show mobility event-log wireless-client

Time

HS-IP

Event

CS-IP

Evt-Src-IP

CLIENT-Mac

CLIENT-IP

09/14 19:17:52 IP-UPD-CLIENT n/a

00-0f-3d-e9-a6-54

157.235.208.134 157.235.208.16 157.235.208.16

09/14 19:17:51 ADD-CLIENT

n/a

00-0f-3d-e9-a6-54 0.0.0.0

157.235.208.16 157.235.208.16

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

09/14 19:17:51 DEL-CLIENT

157.235.208.16 157.235.208.16

09/14 19:17:50 ADD-CLIENT

157.235.208.16 157.235.208.16

n/a

00-0f-3d-e9-a6-54 0.0.0.0

RFController>show mobility forwarding

Mobility Forwarding-plane Information

State: HS : Home-controller

CS : Current-controller

!HS: Not Home-controller !CS: Not Current-controller

Mac-Address

IP-Address

State HS-Vlan Tunnel

RFController>

RFController>show mobility global

Mobility Global Parameters

Admin Status

Operational-Status

Local Address

: DISABLED

: DISABLED (Admin-status is DISABLED)

: 10.10.10.2 (mgmt-vlan)

: 58788

Port Number

Max Roam Period

Number of Peers

Number of Clients

: 5 sec

: 0 (established=0)

: 0 (Home=0, Foreign=0, Delete-pend=0)

L3-Mobility enabled WLANs

RFController>

: NONE

RFController(config)#show mobility wireless-client detail

HOME CLIENT Database: Total=1

CLIENT MAC-Address: 00-0f-3d-e9-a6-54, IP-Address: 157.235.208.134,

SSID=wios_rad_test1

Home-Controller: 157.235.208.16, Current-Controller: 157.235.208.16,

HS-VLAN=1

Foreign CLIENT Database: Total=0

RFController(config)#show mobility peer detail

Mobility Peers: Total=1, Established=0

Peer: 1.1.1.1, State: PASSIVE-CONNECTING

Join-Sent : 0

Rehome-Sent: 0

Num-flaps : 0

Join-Rcvd : 0

Rehome-Rcvd: 0

Connect-retries: 0 Peer-Uptime: 0 days, 00:00:00

Leave-Sent : 0

L3roam-Sent: 0

Leave-Rcvd : 0

L3roam-Rcvd: 0

RFController(config)#show mobility statistics

CLIENT <00-0f-3d-e9-a6-54> Mob-State HS_AND_CS

-----------------------------------------------

Inter-

face

|Rx

|Tx

Error

|unicast MC

Error

|unicast MC

wlan_port

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

ntp

Common to all modes

Displays NTP protocol information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show ntp [association|status]

Parameters

ntp [association

detail|status]

Displays the Network Time Protocol (NTP) configuration

•

association detail – Displays existing NTP associations

detail – Displays NTP association details

status – Displays NTP status

•

Example

RFController>show ntp associations

address ref clock st when poll reach delay offset disp

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

RFController>

RFController>show ntp status

Clock is synchronized, stratum 0, actual frequency is 0.0000 Hz, precision is

2**0

reference time is 00000000.00000000 (Feb 07 06:28:16 UTC 2036)

clock offset is 0.000 msec, root delay is 0.000 msec

root dispersion is 0.000 msec,

RFController>

RFController(config)#show ntp associations detail

157.235.208.105 configured, sane, valid, leap_sub, stratum 16

ref ID INIT, time 00000000.00000000 (Feb 07 06:28:16 UTC 2036)

our mode client, peer mode unspec, our poll intvl 6, peer poll intvl 10

root delay 0.00 msec, root disp 0.00, reach 000,

delay 0.00 msec, offset 0.0000 msec, dispersion 0.00

precision 2**-20,

org time 00000000.00000000 (Feb 07 06:28:16 UTC 2036)

rcv time 00000000.00000000 (Feb 07 06:28:16 UTC 2036)

xmt time c8b42a7e.6eb04252 (Sep 14 19:22:38 UTC 2010)

filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

RFController>show ntp status

Clock is synchronized, stratum 0, actual frequency is 0.0000 Hz, precision is

2^0

reference time is 00000000.00000000 (Feb 07 06:28:16 UTC 2036)

clock offset is 0.000 msec, root delay is 0.000 msec

root dispersion is 0.000 msec,

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

port-channel

Common to all modes

Displays port-channel load-balance information

•

Mobility RFS7000 Controller

Mobility RFS4000 Controller

NOTE

This command is not supported on the Mobility RFS6000 Controller.

Syntax

show port-channel load-balance

Parameters

load-balance

Displays the existing load balancing configuration

Example

RFController>show port-channel load-balance

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

power

Common to all modes

Displays the power configuration and status for the Mobility RFS6000 Controller controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

NOTE

This command is not supported on the Mobility RFS7000 Controller.

Syntax

show power [configuration|status]

Parameters

configuration

status

Displays configuration of power over ethernet

Displays status of power over ethernet

Example

RFController(config)#show power configuration

Power usage trap at 80% of max power (148 of 185 Watts)

port Priority Power limit Enabled

ge1 high

ge2 high

ge3 high

ge4 high

ge5 high

ge6 high

ge7 high

ge8 high

29.7W

yes

POE firmware version 01f6 build 4

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

privilege

Common to all modes

Displays the privileges of the current user

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show privilege

Parameters

None

Example

RFController>show privilege

Current user privilege: superuser

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

radius

Common to all modes

Displays RADIUS status and information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show radius [configuration|eap configuration|group|

nas A.B.C.D/M|proxy|rad-user|trust-point]

Parameters

radius [configuration|

eap configuration group|

nas <IP/Mask>|proxy|

rad-user|trust-point]

Displays RADIUS configuration commands

•

configuration – RADIUS server configuration parameters

eap configuration – Displays and defines the EAP

configuration

•

group – Displays the RADIUS group configuration

nas <IP/Mask> – Defines a client IP address and mask

proxy – Lists proxy information

rad-user <user-name> – Displays RADIUS user information

•

user-name - Displays existing user name in the local

RADIUS database.

•

trust-point – Defines the RADIUS trust-point configuration

Example

RFController(config)#show radius proxy

Proxy Details

_____________

Proxy retry delay : 6 seconds

Proxy retry count : 4

Proxy Realm Details

___________________

Realm : brocade.com

IP Address : 10.10.10.5

Port

: 1812

Shared secret : 0 secret123

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

redundancy dynamic-ap-load-balance

Common to all modes

Displays the configuration for the Dynamic AP Load Balancing feature

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show redundancy dynamic-ap-load-balance config

Parameters

Example

config

Displays configuration details for dynamic AP load balance

RFController(config)#show redundancy dynamic-ap-load-balance config

Dynamic AP Load Balance Configuration:

Load balance

: Enabled

Load balance trigger : Schedule

Dynamic AP Load Balance Schedule:

Schedule first-time : Sun Jun 1 00:00:00 2008

Schedule interval : 1 day(s)

Per AP CLIENT Threshold : 32

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

redundancy group

Common to all modes

This command displays the controller’s IP address, number of active neighbors, group license,

installed license, cluster AP adoption count, controller adoption count, hold time, discovery time,

heartbeat interval, cluster id and controller mode.

In a cluster, this command displays the redundancy runtime and configuration of the

“self-controller”. Use configto view only configuration information and/or runtimeparameters.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show redundancy group [config|runtime]

Parameters

redundancy group

[config | runtime]

Displays redundancy runtime and configuration details.

•

config – Displays configured redundancy group information

runtime – Displays runtime redundancy group information

Example

RFController(config)#show redundancy group

Redundancy Group Configuration Detail

Redundancy Feature

Redundancy group ID

Redundancy Mode

: Disabled

: 1

: Primary

: 0.0.0.0

Redundancy Interface IP

Number of configured peer(s)

: 0

Heartbeat-period

Hold-period

Discovery-period

Handle STP

: 5 Seconds

: 15 Seconds

: 30 Seconds

: Disabled

Controller Installed License

Controller running image version

: 48

: 4.02.0

Auto-revert-period

Auto-revert Feature

DHCP-Server Redundancy

: 5 mins

: Disabled

Redundancy Group Runtime Information

Redundancy Protocol Version

Redundancy Group License

Cluster AP Adoption Count

Controller AP Adoption Count

: 2.0

: 0

: Not Applicable

: Disabled

Redundancy State

Radio Portals adopted by Group

: Not Applicable

Radio Portals adopted by this Controller : Not Applicable

Rogue APs detected in this Group : Not Applicable

Rogue APs detected by this Controller : Not Applicable

Clients associated in this Group

Clients associated in this Controller

: Not Applicable

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

Selfhealing RPs in this Group

Selfhealing APs in this Controller

Group maximum AP adoption capacity : Not Applicable

: Not Applicable

Controller Adoption capacity

Established Peer(s) Count

: Not Applicable

Redundancy Group Connectivity status : Not Applicable

DHCP Server in group

: Not Applicable

RFController(config)#

RFController(config)#show redundancy group config

Redundancy Group Configuration Detail

Redundancy Feature

Redundancy group ID

Redundancy Mode

: Disabled

: 1

: Primary

: 0.0.0.0

Redundancy Interface IP

Number of configured peer(s)

: 0

Heartbeat-period

Hold-period

Discovery-period

Handle STP

: 5 Seconds

: 15 Seconds

: 30 Seconds

: Disabled

Controller Installed License

Controller running image version

: 48

: 4.02.0

Auto-revert-period

Auto-revert Feature

DHCP-Server Redundancy

: 5 mins

: Disabled

RFController(config)#

RFController(config)#show redundancy group runtime

Redundancy Group Runtime Information

Redundancy Protocol Version

Redundancy Group License

Cluster AP Adoption Count

Controller AP Adoption Count

: 2.0

: 0

: Not Applicable

Redundancy State

: Disabled

Radio Portals adopted by Group

: Not Applicable

Radio Portals adopted by this Controller : Not Applicable

Rogue APs detected in this Group : Not Applicable

Rogue APs detected by this Controller : Not Applicable

Clients associated in this Group

Clients associated in this Controller

: Not Applicable

Selfhealing RPs in this Group

Selfhealing APs in this Controller

: Not Applicable

Group maximum AP adoption capacity : Not Applicable

Controller Adoption capacity

Established Peer(s) Count

: Not Applicable

Redundancy Group Connectivity status : Not Applicable

DHCP Server in group

: Not Applicable

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

redundancy history

Common to all modes

Displays the controller state transition history

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show redundancy history

Parameters

None

Example

RFController>show redundancy history

State Transition History

Time

Event Triggered

state

---------------------------------------------------------

Sat Oct 06 12:07:55 Redundancy Enabled

Sat Oct 06 12.07.56 Startup Done

Startup

Discovery

Sat Oct 06 12:08:26 Discovery Done

Sat Oct 06 22:10:10 Redundancy Disabled

Active

Startup

RFController>show

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

redundancy members

Common to all modes

Displays the member controllers in the cluster. The user can provide the IP addressof the

controller in cluster whose information alone is needed.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show redundancy members [<IP>|brief]

Parameters

Example

redundancy members

[<IP>|brief]

Displays member controllers in the cluster

•

<IP>– Displays the IP addresses of member controllers

brief – Displays members in brief

RFController(config)#show redundancy members brief

Member ID (Self)

Member State

: 10.10.10.10

: Not Applicable

Member ID

: 10.10.10.1

Member State

: Peer Configured

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

rtls

Common to all modes

Displays the Real Time Locating System status and information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show rtls [aeroscout|espi|filter|ekahau|

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

Parameters

rtls [aeroscout|espi|filter|

ekahau|

reference-tags|

Displays the Real Time Locating System status and information.

•

aeroscout – Displays aeroscout configurations

espi [adapter|ecspecs|subscriber|tags] – Displays ESPI

configuration

rfid|site|sole|tags|zone]

•

adapter [active|ale-tcp] – Displays Adapter

Configuration

•

active – Displays adapters that are currently active

ale-tcp – Displays ale-tcp adapter

ecspecs [<SPECNAME>|active|define|detail|

requested] – Displays ecsspecs configuration

•

<SPECNAME> – Displays name of Ec Specs

active detail – Displays detailed active ECSpecs

status

•

defined detail – Displays defined active ECSpecs

status in detail

•

detail – Show detailed ECSpecs status

requested detail – Displays requested detailed

ECSpecs status

•

subscriber – Displays info for given subscriber's IP

tags subscriber – Displays tags for given subscriber’s IP

filter – Displays RFID tag filters

•

ekahau – Displays ekahau configurations

reference-tags – Displays reference tag configurations

rfid – Displays RFID configuration

site – Displays site configurations

sole – Displays SOLE configurations

zone <1-48> – Displays zone configuration

rtls tags [<tag-id>|

aeroscout|all|ekahau|g2|

wireless-client|

Displays Tags/Assets (passive, active, wi-fi, uwb) Information

•

<tag-id> – Displays detailed tag information for specific tag

|rfid|uri|zone|]

•

aeroscout – Displays located aeroscout tags

all – Displays all tags

ekahau – Displays located ekahau tags

g2 – Displays located g2 tags

wireless-client – Displays located wireless clients

rfid - Displays located RFID gen2 tags

uri <URI> – Displays RFID tags for given notification URI

zone <1-48> – Display zone configuration

zone [<1-48>|detail]

Displays logical reader statistics

•

<1-48> – Display zone configuration

detail – Displays zone details

Example

RFController(config)#show rtls ?

aeroscout

espi

filter

ekahau

Aeroscout configurations

ESPI Configuration

RFID Tag Filters

Ekahau configurations

reference-tags Reference tag Configurations

rfid

site

sole

RFID Configuration

Site configurations

SOLE configurations

Information

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

zone

Show logical reader statistics

RFController(config)#show rtls

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

smtp-notification

Common to all modes

Displays the set smtp-notification parameters

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show smtp-notification traps

Parameters

Example

traps

Displays trap enable flags

RFController(config)#show smtp-notification traps

------------------------------------------------------------------Gl

obal enable flag for Trap SMTP-Notification Disabled

------------------------------------------------------------------En

able flag status for Individual Trap SMTP-Notification

-------------------------------------------------------------------M

odule Type

Trap Type

Enabled?[Y/N]

-------------------------------------------------------------------s

nmp

coldstart

linkdown

snmp

linkup

snmp

authenticationFail

dhcpIPChanged

tempHigh

nsm

diagnostics

redundancy

tempOver

fanSpeedLow

cpuLoad1Min

cpuLoad5Min

cpuLoad15Min

usedKernelBuffer

ramFree

processMemoryUsage

packetBuffers

ipRouteCache

fileDescriptors

memberUp

memberDown

memberMisConfigured

adoptionExceeded

grpAuthLevelChanged

resourceUp

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

redundancy

misc

resourceDown

lowFsSpace

misc

processMaxRestartsReached

savedConfigModified

serverCertExpired

caCertExpired

misc

periodicHeartbeat

controllerEvent

misc

wireless station

wireless radio

associated

disassociated

deniedAssociationOnCapability

deniedAssociationOnShortPream

deniedAssociationOnSpectrum

deniedAssociationOnErr

deniedAssociationOnSSID

deniedAssociationOnRates

deniedAssociationOnInvalidWPAWPA2IE

deniedAssociationAsPortCapacityReached N

tkipCounterMeasures

deniedAuthentication

radiusAuthFailed

vlanChanged

adopted

wireless radio

unadopted

wireless radio

detectedRadar

wireless ap-detection externalAPDetected

wireless ap-detection externalAPRemoved

wireless self-healing activated

wireless ids

muExcessiveEvents

radioExcessiveEvents

.......................................................

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

snmp

Common to all modes

Displays SNMP user information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show snmp user [snmpmanager|snmpoperator|snmptrap]

Parameters

snmp user [snmpmanager| Displays SNMP user information

snmpoperator|snmptrap

•

snmpmanager – Shows SNMP manager information

snmpoperator – Shows SNMP operator information

snmptrap – Shows SNMP trap information

Example

RFController>show snmp user snmpmanager

userName access engineId Authentication Encryption

800001848067458b6bd7157745 MD5 DES

snmpmanager rw

RFController>

RFController>show snmp user snmpoperator

userName

access engineId

Authentication Encryption

snmpoperator ro

RFController>

800001848067458b6bd7157745 MD5

DES

RFController>show snmp user snmptrap

userName

snmptrap

access engineId

Authentication Encryption

800001848067458b6bd7157745 MD5

DES

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

snmp-server

Common to all modes

Displays SNMP server information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show snmp-server traps wireless-statistics[mesh|wireless-client|

radio|wireless-controller|wlan]

Parameters

traps wireless-statistics

[mesh|

wireless-client| radio|

wireless-controller|wlan]

Displays existing wireless-stats rate trap enabled flags

•

mesh – Displays existing mesh rate traps

wireless-client – Displays existing wireless client rate traps

radio – Displays existing radio rate traps

wireless-controller – Displays existing wireless controller rate

traps

•

wlan – Displays existing WLAN rate traps

Example

RFController>show snmp-server traps

-------------------------------------------------------------------

Global enable flag for Traps

-------------------------------------------------------------------

Enable flag status for Individual Traps

-------------------------------------------------------------------

Module Type

Trap Type

Enabled?[Y/N]

-------------------------------------------------------------------

snmp

coldstart

linkdown

linkup

authenticationFail

dhcpIPChanged

memberUp

nsm

redundancy

misc

memberDown

memberMisConfigured

adoptionExceeded

grpAuthLevelChanged

lowFsSpace

misc

processMaxRestartsReached

associated

disassociated

deniedAssociationOnCapability

deniedAssociationOnShortPream

deniedAssociationOnSpectrum

deniedAssociationOnErr

deniedAssociationOnSSID

deniedAssociationOnRates

wireless station

deniedAssociationOnInvalidWPAWPA2IE N

deniedAssociationAsPortCapacityReached N

100

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

wireless station

wireless radio

wireless ap-detection externalAPDetected

wireless self-healing activated

wireless ids

misc

tkipCounterMeasures

deniedAuthentication

radiusAuthFailed

adopted

unadopted

detectedRadar

excessiveAuthAssociation

excessiveProbes

savedConfigModified

RFController>

RFController>show snmp-server traps wireless-statistics wireless-client

pktsps-greater-than

tput-greater-than

disabled

avg-bit-speed-less-than

avg-signal-less-than

nu-percent-greater-than

gave-up-percent-greater-than

avg-retry-greater-than

undecrypt-percent-greater-than disabled

RFController>

RFController>show snmp-server traps wireless-statistics radio

pktsps-greater-than

tput-greater-than

avg-bit-speed-less-than

avg-signal-less-than

disabled

nu-percent-greater-than

gave-up-percent-greater-than

avg-retry-greater-than

undecrypt-percent-greater-than

num-stations-greater-than

RFController>

disabled

RFController>show snmp-server traps wireless-statistics wireless-controller

pktsps-greater-than

tput-greater-than

num-stations-greater-than

RFController>

disabled

RFController>show snmp-server traps wireless-statistics wlan

pktsps-greater-than

tput-greater-than

avg-bit-speed-less-than

avg-signal-less-than

disabled

nu-percent-greater-than

gave-up-percent-greater-than

avg-retry-greater-than

undecrypt-percent-greater-than

num-stations-greater-than

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

101

Download from Www.Somanuals.com. All Manuals Search And Download.

show

spanning-tree

Common to all modes

Displays Spanning Tree information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show spanning-tree mst [config|detail|instance]

show spanning-tree mst detail interface

[<interface-name>|ge|me1|sa|vlan <1-4094>]

show spanning-tree mst instance <1-15> interface

<IF NAME>||vlan <1-4094>}]

Parameters

config

Displays MST configuration information

Displays detailed interface information

detail interface

[<interface-name>|

ge <1-4>|me1|sa<1-4>|

vlan <1-4094>]

•

<interface-name>– Displays the interface name

ge <1-4> – GigabitEthernet interface

me1 – FastEthernet interface

sa <1-4> – Static Aggregate interface

vlan (1-4094> – Defines the VLAN interface

instance <1-15>

Displays instance information

[<interface-name>|

ge<1-4>|me1|sa<1-4>|

vlan <1-4094>]

•

<interface-name> – Displays the interface name

vlan <1-4094> – Defines the VLAN interface

ge <1-4> – GigabitEthernet interface

me1 – FastEthernet interface

sa <1-4> – StaticAggregate interface

Example

RFController(config)#show spanning-tree mst config

% MSTP Configuration Information for bridge 1 :

%------------------------------------------------------

% Format Id

% Name

: 0

: My Name

% Revision Level : 0

% Digest

: 0xAC36177F50283CD4B83821D8AB26DE62

%------------------------------------------------------

RFController(config)#

RFController(config)#show spanning-tree mst detail interface ge 2

% Bridge up - Spanning Tree Enabled

% CIST Root Path Cost 0 - CIST Root Port 0 - CIST Bridge Priority 32768

% Forward Delay 15 - Hello Time 2 - Max Age 20 - Max-hops 20

% 1: CIST Root Id 800000157037fabf

% 1: CIST Reg Root Id 800000157037fabf

% 1: CST Bridge Id 800000157037fabf

% portfast bpdu-filter disabled

102

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

% portfast bpdu-guard disabled

% portfast errdisable timeout disabled

% portfast errdisable timeout interval 300 sec

% cisco interoperability configured - Current cisco interoperability off

% ge2: Port 2002 - Id 87d2 - Role Disabled - State Discarding

ge2: Designated External Path Cost 0 -Internal Path Cost 0

ge2: Configured Path Cost 20000000 - Add type Explicit ref count 1

ge2: Designated Port Id 0 - CST Priority 128 -

ge2: CIST Root 0000000000000000

ge2: Regional Root 0000000000000000

ge2: Designated Bridge 0000000000000000

ge2: Message Age 0 - Max Age 0

ge2: CIST Hello Time 0 - Forward Delay 0

ge2: CIST Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0

ge2: Version Multiple Spanning Tree Protocol - Received None - Send STP

ge2: No portfast configured - Current portfast off

ge2: portfast bpdu-guard default - Current portfast bpdu-guard off

ge2: portfast bpdu-filter default - Current portfast bpdu-filter off

ge2: no root guard configured

- Current root guard off

ge2: Configured Link Type point-to-point - Current shared

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

103

Download from Www.Somanuals.com. All Manuals Search And Download.

show

static-channel-group

Common to all modes

Displays the members of the static channel groups

Supported in the following platforms:

•

Mobility RFS7000 Controller

Mobility RFS4000 Controller

NOTE

This command is not supported on the Mobility RFS6000 Controller

Syntax

show static-channel-group

Parameters

None

Example

RFController(config)#show static-channel-group

RFController(config)#

104

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

terminal

Common to all modes

Displays the terminal information for the device

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show terminal

Parameters

None

Example

RFController>show terminal

Terminal Type: vt102

Length: 44

Width: 125

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

105

Download from Www.Somanuals.com. All Manuals Search And Download.

show

timezone

Common to all modes

Displays the timezone set on the device

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show timezone

Parameters

None

Example

RFController>show timezone

Timezone is Etc/UTC

RFController>

106

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

traffic-shape

Common to all modes

Displays traffic shaping parameters

Supported in the following platforms:

•

Mobility RFS7000 Controller

Mobility RFS4000 Controller

NOTE

This command is not supported on the Mobility RFS6000 Controller

Syntax

show traffic-shape [config|priority-map|statistics]

Parameters

[config|

priority-map|

statistics]

•

config class – Displays traffic shaping configuration

statistics class – Displays traffic shaping statistics

•

class <1-4> – Displays traffic shaping class number

priority-map – Displays .1p to transmit priority map

•

Example

RFController(config)#show traffic-shape priority-map

802.1p | Shaping priority

0 | 2

1 | 0

2 | 1

3 | 3

4 | 4

5 | 5

6 | 6

7 | 7

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

107

Download from Www.Somanuals.com. All Manuals Search And Download.

show

users

Common to all modes

Displays a list of users connected to the device

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show users

Parameters

None

Example

RFController>show users

Line PID User Uptime

06:08:11

Location

ttyS0

0 con 0 316 admin

130 vty 0 2308 admin

RFController>

00:35:18

108

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

version

Common to all modes

Displays the current software & hardware version on the device

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show version {verbose}

Parameters

verbose

Displays software and hardware version information

Example

RFController>show version

RFController version 4.3.0.0-046B MIB=01a

Booted from secondary.

Controller uptime is 1 days, 20 hours 53 minutes

RMI XLR V0.4

255476 kB of on-board RAM

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

109

Download from Www.Somanuals.com. All Manuals Search And Download.

show

wireless

Common to all modes

NOTE

The radio-grouprange differs from controller to controller:

Mobility RFS7000 Controller – Supports a range between 0-255

Mobility RFS6000 Controller – Supports a range between 0-64

Mobility RFS4000 Controller – Supports a range between 1-6

Displays the wireless configuration parameters and information

Syntax

show wireless [aap-version|ap|ap-containment|

ap-detection-config|ap-images|ap-radio-config|

ap-unadopted||authorized-aps|

multicast-packet-limit|

non-preferred-ap-attempts-threshold|phrase-to-key|

qos-mapping|radio|radio-group|regulatory|self-heal-config

wireless-controller-statistics|wlan]

show wireless aap-version

show wireless ap[<LIST>|config [<1-1024>|<MAC>]

show wireless ap-containment [config|table]

show wireless ap-detection-config

show wireless ap-images

show wireless ap-unadopted

show wireless ap-radio-config <MAC>

show wireless approved-aps

show wireless authorized-aps

show wireless channel-power [11a|11b|11bg] [indoor|outdoor]

show wireless client [exclude-list|include-list]

show wireless config

show wireless country-code-list

show wireless default-ap

show wireless hotspot query

show wireless hotspot-config <1-32>

show wireless ids [filter-list|configured-bad-essids

|configure-ap-def-essids|fake-ap-flood threshold|

suspicious ap signal-strength-threshold]

show wireless ignored-aps

show wireless known {ap statistics {<1-1024>}}

show wireless mac-auth-local {<1-1000>}

show wireless mesh statistics {<1-32> {detail}}

show wireless mobile-unit

{[<1-8192>|<MAC>|association-history|association-stats|probe-history|radio|

roaming|statistics|voice|wlan]}

show wireless mobile-unit [<1-8192>|<MAC>|association-stats]

show wireless mobile-unit association-history {<MAC>}

show wireless mobile-unit probe-history [<1-200>|config-list]

show wireless mobile-unit radio <1-4096>

show wireless mobile-unit roaming database

show wireless mobile-unit statistics [<1-4096>|<MAC> {detail}|summary|voice

[<1-4096>|<mac>]]

show wireless mobile-unit voice

show wireless mobile-unit vlan <1-256>

110

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

show wireless multicast-packet-limit

show wireless phrase-to-key [wep64|wep128] <pass-phrase>

show wireless qos-mapping {[wired-to-wireless|

wireless-to-wired]}

show wireless radio

{[<1-4096>|admission-control|all|beacon-table|config|monitor-table|statistics

|unadopted|

uptime|voice]}

show wireless radio

{[<1-4096>|all|beacon-table|monitor-table|unadopted|uptime]}

show wireless radio admission-control voice {<1-4096>}

show wireless radio config {[<1-4096>|default-11a|default-11an|

default-11b|default-11bg|default-11bgn]}

show wireless radio statistics {[<1-4096> {detail}|

long-interval|short-interval|voice {[<1-4096>|long-interval|

short-interval]}}

show wireless radio voice {<1-4096>}

show wireless radio-group {<1-256>}

show wireless regulatory <country code>

show wireless self-heal-config {[<1-4096>|all]}

show wireless sensor {[<1-48>|default-config]}

show wireless smart-rf [calibration-status|configuration|

history|radio]

show wireless smart-rf radio [config|local-status|map|

master-status|neighbors|spectrum] {<1-4096>|<MAC>|

all-11a|all-llbg]}

show wireless unapproved-aps

show wireless unauthorized-aps

show wireless wireless-controller-statistics {detail}

show wireless wlan [config {[<1-256>|all|enabled]}|statistics {<1-256>

{detail}}]

show wireless wips [configured-ap-def-essids|

configured-bad-essids|fake-ap-flood|filter-list| suspicious-ap]

Parameters

aap-version

Displays the minimum adaptive firmware version string

Status of the adopted access point

ap [<1-48>|<MAC>|

config [<1-48>|<MAC>]]

•

<1-48> – Defines the index of the access point

<MAC> – Sets the MAC address of a access point

config [<1-1024>|<MAC>] – Status of the configured access

point

•

<1-1024> – AP index from the “show wireless ap”

command

•

<MAC> – MAC address of the ap

ap-containment

[config|table]

Rogue AP containment

•

config – Rogue AP Containment Parameters

table – Rogue AP Containment table

ap-detection-config

ap-images

Detected AP configuration parameters

Displays the access point images on the controller

Lists unadopted access points

ap-unadopted

approved-aps

Displays approved APs detected by access point scans

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

111

Download from Www.Somanuals.com. All Manuals Search And Download.

show

channel-power

Lists the channels and power levels available for a radio

[11a|11b|11bg]

[indoor|outdoor]

•

11a – Defines the radio as 802.11a

11b – Defines the radio as 802.11b

11bg – Defines the radio as 802.11bg

These options are available for all the above radio types:

•

indoor – Radio is placed indoors

outdoor – Radio is placed outdoors

client

Wireless client configuration

[exclude-list|include-list]

•

exclude-list – Sets the exclude list configuration

include-list – Sets the include list configuration

config

Displays wireless configuration information

country-code-list

Displays the list of supported country names and their 2 letter IS0

3166 codes

default-ap

Displays default access-point information

hotspot query

Displays hotspot query string configuration

WLAN hotspot configuration for specified index

Displays intrusion detection configuration parameters

hotspot-config <1-256>

ids

[configured-bad-essids|

filter-list]

•

configured-bad-essids – Displays a list of configured bad

essids

•

filter-list – Displays the list of currently filtered wireless clients

known {ap statistics

Displays known AP parameters.

{<1-1024>}}

•

ap – Optional. Defines a known AP index <1-1024>

statistics – Optional. Displays known adaptive AP stats

•

<1-1024> – Optional. Displays adaptive ap statistics for

known adaptive APs between 1-1024

mac-auth-local

Displays mac-auth-local entries for index <1-1000>.

{<1-1000>}

mesh statistics {<1-32>

Displays mesh related parameters

{detail}}

•

statistics – Displays mesh statistics

<1-32> – Optional. Defines the mesh index

detail – Optional Displays detailed mesh statistics

112

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

wireless-client

Displays the parameters of associated wireless clients. All

{[<1-8192>|<MAC>|associ parameters are optional.

ation-history|

•

<1-8192> – Index of wireless client

<MAC> – MAC address of wireless client

association-history {<MAC>}– Displays the association history

of the wireless clients with the MAC address and its

configured name.

association-stats – Displays Statistics of associations and

reassociations

probe-history [<1-200>|config-list] – Displays the probe

history of the wireless client with the address and its

configured name

association-stats|probe-hist

ory|radio|roaming|statistics

voice|wlan]}

•

<1-200> – Defines index to display probe-logging

config-list – Lists probe history MAC addresses

radio <1-4096> – Displays the associated wireless clients for

•

the radio with the MAC address and its configured name.

•

Mobility RFS7000 Controller supports <1-4096> radios

Mobility RFS6000 Controller supports <1-1000> radios

roaming database – Displays the local wireless-client

roaming database.

•

statistics [<1-8192>|<MAC>|summary|voice] – Displays

wireless client RF statistics

•

<1-8192> – Displays Index of wireless-client

<MAC> {detail}– Displays MAC address of

wireless-client. Optionally display detailed information.

summary – Displays RF-Stats summary of all currently

associated wireless-clients

•

voice [<1-4096>|<MAC>] – Displays wireless-client

voice statistics for a radio index or radio MAC address.

•

voice – Displays voice call details

wlan <1-256> – Displays the Clients associated to the

selected wlan

multicast-packet-limit

Displays the multicast-packet-limit

phrase-to-key

Displays the WEP keys generated by a passphrase

[wep128|wep64]

<pass-phrase>

•

wep128 – Displays WEP128 keys

wep64 – Displays WEP64 keys

<pass-phrase> – The passphrase to generate the keys for

qos-mapping {[

wired-to-wireless|

wireless-to-wired]}

Quality of service mappings used for mapping WMM access

categories and 802.1p/DSCP tags

•

wired-to-wireless – Mappings used when traffic is switched

from the wired to the wireless side

•

wireless-to-wired – Mappings used when traffic is switched

from the wireless to the wired side

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

113

Download from Www.Somanuals.com. All Manuals Search And Download.

show

radio {[<1-4096>|

Radio related commands. All parameters are optional.

admission-control|all|

beacon-table|config|

monitor-table|statistics|

unadopted|uptime|voice]}

•

<1-4096> – Defines information on a single radio’s index

admission-control voice {<1-4096>} – Displays summary

information for all radios that have admission control

enabled. Optionally select the radio.

•

all – Displays information about all radios

beacon-table – Displays the radio-to-radio beacon table

config {[<1-4096>|default-11a|default-11an|default-11b|

default-11bg|default-11bgn]} – Displays the selected radio’s

configuration. All parameters are optional.

•

<1-4096> – The radio index

default-11a – Default 11a configuration template

default-11an – Default 11an configuration template

default-11b – Default 11b configuration template

default-11bg – Default 11bg configuration template

default-11bgn – Default-11bgn configuration template

•

monitor-table – Displays the radio-to-radio monitoring table

statistics {[<1-4094>|long-interval|short-interval|voice]} –

Displays a summary of radio statistics. All parameters are

optional.

•

<1-4094> {detail} – Defines a single radio’s index.

Optionally display the details

•

long-interval – last 60 minutes for all adopted radios

short-interval – last 30 seconds for all adopted radios

voice {[<1-4096>|long-interval|short-interval]}–

Displays voice related statistics for the selected option

•

unadopted – Displays a list of unadopted radios

uptime – Displays the uptime of all adopted radios

voice <1-4094> – Displays voice call details

•

<1-4094> – Optional. Defines a single radio’s index

radio-group {<1-256>}

Displays radios in specified group

•

<1-256> – Optional. A single radio index between < 1-256>.

The index range varies based on the controller being used.

regulatory

<country-code>

Regulatory (allowed channel/power) information for a particular

country.

•

<country-code> – Two character country code for each

country

self-heal-config

Sets self healing configuration parameters

{ [<1-4096>|all]}

•

<1-4096> – Optional. Defines a single radio’s index

all – Optional. Defines the self-healing configuration for all

radios

sensor {[<1-48>|

Defines Wireless Intrusion Protection System (WIPS) parameters

default-config]}

•

<1-48> – Specifies the index of a particular sensor to view

detailed information about that sensor

•

default-config – Default configuration parameters for sensors

114

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

smart-rf

Displays smart-rf related management information

[calibration-status|

configuration|

history|radio]

•

calibration-status – Displays smart-rf calibration status

configuration – Displays smart-rf configuration information

history – Displays smart-rf assignment history since last

calibration.

•

radio

m] {[<1-4096>|<MAC>|

all-11a|all-11bg]} – Displays smart-rf radio commands.

•

config – Displays the configuration information

local-status – Displays the local radio status related to

smart rf

•

map – Maps all 11a radios in the configuration

master-status – Displays the radio status from the

master radio list. If no parameter is passed, displays

status for all radios in the master list

•

neighbors – Displays the radio’s neighbor information

spectrum – Displays all 11a radios spectrum

information <1-4096> – The selected radio

<MAC> – The selected radio MAC address

all-11a – All 11a radios

•

all-11bg – All 11bg radios

unapproved-aps

Defines unapproved APs seen by an access point or a wireless

client scan

wireless-controller-statistics Displays wireless-controller statistics

{detail}

•

detail – Optional Displays detailed wireless-controller

statistics

wlan [config|statistics]

Displays wireless LAN parameters. The following information is

displayed:

•

config [<1-256>|all|enabled] – Displays the wireless LAN

configuration information. All parameters optional

•

<1-256> – The selected wlan

all – all wlans in the configuration

enabled – all wlans that are enabled. Configuration

information for disabled wlans are not displayed

•

statistics <1-256> – Displays the wireless LAN statistics for:

•

<1-256> {detail} – The selected wlan. Optionally display

details

wips

Displays wips parameters

[configured-ap-def-essids|

configured-bad-essids|

fake-ap-flood|filter-list|

suspicious-ap]

•

configured-ap-def-essids – Displays the list of configured

default essids

configured-bad-essids – Displays the list of configured bad

essids

fake-ap-flood threshold – Displays fake-ap flood parameter

•

threshold – Fake-AP Flood Threshold

filter-list – Display the list of currently filtered mobile-units

suspicious-ap – Displays suspicious- ap parameters

•

signal-strength-threshold– Displays signal strength

threshold

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

115

Download from Www.Somanuals.com. All Manuals Search And Download.

show

(config-wireless) Executable Mode

Displays the (config- wireless) configuration parameters and information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show wireless ap [LIST|config]

show wireless config [<1-1024>|LIST]

show wireless radio [<1-4096>|admission-control|all|

uptime|voice]}

show wireless wlan [config|statistics]

show wireless wlan config [<1-256>|all|enabled]

show wireless wlan statistics <1-256> detail

Parameters (config-wireless) Executable Mode

show wireless ap

[LIST|config]

Displays wireless LAN parameters. The following information is

displayed:

LIST– MAC address of a single access-port or a list of indices

(e.g.1-4,10) for detailed information

config [<1-1024>|config] – Displays status of configured

access-point

<1-1024> – A single ap index

LIST – Defines MAC Address of a single access point

show wireless radio

[<1-4096>|

Refer show wireless radio configuration parameters given in page

106

admission-control|all|

beacon-table|

config|monitor-table|

statistics|unadopted|

uptime|voice]}

show wireless wlan [config

{all|enabled}| statistics

detail} <1-256>

Configures wireless LAN related parameters

config [<1-256>|all|enabled] – Configures wlan

<1-256> – Displays wlan index

all – Displays all the configured wlans

enabled – Displays only the currently enabled wlans

statistics detail – Displays wlan statistics

detail <1-256> – Displays wlan statistics in detail

<1-256> – Displays wlan index

Example

RFController>show wireless ap

Number of access-points adopted : 0

Available licenses

Clustering enabled

Clustering mode

RFController>

: 0

: N

: primary

116

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

RFController(config)#show wireless ap config 2

ap mac address : 00-A0-F8-BF-89-45

ap adoption-policy: allow

ap name : AP-00-A0-F8-BF-89-45

ap location : AP-00-A0-F8-BF-89-45-Location

ap on-board-radios: 0

ap secure WISPe mode : disable

ap secure WISPe mode staging : disable

ap shared WISPe secret : 0 defaultS

ap country-code : ""

RFController(config)#

RFController>show wireless ap-detection-config

Rogue AP timeout

Approved AP timeout

client-assisted scan

: 300 seconds

: enabled

client-assisted scan refresh : 300 seconds

configured approved-aps :

Index | Bss Mac

| Ssid

-------------------------------------------------------

Adaptive minimum adoption version: 2.0.0.0-000R

RFController>

RFController>show wireless ap-images

Idx ap-type Image-Name Size (bytes) Version

1 ap300 AP300-WISP 325212 00.02-37

2 ap300 AP300-WISPe 319776 01.00-2281r

3 ap300 AP300-IDS-Sensor 350092 00.00-04

RFController>show wireless ap-unadopted

RFController>

RFController>show wireless approved-aps

access-point detection is disabled

RFController>

RFController>show wireless channel-power 11a indoor

Channel Max Power (dBm) Radar Detected

149

153

157

161

165

(5180 MHz) 17

(5200 MHz) 17

(5220 MHz) 17

(5240 MHz) 17

(5745 MHz) 20

(5765 MHz) 20

(5785 MHz) 20

(5805 MHz) 20

(5825 MHz) 20

RFController>

RFController(config)#show wireless ap

Number of access-points adopted : 3

Number of AAPs adopted : 0

Available AP licenses : 45

Available AAP licenses : 0

Redundancy enabled : N

Redundancy mode : active

# MAC

RADIOS[indices] MODEL-NUMBER ADOPTION-MODE STATIC IP

1 00-A0-F8-BF-8A-70 2 [ 3 4 ]

2 00-A0-F8-BF-89-45 2 [ 5 6 ]

RFController(config)#

WSAP-5100-100-WW L2

(vlan:10)

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

117

Download from Www.Somanuals.com. All Manuals Search And Download.

show

RFController(config)#show wireless config

country-code : None

secure-wispe-default-secret default

adoption-pref-id

proxy-arp

: 1

: enabled

adopt-unconf-radio

dot11-shared-key-auth : disabled

ap-detection : disabled

: enabled

manual-wlan-mapping

dhcp sniff state

: disabled

dhcp one portal forward : enabled

dhcp fix broadcast-rsp : disabled

broadcast-tx-speed

wlan bw allocation

smart-channels used

: optimize-for-range

: disabled

smart-channels excluded :

Adaptive ap parameters:

config-apply def-delay : 30 seconds

config-apply mesh-delay: 3 minutes

wired-to-wireless rate limit per user : unlimited

wireless-to-wired rate limit per user : unlimited

user load balance mode : by-count

secure-wispe-default-secret : default

admission control for voice : enabled

cluster-master-support

RFController(config)#

: enabled

RFController(config)#show wireless config

country-code : us

adoption-pref-id : 1

proxy-arp : enabled

adopt-unconf-radio : enabled

dot11-shared-key-auth : disabled

ap-detection : enabled

manual-wlan-mapping : enabled

dhcp sniff state : disabled

dhcp one portal forward : disabled

dhcp fix broadcast-rsp : disabled

broadcast-tx-speed : optimize-for-range

wlan bw allocation : disabled

smart-channels used : 1,6,11,36,40,44,48,52,56,60,64,100,104,

108,112,116,136,140,149,153,157,161,165

smart-channels excluded : 2,3,4,5,7,8,9,10

Adaptive ap parameters:

config-apply def-delay : 30 seconds

config-apply mesh-delay: 180 seconds

user load balance mode : disabled

secure-wispe-default-secret : 0 defaultS

admission control for voice : disabled

cluster-master-support : enabled

nas-id : ""

nas-port-id : ""

wired-to-wireless rate limit per user : unlimited

wireless-to-wired rate limit per user : unlimited

RFController(config)#

RFController>show wireless ids

Detect-window

: 60 seconds

118

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

Violation\Event

Threshold

Filter

Ageout

(Sec) A

Trigger

Excessive Operations :

probe-requests

association-requests 25

disassociations 25

authentication-fails 5

crypto-replay-fails

80211-replay-fails

decryption-fails

unassoc-frames

eap-starts

200

eap-naks

eap-flood

Anomaly Detection:

null-destination

same-source-destination

multicast-source

disabled

enabled

disabled

enabled

disabled

enabled

disabled

enabled

weak-wep-iv

tkip-countermeasures

invalid-frame-length

invalid-8021x-frame

invalid-frame-type

beacon-broadcast-essid

bad-essid-frame

unencrypted-traffic

non-changing-wep-iv

detect-adhoc-networks

deauth-broadcast-smac

invalid-sequence-number

ap-default-ssid

identity-theft

suspicious-ap

authorized-dev-in-adhoc-mode enabled

fake-ap-flood enabled

detect-adhoc-with-controller-ssid enabled

unauthorized-ap-using-controller-ssid enabled 0

RFController#

RFController>show wireless mac-auth-local 50

RFController>

RFController>show wireless wireless-client statistics

wireless-client 1: <00-20-A6-52-5F-83>

WLAN : wlan-1

------ Traffic ---------------------------------------------

Total Rx Tx

30s 1hr 30s 1hr 30s 1hr

Pkts per sec: 1.73 0.00 0.87 0.00 0.87 0.00 pps

Throughput:

0.00 0.00 0.00 0.00 0.00 0.00 Mbps

Avg bit speed: 9.19 0.00 Mbps

% Non-unicast pkts: N/A N/A

------ RF Status--------------------------------------------

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

119

Download from Www.Somanuals.com. All Manuals Search And Download.

show

30s 1hr

Avg wireless-client signal: -78.00 0.00 dBm

Avg wireless-client noise: -94.00 0.00 dBm

-- MORE --, next page: Space, next line: Enter, quit: Control-C

Avg wireless-client SNR(dB): 16.00 0.00

------ Errors-----------------------------------------------

30s 1hr

Avg number of retries: 0.42 0.00

% gave up pkts: 0.00 0.00

% Non-decryptable pkts: 0.00 0.00

RFController(config)#show wireless wireless-client

index MAC-address

radio type wlan vlan/tunnel ready IP-address last active

Posture Status

00-0E-9B-98-F9-34 1 11g 1 vlan 1 Y 192.168.2.45 0 Sec

Number of wireless-clients associated: 1

RFController(config)#

RFController(config)#show wireless wireless-client association-history

CLIENT MAC Radio WLAN Timestamp Event

=============================================================

00-0E-9B-98-F9-34 1

RFController(config)#

1116316

12248923

12250053

4280690527 Unassociation

4280691647 Association

4280716777 Unassociation

4280717937 Association

Association

Unassociation

Association

RFController(config)#show wireless wireless-client radio 1

index MAC-address

radio type wlan vlan/tunnel ready IP-address last active

Posture Status

00-0E-9B-98-F9-34 1 11g 1 vlan 1 Y 192.168.2.45 0 Sec

Listed 1 of a total of 1 wireless-clients

RFController(config)#

RFController(config)#show wireless wlan config 1

#enabled ssid authentication encryption vlan(s) description

TechDoc_02

TechDoc_01

TechDoc_02

none

wep128

none

TechDoc_Test_02

TechDoc_Test_01

WLAN8

----

RFController(config)#

RFController(config)#show wireless wlan config 5

RFController(config)#show wireless wlan config 8

WLAN: 8, status: disabled, description: WLAN8, ssid: TechDoc_02

auth: none, encr: none

inactivity-timeout

hold-time

nas-id

: 1800 seconds

: 5 seconds

: ""

nas-port-id

: ""

vlan

: unlimited users

120

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

query

smart-channels used

: 1,6,11,36,40,44,48,149,153,157,161,165

smart-channels excluded : 2,3,4,5,7,8,9,10

mu-mu-disallow: disabled, secure-beacon: disabled, answer-bcast-ess: enabled,

weight: 1, prioritize-voice: disabled, spectralink-voice-protocol: disabled

multicast mask1: 00-00-00-00-00-00, mask2: 00-00-00-00-00-00

traffic-classification : normal, wmm-mapping: 8021p, L3-mobility: disabled

rate-limit: wired-to-wireless: unlimited wireless-to-wired: unlimited

Client Bridge Backhaul is disabled on this WLAN

This WLAN is an extended WLAN

NAC Mode: none

RFController(config)#

RFController(config-wireless)#show wireless ap

Number of access-ports adopted

Number of AAPs adopted

Available AP licenses

Available AAP licenses

Redundancy enabled

: 0

: N

Redundancy mode

: active

RFController(config-wireless)#

RFController(config-wireless)#show wireless wlan config 9

WLAN: 9, status: disabled, description: WLAN9, ssid: 109

auth: none, encr: none, mfp: none

inactivity-timeout

hold-time

: 1800 seconds

: 5 seconds

nas-id

: ""

nas-port-id

: ""

vlan

: unlimited users

query

smart-channels used

: 1,6,11,36,40,44,48,52,56,60,64,149,153,157,161

smart-channels excluded : 2,3,4,5,7,8,9,10,12,13

mu-mu-disallow: disabled, secure-beacon: disabled, answer-bcast-ess: enabled,

weight: 1, prioritize-voice: disabled, spectralink-voice-protocol: disabled

multicast mask1: 00-00-00-00-00-00, mask2: 00-00-00-00-00-00

traffic-classification : normal, wmm-mapping: 8021p, L3-mobility: disabled

rate-limit: wired-to-wireless: unlimited wireless-to-wired: unlimited

Client Bridge Backhaul is disabled on this WLAN

This WLAN is an extended WLAN

url-logging: disabled

Enforce-Dhcp: disabled

NAC Mode: none

RFController(config)#show wireless wireless-controller-statistics detail

Rates(Mbps) Tx packets Rx Packets

------------------------------------------ ---------- -------

802.11b rates (1, 2, 5.5, 6) 0 0

802.11a/g low rates (9, 11, 12) 0 0

802.11a/g low rates (18, 22, 24) 0 0

Common Commands 2-119

802.11a/g high rates (36, 48, 54) 0 0

802.11n (MCS 0-3) 0 0

802.11n (MCS 4-7) 0 0

802.11n (MCS 8-11) 0 0

802.11n (MCS 12-15) 0 0

Voice:

Rates(Mbps) Tx packets Rx Packets

----------- ---------- ----------

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

121

Download from Www.Somanuals.com. All Manuals Search And Download.

show

1.0

2.0

5.5

6.0

9.0

11.0

12.0

18.0

22.0

24.0

36.0

48.0

54.0

Retry Counts Packets

------------ -------

RFController(config)#

RFController(config)#show wireless radio statistics 3

***** Radio-3 *********************

mobile-units Associated : 0 Voice Prioritized : 0

------ Traffic -------------------------------------------------

Total

---------------- ---------------- --------

30s 1hr 30s 1hr 30s 1hr

Pkts per sec: 0.00 0.00 0.00 0.00

0.00 0.00 pps

Throughput: 0.00 0.00 0.00 0.00

0.00 0.00 Mbps

Avg bit speed: 0.00 0.00 Mbps

% Non-unicast pkts: 0.00 0.00

------ RF Status------------------------------------------------

30s 1hr

Avg mobile-unit signal: 0.00 0.00 dBm

Avg mobile-unit noise: -92.25 -93.50 dBm

Avg mobile-unit SNR(dB): 92.25 93.50

------ Errors---------------------------------------------------

30s 1hr

Avg number of retries: 0.00 0.00

% gave up pkts: 0.00 0.00

% Non-decryptable pkts: 0.00 0.00

------ Voice----------------------------------------------------

30s 1hr

Voice MUs - Avg: 0.00 0.00

Voice MUs - Max: 0.00 0.00

% gave up voice pkts: 0.00 0.00

RFController(config)#show wireless radio statistics 3 detail

Voice

Rates(Mbps) Tx packets Rx Packets Tx packets Rx Packets

122

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

----------- ---------- ---------- ---------- ----------

1.0

2.0

5.5

6.0

9.0

11.0

12.0

18.0

22.0

24.0

36.0

48.0

54.0

Retry Counts Packets

------------ -------

Voice failed : 0

Tx BCMC drops : 0

RFController(config)#

RFController(config)#show wireless wlan statistics 2

mobile-units Associated : 0 Radios active : 6

Voice mobile-units Associated : 0

------ Traffic -------------------------------------------------

Total Rx Tx

---------------- ---------------- --------

30s 1hr 30s 1hr 30s 1hr

Pkts per sec: 0.00 0.00 0.00 0.00

0.00 0.00 pps

Throughput: 0.00 0.00 0.00 0.00

0.00 0.00 Mbps

Avg bit speed: 0.00 0.00 Mbps

% Non-unicast pkts: 0.00 0.00

------ RF Status------------------------------------------------

30s 1hr

Avg mobile-unit signal: 0.00 0.00 dBm

Avg mobile-unit noise: 0.00 0.00 dBm

Avg mobile-unit SNR(dB): 0.00 0.00

------ Errors---------------------------------------------------

30s 1hr

Avg number of retries: 0.00 0.00

% gave up pkts: 0.00 0.00

% Non-decryptable pkts: 0.00 0.00

RFController(config)#

RFController(config)#show wireless mobile-unit statistics 00-A0-F8-

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

123

Download from Www.Somanuals.com. All Manuals Search And Download.

show

BF-61-6E

***** mobile-unit 1: <00-A0-F8-BF-61-6E>*********************

WLAN : wlan-4

------ Traffic -------------------------------------------------

Total Rx

---------------- ---------------- --------

30s 1hr 30s 1hr 30s

1hr

Pkts per sec: 0.00 0.01 0.00 0.00

0.00 0.00 pps

Throughput: 0.00 0.00 0.00 0.00

0.00 0.00 Mbps

Avg bit speed: 0.00 1.51 Mbps

% Non-unicast pkts: 0.00 71.43

------ RF Status------------------------------------------------

30s 1hr

Avg mobile-unit signal: -82.00 -81.00 dBm

Avg mobile-unit noise: -92.00 -94.50 dBm

Avg mobile-unit SNR(dB): 10.00 13.50

------ Errors---------------------------------------------------

30s 1hr

Avg number of retries: 0.00 2.00

% gave up pkts: 0.00 0.00

Common Commands 2-123

% Non-decryptable pkts: 0.00 0.00

RFController(config)#show wireless mobile-unit statistics 00-A0-F8-

BF-61-6E detail ?

| Output modifiers

> Output redirection

>> Output redirection appending

<cr>

RFController(config)#

RFController(config)#show wireless mobile-unit statistics 00-A0-F8-

BF-61-6E detail

mu_idx = 0

Retry Counts Packets

------------ -------

Voice failed : 0

124

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

wlan-acl

Common to all modes

Displays the WLAN based access control list information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show wlan-acl [<1-256>|all]

Parameters

wlan-acl [ <1-256>|all]

Displays WLAN based access control list information

•

<1-256> – Displays ACLs attached to the specified WLAN ID

all – Displays all ACLs attached to a WLAN port

Example

RFController>show wlan-acl 20

WLAN port: 20

Inbound IP Access List :

Inbound MAC Access List :

Outbound IP Access List :

Outbound MAC Access List :

RFController>

RFController>show wlan-acl all

WLAN port: 1

Inbound IP Access List :78

Inbound MAC Access List :200

Outbound IP Access List :78

Outbound MAC Access List :200

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

125

Download from Www.Somanuals.com. All Manuals Search And Download.

show

access-list

Privilege / Global Config

Displays the access lists (numbered and named) configured on the controller. The numbered

access list displays numbered ACLs. The named access list displays named ACL details.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show access-list [<1-99>|<100-199>|<1300-1999>|

<2000-2699>|<acl-name>]

Parameters

access-list

Displays access-list entries.

•

<1-99> - IP standard access list

<100-199> - IP extended access list

<1300-1999> - IP standard access list (expanded range)

<2000-2699> – IP extended access list (expanded range)

<acl-name> - Name of ACL

[<1-99>|<100-199>|<130

0-1999>|<2000-2699>|<a

cl-name>]

Example

RFController(config)#show access-list

Extended IP access list 110

permit ip 192.168.1.0/24 192.168.100.0/24 rule-precedence 5

permit ip 192.168.63.0/24 192.168.100.0/24 rule-precedence 63

permit ip 192.168.157.0/24 192.168.100.0/24 rule-precedence 157

RFController(config)#

RFController(config)#show access-list 110

Extended IP access list 110

permit ip 192.168.1.0/24 192.168.100.0/24 rule-precedence 5

permit ip 192.168.63.0/24 192.168.100.0/24 rule-precedence 63

permit ip 192.168.157.0/24 192.168.100.0/24 rule-precedence 157

RFController(config)#

126

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

aclstats

Privilege / Global Config

Displays the statistics of configured access lists

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show aclstats [access-list|vlan <1-4094>]

show aclstats {<1-99>|<100-199>|<1300-1999>|<2000-2699>|

<acl-name>}

show aclstats vlan <1-4094>

Parameters

Displays configured access lists.

access-list

•

<1-99> - IP standard access list

<100-199> - IP extended access list

<1300-1999> - IP standard access list (expanded range)

<2000-2699> - IP extended access list (expanded range)

<acl-name> - Name of ACL

{<1-99>|<100-199>|<130

0-1999>|<2000-2699>|

<acl-name>}

•

Defines the VLAN interface (between 1- 4094)

vlan <1-4094>

Example

RFController(config)#show aclstats vlan 400

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

127

Download from Www.Somanuals.com. All Manuals Search And Download.

show

alarm-log

Privilege / Global Config

Displays the contents of the alarm log on the device

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show alarm-log {<1-65535>|acknowledged|all|count|new|

severity-to-limit}

show alarm-log severity-to-limit {critical|

informational|major|normal|warning}

Parameters

alarm-log [<1-65535>|

acknowledged|all|count|ne

w| severity-to-limit]

Displays the contents of the alarm log on the device.

•

<1-65535> - Displays the details of a specific alarm ID

acknowledged - Displays information for acknowledged

alarms currently in the system

•

all - Displays all the alarms currently in the system

count - Displays the number (count) of the alarms currently

in the system

•

new - Displays those new alarms currently in the system

severity-to-limit {critical|informational

major|normal|warning} - Displays the alarms having

specified severity, as well as those alarms with a severity

higher than the specified value.

•

critical - Displays all critical alarms

informational - Displays all informational or higher

severity alarms

•

major - Displays all major or higher severity alarms

normal - Displays all normal or higher severity alarms

warning - Displays all warning or higher severity alarms

128

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

boot

Privilege / Global Config

Displays the boot configuration of the device

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show boot

Parameters

None

Example

RFController#show boot

Image

Build Date

Install Date

Version

-----

Primary

-------------------- --------------------

Oct 16 03:55:43 2008 Sep 15 00:53:56 2008

--------------

4.2.1.0

Secondary Sep 30 00:14:30 2008 Aug 27 01:46:32 2008

4.2.1.0

Current Boot

Next Boot

: Primary

Software Fallback : EnabledRFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

129

Download from Www.Somanuals.com. All Manuals Search And Download.

show

clock

Privilege / Global Config

Displays the system clock

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show clock

Parameters

None

Example

RFController#show clock

Jun 01 00:51:34 UTC 2010

RFController#

130

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

debugging

Privilege / Global Config

Displays the debugging configuration information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show debugging mstp

Parameters

mstp

Displays the current MSTP configuration

Example

RFController(config)#show debugging mstp

MSTP debugging status:

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

131

Download from Www.Somanuals.com. All Manuals Search And Download.

show

dhcp

Privilege / Global Config

Displays existing DHCP server configurations

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show dhcp [config|status]

Parameters

Example

config

status

Displays the current DHCP server configuration

Displays whether the DHCP server is running

RFController#show dhcp config

service dhcp

ip dhcp pool vlan6

default-router xxx.xxx.xxx.2

network xxx.xxx.xx.0/24

address range xxx.xxx.xx.xx aaa.aaa.aa.aa

RFController#

132

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

file

Privilege / Global Config

Displays the file system information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show file [information|systems]

Parameters

Example

file [information|systems]

Displays the filesystem information.

•

information <FILE> - Displays file information

systems - Lists existing filesystems

RFController#show file systems

File Systems:

Size(b)

Free(b)

- opaque system:

Type Prefix

13704192 11904000 flash nvram:

19524608 16866304 flash flash:

- network sftp:

- network http:

- network ftp:

- network tftp:

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

133

Download from Www.Somanuals.com. All Manuals Search And Download.

show

ftp

Privilege / Global Config

Displays the FTP server configuration

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show ftp

Parameters

None

Example

RFController#show ftp

FTP Server: Disabled

User Name: anonymous or ftpuser

Password: ********

Root dir: flash:/

RFController#

134

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

password-encryption

Privilege / Global Config

Displays the global password encryption status

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show password-encryption status

Parameters

status

Displays the existing password-encryption status

Example

RFController#show password-encryption status

Password encryption is disabled

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

135

Download from Www.Somanuals.com. All Manuals Search And Download.

show

running-config

Privilege / Global Config

Displays the contents of those configuration files wherein all configured MAC and IP access lists

are applied to an interface

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show running-config [full|include-factory]

Parameters

Example

running-config

[full|include-factory]

Displays the contents of the configuration files

•

full – Displays the file’s full (complete) configuration

include-factory – Includes factory defaults

RFController(config)#show running-config full

! configuration of Mobility RFS7000 version 4.3.0.0

version 1.3

aaa authentication login default local none

service prompt crash-info

network-element-id RFS7000

username "admin" password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d

username "admin" privilege superuser

username "operator" password 1 fe96dd39756ac41b74283a9292652d366d73931f

spanning-tree mst cisco-interoperability enable

spanning-tree mst configuration

name My Name

country-code us

logging buffered 4

logging console 4

snmp-server engineid netsnmp 6b8b456749d9e5c1

snmp-server sysname RFS7000

snmp-server manager v2

snmp-server manager v3

snmp-server user snmptrap v3 encrypted auth md5 0x22b4e8506bf66b435abdde2

b996e8100

snmp-server user snmpmanager v3 encrypted auth md5 0x22b4e8506bf66b435abd

de2b996e8100

snmp-server user snmpoperator v3 encrypted auth md5 0x0153e87f2d43032f221

b1f3e340942d2

136

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

firewall dhcp-snoop-conflict-detection disable

firewall dhcp-snoop-conflict-logging disable

ip http server

ip http secure-trustpoint default-trustpoint

ip http secure-server

ip ssh

ip telnet

no service pm sys-restart

wireless

secure-wispe-default-secret 0 defaultS

no ap-ip default-ap controller-ip

smart-rf

wireless

radius-server local

interface ge1

controllerport access vlan 1

ip dhcp trust

interface ge2

controllerport access vlan 1

ip dhcp trust

interface ge3

controllerport access vlan 1

ip dhcp trust

interface ge4

controllerport access vlan 1

ip dhcp trust

interface me1

ip address 10.1.1.100/24

interface vlan1

ip address 172.16.10.2/24

rtls

rfid

espi

sole

line con 0

line vty 0 24

end

RFController(Config)#

RFController(config)#show running-config include-factory

! configuration of RFController version 4.0.0.0-008D

version 1.0

service prompt crash-info

no service set command-history

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

137

Download from Www.Somanuals.com. All Manuals Search And Download.

show

no service set reboot-history

no service set upgrade-history

hostname RFController

banner motd Welcome to CLI!

username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d

username admin access console web ssh telnet

username admin privilege superuser

username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f

username operator access console web ssh telnet

username operator privilege monitor

spanning-tree mst config

name My Name

no management secure

ip domain-lookup

service diag period 1000

service diag enable

country-code us

redundancy group-id 1

redundancy interface-ip 0.0.0.0

redundancy mode primary

redundancy hold-period 15

redundancy heartbeat-period 5

redundancy discovery-period 30

no redundancy handle-stp enable

no redundancy dhcp-server enable

no redundancy enable

................................................

no radio default-11b enhanced-beacon-table

no radio default-11b enhanced-probe-table

no radio 1 neighbor-smart-scan

no radio 2 neighbor-smart-scan

no ap-detection enable

................................................

ip address 123.111.2.1/24

no ip helper-address

sole

no adapter AeroScout enable

radius-server retransmit 3

radius-server timeout 5

radius-server key

aaa authentication login default local none

line con 0

line vty 0 24

end

RFController(config)#

138

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

securitymgr

Privilege / Global Config

Displays the security manager event-logs

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show securitymgr event-logs

Parameters

None

Example

RFController#show securitymgr event-log

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

139

Download from Www.Somanuals.com. All Manuals Search And Download.

show

sessions

Privilege / Global Config

Displays the list of current active open sessions on the device

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show sessions

Parameters

None

Example

RFController#show sessions

SESSION USER LOCATION

cli Console

cli 10.10.10.1

IDLE

06:24m

00:00m

START TIME

May 31 18:31:36 2010

Jun 1 00:04:30 2010

** 2

RFController#

140

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

startup-config

Privilege / Global Config

Displays the complete startup configuration script on the console

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show startup-config

Parameters

None

Example

RFController(config)#show startup-config

! configuration of Mobility RFS7000 version 4.3.0.0

version 1.3

aaa authentication login default local none

service prompt crash-info

network-element-id RFS7000

username "admin" password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d

username "admin" privilege superuser

username "operator" password 1 fe96dd39756ac41b74283a9292652d366d73931f

spanning-tree mst cisco-interoperability enable

spanning-tree mst configuration

name My Name

country-code us

logging buffered 4

logging console 4

snmp-server engineid netsnmp 6b8b456749d9e5c1

snmp-server sysname RFS7000

snmp-server manager v2

snmp-server manager v3

snmp-server user snmptrap v3 encrypted auth md5 0x22b4e8506bf66b435abdde2

b996e8100

snmp-server user snmpmanager v3 encrypted auth md5 0x22b4e8506bf66b435abd

de2b996e8100

snmp-server user snmpoperator v3 encrypted auth md5 0x0153e87f2d43032f221

b1f3e340942d2

firewall dhcp-snoop-conflict-detection disable

firewall dhcp-snoop-conflict-logging disable

ip http server

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

141

Download from Www.Somanuals.com. All Manuals Search And Download.

show

ip http secure-trustpoint default-trustpoint

ip http secure-server

ip ssh

ip telnet

no service pm sys-restart

wireless

secure-wispe-default-secret 0 defaultS

no ap-ip default-ap controller-ip

smart-rf

wireless

radius-server local

interface ge1

controllerport access vlan 1

ip dhcp trust

interface ge2

controllerport access vlan 1

ip dhcp trust

interface ge3

controllerport access vlan 1

ip dhcp trust

interface ge4

controllerport access vlan 1

ip dhcp trust

interface me1

ip address 10.1.1.100/24

interface vlan1

ip address 172.16.10.2/24

rtls

rfid

espi

sole

line con 0

line vty 0 24

end

RFController#

142

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

upgrade-status

Privilege / Global Config

Displays the last image-upgrade status

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show upgrade-status {detail}

Parameters

None

Example

RFController#show upgrade-status

Last Image Upgrade Status : Successful

Last Image Upgrade Time : Mon May 21 16:27:40 2010

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

143

Download from Www.Somanuals.com. All Manuals Search And Download.

show

mac-name

User/Privilege Exec

Displays the configured MAC name

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show mac-name

Parameters

None

Example

RFController(config-wireless)#show mac-name

Index MAC Address

MAC Name

00-18-DE-82-78-6B GE1PortMACAddress

Number of MAC names configured = 1

RFController(config-wireless)#

144

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

firewall

Priv Exe Mode

Displays wireless firewall

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show firewall [config|dhcp|flow]

show firewall [config|dhcp snoop-table|flow timeouts]

Parameters

Example

firewall [config|

dhcp snoop-table|

flow timeouts]

Displays firewall configuration information.

•

config – Displays Configuration

dhcp snoop-table - Displays DHCP snoop table entries

flow timeouts – Displays firewall flow timeout configuration

RFController#show firewall

RFController#

RFController#show firewall config

RFController#

RFController#show firewall flow

RFController#

NOTE

For information on the ‘firewall’ command in Global Config mode, refer to firewall on page 316.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

145

Download from Www.Somanuals.com. All Manuals Search And Download.

show

role

Priv Exe Mode

Displays existing role name

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show role [<role-name>|wireless-clients]

Parameters

role [<role-name>|

wireless-clients]

Displays existing role name

•

<role-name> – Displays existing role name

wireless-clients – Displays wireless-clients assigned with

these roles

Example

RFController#show role

RFController#

RFController#show role word

RFController#

RFController#show role wireless-clients

RFController#

146

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

virtual-IP

Global Config Mode

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show virtual-ip [config|status]

Parameters

show virtual-ip

[config|status]

Displays all the virtual-ip’s present in the configuration.

config – Displays the configuration details.

status – Displays current status of the controller.

Example

RFController>show virtual-ip status

VIP State

: VIP_ST_INIT

VIP Status

: Disabled

: 0

Cluster Redundancy Status

Advertisement Length

Total Advertisements Sent

Total Number of Peers

Total Learning Advts Sent

Total Advertisements Recvd

: 0

Reserved VMAC Address Range : 00-15-70-88-8A-90 to 00-15-70-88-8B-8F

Used VMAC Address Range : 00-15-70-88-8A-90 to 00-15-70-88-8A-90

Available VMAC Address Count : 256

Used VMAC Address Count

DHCP Server status

: 0

: Not Running on this Controller

============================================================

RFController>

Advt recvd

RFController>show virtual-ip config

RFS7K-1(config)#show virtual-ip config

Virtual-IP Status

: Enabled

: Automatic

: 2

Cluster Redundancy Status

Priority Selection Mode

Learning Timeout(sec)

Advertisement Timeout(sec) : 1

Gratuitous ARP Timeout(sec) : 180

Virtual-IP Server Port

Controller IP

: 51525

: 192.168.11.4

Reserved VMAC Address Range : 00-15-70-88-8A-90 to 00-15-70-88-8B-8F

Configured Virtual MAC

DHCP Server status

: 00-15-70-88-8A-98

: Active

+---------------------------------------------------+

| Vlan | Priority | ControllerIP | Virtual IP

----------------------------------------------------+

11 | 3232238340 |192.168.11.4 |192.168.11.10 |

+---------------------------------------------------

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

147

Download from Www.Somanuals.com. All Manuals Search And Download.

show

RFController>

RFS7K-1(config)#show virtual-ip status

Virtual-IP State

: Master

: Enabled

: 176

Virtual-IP Config Status

Virtual-IP Runtime Status

Cluster Redundancy Status

Advertisement Length

Total Advertisements Sent

Total Learning Advts Sent

Total Advertisements Recvd

DHCP Server status

Total Number of Peers

Peer Status Information

: 1619309

: 0

: Active

: 1

+----------------------------------------------------------------------+

Peer IP | Status | Advts Sent Advts Recvd

+----------------------------------------------------------------------+

| 192.168.11.5 | Slave 600214

+----------------------------------------------------------------------+

Virtual IP Master Details

+--------------------------------------------------+

| Vlan | Priority | ControllerID | Virtual IP

---------------------------------------------------+

|11 | 3232238340| 192.168.11.4| 192.168.11.10|

+--------------------------------------------------+

RFController>

RFS7K-1(config)#no virtual-ip all

all

Remove all VIP entries

enable Disable IP Redundancy protocol

vlan

vmac

VLAN of the Virtual IP

Virtual MAC

NOTE

On executing the above command, all the virtual-ip entries configured on the Controller will be

removed.

RFS7K-1(config)#no virtual-ip enable

Disables the virtual-ip protocol

RFS7K-1(config)#no virtual-ip vlan 1

Removes the configured virtual-ip of that vlan

RFS7K-1(config)#no virtual-ip vmac

Removes the configured vmac on the controller

148

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

wwan

Common to all modes

Configures wireless wan feature

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show wwan [config|dns-server]

Parameters

config

Displays wwan signal configuration

Displays wwan DNS server addresses

dns-server

Example

RFController#show wwan config

Access Point Name : isp.cingular

Auth-type: chap

Username : [email protected]

RFController#

RFController#show wwan dns-server

Preferred DNS server : 209.183.54.151

Alternate DNS server : 209.183.54.151

RFController#

RFController#show interfaces wwan

Interface wan

Hardware Type PPP, Interface Mode Layer 3

index=8, metric=1, mtu=1500, (PAL-IF)

<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>

inet 166.129.246.245/32 pointopoint 10.64.64.64

input packets 0, bytes 0, dropped 0, multicast packets 0

input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0

output packets 184, bytes 17618, dropped 0

output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0

collisions 0

RFController#

RFController#show ip interface brief

Interface

me1

vlan1

vlan11

vlan2

wan

IP-Address/Mask Status

Protocol

down

10.1.1.100/24

192.168.1.1/24

192.168.11.1/24

64.171.249.249/24 up

166.129.246.245/32 up

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

149

Download from Www.Somanuals.com. All Manuals Search And Download.

show

aap-wlan-acl

Privilege / Global Config

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

In Mobility RFS4000 Controller,

show aap-wlan-acl [<1-24>|all]

In Mobility RFS6000 Controller,

show aap-wlan-acl [<1-32>|all]

In Mobility RFS7000 Controller,

show aap-wlan-acl [<1-256>|all]

Parameters

aap-wlan-acl [<1-32>|all]

Applies an ACL on wlan for an aap.

<1-32> – Displays ACLs attached to the specified wlan id for aap

all – Displays ACLs attached to wlan port

Example

RFController(config)#show aap-wlan-acl 8

RFController(config)#

150

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

aap-wlan-acl-stats

Privilege / Global Config

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show aap-wlan-acl-stats

Parameters

aap-wlan-acl-stats

Displays IP filtering wlan based statistics

Example

RFController(config)#show aap-wlan-acl-stats

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

151

Download from Www.Somanuals.com. All Manuals Search And Download.

show

protocol-list

Common to all Modes

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show protocol-list

Parameters

show protocol-list

Displays the list of protocols

Example

RFController(config)#show protocol-list

Protocol Name

Protocol Number

icmp

igmp

ggp

ipencap

tcp

egp

igp

pup

udp

hmp

xns-idp

rdp

iso-tp4

xtp

ddp

idpr-cmtp

ipv6

ipv6-route

ipv6-frag

RFController(config)#

152

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

show

service-list

Common to all Modes

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

show service-list

Parameters

show service-list

Displays the list of services

Example

RFController#show service-list

Service Name

tcpmux

rtmp

nbp

echo

zip

echo

discard

systat

daytime

telnet

smtp

Port Number

1/tcp

1/ddp

2/ddp

4/ddp

6/ddp

7/tcp

7/udp

9/tcp

9/udp

11/tcp

13/tcp

13/udp

23/tcp

25/tcp

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

153

Download from Www.Somanuals.com. All Manuals Search And Download.

show

154

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

User Exec Commands

In this chapter

Logging in to the controller places you within the USER EXEC command mode. Typically, a login

requires a user name and password. You have three login attempts before a connection attempt is

refused. USER EXEC commands (available at the user level) are a subset of the commands

available at the privileged level. In general, USER EXEC commands allow you to connect to remote

devices, perform basic tests and list system information.

To list available USER EXEC commands, use ? at the command prompt. The USER EXEC prompt

consists of the device host name followed by an angle bracket (>). The default host name is

generally “WLAN Module”. Use the GLOBAL CONFIG command to change the hostname.

User exec commands

Table 3 summarizes USER EXEC commands:

TABLE 3

User Exec Mode Command Summary

Command

Description

Ref.

clear

Resets the command to the previous configuration

Clears the display screen

Displays the cluster context

Turns off (disables) the privileged mode command set

Turns on (enables) the privileged mode command set

Ends the current mode and moves down to the previous

mode

Describes the interactive help system

Exits the EXEC mode

Negates a command or sets its defaults

Toggles the paging functionality

Sends ICMP echo messages

page

ping

quit

Exits the current mode and moves to the previous mode

Displays service commands

Shows running system information. Refer to Common

commands on page 31

telnet

Opens a telnet session

page 166

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

155

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

TABLE 3

User Exec Mode Command Summary

Command

Description

Ref.

terminal

Sets terminal line parameters

Traces the route to a destination

page 167

page 168

traceroute

156

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

clear

Resets the previous (last saved) command

Supported on the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

Refer to the interface details below when using clear counter interface.

- ge <index> – Mobility RFS4000 Controller supports 4 GEs and Mobility RFS6000 Controller

supports 8 GEs

- me1 – Available in both Mobility RFS7000 Controller and Mobility RFS6000 Controller

- up1 – Available ib both Mobility RFS6000 Controller and Mobility RFS4000 Controller

- sa <1-4> – Available only in Mobility RFS7000 Controller

- sa <1-6> – Available only in Mobility RFS4000 Controller

Syntax

clear [crypto|mobility|spanning-tree]

clear crypto [ipsec|isakmp] sa {<IP>}

clear mobility [event-log|wireless-client|peer-statistics]

clear mobility event-log [wireless-client|peer]

clear mobility wireless-client [<MAC>|all|foreign-database|

home-database]

clear mobility peer-statistics {<Peer-IP>}

clear spanning-tree detected-protocols {interface <interface-name>}

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

157

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

Parameters

crypto [ipsec|isakmp] sa

Clears IPSec/ISAKMP SAs for a given peer

{<IP>}

•

ipsec sa {<IP> } – Clears IPSec SA’s

isakmp sa {<IP> } – Clears ISAKMP SA’s

•

sa – Clears all IPSec/ISAKMP SA's

<IP> – Optional. Peer IP address

mobility [event-log|

wireless-client|

peer-statistics]

Clears mobility attributes

•

event-log [wireless-client|peer]– Clears the event log

•

wireless-client – Clears Client event-logs for

peer – Clears peer event logs

•

wireless-client [<MAC>|all|foreign-database|

home-database] – Clears Client information

•

<MAC> – Clears the MAC addresses of a Client

all – Clears the Client MAC address, including the

foreign and home database

•

foreign-database – Clears those clients present in the

foreign Client database

home-database – Clears those clients present in the

home Client database

•

peer-statistics {<Peer-IP>} – Clears Mobility Peer Statistics

<Peer-IP> – Optional. IP address of a Peer

•

spanning-tree

Clears the spanning tree protocols configured for the interface

detected-protocols

{interface

<interface-name>}

•

detected-protocols {interface <interface-name>} – Enter the

optional interface name <interface-name> to clear the

detected spanning tree protocols for that specific interface

Example

RFController>clear crypto ike sa 111.222.333.01

RFController>

158

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

cluster-cli

Use this command to enter the cluster-cli context. The cluster-cli context provides centralized

management to configure all cluster members from any one member. Any command executed

under this context will be executed to all the controllers in the cluster.

A new context redundancy supports the cluster-cli. Any commands executed under this context are

executed on all members of the cluster.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

cluster-cli enable

Parameters

enable

Enables the cluster context

Example

RFController> enable

RFController:cluster-cli>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

159

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

disable

Enables the PRIV mode to use the disable command. Use the disablecommand to exit the PRIV

mode

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

disable

Parameters

None

Example

RFController>disable

RFController>

160

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

enable

Use the enable command to enter the PRIV mode

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

enable

Parameters

None

Example

RFController>enable

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

161

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

logout

Use this command instead of the exitcommand to exit the EXEC mode

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

logout

Parameters

None

Example

The RFController Series Controller logs off on execution of this command.

162

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

page

Use the command to toggle the controller paging function. Enabling this command displays the CLI

command output page by page, instead of running the entire output at once.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

page

Parameters

None

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

163

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

ping

Sends ICMP echo messages to a user-specified location

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

ping {[<IP>|<hostname>]}

Parameters

ping {[<IP>|<hostname>]}

Pings the specified destination IP address or hostname. When

entered without any parameters, this command prompts you for

an IP/Host-name to ping.

Example

RFController>ping 192.168.2.100

PING 192.168.2.100 (192.168.2.100): 100 data bytes

128 bytes from 192.168.2.100: icmp_seq=0 ttl=128 time=2.7 ms

128 bytes from 192.168.2.100: icmp_seq=1 ttl=128 time=38.4 ms

128 bytes from 192.168.2.100: icmp_seq=2 ttl=128 time=4.6 ms

--- 192.168.2.100 ping statistics ---

3 packets transmitted, 3 packets received, 0% packet loss

round-trip min/avg/max = 2.7/15.2/38.4 ms

RFController>ping

Target IP address:

164

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

quit

Use this command to exit the current mode and move to the previous mode

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

quit

Parameters

None

Example

The controller logs off upon execution of the command

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

165

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

telnet

Opens a telnet session

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

telnet <IP> port

Parameters

telnet <IP> port

Defines the IP address or hostname of a remote system

port – Displays TCP port number

•

Example

Mobility RFS6000 Controller>telnet 172.16.10.3

Entering character mode

Escape character is '^]'.

Mobility RFS6000 Controller release 4.0.0.0-037D

Mobility RFS6000 Controller login:

166

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

terminal

Sets the length/number of lines displayed within the terminal window

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

terminal [length <0-512>|no [length <0-512>|width]|

width <0-512>]

Parameters

length <0-512>

Sets the number of lines on a screen

Negates a command or sets its defaults.

no [length <0-512>|

width]

•

length <0-512> – Negates the length command

width – Negates the width command

width <0-512>

Sets the width/number of characters on a screen line

Example

RFController>terminal length 100

RFController>

RFController>terminal width 200

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

167

Download from Www.Somanuals.com. All Manuals Search And Download.

User exec commands

traceroute

•Priv Exec command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Traces the route to its defined destination

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

traceroute [[<IP>|<hostname>]|ip [<IP>|<hostname>]]

Parameters

[<IP>|<hostname>]

Traces the route to a destination IP address or a hostname

IP trace to a destination IP address or a hostname

ip [<IP>|<hostname>]

Example

RFController#traceroute 157.222.333.33

traceroute to 157.235.208.39 (157.235.208.39), 30 hops max, 38 byte packets

1 157.235.208.39 (157.235.208.39) 0.466 ms 0.363 ms 0.226 ms

RFController#

168

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Privileged Exec Commands

In this chapter

Most PRIV EXEC commands set operating parameters. Privileged-level access should be password

protected to prevent unauthorized use. The PRIV EXEC command set includes commands

contained within the USER EXEC mode. The PRIV EXEC mode also provides access to configuration

modes, and includes advanced testing commands.

The PRIV EXEC mode prompt consists of the host name of the device followed by a pound sign (#).

To access the PRIV EXEC mode, enter the following at the prompt:

RFController>enable

RFController#

The PRIV EXEC mode is often referred to as the enable mode, because the enablecommand is

used to enter the mode. There is no provision to configure a password to get access to PRIV EXEC

(enable) mode.

Priv Exec command

Table 4 summarizes the controller PRIV EXEC commands:.

TABLE 4

Priv Exec Commands

Command

Description

Ref.

acknowledge

archive

Acknowledges alarms

Manages archive files

Changes the current directory

change-passwd

clear

Changes the password of the logged user

Resets controller functions to last saved configuration

Configures the software system clock

Clears the display screen

Displays the cluster context

Enters the configuration mode

Copies content from one file to another

Displays debugging functions

debug

delete

diff

Deletes a specified file from the system

Displays differences between two files

Lists the files on a filesystem

dir

disable

Turns off privileged mode command

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

169

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

TABLE 4

Priv Exec Commands

Command

Description

Ref.

Edits a text file

Turns on the privileged mode command

Erases a filesystem

Ends the current mode and moves to the previous mode

Halts the controller

Displays a description of the interactive help system

Kills (terminates) a specified session

Exits the EXEC mode

Creates a directory

Displays the contents of a file

Negates a command or sets its defaults

Toggles the paging function

Sends ICMP echo messages to a specified location

Displays the current directory

pwd

quit

Exits the current mode and moves to the previous mode

Halts the controller and performs a warm reboot

Renames a file

Deletes a directory

Displays service commands

Shows running system information.

Opens a telnet session

Sets terminal line parameters

Traces a route to a destination

Upgrades the controller software image

Aborts an ongoing upgrade operation

Writes the running configuration to memory or a terminal

upgrade - abort

write

170

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

acknowledge

Acknowledges alarms

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

acknowledge alarm-log [<1-65535>|all]

Parameters

alarm-log [<1-65535>|all]

Acknowledges alarms

•

<1-65535> – Acknowledges the specific alarm ID

all – Acknowledges all alarms

Example

RFController#acknowledge alarm-log all

No corresponding record found in the Alarm Log.

RFController#acknowledge alarm-log 200

No corresponding record found in the Alarm Log.

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

171

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

archive

Manages file archive operations

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

archive tar /table [<FILE>|<URL>]

archive tar /create [<FILE>|<URL>] [<FILE>|<DIR>]

archive tar /xtract [<FILE>|<URL>] <DIR>

Parameters

tar

Manipulates (creates, lists or extracts) a tar file

Lists the files in a tar file

Creates a tar file

/table

/create

/xtract

<FILE>

<URL>

<DIR>

Extracts content from a tar file

Defines a Tar filename

Tar file URL

A directory name. When used with /create, is the source directory

for the tar file. When used with /xtract, is the destination file

where the contents of the tar file are extracted to.

Example

How to zip the folder flash:/log/?

RFController#archive tar /create flash:/out.tar flash:/log/

tar: Removing leading '/' from member names

flash/log/

flash/log/snmpd.log

flash/log/messages.log

flash/log/startup.log

flash/log/radius/

RFController#dir flash:/

How to view the output tar file?

Directory of flash:/

drwx

-rw-

1024

120

1024

173056

Thu Apr 17 08:25:50 2010

Fri Apr 8 12:27:20 2010

Thu Apr 7 16:23:34 2010

Wed May 23 15:30:19 2010

Fri May 8 14:39:48 2010

hotspot

log

crashinfo

backup

out.tar

How to see which files are in the tar file?

RFController#archive tar /table flash:/out.tar

drwxrwxrwt 0/600 0 2010-05-08 12:27:20 flash/log

-rw-r--r-- 0/0

381 2010-05-08 12:27:28 flash/log/snmpd.log

151327 2010-05-08 14:37:26 flash/log/messages.log

172

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

-rw-r--r-- 0/0

17318 2010-05-08 12:27:29 flash/log/startup.log

drwxrwxrwt 0/600 0 2010-05-08 12:27:14 flash/log/radius

If Untar fails..?

RFController#archive tar /xtract flash:/out.tar flash:/out/

tar: flash:/out.tar: No such file or directory

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

173

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

Changes the current directory

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

cd {<DIR>}

Parameters

<DIR>

Changes current directory to DIR. This parameter is optional.

When this parameter is not provided, the current directory name

is displayed.

Example

RFController#cd

nvram:/ system:/ flash:/

RFController#cd flash:/?

DIR Change current directory to DIR

RFController#cd flash:/

flash:/backup/

flash:/out/

flash:/crashinfo/ flash:/hotspot/

flash:/log/

RFController#cd flash:/log/?

DIR Change current directory to DIR

RFController#cd flash:/log/

RFController#pwd

flash:/log/

RFController#

174

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

change-passwd

Changes the password of a logged user

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

change-passwd

Parameters

None

Usage Guidelines

A password must be between 8 to 32 characters in length. For security, the console does not

display user entered key words or the old password and new password fields.

Verify the console displays a “password successfully changed” message.

NOTE

The console (by default), does not display a user entered keyword for an old password and new

password. Leaving the old password and new password fields empty displays the following error

message: Error: Invalid password length. It should be between 8 - 32characters.

Example

RFController#change-passwd

Enter old password:

Enter new password:

Password for user 'admin' changed successfully

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

175

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

clear

Resets the current context

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

spanning-tree]

clear [aclstats|arp-cache|dosstats|logging]

clear alarm-log [<1-65535>|acknowledge|all|new]

router|thread]

clear counters interface [<interface>|all|ge <1-8>|me1|sa <1-4>|up1|vlan

<1-4094>]

In the Mobility RFS4000 Controller:

clear counters interface [<interface>|all|ge <1-5>|me1|sa <1-6>|up1|vlan

<1-4094>|wwan]

clear crypto [ike|ipsec] sa {<IP>}

clear ip [dhcp|pmtu-discovery-blackhole-cache]

clear ip dhcp binding [*|<IP>|all]

clear ip pmtu-discovery-blackhole-cache

clear mac-address-table [dynamic|multicast|static]

[address <address>|bridge <1-32>|interface <interface>|

vlan <vlan>]

clear mobility [event-log|wireless-client|peer-statistics]

clear mobility event-log [wireless-client|peer]

clear mobility wireless-client [<MAC>|all|foreign-database|

home-database]

clear mobility peer-statistics {<peer-IP>}

clear spanning-tree detected-protocols {interface <interface-name>}

176

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

Parameters

aclstats

Clears ACl statistics

Clears the alarm-log

alarm-log [<1-65535>|

acknowledge|all|new]

•

<1-65535> – Clears the specific alarm ID

acknowledge – Clears acknowledged alarms

all – Clear all alarms

new – Clear new alarms

arp-cache

Clears the ARP cache

counters [all|bridge|firewall| Clears counters

igmp-snooping|interface|

•

all – Clears all counters

bridge – Clears bridge counters

firewall – Clears firewall counters

interface [<interface>|all|ge <1-8>|me1|sa <1-4>|up1|

vlan <1-4094>] – Clears interface counters

igmp-snooping – Clears igmp-snooping counters

router – Clears router counters

router|thread]

•

thread – Clear per-thread counters

crypto [ipsec|isakmp] sa

Clears IPSec/ISAKMP SAs for a given peer

{<IP>}

•

ipsec sa {<IP> } – Clears IPSec SA’s

isakmp sa {<IP> } – Clears ISAKMP SA’s

•

sa – Clears all IPSec/ISAKMP SA's

<IP> – Optional. Peer IP address

ip [dhcp|

Clears Internet Protocol (IP) DHCP/NAT

pmtu-discovery-blackhole-cac

he]

•

dhcp binding [*|<IP>|all]– DHCP server configuration

binding [*|<IP>|all]– DHCP address bindings

•

* – Clears all bindings

<IP> – Clears a specific IP binding

all – Clears

•

pmtu-discovery-blackhole-cache - Clears path

For more details, see DHCP Server Instance on page 507

logging

Modifies message logging facilities

mac-address-table

[dynamic|multicast|static]

[address <address>|

bridge <1-32>|

interface <interface>|

vlan <vlan>]

Clears entries in the forwarding database

•

dynamic – Clears all dynamic entries

multicast – Clears all multicast entries

static – Clears all management configured entries

•

address <address> – Clears a specified MAC address

bridge <1-32> – Clears bridge group commands

interface <interface> – Clears all MAC addresses for

the specified interface

•

vlan <vlan> – Clears all MAD addresses for the

specified VLAN (1-4094)

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

177

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

mobility [event-log|

Clears mobility attributes

wireless-client|

peer-statistics]

•

event-log [wireless-client|peer]– Clears the event log

•

wireless-client – Clears Client event-logs for

peer – Clears peer event logs

•

wireless-client [<MAC>|all|foreign-database

home-database] – Clears Client information.

•

<MAC> – Clears the MAC addresses of a Client

all – Clears the Client MAC address, including the

foreign and home database

•

foreign-database – Clears those clients present in the

foreign Client database

home-database – Clears those clients present in the

home Client database

•

peer-statistics {<peer-IP>}– Clears Mobility Peer Statistics

<peer-IP> – IP address of a Peer

•

spanning-tree

Clears the spanning tree protocols configured for the interface

detected-protocols {interface

<interface-name>}

•

detected-protocols {interface <interface-name>} – Enter

the optional interface name to clear the detected spanning

tree protocols for that specific interface

Example

RFController#clear alarm-log new

RFController#

RFController#clear alarm-log acknowledged

RFController#

RFController#clear arp-cache

RFController#

RFController#clear logging

RFController#

RFController#clear mobility event-log peer

RFController#

RFController#clear ip dhcp binding *

RFController#

178

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

clock

Configures the software system clock

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clock set HH:MM:SS <1-31> <MONTH> <1993-2035>

Parameters

HH:MM:SS

<1-31>

Sets the time in hours, minutes, and seconds

Sets the number of days in the month.

<MONTH>

<1993-2035>

Sets the month in the format Jan, Feb, Mar,..., Dec.

Sets the year

Example

RFController#clock set 15:10:30 25 May 2010

RFController#show clock

May 25 15:10:31 UTC 2010

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

179

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

cluster-cli

Use this command to access the cluster-cli context. The cluster-cli context provides centralized

management to configure all members of cluster from one member. Any command executed under

this context is executed on all controllers in the cluster.

A new context (redundancy) is available to support the cluster-cli. Any commands executed under

this context are executed on each cluster member.

Use no cluster-clito exit the cluster-cli context.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

cluster-cli enable

Parameters

enable

Enables the controller cluster context

Example

RFController#cluster-cli enable

180

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

configure

Enters the configuration mode

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

configure terminal

Parameters

terminal

Enables configuration from the terminal

Example

RFController#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

181

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

copy

Copies any file (config,log,txt ...etc) from any location to the controller and vice-versa

NOTE

Copying a new config file onto an existing running-config file merges it with the existing

running-config on the controller. Both, the existing running-config and the new config file are applied

as the current running-config.

Copying a new config file onto a start-up config files replaces the existing start-up config file with the

parameters of the new file. It is better to erase the existing start-up config file and then copy the new

config file to the startup config.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

copy [<FILE>|<URL>] [<FILE>|<URL>]

Parameters

<FILE>

The first <FILE> is the source file to copy from. The second <FILE>

is the destination to which to copy.

<URL>

The first <URL> is the source URL to copy from. The second

<URL> is the destination URL to which to copy.

Example

Transferring file snmpd.log to remote tftp server?

RFController#copy flash:/log/snmpd.log

tftp://157.235.208.105:/snmpd.log

Accessing running-config file from remote tftp server into controllerrunning-config?

RFController#copy tftp://157.235.208.105:/running-

config running-config

182

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

debug

Use this command for debugging

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

debug all

smart|snmp|system|wips|wisp|wlan] {[debug|err|info|warn]}

debug ccstats <statsmodule>

debug [certmgr|dhcpsvr] [all|error|info]

debug ip [https|ssh]

debug logging [all|errors|init|monitor|subagent]

system]

debug mstp [all|cli|packet|protocol|timer]

debug nsm {[all|events|kernel|packet]}

debug radius {[all|err|info|warn]}

timer|warnings]

packet-forwarding|pmdebug|pmerror|rulesdebug|

ruleserror|user]

info|init]

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

183

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

Parameters

all

Enables debugging

cc [access-point|all|alt|

ap-containment|

apetect|capwap|cluster|

config|dot11|eap|ids|

kerberos|l3-mob|loc-ap|

loc-client|media|

wireless-client|radio|radius

|self-heal|smart|snmp|

system|wips|wisp|wlan]

{[debug|err|info|warn]}

controller (wireless) debugging message

•

access-point [debug|err|info|warn] – Debugs access point

logs

•

debug – Debugs all default messages

err – Debugs error and higher severity messages

info – Debugs information and higher severity

messages

•

warn – Debugs warning and higher severity messages

all – all modules

•

alt [debug|err|info|warn] – address lookup logs

ap-detect [debug|err|info|warn] – rouge AP detection logs

ap-containment [debug|err|info|warn] – rouge AP

containment logs

•

capwap [debug|err|info|warn] – capwap logs

cluster [debug|err|info|warn] – cluster related logs

config [debug|err|info|warn] – configuration change logs

dot11 [debug|err|info|warn] – data path logs

kerberos [debug|err|info|warn] – kerberos logs

l3-mob [debug|err|info|warn] – Layer3 mobility logs

loc-ap [debug|err|info|warn] – loc-ap logs

loc-client [debug|err|info|warn] – loc-client logs

media [debug|err|info|warn] – encapsulation media logs

wireless-client [debug|err|info|warn] – wireless client logs

radio [debug|err|info|warn] – radius logs

radius [debug|err|info|warn] – radius client logs

self-heal [debug|err|info|warn] – self healing logs

smart [debug|err|info|warn] – smart-rf logs

snmp [debug|err|info|warn] – SNMP logs

system [debug|err|info|warn] – system call logs

wips [debug|err|info|warn] – WIPS sensor logs

wisp [debug|err|info|warn] – wisp logs

wlan[debug|err|info|warn] – wlan logs

ccstats <stats-module>

Controller statistics (wireless) debugging messages

•

stats-module [debug|error|info|warn] – Statistics Module to

be debugged.

•

debug – Debugs all default messages

err – Debugs error and higher severity messages

info – Debugs information and higher severity

messages

•

warn – Debugs warning and higher severity messages

certmgr [all|error|info]

dhcpsvr [all|error|info]

Certificate manager debugging messages

•

all – Trace error and informational messages from Certificate

Manager

•

error – Trace error messages from Certificate Manager

info – Trace information messages from Certificate Manager

DHCP Conf Server debugging messages

•

all – Trace error and informational messages from DHCP

Conf Server

•

error – Trace error messages from DHCP Conf Server

info – Trace information messages from DHCP Conf Server

184

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

imi [all|cli-client|

Integrated management interface debugging messages

cli-server|errors|init|ntp]

•

all – All debugging

cli-client – CLI responses from Protocol modules to IMI

Server

•

cli-server – CLI commands from IMI server to protocol

module

•

error – errors

init – Initialization process

ntp – Net debug messages

ip [https|ssh]

Internet protocol debugging messages

•

https – Secure HTTP <HTTPS> Server

ssh – Secure Shell <SSH> Server

logging

Modify message logging facilities for debugging messages

[all|errors|init|monitor|

subagent]

•

all – All debugging

error – errors

init – Logging module Initialization

monitor – Logging to monitors

sub-agent – Subagent

mgmt

Management daemon debugging messages

[all|debug|err|info|sys|

warning]

•

all – All debugging

debug – Debug

info – Info

sys – System

warning –Warning

error – errors

mobility

L3 mobility debugging messages

[all|cc|error|forwarding|

client|packet|peer|system]

•

all – All debugging <except “forwarding”>

cc – ccserver events

error – error

forwarding – Dataplane forwarding

client –Client events and state changes

packet – Control packets

peer – Peer establishment

system – System events

mstp

Multiple Spanning Tree Protocol (MSTP) debugging message

[all|cli|packet|protocol|

timer]

•

all – all

cli – CLI commands

packet [rx|tx] – MSTP packets

•

rx – receive packet

tx – transmit packet

protocol detail – Protocol

timer detail – MSTP timers

•

detail – Detailed output

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

185

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

nsm {[all|events|kernel|

Network Service Module (NSM) debugging messages. All

packet]}

parameters are optional.

•

all – Enable all debugging

events – NSM events

kernel – NSM kernel

packet [detail|recv|send] – NSM packets

•

detail – Detailed information display

recv [detail] – NSM receive packets

•

detail – Detailed information display

send [detail] – NSM send packets

detail – Detailed information display

•

radius

RADIUS server debugging messages. All are optional parameters.

{[all|err|info|warning]}

•

all – trace all messages from radius server

err– trace error messages from local radius server

info – trace error, warning and information messages from

radius server

•

warn – trace error and warning messages from radius server

redundancy

Redundancy protocol debugging messages

[all|ccmsg|config|errors|

general|heartbeats|init|

packets|proc|shutdown|

states|subagent|timer|

warnings]

•

all – Debugging all

ccmsg – Msg exchange with CC

config – Configuration processing

errors – Errors

general – General

heartbeats – Heartbeats processing

init – Redundancy initialization

packets – Packet processing

proc – Process flow

shutdown – Shutdown process

states – Redundancy states machine

subagent – Sub-agent

timer – Timer handlings

warning – Warnings

186

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

securitymgr

Security manager debugging messages

[acldebug|aclerror|all|

debug|dosdebug|

doserror|error|ikedebug|

natdebug|naterror|

packet-forwarding|

pmdebug|pmerror|

rulesdebug|ruleserror|

user]

•

acldebug – Trace debug messages from ACL module

aclerror – Trace error messages from ACL module

all – Trace all messages from Security Manager

debug – Trace general debug messages from Security

Manager

dosdebug – Trace debug messages from DOS module

doserror – Trace error messages from DOS module

error – Trace general error messages from Security Manager

ikedebug – Trace debug messages from Ike

natdebug – Trace debug messages from NAT module

naterror – Trace error messages from NAT module

packet-forwarding <WORD> – Enable debug messages

related to packet forwarding

•

<WORD> – Module based debug string

pmdebug – Trace debug messages from Policy Manager API

calls

•

pmerror – Trace error messages from Policy Manager API

calls

•

rulesdebug – Trace debug messages from rules module

ruleserror – Trace error messages from debug module

user <WORD> – Enable debug messages from Policy

manager library

•

<WORD> – Module based debug string

sole [adapters|aeroscout|

algo|all|cclib|ekahau|error

s|info|init]

Location engine debugging messages

•

adapters – SOLE Adapter manager logs

aeroscout – Aeroscout logs

algo – Location algorithm logs

all – All module logs

cclib – cc library logs

errors – Error and higher severity logs

info – SOLE info logs

init – Initialization logs

ekahau – Ekahau logs

Example

RFController#debug ?

all

Enable all debugging

Controller (wireless) debugging messages

Certificate Manager Debugging Messages

DHCP Conf Server Debugging Messages

Integrated Management Interface

Internet Protocol (IP)

ccstats

certmgr

dhcpsvr

imi

logging

mgmt

Modify message logging facilities

Mgmt daemon

mobility

mstp

nsm

L3 Mobility

Multiple Spanning Tree Protocol (MSTP)

Network Service Module (NSM)

pktdrvr

radius

redundancy

Pktdrvr (kernel wireless) debugging messages

RADIUS server debugging messages

Redundancy Protocol debugging messages

securitymgr Security Manager Debugging Messages

sole Location engine debugging messages

RFController#debug

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

187

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

delete

Deletes a specified file from the system

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

delete [/force <FILE>|/recursive <FILE>|<FILE>]

Parameters

/force

Forces deletion without a prompt

Performs a recursive delete

/recursive

<FILE>

Specifies the filename(s) to be deleted

Example

RFController#delete flash:/out.tar flash:/out.tar.gz

Delete flash:/out.tar [y/n]? y

Delete flash:/out.tar.gz [y/n]? y

RFController#delete /force flash:/tmp.txt

RFController#

RFController#delete /recursive flash:/backup/

Delete flash:/backup//fileMgmt_350_180B.core

[y/n]? y

Delete

flash:/backup//fileMgmt_350_18212X.core_bk

[y/n]? n

Delete flash:/backup//imish_1087_18381X.core.gz

[y/n]? n

RFController#

188

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

diff

Displays the differences between 2 files

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

diff [<FILE>|<URL>] [<FILE>|<URL>]

Parameters

<FILE>

The first <FILE> is the source file for the diff. The second <FILE> is

the file to compare.

<URL>

The first <URL> is the source URL for the diff. The second <URL>

is the URL to compare.

Example

RFController#diff startup-config running-config

--- startup-config

+++ running-config

@@ -89,7 +89,7 @@

mobility peer 157.235.208.16

wlan 1 enable

wlan 1 ssid wlan123

- wlan 1 encryption-type wep128

+ wlan 1 encryption-type tkip

wlan 1 authentication-type eap

wlan 1 mobility enable

wlan 1 radius server primary 127.0.0.1

@@ -184,10 +184,12 @@

rad-user adam password 0 mypassword

rad-user eve password 0 mypassword123

rad-user sumi password 0 mypassword

+ rad-user test password 0 mypassword123

rad-user vasavi password 0 mypassword123

group kumar2

rad-user sumi

- policy wlan 2

+ policy vlan 44

+ policy wlan 10

group kumar3

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

189

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

dir

View the list of files on a filesystem

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

dir {[/all|/recursive] [<DIR>|all-filesystems]}

Parameters

/all

Lists all files

/recursive

<DIR>

Lists files recursively

Lists files in the named file path

Lists the files on all filesystems

all-filesystems

Example

RFController#dir

Directory of flash:/

drwx

-rw-

drwx

-rw-

1024

120

1024

14271

1024

Wed Jul 19 19:14:05 2010

Wed Aug 30 15:32:44 2010

Thu Aug 31 23:50:09 2010

Tue Jul 25 15:16:41 2010

Wed Jul 26 15:42:08 2010

Wed Aug 9 17:35:08 2010

Wed Jul 26 16:08:02 2010

Wed Jul 26 16:08:42 2010

Thu Aug 17 14:59:39 2010

Fri Aug 11 19:57:37 2010

Thu Aug 17 15:11:23 2010

hotspot

log

crashinfo

Radius-config

flash:

radius

3426

running-config-new

radius-config

cli_commands.txt

cli_commands.txtli_commands.txt

cli_commands_180B.txt

13163

80898

65015

65154

RFController#

190

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

disable

Turns off the privileged mode command

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

disable

Parameters

None

Example

RFController#disable

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

191

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

edit

Edits a text file

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

edit <FILE>

Parameters

<FILE>

Name of the file to be modified

Example

RFController#edit startup-config

GNU nano 1.2.4

startup-config

aaa authentication login default local none

service prompt crash-info

username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d

username admin privilege superuser

username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f

spanning-tree mst configuration

name My Name

no bridge multiple-spanning-tree enable bridge-forward

192

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

enable

Turns on the privileged mode command

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

enable

Parameters

None

Example

RFController#enable

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

193

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

erase

Erases a target filesystem

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

erase [nvram:|flash:|startup-config|usb1:|usb2:|cf:]

Parameters

nvram:

flash:

Erases everything in nvram

Erases everything in flash

Resets the configuration to factory default

Erases everything in usb1

Erases everything in usb2

Erases everything in cf

startup-config

usb1:

usb2:

cf:

Example

RFController#erase startup-config

RFController#

194

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

halt

Stops (halts) the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

halt

Parameters

None

Example

RFController#halt

Wireless Controller will be halted, do you want to continue?

(y/n): y

Do you want to save current configuration? (y/n/d): y

[OK]

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

195

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

kill

Kills (terminates) a specified session and stops (halts) the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

kill session <1-16>

•

session

Active session (16 active sessions can be terminated)

Example

Telnet to controller

[xyz@xyz xyz]$ telnet

157.235.208.93

Trying 157.235.208.93...

Connected to 157.235.208.93 (157.235.208.93).

Escape character is '^]'.

RFController release 4.3.0.0

RFController#show sessions

SESSION

USER

LOCATION

root

IDLE

Console

START TIME ** 1

00:00m

Jan 1 00:00:00 1970

root

157.235.208.105

00:38m

00:00m

RFController#kill session 9

% Error: Invalid session number

RFController#kill session 3

~ # Connection closed by foreign host.

[xyz@xyz xyz]$

196

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

logout

Exits the EXEC mode and stops (halts) the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

logout

Parameters

None

Example

RFController#logout

RFController release 4.3.0.0

RFController login:

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

197

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

mkdir

Creates a new directory in the filesystem

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

mkdir <DIR>

Parameters

<DIR>

Directory name

Example

RFController#mkdir TestDIR

RFController#

198

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

Displays the contents of a file

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

more <FILE>

Parameters

<FILE>

Displays the contents of the file

Example

RFController#more flash:/log/messages.log

Sep 08 12:27:30 2010: %PM-5-PROCSTOP: Process

"radiusd" has been stopped

Sep 08 12:27:31 2010: %LICMGR-6-NEWLICENSE:

Licensed AP count changed to 48

Sep 08 12:27:31 2010: %CC-5-COUNTRYCODE:

config: setting country code to [in:

India]

Sep 08 12:27:31 2010: %DAEMON-6-INFO: radiusd

[460]: Ready to process requests.

Sep 08 12:27:35 2010: %DAEMON-6-INFO: init:

Starting pid 328, console

/dev/ttyS0

Sep 08 12:27:37 2010: %AUTH-6-INFO: login[328]:

root login on `ttyS0' from

`Console'

Sep 08 12:27:47 2010: %IMI-5-USERAUTHSUCCESS:

User 'admin' logged in with role

of ' superuser' from auth source 'local'

Sep 08 12:28:01 2010: %NSM-6-DHCPDEFRT: Default

route with gateway

157.235.208.246 learnt via DHCP

Sep 08 12:28:01 2010: %NSM-6-DHCPIP: Interface

vlan1 acquired IP address

157.235.208.93/24 via DHCP

Sep 08 12:29:07 2010: %CC-5-RADIOADOPTED: 11bg

radio on AP 00-A0-F8-BF-8A-A2

adopted

Sep 08 12:29:07 2010: %CC-5-RADIOADOPTED: 11a

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

199

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

radio on AP 00-A0-F8-BF-8A-A2

adopted

Sep 08 12:29:12 2010: %MOB-6-MUADD: Station 00

-0F-3D-E9-A6-54: Added to

Mobility Database

Sep 08 12:29:12 2010: %CC-6-STATIONASSOC:

200

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

page

Toggles controller paging. Enabling this command displays the command output page by page

instead of running the entire output at once.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

page

Parameters

None

Example

RFController#page

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

201

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

ping

Send (transmits) ICMP echo messages

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

ping {<IP>}

Parameters

<IP>

Sets the ping destination address or hostname

Example

RFController#ping 157.235.208.39

PING 157.235.208.39 (157.235.208.39): 100 data bytes

128 bytes from 157.235.208.39: icmp_seq=0 ttl=64 time=2.3 ms

128 bytes from 157.235.208.39: icmp_seq=1 ttl=64 time=0.2 ms

128 bytes from 157.235.208.39: icmp_seq=2 ttl=64 time=0.3 ms

128 bytes from 157.235.208.39: icmp_seq=3 ttl=64 time=0.2 ms

128 bytes from 157.235.208.39: icmp_seq=4 ttl=64 time=0.1 ms

--- 157.235.208.39 ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss

round-trip min/avg/max = 0.1/0.6/2.3 ms

RFController#ping

Target IP address:

202

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

pwd

View the contents of the current directory

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

pwd

Parameters

None

Example

RFController#pwd

flash:/

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

203

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

quit

Exits the current mode and moves to the previous mode

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

quit

Parameters

None

Example

RFController#quit

RFController release 4.3.0.0

RFController login:

204

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

reload

Halts the controller and performs a warm reboot

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

reload

Parameters

None

Example

RFController#reload

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

205

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

rename

Renames a file in the existing filesystem

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

rename <FILE> <FILE>

Parameters

<FILE>

Specifies the file to rename. The first <FILE> is the old file name.

The second <FILE> is the new file name.

Example

RFController#rename flash:/TestDIR/ NewTestDir

RFController#DIR

Directory of flash:/

drwx

-rw-

drwx

-rw-

drwx

1024

120

Wed Jul 19 19:14:05 2010

Wed Aug 30 15:32:44 2010

Thu Aug 31 23:50:09 2010

Tue Jul 25 15:16:41 2010

Wed Jul 26 15:42:08 2010

Wed Aug 9 17:35:08 2010

Wed Jul 26 16:08:02 2010

Wed Jul 26 16:08:42 2010

Thu Aug 17 14:59:39 2010

Fri Aug 11 19:57:37 2010

Thu Aug 17 15:11:23 2010

Sat Sep 2 00:15:38 2010

Sat Sep 2 00:31:24 2010

hotspot

log

crashinfo

Radius-config

flash:

1024

14271

1024

3426

13163

80898

65015

65154

radius

running-config-new

radius-config

cli_commands.txt

cli_commands.txtli_commands.txt

cli_commands_180B.txt

cli_commands.save

NewTestDir

1024

RFController#

206

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

rmdir

Deletes an existing file from the file system

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

rmdir <DIR>

Parameters

<DIR>

Defines the name of the directory to delete

Example

RFController#rmdir flash:/NewTestDir/

RFController#DIR

Directory of flash:/

drwx

-rw-

drwx

-rw-

1024

120

Wed Jul 19 19:14:05 2010

Wed Aug 30 15:32:44 2010

Thu Aug 31 23:50:09 2010

Tue Jul 25 15:16:41 2010

Wed Jul 26 15:42:08 2010

Wed Aug 9 17:35:08 2010

Wed Jul 26 16:08:02 2010

Wed Jul 26 16:08:42 2010

Thu Aug 17 14:59:39 2010

Fri Aug 11 19:57:37 2010

Thu Aug 17 15:11:23 2010

Sat Sep 2 00:15:38 2010

hotspot

log

crashinfo

Radius-config

flash:

1024

14271

1024

3426

13163

80898

65015

65154

radius

running-config-new

radius-config

cli_commands.txt

cli_commands.txtli_commands.txt

cli_commands_180B.txt

cli_commands.save

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

207

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

telnet

Opens a telnet session

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

telnet <IP> {<port>}

Parameters

telnet <IP> {<port>}

Defines the IP address or hostname of a remote system

<port> - Optional. Displays TCP Port Number

•

Example

RFController#telnet 157.111.222.33

Entering character mode

Escape character is '^]'.

Red Hat Linux release 9 (Shrike)

Kernel 2.4.20-6bigmem on an i686

Password:

208

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

terminal

Sets the length/number of lines displayed within the terminal window

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

terminal [length <0-512>|no [length <0-512>|width]|

width <0-512>]

Parameters

length <0-512>

Sets the number of lines on a screen

<0-512> – Number of lines on a screen

•

no [length <0-512>|

width]

Negates a command or sets its defaults

•

length <0-512> – Unset number of lines on a screen

width – Set width of display terminal

width <0-512>

Sets the width/number of characters on a screen line

<0-512> – Number of characters on a screen

•

Example

RFController>terminal length 100

RFController>

RFController>terminal width 200

RFController>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

209

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

traceroute

Traces a route to a destination

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

traceroute [[<IP>|<hostname>]|ip [<IP>|<hostname>]]

Parameters

[<IP>|<hostname>]

Traces the route to a destination IP address or a hostname

IP trace to a destination IP address or a hostname

ip [<IP>|<hostname>]

Example

RFController#traceroute 157.222.333.33

traceroute to 157.235.208.39 (157.235.208.39), 30 hops max, 38 byte packets

1 157.235.208.39 (157.235.208.39) 0.466 ms 0.363 ms 0.226 ms

RFController#

210

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

upgrade

Upgrades the software image

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

upgrade <URL> {background}

Parameters

<URL>

Location of the target firmware image used in upgrade

background

Optional. Specifies that the upgrade should occur in the

background.

Example

RFController#upgrade tftp://157.235.208.105:/img

var2 is 10 percent full

/tmp is 2 percent full

Free Memory 161896 kB

FWU invoked via Linux shell

Running from partition /dev/hda5, partition to

update is /dev/hda6

Reading image file header

Removing other partition

Sep 08 15:57:18 2010: %KERN-6-INFO: EXT3 FS on

hda1, internal journal.

Making file system

Extracting files (this can take some time).Sep

...........................

Jan 08 15:58:17 2009: %DIAG-4-CPULOAD: One

minute average load limit exceeded,

value is 100.00% limit is 99.90% (top process

kernel/ISR 100.00%)

Sep 08 15:58:44 2009: %PM-4-PROCNORESP: Process

"logd" is not responding

Jan 08 15:58:44 2009: %PM-4-PROCNORESP: Process

"logd" is not responding

Jan08 15:58:44 2009: %PM-4-PROCNORESP: Process

"logd" is not responding

Jan 08 15:58:44 2009: %PM-4-PROCNORESP: Process

"logd" is not responding

Version of firmware update file is 4.3.0.0

19193X

Jan08 15:58:44 2009: %KERN-6-INFO: EXT3 FS on

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

211

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

hda1, internal journal.

Creating LILO files

Running LILO

Successful

Jan 08 15:58:46 2009: %FWU-6-FWUDONE: Firmware

update successful, new version is 4.3.0.0

RFController#

212

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

upgrade - abort

Aborts an ongoing upgrade process

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

upgrade-abort

Parameters

None

Example

RFController#upgrade-abort

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

213

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

write

Writes the running configuration to memory or a terminal

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

write [memory|terminal]

Parameters

memory

terminal

Writes to NV memory

Writes to terminal

Example

RFController#write terminal

! configuration of RFController version 4.3.0.0

version 1.0

service prompt crash-info

username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d

username admin privilege superuser

username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f

username manager password 1 45b27d6483fc630981ad5096ff26a7956ce0c038

username manager privilege superuser

!no country-code

logging console 7

no logging on

fallback enable

ftp password 1 810a25d76c31e495cc070bdf42e076f7c9b0a1cd

ip http server

ip http secure-trustpoint local

ip http secure-server

ip ssh

ip telnet

snmp-server manager v2

snmp-server manager v3

crypto isakmp identity address

crypto isakmp keepalive 10

crypto ipsec security-association lifetime kilobytes 4608000

!.......................................

214

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

format

•Global Configuration commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Formats file system

Supported in the following platforms:

•

Mobility RFS7000 Controller

NOTE

This command is not supported on the Mobility RFS4000 Controller and on the Mobility RFS6000

Controller.

Syntax

format cf:

Parameters

cf:

Formats compact flash

Example

RFController#format cf:

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

215

Download from Www.Somanuals.com. All Manuals Search And Download.

Priv Exec command

216

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Global Configuration Commands

In this chapter

The term global is used to indicate characteristics or features effecting the system as a whole. Use

the Global Configuration Mode to configure the system globally, or enter specific configuration

modes to configure specific elements (such as interfaces or protocols). Use the configure terminal

command (under PRIV EXEC) to enter the global configuration mode.

The example below describes the process of entering the global configuration mode from

privileged EXEC mode:

RFController# configure terminal

RFController(config)#

NOTE

The system prompt changes to indicate you are now in global configuration mode. The prompt for

global configuration mode consists of the device host name followed by (config) and the pound sign

(#).

Commands entered in the global configuration mode update the running configuration file as soon

as they are entered. However, these changes are not saved in the startup configuration file until a

copy running-config startup-config EXEC command is issued.

Global Configuration commands

Table 5 summarizes the Global Config commands

TABLE 5

Global Config Commands

Command

Description

Ref.

aaa

Configures the current authentication, authorization and

page 220

accounting (aaa) login settings

access-list

autoinstall

banner

Adds an access list entry

Autoinstalls a configuration command

Defines a login banner

boot

Reboots the controller

bridge

Displays bridge group commands

Clears the display screen

country-code

Configures the country of operation. All existing radio

configuration will be erased

page 232

crypto

Defines encryption parameters

page 233

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

217

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

TABLE 5

Global Config Commands

Command

Description

Ref.

Runs commands from the EXEC mode

Ends the current mode and moves to the EXEC mode

Recovers from errors

Ends the current mode and moves to the previous mode

Configures FTP server parameters

Describes the interactive help system

Sets the system's network name

Defines an interface to configure

Internet Protocol (IP)

Sets license management commands

Configures a terminal line

local

Sets the username and password for local user

authentication

logging

Modifies message logging facilities

Configures MAC access-lists

Configures MAC address table

Sets a name to the MAC address of a Client

Sets properties of the management interface

Negates a command or set its defaults

Configures Network Time Protocol (NTP) parameters

Sets the system prompt

Enters the RADIUS server mode

Sets the rate limit feature parameters

Configures redundancy group parameters

Sets the Role Based Firewall parameters

Configures Real Time Location System parameters

Displays the running system information

Service commands

Modifies SMTP notification parameters

Modifies SNMP engine parameters

Configures spanning tree commands

Configures the timezone

Configures traffic shaping

Establishes user name authentication

Defines the VPN configuration

wireless

Configures wireless parameters

218

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

TABLE 5

Global Config Commands

Command

Description

Ref.

wlan-acl

Applies an ACL on WLAN

network-element-id Sets system’s network element ID

firewall

Configures Wireless firewall

virtual-ip

wwan

Displays virtual-ip configuration details

Displays wireless wwan interface

Applies an acl on wlan for aap

Configures Address Resolution Protocol

Configures PoE command

Applies ipfilter to WLAN/LAN

Configures host whitelist

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

219

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

aaa

Configures the current Authentication, Authorization and Accounting (AAA) login settings

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

aaa [authentication|nas|vpn-authentication]

aaa authentication login default [local|none|radius]

aaa nas <name>

aaa vpn-authentication [primary|secondary] <IP> key [0 <secret>|2

<secret>|<secret>] {authport <1024-65535>}

Parameters

authentication login default Sets the authentication configuration parameters.

[local|none|radius]

•

default – Defines the default authentication list

•

local – Sets the local user database

none – No authentication

radius – Defines an external RADIUS server

nas <name>

Sets the NAS identifier. The <name> parameter accepts a string

of 64 characters.

vpn-authentication

Sets the configuration for VPN authentication using RADIUS.

[primary|secondary]

[<IP> key [0 <secret>|

2 <secret>|<secret>]

{authport <1024-65535>}

•

primary – Sets the configuration for the primary server

secondary – Sets the configuration for the secondary server

key [0 <secret>|2 <secret>|<secret>] – Sets the secret key

settings

•

0 <secret> – Indicates that the password is specified

unencrypted

2 <secret> – Indicates that the password is encrypted

with password-encryption secret

<secret> – A shared secret up to 32 characters

•

authport <1024-65535> – Sets an optional RADIUS Server

authentication port

Usage Guidelines

Use an AAA login to determine whether management user authentication must be performed

against a local user database or an external RADIUS server

220

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

access-list

Adds an Access List (ACL) entry. Use the access-listcommand (under Global Configuration) to

configure the access list mechanism for filtering frames by protocol type or vendor code.

ACLs control access to the network through a set of rules. Each rule specifies an action which is

taken when a packet matches it within the given set of rules. If the action is deny, the packet is

dropped and if the action is permit, the packet is allowed. The controller supports the following

ACLs:

•

IP Standard ACLs

IP Extended ACLs

MAC Extended ACLs

ACLs are identified by either a number or a name. Numbers are predefined for IP Standard and

Extended ACLs, and the name can be any valid alphanumeric string (not exceeding 64 characters).

With numbered ACLs, the rule parameters have to be specified on the same command line along

with the ACL identifier.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

access-list [<1-99>|<100-199>|<1300-1999>|<2000-2699>]

For Standard IP ACLs:

access-list [<1-99>|<1300-1999>] [deny|permit|mark]

access-list [<1-99>|<1300-1999>] deny [<IP/MASK>|any|

host <IP>] {[rule-precedence <1-5000>|

log {rule-precedence <1-5000>}]}

access-list [<1-99>|<1300-1999>] permit [<IP/MASK>|any|

host <IP>] {[rule-precedence <1-5000>|

log {rule-precedence <1-5000>}]}

access-list [<1-99>|<1300-1999>] mark [8021p <0-7>|

dscp <0-63>|tos <0-255>] [<IP/MASK>|any|host <IP>]

{[rule-precedence <1-5000>|log {rule-precedence <1-5000>}]}

For Extended IP ACLs:

access-list [<100-199>|<2000-2699>] [deny|permit|mark] [icmp|ip|tcp|upd]

access-list [<100-199>|<2000-2699>] [deny|permit|mark] icmp

[<source-IP/Mask>|any|host <IP>] [<dest-IP/Mask>|any|host <IP>] {<ICMP-type>

{<ICMP-code>}} {log} {rule-precedence <1-5000>}

access-list [<100-199>|<2000-2699>] [deny|permit|mark]ip

[<source-IP/Mask>|any|host <IP>] [<dest-IP/Mask>|any|host <IP>] {log}

{rule-precedence <1-5000>}

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

221

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

access-list [<100-199>|<2000-2699>] [deny|permit|mark] [tcp|udp]

[<source-IP/Mask>|any|host <IP>] {eq

<source-port>|range <starting-source-port>

<ending-source-port>} [<dest-IP/Mask|any|host <IP>]

{eq <source-port>} {range <starting-source-port>

<ending-source-port>} {log} {rule-precedence <1-5000>}

NOTE

Using access-list [<100-199>|<2000-2699>] moves you to the

(config-ext-nacl) instance. For additional information, see

Extended ACL Instance on page 449.

Using access-list [<1-99>|<1300-1999>] moves you to the

(config-std-nacl) instance. For additional information, see

Standard ACL Instance on page 471.

To create a named ACL, use ip access-list (Standard/Extended). For more information,

see ip on page 252.

222

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

access-list

Adds a standard access list entry.

[<1-99>|<1300-1999>]

[permit|deny]

•

[<1-99>|<1300-1999>] – Defines access list number from

1-99 or 1300-1999

[<IP/MASK>|any|

host <IP>]

{[rule-precedence

<1-5000> {log}|log]}

•

[deny|permit] – Defines action types on an ACL

•

[<IP/MASK>| host <IP>| any] – <IP/MASK> is the

source address of the network or host in dotted

decimal format For example, 101110/24 indicates

the first 24 bits of the source IP are used for

matching

•

The keyword any is an abbreviation for a source IP of

0.0.0.0 and source-mask bits equal to 0

The keyword host is an abbreviation for exact source

(A.B.C.D) and source-mask bits equal to 32

log – Generates log messages when the packet

coming from the interface matches the ACL entry. Log

messages are generated only for router ACL’s. This is

an optional parameter

•

rule-precedence <1-5000> – Define an Integer value

between 1-5000. This value sets the rule precedence

in the ACL. This is an optional parameter

access-list

Adds a standard access list entry.

[<1-99>|<1300-1999>]

mark [8021p

•

[<1-99>|<1300-1999>] – Defines access list number from

1-99 or 1300-1999

<0-7>|dscp <0-63>|tos

<0-255>]

•

mark – Marks a packet. The action type markis functional only

over a Port ACL

[<IP/MASK>|any|host

<IP>] {[rule-precedence

<1-5000> {log}|log]}

•

8021p <0-7> – Used only with the action type markto

specify 8021p priority values

dscp <0-63> – Used only with the action type markto

specify DSCP values

tos <0-255> – Used only with the action type markto

specify type of service (tos) values

•

[<IP/MASK>| host <IP>| any] – <IP/MASK> is the

source address of the network or host in dotted

decimal format. For example, 10.1.1.10/24 indicates

the first 24 bits of the source IP are used for

matching

•

The keyword any is an abbreviation for a source IP of

0.0.0.0 and source-mask bits equal to 0

The keyword host is an abbreviation for exact source

(A.B.C.D) and source-mask bits equal to 32

log – Generates log messages when the packet

coming from the interface matches the ACL entry. Log

messages are generated only for router ACL’s. This is

an optional parameter

•

rule-precedence <1-5000> – Define an Integer value

between 1-5000. This value sets the rule precedence

in the ACL. This is an optional parameter

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

223

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

access-list

Adds an Extended IP access list entry.

[<100-199>|<2000-269

9>] [permit|deny]

[icmp|ip|tcp|udp]

[<IP/MASK>|any|

host <IP>]

•

(<100-199>|<2000-2699>) – For ICMP extended ACLs, the

ACL must be between 2000-2699

•

[deny|permit] – Defines action types on an ACL

[icmp|ip|tcp|udp] – The protocol type for the extended

ACL entry

{[rule-precedence

<1-5000> {log}|log]}

•

[<IP/MASK>| host <IP>| any] – <IP/MASK> is the

source address of the network or host in dotted

decimal format. For example, 10.1.1.10/24

indicates the first 24 bits of the source IP are used

for matching

•

The keyword any is an abbreviation for a source IP of

0.0.0.0 and source-mask bits equal to 0

The keyword host is an abbreviation for exact source

(A.B.C.D) and source-mask bits equal to 32

log – Generates log messages when the packet

coming from the interface matches the ACL entry.

Log messages are generated only for router ACL’s.

This is an optional parameter

•

rule-precedence <1-5000> – Define an Integer value

between 1-5000. This value sets the rule precedence

in the ACL. This is an optional parameter

access-list

Adds an Extended IP access list entry.

[<100-199>|<2000-269

9>] mask [8021p

<0-7>|dscp <0-63>|tos

<0-255>]

[icmp|ip|tcp|udp]

[<IP/MASK>|any|

host <IP>]

•

(<100-199>|<2000-2699>) – For ICMP extended ACLs, the

ACL must be between 2000-2699

•

mark – Marks a packet. The action type markis

functional only over a Port ACL

•

8021p <0-7> – Used only with the action type mark

to specify 8021p priority values

dscp <0-63> – Used only with the action type mark

to specify DSCP values

tos <0-255> – Used only with the action type mark

to specify type of service (tos) values

[icmp|ip|tcp|udp] – The protocol type for the

extended ACL entry

[<IP/MASK>| host <IP>| any] – <IP/MASK> is the

source address of the network or host in dotted

decimal format. For example, 10.1.1.10/24

indicates the first 24 bits of the source IP are used

for matching

{[rule-precedence

<1-5000> {log}|log]}

•

The keyword any is an abbreviation for a source IP of

0.0.0.0 and source-mask bits equal to 0

The keyword host is an abbreviation for exact source

(A.B.C.D) and source-mask bits equal to 32

log – Generates log messages when the packet

coming from the interface matches the ACL entry.

Log messages are generated only for router ACL’s.

This is an optional parameter

•

rule-precedence <1-5000> – Define an Integer value

between 1-5000. This value sets the rule precedence

in the ACL. This is an optional parameter

Use an access list command under the global configuration to create an access list. The controller

supports port, router and WLAN ACLs

224

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

•

When the access list is applied on an Ethernet port, it becomes a port ACL

When the access list is applied on a VLAN interface, it becomes a router ACL

When the access list is applied on a WLAN index, it becomes a WLAN ACL

A MAC access list (to allow arp), is mandatory for both port and WLAN ACL’s. For more information

on how to configure a MAC access list, see permit on page 499.

Example

The example below creates a standard access list (ACL) to permit any traffic coming to the

interface:

RFController(config)#access-list 1 permit any

RFController(config)#

The example below creates a extended IP access list to permit IP traffic between two networks:

RFController(config)#access-list 101 permit ip 192.168.1.0/24 192.168.2.0/24

RFController(config)#

The example below creates a extended access list to permit tcp traffic, between two networks, with

destination port range between 20 and 23:

RFController(config)#access-list 101 permit tcp 192.168.1.0/24 192.168.2.0/24

range 20 23

RFController(config)#

The example below denies icmp traffic from any source to any destination:

RFController(config)#access-list 115 deny icmp any any

RFController(config)#access-list 115 permit ip any any

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

225

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

autoinstall

Autoinstalls the controller image

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

autoinstall [clear-config-history|cluster-config|config|

image|reset-config|start]

autoinstall [clear-config-history|reset-config|start]

autoinstall [cluster-config|config] {url <URL>}

autoinstall image {[url <URL>|version <version>]}

226

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

clear-config-history

Autoinstalls a clear configuration history, resulting in a reversion.

Autoinstalls a cluster-config setup.

cluster-config {url <URL>}

•

url – Optional. Sets the URL of the item

<URL> – Remote/external location of the file

URLS: tftp://<hostname|IP>[:port]/path/file

ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file

http://<hostname|IP>[:port]/path/file

cf:/path/file

usb1:/path/file

usb2:/path/file

config {url <URL>}

Autoinstalls a config setup.

url – Optional. Sets the URL of the item

URL – Remote/external location of the file

•

URLS: tftp://<hostname|IP>[:port]/path/file

ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file

http://<hostname|IP>[:port]/path/file

cf:/path/file

usb1:/path/file

usb2:/path/file

image {[url <URL>|

Autoinstalls the image setup.

version <version>]}

•

url – Optional. Sets the URL of the item

•

<URL> – Remote/external location of the file

URLS: tftp://<hostname|IP>[:port]/path/file

ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file

http://<hostname|IP>[:port]/path/file

cf:/path/file

usb1:/path/file

usb2:/path/file

•

version <version> – The version number <version> cannot be

the same as the currently installed version number. Attempting

to install the same version results in an unsuccessful

download

reset-config

start

Resets all autoinstall features to factory defaults

Starts the autoinstall sequence

Example

RFController(config)#autoinstall clear-config-history

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

227

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

banner

Defines a login banner for the controller. Use {no} bannerto delete a previously configured

banner.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

{no} banner motd [<message>|default]

Parameters

motd [<message>|

default]

Sets the message of the day (MOTD) banner. <message> is the

custom message to be displayed.Use default to set the MOTD

string to the default message for the controller.

Usage Guidelines

Use no banner motdto delete the previously configured banner.

Example

RFController(config)#banner motd Welcome to my RFController CLI

RFController(config)

RFController release 4.3.0.0

RFController login: cli

Welcome to my RFController CLI

RFController>

RFController release 4.3.0.0

RFController login: cli

Welcome to CLI

RFController>

228

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

boot

Reboots the controller with an image in the mentioned partition (either the primary or secondary

partition)

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

boot system [primary|secondary]

Parameters

system [primary|secondary] Specifies the boot image used after reboot

•

primary – Specifies the primary image

secondary – Specifies the secondary image

Example

RFController(config)#boot system primary

Wireless controller will be rebooted, do you want to continue? (y/n):y

Do you want to save the configuration? (y/n):y

The system is going down NOW !!

% Connection is closed by administrator!

Please stand by while rebooting the system.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

229

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

bridge

Configures bridge specific commands

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The interfaces mentioned below are supported in the following platforms:

- ge <index> – Mobility RFS4000 Controller and Mobility RFS4000 Controller support 4 GEs and

Mobility RFS6000 Controller supports 8 GEs

- sa <1-4> – Supported on Mobility RFS7000 Controller

- sa <1-6> – Supported on Mobility RFS4000 Controller

- me1 – Only supported on Mobility RFS6000 Controller and Mobility RFS6000 Controller

- up1 – Only supported on Mobility RFS6000 Controller and Mobility RFS4000 Controller

Syntax

{no} bridge [<bridgegroup>|multiple-spanning-tree]

bridge <bridegegroup> [address|ageing-time]

bridge <bridegegroup> address <MAC> [discard|forward] [<interface>|ge

<1-8>|me1|sa <1-4>|up1|vlan <1-4094>]

bridge <bridegegroup> ageing-time [0|<10-1000000>]

bridge multiple-spanning-tree enable

230

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

bridge <bridge-group>

address <MAC>

[discard|forward]

[<interface>|ge <1-8>|

me1|sa <1-4>|up1|

vlan <1-4094>]

bridge <bridge-group>

ageing-time

[0|<10-1000000>]

Bridge groups available for bridging.

•

<bridgegroup> – Bridge group value between 1 and 32

address <MAC> – Unique hardware address in the

HHHH.HHHH.HHHH format

•

[discard|forward] – Either discard or forward the

interface on which the configured rule is applied. This

filter frames on a specific interface that contain the

specified hardware address in either the source or

destination field

•

<interface> – The name of the interface

vlan <2-4094> – VLAN interface

ge <index> – Gigabit Ethernet interface. Mobility

RFS7000 Controller supports 4 GE’s and Mobility

RFS6000 Controller supports 8 GEs

sa <1-4> – Static Aggregate interface index. Only

supported on Mobility RFS7000 Controller

me1 – Fast Ethernet interface

up1 – WAN interface. Only available on Mobility

RFS6000 Controller and Mobility RFS4000

Controller

•

ageing-time [0|<10-1000000>] – The time duration a

learned MAC address persists after the last update

•

0 – Disables aging

<10-1000000> – Sets aging time in seconds

multiple-spanning-tree

enable

Enables Multiple Spanning Tree Protocol (MSTP) commands

Usage Guidelines

Creating customized filter schemes for bridged networks limits the amount of unnecessary traffic

processed and distributed by the bridging equipment. Use multiple bridge address discard/forward

commands to develop the filter scheme.

Use the (no)bridge [<1-32>|multiple-spanning-tree]command to delete the configured

discard or forward filters.

Example

RFController(config)#bridge multiple-spanning-tree enable

RFController(config)#

RFController(config)#bridge 2 address 1a2b:3c4d:5e6f forward eth 1 vlan 2

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

231

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

country-code

Sets the country of operation

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

{no} country-code <code>

Parameters

<code>

A two (2) letter ISO-3166 country code. To view country codes, use

the show wireless country-code-listcommand.

Usage Guidelines

{no} country-code erases all existing radio configuration.

Example

RFController(config)#country-code ?

WORD the 2 letter ISO-3166 country code ("show wireless country-code-list"

to see list of supported countries)

RFController(config)#no country-code US

RFController(config)#

232

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

crypto

Crypto-trustpoint Instance on page 387.

Use crypto to define system level local ID for ISAKMP negotiation and to enter the ISAKMP Policy,

ISAKMP Client or ISAKMP Peer command set.

NOTE

crypto isakmp(policy)Priority moves to the

config-crypto-isakmpinstance. For more information, see

Crypto-isakmp Instance on page 327.

crypto isakmp client configuration group default moves you to the

config-crypto-groupinstance. For more details, see

Crypto-group Instance on page 341.

crypto isakmp peer IP Address moves to the

config-crypto-peerinstance. For more details, see Crypto-peer Instance on page 351.

crypto ipsec transformset <tag> <value>leads you to

crypto-ipsec. Use the crypto ipsec transform-set command to define the transform

configuration for securing data (for example, esp-3des, esp-sha-hmac, etc.). The transform-set is

assigned to a crypto map using the map’s set transform-set command. For more details, see

crypto pki trustpointmode leads to the config-trustpointinstance. For more details, see

Crypto-trustpoint Instance on page 387.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

crypto [ipsec|isakmp|key|map|pki]

crypto ipsec [security-association|transform-set]

crypto ipsec security-association lifetime

[kilobyte|seconds] <lifetime>

crypto ipsec transform-set <transform-set-tag>

esp-aes-256|esp-des|esp-md5-hmac|esp-sha-hmac]

crypto isakmp [client|keepalive|key|peer|policy]

crypto isakmp client configuration group default

crypto isakmp keepalive <10-3600>

crypto isakmp key [0 <secret>|2 <secret>|<secret>]

[address <IP>|hostname <HOST>]

crypto isakmp peer [address <IP>|dn <distinguished-name>|

hostname <HOST>]

crypto isakmp policy <1-10000>

crypto key [export|generate|import|zeroize]

crypto key export rsa <rsa-keypair> <URL> {<pass-phrase>}

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

233

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

crypto key generate rsa <rsa-keypair-name> <1024-2048>

crypto key import rsa <rsa-keypair-name> <URL>

{<pass-phrase>}

crypto key zeroize rsa <rsa-keypair-name>

crypto map <crypto-map-tag> <1-1000> [ipsec-isakmp|ipsec-manual] {dynamic}

crypt pki [authenticate|enroll|export|import|trustpoint]

crypto pki authenticate <trust-point-name> [terminal|<URL>]

crypto pki enroll <trust-point-name> [request|self-signed]

crypto pki export <trust-point-name> [request|trustpoint]

<URL>

crypto pki import <trust-point-name> [certificate|crl|

trustpoint]

crypto pki import <trust-point-name> certificate

[<URL>|terminal]

crypto pki import <trust-point-name> crl <URL> <

crypto pki(authenticate|enroll|export|import|trustpoint)

crypto pki authenticate <name> (terminal|URL)

crypto pki enroll<name> (request|self-signed)

crypto pki [import|export] <name> (request|trustpoint)(URL)

crypto pki import ads [certificate|crl|trustpoint] (URL)(terminal)

234

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

ipsec (security-association| Configures IPSEC policies.

transform-set)

•

security-association – Defines the security association

parameter used to define its lifetime

•

lifetime (kilobyte | seconds) – The lifetime of IPSEC

security association. It can be defined in either:

kilobytes – Volume-based key duration, the minimum is

500 KB and maximum is 2147483646 KB .

seconds – Time-based key duration, the minimum is 90

seconds and maximum is 2147483646 seconds

•

transform-set [set name] – Uses the crypto ipsec

transform-set command to define the transform

configuration (authentication and encryption) for securing

data

•

ah-md5-hmac

ah-sha-hmac

esp-3des

esp-aes

esp-aes-192

esp-aes-256

esp-des

esp-md5-hmac

esp-sha-hmac

The transform-set is then assigned to a crypto map using the

map’s set transform-set command. For more information, see

Crypto-map Instance on page 371

isakmp

[client|keepalive|key|

peer|policy]

Configures the Internet Security Association and Key

Management Protocol (ISAKMP) policy.

•

client configuration (group) (default) – Leads to the

config-cryptogroup instance.

For more details see Crypto-group Instance on page 341

keepalive <10-3600> – Sets a keepalive interval for use with

remote peers. It defines the number of seconds between

DPD messages

key [0 <key>|2 <key>|<key>] [address|hostname] – Sets a

pre-shared key for remote peer

•

0 <key> – Password is specified unencrypted

2 <key> – Password is encrypted with

password-encryption secret

•

<key> – User provided password

address – Defines a shared key with an

IP address

•

hostname – Defines the shared key with a hostname

peer [address|dn|hostname] – Sets the remote peer

•

address – The IP address is the identity of the remote

peer

dn – The identity of the remote peer is the distinguished

name

hostname –The hostname is the identity of the remote

peer

policy <1-10000> – Sets a policy for a ISAKMP protection

suite

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

235

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

key

Authentication key management functions.

[export|generate|import|

zeroize]

•

export rsa <name> URL [tftp|ftp] – Exports a keypair related

configuration

generate rsa <name> <1024-2048> – Generates a keypair

•

<1024-2048> – Size of keypair in bits

import rsa <name> URL [tftp|ftp] – Imports keypair related

configuration

•

zeroize rsa <name> – Deletes a keypair

rsa <identifier> – RSA keypair identifier associated with

keypair

•

URL for sending the key, it can be one of the following:

•

tftp://<IP>/path/file (or)

ftp://<user>:<passwd>@<IP>/path/file

map <name> <sequence>

[ipsec-isakmp|

Enter a crypto map. For more information, see

Crypto-map Instance on page 371.

ipsec-manual] dynamic

•

name <name> – Names the crypto map entry (not to exceed

32 characters)

•

<1-1000> – Sequence to insert into crypto map entry

•

ipsec-isakmp – IPSEC w/ISAKMP

ipsec-manual – IPSEC w/manual keying

dynamic – Dynamic map entry (remote VPN

configuration) for XAUTH with mode-config or ipsec-l2tp

configuration

pki [authenticate|enroll|

export|import|trustpoint]

Configures certificate parameters. The public key infrastructure is

a protocol that creates encrypted public keys using digital

certificates from certificate authorities. The PKI ensures each

online party is who they claim to be.

•

authenticate <name> (terminal|tftp|ftp) – Defines the

authenticate and import CA certificate

enroll <name> (request|self-signed) – Generates a

certificate request or selfsigned certificate for the trustpoint

export <name> (request|trustpoint) (tftp|ftp) – Exports the

trustpoint related configuration

import – Imports a trustpoint related configuration

•

certificate – Imports server certificate for the trust point

crl – certificate Revocation list

•

URL – URL to get certificate from URLS:

tftp://<IP>/path/file

ftp://<user>:<passwd>@<IP>/path/file

terminal – Copy and paste mode of enrollment

trustpoint – Import trust point including either private

key and server certificate or ca certificate or both

•

trustpoint – Creates and configures a trustpoint

236

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Usage Guidelines

Follow the table to calculate how many character are required to add the key size for

authentication and encryption. This is used while configuring Manual IPSEC only.

For example, To create a key with authentication type as ESP-SHA and encryption type as

AES-192, enter 20+16=36 characters.

The key size for all the 3 different AES combinations is 128 bits or 16 bytes.

Follow the example below to see how the Auth and Encryption key is created in (config)#

crypto-ipsecinstance and used in (config)# crypt-mapinstance.

RFController(config)#crypto ipsec transform-set Test1 ?

ah-md5-hmac

ah-sha-hmac

esp-3des

AH-HMAC-MD5 transform

AH-HMAC-SHA transform

ESP transform using 3DES cipher (168 bits)

ESP transform using AES cipher

esp-aes

esp-aes-192

esp-aes-256

esp-des

ESP transform using AES cipher (192 bits)

ESP transform using AES cipher (256 bits)

ESP transform using DES cipher (56 bits)

esp-md5-hmac ESP transform using HMAC-MD5 auth

esp-sha-hmac ESP transform using HMAC-SHA auth

RFController(config)#crypto ipsec transform-set Test1 esp-aes-192 esp-sha-hmac

RFController(config-crypto-ipsec)#exit

RFController(config)#crypto map TestMap-TechPub 10 ipsec-manual

RFController(config-crypto-map)#set peer 1.1.1.1

RFController(config-crypto-map)#match address 101

RFController(config-crypto-map)#set transform-set tfset-manual

RFController(config-crypto-map)#set session-key inbound esp 257

cipher 12345678901234567890123456789012345678901234

authenticator 12345678901234567890123456789012345678901234

RFController(config-crypto-map)#set session-key outbound esp 258

cipher 12345678901234567890123456789012345678901234

authenticator 12345678901234567890123456789012345678901234

RFController(config-crypto-map)#exit

RFController(config)#interface vlan11

RFController(config-if)#crypto map manual

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

237

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

RFController(config-if)#show running-config

! configuration of Mobility RFS6000 Controller version 4.3.0.0

aaa authentication login default none

service prompt crash-info

username "admin" password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d

username "admin" privilege superuser

username "operator" password 1 fe96dd39756ac41b74283a9292652d366d73931f

access-list 30 deny 11.1.1.0/24 log rule-precedence 10

access-list 101 permit ip 12.1.1.0/24 10.1.1.0/24 rule-precedence 10

access-list 102 permit ip 22.1.1.0/24 20.1.1.0/24 rule-precedence 10

mac access-list extended 200

permit any any type arp rule-precedence 10

.............................................................................

.........................................

crypto isakmp key 0 12345678 address 11.1.1.1

crypto isakmp key 0 12345678 address 21.1.1.1

.............................................................

crypto ipsec transform-set tfset1 esp-3des esp-sha-hmac

mode tunnel

crypto ipsec transform-set tfset-manual esp-3des esp-sha-hmac

mode tunnel

crypto map MAP1 10 ipsec-isakmp

set peer 11.1.1.1

match address 101

set transform-set tfset1

set security-association level perhost

set security-association lifetime seconds 120

set security-association lifetime kilobytes 4608000

crypto map MAP2 10 ipsec-isakmp

set peer 21.1.1.1

match address 102

set transform-set tfset1

set security-association level perhost

set security-association lifetime seconds 120

set security-association lifetime kilobytes 4608000

crypto map remote 10 ipsec-isakmp dynamic

set peer 0.0.0.0

set remote-type xauth

crypto map manual 10 ipsec-manual

set peer 1.1.1.1

set session-key in esp 257 cipher 12345678901234567890123456789012345678901234

authenticator 12345678901234567890123456789012345678901234

238

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

set session-key out esp 258 cipher

12345678901234567890123456789012345678901234 authenticator

12345678901234567890123456789012345678901234

match address 101

set transform-set tfset-manual

.............................................................

interface vlan11

ip address 11.1.1.2/24

crypto map manual

.............................................................

RFController(config-if)#

Usage Guidelines

A peer address can be deleted with a wrong isakmp value. Crypto currently matches only the IP

address when a nocommand is issued

RFController(config)#crypto isakmp key 12345678 address 4.4.4.4

RFController(config)#show running-config

configuration of RFController version 4.2.1.0

version 1.0

service prompt crash-info

username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d

username admin privilege superuser

username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f

username manager password 1 45b27d6483fc630981ad5096ff26a7956ce0c038

...........................................

...............................

crypto isakmp key 12345678 address 4.4.4.4

crypto ipsec security-association lifetime kilobytes 4608000

RFController(config)#

RFController(config)#no crypto isakmp key 12348 address 4.4.4.4

RFController(config)#

In the example above, key12345678is associated with IP address4.4.4.4. You can delete this

key by using the no command and a wrong key number

Example

RFController(config)#crypto pki ?

authenticate Authenticate and import CA Certificate

enroll

Enroll

export

Export

import

Import

trustpoint

Define a CA trustpoint

RFController(config)#crypto pki trustpoint ?

WORD Trustpoint Name

RFController(config)#crypto pki trustpoint Test

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

239

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

RFController(config-trustpoint)#?

Trustpoint Config commands:

clrscr

Clears the display screen

company-name Company Name(Applicable only for request)

end

exit

fqdn

End current mode and change to EXEC mode

End current mode and down to previous mode

Domain Name Configuration

help

ip-address

password

rsakeypair

service

show

Description of the interactive help system

Internet Protocol (IP)

Negate a command or set its defaults

Challenge Password(Applicable only for request)

Rsa Keypair to associate with the trustpoint

Service Commands

Show running system information

subject-name Subject Name is a collection of required parameters

to configure a trustpoint.

RFController(config-trustpoint)#

Use Case 1: Configuring Remote VPN

Let us review an example of a wireless client connected to the controller. Assume it wants access

to the corporate (trusted network) using IPSec VPN functionality.

A Brocade client is associated to a WLAN (say wlan1) attached to vlan2 on the controller. vlan2 is

on subnet 10.1.1.x and is running a DHCP server that assigns IP addresses for this subnet. The

corporate is on vlan3 of the controller, which has 192.168.0.x subnet.

The client being associated to wlan1 has an IP address of 10.1.1101x and wants to access the

192.168.0.x network securely.

240

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

In case the client is VPN enabled, it initiates a connection with the VPN server on our controller, the

“conversation” that occurs between the peers consists of device authentication via Internet Key

Exchange (IKE), followed by user authentication using IKE Extended Authentication (Xauth), push

client relate configuration (using Mode Configuration), and IPsec security association (SA) creation.

Depending on the controller IPSec configuration (as discussed in the previous sections), the client

establishes an IKE SA, and if the controller is configured for Xauth, the client waits for a

"username/password" challenge and then responds to the challenge of the controller.

If the controller indicates that authentication is successful, the client requests further configuration

parameters from the controller. At this stage, the private IP address (mode-config) is pushed to the

client from a private address pool, configured for remote VPN clients. IPsec SA’s are created and

the connection is complete.

Once the client has got a virtual IP, further packets from the client within the IPSec tunnel are

routed to the corresponding VLAN interface (in our case vlan3), and the client gets access to the

network. The IPSec tunnel is only between the client and the controller. After that the packets on

the trusted side are sent without encryption.

NOTE

The example below is for a IPSec-L2TP connection over a wireless client. Use a windows default

client for this configuration.

1. Create and configure a WLAN.

RFController(config)#

RFController(config)#wireless

RFController(config-wireless)#wlan 2 enable

RFController(config-wireless)#wlan 2 ssid MONARCH2

RFController(config-wireless)#wlan 2 vlan 2

2. Create and configure DHCP.

RFController(config)#ip dhcp pool vlan2

RFController(config-dhcp)#address range 10.1.1.2 10.1.1.254

RFController(config-dhcp)#default-router 10.1.1.1

RFController(config-dhcp)#network 10.1.1.0/24

3. Create and configure a VLAN interface named vlan2.

RFController(config)#interface vlan2

RFController(config-if)#ip address 10.1.1.1/24

4. Create and configure another VLAN interface named vlan3.

RFController(config)#interface vlan 3

RFController(config-if)#ip address dhcp

Use the commands below to configure IPSec VPN on the controller:

1. Create an Extended ACL.

RFController(config-ext-nacl)#ip access-list extended 101

2. Configure the local subnet and remote subnet as interesting traffic.

RFController(config-ext-nacl)# permit ip 10.1.1.0/24 any

RFController(config-ext-nacl)# permit ip 192.168.0.0/24 any

3. Configure a private pool address.

RFController(config)# ip local pool lo 192.168.0.2 hi 192.168.0.10

4. Specify DNS/WINS for the remote client.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

241

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

RFController(config)#crypto isakmp client configuration group default

RFController(config-crypto-group)#dns 10.1.1.1

RFController(config-crypto-group)#wins 10.1.1.1

5. Specify the authentication type.

RFController(config)# aaa vpn-authentication local

RFController(config)# local username harry password brocade123

6. Create a transform set.

RFController(config)#crypto ipsec transform-set windows esp-3des esp-sha-hmac

RFController(config-crypto-ipsec)#mode transport

7. Specify a dynamic crypto map.

RFController(config)#crypto map TestMap 30 ipsec-isakmp dynamic

RFController(config-crypto-map)#set peer 0.0.0.0

RFController(config-crypto-map)#match address 101

RFController(config-crypto-map)#set transformset windows

RFController(config-crypto-map)#set remote-type ipsec-l2tp

8. Apply the crypto map to interface vlan2.

RFController(config)#interface vlan2

RFController(config-if)cryto map TestMap

9. Upon a successful connection, the XP client will obtain a virtual IP address.

Use Case 2: Configuring Site-to-Site VPN

Intranets use unregistered addresses connected over the public internet by site-to-site VPN. In this

scenario, NAT is required for the connections to the public internet. However NAT is not required for

traffic between the two intranets, which can be transmitted using a VPN tunnel over the public

Internet.

The site-to-site VPN allows branch office mobility controllers to connect back to the central office

using a secure, encrypted tunnel, for all site-to-site traffic. This allows a wired LAN in the branch

office to bridge directly to the central site while maintaining full security.

This example requires two controllers. It can be configured with the following commands:

242

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

1. Configuration required on controller 1:

a. Create an extended ACL. This is used to define the tunnel used by the traffic.

RFController(config)#access-list 150 permit ip 12.1.1.0/24 13.1.1.0/24

rule-precedence

b. Create and configure ISAKMP parameters.

RFController(config)#crypto isakmp keepalive 10

RFController(config)#crypto isakmp key ADBROCADE address 15.1.1.20

RFController(config)#crypto ipsec security-association lifetime

kilobytes 4608000

c. Create and configure ISAKMP policy.

RFController(config)#crypto isakmp policy 199

RFController(config-crypto-isakmp)#encryption aes

RFController(config-crypto-isakmp)#hash sha

RFController(config-crypto-isakmp)#authentication pre-share

RFController(config-crypto-isakmp)#group 5

RFController(config-crypto-isakmp)#lifetime 9496

d. Create and configure an IPSec transform set.

RFController(config)#crypto ipsec transform-set TFSET ah-sha-hmac esp-aes

RFController(config-crypto-ipsec)#mode tunnel

e. Create and configure a crypto map.

RFController(config)#crypto map THIRDMAP 435 isakmp

RFController(config-crypto-map)#set peer 15.1.1.20

RFController(config-crypto-map)#match address 150

RFController(config-crypto-map)#set transformset TFSET

RFController(config-crypto-map)#set security-association lifetime seconds 3600

f. Associate the crypto map with a VLAN interface.

RFController(config)#interface vlan1

RFController(config-if)#ip address 11.1.1.10/24

RFController(config-if)#crypto map THIRDMAP

RFController(config-if)#interface vlan2100

RFController(config-if)#ip address 12.1.1.10/24

RFController(config-if)#ip route 0.0.0.0/0 11.1.1.2

2. Configuration required on controller 2:

a. Create an extended ACL. This defines the tunnel used by the traffic.

RFController(config)#access-list 155permit ip 13.1.1.0/24 12.1.1.0/24

rule-precedence 1

b. Create and configure the ISAKMP parameters.

RFController(config)#crypto isakmp keepalive 10

RFController(config)#crypto isakmp key ADBROCADE address 11.1.1.10

RFController(config)#crypto ipsec security-association lifetime

kilobytes 4608000

c. Create and configure ISAKMP policy.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

243

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

RFController(config)#crypto isakmp policy 100

RFController(config-crypto-isakmp)#encryption aes

RFController(config-crypto-isakmp)#hash sha

RFController(config-crypto-isakmp)#authentication pre-share

RFController(config-crypto-isakmp)#group 5

RFController(config-crypto-isakmp)#lifetime 9496

d. Create and configure IPSec an transform set.

RFController(config)#crypto ipsec transform-set TFSET ah-sha-hmac esp-aes

esp-sha-hmac

RFController(config-crypto-ipsec)#mode tunnel

e. Create and configure a crypto map.

RFController(config)#crypto map THIRDMAP 435 isakmp

RFController(config-crypto-map)#set peer 11.1.1.10

RFController(config-crypto-map)#match address 150

RFController(config-crypto-map)#set transformset TFSET

RFController(config-crypto-map)#set security-association lifetime seconds 3600

f. Associate the crypto map with a VLAN interface.

RFController(config)#interface vlan1

RFController(config-if)#ip address 15.1.1.20/24

RFController(config-if)#crypto map THIRDMAP

RFController(config-if)#interface vlan2100

RFController(config-if)#ip address 13.1.1.20/24

RFController(config-if)#ip route 0.0.0.0/0 15.1.1.2

244

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Runs commands from either the User Exec or Priv Exec mode

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

do <privilege mode commands>

Parameters

None

Example

RFController(config)#do ping 157.235.208.69

PING 157.235.208.69 (157.235.208.69): 100 data bytes

128 bytes from 157.235.208.69: icmp_seq=0 ttl=64 time=0.1 ms

128 bytes from 157.235.208.69: icmp_seq=1 ttl=64 time=0.0 ms

128 bytes from 157.235.208.69: icmp_seq=2 ttl=64 time=0.0 ms

128 bytes from 157.235.208.69: icmp_seq=3 ttl=64 time=0.0 ms

128 bytes from 157.235.208.69: icmp_seq=4 ttl=64 time=0.0 ms

--- 157.235.208.69 ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss

round-trip min/avg/max = 0.0/0.0/0.1 ms

RFController(config)#

NOTE

In the example above, pingis a PRIV EXEC command.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

245

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

end

Ends the current mode and changes to the EXEC mode

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None.

Example

RFController(config)#end

RFController#?

Priv Exec commands:

acknowledge

archive

Acknowledge alarms

Manage archive files

autoinstall

autoinstall configuration command

Change current directory

............................................

246

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

errdisable

Enables the timeout mechanism for the port to be enabled back after an error

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

errdisable recovery [cause bpduguard|interval <10-1000000>]

Parameters

recovery

[cause bpduguard|

interval <10-1000000>]

Enables the timeout mechanism for the port to recover after an

error.

•

cause bpduguard – Recover from an error condition caused

due to bpduguard

•

interval <10-1000000> – The time interval after which a

port is recovered or enabled after an error condition

Usage Guidelines

Use nocommand with errdisableparameter to the disable bridge timeout mechanism for the port

Example

RFController(config)#errdisable recovery interval 100

RFController(config)#

RFController(config)#errdisable recovery cause bpduguard

RFController(config)#

RFController(config)#no errdisable recovery cause bpduguard

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

247

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

ftp

Configures the controller as an FTP server

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

ftp [enable|password|rootdir|username]

ftp password [0 <secret>|1 <secret>|<secret>]

ftp rootdir <DIR>

ftp username <LINE>

Parameters

enable

Enables the FTP server

password [0 <secret>|

1 <secret>|<secret>]

Configures the FTP password. Set the password using one of the

following options:

•

0 <secret> — Password <secret> is specified unencrypted

1 <secret> — Password <secret> is encrypted with SHA1

algorithm

•

<secret> — The password

rootdir <DIR>

Configures the FTP root dir. Set the ROOT directory location of the

FTP server using:

•

<DIR> — The root directory for the ftp server

Configures the FTP username.

<LINE> — The username for the ftp server.

username <LINE>

•

Usage Guidelines

NOTE

The string size of encrypted password (option 1, Password is encrypted with SHA1 algorithm) must

be exactly 40 characters.

Example

RFController(config)#ftp enable

RFController(config)#

248

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

hostname

Changes the system’s network name

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

hostname <host-name>

Parameters

<host-name>

The name of the controller. This name is displayed when the

controller is accessed from any network

Example

RFController(config)#hostname myRFController

myRFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

249

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

interface

Chapter 14, Extended ACL Instance

Configures a selected interface

This command is used to enter the interface configuration mode for the specified physical

Controller Virtual Interface (SVI) interface. If the VLANx (SVI) interface does not exist, it is

automatically created.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The interfaces mentioned below are supported in the following platforms:

- ge <index> – Mobility RFS7000 Controller supports 4 GEs, Mobility RFS6000 Controller supports

8 GEs and Mobility RFS4000 Controller supports 5 GEs

- sa <index> – Mobility RFS7000 Controller supports 4 SAs and Mobility RFS4000 Controller

supports 6 SAs

- me1 – Supported with Mobility RFS7000 Controller, Mobility RFS4000 Controller and Mobility

RFS6000 Controller

- up1 – Supported with Mobility RFS6000 Controller and Mobility RFS4000 Controller.

NOTE

The interface mode leads to the config-ifinstance. For more information, see Interface Instance

on page 403. The prompt changes from RFController(config) #to

RFController(config-if)

Syntax (Mobility RFS7000 Controller)

interface [<interface-name>|ge <1-4>|me1|sa <1-4>|vlan <1-4094>]

Syntax (Mobility RFS6000 Controller)

interface [<interface-name>|ge <1-8>|me1|up1|vlan <1-4094>]

Syntax(RFS4000)

interface [<interface-name>|ge <1-5>|me1|up1|sa <1-6>|vlan <1-4094>|wwan]

250

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

<interface-name>

ge <1-8>

The name of the interface that is selected.

Gigabit Ethernet interface (4 for Mobility RFS7000 Controller and

8 for Mobility RFS6000 Controller)

me1

Fast Ethernet interface

sa <1-4>

up1

Static Aggregate interface (in Mobility RFS7000 Controller only)

WAN interface (in Mobility RFS6000 Controller only)

Defines the VLAN interface

vlan <1-4094>

Usage Guidelines

Use the no interface <interface-name>to delete the specified SVI. Valid interfaces include all

VLAN interfaces.

Example

RFController(config)#interface ge 2

RFController(config-if)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

251

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Configures a selected Internet Protocol (IP) component

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

Using access-list extended moves you to the (config-ext-nacl) instance. For more

information, see Chapter 14, Extended ACL Instance.

Using access-list standard moves you to the (config-std-nacl) instance. For more

information, see Chapter 15, Standard ACL Instance.

Using ip dhcp pool <pool-name> command to move to the (config-dhcp)instance. For

additional information, see Chapter 17, DHCP Server Instance.

Using ip dhcp class <class-name>moves you to the (config-dhcpclass)instance. For

additional information, see Chapter 18, DHCP Class Instance.

Syntax

ip [access-list|default-gateway|dhcp|domain-lookup|

routing|ssh|telnet]

ip [domain-lookup|routing]

ip access-list [standard|extended]

ip access-list extended [<100-199|<2000-2699>|<acl-name>]

ip access-list standard [<1-99>|<1300-1999>|<acl-name>]

ip default-gateway <IP>

ip dhcp bootp ignore

ip dhcp class <class-name>

ip dhcp excluded-address <IP-range-low> {<IP-range-high>}

ip dhcp option <option-name> <option-code> [ascii|ip]

ip dhcp ping timeout <1-10>

ip dhcp pool <pool-name>

ip domain-name <domain-name>

smurf|snork|tcp-intercept|tcp-max-incomplete|twinge]

informational|none|notifications|warnings]

ip http [secure-server|secure-trustpoint|server]

ip http [secure-server|server]

ip http secure-trustpoint <trustpoint-name>

252

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

ip http-https [inactivity-timeout <1-1440>|

max-simultaneous-sessions-per-user <1-100>]

ip igmp snooping {[querier|unknown-multicast-fwd|vlan]}

ip igmp snooping {querier {[address|max-response-time|

query-interval|timer|version]}}

ip igmp snooping {querier {address <IP>}}

ip igmp snooping {querier {max-response-time <1-25>}}

ip igmp snooping {querier {query-interval <1-18000>}}

ip igmp snooping {querier {timer expiry <60-300>}}

ip igmp snooping {querier {version <1-3>}}

ip igmp snooping {unknown-multicast-fwd}

ip igmp snooping {vlan [<1-4094>|<vlan-list>]

{mrouter|querier|unknown-multicast-fwd]}

ip igmp snooping {vlan [<1-4094>|<vlan-list>]

mrouter [interface <interface-list>|learn pim-dvmrp]

ip igmp snooping {vlan [<1-4094>|<vlan-list>]

querier {[address|max-response-time|query-interval|timer|

version]}}

ip igmp snooping {vlan [<1-4094>|<vlan-list>]

unknown-multicast-fwd}

ip local pool default low-ip-address <low-IP> {high-ip-address <high-IP>}

ip name-server <IP>

ip nat [inside|outside] [destination|source]

ip nat inside destination static <IP> <port>

[tcp|udp] <outside-global-IP> {<outside-port>}

ip nat inside destination static <IP> {<outside-global-IP>

<outside-port>}

ip nat inside source list <acl-name> interface [<interface-name>|vlan

<1-4094>] overload

ip nat inside source static <local-IP> <outside-global-IP>

ip nat outside destination static <IP> <outside-port>

[tcp|udp] {<inside-global-IP> {<inside-port>}}

ip nat outside destination static <IP> {<outside-global-IP>

<outside-port>}

ip nat outside source list <acl-name> interface [<interface-name>|vlan

<1-4094>] overload

ip nat inside source static <local-IP> <outside-global-IP>

ip route [<IP-destination-prefix>

<IP-destination-prefix-mask>|<IP-destination-prefix/Mask>] <gateway-IP>

ip ssh {[port <port>|rsa keypair-name <key-pair-name>]}

ip telnet {port <port>}

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

253

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

ip access-list extended

Using the access list parameter options to enter the

[<100-199|<2000-2699>| ext-naclcontext and the std-naclcontext. The prompt

<acl-name>]

changes to the context entered.

ip access-list standard

[<1-99>|<1300-1999>|<a

cl-name>]

•

For more information on extended ACL, see

For more information on standard ACL, see

Chapter 15, Standard ACL Instance

•

default-gateway <IP>

Configures the IP address of the default gateway

<IP> – IP address of the next-hop router

•

ip dhcp [bootp|class|

excluded-address|option|

ping|pool]

DHCP server configuration.

•

bootp ignore – Defines the BOOTP specific configuration

•

ignore – Configures the DHCP server to ignore BOOTP

requests

class <class-name> – Defines a DHCP class and enters the

DHCP class configuration mode

•

<class-name> – The DHCP class name

excluded-address <IP-range-low> {<IP-range-high>} –

Prevents the DHCP server from assigning certain addresses

•

<ip-range-low> – For IP range, the lower IP number.

Enter this value for a single IP address

<ip-range-high> – Optional. For IP range, the higher IP

number

•

option <option-name> <option-code> [ascii|ip] – Defines the

DHCP server’s option name

•

<option-name> – Defines the name of the option

<option-code> – Defines option code, a value in the

range of 0 to 254

•

ascii – Specify the option type as ascii

ip – Specify the option type as ip

ping timeout <1-10> – Specifies DHCP server’s ping timeout

in seconds

•

pool <pool-name> – Configures the DHCP server’s address

pool <pool-name>. This opens the

(config-dhcp)instance. For more information, see

Chapter 17, DHCP Server Instance

domain-lookup

Enables the DNS based name to address translation on the

controller.

domain-name

Sets the domain name for the controller.

<domain-name>

•

<domain-name> – The domain name string

http [secure-server|

secure-trustpoint|

server]

Hyper Text Transfer Protocol (HTTP) configuration.

•

secure-server – Sets the device to start the Secure HTTP

Server (HTTPS)

secure-trustpoint <trustpoint-name> – Sets the name of the

trustpoint used for secure connection to <trustpoint-name>

server – Sets device to start the HTTP server

254

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

local pool default

low-ip-address <low-IP>

{high-ip-address

<high-IP>}

Sets the VPN local IP pool configuration

pool default low-ip-address <low-IP> {high-ip-address

•

<high-IP>} – Specifies the address range for the default

group tag

•

low-ip-address <low-IP> – Specifies the lowest range for

IP address assignment

•

high-ip-address <high-IP> – Optional. Specifies the

highest range for IP address assignment

name-server <IP>

Specifies the DNS server for the DHCP client. A maximum of 6

name servers can be configured. Servers are tried in the order

entered.

•

<IP>– IP address of DNS server

nat [inside|outside]

[destination|source]

Defines Network Address Translation (NAT) configuration values.

These following commands are possible for NAT

•

ip nat [inside|outside] destination static <IP> <port>

[tcp|udp] <outside-global-IP> {<outside-port>} – Sets the

parameters for translation for inside destination

ip nat [inside|outside] destination static <IP>

<outside-global-IP> {<outside-port>}– Sets the parameters

for translation for inside destination

•

inside – Indicates inside address translation

outside – Indicates outside address translation

destination – Indicates destination address translation

static – Specifies local -> global address mapping

<IP> – The local IP address

<port> – Specifies the outside local port number

[tcp|udp] – Specifies the protocol

<outside-global-IP> – Specifies the outside global IP

address to translate to

•

<outside-port> – Optional. Specifies the outside port.

Value in the range 1 to 65535

•

ip nat [inside|outside] source list <acl-name> interface

[<interface-name>|vlan <1-4094>] overload – Sets the

parameters for translation for inside sources

•

inside – Indicates inside address translation

outside – Indicates outside address translation

source – Indicates source address translation

list <acl-name> – Specifies the ACL name <acl-name>

that describes local addresses

•

interface [<interface-name>|vlan <1-4094>] – The

interface to apply address translation to. Specify an

interface name <interface-name>, or use a VLAN ID

<1-4094>

•

overload – Over loads the NAT address translation

•

ip nat [inside|outside] source static <outside-global-IP>

<local-IP> – Sets the parameters for translation for inside

sources

•

inside – Indicates inside address translation

outside – Indicates outside address translation

source – Indicates source address translation

static – Specifies local -> global address mapping

<outside-global-IP> – The static global IP address to

map from

•

<local-IP> – The local IP address to map to

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

255

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

route

Adds a static route entry in the routing table.

[<IP-destination-prefix>

<IP-destination-prefix-mask

>|<IP-destination-prefix/Ma

sk>] <gateway-IP>

•

<IP-destination-prefix>– IP destination prefix

<IP-destination-prefix-mask> – Mask for the

<IP-destination-prefix> IP

<IP-destination-prefix/Mask> – IP destination prefix with

mask

•

<gateway-IP> – IP address of the next hop used to

reach the destination

routing

Turns on IP routing

ssh {[port <port>|rsa

keypair-name

<key-pair-name>]}

Sets up the Secured Shell (SSH) server

•

port <port> – Optional. Defines the listening port (set

between 0-65536)

•

rsa keypair-name <key-pair-name> – Optional. Sets the RSA

encryption key used for configuring RSA keypair

telnet {port <port>}

Configures the Telnet server.

port <port> – Optional. Defines the listening port ID (set

between 0-65535)

•

dos [ascend|

Configures the Denial of Service (DOS) attack parameters.

bcast-mcast-icmp|

chargen|enable|fraggle|

ftp-bounce|

•

ascend – Enables Ascend DoS checks

bcast-mcast-icmp – Detects Broadcast/Multicast Icmp traffic

as attack

invalid-protocol|

option-route|router-advt|

router-solicit|smurf|

snork|tcp-intercept|

tcp-max-incomplete|

twinge]

log [<0-8>|

alerts|

critical|

debugging| |emergencies|

errors|

•

chargen – Enables chargen DoS checks

enable – Enables all DoS checks

fraggle – Enables fraggle DoS checks

ftp-bounce – Enables FTP bounce logs and sets the logging

levels

invalid-protocol – Enables Invalid Protocol DoS attack check

and sets the logging levels for this attack

option-route – Enables IP option route check

router-advt – Enables ICMP router advertisement check

router-solicit – Enables ICMP router solicit check

smurf log – Enables smurf attack check

snork – Enables check for packets

•

informational|

none|

notifications|

tcp-intercept – Enables TCP intercept

twinge – Enables twinge check

warnings]

For all the above DoS attacks, the following log options can be set.

•

<0-8> – Select one numerical log level. All messages

with and below this severity are logged

emergencies – System is unusable (level 0)

alerts – Immediate action needed (level 1)

critical – Critical conditions (level 2)

errors – Error conditions (level 3)

warnings – Warning conditions (level 4)

notifications – Normal but significant conditions

(level 5)

•

informational – Informational messages (level 6)

debugging – Debugging messages (level 7)

none –Disable logging (level 8)

256

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

•

tcp -max-incomplete –Configures the maximum half-open

TCP connections in the system

•

high <1-1000> – Sets the upper threshold value

between 1 and 1000

•

low <1 - 1000> – Sets the lower threshold value

between 1 and1000

igmp snooping

Configures IGMP Snooping parameters.

{[querier|unknown-multicas

t-fwd|vlan]}

•

unknown-multicast-fwd – Optional. Forwards packets from

unregistered multicast servers

•

querier

{[address|max-response-time|query-interval|timer|version]

}}– Configures IGMP querier. All options are optional

•

address <IP> – Sets GMP querier source IP address

max-response-time <1-25> – Sets IGMP querier

maximum response time in seconds

•

query-interval <1-18000> – Sets IGMP querier query

interval

timer expiry <60-300> – Sets querier other querier time

out in seconds to a value in the range 60 to 300

version <1-3> – Sets IGMP version

•

vlan [<1-4094>|<vlan-list>]

{mrouter|querier|unknown-multicast-fwd]} – Identifies the

vlan to use. All options are optional

•

vlan <1-4094>|<vlan-list>] – Sets the vlan to use for

IGMP Snooping

•

<1-4094> – A single VLAN ID

<vlan-list> – A list of VLAN IDs

mrouter [interface <interface> |learn pim-dvmrp]

– Sets information for Multicast router

interface <interface> – Gigabit Ethernet interfaces

to be configured. <interface> can be a single

interface or a list of interfaces

•

learn pim-dvmrp – The multicast controller

learning protocol using PIM-DVMRP protocol

querier

{[address|max-response-time|query-interval|time

r|version]}} – Sets IGMP querier for the selected

VLAN interface

•

unknown-multicast-fwd – Forwards packets from

unregistered multicast servers for this VLAN

Usage Guidelines

1. Use the nocommand along with ip to undo any IP based configuration.

2. When using the ip access-listparameter, enter the following contexts:

•

ext-nacl – Extended ACL. For more information, see

Chapter 14, Extended ACL Instance

std-nacl – Standard ACL. For more information, see

Chapter 15, Standard ACL Instance

dhcp – DHCP Server instance. For more information, see

Chapter 17, DHCP Server Instance

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

257

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

•

dhcpclass – DHCP User Class instance. For more information, see

Chapter 18, DHCP Class Instance

Clear the IP DHCP Binding using the clear command

NOTE

To delete Standard/Extended and MAC ACL use no access-list <access-list name>under

the Global Config mode.

Usage Guidelines

To create a DHCP User Class:

Create a DHCP class

Create a USER class named MC800. The privilege mode changes to (config-dhcpclass).

RFController(config)#ip dhcp class RFControllerDHCPclass

RFController(config-dhcpclass)#

3. Create a Pool named WID, using (config)#mode

RFController(config)#ip dhcp pool WID

RFController(config-dhcp)#

4. Associate the DHCP class, created in Step 1 with the pool created in Step 3. The controller

supports the association of only 8 CDHCP classes with a pool.

RFController(config-dhcp)#class RFControllerDHCPclass

RFController(config-dhcp-class)#

5. The controller leads you to a new mode (config-dhcp-class). Use this mode to add an address

range used with the DHCP class associated with the pool.

RFController(config-dhcp-class)#address range 11.22.33.44

Example

RFController(config)#ip access-list extended TestACL

RFController(config-ext-nacl)#

RFController(config)#ip access-list standard TestStdACL

RFController(config-std-nacl)#

RFController(config)#ip dhcp pool TestPool

RFController(config-dhcp)#

RFController(config)#ip dhcp class TestDHCPclass

RFController(config-dhcpclass)#

258

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

license

Adds a feature license

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

license <feature> <license-key>

Parameters

The feature for which the license is to be added

The license key for the feature.

<license-key>

Example

RFController(config)#show licenses

Serial Number 6283529900020

feature

usage

license string

license value

RFController(config)#

RFController(config)#license AP <license string>

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

259

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

line

Configures the terminal line

Opens the config-line mode, where you can configure the various parameters for the selected

terminal.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

line [console|vty]

line console <0-0>

line vty <0-871> {<0-871>}

Parameters

line console <0-0>

Set the primary terminal line to 0

line vty <0-871>

{<0-871>}

Sets the virtual terminal line to a value between 0 and 871.

Optionally the last line number can also be set to a value between

0 and 871

Example

RFController(config)# line console 0

RFController(config)# line vty 0

RFController(config)# line vty 0 871

RFController(config)#

260

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

local

Sets the username and password for local user authentication

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

local username <username> password [<password>|0 <password>|

2 <password>]

Parameters

username <username>

password

The username. A character string of up to 64 characters

The password for the selected username <username>.

<password> is a character string of up to 21 characters.

•

0 indicates that <password> is unencrypted

2 indicates that <password> is encrypted with

password-encryption secret

Example

RFController(config)#local username "Noble Man" password "Noble Soul"

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

261

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

logging

Modifies message logging facilities

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

host|monitor|on|snmp-set|syslog]

logging aggregation-time <1-60>

notifications|warnings]

local6|local7]

logging host <IP>

loggin on

262

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

aggregation-time <1-60>

Sets the number of seconds for aggregating repeated messages.

The value can be configured between 1-60 seconds.

buffered [<0-7>|alerts|

critical|debugging|

emergencies|errors|

informational|

Sets the buffered logging level

•

<0-7> – Enter the logging severity level (0-7)

alerts – Immediate action needed, (severity=1)

critical – Critical conditions, (severity=2)

debugging – Debugging messages, (severity=7)

emergencies – System is unusable, (severity=0)

errors – Error conditions, (severity=3)

informational – Informational messages, (severity=6)

notifications – Normal but significant conditions, (severity=5)

warnings – Warning conditions, (severity=4)

notifications|warnings]

console [<0-7>|alerts|

critical|debugging|

emergencies|errors|

informational|

Sets the console logging level.

notifications|warnings]

facility [local0|local1|

local2|local3|local4|

local5|local6|local7]

Syslog facility in which log messages are sent.

•

local0 – Syslog facility local0

local1 – Syslog facility local1

local2 – Syslog facility local2

local3 – Syslog facility local3

local4 – Syslog facility local4

local5 – Syslog facility local5

local6 – Syslog facility local6

local7 – Syslog facility local7

host <IP>

Configures a remote host to receive log messages.

<IP>– Remote host's IP address.

•

monitor [<0-7>|alerts|

critical|debugging|

emergencies|errors|

informational|

Sets the terminal lines logging level.

notifications|warnings]

Enables the logging of system messages.

Sets the syslog servers logging level.

syslog [<0-7>|alerts|

critical|debugging|

emergencies|errors|

informational|

notifications|warnings]

Example

RFController(config)#logging on

RFController(config)#logging aggregation-time 20

RFController(config)#logging buffered critical

RFController(config)#logging console critical

RFController(config)#logging facility local6

RFController(config)#logging monitor emergencies

RFController(config)#logging syslog notifications

RFController(config)#show logging

Logging module: enabled

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

263

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Aggregation time: 30 seconds

Console logging: level warnings

Monitor logging: level emergencies

Buffered logging: level warnings

Syslog logging: level notifications

Facility: local4

Log Buffer (75 bytes):

June 22 11:21:56 2010: %PM-6-PROCSTART: Starting Process “/usr/sbin/thttpd”

RFController(config)#

264

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

mac

Configures MAC access lists (goes to the MAC ACL mode)

For more information on this mode, see Chapter 16, Extended MAC ACL Instance.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

mac access-list extended <mac-acl-name>

Parameters

access-list extended

<mac-acl-name>

Defines the ACL configuration for the MAC address

extended <mac-acl-name>– MAC Extended ACL

<mac-acl-name> – Defines the name of the ACL

•

Usage Guidelines

To delete Standard/Extended and MAC ACL, use no access-list <access-list name>under

the Global Config mode.

Example

RFController(config)#mac access-list extended Test1

RFController(config-ext-macl)#

NOTE

When using the ip access-listparameter, enter the following contexts: ext-macl — extended

MAC ACL. For more details see .Extended MAC ACL Instance on page 487

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

265

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

mac-address-table

Configures the MAC address table

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

mac-address-table aging-time [0|<10-1000000>]

Parameters

aging-time

[0|<10-1000000>]

The duration for which a learned mac address persists after the

last update

•

0 – Disables aging

<10-1000000> – Sets the aging time in seconds

Example

RFController(config)#mac-address-table aging-time 100

RFController(config)#

266

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

mac-name

Sets a name to the MAC address

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

mac-name <MAC> <mac-name>

Parameters

<mac-name>

The MAC address to set a ease-of-use name for.

Sets the name <name> to the MAC address <MAC> for ease of

use. <name> must be configured following the DNS naming

convention.

Usage Guidelines

Use (no) mac-nameto configure the clients name to its default. The default identity for an Client is

its MAC address.

Example

RFController(config)#mac-name 06-bc-f3-00-a0-45 ServerTecDoc

RFController(config)#

RFController(config)#show mac-name

Index

MAC Address

06-BC-F3-00-A0-45 ServerTecDoc

MAC Name

Number of MAC names configured = 1

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

267

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

management

Sets management interface properties

Limits local access (through web/telnet) to management interfaces only.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

management secure

Parameters

secure

Limits local access (Web/Telnet etc.) to the management

interface.

Example

RFController(config)#management secure

RFController(config)#

268

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

ntp

Configure Network Time Protocol (NTP) values

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

ntp [access-group|authenticate|authentication-key|autokey|

ntp access-group [peer|query-only|serve|serve-only]

[<1-99>|<100-199>|<1300-1999>|<2000-2699>]

ntp authenticate

ntp authentication-key <key> md5 [0 <secret>|2 <secret>|<secret>]

ntp autokey [client-only|host]

ntp broadcast [client|destination]

ntp broadcast destination <IP> {[key <1-65534>|version

<1-4>]}

ntp broadcastdelay <1-999999>

ntp master {<1-15>}

ntp [server|peer] <peer-name-or-IP>

[autokey|key|prefer|version]

ntp [server|peer] <peer-name-or-IP> autokey

{[prefer {verson <1-4>}|version <1-4> {prefer}]}

ntp [server|peer] <peer-name-or-IP> key <1-65534> [prefer

{verson <1-4>}|version <1-4> {prefer}]

ntp [server|peer] <peer-name-or-IP> prefer {version <1-4>}

ntp [server|peer] <peer-name-or-IP> version <1-4> {prefer}

ntp trusted-key <1-65534>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

269

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

access-group

Controls NTP access.

[peer|query-only|serve|

serve-only] [<1-99>|

<100-199>|<1300-1999>

•

peer – Provides full access

query-only – Allows only control queries

serve – Provides server and query access

serve-only – Provides only server access

<2000-2699>]

•

<1-99> – Defines the standard IP access list

<100-199> – Extended IP access list

<1300-1999> – Standard IP access list (expanded

range)

•

<2000-2699> – Extended IP access list (expanded

range)

authenticate

Authenticates time sources.

authentication-key <key>

md5 [0 <secret>|

2 <secret>|<secret>]

Defines the authentication key for trusted time sources.

•

md5 – Sets MD5 authentication

•

0 <secret> – Password is specified unencrypted

2 <secret> – Password is specified encrypted with

password-encryption secret

•

<secret> – Authentication key

autokey [client-only|host]

Enables the NTP autokey authentication scheme.

•

client-only – The controller is a client to other trusted-hosts in

the autokey group

•

host – Configures the controller as a trusted host

broadcast

Configures the NTP broadcast service.

[client|destination]

•

client – Listens to NTP broadcasts

destination <IP> {[key <1-65534>|version <1-4>]}–

Configures broadcast destination address

•

IP Address – Defines the destination broadcast IP

address

key <1-65536> – Optional. Sets the broadcast key

number

version <1-4> – Sets the NTP version number

NOTE: The controller acting as an NTP client will not associate to

a broadcast IP (NTP Server) with no authentication i.e.

without using symmetric key or auto-key

broadcastdelay

<1-999999>

Defines the estimated round-trip delay.

•

<1-999999> – Sets the round-trip delay in microseconds

master {<1-15>}

Acts as a NTP master clock.

•

<1-15> – Optional. Sets the stratum number for the NTP

master clock

peer <peer-name-or-IP>

[autokey|key|prefer|

version]

Configures the NTP peer.

•

<peer-name-or-IP> – Sets the IP address or name of the peer

autokey {[prefer {version <1-4>}|version <1-4> {prefer}]} –

Configures an autokey peer authentication scheme

•

prefer – Optional. Prefers this peer when possible

version <1-4> – Optional. Configures the NTP version to

use

•

key <1-65534> {[prefer {version <1-4>}|version <1-4>

{prefer}]} – Configures the autokey peer authentication key

•

key <1-65535> – Sets the peer authentication key

number

270

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

•

prefer {version <1-4>} – Sets the preference for autokey.

Optionally set the NTP version to use

version <1-4> {prefer} – Sets the NTP version to use.

Optionally set this peer as preferred peer

server

Configures the NTP server.

•

<peer-name-or-IP> – Sets the IP address or name of the peer

autokey {[prefer {version <1-4>}|version <1-4> {prefer}]} –

Configures an autokey peer authentication scheme

•

prefer – Optional. Prefers this peer when possible

version <1-4> – Configures the NTP version

key <1-65534> {[prefer {version <1-4>}|version <1-4>

{prefer}]} – Configures the autokey peer authentication key

•

key <1-65535> – Sets the peer authentication key

number

•

prefer {version <1-4>} – Sets the preference for autokey.

Optionally set the NTP version to use

version <1-4> {prefer} – Sets the NTP version. Optionally set

this peer as preferred peer

trusted-key <1-65534>

Key numbers for trusted time sources.

<1-65534> – Defines the Key number

•

Example

RFController(config)#ntp peer ?

WORD Name/IP address of peer

RFController(config)#ntp peer TestPeer ?

autokey Configure autokey peer authentication scheme

key

prefer

Configure peer authentication key

Prefer this peer when possible

version Configure NTP version

<cr>

RFController(config)#ntp peer TestPeer autokey ?

prefer

Prefer this peer when possible

version Configure NTP version

<cr>

RFController(config)#ntp peer TestPeer autokey prefer ?

version Configure NTP version

<cr>

RFController(config)#ntp peer TestPeer autokey prefer version ?

<1-4> NTP version number

RFController(config)#ntp peer TestPeer autokey prefer version 3

RFController(config)#

RFController(config)#ntp peer TestPeer key ?

<1-65534> Peer key number

RFController(config)#ntp peer TestPeer key 20 ?

prefer

Prefer this peer when possible

version Configure NTP version

<cr>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

271

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

RFController(config)#ntp peer TestPeer key 20 prefer ?

version Configure NTP version

<cr>

RFController(config)#ntp peer TestPeer key 20 prefer version ?

<1-4> NTP version number

RFController(config)#ntp peer TestPeer key 20 prefer version 2

Invalid server name "TestPeer" provided. Please enter a valid name

RFController(config)#

272

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

prompt

Configures and sets the systems prompt

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

prompt <prompt>

Parameters

Enter the new prompt displayed by the system. The following

operational modifiers are available.

•

%% – Displays the % sign

%h – Displays the host name

%m – Displays the current configuration mode

%n – Displays the CLI line

%p – Displays the privilege mode prompt sign

•

> - User mode prompt

# - Priv Exec mode prompt

(config)# - Global Config mode prompt

•

%s – Displays a space

%t – Displays a tab space

%A – Displays date and time in ASCII format

%D – Displays date in MM/DD/YYYY format

%N – Displays a new line

%T – Displays time in the hh:mm:ss format

Example

RFController(config)#prompt NobleMan%s%h%m%p

NobleMan RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

273

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

radius-server

Enters the RADIUS server mode, the system prompt changes from the default config mode to the

RADIUS server mode

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

radius-server localmode takes you to the RADIUS server context. For more details see Chapter

19, Radius Server Instance.

Syntax

radius-server [host|key|local|retransmit|timeout]

radius-server host <IP>

radius-server key [0 <secret>|2 <secret>|<secret>]

radius-server local

radius-server retransmit <0-100>

radius-server timeout <1-1000>

Parameters

host <IP>

Specifies a RADIUS server.

<IP> – Defines the IP address of RADIUS server

•

key [0 <secret>|

Sets the Encryption key shared with the RADIUS servers.

2 <secret>|<secret>]

•

0 <secret> – Password is specified unencrypted

2 <secret> – Password is encrypted with

password-encryption secret

•

<secret> – Text of shared key, up to 127 characters

local

Configures local RADIUS server parameters. This takes you to a

new config-radius-servercontext. Refer to Chapter

19, Radius Server Instance for more details.

retransmit <1-100>

timeout <1-1000>

Specifies the number of retries to active server.

•

<0-100> – Number of retries for a transaction

(default is 3)

Time to wait for a RADIUS server to reply.

<1-1000> – Wait time (default 5 seconds)

•

Usage Guidelines

The RADIUS server host is used to configure RADIUS server details. These details are required for

management user authentication if AAA authentication has been defined as RADIUS

Example

RFController(config)#radius-server local

RFController(config-radsrv)#

274

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

ratelimit

Configures rate limit parameters

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

warnings]

Parameters

ratelimit

Sets the logging levels for ratelimit feature.

[arp|bcast|mcast|ucast] – Sets the protocol

[arp|bcast|mcast|ucast]

[<0-7>|alerts|critical|

debugging|emergencies|

errors|informational|

notifications|warnings]

•

<0-7> – Log severity level

alerts – immediate action needed

critical –Critical conditions

debugging – Debugging messages

emergencies – System is unusable

errors – Error conditions

informational – Informational messages

notifications – Normal but significant conditions

warnings – Warning conditions

Example

RFController(config)# ratelimit arp log 0

RFController(config)# ratelimit arp log emergencies

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

275

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

redundancy

Configures redundancy group parameters

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

redundancy [auto-revert|auto-revert-period|

critical-resource-ip|dhcp-server|discovery-period|

dynamic-ap-load-balance|enable|group-id|handle-stp|

heartbeat-period|hold-period|interface-ip|manual-revert|

member-ip|mode]

redundancy auto-revert enable

redundancy auto-revert-period <1-1800>

redundancy critical-resource-ip <IP>

redundancy dhcp-server enable

redundancy discovery-period <10-60>

redundancy dynamic-load-balance [enable|per-ap-client-threshold|

schedule-interval|schedule-start-time|trigger]

redundancy dynamic-ap-load-balance enable

redundancy dynamic-ap-load-balance per-ap-client-threshold

<1-512>

redundancy dynamic-ap-load-balance schedule-interval <1-336>

redundancy dynamic-ap-load-balance schedule-start-time

<HH:MM> <1-31> <1-12> <2008-2035>

redundancy dynamic-ap-load-balance trigger

[runtime|schedule]

redundancy enable

redundancy group-id <1-65535>

redundancy handle-stp enable

redundancy heartbeat-period <1-255>

redundancy hold-period <10-255>

redundancy interface-ip <IP>

redundancy manual-revert

redundancy member-ip <IP>

redundancy mode [primary|standby]

276

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

auto-revert enable

Enables auto-revert.

auto-revert-period

<1-1800>

Sets the redundancy auto-revert delay interval in minutes. The

default is 5 minutes.

critical-resource-ip

<ip_address>

Sets critical resource IP address.

•

<ip_address> – IP address of the critical resource

dhcp-server enable

Enables the DHCP redundancy protocol.

discovery-period <10-60>

Sets the redundancy discovery interval in seconds. The default

is 30 seconds.

dynamic-ap-load-balance

[enable|

Configures the different Dynamic AP Load Balance feature. The

following are the configured options:

per-ap-client-threshold|

schedule-interval|

schedule-start-time|

trigger]

•

enable – Enables Dynamic AP Load Balance

per-ap-client-threshold <1-512> – Sets the threshold

per-ap client value to trigger Dynamic AP Load Balance.

Set a value between 1 & 512

•

schedule-interval <1-336> – Sets the time interval days to

trigger Dynamic AP Load Balance

schedule-start-time HH:MM <1-31> <1-12>

<2008-2035> – Sets the scheduled start time for

Dynamic AP Load Balance

•

trigger [runtime|schedule] – Sets the trigger for running

Dynamic AP Load Balancing. Can be either runtime or

schedule

enable

Enables the redundancy protocol.

group-id <1-65535>

handle-stp enable

Sets the cluster ID (default cluster ID is 1).

Delays the redundancy protocol state machine exec,

considering STP.

heartbeat-period <1-255>

hold-period <10-255>

interface-ip <IP>

Sets the redundancy heartbeat interval.

Sets the redundancy hold interval.

Sets the redundancy interface IP address.

Reverts standby to non-active mode.

manual-revert

member-ip <IP>

Adds a member with the IP <IP> to this redundancy group.

Sets the mode to either primary or standby.

mode [primary|standby]

Example

RFController(config)#redundancy discovery-period 20

RFController(config)#

RFController(config)#redundancy handle-stp enable

RFController(config)#

RFController(config)#redundancy heartbeat-period 20

RFController(config)#

RFController(config)#redundancy hold-period 25

RFController(config)#

RFController(config)#redundancy mode primary

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

277

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

role

Configures role parameters

NOTE

Opens the role configuration mode (config-role)to enable further configuration of the role. For

Avance Security Licence must be installed for Role Based Firewall to work. Please contact customer

support to purchase license for the same.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

role [<rolename>|assignment]

role <rolename> <priority>

role assignment immediate enable

Parameters

role <rolename>

Creates a new role with the name <rolename> and with the priority

<priority> (range 1-10001). This moves to the role instance. For more

information see Chapter 26, Role Instance.

role assignment

immediate enable

Enables immediate role assignment and triggers role evaluation. This

is required when a new role is added or a role is modified.

Usage Guidelines

To remove a role, use the command

{no} role <rolename> <priority>

Example

RFController(config)# role AccMgr 10

RFController(config-role)# ?

RFController(config)#role assignment immediate enable

RFController(config)#show role

role officeuser 10

authentication-type any

encryption-type any

ap-location exact "office"

essid office

client-mac any

group any

role globaluser 11

authentication-type any

278

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

encryption-type any

ap-location any

essid any

client-mac any

group any

role default-role 10001

authentication-type any

encryption-type any

ap-location any

essid any

client-mac any

group any

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

279

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

rtls

Configures Real Time Location System (RTLS) parameters

This enables the Controller to provide complete visibility to the location of assets and thereby

enabling location based service.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

rtls command instantiates (config-rtls) instance. For more details see Chapter 21, RTLS

Instance. The prompt changes from RFController (config)#to RFController (config-rtls)

Syntax

rtls

Parameters

None

Example

RFController(config)#rtls

RFController(config-rtls)#

280

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

service

Retrieves system data (tables, log files, configuration, status and operation) for debugging and

problem resolution

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

To view the servicecommand of User Exec and Priv Exec Mode, refer to Chapter 2, service

command.

Syntax

watchdog]

service [advanced-vty|dhcp|

service diag [enable|limit|period|tech-support-period|

tech-spport-url]

service password-encryption <secret>

service pm sys-restart

service prompt crash-info

service radius {restart}

service redundancy dynamic-ap-load-balance start

service set [command-history|reboot-history|upgrade-history]

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

281

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

advanced-vty

dhcp

Enables advanced mode vty interface

Enables the DHCP server service

Services diagnostics configuration.

diag [enable|limit|period|

tech-support-period|

tech-support-url]

•

enable – Enable in service diagnostics

limit – Displays diagnostic limit command

period <100-30000> – Sets diagnostics period

tech-support-period <10-10080> – Sets the tech support

period. Default is 1440 minutes (1day)

tech-support-url <URL> – Sets the tech support URL to

<URL>. This is used during auto generated tech support

dumps

•

password-encryption secret Encrypts passwords in configuration.

2 <secret>

•

secret 2 <secret> – Encrypt passwords with secret

phrase

•

2 – Type of encryption SHA256-AES256

<secret> – Passphrase for encryption

pm sys-restart

Process Monitor.

sys-restart – Enable PM to restart the system when a

processes fails

•

Note: The process restart is one count less than what is

configured.

prompt crash-info

Enables crash-info prompt

radius {restart}

Enables RADIUS server.

•

restart – Restarts the RADIUS server

redundancy

dynamic-ap-load-balance

start

Starts Dynamic AP Load Balancing service for redundancy

support.

set

Sets service parameters.

[command-history|reboot-hi

story|upgrade-history]

•

command-history <10-300> – Sets the number of previous

commands to remember. Default 200

reboot-history <10-100> – Sets the number of previous

reboot details to remember. Default 50

upgrade-history <10-100> – Sets the number of previous

upgrade details to remember. Default 50

show cli

Shows running system information. Shows the CLI commands for

the current mode.

terminal-length <0-512>

watchdog

System wide terminal length configuration.

Enables service for watchdog.

Usage Guidelines

The service password-encryptionset by the user cannot be disabled without knowing the old

password. Refer the note below for more clarification.

282

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

NOTE

The no service password-encryptioncommand used to disable the encryption, now requires

the user to know the old password. The user will have to enter the old password to disable the

encryption.

Earlier, using no service password-encryptiondisabled the encryption and show running

configdisplayed the passwords as plaintext.

Now, the user has to user no service password-encryption

<old password key>to disable or change the password.

Example

RFController(config)#service dhcp

RFController(config)#

RFController(config)#service radius restart

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

283

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

smtp-notification

Modifies SMTP notification parameters

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

recipient|sender|smtp-server-address|user]

smtp-notification authentication enable

smtp-notification enable {traps [all|dhcp-server|

redundancy|snmp|wireless]

smtp-notification enable traps all

smtp-notification enable traps dhcp-server

{[dhcpServerDown|dhcpServerUp]}

smtp-notification enable traps diagnostics {[cpuLoad1Min|

cpuLoad5Min|cpuLoad15Min|fanSpeedLow|fileDescriptors|

ipRouteCache|packetBuffers|processMemoryUsage|ramFree|

tempHigh|tempOver|usedKernelBuffer]}

smtp-notification enable traps miscellaneous

{[caCertExpired|lowFsSpace|periodicHeartbeat|

processMaxRestartsReached|savedConfigModified|

serverCertExpired|controllerEvent]}

smtp-notification enable traps mobility {[operationallyDown|

operationallyUp|peerDown|peerUp]}

smtp-notification enable traps nsm {dhcpIPChanged}

smtp-notification enable traps radius-server

{[radiusServerDown|radiusServerUp]}

smtp-notification enable traps redundancy{[adoptionExceeded|

criticalResourceDown|criticalResourceUp|

grpAuthLevelChanged|memberDown|memberMisConfigured|

memberUp]}

smtp-notification enable traps snmp {[authenticationFail|

coldstart|linkdown|linkup]}

smtp-notification enable traps wireless {[ap-detection|ids|

radio|self-healing|station|wlan]}

smtp-notification enable traps wireless ap-detection

{[externalAPDetected|externalAPRemoved]}

smtp-notification enable traps wireless ids

{[muExcessiveEvents|radioExcessiveEvents|

controllerExcessiveEvents]}

smtp-notification enable traps wireless radio

{[adopted|unadopted|detectedRadar]}

smtp-notification enable traps wireless self-healing

activated

smtp-notification enable traps wireless station

{[associated|deniedAssociationAsPortCapacityReached|

deniedAssociationOnCapability|deniedAssociationOnErr|

deniedAssociationOnInvalidWPAWPA2IE|

284

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

deniedAssociationOnRates|deniedAssociationOnShortPream|

deniedAssociationOnSpectrum|deniedAssociationOnSSID|

deniedAuthentication|disassociated|radiusAuthFailed|

tkipCounterMeasures|vlanChanged]}

smtp-notification enable traps wireless wlan

{[vlanUserLimitReached|webPortalUnavailable|

webPortalUnreachable|webPortalUnconnected]}

smtp-notification password 0 <password>

smtp-notification port <1-65535>

smtp-notification prefix <smtp-prefix>

smtp-notification recipient <1-4> <recipient-address>

smtp-notification sender <sender-address>

smtp-notification smtp-server-address <IP>

smtp-notification user <username>

Usage Guidelines

It’s recommended smtp-notification not be enabled for all traps. When smtp-notification is

enabled, an email is sent to the recipients every time a trap is fired. An email is sent for each fired

trap. This could potentially generate large email traffic for the recipients.

Some traps, such as Association, Disassociation, generate a large number of notifications which

are then consolidated and sent as a single email every five (5) minutes.

When smtp-notification is enabled and the sender, recipient, server, and port values are not

configured, then a syslog event “Incomplete Configuration” is fired every five (5) minutes till the

issue is resolved.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

285

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

authenticate enable

Enables SMTP Server authentication.

Enables SMTP notification for traps.

enable traps [all|

dhcp-server|diagnostics|

miscellaneous|mobility|

nsm|radius-server|

redundancy|snmp

|wireless]

•

all – Enables SMTP Notification for all traps

dhcp-server [dhcpServerDown|dhcpServerUp]– Enables

dhcp-server traps

•

dhcpServerDown – DHCP Server down

dhcpServerUp – DHCP Server up

diagnostics [cpuLoad15Min|cpuLoad1Min|cpuLoad5Min|

fanSpeedLow|fileDescriptors|ipRouteCache|

packetBuffers|processMemoryUsage|ramFree|

tempHigh|tempOver|usedKernelBuffer] – Enables

diagnostics traps

•

cpuLoad15Min – Average CPU load for last 15 minutes

exceeds limit

cpuLoad1Min – Average CPU load for last minute

exceeds limit

cpuLoad5Min – Average CPU load for last five minutes

exceeds limit

•

fanSpeedLow – Fan speed below limit

fileDescriptors – File descriptor number exceeds limit

ipRouteCache – IP route cache size exceeds limit

packetBuffers – Packet buffer usage exceeds limit

processMemoryUsage – Processor memory usage

exceeds limit

•

ramFree – RAM free space below limit

tempHigh – Temperature exceeds high limit

tempOver – Temperature exceeds critical limit

usedKernelBuffer – Kernel buffer usage exceeds limit

for some buffer size

•

miscellaneous

[caCertExpired|lowFsSpace|periodicHeartbeat|

processMaxRestartsReached|savedConfigModified|

serverCertExpired|controllerEvent] – Enables miscellaneous

traps

•

caCertExpired – CA certificate has expired

lowFsSpace – Available file system space is lower than

the limit

•

periodicHeartbeat – Periodic Heartbeat

processMaxRestartsReached – Process has reached

max restart

•

savedConfigModified – Saved configuration has been

modified

•

serverCertExpired – Server certificate has expired

controllerEvent – Other controller event

mobility – Enables mobility traps

•

operationallyDown – Mobility operationally down

operationallyUp – Mobility operationally up

peerDown – Mobility peer down

peerUp – Mobility peer up

286

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

•

nsm [dhcpIPChanged] – Enables nsm traps and changes the

DHCP IP

radius-server [radiusServerDown|radiusServerUp] – Enables

radius-server traps

•

radiusServerDown – Radius Server is down

radiusServerUp – Radius Server is up

redundancy [adoptionExceeded|criticalResourceDown|

criticalResourceUp|grpAuthLevelChanged|memberDown|

memberMisConfigured|memberUp] – Enables redundancy

traps

•

adoptionExceeded – Redundancy port adoption

exceeded

•

criticalResourceDown – Redundancy Critical-Resource

Down

•

criticalResourceUp – Redundancy Critical-Resource Up

grpAuthLevelChanged – Redundancy group

Authorization Level changed

•

memberDown – Redundancy member down

memberMisConfigured – Redundancy member

mis-configuration

•

memberUp – Redundancy member up

snmp [authenticationFail|coldstart|linkdown|linkup] –

Enables SNMP traps

•

authenticationFail – Enables authentication failure trap

coldstart – Enables coldStart trap

linkdown – Enables linkDown trap

linkup – Enables linkUp trap

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

287

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

•

wlan] – Enables wireless traps

•

ap-detection [externalAPDetected|

externalAPRemoved] – Enables wireless AP detection

traps

•

externalAPDetected – Detects an external AP

externalAPRemoved – Removes an external AP

id [muExcessiveEvents|radioExcessiveEvents|

•

controllerExcessiveEvents] – Enables wireless IDS traps

•

muExcessiveEvents – Excessive and Anomaly

Client events

•

radioExcessiveEvents – Excessive radio events

controllerExcessiveEvents – Excessive controller

events

•

radio [adopted|detectedRadar|unadopted] – Enables

wireless radio traps

•

adopted – Radio adopted

detectedRadar – Radio detected radar

unadopted – Radio unadopted

•

self-healing [activated]– Enables self healing traps

station [associated|

deniedAssociationAsPortCapacityReached|

deniedAssociationOnCapability|

deniedAssociationOnErr|

deniedAssociationOnInvalidWPAWPA2IE|

deniedAssociationOnRates|

deniedAssociationOnShortPream|

deniedAssociationOnSpectrum|

deniedAssociationOnSSID|deniedAuthentication|

disassociated |radiusAuthFailed|

tkipCounterMeasures|vlanChanged] – Enables wireless

station traps

288

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

•

associated – Wireless station associated

deniedAssociationAsPortCapacity

Reached – Wireless station denied association

due to port capacity reached

•

deniedAssociationOnCapability – Wireless station

denied association due to unsupported capability

deniedAssociationOnErr – Wireless station denied

association due to internal error

deniedAssociationOnInvalidWPAWPA2IE –

Wireless station denied association due to

invalid/absent WPA/WPA2 IE

•

deniedAssociationOnRates – Wireless station

denied association due to incompatible

Transmission rates

•

deniedAssociationOnSSID – Wireless station

denied association due to invalid SSID

deniedAssociationOnShortPream – Wireless

station denied association due to lack of short

preamble support

•

deniedAssociationOnSpectrum – Wireless station

denied association due to lack of spectrum

management capability

deniedAuthentication – Wireless station denied

802.11 authentication

•

disassociated – Wireless station disassociated

radiusAuthFailed – Wireless station failed radius

authentication

•

tkipCounterMeasures – TKIP counter measures

invoked

•

vlanChanged – Wireless station vlan id changed

•

wlan [vlanUserLimitReached|webPortalUnavailable|

webPortalUnconnected||webPortalUnreachable] –

Enables wireless wlan traps when:

•

vlanUserLimitReached – WLAN-VLAN user limit is

reached

•

webPortalUnavailable – Web portal unavailable

webPortalUnconnected – Web portal disconnected

webPortalUnreachable – Web portal unreachable

password 0 <password>

SMTP Authentication Password.

•

0 – Password is specified unencrypted

<password> – Enter password up to 64 characters in length

port <1-65535>

Enter SMTP Server TCP Port.

prefix <smtp-prefix>

Enter SMTP subject prefix up to 16 characters in length.

recipient <1-4>

<recipient-address>

Enter SMTP recipient index and SMTP recipient address up to 128

characters in length.

sender <sender-address>

smtp-server-address <IP>

Enter SMTP sender address up to 128 characters in length.

Host to receive SMTP notifications. Enter IP address/Hostname of

SNMP server up to 128 characters in length.

user <username>

SMTP Authentication User. Enter username up to 64 characters in

length.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

289

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Example

RFController(config)#smtp-notification enable

RFController(config)#smtp-notification enable traps dhcp-server dhcpServerDown

RFController(config)#snmp-notification recipient 1 [email protected]

290

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

snmp-server

Modifies SNMP engine parameters

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

location|manager|periodic-heartbeat-interval|sysname|user]

snmp-server community <community-string> [ro|rw]

snmp-server contact <contact-person>

snmp-server enable traps {[all|dhcp-server|diagnostics|

wireless|wireless-statistics]}

snmp-server enable traps all

snmp-server enable traps dhcp-server {[dhcpServerDown|

dhcpServerUp]}

snmp-server enable traps diagnostics {[cpuLoad1Min|

cpuLoad5Min|cpuLoad15Min|fanSpeedLow|fileDescriptors|

ipRouteCache|packetBuffers|processMemoryUsage|ramFree|

tempHigh|tempOver|usedKernelBuffer]}

snmp-server enable traps miscellaneous {[caCertExpired|

lowFsSpace|periodicHeartbeat|processMaxRestartsReached|

savedConfigModified|serverCertExpired|controllerEvent]}

snmp-server enable traps mobility {[operationallyDown|

operationallyUp|peerDown|peerUp]}

snmp-server enable traps nsm {dhcpIPChanged}

snmp-server enable traps radius-server

{[radiusServerDown|radiusServerUp]}

snmp-server enable traps redundancy{[adoptionExceeded|

criticalResourceDown|criticalResourceUp|

grpAuthLevelChanged|memberDown|memberMisConfigured|

memberUp]}

snmp-server enable traps snmp {[authenticationFail|

coldstart|linkdown|linkup]}

snmp-server enable traps wireless {[ap-detection|ids|

radio|self-healing|station|wlan]}

snmp-server enable traps wireless ap-detection

{[externalAPDetected|externalAPRemoved]}

snmp-server enable traps wireless ids

{[muExcessiveEvents|radioExcessiveEvents|

controllerExcessiveEvents]}

snmp-server enable traps wireless radio {[adopted|unadopted|detectedRadar]}

snmp-server enable traps wireless self-healing

activated

snmp-server enable traps wireless station

{[associated|deniedAssociationAsPortCapacityReached|

deniedAssociationOnCapability|deniedAssociationOnErr|

deniedAssociationOnInvalidWPAWPA2IE|

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

291

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

deniedAssociationOnRates|deniedAssociationOnShortPream|

deniedAssociationOnSpectrum|deniedAssociationOnSSID|

deniedAuthentication|disassociated|radiusAuthFailed|

tkipCounterMeasures|vlanChanged]}

snmp-server enable traps wireless wlan

{[vlanUserLimitReached|webPortalUnavailable|

webPortalUnreachable|webPortalUnconnected]}

snmp-server enable traps wireless-statistics [mesh|

min-packets|wireless-client|radio|wireless-controller|wlan]

snmp-server enable traps wireless-statistics mesh

[avg-bit-speed-less-than|avg-retry-greater-than|

avg-signal-less-than|gave-up-percent-greater-than|

nu-percent-greater-than|num-wireless-clients-greater-than|

pktsps-greater-than|tput-greater-than|

undecrypt-percent-greater-than]

snmp-server enable traps wireless-statistics min-packets

<1-65535>

snmp-server enable traps wireless-statistics wireless-client

[avg-bit-speed-less-than|avg-retry-greater-than|

avg-signal-less-than|gave-up-percent-greater-than|

nu-percent-greater-than|pktsps-greater-than|

tput-greater-than|undecrypt-percent-greater-than]

snmp-server enable traps wireless-statistics radio

[avg-bit-speed-less-than|avg-retry-greater-than|

avg-noise-level-threshold|avg-signal-less-than|

gave-up-percent-greater-than|nu-percent-greater-than|

num-wireless-clients-greater-than|pktsps-greater-than|

tput-greater-than|undecrypt-percent-greater-than]

snmp-server enable traps wireless-statistics wireless-controller

[num-wireless-clients-greater-than|pktsps-greater-than|

tput-greater-than]

snmp-server enable traps wireless-statistics wlan

[avg-bit-speed-less-than|avg-retry-greater-than|

avg-signal-less-than|gave-up-percent-greater-than|

nu-percent-greater-than|num-wireless-clients-greater-than|

pktsps-greater-than|tput-greater-than|

undecrypt-percent-greater-than]

snmp-server engineid [netsnmp {<word>}|text <word>]

snmp-server host <IP> [v2c|v3] {<1-65535>}

snmp-server location <location-text>

snmp-server manager [all|v2|v3]

snmp-server periodic-heartbeat-interval <interval>

snmp-server sysname

snmp-server user [snmpmanager|snmpoperator|snmptrap]

292

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

community

Sets the community string and access privileges.

<community-string> [ro|rw]

•

<community-string> – Sets the community string

ro – Read-only access with this community string

rw – Read-write access with this community string

contact <contact-person>

Text for mib object sysContact.

•

<contact-person> – Sets the contact person for this

managed node

enable traps {[all|

dhcp-server|diagnostics|

miscellaneous|mobility|

nsm|radius-server|

redundancy|snmp|

wireless|

traps – Enables SNMP traps. All traps are optional.

•

dhcp-server – Enables dhcp-server traps

diagnostics – Enables diagnostics traps

miscellaneous – Enables miscellaneous traps

mobility – Enables mobility traps

nsm – Enables nsm traps

wireless-statistics]}

radius-server – Enables RADIUS server traps

redundancy – Enables redundancy traps

snmp – Enables SNMP traps

wireless – Enables wireless traps

wireless-statistics – Enables wireless statistics traps

enable traps dhcp-server

{[dhcpServerDown|

dhcpServerUp]}

Enables dhcp-server traps.

•

dhcpServerDown – DHCP server down

dhcpServerUp – DHCP server up

enable traps diagnostics

{[cpuLoad1Min|

cpuLoad5Min|

cpuLoad15Min|

fanSpeedLow|

fileDescriptors|

ipRouteCache|

packetBuffers|

Enables diagnostics traps.

•

cpuLoad15Min

cpuLoad1Min

cpuLoad5Min

fanSpeedLow

fileDescriptors

ipRouteCache

packetBuffers

processMemoryUsage

ramFree

processMemoryUsage|

ramFree|tempHigh|

tempOver|

tempHigh

tempOver

usedKernelBuffer

usedKernelBuffer]}

enable traps miscellaneous Enables miscellaneous traps.

{[caCertExpired|

lowFsSpace|

•

caCertExpired – CA certificate has expired

lowFsSpace – Available file system space is lower

than the limit

periodicHeartBeat – Periodic heartbeat trap

processMaxRestartsReached – Process has reached

max restart

savedConfigModified – Saved configuration has

been modified

periodicHeartbeat|

processMaxRestartsReach

ed|

savedConfigModified|

serverCertExpired|

controllerEvent]}

•

serverCertExpired – Server certificate is expired

controllerEvent - Other controller event

enable traps mobility

{[operationallyDown|

operationallyUp|

Enable mobility traps.

•

operationallyDown – Mobility down

operationallyUp – Mobility up

peerDown – Mobility peer down

peerUp – Mobility peer up

peerDown|peerUp]}

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

293

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

enable traps nsm

Enables nsm traps.

{dhcpIPChanged}

•

dhcpIPChanged – DHCP IP changed

enable traps

Enables radius-server traps.

radius-server

{[radiusServerDown|

radiusServerUp]}

•

radiusServerDown – RADIUS server down

radiusServerUp – RADIUS server up

enable traps redundancy

{[adoptionExceeded|

criticalResourceUp|

grpAuthLevelChanged|

memberDown|

memberMisConfigured|

memberUp|

criticalResourceDown]}

Enables redundancy traps.

•

adoptionExceeded – Redundancy port adoption

exceeded

•

grpAuthLevelChanged – Redundancy group

authorization level changed

•

memberDown – Redundancy member down

memberMisConfigured – Redundancy member

mis-configuration

•

memberUp – Defines redundancy member as up

criticalResourceUp – Critical resource is up

criticalResourceDown – Critical resource is down

294

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

enable traps snmp

{[authenticationFail|

linkdown|linkup|

coldstart]}

Enables SNMP traps.

•

authenticationFail – Enables authentication failure

trap

•

coldstart – Enables coldStart trap

linkdown – Enables linkDown trap

linkup – Enables linkUp trap

enable traps wireless

{[ap-detection|ids|

radio|self-healing|

station|wlan]}

Enables wireless traps.

•

ap-detection {[externalAPDetected|

externalAPRemoved]} – Enables wireless AP

detection traps

•

externalAPDetected – External AP detected

externalAPRemoved – External AP detected

ids {[muExcessiveEvents|

•

radioExcessiveEvents|controllerExcessiveEvents]} –

Enables wireless IDS traps

•

muExcessiveEvents – Excessive Client events

radioExcessiveEvents – Excessive radio events

controllerExcessiveEvents – Excessive

controller events

•

radio {[adopted|unadopted|detectedRadar]} –

Enables wireless radio traps

•

adopted – Radio adopted

detectedRadar – Radar detected

unadopted – Radio detected radar

•

self-healing activated – Enables self healing traps

•

activated – Self healing activated

station {[associated|

deniedAssociationAsPortCapacityReached|

deniedAssociationOnCapability|

deniedAssociationOnErr|

deniedAssociationOnInvalidWPAWPA2IE|

deniedAssociationOnRates|

deniedAssociationOnShortPream|

deniedAssociationOnSpectrum|

deniedAssociationOnSSID|deniedAuthentication|

disassociated|radiusAuthFailed|

tkipCounterMeasures|vlanChanged]} – Enables

wireless station traps

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

295

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

•

associated– Wireless station associated

deniedAssociationAsPortCapacityReached –

Wireless station denied association - port

capacity reached

•

deniedAssociationOnCapability – Wireless

station denied association due to unsupported

capability

•

deniedAssociationOnErr – Wireless station

denied association due to internal error

deniedAssociationOnInvalidWPAWPA2IE –

Wireless station denied association due to

invalid/absent WPA/WPA2 IE

•

deniedAssociationOnRates – Wireless station

denied association due to incompatible

Transmission rates

•

deniedAssociationOnSSID – Wireless station

denied association due to invalid SSID

deniedAssociationOnShortPream – Wireless

station denied association due to lack of short

preamble support

•

deniedAssociationOnSpectrum – Wireless

station denied association due to lack of

spectrum management capability

deniedAuthentication – Wireless station denied

802.11 authentication

•

disassociated – Wireless station disassociated

tkipCounterMeasures – TKIP counter measures

invoked

•

vlanChanged – Wireless station VLAN ID has

changed

•

wlan {[vlanUserLimitReached|webPortal

Unavailable|webPortalUnreachable|webPortal

Unconnected]}– Enables wireless wlan traps

•

vlanUserLimitReached – WALN/VLAN user limit

reached

webPortalUnavailable – Webportal is

unavailable

webPortalUnreachable – Webportal is

unreachable

webPortalUnconnected – Webportal is not

connected

296

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

snmp-server enable traps

wireless-statistics [mesh|

min-packets|wireless-client|

radio|wireless-controller|wlan]

Modifies wireless-stats rate traps.

mesh [avg-bit-speed-less-than|

•

avg-retry-greater-than|avg-signal-less-than|

gave-up-percent-greater-than|

nu-percent-greater-than|

num-wireless-clients-greater-than|

pktsps-greater-than|tput-greater-than|

undecrypt-percent-greater-than] – Modifies mesh

rate traps

•

avg-bit-speed-less-than – Average bit speed in

Mbps between <0.00> and <54.00>

avg-retry-greater-than – Average retry is greater

than 0.00 and less than or equal to 16.00

avg-signal-less-than – Average signal in dBm is

less than -0.00 and greater than or equal to

-120.00

•

gave-up-percent-greater-than – Percentage of

pkts dropped is greater than 0.00 and less than

or equal to 100.00

nu-percent-greater-than – Percentage of

non-unicast pkts is greater than 0.00 and less

than or equal to 100.00

•

num-wireless-clients-greater-than – Number of

associated wireless-client is <1-8192>

pktsps-greater-than – Packets per sec is greater

than 0.00 and less than or equal to 100000.00

tput-greater-than – Throughput in Mbps is

greater than 0.00 and less than or equal to

100000.00

•

undecrypt-percent-greater-than – Percentage of

undecryptable pkts is greater than 0.00 and

less than or equal to 100.00

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

297

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

•

min-packets <1-65535> – Minimum packets

required for sending the trap

•

<1-65535> – Defines the minimum packets for

sending the trap. This can be set with a decimal

number in the range of <1-65535>

wireless-client [avg-bit-speed-less-than|

avg-retry-greater-than|avg-signal-less-than|

gave-up-percent-greater-than|

nu-percent-greater-than|pktsps-greater-than|

tput-greater-than|

undecrypt-percent-greater-than] – Modifies

wireless-client rate traps

•

avg-bit-speed-less-than – Average bit speed in

Mbps is between <0.00> and <54.00>

avg-retry-greater-than – Average retry is greater

than 0.00 and less than or equal to 16.00

avg-signal-less-than – Average signal in dBm is

less than -0.00 and greater than or equal to

-120.00

•

gave-up-percent-greater-than – Percentage of

pkts dropped is greater than 0.00 and less than

or equal to 100.00

nu-percent-greater-than – Percentage of

non-unicast pkts is greater than 0.00 and less

than or equal to 100.00

•

pktsps-greater-than – Packets per sec is greater

than 0.00 and less than or equal to 100000.00

tput-greater-than – Throughput in Mbps is

greater than 0.00 and less than or equal to

100000.00

•

undecrypt-percent-greater-than – Percentage of

undecryptable pkts is greater than 0.00 and

less than or equal to 100.00

engineid [netsnmp {<word>}|

Sets the SNMP server engine ID.

text <word>]

•

netsnmp <word>– Sets the engine id to a

hexadecimal string

•

text <word> – Sets the engine id to a text string

host <IP> [v2c|v3] {<1-65535>}

SNMP server host.

<IP> – SNMP server host IP address

•

v2c <1-65535> – Use snmp version 2c

v3 <1-65535> – Use snmp version 3

location <location-text>

manager [all|v2|v3]

Text for mib object sysLocation.

Enables the SNMP manager.

•

all – Enables SNMP version v2 and v3

v2 – Enables SNMP version v2

v3 – Enables SNMP version v3

periodic-heartbeat-interval

Sets periodic heartbeat trap interval. A periodic trap is

sent if no other traps are sent by the controller. The

default time period is 60 seconds. Set a value to between

10 and 1000 seconds.

298

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

sysname

The SNMP system name.

Defines a user who can access the SNMP engine.

user [snmpmanager|

snmpoperator|snmptrap]

•

snmpmanager v3– Manager user

•

v3 [auth|encrypted] – User using v3 security

model

•

auth md5 <password> – Sets

authentication parameters for the user

md5 – Use HMAC MD5 algorithm for

authentication

•

<password> – The password for the user

encrypted [auth|des] – Displays privacy

parameters for the user

•

auth md5 <password>– Displays

authentication parameters for the user

des – Use CBC-DES for privacy

•

snmpoperator v3 – Operator user

snmptrap v3 – Trap user

Example

RFController(config)#snmp-server community TestCommunity ro

RFController(config)#

RFController(config)#snmp-server contact TestManager

RFController(config)#

RFController(config)#snmp-server enable traps all

RFController(config)#

RFController(config)#snmp-server enable traps miscellaneous lowFsSpace

RFController(config)#

RFController(config)#snmp-server enable traps redundancy memberUp

RFController(config)#

RFController(config)#snmp-server enable traps snmp linkup

RFController(config)#

RFController(config)#snmp-server enable traps wireless ap-detection

externalAPDetected

RFController(config)#

RFController(config)#snmp-server enable traps wireless ids excessiveProbes

RFController(config)#

RFController(config)#snmp-server enable traps wireless radio adopted

RFController(config)#

RFController(config)#snmp-server enable traps wireless self-healing activated

RFController(config)#

RFController(config)#snmp-server enable traps wireless station

tkipCounterMeasures

RFController(config)#

RFController(config)#snmp-server enable traps wireless-statistics min-packets

120

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

299

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

RFController(config)#

RFController(config)#snmp-server location "Located at thh 5th FLoor"

RFController(config)#

RFController(config)#snmp-server sysname "Gold Mine"

RFController(config)#

RFController(config)#snmp-server periodic-heartbeat-interval 120

RFController(config)#

RFController(config)#snmp-server engineid netsnmp

RFController(config)#

300

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

spanning-tree

Configures spanning-tree commands

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

spanning-tree [mst|portfast]

spanning-tree mst [<0-15> priority <0-61440>|

cisco-interoperability [enable|disable]|configuration|

forward-time <4-30>|hello-time <1-10>|max-age <6-40>|

max-hops <7-127>]

spanning-tree portfast [bpdufilter|bpduguard] default

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

301

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

mst [<0-15> priority

<0-61440>|

cisco-interoperability

[enable|disable]|

configuration|

forward-time <4-30>|

hello-time <1-10>|

max-age <6-40>|

max-hops <7-127>]

Enables the Multiple Spanning Tree Protocol on a bridge.

•

<0-15> priority <0-61440> – Set the bridge priority for an

MST instance to the value specified. Use the no parameter

with this command to restore the default bridge priority value

•

priority – Sets the bridge priority for the common

instance

•

<0-61440> – Defines the bridge priority in increments

of 4096 (Lower priority indicates greater likelihood of

becoming root). The default value of the priority for each

instance is 32768

•

cisco-interoperability [enable|disable] – Enables/disables

interoperability with Cisco's version of MSTP (incompatible

with standard MSTP)

•

enable – Enables CISCO Interoperability

disable – Disables CISCO Interoperability

configuration – Multiple spanning tree configuration. This

command moves to the (config-mst)instance. For

more information, see Chapter 13, Spanning tree-mst

Instance

•

forward-time <4-30> – Sets the time (in seconds) after which

(if this bridge is the root bridge) each port changes states to

learning and forwarding. This value is used by all instances.

The default value is 15 seconds

hello-time <1-10> – Sets the hello-time. The hello-time is the

time (in seconds) after which (if this bridge is the root bridge)

all the bridges in a bridged LAN exchange Bridge Protocol

Data Units (BPDUs). A very low value leads to excessive

traffic on the network, while a higher value delays the

detection of a topology change. This value is used by all

instances. The default value is

2 seconds

302

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

•

max-age <6-40> – Max-age is the maximum time in seconds

for which (if a bridge is the root bridge) a message is

considered valid. This prevents the frames from looping

indefinitely. The value of max-age must be greater than twice

the value of hello time plus one, but less than twice the value

of forward delay minus one.

The permissible range for max-age is 6-40 seconds.

Configure this value sufficiently high, so a frame generated

by root can be propagated to the leaf nodes without

exceeding the max-age. Use this command to set the

max-age for a bridge. This value is used by all instances.The

default value of bridge max-age is 20 seconds

•

max-hops <7-127> – Specifies the maximum allowed hops

for a BPDU in an MST region. This parameter is used by all

MST instances. To restore the default value, use the no

parameter with this command. The default maxhops in a

MST region is 20

portfast

[bpdufilter|bpduguard]

default

Enables the portfast feature on a bridge. It has the following

options:

•

bpdufilter default – Use the bpdu-filtercommand to set

the portfast BPDU filter for the port. Use the noparameter

with this command to revert the port BPDU filter value to

default.

The Spanning Tree Protocol sends BPDUs from all ports.

Enabling the BPDU Filter feature ensures PortFastenabled

ports do not transmit or receive BPDUs

•

bpduguard default – Use the bpdu-guardcommand to

enable the BPDU (Bridge Protocol Data Unit) Guard feature

on a bridge.

Use the noparameter with this command to disable BPDU

Guard. When the BPDU Guard is set for a bridge, all

portfast-enabled ports of the bridge that have BPDU guard

set to default shut down the port on receiving a BPDU. In this

case, the BPDU is not processed. The port can be brought

back up manually (using the no shutdown command), or by

configuring a errdisable-timeout to enable the port after the

specified interval

Usage Guidelines

The mst > configuration command moves you to the Spanning tree-mst Instance on page 435

Instance instance.

If a bridge does not hear bridge protocol data units (BPDUs) from the root bridge within the

specified interval, defined in the max-age (seconds) parameter, assume the network has changed

and recomputed the spanning-tree topology.

Generally, spanning tree configuration settings in the config mode define the configuration for

bridge and bridge instances.

Example

RFController(config)#spanning-tree portfast bpduguard default

RFController(config)#

RFController(config)#spanning-tree mst configuration

RFController(config-mst)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

303

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

timezone

Configures controller timezone settings

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

timezone <timezone>

Parameters

Press <tab> to traverse a list of files. This displays a list of files

containing timezone information.

Example

RFController(config)#timezone

Africa/

CST6CDT

PST8PDT

America/

EET

EST5EDT

Asia/

Etc/

Atlantic/

Europe/

Australia/ CET

MST7MDT

Pacific/

RFController(config)#timezone

RFController(config)#timezone America/

America/Anchorage

America/Caracas

America/Costa_Rica

America/Mexico_City

America/New_York

America/Sao_Paulo

America/Tegucigalpa

America/Indianapolis

America/Bogota

America/Chicago

America/Denver

America/Montreal

America/Phoenix

America/St_Johns

America/Thule

America/Buenos_Aires

America/Los_Angeles

America/Santiago

America/Winnipeg

RFController(config)#timezone America/Chicago

RFController(config)#

304

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

traffic-shape

Optimizes network traffic

Supported in the following platforms:

•

Mobility RFS7000 Controller

NOTE

This command is not supported on the Mobility RFS4000 Controller and on the Mobility RFS6000

Controller.

Syntax

traffic-shape [class|priority-map]

traffic-shape class <class-identifier> [max-buffers|

max-latency|rate]

traffic-shape class <class-identifier> max-buffers

<pri0-queue-length> <pri1-queue-length>

<pri2-queue-length> <pri3-queue-length>

<pri4-queue-length> <pri5-queue-length>

<pri6-queue-length> <pri7-queue-length> red-level

<pri0-queue-length-for-red> <pri1-queue-length-for-red>

<pri2-queue-length-for-red> <pri3-queue-length-for-red>

<pri4-queue-length-for-red> <pri5-queue-length-for-red>

<pri6-queue-length-for-red> <pri7-queue-length-for-red>

traffic-shape class <class-identifier> max-buffers

<pri0-queue-length> <pri1-queue-length>

<pri2-queue-length> <pri3-queue-length>

<pri4-queue-length> <pri5-queue-length>

<pri6-queue-length> <pri7-queue-length> red-percent

<pri0-queue-percent-for-red> <pri1-queue-percent-for-red>

<pri2-queue-percent-for-red> <pri3-queue-percent-for-red>

<pri4-queue-percent-for-red> <pri5-queue-percent-for-red>

<pri6-queue-percent-for-red> <pri7-queue-percent-for-red>

traffic-shape class <class-identifier> max-latency

<pri0-queue-latency> <pri1-queue-latency>

<pri2-queue-latency> <pri3-queue-latency>

<pri4-queue-latency> <pri5-queue-latency>

<pri6-queue-latency> <pri7-queue-latency> [msec|usec]

traffic-shape class <class-identifier> rate {[Kbps|Mbps|bps]}

traffic-shape priority-map <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7> <0-7>

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

305

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

class <class-identifier>

max-buffers ... red-level ...

class <class-identifier>

max-buffers ... red-percent

...

class <class-identifier>

max-latency ... [msec|usec]

class <class-identifier> rate

{[Kbps|Mbps|bps]}

Traffic shaping packet class. Select an identifier between

1-4. Traffic shaping also uses queues numbered 0-7.

•

max-buffers – Maximum traffic-shape queue length in

packets

•

<1-2000> – Maximum length of lowest or all priority

queues

red-level – Performs RED (random early drop) when the

queue length is reached

red-percent – Performs RED (random early drop) at a

percentage of max-buffers

•

max-latency – Maximum packet delay in queue

•

<1-1000000> – Maximum latency of lowest or all

priority queues

•

[msec|usec] – Sets the time measure

rate <1-250000000> – Traffic rate (250 Kbps-250 Mbps)

•

Kbps – Units of kilobits/sec

Mbps – Units of megabits/sec

bps – Units of bits/sec

priority-map <0-7> <0-7> ... Sets 802.1p to priority queue maps for all the traffic shape

queues.

Example

RFSController(config)#traffic-shape class 1 max-buffers 1000 1000 1000 1000

500 500 500 500 red-level 750 750 750 750 375 375 375 375

RFSController(config)#traffic-shape class 1 max-latency 1000 1000 1000 1000

1000 1000 1000 1000 msec

RFSController(config)#traffice-shape class 1 rate 100000 Kbps

RFSController(config)#traffic-shape priority-map 1 2 0 7 5 3 6 4

RFSController(config)#show traffic-shape config

Traffic shaping class 1

Rate: 10 Mbps

Prio-| max |

RED

| max

rity | pkts | pkts pcnt | latency

0 | 1000 | 750 75% | -

1 | 1000 | 750 75% | -

2 | 1000 | 750 75% | -

3 | 1000 | 750 75% | -

4 | 500 | 375 75% | -

5 | 500 | 375 75% | -

6 | 500 | 375 75% | -

7 | 500 | 375 75% | -

Traffic shaping class 2

Not configured

Traffic shaping class 3

Not configured

Traffic shaping class 4

Not configured

RFController(config)#show traffic-shape priority-map

802.1p | Shaping priority

0 | 1

1 | 2

2 | 0

3 | 7

4 | 5

306

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

5 | 3

6 | 6

7 | 4

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

307

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

username

Establishes user name authentication

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

username <name> [access|password|privilege]

username <name> access [console|ssh|telnet|web]

username <name> password [0 <password>|1 <password>|

<password>]

username <name> privilege [helpdesk|monitor|nwadmin|

superuser|sysadmin|webadmin]

Parameters

<name>

Enter a name to authenticate the controller, the username should

be between 1 and 28 characters.

•

access [console|ssh|telnet|web]– Sets the user access

mode

•

console – Only allowed from console

ssh – Only allowed from ssh

telnet – Only allowed from telnet

web – Only allowed from applet (webUI)

•

password [0 <password>|1 <password>|<password>] –

Specifies the password for the user

•

0 – Password is specified UNENCRYPTED

1 – Password is encrypted with SHA1 algorithm

<password> – User password

•

plaintext password length should be between 8

and 32 letters

•

encrypted password length should be 40 letters)

•

privilege [helpdesk|monitor|nwadmin|superuser|

sysadmin|webadmin] – Sets user access privilege

•

helpdesk – Helpdesk (troubleshooting) access

monitor – Monitor (read-only) access

nwadmin – Network (wired & wireless) admin access

superuser – Superuser (root) access

sysadmin – System (general system configuration)

admin access

•

webadmin – Web auth (hotspot) user admin access

Example

RFController(config)#username GoldenController

RFController(config)#

RFController(config)#username Aeyjey access console ssh telnet web

RFController(config)#username JohnDoe privilege sysadmin webadmin nwadmin

308

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Encrypting a Password

To encrypt a password:

1. Enable password encryption and provide the passphrase required for encrypting the

passwords.

RFController(config)#service password-encryption secret 2 Brocade

RFController(config)#username Jiri password admin

2. On completion of the above step, all the passwords, crypto keys, shared secrets etc are

displayed in an encrypted format in the running/startup configuration.

RFController(config)#show run

! configuration of Mobility RFS6000 Controller version 4.2.1.0

version 1.1

aaa authentication login default none

service prompt crash-info

username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d

username admin privilege superuser

username operator password 1

fe96dd39756ac41b74283a9292652d366d73931f

username Jiri password 1 399f01e13e372ba2dc02f37d869021873e60aa85

3. The password in the above running configuration is displayed in an encrypted format even

though it was entered as plain text in Step 1.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

309

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

vpn

Configures VPN authentication settings

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

vpn authentication-method [local|radius]

Parameters

authentication-method

[local|radius]

Selects the authentication scheme.

•

local – Used for user based authentication

radius – Used for RADIUS server authentication

Usage Guidelines

Virtual Private Network (VPN) enables IP traffic to travel securely over a public TCP/IP network by

encrypting all traffic from one network to another. A VPN uses "tunneling" to encrypt all information

at the IP level.

310

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

wireless

Configures controller wireless parameters

This command moves you to the config-wireless instance. For more information, see Chapter

20, Wireless Instance.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

wireless

Parameters

None

Usage Guidelines

The wireless command is used to enter the config-wireless instance wherein you can configure

wireless parameters. Confirm you have entered the wireless instance, as the prompt changes from

the regular RFController(config)#to RFController(config-wireless)#.

Example

RFController(config)#wireless

RFController(config-wireless)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

311

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

wlan-acl

Applies an ACL on a WLAN index

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

wlan-acl <1-256> [<1-99>|<100-199>|<1300-1999>|

<2000-2699>|<acl-name>] [in|out]

Parameters

<1-32>

WLAN number

[<1-99>|<100-199>|<130

0|1999>|<2000|2699>|

word]

•

<1-99> — IP standard access list

<100-199> — IP extended access list

<1300-1999> — IP standard access list (expanded range)

<2000-2699> — IP extended access list (expanded range)

<acl-name> — Access list name

[in|out]

•

in — Incoming packets

out — Outgoing packets

Usage Guidelines 1

Every WLAN created is mapped to an index. When an ACL is applied on a WLAN index it becomes a

WLAN ACL. The following type of ACL’s can be applied on a WLAN:

•

IP Standard ACL

IP Extended ACL

MAC Extended ACL

When a packet is sent from a client to a WLAN index of an access point, it becomes an inbound

traffic to the wireless LAN.

When a packet goes out of a access point, it becomes outbound traffic to the wireless LAN index.

Apply an ACL to a WLAN index in outbound direction to filter traffic from both wired and wireless

interfaces.

wlan-aclcan be attached both in the inbound and outbound directions.

NOTE

Most of the Wireless LAN related configuration are performed using the Chapter 20, Wireless

Instance. Use wlan-acl (in the global configuration mode) to apply an ACL on a wireless LAN index .

The last ACE in the access list is an implicit deny statement. Whenever the interface receives the

packet, its content is checked against all the ACE’s in the ACL. It is allowed/denied based on the

ACL configuration.

312

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

NOTE

All ACLs which had WLAN index are now replaced with ones that don't have WLAN index.

In the above process, the acl "110" had two rules which got replaced by only one rule because after

removal of WLAN index selector, both the rules look similar.

Follow the procedure below to manually upgrade the ACLs to the same configuration:

1. If all the rules in ACL have same WLAN index as selector and there are no other ACL rules, then

attach the ACL to the WLAN port.

In the above example, the ACL "macacl" has two rules for WLAN 14 which can be attached to

WLAN port as follows:

wlan-acl 14 macacl in

2. If the ACL has mix of rules – with different WLAN indices and without an WLAN indices, it

should be grouped as follows:

a. Create separate ACLs for all rules with a given WLAN index.

b. Create separate ACLs for rules which do not have any WLAN index.

To manually configure a Standard ACL, the example above has to be split into 3 ACLs.

ip access-list standard stdacl1

permit any rule-precedence 34

ip access-list standard stdacl2

permit host 10.0.0.10 rule-precedence 44

ip access-list standard stdacl3

deny host 30.0.0.14 rule-precedence 54

no access-list stdacl

wlan-acl 5 stdacl1 in

wlan-acl 6 stdacl2 in

The stdacl must be detached from the interface to which it was associated and stdacl3 must be

attached to that interface.

When the user explicitly creates ACL rules with WLAN index as selector, the controller consumes

that ACL without WLAN index selector. During this process a warning is raised to the user as

mentioned in the example below.

RFController(config)#access-list 14 permit any wlan 19 log

Warning : Acl rules with Wlan Index is deprecated. Wlan index configured for

the rule will be ignored. Please use wlan-acl CLI to apply ACLs on WLAN

Example

The example below applies an ACL to WLAN index 200 in an inbound direction from the global

config mode.

RFController(config)#wlan-acl 2 150 in

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

313

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

NOTE

A MAC access list entry to allow arpis mandatory to apply an IP based ACL to an interface. MAC ACL

always takes precedence over IP based ACL’s.

The example below applies an ACL to WLAN index 200 in outbound direction from the global config

mode.

RFController(config)#wlan-acl 2 150 out

RFController(config)#

314

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

network-element-id

Use this command to set system’s network-element-ID

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

network-element-id <element-id>

Parameters

<element-id>

Specifies system’s network element ID

Example

RFController(config)#network-element-id test

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

315

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

firewall

Use this command to set system’s network-element-ID

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

firewall

[802.2-encapsulation|dhcp-snoop-conflict-detection|dhcp-snoop-conflict-loggin

firewall enable

firewall 802.2-encapsulation permit

firewall clamp [path-mtu|tcp-mss]

firewall flow timeout [icmp|other|tcp|udp]

firewall flow timeout [icmp|other|udp] <10-32400>

firewall flow timeout tcp [close-wait|established|reset|

setup] <10-32400>

firewall virtual-defrag [enable|max-defrag-per-host|

max-frags-per-dgram|min-1st-frag-length]

firewall virtual-defrag enable

firewall virtual-defrag max-defrag-per-host <1-32>

firewall virtual-defrag max-frags-per-dgram <2-8129>

firewall virtual-defrag min-1st-frg-length <8-1500>

firewall vlan-stacking permit

316

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Parameters

enable

Enables the firewall for this controller.

Sets 802.2 packet encapsulation.

permit – Allow 802.2 packet encapsulations which can

802.2.-encapsulation

permit

•

bypass the firewall. Enabling this option is not

recommended by Brocade

clamp [path-mtu|

tcp-mss]

Configures wireless firewall

clamp [path-mtu|tcp-mss] – Displays clamp value

•

path-mtu – Displays limit discovered path-mtu

tcp-mss – Displays limit TCP to inner path-mtu

flow timeout

Configures firewall flow of packets.

[icmp|other|tcp|udp]

•

timeout [icmp|other|udp] <1-32400> – Sets the timeout

value for type ICMP, UDP, and Other to a value between 1

and 32400 seconds

•

timeout tcp [close-wait|established|reset|setup]

<10-32400> – Sets the timeout value for TCP packet types

to a value between 1 and 32400 seconds

•

close-wait – Configures the Closed TCP Flow timeout

value

•

established – Configures the Established TCP Flow

timeout value

•

reset – Configures the Reset TCP Flow timeout value

setup – Configures the Opening TCP Flow timeout value

virtual-defrag [enable|

max-defrag-per-host|

max-frags-per-dgram|

min-1st-frag-length]

Configures IPv4 virtual defragmentation.

•

enable – enables IPv4 virtual defragmentation. Brocade

recommends that this option be enabled

max-defrag-per-host <1-32> – Sets the maximum active

defragmentation per host to a value between 1 and 32

max-frags-per-dgram <2-8129> – Sets the maximum

allowed fragmentation per datagram to a value between 2

and 8129

•

min-1st-frag-len < <8-1500> – Sets the minimum

fragmentation length for the 1st fragment to a value between

8 and 1500

vlan-stacking permit

Configures 802.1q VLAN stacking.

•

permit – Permits 802.1q VLAN stacking that can bypass the

firewall. Brocade does not recommend the use of this option

Example

RFController(config)#firewall clamp

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

317

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

virtual-ip

Displays virtual-ip configuration of the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

virtual-ip [<A.B.C.D/M>|advt-timeout <1-5>|enable|

garp-timeout <30-600>|learning-timeout <2-5>|priority|vmac]

virtual-ip <A.B.C.D/M> vlan <1-4096>

virual-ip priority [<1-256>|auto]

virual-ip vmac <AA-BB-CC-DD-EE-FF>

Parameters

<A.B.C.D/M> vlan <1-4096> Displays virtual-ip configuration details of the controller

<A.B.C.D/M> – Displays ip address of the controller

vlan <1-4096> – Displays vlan of the vip

•

<1-4096> – Displays the vlan range value of the

vip

advt-timeout <1-5>

Displays advertisement timeout in seconds

<1-5> – Displays the value in seconds

•

enable

Enables IP Redundancy protocol

garp-timeout <30-600>

Displays Gratituous ARP timeout in seconds . The default time is

180 seconds

•

<30-600> – Displays value in seconds

Displays learning timeout in seconds

<2-5> – Displays learning timeout value in seconds

Displays priority of the controller

learning-timeout <2-5>

priority [<1-256>|auto]

•

<1-256> – Displays manual priority range

auto – Displays automatic priority selection

vmac

Virtual MAC to be used by the master

<AA-BB-CC-DD-EE-FF>

•

<AA-BB-CC-DD-EE-FF> – Allowed VMACs: from

00:15:70:88:8a:90 to 00:15:70:88:8b:8f

Example

RFController(config)#virtual-ip 192.168.11.10/24 vlan 11

RFController(config)#

RFController(config)#show virtual-ip config

VIP Status

: Disabled

: Enabled

: Automatic

: 2

Cluster Redundancy Status

Priority Selection Mode

VMAC Selection Mode

Learning Timeout(sec)

Advertisement Timeout(sec) : 1

External VLAN

: 0

External Gateway

Virtual-IP Server Port

: 0.0.0.0

: 51525

318

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

Controller IP

Controller Id

: 192.168.11.4

Reserved VMAC Address Range : 00-15-70-88-8A-90 to 00-15-70-88-8B-8F

DHCP Server status : Not Running on this Controller

=================================================================

Vlan | Priority | ControllerID | VIP | VMAC

=================================================================

11 | 3232238340 | 192.168.11.4 | 192.168.11.10 | 00-15-70-88-8A-90

=================================================================

RFController(config)#

RFController(config)#virtual-ip vmac 00-15-70-88-8A-90

RFController(config)#virtual-ip priority auto

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

319

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

wwan

Configures wireless wan interface

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

NOTE

This command is not supported on the Mobility RFS7000 Controller.

Syntax

wwan [apn<STRING>|disable|enable|password<STRING>

|username<STRING>]

Parameters

apn <STRING>

Enter the access point name provided by the service provider.

<STRING> – A string of up to 25 characters

NOTE: Use this command for countries in Europe. This command

is not valid for other countries.

disable

Disables the wireless wan feature

Enables the wireless wan feature

enable

password <STRING>

Enter password provided by the service provider

<STRING> – A string of up to 30 characters

username <STRING>

Enter username provided by the service provider

<STRING> – A string of up to 32 characters

Example

RFController(config)#wwan disable

RFController(config)#

RFController(config)#no wwan apn

RFController(config)#

320

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

aap-wlan-acl

Applies an acl on wlan for aap

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

aap-wlan-acl <1-256> [<100-199>|<WORD>]{in/out}

Syntax (Mobility RFS6000 Controller)

aap-wlan-acl <1-32>[<100-199>|<WORD>]{in/out}

Parameters

aap-wlan-acl <1-256>

[<100-199>|

Applies an acl on wlan for an aap

<1-256> – Displays wlan index

<WORD>{in|out}

<100-199> Displays IP extended access list

WORD> – Displays access list name

in – Displays incoming packets

out – Displays outgoing packets

Example

RFController(config)#aap-wlan-acl 6 symbol in

RFController(config)#

RFController(config)#aap-wlan-acl 6 125 out

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

321

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

arp

Configures Address Resolution Protocol

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

arp [<WORD>|ge <1-5>|sa <1-6>|up1|vlan <1-4094|

wwan]{<AB.C.D> <AA-BB-CC-DD-EE-FF>}

Parameters

arp [<WORD>|ge <1-5>|sa Configures address resolution protocol.

<1-6>|up1|vlan <1-4094|

•

<WORD> – Configures interface name

ge <1-5> – Configures Gigabit Ethernet interface

sa <1-6> – Configures Static Aggregate interface

up1 – Configures WAN interface

vlan <1-4094> – Configures vlan

wwan – Configures wireless WAN interface

wwan] {<AB.C.D>

<AA-BB-CC-DD-EE-FF>}

The following parameters are common for all the above.

•

<A.B.C.D> – Displays Internet Protocol

<AA-BB-CC-DD-EE-FF> – Displays MAC address

Example

RFController(config)# arp ge 2 1.2.3.4 11-22-33-44-55-66

RFController(config)

322

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

power

Configures PoE commands

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

NOTE

This command is not supported on the Mobility RFS7000 Controller.

Syntax

power trap-percent <0-100>

Parameters

power trap-percent

<0-100>

Configures PoE commands

trap-percent <0-100> – Configures PoE traps

<0-100> – Percentage of total power at which trap is generated

Example

RFController(config)#power trap-percent 99

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

323

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

aap-ipfilter-list

Applies ipfilter to WLAN/LAN

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

aap-ipfilter-list command initiates (config-aap-ip-filter-list) instance. For more details see Chapter

27, AAP IP Filtering. The prompt changes from RFController (config)#to RFController

(config-aap-ipfilter).

Parameters

aap-ipfilter-list

Parameters

None

Example

RFController(config)#aap-ipfilter-list

RFController(config-aap-ipfilter)#

324

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

whitelist

•Crypto ISAKMP config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

White list is a list of host names and IP addresses that are permitted access by default.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

whitelist command instantiates (config-whitelist) instance. The prompt changes from RFController

(config)#to RFController (config-whitelist)

Syntax

whitelist no permit

whitelist permit [<A.B.C.D>|<Hostname>]

Parameters

clrscr

end

exit

Clears the display screen.

Ends the current mode and changes to EXEC mode.

Ends the current mode and changes to previous mode.

Displays the interactive help system.

help

Negates a command or sets its defaults.

[<A.B.C.D>|Hostname

<suffix>]

Permits list of hostnames and IP addresses.

<A.B.C.D> – Displays IP address

<Hostname> suffix – Displays hostname

suffix – Matches any hostname including this one as suffix

Example

RFController(config-whitelist)#permit 172.16.10.3

RFController(config-whitelist)#permit brocade suffix

RFController(config-whitelist)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

325

Download from Www.Somanuals.com. All Manuals Search And Download.

Global Configuration commands

326

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Crypto-isakmp Instance

In this chapter

The (config-crypto-isakmp)instance is used to configure ISAKMP policies. To enter this

instance, use this command:

RFController(config)#crypto isakmp policy <1-10000>

RFController(config-crypto-isakmp)#

Crypto ISAKMP config commands

Table 6 summarizes crypto-isakmpcommands

TABLE 6

Crypto-isakmp Instance

Command

Description

Ref.

authentication

Sets the authentication scheme

Clears the display screen

encryption

Sets the encryption algorithm

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Sets the Diffie-Hellman group

hash

Sets the hash algorithm

Provides a description of the interactive help system

Sets the lifetime for the ISAKMP security association

Negates a command or sets its defaults

Defines the controllers service commands

Shows running system information

lifetime

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

327

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

authentication

Authenticates rsa-sig and pre-share keys

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

authentication [pre-share|rsa-sig]

Parameters

pre-share

rsa-sig

pre shared key

rsa signature

Example

RFController(config-crypto-isakmp)#authentication pre-share

RFController(config-crypto-isakmp)#

RFController(config-crypto-isakmp)#authentication rsa-sig

RFController(config-crypto-isakmp)#

328

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

clrscr

Clears the display screen

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None.

Example

RFController(config-crypto-isakmp)#clrscr

RFController(config-crypto-isakmp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

329

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

encryption

Configures the encryption level of the data transmitted using the crypto-isakmpcommand

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

encryption [3des|aes|aes-192|aes-256|des]

Parameters

3des

Triple data encryption standard

Advanced data encryption standard

Data encryption standard

aes

aes-192

aes-256

des

Example

RFController(config-crypto-isakmp)#encryption 3des

RFController(config-crypto-isakmp)#

RFController(config-crypto-isakmp)#encryption aes-256

RFController(config-crypto-isakmp)#

330

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

end

Ends and exits the current mode and changes to the PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None.

Example

RFController(config-crypto-isakmp))#end

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

331

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

exit

Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to

RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None.

Example

RFController(config-crypto-isakmp)#exit

RFController(config)#

332

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

group

Specifies the Diffie-Hellman group (1 or 2) used by the IKE policy to generate keys (which is then

used to create an IPSec SA)

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

group [1|2|5]

Parameters

Diffie-Hellman group 1

Diffie-Hellman group 2

Diffie-Hellman group 5

Usage Guidelines

The local IKE policy and the peer IKE policy must have matching group settings in order for

negotiation to be successful.

Example

RFController(config-crypto-isakmp)#group 5

RFController(config-crypto-isakmp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

333

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

hash

Specifies the hash algorithm used to authenticate data transmitted over the IKE SA

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

hash [md5|sha]

Parameters

md5

sha

Choose the MD5 hash algorithm

Choose the SHA hash algorithm

Example

RFController(config-crypto-isakmp)#hash sha

RFController(config-crypto-isakmp)#

334

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

help

Displays the system’s interactive help system

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None.

Example

RFController(config-crypto-isakmp)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-crypto-isakmp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

335

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

lifetime

Specifies how long an IKE SA is valid before it expires

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

lifetime <seconds>

Parameters

Specifies how many seconds an IKE SA lasts before it expires. A

time stamp (in seconds) can be configured between 60 and

2147483646.

Example

RFController(config-crypto-isakmp)#lifetime 5200

RFController(config-crypto-isakmp)#

336

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

Negates a command or sets its defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

no [authentication|encryption|group|hash|lifetime]

Parameters

None.

Example

RFController(config-crypto-isakmp)#no lifetime

RFController(config-crypto-isakmp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

337

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

service

Invokes service commands to troubleshoot or debug the (config-crypto-isakmp) instance

configurations.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

cli

Displays the CLI tree of current mode

Example

RFController(config-crypto-isakmp)#service show cli

Crypto Isakmp Config mode:

+-authentication

+-pre-share [authentication ( rsa-sig | pre-share )]

+-rsa-sig [authentication ( rsa-sig | pre-share )]

+-clrscr [clrscr]

+-do

+-LINE [do LINE]

+-encryption

+-3des [encryption ( des | 3des | aes | aes-192 | aes-256 )]

+-aes [encryption ( des | 3des | aes | aes-192 | aes-256 )]

+-aes-192 [encryption ( des | 3des | aes | aes-192 | aes-256 )]

+-aes-256 [encryption ( des | 3des | aes | aes-192 | aes-256 )]

+-des [encryption ( des | 3des | aes | aes-192 | aes-256 )]

+-end [end]

+-exit [exit]

+-group

+-1 [group (1|2|5)]

+-2 [group (1|2|5)]

+-5 [group (1|2|5)]

+-hash

+-md5 [hash (sha|md5)]

...................

RFController(config-crypto-isakmp)#

338

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

show

•Crypto Group config command s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 41

Displays current system information running on the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

NOTE

For more details, see show on page 59

Syntax

show <paramater>

Parameters

Displays all the parameters for which information can be viewed

using the show command

Example

RFController(config-crypto-isakmp)#show ?

access-list

Internet Protocol (IP)

aclstats

alarm-log

autoinstall

banner

boot

clock

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

environment

file

firewall

ftp

history

interfaces

Debugging information outputs

DHCP Server Configuration

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

licenses

logging

Show any installed licenses

Show logging configuration and buffer

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

339

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto ISAKMP config commands

mac

Internet Protocol (IP)

mac-address-table

Display MAC address table

mac-name

management

mobility

Displays the configured MAC names

Display L3 Managment Interface name

Display Mobility parameters

Network time protocol

ntp

password-encryption

port

port-channel

privilege

protocol-list

radius

Password encryption

Physical/Aggregate port interface

Portchannel commands

Show current privilege level

List of protocols

RADIUS configuration commands

Display redundancy group parameters

Configure role parameters

redundancy

role

rtls

Real Time Locating System commands

Current Operating configuration

Securitymgr parameters

running-config

securitymgr

service-list

sessions

smtp-notification

snmp

snmp-server

spanning-tree

startup-config

List of services

Display current active open connections

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

static-channel-group Static channel group membership

terminal

timezone

traffic-shape

upgrade-status

users

Display terminal configuration parameters

Display timezone

Display traffic shaping

Display last image upgrade status

Display information about currently logged in users

Display software & hardware version

IP redundancy feature

Wireless configuration commands

wlan based acl

version

virtual-ip

wireless

wlan-acl

wwan

Wireless wan interfaces

RFController(config-crypto-isakmp)#show

340

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Crypto-group Instance

In this chapter

The (config-crypto-group)instance configures the default group properties of the ISAKMP

client.

To navigate to this instance, use the command:

RFController(config)#crypto isakmp client configuration group default

RFController(config-crypto-group)#

Crypto Group config commands

Table 7 summarizes the controller config-crypto-groupcommands

TABLE 7

Crypto-group Instance Commands

Command

Description

Ref.

dns

Clears the display screen

page 342

Defines a primary and secondary Domain Name Server (DNS) page 343

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Displays the interactive help system

Invokes service commands to troubleshoot or debug the

(config-crypto-isakmp) instance configuration

wins

Shows running system information

page 348

page 350

Defines a Windows Name Server (WINS)

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

341

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Group config commands

clrscr

Clears the display screen

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController(config-crypto-group)#clr

RFController(config-crypto-group)#

342

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Group config commands

dns

Specifies the DNS server address(es) to assign to a client

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

dns <IP>

<IP >

The first DNS server address to assign

Example

RFController(config-crypto-group)#dns-server 172.1.17.1

RFController(config-crypto-group)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

343

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Group config commands

end

Ends and exits the current mode and changes to the PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-crypto-group)#end

RFController#

344

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Group config commands

exit

Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to

RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config-crypto-group)#exit

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

345

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Group config commands

help

Displays the system’s interactive help system

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController(config-crypto-group)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-crypto-group)#

346

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Group config commands

service

Invokes service commands used troubleshoot or debug (config-crypto-isakmp) instance

configurations

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

cli

Displays the CLI tree of current mode

Example

RFController(config-crypto-group)#service show cli

Crypto Client Config mode:

+-clrscr [clrscr]

+-dns

+-A.B.C.D [dns A.B.C.D]

+-do

+-LINE [do LINE]

+-end [end]

+-exit [exit]

+-help [help]

+-quit [quit]

+-s

+-commands [show commands]

+-WORD [show commands WORD]

+-running-config [show running-config]

+-full [show running-config full]

+-include-factory [show running-config include-factory]

...............................................

RFController(config-crypto-group)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

347

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Group config commands

show

Displays current system information running on the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller:

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

NOTE

For more details on the show command see show on page 59

Syntax

show <paramater>

Parameters

Displays all the parameters for which information can be viewed

using the show command

Example

RFController(config-crypto-group)#show ?

access-list

Internet Protocol (IP)

aclstats

alarm-log

autoinstall

banner

boot

clock

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

environment

file

firewall

ftp

history

interfaces

Debugging information outputs

DHCP Server Configuration

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

licenses

logging

Show any installed licenses

Show logging configuration and buffer

348

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Group config commands

mac

Internet Protocol (IP)

mac-address-table

mac-name

management

mobility

Display MAC address table

Displays the configured MAC Names

Display L3 Managment Interface name

Display Mobility parameters

Network time protocol

ntp

password-encryption

port-channel

port

privilege

protocol-list

radius

password encryption

Portchannel commands

Physical/Aggregate port interface

Show current privilege level

List of protocols

RADIUS configuration commands

Display redundancy group parameters

Configures role parameters

redundancy

role

rtls

Real Time Locating System commands

Current Operating configuration

Securitymgr parameters

Display current active open connections

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

running-config

securitymgr

sessions

smtp-notification

snmp

snmp-server

spanning-tree

startup-config

static-channel-group static channel group membership

terminal

timezone

traffic-shape

upgrade-status

users

Display terminal configuration parameters

Display timezone

Display traffic shaping

Display last image upgrade status

Display information about currently logged in users

Display software & hardware version

IP redundancy feature

Wireless configuration commands

wlan based acl

version

virtual-ip

wireless

wlan-acl

wwan

Wireless wan interfaces

RFController(config-crypto-group)#show

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

349

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Group config commands

wins

•Crypto Peer config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

Specifies the Windows Internet Naming Service (WINS) servers to assign to a client

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

wins <IP>

Parameters

<IP >

The first WINS server address to assign

Example

RFController(config-crypto-group)#wins 128.2.11.1

RFController(config-crypto-group)#

350

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Crypto-peer Instance

In this chapter

The (config-crypto-peer)instance to configure ISAKMP peers. To enter this instance, use the

command:

RFController(config)#crypto isakmp peer [address|dn|hostname]

RFController(config-crypto-peer)#

Crypto Peer config commands

Table 8 summarizes the config-crypto-peercommands

TABLE 8 Crypto Peer Command Summary

Command Description

Ref.

Clears the display screen

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Displays the system’s interactive help system

Negates a command or sets its defaults

Invokes service commands to troubleshoot or debug the

(config-crypto-peer) instance configuration

set

Sets configuration parameters

Displays running system

page 358

page 359

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

351

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Peer config commands

clrscr

Clears the display screen

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController(config-crypto-peer)#clrscr

RFController(config-crypto-peer)

352

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Peer config commands

end

Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-crypto-peer)#end

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

353

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Peer config commands

exit

Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to

RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config-crypto-peer)#exit

RFController(config)#

354

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Peer config commands

help

Accesses the system’s interactive help system

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController(config-crypto-peer)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-crypto-peer)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

355

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Peer config commands

Negates a command or sets it’s defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

no set aggressive-mode password

Parameters

See set command for parameters details

Example

RFController(config-crypto-peer)#no set aggrerssive-mode password

RFController(config-crypto-peer)#

356

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Peer config commands

service

Invokes service commands to troubleshoot or debug the (config-crypto-peer) instance

configuration.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

cli

Displays the CLI tree of current mode

Example

RFController(config-crypto-peer)#service show cli

Crypto Peer Config mode:

+-clrscr [clrscr]

+-do

+-LINE [do LINE]

+-end [end]

+-exit [exit]

+-help [help]

+-no

+-set

+-aggressive-mode

+-password [no set aggressive-mode password]

+-quit [quit]

+-s

+-commands [show commands]

+-WORD [show commands WORD]

+-running-config [show running-config]

+-full [show running-config full]

+-include-factory [show running-config include-factory]

....................................

RFController(config-crypto-peer)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

357

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Peer config commands

set

Configures the aggressive-mode of config-crypto-peer

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

set aggressive-mode password [0 <password>|2 <password>|

<password>]

Parameters

aggressive-mode password

[0 <password>|2

Defines aggressive mode attributes

password – Specifies a tunnel-password attribute

•

0 <password> – Password <password> is specified

unencrypted.

2 <password> – Password <password> is specified

encrypted with the password-encryption secret

<password> – The password of minimum size of 8

characters.

Example

RFController(config-crypto-peer)#set aggressive-mode password CheckMeIn

RFController(config-crypto-peer)#

358

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Peer config commands

show

•Crypto IPSec config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Displays current system information running on the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller:

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

NOTE

For more details on the show command see show on page 59

Syntax

show <paramater>

Parameters

Displays all the parameters for which information can be viewed

using the show command.

Example

RFController(config-crypto-peer)#show ?

access-list

Internet Protocol (IP)

aclstats

alarm-log

autoinstall

banner

boot

clock

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

environment

file

firewall

ftp

history

interfaces

Debugging information outputs

DHCP Server Configuration

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

licenses

Show any installed licenses

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

359

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Peer config commands

logging

mac

Show logging configuration and buffer

Internet Protocol (IP)

mac-address-table

Display MAC address table

mac-name

management

mobility

Displays the configured MAC names

Display L3 Managment Interface name

Display Mobility parameters

Network time protocol

ntp

password-encryption

port

port-channel

privilege

protocol-list

radius

password encryption

Physical/Aggregate port interface

Portchannel commands

Show current privilege level

List of protocols

RADIUS configuration commands

Configure role parameters

role

redundancy

rtls

Display redundancy group parameters

Real Time Locating System commands

Current Operating configuration

Securitymgr parameters

running-config

securitymgr

service-list

smtp-notifications

sessions

Displays list of services

Display SNMP engine parameters

Display current active open connections

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

snmp

snmp-server

spanning-tree

startup-config

static-channel-group static channel group membership

terminal

timezone

upgrade-status

users

Display terminal configuration parameters

Display timezone

Display last image upgrade status

Display information about currently logged in users

Display software & hardware version

IP redundancy feature

Wireless configuration commands

wlan based acl

Wireless wan interfaces

version

virtual-ip

wireless

wlan-acl

wwan

RFController(config-crypto-peer)#show

360

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Crypto-ipsec Instance

In this chapter

Use the (config-crypto-ipsec) instance to define the transform configuration for securing

data (esp-3des, esp-sha-hmac etc.).

To navigate to this instance, use the command

RFController(config)#crypto ipsec transform-set

<transform-set-name> <encryption-type> <auth-type>

RFController(config-crypto-ipsec)#

The transform set is assigned to a crypto map using the map’s transform-set command. For more

details, see “set” on page 380.

Crypto IPSec config commands

The table below summarizes the config-crypto-ipseccommands:

TABLE 9

Crypto IPsec Command Summary

Command

Description

Ref.

Displays running system information

page 367

page 365

page 59

Configures the IP Sec transportation mode

Clears the display screen

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Describes the interactive help system

Negates a command or set its defaults

Invokes service commands to troubleshoot or debug

(config-crypto-isakmp) instance configurations

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

361

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto IPSec config commands

end

Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-crypto-ipsec)#end

RFController#

362

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto IPSec config commands

exit

Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to

RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config-crypto-ipsec)#exit

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

363

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto IPSec config commands

help

Accesses the system’s interactive help system

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController(config-crypto-peer)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-crypto-peer)#

364

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto IPSec config commands

mode

Configures the IPSec mode of operation

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

mode [transport|tunnel]

Parameters

transport

tunnel

Transport mode

Tunnel mode

Example

RFController(config-crypto-ipsec)#mode transport

RFController(config-crypto-ipsec)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

365

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto IPSec config commands

Negates a command or sets it’s defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

no mode

Parameters

mode

Sets default to tunnel mode.

Example

RFController(config-crypto-ipsec)#no mode

RFController(config-crypto-ipsec)#

366

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto IPSec config commands

show

Use this command to view current system information running on the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller:

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

Syntax

show <paramater>

Parameters

Displays all the parameters for which information can be viewed

using the show command

Example

RFController(config-crypto-ipsec)#show ?

aclstats

alarm-log

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

autoinstall

banner

boot

clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

environment

file

firewall

ftp

history

interfaces

Debugging information outputs

DHCP Server Configuration

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

licenses

logging

mac

Show any installed licenses

Show logging configuration and buffer

Internet Protocol (IP)

mac-address-table

mac-name

management

mobility

Display MAC address table

Displays the configured MAC names

Display L3 Managment Interface name

Display Mobility parameters

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

367

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto IPSec config commands

ntp

Network time protocol

password-encryption

password encryption

port

Physical/Aggregate port interface

Portchannel commands

Show current privilege level

List of protocols

RADIUS configuration commands

Configure role parameters

port-channel

privilege

protocol-list

radius

role

redundancy

rtls

Display redundancy group parameters

Real Time Locating System commands

Current Operating configuration

Securitymgr parameters

running-config

securitymgr

service-list

smtp-notifications

sessions

Displays list of services

Display SNMP engine parameters

Display current active open connections

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

snmp

snmp-server

spanning-tree

startup-config

static-channel-group static channel group membership

terminal

timezone

upgrade-status

users

Display terminal configuration parameters

Display timezone

Display last image upgrade status

Display information about currently logged in users

Display software & hardware version

IP redundancy feature

Wireless configuration commands

wlan based acl

Wireless wan interfaces

version

virtual-ip

wireless

wlan-acl

wwan

RFController(config-crypto-ipsec)#show

368

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto IPSec config commands

service

•Crypto Map config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Invokes service commands to troubleshoot or debug the (config-crypto-peer) instance

configuration

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

cli

Displays the CLI tree of current mode

Example

RFController(config-crypto-ipsec)#service show cli

Crypto Ipsec Config mode:

+-help [help]

+-show

+-commands [show commands]

+-WORD [show commands WORD]

+-ip

+-http

+-secure-server [show ip http secure-server]

+-server [show ip http server]

+-access-group

+-WORD [show ip access-group `WORD|ge <1-4>|me1|sa <1-4>|vlan <1-4094>']

+-ge

+-<1-4> [show ip access-group `WORD|ge <1-4>|me1|sa <1-4>|vlan

<1-4094>']

+-me1 [show ip access-group `WORD|ge <1-4>|me1|sa <1-4>|vlan <1-4094>']

....................................

RFController(config-crypto-peer)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

369

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto IPSec config commands

370

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Crypto-map Instance

In this chapter

The (config-crypto-map) commands define a Certificate Authority (CA) trustpoint. This is a

separate instance, but belongs to the crypto pki trustpoint mode under the

configinstance.

To navigate to this instance, use the command:

RFController(config)#crypto map <map-name> <sequence>

[ipsec-isakmp|ipsec-manual] {dynamic}

RFController(config-crypto-map)#

Crypto Map config commands

Table 10 summarizes config-crypto-mapcommands:

TABLE 10

Command

Crypto Map Command Summary

Description

Ref.

Clears the display screen

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Describes the interactive help system

match

Assigns an IP access-list to a crypto map definition

Negates a command or set its defaults

Invokes service commands to troubleshoot or debug the

instance configurations

set

Sets values for encryption/decryption parameters

Displays the running system information

page 380

page 384

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

371

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

clrscr

Clears the display screen

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController(config-crypto-map)#clrscr

RFController(config-crypto-map)#

372

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

end

Ends and exits the current mode and moves to the to PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-crypto-map)#end

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

373

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

exit

Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to

RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config-crypto-map)#exit

RFController(config)#

374

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

help

Displays the system’s interactive help system

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController(config-crypto-map)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-crypto-map)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

375

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

match

Use this command to assign an IP access-list to a crypto map definition. The access-list designates

the IP packets to be encrypted by this crypto map.

A crypto map entry is a single policy that describes how certain traffic is secured. There are two

types of crypto map entries: ipsec-manual and ipsec-ike entries. Each entry is given an index (used

to sort the ordered list).

When a non-secured packet arrives on an interface, the crypto map set associated with that

interface is processed (in order). If a crypto map entry matches the non-secured traffic, the traffic is

discarded.

When a packet is transmitted on an interface, the crypto map set associated with that interface is

processed. The first crypto map entry that matches the packet is used to secure the packet. If a

suitable SA exists, it is used for transmission. Otherwise, IKE is used to establish an SA with the

peer. If no SA exists (and the crypto map entry is “respond only”), the packet is discarded.

When a secured packet arrives on an interface, its SPI is used to look up a SA. If a SA does not exist

(or if the packet fails any of the security checks), it is discarded. If all checks pass, the packet is

forwarded normally.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

match address <acl-id>

Parameters

address

<acl-id>

Match the address of packets to encrypt

Enter the name of the access list or ACL ID to assign to this crypto

map

Usage Guidelines

Crypto map entries do not directly contain the selectors used to determine which data to secure.

Instead, the crypto map entry refers to an access control list. An access control list (ACL) is

assigned to the crypto map using the match address command. If no ACL is configured for a crypto

map, the entry is incomplete and will have no effect on the system.

The entries of the ACL used in a crypto map should be created with respect to traffic sent by the

OS. The source information must be the local OS, and the destination must be the peer.

Only extended access-lists can be used in crypto maps.

Example

The following entails setting up an ACL (called TestList) and assigning the new list to a crypto map

(called TestMap):

RFController(config)#ip access-list extended TestList

Configuring New Extended ACL "TestList"

376

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

(config-ext-nacl)#exit

RFController(config)#crypto map TestMap 220 isakmp dynamic

RFController(config-crypto-map)#

RFController(config-crypto-map)#match address TestMap

RFController(config-crypto-map)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

377

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

Negates a command or sets its defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

no [match|set]

Parameters

Use the commands configured under this instance.

Example

RFController(config-crypto-map)#no match address <WORD>

RFController(config-crypto-map)#

378

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

service

Invokes service commands to troubleshoot or debug the (config-crypto-peer) instance

configuration

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

Example

cli

Displays the CLI tree of the current mode

RFController(config-crypto-map)#service show cli

Crypto Map Config mode:

+-clrscr [clrscr]

+-do

+-LINE [do LINE]

+-end [end]

+-exit [exit]

+-help [help]

+-match

+-address

+-WORD [match address WORD]

+-no

+-match

+-address

+-WORD [no match address WORD]

+-set

+-localid [no set localid]

+-mode [no set mode]

+-peer

+-A.B.C.D [no set peer (A.B.C.D |WORD)]

+-WORD [no set peer (A.B.C.D |WORD)]

+-pfs [no set pfs]

+-remote-type [no set remote-type]

+-security-association

+-level

+-perhost [no set security-association level perhost]

+-lifetime [no set security-association lifetime]

+-session-key

+-inbound

+-ah [no set session-key ( inbound | outbound ) ah]

+-esp [no set session-key ( inbound | outbound ) esp]

.............................................................................

...............................................

RFController(config-crypto-map)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

379

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

set

Configures set parameters for the peer device

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

set [localid|mode|peer|pfs|remote-type {ipsec-l2tp|xauth}|

security-association|session-key|transform-set)

set localid [dn|hostname]<name>

set pfs [1|2|5]

set mode [aggressive|main]

set security-association [level|lifetime]

set security-association level perhost

set security-association lifetime [kilobytes|seconds]<value>

set session-key [inbound|outbound]{ah|esp}

set session-key [inbound|outbound] ah <hexkey data>

set session-key [inbound|outbound] esp <SPI>cipher<hexdata key> authenticator

set peer [ipaddress|<host name>]

set remote-type [ipsec-l2tp|xauth]

set transform-set <name>

380

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

Parameters

localid [dn|hostname]

<name>

Sets the local identity

•

dn <name> – Defines the distinguished dn name

hostname <name> – Sets the hostname

<name> – The distinguished name or hostname

•

mode [aggressive|main]

Sets the mode of the tunnels for this Crypto Map

•

aggressive – Initiates aggressive mode

main – Initiates main mode

peer [ipaddress|

<host name>]

Sets the IP address of the peer device. This can be set for multiple

remote peers. The remote peer can be either an IP address.

In manual mode, only one remote peer can be added for a crypto

map

•

IP address – Enter the IP address of the peer device. If not

configured, it implies responder only to any peer

<host name> – Displays host name of the peer

•

pfs [1|2|5]

Use the set pfs command to choose the type of perfect forward

secrecy (if any) required during IPSec negotiation of SAs for this

crypto map. Use the no form of this command to require no PFS.

•

group 1 – IPSec is required to use the Diffie-Hellman Group 1

(768-bit modulus) exchange during IPSec SA key generation

group 2 – IPSec is required to use the Diffie-Hellman Group 2

(1024-bit modulus) exchange during IPSec SA key

generation

•

group 5 – IPSec is required to use Diffie-Hellman Group 5

remote-type [ipsec-l2tp|

xauth]

Sets the remote VPN client type

•

ipsec-l2tp – Specify the remote VPN client as using

IPSEC/L2TP

•

xauth – Specify the remote VPN client as using XAUTH with

mode config

security-association [level

perhost|lifetime

Defines the lifetime (in kilobytes and/or seconds) of the IPSec SAs

created by this crypto map

{kilobyte|seconds}]

•

level perhost – Specifies the security association granularity

level for identities

•

lifetime [kilobyte|seconds] – Security an association lifetime

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

381

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

session-key

[inbound|outbound]

{ah|esp}

<256-4294967295>

cipher

Use the set session-key command to define the encryption and

authentication keys for this crypto map

•

inbound [ah|esp] – Defines encryption keys for inbound

traffic

•

outbound [ah|esp] – Defines encryption keys for outbound

traffic

For information on how to create a key for authentication and

encryption, refer Usage Guideline in Global Configuration

commands under crypto on page 233.

•

ah <256-4294967295> – Authentication header protocol

•

<256-4294967295> – Security Parameter Index (SPI)

for the security association

•

esp <256-4294967295>– Encapsulating security payload

protocol

•

<256-4294967295> cipher – Defines the security

parameter index

•

cipher – Specify encryption/decryption key

authenticator <hex key data> – Specify an authentication key

transformset <name>

Use the set transform-set command to assign a transform-set to a

crypto map

Usage Guidelines

RFController(config-crypto-map)#set peer name

If no peer IP address is configured, the manual crypto map is not valid and not complete. A peer IP

address is required for manual crypto maps. To change the peer IP address, the no set peer

command must be issued first; then the new peer IP address can be configured.

RFController(config-crypto-map)#set pfs

If left at the default setting, no perfect forward secrecy (PFS) is used during IPSec SA key

generation. If PFS is specified, the specified Diffie-Hellman Group exchange is used for the initial

(and all subsequent) key generations. This means no data linkage between prior keys and future

keys.

RFController(config-crypto-map)#set security-association lifetime

(kilobytes|seconds)

Values can be entered in both kilobytes and seconds. Whichever limit is reached first, ends the

security association.

RFController(config-crypto-map)#set session-key [inbound|outbound]{ah|esp}

RFController(config-crypto-map)#set session-key [inbound|outbound] ah <hexkey

data>

RFController(config-crypto-map)#set session-key [inbound|outbound] esp <SPI>

cipher <hexdata key> authenticator <hexkey data>

The inbound local SPI (security parameter index) must equal the outbound remote SPI. The

outbound local SPI must equal the inbound remote SPI. The key values are the hexadecimal

representations of the keys.

They are not true ASCII strings. Therefore, a key of 3031323334353637 represents “01234567”.

RFController(config-crypto-map)#set transformset name

382

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

Crypto map entries do not directly contain the transform configuration for securing data. Instead,

the crypto map is associated with transform sets which contain specific security algorithms.

If a transform-set is not configured for a crypto map, the entry is incomplete and has no effect. For

manual key crypto maps, only one transform set can be specified.

Example

RFController(config-crypto-map)#set localid hostname TestMapHost

RFController(config-crypto-map)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

383

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

show

•Trustpoint (PKI) config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Displays current system information running on the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller:

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

Syntax

show <paramater>

Parameters

Displays all the parameters for which information can be viewed

using the show command

Example

RFController(config-crypto-map)#show ?

RFController(config-crypto-ipsec)#show ?

aclstats

alarm-log

autoinstall

banner

boot

clock

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

environment

file

firewall

ftp

history

interfaces

Debugging information outputs

DHCP Server Configuration

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

licenses

logging

mac

Show any installed licenses

Show logging configuration and buffer

Internet Protocol (IP)

mac-address-table

mac-name

management

Display MAC address table

Displays the configured MAC names

Display L3 Managment Interface name

384

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

mobility

Display Mobility parameters

ntp

Network time protocol

password-encryption

port

port-channel

privilege

protocol-list

radius

password encryption

Physical/Aggregate port interface

Portchannel commands

Show current privilege level

List of protocols

RADIUS configuration commands

Configure role parameters

role

redundancy

rtls

Display redundancy group parameters

Real Time Locating System commands

Current Operating configuration

Securitymgr parameters

running-config

securitymgr

service-list

smtp-notifications

sessions

Displays list of services

Display SNMP engine parameters

Display current active open connections

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

snmp

snmp-server

spanning-tree

startup-config

static-channel-group static channel group membership

terminal

timezone

upgrade-status

users

Display terminal configuration parameters

Display timezone

Display last image upgrade status

Display information about currently logged in users

Display software & hardware version

IP redundancy feature

Wireless configuration commands

wlan based acl

version

virtual-ip

wireless

wlan-acl

wwan

Wireless wan interfaces

RFController(config-crypto-map)#show

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

385

Download from Www.Somanuals.com. All Manuals Search And Download.

Crypto Map config commands

386

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Crypto-trustpoint Instance

In this chapter

The (config-crypto-trustpoint)commands define a Certificate Authority (CA) trustpoint. This

is a separate instance, but belongs to the crypto pki trustpoint mode under the config

instance.

To navigate to this instance, use the command

RFController(config)#crypto pki trustpoint <trustpoint-name>

RFController(config-trustpoint)#

Trustpoint (PKI) config commands

Table 11 summarizes config-crypto-trustpointcommands:

TABLE 11

Command

Trustpoint (PKI) Config Command Summary

Description

Ref.

Clears the display screen

Defines a company name for the trustpoint

Sets an e-mail ID for the trustpoint

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Sets the domain name of the trustpoint

Displays the interactive help system

Sets an IP address for the trustpoint

Negates a command or sets its defaults

password

Sets the challenge password (applicable only for requests),

to access the trustpoint

rsakeypair

Defines a RSA Keypair to associate with the trustpoint

page 398

page 399

Invokes service commands to troubleshoot or debug the

crypto pki trustpointinstance configuration

Displays running system information

page 400

page 402

subject-name

The subject name is a collection of required parameters to

configure a trustpoint

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

387

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

clrscr

Clears the display screen

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController(config-trustpoint)#clrscr

RFController(config-trustpoint)#

388

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

company-name

Sets the company name (Applicable only for request)

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

company-name <company-name>

Parameters

<company-name>

Company name (2 to 64 characters)

Example

RFController(config-trustpoint)#company-name RetailKing

RFController(config-trustpoint)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

389

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

Sets the e-mail ID for the trustpoint

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

email <email>

Parameters

<email>

Sets email address (2 to 64 characters) for the trustpoint

Example

RFController(config-trustpoint)#email [email protected]

RFController(config-trustpoint)#

390

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

end

Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-trustpoint)#end

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

391

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

exit

Ends the current mode and moves to previous the mode (GLOBAL-CONFIG). The prompt changes to

RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config-trustpoint)#exit

RFController(config)#

392

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

fqdn

Configures the domain name of the trustpoint (FQDN stands for Fully Qualified Domain Name)

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

fqdn <domain-name>

Parameters

<domain-name>

The fully qualified domain name (between 9 and 64 characters

long)

Example

RFController(config-trustpoint)#fqdn RetailKing.com

RFController(config-trustpoint)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

393

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

help

Displays the systems interactive help system

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController(config-trustpoint)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-trustpoint)#

394

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

ip-address

Sets an IP address for the trustpoint

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

ip-address <IP>

Parameters

<IP>

Enter the IP address for the trustpoint

Example

RFController(config-trustpoint)#ip-address 157.200.200.02

RFController(config-trustpoint)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

395

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

Negates a command or sets its defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

no [company-name|email|fqdn|ip-address|subject-name]

Parameters

None.

Example

RFController(config-trustpoint)#no ip-address

RFController(config-trustpoint)#

396

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

password

Sets the challenge password (applicable only for requests) to access the trustpoint

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

password [0<password>|2<password>|<password>]

Parameters

0 <password>

Password <password> is specified as unencrypted, the password

should be between 4 to 20 characters

2 <password>

Password <password> is encrypted with password-encryption

secret, the string length of encrypted password should be

between 44 - 64 characters

Sets the password to <password> (4 to 20 characters)

Example

RFController(config-trustpoint)#password 0 TestPassword

RFController(config-trustpoint)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

397

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

rsakeypair

Configures a RSA Keypair to associate with the trustpoint

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

rsakeypair <keypair-name>

Parameters

<keypair-name>

RSA Keypair Identifier

Usage Guidelines

The RSA key pair configures the controller to have Rivest, Shamir, and Adelman (RSA) key pairs.

Thus, the controller software can maintain a different key pair for each identity certificate.

Example

RFController(config-trustpoint)#rsakeypair were

RFController(config-trustpoint)#

The rsakeypair name “were” in this example is an existing keypair value.

398

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

service

Invokes service commands to troubleshoot or debug the crypto pki trustpointinstance

configuration

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

None

Example

RFController(config-trustpoint)#service show cli

Trustpoint Config mode:

+-clrscr [clrscr]

+-company-name

+-WORD [company-name WORD]

+-do

+-LINE [do LINE]

+-email

+-WORD [email WORD]

+-end [end]

+-exit [exit]

+-fqdn

+-WORD [fqdn WORD]

+-help [help]

+-ip-address

+-A.B.C.D [ip-address A.B.C.D]

+-no

+-company-name [no company-name]

+-email [no email]

+-fqdn [no fqdn]

+-ip-address [no ip-address]

+-subject-name [no subject-name]

.............................................................................

..........................

RFController(config-trustpoint)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

399

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

show

Displays current system information running on the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller:

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

Syntax

show <paramater>

Parameters

Displays all the parameters for which information can be viewed

using the show command

Example

RFController(config-trustpoint)#show ?

access-list

Internet Protocol (IP)

aclstats

alarm-log

autoinstall

banner

boot

clock

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

environment

file

firewall

ftp

history

interfaces

Debugging information outputs

DHCP Server Configuration

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

licenses

logging

mac

Show any installed licenses

Show logging configuration and buffer

Internet Protocol (IP)

mac-address-table

mac-name

management

Display MAC address table

Displays the configured MAC names

Display L3 Managment Interface name

400

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

mobility

Display Mobility parameters

ntp

Network time protocol

password-encryption

port

port-channel

privilege

protocol-list

radius

password encryption

Physical/Aggregate port interface

Portchannel commands

Show current privilege level

List of protocols

RADIUS configuration commands

Display redundancy group parameters

Configure role parameters

redundancy

role

rtls

Real Time Locating System commands

Current Operating configuration

Securitymgr parameters

Display current active open connections

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

running-config

securitymgr

sessions

smtp-notification

snmp

snmp-server

spanning-tree

startup-config

static-channel-group static channel group membership

service-list

terminal

traffic-shape

timezone

Displays list of services

Display terminal configuration parameters

Display traffic shaping

Display timezone

upgrade-status

users

Display last image upgrade status

Display information about currently logged

in users

version

virtual-ip

wireless

wlan-acl

wwan

Display software & hardware version

IP redundancy feature

Wireless configuration commands

wlan based acl

Wireless wan interfaces

RFController(config-crypto-map)#show

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

401

Download from Www.Somanuals.com. All Manuals Search And Download.

Trustpoint (PKI) config commands

subject-name

•Interface config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

Creates a subject name to configure a trustpoint (the subject name is a collection of required

parameters to configure a trustpoint)

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

subject-name <name> <country> <state> <city> <org>

<org-unit>

Parameters

<name>

<state>

<city>

Name of this set of parameters for configuring trust points

The 2 character ISO country code

The state in the country (2 to 128 characters)

The city name (2 to 128 characters)

<org>

The organization name (2 to 128 characters)

The name of the unit in the organization (2 to 128 characters)

<org-unit>

Example

RFController(config-trustpoint)#subject-name TestPool ?

WORD Country ( 2 character ISO Code )

RFController(config-trustpoint)#subject-name TestPool US ?

WORD State( 2 to 128 characters )

RFController(config-trustpoint)#subject-name TestPool US OH ?

WORD City( 2 to 128 characters )

RFController(config-trustpoint)#subject-name TestPool US OH PB ?

WORD Organization( 2 to 64 characters )

RFController(config-trustpoint)#subject-name TestPool US OH PB BROCADE ?

WORD Organization Unit( 2 to 64 characters )

RFController(config-trustpoint)#subject-name TestPool US OH PB BROCADE WID ?

<cr>

RFController(config-trustpoint)#subject-name TestPool US OH PB BROCADE WID

RFController(config-trustpoint)#

402

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Interface Instance

In this chapter

Use the (config-if)instance to configure the interfaces – Ethernet, VLAN and tunnel associated

with the controller.

To controller to this mode, use the command:

For Mobility RFS7000 Controller:

RFController(config)#interface [<interface-name>|ge <1-4>|me1|sa <1-4>|vlan

<1-4094>

RFController(config-if)#

For Mobility RFS6000 Controller:

RFController(config)#interface [<interface-name>|ge <1-8>|me1|up1|vlan

<1-4094>

RFController(config-if)#

For Mobility RFS4000 Controller:

RFSwitch(config)#interface [<interface-name>|ge <1-5>|me1|

up1|vlan <1-4094>|sa <1-6>|wwan]

RFSwitch(config-if)#

Interface config commands

Table 12 summarizes the (config-if)commands:

TABLE 12

Command

Interface Config Commands

Description

Ref.

Clears the display screen

Defines the encryption module

Creates an interface specific description

Sets the duplex mode used by the interface

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Displays the interactive help system

Sets the IP address for the assigned ethernet, VLAN or tunnel page 412

mac

Applies a MAC access list to a gigabit ethernet interface

Sets the selected interface as the management interface

page 415

page 416

management

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

403

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

TABLE 12

Command

Interface Config Commands

Description

Ref.

Negates a command or sets its defaults

Configures the load-balancing criteria of an aggregated port

PoE (Power Over Ethernet) commands used to configure PoE page 420

power limit and priority for a port

Invokes service commands to troubleshoot or debug the

page 421

(config-if) instance configurations

Displays running system information

Shuts down a selected interface

Disables the selected interface. The interface is

administratively enabled unless explicitly disabled using this

command

speed

Specifies the speed of a fast-ethernet (10/100) or a gigabit

ethernet port (10/100/1000)

page 428

page 429

static-channel-g Configures static channel commands

Sets broadcast rate-limit value

page 432

page 430

page 433

Sets controller mode characteristics

Sets protocol-over protocol tunneling

404

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

clrscr

Clears the display screen

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController(config-if)#clrscr

RFController(config-if)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

405

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

crypto

Sets the encryption module to use for this interface

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

crypto map <map-tag>

Parameters

map <map-tag>

Assigns a Crypto Map

<map-tag> – Crypto Map tag

•

Usage Guidelines

At any given instance you can add one crypto mapset to an single interface. The controller does not

allow the same cryptomap set to be attached to multiple interfaces.

406

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

description

Creates an interface specific description

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

description <description>

Parameters

Defines the characters describing this interface

Example

RFController(config-if)#description "interface for RetailKing"

RFController(config-if)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

407

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

duplex

Specifies the duplex mode for the interface

NOTE

Duplexity can only be set for an Ethernet Interface. Enter the

(config-if)instance using the ethparameter of the interfacemode

The duplex cannot be set until the speed is set to a non-auto value

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

duplex [auto|full|half]

Parameters

auto

Sets the ports duplexity automatically. The port automatically

detects whether it should run in full or

half-duplex mode

full

Sets the port in full-duplex mode

Sets the port in half-duplex mode

half

Usage Guidelines

The duplex defines the communication used by the port. The controller (by default) is set in the

auto duplex mode. In auto mode, the duplex is selected based on connected network hardware.

408

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

end

Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-if)#end

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

409

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

exit

Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes

to RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config-if)#exit

RFController(config)#

410

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

help

Displays the system’s interactive help

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController(config-if)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-if)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

411

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

Sets the IP address for the assigned Fast Ethernet interface (ME) and VLAN Interface

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

ip access-group [<1-99>|<100-199>|<1300-1999>|

<2000-2699>|WORD in]

ip arp [rate-limit|trust]

ip dhcp trust

ip address [<IP/Mask> {secondary}|dhcp]

ip helper-address <IP>

ip nat [inside|outside]

412

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

Parameters

access-group

Defines the access group

[<1-99>|

•

<1-99> – Sets the IP standard access list

<100-199>|

<1300-1999>|

<2000-2699>]

<100-199> – Sets the IP extended access list

<1300-1999> – Sets the IP standard access list

(expanded range)

•

<2000-2699> – Sets the IP extended access list

(expanded range)

WORD in – Defines the access list name

•

in – Sets incoming packets

ip address [ <IP Mask>

{secondary}|dhcp]

Sets a static IP address and network mask for a Layer 3 SVI

(Controller Virtual Interface)

•

<IP/ Mask> {secondary} – Sets the IP address (10.0.0.1/8)

secondary – Defines an optional secondary IP address

dhcp – Uses a DHCP Client to obtain an IP address for the

interface (this enables DHCP on a Layer 3 SVI)

•

helper-address <IP>

nat [inside|outside]

Forwards DHCP and BOOTP packets

•

<IP> - Defines the IP to which DHCP and BOOTP packets

are forwarded

NOTE: IP helper addresses can only be applied on SVI but not

on the physical interfaces.

Sets Network Address Translation (NAT) parameters

•

inside – Inside interface

outside – Outside interface

arp [rate-limit

<1-1000000>|

trust]

Sets arp for the packets

•

rate-limit <1-1000000> – Displays the allowed rate in

packets per second

•

trust – Displays trust state for arp responses coming in this

interface

dhcp trust

Sets dhcp trust state for dhcp responses coming in this

interface

Usage Guidelines

IPv4 commands are not allowed on a L2 interface. Use the ip access-groupcommand to attach

an access list to an interface. Use the no ip access-groupcommand to remove the access list

from the interface

Use mac access-group to attach a MAC access list to an interface

Use the {no} ip [options] command to undo IP based interface configurations

Example

RFController(config-if)#ip access-group 110 in

RFController(config-if)#

RFController(config-if)#ip address 192.168.234.1/24

RFController(config-if)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

413

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

Creating helper address using DHCP server

Follow the steps below to create a helper address on VLAN 2000 for using a DHCP server on VLAN

1000:

RFController(config)#interface vlan 1000

RFController(config-if)#ip address 172.168.100.1/24

RFController(config-if)#interface vlan 2000

RFController(config-if)#ip address 172.168.200.1/24

RFController(config-if)#ip helper-address 172.168.100.10

RFController(config-if)#

Configuring a static NAT source translation

The example below displays static NAT source translation:

RFController(config)#interface vlan 1000

RFController(config-if)#ip nat inside

RFController(config-if)#interface vlan 2000

RFController(config-if)#ip nat outside

RFController(config)#ip nat inside source static 172.168.200.10 157.235.205.57

RFController(config)#

414

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

mac

Applies a MAC access list (ACL) to Gigabit Ethernet interface

NOTE

The access list cannot be applied on a management interface (me1).

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

mac access-group <acl-name> in

Parameters

access-group <acl-name>

Sets the MAC access groups ACL

•

<acl-name> – Sets ACL name

in – Applies the ACL to ingress packets

Example

RFController(config-if)#mac access-group Ark200 in

RFController(config-if)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

415

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

management

Sets the selected interface as management interface. It can only be used on a VLANx interface.

The TFTP/FTP server providing the controller its config file at startup must be accessible via this

interface.

VLAN 1 is the default management interface for the controller.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

management

Parameters

None

Usage Guidelines

The management privilege can be set only on a L3 interface. Use this command along with the

(config) management securein the config mode. This ensure management access is restricted

to the management VLAN only

Refer to management on page 268 for management configuration.

Example

RFController(config)#interface vlan 1000

RFController(config-if)#management

RFController(config-if)#

416

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

Negates a command or sets its defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller:

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

Syntax

shutdown|spanning-tree|speed|static-channel-group|

storm-control|controllerport]

Parameters

The nocommand negates any command associated with it. Wherever required, use the same

parameters associated with the command getting negated.

Example

RFController(config-if)#no duplex

RFController(config-if)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

417

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

port-channel

Selects the load-balance criteria of an aggregated port

Supported in the following platforms:

•

Mobility RFS7000 Controller

Mobility RFS4000 Controller

NOTE

This command is not supported on the Mobility RFS6000 Controller.

Syntax

port-channel load-balance [src-dst-ip|src-dst-mac]

Parameters

load-balance

Sets load-balancing for port channel

[src-dst-ip|src-dst-mac]

•

src-dst-ip – Defines the Source and Destination IP address

based on the current load balancing

•

src-dst-mac – Sets the Source and Destination MAC

address based on the load balancing

Usage Guidelines

Use this command to configure and set load balance on the aggregated port using (config-if)

static-channel-group.

Example

The following example creates a channel group 1, with interface ge1 and ge 2:

RFController(config)#interface ge1

RFController(config-if)#static-channel-group 1

RFController(config)#interface ge2

RFController(config-if)#static-channel-group 1

The following example defines the load balance based on the IP or MAC address:

RFController(config)#interface sa1

RFController(config-if)#port-channel load-balance src--dst-ip

RFController(config-if)#

Configuring a port aggregation

Use static-channel-groupand port-channelfor configuring port aggregation. Follow the steps

below to configure port aggregation:

1. Create a static channel group for port aggregation and associate an interface with it.

RFController(config)#interface ge 1

RFController(config-if)#static-channel-group 1

2. Execute show static-channel-group and ensure the virtual static aggregation

sa 1 has been created and associated with ge 1.

418

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

3. Select the other interface required for port aggregation and associate the static channel group

to it.

RFController(config)#interface ge 2

RFController(config-if)#static-channel-group 1

4. Execute show static-channel-group and ensure the virtual static aggregation

sa 1 has been created and associated with ge 2.

Both ge 1 and ge 2 are now aggregated and ready for use.

5. Use the port-channelcommand to select the criteria used to determine which link is selected

for a given packet. The port-channel selection is based on either source-destination IP or

source destination MAC

RFController(config-if)#port-channel load-balance src-dst-ip

RFController(config-if)#

The default port-channel criteria is based on source-destination IP. The port channel (when

configured with src-dst-ip)does not show up in the running-config. Hence, this mode is preferred

over src-dst-mac.

NOTE

When a port (GE) is aggregated into a Static Aggregation (SA), it temporarily takes on the port

configuration of the SA.

For example, If GE 1 (previously configured as trunk vlan 1-10) and GE 2 (previously configured as

trunk vlan 11-20) are now aggregated as SA 1 and SA 1 is configured as trunk vlan 100-200, then

SA 1’s configuration applies to both GE 1 and GE 2. This new configuration like VLAN, speed,

duplex, MST is now applicable on the ports as long as they are part of the SA. The ports revert back

to the original configuration once they are removed from the SA.

How src-dst-mac mode works

When the controller sends a packet out of a SA, it selects the egress port as a function of the

packet's source MAC, destination MAC, and the set of ports in the SA which are running. It XORs the

bottom bits of the two MACs and indexes it into a table of the running ports.

How src-dst-ip mode works

When the controller sends an IP packet, the egress port is chosen as a function of the packet's

source IP, destination IP and the set of running ports. It XORs the bottom byte of the two IP

addresses and indexes then into the same table of running ports that src-dst-macmode uses.

If the packet is NOT an IP packet, it uses the same calculation as src-dst-mac mode.

Why is src-dst-ip mode preferred

src-dst-ip mode distributes packets better when most packets, going through the gateway, are IP

packets. In the presence of an IP gateway, the IP packets forwarded from one Client to hosts that is

beyond the gateway all have the same MAC pair <Client MAC, Gateway MAC> no matter what host

the Client is accessing.

But in src-dst-mac balancing, the same link is selected always.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

419

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

power

Invokes PoE commands to configure PoE power limit and priority for a port. By default the value for

a GE port is set to low. Power is applied in order of priority, power overlaods are removed in reverse

order of priority.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Syntax

power [limit <0-30>|priority {critical|high|low}]

Parameters

limit <0-30>

Sets the power limit on the given port to the stated power in

Watts. Select the power limit value between 0-30 (Watts). It

actually limits to 29.7W

priority [critical|high|low]

Sets PoE priority for port

•

critical – Sets the PoE priority as critical priority

high – Sets the PoE priority as high priority

low – Sets the PoE priority as low priority

Usage Guidelines

Use [no] powerto rollback the PoE configurations and set back the default configuration

Example

RFController(config)#interface ge1

RFController(config-if)#no power

RFController(config-if)#exit

RFController(config)#interface ge2

RFController(config-if)#power limit 14

RFController(config-if)#exit

RFController(config)#interface ge3

RFController(config-if)#power priority critical

RFController(config-if)#exit

RFController(config)#show power configuration

Power usage trap at 80% of max power (148 of 185 Watts)

port Priority

ge1 high

ge2 high

ge3 crit

ge4 high

ge5 high

ge6 high

ge7 high

ge8 high

Power limit Enabled

29.7W

14.0W

29.7W

yes

POE firmware version 01f6 build 4

RFController(config)#

420

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

service

Invokes service commands to troubleshoot or debug the (config-if) instance configuration.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

cli

Displays the CLI tree of the current mode

Example

RFController(config-if)#service show cli

Interface Config mode:

+-clrscr [clrscr]

+-crypto

+-map

+-WORD [crypto map WORD]

+-description

+-LINE [description LINE]

+-do

+-LINE [do LINE]

+-duplex

+-auto [duplex (half|full|auto)]

+-full [duplex (half|full|auto)]

+-half [duplex (half|full|auto)]

+-end [end]

+-exit [exit]

+-help [help]

+-ip

+-access-group

+-<1-99>

+-in [ip access-group (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)

(in)]

+-<100-199>

RFController(config-if)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

421

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

show

Displays current system information running on the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller:

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

Syntax

show <parameter>

Parameters

Displays the parameters for which information can be viewed

using the show command

Example

RFController(config-if)#show ?

aap-wlan-acl

wlan based acl

aap-wlan-acl-stats

access-list

aclstats

alarm-log

autoinstall

banner

IP filtering wlan based statistics

Internet Protocol (IP)

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

boot

clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

environment

file

firewall

ftp

history

interfaces

Debugging information outputs

DHCP Server Configuration

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

licenses

logging

mac

Show any installed licenses

Show logging configuration and buffer

Internet Protocol (IP)

mac-address-table

Display MAC address table

422

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

mac-name

Displays the configured MAC names

management

mobility

ntp

Display L3 Managment Interface name

Display Mobility parameters

Network time protocol

password-encryption

port-channel

privilege

protocol-list

radius

password encryption

Portchannel commands

Show current privilege level

List of protocols

RADIUS configuration commands

Display redundancy group parameters

Configure role parameters

redundancy

role

rtls

Real Time Locating System commands

Current Operating configuration

Securitymgr parameters

running-config

securitymgr

service-list

sessions

List of services

Display current active open connections

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

snmp

snmp-server

smtp-notification

spanning-tree

startup-config

static-channel-group static channel group membership

terminal

timezone

Display terminal configuration parameters

Display timezone

traffic-shape

upgrade-status

users

Display traffic shaping

Display last image upgrade status

Display information about currently logged

in users

version

wireless

wlan-acl

wwan

Display software & hardware version

Wireless configuration commands

wlan based acl

Wireless wan interface

RFController(config-if)#show

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

423

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

shutdown

Disables the selected interface, the interface is administratively enabled unless explicitly disabled

using this command

Displays current system information running on the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

shutdown

Parameters

None

Example

RFController(config-if)#shutdown

RFController(config-if)#

424

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

spanning-tree

Configures spanning tree parameters

Displays current system information running on the controller.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

spanning-tree [bpdufilter|bpduguard|edgeport|force-version|

guard|link-type|mst|portfast]

spanning-tree bpdufilter [enable|disable]

spanning-tree bpduguard [enable|disable]

spanning-tree [edgeport|portfast]

spanning-tree force-version <1-3>

spanning-tree guard root

spanning-tree link-type [point-to-point|shared]

spanning-tree mst [<1-15|port-cisco]

spanning-tree mst 1 [cost <>|port-priority <>]

spanning-tree mst port-cisco [enable|disable]

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

425

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

Parameters

bpdufilter [disable|enable]

Use this command to set a portfast BPDU filter for the port. Use

the noparameter with this command to revert the port BPDU

filter to default. The spanning tree protocol sends BPDUs from

all ports. Enabling the BPDU filter ensures PortFastenabled

ports do not transmit or receive BPDUs.

bpduguard [disable|enable]

Use this command to enable or disable the BPDU guard feature

on a port.

Use the noparameter with this command to set the BPDU guard

feature to default values.

When the BPDU guard is set for a bridge, all portfast-enabled

ports that have the BPDU-guard set to default shut down the

port upon receiving a BPDU. If this occurs, the BPDU is not

processed. The port can be brought back either manually (using

the no shutdowncommand), or by configuring the

errdisable-timeout to enable the port after the specified interval.

edgeport

Enables an interface as an edgeport

force-version <0-3>

Specifies the spanning-tree force version. A version identifier of

less than 2 enforces the spanning tree protocol. Select from the

following versions:

•

0 – STP

1 – Not supported

2 – RSTP

3 – MSTP

The default value for forcing the version is MSTP

guard root

Enables the Root Guard feature for the port. The root guard

disables the reception of superior BPDUs.

The Root Guard ensures the enabled port is a designated port. If

the Root Guard enabled port receives a superior BPDU, it moves

to a discarding state.

Use the noparameter with this command to disable the root

guard feature.

link-type

Enables or disables point-to-point or shared link types

[point-to-point|shared]

•

point-to-point – Enables rapid transition

shared – Disables rapid transition

mst [<0-15>

Configures MST values on a spanning tree

[cost <1-200000000>|

port-priority <0-240>]|

port-cisco-interoperability

[disable|enable]]

•

<0-15> [cost <1-200000000>|port-priority <0-240>] –

Defines the Instance ID

•

cost <1-200000000> – Defines the path cost for a

port

•

port-priority <0-240> – Defines the port priority for a

bridge

•

port-cisco-interoperability [disable|enable] – Enables or

disables interoperability with Cisco's version of MSTP

(which is incompatible with standard MSTP).

•

enable – Enables CISCO Interoperability

disable – Disables CISCO Interoperability - The default

value is disabled

portfast

Enables rapid transitions

Example

RFController(config-if)#spanning-tree edgeport

RFController(config-if)#

426

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

RFController(config-if)#spanning-tree guard root

RFController(config-if)#

RFController(config-if)#spanning-tree link-type point-to-point

RFController(config-if)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

427

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

speed

Specifies the speed of a fast-ethernet (10/100) or a gigabit-ethernet port (10/100/1000)

Displays current system information running on the controller.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

speed [10|100|1000|auto]

Parameters]

Forces 10 Mbps operation

Forces 100 Mbps operation

Forces 1000 Mbps operation

100

1000

auto

Port automatically detects the speed it should run based on the

port at the other end of the link.Autonegotiation is a requirement

for using 1000BASE-T[3] according to the standard.

Usage Guidelines

Set the interface speed to auto to detect and use the fastest speed available. Speed detection is

based on connected network hardware.

Example

RFController(config-if)#speed auto

RFController(config-if)#

428

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

static-channel-group

Adds an interface to a static channel group

Displays current system information running on the controller.

Supported in the following platforms:

•

Mobility RFS7000 Controller

Mobility RFS4000 Controller

NOTE

The Mobility RFS6000 Controller does not support this command.

Syntax

static-channel-group <1-4>

Parameters

<1-4>

Sets a static channel group to associate the link with

Usage Guidelines

This command aggregates individual giga ports into a single aggregate link to provide greater

bandwidth. The static channel group is used to provide additional bandwidth in multiples of 1Gbps

on the controller. All MAC layer and higher protocols see only the static channel group (aggregate

link) rather than the individual ports that comprise it.

Example

RFController(config-if)#static-channel-group 2

RFController(config-if)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

429

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

controllerport

•mst config commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435

Sets controller mode characteristics for the selected interface.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

controllerport [access|mode|trunk]

controllerport access vlan <1-4094>

controllerport mode [access|trunk]

controllerport trunk [allowed|native]

controllerport trunk allowed vlan [add|none|remove] <vlan-id>

controllerport trunk native [tagged|vlan<1-4094>]

430

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

Parameters

access vlan <1-4094>

Configures the access vlan of an access-mode port

•

vlan <1-4094> – Sets the vlan when interface is in access

mode

mode [access|trunk]

Sets the mode of the interface to access or trunk mode (can only

be used on physical (layer2) interfaces)

•

access – If accessmode is selected, the access vlan is

automatically set to vlan1. In this mode, only untagged

packets in the access vlan (vlan1) are accepted on this port.

All tagged packets are discarded.

•

trunk – If trunk mode is selected, tagged vlan packets

VLANs are accepted. The native vlan is automatically set to

VLAN1. Untagged packets are placed in the native vlan by

the controller. Outgoing packets in the native vlan are sent

untagged.trunkis the default mode for both ports

trunk [allowed |native]

Sets the trunking mode characteristics

•

allowed vlan – Configures trunk characteristics when the

port is in trunk-mode

•

vlan [add|none|remove] – Sets allowed vlans

•

none – Allows no vlans to Xmit/Rx through the

Layer2 interface

•

add – Adds vlans to the current list

remove – Removes vlans from the current list

•

<vlan-id> – vlan-ids added or removed. Can

be either a range of vlans (55-60) or a list of

comma separated vlan-ids (35, 41 etc.)

•

native [tagged|vlan <1-4094>] – Configures the native VLAN

ID of the trunk-mode port

•

tagged – Tags the native vlan

vlan <1-4094> – Sets the native VLAN for classifying

untagged traffic when the interface is in trunking mode

Usage Guidelines

Interfaces ge1-ge4 can be configured as trunk or in access mode. An interface (when configured as

trunk) allows packets (from the given list of vlans) to be added to the trunk. An interface configured

as “access” allows packets only from native vlans

Use the [no] controllerport (access|mode|trunk)to undo controllerport configurations

Example

RFController(config-if)#controllerport mode access

RFController(config-if)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

431

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

storm-control

Interface config commands

Sets storm-control for broadcasting

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

storm-control [bcast|mcast|ucast] rate-limit <1-1000000>

Parameters

bcast rate-limit

<1-1000000>

Configures storm-control of broadcast packets.

rate-limit <1-1000000> – Performs packet rate limiting

•

<1-1000000> – Displays allowed rate in packets per

second

mcast rate-limit

<1-1000000>

Configures storm-control of multicast packets.

rate-limit <1-1000000> – Performs packet rate limiting

•

<1-1000000> – Displays allowed rate in packets per

sec ond

ucast rate-limit

<1-1000000>

Configures storm-control of unicast packets

rate-limit <1-1000000> – Performs packet rate limiting

•

<1-1000000> – Displays allowed rate in packets per

sec ond

Example

RFController(config-if)#storm-control bcast ratelimit 88

RFController(config-if)#

RFController(config-if)#storm-control mcast ratelimit 88

RFController(config-if)#

RFController(config-if)#storm-control ucast ratelimit 88

RFController(config-if)#

432

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

tunneling

Interface config commands

Sets protocol-over protocol tunneling.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

tunnel [destination <A.B.C.D>|source <A.B.C.D>|ttls <1-255>]

Parameters

destination <A.B.C.D>

source <A.B.C.D>

ttl<1-255>

Destination of the tunnel packet.

<A.B.C.D> – Specifies the IP address of the destination.

Source of tunnel packets.

<A.B.C.D> – Specifies the IP address of the source.

Sets time to live.

•

Example

RFController(config-if)#tunnel destination 1.2.6.3

RFController(config-if)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

433

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface config commands

434

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Spanning tree-mst Instance

In this chapter

Use the (config-mst) instance to configure the controllers Multi Spanning Tree Protocol (MSTP)

configuration. To switch to this instance, use the command:

RFController(config)#spanning-tree mst configuration

RFController(config-mst)#

mst config commands

Table summarizes the (config-mst)commands:

TABLE 13

Command

MSTI Configuration Commands

Description

Ref.

Clears the display screen

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Displays the system’s interactive help system

Assigns a VLAN to the bridge instance

Sets a name for the MST region

Negates a command or sets defaults

revision

Configures the revision number of the MST bridge

Invokes service commands needed to troubleshoot or debug page 444

(config-if)instance configurations

Shows running system information

page 446

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

435

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

clrscr

Clears the display

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController(config-mst)#clrscr

RFController(config-mst)#

436

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

end

Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-mst)#end

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

437

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

exit

Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to

RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config-mst)#exit

RFController(config)#

438

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

help

Displays the system’s interactive help system

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController(config-mst)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-mst)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

439

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

instance

Associates VLAN(s) with an instance

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

instance <1-15> vlan <vlan-id>

Parameters

<1-15>

Defines the instance ID to which the VLAN is associated

Sets the VLAN ID for its association with an instance

vlan <vlan-id>

Usage Guidelines

MSTP works based on instances. An instance is a group of VLANs with a common spanning tree. A

single VLAN cannot be associated with multiple instances.

Controllers with the same instance, VLAN mapping, revision number and region names define a

unique region. Controllers in the same region exchange bridge protocol data units (BPDUs) with

instance record information within it.

Example

The following example sets an instance named 10 and maps VLAN 20 to it:

RFController(config-mst)#instance 10 vlan 20

RFController(config-mst)#

440

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

name

Sets the name for the MST region

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

name <region-name>

Parameters

<region-name>

Sets MST region name

Example

RFController(config-mst)#name MyRegion

RFController(config-mst)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

441

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

Negates a command or sets its defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

no [instance|name|revision]

Parameters

instance

Sets the MST Instance

•

vlan – Delete the association of vlan with this instance

<vlan-id> – List of vlan IDs

name

Assigns a name to the MST region

revision

Defines the revision number for configuration information

Usage Guidelines

The nocommand negates any command associated with it. Wherever required, use the same

parameters associated with the command getting negated.

Example

RFController(config-mst)#no instance 10 vlan 20

RFController(config-mst)#

RFController(config-mst)#no name MyRegion

RFController(config-mst)#

RFController(config-mst)#no revision

RFController(config-mst)#

442

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

revision

Sets the revision number of the MST bridge

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

revision <0-255>

Parameters

revision <0-255>

Defines the revision number for configuration information

Example

RFController(config-mst)#revision 20

RFController(config-mst)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

443

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

service

Invokes service commands needed to troubleshoot or debug (config-if)instance configurations

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

None

Example

RFController(config-mst)#service show cli

MSTI configuration mode:

+-clrscr [clrscr]

+-end [end]

+-exit [exit]

+-help [help]

+-instance

+-<1-15> [instance <1-15>]

+-vlan

+-VLAN_ID [instance <1-15> vlan VLAN_ID]

+-name

+-LINE [name LINE]

+-no

+-instance

+-<1-15> [no instance <1-15>]

+-vlan

+-VLAN_ID [no instance <1-15> vlan VLAN_ID]

+-name [no name]

+-revision [no revision]

+-quit [quit]

+-revision

+-REVISION_NUM [revision REVISION_NUM]

+-s

+-commands [show commands]

+-WORD [show commands WORD]

+-running-config [show running-config]

+-full [show running-config full]

+-include-factory [show running-config include-factory]

+-service

+-show

+-cli [service show cli]

+-show

+-access-list [show access-list]

+-<1-99> [show access-list

(<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)]

+-<100-199> [show access-list

(<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)]

444

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

+-<1300-1999> [show access-list

(<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)]

+-<2000-2699> [show access-list

(<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)]

+-WORD [show access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)]

+-aclstats

+-vlan

+-<1-4094> [show aclstats ( vlan <1-4094> )].................

...................................................................

RFController(config-mst)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

445

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

show

•Extended ACL config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449

Displays current system information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller:

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

Syntax

show <parameter>

Parameters

parameter

Displays the parameters for which information can be viewed

using the show command

Example

RFController(config-mst)#show ?

access-list

Internet Protocol (IP)

aclstats

alarm-log

autoinstall

banner

boot

clock

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

environment

file

firewall

ftp

history

interfaces

Debugging information outputs

DHCP Server Configuration

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

licenses

logging

mac

Show any installed licenses

Show logging configuration and buffer

Internet Protocol (IP)

mac-address-table

mac-name

management

Display MAC address table

Displays the configured MAC names

Display L3 Managment Interface name

446

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

mobility

Display Mobility parameters

ntp

Network time protocol

password-encryption

port

port-channel

privilege

radius

password encryption

Physical/Aggregate port interface

Portchannel commands

Show current privilege level

RADIUS configuration commands

Display redundancy group parameters

Configure role parameters

redundancy

role

rtls

Real Time Locating System commands

Current Operating configuration

Securitymgr parameters

Display current active open connections

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

running-config

securitymgr

sessions

snmp

smtp-notification

snmp-server

spanning-tree

startup-config

static-channel-group static channel group membership

terminal

timezone

Display terminal configuration parameters

Display timezone

traffic-shape

upgrade-status

users

Display traffic shaping

Display last image upgrade status

Display information about currently logged

in users

version

virtual-ip

wireless

wlan-acl

wwan

Display software & hardware version

IP redundancy feature

Wireless configuration commands

wlan based acl

Wireless wan interface

RFController(config-mst)#show

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

447

Download from Www.Somanuals.com. All Manuals Search And Download.

mst config commands

448

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Extended ACL Instance

In this chapter

•Configuring IP Extended ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

The Extended ACL instance (config-ext-nacl)is used to manage the extended Access Control

List entries associated with the controller.

To navigate to this instance, use the command

RFController(config)#ip access-list extended [<ACL-name>|

<100-199>|<2000-2699>]

RFController(config-ext-nacl)#

Extended ACL config commands

Table 14 summarizes config-ext-naclcommands:

TABLE 14

Command

Extended ACL Config Command Summary

Description

Ref.

deny

Clears the display screen

Specifies packets to reject

page 450

page 451

Ends the current mode and moves to the previous mode page 456

Displays the interactive help system

Specifies packets to mark

Negates a command or sets its defaults

Specifies packets to forward

permit

Invokes the service commands to troubleshoot or debug page 467

(config-if) instance configurations

Displays running system information

page 468

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

449

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

clrscr

Clears the display screen

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController(config-ext-nacl)#clrscr

RFController(config-ext-nacl)#

450

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

deny

Specifies packets to reject

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

deny [icmp|ip|tcp|upd|proto]

deny icmp [<source-IP/Mask>|any|host <IP>] [<dest-IP/Mask>|any|host <IP>]

{<ICMP-type> {<ICMP-code>}} {log} {rule-precedence <1-5000>}

deny ip [<source-IP/Mask>|any|host <IP>] [<dest-IP/Mask>|any|host <IP>] {log}

{rule-precedence <1-5000>}

deny [tcp|udp] [<source-IP/Mask>|any|host <IP>] {eq

<source-port>|range <starting-source-port>

<ending-source-port>} [<dest-IP/Mask|any|host <IP>]

{eq <source-port>} {range <starting-source-port>

<ending-source-port>} {log} {rule-precedence <1-5000>}

[<source-IP/Mask>|any|host <IP>][<dest-IP/Mask>|any|host <IP>]

{log} {rule-description<WORD>|rule-precedence<1-5000>}

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

451

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

Parameters

deny ip

[<source-IP/Mask>|any|ho

<IP>][<dest-IP/Mask>|any|

host <IP>] {log}

{rule-precedence

<1-5000>}

Use with a denycommand to reject IP packets

•

deny – Sets the action type on an ACL

ip – Specifies an IP (to match to a protocol)

<source-ip/mask>|any|host <IP> – The keyword

<source-IP> is the source IP address of the network or host

in dotted decimal format. The <Mask> is the network mask.

For example, 10.1.1.10/24 indicates the first 24 bits of the

source IP is used for matching.

•

any – any is an abbreviation for a source IP of 0.0.0.0 and

source-mask bits equal to 0

host – host is an abbreviation for the exact source <ip>

(A.B.C.D format) and source-mask bits equal to 32

<dest-IP/Mask>|any|host <IP> – Defines the destination

host IP address or destination network address.

log – Generates log messages when the packet coming from

the interface matches an ACL entry. Log messages are

generated only for router ACLs.

•

rule-precedence <1-5000> – Defines an integer value

between 1-5000. This value sets the rule precedence in the

ACL.

deny icmp

Use with the denycommand to reject ICMP packets

[<source-IP/Mask>|any|ho

st <IP>]

•

deny – Rejects ICMP packets

icmp – Specifies ICMP as the protocol

[<source-ip/mask>|any|host <IP>] – The source

<source-IP> is the source IP address of the network or host

(in dotted decimal format). The <mask> is the network mask.

For example, 10.1.1.10/24 indicates the first 24 bits of the

source IP is used for matching.

[<dest-IP/Mask>|any|host

{<ICMP-code>}} {log}

{rule-precedence

<1-5000>}

•

any – any is an abbreviation for a source IP of 0.0.0.0 and

source-mask bits equal to 0

host – host is an abbreviation for exact source (A.B.C.D) and

source-mask bits equal to 32

[<dest-IP/Mask>|any|host <IP>] – Defines the destination

host IP address or destination network address

<ICMP-type> {<ICMP-code>} – Sets the ICMP type value

<ICMP-type> from 0 to 255, and is valid only for ICMP. The

ICMP code value <ICMP-code> is from 0 to 255, and is valid

only for protocol type icmp.

•

log – Generates log messages when the packet coming from

the interface matches the ACL entry. Log messages are

generated only for router ACLs.

rule-precedence <1-5000> – Optional. Defines an integer

value between 1-5000. This value sets the rule precedence

in the ACL.

452

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

deny [tcp|udp]

Use with the denycommand to reject TCP or UDP packets

[<source-IP/Mask>|any|ho

st <IP>] {eq

•

deny – Rejects TCP or UDP packets

tcp|udp – Specifies TCP or UDP as the protocol

<source-IP/Mask>|any|host <IP> – The source is the

source IP address of the network or host (in dotted decimal

format). The source-mask is the network mask. For example,

10.1.1.10/24 indicates the first 24 bits of the source IP are

used for matching.

any – any is an abbreviation for a source IP of 0.0.0.0, and

the source-mask bits are equal to 0

host – host is an abbreviation for exact source (A.B.C.D) and

the source-mask bits equal to 32

eq <source-port> – The source port <source-port> to match.

Values in the range 1 to 65535.

range <starting-source-port> <ending-source-port> –

Specifies the protocol range (starting and ending protocol

numbers)

<source-port>|range

<starting-source-port>

<ending-source-port>}

[<dest-IP/Mask|any|host

<IP>]{eq <source-port>}

{range

<starting-source-port>

<ending-source-port>} {log}

{rule-precedence

•

<1-5000>}

•

<dest-IP/Mask|any|host <IP> – Defines the destination

host IP address or destination network address

eq <source-port>} {range <starting-source-port>

<ending-source-port> – Specifies the destination port or

range of ports. Port values are in the range of 1 to 65535.

log – Generates log messages when the packet coming from

the interface matches the ACL entry. Log messages are

generated only for router ACLs.

•

rule-precedence <1-5000> – Defines an integer value

between 1-5000. This value sets the rule precedence in the

ACL.

Usage Guidelines

Use this command to deny traffic between networks/hosts based on the protocol type selected in

the access list configuration. The following protocol types are supported:

•

icmp

tcp

udp

The last ACE in the access list is an implicit deny statement.

Whenever the interface receives the packet, its content is checked against the ACEs in the ACL. It

is allowed/denied based on the ACL configuration.

•

Filtering TCP/UDP allows the user to specify port numbers as filtering criteria

Select the ICMP as the protocol to allow/deny ICMP packets. Selecting icmp provides the

option of filtering icmp packets based on icmp type and code

NOTE

The log option is functional only for router ACL’s. The log option displays an informational logging

message about the packet that matches the entry sent to the console.

Example - denying traffic between two subnets

The following example denies traffic between two subnets:

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

453

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

RFController(config-ext-nacl)#deny ip 192.168.2.0/24 192.168.1.0/24

RFController(config-ext-nacl)#permit ip any any

RFController(config-ext-nacl)#

Example - denying TCP based traffic

The following example denies TCP traffic with a source port range between 20 - 23 (from the

source subnet to destination subnet):

RFController(config-ext-nacl)#deny tcp range 20 23 192.168.1.0/24

192.168.2.0/24

RFController(config-ext-nacl)#permit ip any any

RFController(config-ext-nacl)#

Example - denying UDP based traffic

The following example denies UDP traffic with a source port range between 20 - 23 (from the

source subnet to destination subnet):

RFController(config-ext-nacl)#deny udp range 20 23 192.168.1.0/24

192.168.2.0/24

RFController(config-ext-nacl)#permit ip any any

RFController(config-ext-nacl)#

Example - denying ICMP based traffic

The following example denies ICMP traffic from any source to any destination. The keyword any is

used to match:

any source or destination IP address.

RFController(config-ext-nacl)#deny icmp any any

RFController(config-ext-nacl)#permit ip any any

RFController(config-ext-naclend

Example - denying protocol based ACL

With the inclusion of protocol based acls, it is possible to permit or deny all the protocols that exist.

RFController(config-ext-nacl)#deny proto ospf any any rule-precedence 10

RFController(config-ext-nacl)#deny proto eigrp any any rule-precedence 20

RFController(config-ext-nacl)#permit ip any any rule-precedence 30

454

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

end

Ends and exits the current mode and moves to the PRIV EXEC mode

The prompt changes to RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-ext-nacl)#end

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

455

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

exit

Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to

RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config-ext-nacl)#exit

RFController(config)#

456

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

help

Displays the system’s interactive help system

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController(config-ext-nacl)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-ext-nacl)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

457

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

mark

Specifies packets to mark

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

mark [8021p|dscp|tos]

mark [8021p <vlan-priority-value>|dscp

<dscp-codepoint-value>|tos <tos-value>] [icmp|ip|tcp|udp]

mark [8021p <vlan-priority-value>|dscp <dscp-codepoint-value>|tos <tos-value>]

icmp [<source-ip/mask>|any|host <ip>] [<dest-ip/mask>|any|host <ip>]

{<ICMP-type> {<ICMP-code>}} {log} {rule-precedence <1-5000>]}

mark [8021p <vlan-priority-value>|dscp <dscp-codepoint-value>|tos <tos-value>]

ip [<source-ip/mask>|any|host <ip>] [<dest-ip/mask>|any|host <ip>] {log}

{rule-precedence <1-5000>}

mark [8021p <vlan-priority-value>|dscp <dscp-codepoint-value>|tos <tos-value>]

[tcp|udp] [<source-ip/mask>|any|host <ip>] {eq <source-port>|range

<starting-source-port> <ending-source-port>} [<dest-ip/mask|any|host <ip>] {eq

<source-port>} {range <starting-source-port> <ending-source-port>} {log}

{rule-precedence <1-5000>}

458

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

Parameters

8021p

<vlan-priority-value>

Sets the 802.1p VLAN user priority value to <vlan-priority-value>

(0-7).

dscp

Sets the Differentiated Services Code Point code-point value to

<dscp-codepoint-value> <dscp-codepoint-value> (0-63)

tos <tos-value>

Sets the TOS value to <tos-value>. The least significant two bits of

the <tos-value> must be 0.

Use with markcommand to mark a packet.

[<source-IP/Mask>|any|ho

st <IP>] [<dest-IP/Mask>|

any|host <IP>] {log}

{rule-precedence

<1-5000>}

•

ip – Specifies an IP (to match to a protocol)

<source-IP/Mask>|any|host <IP> – The keyword

<source-IP> is the source IP address of the network or host

in dotted decimal format. The <mask> is the network mask.

For example, 10.1.1.10/24 indicates the first 24 bits of the

source IP is used for matching.

•

any – any is an abbreviation for a source IP of 0.0.0.0 and

source-mask bits equal to 0

host – host is an abbreviation for the exact source <IP>

(A.B.C.D format) and source-mask bits equal to 32

<dest-IP/Mask>|any|host <IP> – Defines the destination

host IP address or destination network address.

log – Generates log messages when the packet coming from

the interface matches an ACL entry. Log messages are

generated only for router ACLs.

•

rule-precedence <1-5000> – Defines an integer value

between 1-5000. This value sets the rule precedence in the

ACL.

icmp

Use with the mark command to mark ICMP packets

[<source-IP/mask>|any|ho

st <IP>]

•

deny – Rejects ICMP packets

icmp – Specifies ICMP as the protocol

[<source-IP/mask>|any|host <IP>] – The source

<source-IP> is the source IP address of the network or host

(in dotted decimal format). The <Mask> is the network mask.

For example, 10.1.1.10/24 indicates the first 24 bits of the

source IP is used for matching.

[<dest-IP/Mask>|any|

host <IP>] {<ICMP-type>

{<ICMP-code>}} {log}

{rule-precedence

<1-5000>]}

•

any – any is an abbreviation for a source IP of 0.0.0.0 and

source-mask bits equal to 0

host – host is an abbreviation for exact source (A.B.C.D) and

source-mask bits equal to 32

[<dest-IP/Mask>|any|host <IP>] – Defines the destination

host IP address or destination network address

<ICMP-type> {<ICMP-code>} – Sets the ICMP type value

<ICMP-type> from 0 to 255, and is valid only for ICMP. The

ICMP code value <ICMP-code> is from 0 to 255, and is valid

only for protocol type icmp.

•

log – Generates log messages when the packet coming from

the interface matches the ACL entry. Log messages are

generated only for router ACLs.

rule-precedence <1-5000> – Defines an integer value

between 1-5000. This value sets the rule precedence in the

ACL.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

459

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

[tcp|udp]

Use with the mark command to mark TCP or UDP packets

[<source-IP/Mask>|any|ho

st <IP>] {eq

•

deny – Rejects TCP or UDP packets

tcp|udp – Specifies TCP or UDP as the protocol

<source-IP/Mask>|any|host <IP> – The source is the

source IP address of the network or host (in dotted decimal

format). The source-mask is the network mask. For example,

10.1.1.10/24 indicates the first 24 bits of the source IP are

used for matching.

any – any is an abbreviation for a source IP of 0.0.0.0, and

the source-mask bits are equal to 0

host – host is an abbreviation for exact source (A.B.C.D) and

the source-mask bits equal to 32

eq <source-port> – The source port <source-port> to match.

Values in the range 1 to 65535.

range <starting-source-port> <ending-source-port> –

Specifies the protocol range (starting and ending protocol

numbers)

<source-port>|range

<starting-source-port>

<ending-source-port>}

[<dest-IP/Mask|any|host

<IP>] {eq <source-port>}

{range

<starting-source-port>

<ending-source-port>} {log}

{rule-precedence <1-5000>}

•

<dest-IP/Mask|any|host <IP> – Defines the destination

host IP address or destination network address

eq <source-port>} {range <starting-source-port>

<ending-source-port> – Specifies the destination port or

range of ports. Port values are in the range of 1 to 65535.

log – Generates log messages when the packet coming from

the interface matches the ACL entry. Log messages are

generated only for router ACLs.

•

rule-precedence <1-5000> – Defines an integer value

between 1-5000. This value sets the rule precedence in the

ACL.

Usage Guidelines

Marks traffic between networks/hosts based on the protocol type selected in the access list

configuration

Use the mark option to specify the type of service (tos) and priority value. The tos value is marked

in the IP header and the 802.1p priority value is marked in the dot1q frame.

The following types of protocols are supported:

•

icmp

tcp

udp

Whenever the interface receives the packet, its content is checked against all ACEs in the ACL. It is

marked based on the ACL configuration

•

Filtering protocol types TCP/UDP allow the user to specify port numbers as filtering criteria

Select ICMP to allow/deny ICMP packets (selecting ICMP allows you to filter packets based on

the ICMP type and code)

NOTE

The log option is functional only for router ACL’s. The log option provides an informational logging

message about the packet matching the entry sent to the console.

460

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

Example - marking dot1p on TCP based traffic

The example below marks the dot1p priority value in the ethernet header to 5 on all TCP traffic

coming from the source subnet:

RFController(config-ext-nacl)# mark 8021p 6 udp 192.168.2.0/24 range 5060 5061

RFController(config-ext-nacl)#

Example - marking tos on TCP based traffic

The example below marks the tos value in the IP header to 245 on all tcp traffic coming from the

source subnet:

RFController(config-ext-nacl)# mark tos 160 udp 192.168.2.0/24 range 5060 5061

RFController(config-ext-nacl)#

RFController(config-ext-nacl)# mark dscp 40 udp 192.168.2.0/24 range 5060 5061

RFController(config-ext-nacl)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

461

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

Negates a command or sets its defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

no [deny|mark|permit]

Parameters

deny

Specifies packets to reject

Specifies packets to mark

Specifies packets to forward

mark

permit

Usage Guidelines

Removes an access list control entry. Provide the rule-precedence value when

using the no command.

Example

RFController(config-ext-nacl)#no mark 8021p 5 tcp 192.168.2.0/24 any

rule-precedence 10

RFController(config-ext-nacl)#

RFController(config-ext-nacl)#no permit ip any any rule-precedence 10

RFController(config-ext-nacl)#

RFController(config-ext-nacl)#no deny icmp any any rule-precedence 10

RFController(config-ext-nacl)#

462

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

permit

Permits specific packets.

NOTE

ACLs do not allow DHCP messages to flow by default. Configure an Access Control Entry (ACE) to

allow DHCP messages to flow through.

RFController(config-ext-nacl)#permit ip xxx.xxx.xxx.xxx/x 192.168.2.0/24

RFController(config-ext-nacl)#permit ip any host xxx.xxx.xxx.xxx

RFController(config-ext-nacl)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

permit[icmp|ip|tcp|upd|proto]

permit icmp [<source-IP/Mask>|any|host <ip>] [<dest-IP/Mask>|any|host <IP>]

{<ICMP-type> {<ICMP-code>}} {log} {rule-precedence <1-5000>]}

permit ip [<source-IP/Mask>|any|host <IP>] [<dest-IP/mask>|any|host <IP>]

{log} {rule-precedence <1-5000>}

permit [tcp|udp] [<source-ip/mask>|any|host <IP>] {eq <source-port>|range

<starting-source-port> <ending-source-port>} [<dest-IP/Mask|any|host <IP>] {eq

<source-port>} {range <starting-source-port> <ending-source-port>} {log}

{rule-precedence <1-5000>}

[<source-IP/Mask>|any|host <IP>][<dest-IP/Mask>|any|host <IP>]

{log} {rule-description<WORD>|rule-precedence<1-5000>}

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

463

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

Parameters

permit ip

[<source-IP/Mask>|any|ho

st <IP>]

[<dest-IP/mask>|any|host

<IP>] {log} {rule-precedence

<1-5000>}

Use with a permitcommand to allow IP packets

•

deny – Sets the action type on an ACL

IP – Specifies an IP (to match to a protocol)

<source-IP/Mask>|any|host <IP> – The keyword

<source-IP> is the source IP address of the network or host

in dotted decimal format. The <Mask> is the network mask.

For example, 10.1.1.10/24 indicates the first 24 bits of the

source IP is used for matching.

•

any – any is an abbreviation for a source IP of 0.0.0.0 and

source-mask bits equal to 0

host – host is an abbreviation for the exact source <IP>

(A.B.C.D format) and source-mask bits equal to 32

<dest-IP/Mask>|any|host <IP> – Defines the destination

host IP address or destination network address.

log – Generates log messages when the packet coming from

the interface matches an ACL entry. Log messages are

generated only for router ACLs.

•

rule-precedence <1-5000> – Defines an integer value

between 1-5000. This value sets the rule precedence in the

ACL.

permit icmp

Use with the permitcommand to allow ICMP packets

[<source-IP/Mask>|any|ho

st <ip>]

•

deny – Rejects ICMP packets

icmp – Specifies ICMP as the protocol

[<source-IP/Mask>|any|host <IP>] – The source

<source-IP> is the source IP address of the network or host

(in dotted decimal format). The <Mask> is the network mask.

For example, 10.1.1.10/24 indicates the first 24 bits of the

source IP is used for matching.

[<dest-IP/Mask>|any|

host <IP>] {<ICMP-type>

{<ICMP-code>}} {log}

{rule-precedence

<1-5000>]}

•

any – any is an abbreviation for a source IP of 0.0.0.0 and

source-mask bits equal to 0

host – host is an abbreviation for exact source (A.B.C.D) and

source-mask bits equal to 32

[<dest-IP/Mask>|any|host <IP>] – Defines the destination

host IP address or destination network address

<ICMP-type> {<ICMP-code>} – Sets the ICMP type value

<ICMP-type> from 0 to 255, and is valid only for ICMP. The

ICMP code value <ICMP-code> is from 0 to 255, and is valid

only for protocol type icmp.

•

log – Generates log messages when the packet coming from

the interface matches the ACL entry. Log messages are

generated only for router ACLs.

rule-precedence <1-5000> – Defines an integer value

between 1-5000. This value sets the rule precedence in the

ACL.

464

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

permit [tcp|udp]

Use with the permitcommand to allow TCP or UDP packets

[<source-ip/mask>|any|ho

st <IP>] {eq

•

deny – Rejects TCP or UDP packets

tcp|udp – Specifies TCP or UDP as the protocol

<source-IP/Mask>|any|host <IP> – The source is the

source IP address of the network or host (in dotted decimal

format). The source-mask is the network mask. For example,

10.1.1.10/24 indicates the first 24 bits of the source IP are

used for matching.

any – any is an abbreviation for a source IP of 0.0.0.0, and

the source-mask bits are equal to 0

host – host is an abbreviation for exact source (A.B.C.D) and

the source-mask bits equal to 32

eq <source-port> – The source port <source-port> to match.

Values in the range 1 to 65535.

range <starting-source-port> <ending-source-port> –

Specifies the protocol range (starting and ending protocol

numbers)

<source-port>|range

<starting-source-port>

<ending-source-port>}

[<dest-IP/Mask|any|host

<IP>] {eq <source-port>}

{range

<starting-source-port>

<ending-source-port>} {log}

{rule-precedence

•

<1-5000>}

•

<dest-IP/mask|any|host <IP> – Defines the destination

host IP address or destination network address

eq <source-port>} {range <starting-source-port>

<ending-source-port> – Specifies the destination port or

range of ports. Port values are in the range of 1 to 65535.

log – Generates log messages when the packet coming from

the interface matches the ACL entry. Log messages are

generated only for router ACLs.

•

rule-precedence <1-5000> – Defines an integer value

between 1-5000. This value sets the rule precedence in the

ACL.

Use this command to permit traffic between networks/hosts based on the protocol type

selected in the access list configuration. The following protocols are supported:

•

icmp

tcp

udp

The last ACE in the access list is an implicit deny statement.

Whenever the interface receives the packet, its content is checked against all the ACEs in the

ACL. It is allowed based on the ACL configuration.

•

Filtering on TCP/UDP allows the user to specify port numbers as filtering criteria

Select ICMP to allow/deny packets. Selecting ICMP allows to filter ICMP packets based on type

and code

NOTE

The log option is functional only for router ACL’s. The log option displays an informational logging

message about the packet matching the entry sent to the console.

Permitting IP based traffic

The example below allows IP traffic from the source subnet to the destination subnet and denies

all other traffic over an interface:

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

465

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

RFController(config-ext-nacl)#permit ip 192.168.1.10/24 192.168.2.0/24

rule-precedence 40

RFController(config-ext-nacl)#

Permitting Telnet based traffic

The example below permits Telnet traffic from the source subnet and the destination subnet and

denies all other traffic over an interface:

RFController(config-ext-nacl)#permit tcp 192.168.4.0/24 192.168.5.0/24 eq 23

rule-precedence 10

RFController(config-ext-nacl)#

Permitting ICMP based traffic

The example below permits ICMP traffic and denies all other traffic over an interface:

RFController(config-ext-nacl)#permit icmp any any rule-precedence 30

RFController(config-ext-nacl)#)#

466

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

service

Invokes service commands to troubleshoot or debug the (config-if) instanceconfigurations

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

None

Example

RFController(config-ext-nacl)#service show cli

Extended ACL Config mode:

+-clrscr [clrscr]

+-deny

+-icmp

+-A.B.C.D/M

+-A.B.C.D/M [(deny|permit|mark (8021p <0-7> | tos <0-255>)) (icmp)

<0-255> <0-255> |)(log|)(rule-precedence <1-5000> |)]

+-<0-255> [(deny|permit|mark (8021p <0-7> | tos <0-255>)) (icmp)

<0-255> <0-255> |)(log|)(rule-precedence <1-5000> |)]

+-<0-255> [(deny|permit|mark (8021p <0-7> | tos <0-255>)) (icmp)

<0-255> <0-255> |)(log|)(rule-precedence <1-5000> |)]

+-log [(deny|permit|mark (8021p <0-7> | tos <0-255>)) (icmp)

<0-255> <0-255> |)(log|)(rule-precedence <1-5000> |)]

+-rule-precedence

.............................................................................

..........................

RFController(config-ext-nacl)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

467

Download from Www.Somanuals.com. All Manuals Search And Download.

Extended ACL config commands

show

•Standard ACL config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

Displays current system information running on the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller:

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

Syntax

show <paramater>

Parameters

Displays the parameters for which information can be viewed

using the show command

Example

RFController(config-ext-nacl)#show ?

access-list

aclstats

alarm-log

autoinstall

banner

Internet Protocol (IP)

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

boot

clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

environment

file

firewall

ftp

history

interfaces

Debugging information outputs

DHCP Server Configuration

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

licenses

logging

mac

Show any installed licenses

Show logging configuration and buffer

Internet Protocol (IP)

mac-address-table

mac-name

Display MAC address table

Displays the configured MAC names

468

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Extended ACL

management

mobility

ntp

Display L3 Managment Interface name

Display Mobility parameters

Network time protocol

password-encryption

port-channel

privilege

radius

redundancy

role

password encryption

Portchannel commands

Show current privilege level

RADIUS configuration commands

Display redundancy group parameters

Configure role parameters

rtls

Real Time Locating System commands

Current Operating configuration

Securitymgr parameters

running-config

securitymgr

service-list

sessions

smtp-notifications

snmp

snmp-server

spanning-tree

startup-config

List of services

Display current active open connections

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

static-channel-group static channel group membership

terminal

timezone

Display terminal configuration parameters

Display timezone

traffic-shape

upgrade-status

users

Display traffic shaping

Display last image upgrade status

Display information about currently logged

in users

version

virtual-ip

wireless

wlan-acl

wwan

Display software & hardware version

IP redundancy feature

Wireless configuration commands

wlan based acl

Wireless wan interface

RFController(config-ext-nacl)#show

Configuring IP Extended ACL

IP Extended ACLs contain rules based on the following parameters:

•

Source IP address

Destination IP address

IP Protocol

Source Port–if protocol is TCP or UDP

Destination Port–if protocol is TCP or UDP

ICMP Type–if protocol is ICMP

ICMP Code–if protocol is ICMP

IP protocol, Source IP and Destination IP are mandatory parameters.You can create either a

Numbered IP Extended ACL or a Named IP Extended IP Address.

Execute the following commands to configure an IP Extended ACL:

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

469

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Extended ACL

1. To configure a numbered IP Extended ACL:

RFController(config)#access-list 2 deny ip host 1.2.3.4 any

rule-precedence 10

RFController(config)#access-list 2 permit tcp any host 2.3.4.5 eq 80

rule-precedence 20

RFController(config)#access-list 2 deny icmp any host 2.3.4.5

rule-precedence 30

2. To configure named IP Extended ACL:

RFController(config)#ip access-list extended ipextacl

RFController(config-ext-nacl)#deny ip host 1.2.3.4 any rule-precedence 10

RFController(config-ext-nacl)#permit tcp any host 2.3.4.5 eq 80

rule-precedence 20

RFController(config-ext-nacl)#deny icmp any host 2.3.4.5 rule-precedence

470

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Standard ACL Instance

In this chapter

•Use case: configuring IP standard ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485

The Standard ACL instance (config-std-acl)is used to manage the standard Access Control

List entries associated with the controller.

To navigate to this instance, use the command:

RFController(config)#ip access-list standard [<ACL-name>|

<1-99>|<1300-1999>]

RFController(config-std-acl)#

Standard ACL config commands

Table 15 summarizes the config-std-naclcommands:

TABLE 15

Command

Standard ACL Config Command Summary

Description

Ref.

deny

Clears the display screen

Specifies packets to reject

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Displays the interactive help system

Specifies packets to mark

mark

Negates a command or sets its defaults

Specifies packets to forward

permit

Invokes service commands to troubleshoot or debug

(config-if) instance configurations

Displays running system information

page 484

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

471

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

clrscr

Clears the display screen

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController(config-std-nacl)#clrscr

RFController(config-std-nacl)#

472

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

deny

Specifies packets to reject

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

deny [<source-IP/Mask>|any|host <IP>] {log} {rule-precedence

<1-5000>}

Parameters

[<source-IP/Mask>|any|ho

st <IP>] {log}

{rule-precedence

<1-5000>}

Use with a deny command to reject packets

•

<source-IP/Mask>|any|host <IP> – The keyword

<source-IP> is the source IP address of the network or host

in dotted decimal format. The <Mask> is the network mask.

For example, 10.1.1.10/24 indicates the first 24 bits of the

source IP is used for matching.

•

any – any is an abbreviation for a source IP of 0.0.0.0 and

source-mask bits equal to 0

host – host is an abbreviation for the exact source <IP>

(A.B.C.D format) and source-mask bits equal to 32

log – Generates log messages when the packet coming from

the interface matches an ACL entry. Log messages are

generated only for router ACLs.

•

rule-precedence <1-5000> – Defines an integer value

between 1-5000. This value sets the rule precedence in the

ACL..

Usage Guidelines

Use this command to deny traffic based on the source IP address or network address. The last ACE

in the access list is an implicit deny statement.

Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.

It is allowed/denied based on the ACL configuration.

NOTE

The log option is functional only for router ACL’s. The log option results in an informational logging

message for the packet matching the entry sent to the console.

Example - denying traffic to the interface

The example below denies all traffic entering the interface (a log message is generated whenever

the interface receives a packet):

RFController(config-std-nacl)#deny any log rule-precedence 50

RFController(config-std-nacl)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

473

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

Example - denying traffic only from source network

The example below denies traffic from the source network (xxx.xxx.1.0/24) and allows all other

traffic to flow through the interface:

RFController(config-std-nacl)#deny xxx.xxx.1.0/24 rule-precedence 60

RFController(config-std-nacl)#permit any

474

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

end

Ends and exits from the current mode and moves to the PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-std-nacl)#end

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

475

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

exit

Ends the current mode and moves to previous mode (GLOBAL-CONFIG). The prompt changes to

RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config-std-nacl)#exit

RFController(config)#

476

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

help

Displays the system’s interactive help in HTML format

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController(config-std-nacl)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-std-nacl)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

477

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

mark

Specifies packets to mark

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

mark [8021p|dscp|tos]

mark 8021p <vlan-priority-value>

mark dscp <dscp-codepoint-value>

mark tos <tos-value> [<source-IP/Mask>|any|host <IP>] {log} {rule-precedence

<1-5000>}

Parameters

8021p

<vlan-priority-value>

Sets the 802.1p VLAN user priority value to <vlan-priority-value>

(0-7).

dscp

Sets the Differentiated Services Code Point code-point value to

<dscp-codepoint-value> <dscp-codepoint-value> (0-63)

tos <tos-value>

Sets the TOS value to <tos-value>. The least significant two bits of

the <tos-value> must be 0.

[<source-IP/Mask>|

any|host <IP>] {log}

{rule-precedence

<1-5000>}

Use with a markcommand to mark packets

•

<source-IP/Mask>|any|host <IP> – The keyword

<source-IP> is the source IP address of the network or host

in dotted decimal format. The <Mask> is the network mask.

For example, 10.1.1.10/24 indicates the first 24 bits of the

source IP is used for matching.

•

any – any is an abbreviation for a source IP of 0.0.0.0 and

source-mask bits equal to 0

host – host is an abbreviation for the exact source <IP>

(A.B.C.D format) and source-mask bits equal to 32

log – Optional.Generates log messages when the packet

coming from the interface matches an ACL entry. Log

messages are generated only for router ACLs.

rule-precedence <1-5000> – Optional. Defines an integer

value between 1-5000. This value sets the rule precedence

in the ACL.

•

Usage Guidelines

Use this command to mark traffic from the source network/host. Use the mark option to specify

the type of service (TOS) and priority value. The TOS value is marked in the IP header. The 802.1p

priority value is marked in the frame.

When the interface receives the packet, its content is checked against the ACEs in the ACL. It is

marked based on the ACL configuration.

478

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

NOTE

The log option is functional only for router ACLs. The log option results in an informational logging

message about the packet matching the entry sent to the console.

Marking tos for Source Network Traffic

The example below marks the type of service (TOS) value to 254 for all traffic coming from the

source network:

RFController(config)#access-list 3 mark tos 254 xxx.xxx.3.0/24

RFController (config)#access-list 3 permit any

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

479

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

Negates a command or sets its defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

no [deny|mark|permit]

Negates all the syntax combinations used in deny, mark and permit designations.

Parameters

deny

Specifies packets to reject

Specifies packets to mark

Specifies packets to forward

mark

permit

Example

RFController(config-std-nacl)#no permit any rule-precedence 10

RFController(config-std-nacl)#

RFController(config-std-nacl)#no deny any rule-precedence 20

RFController(config-std-nacl)#

RFController(config-std-nacl)#no mark tos 4 192.168.2.0/24 rule-precedence 30

RFController(config-std-nacl)#

480

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

permit

Specifies packet to forward

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

permit [<source-IP/Mask>|any|host <IP>] {log}

{rule-precedence <1-5000>}

Parameters

[<source-IP/Mask>|

any|host <IP>] {log}

{rule-precedence

<1-5000>}

Use with a permitcommand to allow packets

•

<source-IP/Mask>|any|host <IP> – The keyword

<source-IP> is the source IP address of the network or host

in dotted decimal format. The <Mask> is the network mask.

For example, 10.1.1.10/24 indicates the first 24 bits of the

source IP is used for matching.

•

any – any is an abbreviation for a source IP of 0.0.0.0 and

source-mask bits equal to 0

host – host is an abbreviation for the exact source <IP>

(A.B.C.D format) and source-mask bits equal to 32

log – Generates log messages when the packet coming from

the interface matches an ACL entry. Log messages are

generated only for router ACLs.

•

rule-precedence <1-5000> – Defines an integer value

between 1-5000. This value sets the rule precedence in the

ACL.

Usage Guidelines

Use this command to allow traffic based on the source IP address or network address. The last ACE

in the access list is an implicit deny statement.

Whenever the interface receives the packet, its content is checked against all

the ACEs in the ACL. It is allowed based on the ACL’s configuration.

NOTE

The log option is functional only for router ACLs. The log option displays an informational logging

message about the packet matching the entry sent to the console.

Example - permitting traffic to interface

The example below permits all the traffic that comes to the interface:

RFController(config-std-nacl)#permit any rule-precedence 50

RFController(config-std-nacl)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

481

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

Permitting Traffic from source network

The example below permits traffic from the source network and provides a log message:

RFController(config-std-nacl)#permit xxx.xxx.1.0/24 log rule-precedence 60

RFController(config-std-nacl)#

482

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

service

Invokes service commands to troubleshoot or debug (config-if) instance configurations

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

cli

Displays the CLI tree of the current mode

Example

RFController(config-std-nacl)#service show cli

Standard ACL Config mode:

+-clrscr [clrscr]

+-deny

+-A.B.C.D/M [(deny|permit|mark (8021p <0-7> | tos <0-255>))(A.B.C.D/M | host

A.B.C.D | any)(log|)(rule-precedence <1-5000> |)]

+-log [(deny|permit|mark (8021p <0-7> | tos <0-255>))(A.B.C.D/M | host

A.B.C.D | any)(log|)(rule-precedence <1-5000> |)]

+-rule-precedence

+-<1-5000> [(deny|permit|mark (8021p <0-7> | tos <0-255>))(A.B.C.D/M |

host A.B.C.D | any)(log|)(rule-precedence <1-5000> |)]

+-rule-precedence

+-<1-5000> [(deny|permit|mark (8021p <0-7> | tos <0-255>))(A.B.C.D/M |

host A.B.C.D | any)(log|)(rule-precedence <1-5000> |)]

+-any [(deny|permit|mark (8021p <0-7> | tos <0-255>))(A.B.C.D/M | host

A.B.C.D | any)(log|)(rule-precedence <1-5000> |)]

+-log [(deny|permit|mark (8021p <0-7> | tos <0-255>))(A.B.C.D/M | host

A.B.C.D | any)(log|)(rule-precedence <1-5000> |)]

+-rule-precedence

+-<1-5000> [(deny|permit|mark (8021p <0-7> | tos <0-255>))(A.B.C.D/M |

host A.B.C.D | any)(log|)(rule-precedence <1-5000> |)]

+-rule-precedence

+-<1-5000> [(deny|permit|mark (8021p <0-7> | tos <0-255>))(A.B.C.D/M |

host A.B.C.D | any)(log|)(rule-precedence <1-5000> |)]

.............................................................................

...............................................

RFController(config-std-nacl)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

483

Download from Www.Somanuals.com. All Manuals Search And Download.

Standard ACL config commands

show

•MAC Extended ACL config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

Displays current system information running on the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller:

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

Syntax

show <paramater>

Parameters

Displays all the parameters for which the information can be

viewed using the show command

Example

RFController(config-std-nacl)#show ?

access-list

Internet Protocol (IP)

aclstats

alarm-log

autoinstall

banner

boot

clock

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

environment

file

firewall

ftp

history

interfaces

Debugging information outputs

DHCP Server Configuration

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

licenses

logging

mac

Show any installed licenses

Show logging configuration and buffer

Internet Protocol (IP)

mac-address-table

mac-name

management

Display MAC address table

Displays the configured MAC names

Display L3 Managment Interface name

484

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Use case: configuring IP standard ACL

mobility

Display Mobility parameters

ntp

Network time protocol

password-encryption

port

port-channel

privilege

protocol-list

radius

redundancy

rtls

role

password encryption

Physical/Aggregate port interface

Portchannel commands

Show current privilege level

List of protocols

RADIUS configuration commands

Display redundancy group parameters

Real Time Locating System commands

Configure role parameters

running-config

securitymgr

service-list

sessions

smtp-notifications

snmp

snmp-server

spanning-tree

startup-config

Current Operating configuration

Securitymgr parameters

List of services

Display current active open connections

Display the SNMP engine parameters

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

static-channel-group static channel group membership

terminal

timezone

Display terminal configuration parameters

Display timezone

traffic-shape

upgrade-status

users

version

virtual-IP

wireless

Display traffic shaping

Display last image upgrade status

Display information about currently logged in users

Display software & hardware version

IP reduncancy feature

Wireless configuration commands

wlan based acl

wlan-acl

RFController(config-std-nacl)#show

Use case: configuring IP standard ACL

IP Standard ACLs contain rules based on Source IP Address. You can create either a Numbered IP

Standard ACL or a Named IP Standard IP Address.

Execute the following CLI commands to configure an IP based standard ACL:

1. To configure numbered IP Standard ACL:

RFController(config)#access-list 2 deny host 1.2.3.4 rule-precedence 10

RFController(config)#access-list 3 deny host 1.2.3.4 rule-precedence 10

RFController(config)#access-list 3 permit any rule-precedence 20

Valid numbers for numbered IP Standard ACLs are from 1-99 and 1300-1999. In the above

CLI example, ACL 3 denies host with IP 1.2.3.4 and allows all other hosts.

2. To configure an IP Standard ACL:

RFController(config)#ip access-list standard ipst2

RFController(config-std-nacl)#permit host 10.1.1.10 rule-precedence 30

RFController(config-std-nacl)#deny any rule-precedence 20

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

485

Download from Www.Somanuals.com. All Manuals Search And Download.

Use case: configuring IP standard ACL

486

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Extended MAC ACL Instance

In this chapter

•Configuring MAC Extended ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505

Use the (config-ext-macl) instance to configure macaccess-list extendedACLs. To

navigate to this instance, use the command:

RFController(config)#mac access-list extended <acl-name>

RFController(config-ext-macl)#

MAC Extended ACL config commands

Table summarizes config-ext-maclcommands:

TABLE 16

Command

MAC Extended ACL Config Command Summary

Description

Ref.

deny

Clears the display screen

Specifies packets to reject

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Displays the interactive help system

Specifies packets to mark

mark

Negates a command or sets its defaults

Specifies packets to forward

permit

Invokes service commands to troubleshoot or debug the

(config-if)instance configurations

Shows running system information

page 504

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

487

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

clrscr

Clears the display screens

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController(config-ext-macl)#clrscr

RFController(config-ext-macl)#

488

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

deny

Specifies packets to reject

NOTE

Use a decimal value representation of ethertypes to implement a permit/deny/markdesignation

for a packet. The command set for Extended MAC ACLs provide the hexadecimal values for each

listed ethertype. The controller supports all ethertypes. Use the decimal equivalent of the ethertype

listed for any other ethertype.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

deny [<MAC/Mask>|any|host <MAC>] [<MAC/Mask>|any|

host <MAC>] {[dot1p|rule-precedence|type|vlan]}

deny [<MAC/Mask>|any|host <MAC>] [<MAC/Mask>|any|

host <MAC>] dot1p <0-7> {rule-precedence|type}

deny [<MAC/Mask>|any|host <MAC>] [<MAC/Mask>|any|

host <MAC>] rule-precedence <1-5000>

deny [<MAC/Mask>|any|host <MAC>] [<MAC/Mask>|any|

host <MAC>] type [8021p|<1-65535>|aarp|appletalk|apr|ip|

ipv6|ipx|rarp|wisp] {rule-precedence <precedence>}

deny [<MAC/Mask>|any|host <MAC>] [<MAC/Mask>|any|

host <MAC>] vlan <1-4094> {rule-precedence|type}

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

489

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

Parameters

deny [<MAC/Mask>|any|host

<MAC>] [<MAC/Mask>|any|

host <MAC>] {[dot1p|

rule-precedence|type|vlan]}

Define a source and destination MAC address and Mask

specifying the bits to match. The source and destination

wildcards can be any one of the following:

•

[<MAC/Mask>|any|host <MAC>]– Source MAC

address and mask in the format

xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx

•

any – Any source host

host – Exact source MAC address to match

dot1p <0-7>

Determine a 802.1p priority value to match. <priority> is

in the range 0 to 7.

rule-precedence <1-5000>

type [8021q|<1-65535>|

Define an access-list entry precedence

Set an ethertype value represented as an integer. Use

arp|appletalk|ip|ipv6|vlan|ipx|arp| keywords for well-known ethertypes (IP, IPv6, ARP etc.)

wisp]

•

8021q – VLAN Ether type (0*8100)

<1-65535> – Ether protocol number

aarp – AARP Ether Type ( 0*80F3)

appletalk – APPLETALK Ether Type (0*809B)

arp – ARP Ether Type (0*0806)

ip – IP Ether Type (0*0800)

ipv6 – IPv6 Ether Type (0*86DD)

ipx – IPX Ether Type (0*8137)

rarp – RARP Ether Type (0*8035)

wisp – WISP Ether Type (0*8783)

vlan<1-4095>

Set a VLAN tag ID to match

Usage Guidelines

The deny command disallows traffic based on layer 2 (data-link layer) data. The MAC access list

denies traffic from a particular source MAC address or any MAC address. It can also disallow traffic

from a list of MAC addresses based on the source mask.

The MAC access list can disallow traffic based on the VLAN and ethertype.

The most common ethertypes are:

•

arp

wisp

802.1q

NOTE

MAC ACL always takes precedence over IP based ACL’s.

The last ACE in the access list is an implicit deny statement.

Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.

It is allowed/denied based on the ACL configuration.

Example - denying traffic from any MAC address

The MAC ACL (in the example below) denies traffic from any source MAC address to a particular

host MAC address:

490

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

RFController(config-ext-macl)#deny any host 00:01:ae:00:22:11

RFController(config-ext-macl)#

Example - denying dot1q tagged traffic

The MAC ACL (in the example below) denies dot1q tagged traffic from VLAN interface 5:

RFController(config-ext-macl)#deny any any vlan 5 type 8021q

RFController(config-ext-macl)#

Example - denying traffic between two MAC based hosts

The example below denies traffic between two hosts based on MAC addresses:

RFController(config-ext-macl)#deny host 01:02:fe:45:76:89 host

01:02:89:78:78:45

RFController(config-ext-macl)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

491

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

end

Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-ext-macl)#end

RFController#

492

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

exit

Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to

RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config-ext-macl)#exit

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

493

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

help

Displays the system’s interactive help (in HTML format)

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController(config-ext-macl)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-ext-macl)#

494

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

mark

Specifies the packet to mark

NOTE

Use a decimal value representation of ethertypes to implement permit/deny/mark designations for

a packet. An Extended MAC ACL provides the hexadecimal values for each listed ethertype. The

controller supports all ethertypes. Use the decimal equivalent of the ethertype listed in the CLI or

any other type of ethertype.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

mark [8021p|dscp|tos]

mark [8021p <vlan-priority-value>|dscp

<dscp-codepoint-value>|tos <tos-value>] [icmp|ip|tcp|udp]

mark [8021p <vlan-priority-value>|dscp

<dscp-codepointvalue>|tos <tos-value>] icmp [<source-IP/Mask>|any|host<IP>]

[<dest-IP/mask>|any|host <IP>]

{<ICMP-type> {<ICMPcode>}}

{log} {rule-precedence <1-5000>]}

mark [8021p <vlan-priority-value>|dscp

<dscp-codepointvalue>|tos <tos-value>] IP [<source-IP/mask>|any|host

<IP>][<dest-ip/mask>|any|host <IP>] {log} {rule-precedence <1-5000>}

mark [8021p <vlan-priority-value>|dscp

<dscp-codepointvalue>|tos <tos-value>] [tcp|udp]

[source-IP/Mask>|any|host<IP>] {eq <source-port>|range <starting-source-port>

<ending-source-port>} [<dest-IP/Mask|any|host <IP>] {eq <source-port>} {range

<starting-source-port> <ending-sourceport>}{log}

{rule-precedence <1-5000>}

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

495

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

Parameters

8021p<0-7>

Modifies the 802.1p VLAN user priority

•

xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx Source MAC address

and mask

•

any – Any source host

host – Exact source MAC address to match

tos<0-255>

Modifies the TOS bits in an IP header

•

xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx Destination MAC

address and mask

•

any – Any destination host

host – Exact destination MAC address to match

mark [<source-IP/Mask>

|any|host<IP>]

Specifies the bits to match. The source wildcard can be

any one of the following:

•

xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx Source MAC address

and mask

•

any – Any source host

host – Exact source MAC address to match

mark [<dest-IP/mask>|any|host

<IP>]

Specifies bits to match. The destination wildcard can be

any one of the following:

•

xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx Destination MAC

address and mask

•

any – Any destination host

host – Exact destination MAC address to match

dot1p<0-7>

Defines a VLAN 802.1p priority value to match

rule-precedence<1-5000>

Establishes an access-list entry precedence

type [8021q|<1-65535>|

vlan|wisp]

Defines an ethertype value represented as an integer or

keyword for well-known ethertypes (such as: IP, IPv6, ARP)

vlan <1-4095>

Defines the VLAN tag ID to match

Modify DSCP TOS bits in IP header

dscp <0-63>

•

xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx Destination MAC

address and mask

•

any – Any destination host

host – Exact destination MAC address to match

Usage Guidelines

Use the mark option to specify the type of service (tos) and priority value. The tos value is marked

in the IP header and the 802.1p priority value is marked in the dot1q frame.

Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.

It is marked based on the ACL’s configuration.

Example - marking dot1p priority value for 802.1q tagged traffic

The example below marks the dot1p priority value to 6 for all 802.1q tagged traffic from VLAN

interface 5:

RFController(config-ext-macl)#mark 8021p 6 any any vlan 5 type 8021q

RFController(config-ext-macl)#

496

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

Example - marking tos for IP traffic

The example below marks the tos field to 254 for IP traffic coming from the source MAC :

RFController(config-ext-macl)#mark tos 254 host 00:33:44:55:66:77 any type ip

RFController(config-ext-macl)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

497

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

Negates a command or sets its defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

no [deny|mark|permit]

Negates all the syntax combinations used in deny, mark and permit designations to configure the

Extended ACL

Parameters

deny

Specifies packets to reject

Specifies packets to mark

Specifies packets to forward

mark

permit

Example

RFController(config-ext-macl)#no mark tos 254 host 00:33:44:55:66:77 any type

ip rule-precedence 50

RFController(config-ext-macl)#

RFController(config-ext-macl)#no deny any any vlan 5 type 8021q

rule-precedence 10

RFController(config-ext-macl)#

RFController(config-ext-macl)#no permit any any type wisp rule-precedence 50

RFController(config-ext-macl)#

498

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

permit

Specifies packets to forward

NOTE

Use a decimal value representation of ethertypes to implement permit/deny/mark designations for

a packet. An Extended MAC ACL provides the hexadecimal values for each listed ethertype. The

controller supports all ethertypes. Use the decimal equivalent of the ethertype listed in the CLI or

any other type of ethertype.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

permit [icmp|ip|tcp|upd]

permit icmp [<source-IP/Mask>|any|host <IP>] [<dest-IP/

Mask>|any|host <IP>] {<ICMP-type> {<ICMP-code>}} {log}

{rule-precedence <1-5000>]}

permit ip [<source-IP/mask>|any|host <ip>] [<dest-IP/Mask>|any|host <ip>]

{log} {rule-precedence <1-5000>}

permit [tcp|udp] [<source-IP/Mask>|any|host <IP>] {eq

<source-port>|range <starting-source-port>

<ending-sourceport>}[<dest-IP/Mask|any|host <IP>] {eq <source-port>}{range

<starting-source-port>

<ending-source-port>} {log}{rule-precedence <1-5000>}

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

499

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

Parameters

permit [<source-IP/Mask>|any|host

<IP>]

Specifies the bits to match. The source wildcard can be

any one of the following:

• xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx

Source MAC address and mask

•

any – Uses any source host

host – Defines the MAC address to match

permit [<dest-IP/

Mask>|any|host <IP>]

{<ICMP-type> {<ICMP-code>}}

Bit mask specifying the bits to match. The destination

wildcard can be one of the following:

• xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx

Destination MAC address and mask

•

any – Uses any available destination host

host – Defines the destination MAC address

dot1p<0-7>

Establishes the 802.1p priority

rule-precedence<1-5000>

Defines an access list entry precedence

type(8021q|<1-65535>|aarp|arp|a Sets an ethertype

ppletalk|ip|ipv6|ipx|rarp|vlan|wisp)

•

8021q –VLAN Ether type (0*8100)

<1-65535> – Ether protocol number

aarp – AARP Ether Type ( 0*80F3)

appletalk – APPLETALK Ether Type

(0*809B)

•

arp – ARP Ether Type (0*0806)

ip – IP Ether Type (0*0800)

ipv6 – IPv6 Ether Type (0*86DD)

ipx – IPX Ether Type (0*8137)

rarp – RARP Ether Type (0*8035)

wisp – WISP Ether Type (0*8783)

vlan<1-4095>

Sets the VLAN ID

Usage Guidelines

When creating a Port ACL, the controller (by default) does not permit an ethertype WISP. Create a

rule to allow WISP to adopt access points. Use the following command to adopt access points:

permit any any type wisp

NOTE

Use the following command to attach a MAC access list to a port on a layer 2 interface:

mac access-group <acl number/name> in

The permit command in the MAC ACL disallows traffic based on layer 2 (data-link layer)

information. A MAC access list permits traffic from a source MAC address or any MAC address. It

also has an option to allow traffic from a list of MAC addresses (based on the source mask).

The MAC access list can be configured to allow traffic based on VLAN information, ethernet type.

Common types include:

•

arp

wisp

802.1q

500

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

The controller (by default) does not allow layer 2 traffic to pass through the interface. To adopt an

access point through an interface, configure an access control list to allow an ethernet WISP. .v

NOTE

To apply an IP based ACL to an interface, a MAC access list entry to allow ARP is mandatory. A MAC

ACL always takes precedence over IP based ACLs.

The last ACE in the access list is an implicit deny statement. Whenever the interface receives the

packet, its content is checked against all the ACEs in the ACL. It is allowed/denied based on the

ACL’s configuration.

Example - permitting WISP traffic

The example below permits WISP traffic from any source MAC address to any destination MAC

address:

RFController(config-ext-macl)#permit any any type wisp

RFController(config-ext-macl)#

Example - permitting ARP traffic

The example below permits arp based traffic from any source MAC address to any destination MAC

address:

RFController(config-ext-macl)#permit any any type arp

RFController(config-ext-macl)#

Permitting IP traffic

The example below permits IP based traffic from a source MAC address to any destination MAC

address:

RFController(config-ext-macl)#permit host 11:22:33:44:55:66 any type ip

RFController(config-ext-macl)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

501

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

service

Invokes service commands to troubleshoot or debug (config-if)instance configurations

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

show cli

Displays running system information

Example

RFController(config-ext-macl)#service show cli

MAC Extended ACL Config mode:

+-clrscr [clrscr]

+-deny

+-XX:XX:XX:XX:XX:XX/XX:XX:XX:XX:XX:XX

+-XX:XX:XX:XX:XX:XX/XX:XX:XX:XX:XX:XX [(deny|permit|mark (8021p <0-7> |

tos

<0-255>))(XX:XX:XX:XX:XX:XX/XX:XX:XX:XX:XX:XX | host XX:XX:XX:XX:XX:XX |

any)(XX

:XX:XX:XX:XX:XX/XX:XX:XX:XX:XX:XX | host XX:XX:XX:XX:XX:XX | any)(vlan

<1-4095>

| dot1p <0-7> |) (type (<1-65535> | ip | ipv6

| arp | wisp | 8021q | ra

rp | aarp | appletalk | ipx ) |)(rule-precedence <1-5000> |)]

+-dot1p

+-<0-7> [(deny|permit|mark (8021p <0-7> | tos

<0-255>))(XX:XX:XX:XX:XX:X

X/XX:XX:XX:XX:XX:XX | host XX:XX:XX:XX:XX:XX |

any)(XX:XX:XX:XX:XX:XX/XX:XX:XX:X

X:XX:XX | host XX:XX:XX:XX:XX:XX | any)(vlan <1-4095> | dot1p <0-7> |) (type

(<1

-65535> | ip | ipv6

| arp | wisp | 8021q | rarp | aarp | appletalk | ip

x ) |)(rule-precedence <1-5000> |)]

+-rule-precedence

+-<1-5000> [(deny|permit|mark (8021p <0-7> | tos

<0-255>))(XX:XX:XX:

XX:XX:XX/XX:XX:XX:XX:XX:XX | host XX:XX:XX:XX:XX:XX |

any)(XX:XX:XX:XX:XX:XX/XX:

XX:XX:XX:XX:XX | host XX:XX:XX:XX:XX:XX | any)(vlan <1-4095> | dot1p <0-7> |)

ype (<1-65535> | ip | ipv6

lk | ipx ) |)(rule-precedence <1-5000> |)]

+-type

.............................................................................

...............................................

502

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

RFController(config-ext-macl)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

503

Download from Www.Somanuals.com. All Manuals Search And Download.

MAC Extended ACL config commands

show

•DHCP Config command s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 07

Displays current system information running on the controller

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller:

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

Syntax

show <paramater>

Parameters

Displays all the parameters for which information can be viewed

using the show command

Usage Guidelines

The show access-list command displays the access lists configured for the controller. Provide the

access list name or number to view specific ACL details

Example

RFController(config-ext-macl)#show ?

access-list

aclstats

alarm-log

autoinstall

banner

Internet Protocol (IP)

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

boot

clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

dpd

Debugging information outputs

DHCP Server Configuration

wios dataplane

environment

file

firewall

ftp

history

interfaces

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

504

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring MAC Extended ACL

licenses

Show any installed licenses

logging

mac

Show logging configuration and buffer

Internet Protocol (IP)

mac-address-table

mac-name

management

mobility

Display MAC address table

Displays the configured MAC names

Display L3 Managment Interface name

Display Mobility parameters

Network time protocol

ntp

password-encryption

port-channel

protocol-list

privilege

radius

redundancy

rtls

role

password encryption

Portchannel commands

List of protocols

Show current privilege level

RADIUS configuration commands

Display redundancy group parameters

Real Time Locating System commands

Configure role parameters

running-config

securitymgr

service-list

sessions

mtp-notofication

snmp

snmp-server

spanning-tree

startup-config

Current Operating configuration

Securitymgr parameters

List of services

Display current active open connections

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

static-channel-group static channel group membership

terminal

traffic-shape

timezone

Display terminal configuration parameters

Display traffic shaping

Display timezone

upgrade-status

users

version

virtual-ip

wireless

wlan-acl

Display last image upgrade status

Display information about currently logged in users

Display software & hardware version

IP redundancy feature

Wireless configuration commands

wlan based acl

RFController(config-ext-macl)#show

Configuring MAC Extended ACL

MAC Extended ACLs contain rules based on the following parameters:

•

Source MAC address

Destination MAC address

Ethertype– accepts well known types like IP, ARP, VLAN or an integer value between 1-65535.

VLAN-ID

VLAN 802.1p user priority

Source and Destination MAC address are mandatory parameters.

Execute the following commands to configure a MAC extended ACL with different rule parameters

on the controller:

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

505

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring MAC Extended ACL

RFController(config)#mac access-list extended macextacl

RFController(config-ext-macl)#permit 00:a0:f8:00:00:00 ff:ff:ff:00:00:00 any

rule-precedence 10

RFController(config-ext-macl)#deny any any type arp rule-precedence 20

RFController(config-ext-macl)#deny any any vlan 23 rule-precedence 30

506

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

DHCP Server Instance

In this chapter

•Configuring the DHCP server using controller CL I . . . . . . . . . . . . . . . . . . . . 5 37

Use the (config-dhcp) instance to configure the DHCP server address pool associated with the

controller.

To move to this instance, use the command.

RFController(config)#ip dhcp pool <pool-name>

RFController(config-dhcp)#

Also refer to Chapter 18, “DHCP Class Instance” for other DHCP related configurations.

DHCP Config commands

Table 17 summarizes config-dhcpcommands:

TABLE 17

Command

DHCP Config Commands

Description

Ref.

address

bootfile

Defines the DHCP server include range

page 509

page 510

Assigns a boot file name. The bootfile name can contain

letters, numbers, dots and hyphens. Consecutive dots and

hyphens are not permitted

class

Associates a class with a pool and moves to the DHCP pool page 511

class configuration mode

client-identifier

client-name

Uses an ASCII string as a client identifier

Assigns a client name

Clears the display screen

ddns

Configures Dynamic DNS (DDNS) values

Configures a default router’s IP address

Sets the IP address of a DNS Server

Sets the domain name

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

hardware-address Defines the hardware address using either a dashed or

dotted hexadecimal string

Displays the interactive help system in HTML format

page 523

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

507

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

TABLE 17

Command

DHCP Config Commands

Description

Ref.

host

Configures an IP address for the host

Assigns the lease time for a DHCP leased IP address

netbios-name-serv Configures NetBIOS (WINS) name servers

netbios-node-type

network

Defines the NetBIOS node type

Sets a network number and mask for a DHCP Server

Configures the next server in boot process

Negates a command or sets its defaults

Assigns a name for a DHCP option

next-server

option

Invokes service commands to troubleshoot or debug

(config-dhcp) instance configurations

Displays the running system information

Enables unicast for DHCP

Controls the usage of Dynamic DNS (DDNS)

508

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

address

Specifies a range of addresses for the DHCP network pool

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

address range <low IP address> <high IP address>

Parameters

range <low IP address>

Adds an address range for the DHCP server

•

low IP address – Defines the first IP address in the

address range

•

high IP address – Defines the last IP address in the

address range

Usage Guidelines

Use the addresscommand to specify a range of addresses for the DHCP network pool. The DHCP

server assigns IP address to DHCP clients from the address range. A high IP address is the upper

limit for providing the IP address, and a low IP address is the lower limit for providing the IP

address.

Use the no address range command to remove the DHCP address range.

Example

RFController(config-dhcp)#address range 2.2.2.2 2.2.2.50

RFController(config-dhcp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

509

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

bootfile

Assigns a bootfile name for the DHCP configuration on the network pool

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

bootfile <FILE>

Parameters

bootfile <FILE>

Sets the boot image for BOOTP clients. The file name

can contain letters, numbers, dots and hyphens.

Consecutive dots and hyphens are not permitted.

Usage Guidelines

Use the bootfilecommand to specify the boot image. The boot file contains the boot image name

used for booting the bootp clients (DHCP clients). Only one boot file is allowed per pool.

Use {no} bootfilecommand to remove the bootfile. Do not use the <file name> with the bootfile

command as only one bootfile exists per pool. The command [no] bootfileremoves the existing

command from the pool.

Example

RFController(config-dhcp)#bootfile bootexample.txt

RFController(config-dhcp)#

510

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

class

Associates a DHCP class with a pool

This command is used in Step 4 of Creating a DHCP User Class.

The CLI prompt moves to a sub-instance(config-dhcp-class).The configuration mode changes

from (config-dhcp)# class to (config-dhcp-class).

Refer to config-dhcp-class on page 512 for a (config-dhcp-class)command summary.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

class <class-name>

Parameters

class <class -name>

Associates a class with a pool and enters the DHCP pool

class configuration mode

Example

RFController(config-dhcp)#class RFControllerDHCPclass

RFController(config-dhcpclass)#

Creating a DHCP User Class

Follow the steps below to create a DHCP User Class:

1. Create a DHCP class named RFControllerDHCPclass. The controller supports a maximum of

32 DHCP classes.

RFController(config)#ip dhcp class RFControllerDHCPclass

RFController(config-dhcpclass)#

2. Create a USER class named MC800. The mode changes to (config-dhcpclass). The controller

supports a maximum of 8 users classes per DHCP class.

RFController(config-dhcpclass)#option user-class MC800

RFController(config-dhcpclass)#

3. Create a Pool named WID, using (config)#mode.

RFController(config)#ip dhcp pool WID

RFController(config-dhcp)#

4. Associate the DHCP class, created in Step 1 with the pool created in Step 3. The controller

supports the association of 8 DHCP classes with a pool.

RFController(config-dhcp)#class RFControllerDHCPclass

RFController(config-dhcp-class)#

5. The controller moves to a new mode (config-dhcp-class). Use this mode to add an address

range used for the DHCP class associated with the pool.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

511

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

RFController(config-dhcp-class)#address range 11.22.33.44

config-dhcp-class

Use (config-dhcp)# class to enter the (config-dhcp-class) instance. Use this instance to

set an address range for a DHCP user class within a DHCP server address pool.

Table 18 summarizes config-dhcp-classcommands.

TABLE 18

config-dhcp-class commands

Command

Description

address

Sets an address range for a DHCP class in a DHCP server address pool

Clears the display screen

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Displays the interactive help system in HTML format

Negates a command or sets its defaults

Assists in troubleshooting or debugging issues

Displays running system information

address

config-dhcp-class

Sets an address range for a DHCP class within a DHCP server address pool

Syntax

address range <low IP Address> <high IP Address>

Parameters

range <low IP Address>

Assigns an address range for the DHCP class

•

<low IP Address> – Defines the low IP address

<high IP Address> – Defines the high IP address

Example

RFController(config-dhcp-class)#address range 11.22.13.14 11.22.33.56

RFController(config-dhcp-class)#

512

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

client-identifier

Assigns a name to the client-identifier

A client identifier is used to reserve an IP address for a DHCP client.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

client-identifier <identifier>

Parameters

client-identifier

Prepends a null character. Use \\0at the beginning (a

single \in the input is ignored)

Example

RFController(config-dhcp)#client-identifier testid

RFController(config-dhcp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

513

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

client-name

Adds name for DHCP clients

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

client-name <name>

Parameters

client-name <name>

Use client-name to add a client name (the domain

name must not be included)

Example

RFController(config-dhcp)#client-name testpc

RFController(config-dhcp)#

514

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

clrscr

Clears the display screen

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController(config-dhcp)#clrscr

RFController(config-dhcp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

515

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

ddns

Sets dynamic DNS parameters

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

ddns [domainname|multiple-user-class|server|ttl]

ddns domainname <name>

ddns multiple-user-class

ddns server <IP Address>

ddns ttl <1-864000>

Parameters

domainname <name>

multiple-user-class

server <IP >

Sets the domain name used for DDNS updates

Enables the multiple user class option

Specifies the server to which DDNS updates have been

sent

•

<IP> – Defines an IP address in dotted decimal

format

ttl <1-864000>

Sets a Time To Live (TTL) value for DDNS updates

<1-864000> – TTL value in seconds

•

Usage Guidelines

Use update dns override to enable an internal DHCP server to send DDNS updates for

resource records (RRs) A, TXT and PTR. A DHCP server can always override the client even if the

client is configured to perform the updates.

In the DHCP server network pool, FQDN is defined as the DDNS domain name. This is used

internally in DHCP packets between the DHCP server on the controller and the DNS server.

Example

RFController(config-dhcp)#ddns domainname TestDomain.com

RFController(config-dhcp)#

RFController(config-dhcp)#ddns multiple-user-class

RFController(config-dhcp)#

RFController(config-dhcp)#ddns ttl 1000

RFController(config-dhcp)#

516

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

default-router

Configures the default router or gateway IP address for the network pool. To remove the default

router list, use the no default-routercommand.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

default-router <IP>

Parameters

default-router

< IP>

Specifies the default router IP address for the network

pool

•

< IP> – Sets the router's IP address

Usage Guidelines

The IP address of the router should be on the same subnet as the client subnet.

Example

RFController(config-dhcp)#default-router 2.2.2.1

RFController(config-dhcp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

517

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

dns-server

Sets the DNS server’s IP address available to all DHCP clients connected to the pool. Use the no

dns-servercommand to remove the DNS server list.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

dns-server <IP address>

Parameters

dns-server <IP address>

Configures the DNS server’s IP address

•

<IP address> – Sets the server's IP address. Up to

8 IPs can be set.

Usage Guidelines

For DHCP clients, the DNS server’s IP address maps the host name to an IP address. DHCP clients

use the DNS server’s IP address based on the order (sequence) configured.

Example

RFController(config-dhcp)#dns-server 2.2.2.222

RFController(config-dhcp)#

518

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

domain-name

Sets the domain name for the network pool. Use the no domain-namecommand to remove the

domain name.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

domain-name <name>

Parameters

domain-name <name>

Defines the domain name for the network pool

Usage Guidelines

The domain name cannot exceed 256 characters.

Example

RFController(config-dhcp)#domain-name Engineering

RFController(config-dhcp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

519

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

end

Exits the current mode and moves to the PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-dhcp)#end

RFController#

520

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

exit

Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to

RFController#(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config)#ip dhcp pool TestPool

RFController(config-dhcp)#exit

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

521

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

hardware-address

Reserves an IP address (manually) based on a DHCP client’s hardware address. Use the no

hardware-addresscommand to remove this from the DHCP pool.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

hardware-address <MAC> {[ethernet|token-ring]}

Parameters

hardware-address

<MAC> {ethernet|token-ring}

Sets the client's hardware address to <MAC>. <MAC>

can be in the format xx-xx-xx-xx-xx-xx (dashed

hexadecimal string) or XX:XX:XX:XX:XX:XX (dotted

hexadecimal string)

•

<MAC> {ethernet|token-ring} – Defines a dashed

hexadecimal string

•

<MAC> {ethernet|token-ring} – Sets a dotted

hexadecimal string.

•

ethernet – Ethernet

token-ring – Token ring network

Usage Guidelines

Accepts only hexadecimal values

Example

RFController(config-dhcp)#hardware-address 00:01:23:45:32:22

RFController(config-dhcp)#

522

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

help

Displays the system’s interactive help in HTML format

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController(config-dhcp)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-dhcp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

523

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

host

Defines a fixed IP address for the host in dotted decimal format

Use the no hostcommand to remove the host from the DHCP pool.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

host <IP>

Parameters

host <IP>

Sets a fixed address for the host

•

<IP > – Sets an IP address in dotted decimal

format

Usage Guidelines

The DHCP host pool (used to manually assign an IP address based on hardware address/client

identifier) configuration must contain a host IP address, client name and hardware address/client

identifier.

The host IP address must belong to a subnet on the controller. There must be a DHCP network pool

corresponding to that host IP address. There is no limit to the number of manual bindings.

However, you can configure only one manual binding per host pool.

Example

RFController(config-dhcp)#host 2.2.2.111

RFController(config-dhcp)#

524

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

lease

Sets a valid lease time for the IP address used by DHCP clients in the network pool

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

lease [{<0-365> <0-23> <0-59>}|infinite]

Parameters

lease [

Sets the lease time for an IP address

{<0-365> <0-23> <0-59>}

|infinite]

•

<0-365> –Sets the lease period in days. Days can

be made as 0 only when hours and/or mins are

greater than 0.

•

<0-23> – Sets the hours for the lease period.

Hours can be 0 only when days and/or

minutes are configured with a value greater

than 0.

•

<0-59> – Sets the minutes for the lease

period. Minutes can be 0 only when days

and/or hours are configured with a value

greater than 0.

•

infinite – Sets the lease period as infinite.

Usage Guidelines

If lease parameter is not configured on the DHCP network pool, the default value is used. The

default value of the lease is 24 hours.

The lease value for DHCP host pool is infinite. Hence the lease configuration is not applicable for

DHCP host pool

NOTE

The factory default lease period for a pool – network pool or host pool is configured as 1 day.

Example

RFController(config-dhcp)#lease 1 0 0

RFController(config-dhcp)#

RFController(config)#show running-config

..........................................

ip dhcp pool Test4lease

host 3.33.33.3

client-name test4lease

client-identifier tested4lease

..........................................

RFController(config)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

525

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

RFController(config)#show running-config include-factory

..........................................

ip dhcp pool Test4lease

lease 1 0 0

no domain-name

no bootfile

no dns-server

no default-router

no next-server

no netbios-name-server

no netbios-node-type

no unicast-enable

no update dns

no ddns domainname

no ddns ttl

no ddns multiple-user-class

host 3.33.33.3

client-name test4lease

client-identifier tested4lease

no hardware-address

..........................................

RFController(config)#

526

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

netbios-name-server

Sets the netbios-name server’s IP address

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

netbios-name-server <IP>

Parameters

netbios-name-server <IP>

Defines the NetBIOS (WINS) name server

<IP > – Sets the NetBIOS name server's IP address

•

Example

RFController(config-dhcp)#netbios-name-server 2.2.2.222

RFController(config-dhcp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

527

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

netbios-node-type

Defines the netbios-node type

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

netbios-node-type [b-node|h-node|m-node|p-node]

Parameters

netbios-node-type

[b-node | h-node |

m-node | p-node]

Defines the NetBIOS (WINS) name servers

•

b-node – Broadcast node

h-node – Hybrid node

m-node – Mixed node

p-node – Peer-to-peer node

Example

RFController(config-dhcp)#netbios-node-type p-node

RFController(config-dhcp)#

528

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

network

Sets the network pool’s IP address

This address maps the current DHCP pool with a specific network.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

network [<IP>|<IP/Mask>]

Parameters

network [<IP>|<IP/Mask>]

Sets the network number and mask

•

<IP> – Network number in dotted decimal format

<IP/Mask> – Network number and mask

Usage Guidelines

Ensure a VLAN interface (with specific network/subnet) exists on the controller before mapping a

DHCP pool to a particular network.

Example

RFController(config-dhcp)#network 2.2.2.0/24

RFController(config-dhcp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

529

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

next-server

Sets the IP address of the next server in the boot process

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

next-server <IP>

Parameters

next-server <IP>

Sets the next server in boot process

<IP> – Defines the server's IP address

•

Example

RFController(config-dhcp)#next-server 2.2.2.22

RFController(config-dhcp)#

530

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

Negates a command or sets its defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

next-server|option|update|unicast-table]

Parameters

The nocommand negates any command associated with it. Wherever required, use the same

parameters associated with the command getting negated.

Example

RFController(config)#no ip dhcp pool hotpool

RFController(config)#

RFController(config)#no ip dhcp pool test

RFController(config)#

RFController(config-dhcp)#no update dns

RFController(config-dhcp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

531

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

option

Defines the DHCP option used in DHCP pools

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

option <option-name> [<IP>|<option-name>]

Parameters

option name [<IP>|

<option-name>]

Sets raw DHCP options

•

<option-name> – Sets the name of the DHCP

option

•

<IP> – Sets the IP value of the DHCP option

<option-name> – Sets the ASCII value of the

DHCP option

Usage Guidelines

Defines non standard DHCP option codes (0-254)

NOTE

An option name in ASCII format accepts backslash (\) as an input but is not displayed in the output

(Use show runnig configto view the output). Use double backslash to represent a single

backslash.

Example

RFController(config)#ip dhcp option option189 189 ascii

RFController(config)#

532

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

service

Invokes service commands to troubleshoot or debug (config-dhcp) instance configurations

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

show cli

Displays the CLI tree of the current mode

Example

RFController(config-dhcp)#service show cli

DHCP Server Config mode:

+-address

+-range

+-A.B.C.D [address range A.B.C.D ( A.B.C.D |)]

+-bootfile

+-WORD [bootfile WORD]

+-class

+-WORD [class WORD]

+-client-identifier

+-WORD [client-identifier WORD]

+-client-name

+-WORD [client-name WORD]

+-clrscr [clrscr]

+-ddns

+-domainname

+-WORD [ddns domainname WORD]

+-multiple-user-class [ddns multiple-user-class]

+-server

+-A.B.C.D [ddns server A.B.C.D (A.B.C.D|)]

.........................

......................................................

RFController(config-dhcp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

533

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

show

Displays current system information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller:

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

Syntax

show <paramater>

Parameters

Displays parameters for which information can be

viewed using the show command

Example

RFController(config-dhcp)#show ?

access-list

Internet Protocol (IP)

aclstats

alarm-log

autoinstall

banner

boot

clock

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

environment

file

firewall

ftp

history

interfaces

Debugging information outputs

DHCP Server Configuration

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

licenses

logging

mac

Show any installed licenses

Show logging configuration and buffer

Internet Protocol (IP)

mac-address-table

mac-name

management

Display MAC address table

Displays the configured mac names

Display L3 Managment Interface name

534

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

mobility

Display Mobility parameters

ntp

Network time protocol

password-encryption

port

port-channel

privilege

protocol-list

radius

redundancy

rtls

role

password encryption

Physical/Aggregate port interface

Portchannel commands

Show current privilege level

List of protocols

RADIUS configuration commands

Display redundancy group parameters

Real Time Locating System commands

Configure role parameters

running-config

securitymgr

service-list

sessions

smtp-notification

snmp

snmp-server

spanning-tree

startup-config

Current Operating configuration

Securitymgr parameters

List of services

Display current active open connections

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

static-channel-group static channel group membership

terminal

timezone

Display terminal configuration parameters

Display timezone

traffic-shape

upgrade-status

users

Display traffic shaping

Display last image upgrade status

Display information about currently logged

in users

version

Display software & hardware version

IP redundancy list

Wireless configuration commands

wlan based acl

virtual-ip

wireless

wlan-acl

RFController(config-dhcp)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

535

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Config commands

update

Controls the usage of the DDNS service

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

update dns override

Parameters

update dns override

Controls the usage of the DDNS service

dns override – Dynamic DNS Configuration

•

override – Enable Dynamic Updates by

onboard DHCP Server

Usage Guidelines

A DHCP client cannot perform updates for RR’s A, TXT and PTR. Use

update (dns) (override) to enable the internal DHCP Server to send DDNS updates for

resource records (RR’s) A, TXT and PTR. The DHCP Server can override the client, even if the client

is configured to perform the updates.

In the network pool of DHCP Server, FQDN is configured as the DDNS domain name. This is used

internally in DHCP packets between the controllers DHCP Server and the DNS server.

Example

RFController(config-dhcp)#update dns override

RFController(config-dhcp)#

536

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring the DHCP server using controller CLI

unitcast-enable

•DHCP Server Class config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543

Enables unicast for DHCP offer and DHCP Ack

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

unicast-enable

Parameters

None

Example

RFController(config-dhcp)#unicast-enable

RFController(config-dhcp)#

Configuring the DHCP server using controller CLI

The controller DHCP configuration is conducted by creating pools and mapping them to L3

interfaces (SVI).

•

A Network pool is the pool with “include” ranges. When the network pool is mapped to a L3

interface, DHCP clients requesting IPs from the L3 interface get an IP from the configured

range.

A host pool is the pool used to assign static/fixed IP address to DHCP clients.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

537

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring the DHCP server using controller CLI

Creating network pool

To create a network pool:

1. Create a DHCP server dynamic address pool.

RFController(config)#ip dhcp pool test

2. Map the DHCP pool to the network pool.

RFController(config-dhcp)#network 192.168.0.0/24

3. Add the address range for the dynamic pool.

RFController(config-dhcp)#address range 192.168.0.30 192.168.0.60

4. Assign a domain name (as appropriate) to this dynamic pool.

RFController(config-dhcp)#domain-name test.com

5. Configure the DNS server’s IP address.

RFController(config-dhcp)#dns-server 192.168.0.10 192.168.0.11

6. Configure the DHCP client’s IP address lease period.

RFController(config-dhcp)#lease 10

7. Exit from the DHCP instance upon creation of the network pool.

RFController(config-dhcp)#exit

8. Start the DHCP server to initiate the network pool.

RFController(config)#service dhcp

538

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring the DHCP server using controller CLI

Creating a Host Pool

To create a host pool:

1. Create a DHCP server host address pool.

RFController(config)#ip dhcp pool hostpool

2. Assign the client name of the host for which static allocation is required.

RFController(config-dhcp)#client-name linuxbox

3. Assign an IP address for the host.

RFController(config-dhcp)#host 192.168.0.50

4. Configure the hardware address of the host.

RFController(config-dhcp)#hardware 00:a0:f8:6f:6b:88

5. Exit from the DHCP instance upon creation of the network pool.

RFController(config-dhcp)#exit

6. Start the DHCP Server to instantiate the network pool.

RFController(config)#service dhcp

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

539

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring the DHCP server using controller CLI

Troubleshooting DHCP Configuration

1. The DHCP Server is disabled by default. Use the following command to enable the DHCP

Server:

RFController(config)#service dhcp

This command administratively enables the DHCP server. If the DHCP configuration is

incomplete, it is possible the DHCP server will be disabled even after the execution of this

command.

2. Use the networkcommand to map the network pool to interface.

network 192.168.0.0/24

In the above example, 192.168.0.0/24 represents the L3 interface. When you execute this

command, no check is performed to endorse whether an interface (with the specified

IP/Netmask) exists. The verification is not performed because you can create a pool and map

it to non existing L3 interface.

When you add a L3 interface and assign an IP address to it, the DHCP server gets

enabled/started on this interface. If you have a pool for network 192.168.0.0/24, but the L3

interface is 192.168.0.0/16, DHCP is not enabled on 192.168.0.0/16, since it is different

from 192.168.0.0/24.

3. A network pool without any include range is as good as not having a pool. Add a include range

using the address rangecommand.

address range 192.168.0.30 192.168.0.30

4. To work properly, a host pool should have the following 3 items configured:

•

client-name (CLI is client-name <name>)

fixed-address CLI is host <ip>)

hardware-address/client-identifier

The hardware address is hardware-address <addr>

The client-identifier is client-identifier <id>

If you use client-identifierinstead of hardware-address, a DHCP client sends the

client-identifier when it requests for IP address. The Client - identifier has to be configured in

the DHCP Client as an ASCII value and the same has to be used in the DHCP server option (for

example, the Client- identifier option).

5. A host pool should have its corresponding network pool configured, otherwise the host pool is

useless. The fixed IP address configured in the host pool must be in the subnet of the

corresponding network pool.

6. If you create a pool and map it to an interface, it automatically gets enabled, provided DHCP is

enabled at a global level. Use the no networkcommand to disable DHCP on a per

pool/interface basis.

7. To set a newly created pool as a network pool, use one of the following commands:

•

network (for example, network 192.168.0.0/24)

address range (for example, address range 192.168.0.30 192.168.0.50)

8. To set a newly created pool as a host pool, use one of the following commands:

host (for example, host 192.168.0.1)

•

540

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring the DHCP server using controller CLI

•

client-name (For example, client-name "MailUsers")

client-identifier (For example, client-identifier "aabb:ccdd")

hardware-address (For example, hardware-address “aa:bb:cc:dd:ee:ff”)

9. A pool can be configured either as the host pool or network pool, but not both.

10. A host pool can have either client-identifieror hardware-addressconfigured, but not

both.

11. An excluded address range has a higher precedence than an included address range. Thus, if

a range is part of both an excluded and included range, it will be excluded.

12. DHCP options are first defined at the global level using ip dhcp option <name> <code>

<type>. The value for these options are defined using the optionunder the DHCP pool

context.

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

541

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring the DHCP server using controller CLI

Creating a DHCP Option

To create a DHCP option:

1. To create a non standard option named “tftp-server”.

RFController(config)#ip dhcp option tftp-server 183 ip

2. Enter the DHCP pool —”test”.

RFController(config)#ip dhcp pool test

3. Assign a value to the DHCP option configured above.

RFController(config-dhcp)#option tftp-server 192.168.0.100

4. Exit the DHCP instance.

RFController(config-dhcp)#exit

542

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

DHCP Class Instance

In this chapter

Use the (config-dhcpclass) instance to configure DHCP user classes. The controller supports a

maximum of 8 user classes per DHCP class. To navigate to this instance use the command:

RFController(config)#ip dhcp class <class-name>

RFController(config-dhcpclass)#

Refer to ip on page 412 and DHCP Config commands on page 507 for other DHCP related

configurations.

DHCP Server Class config commands

Table 19 summarizes config-std-naclcommands:

TABLE 19

Command

DHCP Server Class Config Commands

Description

Ref.

Clears the display screen

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Displays the interactive help system in HTML format

multiple-user-class Enables multiple user class options

Negates a command or sets its defaults

Defines DHCP Server options

option

Invokes service commands to troubleshoot or debug

(config-if)instance configurations

Displays running system information

page 552

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

543

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Server Class config commands

clrscr

Clears the display screen

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController(config-dhcpclass)#clrscr

RFController(config-dhcpclass)#

544

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Server Class config commands

end

Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-dhcpclass)#end

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

545

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Server Class config commands

exit

Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to

RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config-dhcpclass)#exit

RFController(config)#

546

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Server Class config commands

help

Displays the system’s interactive help in HTML format

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

help

Parameters

None

Example

RFController(config-dhcpclass)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-dhcpclass)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

547

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Server Class config commands

multiple-user-class

Enables the multiple-user-class option

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

multiple-user-class

Parameters

None

Example

RFController(config-dhcpclass)#multiple-user-class

RFController(config-dhcpclass)#

548

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Server Class config commands

Negates a command or sets its defaults

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

no [multiple-user-class|option]

np option user-class <class-name>

Parameters

Disables the multiple user class option

Modifies the parameters of existing DHCP server options

multiple-user-class

option user-class

<class-name>

•

user-class <class-name> – Configures DHCP-Server user

class options

•

<class-name> – ASCII value of user-class option

Example

RFController(config-dhcpclass)#no multiple-user-class

RFController(config-dhcpclass)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

549

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Server Class config commands

option

Specifies a value for DHCP user class options

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

option user-class <class-name>

Parameters

Creates/modifies DHCP server user class options

<class-name> – ASCII value of user-class option

user-class <class-name>

•

Example

RFController(config-dhcpclass)#option user-class MC800

RFController(config-dhcpclass)#

Creating a DHCP user class

Complete the steps below to create a DHCP user class:

5. Create a DHCP class named RFControllerDHCPclass. The controller supports a maximum of 32

DHCP classes.

RFController(config)#ip dhcp class RFControllerDHCPclass

RFController(config-dhcpclass)#

6. Create a USER class named MC800. The privilege mode changes to (config-dhcpclass). The

controller supports a maximum of 8 user classes per DHCP class.

RFController(config-dhcpclass)#option user-class MC800

RFController(config-dhcpclass)#

7. Create a Pool named WID, using the(config)#mode.

RFController(config)#ip dhcp pool WID

RFController(config-dhcp)#

8. Associate the DHCP class, created in Step 1 with the pool created in Step 3. The controller

supports the association of 8 DHCP classes with a pool.

RFController(config-dhcp)#class RFControllerDHCPclass

RFController(config-dhcp-class)#

9. The controller moves to a new mode (config-dhcp-class). Use this mode to add an address

range for the DHCP class associated with the pool.

RFController(config-dhcp-class)#address range 11.22.33.44

550

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Server Class config commands

service

Invokes service commands to troubleshoot or debug (config-if)instance configurations

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

service show cli

Parameters

None

Example

RFController(config-dhcpclass)#service show cli

DHCP Server Class Config mode:

+-clrscr [clrscr]

+-do

+-LINE [do LINE]

+-end [end]

+-exit [exit]

+-help [help]

+-multiple-user-class [multiple-user-class_cmd]

+-no

+-multiple-user-class [no multiple-user-class_cmd]

+-option

+-user-class

+-WORD [no option user-class WORD]

+-option

+-user-class

+-WORD [option user-class WORD]

+-quit [quit]

+-s

+-commands [show commands]

+-WORD [show commands WORD]

+-running-config [show running-config]

+-full [show running-config full]

..................................................................

...................................................................RFControll

er(config-dhcpclass)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

551

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Server Class config commands

show

•Radius configuration commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555

Displays current system information

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

NOTE

The following commands display only for the Mobility RFS6000 Controller and the Mobility RFS4000

Controller

- power

The following commands display only for the Mobility RFS7000 Controller and the Mobility RFS4000

Controller:

- port-channel

- static-channel-group

Syntax

show <parameters>

Parameters

Displays the parameters for which information can be viewed

using the show command

Example

RFController(config-dhcpclass)#show ?

access-list

aclstats

alarm-log

autoinstall

banner

Internet Protocol (IP)

Show ACL Statistics information

Display all alarms currently in the system

autoinstall configuration

Display Message of the Day Login banner

Display boot configuration.

Display system clock

boot

clock

commands

crypto

Show command lists

encryption module

debugging

dhcp

environment

file

firewall

ftp

history

interfaces

Debugging information outputs

DHCP Server Configuration

show environmental information

Display filesystem information

Wireless firewall

Display FTP Server configuration

Display the session command history

Interface status

Internet Protocol (IP)

ldap

LDAP server

licenses

logging

mac

Show any installed licenses

Show logging configuration and buffer

Internet Protocol (IP)

mac-address-table

mac-name

management

Display MAC address table

Displays the configured mac names

Display L3 Managment Interface name

552

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Server Class config commands

mobility

Display Mobility parameters

ntp

Network time protocol

password-encryption

port

port-channel

privilege

protocol-list

radius

redundancy

rtls

role

password encryption

Physical/Aggregate port interface

Portchannel commands

Show current privilege level

List of protocols

RADIUS configuration commands

Display redundancy group parameters

Real Time Locating System commands

Configure role parameters

running-config

securitymgr

service-list

sessions

smtp-notification

snmp

snmp-server

spanning-tree

startup-config

Current Operating configuration

Securitymgr parameters

List of services

Display current active open connections

Display SNMP engine parameters

Display spanning tree information

Contents of startup configuration

static-channel-group static channel group membership

terminal

timezone

Display terminal configuration parameters

Display timezone

traffic-shape

upgrade-status

users

Display traffic shaping

Display last image upgrade status

Display information about currently logged

in users

version

Display software & hardware version

IP redundancy list

Wireless configuration commands

wlan based acl

virtual-ip

wireless

wlan-acl

RFController(config-dhcpclass)#show

RFController(config-dhcpclass)#show ip dhcp binding

MAC/Client-Id

-------------

Expiry Time

-----------

RFController(config-dhcpclass)#

RFController(config-dhcpclass)#show ip dhcp class RFControllerDHCPclass

ip dhcp class DHCPclass

option user-class MC800

RFController(config-dhcpclass)#

RFController(config-dhcpclass)#show ip dhcp pool WID

ip dhcp pool WID

class RFControllerDHCPclass

address range 11.22.33.44

RFController(config-dhcpclass)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

553

Download from Www.Somanuals.com. All Manuals Search And Download.

DHCP Server Class config commands

554

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter

Radius Server Instance

In this chapter

Use the (config-radsrv) instance to configure local RADIUS server parameters. Local

(Onboard) RADIUS server commands are listed under this mode. To navigate to this instance, use

the command:

RFController(config)#radius-server local

RFController(config-radsrv)#

Radius configuration commands

Table 20 summarizes the Radius server configuration command:

TABLE 20

Command

RADIUS Server Command Summary

Description

Ref.

authentication

Configures the authentication scheme used with the RADIUS page 557

server

Defines CA parameters

Clears the display screen

Enables a Certificate Revocation List (CRL) check

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Sets RADIUS user group parameters.

NOTE: This command navigates to another sub-instance

called config-radsrv-group with its own

command summary. v

Displays the interactive help system

Sets LDAP server parameters

Sets RADIUS client parameters

Negates a command or sets its defaults

Defines the RADIUS proxy server configuration

Sets the RADIUS user configuration

Configures server certificate parameters

Invokes service commands to troubleshoot or debug

(config-radsrv) instance configurations

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

555

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

TABLE 20

Command

RADIUS Server Command Summary

Description

Ref.

Displays running system information

page 585

page 587

ldap-group-verifi Sets LDAP Group Verification

cation

556

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

authentication

Configures the authentication scheme used with the RADIUS server

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

authentication [data-source|eap-auth-type]

authentication data-source [ldap|local]

authentication eap-auth-type [all|peap-gtc|

peap-mschapv2|tls|ttls-md5|ttls-mschapv2|ttls-pap]

Parameters

authentication

Configures authentication

data-source [ldap|local]

•

data-source [ldap|local] – Sets the RADIUS data source for

user authentication

•

ldap - Remote LDAP Server

local - Local user database

Defines RADIUS EAP and default authentication configurations

eap-auth-type [all|

peap-gtc|

peap-mschapv2|tls|

ttls-md5|ttls-mschapv2

ttls-pap]

•

all – Enables TTLS and PEAP settings

peap-gtc – Defines the EAP and PEAP settings used with the

default authentication configuration

•

peap-mschapv2 – Sets the EAP/PEAP type used with

mschapv2

•

tls – Defines an EAP/TLS configuration scheme

ttls-md5 – Sets the EAP/TTLS configuration used with the

default md5 authentication scheme

•

ttls-mschapv2 – Sets the EAP/TTLS configuration used with

the default mschapv2 authentication scheme

ttls-pap – Sets the EAP/TTLS configuration used with the

default pap authentication scheme

Usage Guidelines

Set eap-auth-typeto allto service RADIUS requests received from wireless clients. Setting

eap-auth-typeto peap-gtc/peap-mschapv2 ensures

peap-gtc/peap-mschapv2service only.

Similarly, setting eap-auth-type to ttls-md5/ttls-mschapv2/ttls-pap services all ttls

authentication requests from wireless clients.

Setting eap-auth-typeto tlsensures only tls authentication is serviced.

Example

RFController(config-radsrv)#authentication eap-auth-type peap-mschapv2

RFController(config-radsrv)#

RFController(config-radsrv)#authentication data-source ldap

RFController(config-radsrv)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

557

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

Configures CA (Certificate Authority) parameters

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

ca trust-point <trustpoint-name>

Parameters

trust-point

<trustpoint-name>

Defines the trustpoint configuration

<trustpoint-name> – Displays the existing trustpoint name

•

Usage Guidelines

Configures the trustpoint used by the local RADIUS server. Create the trustpointbefore it can be

used by the crypto pki trustpointcommand.

The default trust point in use is – default-trustpoint.

Example

RFController(config)#radius-server local

RFController(config-radsrv)#ca trust-point tp1

RFController(config-radsrv)#

558

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

clrscr

Clears the display screen

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

clrscr

Parameters

None

Example

RFController(config-radsrv)#clrscr

RFController(config-radsrv)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

559

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

crl-check

Enables a Certificate Revocation List (CRL) check

To enable the certificate revocation list, ensure the crllistis loaded using a

crypto pki import <trustpoint-name> crlcommand.

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

crl-check enable

Parameters

enable

Enables the CRL check

Usage Guidelines

TLS uses certificates for authentication. CRL (updated with a trustpoint), contains index numbers

of revoked certificates. The CRL checks for any revoked certificates used for tlsauthentication.

Example

RFController(config-radsrv)#crl-check enable

RFController(config-radsrv)#

560

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

end

Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes to

RFController#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

end

Parameters

None

Example

RFController(config-radsrv)#end

RFController#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

561

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

exit

Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to

RFController(config)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Syntax

exit

Parameters

None

Example

RFController(config-radsrv)#exit

RFController(config)#

562

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

group

Configures RADIUS user groups

The CLI moves to the config-radsrv-group sub-instance to create a new group.

The prompt changes from RFController(config-radsrv)# to

RFController(config-radsrv-group)#

Supported in the following platforms:

•

Mobility RFS4000 Controller

Mobility RFS6000 Controller

Mobility RFS7000 Controller

Table 21 summarizes the RADIUS user group commands within the (config-radsrv-group)

sub-instance.

TABLE 21

Command

RADIUS User Group Command Summary

Description

Ref.

Clears the display screen

Ends the current mode and moves to the EXEC mode

Ends the current mode and moves to the previous mode

Sets RADIUS user group parameters

Defines guest group permissions

Displays the interactive help system in HTML format

Negates a command or sets its defaults

Defines the RADIUS group access policy configuration

Adds a RADIUS user to this group

Sets rate limit for group

Invokes RADIUS service commands if stopped

Displays running system information

clrscr

Clears the display screen

Syntax

clrscr

Parameters

None

Example

RFController(config-radsrv-group)#clrscr

RFController(config-radsrv-group)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

563

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

end

Ends and exits the current mode and changes to the PRIV EXEC mode. The prompt changes to

RFController#

Syntax

end

Parameters

None

Example

RFController(config-radsrv-group)#end

RFController#

exit

Ends the current mode and moves to the previous mode (config-radsrv)). The prompt changes

to RFController(config)#.

Syntax

exit

Parameters

None

Example

RFController(config-radsrv-group)#exit

RFController(config-radsrv)#group

group

Establishes RADIUS user group parameters. This command creates a group within the existing

RADIUS group

Syntax

group <group-name>

Parameters

<group-name>

Defines the RADIUS group name

Example

RFController(config-radsrv-group)#group TestGroup

RFController(config-radsrv-group)#

564

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

guest-group

Manages a guest user linked with a hotspot. Create a guest-user and associate it with the

guest-group. The guest-user and the policies of the guest group are used for hotspot

authentication/authorization.

Syntax

guest-group enable

Parameters

guest-group enable

Defines this group as a guest group

Usage Guidelines

Creates a guest group. The guest user created using rad-usercan only be part of the guest group.

Example

RFController(config-radsrv-group)#guest-group enable

RFController(config-radsrv-group)#

help

Displays the system’s interactive help in HTML format.

Syntax

help

Parameters

None

Example

RFController(config-radsrv-group)#help

CLI provides advanced help feature. When you need help,

anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup

until entering a '?' shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possible

argument.

2. Partial help is provided when an abbreviated argument is entered

and you want to know what arguments match the input

(e.g. 'show ve?'.)

RFController(config-radsrv-group)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

565

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

Use this command to negate a command or set its defaults

Syntax

no [policy|rad-user|rate-limit]

no policy [day|time|vlan|wlan]

no policy wlan [<1-256>|all] <1-256>

no rate-limit [wired-to-wireless|wireless-to-wired]

Parameters

policy [day|time|vlan|

Defines the RADIUS group access policy configuration

wlan]

•

day – Resets the access policy (days of permitted access) for

this group

•

time – Configures the group’s hourly access permissions

vlan – Sets the VLAN ID for the group

wlan [<1-256>|all] – Configures WLAN access policy for this

group

•

<1-256> – Sets the WLAN range for the access policy

all – Removes all the WLAN allowed

rad-user [<name>|all]

Removes a user from this group

•

<name> – Defines an existing user name in this group

all – Removes all users from this group

rate-limit

Negate a command or set its defaults

[wired-to-wireless|

wireless-to-wired]

•

wired-to-wireless –uplink direction - from wireless client to

network

•

wireless-to-wired – down-link-direction - from network to

wireless client

Example

RFController(config-radsrv-group)#no policy day

RFController(config-radsrv-group)#

RFController(config-radsrv-group)#no policy time

RFController(config-radsrv-group)#

RFController(config-radsrv-group)#no policy vlan

RFController(config-radsrv-group)#

RFController(config-radsrv-group)#no policy wlan 2 5

RFController(config-radsrv-group)#

RFController(config-radsrv-group)#no rad-user all

RFController(config-radsrv-group)#

RFController(config-radsrv-group)#no service radius

%%Info: Radius service stopped...

RFController(config-radsrv-group)#

policy

566

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

Sets the authorization policies for a particular group (like day/time of access, WLANs allowed etc.).

NOTE

A user-based VLAN is effective only if dynamic VLAN authorization is enabled for the WLAN (as

defined within the WLAN Configuration screen).

Syntax

policy [day|time|vlan|wlan]

policy day [all|su|mo|tu|we|th|fr|sa|weekdays]

policy time [start <0-23> <0-59>] [end <0-23> <0-59>]

policy vlan <1-4094>

Parameters

day

Day of access policy configuration

[all|su|mo|tu|we|th|fr|sa

|weekdays]

•

all – All days (from Sunday to Saturday)

su – Sunday

mo – Monday

tu – Tuesday

we – Wednesday

th – Thursday

fr – Friday

sa – Saturday

weekdays – Allows access only during weekdays (M-F)

time [start <0-23>

<0-59>] [end <0-23>

<0-59>]

Sets the access policy time for this group

•

start – Sets the start time

end – Defines the end time (must be greater than the start

time)

•

<0-23> – Sets the hourly (hh) access limit

<0-59> – Sets the minute (mm) access limit

vlan <1-4096>

wlan <1-256>

Sets the VLAN ID for this group

<1-4096> – Defines the VLAN range

•

Sets the WLAN access policy for this group

<1-256> – Sets the WLAN index

•

Example

RFController(config-radsrv-group)#policy day weekdays

RFController(config-radsrv-group)#

RFController(config-radsrv-group)#policy time start 12 12 end 22 22

RFController(config-radsrv-group)#

RFController(config-radsrv-group)#policy vlan 20

RFController(config-radsrv-group)#

RFController(config-radsrv-group)#policy wlan 20 21 22 23

RFController(config-radsrv-group)#

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

567

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

rad-user

Adds an existing RADIUS user to this group. If the RADIUS user is not available in the Onboard

RADIUS server’s database, create a new RADIUS user using the rad-usercommand from within

the (config-radsrv)mode.

For more information, see rad-user on page 580.

NOTE

It is strictly recommended to set hotspot simultaneous-users to 1 for corresponding WLAN as guest

user is being assigned access-duration.

Syntax

rad-user <name>

Parameters

<name>

Existing RADIUS user name

Example

RFController(config-radsrv)#rad-user user1 password user1

RFController(config-radsrv)#group group1

RFController(config-radsrv-group)#rad-user user1

RFController(config-radsrv-group)#

rate-limit

Sets the rate limit for the RADIUS Server group

Syntax

rate-limit [wired-to-wireless|wireless-to-wired ]

<100-100000>

Parameters

wired-to-wireless

<100-100000>

Down link direction from network to wireless client

<100-100000> – Rate in the range of <100-100000> kbps

•

wireless-to-wired

<100-100000>

Up link direction from wireless client to network

<100-100000> – Rate in the range of <100-100000> kbps

•

Usage Guidelines

Use [no] rate-limit [wired-to-wireless|wireless-to-wired]to remove the rate limit

applied to the group.

[no] rate-limit [wireless-to-wired] sets the rate limit back to unlimited

Example

RFController(config-radsrv-group)#rate-limit wired-to-wireless 100

RFController(config-radsrv-group)#

RFController(config-radsrv-group)#rate-limit wireless-to-wired 1000

568

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Download from Www.Somanuals.com. All Manuals Search And Download.

Radius configuration commands

RFController(config-radsrv-group)#

service

Invokes RADIUS service commands (if they have been stopped). This command enables the

RADIUS server. A RADIUS restart is executed only from the configmode.

Syntax

service show cli

Parameters

None

Example

RFController(config-radsrv-group)#service show cli

Radius user group configuration mode:

+-clrscr [clrscr]

+-do

+-LINE [do LINE]

+-end [end]

+-exit [exit]

+-group

+-WORD [group WORD]

+-guest-group

+-enable [guest-group enable]

+-help [help]

.............................................................................

...............................................

RFController(config-radsrv-group)#

show