Who Should Use this Guide The RFS7000 Series CLI Reference Guide is intended for system administrators responsible for the implementing, configuring, and maintaining the RFS7000 using the switch command line interface (CLI). It also serves as a reference for configuring and modifying most common system settings.
RFS7000 Series CLI Reference Guide Table 1 Quick Reference on How This Guide Is Organized (Continued) Chapter Jump to this section if you want to... Chapter 10, “Crypto - map Instance” Summarizes the crypto-map commands within the RFS7000 Switch CLI.
Notational Conventions The following notational conventions are used in this document: • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related documents. • Bullets (•) indicate: • action items •...
Use the Motorola Support Center as the primary contact for any technical problem, question, or support issue involving Motorola products. Motorola Support Center responds to calls by email, telephone or fax within the time limits set forth in individual contractual...
Page 7
WARRANT THAT YOU HAVE THE AUTHORITY TO BIND THAT COMPANY, PERSON OR ENTITY. 1. LICENSE GRANT. Subject to the terms of this Agreement, Motorola, Inc. and/or its subsidiaries ("Licensor") hereby grants Licensee a limited, personal, non-sublicensable, non transferable, nonexclusive license to use the software that Licensee is about to download or install and the documentation that accompanies it (collectively, the "Software") for Licensee's personal...
Page 8
RFS7000 Series CLI Reference Guide conditions of this EULA. With respect to technical information you provide to Licensor as part of any Support Services, Licensor may use such information for its business purposes, including for product support and development. Licensor will not utilize such technical information in a form that personally identifies Licensee.
Page 9
Rights" as provided for in FAR, 48 CFR 52.227-14 (JUNE 1987) or DFAR, 48 CFR 252.227- 7013 (OCT 1988), as applicable. The "Manufacturer" for purposes of these regulations is Motorola, Inc., One Symbol Plaza, Holtsville, NY 11742. 12. EXPORT RESTRICTIONS. Licensee shall comply with all export laws and restrictions and regulations of the Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control ("OFAC"), or other United States or...
This chapter describes the basic features of the Motorola CLI and how to use them. Topics covered include an introduction to command modes, navigation and editing features, help features, and command history features.
Page 22
Overview To access commands, enter the PRIV EXEC mode, which is the second level of access for the EXEC mode. In the PRIV EXEC mode, enter any EXEC command. The PRIV EXEC mode is a superset of the USER EXEC mode. Most of the USER EXEC mode commands are one-time commands and are not saved across reboots of the switch.
Table 1.1 CLI Context Hierarchy for RFS7000 User Exec Mode Priv Exec Mode Global Configuration Mode exit interface help kill license logout line mkdir logging more management page ping prompt quit radius-server reload redundancy rename service rmdir show service snmp-server show spanning-tree telnet...
Page 24
Overview Use any of the following commands to get help specific to a command mode, command name, keyword or argument: Command Description (prompt)# help Displays a brief description of the help system. (prompt)# abbreviated-command-entry ? Lists commands in the current mode that begin with a particular character string.
command argument (e.g. 'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'show ve?'.) RFS7000> 1.3 Using the no and default forms of Commands Almost every configuration command has a form.
Overview 1.5 Using CLI Editing Features and Shortcuts A variety of shortcuts and editing features are available. The following sections describe these features: • Moving the Cursor on the Command Line • Completing a Partial Command Name • Deleting Entries •...
Keystrokes Function Function Details Summary Esc-C Converts the rest of word to uppercase. Esc-L Converts the rest of word to lowercase. Esc-D Deletes the remainder of word. Ctrl-W Deletes a word up to the cursor. Ctrl-Z Enters the command and retursn to the root prompt. Ctrl-L Refreshes the input line.
Overview Keystrokes Purpose Ctrl-D Deletes the character at the cursor. Ctrl-K Deletes all characters from the cursor to the end of the command line. Ctrl-W Deletes the word up to the cursor. Esc, D Deletes from the cursor to the end of the word. 1.5.4 Re-displaying the Current Command Line It is easy to recall the current command line entry if the system suddenly displays a message when entering a command.
1.5.7 Controlling Capitalization CLI commands are generally case-insensitive, and are typically in lowercase. To change the capitalization of the commands, use any of the following key sequences: Keystrokes Purpose Esc, C Capitalizes the letters at the right of cursor. Esc, L Changes the letters at the right of cursor to lowercase.
Common Commands This chapter explains the common CLI commands used amongst the USER EXEC and PRIV EXEC modes. The PRIV EXEC command set contains the commands available in USER EXEC mode. Some commands can be entered in either mode. Commands entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands.
Overview 2.1 Common Commands Table 2.1 summarizes commands common amongst many switch contexts and instances. Table 2.1 Common commands amongst most contexts Command Description Ref. clrscr Clears the display screen. page 2-3 debug Debugging functions. page 2-4 exit Ends the current mode and moves to the previous mode. page 2-10 help Describes the interactive help system.
Overview 2.1.2 debug Common Commands Use this command to debug certificate management, ip, mobility and MSTP functionalities. Syntax (User Exec) debug [certmgr (all|error|info)|ip (https|ssh)| mobility (cc|error|forwarding <MAC Address>|mu|packet|peer|system)] Syntax (Priv Mode) debug [all|cc|ccstats|certmgr|dhcpsvr|imi|ip|logging|mgmt|mobility|mstp|nsm| pktdrvr|radius|redundancy|securitymgr|sole] Parameters (User Exec) Debugs certificate manager messages. certmgr (all|error|info) •...
Page 35
Parameters (Priv Mode) Enables debugging. Cell controller (wireless) debugging messages. cc [access-port|all|al tap-detect| • access-port – Access port logs. capwap| • all – All modules. cluster|config|dot11|eap| ids|kerberos| • alt – Address lookup logs. l3-mob|media|mobile- • ap-detect – Rogue AP detection logs. unit|radio|radius| •...
Page 36
Overview DHCP Conf Serv er Debugging Messages. dhcpsvr [all|error|info] • all – Traces error and info messages from the DHCP Conf Server. • error – Traces error messages from the DHCP Conf Server. • info – Traces informational messages from the DHCP Conf Server. Integrated Management Interface.
Page 37
L3 Mobility. mobility [all|cc|error|forwarding • all – All debugging (except "forwarding"). <MAC Address>| • cc – ccserver events. mu|packet|peersystem] • error – Error. • forwarding – Dataplane forwarding. • <MAC Address> – MAC address of the mobbile unit. • mu – MU events and state changes. •...
Page 38
Overview Redundancy protocol debugging messages. redundancy [all|ccmsg|config|errors| • all – Debugging all. general|heartbeats|init| • ccmsg – Msg exchange with CC. packets|proc|shutdown| states|subagent|timer| • config – Configuration processing. warnings] • errors – Errors. • general – General. • heartbeats – Heartbeats processing. •...
Page 39
Example RFS7000#debug cc all RFS7000#configure t Enter configuration commands, one per line. End with CNTL/Z. RFS7000(config)#logging console 7 RFS7000(config)#Mar 15 15:41:47 2008: CC: cluster: portal unadopted. portal count now: 7 Mar 15 15:41:47 2008: CC: cluster: tx-to-wccp ap: 4, radio: 7, mu: 0, rogue: 0, sheal: 0, max-ap: 256 Mar 15 15:41:47 2008: CC: cluster: portal unadopted.
2-10 Overview 2.1.3 exit Common Commands Use this command to end the current mode and move to the previous mode. Syntax exit Parameters None. Example RFS7000(config)#exit...
2-11 2.1.4 help Common Commands Use this command to access the advanced help feature. Use “?” at the command prompt to access the help topic. Two styles of help are provided: 1. Full help is available when ready to enter a command argument and describe each possible argument. There is a space between the command and ?, (for example 'show ?') .
Page 42
2-12 Overview 2.1.5 no Common Commands Use this command to negate a command or set its defaults. Syntax Parameters None. Example (User Exec) RFS7000>no ? cluster-cli Cluster context debug Debugging functions page Toggle paging service Service Commands RFS7000>no Example (Priv Exec) RFS7000#no ? cluster-cli Cluster context...
2-14 Overview 2.1.6 service Common Commands Use this command to service/debug the switch. Syntax (User Exec) service [diag|encrypt|locator|save-cli|show|wireless] service diag [enable|identify|limit (options)|period <100-30000>|watchdog] service diag limit [buffer(128|128k|16k|1k|256|2k|32|32k|4k|512|64|64k|8k)<0- 65535> | fan <1-3>|filesys (etc2|flash|var)| inodes (etc2|flash|var)|load (1|15|5)|maxFDs <0-32767>| pkbuffers <0-65535>|procRAM < 0.0-100.0>|ram <0.0-25.0>| routecache <0-65535>|temperature <1-8>] service encrypt (secret)<2>...
Page 45
2-15 Use this parameter to set the diagnostic limit submodes/commands. Configure limit [buffer the buffer usage warning limit. The warning limit can be set to one of the (128|128k|16k|1k|256|2k| following sizes: 32|32k|4k|512|64|64k|8k] <0-65535> • buffer – Buffer usage warning limit. •...
Page 46
2-16 Overview limit (pkbuffers) Configures the packet buffer cache limit. Set between 0 to 65535 as the buffer <0-65535> cache limit. limit (procRAM) Defines the RAM space used by a process. Set the percentage of RAM space < 0.0-100.0> used by the processor between 0 to 100.0 percent. limit (ram) <0.0-25.0>...
Page 47
2-17 service (wireless) wireless Wireless parameters. Syntax (Priv Exec) service [clear|copy|diag|diag-shell|encrypt|locator|pktcap|pm| save-cli|securitymgr|show|start-shell|test|watchdog|wireless] service clear [all|aplogs|clitree|cores|dumps|panics| securitymgr (flows)[<0-349>|WORD|all|fe|ge|me1|sa|vlan]] service copy (tech-support)[FILE|URL] service diag [enable|identify|limit|period] service diag limit [buffer (128|128k|16k|1k|256|2k|32|32k|4k|512|64|64k|8k) <0-65535>|fan <1-3> (low)|filesys (etc2|flash|var)| inodes (etc2|flash|var)|load (1|15|5)|maxFDs <0-32767>| pkbuffers <0-65535>|procRAM <0.0-100.0>|ram <0.0-25.0>| routecache <0-65535>|temperature <1-8>...
Page 48
2-18 Overview diag [enable|identify|limit| Use this parameter as a diagnostics tool. period] • enable – Enables service diagnostics. • identify – Identifies this switch by flashing the LEDs. • limit – Diagnostic limit command. • buffer (128|128k|16k|1k|256|2k|32|32k|4k|512|64|64k|8k) <0-65535> – Buffer usage warning limit. •...
Page 49
2-19 pktcap (on) Packet capture. [bridge|interface|router|vp • on – Capture location. • bridge – Capture at bridge. [count|filter|verbose|write • count – Limit capture packet count. • filter – Capture filter. • verbose – Displays full packet body. • write – Capture to a file. •...
Page 50
2-20 Overview show [cli|command- Displays running system information. history|crash-info| • cli – Displays CLI tree of current mode. diag|info|last-passwd| • command-history – Displays command (except show commands) history. memory|pm (history)[Process- • crash-info – Displays information about core, panic and AP dump files. name|all] |process| •...
Page 51
2-21 wireless Wireless parameters. [ap-history| • ap-history – Access port history. buffer-counters| • buffer-counters – Allocation counts for various buffers. clear-ap-log <1-256>| dump-core | • clear-ap-log – Clears ap logs. idle-radio-send-multicast| • dump-core – Creates a core file of the ccsrvr process. legacy-load-balance| map-radios <1-127>| •...
Page 52
2-22 Overview prompt (crash-info) Enables crash-info prompt. radius (restart) Enables the RADIUS Server. set (command-history Set service parameters. <10-300>|reboot-history • command-history <10-300> – Sets the size of the command history. The <10-100>| default value is 200. upgrade-history <10-100>) • reboot-history <10-100> – Sets the size of the reboot history. The default value is 50.
Page 53
2-23 Low speed limit RFS7000#service diag limit fan 1 low ? <1000-15000> Limit value from 1000 to 15,000 RFS7000#service diag limit fan 1 low 1100 RFS7000#service diag limit fan 2 low 10000 RFS7000#Sep 01 15:51:54 2006: %DIAG-4-FANUNDERSPEED: Fan case under speed: 8881 RPM is under limit 10000 RPM RFS7000#service diag limit filesys ? etc2...
2-27 2.1.7 terminal Common Commands Use this command to set the length /number of lines displayed on the terminal window. Syntax terminal[length <0-512>|no(length <0-512>|width)|width <0-512> ] Parameters length Sets the number of lines on a screen. Negates a command or sets its defaults. width Sets the width/number of characters on a screen line.
2-28 Overview 2.2 show Common Commands This command displays the settings for the specified system component. There are a number of ways to invoke the show command: • Invoked without any arguments, show displays information about the current context. If the current context contains instances, then show command (usually) displays a list of these instances.
Page 59
2-29 Display Description Mode Example Parameters radius Displays RADIUS configuration commands. Common page 2-58 redundancy-group Displays redundancy group parameters. Common page 2-59 redundancy-history Displays the switch state transition history. Common page 2-61 redundancy- Displays redundancy group members in detail. Common page 2-62 members snmp...
2-32 Overview 2.2.2 banner Common to all modes Syntax show banner Parameters motd Enters the Message of the Day banner. Example RFS7000>show banner motd Welcome to CLI RFS7000>...
Page 64
2-34 Overview no page no service diag enable no service diag period no service diag watchdog no service locator page (exit|logout|quit) show autoinstall show autoinstall status show banner motd show commands show debugging show debugging mstp show environment show history .............(contd) RFS7000>...
Security engine periodically updates the IPSec and Isakamp statistics for every 60 seconds. Example RFS7000(config)#show crypto pki trustpoints Trustpoint :default-trustpoint ----------------------------------------------- Server certificate configured Subject Name: Common Name: Motorola Organizational Unit: EWLAN Organization: Enterprise Mobility Location: San Jose State: Country:...
2-37 2.2.5 debugging Common to all modes Syntax show debugging (mstp) Parameters Displays information related to the Multiple Spanning Tree Protocol (MSTP). mstp Example RFS7000(config)#show debugging mstp MSTP debugging status: RFS7000(config)#...
2-38 Overview 2.2.6 environment Common to all modes Syntax show environment Parameters None. Example RFS7000>show environment upwind of CPU temperature : 30.0 C CPU die temperature : 53.0 C left side temperature : 30.0 C by FPGA temperature : 29.0 C front right temperature : 27.0 C front left temperature :...
2-39 2.2.7 history Common to all modes Syntax show history Parameters None. Example RFS7000>show history 1 show 2 clrscr 3 enable 4 clrscr 5 configure terminal 6 exit 7 clrscr 8 show history RFS7000>...
2-40 Overview 2.2.8 interfaces Common to all modes Syntax show interfaces [<name>|fe|ge <1-4>|sa <1-4>| switchport(<name>|fe|ge|sa|tunnel|vlan)|tunnel <1-32>|vlan <1-4094>] Parameters IFNAME Interface name. FastEthernet interface. ge <1-4> GigabitEthernet interface. Select an index value between 1- 4. sa <1- 4> StaticAggregate interface. Select an index value between 1- 4. switchport () Status of Layer2 interfaces.
Page 72
2-42 Overview 2.2.9 ip Common to all modes Syntax show ip [access-group (IFNAME | eth <1-2> | vlan <1-4094>) | access-list |arp | ddns(binding)| dhcp (binding|class|pool|sharednetwork)| dhcp-vendor-options | domain-name |http(secure-server|server)| interface(IFNAME|brief|tunnel|vlan) | name-server | nat (interfaces|translations[inside|outside][destination|source])| route(A.B.C.D|A.B.C.D/M|detail) | routing | ssh | telnet ] show ip access-group (IFNAME|eth <1-2>...
Page 73
2-43 dhcp-vendor-options DHCP Option 43 parameters received from DHCP server. domain-name Default domain for DNS. http Hyper Text Transfer Protocol. • secure-server – Secure HTTP server. • server – HTTP server. interface IP interface status and configuration. • IFNAME – Interface name. •...
Page 74
2-44 Overview b. If the stauts of the VLAN is UP (even if interfaces are diconnected), shutdown the VLAN associated with fe1: RFS7000(config)*#show ip interface brief Interface IP-Address/Mask Status Protocol 157.235.208.122/24(DHCP) up vlan1 unassigned(DHCP) vlan200 unassigned RFS7000(config)*#shutdown c. Check the status and note if the VLAN has been disassociated. Its status has now changed to DOWN.
Page 75
2-45 RFS7000#show ip dhcp pool ip dhcp pool pl ip dhcp pool pool1 domain-name test.com bootfile 123 network 10.10.10.0/24 address range 10.10.10.2 10.10.10.30 ip dhcp pool poo110 next-server 1.1.1.1 netbios-node-type b-node RFS7000#show ip dhcp-vendor-options Server Info: Firmware Image File: Config File: Cluster Config File: RFS7000#show ip domain-name IP domain-lookup : Enable...
Page 76
2-46 Overview 1.1.1.0/24 [1/0] via 1.1.1.2 inactive 10.0.0.0/8 [1/0] via 10.10.10.10 inactive 157.235.208.0/24 [1/0] via 157.235.208.246 inactive RFS7000#show ip ssh SSH server: enabled Status: running Keypair name: default_ssh_rsa_key Port: 22 RFS7000#show ip telnet Telnet server: enabled Status: running Port: 23...
2-47 2.2.10 ldap Common to all modes Syntax show ldap(configuration(primary|secondary)) Parameters ldap LDAP server. configuration LDAP server configuration parameters. primary Primary LDAP server. secondary Secondary LDAP server. Example RFS7000(config-radsrv)#show ldap configuration LDAP Server Config Details __________________________ Primary LDAP Server configuration IP Address : 10.10.10.1 Port...
2-48 Overview 2.2.11 licenses Common to all modes Syntax show licenses Parameters None. Example RFS7000(config)#show licenses feature usage license string license value usage 2FFD7fE9 CD016155 14A92C70...
2-49 2.2.12 logging Common to all modes Syntax show logging Parameters None. Example RFS7000(config)#show logging Logging module: enabled Aggregation time: disabled Console logging: level debugging Monitor logging: disabled Buffered logging: level informational Syslog logging: disabled Log Buffer (3840 bytes): Feb 19 22:25:28 2007: %NSM-6-DHCPIP: Interface fe acquired IP address 157.235.208.122/24 via DHCP Feb 19 21:33:09 2007: %KERN-6-INFO: fe: Setting full-duplex based on negotiated link capability..
2-50 Overview 2.2.13 mac Common to all modes Syntax show mac(access-list) Parameters access-list Lists MAC access lists. Example RFS7000(config)#show mac access-list RFS7000(config)#...
2-52 Overview 2.2.15 management Common to all modes Syntax show management Parameters None. Example RFS7000(config)#show management Mgmt Interface: vlan1 Management access permitted via any vlan interface RFS7000(config)#...
2-53 2.2.16 mobility Common to all modes Syntax show mobility [event-log|forwarding|global|mobile-unit|peer|statistics] show mobility event-log [mobile-unit|peer] show mobility forwarding (AA-BB-CC-DD-EE-FF) show mobility mobile-unit [<AA-BB-CC-DD-EE-FF>|detail] show mobility peer [<A.B.C.D>|detail] show mobility statistics <AA-BB-CC-DD-EE-FF> Parameters event-log Displays mobility event logs . • mobile-unit – MU event logs. •...
2-56 Overview 2.2.18 port-channel Common to all modes Syntax show port-channel (load-balance) Parameters load-balance Load balancing. Example RFS7000(config)#show port-channel load-balance RFS7000(config)#...
2-57 2.2.19 privilege Common to all modes Syntax show privilege Parameters None. Example RFS7000>show privilege Current user privilege: superuser RFS7000>...
2-58 Overview 2.2.20 radius Common to all modes Syntax show radius [configuration|eap(configuration)|group|nas( A.B.C.D/M)|proxy| rad- user|trust-point] Parameters radius RADIUS configuration commands. configuration RADIUS server configuration parameters. eap (configuration) EAP parameters and configuration. group RADIUS group configuration. nas (A.B.C.D/M) Enter a client IP address and mask. proxy Proxy information.
2-59 2.2.21 redundancy-group Common to all modes This command displays the switch’s IP address, number of active neighbors, group license, installed license, cluster AP adoption count, switch adoption count, hold time, discovery time, heartbeat interval, cluster id, switch mode etc. In a cluster, this command displays the redundancy runtime and configured information of the self-switch.
2-61 2.2.22 redundancy-history Common to all modes This command displays the history of the state transition by the RFS7000 switch. In a cluster, this command displays the history of the switch state transitions of the self-switch. Syntax show redundancy-history Parameters None.
2-62 Overview 2.2.23 redundancy-members Common to all modes This command displays the switches in the cluster which are all seen by the RFS7000 switch. The user can provide the IP address of the switch in cluster whose information alone is needed. Syntax show redundancy-members (A.B.C.D) Parameters...
2-64 Overview 2.2.25 snmp-server Common to all modes Syntax show snmp-server[traps(wireless-statistics( mobile-unit | radio | wireless-switch | wlan))] Parameters traps Displays trap enabled flags. wireless-statistics Displays wireless-stats rate traps. mobile-unit Displays mobile unit rate traps. radio Displays radio rate traps. wireless-switch Displays switch rate traps.
2-66 Overview 2.2.26 sole Common to all modes Syntax show sole (config|stats|status) show sole (config|stats)(adapter)(ADAPTER NAME) show sole (status)[adapter|engine (ADAPTER)] Parameters config (adapter) SOLE configuration information. Displays (ADAPTER NAME) • adapter – Displays configuration for all of specific SOLE adapters. stats (adapter) adapter specific statistics such as : Number of tag reports sent, number Displays...
2-69 2.2.28 static-channel-group Common to all modes Syntax show static-channel-group Parameters None. Example RFS7000>show static-channel-group RFS7000>...
2-70 Overview 2.2.29 terminal Common to all modes Syntax show terminal Parameters None. Example RFS7000(config)#show terminal Terminal Type: vt102 Length: 42 Width: 125 RFS7000(config)#...
2-72 Overview 2.2.31 users Common to all modes Syntax show users Parameters None. Example RFS7000(config)#show users Line User Uptime Location 0 con 0 1003 admin 11:38m ttyS0 130 vty 0 27693 admin 10:21m RFS7000(config)#...
2-73 2.2.32 version Common to all modes Syntax show version (verbose) Parameters verbose Displays software and hardware details. Example RFS7000(config)#show version RFS7000 version 1.0.0.0-228D MIB=01a Copyright (c) 2006 Symbol Technologies, Inc. Booted from primary. Switch uptime is 0 days, 5 hours 50 minutes CPU is RMI Phoenix V0.4 255188 kB of on-board RAM RFS7000(config)#...
2-74 Overview 2.2.33 wireless Common to all modes Syntax show wireless [aap-version |ap (<1-48>|AA-BB-CC-DD-EE-FF)| ap-detection-config | ap-images | ap-unadopted | approved-aps | channel-power(11a {indoor|outdoor}|11b {indoor|outdoor}|11bg {indoor|outdoor})| config | country-code-list|enhanced-beacon-table [config|report]| enhanced-probe-table[config|report]|hotspot-config <1-32>| ids (configured-bad-essids|filter-list)|known|mac-auth-local<1-1000> | mesh|mobile-unit (<1-4096>|AA-BB-CC-DD-EE-FF| association-history <MAC address>|multicast-packet-limit| phrase-to-key (wep128 | wep64)| qos-mapping (wired-to-wireless | wireless-to-wired)| radio (<1-1000>|beacon-table|config(<1-1000>|default-11a|default-11b|...
Page 105
2-75 show wireless sensor (default-config | discovered-sensors) show wireless unapproved-aps show wireless wireless-switch-statistics (detail) show wireless wlan (config( <1-32> | all | enabled)| statistics <1-32>) Parameters aap-version Displays the minimum Adaptive firmware version string. Status of adopted access port. • <1-48> – The index of the access port. •...
Page 106
2-76 Overview Intrusion detection parameters. • configured-bad-essids – Display the list of configured bad essids. This sets the number of seconds for which the MU will be filtered. • filter-list – Displays the list of currently filtered mobile units. known (ap) (statistics) Known AP related parameters.
Page 107
2-77 radio Radio related commands. • <1-1000> – A single radio index. • beacon-table – The radio-to-radio beacon table. • config <1-1000> – Radio configuration. • default-11a – Default 11a configuration template. • default-11b – Default 11b configuration template. • default-11bg – Default 11bg configuration template. •...
2-81 2.2.34 wlan-acl Common to all modes Syntax show wlan-acl [<1-256>|all] Parameters <1-256> Displays ACLs attached to the specified WLAN ID. Displays ACLs attached to the WLAN port. Example RFS7000>show wlan-acl 200 WLAN port: 200 Inbound IP Access List Inbound MAC Access List Outbound IP Access List Outbound MAC Access List : RFS7000>...
2-82 Overview 2.2.35 access-list Priviledge / Global Config This command lists all the access lists (numbered and named) configured on the switch. The numbered access list displays all numbered ACLs. The named access-list displays the details of the name ACL. Syntax show access-list show access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)
2-83 2.2.36 aclstats Priviledge / Global Config This command displays the statisitcs of all the access lists configured on the switch. Syntax aclstats [<name>|fe|ge <1-4>|sa <1-4>|tunnel <1-32>|vlan <1-4094>] Parameters IFNAME Interface name. FastEthernet interface. ge <1-4> GigabitEthernet interface. Select an index value between 1-4. sa <1- 4>...
2-84 Overview 2.2.37 alarm-log Priviledge / Global Config Syntax show alarm-log ( <1-65535>| acknowledged | all | count | new | severity-to-limit( critical |informational | major | normal | warning)) Parameters <1-65535> Displays details for specific alarm Id. acknowledged Displays acknowledged alarms currently in the system. Displays all alarms currently in the system.
2-85 2.2.38 boot Priviledge / Global Config Syntax show boot Parameters None. Example RFS7000#show boot Image Build Date Install Date Version ----- -------------------- -------------------- -------------- Primary Feb 05 20:27:25 2007 Feb 13 19:29:28 2007 1.0.0.0-228D Secondary Jan 19 06:41:09 2007 Jan 23 20:14:19 2007 1.0.0.0-200D Current Boot...
2-87 2.2.40 debugging Priviledge / Global Config Syntax show debugging (mstp) Parameters mstp Displays MSTP debugging information. Example RFS7000#show debugging mstp MSTP debugging status: MSTP all debugging is on RFS7000#show debugging mstp MSTP debugging status: MSTP all debugging is on RFS7000#...
2-88 Overview 2.2.41 dhcp Priviledge / Global Config Use this command to display DHCP Server configurations. Syntax show dhcp [config|status] Parameters config Displays DHCP server configuration. status Displays whether the DHCP server is running or not. Example RFS7000#show dhcp config service dhcp ip dhcp pool vlan63 default-router 192.168.157.2...
2-89 2.2.42 environment Privilege / Global Config Syntax show environment Parameters None. Example RFS7000#show environment upwind of CPU temperature : 33.0 C CPU die temperature : 62.0 C left side temperature : 31.0 C by FPGA temperature : 30.0 C front right temperature : 28.0 C front left temperature :...
2-90 Overview 2.2.43 file Privilege / Global Config Syntax show file (information (FILE)| systems) Parameters information (FILE) Displays information on FILE. systems Lists filesystems. Example RFS7000(config)#show file systems File Systems: Size(b) Free(b) Type Prefix opaque system: 10485760 9912320 flash nvram: 20971520 19742720 flash...
2-92 Overview 2.2.45 password-encryption Priviledge / Global Config Syntax show password-encryption (status) Parameters status Displays password-encryption status. Example RFS7000#show password-encryption status Password encryption is disabled RFS7000#...
2-93 2.2.46 running-config Privilege / Global Config Displays the contents of the configuration file for the switch, including all configured MAC and IP access lists and access groups applied to an interface. Syntax show running-config(full|include-factory) Parameters full Full configuration. include-factory Includes factory defaults.
Page 124
2-94 Overview RFS7000(config)#show running-config include-factory ! configuration of RFS7000 version 1.1.0.0-014D version 1.0 service prompt crash-info no service set command-history no service set reboot-history no service set upgrade-history hostname RFS7000 banner motd Welcome to CLI username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin access console web ssh telnet username admin privilege...
2-97 2.2.49 spanning-tree Privilege / Global Config Use this command to display spanning tree information. Syntax show spanning-tree (mst)[config|detail|instance] Parameters Displays MST information. • config – Displays configuration information. • detail – Displays detailed information. • instance – Displays instance information. Example RFS7000(config)#show spanning-tree mst detail % Bridge up - Spanning Tree Enabled...
Page 128
2-98 Overview ge4: Designated Port Id 0 - CST Priority 128 ge4: CIST Root 0000000000000000 ge4: Regional Root 0000000000000000 ge4: Designated Bridge 0000000000000000 ge4: Message Age 0 - Max Age 0 ge4: CIST Hello Time 0 - Forward Delay 0 ge4: CIST Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0 ge4: Version Multiple Spanning Tree Protocol - Received None - Send STP ge4: No portfast configured - Current...
Page 129
2-99 sa2: Version Multiple Spanning Tree Protocol - Received None - Send STP sa2: No portfast configured - Current portfast off sa2: portfast bpdu-guard default - Current portfast bpdu-guard off sa2: portfast bpdu-filter default - Current portfast bpdu-filter on sa2: no root guard configured - Current root guard off sa2: Configured Link Type point-to-point - Current shared...
Page 130
2-100 Overview ge1: no root guard configured - Current root guard off ge1: Configured Link Type point-to-point - Current shared RFS7000(config)#...
2-101 2.2.50 startup-config Privilege / Global Config Syntax show startup-config Parameters None. Example RFS7000#show startup-config ! configuration of RFS7000 version 1.0.0.0-228D! version 1.0 service prompt crash-info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser spanning-tree mst config bridge region My Name no country-code logging console 7 snmp-server manager v2...
2-103 2.2.52 upgrade-status Privilege / Global Config Syntax show upgrade-status(detail) Parameters detail Last image upgrade log. Example RFS7000#show upgrade-status detail Last Image Upgrade Status : Successful Last Image Upgrade Time : Tue Aug 29 18:32:17 2006 -------------------------------------------------------- var2 is 10 percent full /tmp is 5 percent full Free Memory 151944 kB FWU invoked via Linux shell...
2-104 Overview 2.2.53 wlan-acl Privilege / Global Config Syntax show wlan-acl [<1-256>|all] <1-256> Displays ACLs attached to the specified WLAN ID. Displays ACLs attached to WLAN port. Example RFS7000(config)#show wlan-acl 102 WLAN port: 102 Inbound IP Access List : 110 Inbound MAC Access List : Outbound IP Access List: Outbound MAC Access List :...
User Exec Commands Logging in to the switch places you within the USER EXEC command mode. Typically, a log-in requires a user name and a password. You have three attempts to enter a password correctly before a connection attempt is refused.The USER EXEC commands available at the user level are a subset of those available at the privileged level.
Page 136
Overview 3.1 User Exec Commands Table 3.1 summarizes User Exec commands. Table 3.1 User Exec commands Summary Command Description Ref. clear Resets the command to the previous configuration. page 3-3 clrscr Clears the display screen. page 2-3 cluster-cli Cluster context. page 3-5 debug Debugging functions.
3.1.1 clear User Exec Commands Use this command to reset the command to previous configuration. Syntax clear [aclstats|alarm-log|arp-cache|crypto|ip|logging|mac|mobility|spanning-tree] clear alarm-log [<1-65535> | acknowledged|all|new] clear crypto [ipsec|isakmp] (sa) <A.B.C.D> clear ip (dhcp) (binding) [*|A.B.C.D| all] clear mac (address-table) [dynamic|multicast|static] [address|bridge|interface|vlan] clear mobility(event-log|mobile-unit|peer-statistics) clear mobility event-log(mobile-unit|peer) clear spanning-tree (detected)(protocols)(bridge|interface) Parameters...
Page 138
Overview mac (address-table) Clears layer 2 MAC entries in the forwarding database. [dynamic|multicast|static • dynamic – Clears all dynamic entries. • multicast – Clears all multicast entries. [address|bridge|interface |vlan] • static – Clears all entries configured through management. • address – Clears the specified MAC Address. •...
3.1.2 cluster-cli User Exec Commands Use this command to cluster all the CLI pertaining to the context it appears. This feature is useful to configure each switch in the cluster by logging in to one switch. This eliminates administrator time and effort N-1 times (if there are N switches in the cluster).
3.1.4 disable User Exec Commands Enable the PRIV mode to use this command. Then, use the command to exit the PRIV mode. disable Syntax disable Parameters None. Example RFS7000>disable RFS7000>...
3.1.6 logout User Exec Commands Use this command instead of the command to exit the EXEC mode. exit Syntax logout Parameters None. Example The RFS7000 Series Switch logs off on execution of this command.
Page 144
3-10 Overview 3.1.7 page User Exec Commands Use this command to toggle paging. Enabling this command displays the CLI output page by page, instead of running the entire output at once. Syntax page Parameters None. Example RFS7000>page ? <cr> RFS7000>page RFS7000>enable RFS7000>show running-config ! configuration of RFS7000 version 1.0.1.0-005D!
3-11 3.1.8 quit User Exec Commands Use this command to exit the current mode, and move back to the previous mode. Syntax quit Parameters None. Example The switch logs off upon execution of this command.
3-12 Overview 3.1.9 show User Exec Commands Use this command to exit the current mode and go down to previous mode. Syntax show Parameters autoinstall Displays the autoinstall configuration. banner Displays the “Message of the Day Login” banner. commands Displays command lists. crypto Displays encryption details.
Page 147
3-13 static-channel-group Displays static channel group membership. terminal Displays terminal configuration parameters. timezone Displays the timezone. users Displays information about terminal lines. version Displays the software and hardware version. wireless Displays wireless configuration commands. wlan-acl Displays WLAN based ACL information. Example RFS7000>show ? autoinstall...
Privileged Exec Commands Most PRIV EXEC mode commands set operating parameters. Privileged-level access must be password protected to prevent unauthorized use. The PRIV EXEC command set includes those commands contained in the USER EXEC mode. The PRIV EXEC mode also provides access to configuration modes using the configure command, and includes advanced testing commands.
Page 152
Overview 4.1 Priv Exec Command Table 4.1 summarizes the Priv Exec commands. Table 4.1 Priv Exec Command Summary Command Description Ref. acknowledge Acknowledges alarms. page 4-4 archive Manages archive files. page 4-5 Changes the current directory. page 4-7 change-passwd Changes the password of the logged in user. page 4-8 clear Reset function.
Page 153
Command Description Ref. page Toggles the paging functionality. page 4-30 ping Sends an ICMP echo message. page 4-31 Displays the current directory. page 4-32 quit Exits the current mode and moves down to the previous mode. page 4-33 reload Halts the switch and performs a warm reboot. page 4-34 rename Renames a file.
Overview 4.1.1 acknowledge Priv Exec Command Use this command to acknowledge alarms. Syntax acknowledge alarm-log [<1-65535> | all] Parameters alarm-log Acknowledges an alarm. • <1-65535> – Acknowledges specific alarm id. • all – Acknowledges all alarms. Example RFS7000#acknowledge alarm-log all No corresponding record found in the Alarm Log.
4.1.2 archive Priv Exec Command Use this command to manage archive files. Syntax archive tar /table [FILE|URL] archive tar /create [FILE|URL] FILE archive tar /xtract [FILE|URL] DIR Parameters Manipulates (creates, lists or extracts) a tar file. /table Lists files in a tar file. /create Creates a tar file.
Page 156
Overview RFS7000#archive tar /table ? FILE Tar filename Files: flash:/path/file cf:/path/file usb1:/path/file usb2:/path/file Tar file URL URLs: tftp://<hostname:port or IP>/path/file ftp://<user>:<passwd>@<hostname:port or IP>/path/file http://<hostname:port or IP>/path/file sftp://<user>@<hostname:port or IP>/path/file RFS7000#archive RFS7000#archive tar /xtract ? FILE Tar filename Files: flash:/path/file cf:/path/file usb1:/path/file usb2:/path/file Tar file URL...
Page 157
4.1.3 cd Priv Exec Command Use this command to change the current directory. Syntax cd [DIR|] Parameters Changes the current directory to DIR. Example RFS7000#cd nvram:/ system:/ flash:/ RFS7000#cd flash:/? Change current directory to DIR RFS7000#cd flash:/ flash:/backup/ flash:/crashinfo/ flash:/hotspot/ flash:/log/ flash:/out/ RFS7000#cd flash:/log/?
Overview 4.1.4 change-passwd Priv Exec Command Use this command to change the password of the logged in user. Syntax change-passwd Parameters None. Usage Guidelines A password must be between 8 to 32 characters in length. For safety, the console does not display the user entered key words (refer example) for the fields.
4-11 4.1.6 clock Priv Exec Command Use this command to configure the software system clock. Syntax clock set HH:MM:SS [1-31] MONTH [1993-2035] Parameters Sets the system date and time. Example RFS7000#clock set 15:10:30 08 Sep 2006 RFS7000#show clock Sep 08 15:10:31 UTC 2006...
RFS7000(config)# RFS7000:cluster-cli#show version *** START: Response from member: 172.20.15.18 **** RFS7000 version 1.0.1.0-005D Copyright (c) 2006-2007 Motorola, Inc. Booted from primary. Switch uptime is 7 days, 4 hours 28 minutes *** END: Response from member: 172.20.15.18 **** RFS7000 version 1.0.1.0-005D Copyright (c) 2006-2007 Motorola, Inc.
4-13 4.1.8 configure Priv Exec Command Use this command to move into the configuration mode. Syntax configure terminal Parameters terminal Configures from the terminal. Example RFS7000#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RFS7000(config)#...
4-14 Overview 4.1.9 copy Priv Exec Command Use this command to copy any file (config, log, txt ...etc) to and from the switch. NOTE Copying a new config file onto an exisitng running-config file merges it with the existing running-config. Both, the exisitng running-config and the new config file are applied as the current running-config of the switch.
Page 165
4-15 Transferring file snmpd.log to remote tftp server? RFS7000#copy flash:/log/snmpd.log tftp://157.235.208.105:/snmpd.log Accessing running-config file from remote tftp server into switchrunning-config? RFS7000#copy tftp://157.235.208.105:/running- config running-config...
4-16 Overview 4.1.10 debug Priv Exec Command Use this command for debugging purposes. This command is also used to debug various features. Syntax debug all debug cc [access-port|all|alt|ap-detect|capwap|cluster| config|dot11|eap|ids|kerberos|l3-mob|media|mobile-unit|radio| radius|self-heal|snmp|system|wips|wisp] debug ccstats <CCStats Module> debug certmgr [all|error|info] debug dhcpsvr [all|error|info] debug imi [all|cli-client|cli-server|errors|init|ntp] debug ip [https|ssh] debug logging [all|errors|monitor|subagent]...
4-18 Overview 4.1.11 delete Priv Exec Command Use this command to delete the specified file from the system. Syntax delete ({/force|/recursive}|) .FILE Parameters /force Forces deletion without a prompt. /recursive Performs a recursive delete. FILE Specifies the filename(s) to be deleted from: •...
4-19 4.1.12 diff Priv Exec Command Use this command to view the difference between two files. Syntax diff (FILE|URL) (FILE|URL) Parameters FILE Displays the differences between FILE’s. Displays the differences between URL’s. Example RFS7000#diff startup-config running-config --- startup-config +++ running-config @@ -89,7 +89,7 @@ mobility peer 157.235.208.16 wlan 1 enable...
4-20 Overview 4.1.13 dir Priv Exec Command Use this command to view the list of files on a filesystem. Syntax dir ({/all|/recursive}|) (DIR|all-filesystems|) Parameters /all Lists all files. /recursive Lists files recursively. Lists files in named file path. all-filesystems Lists files on all filesystems. Example RFS7000#dir Directory of flash:/...
4-23 4.1.16 enable Priv Exec Command Use this command to turn on the privileged mode command. Syntax enable Parameters None. Example RFS7000#enable RFS7000#...
4-24 Overview 4.1.17 erase Priv Exec Command Use this command to erase a target filesystem. Syntax erase [cf:|flash:|nvram:|startup-config:] Parameters Erases contents of compact flash. flash: Erases contents of flash. nvram: Erases contents of nvram. startup-config Resets the switch configuration to factory default settings. usb1: Erases everything in usb1.
4-25 4.1.18 halt Priv Exec Command Use this command to halt the switch. This command is similar to commad. The only diffrence is that reload command stops the switch and stops and restarts the switch. halt reload Syntax kill Parameters None.
4-26 Overview 4.1.19 kill Priv Exec Command Use this command to kill (terminate) a specified session. Syntax kill session <1-16> Parameters session Active session. There are 16 active sessions which can be terminated. Example RFS7000#show sessions SESSION USER LOCATION IDLE START TIME Console 00:00m...
4-27 4.1.20 logout Priv Exec Command Use this command to exit the EXEC mode. Syntax logout Parameters None. Example RFS7000#logout Please press Enter to activate this console.
4-28 Overview 4.1.21 mkdir Priv Exec Command Use this command to create a new directory in the filesystem. Syntax mkdir DIR Parameters Directory name. Example RFS7000#mkdir TestDIR RFS7000#...
4-29 4.1.22 more Priv Exec Command Use this command to view the contents of a file. Syntax more FILE Parameters FILE Displays the content of the file. Example RFS7000#more flash:/log/messages.log Sep 08 12:27:30 2006: %PM-5-PROCSTOP: Process "radiusd" has been stopped Sep 08 12:27:31 2006: %LICMGR-6-NEWLICENSE: Licensed AP count changed to 48 Sep 08 12:27:31 2006: %CC-5-COUNTRYCODE:...
Page 180
4-30 Overview 4.1.23 page Priv Exec Command Use this command to toggle switch paging. Enabling this command displays the command output page by page, instead of running the entire output at once. Syntax page Parameters None. Example RFS7000#page RFS7000#show running-config ! configuration of RFS7000 version 1.0.1.0-005D! version 1.0 service prompt crash-info...
4-32 Overview 4.1.25 pwd Priv Exec Command Use this command to view the contents of the current directory. Syntax Parameters None. Example RFS7000#pwd flash:/ RFS7000#...
4-33 4.1.26 quit Priv Exec Command Use this command to exit the current mode and move to the previous mode. Syntax quit Parameters None. Example RFS7000#quit RFS7000 release 1.0.1.0-005D Login as 'cli' to access CLI. RFS7000 login:...
4-34 Overview 4.1.27 reload Priv Exec Command Use this command to halt the switch and perform a warm reboot. Syntax reload Parameters None. Example RFS7000#reload Wireless switch will be rebooted, do you want to continue? (y/n): y The system is going down NOW !! % Connection is closed by administrator! Please stand by while rebooting the system.
4-35 4.1.28 rename Priv Exec Command Use this command to rename a file in the existing filesystem. Syntax rename FILE FILE Parameters FILE FIle to rename. Example RFS7000#rename flash:/TestDIR/ NewTestDir RFS7000#DIR Directory of flash:/ drwx 1024 Wed Jul 19 19:14:05 2006 hotspot drwx Wed Aug 30 15:32:44 2006...
4-36 Overview 4.1.29 rmdir Priv Exec Command Use this command to delete an existing file. Syntax rmdir DIR Parameters Name of the directory to delete. Example RFS7000#rmdir flash:/NewTestDir/ RFS7000#DIR Directory of flash:/ drwx 1024 Wed Jul 19 19:14:05 2006 hotspot drwx Wed Aug 30 15:32:44 2006 drwx...
4-37 4.1.30 show Priv Exec Command Use this command to show currently running system information. Syntax show <display parameter> Parameters access-list Displays Internet Protocol (IP) details of the access list. aclstats Displays ACL statistics information. alarm-log Displays alarms currently in the system. autoinstall Displays autoinstall configuration details.
Page 188
4-38 Overview port-channel Displays Port channel commands. privilege Displays the current privilege level. radius Displays RADIUS configuration commands. redundancy-group Displays redundancy group parameters. redundancy-history Displays the state transition history of the switch. redundancy-members Displays redundancy group members in detail. running-config Displays the current operating configuration.
Page 189
4-39 environment show environmental information file Display filesystem information Display FTP Server configuration history Display the session command history interfaces Interface status Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer Internet Protocol (IP) mac-address-table Display MAC address table management...
4-40 Overview 4.1.31 telnet Priv Exec Command Use this command to open a telnet session. Syntax telnet [IP address|hostname] Parameters [IP address| host name] IP address or hostname of a remote system. Example RFS7000#telnet 157.111.222.33 Entering character mode Escape character is '^]'. Red Hat Linux release 9 (Shrike) Kernel 2.4.20-6bigmem on an i686 login: cli...
4-41 4.1.32 traceroute Priv Exec Command Use this command to trace the route to a destination. Syntax traceroute (WORD | ip WORD) Parameters WORD Traces the route to a destination address or hostname . IP trace. Example RFS7000#traceroute 157.222.333.33 traceroute to 157.235.208.39 (157.235.208.39), 30 hops max, 38 byte packets 157.235.208.39 (157.235.208.39) 0.466 ms 0.363 ms...
4-42 Overview 4.1.33 upgrade Priv Exec Command Use this command to upgrade the switch software image. Syntax upgrade URL (background|) Parameters Defines location of firmware image. Example RFS7000#upgrade ? Location of firmware image URLs: tftp://<hostname:port or IP>/path/file ftp://<user>:<passwd>@<hostname:port or IP>/path/file http://<hostname:port or IP>/path/file sftp://<user>@<hostname:port or IP>/path/file cf:/path/file...
Page 193
4-43 "logd" is not responding Sep 08 15:58:44 2006: %PM-4-PROCNORESP: Process "logd" is not responding Version of firmware update file is 1.0.0.0-264B Sep 08 15:58:44 2006: %KERN-6-INFO: EXT3 FS on hda1, internal journal. Creating LILO files Running LILO Successful Sep 08 15:58:46 2006: %FWU-6-FWUDONE: Firmware update successful, new version is 1.0.0.0-264B RFS7000#...
4-45 4.1.35 write Priv Exec Command Use this command to write the running configuration to memory or terminal Syntax write [memory | terminal] Parameters memory Writes to NV memory. terminal Writes to terminal. Example RFS7000#write terminal ! configuration of RFS7000 version 1.0.0.0-264B! version 1.0 service prompt crash-info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d...
Global Configuration Commands The term global is used to indicate characteristics or features effecting the system as a whole. Use the Global configuration mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols). Use the configure terminal command, under PRIV EXEC, to enter the global configuration mode.
Page 198
Overview 5.1 Global Configuration Commands Table 5.1 summarizes the Global Config commands. Table 5.1 Global Configuration Command Summary Command Description Ref. Authentication, Authorization and Accounting. page 5-4 access-list Adds an access list entry. page 5-5 autoinstall Autoinstalls a configuration command. page 5-11 banner Defines a login banner.
Page 199
Command Description Ref. Negates a command or set its defaults . page 2-12 Configures NTP. page 5-40 prompt Sets the system prompt. page 5-43 radius-server Enters radius-server mode. page 5-44 redundancy Configures redundancy group parameters. page 5-45 service Service commands. page 5-47 show Shows running system information.
Uses an external RADIUS server. Usage Guidelines Use AAA login to determine whether management user authentication must be performed against a loacl user database or an external RADIUS server. Example RFS7000(config)#username motorolaadmin password motorola RFS7000(config)#username motorolaadmin privilege superuser RFS7000(config)#aaa authentication login default local RFS7000(config)#...
5.1.2 access-list Global Configuration Commands Use this command to add an access list entry. Use the access list command under global configuration to configure the access list mechanism for filtering frames by protocol type or vendor code. Syntax access-list For Standard IP ACL’s: access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7>...
Page 202
Overview Parameters access-list Adds a standard access list entry. (<1-99>|<1300-1999>) • (<1-99>|<1300-1999>) – Access numbers from 1 to 99 or 1300 to 1999. (deny|permit|mark • (deny|permit|mark) – Defines the action types on an ACL. The action (8021p <0-7> | type is functional only over a Port ACL.
Page 203
access-list Adds an Extended IP access list entry using IP keyword. (<100-199>|<2000-2699>) • <100-199>|<2000-2699> – For IP type of extended ACL, the ACL number {deny | permit | mark {dot1p must be between 100-199. <0-7> | tos <0-255>}} • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on an {ip} {source/source-mask | ACL.
Page 204
Overview access-list Adds an Extended IP access list entry using icmp keyword. (<100-199>|<2000-2699>) • (<100-199>|<2000-2699>) – For ICMP extended ACLs, the ACL number {deny | permit | mark {dot1p must be between 2000-2699. <0-7> | tos <0-255>}} • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on {icmp} an ACL.
Page 205
access-list Adds an Extended IP access list entry using tcp or udp keyword. (<100-199>|<2000-2699>) • (<100-199>|<2000-2699>) – For tcp or udp type of extended ACL, the {deny | permit | mark {dot1p ACL number must be between 2000-2699. <0-7> | tos <0-255>}} •...
Page 206
5-10 Overview Example The example below creates a standard access list (ACL) to permit traffic coming to the interface. RFS7000(config)#access-list 1 permit any RFS7000(config)# The example below creates a extended IP access list to permit IP traffic between two networks. RFS7000(config)#access-list 101 permit ip 192.168.1.0/24 192.168.2.0/24 RFS7000(config)# The example below creates an extended access list to permit tcp traffic, between two networks, with a...
5-11 5.1.3 autoinstall Global Configuration Commands Use this command to autoinstall the switch image. Syntax autoinstall [clear-config-history|cluster-config|config|image|reset-config|start] autoinstall (cluster-config|config|image) (URL[tftp|ftp|http|cf|usb1|usb2]) autoinstall image version <number> Parameters clear-config-history Autoinstalls a clear configuration history, resulting in a reversion. cluster-config Autoinstalls a cluster-config setup. config Autoinstalls a config setup.
5-12 Overview 5.1.4 banner Global Configuration Commands Use this command to define a login banner for the switch. Syntax banner(motd(LINE|default)) Parameters motd Sets the “message of the day” banner. LINE Custom MOTD string. default Default MOTD string. Example RFS7000(config)#banner motd Welcome to my RFS7000 CLI RFS7000(config)# RFS7000(config)#exit RFS7000#exit...
5-13 5.1.5 boot Global Configuration Commands This command reboots the switch with an image present in the mentioned partition (either the primary or secondary partition). Syntax boot(system [primary|secondary]) Parameters system Specifies the boot image used after reboot. primary Specifies the primary image. secondary Specifies the secondary image.
5-15 5.1.7 country-code Global Configuration Commands Use this command to configure the country of operation. Syntax country-code Parameters None. Usage Guidelines This command erases all existing radio configurations. Example RFS7000(config)#country-code ? United Arab Emirates Argentina Austria Australia Bosnia Herzegovina Belgium Bulgaria Bahrain Bermuda...
Page 212
5-16 Overview Kuwait Kazakhstan Liechtenstein Sri Lanka Lithuania Luxembourg Latvia Morocco Malta Mexico Malaysia Netherlands Norway New Zealand Oman Peru Philippines Pakistan Poland Portugal Qatar Romania Russia Saudi Arabia Sweden Singapore Slovenia Slovak Republic Thailand Turkey Taiwan Ukraine United States Uruguay Venezuela Vietnam...
5-17 5.1.8 crypto Global Configuration Commands Use this command to configure encryption related commands. NOTE leads you to config-crypto- isakmp crypto isakmp(policy)Priority instance. For more details see Crypto - isakmp Instance on page 6-1. leads you to crypto isakmp(client)configuration group default config-crypto-group instance.
Page 214
5-18 Overview Parameters ipsec Configures IPSEC policies. (security-association| • security-association – Security association parameter used to define its transform-set) lifetime. • lifetime (kilobyte | seconds) – The lifetime of IPSEC security association. It can be defined in either: kilobytes – Volume-based key duration. Minimum is 500 KB and maximum is 2147483646 KB.
Page 215
5-19 isakmp Configure Internet Security Association and Key Management Protocol [client|keepalive|key| (ISAKMP) policy. peer|policy] • client configuration (group) (default) – This leads to config-crypto- instance. group For more details see Crypto - group Instance on page 7-1. • keepalive <10-3600> – Sets a keepalive interval for use with remote peers.
Page 216
5-20 Overview pki [authenticate|enroll| Configures certificate parameters. The public key infrastructure is a protocol export|import|trustpoint] that creates encrypted public keys using digital certificates from certificate authorities. PKI ensures each online party is who they claim to be. • authenticate <name> (terminal|tftp|ftp) – Authenticate and import CA certificate.
Page 217
5-21 5.1.9 do Global Configuration Commands Use this command to run commands from either the User Exec or Priv Exec mode. Syntax do (command of other mode) Parameters None. Example RFS7000(config)#do ping 157.235.208.69 PING 157.235.208.69 (157.235.208.69): 100 data bytes 128 bytes from 157.235.208.69: icmp_seq=0 ttl=64 time=0.1 ms 128 bytes from 157.235.208.69: icmp_seq=1 ttl=64 time=0.0 ms 128 bytes from 157.235.208.69: icmp_seq=2 ttl=64 time=0.0 ms 128 bytes from 157.235.208.69: icmp_seq=3 ttl=64 time=0.0 ms...
5-22 Overview 5.1.10 end Global Configuration Commands Use this command to end the current mode and change to the Exec mode. Syntax Parameters None. Example RFS7000(config)#end RFS7000#? Priv Exec commands: acknowledge Acknowledge alarms archive Manage archive files autoinstall autoinstall configuration command Change current directory ..........
5-23 5.1.11 errdisable Global Configuration Commands Use this command to enable the timeout mechanism for the port. Syntax errdisable (recovery)[cause (bpduguard)|interval <10-1000000>] Parameters recovery Enables the timeout mechanism for the port to be enabled back. cause (bpduguard) Reason for errdisable. •...
5-24 Overview 5.1.12 format Global Configuration Commands Use this command to format the Compact Flash (CF) card. Syntax format Parameters Formats compact flash. Example RFS7000(config)#format cf RFS7000(config)#...
5-25 5.1.13 ftp Global Configuration Commands Use this command to configure the switch as an FTP server. Syntax ftp enable ftp password(0|1|LINE) ftp rootdir(DIR) Parameters enable Enables FTP server. password Configures a FTP password. Set the password using one of the folllowing: •...
5-26 Overview 5.1.14 hostname Global Configuration Commands Use this command to change the system’s network name. Syntax hostname(WORD) Parameters WORD Use this command to provide a name for the network. Example RFS7000(config)#hostname Eldorado Eldorado(config)#...
5-27 5.1.15 interface Global Configuration Commands Use this command to configure a selected interface. This command is used to enter the interface configuration mode for the specified physical/ Switch Virtual Interface (SVI) interface. If the VLANx (SVI) interface does not exist, it is automatically created.
Page 224
5-28 Overview 5.1.16 ip Global Configuration Commands Use this CLI command to configure a selected Internet Protocol. NOTE Use an command to move to the ip access-list extended instance. For additional information, see (config-ext-nacl) Extended ACL Instance on page 14-1. Use an command to move to the ip access-list standard...
Page 225
5-29 Parameters access-list Use the access list parameter to enter the context and ext-nacl std-nacl context. The prompt changes to the context entered. For additional information, see Extended ACL Instance on page 14-1 (for extended ACLs) and Standard ACL Instance on page 15-1 (for standard ACLs).
Page 226
5-30 Overview Network Address Translation (NAT). Syntax ip nat <inside | outside> source list <access-list name> overload interface <interface name> • <inside|outside> – Defines the interface as private (inside) or public (external). NAT translations refer to this keyword to identify translations applied to incoming packets on an interface.
Page 227
5-31 route Establish static routes. • A.B.C.D – IP destination prefix. Adds a static route entry in the IP routing table. • A.B.C.D/M – IP destination prefix. Adds a static route entry in the IP routing table. • next hop – IP address of the next hop that is used in to reach the destination.
Page 228
5-32 Overview Usage Guidelines 2 Follow the steps below to create a DHCP User Class: 1. Create a DHCP class named . RFS7000 supports a maximum of 32 DHCP classes. RFS7000DHCPclass RFS7000(config)#ip dhcp class RFS7000DHCPclass RFS7000(config-dhcpclass)# 2. Create a USER class named .
5-33 5.1.17 license Global Configuration Commands Use this command to display the details of the license. Syntax license Parameters WORD Enter the name of the feature for which you wish to add a license. Example RFS7000(config)#show licenses Serial Number 6283529900020 feature license string license value...
5-34 Overview 5.1.18 line Global Configuration Commands Use this command to configure the terminal line. NOTE The command moves to the instance. line vty (config-line) Syntax line(console|vty) Parameters console Primary terminal line. Virtual terminal. Configure a value between 0-871.
5-35 5.1.19 local Global Configuration Commands Use this command to set the username and password for local user authentication. Syntax local(username,password) Parameters username Enter local user name. The username can be a string of up to 64 characters. password Enter local user password. The password can be a string of up to 21 characters. Example RFS7000(config)#local username SuperAdmin password Superuser RFS7000(config)#...
5-38 Overview 5.1.21 mac Global Configuration Commands Use this command to configure MAC access-lists. Syntax mac(access-list(extended(WORD))) Parameters access-list Enter a name for MAC extended ACL. (extended <name>) Usage Guidelines To delete a Standard/Extended or MAC ACL, use under the Global no access-list <access-list name>...
5-39 5.1.22 management Global Configuration Commands Use this command to set management interface properties. Syntax management(secure) Parameters secure Limits local access (Web/Telnet etc.) to the management interface. Example RFS7000(config)#management secure RFS7000(config)#...
Page 237
5-41 Parameters access-group Controls NTP access. • peer – Provides full access. • <1-99> – Standard IP access list. • <1300-1999> – Standard IP access list (expanded range). • query-only – Allows only control queries. • <1-99> – Standard IP access list. •...
Page 238
5-42 Overview Example RFS7000(config)#ntp peer ? WORD Name/IP address of peer RFS7000(config)#ntp peer TestPeer ? autokey Configure autokey peer authentication scheme Configure peer authentication key prefer Prefer this peer when possible version Configure NTP version <cr> RFS7000(config)#ntp peer TestPeer autokey ? prefer Prefer this peer when possible version...
5-43 5.1.24 prompt Global Configuration Commands Use this command to configure and set the system prompt. Syntax prompt(LINE) Parameters LINE Enter the new prompt displayed by the switch. Example RFS7000(config)#prompt NobleMan NobleMan...
5-44 Overview 5.1.25 radius-server Global Configuration Commands Use this command to enter the RADIUS Server mode. The system prompt changes from the default config mode to RADIUS server mode. NOTE mode moves to the radius-server context. For more radius-server local details see RADIUS Server Instance on page 19-1 Syntax...
5-45 5.1.26 redundancy Global Configuration Commands Use this command to configure redundancy group parameters. Syntax redundancy(auto-revert|auto-revert-period|dhcp-server|discovery-period| enable|group-id|handle-stp|heartbeat-period|hold-period|interface-ip| manual-revert|member-ip|mode) redundancy auto-revert (enable) redundancy auto-revert-period <1-1800> redundancy dhcp-server (enable) redundancy discovery-period <10-60> redundancy enable redundancy group-id <1-65535> redundancy handle-stp(enable) redundancy heartbeat-period redundancy hold-period <10-255> redundancy interface-ip(A.B.C.D) redundancy member-ip (A.B.C.D) redundancy mode(primary|standby)
Page 242
5-46 Overview member-ip Adds a member to this redundancy group. • A.B.C.D – IP address of the member. mode Sets the switch mode to either primary or standby. • primary – Defines mode as primary. • standby – Defines mode as standby. Example RFS7000(config)#redundancy discovery-period 20 RFS7000(config)#...
5-47 5.1.27 service Global Configuration Commands Use this command to retrieve system data (tables, log files, configuration, status and operation) for use in debugging and problem resolution. Syntax service(advanced-vty|dhcp|password-encryption| pm (max-sys-restarts<1-5>|sys-restart)| prompt(crash-info)|radius(restart)|set|show (cli)|terminal-length <0-512>) service set ( command-history <10-300>|reboot-history <10-100>| upgrade-history <10-100>) Parameters advanced-vty...
5-49 5.1.28 show Global Configuration Commands Use this command to view running system information. Syntax show <display parameter> Parameters access-list Displays Internet Protocol (IP) details of the access list. aclstats Displays ACL statistics information. alarm-log Displays system alarms. autoinstall Displays autoinstall configuration details. banner Displays the “Message of the Day”...
Page 246
5-50 Overview port-channel Displays port channel commands. privilege Displays the current privilege level. radius Displays RADIUS configuration commands. redundancy-group Displays redundancy group parameters. redundancy-history Displays switch state transition history. redundancy-members Displays redundancy group members in detail. running-config Displays the current running configuration. (include-factory) •...
Page 247
5-51 banner Display Message of the Day Login banner boot Display boot configuration. clock Display system clock commands Show command lists crypto encryption module debugging Debugging information outputs dhcp DHCP Server Configuration environment show environmental information file Display filesystem information Display FTP Server configuration history Display the session command history...
Page 248
5-52 Overview spanning-tree mst cisco-interoperability enable spanning-tree mst config name My Name.......................................................................... wireless wlan 1 enable wlan 1 ssid ajit-open aap local-bridging enable aap independent-vlan vlan 1 aap config-apply def-delay 100 aap config-apply mesh-delay 100 radio add 1 00-A0-F8-BF-8A-4B 11bg ap300 radio 1 rss enable radio add 2 00-A0-F8-BF-8A-4B 11a ap300 radio 2 rss enable...
Page 252
5-56 Overview miscellaneous ( ) Enables miscellaneous traps. • caCertExpired – Ca certificate has expired. • lowFsSpace – Available file system space lower than the limit. • processMaxRestartsReached – Process has reached the max restart limit. • savedConfigModified – Saved configuration has been modified.
Page 255
5-59 wireless-statistics (mobile-unit) () Modifies mobile unit rate traps. • avg-bit-speed-less-than <value>– Average bit speed in Mbps is less than <a decimal number greater than 0.00 and less than or equal to 54.00>. • avg-retry-greater-than <value> – Average retry is greater than <a decimal number greater than 0.00 and less than or equal to 16.00>.
Page 256
5-60 Overview wireless-statistics (radio ) () Modifies radio rate traps. • avg-bit-speed-less-than <value>– Average bit speed in Mbps is less than <a decimal number greater than 0.00 and less than or equal to 54.00>. • avg-noise-level-threshold <value>– IDS event to detect sudden change in average noise level .
Page 257
5-61 wireless-statistics (wireless-switch) Modify wireless-switch rate traps. • num-mobile-units-greater-than <1-8192> – Number of associated MUs is greater than <a decimal number in the range 1-8192 >. • pktsps-greater-than <value> – Packets per sec is greather than <a decimal number greater than 0.00 and less than or equal to 100000.00>.
Page 258
5-62 Overview host <host IP address> SNMP server host IP-address. v2c <1-65535> Uses SNMP version 2c. Select a host port number within the range of <1-65535>. v3 <1-65535> Uses SNMP version 3. Select a host port number within the range of <1-65535>.
5-64 Overview 5.1.30 sole Global Configuration Commands Use this command to configure Smart Opportunistic Location Engine (SOLE) related configuration commands. This command leads you to the instance. For more information on SOLE related (config-sole)# parameters, refer to SOLE Instance on page 21-1 Syntax sole Parameters...
5-65 5.1.31 spanning-tree Global Configuration Commands Use this command to configure the spanning-tree commands. Syntax spanning-tree [mst|portfast] spanning-tree mst [<0-15> (priority <0-61440>)| cisco-interoperability (enale|disable)|configuration| forward-time <4-30>|hello-time <1-10>|max-age <6-40>|max-hops <7-127>] spanning-tree portfast [bpdufilter|bpduguard](default) Parameters Enables the Multiple Spanning Tree Protocol on a bridge. [<0-15>...
Page 262
5-66 Overview • forward-time <4-30> – Sets the time (in seconds) after which (if this bridge is the root bridge) each port changes states to learning and forwarding. This value is used by all instances. The default value is 15 seconds. •...
Page 263
5-67 Usage Guidelines command moves you to the Spanning Tree-MST Instance instance. mst > configuration If a bridge does not hear bridge protocol data units (BPDUs) from the root bridge within the specified interval defined in the max-age (seconds) parameter, assume the network has changed and recompute the spanning- tree topology.
5-68 Overview 5.1.32 timezone Global Configuration Commands Use this command to configure switch timezone settings. Syntax timezone Parameters TIMEZONE Press <tab> to navigate the list of files. This action displays a list of files containing timezone information. Example RFS7000(config)#timezone Africa/ America/ Asia/ Atlantic/...
5-69 5.1.33 username Global Configuration Commands Use this CLI command to establish the user name authentication. Syntax username <name> (access|password|privilege) username <name> access (console|ssh|telnet|web) username <name> password(0|1|Line) username <name> privilege(helpdesk|monitor|nwadmin|superuser|sysadmin|webadmin) Parameters name Enter a name to authenticate the switch. The username must be between 1 - 28 characters.
5-70 Overview 5.1.34 vpn Global Configuration Commands Use this command to configure VPN . Syntax vpn authentication-method(local|radius) Parameters authentication-method Selects the authenication scheme. local Used for user based authentication. radius Used for RADIUS server authentication. Usage Guidelines Virtual Private Network enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another.
5-71 5.1.35 wireless Global Configuration Commands Use this command to configure switch wireless parameters. This command leads moves to the instance. For additional information, see Wireless Instance on page 20-1. config-wireless Syntax wireless Parameters None. Usage Guidelines The wireless command is used to enter the config-wireless instance. The prompt changes from the regular RFS7000(config)# RFS7000(config-wireless)#.
5-72 Overview 5.1.36 wlan-acl Global Configuration Commands Use this command to apply an ACL on a WLAN index. Syntax wlan-acl [<1-256>{<1-99>|<100-199>|<1300|1999>|<2000|2699>|word}][in|out] Parameters <1-256>[] WLAN number. • <1-99> — IP standard access list. • <100-199> — IP extended access list. • <1300-1999> — IP standard access list (expanded range). •...
Page 269
5-73 Example The example below applies an ACL to WLAN index 200 in an inbound direction from the global config mode. RFS7000(config)#wlan-acl 200 150 in RFS7000(config)# NOTE A MAC access list entry to allow is mandatory to apply an IP based ACL to an interface.
6.1.2 clrscr Crypto ISAKMP Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-crypto-isakmp)#clr RFS7000(config-crypto-isakmp)#...
Overview 6.1.3 encryption Crypto ISAKMP Config Commands Use this command to configure the encryption level of the data transmitted using the RFS7000 switch . Syntax encryption(3des|aes|aes-192|aes-256|des) Parameters 3des 3des - Triple data encryption standard. aes - advanced data encryption standard. aes-192 aes-192 - advanced data encryption standard.
6.1.4 end Crypto ISAKMP Config Commands Use this command to end and exit the current mode and moves to PRIV EXEC mode.The prompt now changes RFS7000# Syntax Parameters None. Example RFS7000(config-crypto-isakmp))#end RFS7000#...
Overview 6.1.5 exit Crypto ISAKMP Config Commands Use this command to end current mode and move to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-crypto-isakmp)#exit RFS7000(config)#...
6.1.6 group Crypto ISAKMP Config Commands Use this command to specify the Diffie-Hellman group (1 or 2) to be used by this IKE policy to generate the keys (which are then used to create the IPSec SA). Syntax group(1|2|5) Parameters 768-bit mod P.
Overview 6.1.7 hash Crypto ISAKMP Config Commands Use this command to specify the hash algorithm to be used to authenticate the data transmitted over the IKE Syntax hash(md5|sha) Parameters Choose the md5 hash algorithm. Choose the sha hash algorithm. Example RFS7000(config-crypto-isakmp)#hash sha RFS7000(config-crypto-isakmp)#...
6.1.8 help Crypto ISAKMP Config Commands Use this command to access the systems interactive help system Syntax help Parameters None. Example RFS7000(config-crypto-isakmp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
6-10 Overview 6.1.9 lifetime Crypto ISAKMP Config Commands Use this command to specify how long an IKE SA is valid before expiring. Syntax lifetime <seconds> Parameters <seconds> Specify how many seconds an IKE SA will last before expiring.Time stamp in secondscan be configured between 3600 and 2147483647.
Page 281
6-11 6.1.10 no Crypto ISAKMP Config Commands Use this command to negate a command or set its defaults. Syntax no <previous command used> Parameters Use the commands that you have configured under this instance. Example RFS7000(config-crypto-isakmp)#no lifetime RFS7000(config-crypto-isakmp)#...
6-12 Overview 6.1.11 service Crypto ISAKMP Config Commands Use this command to invoke the service commands to trobuleshoot or debug the instance configurations. (config-crypto-isakmp) Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information. diag-shell Provides diag shell access. save-cli Saves CLI tree for all modes in html format. show Shows running system information.
6-13 6.1.12 show Crypto ISAKMP Config Commands Use this CLI command to view the current system information that is running on the RFS7000 switch. Syntax show <paramater> Parameters Displays all the parameters for which the information can be viewed using the show command.
Page 285
Crypto - group Instance to initiates instance. crypto isakmp(client)configuration group default config-crypto-group 7.1 Crypto Group Config Commands Table 7.1 summarizes the commands within the RFS7000 switch command line config-crypto-group interface. Table 7.1 Crypto Group Command Summary Command Description Ref. clrscr Clears the display screen.
Overview 7.1.1 clrscr Crypto Group Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-crypto-group)#clr RFS7000(config-crypto-group)#...
7.1.2 dns Crypto Group Config Commands Use this command to specify the DNS server address(es) to assign to a client. Syntax dns <IP Address> Parameters The first DNS server address to assign. <IP Address> <IP Address> optional The second DNS server address to assign. Example RFS7000(config-crypto-group)#dns-server 172.1.17.1 172.1.17.3 RFS7000(config-crypto-group)#...
Overview 7.1.3 end Crypto Group Config Commands Use this command to end and exit from the current mode and change to PRIV EXEC mode.The prompt now changes to RFS7000# Syntax Parameters None. Example RFS7000(config-crypto-group)#end RFS7000#...
7.1.4 exit Crypto Group Config Commands Use this command to end current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-crypto-group)#exit RFS7000(config)#...
Overview 7.1.5 help Crypto Group Config Commands Use this command to access the systems interactive help system Syntax help Parameters None. Example RFS7000(config-crypto-group)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
7.1.6 service Crypto Group Config Commands Use this command to invoke the service commands to trobuleshoot or debug the instance configurations. (config-crypto-isakmp) Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information diag-shell Provides diag shell access save-cli Saves CLI tree for all modes in html format show Shows running system information start-shell...
Overview 7.1.7 show Crypto Group Config Commands Use this command to view the current system information that is running on the RFS7000 switch. Syntax show <paramater> Parameters Displays all the parameters for which the information can be viewed using the show command.
7.1.8 wins Crypto Group Config Commands Use this command to specify the Windows Internet Naming Service (WINS) name servers to assign to a client. Syntax wins <IP Address> <IP Address> Parameters <IP Address> The first WINs server address to assign. <IP Address>...
Overview 8.1.1 clrscr Crypto Peer Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-crypto-peer)#clr RFS7000(config-crypto-peer)
8.1.2 end Crypto Peer Config Commands Use this command to end and exit from the current mode and change to PRIV EXEC mode.The prompt now changes to RFS7000# Syntax Parameters None. Example RFS7000(config-crypto-peer)#end RFS7000#...
Overview 8.1.3 exit Crypto Peer Config Commands Use this command to end current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-crypto-peer)#exit RFS7000(config)#...
8.1.4 help Crypto Peer Config Commands Use this command to access the systems interactive help system. Syntax help Parameters None. Example RFS7000(config-crypto-peer)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 300
Overview 8.1.5 no Crypto Peer Config Commands Use this command to negate a command or set its defaults. Syntax no <previous command used> Parameters Use the commands that you have configured under this instance. Example RFS7000(config-crypto-peer)#no aggrerssive-mode RFS7000(config-crypto-peer)#...
8.1.6 service Crypto Peer Config Commands Use this command to invoke the service commands to trobuleshoot or debug the instance configurations. (config-crypto-isakmp) Syntax service(clear|diag-shell|save-cli|show|start-shell) Parameters clear Removew specified support information diag-shell Providew diag shell access save-cli Saves CLI tree for all modes in html format show Shows running system information start-shell...
Overview 8.1.7 set Crypto Peer Config Commands Use this command to configure the aggressive-mode of crypto-peer. Syntax set aggressive-mode (password) Parameters aggressive-mode aggressive mode password password Example RFS7000(config-crypto-peer)#set aggressive-mode password CheckMeIn RFS7000(config-crypto-peer)#...
8.1.8 show Crypto Peer Config Commands Use this command to view the current system information that is running on the RFS7000 switch. Syntax show <paramater> Parameters Displays all the parameters for which the information can be viewed using the show command. Parameters RFS7000(config-crypto-peer)#show ? access-list...
Crypto - ipsec Instance Use the instance to define the transform configuration for securing data(e.g., esp- (config-crypto ipsec) 3des, esp-sha-hmac, etc.). The transform-set is then assigned to a crypto map using the map’s set transform- set command. For more details see crypto-map transform-set on page 10-9.
Overview 9.1.1 mode Crypto IPsec Config Commands Use this command to configure the IP Sec transportation mode. Syntax mode(transport|tunnel) Parameters transport Transport mode. tunnel Tunnel mode. Example RFS7000(config-crypto-ipsec)#mode transport RFS7000(config-crypto-ipsec)#...
9.1.2 show Crypto IPsec Config Commands Syntax clrscr Parameters Displays all the parameters for which the information can be viewed using the show command. Example RFS7000(config-crypto-ipsec)#show ? access-list Internet Protocol (IP) alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner...
Page 309
Crypto - map Instance CLI commands are used to define a Certificate Authority (CA) trustpoint. This is a config-crypto-map seperate instance by itself but belongs to the mode under instance. crypto pki trustpoint config 10.1 Crypto Map Config Commands Table 10.1 summarizes the commands within the RFS7000 Switch command line config-crypto-map...
10-2 Overview 10.1.1 clrscr Crypto Map Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-crypto-map)#clr RFS7000(config-crypto-map)
10-3 10.1.2 end Crypto Map Config Commands Use this command to end and exit from the current mode and change to PRIV EXEC mode.The prompt now changes to RFS7000# Syntax Parameters None. Example RFS7000(config-crypto-map)#end RFS7000#...
10-4 Overview 10.1.3 exit Crypto Map Config Commands Use this command to end current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-crypto-map)#exit RFS7000(config)#...
10-5 10.1.4 help Crypto Map Config Commands Use this command to access the systems interactive help system Syntaxz help Parameters None. Example RFS7000(config-crypto-map)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
10-6 Overview 10.1.5 match Crypto Map Config Commands Use this command to assign an IP access-list to a crypto map definition. The access-list designates the IP packets to be encrypted by this crypto map. A crypto map entry is a single policy that describes how certain traffic is to be secured. There are two types of crypto map entries: ipsec-manual and ipsec-ike.
Page 315
10-7 10.1.6 no Crypto Map Config Commands Use this command to negate a command or set its defaults. Syntax no <previous command used> Parameters Use the commands that you have configured under this instance. Example RFS7000(config-crypto-map)#no aggrerssive-mode RFS7000(config-crypto-map)#...
10-8 Overview 10.1.7 service Crypto Map Config Commands Use this command to invoke the service commands to trobuleshoot or debug the instance configurations. (config-crypto-isakmp) Syntax service(clear|diag-shell|save-cli|show|start-shell) Parameters clear Removes specified support information. diag-shell Provides diag shell access. save-cli Saves CLI tree for all modes in html format. show Shows running system information.
10-9 10.1.8 set Crypto Map Config Commands Use this command to set the various set parameters of the peer device. Syntax set (localid|mode|peer|pfs|remote-type[ipsec-l2tp|xauth]| security-association|session-key|transformset) set localid(dn|hostname) set security-association (level(perhost)|lifetime(kilobytes|seconds)<value>) set session-key (inbound|outbound)(ah|esp) set session-key (inbound|outbound) ah <hexkey data> set session-key (inbound|outbound) esp <SPI> cipher <hexdata key> authenticator <hexkey data>...
Page 318
10-10 Overview security-association Use the set security-association lifetime command to define the lifetime (in kilobytes and/or seconds) of the IPSec SAs created by this crypto map. • level(perhost) – Specify a security association granularity level for identities • lifetime(kilobyte|seconds) – Security association lifetime. session-key Use the set session-key command to define the encryption and authentication keys for this crypto map.
Page 319
10-11 If no transform-set is configured for a crypto map, then the entry is incomplete and will have no effect on the system. For manual key crypto maps, only one transform set can be specified. Example RFS7000(config-crypto-map)#set localid hostname TestMapHost RFS7000(config-crypto-map)#...
10-12 Overview 10.1.9 show Crypto Map Config Commands Use this command to view the current system information that is running on the switch. Syntax show <paramater> Parameters Displays all the parameters for which the information can be viewed using the show command.
Page 321
Crypto - trustpoint Instance Use the commands to define a Certificate Authority (CA) trustpoint. config-crypto-trustpoint is a seperate instance, belonging to the mode under config-crypto-trustpoint crypto pki trustpoint instance. config 11.1 Trustpoint Config commands Table 11.1 summarizes the commands. config-crypto-trustpoint Table 11.1 Trustpoint (PKI) Config Commands Summary Command Description...
Page 322
11-20 Overview Command Description Ref. rsakeypair Rsa Keypair to associate with the trustpoint. page 11-31 service Displays service commands. page 11-32 show Shows the running system information. page 11-33 subject-name Subject name is a collection of required parameters to configure a page 11-35 trustpoint.
11-21 11.1.1 clrscr Trustpoint Config commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-trustpoint)#clrscr RFS7000(config-trustpoint)#...
11-22 Overview 11.1.2 company-name Trustpoint Config commands Use this command to set the company name (applicable only by request) to a trustpoint. Syntax company-name Parameters WORD Company name (2 - 64 characters in length). Usage Guidelines The company name defined must be between 2 to 64 characters only. Example RFS7000(config-trustpoint)#company-name RetailKing RFS7000(config-trustpoint)#...
Trustpoint Config commands Use this command to configure an e-mail ID for a trustpoint. Syntax email Parameters WORD email address (2 to 64 characters). Usage Guidelines The email defined must be between of 2 to 64 characters only. Example RFS7000(config-trustpoint)#email abcTestemailID@motorola.com RFS7000(config-trustpoint)#...
11-24 Overview 11.1.4 end Trustpoint Config commands Use this command to end and exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax Parameters None. Example RFS7000(config-trustpoint)#end RFS7000#...
11-25 11.1.5 exit Trustpoint Config commands Use this command to end the current mode and move to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)#. Syntax exit Parameters None. Example RFS7000(config-trustpoint)#exit RFS7000(config)#...
11-26 Overview 11.1.6 fqdn Trustpoint Config commands Use this command to configure the fully qualified domain name (fqdn) for the trustpoint. Syntax fqdn Parameters None Usage Guidelines The string length of the domain name must be between 9 to 64 characters. Example RFS7000(config-trustpoint)#fqdn RetailKing.com RFS7000(config-trustpoint)#...
11-27 11.1.7 help Trustpoint Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-trustpoint)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
11-28 Overview 11.1.8 ip-address Trustpoint Config commands Use this command to configure an IP address for the trustpoint. Syntax ip-address Parameters A.B.C.D Enter the IP address configured for the trustpoint. Example RFS7000(config-trustpoint)#ip-address 157.200.200.02 RFS7000(config-trustpoint)#...
Page 331
11-29 11.1.9 no Trustpoint Config commands Use this command to negate a command or set defaults. Syntax no <previous command used> Parameters None. Example RFS7000(config-trustpoint)#no ip-address RFS7000(config-trustpoint)#...
11-30 Overview 11.1.10 password Trustpoint Config commands Use this command to set the challenge password, applicable only for trustpoint access requests. Syntax password(0|2|WORD) Parameters Password is specified as UNENCRYPTED. The password must be between 4 - 20 characters. Password is encrypted with a password-encryption secret. The string length of an encrypted password must be between 44 - 64 characters.
11-31 11.1.11 rsakeypair Trustpoint Config commands Use this command to configure a RSA Keypair to associate with the trustpoint. Syntax rsakeypair Parameters WORD RSA keypair identifier. Usage Guidelines Use RSA Key Pair support to configure the switch to have Rivest, Shamir, and Adelman (RSA) key pairs. The switch software can maintain a different key pair for each identity certificate.
11-32 Overview 11.1.12 service Trustpoint Config commands Use this command to invoke service commands to trobuleshoot or debug instance crypto pki trustpoint configurations. Syntax service(show)(cli) Parameters show (cli) Shows the CLI tree of current mode. Example RFS7000(config-trustpoint)#service show cli Trustpoint Config mode: +-clrscr [clrscr] +-company-name +-WORD [company-name WORD]...
11-33 11.1.13 show Trustpoint Config commands Use this command to view current system information. Syntax show <parameter> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-trustpoint)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 336
11-34 Overview RFS7000(config)#show crypto pki trustpoints Trustpoint :default-trustpoint ----------------------------------------------- Server certificate configured Subject Name: Common Name: Symbol Technologies Issuer Name: Common Name: Symbol Technologies Valid From: Mar 11 03:38:26 2007 GMT Valid Until: Mar 10 03:38:26 2008 GMT RFS7000(config)# RFS7000(config-trustpoint)#show access-list Standard IP access list 1 deny any rule-precedence 1 RFS7000(config-trustpoint)#...
Interface Instance Use the ) instance to configure Fast Ethernet (fe), Giga Ehternet (ge), StaticAggregate interface (config-if (sa), VLAN and tunnel . Use the to reach this instance. (config)# interface [fe|ge|sa|tunnel|vlan] 12.1 Interface Config commands Table 12.1 summarizes the commands. config-if Table 12.1 Interface Config Command Summary Command...
Page 340
12-2 Overview Command Description Ref. Negates a command or sets defaults. page 12-14 port-channel Configures the load-balancing criteria of a aggregated port. page 12-15 service Displays service commands. page 12-16 show Shows the running system information. page 12-17 shutdown Shuts down the selected interface. page 12-20 spanning-tree Configures spanning-tree.
12-3 12.1.1 clrscr Interface Config commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-if)#clrscr RFS7000(config-if)#...
12-4 Overview 12.1.2 description Interface Config commands Use this command to create an interface specific desciption. Syntax description Parameters LINE Characters to describe this interface. Example RFS7000(config-if)#description "interface for RetailKing" RFS7000(config-if)#...
12-5 12.1.3 duplex Interface Config commands Use this command to specify the duplex mode of operation. NOTE • Duplexity can only be set for an Ethernet type interface. Enter the (config-if) instance using an parameter in an mode. ge/me interface •...
12-6 Overview 12.1.4 end Interface Config commands Use this command to exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-if)#end RFS7000#...
12-7 12.1.5 exit Interface Config commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-if)#exit RFS7000(config)#...
12-8 Overview 12.1.6 help Interface Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-if)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 347
12-9 12.1.7 ip Interface Config commands Use this command to configure an IP address for the assigned Ethernet, VLAN or tunnel. Syntax ip(access-group|address|helper-address|nat) ip access-group(<1-99>|<100-199>|<1300-1999>|<2000-2699>)in ip address(A.B.C.D/M|dhcp) ip address(A.B.C.D/M) (secondary) ip helper-address A.B.C.D ip nat(inside|outside) Parameters access-group Access group. • (<1-99> |<100-199>) – IP extended access list. •...
Page 348
12-10 Overview Follow the steps in the example below to create a helper address on VLAN 2000 for using the DHCP server available on VLAN 1000: RFS7000(config)#interface vlan 1000 RFS7000(config-if)#ip address 172.168.100.1/24 RFS7000(config-if)#interface vlan 2000 RFS7000(config-if)#ip address 172.168.200.1/24 RFS7000(config-if)#ip helper-address 172.168.100.10 vlan 1000 RFS7000(config-if)# The example below displays static NAT source translation.
12-11 12.1.8 mac Interface Config commands Use this command to apply a MAC access list to a gigabit ethernet interface. NOTE Access list cannot be appllied on a management interface (me1). Syntax mac (access-group <acl_name>) (in) Parameters access-group Sets MAC access groups ACL. <acl_name>...
12-12 Overview 12.1.9 management Interface Config commands Use this command to configure the selected interface as the management interface. It can only be used on a VLANx interface. The tftp/ftp server, which provides the switch its config file at startup, must be accessible via this interface.
12-13 12.1.10 mtu Interface Config commands Use this command to set the mtu value for a VLAN interface. NOTE This command is valid only with a VLAN interface. Syntax mtu <512-1500> Parameters <512-1500> Maximum packet size in bytes. The minimum value is 512 and maximum value is 1500.
Page 352
12-14 Overview 12.1.11 no Interface Config commands Use this command to negate a command or set defaults. Syntax no [description|duplex|ip|mtu|shutdown| spanning-tree|speed|static-channel-group|switchport|tunnel] Parameters command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated. Example RFS7000(config-if)#no mtu RFS7000(config-if)#...
12-15 12.1.12 port-channel Interface Config commands Use this command to select the load-balance criteria of an aggregated port. Syntax port-channel (load-balance [src-dst-ip|src-dst-mac]) Parameters load-balance Sets load-balancing for port channel. [src-dst-ip|src-dst-mac] • src-dst-ip – Source and Destination IP address based load balancing. •...
12-16 Overview 12.1.13 service Interface Config commands Use this command to invoke service commands to trobuleshoot or debug the instance (config-if) configurations. Syntax service(show) (cli) Parameters show Shows running system information. Shows the CLI tree of current mode. Example RFS7000(config-if)#service show cli Interface Config mode: +-cisco-interoperability +-disable [cisco-interoperability ( enable | disable)]...
12-17 12.1.14 show Interface Config commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-if)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 356
12-18 Overview RFS7000(config-if)#show boot Image Build Date Install Date Version ----- -------------------- -------------------- -------------- Primary Aug 28 14:05:16 2006 Aug 29 18:32:17 2006 3.0.0.0-200B Secondary Aug 14 06:18:03 2006 Aug 17 15:08:28 2006 3.0.0.0-180B Current Boot : Primary Next Boot : Primary Software Fallback : Enabled...
12-20 Overview 12.1.15 shutdown Interface Config commands Use this command to shutdown/disable the selected interface. The interface is administratively enabled unless explicitly disbaled using this command. Syntax shutdown Parameters None. Example RFS7000(config-if)#shutdown RFS7000(config-if)#...
12-21 12.1.16 spanning-tree Interface Config commands Use this command to configure spanning tree parameters. Syntax spanning-tree [bpdufilter(enable|disable)|bpduguard (enable|disable)|edgeport|force-version <0-3>|guard (root)|link-type (point-to- point|shared)|mst(<0-15>|port-cisco-interoperability)|portfast] spanning-tree mst [<0-15>(cost <1-200000000>|port-priority <0-240>)| port-cisco-interoperability (disable|enable)] Parameters bpdufilter (disable|enable) Use this command to set a portfast BPDU filter for the port. Use the parameter with this command to revert the port BPDU filter to default.
Page 360
12-22 Overview mst [<0-15> Configures mst on a spanning tree. (cost <1-200000000>| • <0-15> – Instance ID. port-priority <0-240>)| • cost <1-200000000> – Path cost for a port. port-cisco-interoperability (disable|enable)] • port-priority <0-240> – Port priority for a bridge. • port-cisco-interoperability (disable|enable) – Enables or disables interoperability with Cisco's version of MSTP (which is incompatible with standard MSTP).
12-23 12.1.17 speed Interface Config commands Use this command to specify the speed of a fast-ethernet (10/100) or a gigabit-ethernet port (10/100/1000). Syntax speed(10|100|1000|auto) Parameters Forces 10 Mbps operation. The port runs at 10 Mbps. Forces 100 Mbps operation.The port runs at 100 Mbps. 1000 Forces 1000 Mbps operation.The port runs at 1000 Mbps.
12-24 Overview 12.1.18 static-channel-group Interface Config commands Use this command to add an interface to a static channel group. Syntax static-channel-group <1-4> Parameters <1-4> Static channel group to associate the link with. Usage Guidelines This command aggregates individual giga port’s into a single aggregate link to provide a larger bandwidth. The static channel group is used to provide additional bandwidth in multiples of 1Gbps on the switch.
12-25 12.1.19 switchport Interface Config commands Use this command to set switching mode characteristics for the selected interface. The mode can be either access or trunk. NOTE A interface configured as a trunk with all VLAN's allowed looses its configuration and has only VLAN 1 set to allowed. Syntax switchport(access|mode|trunk) switchport access vlan <1-4094>...
Page 364
12-26 Overview trunk native (tagged | Configures the native VLAN ID of the trunk-mode port. vlan <1-4094>) • tagged – Sets the native VLAN for classifying untagged traffic. • vlan <1-4094> – Sets the native VLAN for classifying untagged traffic when the interface is in trunking mode.
Page 367
Spanning Tree-MST Instance Use the ) instance to configure the Multi Spanning Tree Protocol (MSTP). Use (config-mst to reach this instance. (config)#spanning-tree mst configuration 13.1 mst Config commands Table 13.1 summarizes the commands. config-mst Table 13.1 MSTP Config Command Summary Command Description Ref.
13-2 Overview 13.1.1 clrscr mst Config commands Use this command to clear the display. Syntax clrscr Parameters None. Example RFS7000(config-mst)#clrscr RFS7000(config-mst)#...
13-3 13.1.2 end mst Config commands Use this command to end and exit from the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-mst)#end RFS7000#...
13-4 Overview 13.1.3 exit mst Config commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-mst)#exit RFS7000(config)#...
13-5 13.1.4 help mst Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-mst)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
13-6 Overview 13.1.5 instance mst Config commands Use this command to associate VLAN(s) with an instance. Syntax instance <1-15> vlan <VLAN_ID> Parameters <1-15> Defines the instance ID to which the VLAN is associated. vlan <VLAN_ID> Defines the VLAN ID for its association with an instance. Usage Guidelines MSTP is based on instances.
13-7 13.1.6 name mst Config commands Use this command to set a name for the MST region. Syntax name (region name) Parameters region name MST region name. Example RFS7000(config-mst)#name MyRegion RFS7000(config-mst)#...
Page 374
13-8 Overview 13.1.7 no mst Config commands Use this command to negate a command or set defaults. Syntax no [instance|name|revision] Parameters instance Instance. name MST region. revision Revision number for configuration information. Usage Guidelines command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
13-9 13.1.8 revision mst Config commands Use this command to configure the revision number of the MST bridge. Syntax revision <0-255> Parameters 0-255 Revision number for configuration information. Example RFS7000(config-mst)#revision 20 RFS7000(config-mst)#...
13-10 Overview 13.1.9 service mst Config commands Use this command to invoke the service commands needed to trobuleshoot or debug instance (config-if) configurations. Syntax service(show) (cli) Parameters show (cli) Shows running system information. • cli – Show CLI tree of current mode. Example RFS7000(config-mst)*#service show cli MSTI configuration mode:...
13-11 13.1.10 show mst Config commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-mst)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 378
13-12 Overview RFS7000(config-mst)#show access-list Extended IP access list 110 permit ip 192.168.1.0/24 192.168.100.0/24 rule-precedence 5 permit ip 192.168.63.0/24 192.168.100.0/24 rule-precedence 63 permit ip 192.168.157.0/24 192.168.100.0/24 rule-precedence 157 RFS7000(config-mst)# RFS7000(config-mst)#show wlan-acl all WLAN port: 102 Inbound IP Access List : 110 Inbound MAC Access List : Outbound IP Access List: Outbound MAC Access List :...
13-13 13.2 Configuring Interface using MSTP MSTP is enabled by default. All VLANs are in the default instance 0 by default. 1. Use the following command to create a non-default instance and region configuration using the mode: config RFS7000(config-mst)#instance 1 vlan <vlan-id> 2.
14-2 Overview 14.1.1 clrscr Extended ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-ext-nacl)#clrscr RFS7000(config-ext-nacl)#...
Page 384
14-4 Overview deny {icmp} {source/ Use with command to reject icmp packets. deny source-mask | host source • deny – The keyword specifies deny action on an ACL. | any} {destination/ • {icmp} – Specifies icmp as the protocol. destination-mask | host destination | any} [icmp- •...
Page 385
14-5 deny {tcp|udp} {source/ Use with command to reject tcp or udp packets. deny source-mask | host source • deny – The keyword specifies deny action on an ACL. | any} [operator source- • {tcp|udp} – Specify tcp or udp as the protocol. port] {destination/ destination-mask | host •...
Page 386
14-6 Overview • Select icmp to allow/deny icmp packets. Selecting icmp provides the option of filtering icmp packets based on icmp type and code. NOTE The log option is functional only for router ACL’s. The log option displays an informational logging message for the packet that matches the entry sent to the console.
14-7 14.1.3 end Extended ACL Config Commands Use this command to end and exit the current mode and change to the PRIV EXEC mode. The prompt changes RFS7000# Syntax Parameters None. Example RFS7000(config-ext-nacl)#end RFS7000#...
14-8 Overview 14.1.4 exit Extended ACL Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-ext-nacl)#exit RFS7000(config)#...
14-9 14.1.5 help Extended ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-ext-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
14-10 Overview 14.1.6 mark Extended ACL Config Commands Use this command to mark specific packets. Syntax mark {dot1p <0-7> | tos <0-255>}} {ip} {source/source-mask | host source | any} {destination/destination-mask | host destination | any} [log] [rule-precedence access-list-entry precedence] mark {dot1p <0-7> | tos <0-255>}} {icmp} {source/source-mask | host source | any} {destination/ destination-mask | host destination | any} [icmp-type | [icmp-type icmp-code]] [log] [rule-precedence access-list-entry precedence] mark {dot1p <0-7>...
Page 391
14-11 mark {dot1p <0-7> | tos Use with the command to specify icmp packets as marked. mark <0-255>}} {icmp} • mark {dot1p <0-7> | tos <0-255>} – The keyword specifies mark action on {source/source-mask | an ACL. The action type is functional only over a Port ACL.
Page 392
14-12 Overview mark {dot1p <0-7> | tos Use with the command to specify tcp or udp packets as marked. mark <0-255>}} {tcp|udp} • mark {dot1p <0-7> | tos <0-255>} – The keyword specifies mark action on {source/source-mask | an ACL. The action type is functional only over a Port ACL.
Page 393
14-13 • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp protocol allow you the option of filtering icmp packets based on icmp type and icmp code. NOTE The log option is functional only for router ACL’s. The log option provides an informational logging message about the packet matching the entry sent to the console.
Page 394
14-14 Overview 14.1.7 no Extended ACL Config Commands Use this command to negate a command or set its defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark permit commands to configure the Extended ACL. Parameters deny Specifies packets to reject.
14-15 14.1.8 permit Extended ACL Config Commands Use this command to permit specific packets. NOTE ACLs do not allow DHCP messages to flow by default. Configure an Access Control Entry (ACE) to allow DHCP messages to flow through. RFS7000(config-ext-nacl)#permit ip 192.168.1.0/24 192.168.2.0/24 RFS7000(config-ext-nacl)#permit ip any host 255.255.255.255 RFS7000(config-ext-nacl)# Syntax...
Page 396
14-16 Overview permit {icmp} Use with the command to allow icmp packets. permit {source/source-mask | • permit – The keyword specifies permit action on an ACL. host source | any} • {icmp} – Specifies icmp as the protocol. {destination/ destination- mask | host destination | •...
Page 397
14-17 permit{tcp|udp} Use with the command to allow tcp or udp packets. permit {source/source-mask | • permit – The keyword specifies permit action on an ACL. host source | any} • {tcp|udp} – Specify tcp or udp as the protocol. [operator source-port] {destination/destination- •...
Page 398
14-18 Overview • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp allows filtering of icmp packets based on icmp type and code. NOTE The log option is functional only for router ACL’s. The log option causes an informational logging message about the packet matching the entry sent to the console.
14-19 14.1.9 service Extended ACL Config Commands Use this command to invoke service commands to troubleshoot or debug instance (config-if) configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the RFS7000 Switch. save-cli Saves the CLI tree for all modes in html format.
14-20 Overview 14.1.10 show Extended ACL Config Commands Use this command to view the current system information. Syntax show <paramater> Parameters Displays all the parameters for which the information can be viewed using the show command. Usage Guidelines command displays all the access lists configured in the switch console. Provide the show access-list access list name or number to view the details of a particular ACL.
Page 401
14-21 RFS7000(config-ext-nacl)#show access-list Extended IP access list 101 deny ip 192.168.1.0/24 192.168.2.0/24 rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list 110 deny ip host 192.168.1.95 host 192.168.2.98 log rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list symbol deny tcp 192.168.2.0/24 192.168.1.0/24 rule-precedence 10 permit ip any any rule-precedence 20...
14-22 Overview 14.1.11 terminal Extended ACL Config Commands Use this command to set the length/number of lines displayed on the terminal window. Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. Negates a command or set its defaults. •...
Page 403
Standard ACL Instance Use the instance to configure ACLs. Standard ACLs (config-std-nacl) ip access-list standard allow filtering based on the source address only. 15.1 Standard ACL Config Commands Table 15.1 summarizes commands. config-std-nacl Table 15.1 Standard ACL Config Command Summary Command Description Ref.
15-3 15.1.1 clrscr Standard ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-std-nacl)#clrscr RFS7000(config-std-nacl)#...
15-4 Overview 15.1.2 deny Standard ACL Config Commands Use this command to specify packets to reject. Syntax deny(A.B.C.D/M|any|host) deny any(log|rule-precedence) deny any log(rule-precedence)<1-5000> deny any rule-precedence<1-5000> deny host A.B.C.D Parameters A.B.C.D/M Source IP address range to match. Any source IP address. •...
15-5 15.1.3 end Standard ACL Config Commands Use this command to exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-std-nacl)#end RFS7000#...
15-6 Overview 15.1.4 exit Standard ACL Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-std-nacl)#exit RFS7000(config)#...
15-7 15.1.5 help Standard ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-std-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
15-8 Overview 15.1.6 mark Standard ACL Config Commands Use this command to mark specific packets. Syntax mark(8021.1p<0-7>|tos<0-255>)(A.B.C.D/M|any|host) mark(8021.1p<0-7>|tos<0-255>)any|host(log|rule-precedence<1-5000>| |A.B>C.D) Parameters 8021.1p<0-7>|tos<0-255>) • Specifies .1p priority value between 0 and 7 • Specifies a Type of Service (tos) value between 0 and 255. (A.B.C.D/M|any|host) source is the source IP address of the network or host in dotted decimal format.
Page 411
15-9 15.1.7 no Standard ACL Config Commands Use this command to negate a command or set its defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark permit commands to configure the Extended ACL. Parameters deny Specifies packets to reject.
15-10 Overview 15.1.8 permit Standard ACL Config Commands Use this command to permit specific packets. Syntax permit(A.B.C.D/M|any|host) permit any(log|rule-precedence) permit any log(rule-precedence)<1-5000> permit any rule-precedence<1-5000> permit host A.B.C.D Parameters A.B.C.D/M Source IP address range to match. Any source IP address. •...
15-11 15.1.9 service Standard ACL Config Commands Use this command to invoke service commands to troubleshoot or debug instance (config-if) configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the switch. save-cli Saves the CLI tree for all modes in html format.
15-12 Overview 15.1.10 show Standard ACL Config Commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Usage Guidelines command displays all the access lists configured in the switch console. Provide the show access-list access list name or number to view the details of a particular ACL.
Page 415
15-13 RFS7000(config-std-nacl)#show access-list Standard IP access list 1 permit any rule-precedence 10 Extended IP access list 101 deny ip 192.168.1.0/24 192.168.2.0/24 rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list 110 deny ip host 192.168.1.95 host 192.168.2.98 log rule-precedence 10 permit ip any any rule-precedence 20 Standard IP access list moto deny 192.168.1.0/24 rule-precedence 10...
15-14 Overview 15.1.11 terminal Standard ACL Config Commands Use this command to set the length /number of lines displayed on the terminal. Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. Negates a command or set its defaults. •...
Extended MAC ACL Instance Use the instance to configure ACLs associated with the (config-ext-macl) mac access-list extended switch. Use a decimal value representation of ethertypes to implement packet. The command set permit/deny/mark for Extended MAC ACLs provides hexadecimal values for each of its listed ethertypes. The switch supports all ethertypes.
Page 418
16-2 Overview 16.1 MAC Extended ACL Config Commands Table 16.1 summarizes the commands. config-ext-macl Table 16.1 Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen. page 16-3 deny Specifies packets to reject. page 16-4 Ends the current mode and changes to EXEC mode. page 16-6 exit Ends the current mode and moves to the previous mode.
16-3 16.1.1 clrscr MAC Extended ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-ext-macl)#clrscr RFS7000(config-ext-macl)#...
16-4 Overview 16.1.2 deny MAC Extended ACL Config Commands Use this command to specify packets to reject. NOTE Use a decimal value representation of ethertypes to implement a designation for a packet. The command set for Extended permit/deny/mark MAC ACLs provides hexadecimal values for each listed ethertype. The switch supports all ethertypes.
Page 421
16-5 • ip • 802.1q By default, the switch does not allow layer 2 traffic to pass through the interface. To adopt access port through an interface, configure an access control list to allow an ethernet wisp. NOTE A MAC access list entry to allow arp is mandatory to apply an IP based ACL to an interface.
16-6 Overview 16.1.3 end MAC Extended ACL Config Commands Use this command to exit from the current mode and change to PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-ext-macl)#end RFS7000#...
16-7 16.1.4 exit MAC Extended ACL Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-ext-macl)#exit RFS7000(config)#...
16-8 Overview 16.1.5 help MAC Extended ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-ext-macl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
16-9 16.1.6 mark MAC Extended ACL Config Commands Use this command to specify a packet to mark. NOTE Use a decimal value representation of ethertypes to implement permit/deny/ designations for a packet. The command set for an Extended MAC ACL mark provides hexadecimal values for each of its listed ethertypes.
Page 426
16-10 Overview Usage Guidelines Use the mark option to specify the type of service (tos) and priority value. The tos value is marked in the IP header and the 802.1p priority value is marked in the dot1q frame. Whenever the interface receives the packet, its content is checked against all the ACE’s in the ACL. It is marked based on the ACL configuration.
Page 427
16-11 16.1.7 no MAC Extended ACL Config Commands Use this command to negate a command or set defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark permit to configure the Extended ACL. Parameters deny Specifies packets to reject. mark Specifies packets to mark.
16-12 Overview 16.1.8 permit MAC Extended ACL Config Commands Use this command to specify packets to forward. NOTE Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. Extended MAC ACL’s provide hexadecimal values for each listed ethertype. The switch supports all ethertypes. Use the decimal equvilant of the ethertype listed in the CLI or for any other type of ethertype.
Page 429
16-13 Usage Guidelines When creating a Port ACL, the switch (by default) does not permit an ethertype WISP. First create a rule to allow WISP to adopt access ports. Use the following CLI command to adopt access ports: permit any any type wisp NOTE Use the following command to attach a MAC access list to a port on a layer 2 interface: mac access-group <acl number/name>...
16-14 Overview 16.1.9 service MAC Extended ACL Config Commands Use this command to invoke service commands to trobuleshoot or debug instance (config-if) configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the switch. save-cli Saves the CLI tree for all modes in html format.
16-15 16.1.10 show MAC Extended ACL Config Commands Use this command to view current system information. Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command. Usage Guidelines command displays the access lists configured for the switch. Provide the access list show access-list name or number to view specific ACL details.
Page 432
16-16 Overview RFS7000(config-ext-macl)#show access-list Extended MAC access list 200 permit any any type arp rule-precedence 10 permit any any type wisp rule-precedence 20 Extended MAC access list 250 deny host 01:02:fe:45:76:89 host 01:02:89:78:78:45 rule-precedence 10 permit any any type arp rule-precedence 20 RFS7000(config-ext-macl)#...
16-17 16.1.11 terminal MAC Extended ACL Config Commands Use this command to set the length or number of lines displayed Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. Negates a command or sets defaults. •...
DHCP Instance Use the instance to configure the DHCP server address pool associated with the switch. Use (config-dhcp) command to reach instance. ip dhcp pool (pool name) (config-dhcp) 17.1 DHCP Config Commands Table 17.1 summarizes commands. config-std-nacl Table 17.1 DHCP Server Config Command Summary Command Description Ref.
17-2 Overview Command Description Ref. domain-name Configures the domain name. page 17-13 Ends the current mode and moves to the EXEC mode. page 17-14 exit Ends the current mode and moves to the previous mode. page 17-15 hardware-address Configures the hardware address using either a dashed or dotted page 17-16 hexadecimal string.
17-3 17.1.1 address DHCP Config Commands Use this command to specify a range of addresses for DHCP network pool. Syntax address (range) (low IP address) (high IP address) Parameters range (low IP address) Use this command to add an address range for the DHCP server. (high IP address) •...
Page 438
17-4 Overview 17.1.2 bootfile DHCP Config Commands Use this command to assign a bootfile name for the DHCP configuration on the network pool. Syntax bootfile <filename> Parameters bootfile <filename> Indicates the boot image for bootp clients. The file name can contain letters, numbers, dots and hyphens.
Page 439
17-5 17.1.3 class DHCP Config Commands Use this command to associate a DHCP class with a pool. This command is used in Step 4 in the usage guidelines provided below. The CLI prompt moves to a sub-instance The configuration mode changes from (config-dhcp-class).
Page 440
17-6 Overview 17.1.3.1 config-dhcp-class to enter the ( instance. Use this instance to set an address (config-dhcp)# class config-dhcp-class) range for a DHCP user class in a DHCP server address pool. Table 17.2 summarizes commands. config-dhcp-class Table 17.2 Config- dhcp-class Command Summary Command Description address...
Page 441
17-7 17.1.4 client-identifier DHCP Config Commands Use this command to assign a name to the client-identifier. A client identifier is used to reserve an IP address for DHCP clients. Syntax client-identifier <ascii string> Parameters client-identifier To prepend a null character , use at beginning.
Page 442
17-8 Overview 17.1.5 client-name DHCP Config Commands Use this command to a add client name for the DHCP clients. Syntax client-name <name> Parameters client-name <name> to add a client name. The domain name must not be client-name included. Example RFS7000(config-dhcp)#client-name testpc RFS7000(config-dhcp)#...
Page 443
17-9 17.1.6 clrscr DHCP Config Commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-dhcp)#clrscr RFS7000(config-dhcp)#...
Page 444
17-10 Overview 17.1.7 ddns DHCP Config Commands Use this command to configure dynamic DNS parameters like domain name, enabling multi-user class and IP address of the server. Syntax ddns [domainname (name)|multiple-user-class|server (IP address) (IP address)| ttl <1-864000>|update-all] Parameters domainname (name) Sets domain name used for DDNS updates.
Page 445
17-11 17.1.8 default-router DHCP Config Commands Use this command to configure the default router or gateway IP address for the network pool. To remove the default router list, use the command. no default-router default-router <Router IP address> Parameters default-router Specifies the default router IP address for the network pool. <router IP address>...
Page 446
17-12 Overview 17.1.9 dns-server DHCP Config Commands Use this command to configure the DNS server’s IP address available to the DHCP clients connected to the pool. Use the command to remove DNS server list. no dns-server Syntax dns-server <ip address1> <ip address2> <ip address3> ..<ip address8> Parameters dns-server <IP address>...
Page 447
17-13 17.1.10 domain-name DHCP Config Commands Use this command to configure the domain name for the network pool. Use the command no domain-name to remove the domain name. Syntax domain-name (name) Parameters domain-name (name) Configures the domain name for the network pool. Usage Guidelines The domain name cannot be more than 256 characters.
Page 448
17-14 Overview 17.1.11 end DHCP Config Commands Use this command to exit the current mode and moves to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-dhcp)#end RFS7000#...
Page 449
17-15 17.1.12 exit DHCP Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config)#ip dhcp pool TestPool RFS7000(config-dhcp)#exit RFS7000(config)#...
Page 450
17-16 Overview 17.1.13 hardware-address DHCP Config Commands Use this command to reserve an IP address (manually) based on a DHCP client’s hardware address. Use the command to remove this from the DHCP pool. hardware-address Syntax hardware-address [XX-XX-XX-XX-XX-XX | XX:XX:XX:XX:XX:XX] Parameters hardware-address Configures the client’s hardware address.
Page 451
17-17 17.1.14 help DHCP Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-dhcp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 452
17-18 Overview 17.1.15 host DHCP Config Commands Use this command to configure a fixed IP address for the host in dotted decimal format. Use the no host command to remove the host from the DHCP pool. Syntax host <IP address> Parameters host <IP address>...
Page 453
17-19 17.1.16 lease DHCP Config Commands Use this command to configure a valid lease time for the IP address used by all DHCP clients in the network pool. Syntax lease [{<0-365> <0-23> <0-59>}|infinite] Parameters lease [ Sets the lease time for IP address. {<0-365>...
Page 454
17-20 Overview 17.1.17 netbios-name-server DHCP Config Commands Use this command to configure the netbios-name server’s IP address. Syntax netbios-name-server <IP address> Parameters netbios-name-server NetBIOS (WINS) name servers. <IP address> • <IP address> – NetBIOS name server's IP address. Example RFS7000(config-dhcp)#netbios-name-server 2.2.2.222 RFS7000(config-dhcp)#...
Page 455
17-21 17.1.18 netbios-node-type DHCP Config Commands Use this command to configure the netbios-node type. Syntax netbios-node-type [b-node|h-node|m-node|p-node] Parameters netbios-node-type NetBIOS (WINS) name servers. [b-node | h-node | • b-node – Broadcast node. m-node | p-node • h-node – Hybrid node. •...
Page 456
17-22 Overview 17.1.19 network DHCP Config Commands Use this command to configure the network pool’s IP address. This maps the current DHCP pool with the specific network. Syntax network [A.B.C.D|A.B.C.D/M] Parameters network Network number and mask. [A.B.C.D|A.B.C.D/M] • A.B.C.D – Network number in dotted decimal format. •...
Page 457
17-23 17.1.20 next-server DHCP Config Commands Use this command to configure the IP address of the next server in the boot process. Syntax next-server <IP address> Parameters next-server <IP address> Defines the next server in the boot process. • <IP address> – Server's IP address. Example RFS7000(config-dhcp)#next-server 2.2.2.22 RFS7000(config-dhcp)#...
Page 458
17-24 Overview 17.1.21 no DHCP Config Commands Use this command to negate a command or set defaults. Syntax no [address|bootfile|client-identifier|client-name|ddns|default-router|dns- server|domain-name|hardware-address|host|lease|netbios-name-server|netbios-node- type|network|next-server|option|update] Parameters command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated. The pool has only one bootfile and hence the is not required when using the command.
Page 459
17-25 17.1.22 option DHCP Config Commands Use this command to define the raw DHCP option used in DHCP pools. Syntax option (name)[IP Value|ASCII Value] Parameters option (name) Raw DHCP options. • (name) – Name of the DHCP option. • IP Value – IP Value of the DHCP option. •...
17-26 Overview 17.1.23 service DHCP Config Commands Use this command to invoke service commands to troubleshoot or debug the instance (config-dhcp) configurations. Syntax service(show) (cli) Parameters show Shows running system information. Shows CLI tree of current mode. Example RFS7000(config-dhcp)#service show cli DHCP Server Config mode: +-address +-range...
Page 461
17-27 17.1.24 show DHCP Config Commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-dhcp)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 462
17-28 Overview RFS7000(config)#show dhcp config service dhcp ip dhcp option option189 189 ascii ip dhcp pool vlan4 default-router 2.2.2.1 network 4.4.4.0/24 address range 4.4.4.100 4.4.4.200 ip dhcp pool vlan2 ip dhcp pool TestPool lease 200 12 30 domain-name TestDomain bootfile DHCPbootfile netbios-node-type p-node ddns domainname TestDomain address range 1.2.3.2 2.3.2.1...
17-29 17.1.25 update DHCP Config Commands Use this command to control the usage of the DDNS service. Syntax update (dns)(override) Parameters update (dns) (override) Controls the usage of the DDNS service. • (dns) – Dynamic DNS Configuration. • (override) – Enables Dynamic Updates by an onboard DHCP Server. Usage Guidelines A DHCP client cannot perform updates for RR’s A, TXT and PTR.
17-30 Overview 17.2 Configuring DHCP Server using CLI DHCP configuration is conducted by creating pools and mapping them to L3 interfaces (SVI). A pool can be configured either as a network pool or host pool. A network pool includes ranges. When the network pool is mapped to a L3 interface, DHCP clients requesting IP from the interface get an IP from the included range.
Page 465
17-31 3. Use the command to map the network pool to interface. network network 192.168.0.0/24 In the above example, represents the L3 interface. When executing this 192.168.0.0/24 command, no check is performed to verify whether an interface with the specified IP/Netmask exists. A pool can be created and mapped to a non exisitng L3 interface, hence a verification is not required.
DHCP Class Instance to enter instance. Use this instance to (config)#ip dhcp class <class name> (config-dhcpclass) configure the DHCP user class. The switch supports a maximum of 8 user classes per DHCP class. Also refer ip on page 5-28 DHCP Instance on page 17-1 for other DHCP related configurations.
18-2 Overview 18.1.1 clrscr DHCP Server Class Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-dhcpclass)#clrscr RFS7000(config-dhcpclass)# 18.1.2 end DHCP Server Class Config Commands Use this command to end and exit from the current mode and change to the PRIV EXEC mode. The prompt changes to RFS7000#.
18-3 18.1.4 help DHCP Server Class Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-dhcpclass)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 470
18-4 Overview Parameters multiple-user-class Disables the multiple user class option. option Undo DHCP Server options. Example RFS7000(config-dhcpclass)#no multiple-user-class RFS7000(config-dhcpclass)# 18.1.7 option DHCP Server Class Config Commands Use this command to specify a value for DHCP user class options. This command is used in Step 2 in the usage guidelines provided below.
Page 471
18-5 18.1.8 service DHCP Server Class Config Commands Use this command to invoke service commands to troubleshoot or debug (config-if) instance configurations. Syntax service (show) (cli) Parameters show (cli) Displays the CLI tree of current mode. Example RFS7000(config-dhcpclass)#service show cli DHCP Server Class Config mode: +-clrscr [clrscr] +-do...
Page 472
18-6 Overview 18.1.9 show DHCP Server Class Config Commands Use this command to view the current system information. Syntax show <parameters> show dhcp [config|status] show ip dhcp [binding|class|pool|sharednetwork] Parameters Displays all the parameters for which the information can be viewed using the show command.
Page 473
18-7 users Display information about currently logged in users version Display software & hardware version wireless Wireless configuration commands wlan-acl wlan based acl RFS7000(config-dhcpclass)#show RFS7000(config-dhcpclass)#show ip dhcp binding MAC/Client-Id Expiry Time ------------- ----------- 10.10.10.109 00:a0:f8:bf:8a:4b Mon Sep 17 12:32:53 2007 10.10.10.110 00:0e:9b:98:f9:34 Mon Sep 17 13:34:31 2007...
RADIUS Server Instance command moves to the RADIUS server mode. The local (Onboard) RADIUS server radius-server local configuration commands are listed under this mode. Use the instance to configure local (config-radsrv) RADIUS server parameters. 19.1 RADIUS Configuration Commands Table 19.1 summarizes the Gloabl Config commands.
Page 476
19-2 Overview Command Description Ref. help Displays the interactive help system. page 19-19 ldap-server LDAP server parameters. page 19-20 RADIUS client. page 19-22 Negates a command or set its defaults. page 19-23 proxy RADIUS proxy server. page 19-24 rad-user RADIUS user configuration. page 19-25 server Configures server certificate parameters.
19-3 19.1.1 authentication RADIUS Configuration Commands Use this command to configure an authentication scheme used with RADIUS server. Syntax authentication(data-source|eap-auth-type) authentication data-source(ldap|local) authentication eap-auth-type(all|peap-gtc|peap-mschapv2|tls|ttls-md5| ttls-mschapv2|ttls-pap) Parameters data-source RADIUS data source for user authentication. • ldap – Remote LDAP server. • local – Local user database. eap-auth-type RADIUS EAP and default authentication type configuration.
Page 478
19-4 Overview 19.1.2 ca RADIUS Configuration Commands Use this command to configure CA (Certificate Authority) parameters. Syntax ca trust-point(WORD) Parameters trust-point (WORD) Trustpoint configuration. • WORD – Existing trustpoint name. Usage Guidelines Configure the trustpoint used by the local RADIUS server. Create the before it is used by the trustpoint command.
19-5 19.1.3 clrscr RADIUS Configuration Commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-radsrv)#clrscr RFS7000(config-radsrv)#...
19-6 Overview 19.1.4 crl-check RADIUS Configuration Commands Use this command to enable a Certificate Revocation List (CRL) check. To enable the certificate revocation list, ensure is loaded using the command. crl list crypto pki import <trustpoint-name> crl Syntax crl-check Parameters enable Enables a CRL check.
19-7 19.1.5 end RADIUS Configuration Commands Use this command to exit from the current mode and move to the PRIV EXEC mode. The prompt now changes RFS7000# Syntax Parameters None. Example RFS7000(config-radsrv)#end RFS7000#...
19-8 Overview 19.1.6 exit RADIUS Configuration Commands Use this command to exit the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-radsrv)#exit RFS7000(config)#...
Page 483
19-9 19.1.7 group RADIUS Configuration Commands Use this command to configure RADIUS user groups. The CLI moves to a sub-instance config-radsrv-group to create a new group. The prompt changes from RFS7000(config-radsrv)# RFS7000(config-radsrv-group)#. Table 19.2 summarizes the RADIUS User Group commands within the sub- (config-radsrv-group) instance.
19-10 Overview 19.1.7.2 end RADIUS Configuration Commands Use this command to exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-radsrv-group)#end RFS7000# 19.1.7.3 exit RADIUS Configuration Commands Use this command to exit the current mode and move to the previous mode ).
19-11 19.1.7.5 guest-group RADIUS Configuration Commands Use this command to manage a guest-user linked with a hotspot. Additionally, create a guest-user and associate it with a guest-group. The guest-user and the policies of the guest-group are used for hotspot authentication. Syntax guest-group Parameters...
Page 486
19-12 Overview Parameters policy RADIUS group access policy configuration. Resets the access policy day for this group. time Configures access policy time for this group. vlan VLAN ID for this group. wlan Configures WLAN access policy for this group. <1-32> WLAN Range.
Page 487
19-13 Syntax policy(day|time|vlan|wlan) policy day(all|fr|mo|sa|su|th|tu|we|weekdays) ploicy time(start|end)<0-23><0-59> policy vlan<1-4094> Parameters Day of access policy configuration. • all – All days (from Sunday to Saturday). • fr – Friday • mo – Monday • sa – Saturday • su – Sunday •...
Page 488
19-14 Overview 19.1.7.9 rad-user RADIUS Configuration Commands Use this command to add an exisitng RADIUS user to this group. If the RADIUS user is not available in the Onboard RADIUS server’s database, create a new RADIUS user using command from rad-user (config- mode.
Page 489
19-15 +-mo [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-sa [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-su [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-th [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-tu [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-we [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-weekdays [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-time +-start +-<0-23> +-<0-59> +-end +-<0-23> +-<0-59> [policy time start <0-23> <0-59> end <0-23> <0-59>] -- MORE --, next page: Space, next line: Enter, quit: Control-C RFS7000(config-radsrv-group)# 19.1.7.11 show...
Page 490
19-16 Overview sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters startup-config Contents of startup configuration terminal Display terminal configuration parameters timezone Display timezone upgrade-status Display last image upgrade status users Display information about terminal lines version Display software &...
Page 491
19-17 19.1.7.12 Example–Creating a Group The use of the sub-instance is explained below: (config-radsrv-group) 1. Create a group called Sales in the local RADIUS Server database. RFS7000(config-radsrv)#group sales 2. Check RADIUS user group configuration commands. RFS7000(config-radsrv-group)#? Radius user group configuration commands: clrscr Clears the display screen End current mode and change to EXEC mode...
Page 492
19-18 Overview 8. Use to add a realm name. (config-radsrv)#proxy RFS7000(config-radsrv)#proxy realm mydomain.com server 10.10.1.10 port 1812 secret 0 testing 9. Save the changes and restart the RADIUS service. RFS7000(config-radsrv)#service radius restart Sep 08 17:48:04 2006: %PM-5-PROCSTOP: Process "radiusd" has been stopped Sep 08 17:48:05 2006: RADCONF: radius config files generated successfully RFS7000(config-radsrv)#Sep 08 17:48:05 2006: %DAEMON-6-INFO: radiusd[8830]: Ready to process requests.
19-19 19.1.8 help RADIUS Configuration Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-radsrv)#help? help Description of the interactive help system RFS7000(config-radsrv)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 494
19-20 Overview 19.1.9 ldap-server RADIUS Configuration Commands Use this command to configure LDAP server parameters. It uses the exisitng external database in form of an active directory with the onboard RADIUS server instead of a local database on the switch. Syntax ldap-server[primary|secondary] (host <A.B.C.D>) (port <1-65535>) (login <name>) (bind-dn <name>) (base-dn <name>) (passwd [0|2|WORD]) (passwd-...
Page 496
19-22 Overview 19.1.10 nas RADIUS Configuration Commands Use this command to configure the RADIUS client. Syntax nas(A.B.C.D/M)key(0|2|LINE) Parameters A.B.C.D/M RADIUS Client IP address. RADIUS Client shared key. • 0 – Password is specified UNENCRYPTED. • 2 – Password is encrypted with password-encryption secret. •...
Page 497
19-23 19.1.11 no RADIUS Configuration Commands Use this command to negate a command or set its defaults. Syntax no(authentication|ca|crl-check|group|ldap-server|nas|proxy|rad- user|server|service) Parameters authentication RADIUS authentication. Configures ca certificate parameters. crl-check Certificate Revocation List (CRL) check. group Local RADIUS Server group configuration. ldap-server LDAP server parameters.
Page 498
19-24 Overview 19.1.12 proxy RADIUS Configuration Commands Use this command to configure a proxy RADIUS server based on the realm/suffix. Syntax proxy(realm|retry-count|retry-delay) proxy relam(WORD)server(A.B.C.D)port(<1024-65535>)secret(0|2|WORD) Parameters realm WORD Realm name is a string of up to 50 characters. • server (A.B.C.D) – Proxy server IP address. •...
19-25 19.1.13 rad-user RADIUS Configuration Commands Use this command to configure RADIUS user parameters. Syntax rad-user(WORD)password(0|2|WORD) (group)(guest)(expiry-time)(expiry-date) (start-time))start-date) Parameters WORD Enter a user name up to 64 characters in length. password(0|2|WORD) RADIUS user password. • 0 – Password is specified as UNENCRYPTED. •...
Page 500
19-26 Overview 19.1.14 server RADIUS Configuration Commands Use this command to configure the server certificate parameters used by the RADIUS server. The server certificate is a part of a trustpoint created crypto on page 5-17. Syntax server trust-point Parameters trust-point (WORD) Trustpoint configuration.
19-27 19.1.15 service RADIUS Configuration Commands Use this command to invoke service commands to trobuleshoot or debug instance (config-radsrv) configurations. This command is also used to enable the RADIUS Server. Syntax service (show) (cli) Parameters show (cli) Shows running system information. Example RFS7000(config-radsrv)#service show cli Radius Configuration mode:...
19-28 Overview 19.1.16 show RADIUS Configuration Commands Use this command to view current system information. Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command. Usage Guidelines To view the show command parameters of RADIUS, refer to radius on page 2-58.
Page 503
19-29 RFS7000(config)#show radius trust-point Trust-point Configured For Radius ________________________________ Server Trust-point : tp1 CA Trust-point : default-trustpoint RFS7000(config)#show radius configuration Radius Server Configuration --------------------------- Server Status : enabled Data Source : local RFS7000(config)#...
Wireless Instance Use the instance to configure wireless parameters. (config-wireless) 20.1 Wireless Configuration Commands Table 20.1 summarizes the Global Config commands. Table 20.1 Wireless Configuration Command Summary Command Description Ref. Envokes AAP commands to define how the switch passes adaptive AP page 20-4 configurations to adopted APs.
20-2 Overview Command Description Ref. ap-udp-port Use this command to configure the UDP port for L3 adoption of AP’s. page 20-10 Note Enables this option for the DHCP Server supporting this access-port. broadcast-tx- Sets the rate at which broadcast and multicast traffic is transmitted. page 20-11 speed client...
Page 507
20-3 Command Description Ref. radio Radio related commands. page 20-35 rate-limit Sets default rate limits per user. page 20-42 self-heal Self healing configuration commands. page 20-43 sensor Wireless Intrusion Protection System (WIPS) parameters. page 20-45 service Service commands. page 20-46 show Shows running system information.
20-4 Overview 20.1.1 aap Wireless Configuration Commands Use this command to configure adaptive AP parameters. Syntax aap [config-apply (def-delay|mesh-delay)<30-10000> Parameters config-apply (def- Apply Configuration settings. delay|mesh-delay) • def-delay <30-10000> – Default time (in seconds) to delay before applying <30-10000> config. •...
Page 509
20-5 20.1.2 adopt-unconf-radio Wireless Configuration Commands Use this command to adopt a radio (even if not yet configured). The default template is used for configuration. Syntax adopt-unconf-radio Parameters enable Enables the adoption of unconfigured radios. Example RFS7000(config-wireless)#adopt-unconf-radio enable RFS7000(config-wireless)#...
Page 510
20-6 Overview 20.1.3 adoption-pref-id Wireless Configuration Commands Use this command as a switch preference identifier. Radios configured with this identifier are more likely to be adopted by this switch. Syntax adoption-pref-id Parameters <1-65535> Select a pref-ID within 1-65535. Example RFS7000(config-wireless)#adoption-pref-id 500 RFS7000(config-wireless)#...
Page 511
20-7 20.1.4 ap Wireless Configuration Commands Use this command to define the name and location of the access port. Syntax ap [<AP index>|<MAC Address>][location|name] Parameters AP Index A single AP index. Use command ot view the AP’s index show wireless ap value.
20-8 Overview 20.1.5 ap-detection Wireless Configuration Commands Use this command to configure access port detection. Syntax ap-detection [approved|enable|mu-assisted-scan|timeout (approved|unapproved)] ap-detection approved add <1-200> (MAC Address)(SSID) ap-detection mu-assisted-scan(enable|refresh<30-86400>) Parameters approved The approved access port list. • add <1-200> – Adds an entry to the approved access port list. •...
20-9 20.1.6 ap-ip Wireless Configuration Commands Use this command to modify the static IP address for access port. Syntax ap-ip [<List of Indices/MAC address >|default-ap] ap-ip <List of Indices> [static-ip|switch-ip] ap-ip <List of Indices> (static-ip) <IP address/mask> <gateway IP> ap-ip <List of Indices> (switch-ip) [add <IP address>|delete(<IP address Index>|<IP address>)|set-default] ap-ip (default-ap) [add <IP address>|delete(<IP address Index>|<IP address>)| set-default]...
Page 514
20-10 Overview 20.1.7 ap-udp-port Wireless Configuration Commands Use this command to configure the UDP port for layer 3 AP adoption. Configure the DHCP server supporting the AP’s with the same parameter. Syntax ap-udp-port <1-65535> Parameters <1-65535> The port number used for layer 3 AP adoption. Example RFS7000(config-wireless)#ap-udp-port 10 RFS7000(config-wireless)#...
Page 515
20-11 20.1.8 broadcast-tx-speed Wireless Configuration Commands Use this command to configure the rate broadcast and multicast traffic transmitted between the switch and mobile units. Syntax broadcast-tx-speed(range|throughput) Parameters range Uses the lowest basic rate. Provides the maximum range. throughput Uses the highest basic rate. Provides the maximum throughput (default). Example RFS7000(config-wireless)#broadcast-tx-speed range RFS7000(config-wireless)#...
20-12 Overview 20.1.9 client Wireless Configuration Commands Use this command to configure a wireless client. This command creates an exclude-list or include list. Creating an exclude list or include list takes the user to a new mode called " ". Refer config-wireless-client-list config-wireless-client-list on page 20-13 for a...
Page 517
20-13 RFS7000(config-wireless)# no wlan 1 nac-server secondary radius-key RFS7000(config-wireless-client-list)# no wlan 1 Example RFS7000(config-wireless)#client exclude-list JustMe RFS7000(config-wireless-client-list)# 20.1.9.1 config-wireless-client-list client to enter instance. Use this (config-wireless)# (config-wireless-client-list) instance to create an exclude-list or include list. Table 20.2 summarizes commands. config-wireless-client-list Table 20.2 Exclude List Configuration Command Command Description...
Page 518
20-14 Overview wlan config-wireless-client-list Use this command to add a client exclude list name in/from the WLAN. to delete the client exclude list name from the WLAN. [no] wlan [<1-256>| <WLAN>] Syntax (config-wireless-client-list) wlan [<1-256>| WLAN-name] Parameters • <1-256> – A single wlan index. wlan [<1-256>...
Page 519
20-15 20.1.10 clrscr Wireless Configuration Commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-wireless)#clrscr RFS7000(config-wireless)#...
20-16 Overview 20.1.11 convert-ap Wireless Configuration Commands Use this command to change an access port’s mode of operation to either sensor or standalone. Syntax convert-ap <1-256>(default|sensor) Parameters Indices of the access port’s converted (from the command). <1-256> show wireless ap Lets the access port negotiate its normal mode of operation with the switch default without enforcing any conversion.
20-17 20.1.12 country-code Wireless Configuration Commands Use this command to configure the country of operation. This command erases the radio’s existing configuration. Syntax country-code <country-code> Parameters country-code Uses the two letter ISO-3166 country code ("show wireless country-code-list") to view the list of supported countries. Usage Guidelines Use the command to view the list of supported countries.
Page 522
20-18 Overview 20.1.13 dhcp-sniff-state Wireless Configuration Commands Use this command to record mobile unit DHCP state information. Syntax dhcp-sniff-state Parameters enable Enables the recording of DHCP state information for mobile units. Example RFS7000(config-wireless)#dhcp-sniff-state enable RFS7000(config-wireless)#...
Page 523
20-19 20.1.14 dot11-shared-key-auth Wireless Configuration Commands Use this command to enable 802.11 shared key authentication. NOTE Shared key authentication has known weaknesses that compromise WEP key. It must only be configured to accomodate mobile units unable to conduct Open System authentication. Syntax dot11-shared-key-auth Parameters...
20-20 Overview 20.1.15 end Wireless Configuration Commands Use this command to end and exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-wireless)#end RFS7000#...
20-21 20.1.16 exit Wireless Configuration Commands Use this command to exit the current mode and move to the previous mode. The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-wireless)#exit RFS7000(config)#...
Page 526
20-22 Overview 20.1.17 fix-broadcast-dhcp-rsp Wireless Configuration Commands Use this command to convert broadcast DHCP server responses to be unicast. Syntax fix-broadcast-dhcp-rsp (enable) Parameters enable Enables support for converting broadcast DHCP server responses to unicast. Example RFS7000(config-wireless)#fix-broadcast-dhcp-rsp enable RFS7000(config-wireless)#...
20-23 20.1.18 help Wireless Configuration Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-wireless)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
20-24 Overview 20.1.19 ids Wireless Configuration Commands Use this command to configure Intrusion Detection System settings. Syntax ids(anomaly-detection|detect-window|ex-ops) ids anomaly-detection(all|bad-essid-frame|beacon-broadcast-essid| invalid-8021x-frame|invalid-frame-length| invalid-frame-type|multicast-source|non-changing-wep-iv| null-destination|same-source-destination| tkip-countermeasures|unencrypted-traffic| weak-wep-iv)(enable|filter-ageout) ids detect-window<5-300> ids ex-ops(80211-replay-fails|all|association-requests| authentication-fails|crypto-replay-fails|decryption-fails| disassociations|eap-naks|eap-starts|probe-requests|unassoc-frames) (filter-ageout<0-86400>|threshold(mu|radio|switch)<0-9999>) Parameters anomaly-detection [options] Configures parameters related to the detection of anomalous frames on the (enable|filter-ageout) RF network.
Page 529
20-25 ex-ops Configures parameters related to the detection of excessive operations on the RF network. • 80211-replay-fails – 802.11 replay check failure. • all – Changes for all types of excessive operations. • association-requests – 802.11 authentication and association requests. •...
Page 530
20-26 Overview 20.1.20 mac-auth-local Wireless Configuration Commands Use this command to configure the local MAC authentication list. Syntax mac-auth-local<1-1000> (allow|deny)(Starting MAC Address)(Ending MAC Address)(range/list of WLAN indicies)WORD Parameters <1-1000> Entry for mac-auth-local allow Allows mobile units that match this rule to associate. deny Denies association to mobile units that match this rule.
Page 531
20-27 20.1.21 manual-wlan-mapping Wireless Configuration Commands Use this command to manually map/un-map WLANs configured on a radio. Syntax manual-wlan-mapping Parameters enable Enables support for manual WLAN mapping. Example RFS7000(config-wireless)#manual-wlan-mapping enable RFS7000(config-wireless)#...
20-28 Overview 20.1.22 mobile-unit Wireless Configuration Commands Use this command to configure mobile unit related parameters. Syntax mobile-unit (association-history(enable)|probe-history) mobile-unit probe-history (add<1-200> <MAC Address>|enable) Parameters association-history Enables the mobile unit’s association history. • enable – Enables the mobile unit’s association history. probe-history Mobile unit probe logging configuration commands.
20-29 20.1.23 mobility Wireless Configuration Commands Use this command to configure mobility parameters Syntax mobility(enable|local-address|max-roam-period|peer) mobility local-address (IP Address) mobility max-roam-period<1-300> mobililty peer (IP Address) Parameters enable Enables mobility globally. local-address Sets the local address for mobility. <IP address> • A.B.C.D – IP Address of A.B.C.D format. max-roam-period Sets the maximum roam period for a mobile unit (in seconds).
Page 534
20-30 Overview 20.1.24 multicast-packet-limit Wireless Configuration Commands Use this command to a configure multicast packet limit per second for a VLAN. Syntax multicast-packet-limit <0-128> (<1-4094>|<vlan range>) Parameters <0-128> Multicast packet limit per second. [<1-4094 | <vlan range>] • <1-4094> – Single VLAN ID (1-4094) that the new limit applies to. •...
Page 535
20-31 20.1.25 multicast-throttle-watermarks Wireless Configuration Commands Use this command to configure watermarks for handling bursts of broadcast/multicast frames. Syntax multicast-throttle-watermarks (low)<0-100> (high) <0-100> Parameters low <0-100> Configures the low water-mark. If the percentage of free packets in the system is lower than this threshold, the incoming frame will be dropped. high <0-100>...
Page 536
20-32 Overview 20.1.26 no Wireless Configuration Commands Use this command to negate a command or set its defaults. Syntax no(adopt-unconf-radio|adoption-pref-id|ap-detection|broadcast-tx-speed|country- code|dhcp-sniff-state|dot11-shared-key-auth|fix-windows-dhcp|ids|mac-auth- local|manual-wlan-mapping|mobile-unit|mobility|oversized-frames|proxy-arp|qos- mapping|radio|self-heal|sensor|service|smart-scan-channels|wlan) Parameters Refer to Table 20.1 on page 20-1 for the parameters negated using the command. Example RFS7000(config-wireless)#no mobility enable RFS7000(config-wireless)#...
20-33 20.1.27 proxy-arp Wireless Configuration Commands Use this command to respond to ARP requests on behalf of mobile units. Syntax proxy-arp Parameters enable Enables support for proxy arp. Example RFS7000(config-wireless)#proxy-arp enable RFS7000(config-wireless)#...
20-34 Overview 20.1.28 qos-mapping Wireless Configuration Commands Use this command to configure QoS mappings between wired and wireless domains. Syntax qos-mapping(wired-to-wireless|wireless-to-wired) qos-mapping wired-to-wireless(dot1p<0-7>|dscp<0-63>) (background|best-effort|video|voice) qos-mapping wireless-to-wired(background|best-effort|video|voice) dot1p<0-7> Parameters wired-to-wireless Mappings used while switching wired traffic over the air. • dot1p<0-7> – Configures the mapping of 802.1p tags to access categories.
20-35 20.1.29 radio Wireless Configuration Commands Use this command to configure radio related settings. Syntax radio (<1-4096>|RADIO|add|all-11a|all-11b|all-11bg| configure-8021X|default-11a|default-11b|default-11bg|dns-name) radio<1-4096>(adoption-pref-id|antenna-mode|base-bridge|beacon-interval|bss| channel-power|client-bridge|coordinates|copy-config-from|description|detector| dtim-period|enforce-spec-mgmt|enhanced-beacon-table|enhanced-probe-table| location-led|location-message|mac|max-mobile-units|mu-power <0-20>| neighbor-smart-scan|on-channel-scan|reset|reset-ap|rss (enable)|rts-threshold| run-acs|self-heal-offset|short-preamble|speed|tag-type|wmm) radio <1-4096> base-bridge [enable|max-clients <1-12>] radio <1-4096> bss(<1-4>|add-wlans|auto>)WLAN radio <1-4096> channel-power(indoor|outdoor)(<1-200>|acs|random)<4-20> radio <1-4096> client-bridge [bridge-select-mode(auto|manual)| enable|mesh-timeout <2-200>|ssid (SSID name)] radio <1-4096>...
Page 540
20-36 Overview Antenna diversity mode. Select from the following options: antenna-mode <diversity|primary|secondar • diversity–Full diversity (both antennas). y> • primary–Primary antenna only. • secondary–Secondary antenna only. NOTE Before executing this command, ensure the radio is present and is an AP300. Base bridge settings.
Page 541
20-37 Configures the location of this radio using x.y.z coordinates. coordinates (X,Y,Z coordinates) • <-65535-65535> – X Coordinate. • <-65535-65535> – Y Coordinate. • <-65535-65535> – Z Coordinate. Copies the configuration from a previously configured radio. copy-config-from (<1- 4096>|default-11a| • <1- 4096> – A single radio index. default-11b|default-11bg) •...
Page 542
20-38 Overview Resets a radio (this only resets the specified radio, not the complete access reset port). Resets the parent access port (this resets all radios on that access port). reset-ap Enables Remote Site Survivability (RSS). rss (enable) RTS threshold in bytes. rts-threshold<0-2347>...
Page 544
Overview Configures wi-fi tag type. tag_type [aeroscout|cricket|newbury] • aeroscout – Aeroscout Active tag. (listen-addr) • cricket – Cricket (Motorola) Active tag. <MAC address> • newbury – Newbury active tag. • listen-addr Configure multicast listening address for wi-fi active – tags.
Page 545
20-41 All 11b radios currently in configuration. all-11b All 11bg radios currently in configuration. all-11bg Configures the 802.1X username and password on adopted access ports. configure-8021X Default 11a configuration template. default-11a Default 11b configuration template. default-11b Configures the DNS name used in the L3 Discovery of adopted access ports. dns-name WORD (MAC Address) •...
20-42 Overview 20.1.30 rate-limit Wireless Configuration Commands Use this command to set default rate limit per user. Syntax rate-limit [down|up] <0-100000> Parameters down <0-100000> Up link direction - From wireless client to network. Defined in the range of <0-100000> kbps, 0=disable rate limit. up <0-100000>...
20-43 20.1.31 self-heal Wireless Configuration Commands Use this command to configure self healing. Syntax self-heal(interference-avoidance|neighbor-recovery) self-heal interference-avoidance(enable|hold-time<0-65535>| retries<0.0-15.0>) self-heal neighbor-recovery(action|enable|neighbors|run-neighbor-detect) self-heal neighbor-recovery action(both|none|open-rates|raise-power) radio(<1-4096>|RADIO) self-heal neighbor-recovery neighbors<1-1000>(<1-1000>|RADIO) Parameters Interference avoidance configuration. interference-avoidance Enables/disables interference avoidance. enable The interval (in seconds) to disable interference avoidance after a detection . This hold-time<0-65535>...
Page 548
20-44 Overview Example RFS7000(config-wireless)#self-heal interference-avoidance enable RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal interference-avoidance hold-time 600 RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal neighbor-recovery enable Note: reducing the configured transmit power of radios will ensure that there is room to increase power when a neighbor fails RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal neighbor-recovery neighbors 1 1 RFS7000(config-wireless)#...
20-45 20.1.32 sensor Wireless Configuration Commands Use this command to configure Wireless Intrusion Protection System (WIPS) parameters. Syntax sensor(<1-48>|default-config|ping-interval <2-60>|vlan) sensor <1-48> [default-config|request-config|revert-to-ap] sensor default-config(ip-mode|wips-server-ip) sensor default-config ip-mode(dhcp|static(A.B.C.D/M)(A.B.C.D)) sensor default-config wips-server-ip(primary|secondary)(A.B.C.D) Parameters Select a sensor to reset/revert the AP to its original state. Use the <1-48>...
20-46 Overview 20.1.33 service Wireless Configuration Commands Use this command to invoke service commands to troubleshoot or debug the instance (config-wireless) configuration. Syntax service(show|wireless) service show (cli) service show wireless [ap-history <accessport MAC address>| buffer-counters|enhanced-beacon-table|enhanced-probe-table|legacy-load-balance| mu-cache-buckets|mu-cache-entry|mvlan|radio (<1-4096>|description|mapping)|snmp- trap-throttle] service wireless [ap-history|buffer-counters|clear-ap-log<1-256>|dump- core|enhanced-beacon-table|enhanced-probe-table|idle-radio-send-multicast| legacy-load-balance| radio-mic-cfg|rate-scale| request-ap-log <1-256>|save-ap-log|snmp-trap-throttle]...
Page 551
20-47 Stats and Parameters related to snmp trap throttling. snmp-trap-throttle service (wireless) Access port serviceability parameters. Use history to access port history. The ap-history (clear|enable) following options can be used to access ap-history: • clear – Deletes all history of all APs •...
Page 552
20-48 Overview This command configures and use an AP for detecting and locating MU’s. The enhanced-probe-table switch maintains an enahnced-probe-table to track all the probes received by an [enable | erase-report | max-mu <0-512> | • enable – Disables or enables gathering of information for MU locationing. preferred (add) •...
Page 555
20-51 20.1.34 show Wireless Configuration Commands Use this command to view current system information. Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-wireless)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 556
20-52 Overview RFS7000(config-wireless)#show RFS7000(config-wireless)#show wireless AP Number of access-ports adopted Available licenses : 254 Redundancy enabled Redundancy mode : active Radios [indices] Model-Number Adoption- Mode 00-15-70-11-34-82 2 [ 3 4 ] WSAP-5100-100-WW L2 (vlan: 1) 00-A0-F8-EA-4C-99 2 [ 1 2 ] WSAP-5100-100-WW L2 (vlan: 2) RFS7000(config-wireless)#...
Page 559
20-55 The authentication type of this WLAN. authentication-type (eap|hotspot|kerberos| • eap – EAP authentication (802.1X). mac-auth|none) • hotspot – Web based authentication. • kerberos – Kerberos authentication (encryption type changes to wep128 if its not already wep128/keyguard). • mac-auth – MAC authentication (RADIUS lookup of MAC address). •...
Page 560
20-56 Overview dot11i [handshake | key | Modifies tkip/ccmp (802.11i) related parameters. key-rotation | key-rotation- • handshake (timeout <100-5000>) (retransmit<1-10>) – Use a handshake interval | to configure timeout and retransmission. opp-pmk-caching | • timeout<100-5000> – The timeout (in milliseconds) between phrase|pmk-caching | retries.
Page 561
20-57 The encryption type for this WLAN. Options include: encryption-type() • ccmp – AES Counter Mode CBC-MAC Protocol (AES-CCM/CCMP). • keyguard – Keyguard-MCM (Mobile Computing Mode). • none – No encryption. • tkip – Enables Temporal Key Integrity Protocol (TKIP). •...
Page 562
20-58 Overview Modifies hotspot related parameters. hotspot() • allow (rule index) (IP address) – Modifies hotspot allow-list parameters. Users who have not yet authenticated must be allowed access to these IP addresses. • Rule index – Allow-list Rule index (must be between (1-10). •...
Page 563
20-59 Modifies KDC related parameters. [password (0||LINE) | • password(0|2|LINE) – KDC server password, up to 127 characters. realm (LINE) | server • 0 – Password is specified UNENCRYPTED. (primary|secondary|timeo ut)] auth-port<1-65535> • 2 – Password is encrypted with password-encryption secret. •...
Page 564
20-60 Overview Configuring NAC server IP address and optional authentication port number. nac-server () [primary|secondary| • [primary|secondary] [EAP Server IP Address|RADIUS Key] – Primary server timeout or secondary server’s IP address. • A.B.C.D (auth-port) – EAP server IP address and EAP server authentication port (default:1812).
Page 565
20-61 Quality of Service commands. [classification | • classification [background|best-effort|video|voice|wmm] – Select how mcast-with-dot11i| traffic on this WLAN is classified (relative prioritization on the access mcast1 | mcast2 | port). prioritize-voice | svp | • background – Traffic on this WLAN is treated as background traffic. weight|wmm] •...
Page 566
20-62 Overview • aifsn – (Arbitration Inter Frame Spacing Number) The wait time (in milliSeconds) between data frames derived using AIFSN and the slot-time. • cw – (Contention Window parameters) MU’s pick a number between 0 and the minimum contention window to wait before retrying transmissions.
Page 567
20-63 • pap – Password Authentication Protocol. • dscp<0-63> – Specifies a DSCP (Differentiated Services Code Point) v to provide QoS to RADIUS packets. The DSCP value must be between 0-63. • dynamic-authorization (enable) – Configures support for RADIUS dynamic authorization extensions (such as Disconnect Message) and Change-Of-Authorization, as described in RFC 3576.
Page 568
20-64 Overview • server timeout<1-300> retransmit<1-100> – Modify RADIUS/802.1X server parameters. • timeout<1-300> – Time, in seconds, the switch waits for a response from the RADIUS server before retrying. • retransmit<1-100> – Number of retries before the switch gives up and disassociates the mobile unit.
Page 569
20-65 Configures WEP128 parameters. wep128 (key<1-4> (ascii|hex)<0|2|WORD> | • key<1-4> – Configures pre-shared hex keys. phrase (LINE) | wep-default- • ascii – Keys as ascii characters (5 characters for wep64, 13 for wep128). key<1-4>) • hex – Keys as hexadecimal characters (10 characters for wep64, 26 for wep128).
Page 571
20-67 20.1.36 wlan-bw-allocation Wireless Configuration Commands Use this command to enable WLAN bandwidth allocation on all radios. Syntax wlan-bw-allocation (enable) Parameters enable Enables WLAN bandwidth allocation on all radios. Example RFS7000(config-wireless)#wlan-bw-allocation enable RFS7000(config-wireless)#...
Page 573
SOLE Instance instance to configure SOLE related configuration commands. (config-sole) 21.1 SOLE Config Commands Table 21.1 summarizes the commands within the switch command line config-sole Table 21.1 Location Engine Config Command Summary Command Description Ref. adapter Configures the SOLE Adapter. page 21-2 clrscr Clears the display screen.
21-2 Overview 21.1.1 adapter SOLE Config Commands Use this command to enable or disable SOLE adapter. Syntax adapter (aeroscout) (enable) Parameters adapter SOLE Adapter name. (aeroscout) (enable) • aeroscout – Name of the adapter. • enable – Enables SOLE adapter. Usage Guidelines to disable aeroscout or all SOLE adapter.
21-3 21.1.2 clrscr SOLE Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-sole)#clrscr RFS7000(config-sole)#...
21-4 Overview 21.1.3 end SOLE Config Commands Use this command to end and exit from the current mode and change to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-sole)#end RFS7000#...
21-5 21.1.4 exit SOLE Config Commands Use this command to end current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes RFS7000 (config)# Syntax exit Parameters None. Example RFS7000(config-sole)#exit RFS7000(config)#...
Page 578
21-6 Overview 21.1.5 help SOLE Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-sole)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 579
21-7 21.1.6 no SOLE Config Commands Use this command to negate a command or set its defaults. Syntax Parameters ADAPTER (enable) Disables the specified SOLE adapter. enable Using this with disables all SOLE adapters. Usage Guidelines to either disable the aeroscout adapter or all SOLE [no] adapter [aeroscout(enable)|enable] adapters.
Page 580
21-8 Overview 21.1.7 service SOLE Config Commands Use this command to invoke service commands to troubleshoot or debug instance (config-if) configurations. Syntax service (show) (cli) Parameters show (cli) Show CLI tree of current mode. Example RFS7000(config-sole)#service show cli Location Engine Config mode: +-adapter +-ADAPTER +-enable [adapter (ADAPTER|) enable]...
Page 582
21-10 Overview 21.1.8 show SOLE Config Commands Use this command to view the current system information. Syntax show <parameters> show sole [config(adapter)|stats (adapter)|status(adapter|engine)] Parameters Displays all the parameters for which the information can be viewed using theshow command. Example RFS7000(config-sole)#show ? access-list Internet Protocol (IP) aclstats...
Page 583
21-11 wireless Wireless configuration commands wlan-acl wlan based acl RFS7000(config-sole)#show RFS7000(config-sole)#show sole config adapter SOLE Adapter Adapter Type: AeroScout Adapter Version: 2.01 Configured Status: enabled Operational Status: enabled Adapter Build Time: Fri Oct 12 13:08:59 2007 RFS7000(config-sole)# RFS7000(config-sole)#show sole stats adapter Adapter Type: AeroScout Adapter Status: enabled Number of messages received from engine Number of messages sent to engine...
Page 585
Software type and version number • Motorola responds to calls by email, telephone or fax within the time limits set forth in support agreements. If you purchased your Enterprise Mobility business product from a Motorola business partner, contact that business partner for support.
Page 586
A - 2 RFS7000 Series CLI Reference Guide...
Page 588
MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.com 72E-103891-01 Revision A January 2008...