Page 1 RFS7000 Series RF Switch CLI Reference Guide...
Page 2 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners. © Motorola, Inc. 2007. All rights reserved.
Page 3: About This Guide
Who Should Use this Guide The RFS7000 Series CLI Reference Guide is intended for system administrators responsible for the implementing, configuring, and maintaining the RFS7000 using the switch command line interface (CLI). It also serves as a reference for configuring and modifying most common system settings.
Page 4: Conventions Used In This Guide
RFS7000 Series CLI Reference Guide Table 1 Quick Reference on How This Guide Is Organized (Continued) Chapter Jump to this section if you want to... Chapter 10, “Crypto - map Instance” Summarizes the crypto-map commands within the RFS7000 Switch CLI.
Page 5: Notational Conventions
Notational Conventions The following notational conventions are used in this document: • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related documents. • Bullets (•) indicate: • action items •...
Page 6: General Information
Use the Motorola Support Center as the primary contact for any technical problem, question, or support issue involving Motorola products. Motorola Support Center responds to calls by email, telephone or fax within the time limits set forth in individual contractual...
Page 7 WARRANT THAT YOU HAVE THE AUTHORITY TO BIND THAT COMPANY, PERSON OR ENTITY. 1. LICENSE GRANT. Subject to the terms of this Agreement, Motorola, Inc. and/or its subsidiaries ("Licensor") hereby grants Licensee a limited, personal, non-sublicensable, non transferable, nonexclusive license to use the software that Licensee is about to download or install and the documentation that accompanies it (collectively, the "Software") for Licensee's personal...
Page 8 RFS7000 Series CLI Reference Guide conditions of this EULA. With respect to technical information you provide to Licensor as part of any Support Services, Licensor may use such information for its business purposes, including for product support and development. Licensor will not utilize such technical information in a form that personally identifies Licensee.
Page 9 Rights" as provided for in FAR, 48 CFR 52.227-14 (JUNE 1987) or DFAR, 48 CFR 252.227- 7013 (OCT 1988), as applicable. The "Manufacturer" for purposes of these regulations is Motorola, Inc., One Symbol Plaza, Holtsville, NY 11742. 12. EXPORT RESTRICTIONS. Licensee shall comply with all export laws and restrictions and regulations of the Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control ("OFAC"), or other United States or...
Page 10 RFS7000 Series CLI Reference Guide...
Page 11: Table Of Contents
Contents About This Guide Chapter 1. Introduction CLI Overview............1-1 Getting Context Sensitive Help .
Page 12 RFS7000 Series CLI Reference Guide licenses............2-48 logging .
Page 13 xiii debug ............3-6 disable .
Page 14 RFS7000 Series CLI Reference Guide aaa ............5-4 access-list.
Page 15 no ............6-11 service.
Page 16 RFS7000 Series CLI Reference Guide email ............11-23 end .
Page 17 xvii Configuring Interface using MSTP ........13-13 Chapter 14.
Page 18 RFS7000 Series CLI Reference Guide bootfile ............17-4 class .
Page 19 end ............19-7 exit .
Page 20 RFS7000 Series CLI Reference Guide mac-auth-local ..........20-26 manual-wlan-mapping .
Page 21: Chapter 1. Introduction
This chapter describes the basic features of the Motorola CLI and how to use them. Topics covered include an introduction to command modes, navigation and editing features, help features, and command history features.
Page 22 Overview To access commands, enter the PRIV EXEC mode, which is the second level of access for the EXEC mode. In the PRIV EXEC mode, enter any EXEC command. The PRIV EXEC mode is a superset of the USER EXEC mode. Most of the USER EXEC mode commands are one-time commands and are not saved across reboots of the switch.
Page 23: Getting Context Sensitive Help
Table 1.1 CLI Context Hierarchy for RFS7000 User Exec Mode Priv Exec Mode Global Configuration Mode exit interface help kill license logout line mkdir logging more management page ping prompt quit radius-server reload redundancy rename service rmdir show service snmp-server show spanning-tree telnet...
Page 24 Overview Use any of the following commands to get help specific to a command mode, command name, keyword or argument: Command Description (prompt)# help Displays a brief description of the help system. (prompt)# abbreviated-command-entry ? Lists commands in the current mode that begin with a particular character string.
Page 25: Using The No And Default Forms Of Commands
command argument (e.g. 'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'show ve?'.) RFS7000> 1.3 Using the no and default forms of Commands Almost every configuration command has a form.
Page 26: Using Cli Editing Features And Shortcuts
Overview 1.5 Using CLI Editing Features and Shortcuts A variety of shortcuts and editing features are available. The following sections describe these features: • Moving the Cursor on the Command Line • Completing a Partial Command Name • Deleting Entries •...
Page 27: Completing A Partial Command Name
Keystrokes Function Function Details Summary Esc-C Converts the rest of word to uppercase. Esc-L Converts the rest of word to lowercase. Esc-D Deletes the remainder of word. Ctrl-W Deletes a word up to the cursor. Ctrl-Z Enters the command and retursn to the root prompt. Ctrl-L Refreshes the input line.
Page 28: Re-Displaying The Current Command Line
Overview Keystrokes Purpose Ctrl-D Deletes the character at the cursor. Ctrl-K Deletes all characters from the cursor to the end of the command line. Ctrl-W Deletes the word up to the cursor. Esc, D Deletes from the cursor to the end of the word. 1.5.4 Re-displaying the Current Command Line It is easy to recall the current command line entry if the system suddenly displays a message when entering a command.
Page 29: Controlling Capitalization
1.5.7 Controlling Capitalization CLI commands are generally case-insensitive, and are typically in lowercase. To change the capitalization of the commands, use any of the following key sequences: Keystrokes Purpose Esc, C Capitalizes the letters at the right of cursor. Esc, L Changes the letters at the right of cursor to lowercase.
Page 30 1-10 Overview...
Page 31: Common Commands
Common Commands This chapter explains the common CLI commands used amongst the USER EXEC and PRIV EXEC modes. The PRIV EXEC command set contains the commands available in USER EXEC mode. Some commands can be entered in either mode. Commands entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands.
Page 32: Common Commands
Overview 2.1 Common Commands Table 2.1 summarizes commands common amongst many switch contexts and instances. Table 2.1 Common commands amongst most contexts Command Description Ref. clrscr Clears the display screen. page 2-3 debug Debugging functions. page 2-4 exit Ends the current mode and moves to the previous mode. page 2-10 help Describes the interactive help system.
Page 33: Clrscr
2.1.1 clrscr Common Commands Use this command to clear the screen and refresh the prompt (#). Syntax clrscr Parameters None. Example RFS7000#clrscr...
Page 34: Debug
Overview 2.1.2 debug Common Commands Use this command to debug certificate management, ip, mobility and MSTP functionalities. Syntax (User Exec) debug [certmgr (all|error|info)|ip (https|ssh)| mobility (cc|error|forwarding <MAC Address>|mu|packet|peer|system)] Syntax (Priv Mode) debug [all|cc|ccstats|certmgr|dhcpsvr|imi|ip|logging|mgmt|mobility|mstp|nsm| pktdrvr|radius|redundancy|securitymgr|sole] Parameters (User Exec) Debugs certificate manager messages. certmgr (all|error|info) •...
Page 35 Parameters (Priv Mode) Enables debugging. Cell controller (wireless) debugging messages. cc [access-port|all|al tap-detect| • access-port – Access port logs. capwap| • all – All modules. cluster|config|dot11|eap| ids|kerberos| • alt – Address lookup logs. l3-mob|media|mobile- • ap-detect – Rogue AP detection logs. unit|radio|radius| •...
Page 36 Overview DHCP Conf Serv er Debugging Messages. dhcpsvr [all|error|info] • all – Traces error and info messages from the DHCP Conf Server. • error – Traces error messages from the DHCP Conf Server. • info – Traces informational messages from the DHCP Conf Server. Integrated Management Interface.
Page 37 L3 Mobility. mobility [all|cc|error|forwarding • all – All debugging (except "forwarding"). <MAC Address>| • cc – ccserver events. mu|packet|peersystem] • error – Error. • forwarding – Dataplane forwarding. • <MAC Address> – MAC address of the mobbile unit. • mu – MU events and state changes. •...
Page 38 Overview Redundancy protocol debugging messages. redundancy [all|ccmsg|config|errors| • all – Debugging all. general|heartbeats|init| • ccmsg – Msg exchange with CC. packets|proc|shutdown| states|subagent|timer| • config – Configuration processing. warnings] • errors – Errors. • general – General. • heartbeats – Heartbeats processing. •...
Page 39 Example RFS7000#debug cc all RFS7000#configure t Enter configuration commands, one per line. End with CNTL/Z. RFS7000(config)#logging console 7 RFS7000(config)#Mar 15 15:41:47 2008: CC: cluster: portal unadopted. portal count now: 7 Mar 15 15:41:47 2008: CC: cluster: tx-to-wccp ap: 4, radio: 7, mu: 0, rogue: 0, sheal: 0, max-ap: 256 Mar 15 15:41:47 2008: CC: cluster: portal unadopted.
Page 40: Exit
2-10 Overview 2.1.3 exit Common Commands Use this command to end the current mode and move to the previous mode. Syntax exit Parameters None. Example RFS7000(config)#exit...
Page 41: Help
2-11 2.1.4 help Common Commands Use this command to access the advanced help feature. Use “?” at the command prompt to access the help topic. Two styles of help are provided: 1. Full help is available when ready to enter a command argument and describe each possible argument. There is a space between the command and ?, (for example 'show ?') .
Page 42 2-12 Overview 2.1.5 no Common Commands Use this command to negate a command or set its defaults. Syntax Parameters None. Example (User Exec) RFS7000>no ? cluster-cli Cluster context debug Debugging functions page Toggle paging service Service Commands RFS7000>no Example (Priv Exec) RFS7000#no ? cluster-cli Cluster context...
Page 43 2-13 RFS7000(config)# RFS7000(config)#no bridge instance <1-15> priority RFS7000(config)# RFS7000(config)#no bridge forward-time RFS7000(config)# RFS7000(config)#no bridge hello-time RFS7000(config)# RFS7000(config)#no bridge max-age RFS7000(config)# RFS7000(config)#no bridge max-age RFS7000(config)# RFS7000(config)#no bridge spanning-tree portfast bpdu-filter RFS7000(config)# RFS7000(config)#no bridge spanning-tree portfast bpduuard RFS7000(config)# RFS7000(config)#no bridge spanning-tree errdisable-timeout enable RFS7000(config)# RFS7000(config)#no bridge spanning-tree errdisable-timeout interval...
Page 44: Service
2-14 Overview 2.1.6 service Common Commands Use this command to service/debug the switch. Syntax (User Exec) service [diag|encrypt|locator|save-cli|show|wireless] service diag [enable|identify|limit (options)|period <100-30000>|watchdog] service diag limit [buffer(128|128k|16k|1k|256|2k|32|32k|4k|512|64|64k|8k)<0- 65535> | fan <1-3>|filesys (etc2|flash|var)| inodes (etc2|flash|var)|load (1|15|5)|maxFDs <0-32767>| pkbuffers <0-65535>|procRAM < 0.0-100.0>|ram <0.0-25.0>| routecache <0-65535>|temperature <1-8>] service encrypt (secret)<2>...
Page 45 2-15 Use this parameter to set the diagnostic limit submodes/commands. Configure limit [buffer the buffer usage warning limit. The warning limit can be set to one of the (128|128k|16k|1k|256|2k| following sizes: 32|32k|4k|512|64|64k|8k] <0-65535> • buffer – Buffer usage warning limit. •...
Page 46 2-16 Overview limit (pkbuffers) Configures the packet buffer cache limit. Set between 0 to 65535 as the buffer <0-65535> cache limit. limit (procRAM) Defines the RAM space used by a process. Set the percentage of RAM space < 0.0-100.0> used by the processor between 0 to 100.0 percent. limit (ram) <0.0-25.0>...
Page 47 2-17 service (wireless) wireless Wireless parameters. Syntax (Priv Exec) service [clear|copy|diag|diag-shell|encrypt|locator|pktcap|pm| save-cli|securitymgr|show|start-shell|test|watchdog|wireless] service clear [all|aplogs|clitree|cores|dumps|panics| securitymgr (flows)[<0-349>|WORD|all|fe|ge|me1|sa|vlan]] service copy (tech-support)[FILE|URL] service diag [enable|identify|limit|period] service diag limit [buffer (128|128k|16k|1k|256|2k|32|32k|4k|512|64|64k|8k) <0-65535>|fan <1-3> (low)|filesys (etc2|flash|var)| inodes (etc2|flash|var)|load (1|15|5)|maxFDs <0-32767>| pkbuffers <0-65535>|procRAM <0.0-100.0>|ram <0.0-25.0>| routecache <0-65535>|temperature <1-8>...
Page 48 2-18 Overview diag [enable|identify|limit| Use this parameter as a diagnostics tool. period] • enable – Enables service diagnostics. • identify – Identifies this switch by flashing the LEDs. • limit – Diagnostic limit command. • buffer (128|128k|16k|1k|256|2k|32|32k|4k|512|64|64k|8k) <0-65535> – Buffer usage warning limit. •...
Page 49 2-19 pktcap (on) Packet capture. [bridge|interface|router|vp • on – Capture location. • bridge – Capture at bridge. [count|filter|verbose|write • count – Limit capture packet count. • filter – Capture filter. • verbose – Displays full packet body. • write – Capture to a file. •...
Page 50 2-20 Overview show [cli|command- Displays running system information. history|crash-info| • cli – Displays CLI tree of current mode. diag|info|last-passwd| • command-history – Displays command (except show commands) history. memory|pm (history)[Process- • crash-info – Displays information about core, panic and AP dump files. name|all] |process| •...
Page 51 2-21 wireless Wireless parameters. [ap-history| • ap-history – Access port history. buffer-counters| • buffer-counters – Allocation counts for various buffers. clear-ap-log <1-256>| dump-core | • clear-ap-log – Clears ap logs. idle-radio-send-multicast| • dump-core – Creates a core file of the ccsrvr process. legacy-load-balance| map-radios <1-127>| •...
Page 52 2-22 Overview prompt (crash-info) Enables crash-info prompt. radius (restart) Enables the RADIUS Server. set (command-history Set service parameters. <10-300>|reboot-history • command-history <10-300> – Sets the size of the command history. The <10-100>| default value is 200. upgrade-history <10-100>) • reboot-history <10-100> – Sets the size of the reboot history. The default value is 50.
Page 53 2-23 Low speed limit RFS7000#service diag limit fan 1 low ? <1000-15000> Limit value from 1000 to 15,000 RFS7000#service diag limit fan 1 low 1100 RFS7000#service diag limit fan 2 low 10000 RFS7000#Sep 01 15:51:54 2006: %DIAG-4-FANUNDERSPEED: Fan case under speed: 8881 RPM is under limit 10000 RPM RFS7000#service diag limit filesys ? etc2...
Page 54 2-24 Overview +-autoinstall +-cluster-config +-enable [autoinstall (config|cluster-config|image) enable] +-url +-LINE [autoinstall (config|cluster-config|image) url LINE] +-config +-enable [autoinstall (config|cluster-config|image) enable] +-url +-LINE [autoinstall (config|cluster-config|image) url LINE] +-image +-enable [autoinstall (config|cluster-config|image) enable] +-url +-LINE [autoinstall (config|cluster-config|image) url LINE] +-start [autoinstall start] +-clear ....
Page 55 2-25 MemTotal: 256220 kB MemFree: 155628 kB Buffers: 1596 kB Cached: 27912 kB SwapCached: 0 kB Active: 53832 kB Inactive: 16272 kB HighTotal: 0 kB HighFree: 0 kB LowTotal: 256220 kB LowFree: 155628 kB SwapTotal: 0 kB SwapFree: 0 kB Dirty: 0 kB Writeback:...
Page 56 2-26 Overview Aug 11 19:32:55 2006 startup Aug 11 19:31:32 2006 shutdown (graceful:user) RFS7000> service show startup-log Aug 30 15:32:43 2006: %KERN-5-NOTICE: Linux version 2.6.13.4-ws-symbol (wios- eng@wios-build) (gcc version 3.4.5) #1. Aug 30 15:32:43 2006: %KERN-6-INFO: BIOS-provided physical RAM map:. Aug 30 15:32:43 2006: %KERN-6-INFO: BIOS-e820: 0000000000000000 - 000000000009fc00 (usable).
Page 57: Terminal
2-27 2.1.7 terminal Common Commands Use this command to set the length /number of lines displayed on the terminal window. Syntax terminal[length <0-512>|no(length <0-512>|width)|width <0-512> ] Parameters length Sets the number of lines on a screen. Negates a command or sets its defaults. width Sets the width/number of characters on a screen line.
Page 58: Show
2-28 Overview 2.2 show Common Commands This command displays the settings for the specified system component. There are a number of ways to invoke the show command: • Invoked without any arguments, show displays information about the current context. If the current context contains instances, then show command (usually) displays a list of these instances.
Page 59 2-29 Display Description Mode Example Parameters radius Displays RADIUS configuration commands. Common page 2-58 redundancy-group Displays redundancy group parameters. Common page 2-59 redundancy-history Displays the switch state transition history. Common page 2-61 redundancy- Displays redundancy group members in detail. Common page 2-62 members snmp...
Page 60 2-30 Overview Display Description Mode Example Parameters environment Displays environmental information. Privilege/Global page 2-38 Config file Displays filesystem information. Privilege/Global page 2-90 Config Displays the FTP Server configuration. Privilege/Global page 2-91 Config password- Displays the password’s encryption settings. Privilege/Global page 2-92 encryption Config running-config...
Page 61: Autoinstall
2-31 2.2.1 autoinstall Common to all modes Syntax show autoinstall Parameters None. Example RFS7000>show autoinstall RFS7000>...
Page 62: Banner
2-32 Overview 2.2.2 banner Common to all modes Syntax show banner Parameters motd Enters the Message of the Day banner. Example RFS7000>show banner motd Welcome to CLI RFS7000>...
Page 63: Commands
2-33 2.2.3 commands Common to all modes Syntax RFS7000>show commands Parameters None. Example RFS7000>show commands clear mobility event-log (mobile-unit|peer) clear mobility event-log (mobile-unit|peer) clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all) clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all) clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all) clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all) clear mobility peer-statistics (A.B.C.D|) clear mobility peer-statistics (A.B.C.D|)
Page 64 2-34 Overview no page no service diag enable no service diag period no service diag watchdog no service locator page (exit|logout|quit) show autoinstall show autoinstall status show banner motd show commands show debugging show debugging mstp show environment show history .............(contd) RFS7000>...
Page 65: Crypto
Security engine periodically updates the IPSec and Isakamp statistics for every 60 seconds. Example RFS7000(config)#show crypto pki trustpoints Trustpoint :default-trustpoint ----------------------------------------------- Server certificate configured Subject Name: Common Name: Motorola Organizational Unit: EWLAN Organization: Enterprise Mobility Location: San Jose State: Country:...
Page 66 2-36 Overview Organizational Unit: EWLAN Organization: Enterprise Mobility Location: San Jose State: Country: Valid From: Sep 12 09:28:56 2007 GMT Valid Until: Sep 11 09:28:56 2008 GMT RFS7000(config)# RFS7000(config)#show crypto key mypubkey rsa Key name: default_ssh_rsa_key Key length in bits: 1024 Key Data D056BB4 B423B30 21CA504 8101955 3328D22 41C624D 07AB708 4D85B51 E4B2B12 7A332EC A3C004A B1B3A95 B67DDB2 89FCB16 FE699CE 71B69FC...
Page 67: Debugging
2-37 2.2.5 debugging Common to all modes Syntax show debugging (mstp) Parameters Displays information related to the Multiple Spanning Tree Protocol (MSTP). mstp Example RFS7000(config)#show debugging mstp MSTP debugging status: RFS7000(config)#...
Page 68: Environment
2-38 Overview 2.2.6 environment Common to all modes Syntax show environment Parameters None. Example RFS7000>show environment upwind of CPU temperature : 30.0 C CPU die temperature : 53.0 C left side temperature : 30.0 C by FPGA temperature : 29.0 C front right temperature : 27.0 C front left temperature :...
Page 69: History
2-39 2.2.7 history Common to all modes Syntax show history Parameters None. Example RFS7000>show history 1 show 2 clrscr 3 enable 4 clrscr 5 configure terminal 6 exit 7 clrscr 8 show history RFS7000>...
Page 70: Interfaces
2-40 Overview 2.2.8 interfaces Common to all modes Syntax show interfaces [<name>|fe|ge <1-4>|sa <1-4>| switchport(<name>|fe|ge|sa|tunnel|vlan)|tunnel <1-32>|vlan <1-4094>] Parameters IFNAME Interface name. FastEthernet interface. ge <1-4> GigabitEthernet interface. Select an index value between 1- 4. sa <1- 4> StaticAggregate interface. Select an index value between 1- 4. switchport () Status of Layer2 interfaces.
Page 71 2-41 Speed: Admin Auto, Operational Unknown, Maximum 1G Duplex: Admin Auto, Operational Unknown Active Medium: Unknown Switchport Settings: Mode: Access, Access Vlan: 1 input packets 0, bytes 0, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 0, bytes 0, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 RFS7000(config)#...
Page 72 2-42 Overview 2.2.9 ip Common to all modes Syntax show ip [access-group (IFNAME | eth <1-2> | vlan <1-4094>) | access-list |arp | ddns(binding)| dhcp (binding|class|pool|sharednetwork)| dhcp-vendor-options | domain-name |http(secure-server|server)| interface(IFNAME|brief|tunnel|vlan) | name-server | nat (interfaces|translations[inside|outside][destination|source])| route(A.B.C.D|A.B.C.D/M|detail) | routing | ssh | telnet ] show ip access-group (IFNAME|eth <1-2>...
Page 73 2-43 dhcp-vendor-options DHCP Option 43 parameters received from DHCP server. domain-name Default domain for DNS. http Hyper Text Transfer Protocol. • secure-server – Secure HTTP server. • server – HTTP server. interface IP interface status and configuration. • IFNAME – Interface name. •...
Page 74 2-44 Overview b. If the stauts of the VLAN is UP (even if interfaces are diconnected), shutdown the VLAN associated with fe1: RFS7000(config)*#show ip interface brief Interface IP-Address/Mask Status Protocol 157.235.208.122/24(DHCP) up vlan1 unassigned(DHCP) vlan200 unassigned RFS7000(config)*#shutdown c. Check the status and note if the VLAN has been disassociated. Its status has now changed to DOWN.
Page 75 2-45 RFS7000#show ip dhcp pool ip dhcp pool pl ip dhcp pool pool1 domain-name test.com bootfile 123 network 10.10.10.0/24 address range 10.10.10.2 10.10.10.30 ip dhcp pool poo110 next-server 1.1.1.1 netbios-node-type b-node RFS7000#show ip dhcp-vendor-options Server Info: Firmware Image File: Config File: Cluster Config File: RFS7000#show ip domain-name IP domain-lookup : Enable...
Page 76 2-46 Overview 1.1.1.0/24 [1/0] via 1.1.1.2 inactive 10.0.0.0/8 [1/0] via 10.10.10.10 inactive 157.235.208.0/24 [1/0] via 157.235.208.246 inactive RFS7000#show ip ssh SSH server: enabled Status: running Keypair name: default_ssh_rsa_key Port: 22 RFS7000#show ip telnet Telnet server: enabled Status: running Port: 23...
Page 77: Ldap
2-47 2.2.10 ldap Common to all modes Syntax show ldap(configuration(primary|secondary)) Parameters ldap LDAP server. configuration LDAP server configuration parameters. primary Primary LDAP server. secondary Secondary LDAP server. Example RFS7000(config-radsrv)#show ldap configuration LDAP Server Config Details __________________________ Primary LDAP Server configuration IP Address : 10.10.10.1 Port...
Page 78: Licenses
2-48 Overview 2.2.11 licenses Common to all modes Syntax show licenses Parameters None. Example RFS7000(config)#show licenses feature usage license string license value usage 2FFD7fE9 CD016155 14A92C70...
Page 79: Logging
2-49 2.2.12 logging Common to all modes Syntax show logging Parameters None. Example RFS7000(config)#show logging Logging module: enabled Aggregation time: disabled Console logging: level debugging Monitor logging: disabled Buffered logging: level informational Syslog logging: disabled Log Buffer (3840 bytes): Feb 19 22:25:28 2007: %NSM-6-DHCPIP: Interface fe acquired IP address 157.235.208.122/24 via DHCP Feb 19 21:33:09 2007: %KERN-6-INFO: fe: Setting full-duplex based on negotiated link capability..
Page 80: Mac
2-50 Overview 2.2.13 mac Common to all modes Syntax show mac(access-list) Parameters access-list Lists MAC access lists. Example RFS7000(config)#show mac access-list RFS7000(config)#...
Page 81: Mac-Address-Table
2-51 2.2.14 mac-address-table Common to all modes Syntax show mac-address-table Parameters None. Example RFS7000#show mac-address-table bridge VLAN port fwd timeout ifindex 0 0090.2762.c786 1 ifindex 0 0014.85a0.ebc4 1 ifindex 0 0008.7493.8134 1 ifindex 0 0008.c7eb.070b 1 ifindex 0 000d.56d1.742c 1 ifindex 0 000e.0c6e.ade7 1 ifindex 0...
Page 82: Management
2-52 Overview 2.2.15 management Common to all modes Syntax show management Parameters None. Example RFS7000(config)#show management Mgmt Interface: vlan1 Management access permitted via any vlan interface RFS7000(config)#...
Page 83: Mobility
2-53 2.2.16 mobility Common to all modes Syntax show mobility [event-log|forwarding|global|mobile-unit|peer|statistics] show mobility event-log [mobile-unit|peer] show mobility forwarding (AA-BB-CC-DD-EE-FF) show mobility mobile-unit [<AA-BB-CC-DD-EE-FF>|detail] show mobility peer [<A.B.C.D>|detail] show mobility statistics <AA-BB-CC-DD-EE-FF> Parameters event-log Displays mobility event logs . • mobile-unit – MU event logs. •...
Page 84 2-54 Overview 09/14 19:17:52 IP-UPD-MU 00-0f-3d-e9-a6-54 157.235.208.134 157.235.208.16 157.235.208.16 09/14 19:17:51 ADD-MU 00-0f-3d-e9-a6-54 0.0.0.0 157.235.208.16 157.235.208.16 09/14 19:17:51 DEL-MU 00-0f-3d-e9-a6-54 0.0.0.0 157.235.208.16 157.235.208.16 09/14 19:17:50 ADD-MU 00-0f-3d-e9-a6-54 0.0.0.0 157.235.208.16 157.235.208.16 RFS7000>show mobility forwarding Mac-Address IP-Address State Tunnel HS-Vlan RFS7000> RFS7000>show mobility global Mobility Global Parameters Admin-Status : DISABLED...
Page 85: Ntp
2-55 2.2.17 ntp Common to all modes Syntax show ntp (association (detail)|status) Parameters Network time protocol. association NTP associations. detail Displays NTP association details. status Displays NTP status. Example RFS7000>show ntp associations address ref clock when poll reach delay offset disp * master (synced), # master (unsynced), + selected, - candidate, ~ configured RFS7000>(config)#...
Page 86: Port-Channel
2-56 Overview 2.2.18 port-channel Common to all modes Syntax show port-channel (load-balance) Parameters load-balance Load balancing. Example RFS7000(config)#show port-channel load-balance RFS7000(config)#...
Page 87: Privilege
2-57 2.2.19 privilege Common to all modes Syntax show privilege Parameters None. Example RFS7000>show privilege Current user privilege: superuser RFS7000>...
Page 88: Radius
2-58 Overview 2.2.20 radius Common to all modes Syntax show radius [configuration|eap(configuration)|group|nas( A.B.C.D/M)|proxy| rad- user|trust-point] Parameters radius RADIUS configuration commands. configuration RADIUS server configuration parameters. eap (configuration) EAP parameters and configuration. group RADIUS group configuration. nas (A.B.C.D/M) Enter a client IP address and mask. proxy Proxy information.
Page 89: Redundancy-Group
2-59 2.2.21 redundancy-group Common to all modes This command displays the switch’s IP address, number of active neighbors, group license, installed license, cluster AP adoption count, switch adoption count, hold time, discovery time, heartbeat interval, cluster id, switch mode etc. In a cluster, this command displays the redundancy runtime and configured information of the self-switch.
Page 90 2-60 Overview Redundancy Mode : Primary Redundancy Interface IP : 0.0.0.0 Number of configured peer(s) Heartbeat-period : 5 Seconds Hold-period : 15 Seconds Discovery-period : 30 Seconds Handle STP : Disabled Switch Installed License : 256 Switch running image version : 1.1.0.0-36536X Auto-revert-period : 5 mins...
Page 91: Redundancy-History
2-61 2.2.22 redundancy-history Common to all modes This command displays the history of the state transition by the RFS7000 switch. In a cluster, this command displays the history of the switch state transitions of the self-switch. Syntax show redundancy-history Parameters None.
Page 92: Redundancy-Members
2-62 Overview 2.2.23 redundancy-members Common to all modes This command displays the switches in the cluster which are all seen by the RFS7000 switch. The user can provide the IP address of the switch in cluster whose information alone is needed. Syntax show redundancy-members (A.B.C.D) Parameters...
Page 93: Snmp
2-63 2.2.24 snmp Common to all modes Syntax show snmp [user(snmpmanager|snmpoperator|snmptrap)] Parameters user Displays the SNMP user. snmpmanager Shows manager information. snmpoperator Shows operator information. snmptrap Shows trap information. Example RFS7000(config)#show snmp user snmpmanager userName access engineId Authentication Encryption snmpmanager 80000184806b8b456745a3cccc RFS7000(config)# RFS7000(config)#show snmp user snmpoperator...
Page 94: Snmp-Server
2-64 Overview 2.2.25 snmp-server Common to all modes Syntax show snmp-server[traps(wireless-statistics( mobile-unit | radio | wireless-switch | wlan))] Parameters traps Displays trap enabled flags. wireless-statistics Displays wireless-stats rate traps. mobile-unit Displays mobile unit rate traps. radio Displays radio rate traps. wireless-switch Displays switch rate traps.
Page 95 2-65 tput-greater-than disabled avg-bit-speed-less-than disabled avg-signal-less-than disabled nu-percent-greater-than disabled gave-up-percent-greater-than disabled avg-retry-greater-than disabled undecrypt-percent-greater-than disabled RFS7000> RFS7000>show snmp-server traps wireless-statistics radio pktsps-greater-than disabled tput-greater-than disabled avg-bit-speed-less-than disabled avg-signal-less-than disabled nu-percent-greater-than disabled gave-up-percent-greater-than disabled avg-retry-greater-than disabled undecrypt-percent-greater-than disabled num-stations-greater-than disabled RFS7000> RFS7000>show snmp-server traps wireless-statistics wireless-switch pktsps-greater-than disabled...
Page 96: Sole
2-66 Overview 2.2.26 sole Common to all modes Syntax show sole (config|stats|status) show sole (config|stats)(adapter)(ADAPTER NAME) show sole (status)[adapter|engine (ADAPTER)] Parameters config (adapter) SOLE configuration information. Displays (ADAPTER NAME) • adapter – Displays configuration for all of specific SOLE adapters. stats (adapter) adapter specific statistics such as : Number of tag reports sent, number Displays...
Page 97: Spanning-Tree
2-67 2.2.27 spanning-tree Common to all modes Syntax show spanning-tree mst [config|detail (interface){<IF Name>|fe|ge <1-4>|sa <1-4>|tunnel <1-32> |vlan <1- 4094>}|instance <1-15>(interface){<IF Name>|fe|ge <1-4>|sa <1-4>|tunnel <1-32> |vlan <1-4094>}] Parameters config Displays MSTP configuration information. detail (interface) Displays detailed interface information. {<IF Name>|fe|ge <1-4>| •...
Page 98 2-68 Overview ge1: Configured Path Cost 200000 - Add type Explicit ref count 1 ge1: Designated Port Id 87d1 - CST Priority 128 ge1: CIST Root 800000157037fbef ge1: Regional Root 800000157037fbef ge1: Designated Bridge 800000157037fbef ge1: Message Age 0 - Max Age 20 ge1: CIST Hello Time 2 - Forward Delay 15 ge1: CIST Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0 ge1: Version Multiple Spanning Tree Protocol - Received None - Send MSTP...
Page 99: Static-Channel-Group
2-69 2.2.28 static-channel-group Common to all modes Syntax show static-channel-group Parameters None. Example RFS7000>show static-channel-group RFS7000>...
Page 100: Terminal
2-70 Overview 2.2.29 terminal Common to all modes Syntax show terminal Parameters None. Example RFS7000(config)#show terminal Terminal Type: vt102 Length: 42 Width: 125 RFS7000(config)#...
Page 101: Timezone
2-71 2.2.30 timezone Common to all modes Syntax show timezone Parameters None. Example RFS7000>show timezone Timezone is Etc/UTC RFS7000>...
Page 102: Users
2-72 Overview 2.2.31 users Common to all modes Syntax show users Parameters None. Example RFS7000(config)#show users Line User Uptime Location 0 con 0 1003 admin 11:38m ttyS0 130 vty 0 27693 admin 10:21m RFS7000(config)#...
Page 103: Version
2-73 2.2.32 version Common to all modes Syntax show version (verbose) Parameters verbose Displays software and hardware details. Example RFS7000(config)#show version RFS7000 version 1.0.0.0-228D MIB=01a Copyright (c) 2006 Symbol Technologies, Inc. Booted from primary. Switch uptime is 0 days, 5 hours 50 minutes CPU is RMI Phoenix V0.4 255188 kB of on-board RAM RFS7000(config)#...
Page 104: Wireless
2-74 Overview 2.2.33 wireless Common to all modes Syntax show wireless [aap-version |ap (<1-48>|AA-BB-CC-DD-EE-FF)| ap-detection-config | ap-images | ap-unadopted | approved-aps | channel-power(11a {indoor|outdoor}|11b {indoor|outdoor}|11bg {indoor|outdoor})| config | country-code-list|enhanced-beacon-table [config|report]| enhanced-probe-table[config|report]|hotspot-config <1-32>| ids (configured-bad-essids|filter-list)|known|mac-auth-local<1-1000> | mesh|mobile-unit (<1-4096>|AA-BB-CC-DD-EE-FF| association-history <MAC address>|multicast-packet-limit| phrase-to-key (wep128 | wep64)| qos-mapping (wired-to-wireless | wireless-to-wired)| radio (<1-1000>|beacon-table|config(<1-1000>|default-11a|default-11b|...
Page 105 2-75 show wireless sensor (default-config | discovered-sensors) show wireless unapproved-aps show wireless wireless-switch-statistics (detail) show wireless wlan (config( <1-32> | all | enabled)| statistics <1-32>) Parameters aap-version Displays the minimum Adaptive firmware version string. Status of adopted access port. • <1-48> – The index of the access port. •...
Page 106 2-76 Overview Intrusion detection parameters. • configured-bad-essids – Display the list of configured bad essids. This sets the number of seconds for which the MU will be filtered. • filter-list – Displays the list of currently filtered mobile units. known (ap) (statistics) Known AP related parameters.
Page 107 2-77 radio Radio related commands. • <1-1000> – A single radio index. • beacon-table – The radio-to-radio beacon table. • config <1-1000> – Radio configuration. • default-11a – Default 11a configuration template. • default-11b – Default 11b configuration template. • default-11bg – Default 11bg configuration template. •...
Page 108 2-78 Overview ap-type Image-Name Size (bytes) Version ap300 WISP-AP300 293516 00.02-29 ap300 WIAP-300 244076 01.00-1635b ap300 AP300-IDS-Sensor 295064 00.00-04 ap100 AP100 31034 02.05-00 ap4131 AP4131 191440 07.00-01 ap4131 Revert-AP4131 665704 00.00-00 RFS7000> RFS7000>show wireless ap-unadopted RFS7000> RFS7000>show wireless approved-aps access-port detection is disabled RFS7000>...
Page 109 2-79 Page-Type : login URL : Page-Type : welcome URL : Page-Type : fail URL : Allow-list IP addresses WLAN: 2 status: disabled description: WLAN2 ssid: 102 Page-Location: simple Internal Pages Page-type : login Title : Login Page -- MORE --, next page: Space, next line: Enter, quit: Control-C ............
Page 110 2-80 Overview admission-control: disabled, max-mobile-unit: 32 WMM [background]: aifsn: 7 txop-limit: 0 cwmin: 4 cwmax: 10 admission-control: disabled, max-mobile-unit: 32 WMM [video]: aifsn: 1 txop-limit: 94 cwmin: 3 cwmax: 4 admission-control: disabled, max-mobile-unit: 32 WMM [voice]: aifsn: 1 txop-limit: 47 cwmin: 2 cwmax: 3 admission-control: disabled, max-mobile-unit: 32 neighbors for smart scan: Enhanced Beacon Table: N, Enhanced Probe Table: N...
Page 111: Wlan-Acl
2-81 2.2.34 wlan-acl Common to all modes Syntax show wlan-acl [<1-256>|all] Parameters <1-256> Displays ACLs attached to the specified WLAN ID. Displays ACLs attached to the WLAN port. Example RFS7000>show wlan-acl 200 WLAN port: 200 Inbound IP Access List Inbound MAC Access List Outbound IP Access List Outbound MAC Access List : RFS7000>...
Page 112: Access-List
2-82 Overview 2.2.35 access-list Priviledge / Global Config This command lists all the access lists (numbered and named) configured on the switch. The numbered access list displays all numbered ACLs. The named access-list displays the details of the name ACL. Syntax show access-list show access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)
Page 113: Aclstats
2-83 2.2.36 aclstats Priviledge / Global Config This command displays the statisitcs of all the access lists configured on the switch. Syntax aclstats [<name>|fe|ge <1-4>|sa <1-4>|tunnel <1-32>|vlan <1-4094>] Parameters IFNAME Interface name. FastEthernet interface. ge <1-4> GigabitEthernet interface. Select an index value between 1-4. sa <1- 4>...
Page 114: Alarm-Log
2-84 Overview 2.2.37 alarm-log Priviledge / Global Config Syntax show alarm-log ( <1-65535>| acknowledged | all | count | new | severity-to-limit( critical |informational | major | normal | warning)) Parameters <1-65535> Displays details for specific alarm Id. acknowledged Displays acknowledged alarms currently in the system. Displays all alarms currently in the system.
Page 115: Boot
2-85 2.2.38 boot Priviledge / Global Config Syntax show boot Parameters None. Example RFS7000#show boot Image Build Date Install Date Version ----- -------------------- -------------------- -------------- Primary Feb 05 20:27:25 2007 Feb 13 19:29:28 2007 1.0.0.0-228D Secondary Jan 19 06:41:09 2007 Jan 23 20:14:19 2007 1.0.0.0-200D Current Boot...
Page 116: Clock
2-86 Overview 2.2.39 clock Priviledge / Global Config Syntax show clock Parameters None. Example RFS7000#show clock Sep 13 16:46:27 UTC 2006 RFS7000#...
Page 117: Debugging
2-87 2.2.40 debugging Priviledge / Global Config Syntax show debugging (mstp) Parameters mstp Displays MSTP debugging information. Example RFS7000#show debugging mstp MSTP debugging status: MSTP all debugging is on RFS7000#show debugging mstp MSTP debugging status: MSTP all debugging is on RFS7000#...
Page 118: Dhcp
2-88 Overview 2.2.41 dhcp Priviledge / Global Config Use this command to display DHCP Server configurations. Syntax show dhcp [config|status] Parameters config Displays DHCP server configuration. status Displays whether the DHCP server is running or not. Example RFS7000#show dhcp config service dhcp ip dhcp pool vlan63 default-router 192.168.157.2...
Page 119: Environment
2-89 2.2.42 environment Privilege / Global Config Syntax show environment Parameters None. Example RFS7000#show environment upwind of CPU temperature : 33.0 C CPU die temperature : 62.0 C left side temperature : 31.0 C by FPGA temperature : 30.0 C front right temperature : 28.0 C front left temperature :...
Page 120: File
2-90 Overview 2.2.43 file Privilege / Global Config Syntax show file (information (FILE)| systems) Parameters information (FILE) Displays information on FILE. systems Lists filesystems. Example RFS7000(config)#show file systems File Systems: Size(b) Free(b) Type Prefix opaque system: 10485760 9912320 flash nvram: 20971520 19742720 flash...
Page 121: Ftp
2-91 2.2.44 ftp Privilege / Global Config Syntax show ftp Parameters None. Example RFS7000#show ftp FTP Server: Disabled User Name: anonymous or ftpuser Password: ******** Root dir: flash:/ RFS7000#...
Page 122: Password-Encryption
2-92 Overview 2.2.45 password-encryption Priviledge / Global Config Syntax show password-encryption (status) Parameters status Displays password-encryption status. Example RFS7000#show password-encryption status Password encryption is disabled RFS7000#...
Page 123: Running-Config
2-93 2.2.46 running-config Privilege / Global Config Displays the contents of the configuration file for the switch, including all configured MAC and IP access lists and access groups applied to an interface. Syntax show running-config(full|include-factory) Parameters full Full configuration. include-factory Includes factory defaults.
Page 124 2-94 Overview RFS7000(config)#show running-config include-factory ! configuration of RFS7000 version 1.1.0.0-014D version 1.0 service prompt crash-info no service set command-history no service set reboot-history no service set upgrade-history hostname RFS7000 banner motd Welcome to CLI username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin access console web ssh telnet username admin privilege...
Page 125: Securitymgr
2-95 2.2.47 securitymgr Privilege / Global Config Syntax show securitymgr(event-logs) Parameters event-logs Displays securitymgr event logs. Example RFS7000#show securitymgr event-logs ======================== Event Logs ======================== 1> Tue Mar 13 2007 19:15:55: CORRUPT_PACKET: source vlan200: udp: Src 157.235.188.241: Dst 157.235.188.255: Src Port 137: Dst Port 137: IP TTL less than required: traceroute RFS7000#...
Page 126: Sessions
2-96 Overview 2.2.48 sessions Privilege / Global Config Syntax show sessions Parameters None. Example RFS7000(config)#show sessions SESSION USER LOCATION IDLE START TIME Console 10:18m Feb 19 13:31:42 2007 ** 2 xxx.xxx.xxx.xxx 00:00m Feb 19 14:48:24 2007 RFS7000(config)#...
Page 127: Spanning-Tree
2-97 2.2.49 spanning-tree Privilege / Global Config Use this command to display spanning tree information. Syntax show spanning-tree (mst)[config|detail|instance] Parameters Displays MST information. • config – Displays configuration information. • detail – Displays detailed information. • instance – Displays instance information. Example RFS7000(config)#show spanning-tree mst detail % Bridge up - Spanning Tree Enabled...
Page 128 2-98 Overview ge4: Designated Port Id 0 - CST Priority 128 ge4: CIST Root 0000000000000000 ge4: Regional Root 0000000000000000 ge4: Designated Bridge 0000000000000000 ge4: Message Age 0 - Max Age 0 ge4: CIST Hello Time 0 - Forward Delay 0 ge4: CIST Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0 ge4: Version Multiple Spanning Tree Protocol - Received None - Send STP ge4: No portfast configured - Current...
Page 129 2-99 sa2: Version Multiple Spanning Tree Protocol - Received None - Send STP sa2: No portfast configured - Current portfast off sa2: portfast bpdu-guard default - Current portfast bpdu-guard off sa2: portfast bpdu-filter default - Current portfast bpdu-filter on sa2: no root guard configured - Current root guard off sa2: Configured Link Type point-to-point - Current shared...
Page 130 2-100 Overview ge1: no root guard configured - Current root guard off ge1: Configured Link Type point-to-point - Current shared RFS7000(config)#...
Page 131: Startup-Config
2-101 2.2.50 startup-config Privilege / Global Config Syntax show startup-config Parameters None. Example RFS7000#show startup-config ! configuration of RFS7000 version 1.0.0.0-228D! version 1.0 service prompt crash-info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser spanning-tree mst config bridge region My Name no country-code logging console 7 snmp-server manager v2...
Page 132: Static-Channel-Group
2-102 Overview 2.2.51 static-channel-group Privilege / Global Config Use the privileged EXEC command to display configured static channel groups. show static-channel-group Syntax show static-channel-group Parameters None. Example RFS7000(config)#show static-channel-group % Static Aggregator: sa2 % Member: RFS7000(config)#...
Page 133: Upgrade-Status
2-103 2.2.52 upgrade-status Privilege / Global Config Syntax show upgrade-status(detail) Parameters detail Last image upgrade log. Example RFS7000#show upgrade-status detail Last Image Upgrade Status : Successful Last Image Upgrade Time : Tue Aug 29 18:32:17 2006 -------------------------------------------------------- var2 is 10 percent full /tmp is 5 percent full Free Memory 151944 kB FWU invoked via Linux shell...
Page 134: Wlan-Acl
2-104 Overview 2.2.53 wlan-acl Privilege / Global Config Syntax show wlan-acl [<1-256>|all] <1-256> Displays ACLs attached to the specified WLAN ID. Displays ACLs attached to WLAN port. Example RFS7000(config)#show wlan-acl 102 WLAN port: 102 Inbound IP Access List : 110 Inbound MAC Access List : Outbound IP Access List: Outbound MAC Access List :...
Page 135: User Exec Commands
User Exec Commands Logging in to the switch places you within the USER EXEC command mode. Typically, a log-in requires a user name and a password. You have three attempts to enter a password correctly before a connection attempt is refused.The USER EXEC commands available at the user level are a subset of those available at the privileged level.
Page 136 Overview 3.1 User Exec Commands Table 3.1 summarizes User Exec commands. Table 3.1 User Exec commands Summary Command Description Ref. clear Resets the command to the previous configuration. page 3-3 clrscr Clears the display screen. page 2-3 cluster-cli Cluster context. page 3-5 debug Debugging functions.
Page 137: Clear
3.1.1 clear User Exec Commands Use this command to reset the command to previous configuration. Syntax clear [aclstats|alarm-log|arp-cache|crypto|ip|logging|mac|mobility|spanning-tree] clear alarm-log [<1-65535> | acknowledged|all|new] clear crypto [ipsec|isakmp] (sa) <A.B.C.D> clear ip (dhcp) (binding) [*|A.B.C.D| all] clear mac (address-table) [dynamic|multicast|static] [address|bridge|interface|vlan] clear mobility(event-log|mobile-unit|peer-statistics) clear mobility event-log(mobile-unit|peer) clear spanning-tree (detected)(protocols)(bridge|interface) Parameters...
Page 138 Overview mac (address-table) Clears layer 2 MAC entries in the forwarding database. [dynamic|multicast|static • dynamic – Clears all dynamic entries. • multicast – Clears all multicast entries. [address|bridge|interface |vlan] • static – Clears all entries configured through management. • address – Clears the specified MAC Address. •...
Page 139: Cluster-Cli
3.1.2 cluster-cli User Exec Commands Use this command to cluster all the CLI pertaining to the context it appears. This feature is useful to configure each switch in the cluster by logging in to one switch. This eliminates administrator time and effort N-1 times (if there are N switches in the cluster).
Page 140: Debug
Overview 3.1.3 debug User Exec Commands Use this command to debug the switch. Syntax debug (certmgr(all|err|info)|ip(https|ssh)|mobility(cc|error|forwarding|mu|packet|peer| system)) Parameters certmgr Certificate manager debugging messages. ip ( ) Internet Protocol (IP). • https – Secure HTTP (HTTPS) server. • ssh – Secured Shell (SSH) server. mobility ( ) L3 Mobility •...
Page 141: Disable
3.1.4 disable User Exec Commands Enable the PRIV mode to use this command. Then, use the command to exit the PRIV mode. disable Syntax disable Parameters None. Example RFS7000>disable RFS7000>...
Page 142: Enable
Overview 3.1.5 enable User Exec Commands Use this command to enter the PRIV mode. Syntax enable Parameters None. Example RFS7000>enable...
Page 143: Logout
3.1.6 logout User Exec Commands Use this command instead of the command to exit the EXEC mode. exit Syntax logout Parameters None. Example The RFS7000 Series Switch logs off on execution of this command.
Page 144 3-10 Overview 3.1.7 page User Exec Commands Use this command to toggle paging. Enabling this command displays the CLI output page by page, instead of running the entire output at once. Syntax page Parameters None. Example RFS7000>page ? <cr> RFS7000>page RFS7000>enable RFS7000>show running-config ! configuration of RFS7000 version 1.0.1.0-005D!
Page 145: Quit
3-11 3.1.8 quit User Exec Commands Use this command to exit the current mode, and move back to the previous mode. Syntax quit Parameters None. Example The switch logs off upon execution of this command.
Page 146: Show
3-12 Overview 3.1.9 show User Exec Commands Use this command to exit the current mode and go down to previous mode. Syntax show Parameters autoinstall Displays the autoinstall configuration. banner Displays the “Message of the Day Login” banner. commands Displays command lists. crypto Displays encryption details.
Page 147 3-13 static-channel-group Displays static channel group membership. terminal Displays terminal configuration parameters. timezone Displays the timezone. users Displays information about terminal lines. version Displays the software and hardware version. wireless Displays wireless configuration commands. wlan-acl Displays WLAN based ACL information. Example RFS7000>show ? autoinstall...
Page 148 3-14 Overview clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all) clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all) clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all) clear mobility peer-statistics (A.B.C.D|) clear mobility peer-statistics (A.B.C.D|) clear spanning-tree detected protocols bridge clear spanning-tree detected protocols interface INTERFACE clrscr cluster-cli enable debug certmgr ( error|info|all ) debug certmgr ( error|info|all ) debug certmgr ( error|info|all ) debug ip https...
Page 149 3-15 Hardware Type Ethernet, Interface Mode Layer 2, address is 00-15-70-37-fc-90 index=2002, metric=1, mtu=1500, (HAL-IF) <UP,BROADCAST,MULTICAST> Speed: Admin Auto, Operational Unknown, Maximum 1G Duplex: Admin Auto, Operational Unknown Active Medium: Unknown Switchport Settings: Mode: Access, Access Vlan: 1 input packets 0, bytes 0, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 0, bytes 0, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0...
Page 150 3-16 Overview RFS7000>show management Mgmt Interface: vlan1 Management access permitted via any vlan interface RFS7000>...
Page 151: Chapter 4. Privileged Exec Commands
Privileged Exec Commands Most PRIV EXEC mode commands set operating parameters. Privileged-level access must be password protected to prevent unauthorized use. The PRIV EXEC command set includes those commands contained in the USER EXEC mode. The PRIV EXEC mode also provides access to configuration modes using the configure command, and includes advanced testing commands.
Page 152 Overview 4.1 Priv Exec Command Table 4.1 summarizes the Priv Exec commands. Table 4.1 Priv Exec Command Summary Command Description Ref. acknowledge Acknowledges alarms. page 4-4 archive Manages archive files. page 4-5 Changes the current directory. page 4-7 change-passwd Changes the password of the logged in user. page 4-8 clear Reset function.
Page 153 Command Description Ref. page Toggles the paging functionality. page 4-30 ping Sends an ICMP echo message. page 4-31 Displays the current directory. page 4-32 quit Exits the current mode and moves down to the previous mode. page 4-33 reload Halts the switch and performs a warm reboot. page 4-34 rename Renames a file.
Page 154: Priv Exec Command
Overview 4.1.1 acknowledge Priv Exec Command Use this command to acknowledge alarms. Syntax acknowledge alarm-log [<1-65535> | all] Parameters alarm-log Acknowledges an alarm. • <1-65535> – Acknowledges specific alarm id. • all – Acknowledges all alarms. Example RFS7000#acknowledge alarm-log all No corresponding record found in the Alarm Log.
Page 155: Archive
4.1.2 archive Priv Exec Command Use this command to manage archive files. Syntax archive tar /table [FILE|URL] archive tar /create [FILE|URL] FILE archive tar /xtract [FILE|URL] DIR Parameters Manipulates (creates, lists or extracts) a tar file. /table Lists files in a tar file. /create Creates a tar file.
Page 156 Overview RFS7000#archive tar /table ? FILE Tar filename Files: flash:/path/file cf:/path/file usb1:/path/file usb2:/path/file Tar file URL URLs: tftp://<hostname:port or IP>/path/file ftp://<user>:<passwd>@<hostname:port or IP>/path/file http://<hostname:port or IP>/path/file sftp://<user>@<hostname:port or IP>/path/file RFS7000#archive RFS7000#archive tar /xtract ? FILE Tar filename Files: flash:/path/file cf:/path/file usb1:/path/file usb2:/path/file Tar file URL...
Page 157 4.1.3 cd Priv Exec Command Use this command to change the current directory. Syntax cd [DIR|] Parameters Changes the current directory to DIR. Example RFS7000#cd nvram:/ system:/ flash:/ RFS7000#cd flash:/? Change current directory to DIR RFS7000#cd flash:/ flash:/backup/ flash:/crashinfo/ flash:/hotspot/ flash:/log/ flash:/out/ RFS7000#cd flash:/log/?
Page 158: Change-Passwd
Overview 4.1.4 change-passwd Priv Exec Command Use this command to change the password of the logged in user. Syntax change-passwd Parameters None. Usage Guidelines A password must be between 8 to 32 characters in length. For safety, the console does not display the user entered key words (refer example) for the fields.
Page 159: Clear
4.1.5 clear Priv Exec Command Use this command to reset the current context. Syntax clear [alarm-log|arp-cache|ip|logging|mac|mobility|spanning-tree] clear alarm-log (<1-65535>|acknowledge|all|new) clear ip(dhcp(binding)[*|A.B.C.D]) clear mac (address-table) [dynamic|multicast|static] [address|bridge <1-32>|interface|vlan <1-4094>] clear mobility [event-log (mobile-unit|peer)| mobile-unit (<MAC Address >|all|foreign-database|home-database)| peer-statistics <Peer IP Address>] clear spanning-tree (detected)[bridge|interface(name)] Parameters alarm-log...
Page 160 4-10 Overview mobility [event-log Clears mobility attributes. (mobile-unit|peer)| • event-log – Clears all event logs. mobile-unit (<MAC • mobile-unit – Mobile unit event logs. Address >|all|foreign- database|home- • peer – Peer event logs. database)| • mobile-unit – Clears a mobile unit. peer-statistics <Peer IP •...
Page 161: Clock
4-11 4.1.6 clock Priv Exec Command Use this command to configure the software system clock. Syntax clock set HH:MM:SS [1-31] MONTH [1993-2035] Parameters Sets the system date and time. Example RFS7000#clock set 15:10:30 08 Sep 2006 RFS7000#show clock Sep 08 15:10:31 UTC 2006...
Page 162: Cluster-Cli
RFS7000(config)# RFS7000:cluster-cli#show version *** START: Response from member: 172.20.15.18 **** RFS7000 version 1.0.1.0-005D Copyright (c) 2006-2007 Motorola, Inc. Booted from primary. Switch uptime is 7 days, 4 hours 28 minutes *** END: Response from member: 172.20.15.18 **** RFS7000 version 1.0.1.0-005D Copyright (c) 2006-2007 Motorola, Inc.
Page 163: Configure
4-13 4.1.8 configure Priv Exec Command Use this command to move into the configuration mode. Syntax configure terminal Parameters terminal Configures from the terminal. Example RFS7000#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RFS7000(config)#...
Page 164: Copy
4-14 Overview 4.1.9 copy Priv Exec Command Use this command to copy any file (config, log, txt ...etc) to and from the switch. NOTE Copying a new config file onto an exisitng running-config file merges it with the existing running-config. Both, the exisitng running-config and the new config file are applied as the current running-config of the switch.
Page 165 4-15 Transferring file snmpd.log to remote tftp server? RFS7000#copy flash:/log/snmpd.log tftp://157.235.208.105:/snmpd.log Accessing running-config file from remote tftp server into switchrunning-config? RFS7000#copy tftp://157.235.208.105:/running- config running-config...
Page 166: Debug
4-16 Overview 4.1.10 debug Priv Exec Command Use this command for debugging purposes. This command is also used to debug various features. Syntax debug all debug cc [access-port|all|alt|ap-detect|capwap|cluster| config|dot11|eap|ids|kerberos|l3-mob|media|mobile-unit|radio| radius|self-heal|snmp|system|wips|wisp] debug ccstats <CCStats Module> debug certmgr [all|error|info] debug dhcpsvr [all|error|info] debug imi [all|cli-client|cli-server|errors|init|ntp] debug ip [https|ssh] debug logging [all|errors|monitor|subagent]...
Page 167 4-17 Example RFS7000#debug ? Enable all debugging Cellcontroller (wireless) debugging messages ccstats Cellcontroller (wireless) debugging messages certmgr Certificate Manager Debugging Messages dhcpsvr DHCP Conf Server Debugging Messages Integrated Management Interface Internet Protocol (IP) logging Modify message logging facilities mgmt Mgmt daemon mobility L3 Mobility mstp...
Page 168: Delete
4-18 Overview 4.1.11 delete Priv Exec Command Use this command to delete the specified file from the system. Syntax delete ({/force|/recursive}|) .FILE Parameters /force Forces deletion without a prompt. /recursive Performs a recursive delete. FILE Specifies the filename(s) to be deleted from: •...
Page 169: Diff
4-19 4.1.12 diff Priv Exec Command Use this command to view the difference between two files. Syntax diff (FILE|URL) (FILE|URL) Parameters FILE Displays the differences between FILE’s. Displays the differences between URL’s. Example RFS7000#diff startup-config running-config --- startup-config +++ running-config @@ -89,7 +89,7 @@ mobility peer 157.235.208.16 wlan 1 enable...
Page 170: Dir
4-20 Overview 4.1.13 dir Priv Exec Command Use this command to view the list of files on a filesystem. Syntax dir ({/all|/recursive}|) (DIR|all-filesystems|) Parameters /all Lists all files. /recursive Lists files recursively. Lists files in named file path. all-filesystems Lists files on all filesystems. Example RFS7000#dir Directory of flash:/...
Page 171: Disable
4-21 4.1.14 disable Priv Exec Command Use this command to exit the Exec mode. Syntax disable Parameters None. Example RFS7000#disable RFS7000>...
Page 172: Edit
"ss" ss "ss" "ss" "ss" "ss" crypto pki trustpoint kumar2 subject-name "ss" ss "ss" "ss" "ss" "ss" crypto pki trustpoint thippeswamy subject-name "TestPool" US "OH" "PB" "MOTOROLA" "WID" fqdn "RetailKing.com" email abcTestmailid@motorola.com rsakey were company-name "RetailKing"...
Page 173: Enable
4-23 4.1.16 enable Priv Exec Command Use this command to turn on the privileged mode command. Syntax enable Parameters None. Example RFS7000#enable RFS7000#...
Page 174: Erase
4-24 Overview 4.1.17 erase Priv Exec Command Use this command to erase a target filesystem. Syntax erase [cf:|flash:|nvram:|startup-config:] Parameters Erases contents of compact flash. flash: Erases contents of flash. nvram: Erases contents of nvram. startup-config Resets the switch configuration to factory default settings. usb1: Erases everything in usb1.
Page 175: Halt
4-25 4.1.18 halt Priv Exec Command Use this command to halt the switch. This command is similar to commad. The only diffrence is that reload command stops the switch and stops and restarts the switch. halt reload Syntax kill Parameters None.
Page 176: Kill
4-26 Overview 4.1.19 kill Priv Exec Command Use this command to kill (terminate) a specified session. Syntax kill session <1-16> Parameters session Active session. There are 16 active sessions which can be terminated. Example RFS7000#show sessions SESSION USER LOCATION IDLE START TIME Console 00:00m...
Page 177: Logout
4-27 4.1.20 logout Priv Exec Command Use this command to exit the EXEC mode. Syntax logout Parameters None. Example RFS7000#logout Please press Enter to activate this console.
Page 178: Mkdir
4-28 Overview 4.1.21 mkdir Priv Exec Command Use this command to create a new directory in the filesystem. Syntax mkdir DIR Parameters Directory name. Example RFS7000#mkdir TestDIR RFS7000#...
Page 179: More
4-29 4.1.22 more Priv Exec Command Use this command to view the contents of a file. Syntax more FILE Parameters FILE Displays the content of the file. Example RFS7000#more flash:/log/messages.log Sep 08 12:27:30 2006: %PM-5-PROCSTOP: Process "radiusd" has been stopped Sep 08 12:27:31 2006: %LICMGR-6-NEWLICENSE: Licensed AP count changed to 48 Sep 08 12:27:31 2006: %CC-5-COUNTRYCODE:...
Page 180 4-30 Overview 4.1.23 page Priv Exec Command Use this command to toggle switch paging. Enabling this command displays the command output page by page, instead of running the entire output at once. Syntax page Parameters None. Example RFS7000#page RFS7000#show running-config ! configuration of RFS7000 version 1.0.1.0-005D! version 1.0 service prompt crash-info...
Page 181: Ping
4-31 4.1.24 ping Priv Exec Command Use this command to send ICMP echo messages. Syntax ping [IP address|hostname] Parameters [IP address|hostname] Ping destination address or hostname. Example RFS7000#ping 111.222.222.39 PING 1111.222.222.39 (111.222.222.39): 100 data bytes 128 bytes from 111.222.222.39: icmp_seq=0 ttl=64 time=2.3 ms 128 bytes from 111.222.222.39: icmp_seq=1 ttl=64 time=0.2 ms 128 bytes from 111.222.222.39: icmp_seq=2 ttl=64 time=0.3 ms 128 bytes from 111.222.222.39: icmp_seq=3 ttl=64 time=0.2 ms...
Page 182: Pwd
4-32 Overview 4.1.25 pwd Priv Exec Command Use this command to view the contents of the current directory. Syntax Parameters None. Example RFS7000#pwd flash:/ RFS7000#...
Page 183: Quit
4-33 4.1.26 quit Priv Exec Command Use this command to exit the current mode and move to the previous mode. Syntax quit Parameters None. Example RFS7000#quit RFS7000 release 1.0.1.0-005D Login as 'cli' to access CLI. RFS7000 login:...
Page 184: Reload
4-34 Overview 4.1.27 reload Priv Exec Command Use this command to halt the switch and perform a warm reboot. Syntax reload Parameters None. Example RFS7000#reload Wireless switch will be rebooted, do you want to continue? (y/n): y The system is going down NOW !! % Connection is closed by administrator! Please stand by while rebooting the system.
Page 185: Rename
4-35 4.1.28 rename Priv Exec Command Use this command to rename a file in the existing filesystem. Syntax rename FILE FILE Parameters FILE FIle to rename. Example RFS7000#rename flash:/TestDIR/ NewTestDir RFS7000#DIR Directory of flash:/ drwx 1024 Wed Jul 19 19:14:05 2006 hotspot drwx Wed Aug 30 15:32:44 2006...
Page 186: Rmdir
4-36 Overview 4.1.29 rmdir Priv Exec Command Use this command to delete an existing file. Syntax rmdir DIR Parameters Name of the directory to delete. Example RFS7000#rmdir flash:/NewTestDir/ RFS7000#DIR Directory of flash:/ drwx 1024 Wed Jul 19 19:14:05 2006 hotspot drwx Wed Aug 30 15:32:44 2006 drwx...
Page 187: Show
4-37 4.1.30 show Priv Exec Command Use this command to show currently running system information. Syntax show <display parameter> Parameters access-list Displays Internet Protocol (IP) details of the access list. aclstats Displays ACL statistics information. alarm-log Displays alarms currently in the system. autoinstall Displays autoinstall configuration details.
Page 188 4-38 Overview port-channel Displays Port channel commands. privilege Displays the current privilege level. radius Displays RADIUS configuration commands. redundancy-group Displays redundancy group parameters. redundancy-history Displays the state transition history of the switch. redundancy-members Displays redundancy group members in detail. running-config Displays the current operating configuration.
Page 189 4-39 environment show environmental information file Display filesystem information Display FTP Server configuration history Display the session command history interfaces Interface status Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer Internet Protocol (IP) mac-address-table Display MAC address table management...
Page 190: Telnet
4-40 Overview 4.1.31 telnet Priv Exec Command Use this command to open a telnet session. Syntax telnet [IP address|hostname] Parameters [IP address| host name] IP address or hostname of a remote system. Example RFS7000#telnet 157.111.222.33 Entering character mode Escape character is '^]'. Red Hat Linux release 9 (Shrike) Kernel 2.4.20-6bigmem on an i686 login: cli...
Page 191: Traceroute
4-41 4.1.32 traceroute Priv Exec Command Use this command to trace the route to a destination. Syntax traceroute (WORD | ip WORD) Parameters WORD Traces the route to a destination address or hostname . IP trace. Example RFS7000#traceroute 157.222.333.33 traceroute to 157.235.208.39 (157.235.208.39), 30 hops max, 38 byte packets 157.235.208.39 (157.235.208.39) 0.466 ms 0.363 ms...
Page 192: Upgrade
4-42 Overview 4.1.33 upgrade Priv Exec Command Use this command to upgrade the switch software image. Syntax upgrade URL (background|) Parameters Defines location of firmware image. Example RFS7000#upgrade ? Location of firmware image URLs: tftp://<hostname:port or IP>/path/file ftp://<user>:<passwd>@<hostname:port or IP>/path/file http://<hostname:port or IP>/path/file sftp://<user>@<hostname:port or IP>/path/file cf:/path/file...
Page 193 4-43 "logd" is not responding Sep 08 15:58:44 2006: %PM-4-PROCNORESP: Process "logd" is not responding Version of firmware update file is 1.0.0.0-264B Sep 08 15:58:44 2006: %KERN-6-INFO: EXT3 FS on hda1, internal journal. Creating LILO files Running LILO Successful Sep 08 15:58:46 2006: %FWU-6-FWUDONE: Firmware update successful, new version is 1.0.0.0-264B RFS7000#...
Page 194: Upgrade-Abort
4-44 Overview 4.1.34 upgrade-abort Priv Exec Command Use this command to abort an ongoing upgrade process. Syntax upgrade-abort Parameters None. Example RFS7000#upgrade-abort % Error: No upgrade in progress RFS7000#upgrade tftp://xxx.xxx.xxx.xxx:/img background RFS7000#Sep 08 16:01:38 2006: %KERN-4-WARNING: EXT3-fs warning: maximal mount count reached, running e2fsck is recommended.
Page 195: Write
4-45 4.1.35 write Priv Exec Command Use this command to write the running configuration to memory or terminal Syntax write [memory | terminal] Parameters memory Writes to NV memory. terminal Writes to terminal. Example RFS7000#write terminal ! configuration of RFS7000 version 1.0.0.0-264B! version 1.0 service prompt crash-info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d...
Page 196 4-46 Overview...
Page 197: Chapter 5. Global Configuration Commands
Global Configuration Commands The term global is used to indicate characteristics or features effecting the system as a whole. Use the Global configuration mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols). Use the configure terminal command, under PRIV EXEC, to enter the global configuration mode.
Page 198 Overview 5.1 Global Configuration Commands Table 5.1 summarizes the Global Config commands. Table 5.1 Global Configuration Command Summary Command Description Ref. Authentication, Authorization and Accounting. page 5-4 access-list Adds an access list entry. page 5-5 autoinstall Autoinstalls a configuration command. page 5-11 banner Defines a login banner.
Page 199 Command Description Ref. Negates a command or set its defaults . page 2-12 Configures NTP. page 5-40 prompt Sets the system prompt. page 5-43 radius-server Enters radius-server mode. page 5-44 redundancy Configures redundancy group parameters. page 5-45 service Service commands. page 5-47 show Shows running system information.
Page 200: Aaa
Uses an external RADIUS server. Usage Guidelines Use AAA login to determine whether management user authentication must be performed against a loacl user database or an external RADIUS server. Example RFS7000(config)#username motorolaadmin password motorola RFS7000(config)#username motorolaadmin privilege superuser RFS7000(config)#aaa authentication login default local RFS7000(config)#...
Page 201: Access-List
5.1.2 access-list Global Configuration Commands Use this command to add an access list entry. Use the access list command under global configuration to configure the access list mechanism for filtering frames by protocol type or vendor code. Syntax access-list For Standard IP ACL’s: access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7>...
Page 202 Overview Parameters access-list Adds a standard access list entry. (<1-99>|<1300-1999>) • (<1-99>|<1300-1999>) – Access numbers from 1 to 99 or 1300 to 1999. (deny|permit|mark • (deny|permit|mark) – Defines the action types on an ACL. The action (8021p <0-7> | type is functional only over a Port ACL.
Page 203 access-list Adds an Extended IP access list entry using IP keyword. (<100-199>|<2000-2699>) • <100-199>|<2000-2699> – For IP type of extended ACL, the ACL number {deny | permit | mark {dot1p must be between 100-199. <0-7> | tos <0-255>}} • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on an {ip} {source/source-mask | ACL.
Page 204 Overview access-list Adds an Extended IP access list entry using icmp keyword. (<100-199>|<2000-2699>) • (<100-199>|<2000-2699>) – For ICMP extended ACLs, the ACL number {deny | permit | mark {dot1p must be between 2000-2699. <0-7> | tos <0-255>}} • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on {icmp} an ACL.
Page 205 access-list Adds an Extended IP access list entry using tcp or udp keyword. (<100-199>|<2000-2699>) • (<100-199>|<2000-2699>) – For tcp or udp type of extended ACL, the {deny | permit | mark {dot1p ACL number must be between 2000-2699. <0-7> | tos <0-255>}} •...
Page 206 5-10 Overview Example The example below creates a standard access list (ACL) to permit traffic coming to the interface. RFS7000(config)#access-list 1 permit any RFS7000(config)# The example below creates a extended IP access list to permit IP traffic between two networks. RFS7000(config)#access-list 101 permit ip 192.168.1.0/24 192.168.2.0/24 RFS7000(config)# The example below creates an extended access list to permit tcp traffic, between two networks, with a...
Page 207: Autoinstall
5-11 5.1.3 autoinstall Global Configuration Commands Use this command to autoinstall the switch image. Syntax autoinstall [clear-config-history|cluster-config|config|image|reset-config|start] autoinstall (cluster-config|config|image) (URL[tftp|ftp|http|cf|usb1|usb2]) autoinstall image version <number> Parameters clear-config-history Autoinstalls a clear configuration history, resulting in a reversion. cluster-config Autoinstalls a cluster-config setup. config Autoinstalls a config setup.
Page 208: Banner
5-12 Overview 5.1.4 banner Global Configuration Commands Use this command to define a login banner for the switch. Syntax banner(motd(LINE|default)) Parameters motd Sets the “message of the day” banner. LINE Custom MOTD string. default Default MOTD string. Example RFS7000(config)#banner motd Welcome to my RFS7000 CLI RFS7000(config)# RFS7000(config)#exit RFS7000#exit...
Page 209: Boot
5-13 5.1.5 boot Global Configuration Commands This command reboots the switch with an image present in the mentioned partition (either the primary or secondary partition). Syntax boot(system [primary|secondary]) Parameters system Specifies the boot image used after reboot. primary Specifies the primary image. secondary Specifies the secondary image.
Page 210: Bridge
5-14 Overview 5.1.6 bridge Global Configuration Commands Configures bridge specific details. Syntax bridge [<1-32>|multiple-spanning-tree] bridge <1-32> [address|ageing-time] bridge <1-32> (address)MAC [discard|forward](NAME|fe|ge|sa|tunnel|vlan) bridge <1-32> (address)MAC [discard|forward] fe (vlan <2-4094>) bridge <1-32> (address)MAC [discard|forward] ge <1-4> (vlan <2-4094>) bridge <1-32> (address)MAC [discard|forward] sa <1-4> (vlan <2-4094>) bridge <1-32>...
Page 211: Country-Code
5-15 5.1.7 country-code Global Configuration Commands Use this command to configure the country of operation. Syntax country-code Parameters None. Usage Guidelines This command erases all existing radio configurations. Example RFS7000(config)#country-code ? United Arab Emirates Argentina Austria Australia Bosnia Herzegovina Belgium Bulgaria Bahrain Bermuda...
Page 212 5-16 Overview Kuwait Kazakhstan Liechtenstein Sri Lanka Lithuania Luxembourg Latvia Morocco Malta Mexico Malaysia Netherlands Norway New Zealand Oman Peru Philippines Pakistan Poland Portugal Qatar Romania Russia Saudi Arabia Sweden Singapore Slovenia Slovak Republic Thailand Turkey Taiwan Ukraine United States Uruguay Venezuela Vietnam...
Page 213: Crypto
5-17 5.1.8 crypto Global Configuration Commands Use this command to configure encryption related commands. NOTE leads you to config-crypto- isakmp crypto isakmp(policy)Priority instance. For more details see Crypto - isakmp Instance on page 6-1. leads you to crypto isakmp(client)configuration group default config-crypto-group instance.
Page 214 5-18 Overview Parameters ipsec Configures IPSEC policies. (security-association| • security-association – Security association parameter used to define its transform-set) lifetime. • lifetime (kilobyte | seconds) – The lifetime of IPSEC security association. It can be defined in either: kilobytes – Volume-based key duration. Minimum is 500 KB and maximum is 2147483646 KB.
Page 215 5-19 isakmp Configure Internet Security Association and Key Management Protocol [client|keepalive|key| (ISAKMP) policy. peer|policy] • client configuration (group) (default) – This leads to config-crypto- instance. group For more details see Crypto - group Instance on page 7-1. • keepalive <10-3600> – Sets a keepalive interval for use with remote peers.
Page 216 5-20 Overview pki [authenticate|enroll| Configures certificate parameters. The public key infrastructure is a protocol export|import|trustpoint] that creates encrypted public keys using digital certificates from certificate authorities. PKI ensures each online party is who they claim to be. • authenticate <name> (terminal|tftp|ftp) – Authenticate and import CA certificate.
Page 217 5-21 5.1.9 do Global Configuration Commands Use this command to run commands from either the User Exec or Priv Exec mode. Syntax do (command of other mode) Parameters None. Example RFS7000(config)#do ping 157.235.208.69 PING 157.235.208.69 (157.235.208.69): 100 data bytes 128 bytes from 157.235.208.69: icmp_seq=0 ttl=64 time=0.1 ms 128 bytes from 157.235.208.69: icmp_seq=1 ttl=64 time=0.0 ms 128 bytes from 157.235.208.69: icmp_seq=2 ttl=64 time=0.0 ms 128 bytes from 157.235.208.69: icmp_seq=3 ttl=64 time=0.0 ms...
Page 218: End
5-22 Overview 5.1.10 end Global Configuration Commands Use this command to end the current mode and change to the Exec mode. Syntax Parameters None. Example RFS7000(config)#end RFS7000#? Priv Exec commands: acknowledge Acknowledge alarms archive Manage archive files autoinstall autoinstall configuration command Change current directory ..........
Page 219: Errdisable
5-23 5.1.11 errdisable Global Configuration Commands Use this command to enable the timeout mechanism for the port. Syntax errdisable (recovery)[cause (bpduguard)|interval <10-1000000>] Parameters recovery Enables the timeout mechanism for the port to be enabled back. cause (bpduguard) Reason for errdisable. •...
Page 220: Format
5-24 Overview 5.1.12 format Global Configuration Commands Use this command to format the Compact Flash (CF) card. Syntax format Parameters Formats compact flash. Example RFS7000(config)#format cf RFS7000(config)#...
Page 221: Ftp
5-25 5.1.13 ftp Global Configuration Commands Use this command to configure the switch as an FTP server. Syntax ftp enable ftp password(0|1|LINE) ftp rootdir(DIR) Parameters enable Enables FTP server. password Configures a FTP password. Set the password using one of the folllowing: •...
Page 222: Hostname
5-26 Overview 5.1.14 hostname Global Configuration Commands Use this command to change the system’s network name. Syntax hostname(WORD) Parameters WORD Use this command to provide a name for the network. Example RFS7000(config)#hostname Eldorado Eldorado(config)#...
Page 223: Interface
5-27 5.1.15 interface Global Configuration Commands Use this command to configure a selected interface. This command is used to enter the interface configuration mode for the specified physical/ Switch Virtual Interface (SVI) interface. If the VLANx (SVI) interface does not exist, it is automatically created.
Page 224 5-28 Overview 5.1.16 ip Global Configuration Commands Use this CLI command to configure a selected Internet Protocol. NOTE Use an command to move to the ip access-list extended instance. For additional information, see (config-ext-nacl) Extended ACL Instance on page 14-1. Use an command to move to the ip access-list standard...
Page 225 5-29 Parameters access-list Use the access list parameter to enter the context and ext-nacl std-nacl context. The prompt changes to the context entered. For additional information, see Extended ACL Instance on page 14-1 (for extended ACLs) and Standard ACL Instance on page 15-1 (for standard ACLs).
Page 226 5-30 Overview Network Address Translation (NAT). Syntax ip nat <inside | outside> source list <access-list name> overload interface <interface name> • <inside|outside> – Defines the interface as private (inside) or public (external). NAT translations refer to this keyword to identify translations applied to incoming packets on an interface.
Page 227 5-31 route Establish static routes. • A.B.C.D – IP destination prefix. Adds a static route entry in the IP routing table. • A.B.C.D/M – IP destination prefix. Adds a static route entry in the IP routing table. • next hop – IP address of the next hop that is used in to reach the destination.
Page 228 5-32 Overview Usage Guidelines 2 Follow the steps below to create a DHCP User Class: 1. Create a DHCP class named . RFS7000 supports a maximum of 32 DHCP classes. RFS7000DHCPclass RFS7000(config)#ip dhcp class RFS7000DHCPclass RFS7000(config-dhcpclass)# 2. Create a USER class named .
Page 229: License
5-33 5.1.17 license Global Configuration Commands Use this command to display the details of the license. Syntax license Parameters WORD Enter the name of the feature for which you wish to add a license. Example RFS7000(config)#show licenses Serial Number 6283529900020 feature license string license value...
Page 230: Line
5-34 Overview 5.1.18 line Global Configuration Commands Use this command to configure the terminal line. NOTE The command moves to the instance. line vty (config-line) Syntax line(console|vty) Parameters console Primary terminal line. Virtual terminal. Configure a value between 0-871.
Page 231: Local
5-35 5.1.19 local Global Configuration Commands Use this command to set the username and password for local user authentication. Syntax local(username,password) Parameters username Enter local user name. The username can be a string of up to 64 characters. password Enter local user password. The password can be a string of up to 21 characters. Example RFS7000(config)#local username SuperAdmin password Superuser RFS7000(config)#...
Page 232: Logging
5-36 Overview 5.1.20 logging Global Configuration Commands Use this command to modify message logging facilities. Syntax logging(aggregation-time|buffered|console|facility|host|monitor|on|syslog) logging aggregation-time(<1-20>) logging buffered(<0-7>|alerts|critical|debugging|emergencies|errors| informational|notifications|warnings) Parameters aggregation-time Sets number of seconds (between 1 - 60) for aggregating repeated messages. buffered Sets the buffered logging level. •...
Page 233 5-37 facility Syslog facility in which log messages are sent. • local0 – Syslog facility local0. • local1 – Syslog facility local1. • local2 – Syslog facility local2. • local3 – Syslog facility local3. • local4 – Syslog facility local4. •...
Page 234: Mac
5-38 Overview 5.1.21 mac Global Configuration Commands Use this command to configure MAC access-lists. Syntax mac(access-list(extended(WORD))) Parameters access-list Enter a name for MAC extended ACL. (extended <name>) Usage Guidelines To delete a Standard/Extended or MAC ACL, use under the Global no access-list <access-list name>...
Page 235: Management
5-39 5.1.22 management Global Configuration Commands Use this command to set management interface properties. Syntax management(secure) Parameters secure Limits local access (Web/Telnet etc.) to the management interface. Example RFS7000(config)#management secure RFS7000(config)#...
Page 236: Ntp
5-40 Overview 5.1.23 ntp Global Configuration Commands Use this command to configure NTP. Syntax ntp(access-group|authenticate|authentication-key|autokey| broadcast|broadcastdelay|master|peer|server|trusted-key) ntp access-group(peer|query-only|serve|serve-only) ntp access-group peer(<1-99>|<1300-1999>) ntp access-group query-only(<1-99>|<1300-1999>) ntp access-group serve(<1-99>|<1300-1999>) ntp access-group serve-only(<1-99>|<1300-1999>) ntp authenticate ntp authentication-key <1-65534> ntp autokey(client-only|host) ntp broadcast(client|destination) ntp broadcast destination(<name>(key<1-65534>|version<1-4>)) ntp broadcastdelay <1-999999>...
Page 237 5-41 Parameters access-group Controls NTP access. • peer – Provides full access. • <1-99> – Standard IP access list. • <1300-1999> – Standard IP access list (expanded range). • query-only – Allows only control queries. • <1-99> – Standard IP access list. •...
Page 238 5-42 Overview Example RFS7000(config)#ntp peer ? WORD Name/IP address of peer RFS7000(config)#ntp peer TestPeer ? autokey Configure autokey peer authentication scheme Configure peer authentication key prefer Prefer this peer when possible version Configure NTP version <cr> RFS7000(config)#ntp peer TestPeer autokey ? prefer Prefer this peer when possible version...
Page 239: Prompt
5-43 5.1.24 prompt Global Configuration Commands Use this command to configure and set the system prompt. Syntax prompt(LINE) Parameters LINE Enter the new prompt displayed by the switch. Example RFS7000(config)#prompt NobleMan NobleMan...
Page 240: Radius-Server
5-44 Overview 5.1.25 radius-server Global Configuration Commands Use this command to enter the RADIUS Server mode. The system prompt changes from the default config mode to RADIUS server mode. NOTE mode moves to the radius-server context. For more radius-server local details see RADIUS Server Instance on page 19-1 Syntax...
Page 241: Redundancy
5-45 5.1.26 redundancy Global Configuration Commands Use this command to configure redundancy group parameters. Syntax redundancy(auto-revert|auto-revert-period|dhcp-server|discovery-period| enable|group-id|handle-stp|heartbeat-period|hold-period|interface-ip| manual-revert|member-ip|mode) redundancy auto-revert (enable) redundancy auto-revert-period <1-1800> redundancy dhcp-server (enable) redundancy discovery-period <10-60> redundancy enable redundancy group-id <1-65535> redundancy handle-stp(enable) redundancy heartbeat-period redundancy hold-period <10-255> redundancy interface-ip(A.B.C.D) redundancy member-ip (A.B.C.D) redundancy mode(primary|standby)
Page 242 5-46 Overview member-ip Adds a member to this redundancy group. • A.B.C.D – IP address of the member. mode Sets the switch mode to either primary or standby. • primary – Defines mode as primary. • standby – Defines mode as standby. Example RFS7000(config)#redundancy discovery-period 20 RFS7000(config)#...
Page 243: Service
5-47 5.1.27 service Global Configuration Commands Use this command to retrieve system data (tables, log files, configuration, status and operation) for use in debugging and problem resolution. Syntax service(advanced-vty|dhcp|password-encryption| pm (max-sys-restarts<1-5>|sys-restart)| prompt(crash-info)|radius(restart)|set|show (cli)|terminal-length <0-512>) service set ( command-history <10-300>|reboot-history <10-100>| upgrade-history <10-100>) Parameters advanced-vty...
Page 244 5-48 Overview Example RFS7000(config)#service dhcp RFS7000(config)# RFS7000(config)#service radius restart RFS7000(config)# RFS7000(config)#service show cli Global Config mode: +-aaa +-authentication +-login +-default +-local [aaa authentication login default {none|{local|radius}}] +-none [aaa authentication login default {none|{local|radius}}] +-radius [aaa authentication login default {none|{local|radius}}] +-access-list +-<1-99> +-deny +-A.B.C.D/M [access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0- 7>...
Page 245: Show
5-49 5.1.28 show Global Configuration Commands Use this command to view running system information. Syntax show <display parameter> Parameters access-list Displays Internet Protocol (IP) details of the access list. aclstats Displays ACL statistics information. alarm-log Displays system alarms. autoinstall Displays autoinstall configuration details. banner Displays the “Message of the Day”...
Page 246 5-50 Overview port-channel Displays port channel commands. privilege Displays the current privilege level. radius Displays RADIUS configuration commands. redundancy-group Displays redundancy group parameters. redundancy-history Displays switch state transition history. redundancy-members Displays redundancy group members in detail. running-config Displays the current running configuration. (include-factory) •...
Page 247 5-51 banner Display Message of the Day Login banner boot Display boot configuration. clock Display system clock commands Show command lists crypto encryption module debugging Debugging information outputs dhcp DHCP Server Configuration environment show environmental information file Display filesystem information Display FTP Server configuration history Display the session command history...
Page 248 5-52 Overview spanning-tree mst cisco-interoperability enable spanning-tree mst config name My Name.......................................................................... wireless wlan 1 enable wlan 1 ssid ajit-open aap local-bridging enable aap independent-vlan vlan 1 aap config-apply def-delay 100 aap config-apply mesh-delay 100 radio add 1 00-A0-F8-BF-8A-4B 11bg ap300 radio 1 rss enable radio add 2 00-A0-F8-BF-8A-4B 11a ap300 radio 2 rss enable...
Page 249: Snmp-Server
5-53 5.1.29 snmp-server Global Configuration Commands Use this command to modify SNMP engine parameters. Syntax snmp-server(community|contact|enable|host|location|manager|sysname|user) snmp-server community <community name>(ro|rw) snmp-server contact LINE snmp-server enable traps (all|dhcp-server|diagnostics|miscellaneous|mobility| nsm|radius-server|redundancy|snmp|wireless|wireless-statistics) snmp-server enable traps all snmp-server enable traps dhcp-server [dhcpServerDown|dhcpServerUp] snmp-server enable traps diagnostics [cpuLoad15Min|cpuLoad1Min|cpuLoad5Min|fanSpeedLow|fileDescriptors|ipRouteCache| packetBuffers|processMemoryUsage|ramFree|tempHigh|tempOver|usedKernelBuffer] snmp-server enable traps miscellaneous...
Page 250 5-54 Overview nu-percent-greater-than <value>|pktsps-greater-than <value>| tput-greater-than <value>|undecrypt-percent-greater-than<value>) snmp-server enable traps wireless-statistics radio (avg-bit-speed-less-than <value>|avg-retry-greater-than <value>|avg-signal-less- than <value>|gave-up-percent-greater-than <value>| nu-percent-greater-than <value>|num-mobile-units-greater-than <value>| pktsps-greater-than <value>|tput-greater-than <value>| undecrypt-percent-greater-than <value>) snmp-server enable traps wireless-statistics wireless-switch (num-mobile-units-greater-than <1-8192>|pktsps-greater-than <value>| tput-greater-than <value>) snmp-server enable traps wireless-statistics wlan (avg-bit-speed-less-than|avg-retry-greater-than|avg-signal-less-than| gave-up-percent-greater-than|nu-percent-greater-than| num-mobile-units-greater-than|pktsps-greater-than|tput-greater-than|...
Page 251 5-55 enable traps ( ) Enables SNMP traps. • all – Enables all traps. • dhcp-server – Enables dhcp-server traps. • diagnostics – Enables diagnostics traps • miscellaneous – Enables miscellaneous traps. • mobility – Enables mobility traps. • nsm – Enables nsm traps. •...
Page 252 5-56 Overview miscellaneous ( ) Enables miscellaneous traps. • caCertExpired – Ca certificate has expired. • lowFsSpace – Available file system space lower than the limit. • processMaxRestartsReached – Process has reached the max restart limit. • savedConfigModified – Saved configuration has been modified.
Page 253 5-57 wireless (ap-detection) ( ) Enables wireless access port detection traps. • externalAPDetected – External access port detected. wireless (ids) ( ) Enables wireless IDS traps. • muExcessiveEvents – Excessive MU events. • radioExcessiveEvents – Excessive radio events. • switchExcessiveEvents – Excessive switch events. wireless (radio) ( ) Enables wireless radio traps.
Page 254 5-58 Overview wireless-statistics ( ) Modifies wireless-stats rate traps. • mesh – Modifies mesh rate traps. • min-packets– Minimum packets for sending the trap • mobile-unit– Modifies mobile-unit rate traps. • radio– Modifies radio rate traps. • wireless-switch– Modifies wireless-switch rate traps. •...
Page 255 5-59 wireless-statistics (mobile-unit) () Modifies mobile unit rate traps. • avg-bit-speed-less-than <value>– Average bit speed in Mbps is less than <a decimal number greater than 0.00 and less than or equal to 54.00>. • avg-retry-greater-than <value> – Average retry is greater than <a decimal number greater than 0.00 and less than or equal to 16.00>.
Page 256 5-60 Overview wireless-statistics (radio ) () Modifies radio rate traps. • avg-bit-speed-less-than <value>– Average bit speed in Mbps is less than <a decimal number greater than 0.00 and less than or equal to 54.00>. • avg-noise-level-threshold <value>– IDS event to detect sudden change in average noise level .
Page 257 5-61 wireless-statistics (wireless-switch) Modify wireless-switch rate traps. • num-mobile-units-greater-than <1-8192> – Number of associated MUs is greater than <a decimal number in the range 1-8192 >. • pktsps-greater-than <value> – Packets per sec is greather than <a decimal number greater than 0.00 and less than or equal to 100000.00>.
Page 258 5-62 Overview host <host IP address> SNMP server host IP-address. v2c <1-65535> Uses SNMP version 2c. Select a host port number within the range of <1-65535>. v3 <1-65535> Uses SNMP version 3. Select a host port number within the range of <1-65535>.
Page 259 5-63 RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless ids excessiveProbes RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless radio adopted RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless self-healing activated RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless station tkipCounterMeasures RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless-statistics min-packets 120 RFS7000(config)# RFS7000(config)#snmp-server location "Located at thh 5th FLoor" RFS7000(config)# RFS7000(config)#snmp-server sysname "Gold Mine"...
Page 260: Sole
5-64 Overview 5.1.30 sole Global Configuration Commands Use this command to configure Smart Opportunistic Location Engine (SOLE) related configuration commands. This command leads you to the instance. For more information on SOLE related (config-sole)# parameters, refer to SOLE Instance on page 21-1 Syntax sole Parameters...
Page 261: Spanning-Tree
5-65 5.1.31 spanning-tree Global Configuration Commands Use this command to configure the spanning-tree commands. Syntax spanning-tree [mst|portfast] spanning-tree mst [<0-15> (priority <0-61440>)| cisco-interoperability (enale|disable)|configuration| forward-time <4-30>|hello-time <1-10>|max-age <6-40>|max-hops <7-127>] spanning-tree portfast [bpdufilter|bpduguard](default) Parameters Enables the Multiple Spanning Tree Protocol on a bridge. [<0-15>...
Page 262 5-66 Overview • forward-time <4-30> – Sets the time (in seconds) after which (if this bridge is the root bridge) each port changes states to learning and forwarding. This value is used by all instances. The default value is 15 seconds. •...
Page 263 5-67 Usage Guidelines command moves you to the Spanning Tree-MST Instance instance. mst > configuration If a bridge does not hear bridge protocol data units (BPDUs) from the root bridge within the specified interval defined in the max-age (seconds) parameter, assume the network has changed and recompute the spanning- tree topology.
Page 264: Timezone
5-68 Overview 5.1.32 timezone Global Configuration Commands Use this command to configure switch timezone settings. Syntax timezone Parameters TIMEZONE Press <tab> to navigate the list of files. This action displays a list of files containing timezone information. Example RFS7000(config)#timezone Africa/ America/ Asia/ Atlantic/...
Page 265: Username
5-69 5.1.33 username Global Configuration Commands Use this CLI command to establish the user name authentication. Syntax username <name> (access|password|privilege) username <name> access (console|ssh|telnet|web) username <name> password(0|1|Line) username <name> privilege(helpdesk|monitor|nwadmin|superuser|sysadmin|webadmin) Parameters name Enter a name to authenticate the switch. The username must be between 1 - 28 characters.
Page 266: Vpn
5-70 Overview 5.1.34 vpn Global Configuration Commands Use this command to configure VPN . Syntax vpn authentication-method(local|radius) Parameters authentication-method Selects the authenication scheme. local Used for user based authentication. radius Used for RADIUS server authentication. Usage Guidelines Virtual Private Network enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another.
Page 267: Wireless
5-71 5.1.35 wireless Global Configuration Commands Use this command to configure switch wireless parameters. This command leads moves to the instance. For additional information, see Wireless Instance on page 20-1. config-wireless Syntax wireless Parameters None. Usage Guidelines The wireless command is used to enter the config-wireless instance. The prompt changes from the regular RFS7000(config)# RFS7000(config-wireless)#.
Page 268: Wlan-Acl
5-72 Overview 5.1.36 wlan-acl Global Configuration Commands Use this command to apply an ACL on a WLAN index. Syntax wlan-acl [<1-256>{<1-99>|<100-199>|<1300|1999>|<2000|2699>|word}][in|out] Parameters <1-256>[] WLAN number. • <1-99> — IP standard access list. • <100-199> — IP extended access list. • <1300-1999> — IP standard access list (expanded range). •...
Page 269 5-73 Example The example below applies an ACL to WLAN index 200 in an inbound direction from the global config mode. RFS7000(config)#wlan-acl 200 150 in RFS7000(config)# NOTE A MAC access list entry to allow is mandatory to apply an IP based ACL to an interface.
Page 270 5-74 Overview...
Page 271 Crypto - isakmp Instance to instantiate instance. crypto isakmp policy(priority) config-crypto-isakmp 6.1 Crypto ISAKMP Config Commands Table 6.1 summarizes the commands within the RFS7000 switch command line interface. crypto-isakmp Table 6.1 Crypto ISAKMP Command Summary Command Description Ref. authentication Sets authentication method for protection suite. page 6-2 clrscr Clears the display screen.
Page 272: Crypto Isakmp Config Commands
Overview Command Description Ref. show Shows running system information. page 6-12 6.1.1 authentication Crypto ISAKMP Config Commands Use this command to authenticate keys. rsa-sig pre-share Syntax authentication(pre-share|rsa-sig) Parameters pre-share pre shared key rsa-sig rsa signature Example RFS7000(config-crypto-isakmp)#authentication pre-share RFS7000(config-crypto-isakmp)# RFS7000(config-crypto-isakmp)#authentication rsa-sig RFS7000(config-crypto-isakmp)#...
Page 273: Clrscr
6.1.2 clrscr Crypto ISAKMP Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-crypto-isakmp)#clr RFS7000(config-crypto-isakmp)#...
Page 274: Encryption
Overview 6.1.3 encryption Crypto ISAKMP Config Commands Use this command to configure the encryption level of the data transmitted using the RFS7000 switch . Syntax encryption(3des|aes|aes-192|aes-256|des) Parameters 3des 3des - Triple data encryption standard. aes - advanced data encryption standard. aes-192 aes-192 - advanced data encryption standard.
Page 275: End
6.1.4 end Crypto ISAKMP Config Commands Use this command to end and exit the current mode and moves to PRIV EXEC mode.The prompt now changes RFS7000# Syntax Parameters None. Example RFS7000(config-crypto-isakmp))#end RFS7000#...
Page 276: Exit
Overview 6.1.5 exit Crypto ISAKMP Config Commands Use this command to end current mode and move to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-crypto-isakmp)#exit RFS7000(config)#...
Page 277: Group
6.1.6 group Crypto ISAKMP Config Commands Use this command to specify the Diffie-Hellman group (1 or 2) to be used by this IKE policy to generate the keys (which are then used to create the IPSec SA). Syntax group(1|2|5) Parameters 768-bit mod P.
Page 278: Hash
Overview 6.1.7 hash Crypto ISAKMP Config Commands Use this command to specify the hash algorithm to be used to authenticate the data transmitted over the IKE Syntax hash(md5|sha) Parameters Choose the md5 hash algorithm. Choose the sha hash algorithm. Example RFS7000(config-crypto-isakmp)#hash sha RFS7000(config-crypto-isakmp)#...
Page 279: Help
6.1.8 help Crypto ISAKMP Config Commands Use this command to access the systems interactive help system Syntax help Parameters None. Example RFS7000(config-crypto-isakmp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 280: Lifetime
6-10 Overview 6.1.9 lifetime Crypto ISAKMP Config Commands Use this command to specify how long an IKE SA is valid before expiring. Syntax lifetime <seconds> Parameters <seconds> Specify how many seconds an IKE SA will last before expiring.Time stamp in secondscan be configured between 3600 and 2147483647.
Page 281 6-11 6.1.10 no Crypto ISAKMP Config Commands Use this command to negate a command or set its defaults. Syntax no <previous command used> Parameters Use the commands that you have configured under this instance. Example RFS7000(config-crypto-isakmp)#no lifetime RFS7000(config-crypto-isakmp)#...
Page 282: Service
6-12 Overview 6.1.11 service Crypto ISAKMP Config Commands Use this command to invoke the service commands to trobuleshoot or debug the instance configurations. (config-crypto-isakmp) Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information. diag-shell Provides diag shell access. save-cli Saves CLI tree for all modes in html format. show Shows running system information.
Page 283: Show
6-13 6.1.12 show Crypto ISAKMP Config Commands Use this CLI command to view the current system information that is running on the RFS7000 switch. Syntax show <paramater> Parameters Displays all the parameters for which the information can be viewed using the show command.
Page 284 6-14 Overview...
Page 285 Crypto - group Instance to initiates instance. crypto isakmp(client)configuration group default config-crypto-group 7.1 Crypto Group Config Commands Table 7.1 summarizes the commands within the RFS7000 switch command line config-crypto-group interface. Table 7.1 Crypto Group Command Summary Command Description Ref. clrscr Clears the display screen.
Page 286: Crypto Group Config Commands
Overview 7.1.1 clrscr Crypto Group Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-crypto-group)#clr RFS7000(config-crypto-group)#...
Page 287: Dns
7.1.2 dns Crypto Group Config Commands Use this command to specify the DNS server address(es) to assign to a client. Syntax dns <IP Address> Parameters The first DNS server address to assign. <IP Address> <IP Address> optional The second DNS server address to assign. Example RFS7000(config-crypto-group)#dns-server 172.1.17.1 172.1.17.3 RFS7000(config-crypto-group)#...
Page 288: End
Overview 7.1.3 end Crypto Group Config Commands Use this command to end and exit from the current mode and change to PRIV EXEC mode.The prompt now changes to RFS7000# Syntax Parameters None. Example RFS7000(config-crypto-group)#end RFS7000#...
Page 289: Exit
7.1.4 exit Crypto Group Config Commands Use this command to end current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-crypto-group)#exit RFS7000(config)#...
Page 290: Help
Overview 7.1.5 help Crypto Group Config Commands Use this command to access the systems interactive help system Syntax help Parameters None. Example RFS7000(config-crypto-group)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 291: Service
7.1.6 service Crypto Group Config Commands Use this command to invoke the service commands to trobuleshoot or debug the instance configurations. (config-crypto-isakmp) Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information diag-shell Provides diag shell access save-cli Saves CLI tree for all modes in html format show Shows running system information start-shell...
Page 292: Show
Overview 7.1.7 show Crypto Group Config Commands Use this command to view the current system information that is running on the RFS7000 switch. Syntax show <paramater> Parameters Displays all the parameters for which the information can be viewed using the show command.
Page 293: Wins
7.1.8 wins Crypto Group Config Commands Use this command to specify the Windows Internet Naming Service (WINS) name servers to assign to a client. Syntax wins <IP Address> <IP Address> Parameters <IP Address> The first WINs server address to assign. <IP Address>...
Page 294 7-10 Overview...
Page 295 Crypto - peer Instance to initiates instance. crypto isakmp(peer)[IP Address|dns|hostname] config-crypto-peer 8.1 Crypto Peer Config Commands Table 8.1 summarizes the commands within the RFS7000 switch command line config-crypto-peer interface. Table 8.1 Crypto Peer Command Summary Command Description Ref. clrscr Clears the display screen. page 8-2 Ends the current mode and moves to EXEC mode.
Page 296: Crypto Peer Config Commands
Overview 8.1.1 clrscr Crypto Peer Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-crypto-peer)#clr RFS7000(config-crypto-peer)
Page 297: End
8.1.2 end Crypto Peer Config Commands Use this command to end and exit from the current mode and change to PRIV EXEC mode.The prompt now changes to RFS7000# Syntax Parameters None. Example RFS7000(config-crypto-peer)#end RFS7000#...
Page 298: Exit
Overview 8.1.3 exit Crypto Peer Config Commands Use this command to end current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-crypto-peer)#exit RFS7000(config)#...
Page 299: Help
8.1.4 help Crypto Peer Config Commands Use this command to access the systems interactive help system. Syntax help Parameters None. Example RFS7000(config-crypto-peer)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 300 Overview 8.1.5 no Crypto Peer Config Commands Use this command to negate a command or set its defaults. Syntax no <previous command used> Parameters Use the commands that you have configured under this instance. Example RFS7000(config-crypto-peer)#no aggrerssive-mode RFS7000(config-crypto-peer)#...
Page 301: Service
8.1.6 service Crypto Peer Config Commands Use this command to invoke the service commands to trobuleshoot or debug the instance configurations. (config-crypto-isakmp) Syntax service(clear|diag-shell|save-cli|show|start-shell) Parameters clear Removew specified support information diag-shell Providew diag shell access save-cli Saves CLI tree for all modes in html format show Shows running system information start-shell...
Page 302: Set
Overview 8.1.7 set Crypto Peer Config Commands Use this command to configure the aggressive-mode of crypto-peer. Syntax set aggressive-mode (password) Parameters aggressive-mode aggressive mode password password Example RFS7000(config-crypto-peer)#set aggressive-mode password CheckMeIn RFS7000(config-crypto-peer)#...
Page 303: Show
8.1.8 show Crypto Peer Config Commands Use this command to view the current system information that is running on the RFS7000 switch. Syntax show <paramater> Parameters Displays all the parameters for which the information can be viewed using the show command. Parameters RFS7000(config-crypto-peer)#show ? access-list...
Page 304 8-10 Overview...
Page 305: Crypto Ipsec Config Commands
Crypto - ipsec Instance Use the instance to define the transform configuration for securing data(e.g., esp- (config-crypto ipsec) 3des, esp-sha-hmac, etc.). The transform-set is then assigned to a crypto map using the map’s set transform- set command. For more details see crypto-map transform-set on page 10-9.
Page 306: Mode
Overview 9.1.1 mode Crypto IPsec Config Commands Use this command to configure the IP Sec transportation mode. Syntax mode(transport|tunnel) Parameters transport Transport mode. tunnel Tunnel mode. Example RFS7000(config-crypto-ipsec)#mode transport RFS7000(config-crypto-ipsec)#...
Page 307: Show
9.1.2 show Crypto IPsec Config Commands Syntax clrscr Parameters Displays all the parameters for which the information can be viewed using the show command. Example RFS7000(config-crypto-ipsec)#show ? access-list Internet Protocol (IP) alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner...
Page 308 Overview...
Page 309 Crypto - map Instance CLI commands are used to define a Certificate Authority (CA) trustpoint. This is a config-crypto-map seperate instance by itself but belongs to the mode under instance. crypto pki trustpoint config 10.1 Crypto Map Config Commands Table 10.1 summarizes the commands within the RFS7000 Switch command line config-crypto-map...
Page 310: Crypto Map Config Commands
10-2 Overview 10.1.1 clrscr Crypto Map Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-crypto-map)#clr RFS7000(config-crypto-map)
Page 311: End
10-3 10.1.2 end Crypto Map Config Commands Use this command to end and exit from the current mode and change to PRIV EXEC mode.The prompt now changes to RFS7000# Syntax Parameters None. Example RFS7000(config-crypto-map)#end RFS7000#...
Page 312: Exit
10-4 Overview 10.1.3 exit Crypto Map Config Commands Use this command to end current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-crypto-map)#exit RFS7000(config)#...
Page 313: Help
10-5 10.1.4 help Crypto Map Config Commands Use this command to access the systems interactive help system Syntaxz help Parameters None. Example RFS7000(config-crypto-map)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 314: Match
10-6 Overview 10.1.5 match Crypto Map Config Commands Use this command to assign an IP access-list to a crypto map definition. The access-list designates the IP packets to be encrypted by this crypto map. A crypto map entry is a single policy that describes how certain traffic is to be secured. There are two types of crypto map entries: ipsec-manual and ipsec-ike.
Page 315 10-7 10.1.6 no Crypto Map Config Commands Use this command to negate a command or set its defaults. Syntax no <previous command used> Parameters Use the commands that you have configured under this instance. Example RFS7000(config-crypto-map)#no aggrerssive-mode RFS7000(config-crypto-map)#...
Page 316: Service
10-8 Overview 10.1.7 service Crypto Map Config Commands Use this command to invoke the service commands to trobuleshoot or debug the instance configurations. (config-crypto-isakmp) Syntax service(clear|diag-shell|save-cli|show|start-shell) Parameters clear Removes specified support information. diag-shell Provides diag shell access. save-cli Saves CLI tree for all modes in html format. show Shows running system information.
Page 317: Set
10-9 10.1.8 set Crypto Map Config Commands Use this command to set the various set parameters of the peer device. Syntax set (localid|mode|peer|pfs|remote-type[ipsec-l2tp|xauth]| security-association|session-key|transformset) set localid(dn|hostname) set security-association (level(perhost)|lifetime(kilobytes|seconds)<value>) set session-key (inbound|outbound)(ah|esp) set session-key (inbound|outbound) ah <hexkey data> set session-key (inbound|outbound) esp <SPI> cipher <hexdata key> authenticator <hexkey data>...
Page 318 10-10 Overview security-association Use the set security-association lifetime command to define the lifetime (in kilobytes and/or seconds) of the IPSec SAs created by this crypto map. • level(perhost) – Specify a security association granularity level for identities • lifetime(kilobyte|seconds) – Security association lifetime. session-key Use the set session-key command to define the encryption and authentication keys for this crypto map.
Page 319 10-11 If no transform-set is configured for a crypto map, then the entry is incomplete and will have no effect on the system. For manual key crypto maps, only one transform set can be specified. Example RFS7000(config-crypto-map)#set localid hostname TestMapHost RFS7000(config-crypto-map)#...
Page 320: Show
10-12 Overview 10.1.9 show Crypto Map Config Commands Use this command to view the current system information that is running on the switch. Syntax show <paramater> Parameters Displays all the parameters for which the information can be viewed using the show command.
Page 321 Crypto - trustpoint Instance Use the commands to define a Certificate Authority (CA) trustpoint. config-crypto-trustpoint is a seperate instance, belonging to the mode under config-crypto-trustpoint crypto pki trustpoint instance. config 11.1 Trustpoint Config commands Table 11.1 summarizes the commands. config-crypto-trustpoint Table 11.1 Trustpoint (PKI) Config Commands Summary Command Description...
Page 322 11-20 Overview Command Description Ref. rsakeypair Rsa Keypair to associate with the trustpoint. page 11-31 service Displays service commands. page 11-32 show Shows the running system information. page 11-33 subject-name Subject name is a collection of required parameters to configure a page 11-35 trustpoint.
Page 323: Trustpoint Config Commands
11-21 11.1.1 clrscr Trustpoint Config commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-trustpoint)#clrscr RFS7000(config-trustpoint)#...
Page 324: Company-Name
11-22 Overview 11.1.2 company-name Trustpoint Config commands Use this command to set the company name (applicable only by request) to a trustpoint. Syntax company-name Parameters WORD Company name (2 - 64 characters in length). Usage Guidelines The company name defined must be between 2 to 64 characters only. Example RFS7000(config-trustpoint)#company-name RetailKing RFS7000(config-trustpoint)#...
Page 325: Email
Trustpoint Config commands Use this command to configure an e-mail ID for a trustpoint. Syntax email Parameters WORD email address (2 to 64 characters). Usage Guidelines The email defined must be between of 2 to 64 characters only. Example RFS7000(config-trustpoint)#email abcTestemailID@motorola.com RFS7000(config-trustpoint)#...
Page 326: End
11-24 Overview 11.1.4 end Trustpoint Config commands Use this command to end and exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax Parameters None. Example RFS7000(config-trustpoint)#end RFS7000#...
Page 327: Exit
11-25 11.1.5 exit Trustpoint Config commands Use this command to end the current mode and move to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)#. Syntax exit Parameters None. Example RFS7000(config-trustpoint)#exit RFS7000(config)#...
Page 328: Fqdn
11-26 Overview 11.1.6 fqdn Trustpoint Config commands Use this command to configure the fully qualified domain name (fqdn) for the trustpoint. Syntax fqdn Parameters None Usage Guidelines The string length of the domain name must be between 9 to 64 characters. Example RFS7000(config-trustpoint)#fqdn RetailKing.com RFS7000(config-trustpoint)#...
Page 329: Help
11-27 11.1.7 help Trustpoint Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-trustpoint)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 330: Ip-Address
11-28 Overview 11.1.8 ip-address Trustpoint Config commands Use this command to configure an IP address for the trustpoint. Syntax ip-address Parameters A.B.C.D Enter the IP address configured for the trustpoint. Example RFS7000(config-trustpoint)#ip-address 157.200.200.02 RFS7000(config-trustpoint)#...
Page 331 11-29 11.1.9 no Trustpoint Config commands Use this command to negate a command or set defaults. Syntax no <previous command used> Parameters None. Example RFS7000(config-trustpoint)#no ip-address RFS7000(config-trustpoint)#...
Page 332: Password
11-30 Overview 11.1.10 password Trustpoint Config commands Use this command to set the challenge password, applicable only for trustpoint access requests. Syntax password(0|2|WORD) Parameters Password is specified as UNENCRYPTED. The password must be between 4 - 20 characters. Password is encrypted with a password-encryption secret. The string length of an encrypted password must be between 44 - 64 characters.
Page 333: Rsakeypair
11-31 11.1.11 rsakeypair Trustpoint Config commands Use this command to configure a RSA Keypair to associate with the trustpoint. Syntax rsakeypair Parameters WORD RSA keypair identifier. Usage Guidelines Use RSA Key Pair support to configure the switch to have Rivest, Shamir, and Adelman (RSA) key pairs. The switch software can maintain a different key pair for each identity certificate.
Page 334: Service
11-32 Overview 11.1.12 service Trustpoint Config commands Use this command to invoke service commands to trobuleshoot or debug instance crypto pki trustpoint configurations. Syntax service(show)(cli) Parameters show (cli) Shows the CLI tree of current mode. Example RFS7000(config-trustpoint)#service show cli Trustpoint Config mode: +-clrscr [clrscr] +-company-name +-WORD [company-name WORD]...
Page 335: Show
11-33 11.1.13 show Trustpoint Config commands Use this command to view current system information. Syntax show <parameter> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-trustpoint)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 336 11-34 Overview RFS7000(config)#show crypto pki trustpoints Trustpoint :default-trustpoint ----------------------------------------------- Server certificate configured Subject Name: Common Name: Symbol Technologies Issuer Name: Common Name: Symbol Technologies Valid From: Mar 11 03:38:26 2007 GMT Valid Until: Mar 10 03:38:26 2008 GMT RFS7000(config)# RFS7000(config-trustpoint)#show access-list Standard IP access list 1 deny any rule-precedence 1 RFS7000(config-trustpoint)#...
Page 337: Subject-Name
RFS7000(config-trustpoint)#subject-name TestPool US OH PB ? WORD Organization( 2 to 64 characters ) RFS7000(config-trustpoint)#subject-name TestPool US OH PB MOTOROLA ? WORD Organization Unit( 2 to 64 characters ) RFS7000(config-trustpoint)#subject-name TestPool US OH PB MOTOROLA WID ? <cr> RFS7000(config-trustpoint)#subject-name TestPool US OH PB MOTOORLA WID RFS7000(config-trustpoint)#...
Page 338 11-36 Overview...
Page 339: Chapter 12. Interface Instance
Interface Instance Use the ) instance to configure Fast Ethernet (fe), Giga Ehternet (ge), StaticAggregate interface (config-if (sa), VLAN and tunnel . Use the to reach this instance. (config)# interface [fe|ge|sa|tunnel|vlan] 12.1 Interface Config commands Table 12.1 summarizes the commands. config-if Table 12.1 Interface Config Command Summary Command...
Page 340 12-2 Overview Command Description Ref. Negates a command or sets defaults. page 12-14 port-channel Configures the load-balancing criteria of a aggregated port. page 12-15 service Displays service commands. page 12-16 show Shows the running system information. page 12-17 shutdown Shuts down the selected interface. page 12-20 spanning-tree Configures spanning-tree.
Page 341: Clrscr
12-3 12.1.1 clrscr Interface Config commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-if)#clrscr RFS7000(config-if)#...
Page 342: Description
12-4 Overview 12.1.2 description Interface Config commands Use this command to create an interface specific desciption. Syntax description Parameters LINE Characters to describe this interface. Example RFS7000(config-if)#description "interface for RetailKing" RFS7000(config-if)#...
Page 343: Duplex
12-5 12.1.3 duplex Interface Config commands Use this command to specify the duplex mode of operation. NOTE • Duplexity can only be set for an Ethernet type interface. Enter the (config-if) instance using an parameter in an mode. ge/me interface •...
Page 344: End
12-6 Overview 12.1.4 end Interface Config commands Use this command to exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-if)#end RFS7000#...
Page 345: Exit
12-7 12.1.5 exit Interface Config commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-if)#exit RFS7000(config)#...
Page 346: Help
12-8 Overview 12.1.6 help Interface Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-if)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 347 12-9 12.1.7 ip Interface Config commands Use this command to configure an IP address for the assigned Ethernet, VLAN or tunnel. Syntax ip(access-group|address|helper-address|nat) ip access-group(<1-99>|<100-199>|<1300-1999>|<2000-2699>)in ip address(A.B.C.D/M|dhcp) ip address(A.B.C.D/M) (secondary) ip helper-address A.B.C.D ip nat(inside|outside) Parameters access-group Access group. • (<1-99> |<100-199>) – IP extended access list. •...
Page 348 12-10 Overview Follow the steps in the example below to create a helper address on VLAN 2000 for using the DHCP server available on VLAN 1000: RFS7000(config)#interface vlan 1000 RFS7000(config-if)#ip address 172.168.100.1/24 RFS7000(config-if)#interface vlan 2000 RFS7000(config-if)#ip address 172.168.200.1/24 RFS7000(config-if)#ip helper-address 172.168.100.10 vlan 1000 RFS7000(config-if)# The example below displays static NAT source translation.
Page 349: Mac
12-11 12.1.8 mac Interface Config commands Use this command to apply a MAC access list to a gigabit ethernet interface. NOTE Access list cannot be appllied on a management interface (me1). Syntax mac (access-group <acl_name>) (in) Parameters access-group Sets MAC access groups ACL. <acl_name>...
Page 350: Management
12-12 Overview 12.1.9 management Interface Config commands Use this command to configure the selected interface as the management interface. It can only be used on a VLANx interface. The tftp/ftp server, which provides the switch its config file at startup, must be accessible via this interface.
Page 351: Mtu
12-13 12.1.10 mtu Interface Config commands Use this command to set the mtu value for a VLAN interface. NOTE This command is valid only with a VLAN interface. Syntax mtu <512-1500> Parameters <512-1500> Maximum packet size in bytes. The minimum value is 512 and maximum value is 1500.
Page 352 12-14 Overview 12.1.11 no Interface Config commands Use this command to negate a command or set defaults. Syntax no [description|duplex|ip|mtu|shutdown| spanning-tree|speed|static-channel-group|switchport|tunnel] Parameters command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated. Example RFS7000(config-if)#no mtu RFS7000(config-if)#...
Page 353: Port-Channel
12-15 12.1.12 port-channel Interface Config commands Use this command to select the load-balance criteria of an aggregated port. Syntax port-channel (load-balance [src-dst-ip|src-dst-mac]) Parameters load-balance Sets load-balancing for port channel. [src-dst-ip|src-dst-mac] • src-dst-ip – Source and Destination IP address based load balancing. •...
Page 354: Service
12-16 Overview 12.1.13 service Interface Config commands Use this command to invoke service commands to trobuleshoot or debug the instance (config-if) configurations. Syntax service(show) (cli) Parameters show Shows running system information. Shows the CLI tree of current mode. Example RFS7000(config-if)#service show cli Interface Config mode: +-cisco-interoperability +-disable [cisco-interoperability ( enable | disable)]...
Page 355: Show
12-17 12.1.14 show Interface Config commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-if)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 356 12-18 Overview RFS7000(config-if)#show boot Image Build Date Install Date Version ----- -------------------- -------------------- -------------- Primary Aug 28 14:05:16 2006 Aug 29 18:32:17 2006 3.0.0.0-200B Secondary Aug 14 06:18:03 2006 Aug 17 15:08:28 2006 3.0.0.0-180B Current Boot : Primary Next Boot : Primary Software Fallback : Enabled...
Page 357 12-19 % portfast bpdu-guard disabled % portfast errdisable timeout disabled % portfast errdisable timeout interval 300 sec % cisco interoperability not configured - Current cisco interoperability off Instance VLAN 1-4095 RFS7000(config-if)#...
Page 358: Shutdown
12-20 Overview 12.1.15 shutdown Interface Config commands Use this command to shutdown/disable the selected interface. The interface is administratively enabled unless explicitly disbaled using this command. Syntax shutdown Parameters None. Example RFS7000(config-if)#shutdown RFS7000(config-if)#...
Page 359: Spanning-Tree
12-21 12.1.16 spanning-tree Interface Config commands Use this command to configure spanning tree parameters. Syntax spanning-tree [bpdufilter(enable|disable)|bpduguard (enable|disable)|edgeport|force-version <0-3>|guard (root)|link-type (point-to- point|shared)|mst(<0-15>|port-cisco-interoperability)|portfast] spanning-tree mst [<0-15>(cost <1-200000000>|port-priority <0-240>)| port-cisco-interoperability (disable|enable)] Parameters bpdufilter (disable|enable) Use this command to set a portfast BPDU filter for the port. Use the parameter with this command to revert the port BPDU filter to default.
Page 360 12-22 Overview mst [<0-15> Configures mst on a spanning tree. (cost <1-200000000>| • <0-15> – Instance ID. port-priority <0-240>)| • cost <1-200000000> – Path cost for a port. port-cisco-interoperability (disable|enable)] • port-priority <0-240> – Port priority for a bridge. • port-cisco-interoperability (disable|enable) – Enables or disables interoperability with Cisco's version of MSTP (which is incompatible with standard MSTP).
Page 361: Speed
12-23 12.1.17 speed Interface Config commands Use this command to specify the speed of a fast-ethernet (10/100) or a gigabit-ethernet port (10/100/1000). Syntax speed(10|100|1000|auto) Parameters Forces 10 Mbps operation. The port runs at 10 Mbps. Forces 100 Mbps operation.The port runs at 100 Mbps. 1000 Forces 1000 Mbps operation.The port runs at 1000 Mbps.
Page 362: Static-Channel-Group
12-24 Overview 12.1.18 static-channel-group Interface Config commands Use this command to add an interface to a static channel group. Syntax static-channel-group <1-4> Parameters <1-4> Static channel group to associate the link with. Usage Guidelines This command aggregates individual giga port’s into a single aggregate link to provide a larger bandwidth. The static channel group is used to provide additional bandwidth in multiples of 1Gbps on the switch.
Page 363: Switchport
12-25 12.1.19 switchport Interface Config commands Use this command to set switching mode characteristics for the selected interface. The mode can be either access or trunk. NOTE A interface configured as a trunk with all VLAN's allowed looses its configuration and has only VLAN 1 set to allowed. Syntax switchport(access|mode|trunk) switchport access vlan <1-4094>...
Page 364 12-26 Overview trunk native (tagged | Configures the native VLAN ID of the trunk-mode port. vlan <1-4094>) • tagged – Sets the native VLAN for classifying untagged traffic. • vlan <1-4094> – Sets the native VLAN for classifying untagged traffic when the interface is in trunking mode.
Page 365: Tunnel
12-27 12.1.20 tunnel Interface Config commands Use this command to configure protocol-over-protocol tunneling. Syntax tunnel(destination|source|ttl) tunnel destination A.B.C.D tunnel source A.B.C.D tunnel ttl<1-255> Parameters destination Destination of tunnel packets. • A.B.C.D – Internet Protocol (IP). source Source of tunnel packets. •...
Page 366 12-28 Overview...
Page 367 Spanning Tree-MST Instance Use the ) instance to configure the Multi Spanning Tree Protocol (MSTP). Use (config-mst to reach this instance. (config)#spanning-tree mst configuration 13.1 mst Config commands Table 13.1 summarizes the commands. config-mst Table 13.1 MSTP Config Command Summary Command Description Ref.
Page 368: Mst Config Commands
13-2 Overview 13.1.1 clrscr mst Config commands Use this command to clear the display. Syntax clrscr Parameters None. Example RFS7000(config-mst)#clrscr RFS7000(config-mst)#...
Page 369: End
13-3 13.1.2 end mst Config commands Use this command to end and exit from the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-mst)#end RFS7000#...
Page 370: Exit
13-4 Overview 13.1.3 exit mst Config commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-mst)#exit RFS7000(config)#...
Page 371: Help
13-5 13.1.4 help mst Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-mst)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 372: Instance
13-6 Overview 13.1.5 instance mst Config commands Use this command to associate VLAN(s) with an instance. Syntax instance <1-15> vlan <VLAN_ID> Parameters <1-15> Defines the instance ID to which the VLAN is associated. vlan <VLAN_ID> Defines the VLAN ID for its association with an instance. Usage Guidelines MSTP is based on instances.
Page 373: Name
13-7 13.1.6 name mst Config commands Use this command to set a name for the MST region. Syntax name (region name) Parameters region name MST region name. Example RFS7000(config-mst)#name MyRegion RFS7000(config-mst)#...
Page 374 13-8 Overview 13.1.7 no mst Config commands Use this command to negate a command or set defaults. Syntax no [instance|name|revision] Parameters instance Instance. name MST region. revision Revision number for configuration information. Usage Guidelines command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
Page 375: Revision
13-9 13.1.8 revision mst Config commands Use this command to configure the revision number of the MST bridge. Syntax revision <0-255> Parameters 0-255 Revision number for configuration information. Example RFS7000(config-mst)#revision 20 RFS7000(config-mst)#...
Page 376: Service
13-10 Overview 13.1.9 service mst Config commands Use this command to invoke the service commands needed to trobuleshoot or debug instance (config-if) configurations. Syntax service(show) (cli) Parameters show (cli) Shows running system information. • cli – Show CLI tree of current mode. Example RFS7000(config-mst)*#service show cli MSTI configuration mode:...
Page 377: Show
13-11 13.1.10 show mst Config commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-mst)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 378 13-12 Overview RFS7000(config-mst)#show access-list Extended IP access list 110 permit ip 192.168.1.0/24 192.168.100.0/24 rule-precedence 5 permit ip 192.168.63.0/24 192.168.100.0/24 rule-precedence 63 permit ip 192.168.157.0/24 192.168.100.0/24 rule-precedence 157 RFS7000(config-mst)# RFS7000(config-mst)#show wlan-acl all WLAN port: 102 Inbound IP Access List : 110 Inbound MAC Access List : Outbound IP Access List: Outbound MAC Access List :...
Page 379: Configuring Interface Using Mstp
13-13 13.2 Configuring Interface using MSTP MSTP is enabled by default. All VLANs are in the default instance 0 by default. 1. Use the following command to create a non-default instance and region configuration using the mode: config RFS7000(config-mst)#instance 1 vlan <vlan-id> 2.
Page 380 13-14 Overview...
Page 381 Extended ACL Instance Use the instance to configure ACLs.. (config-ext-nacl) ip access-list extended 14.1 Extended ACL Config Commands Table 14.1 summarizes the commands. config-ext-nacl Table 14.1 Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen. page 14-2 deny Specifies packets to reject.
Page 382: Extended Acl Config Commands
14-2 Overview 14.1.1 clrscr Extended ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-ext-nacl)#clrscr RFS7000(config-ext-nacl)#...
Page 383: Deny
14-3 14.1.2 deny Extended ACL Config Commands Use this command to specify packets to reject. Syntax deny(icmp|ip|tcp|udp) deny {ip} {source/source-mask | host source | any} {destination/destination-mask | host destination | any} [log] [rule-precedence access-list-entry precedence] deny {icmp} {source/source-mask | host source | any} {destination/ destination- mask | host destination | any} [icmp-type | [icmp-type icmp-code]] [log] [rule- precedence access-list-entry precedence] deny {tcp|udp} {source/source-mask | host source | any} [operator source-port]...
Page 384 14-4 Overview deny {icmp} {source/ Use with command to reject icmp packets. deny source-mask | host source • deny – The keyword specifies deny action on an ACL. | any} {destination/ • {icmp} – Specifies icmp as the protocol. destination-mask | host destination | any} [icmp- •...
Page 385 14-5 deny {tcp|udp} {source/ Use with command to reject tcp or udp packets. deny source-mask | host source • deny – The keyword specifies deny action on an ACL. | any} [operator source- • {tcp|udp} – Specify tcp or udp as the protocol. port] {destination/ destination-mask | host •...
Page 386 14-6 Overview • Select icmp to allow/deny icmp packets. Selecting icmp provides the option of filtering icmp packets based on icmp type and code. NOTE The log option is functional only for router ACL’s. The log option displays an informational logging message for the packet that matches the entry sent to the console.
Page 387: End
14-7 14.1.3 end Extended ACL Config Commands Use this command to end and exit the current mode and change to the PRIV EXEC mode. The prompt changes RFS7000# Syntax Parameters None. Example RFS7000(config-ext-nacl)#end RFS7000#...
Page 388: Exit
14-8 Overview 14.1.4 exit Extended ACL Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-ext-nacl)#exit RFS7000(config)#...
Page 389: Help
14-9 14.1.5 help Extended ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-ext-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 390: Mark
14-10 Overview 14.1.6 mark Extended ACL Config Commands Use this command to mark specific packets. Syntax mark {dot1p <0-7> | tos <0-255>}} {ip} {source/source-mask | host source | any} {destination/destination-mask | host destination | any} [log] [rule-precedence access-list-entry precedence] mark {dot1p <0-7> | tos <0-255>}} {icmp} {source/source-mask | host source | any} {destination/ destination-mask | host destination | any} [icmp-type | [icmp-type icmp-code]] [log] [rule-precedence access-list-entry precedence] mark {dot1p <0-7>...
Page 391 14-11 mark {dot1p <0-7> | tos Use with the command to specify icmp packets as marked. mark <0-255>}} {icmp} • mark {dot1p <0-7> | tos <0-255>} – The keyword specifies mark action on {source/source-mask | an ACL. The action type is functional only over a Port ACL.
Page 392 14-12 Overview mark {dot1p <0-7> | tos Use with the command to specify tcp or udp packets as marked. mark <0-255>}} {tcp|udp} • mark {dot1p <0-7> | tos <0-255>} – The keyword specifies mark action on {source/source-mask | an ACL. The action type is functional only over a Port ACL.
Page 393 14-13 • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp protocol allow you the option of filtering icmp packets based on icmp type and icmp code. NOTE The log option is functional only for router ACL’s. The log option provides an informational logging message about the packet matching the entry sent to the console.
Page 394 14-14 Overview 14.1.7 no Extended ACL Config Commands Use this command to negate a command or set its defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark permit commands to configure the Extended ACL. Parameters deny Specifies packets to reject.
Page 395: Permit
14-15 14.1.8 permit Extended ACL Config Commands Use this command to permit specific packets. NOTE ACLs do not allow DHCP messages to flow by default. Configure an Access Control Entry (ACE) to allow DHCP messages to flow through. RFS7000(config-ext-nacl)#permit ip 192.168.1.0/24 192.168.2.0/24 RFS7000(config-ext-nacl)#permit ip any host 255.255.255.255 RFS7000(config-ext-nacl)# Syntax...
Page 396 14-16 Overview permit {icmp} Use with the command to allow icmp packets. permit {source/source-mask | • permit – The keyword specifies permit action on an ACL. host source | any} • {icmp} – Specifies icmp as the protocol. {destination/ destination- mask | host destination | •...
Page 397 14-17 permit{tcp|udp} Use with the command to allow tcp or udp packets. permit {source/source-mask | • permit – The keyword specifies permit action on an ACL. host source | any} • {tcp|udp} – Specify tcp or udp as the protocol. [operator source-port] {destination/destination- •...
Page 398 14-18 Overview • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp allows filtering of icmp packets based on icmp type and code. NOTE The log option is functional only for router ACL’s. The log option causes an informational logging message about the packet matching the entry sent to the console.
Page 399: Service
14-19 14.1.9 service Extended ACL Config Commands Use this command to invoke service commands to troubleshoot or debug instance (config-if) configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the RFS7000 Switch. save-cli Saves the CLI tree for all modes in html format.
Page 400: Show
14-20 Overview 14.1.10 show Extended ACL Config Commands Use this command to view the current system information. Syntax show <paramater> Parameters Displays all the parameters for which the information can be viewed using the show command. Usage Guidelines command displays all the access lists configured in the switch console. Provide the show access-list access list name or number to view the details of a particular ACL.
Page 401 14-21 RFS7000(config-ext-nacl)#show access-list Extended IP access list 101 deny ip 192.168.1.0/24 192.168.2.0/24 rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list 110 deny ip host 192.168.1.95 host 192.168.2.98 log rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list symbol deny tcp 192.168.2.0/24 192.168.1.0/24 rule-precedence 10 permit ip any any rule-precedence 20...
Page 402: Terminal
14-22 Overview 14.1.11 terminal Extended ACL Config Commands Use this command to set the length/number of lines displayed on the terminal window. Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. Negates a command or set its defaults. •...
Page 403 Standard ACL Instance Use the instance to configure ACLs. Standard ACLs (config-std-nacl) ip access-list standard allow filtering based on the source address only. 15.1 Standard ACL Config Commands Table 15.1 summarizes commands. config-std-nacl Table 15.1 Standard ACL Config Command Summary Command Description Ref.
Page 404 15-2 Overview Command Description Ref. terminal Sets terminal line parameters. page 15-14...
Page 405: Standard Acl Config Commands
15-3 15.1.1 clrscr Standard ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-std-nacl)#clrscr RFS7000(config-std-nacl)#...
Page 406: Deny
15-4 Overview 15.1.2 deny Standard ACL Config Commands Use this command to specify packets to reject. Syntax deny(A.B.C.D/M|any|host) deny any(log|rule-precedence) deny any log(rule-precedence)<1-5000> deny any rule-precedence<1-5000> deny host A.B.C.D Parameters A.B.C.D/M Source IP address range to match. Any source IP address. •...
Page 407: End
15-5 15.1.3 end Standard ACL Config Commands Use this command to exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-std-nacl)#end RFS7000#...
Page 408: Exit
15-6 Overview 15.1.4 exit Standard ACL Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-std-nacl)#exit RFS7000(config)#...
Page 409: Help
15-7 15.1.5 help Standard ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-std-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 410: Mark
15-8 Overview 15.1.6 mark Standard ACL Config Commands Use this command to mark specific packets. Syntax mark(8021.1p<0-7>|tos<0-255>)(A.B.C.D/M|any|host) mark(8021.1p<0-7>|tos<0-255>)any|host(log|rule-precedence<1-5000>| |A.B>C.D) Parameters 8021.1p<0-7>|tos<0-255>) • Specifies .1p priority value between 0 and 7 • Specifies a Type of Service (tos) value between 0 and 255. (A.B.C.D/M|any|host) source is the source IP address of the network or host in dotted decimal format.
Page 411 15-9 15.1.7 no Standard ACL Config Commands Use this command to negate a command or set its defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark permit commands to configure the Extended ACL. Parameters deny Specifies packets to reject.
Page 412: Permit
15-10 Overview 15.1.8 permit Standard ACL Config Commands Use this command to permit specific packets. Syntax permit(A.B.C.D/M|any|host) permit any(log|rule-precedence) permit any log(rule-precedence)<1-5000> permit any rule-precedence<1-5000> permit host A.B.C.D Parameters A.B.C.D/M Source IP address range to match. Any source IP address. •...
Page 413: Service
15-11 15.1.9 service Standard ACL Config Commands Use this command to invoke service commands to troubleshoot or debug instance (config-if) configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the switch. save-cli Saves the CLI tree for all modes in html format.
Page 414: Show
15-12 Overview 15.1.10 show Standard ACL Config Commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Usage Guidelines command displays all the access lists configured in the switch console. Provide the show access-list access list name or number to view the details of a particular ACL.
Page 415 15-13 RFS7000(config-std-nacl)#show access-list Standard IP access list 1 permit any rule-precedence 10 Extended IP access list 101 deny ip 192.168.1.0/24 192.168.2.0/24 rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list 110 deny ip host 192.168.1.95 host 192.168.2.98 log rule-precedence 10 permit ip any any rule-precedence 20 Standard IP access list moto deny 192.168.1.0/24 rule-precedence 10...
Page 416: Terminal
15-14 Overview 15.1.11 terminal Standard ACL Config Commands Use this command to set the length /number of lines displayed on the terminal. Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. Negates a command or set its defaults. •...
Page 417: Chapter 16. Extended Mac Acl Instance
Extended MAC ACL Instance Use the instance to configure ACLs associated with the (config-ext-macl) mac access-list extended switch. Use a decimal value representation of ethertypes to implement packet. The command set permit/deny/mark for Extended MAC ACLs provides hexadecimal values for each of its listed ethertypes. The switch supports all ethertypes.
Page 418 16-2 Overview 16.1 MAC Extended ACL Config Commands Table 16.1 summarizes the commands. config-ext-macl Table 16.1 Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen. page 16-3 deny Specifies packets to reject. page 16-4 Ends the current mode and changes to EXEC mode. page 16-6 exit Ends the current mode and moves to the previous mode.
Page 419: Mac Extended Acl Config Commands
16-3 16.1.1 clrscr MAC Extended ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-ext-macl)#clrscr RFS7000(config-ext-macl)#...
Page 420: Deny
16-4 Overview 16.1.2 deny MAC Extended ACL Config Commands Use this command to specify packets to reject. NOTE Use a decimal value representation of ethertypes to implement a designation for a packet. The command set for Extended permit/deny/mark MAC ACLs provides hexadecimal values for each listed ethertype. The switch supports all ethertypes.
Page 421 16-5 • ip • 802.1q By default, the switch does not allow layer 2 traffic to pass through the interface. To adopt access port through an interface, configure an access control list to allow an ethernet wisp. NOTE A MAC access list entry to allow arp is mandatory to apply an IP based ACL to an interface.
Page 422: End
16-6 Overview 16.1.3 end MAC Extended ACL Config Commands Use this command to exit from the current mode and change to PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-ext-macl)#end RFS7000#...
Page 423: Exit
16-7 16.1.4 exit MAC Extended ACL Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-ext-macl)#exit RFS7000(config)#...
Page 424: Help
16-8 Overview 16.1.5 help MAC Extended ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-ext-macl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 425: Mark
16-9 16.1.6 mark MAC Extended ACL Config Commands Use this command to specify a packet to mark. NOTE Use a decimal value representation of ethertypes to implement permit/deny/ designations for a packet. The command set for an Extended MAC ACL mark provides hexadecimal values for each of its listed ethertypes.
Page 426 16-10 Overview Usage Guidelines Use the mark option to specify the type of service (tos) and priority value. The tos value is marked in the IP header and the 802.1p priority value is marked in the dot1q frame. Whenever the interface receives the packet, its content is checked against all the ACE’s in the ACL. It is marked based on the ACL configuration.
Page 427 16-11 16.1.7 no MAC Extended ACL Config Commands Use this command to negate a command or set defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark permit to configure the Extended ACL. Parameters deny Specifies packets to reject. mark Specifies packets to mark.
Page 428: Permit
16-12 Overview 16.1.8 permit MAC Extended ACL Config Commands Use this command to specify packets to forward. NOTE Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. Extended MAC ACL’s provide hexadecimal values for each listed ethertype. The switch supports all ethertypes. Use the decimal equvilant of the ethertype listed in the CLI or for any other type of ethertype.
Page 429 16-13 Usage Guidelines When creating a Port ACL, the switch (by default) does not permit an ethertype WISP. First create a rule to allow WISP to adopt access ports. Use the following CLI command to adopt access ports: permit any any type wisp NOTE Use the following command to attach a MAC access list to a port on a layer 2 interface: mac access-group <acl number/name>...
Page 430: Service
16-14 Overview 16.1.9 service MAC Extended ACL Config Commands Use this command to invoke service commands to trobuleshoot or debug instance (config-if) configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the switch. save-cli Saves the CLI tree for all modes in html format.
Page 431: Show
16-15 16.1.10 show MAC Extended ACL Config Commands Use this command to view current system information. Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command. Usage Guidelines command displays the access lists configured for the switch. Provide the access list show access-list name or number to view specific ACL details.
Page 432 16-16 Overview RFS7000(config-ext-macl)#show access-list Extended MAC access list 200 permit any any type arp rule-precedence 10 permit any any type wisp rule-precedence 20 Extended MAC access list 250 deny host 01:02:fe:45:76:89 host 01:02:89:78:78:45 rule-precedence 10 permit any any type arp rule-precedence 20 RFS7000(config-ext-macl)#...
Page 433: Terminal
16-17 16.1.11 terminal MAC Extended ACL Config Commands Use this command to set the length or number of lines displayed Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. Negates a command or sets defaults. •...
Page 434 16-18 Overview...
Page 435: Chapter 17. Dhcp Instance
DHCP Instance Use the instance to configure the DHCP server address pool associated with the switch. Use (config-dhcp) command to reach instance. ip dhcp pool (pool name) (config-dhcp) 17.1 DHCP Config Commands Table 17.1 summarizes commands. config-std-nacl Table 17.1 DHCP Server Config Command Summary Command Description Ref.
Page 436: Domain-Name
17-2 Overview Command Description Ref. domain-name Configures the domain name. page 17-13 Ends the current mode and moves to the EXEC mode. page 17-14 exit Ends the current mode and moves to the previous mode. page 17-15 hardware-address Configures the hardware address using either a dashed or dotted page 17-16 hexadecimal string.
Page 437: Address
17-3 17.1.1 address DHCP Config Commands Use this command to specify a range of addresses for DHCP network pool. Syntax address (range) (low IP address) (high IP address) Parameters range (low IP address) Use this command to add an address range for the DHCP server. (high IP address) •...
Page 438 17-4 Overview 17.1.2 bootfile DHCP Config Commands Use this command to assign a bootfile name for the DHCP configuration on the network pool. Syntax bootfile <filename> Parameters bootfile <filename> Indicates the boot image for bootp clients. The file name can contain letters, numbers, dots and hyphens.
Page 439 17-5 17.1.3 class DHCP Config Commands Use this command to associate a DHCP class with a pool. This command is used in Step 4 in the usage guidelines provided below. The CLI prompt moves to a sub-instance The configuration mode changes from (config-dhcp-class).
Page 440 17-6 Overview 17.1.3.1 config-dhcp-class to enter the ( instance. Use this instance to set an address (config-dhcp)# class config-dhcp-class) range for a DHCP user class in a DHCP server address pool. Table 17.2 summarizes commands. config-dhcp-class Table 17.2 Config- dhcp-class Command Summary Command Description address...
Page 441 17-7 17.1.4 client-identifier DHCP Config Commands Use this command to assign a name to the client-identifier. A client identifier is used to reserve an IP address for DHCP clients. Syntax client-identifier <ascii string> Parameters client-identifier To prepend a null character , use at beginning.
Page 442 17-8 Overview 17.1.5 client-name DHCP Config Commands Use this command to a add client name for the DHCP clients. Syntax client-name <name> Parameters client-name <name> to add a client name. The domain name must not be client-name included. Example RFS7000(config-dhcp)#client-name testpc RFS7000(config-dhcp)#...
Page 443 17-9 17.1.6 clrscr DHCP Config Commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-dhcp)#clrscr RFS7000(config-dhcp)#...
Page 444 17-10 Overview 17.1.7 ddns DHCP Config Commands Use this command to configure dynamic DNS parameters like domain name, enabling multi-user class and IP address of the server. Syntax ddns [domainname (name)|multiple-user-class|server (IP address) (IP address)| ttl <1-864000>|update-all] Parameters domainname (name) Sets domain name used for DDNS updates.
Page 445 17-11 17.1.8 default-router DHCP Config Commands Use this command to configure the default router or gateway IP address for the network pool. To remove the default router list, use the command. no default-router default-router <Router IP address> Parameters default-router Specifies the default router IP address for the network pool. <router IP address>...
Page 446 17-12 Overview 17.1.9 dns-server DHCP Config Commands Use this command to configure the DNS server’s IP address available to the DHCP clients connected to the pool. Use the command to remove DNS server list. no dns-server Syntax dns-server <ip address1> <ip address2> <ip address3> ..<ip address8> Parameters dns-server <IP address>...
Page 447 17-13 17.1.10 domain-name DHCP Config Commands Use this command to configure the domain name for the network pool. Use the command no domain-name to remove the domain name. Syntax domain-name (name) Parameters domain-name (name) Configures the domain name for the network pool. Usage Guidelines The domain name cannot be more than 256 characters.
Page 448 17-14 Overview 17.1.11 end DHCP Config Commands Use this command to exit the current mode and moves to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-dhcp)#end RFS7000#...
Page 449 17-15 17.1.12 exit DHCP Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config)#ip dhcp pool TestPool RFS7000(config-dhcp)#exit RFS7000(config)#...
Page 450 17-16 Overview 17.1.13 hardware-address DHCP Config Commands Use this command to reserve an IP address (manually) based on a DHCP client’s hardware address. Use the command to remove this from the DHCP pool. hardware-address Syntax hardware-address [XX-XX-XX-XX-XX-XX | XX:XX:XX:XX:XX:XX] Parameters hardware-address Configures the client’s hardware address.
Page 451 17-17 17.1.14 help DHCP Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-dhcp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 452 17-18 Overview 17.1.15 host DHCP Config Commands Use this command to configure a fixed IP address for the host in dotted decimal format. Use the no host command to remove the host from the DHCP pool. Syntax host <IP address> Parameters host <IP address>...
Page 453 17-19 17.1.16 lease DHCP Config Commands Use this command to configure a valid lease time for the IP address used by all DHCP clients in the network pool. Syntax lease [{<0-365> <0-23> <0-59>}|infinite] Parameters lease [ Sets the lease time for IP address. {<0-365>...
Page 454 17-20 Overview 17.1.17 netbios-name-server DHCP Config Commands Use this command to configure the netbios-name server’s IP address. Syntax netbios-name-server <IP address> Parameters netbios-name-server NetBIOS (WINS) name servers. <IP address> • <IP address> – NetBIOS name server's IP address. Example RFS7000(config-dhcp)#netbios-name-server 2.2.2.222 RFS7000(config-dhcp)#...
Page 455 17-21 17.1.18 netbios-node-type DHCP Config Commands Use this command to configure the netbios-node type. Syntax netbios-node-type [b-node|h-node|m-node|p-node] Parameters netbios-node-type NetBIOS (WINS) name servers. [b-node | h-node | • b-node – Broadcast node. m-node | p-node • h-node – Hybrid node. •...
Page 456 17-22 Overview 17.1.19 network DHCP Config Commands Use this command to configure the network pool’s IP address. This maps the current DHCP pool with the specific network. Syntax network [A.B.C.D|A.B.C.D/M] Parameters network Network number and mask. [A.B.C.D|A.B.C.D/M] • A.B.C.D – Network number in dotted decimal format. •...
Page 457 17-23 17.1.20 next-server DHCP Config Commands Use this command to configure the IP address of the next server in the boot process. Syntax next-server <IP address> Parameters next-server <IP address> Defines the next server in the boot process. • <IP address> – Server's IP address. Example RFS7000(config-dhcp)#next-server 2.2.2.22 RFS7000(config-dhcp)#...
Page 458 17-24 Overview 17.1.21 no DHCP Config Commands Use this command to negate a command or set defaults. Syntax no [address|bootfile|client-identifier|client-name|ddns|default-router|dns- server|domain-name|hardware-address|host|lease|netbios-name-server|netbios-node- type|network|next-server|option|update] Parameters command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated. The pool has only one bootfile and hence the is not required when using the command.
Page 459 17-25 17.1.22 option DHCP Config Commands Use this command to define the raw DHCP option used in DHCP pools. Syntax option (name)[IP Value|ASCII Value] Parameters option (name) Raw DHCP options. • (name) – Name of the DHCP option. • IP Value – IP Value of the DHCP option. •...
Page 460: Service
17-26 Overview 17.1.23 service DHCP Config Commands Use this command to invoke service commands to troubleshoot or debug the instance (config-dhcp) configurations. Syntax service(show) (cli) Parameters show Shows running system information. Shows CLI tree of current mode. Example RFS7000(config-dhcp)#service show cli DHCP Server Config mode: +-address +-range...
Page 461 17-27 17.1.24 show DHCP Config Commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-dhcp)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 462 17-28 Overview RFS7000(config)#show dhcp config service dhcp ip dhcp option option189 189 ascii ip dhcp pool vlan4 default-router 2.2.2.1 network 4.4.4.0/24 address range 4.4.4.100 4.4.4.200 ip dhcp pool vlan2 ip dhcp pool TestPool lease 200 12 30 domain-name TestDomain bootfile DHCPbootfile netbios-node-type p-node ddns domainname TestDomain address range 1.2.3.2 2.3.2.1...
Page 463: Update
17-29 17.1.25 update DHCP Config Commands Use this command to control the usage of the DDNS service. Syntax update (dns)(override) Parameters update (dns) (override) Controls the usage of the DDNS service. • (dns) – Dynamic DNS Configuration. • (override) – Enables Dynamic Updates by an onboard DHCP Server. Usage Guidelines A DHCP client cannot perform updates for RR’s A, TXT and PTR.
Page 464: Creating Network Pool
17-30 Overview 17.2 Configuring DHCP Server using CLI DHCP configuration is conducted by creating pools and mapping them to L3 interfaces (SVI). A pool can be configured either as a network pool or host pool. A network pool includes ranges. When the network pool is mapped to a L3 interface, DHCP clients requesting IP from the interface get an IP from the included range.
Page 465 17-31 3. Use the command to map the network pool to interface. network network 192.168.0.0/24 In the above example, represents the L3 interface. When executing this 192.168.0.0/24 command, no check is performed to verify whether an interface with the specified IP/Netmask exists. A pool can be created and mapped to a non exisitng L3 interface, hence a verification is not required.
Page 466 17-32 Overview...
Page 467: Chapter 18. Dhcp Class Instance
DHCP Class Instance to enter instance. Use this instance to (config)#ip dhcp class <class name> (config-dhcpclass) configure the DHCP user class. The switch supports a maximum of 8 user classes per DHCP class. Also refer ip on page 5-28 DHCP Instance on page 17-1 for other DHCP related configurations.
Page 468: Clrscr
18-2 Overview 18.1.1 clrscr DHCP Server Class Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-dhcpclass)#clrscr RFS7000(config-dhcpclass)# 18.1.2 end DHCP Server Class Config Commands Use this command to end and exit from the current mode and change to the PRIV EXEC mode. The prompt changes to RFS7000#.
Page 469: Help
18-3 18.1.4 help DHCP Server Class Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-dhcpclass)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 470 18-4 Overview Parameters multiple-user-class Disables the multiple user class option. option Undo DHCP Server options. Example RFS7000(config-dhcpclass)#no multiple-user-class RFS7000(config-dhcpclass)# 18.1.7 option DHCP Server Class Config Commands Use this command to specify a value for DHCP user class options. This command is used in Step 2 in the usage guidelines provided below.
Page 471 18-5 18.1.8 service DHCP Server Class Config Commands Use this command to invoke service commands to troubleshoot or debug (config-if) instance configurations. Syntax service (show) (cli) Parameters show (cli) Displays the CLI tree of current mode. Example RFS7000(config-dhcpclass)#service show cli DHCP Server Class Config mode: +-clrscr [clrscr] +-do...
Page 472 18-6 Overview 18.1.9 show DHCP Server Class Config Commands Use this command to view the current system information. Syntax show <parameters> show dhcp [config|status] show ip dhcp [binding|class|pool|sharednetwork] Parameters Displays all the parameters for which the information can be viewed using the show command.
Page 473 18-7 users Display information about currently logged in users version Display software & hardware version wireless Wireless configuration commands wlan-acl wlan based acl RFS7000(config-dhcpclass)#show RFS7000(config-dhcpclass)#show ip dhcp binding MAC/Client-Id Expiry Time ------------- ----------- 10.10.10.109 00:a0:f8:bf:8a:4b Mon Sep 17 12:32:53 2007 10.10.10.110 00:0e:9b:98:f9:34 Mon Sep 17 13:34:31 2007...
Page 474 18-8 Overview...
Page 475: Radius Configuration Commands
RADIUS Server Instance command moves to the RADIUS server mode. The local (Onboard) RADIUS server radius-server local configuration commands are listed under this mode. Use the instance to configure local (config-radsrv) RADIUS server parameters. 19.1 RADIUS Configuration Commands Table 19.1 summarizes the Gloabl Config commands.
Page 476 19-2 Overview Command Description Ref. help Displays the interactive help system. page 19-19 ldap-server LDAP server parameters. page 19-20 RADIUS client. page 19-22 Negates a command or set its defaults. page 19-23 proxy RADIUS proxy server. page 19-24 rad-user RADIUS user configuration. page 19-25 server Configures server certificate parameters.
Page 477: Authentication
19-3 19.1.1 authentication RADIUS Configuration Commands Use this command to configure an authentication scheme used with RADIUS server. Syntax authentication(data-source|eap-auth-type) authentication data-source(ldap|local) authentication eap-auth-type(all|peap-gtc|peap-mschapv2|tls|ttls-md5| ttls-mschapv2|ttls-pap) Parameters data-source RADIUS data source for user authentication. • ldap – Remote LDAP server. • local – Local user database. eap-auth-type RADIUS EAP and default authentication type configuration.
Page 478 19-4 Overview 19.1.2 ca RADIUS Configuration Commands Use this command to configure CA (Certificate Authority) parameters. Syntax ca trust-point(WORD) Parameters trust-point (WORD) Trustpoint configuration. • WORD – Existing trustpoint name. Usage Guidelines Configure the trustpoint used by the local RADIUS server. Create the before it is used by the trustpoint command.
Page 479: Clrscr
19-5 19.1.3 clrscr RADIUS Configuration Commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-radsrv)#clrscr RFS7000(config-radsrv)#...
Page 480: Crl-Check
19-6 Overview 19.1.4 crl-check RADIUS Configuration Commands Use this command to enable a Certificate Revocation List (CRL) check. To enable the certificate revocation list, ensure is loaded using the command. crl list crypto pki import <trustpoint-name> crl Syntax crl-check Parameters enable Enables a CRL check.
Page 481: End
19-7 19.1.5 end RADIUS Configuration Commands Use this command to exit from the current mode and move to the PRIV EXEC mode. The prompt now changes RFS7000# Syntax Parameters None. Example RFS7000(config-radsrv)#end RFS7000#...
Page 482: Exit
19-8 Overview 19.1.6 exit RADIUS Configuration Commands Use this command to exit the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-radsrv)#exit RFS7000(config)#...
Page 483 19-9 19.1.7 group RADIUS Configuration Commands Use this command to configure RADIUS user groups. The CLI moves to a sub-instance config-radsrv-group to create a new group. The prompt changes from RFS7000(config-radsrv)# RFS7000(config-radsrv-group)#. Table 19.2 summarizes the RADIUS User Group commands within the sub- (config-radsrv-group) instance.
Page 484: Group
19-10 Overview 19.1.7.2 end RADIUS Configuration Commands Use this command to exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-radsrv-group)#end RFS7000# 19.1.7.3 exit RADIUS Configuration Commands Use this command to exit the current mode and move to the previous mode ).
Page 485: Guest-Group
19-11 19.1.7.5 guest-group RADIUS Configuration Commands Use this command to manage a guest-user linked with a hotspot. Additionally, create a guest-user and associate it with a guest-group. The guest-user and the policies of the guest-group are used for hotspot authentication. Syntax guest-group Parameters...
Page 486 19-12 Overview Parameters policy RADIUS group access policy configuration. Resets the access policy day for this group. time Configures access policy time for this group. vlan VLAN ID for this group. wlan Configures WLAN access policy for this group. <1-32> WLAN Range.
Page 487 19-13 Syntax policy(day|time|vlan|wlan) policy day(all|fr|mo|sa|su|th|tu|we|weekdays) ploicy time(start|end)<0-23><0-59> policy vlan<1-4094> Parameters Day of access policy configuration. • all – All days (from Sunday to Saturday). • fr – Friday • mo – Monday • sa – Saturday • su – Sunday •...
Page 488 19-14 Overview 19.1.7.9 rad-user RADIUS Configuration Commands Use this command to add an exisitng RADIUS user to this group. If the RADIUS user is not available in the Onboard RADIUS server’s database, create a new RADIUS user using command from rad-user (config- mode.
Page 489 19-15 +-mo [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-sa [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-su [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-th [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-tu [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-we [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-weekdays [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-time +-start +-<0-23> +-<0-59> +-end +-<0-23> +-<0-59> [policy time start <0-23> <0-59> end <0-23> <0-59>] -- MORE --, next page: Space, next line: Enter, quit: Control-C RFS7000(config-radsrv-group)# 19.1.7.11 show...
Page 490 19-16 Overview sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters startup-config Contents of startup configuration terminal Display terminal configuration parameters timezone Display timezone upgrade-status Display last image upgrade status users Display information about terminal lines version Display software &...
Page 491 19-17 19.1.7.12 Example–Creating a Group The use of the sub-instance is explained below: (config-radsrv-group) 1. Create a group called Sales in the local RADIUS Server database. RFS7000(config-radsrv)#group sales 2. Check RADIUS user group configuration commands. RFS7000(config-radsrv-group)#? Radius user group configuration commands: clrscr Clears the display screen End current mode and change to EXEC mode...
Page 492 19-18 Overview 8. Use to add a realm name. (config-radsrv)#proxy RFS7000(config-radsrv)#proxy realm mydomain.com server 10.10.1.10 port 1812 secret 0 testing 9. Save the changes and restart the RADIUS service. RFS7000(config-radsrv)#service radius restart Sep 08 17:48:04 2006: %PM-5-PROCSTOP: Process "radiusd" has been stopped Sep 08 17:48:05 2006: RADCONF: radius config files generated successfully RFS7000(config-radsrv)#Sep 08 17:48:05 2006: %DAEMON-6-INFO: radiusd[8830]: Ready to process requests.
Page 493: Help
19-19 19.1.8 help RADIUS Configuration Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-radsrv)#help? help Description of the interactive help system RFS7000(config-radsrv)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 494 19-20 Overview 19.1.9 ldap-server RADIUS Configuration Commands Use this command to configure LDAP server parameters. It uses the exisitng external database in form of an active directory with the onboard RADIUS server instead of a local database on the switch. Syntax ldap-server[primary|secondary] (host <A.B.C.D>) (port <1-65535>) (login <name>) (bind-dn <name>) (base-dn <name>) (passwd [0|2|WORD]) (passwd-...
Page 495 19-21 Example RFS7000(config)#ldap-server primary host 192.192.1.88 port 389 login (sAMAccountName=%{Stripped-User-Name:-%{User-Name}}) bin d-dn cn=admin,ou=wid,dc=symbolTech,dc=local base-dn ou=wid,dc=symbolTech,dc=local passwd SYMBOL@123 passwd-attr UserPassword group-attr cn group-filter (|(&(objectClass=group)(member=%{Ldap- UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{L dap-UserDn}))) group-membership radiusGroupName net-timeout 1 RFS7000(config)#...
Page 496 19-22 Overview 19.1.10 nas RADIUS Configuration Commands Use this command to configure the RADIUS client. Syntax nas(A.B.C.D/M)key(0|2|LINE) Parameters A.B.C.D/M RADIUS Client IP address. RADIUS Client shared key. • 0 – Password is specified UNENCRYPTED. • 2 – Password is encrypted with password-encryption secret. •...
Page 497 19-23 19.1.11 no RADIUS Configuration Commands Use this command to negate a command or set its defaults. Syntax no(authentication|ca|crl-check|group|ldap-server|nas|proxy|rad- user|server|service) Parameters authentication RADIUS authentication. Configures ca certificate parameters. crl-check Certificate Revocation List (CRL) check. group Local RADIUS Server group configuration. ldap-server LDAP server parameters.
Page 498 19-24 Overview 19.1.12 proxy RADIUS Configuration Commands Use this command to configure a proxy RADIUS server based on the realm/suffix. Syntax proxy(realm|retry-count|retry-delay) proxy relam(WORD)server(A.B.C.D)port(<1024-65535>)secret(0|2|WORD) Parameters realm WORD Realm name is a string of up to 50 characters. • server (A.B.C.D) – Proxy server IP address. •...
Page 499: Rad-User
19-25 19.1.13 rad-user RADIUS Configuration Commands Use this command to configure RADIUS user parameters. Syntax rad-user(WORD)password(0|2|WORD) (group)(guest)(expiry-time)(expiry-date) (start-time))start-date) Parameters WORD Enter a user name up to 64 characters in length. password(0|2|WORD) RADIUS user password. • 0 – Password is specified as UNENCRYPTED. •...
Page 500 19-26 Overview 19.1.14 server RADIUS Configuration Commands Use this command to configure the server certificate parameters used by the RADIUS server. The server certificate is a part of a trustpoint created crypto on page 5-17. Syntax server trust-point Parameters trust-point (WORD) Trustpoint configuration.
Page 501: Service
19-27 19.1.15 service RADIUS Configuration Commands Use this command to invoke service commands to trobuleshoot or debug instance (config-radsrv) configurations. This command is also used to enable the RADIUS Server. Syntax service (show) (cli) Parameters show (cli) Shows running system information. Example RFS7000(config-radsrv)#service show cli Radius Configuration mode:...
Page 502: Show
19-28 Overview 19.1.16 show RADIUS Configuration Commands Use this command to view current system information. Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command. Usage Guidelines To view the show command parameters of RADIUS, refer to radius on page 2-58.
Page 503 19-29 RFS7000(config)#show radius trust-point Trust-point Configured For Radius ________________________________ Server Trust-point : tp1 CA Trust-point : default-trustpoint RFS7000(config)#show radius configuration Radius Server Configuration --------------------------- Server Status : enabled Data Source : local RFS7000(config)#...
Page 504 19-30 Overview...
Page 505: Wireless Configuration Commands
Wireless Instance Use the instance to configure wireless parameters. (config-wireless) 20.1 Wireless Configuration Commands Table 20.1 summarizes the Global Config commands. Table 20.1 Wireless Configuration Command Summary Command Description Ref. Envokes AAP commands to define how the switch passes adaptive AP page 20-4 configurations to adopted APs.
Page 506: Help
20-2 Overview Command Description Ref. ap-udp-port Use this command to configure the UDP port for L3 adoption of AP’s. page 20-10 Note Enables this option for the DHCP Server supporting this access-port. broadcast-tx- Sets the rate at which broadcast and multicast traffic is transmitted. page 20-11 speed client...
Page 507 20-3 Command Description Ref. radio Radio related commands. page 20-35 rate-limit Sets default rate limits per user. page 20-42 self-heal Self healing configuration commands. page 20-43 sensor Wireless Intrusion Protection System (WIPS) parameters. page 20-45 service Service commands. page 20-46 show Shows running system information.
Page 508: Aap
20-4 Overview 20.1.1 aap Wireless Configuration Commands Use this command to configure adaptive AP parameters. Syntax aap [config-apply (def-delay|mesh-delay)<30-10000> Parameters config-apply (def- Apply Configuration settings. delay|mesh-delay) • def-delay <30-10000> – Default time (in seconds) to delay before applying <30-10000> config. •...
Page 509 20-5 20.1.2 adopt-unconf-radio Wireless Configuration Commands Use this command to adopt a radio (even if not yet configured). The default template is used for configuration. Syntax adopt-unconf-radio Parameters enable Enables the adoption of unconfigured radios. Example RFS7000(config-wireless)#adopt-unconf-radio enable RFS7000(config-wireless)#...
Page 510 20-6 Overview 20.1.3 adoption-pref-id Wireless Configuration Commands Use this command as a switch preference identifier. Radios configured with this identifier are more likely to be adopted by this switch. Syntax adoption-pref-id Parameters <1-65535> Select a pref-ID within 1-65535. Example RFS7000(config-wireless)#adoption-pref-id 500 RFS7000(config-wireless)#...
Page 511 20-7 20.1.4 ap Wireless Configuration Commands Use this command to define the name and location of the access port. Syntax ap [<AP index>|<MAC Address>][location|name] Parameters AP Index A single AP index. Use command ot view the AP’s index show wireless ap value.
Page 512: Ap-Detection
20-8 Overview 20.1.5 ap-detection Wireless Configuration Commands Use this command to configure access port detection. Syntax ap-detection [approved|enable|mu-assisted-scan|timeout (approved|unapproved)] ap-detection approved add <1-200> (MAC Address)(SSID) ap-detection mu-assisted-scan(enable|refresh<30-86400>) Parameters approved The approved access port list. • add <1-200> – Adds an entry to the approved access port list. •...
Page 513: Ap-Ip
20-9 20.1.6 ap-ip Wireless Configuration Commands Use this command to modify the static IP address for access port. Syntax ap-ip [<List of Indices/MAC address >|default-ap] ap-ip <List of Indices> [static-ip|switch-ip] ap-ip <List of Indices> (static-ip) <IP address/mask> <gateway IP> ap-ip <List of Indices> (switch-ip) [add <IP address>|delete(<IP address Index>|<IP address>)|set-default] ap-ip (default-ap) [add <IP address>|delete(<IP address Index>|<IP address>)| set-default]...
Page 514 20-10 Overview 20.1.7 ap-udp-port Wireless Configuration Commands Use this command to configure the UDP port for layer 3 AP adoption. Configure the DHCP server supporting the AP’s with the same parameter. Syntax ap-udp-port <1-65535> Parameters <1-65535> The port number used for layer 3 AP adoption. Example RFS7000(config-wireless)#ap-udp-port 10 RFS7000(config-wireless)#...
Page 515 20-11 20.1.8 broadcast-tx-speed Wireless Configuration Commands Use this command to configure the rate broadcast and multicast traffic transmitted between the switch and mobile units. Syntax broadcast-tx-speed(range|throughput) Parameters range Uses the lowest basic rate. Provides the maximum range. throughput Uses the highest basic rate. Provides the maximum throughput (default). Example RFS7000(config-wireless)#broadcast-tx-speed range RFS7000(config-wireless)#...
Page 516: Client
20-12 Overview 20.1.9 client Wireless Configuration Commands Use this command to configure a wireless client. This command creates an exclude-list or include list. Creating an exclude list or include list takes the user to a new mode called " ". Refer config-wireless-client-list config-wireless-client-list on page 20-13 for a...
Page 517 20-13 RFS7000(config-wireless)# no wlan 1 nac-server secondary radius-key RFS7000(config-wireless-client-list)# no wlan 1 Example RFS7000(config-wireless)#client exclude-list JustMe RFS7000(config-wireless-client-list)# 20.1.9.1 config-wireless-client-list client to enter instance. Use this (config-wireless)# (config-wireless-client-list) instance to create an exclude-list or include list. Table 20.2 summarizes commands. config-wireless-client-list Table 20.2 Exclude List Configuration Command Command Description...
Page 518 20-14 Overview wlan config-wireless-client-list Use this command to add a client exclude list name in/from the WLAN. to delete the client exclude list name from the WLAN. [no] wlan [<1-256>| <WLAN>] Syntax (config-wireless-client-list) wlan [<1-256>| WLAN-name] Parameters • <1-256> – A single wlan index. wlan [<1-256>...
Page 519 20-15 20.1.10 clrscr Wireless Configuration Commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-wireless)#clrscr RFS7000(config-wireless)#...
Page 520: Convert-Ap
20-16 Overview 20.1.11 convert-ap Wireless Configuration Commands Use this command to change an access port’s mode of operation to either sensor or standalone. Syntax convert-ap <1-256>(default|sensor) Parameters Indices of the access port’s converted (from the command). <1-256> show wireless ap Lets the access port negotiate its normal mode of operation with the switch default without enforcing any conversion.
Page 521: Country-Code
20-17 20.1.12 country-code Wireless Configuration Commands Use this command to configure the country of operation. This command erases the radio’s existing configuration. Syntax country-code <country-code> Parameters country-code Uses the two letter ISO-3166 country code ("show wireless country-code-list") to view the list of supported countries. Usage Guidelines Use the command to view the list of supported countries.
Page 522 20-18 Overview 20.1.13 dhcp-sniff-state Wireless Configuration Commands Use this command to record mobile unit DHCP state information. Syntax dhcp-sniff-state Parameters enable Enables the recording of DHCP state information for mobile units. Example RFS7000(config-wireless)#dhcp-sniff-state enable RFS7000(config-wireless)#...
Page 523 20-19 20.1.14 dot11-shared-key-auth Wireless Configuration Commands Use this command to enable 802.11 shared key authentication. NOTE Shared key authentication has known weaknesses that compromise WEP key. It must only be configured to accomodate mobile units unable to conduct Open System authentication. Syntax dot11-shared-key-auth Parameters...
Page 524: End
20-20 Overview 20.1.15 end Wireless Configuration Commands Use this command to end and exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-wireless)#end RFS7000#...
Page 525: Exit
20-21 20.1.16 exit Wireless Configuration Commands Use this command to exit the current mode and move to the previous mode. The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-wireless)#exit RFS7000(config)#...
Page 526 20-22 Overview 20.1.17 fix-broadcast-dhcp-rsp Wireless Configuration Commands Use this command to convert broadcast DHCP server responses to be unicast. Syntax fix-broadcast-dhcp-rsp (enable) Parameters enable Enables support for converting broadcast DHCP server responses to unicast. Example RFS7000(config-wireless)#fix-broadcast-dhcp-rsp enable RFS7000(config-wireless)#...
Page 527: Help
20-23 20.1.18 help Wireless Configuration Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-wireless)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 528: Ids
20-24 Overview 20.1.19 ids Wireless Configuration Commands Use this command to configure Intrusion Detection System settings. Syntax ids(anomaly-detection|detect-window|ex-ops) ids anomaly-detection(all|bad-essid-frame|beacon-broadcast-essid| invalid-8021x-frame|invalid-frame-length| invalid-frame-type|multicast-source|non-changing-wep-iv| null-destination|same-source-destination| tkip-countermeasures|unencrypted-traffic| weak-wep-iv)(enable|filter-ageout) ids detect-window<5-300> ids ex-ops(80211-replay-fails|all|association-requests| authentication-fails|crypto-replay-fails|decryption-fails| disassociations|eap-naks|eap-starts|probe-requests|unassoc-frames) (filter-ageout<0-86400>|threshold(mu|radio|switch)<0-9999>) Parameters anomaly-detection [options] Configures parameters related to the detection of anomalous frames on the (enable|filter-ageout) RF network.
Page 529 20-25 ex-ops Configures parameters related to the detection of excessive operations on the RF network. • 80211-replay-fails – 802.11 replay check failure. • all – Changes for all types of excessive operations. • association-requests – 802.11 authentication and association requests. •...
Page 530 20-26 Overview 20.1.20 mac-auth-local Wireless Configuration Commands Use this command to configure the local MAC authentication list. Syntax mac-auth-local<1-1000> (allow|deny)(Starting MAC Address)(Ending MAC Address)(range/list of WLAN indicies)WORD Parameters <1-1000> Entry for mac-auth-local allow Allows mobile units that match this rule to associate. deny Denies association to mobile units that match this rule.
Page 531 20-27 20.1.21 manual-wlan-mapping Wireless Configuration Commands Use this command to manually map/un-map WLANs configured on a radio. Syntax manual-wlan-mapping Parameters enable Enables support for manual WLAN mapping. Example RFS7000(config-wireless)#manual-wlan-mapping enable RFS7000(config-wireless)#...
Page 532: Mobile-Unit
20-28 Overview 20.1.22 mobile-unit Wireless Configuration Commands Use this command to configure mobile unit related parameters. Syntax mobile-unit (association-history(enable)|probe-history) mobile-unit probe-history (add<1-200> <MAC Address>|enable) Parameters association-history Enables the mobile unit’s association history. • enable – Enables the mobile unit’s association history. probe-history Mobile unit probe logging configuration commands.
Page 533: Mobility
20-29 20.1.23 mobility Wireless Configuration Commands Use this command to configure mobility parameters Syntax mobility(enable|local-address|max-roam-period|peer) mobility local-address (IP Address) mobility max-roam-period<1-300> mobililty peer (IP Address) Parameters enable Enables mobility globally. local-address Sets the local address for mobility. <IP address> • A.B.C.D – IP Address of A.B.C.D format. max-roam-period Sets the maximum roam period for a mobile unit (in seconds).
Page 534 20-30 Overview 20.1.24 multicast-packet-limit Wireless Configuration Commands Use this command to a configure multicast packet limit per second for a VLAN. Syntax multicast-packet-limit <0-128> (<1-4094>|<vlan range>) Parameters <0-128> Multicast packet limit per second. [<1-4094 | <vlan range>] • <1-4094> – Single VLAN ID (1-4094) that the new limit applies to. •...
Page 535 20-31 20.1.25 multicast-throttle-watermarks Wireless Configuration Commands Use this command to configure watermarks for handling bursts of broadcast/multicast frames. Syntax multicast-throttle-watermarks (low)<0-100> (high) <0-100> Parameters low <0-100> Configures the low water-mark. If the percentage of free packets in the system is lower than this threshold, the incoming frame will be dropped. high <0-100>...
Page 536 20-32 Overview 20.1.26 no Wireless Configuration Commands Use this command to negate a command or set its defaults. Syntax no(adopt-unconf-radio|adoption-pref-id|ap-detection|broadcast-tx-speed|country- code|dhcp-sniff-state|dot11-shared-key-auth|fix-windows-dhcp|ids|mac-auth- local|manual-wlan-mapping|mobile-unit|mobility|oversized-frames|proxy-arp|qos- mapping|radio|self-heal|sensor|service|smart-scan-channels|wlan) Parameters Refer to Table 20.1 on page 20-1 for the parameters negated using the command. Example RFS7000(config-wireless)#no mobility enable RFS7000(config-wireless)#...
Page 537: Proxy-Arp
20-33 20.1.27 proxy-arp Wireless Configuration Commands Use this command to respond to ARP requests on behalf of mobile units. Syntax proxy-arp Parameters enable Enables support for proxy arp. Example RFS7000(config-wireless)#proxy-arp enable RFS7000(config-wireless)#...
Page 538: Qos-Mapping
20-34 Overview 20.1.28 qos-mapping Wireless Configuration Commands Use this command to configure QoS mappings between wired and wireless domains. Syntax qos-mapping(wired-to-wireless|wireless-to-wired) qos-mapping wired-to-wireless(dot1p<0-7>|dscp<0-63>) (background|best-effort|video|voice) qos-mapping wireless-to-wired(background|best-effort|video|voice) dot1p<0-7> Parameters wired-to-wireless Mappings used while switching wired traffic over the air. • dot1p<0-7> – Configures the mapping of 802.1p tags to access categories.
Page 539: Radio
20-35 20.1.29 radio Wireless Configuration Commands Use this command to configure radio related settings. Syntax radio (<1-4096>|RADIO|add|all-11a|all-11b|all-11bg| configure-8021X|default-11a|default-11b|default-11bg|dns-name) radio<1-4096>(adoption-pref-id|antenna-mode|base-bridge|beacon-interval|bss| channel-power|client-bridge|coordinates|copy-config-from|description|detector| dtim-period|enforce-spec-mgmt|enhanced-beacon-table|enhanced-probe-table| location-led|location-message|mac|max-mobile-units|mu-power <0-20>| neighbor-smart-scan|on-channel-scan|reset|reset-ap|rss (enable)|rts-threshold| run-acs|self-heal-offset|short-preamble|speed|tag-type|wmm) radio <1-4096> base-bridge [enable|max-clients <1-12>] radio <1-4096> bss(<1-4>|add-wlans|auto>)WLAN radio <1-4096> channel-power(indoor|outdoor)(<1-200>|acs|random)<4-20> radio <1-4096> client-bridge [bridge-select-mode(auto|manual)| enable|mesh-timeout <2-200>|ssid (SSID name)] radio <1-4096>...
Page 540 20-36 Overview Antenna diversity mode. Select from the following options: antenna-mode <diversity|primary|secondar • diversity–Full diversity (both antennas). y> • primary–Primary antenna only. • secondary–Secondary antenna only. NOTE Before executing this command, ensure the radio is present and is an AP300. Base bridge settings.
Page 541 20-37 Configures the location of this radio using x.y.z coordinates. coordinates (X,Y,Z coordinates) • <-65535-65535> – X Coordinate. • <-65535-65535> – Y Coordinate. • <-65535-65535> – Z Coordinate. Copies the configuration from a previously configured radio. copy-config-from (<1- 4096>|default-11a| • <1- 4096> – A single radio index. default-11b|default-11bg) •...
Page 542 20-38 Overview Resets a radio (this only resets the specified radio, not the complete access reset port). Resets the parent access port (this resets all radios on that access port). reset-ap Enables Remote Site Survivability (RSS). rss (enable) RTS threshold in bytes. rts-threshold<0-2347>...
Page 543 20-39 Configures the basic and supported data rates. speed • 1 1-Mbps. • 11 11-Mbps. • 12 12-Mbps. • 18 18-Mbps. • 2 2-Mbps. • 24 24-Mbps. • 36 36-Mbps. • 48 48-Mbps. • 54 54-Mbps. • 5.5 5.5-Mbps. • 6 6-Mbps.
Page 544 Overview Configures wi-fi tag type. tag_type [aeroscout|cricket|newbury] • aeroscout – Aeroscout Active tag. (listen-addr) • cricket – Cricket (Motorola) Active tag. <MAC address> • newbury – Newbury active tag. • listen-addr Configure multicast listening address for wi-fi active – tags.
Page 545 20-41 All 11b radios currently in configuration. all-11b All 11bg radios currently in configuration. all-11bg Configures the 802.1X username and password on adopted access ports. configure-8021X Default 11a configuration template. default-11a Default 11b configuration template. default-11b Configures the DNS name used in the L3 Discovery of adopted access ports. dns-name WORD (MAC Address) •...
Page 546: Rate-Limit
20-42 Overview 20.1.30 rate-limit Wireless Configuration Commands Use this command to set default rate limit per user. Syntax rate-limit [down|up] <0-100000> Parameters down <0-100000> Up link direction - From wireless client to network. Defined in the range of <0-100000> kbps, 0=disable rate limit. up <0-100000>...
Page 547: Self-Heal
20-43 20.1.31 self-heal Wireless Configuration Commands Use this command to configure self healing. Syntax self-heal(interference-avoidance|neighbor-recovery) self-heal interference-avoidance(enable|hold-time<0-65535>| retries<0.0-15.0>) self-heal neighbor-recovery(action|enable|neighbors|run-neighbor-detect) self-heal neighbor-recovery action(both|none|open-rates|raise-power) radio(<1-4096>|RADIO) self-heal neighbor-recovery neighbors<1-1000>(<1-1000>|RADIO) Parameters Interference avoidance configuration. interference-avoidance Enables/disables interference avoidance. enable The interval (in seconds) to disable interference avoidance after a detection . This hold-time<0-65535>...
Page 548 20-44 Overview Example RFS7000(config-wireless)#self-heal interference-avoidance enable RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal interference-avoidance hold-time 600 RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal neighbor-recovery enable Note: reducing the configured transmit power of radios will ensure that there is room to increase power when a neighbor fails RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal neighbor-recovery neighbors 1 1 RFS7000(config-wireless)#...
Page 549: Sensor
20-45 20.1.32 sensor Wireless Configuration Commands Use this command to configure Wireless Intrusion Protection System (WIPS) parameters. Syntax sensor(<1-48>|default-config|ping-interval <2-60>|vlan) sensor <1-48> [default-config|request-config|revert-to-ap] sensor default-config(ip-mode|wips-server-ip) sensor default-config ip-mode(dhcp|static(A.B.C.D/M)(A.B.C.D)) sensor default-config wips-server-ip(primary|secondary)(A.B.C.D) Parameters Select a sensor to reset/revert the AP to its original state. Use the <1-48>...
Page 550: Service
20-46 Overview 20.1.33 service Wireless Configuration Commands Use this command to invoke service commands to troubleshoot or debug the instance (config-wireless) configuration. Syntax service(show|wireless) service show (cli) service show wireless [ap-history <accessport MAC address>| buffer-counters|enhanced-beacon-table|enhanced-probe-table|legacy-load-balance| mu-cache-buckets|mu-cache-entry|mvlan|radio (<1-4096>|description|mapping)|snmp- trap-throttle] service wireless [ap-history|buffer-counters|clear-ap-log<1-256>|dump- core|enhanced-beacon-table|enhanced-probe-table|idle-radio-send-multicast| legacy-load-balance| radio-mic-cfg|rate-scale| request-ap-log <1-256>|save-ap-log|snmp-trap-throttle]...
Page 551 20-47 Stats and Parameters related to snmp trap throttling. snmp-trap-throttle service (wireless) Access port serviceability parameters. Use history to access port history. The ap-history (clear|enable) following options can be used to access ap-history: • clear – Deletes all history of all APs •...
Page 552 20-48 Overview This command configures and use an AP for detecting and locating MU’s. The enhanced-probe-table switch maintains an enahnced-probe-table to track all the probes received by an [enable | erase-report | max-mu <0-512> | • enable – Disables or enables gathering of information for MU locationing. preferred (add) •...
Page 553 20-49 RFS7000(config-wireless)#service show wireless mvlan 1 Wlan 1: pool_size =1 ----------------------------------------------------- [ 0]: wlan=1, vlan_id=1, limit=0, users=1, log_sent=0 [ 1]: wlan=1, vlan_id=0, limit=0, users=0, log_sent=0 [ 2]: wlan=1, vlan_id=0, limit=0, users=0, log_sent=0 [ 3]: wlan=1, vlan_id=0, limit=0, users=0, log_sent=0 [ 4]: wlan=1, vlan_id=0, limit=0, users=0, log_sent=0 [ 5]: wlan=1, vlan_id=0, limit=0, users=0, log_sent=0 [ 6]: wlan=1, vlan_id=0, limit=0, users=0, log_sent=0 [ 7]: wlan=1, vlan_id=0, limit=0, users=0, log_sent=0...
Page 554 20-50 Overview Maximum Radio/CPU: Std Dev.Radio/CPU: 0.00 RFS7000(config-wireless)# RFS7000(config-wireless)#service show wireless snmp-trap-throttle throttle : 10 (default = 10) traps allowed through throttle: 3 traps dropped through throttle: 0 RFS7000(config-wireless)# RFS7000(config-wireless)#service wireless clear-ap-log 20 RFS7000(config-wireless)#service RFS7000(config-wireless)#service wireless dump-core RFS7000(config-wireless)# RFS7000(config-wireless)#service wireless dump-core RFS7000(config-wireless)# RFS7000(config-wireless)#service wireless rate-scale RFS7000(config-wireless)#...
Page 555 20-51 20.1.34 show Wireless Configuration Commands Use this command to view current system information. Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-wireless)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 556 20-52 Overview RFS7000(config-wireless)#show RFS7000(config-wireless)#show wireless AP Number of access-ports adopted Available licenses : 254 Redundancy enabled Redundancy mode : active Radios [indices] Model-Number Adoption- Mode 00-15-70-11-34-82 2 [ 3 4 ] WSAP-5100-100-WW L2 (vlan: 1) 00-A0-F8-EA-4C-99 2 [ 1 2 ] WSAP-5100-100-WW L2 (vlan: 2) RFS7000(config-wireless)#...
Page 557: Wlan
20-53 20.1.35 wlan Wireless Configuration Commands Use this command to configure Wireless LAN related commands. Syntax wlan(<1-256>|WLAN) (80211-extensions|accounting|add-vlan|answer-bcast-ess|authentication- type|client-bridge-backhaul| description|dot11i|enable|encryption-type| hotspot|inactivity-timeout|kdc|mobility|mu-mu-disallow|nac-mode|nac-server|qos| radius|secure-beacon|set-vlan-user-limit|ssid|syslog|vlan|wep128|wep64) wlan<1-256> (80211-extensions)( move-command)(enable) wlan <1-256> (accounting)(none|radius|ssyslog) wlan<1-256> (add-vlan)[<1-4094>|VLAN] (limit)<0-8192> wlan <1-256> authentication-type(eap|hotspot|kerberos|mac-auth|none) wlan<1-256> (client-bridge-backhaul)(enable) wlan <1-256> (dot11i)(handshake|key|key-rotation|key-rotation-interval| opp-pmk-caching|phrase|pmk-caching|preauthentication|second-key| tkip-cntrmeas-hold-time|wpa2-tkip) wlan <1-256>...
Page 558 20-54 Overview wlan <1-256> radius authentication-protocol(chap|pap) wlan <1-256> radius mac-auth-format [middle-dash|no-delim|pair-colon| pair-dash|quad-dot] wlan <1-256> radius server(primary|secondary|timeout) wlan <1-256> radius server(primary|secondary) (ip-address(auth-port)<1024-65535>)(radius-key(0|2|LINE)) wlan <1-256> radius server timeout<1-300> retransmit<1-100> wlan<1-256> (set-vlan-user-limit)[<1-4094>|VLAN] wlan <1-256> syslog (accounting) server<IP Address> port<Port Number> wlan <1-256> vlan [<1-4094>|VLAN] wlan <1-256>...
Page 559 20-55 The authentication type of this WLAN. authentication-type (eap|hotspot|kerberos| • eap – EAP authentication (802.1X). mac-auth|none) • hotspot – Web based authentication. • kerberos – Kerberos authentication (encryption type changes to wep128 if its not already wep128/keyguard). • mac-auth – MAC authentication (RADIUS lookup of MAC address). •...
Page 560 20-56 Overview dot11i [handshake | key | Modifies tkip/ccmp (802.11i) related parameters. key-rotation | key-rotation- • handshake (timeout <100-5000>) (retransmit<1-10>) – Use a handshake interval | to configure timeout and retransmission. opp-pmk-caching | • timeout<100-5000> – The timeout (in milliseconds) between phrase|pmk-caching | retries.
Page 561 20-57 The encryption type for this WLAN. Options include: encryption-type() • ccmp – AES Counter Mode CBC-MAC Protocol (AES-CCM/CCMP). • keyguard – Keyguard-MCM (Mobile Computing Mode). • none – No encryption. • tkip – Enables Temporal Key Integrity Protocol (TKIP). •...
Page 562 20-58 Overview Modifies hotspot related parameters. hotspot() • allow (rule index) (IP address) – Modifies hotspot allow-list parameters. Users who have not yet authenticated must be allowed access to these IP addresses. • Rule index – Allow-list Rule index (must be between (1-10). •...
Page 563 20-59 Modifies KDC related parameters. [password (0||LINE) | • password(0|2|LINE) – KDC server password, up to 127 characters. realm (LINE) | server • 0 – Password is specified UNENCRYPTED. (primary|secondary|timeo ut)] auth-port<1-65535> • 2 – Password is encrypted with password-encryption secret. •...
Page 564 20-60 Overview Configuring NAC server IP address and optional authentication port number. nac-server () [primary|secondary| • [primary|secondary] [EAP Server IP Address|RADIUS Key] – Primary server timeout or secondary server’s IP address. • A.B.C.D (auth-port) – EAP server IP address and EAP server authentication port (default:1812).
Page 565 20-61 Quality of Service commands. [classification | • classification [background|best-effort|video|voice|wmm] – Select how mcast-with-dot11i| traffic on this WLAN is classified (relative prioritization on the access mcast1 | mcast2 | port). prioritize-voice | svp | • background – Traffic on this WLAN is treated as background traffic. weight|wmm] •...
Page 566 20-62 Overview • aifsn – (Arbitration Inter Frame Spacing Number) The wait time (in milliSeconds) between data frames derived using AIFSN and the slot-time. • cw – (Contention Window parameters) MU’s pick a number between 0 and the minimum contention window to wait before retrying transmissions.
Page 567 20-63 • pap – Password Authentication Protocol. • dscp<0-63> – Specifies a DSCP (Differentiated Services Code Point) v to provide QoS to RADIUS packets. The DSCP value must be between 0-63. • dynamic-authorization (enable) – Configures support for RADIUS dynamic authorization extensions (such as Disconnect Message) and Change-Of-Authorization, as described in RFC 3576.
Page 568 20-64 Overview • server timeout<1-300> retransmit<1-100> – Modify RADIUS/802.1X server parameters. • timeout<1-300> – Time, in seconds, the switch waits for a response from the RADIUS server before retrying. • retransmit<1-100> – Number of retries before the switch gives up and disassociates the mobile unit.
Page 569 20-65 Configures WEP128 parameters. wep128 (key<1-4> (ascii|hex)<0|2|WORD> | • key<1-4> – Configures pre-shared hex keys. phrase (LINE) | wep-default- • ascii – Keys as ascii characters (5 characters for wep64, 13 for wep128). key<1-4>) • hex – Keys as hexadecimal characters (10 characters for wep64, 26 for wep128).
Page 570 20-66 Overview RFS7000(config-wireless)#wlan 1 nac-server primary 11.22.33.44 auth-port 2004 RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 radius accounting timeout 30 retransmit 50 RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 radius mobile-unit timeout 30 retransmit 5 RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 ssid TestString RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 syslog accounting server 12.13.14.125 port 5005 RFS7000(config-wireless)#...
Page 571 20-67 20.1.36 wlan-bw-allocation Wireless Configuration Commands Use this command to enable WLAN bandwidth allocation on all radios. Syntax wlan-bw-allocation (enable) Parameters enable Enables WLAN bandwidth allocation on all radios. Example RFS7000(config-wireless)#wlan-bw-allocation enable RFS7000(config-wireless)#...
Page 572 20-68 Overview...
Page 573 SOLE Instance instance to configure SOLE related configuration commands. (config-sole) 21.1 SOLE Config Commands Table 21.1 summarizes the commands within the switch command line config-sole Table 21.1 Location Engine Config Command Summary Command Description Ref. adapter Configures the SOLE Adapter. page 21-2 clrscr Clears the display screen.
Page 574: Adapter
21-2 Overview 21.1.1 adapter SOLE Config Commands Use this command to enable or disable SOLE adapter. Syntax adapter (aeroscout) (enable) Parameters adapter SOLE Adapter name. (aeroscout) (enable) • aeroscout – Name of the adapter. • enable – Enables SOLE adapter. Usage Guidelines to disable aeroscout or all SOLE adapter.
Page 575: Clrscr
21-3 21.1.2 clrscr SOLE Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-sole)#clrscr RFS7000(config-sole)#...
Page 576: End
21-4 Overview 21.1.3 end SOLE Config Commands Use this command to end and exit from the current mode and change to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-sole)#end RFS7000#...
Page 577: Exit
21-5 21.1.4 exit SOLE Config Commands Use this command to end current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes RFS7000 (config)# Syntax exit Parameters None. Example RFS7000(config-sole)#exit RFS7000(config)#...
Page 578 21-6 Overview 21.1.5 help SOLE Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-sole)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 579 21-7 21.1.6 no SOLE Config Commands Use this command to negate a command or set its defaults. Syntax Parameters ADAPTER (enable) Disables the specified SOLE adapter. enable Using this with disables all SOLE adapters. Usage Guidelines to either disable the aeroscout adapter or all SOLE [no] adapter [aeroscout(enable)|enable] adapters.
Page 580 21-8 Overview 21.1.7 service SOLE Config Commands Use this command to invoke service commands to troubleshoot or debug instance (config-if) configurations. Syntax service (show) (cli) Parameters show (cli) Show CLI tree of current mode. Example RFS7000(config-sole)#service show cli Location Engine Config mode: +-adapter +-ADAPTER +-enable [adapter (ADAPTER|) enable]...
Page 581 21-9 +-new [show alarm-log (count|all|new|acknowledged|severity-to-limit|<1- 65535>|)]............................................................RFS7000(config-sole)#...
Page 582 21-10 Overview 21.1.8 show SOLE Config Commands Use this command to view the current system information. Syntax show <parameters> show sole [config(adapter)|stats (adapter)|status(adapter|engine)] Parameters Displays all the parameters for which the information can be viewed using theshow command. Example RFS7000(config-sole)#show ? access-list Internet Protocol (IP) aclstats...
Page 583 21-11 wireless Wireless configuration commands wlan-acl wlan based acl RFS7000(config-sole)#show RFS7000(config-sole)#show sole config adapter SOLE Adapter Adapter Type: AeroScout Adapter Version: 2.01 Configured Status: enabled Operational Status: enabled Adapter Build Time: Fri Oct 12 13:08:59 2007 RFS7000(config-sole)# RFS7000(config-sole)#show sole stats adapter Adapter Type: AeroScout Adapter Status: enabled Number of messages received from engine Number of messages sent to engine...
Page 584 21-12 Overview...
Page 585 Software type and version number • Motorola responds to calls by email, telephone or fax within the time limits set forth in support agreements. If you purchased your Enterprise Mobility business product from a Motorola business partner, contact that business partner for support.
Page 586 A - 2 RFS7000 Series CLI Reference Guide...
Page 588 MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.com 72E-103891-01 Revision A January 2008...

Motorola RFS7000 Series Reference Manual

About this Guide

Chapter 1. Introduction

Chapter 2 . Common Commands

Chapter 3 . User Exec Commands

Chapter 4. Privileged Exec Commands

Chapter 5. Global Configuration Commands

Chapter 6 . Crypto - Isakmp Instance

Chapter 7 . Crypto - Group Instance

Chapter 8 . Crypto - Peer Instance

Chapter 9 . Crypto - Ipsec Instance

Chapter 10 . Crypto - Map Instance

Chapter 11 . Crypto - Trustpoint Instance

Chapter 12. Interface Instance

Chapter 13 . Spanning Tree-MST Instance

Chapter 14 . Extended ACL Instance

Chapter 15 . Standard ACL Instance

Chapter 16. Extended MAC ACL Instance

Chapter 17. DHCP Instance

Quick Links

Related Manuals for Motorola RFS7000 Series

Summary of Contents for Motorola RFS7000 Series