Who Should Use this Guide The RFS7000 Series CLI Reference Guide is intended for system administrators responsible for the implementing, configuring, and maintaining the RFS7000 using the switch command line interface (CLI). It also serves as a reference for configuring and modifying most common system settings.
RFS7000 Series CLI Reference Guide Table 1 Quick Reference on How This Guide Is Organized (Continued) Chapter Jump to this section if you want to... Chapter 9, “Extended ACL Instance” Summarizes the commands within the RFS7000 Switch CLI. (config-ext-nacl) Chapter 10, “Standard ACL Instance”...
Notational Conventions The following notational conventions are used in this document: • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related documents. • Bullets (•) indicate: • action items •...
Use the Motorola Support Center as the primary contact for any technical problem, question, or support issue involving Motorola products. Motorola Support Center responds to calls by email, telephone or fax within the time limits set forth in individual contractual...
Page 7
WARRANT THAT YOU HAVE THE AUTHORITY TO BIND THAT COMPANY, PERSON OR ENTITY. 1. LICENSE GRANT. Subject to the terms of this Agreement, Motorola, Inc. and/or its subsidiaries ("Licensor") hereby grants Licensee a limited, personal, non-sublicensable, non transferable, nonexclusive license to use the software that Licensee is about to download or install and the documentation that accompanies it (collectively, the "Software") for Licensee's personal...
Page 8
RFS7000 Series CLI Reference Guide conditions of this EULA. With respect to technical information you provide to Licensor as part of any Support Services, Licensor may use such information for its business purposes, including for product support and development. Licensor will not utilize such technical information in a form that personally identifies Licensee.
Page 9
Rights" as provided for in FAR, 48 CFR 52.227-14 (JUNE 1987) or DFAR, 48 CFR 252.227- 7013 (OCT 1988), as applicable. The "Manufacturer" for purposes of these regulations is Motorola, Inc., One Symbol Plaza, Holtsville, NY 11742. 12. EXPORT RESTRICTIONS. Licensee shall comply with all export laws and restrictions and regulations of the Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control ("OFAC"), or other United States or...
This chapter describes the basic features of the Motorola CLI and how to use them. Topics covered include an introduction to command modes, navigation and editing features, help features, and command history features.
Page 20
Overview To access commands, enter the PRIV EXEC mode, which is the second level of access for the EXEC mode. In the PRIV EXEC mode, enter any EXEC command. The PRIV EXEC mode is a superset of the USER EXEC mode. Most of the USER EXEC mode commands are one-time commands and are not saved across reboots of the switch.
Table 1.1 CLI Context Hierarchy for RFS7000 User Exec Mode Priv Exec Mode Global Configuration Mode exit interface help kill license logout line mkdir logging more management page ping prompt quit radius-server reload redundancy rename service rmdir show service snmp-server show spanning-tree telnet...
Page 22
Overview Use any of the following commands to get help specific to a command mode, command name, keyword or argument: Command Description (prompt)# help Displays a brief description of the help system. (prompt)# abbreviated-command-entry ? Lists commands in the current mode that begin with a particular character string.
1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g.
Overview 1.5 Using CLI Editing Features and Shortcuts A variety of shortcuts and editing features are enabled for the CLI. The following sections describe these features: • Moving the Cursor on the Command Line • Completing a Partial Command Name •...
Keystrokes Function Function Details Summary Ctrl-N Gets the next command from history. Esc-C Converts the rest of word to uppercase. Esc-L Converts the rest of word to lowercase. Esc-D Deletes the remainder of word. Ctrl-W Deletes a word up to the cursor. Ctrl-Z Enters the command and retursn to the root prompt.
Overview 1.5.3 Deleting Entries Use any of the following keystrokes to delete command entries: Keystrokes Purpose Backspace Deletes the character to the left of the cursor. Ctrl-D Deletes the character at the cursor. Ctrl-K Deletes all characters from the cursor to the end of the command line. Ctrl-W Deletes the word up to the cursor.
1.5.7 Controlling Capitalization CLI commands are generally case-insensitive, and are typically in lowercase. To change the capitalization of the commands, use any of the following key sequences: Keystrokes Purpose Esc, C Capitalizes the letters at the right of cursor. Esc, L Changes the letters at the right of cursor to lowercase.
Common Commands This chapter explains the common CLI commands used amongst the USER EXEC and PRIV EXEC modes. The PRIV EXEC command set contains the commands available in USER EXEC mode, some commands can be entered in either mode. Commands entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands.
Page 30
Overview 2.1 Common Commands Table 2.1 summarizes commands common amongst many switch contexts and instance. Table 2.1 Common commands amongst most contexts Command Description Ref. clrscr Clears the display screen. page 2-3 debug Debugging functions. page 2-4 exit Ends the current mode and moves down to the previous mode. page 2-10 help Describes the interactive help system.
2.1.1 clrscr Common Commands Use this command to clear the screen displaying and refresh the prompt (#). Syntax clrscr Parameters None. Example RFS7000#clrscr...
Overview 2.1.2 debug Common Commands Use this command to debug certificate management, ip, mobility and MSTP functionalities. Syntax (User Exec) debug [certmgr (all|error|info)|ip (https|ssh)| mobility (cc|error|forwarding <MAC Address>|mu|packet|peer|system)| mstp (all|cli|packet|protocol|timer)] Syntax (Priv Mode) debug [all|cc|ccstats|certmgr|dhcpsvr|imi|ip|logging|mgmt|mobility|mstp|nsm| pktdrvr|pm|radius|redundancy|securitymgr] Parameters (User Exec) Debugs certificate manager messages. certmgr (all|error|info) •...
Page 33
Parameters (Priv Mode) Enables debugging. Cell controller (wireless) debugging messages. cc [access-port|all|al tap-detect| • access-port – Access port logs. capwap| • all – All modules. cluster|config|dot11|eap| ids|kerberos| • alt – Address lookup logs. l3-mob|media|mobile- • ap-detect – Rogue AP detection logs. unit|radio|radius| •...
Page 34
Overview DHCP Conf Serv er Debugging Messages. dhcpsvr [all|error|info] • all – Traces error and info messages from the DHCP Conf Server. • error – Traces error messages from the DHCP Conf Server. • info – Traces informational messages from the DHCP Conf Server. Integrated Management Interface.
Page 35
L3 Mobility. mobility [all|cc|error|forwarding • all – All debugging (except "forwarding"). <MAC Address>| • cc – ccserver events. mu|packet|peersystem] • error – Error. • forwarding – Dataplane forwarding. • <MAC Address> – MAC address of the mobbile unit. • mu – MU events and state changes. •...
Page 36
Overview RADIUS server debugging messages. radius [all|err|info|warn] • all – Traces all messages from the RADIUS server. • err – Traces error messages from the local RADIUS server. • info – Traces error, warning and informational messages from the RADIUS server.
Page 37
Example RFS7000#debug cc all RFS7000#configure t Enter configuration commands, one per line. End with CNTL/Z. RFS7000(config)#logging console 7 RFS7000(config)#Mar 15 15:41:47 2008: CC: cluster: portal unadopted. portal count now: 7 Mar 15 15:41:47 2008: CC: cluster: tx-to-wccp ap: 4, radio: 7, mu: 0, rogue: 0, sheal: 0, max-ap: 256 Mar 15 15:41:47 2008: CC: cluster: portal unadopted.
2-10 Overview 2.1.3 exit Common Commands Use this command to end the current mode and move to the previous mode. Syntax exit Parameters None. Example RFS7000(config)#exit...
2-11 2.1.4 help Common Commands Use this command to get access to the advanced help feature. Use “?” anytime at the command prompt to get access to the help topic. Two styles of help are provided: 1. Full help is available when ready to enter a command argument and describe each possible argument. There is a space between the command and ?, (e.g.
Page 40
2-12 Overview 2.1.5 no Common Commands Use this command to either negate a command or set its defaults. Syntax Parameters None. Example RFS7000(config)#no ? access-list Internet Protocol (IP) autoinstall autoinstall configuration command banner Reset login banner to nothing bridge Bridge group commands country-code Clear the currently configured country code.
2-13 2.1.6 service Common Commands Use this command to service/debug the RFS7000 Switch. Syntax (User Exec) service [diag|encrypt|locator|save-cli|show] service diag [enable|identify|limit|period <100-30000>|watchdog] service diag limit [buffer(128|128k|16k|1k|256|2k|32|32k|4k|512|64|64k|8k)<0- 65535> | fan <1-3>|filesys (etc2|flash|var)| inodes (etc2|flash|var)|load (1|15|5)|maxFDs <0-32767>| pkbuffers <0-65535>|procRAM < 0.0-100.0>|ram <0.0-25.0>| routecache <0-65535>|temperature <1-8>] service encrypt (secret)<2>...
Page 42
2-14 Overview Use this parameter to set the file system freespace limit. Select the freespace filesys (etc2|flash|var) limit for the following sub context: • etc2 • flash • ram inodes (etc2|flash|var) File system inode limit. Select the freespace limit for the following sub context: •...
Page 43
2-15 show {cli| Displays the running system information. command-history| • cli – Shows CLI tree of current mode. crash-info| • command-history – Displays a command (except show commands) diag|info|memory| history. process| reboot-history| • crash-info – Displays information about core, panic and access port dump startup-log| files.
Page 44
2-16 Overview Parameters (Priv Exec mode only) clear Resets different functions. [all|aplogs|clitree|cores| • all – Removes all core, dump and panic files. dumps|panics| • aplogs – Removes all ap log files. pm (statistics|sys-restart- count)| • clitree – Removes clitree.html (created by the save-cli command). securitymgr (flows) •...
Page 45
2-17 encrypt (secret) <2> LINE Encrypt passwords with secret phrase, using a SHA256-AES256 type of encryption. securitymgr [dump- Securitymgr parameters. core|enable-http-stats] • dump-core – Create a core file of the securitymgr process. • enable-http-stats – Enable securitymgr HTTP statistics interface. show [cli|command- Displays running system information.
Page 46
2-18 Overview Parameters(Global Config) advanced-vty Enables advanced mode vty interface. dhcp Enables the DHCP server service. password-encryption Encrypts passwords. (secret)2 LINE • secret (2) – Encrypts passwords with secret phrase, using SHA256- AES256 encryption. • LINE – Enter a passphrase for encryption. Process Monitor.
Page 48
2-20 Overview RFS7000#service diag limit ram 20 RFS7000#service diag limit routecache ? <0-65535> limit from 0-65535 RFS7000#service diag limit routecache 10240 RFS7000#service diag limit temperature ? <1-8> temperature sensor number RFS7000#service diag period ? <100-30000> Diagnostics period <100-30000> default 1000 milliseconds RFS7000#service diag period 20000 RFS7000#service save-cli /usr/scripts/genclitree.sh: /usr/scripts/genclitree.sh: 15: eth: not found...
Page 49
2-21 RFS7000>service show crash-info Coredump files: Name Size Date & Time ============================================= imish_8990_200B.core.gz 299.5k Aug 31 23:50 RFS7000> RFS7000>service show info 4.0M out of 4.0M available for logs. 9.7M out of 11.4M available for history. 16.1M out of 18.6M available for crashinfo. List of Files: imish_8990_200B.core.gz 299.5k...
Page 50
2-22 Overview 1676 0.6 logd 1672 0.6 wccpd 1636 0.6 pmd 1636 0.6 stunnel 1370 1512 0.5 sshd 1448 0.5 mobd 1308 0.5 fileXferd....RFS7000> service show reboot-history Configured size of reboot history is 50 Date & Time Event ===================================================== Aug 30 15:32:39 2006 startup Aug 30 15:31:17 2006...
Page 51
2-23 RFS7000> service show upgrade-history Configured size of upgrade history is 50 Date & Time Old Version New Version Status ===================================================================== Aug 29 18:30:43 2006 3.0.0.0-180B 3.0.0.0-200B Successful Aug 17 15:07:03 2006 3.0.0.0-17872X 3.0.0.0-180B Successful Aug 11 19:29:41 2006 3.0.0.0-170B 3.0.0.0-17872X Successful Aug 11 19:28:52 2006 3.0.0.0-170B 3.0.0.0-170B Unable to get update file.
2-24 Overview 2.1.7 terminal Common Commands Use this command to set the length /number of lines displayed on the terminal window. Syntax terminal[length <0-512>|no(length <0-512>|width)|width <0-512> ] Parameters length Sets the number of lines on a screen. Negates a command or sets its defaults. width Sets the width/number of characters on a screen line.
2-25 2.2 show Common Commands This command displays the settings for the specified system component. There are a number of ways to invoke the show command: • Invoked without any arguments, show displays information about the current context. If the current context contains instances, then show command (usually) displays a list of these instances.
Page 54
2-26 Overview Display Description Mode Example Parameters redundancy-history Displays the switch state transition history. Common page 2-54 redundancy- Displays redundancy group members in detail. Common page 2-55 members snmp Displays SNMP engine parameters. Common page 2-56 snmp-server Displays SNMP engine parameters. Common page 2-57 spanning-tree...
Page 55
2-27 Display Description Mode Example Parameters Displays the FTP Server configuration. Privilege/Global page 2-82 Config password- Displays the password’s encryption settings. Privilege/Global page 2-83 encryption Config running-config Displays the current operating configuration. Privilege/Global page 2-84 Config securitymgr Displays debug info for ACL, VPN and NAT. Privilege/Global page 2-87 Config...
2-29 2.2.2 banner Common to all modes Syntax show banner Parameters motd Enters the Message of the Day banner. Example RFS7000>show banner motd Welcome to CLI RFS7000>...
Page 59
2-31 no page no service diag enable no service diag period no service diag watchdog no service locator page (exit|logout|quit) show autoinstall show autoinstall status show banner motd show commands show debugging show debugging mstp show environment show history .............(contd) RFS7000>...
2-32 Overview 2.2.4 debugging Common to all modes Syntax show debugging (mstp) Parameters Displays information related to the Multiple Spanning Tree Protocol (MSTP). mstp Example RFS7000(config)#show debugging mstp MSTP debugging status: RFS7000(config)#...
2-33 2.2.5 environment Common to all modes Syntax show environment Parameters None. Example RFS7000>show environment upwind of CPU temperature : 30.0 C CPU die temperature : 53.0 C left side temperature : 30.0 C by FPGA temperature : 29.0 C front right temperature : 27.0 C front left temperature :...
2-34 Overview 2.2.6 history Common to all modes Syntax show history Parameters None. Example RFS7000>show history 1 show 2 clrscr 3 enable 4 clrscr 5 configure terminal 6 exit 7 clrscr 8 show history RFS7000>...
2-35 2.2.7 interfaces Common to all modes Syntax show interfaces [<name>|fe|ge <1-4>|sa <1-4>| switchport(<name>|fe|ge|sa|tunnel|vlan)|tunnel <1-32>|vlan <1-4094>] Parameters IFNAME Interface name. FastEthernet interface. ge <1-4> GigabitEthernet interface. Select an index value between 1- 4. sa <1- 4> StaticAggregate interface. Select an index value between 1- 4. switchport () Status of Layer2 interfaces.
Page 65
2-37 2.2.8 ip Common to all modes Syntax show ip [access-group (IFNAME | eth <1-2> | vlan <1-4094>) | access-list |arp | ddns(binding)| dhcp (binding|pool)| dhcp-vendor-options | domain-name | http(secure-server|server)| interface(IFNAME|brief|tunnel|vlan) | name-server | nat (interfaces|translations[inside|outside][destination|source])| route(A.B.C.D|A.B.C.D/M|detail) | routing | ssh | telnet ] show ip access-group (IFNAME|eth <1-2>...
Page 66
2-38 Overview IFNAME Interface name. brief Brief summary of IP status and configuration. tunnel Tunnel interface. vlan VLAN interface. name-server DNS nameservers. nat ( ) Network Address Translation (NAT). • interfaces – NAT Configuration on Interfaces. • translations – NAT translations. •...
Page 67
2-39 vlan1 157.235.208.69(DHCP) vlan3 unassigned administratively down down RFS7000(config)# 2. The above instance may occur when a DHCP interface is disconnected. DHCP is not effected because it runs on a virtual interface and not on the physical interface. In this case, it is the physical interface that is disconnected not the virtual interface.
Page 68
2-40 Overview RFS7000#show ip domain-name IP domain-lookup : Enable Domain Name : symbol.com RFS7000#show ip http server HTTP server: Running Config status: Enabled RFS7000#show ip http secure-server HTTP secure server: Running Config status: Enabled Trustpoint: default-trustpoint RFS7000#show ip interface brief Interface IP-Address Status...
2-41 2.2.9 ldap Common to all modes Syntax show ldap(configuration(primary|secondary)) Parameters ldap LDAP server. configuration LDAP server configuration parameters. primary Primary LDAP server. secondary Secondary LDAP server. Example RFS7000(config-radsrv)#show ldap configuration LDAP Server Config Details __________________________ Primary LDAP Server configuration IP Address : 10.10.10.1 Port...
2-42 Overview 2.2.10 licenses Common to all modes Syntax show licenses Parameters None. Example RFS7000(config)#show licenses feature usage license string license value usage 2FFD7fE9 CD016155 14A92C70...
2-43 2.2.11 logging Common to all modes Syntax show logging Parameters None. Example RFS7000(config)#show logging Logging module: enabled Aggregation time: disabled Console logging: level debugging Monitor logging: disabled Buffered logging: level informational Syslog logging: disabled Log Buffer (3840 bytes): Feb 19 22:25:28 2007: %NSM-6-DHCPIP: Interface fe acquired IP address 157.235.208.122/24 via DHCP Feb 19 21:33:09 2007: %KERN-6-INFO: fe: Setting full-duplex based on negotiated link capability..
2-44 Overview 2.2.12 mac Common to all modes Syntax show mac(access-list) Parameters access-list Lists MAC access lists. Example RFS7000(config)#show mac access-list RFS7000(config)#...
2-46 Overview 2.2.14 management Common to all modes Syntax show management Parameters None. Example RFS7000(config)#show management Mgmt Interface: vlan1 Management access permitted via any vlan interface RFS7000(config)#...
2-47 2.2.15 mobility Common to all modes Syntax show mobility [event-log|forwarding|global|mobile-unit|peer|statistics] show mobility event-log [mobile-unit|peer] show mobility forwarding (AA-BB-CC-DD-EE-FF) show mobility mobile-unit [<AA-BB-CC-DD-EE-FF>|detail] show mobility peer [<A.B.C.D>|detail] show mobility statistics <AA-BB-CC-DD-EE-FF> Parameters event-log Displays mobility event logs . • mobile-unit – MU event logs. •...
2-50 Overview 2.2.17 privilege Common to all modes Syntax show privilege Parameters None. Example RFS7000>show privilege Current user privilege: superuser RFS7000>...
2-51 2.2.18 radius Common to all modes Syntax show radius [configuration|eap(configuration)|group|nas( A.B.C.D/M)|proxy| rad- user|trust-point] Parameters radius RADIUS configuration commands. configuration RADIUS server configuration parameters. eap (configuration) EAP parameters and configuration. group RADIUS group configuration. nas (A.B.C.D/M) Enter a client IP address and mask. proxy Proxy information.
2-52 Overview 2.2.19 redundancy-group Common to all modes Syntax show redundancy-group [config|runtime] Parameters config Displays redundancy group information. runtime Displays runtime redundancy group information. Example RFS7000(config)#show redundancy-group config Redundancy Group Configuration Detail Redundancy Feature : Disabled Redundancy group ID Redundancy Mode : Primary Redundancy Interface IP : 0.0.0.0...
Page 81
2-53 Redundancy Group Runtime Information Redundancy Protocol Version : 2.0 Redundancy Group License Cluster AP Adoption Count : Not Applicable Switch AP Adoption Count : Not Applicable Redundancy State : Disabled Radio Portals adopted by Group : Not Applicable Radio Portals adopted by this Switch : Not Applicable Rogue APs detected in this Group : Not Applicable Rogue APs detected by this Switch...
2-54 Overview 2.2.20 redundancy-history Common to all modes Syntax show redundancy-history Parameters None. Example RFS7000>show redundancy-history State Transition History Time Event Triggered State --------------------------------------------------------- Sep 06 18:20:56 2006 Redundancy Disabled Disabled RFS7000>...
2-55 2.2.21 redundancy-members Common to all modes Syntax show redundancy-members (A.B.C.D) Parameters A.B.C.D IP address of the member switch. Example RFS7000(config)#show redundancy-members brief Member ID (Self) : 10.10.10.10 Member State : Not Applicable Member ID : 10.10.10.1 Member State : Peer Configured...
2-57 2.2.23 snmp-server Common to all modes Syntax show snmp-server[traps(wireless-statistics( mobile-unit | radio | wireless-switch | wlan))] Parameters traps Displays trap enabled flags. wireless-statistics Displays wireless-stats rate traps. mobile-unit Displays mobile unit rate traps. radio Displays radio rate traps. wireless-switch Displays switch rate traps.
2-61 2.2.25 static-channel-group Common to all modes Syntax show static-channel-group Parameters None. Example RFS7000>show static-channel-group RFS7000>...
2-62 Overview 2.2.26 terminal Common to all modes Syntax show terminal Parameters None. Example RFS7000(config)#show terminal Terminal Type: vt102 Length: 42 Width: 125 RFS7000(config)#...
2-64 Overview 2.2.28 users Common to all modes Syntax show users Parameters None. Example RFS7000(config)#show users Line User Uptime Location 0 con 0 1003 admin 11:38m ttyS0 130 vty 0 27693 admin 10:21m RFS7000(config)#...
2-65 2.2.29 version Common to all modes Syntax show version (verbose) Parameters verbose Displays software and hardware details. Example RFS7000(config)#show version RFS7000 version 1.0.0.0-228D MIB=01a Copyright (c) 2006 Symbol Technologies, Inc. Booted from primary. Switch uptime is 0 days, 5 hours 50 minutes CPU is RMI Phoenix V0.4 255188 kB of on-board RAM RFS7000(config)#...
Page 95
2-67 Parameters Status of adopted access port. <1-48> The index of the access port. AA-BB-CC-DD-EE-FF The MAC address of a access port. ap-detection-config Detected AP configuration parameters. ap-images Lists the access port images on the switch. ap-unadopted Lists unadopted access ports. approved-aps Approved APs seen by access port scans.
Page 96
2-68 Overview statistics Mobile unit rf statistics. wlan <wlan_range> Show mobile units associated to this WLAN. • <wlan_range> – A WLAN index between 1 to 256. phrase-to-key Displays the WEP keys generated by a passphrase. wep128 Displays WEP128 keys. wep64 Displays WEP64 keys.
Page 97
2-69 wlan Wireless LAN related parameters. config WLAN configuration. <1-256> A WLAN index <1-256>. All WLANs in configuration. enabled Only WLANs currently enabled. statistics WLAN statistics. <1-256> A WLAN index <1-256>. Example RFS7000>show wireless ap Number of access-ports adopted Available licenses Clustering enabled Clustering mode : primary...
Page 98
2-70 Overview RFS7000>show wireless hotspot-config WLAN: 1 status: disabled description: WLAN1 ssid: 101 Page-Location: simple Internal Pages Page-type : login Title : Login Page Header : Network Login Description : Please enter your username and password Footer : Contact the network administrator if you do not have an account Image URL main: Image URL small: Page-type : welcome...
2-72 Overview 2.2.31 wlan-acl Common to all modes Syntax show wlan-acl [<1-256>|all] Parameters <1-256> Displays ACLs attached to the specified WLAN ID. Displays ACLs attached to the WLAN port. Example RFS7000>show wlan-acl 200 WLAN port: 200 Inbound IP Access List Inbound MAC Access List Outbound IP Access List Outbound MAC Access List :...
2-73 2.2.32 access-list Priviledge / Global Config This command lists all the access lists (numbered and named) configured on the switch. The numbered access list displays all numbered ACLs. The named access-list displays the details of the name ACL. Syntax show access-list show access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD) Show access-list <acl-name>...
2-74 Overview 2.2.33 aclstats Priviledge / Global Config This command displays the statisitcs of all the access lists configured on the switch. Syntax aclstats [<name>|fe|ge <1-4>|sa <1-4>|tunnel <1-32>|vlan <1-4094>] Parameters IFNAME Interface name. FastEthernet interface. ge <1-4> GigabitEthernet interface. Select an index value between 1-4. sa <1- 4>...
2-75 2.2.34 alarm-log Priviledge / Global Config Syntax show alarm-log ( <1-65535>| acknowledged | all | count | new | severity-to-limit( critical |informational | major | normal | warning)) Parameters <1-65535> Displays details for specific alarm Id. acknowledged Displays acknowledged alarms currently in the system. Displays all alarms currently in the system.
2-76 Overview 2.2.35 boot Priviledge / Global Config Syntax show boot Parameters None. Example RFS7000#show boot Image Build Date Install Date Version ----- -------------------- -------------------- -------------- Primary Feb 05 20:27:25 2007 Feb 13 19:29:28 2007 1.0.0.0-228D Secondary Jan 19 06:41:09 2007 Jan 23 20:14:19 2007 1.0.0.0-200D Current Boot...
2-78 Overview 2.2.37 debugging Priviledge / Global Config Syntax show debugging (mstp) Parameters mstp Displays MSTP debugging information. Example RFS7000#show debugging mstp MSTP debugging status: MSTP all debugging is on RFS7000#show debugging mstp MSTP debugging status: MSTP all debugging is on RFS7000#...
2-79 2.2.38 dhcp Priviledge / Global Config Use this command to display DHCP Server configurations. Syntax show dhcp [config|status] Parameters config Displays DHCP server configuration. status Displays whether the DHCP server is running or not. Example RFS7000#show dhcp config service dhcp ip dhcp pool vlan63 default-router 192.168.157.2 network 192.168.63.0/24...
2-80 Overview 2.2.39 environment Privilege / Global Config Syntax show environment Parameters None. Example RFS7000#show environment upwind of CPU temperature : 33.0 C CPU die temperature : 62.0 C left side temperature : 31.0 C by FPGA temperature : 30.0 C front right temperature : 28.0 C front left temperature :...
2-81 2.2.40 file Privilege / Global Config Syntax show file (information (FILE)| systems) Parameters information (FILE) Displays information on FILE. systems Lists filesystems. Example RFS7000(config)#show file systems File Systems: Size(b) Free(b) Type Prefix opaque system: 10485760 9912320 flash nvram: 20971520 19742720 flash flash:...
2-83 2.2.42 password-encryption Priviledge / Global Config Syntax show password-encryption (status) Parameters status Displays password-encryption status. Example RFS7000#show password-encryption status Password encryption is disabled RFS7000#...
2-84 Overview 2.2.43 running-config Privilege / Global Config Displays the contents of the configuration file for the switch, including all configured MAC and IP access lists and access groups applied to an interface. Syntax show running-config(full|include-factory) Parameters full Full configuration. include-factory Includes factory defaults.
Page 113
2-85 switchport access vlan 1 interface sa2 mtu 0 switchport access vlan 1 shutdown no multicast interface tunnel27 no ip address interface vlan1 ip address dhcp interface vlan400 no ip address ip route 157.235.0.0/16 157.235.208.246 aaa authentication login default local none line con 0 line vty 0 24 RFS7000(config)#...
Page 114
2-86 Overview logging host 0.0.0.0 logging host 0.0.0.0 logging host 0.0.0.0 no logging syslog logging on snmp-server community public snmp-server community private snmp-server location snmp-server contact snmp-server sysname RFS7000 snmp-server manager v2 snmp-server manager v3 snmp-server user snmptrap v3 encrypted auth md5 0x218d29df4dfde16bdec86f22cb11bc1a snmp-server user snmpmanager v3 encrypted auth md5 0x218d29df4dfde16bdec86f22cb11bc1a...
2-89 2.2.46 spanning-tree Privilege / Global Config Use this command to display spanning tree information. Syntax show spanning-tree (mst)[config|detail|instance] Parameters Displays MST information. • config – Displays configuration information. • detail – Displays detailed information. • instance – Displays instance information. Example RFS7000(config)#show spanning-tree mst detail % Bridge up - Spanning Tree Enabled...
Page 118
2-90 Overview ge4: Designated Port Id 0 - CST Priority 128 ge4: CIST Root 0000000000000000 ge4: Regional Root 0000000000000000 ge4: Designated Bridge 0000000000000000 ge4: Message Age 0 - Max Age 0 ge4: CIST Hello Time 0 - Forward Delay 0 ge4: CIST Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0 ge4: Version Multiple Spanning Tree Protocol - Received None - Send STP ge4: No portfast configured - Current...
Page 119
2-91 sa2: Version Multiple Spanning Tree Protocol - Received None - Send STP sa2: No portfast configured - Current portfast off sa2: portfast bpdu-guard default - Current portfast bpdu-guard off sa2: portfast bpdu-filter default - Current portfast bpdu-filter on sa2: no root guard configured - Current root guard off sa2: Configured Link Type point-to-point - Current shared...
Page 120
2-92 Overview ge1: no root guard configured - Current root guard off ge1: Configured Link Type point-to-point - Current shared RFS7000(config)#...
2-93 2.2.47 startup-config Privilege / Global Config Syntax show startup-config Parameters None. Example RFS7000#show startup-config ! configuration of RFS7000 version 1.0.0.0-228D! version 1.0 service prompt crash-info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser spanning-tree mst config bridge region My Name no country-code logging console 7 snmp-server manager v2...
2-95 2.2.49 upgrade-status Privilege / Global Config Syntax show upgrade-status(detail) Parameters detail Last image upgrade log. Example RFS7000#show upgrade-status detail Last Image Upgrade Status : Successful Last Image Upgrade Time : Tue Aug 29 18:32:17 2006 -------------------------------------------------------- var2 is 10 percent full /tmp is 5 percent full Free Memory 151944 kB FWU invoked via Linux shell...
2-96 Overview 2.2.50 wlan-acl Privilege / Global Config Syntax show wlan-acl [<1-256>|all] <1-256> Displays ACLs attached to the specified WLAN ID. Displays ACLs attached to WLAN port. Example RFS7000(config)#show wlan-acl 102 WLAN port: 102 Inbound IP Access List : 110 Inbound MAC Access List : Outbound IP Access List: Outbound MAC Access List :...
User Exec Commands Logging in to the switch places you within the USER EXEC command mode. Typically, a log-in requires a user name and a password. You have three attempts to enter a password correctly before a connection attempt is refused.The USER EXEC commands available at the user level are a subset of those available at the privileged level.
Page 126
Overview 3.1 User Exec Commands Table 3.1 summarizes User Exec commands. Table 3.1 User Exec commands Summary Command Description Ref. clear Resets the command to previous configuration. page 3-3 clrscr Clears the display screen. page 2-3 cluster-cli Cluster context. page 3-4 debug Debugging functions.
Overview 3.1.2 cluster-cli User Exec Commands Use this command to cluster all the CLI pertaining to the context it appears in. This feature is useful to configure each switch in the cluster by logging in to one switch which participates in the cluster. This eliminates the administrator time and effort N-1 times if there are N switches in the cluster.
Overview 3.1.4 disable User Exec Commands Enable the PRIV mode to use this command. Then, use the command to exit the PRIV mode. disable Syntax disable Parameters None. Example RFS7000>disable RFS7000>...
Overview 3.1.6 logout User Exec Commands Use this command instead of command to exit the EXEC mode. exit Syntax logout Parameters None. Example The RFS7000 Series Switch logs off on execution of this command.
Page 133
3.1.7 page User Exec Commands Use this command to toggle paging. Enabling this command displays the CLI command output page by page, instead of running the entire output at once. Syntax page Parameters None. Example RFS7000>page ? <cr> RFS7000>page RFS7000>enable RFS7000#show running-config ! configuration of RFS7000 version 1.0.0.0-280D! version 1.0...
3-10 Overview 3.1.8 quit User Exec Commands Use this command to exit the current mode, and move back down to the previous mode. Syntax quit Parameters None. Example The switch logs off upon execution of this command.
3-11 3.1.9 show User Exec Commands Use this command to exit the current mode and go down to previous mode. Syntax show Parameters autoinstall Displays the autoinstall configuration. banner Displays the “Message of the Day Login” banner. commands Displays command lists. debugging Displays debugging information outputs.
Page 136
3-12 Overview version Displays the software and hardware version. wireless Displays wireless configuration commands. wlan-acl Displays WLAN based ACL information. Example RFS7000>show autoinstall feature enabled config --not-set-- cluster cfg --not-set-- image --not-set-- expected image version --not-set-- RFS7000> RFS7000>show commands clear mobility event-log (mobile-unit|peer) clear mobility event-log (mobile-unit|peer) clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all)
Page 138
3-14 Overview Log Buffer (3552 bytes): Feb 16 18:38:03 2007: %IMI-5-USERAUTHSUCCESS: User 'admin' logged in with role of ' superuser' from auth source 'local' Feb 16 18:37:58 2007: %AUTH-6-INFO: login[20553]: root login on `pts/0' from `157.235.206.225' Feb 16 18:14:32 2007: %USER-0-EMERG: WIOS_CCSERVER[1018]: ccsrvr is creating core on users request Feb 16 18:14:25 2007: %DIAG-6-FREERAMDISK: Free /var file system space, 0.0% is...
Privileged Exec Commands Most PRIV EXEC mode commands set operating parameters. Privileged-level access must be password protected to prevent unauthorized use. The PRIV EXEC command set includes those commands contained in USER EXEC mode. The PRIV EXEC mode also provides access to configuration modes using the configure command, and includes advanced testing commands.
Page 140
Overview 4.1 Priv Exec Command Table 4.1 summarizes the Priv Exec commands. Table 4.1 Priv Exec Command Summary Command Description Ref. acknowledge Acknowledges alarms. page 4-4 archive Manages archive files. page 4-5 Changes the current directory. page 4-6 change-passwd Changes the password of the logged in user. page 4-7 clear Reset function.
Page 141
Command Description Ref. ping Sends an ICMP echo message. page 4-28 Displays the current directory. page 4-29 quit Exits the current mode and moves down to the previous mode. page 4-30 reload Halts the switch and performs a warm reboot. page 4-31 rename Renames a file.
Overview 4.1.1 acknowledge Priv Exec Command Use this command to acknowledge alarms. Syntax acknowledge alarm-log [<1-65535> | all] Parameters alarm-log Acknowledge an alarm. • <1-65535> – Acknowledges specific alarm id. • all – Acknowledges all alarms. Example RFS7000#acknowledge alarm-log all No corresponding record found in the Alarm Log.
4.1.2 archive Priv Exec Command Use this command to manage archive files. Syntax archive tar /table [FILE|URL] archive tar /create [FILE|URL] FILE archive tar /xtract [FILE|URL] DIR Parameters Manipulates (creates, lists or extracts) a tar file. /table Lists files in a tar file. /create Creates a tar file.
Page 144
Overview 4.1.3 cd Priv Exec Command Use this command to change the current directory. Syntax cd [DIR|] Parameters Changes the current directory to DIR. Example RFS7000#cd nvram:/ system:/ flash:/ RFS7000#cd flash:/? Change current directory to DIR RFS7000#cd flash:/ flash:/backup/ flash:/crashinfo/ flash:/hotspot/ flash:/log/ flash:/out/...
4.1.4 change-passwd Priv Exec Command Use this command to change the password of the logged in user. Syntax change-passwd Parameters None. Usage Guidelines A password must be between 8 to 32 characters in length. For safety reasons, the console does not display the user entered key words (refer example) for the fields.
4-10 Overview 4.1.6 clock Priv Exec Command Use this command to configure the software system clock. Syntax clock set HH:MM:SS [1-31] MONTH [1993-2035] Parameters Sets the system date and time. Example RFS7000#clock set 15:10:30 08 Sep 2006 RFS7000#show clock Sep 08 15:10:31 UTC 2006...
4-11 4.1.7 cluster-cli Priv Exec Command Use this command to cluster all the CLI pertaining to the context it appears in. This feature is useful to configure each switch in the cluster by logging in to one participating switch. This eliminates administrator time and effort, as one switch configuration can represent the entire cluster.
4-12 Overview 4.1.8 configure Priv Exec Command Use this command to move into the configuration mode. Syntax configure terminal Parameters terminal Configures from the terminal. Example RFS7000#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RFS7000(config)#...
4-13 4.1.9 copy Priv Exec Command Use this command to copy any file (config,log,txt ...etc) from any location to the switch and vice-versa. NOTE Copying a new config file onto an exisitng running-config file merges it with the existing running-config on the switch. Both, the exisitng running-config and the new config file parameters are applied as the current running-config of the switch.
4-14 Overview 4.1.10 debug Priv Exec Command Use this command for debugging purposes. This command is also used to debug various features. Syntax debug all debug cc [access-port|all|alt|ap-detect|capwap|cluster| config|dot11|eap|ids|kerberos|l3-mob|media|mobile-unit|radio| radius|self-heal|snmp|system|wips|wisp] debug ccstats <CCStats Module> debug certmgr [all|error|info] debug dhcpsvr [all|error|info] debug imi [all|cli-client|cli-server|errors|init|ntp] debug ip [https|ssh] debug logging [all|errors|monitor|subagent]...
4-16 Overview 4.1.11 delete Priv Exec Command Use this command to delete the specified file from the system. Syntax delete ({/force|/recursive}|) .FILE Parameters /force Forces deletion without a prompt. /recursive Performs a recursive delete. FILE Specifies the filename(s) to be deleted. Example RFS7000#delete flash:/out.tar flash:/out.tar.gz Delete flash:/out.tar [y/n]? y...
4-17 4.1.12 diff Priv Exec Command Use this command to view the difference between two files. Syntax diff (FILE|URL) (FILE|URL) Parameters FILE Displays the differences between FILE. Displays the differences between URL. Example RFS7000#diff startup-config running-config --- startup-config +++ running-config @@ -89,7 +89,7 @@ mobility peer 157.235.208.16 wlan 1 enable...
4-18 Overview 4.1.13 dir Priv Exec Command Use this command to view the list of files on a filesystem. Syntax dir ({/all|/recursive}|) (DIR|all-filesystems|) Parameters /all Lists all files. /recursive Lists files recursively. Lists files in named file path. all-filesystems Lists files on all filesystems. Example RFS7000#dir Directory of flash:/...
4-21 4.1.16 enable Priv Exec Command Use this command to turn on the privileged mode command. Syntax enable Parameters None. Example RFS7000#enable RFS7000#...
4-22 Overview 4.1.17 erase Priv Exec Command Use this command to erase a target filesystem. Syntax erase [cf:|flash:|nvram:|startup-config:] Parameters Erases contents of compact flash. flash Erases contents of flash. nvram Erases contents of nvram. startup-config Resets the switch configuration to factory default settings. Example RFS7000#erase cf RFS7000#erase flash...
4-23 4.1.18 kill Priv Exec Command Use this command to kill (terminate) a specified session. Syntax kill session <1-16> Parameters session Active session. There are 16 active sessions which can be terminated. Example RFS7000#show sessions SESSION USER LOCATION IDLE START TIME Console 00:00m Apr 16 20:58:58 2007...
4-24 Overview 4.1.19 logout Priv Exec Command Use this command to exit from the EXEC mode. Syntax logout Parameters None. Example RFS7000#logout Please press Enter to activate this console.
4-25 4.1.20 mkdir Priv Exec Command Use this command to create a new directory in the filesystem. Syntax mkdir DIR Parameters Directory name. Example RFS7000#mkdir TestDIR RFS7000#...
4-26 Overview 4.1.21 more Priv Exec Command Use this command to view the contents of a file. Syntax more FILE Parameters FILE Displays the content of the file. Example RFS7000#more flash:/log/messages.log Sep 08 12:27:30 2006: %PM-5-PROCSTOP: Process "radiusd" has been stopped Sep 08 12:27:31 2006: %LICMGR-6-NEWLICENSE: Licensed AP count changed to 48 Sep 08 12:27:31 2006: %CC-5-COUNTRYCODE:...
Page 165
4-27 4.1.22 page Priv Exec Command Use this command to toggle switch paging. Enabling this command displays the command output page by page, instead of running the entire output at once. Syntax page Parameters None. Example RFS7000>page ? <cr> RFS7000>page RFS7000>enable RFS7000#show running-config ! configuration of RFS7000 version 1.0.0.0-280D!
4-29 4.1.24 pwd Priv Exec Command Use this command to view the contents of the current directory. Syntax Parameters None. Example RFS7000#pwd flash:/ RFS7000#...
4-30 Overview 4.1.25 quit Priv Exec Command Use this command to exit the current mode and move down to the previous mode. Syntax quit Parameters None. Example RFS7000#quit RFS7000 release 1.0.0.0-264B Login as 'cli' to access CLI. RFS7000 login:...
4-31 4.1.26 reload Priv Exec Command Use this command to halt the switch and perform a warm reboot. Syntax reload Parameters None. Example RFS7000#reload Wireless switch will be rebooted, do you want to continue? (y/n): y The system is going down NOW !! % Connection is closed by administrator! WIOS_SECURITYMGR[1037]: FTPALG: Shutting down.
4-32 Overview 4.1.27 rename Priv Exec Command Use this command to rename a file in the existing filesystem. Syntax rename FILE FILE Parameters FILE FIle to rename. Example RFS7000#rename flash:/TestDIR/ NewTestDir RFS7000#DIR Directory of flash:/ drwx 1024 Wed Jul 19 19:14:05 2006 hotspot drwx Wed Aug 30 15:32:44 2006...
4-33 4.1.28 rmdir Priv Exec Command Use this command to delete an existing file. Syntax rmdir DIR Parameters Name of the directory to delete. Example RFS7000#rmdir flash:/NewTestDir/ RFS7000#DIR Directory of flash:/ drwx 1024 Wed Jul 19 19:14:05 2006 hotspot drwx Wed Aug 30 15:32:44 2006 drwx 1024...
4-34 Overview 4.1.29 show Priv Exec Command Use this command to show currently running system information. Syntax show <display parameter> Parameters access-list Displays Internet Protocol (IP) details of the access list. aclstats Displays ACL statistics information. alarm-log Displays alarms currently in the system. autoinstall Displays autoinstall configuration details.
Page 173
4-35 privilege Displays the current privilege level. radius Displays RADIUS configuration commands. redundancy-group Displays redundancy group parameters. redundancy-history Displays the state transition history of the switch. redundancy-members Displays redundancy group members in detail. running-config Displays the current operating configuration. securitymgr Displays securitymgr parameters.
Page 174
4-36 Overview interfaces Interface status Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer MAC access-list assignment mac-address-table Display MAC address table management Display L3 Managment Interface name mobility Display Mobility Parameters Network time protocol password-encryption password encryption...
4-37 4.1.30 telnet Priv Exec Command Use this command to open a telnet session. Syntax telnet [IP address|hostname] Parameters [IP address| host name] IP address or hostname of a remote system. Example RFS7000#telnet 157.111.222.33 Entering character mode Escape character is '^]'. Red Hat Linux release 9 (Shrike) Kernel 2.4.20-6bigmem on an i686 login: cli...
4-38 Overview 4.1.31 traceroute Priv Exec Command Use this command to trace the route to a destination. Syntax traceroute (WORD | ip WORD) Parameters WORD Traces the route to a destination address or hostname . IP trace. Example RFS7000#traceroute 157.222.333.33 traceroute to 157.235.208.39 (157.235.208.39), 30 hops max, 38 byte packets 157.235.208.39 (157.235.208.39) 0.466 ms...
4-39 4.1.32 upgrade Priv Exec Command Use this command to upgrade the switch software image. Syntax upgrade URL (background|) Parameters Defines location of firmware image. Example RFS7000#upgrade tftp://xxx.xxx.xxx.xxx:/img var2 is 10 percent full /tmp is 2 percent full Free Memory 161896 kB FWU invoked via Linux shell Running from partition /dev/hda5, partition to update is /dev/hda6...
Page 178
4-40 Overview Successful Sep 08 15:58:46 2006: %FWU-6-FWUDONE: Firmware update successful, new version is 1.0.0.0-264B RFS7000#...
4-42 Overview 4.1.34 write Priv Exec Command Use this command to write the running configuration to memory or terminal Syntax write [memory | terminal] Parameters memory Writes to NV memory. terminal Writes to terminal. Example RFS7000#write terminal ! configuration of RFS7000 version 1.0.0.0-264B! version 1.0 service prompt crash-info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d...
Global Configuration Commands The term global is used to indicate characteristics or features effecting the system as a whole. Use the Global configuration mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols). Use the configure terminal command, under PRIV EXEC, to enter global configuration mode.
Page 182
Overview 5.1 Global Configuration Commands Table 5.1 summarizes the Global Config commands. Table 5.1 Global Configuration Command Summary Command Description Ref. Authentication, Authorization and Accounting. page 5-4 access-list Adds an access list entry. page 5-5 autoinstall Autoinstalls a configuration command. page 5-11 banner Defines a login banner.
Page 183
Command Description Ref. prompt Sets the system prompt. page 5-39 radius-server Enters radius-server mode. page 5-40 redundancy Configures redundancy group parameters. page 5-41 service Service commands. page 5-43 show Shows running system information. Refer to Global Config show page 2-25 commands.
Uses external RADIUS server. Usage Guidelines Use AAA login to determine whether management user authentication must be performed against a loacl user database or a external RADIUS server. Example RFS7000(config)#username motorolaadmin password motorola RFS7000(config)#username motorolaadmin privilege superuser RFS7000(config)#aaa authentication login default local RFS7000(config)#...
5.1.2 access-list Global Configuration Commands Use this command to add an access list entry. Use the access list command under global configuration to configure the access list mechanism for filtering frames by protocol type or vendor code. Syntax access-list For Standard IP ACL’s: access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7>...
Page 186
Overview Parameters access-list Add a standard access list entry. (<1-99>|<1300-1999>) • (<1-99>|<1300-1999>) – Access numbers from 1 to 99 or 1300 to 1999. (deny|permit|mark • (deny|permit|mark) – Action types on an ACL. The action type (8021p <0-7> | mark functional only over a Port ACL. tos <0-255>)) (A.B.C.D/M | host A.B.C.D | •...
Page 187
access-list Add an Extended IP access list entry using IP keyword. (<100-199>|<2000-2699>) • <100-199>|<2000-2699> – For IP type of extended ACL, the ACL number {deny | permit | mark {dot1p must be between 100-199. <0-7> | tos <0-255>}} • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on an {ip} {source/source-mask | ACL.
Page 188
Overview access-list Add an Extended IP access list entry using icmp keyword. (<100-199>|<2000-2699>) • (<100-199>|<2000-2699>) – For ICMP extended ACLs, the ACL number {deny | permit | mark {dot1p must be between 2000-2699. <0-7> | tos <0-255>}} • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on {icmp} an ACL.
Page 189
access-list Add an Extended IP access list entry using tcp or udp keyword. (<100-199>|<2000-2699>) • (<100-199>|<2000-2699>) – For tcp or udp type of extended ACL, the {deny | permit | mark {dot1p ACL number must be between 2000-2699. <0-7> | tos <0-255>}} •...
Page 190
5-10 Overview Example The example below creates a standard access list (ACL) to permit any traffic coming to the interface. RFS7000(config)#access-list 1 permit any RFS7000(config)# The example below creates a extended IP access list to permit IP traffic between two networks. RFS7000(config)#access-list 101 permit ip 192.168.1.0/24 192.168.2.0/24 RFS7000(config)# The example below creates a extended access list to permit tcp traffic, between two networks, with...
5-11 5.1.3 autoinstall Global Configuration Commands Use this command to autoinstall the switch image. Syntax autoinstall [clear-config-history|cluster-config|config|image|start] autoinstall (cluster-config|config|image) (URL[tftp|ftp|http|cf]) autoinstall image version <number> Parameters clear-config-history Autoinstalls a clear configuration history, resulting in a reversion. cluster-config Autoinstalls a cluster-config setup. config Autoinstalls a config setup.
5-12 Overview 5.1.4 banner Global Configuration Commands Use this command to define a login banner for the switch. Syntax banner(motd(LINE|default)) Parameters motd Sets the “message of the day” banner. LINE Custom MOTD string. default Default MOTD string. Example RFS7000(config)#banner motd Welcome to my RFS7000 CLI RFS7000(config) RFS7000 release 3.0.0.0-200B Login as 'cli' to access CLI.
5-13 5.1.5 boot Global Configuration Commands This command reboots the switch with an image present in the mentioned partition ( either the primary or secondary partition). Syntax boot(system [primary|secondary]) Parameters system Specifies the boot image used after reboot. primary Specifies the primary image. secondary Specifies the secondary image.
5-15 5.1.7 country-code Global Configuration Commands Use this command to configure the country of operation. Syntax country-code Parameters None. Usage Guidelines This command erases all existing radio configuration. Example RFS7000(config)#country-code ? United Arab Emirates Argentina Austria Australia Bosnia Herzegovina Belgium Bulgaria Bahrain Bermuda...
Page 196
5-16 Overview Kuwait Kazakhstan Liechtenstein Sri Lanka Lithuania Luxembourg Latvia Morocco Malta Mexico Malaysia Netherlands Norway New Zealand Oman Peru Philippines Pakistan Poland Portugal Qatar Romania Russia Saudi Arabia Sweden Singapore Slovenia Slovak Republic Thailand Turkey Taiwan Ukraine United States Uruguay Venezuela Vietnam...
5-17 5.1.8 crypto Global Configuration Commands Use this command to configure encryption related commands. NOTE mode leads to instance. For crypto pki trustpoint (config-trustpoint) more information, see crypto-trustpoint Instance on page 6-1. Syntax crypto(key|pki) crypto key(export|generate|import|zeroize) crypto key export rsa<name> URL[tftp|ftp] crypto key generate rsa<name>...
Page 198
5-18 Overview self-signed Selfsigned mode of enrollment. trustpoint Trustpoint configuration. terminal Copies and pastes enrollment mode. Usage Guidelines Use crypto pki with diffrent parameters to configure trustpoint and its parameters. Use crypto key to configure RSA key pairs. Example RFS7000(config)#crypto pki ? authenticate Authenticate and import CA Certificate enroll...
5-19 5.1.9 debug Global Configuration Commands Use this command to turn on and off mstp debugging messages. Syntax debug (mstp) [all|cli|packet(rx |tx)|protocol (detail)|timer(detail)] Parameters Echoes all MSTP debugging levels to the console. Echoes all MSTP debugging levels to the console. packet Echoes MSTP packets (received and transmitted) to the console.
Page 200
5-20 Overview 5.1.10 do Global Configuration Commands Use this command to run commands from either the User Exec or Priv Exec mode. Syntax do (command of other mode) Parameters None. Example RFS7000(config)#do ping 157.235.208.69 PING 157.235.208.69 (157.235.208.69): 100 data bytes 128 bytes from 157.235.208.69: icmp_seq=0 ttl=64 time=0.1 ms 128 bytes from 157.235.208.69: icmp_seq=1 ttl=64 time=0.0 ms 128 bytes from 157.235.208.69: icmp_seq=2 ttl=64 time=0.0 ms...
5-21 5.1.11 end Global Configuration Commands Use this command to end the current mode and change to the Exec mode. Syntax Parameters None. Example RFS7000(config)#end RFS7000#? Priv Exec commands: acknowledge Acknowledge alarms archive Manage archive files autoinstall autoinstall configuration command Change current directory ..........
5-22 Overview 5.1.12 format Global Configuration Commands Use this command to format the Compact Flash (CF) card. Syntax format Parameters Format compact flash. Example RFS7000(config)#format cf RFS7000(config)#...
5-23 5.1.13 ftp Global Configuration Commands Use this command to configure the switch as an FTP server. Syntax ftp enable ftp password(0|1|LINE) ftp rootdir(DIR) Parameters enable Enables FTP server. password Configures a FTP password. Set the password using one of the folllowing: •...
5-24 Overview 5.1.14 hostname Global Configuration Commands Use this command to change the system’s network name. Syntax hostname(WORD) Parameters WORD Use this command to provide the name for the network. Example RFS7000(config)#hostname Eldorado Eldorado(config)#...
5-25 5.1.15 interface Global Configuration Commands Use this command configure a selected interface. NOTE The interface mode leads to the instance. For additional information, config-if interface Instance on page 7-1. The prompt changes from RFS7000(config) # RFS7000(config-if) Syntax interface(IFNAME|fe|ge <1-4>|sa <1-4>|tunnel <1-32>|vlan <1-4094>) Parameters IFNAME Interface name.
Page 206
5-26 Overview 5.1.16 ip Global Configuration Commands Use this CLI command to configure a selected Internet Protocol. NOTE Use an command to move to the ip access-list extended instance. For additional information, see (config-ext-nacl) Extended ACL Instance on page 9-1. Use an command to move to the ip access-list standard...
Page 207
5-27 Parameters access-list Use the access list parameter to enter the context and ext-nacl std-nacl context. The prompt changes to the context entered. For additional information, see Extended ACL Instance on page 9-1 (for extended ACLs) and Standard ACL Instance on page 10-1 (for standard ACLs).
Page 208
5-28 Overview ip nat <inside | outside> • <inside|outside> – Defines the interface as private (inside) or public source list <access-list (external). NAT translations refer to this keyword to identify the name> overload interface translations applied to incoming packets on an interface. <interface name>...
Page 209
5-29 Usage Guidelines By using the parameter you enter the following contexts: ip access-list • ext-nacl — Extended ACL. For more details see Extended ACL Instance on page 9-1. • std-nacl — Standard ACL. For more details see Standard ACL Instance on page 10-1. •...
5-30 Overview 5.1.17 license Global Configuration Commands Use this command to see the details of the license. Syntax license Parameters WORD Enter the name of the feature for which you wish to add a license. Example RFS7000(config)#show licenses Serial Number 6283529900020 feature license string license value...
5-31 5.1.18 line Global Configuration Commands Use this command to configure the terminal line. NOTE Using the command moves you to the instance. line vty (config-line) Syntax line(console|vty) Parameters console Primary terminal line. Virtual terminal. Configure a value between 0-871.
5-32 Overview 5.1.19 logging Global Configuration Commands Use this command to modify message logging facilities. Syntax logging(aggregation-time|buffered|console|facility|host|monitor|on|syslog) logging aggregation-time(<1-20>) logging buffered(<0-7>|alerts|critical|debugging|emergencies|errors| informational|notifications|warnings) Parameters aggregation-time Sets number of seconds (between 1 - 120) for aggregating repeated messages. buffered Sets the buffered logging level. console Sets the console logging level.
Page 213
5-33 host Configures the remote host to receive log messages. A.B.C.D Remote host's IP address. Enables the logging of system messages. Example RFS7000(config)#logging aggregation-time 20 RFS7000(config)#...
5-34 Overview 5.1.20 mac Global Configuration Commands Use this command to configure MAC access-lists. Syntax mac(access-list(extended(WORD))) Parameters access-list Enter a name for MAC extended ACL. (extended <name>) Usage Guidelines To delete a Standard/Extended or MAC ACL, use under the Global no access-list <access-list name>...
5-35 5.1.21 management Global Configuration Commands Use this command to set management interface properties. Syntax management(secure) Parameters secure Limits local access (Web/Telnet etc.) to the management interface. Example RFS7000(config)#management secure RFS7000(config)#...
Page 217
5-37 authentication-key Define an authentication key for trusted time sources. Select a keynumber <1-65534> between 1 and 65534. autokey Enables NTP autokey authentication scheme. client-only Switch will be a client to other trusted-hosts in the autokey group. host Configures the switch as a trusted host. broadcast Configures NTP broadcast service.
Page 218
5-38 Overview Example RFS7000(config)#ntp peer ? WORD Name/IP address of peer RFS7000(config)#ntp peer TestPeer ? autokey Configure autokey peer authentication scheme Configure peer authentication key prefer Prefer this peer when possible version Configure NTP version <cr> RFS7000(config)#ntp peer TestPeer autokey ? prefer Prefer this peer when possible version...
5-39 5.1.23 prompt Global Configuration Commands Use this command to configure and set the systems prompt. Syntax prompt(LINE) Parameters LINE Enter the new prompt displayed by the switch. Example RFS7000(config)#prompt NobleMan NobleMan...
5-40 Overview 5.1.24 radius-server Global Configuration Commands Use this CLI command to enter the RADIUS Server mode. The system prompt changes from the default config mode to RADIUS server mode. NOTE mode leads you to the radius-server context. For more radius-server local details see RADIUS Server Instance on page 13-1...
5-43 5.1.26 service Global Configuration Commands Use this command to retrieve system data (tables, log files, configuration, status and operation) for use in debugging and problem resolution. Syntax service(advanced-vty|dhcp|password-encryption| pm (max-sys-restarts<1-5>|sys-restart)| prompt(crash-info)|radius(restart)|set|show (cli)|terminal-length <0-512>) service set ( command-history <10-300>|reboot-history <10-100>| upgrade-history <10-100>) Parameters advanced-vty...
5-45 5.1.27 show Global Configuration Commands Use this command to view running system information. Syntax show <display parameter> Parameters access-list Displays Internet Protocol (IP) details of the access list. aclstats Displays ACL statistics information. alarm-log Displays system alarms. autoinstall Displays autoinstall configuration details. banner Displays the “Message of the Day”...
Page 226
5-46 Overview privilege Displays current privilege level. radius Displays RADIUS configuration commands. redundancy-group Displays redundancy group parameters. redundancy-history Displays switch state transition history. redundancy-members Displays redundancy group members in detail. running-config Displays current operating configuration. securitymgr Displays securitymgr parameters. sessions Displays current active open connections.
Page 227
5-47 MAC access-list assignment mac-address-table Display MAC address table management Display L3 Managment Interface name mobility Display Mobility Parameters Network time protocol password-encryption password encryption privilege Show current privilege level radius RADIUS configuration commands redundancy-group Display redundancy group parameters redundancy-history Display state transition history of the switch.
5-48 Overview 5.1.28 snmp-server Global Configuration Commands Use this command to modify SNMP engine parameters. Syntax snmp-server(community|contact|enable|host|location|manager|sysname|user) snmp-server community <community name>(ro|rw) snmp-server contact LINE snmp-server enable traps (all|dhcp-server|miscellaneous|mobility| nsm|radius-server|redundancy|snmp|wireless|wireless-statistics) snmp-server enable traps all snmp-server enable traps miscellaneous (caCertExpired|lowFsSpace|processMaxRestartsReached|savedConfigModified| serverCertExpired) snmp-server enable traps nsm dhcpIPChanged snmp-server enable traps redundancy (adoptionExceeded|grpAuthLevelChanged|memberDown|memberMisConfigured| memberUp)
Page 229
5-49 snmp-server enable traps wireless-statistics wlan (avg-bit-speed-less-than|avg-retry-greater-than|avg-signal-less-than| gave-up-percent-greater-than|nu-percent-greater-than| num-mobile-units-greater-than|pktsps-greater-than|tput-greater-than| undecrypt-percent-greater-than) snmp-server host <host IP address>(v2c<1-65535>|v3<1-65535>) snmp-server location (LINE) snmp-server manager(all|v2|v3) snmp-server sysname snmp-server user(snmpmanager|snmpoperator|snmptrap) snmp-server user (snmpmanager|snmpoperator|snmptrap) v3(auth|encrypted) snmp-server user (snmpmanager|snmpoperator|snmptrap) v3 auth (md5<password>) snmp-server user (snmpmanager|snmpoperator|snmptrap) v3 encrypted (auth|des)(md5<password>) Parameters (community) Sets the community string and access privileges.
Page 230
5-50 Overview miscellaneous ( ) Enables miscellaneous traps. • caCertExpired – Ca certificate has expired. • lowFsSpace – Available file system space lower than the limit. • processMaxRestartsReached – Process has reached the max restart limit. • savedConfigModified – Saved configuration has been modified.
Page 231
5-51 ids ( ) Enables wireless IDS traps. • muExcessiveEvents – Excessive MU events. • radioExcessiveEvents – Excessive radio events. • switchExcessiveEvents – Excessive switch events. radio ( ) Enables wireless radio traps. • adopted – Radio adopted. • detectedRadar – Radio detected radar. •...
Page 232
5-52 Overview wireless-statistics ( ) Modifies wireless-stats rate traps. • min-packets– Explained in the sections that follow. • mobile-unit– Explained in the sections that follow. • radio– Explained in the sections that follow. • wireless-switch– Explained in the sections that follow. •...
Page 233
5-53 radio Modifies radio rate traps. • avg-bit-speed-less-than <value>– Average bit speed in Mbps is less than <a decimal number greater than 0.00 and less than or equal to 54.00>. • avg-retry-greater-than <value> – Average retry is greater than <a decimal number greater than 0.00 and less than or equal to 16.00>.
Page 234
5-54 Overview wireless-switch Modify wireless-switch rate traps. • num-mobile-units-greater-than <1-8192> – Number of associated MUs is greater than <a decimal number in the range 1-8192 >. • pktsps-greater-than <value> – Packets per sec is greather than <a decimal number greater than 0.00 and less than or equal to 100000.00>.
Page 235
5-55 host <host IP address> SNMP server host IP-address. v2c <1-65535> Uses SNMP version 2c. Select a host port number within the range of <1-65535>. v3 <1-65535> Uses SNMP version 3. Select a host port number within the range of <1-65535>.
5-57 5.1.29 spanning-tree Global Configuration Commands Use this command to configure the spanning-tree commands. Syntax spanning-tree [mst|portfast] spanning-tree mst [<0-15> (priority <0-61440>)| cisco-interoperability (enale|disable)|configuration| forward-time <4-30>|hello-time <1-10>|max-age <6-40>|max-hops <7-127>] spanning-tree portfast [bpdufilter|bpduguard](default) Parameters Enables the Multiple Spanning Tree Protocol on a bridge. [<0-15>...
Page 238
5-58 Overview • forward-time <4-30> – Sets the time (in seconds) after which (if this bridge is the root bridge) each port changes states to learning and forwarding. This value is used by all instances. The default value is 15 seconds. •...
Page 239
5-59 Usage Guidelines command moves you to the spanning tree-mst Instance instance. mst > configuration If a bridge does not hear bridge protocol data units (BPDUs) from the root bridge within the specified interval, defined in the max-age (seconds) parameter, then assume that the network has changed and recompute the spanning-tree topology.
5-60 Overview 5.1.30 timezone Global Configuration Commands Use this command to configure switch timezone settings. Syntax timezone Parameters TIMEZONE Press <tab> to navigate the list of files. This action displays a list of files containing timezone information. Example RFS7000(config)#timezone Africa/ America/ Asia/ Atlantic/...
5-61 5.1.31 username Global Configuration Commands Use this CLI command to establish the user name authentication. Syntax username <name> (access|password|privilege) username <name> access (console|ssh|telnet|web) username <name> password(0|1|Line) username <name> privilege(helpdesk|monitor|nwadmin|superuser|sysadmin|webadmin) Parameters name Enter a name to authenticate the switch. The username must be between 1 - 28 characters.
5-62 Overview 5.1.32 wireless Global Configuration Commands Use this command to configure switch wireless parameters. This command leads moves you to the instance. For additional information, see Wireless Instance on page 14-1. config-wireless Syntax wireless Parameters None. Usage Guidelines The wireless command is used to enter the config-wireless instance. The prompt changes from the regular RFS7000(config)# RFS7000(config-wireless)#.
5-63 5.1.33 wlan-acl Global Configuration Commands Use this command to apply an ACL on a WLAN index. Syntax wlan-acl [<1-256>{<1-99>|<100-199>|<1300|1999>|<2000|2699>|word}][in|out] Parameters <1-256>[] WLAN number. • <1-99> — IP standard access list. • <100-199> — IP extended access list. • <1300-1999> — IP standard access list (expanded range). •...
Page 244
5-64 Overview Example The example below applies an ACL to WLAN index 200 in inbound direction from the global config mode. RFS7000(config)#wlan-acl 200 150 in RFS7000(config)# NOTE A MAC access list entry to allow is mandatory to apply an IP based ACL to an interface.
Page 245
crypto-trustpoint Instance commands to define a Certificate Authority (CA) trustpoint. config-crypto-trustpoint is a seperate instance, belonging to the mode under config-crypto-trustpoint crypto pki trustpoint instance. config 6.1 Trustpoint Config commands Table 6.1 summarizes the commands. config-crypto-trustpoint Table 6.1 Trustpoint Config Commands Summary Command Description Ref.
Page 246
Overview Command Description Ref. password Challenge password (appplicable only by request). page 6-12 rsakeypair Rsa Keypair to associate with the trustpoint. page 6-13 service Service commands. page 6-14 show Shows the running system information. page 6-15 subject-name Subject name is a collection of required parameters to configure a page 6-17 trustpoint.
6.1.1 clrscr Trustpoint Config commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-trustpoint)#clrscr RFS7000(config-trustpoint)#...
Overview 6.1.2 company-name Trustpoint Config commands Use this command to set the company name (applicable only by request) to a trustpoint. Syntax company-name Parameters WORD Company name (2 - 64 characters in length). Usage Guidelines The company name defined must be in the range of 2 to 64 characters only. Example RFS7000(config-trustpoint)#company-name RetailKing RFS7000(config-trustpoint)#...
Use this command to configure an e-mail ID for a trustpoint. Syntax email Parameters WORD email address (2 to 64 characters). Usage Guidelines The email defined must be in the range of 2 to 64 characters only. Example RFS7000(config-trustpoint)#email abcTestemailID@motorola.com RFS7000(config-trustpoint)#...
Overview 6.1.4 end Trustpoint Config commands Use this command to end and exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax Parameters None. Example RFS7000(config-trustpoint)#end RFS7000#...
6.1.5 exit Trustpoint Config commands Use this command to end the current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)#. Syntax exit Parameters None. Example RFS7000(config-trustpoint)#exit RFS7000(config)#...
Overview 6.1.6 fqdn Trustpoint Config commands Use this command to configure the fully qualified domain name (fqdn) for the trustpoint. Syntax fqdn Parameters None Usage Guidelines The string length of the domain name must between 9 to 64 characters. Example RFS7000(config-trustpoint)#fqdn RetailKing.com RFS7000(config-trustpoint)#...
6.1.7 help Trustpoint Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-trustpoint)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
6-10 Overview 6.1.8 ip-address Trustpoint Config commands Use this command to configure an IP address for the trustpoint. Syntax ip-address Parameters A.B.C.D Enter the IP address configured for the trustpoint. Example RFS7000(config-trustpoint)#ip-address 157.200.200.02 RFS7000(config-trustpoint)#...
Page 255
6-11 6.1.9 no Trustpoint Config commands Use this command to negate a command or set defaults. Syntax no <previous command used> Parameters None. Example RFS7000(config-trustpoint)#no ip-address RFS7000(config-trustpoint)#...
6-12 Overview 6.1.10 password Trustpoint Config commands Use this command to set the challenge password, applicable only for trustpoint access requests . Syntax password(0|2|WORD) Parameters Password is specified UNENCRYPTED. The password must be between 4 - 20 characters. Password is encrypted with a password-encryption secret. The string length of an encrypted password must be between 44 - 64 characters.
6-13 6.1.11 rsakeypair Trustpoint Config commands Use this command to configure a RSA Keypair to associate with the trustpoint. Syntax rsakeypair Parameters WORD RSA keypair identifier. Usage Guidelines Use RSA Key Pair support to configure the switch to have Rivest, Shamir, and Adelman (RSA) key pairs. The switch software can maintain a different key pair for each identity certificate.
6-14 Overview 6.1.12 service Trustpoint Config commands Use this command to invoke service commands to trobuleshoot or debug instance crypto pki trustpoint configurations. Syntax service(show)(cli) Parameters show (cli) Shows the CLI tree of current mode. Example RFS7000(config-trustpoint)#service show cli Trustpoint Config mode: +-clrscr [clrscr] +-company-name +-WORD [company-name WORD]...
6-15 6.1.13 show Trustpoint Config commands Use this command to view current system information. Syntax show <parameter> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-trustpoint)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 260
6-16 Overview RFS7000(config)#show crypto pki trustpoints Trustpoint :default-trustpoint ----------------------------------------------- Server certificate configured Subject Name: Common Name: Symbol Technologies Issuer Name: Common Name: Symbol Technologies Valid From: Mar 11 03:38:26 2007 GMT Valid Until: Mar 10 03:38:26 2008 GMT RFS7000(config)# RFS7000(config-trustpoint)#show access-list Standard IP access list 1 deny any rule-precedence 1 RFS7000(config-trustpoint)#...
Page 263
interface Instance Use the ) instance to configure Fast Ethernet (fe), Giga Ehternet (ge), StaticAggregate interface (config-if (sa), VLAN and tunnel . Use the to reach this instance. (config)# interface [fe|ge|sa|tunnel|vlan] 7.1 Interface Config commands Table 7.1 summarizes the commands. config-if Table 7.1 Interface Config Command Summary Command...
Page 264
Overview Command Description Ref. port-channel Port channel commands. page 7-15 service Service commands. page 7-16 show Shows the running system information. page 7-17 shutdown Shutsdown the selected interface. page 7-20 spanning-tree Configures spanning-tree. page 7-21 speed Configures speed. page 7-23 static-channel- Configures static channel commands.
7.1.1 clrscr Interface Config commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-if)#clrscr RFS7000(config-if)#...
Overview 7.1.2 description Interface Config commands Use this command to create an interface specific desciption. Syntax description Parameters LINE Characters to describe this interface. Example RFS7000(config-if)#description "interface for RetailKing" RFS7000(config-if)#...
7.1.3 duplex Interface Config commands Use this command to configure a duplex type for the interface. NOTE • Duplexity can only be set for an Ethernet type interface. Enter the (config-if) instance using an parameter in an mode. ge/me interface •...
Overview 7.1.4 end Interface Config commands Use this command to exit from the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-if)#end RFS7000#...
7.1.5 exit Interface Config commands Use this command to end the current mode and move down to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-if)#exit RFS7000(config)#...
Overview 7.1.6 help Interface Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-if)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 271
7.1.7 ip Interface Config commands Use this command to configure an IP address for the assigned Ethernet, VLAN or tunnel. Syntax ip(access-group|address|helper-address|nat) ip access-group(<1-99>|<100-199>|<1300-1999>|<2000-2699>)in ip address(A.B.C.D/M|dhcp) ip helper-address A.B.C.D ip nat(inside|outside) Parameters access-group Access group. (<1-99> |<100-199>) IP extended access list. (<1300-1999>|<2000- IP extended access list (expanded range).
7-11 7.1.8 mac Interface Config commands Use this command to apply a MAC access list to a gigabit ethernet interface. NOTE Access list cannot be appllied on a management interface (me1). Syntax mac (access-group <acl_name>) (in) Parameters access-group Sets MAC access groups ACL. <acl_name>...
7-12 Overview 7.1.9 management Interface Config commands Use this command to configure the selected interface as a management interface. Syntax management Parameters None. Usage Guidelines Management privilage can be set only on a L3 interface. Use this command along with the (config) in config mode.
7-13 7.1.10 mtu Interface Config commands Use this command to set the mtu value for a VLAN interface. NOTE This command is valid only with a VLAN interface. Syntax mtu <512-1500> Parameters <512-1500> Maximum packet size in bytes. The minimum value is 512 and maximum value is 1500.
Page 276
7-14 Overview 7.1.11 no Interface Config commands Use this command to negate a command or set defaults. Syntax no [description|duplex|ip|mtu|shutdown| spanning-tree|speed|static-channel-group|switchport|tunnel] Parameters command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated. Example RFS7000(config-if)#no mtu RFS7000(config-if)#...
7-15 7.1.12 port-channel Interface Config commands Use this command to select the load-balance criteria of a aggregated port. This command Syntax port-channel (load-balance [src-dst-ip|src-dst-mac]) Parameters load-balance Sets load-balancing for port channel. [src-dst-ip|src-dst-mac] • src-dst-ip – Source and Destination IP address based load balancing. •...
7-16 Overview 7.1.13 service Interface Config commands Use this command to invoke service commands to trobuleshoot or debug the instance (config-if) configurations. Syntax service(show) (cli) Parameters show Shows running system information. Shows the CLI tree of current mode. Example RFS7000(config-if)#service show cli Interface Config mode: +-cisco-interoperability +-disable [cisco-interoperability ( enable | disable)]...
7-17 7.1.14 show Interface Config commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-if)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 280
7-18 Overview RFS7000(config-if)#show boot Image Build Date Install Date Version ----- -------------------- -------------------- -------------- Primary Aug 28 14:05:16 2006 Aug 29 18:32:17 2006 3.0.0.0-200B Secondary Aug 14 06:18:03 2006 Aug 17 15:08:28 2006 3.0.0.0-180B Current Boot : Primary Next Boot : Primary Software Fallback : Enabled...
7-20 Overview 7.1.15 shutdown Interface Config commands Use this command to shutdown the selected interface. Syntax shutdown Parameters None. Example RFS7000(config-if)#shutdown RFS7000(config-if)#...
7-21 7.1.16 spanning-tree Interface Config commands Use this command to configure spanning tree parameters. Syntax spanning-tree [bpdufilter(enable|disable)|bpduguard (enable|disable)|edgeport|force-version <0-3>|guard (root)|link-type (point-to- point|shared)|mst(<0-15>|port-cisco-interoperability)|portfast] spanning-tree mst [<0-15>(cost <1-200000000>|port-priority <0-240>)| port-cisco-interoperability (disable|enable)] Parameters bpdufilter (disable|enable) Use this command to set a portfast BPDU filter for the port. Use the parameter with this command to revert the port BPDU filter value to default.
Page 284
7-22 Overview mst [<0-15> Configures mst on a spanning tree. (cost <1-200000000>| • <0-15> – Instance ID. port-priority <0-240>)| • cost <1-200000000> – Path cost for a port. port-cisco-interoperability (disable|enable)] • port-priority <0-240> – Port priority for a bridge. • port-cisco-interoperability (disable|enable) – Enables or disables interoperability with Cisco's version of MSTP (which is incompatible with standard MSTP).
7-23 7.1.17 speed Interface Config commands Use this command to configure the speed of the selected interface in Mbps. Syntax speed(10|100|1000|auto) Parameters Forces 10 Mbps operation. Forces 100 Mbps operation. 1000 Forces 1000 Mbps operation. auto Enables AUTO speed configuration. Usage Guidelines Set the interface speed to to detect and use the fastest speed avaiable.
7-24 Overview 7.1.18 static-channel-group Interface Config commands Use this command to to add an interface to a static channel group. Syntax static-channel-group <1-4> Parameters <1-4> Static channel group to associate the link with. Usage Guidelines This command aggregates individual giga port’s into a single aggregate link to provide a larger bandwidth. Static channel group is used to provide additional bandwidth in multiples of 1Gbps on the switch.
7-25 7.1.19 switchport Interface Config commands Use this command to set switching mode characteristics for the selected interface. The mode can be either access or trunk. NOTE The interface earlier configured as a trunk with all VLAN's allowed on it looses its confiugration and has only VLAN 1 set to allowed.
Page 288
7-26 Overview Example RFS7000(config-if)#switchport mode access RFS7000(config-if)#...
7-27 7.1.20 tunnel Interface Config commands Use this command to configure protocol-over-protocol tunneling. Syntax tunnel(destination|source|ttl) tunnel destination A.B.C.D tunnel source A.B.C.D tunnel ttl<1-255> Parameters destination Destination of tunnel packets. source Source of tunnel packets. A.B.C.D Internet Protocol (IP). Sets the time to live interval. <1-255>...
Page 291
spanning tree-mst Instance Use the ) instance to configure the Multi Spanning Tree Protocol (MSTP). Use (config-mst to reach this instance. (config)#spanning-tree mst configuration 8.1 mst Config commands Table 8.1 summarizes the commands. config-mst Table 8.1 MSTP Config Command Summary Command Description Ref.
Overview 8.1.1 clrscr mst Config commands Use this command to clear the display. Syntax clrscr Parameters None. Example RFS7000(config-mst)#clrscr RFS7000(config-mst)#...
8.1.2 end mst Config commands Use this command to end and exit from the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-mst)#end RFS7000#...
Overview 8.1.3 exit mst Config commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-mst)#exit RFS7000(config)#...
8.1.4 help mst Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-mst)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Overview 8.1.5 instance mst Config commands Use this command to associate VLAN(s) with an instance. Syntax instance <1-15> vlan <VLAN_ID> Parameters <1-15> Enters the instance ID to which the VLAN is associated. vlan <VLAN_ID> Enters the VLAN ID for its association with an instance. Usage Guidelines MSTP works based on instances.
8.1.6 name mst Config commands Use this command to set a name for the MST region. Syntax name (region name) Parameters region name MST region name. Example RFS7000(config-mst)#name MyRegion RFS7000(config-mst)#...
Page 298
Overview 8.1.7 no mst Config commands Use this command to negate a command or set defaults. Syntax no [instance|name|revision] Parameters instance Instance. name MST region. revision Revision number for configuration information. Usage Guidelines command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
8.1.8 revision mst Config commands Use this command to configure the revision number of the MST bridge. Syntax revision <0-255> Parameters 0-255 Revision number for configuration information. Example RFS7000(config-mst)#revision 20 RFS7000(config-mst)#...
8-10 Overview 8.1.9 service mst Config commands Use this command to invoke the service commands needed to trobuleshoot or debug instance (config-if) configurations. Syntax service(show) (cli) Parameters show (cli) Shows running system information. • cli – Show CLI tree of current mode. Example RFS7000(config-mst)*#service show cli MSTI configuration mode:...
8-12 Overview 8.1.10 show mst Config commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-mst)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system...
Page 303
8-13 RFS7000(config-mst)#show access-list Extended IP access list 110 permit ip 192.168.1.0/24 192.168.100.0/24 rule-precedence 5 permit ip 192.168.63.0/24 192.168.100.0/24 rule-precedence 63 permit ip 192.168.157.0/24 192.168.100.0/24 rule-precedence 157 RFS7000(config-mst)# RFS7000(config-mst)#show wlan-acl all WLAN port: 102 Inbound IP Access List : 110 Inbound MAC Access List : Outbound IP Access List: Outbound MAC Access List : RFS7000(config-mst)#...
8-14 Overview 8.2 Configuring Interface using MSTP MSTP runs by default. All VLANs are in default instance 0 by default. 1. Use the following command to create a non-default instance and region configuration using the mode. config RFS7000(config-mst)#instance 1 vlan <vlan-id> 2.
Page 305
Extended ACL Instance Use the instance to configure ACLs.. (config-ext-nacl) ip access-list extended 9.1 Extended ACL Config Commands Table 9.1 summarizes the commands. config-ext-nacl Table 9.1 Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen. page 9-2 deny Specifies packets to reject.
Overview 9.1.1 clrscr Extended ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-ext-nacl)#clrscr RFS7000(config-ext-nacl)#...
Page 308
Overview deny {icmp} {source/ Use with command to reject icmp packets. deny source-mask | host source • deny – Action types on an ACL. | any} {destination/ • {icmp} – Specifies icmp as the protocol. destination-mask | host destination | any} [icmp- •...
Page 309
deny {tcp|udp} {source/ Use with command to reject tcp or udp packets. deny source-mask | host source • deny – Action types on an ACL. | any} [operator source- • {tcp|udp} – Specify tcp or udp as protocol. port] {destination/ destination-mask | host •...
Page 310
Overview • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp provies the option of filtering icmp packets based on icmp type and code. NOTE The log option is functional only for router ACL’s. The log option causes an informational logging message about the packet that matches the entry to be sent to the console.
9.1.3 end Extended ACL Config Commands Use this command to end and exit from the current mode and change to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-ext-nacl)#end RFS7000#...
Overview 9.1.4 exit Extended ACL Config Commands Use this command to end current mode and go to the previous mode (GLOBAL-CONFIG). The prompt changes RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-ext-nacl)#exit RFS7000(config)#...
9.1.5 help Extended ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-ext-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
9-10 Overview 9.1.6 mark Extended ACL Config Commands Use this command to mark specific packets. Syntax mark {dot1p <0-7> | tos <0-255>}} {ip} {source/source-mask | host source | any} {destination/destination-mask | host destination | any} [log] [rule-precedence access-list-entry precedence] mark {dot1p <0-7> | tos <0-255>}} {icmp} {source/source-mask | host source | any} {destination/ destination-mask | host destination | any} [icmp-type | [icmp-type icmp-code]] [log] [rule-precedence access-list-entry precedence] mark {dot1p <0-7>...
Page 315
9-11 mark {dot1p <0-7> | tos Use with the command to specify icmp packets as marked. mark <0-255>}} {icmp} • mark {dot1p <0-7> | tos <0-255>} – Action types on an ACL. The action {source/source-mask | type is functional only over a Port ACL. mark host source | any} •...
Page 316
9-12 Overview mark {dot1p <0-7> | tos Use with the command to specify tcp or udp packets as marked. mark <0-255>}} {tcp|udp} • mark {dot1p <0-7> | tos <0-255>} – Action types on an ACL. The action {source/source-mask | type is functional only over a Port ACL.
Page 317
9-13 • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp protocol allow you the option of filtering icmp packets based on icmp type and icmp code. NOTE The log option is functional only for router ACL’s. The log option provides an informational logging message about the packet matching the entry sent to the console.
9-14 Overview 9.1.7 no Extended ACL Config Commands Use this command to negate a command or set its defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark permit commands to configure the Extended ACL. Parameters deny Specifies packets to reject.
9-15 9.1.8 permit Extended ACL Config Commands Use this command to permit specific packets. NOTE ACLs do not allow DHCP messages to flow through by default. Configure an Access Control Entry (ACE) to allow DHCP messages to flow through. RFS7000(config-ext-nacl)#permit ip 192.168.1.0/24 192.168.2.0/24 RFS7000(config-ext-nacl)#permit ip any host 255.255.255.255 RFS7000(config-ext-nacl)# Syntax...
Page 320
9-16 Overview permit {icmp} Use with the command to allow icmp packets. permit {source/source-mask | • permit – Action types on an ACL. host source | any} • {icmp} – Specifies icmp as the protocol. {destination/ destination- mask | host destination | •...
Page 321
9-17 permit{tcp|udp} Use with the command to allow tcp or udp packets. permit {source/source-mask | • permit – Action types on an ACL. host source | any} • {tcp|udp} – Specify tcp or udp as protocol. [operator source-port] {destination/destination- • {source/source-mask | host source | any} – source is the source IP mask | host destination | address of the network or host in dotted decimal.
Page 322
9-18 Overview • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp protocol allow you the option of filtering icmp packets based on icmp type and icmp code. NOTE The log option is functional only for router ACL’s. The log option causes an informational logging message about the packet matching the entry sent to the console.
9-19 9.1.9 service Extended ACL Config Commands Use this command to invoke service commands to troubleshoot or debug instance (config-if) configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the RFS7000 Switch. save-cli Saves the CLI tree for all modes in html format.
9-20 Overview 9.1.10 show Extended ACL Config Commands Use this command to view the current system information. Syntax show <paramater> Parameters Displays all the parameters for which the information can be viewed using the show command. Usage Guidelines command displays all the access lists configured in the switch in the console. show access-list Mention the access list name or number to view the details of a particular ACL.
Page 325
9-21 RFS7000(config-ext-nacl)#show access-list Extended IP access list 101 deny ip 192.168.1.0/24 192.168.2.0/24 rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list 110 deny ip host 192.168.1.95 host 192.168.2.98 log rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list symbol deny tcp 192.168.2.0/24 192.168.1.0/24 rule-precedence 10 permit ip any any rule-precedence 20...
9-22 Overview 9.1.11 terminal Extended ACL Config Commands Use this command to set the length /number of lines displayed on the terminal window. Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. Negates a command or set its defaults. •...
Page 327
Standard ACL Instance Use the instance to configure ACLs. Standard ACLs (config-std-nacl) ip access-list standard allow filtering based on the source address only. 10.1 Standard ACL Config Commands Table 10.1 summarizes commands. config-std-nacl Table 10.1 Extended ACL Config Command Summary Command Description Ref.
10-2 Overview 10.1.1 clrscr Standard ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-std-nacl)#clrscr RFS7000(config-std-nacl)#...
10-3 10.1.2 deny Standard ACL Config Commands Use this command to specify packets to reject. Syntax deny(A.B.C.D/M|any|host) deny any(log|rule-precedence) deny any log(rule-precedence)<1-5000> deny any rule-precedence<1-5000> deny host A.B.C.D Parameters A.B.C.D/M Source IP address range to match. Any source IP address. •...
10-4 Overview 10.1.3 end Standard ACL Config Commands Use this command to exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-std-nacl)#end RFS7000#...
10-5 10.1.4 exit Standard ACL Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-std-nacl)#exit RFS7000(config)#...
10-6 Overview 10.1.5 help Standard ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-std-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
10-7 10.1.6 mark Standard ACL Config Commands Use this command to mark specific packets. Syntax mark(8021.1p<0-7>|tos<0-255>)(A.B.C.D/M|any|host) mark(8021.1p<0-7>|tos<0-255>)any|host(log|rule-precedence<1-5000>| |A.B>C.D) Parameters 8021.1p<0-7>|tos<0-255>) • Specifies .1p priority value between 0 and 7 • Specifies a Type of Service (tos) value between 0 and 255. (A.B.C.D/M|any|host) source is the source IP address of the network or host in dotted decimal format.
Page 334
10-8 Overview 10.1.7 no Standard ACL Config Commands Use this command to negate a command or set its defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark permit commands to configure the Extended ACL. Parameters deny Specifies packets to reject.
10-9 10.1.8 permit Standard ACL Config Commands Use this command to permit specific packets. Syntax permit(A.B.C.D/M|any|host) permit any(log|rule-precedence) permit any log(rule-precedence)<1-5000> permit any rule-precedence<1-5000> permit host A.B.C.D Parameters A.B.C.D/M Source IP address range to match. Any source IP address. • log – Log matches against this entry. •...
10-10 Overview 10.1.9 service Standard ACL Config Commands Use this command to invoke service commands to troubleshoot or debug instance (config-if) configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the switch. save-cli Saves the CLI tree for all modes in html format.
10-11 10.1.10 show Standard ACL Config Commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Usage Guidelines command displays all the access lists configured in the switch in the console. Provide show access-list the access list name or number to view the details of a particular ACL.
Page 338
10-12 Overview RFS7000(config-std-nacl)#show access-list Standard IP access list 1 permit any rule-precedence 10 Extended IP access list 101 deny ip 192.168.1.0/24 192.168.2.0/24 rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list 110 deny ip host 192.168.1.95 host 192.168.2.98 log rule-precedence 10 permit ip any any rule-precedence 20 Standard IP access list moto deny 192.168.1.0/24 rule-precedence 10...
10-13 10.1.11 terminal Standard ACL Config Commands Use this command to set the length /number of lines displayed on the terminal. Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. Negates a command or set its defaults. •...
Extended MAC ACL Instance Use the instance to configure ACLs associated with the (config-ext-macl) mac access-list extended switch. Use decimal value representation of ethertypes to implement packet. The command set permit/deny/mark for Extended MAC ACLs provides hexadecimal values for each of its listed ether types. The switch supports all ethertypes.
Page 342
11-2 Overview 11.1 MAC Extended ACL Config Commands Table 11.1 summarizes the commands. config-ext-macl Table 11.1 Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen. page 11-3 deny Specifies packets to reject. page 11-4 Ends the current mode and moves to the EXEC mode. page 11-6 exit Ends the current mode and moves to the previous mode.
11-3 11.1.1 clrscr MAC Extended ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-ext-macl)#clrscr RFS7000(config-ext-macl)#...
11-4 Overview 11.1.2 deny MAC Extended ACL Config Commands Use this command to specify packets that you want to reject. NOTE Use a decimal value representation of ethertypes to implement a designation for a packet. The command set for Extended permit/deny/mark MAC ACLs provide the hexadecimal values for each listed ether type.
Page 345
11-5 • ip • 802.1q By default, the switch does not allow layer 2 traffic to pass through the interface. To adopt access port through an interface, configure an access control list to allow an ethernet wisp. NOTE A MAC access list entry to allow arp is mandatory to apply an IP based ACL to an interface.
11-6 Overview 11.1.3 end MAC Extended ACL Config Commands Use this command to exit from the current mode and change to PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-ext-macl)#end RFS7000#...
11-7 11.1.4 exit MAC Extended ACL Config Commands Use this command to end current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-ext-macl)#exit RFS7000(config)#...
11-8 Overview 11.1.5 help MAC Extended ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-ext-macl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
11-9 11.1.6 mark MAC Extended ACL Config Commands Use this command to specify a packet to mark. NOTE Use a decimal value representation of ethertypes to implement permit/deny/ designations for a packet. The command set for an Extended MAC ACL mark provides the hexadecimal values for each of its listed ether types.
Page 350
11-10 Overview Usage Guidelines Use the mark option to specify the type of service (tos) and priority value. The tos value is marked in the IP header and the 802.1p priority value is marked in the dot1q frame. Whenever the interface receives the packet, its content is checked against all the ACE’s in the ACL. It is marked based on the ACL configuration.
Page 351
11-11 11.1.7 no MAC Extended ACL Config Commands Use this command to negate a command or set defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinatins that you have used in deny, mark permit to configure the Extended ACL. Parameters deny Specifies packets to reject.
11-12 Overview 11.1.8 permit MAC Extended ACL Config Commands Use this command to specify packets to forward. NOTE Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. The command set an an Extended MAC ACL provides the hexadecimal values for each listed ethertype.
Page 353
11-13 Usage Guidelines When creating a Port ACL, the switch by default does not permit an ethertype WISP. First create a rule to allow WISP to adopt access ports. Use the following CLI command to adopt access ports: permit any any type wisp NOTE Use the following command to attach a MAC access list to a port on a layer 2 interface: mac access-group <acl number/name>...
11-14 Overview 11.1.9 service MAC Extended ACL Config Commands Use this command to invoke service commands to trobuleshoot or debug instance (config-if) configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the switch. save-cli Saves the CLI tree for all modes in html format.
11-15 11.1.10 show MAC Extended ACL Config Commands Use this command to view current system information. Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command. Usage Guidelines command displays the access lists configured for the switch. Provide the access list show access-list name or number to view specific ACL details.
Page 356
11-16 Overview RFS7000(config-ext-macl)#show access-list Extended MAC access list 200 permit any any type arp rule-precedence 10 permit any any type wisp rule-precedence 20 Extended MAC access list 250 deny host 01:02:fe:45:76:89 host 01:02:89:78:78:45 rule-precedence 10 permit any any type arp rule-precedence 20 RFS7000(config-ext-macl)#...
11-17 11.1.11 terminal MAC Extended ACL Config Commands Use this command to set the length or number of lines displayed Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. Negates a command or sets defaults. •...
Page 359
DHCP Instance Use the instance to configure the DHCP server address pool associated the switch. (config-dhcp) 12.1 DHCP Config Commands Table 12.1 summarizes commands. config-std-nacl Table 12.1 Extended ACL Config Command Summary Command Description Ref. address Configures DHCP server include range. page 12-3 bootfile Assigns a boot file name.
Page 360
12-2 Overview Command Description Ref. exit Ends the current mode and moves to the previous mode. page 12-13 hardware- Configures the hardware address using either a dashed or dotted page 12-14 address hexadecimal string. help Describes the interactive help system. page 12-15 host Configures the IP address for the host.
12-3 12.1.1 address DHCP Config Commands Use this command to specify a range of addresses for DHCP network pool. Syntax address (range) (low IP address) (high IP address) Parameters range (low IP address) Use this commnad to add an address range for the DHCP server. (high IP address) •...
12-4 Overview 12.1.2 bootfile DHCP Config Commands Use this command to assign a bootfile name for the DHCP configuration on the network pool. Syntax bootfile <filename> Parameters bootfile <filename> Indicates the boot image for bootp clients. The file name can contain letters, numbers, dots and hyphens.
12-5 12.1.3 client-identifier DHCP Config Commands Use this command to assign a name to the client-identifier. A client identifier is used to reserve an IP address for DHCP clients. Syntax client-identifier <ascii string> Parameters client-identifier To prepend a null character , use at beginning.
12-6 Overview 12.1.4 client-name DHCP Config Commands Use this command to a add client name for the DHCP clients. Syntax client-name <name> Parameters client-name <name> to add a client name. Domain name must not be included. client-name Example RFS7000(config-dhcp)#client-name testpc RFS7000(config-dhcp)#...
12-7 12.1.5 clrscr DHCP Config Commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-dhcp)#clrscr RFS7000(config-dhcp)#...
12-8 Overview 12.1.6 ddns DHCP Config Commands Use this command to configure dynamic DNS parameters like domain name, enabling multi-user class and IP address of the server. Syntax ddns [domainname (name)|multiple-user-class|server (IP address) (IP address)| ttl <1-864000>|update-all] Parameters domainname (name) Sets domain name used for DDNS updates.
12-9 12.1.7 default-router DHCP Config Commands Use this command to configure the default router or gateway IP address for the network pool. To remove the default router list, use the command. no default-router default-router <Router IP address> Parameters default-router Specifies the default router IP address for the network pool. <router IP address>...
12-10 Overview 12.1.8 dns-server DHCP Config Commands Use this command to configure the DNS server’s IP address available to all the DHCP clients connected to the pool. Use the command to remove DNSserver list. no dns-server Syntax dns-server <ip address1> <ip address2> <ip address3> ..<ip address8> Parameters dns-server <IP address>...
12-11 12.1.9 domain-name DHCP Config Commands Use this command to configure the domain name for the network pool. Use the command no domain-name to remove the domain name. Syntax domain-name (name) Parameters domain-name (name) Configures the domain name for the network pool. Usage Guidelines The doamin name can not be more than 256 characters.
12-12 Overview 12.1.10 end DHCP Config Commands Use this command to exit from the current mode and change to PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-dhcp)#end RFS7000#...
12-13 12.1.11 exit DHCP Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config)#ip dhcp pool TestPool RFS7000(config-dhcp)#exit RFS7000(config)#...
12-14 Overview 12.1.12 hardware-address DHCP Config Commands Use this command to reserve IP address (manually) based on a DHCP client’s hardware address. Use the command to remove this form the DHCP pool. hardware-address Syntax hardware-address [XX-XX-XX-XX-XX-XX | XX:XX:XX:XX:XX:XX] Parameters hardware-address Configures the client’s hardware address.
12-15 12.1.13 help DHCP Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-dhcp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
12-16 Overview 12.1.14 host DHCP Config Commands Use this command to configure a fixed IP address for the host in dotted decimal format. Use the no host command to remove the host from the DHCP pool. Syntax host <IP address> Parameters host <IP address>...
12-17 12.1.15 lease DHCP Config Commands Use this command to configure a valid lease time for the IP address used by all DHCP clients in the network pool. Syntax lease [{<0-365> <0-23> <0-59>}|infinite] Parameters lease [ Sets the lease time for IP address. {<0-365>...
12-18 Overview 12.1.16 netbios-name-server DHCP Config Commands Use this command to configure the netbios-name server’s IP address. Syntax netbios-name-server <IP address> Parameters netbios-name-server NetBIOS (WINS) name servers. <IP address> • <IP address> – NetBIOS name server's IP address. Example RFS7000(config-dhcp)#netbios-name-server 2.2.2.222 RFS7000(config-dhcp)#...
12-20 Overview 12.1.18 network DHCP Config Commands Use this command to configure the network pool’s IP address. This will map the current DHCP pool with the specific network. Syntax network [A.B.C.D|A.B.C.D/M] Parameters network Network number and mask. [A.B.C.D|A.B.C.D/M] • A.B.C.D – Network number in dotted decimal format. •...
12-21 12.1.19 next-server DHCP Config Commands Use this command to configure the IP address of the next server in the boot process. Syntax next-server <IP address> Parameters next-server <IP address> Next server in boot process. • <IP address> – Server's IP address. Example RFS7000(config-dhcp)#next-server 2.2.2.22 RFS7000(config-dhcp)#...
Page 380
12-22 Overview 12.1.20 no DHCP Config Commands Use this command to negate a command or set defaults. Syntax no [address|bootfile|client-identifier|client-name|ddns|default-router|dns- server|domain-name|hardware-address|host|lease|netbios-name-server|netbios-node- type|network|next-server|option|update] Parameters The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated. Example RFS7000(config)#no ip dhcp pool hotpool RFS7000(config)#...
12-23 12.1.21 option DHCP Config Commands Use this command to define the raw DHCP option used in DHCP pools. Syntax option (name) Parameters option (name) Raw DHCP options. • (name) – Name of the DHCP option. Usage Guidelines Used to define non standard DHCP options option-code (0-254). Example RFS7000(config)#ip dhcp option option189 189 ascii RFS7000(config)#...
12-24 Overview 12.1.22 service DHCP Config Commands Use this command to invoke service commands to trobuleshoot or debug the instance (config-dhcp) configurations. Syntax service(show) (cli) Parameters show Shows running system information. Shows CLI tree of current mode. Example RFS7000(config-dhcp)#service show cli DHCP Server Config mode: +-address +-range...
12-25 12.1.23 show DHCP Config Commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-dhcp)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 384
12-26 Overview RFS7000(config)#show dhcp config service dhcp ip dhcp option option189 189 ascii ip dhcp pool vlan4 default-router 2.2.2.1 network 4.4.4.0/24 address range 4.4.4.100 4.4.4.200 ip dhcp pool vlan2 ip dhcp pool TestPool lease 200 12 30 domain-name TestDomain bootfile DHCPbootfile netbios-node-type p-node ddns domainname TestDomain address range 1.2.3.2 2.3.2.1...
12-27 12.1.24 update DHCP Config Commands Use this command to control the usage of the DDNS service. Syntax update (dns)(override) Parameters update (dns) (override) Controls the usage of the DDNS service. • (dns) – Dynamic DNS Configuration. • (override) – Enable Dynamic Updates by onboard DHCP Server. Usage Guidelines A DHCP client may not perform updates for RR’s A, TXT and PTR.
12-28 Overview 12.2 Configuring DHCP Server using CLI DHCP configuration is accomplished by creating pools and mapping them to L3 interfaces (SVI). A pool can be configured either as a network pool or host pool. A network pool includes ranges. When the network pool is mapped to a L3 interface, DHCP clients requesting IP from the interface get an IP from the included range.
Page 387
12-29 2. A DHCP reboot is required to implement the configuration made at both levels — the DHCP pool context level and DHCP global context level. The following example defines the need to reboot the DHCP Server to implement changes at the global level: RFS7000(config)#ip dhcp excluded-address 192.168.0.20 192.168.0.30 RFS7000(config)#ip dhcp restart NOTE To avoid multiple e DHCP Server requests, restart the DHCP Server only after...
Page 388
12-30 Overview 11. A pool can be configured as the host pool or network pool, but not both. 12. A host pool can have either configured, but not both. client-identifier hardware-address 13. An excluded address range has higher precedence then an included address range. If a range is part of both an excluded and included address range, it will be excluded.
Page 389
RADIUS Server Instance command takes you to the RADIUS server mode. Local (Onboard) RADIUS server radius-server local configuration commands are listed under this mode. Use the instance to configure local (config-radsrv) RADIUS server parameters. 13.1 RADIUS Configuration Commands Table 13.1 summarizes the Gloabl Config commands.
Page 390
13-2 Overview Command Description Ref. ldap-server LDAP server parameters. page 13-20 RADIUS client. page 13-22 Negates a command or set its defaults. page 13-23 proxy RADIUS proxy server. page 13-24 rad-user RADIUS user configuration. page 13-25 server Configures server certificate parameters. page 13-26 service Service commands.
13-3 13.1.1 authentication RADIUS Configuration Commands Use this command to configure authentication used with RADIUS server. Syntax authentication(data-source|eap-auth-type) authentication data-source(ldap|local) authentication eap-auth-type(all|peap-gtc|peap-mschapv2|tls|ttls-md5| ttls-mschapv2|ttls-pap) Parameters data-source RADIUS data source for user authentication. • ldap – Remote LDAP server. • local – Local user database. eap-auth-type RADIUS EAP and default authentication type configuration.
Page 392
13-4 Overview 13.1.2 ca RADIUS Configuration Commands Use this command to configure CA (Certificate Authority) parameters. Syntax ca trust-point(WORD) Parameters trust-point (WORD) Trust point configuration. • WORD – Existing trust point name. Usage Guidelines Configure the trustpoint used by the local RADIUS server. Create the before it is used by the trustpoint command.
13-5 13.1.3 clrscr RADIUS Configuration Commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-radsrv)#clrscr RFS7000(config-radsrv)#...
13-6 Overview 13.1.4 crl-check RADIUS Configuration Commands Use this command to enable a Certificate Revocation List (CRL) check. To enable the certificate revocation list, ensure is loaded using the command. crl list crypto pki import <trustpoint-name> crl Syntax crl-check Parameters enable Enables a CRL check.
13-7 13.1.5 end RADIUS Configuration Commands Use this command to exit from the current mode and change to the PRIV EXEC mode. The prompt now changes RFS7000# Syntax Parameters None. Example RFS7000(config-radsrv)#end RFS7000#...
13-8 Overview 13.1.6 exit RADIUS Configuration Commands Use this command to exit current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-radsrv)#exit RFS7000(config)#...
13-9 13.1.7 group RADIUS Configuration Commands Use this command to configure RADIUS user groups. The CLI moves to a sub-instance config-radsrv-group to create a new group. The prompt changes from RFS7000(config-radsrv)# RFS7000(config-radsrv-group)#. Table 13.2 summarizes the RADIUS User Group commands within sub-instance.
13-10 Overview 13.1.7.2 end RADIUS Configuration Commands Use this command to exit from the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-radsrv-group)#end RFS7000# 13.1.7.3 exit RADIUS Configuration Commands Use this command to exit the current mode and move to the previous mode ).
13-11 13.1.7.5 guest-group RADIUS Configuration Commands Use this command to manage a guest-user linked with hotspot. Create a guest-user and associate it with the guest-group. The guest-user and the policies of the guest-group is used for hotspot authentication/ authorization. Syntax guest-group Parameters enable...
13-12 Overview Parameters policy RADIUS group access policy configuration. Resets access policy day for this group. time Configures access policy time for this group. vlan VLAN ID for this group. wlan Configures WLAN access policy for this group. <1-32> WLAN Range. Removes allowed WLANs.
Page 401
13-13 Syntax policy(day|time|vlan|wlan) policy day(all|fr|mo|sa|su|th|tu|we|weekdays) ploicy time(start|end)<0-23><0-59> policy vlan<1-4094> Parameters Day of access policy configuration. All days (from Sunday to Saturday). Friday Monday Saturday Sunday Thursday Tuesday Wednesday weekdays Allows access only in week days ( Mo-Fr ). time Configures time of access policy for this group. start Start time.
13-14 Overview 13.1.7.9 rad-user RADIUS Configuration Commands Use this command to add an exisitng RADIUS user to this group.If the RADIUS user is not available in the Onboard RADIUS server’s database, create a new RADIUS user using command from rad-user (config- mode.
13-15 +-mo [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-sa [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-su [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-th [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-tu [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-we [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-weekdays [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-time +-start +-<0-23> +-<0-59> +-end +-<0-23> +-<0-59> [policy time start <0-23> <0-59> end <0-23> <0-59>] -- MORE --, next page: Space, next line: Enter, quit: Control-C RFS7000(config-radsrv-group)# 13.1.7.11 show...
Page 404
13-16 Overview sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters startup-config Contents of startup configuration terminal Display terminal configuration parameters timezone Display timezone upgrade-status Display last image upgrade status users Display information about terminal lines version Display software &...
13-17 13.1.7.12 Example–Creating a Group The use of the sub-instance is explained below: (config-radsrv-group) 1. Create a group called Sales in the local RADIUS Server database. RFS7000(config-radsrv)#group sales 2. Check the RADIUS user group configuration commands. RFS7000(config-radsrv-group)#? Radius user group configuration commands: clrscr Clears the display screen End current mode and change to EXEC mode...
Page 406
13-18 Overview 8. Use to add a realm name. (config-radsrv)#proxy RFS7000(config-radsrv)#proxy realm mydomain.com server 10.10.1.10 port 1812 secret 0 testing 9. Save the changes and restart the RADIUS service. RFS7000(config-radsrv)#service radius restart Sep 08 17:48:04 2006: %PM-5-PROCSTOP: Process "radiusd" has been stopped Sep 08 17:48:05 2006: RADCONF: radius config files generated successfully RFS7000(config-radsrv)#Sep 08 17:48:05 2006: %DAEMON-6-INFO: radiusd[8830]: Ready to process requests.
13-19 13.1.8 help RADIUS Configuration Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-radsrv)#help? help Description of the interactive help system RFS7000(config-radsrv)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
13-20 Overview 13.1.9 ldap-server RADIUS Configuration Commands Use this command to configure LDAP server parameters. It uses the exisitng external database in form of active directory with the onboard RADIUS server instead of loacl database on the switch. Syntax ldap-server[primary|secondary] (host <A.B.C.D>) (port <1-65535>) (login <name>) (bind-dn <name>) (base-dn <name>) (passwd [0|2|WORD]) (passwd- attr0 (group-attr)(group-filter)(group-membership)(net-timeout) Parameters...
13-22 Overview 13.1.10 nas RADIUS Configuration Commands Use this command to configure the RADIUS client. Syntax nas(A.B.C.D/M)key(0|2|LINE) Parameters A.B.C.D/M RADIUS Client IP address. RADIUS Client shared key. Password is specified UNENCRYPTED. Password is encrypted with password-encryption secret. LINE The secret (client shared secret), up to 32 characters. Usage Guidelines Configure the IP address range in network access service (NAS) to service RADIUS access request from clients falling within the range mentioned.
Page 411
13-23 13.1.11 no RADIUS Configuration Commands Use this command to negate a command or set its defaults. Syntax no(authentication|ca|crl-check|group|ldap-server|nas|proxy|rad- user|server|service) Parameters authentication RADIUS authentication. Configures ca certificate parameters. crl-check Certificate Revocation List (CRL) check. group Local RADIUS Server group configuration. ldap-server LDAP server parameters.
13-24 Overview 13.1.12 proxy RADIUS Configuration Commands Use this command to configure a proxy RADIUS server based on the realm/suffix. Syntax proxy(realm|retry-count|retry-delay) proxy relam(WORD)server(A.B.C.D)port(<1024-65535>)secret(0|2|WORD) Parameters realm WORD Realm name is a string of up to 50 characters. • server (A.B.C.D) – Proxy server IP address. •...
13-25 13.1.13 rad-user RADIUS Configuration Commands Use this command to configure RADIUS user parameters. Syntax rad-user(WORD)password(0|2|WORD) (group)(guest)(expiry-time)(expiry-date) (start-time))start-date) Parameters WORD Enter a user name up to 64 characters in length. password(0|2|WORD) RADIUS user password. • 0 – Password is specified as UNENCRYPTED. •...
13-26 Overview 13.1.14 server RADIUS Configuration Commands Use this command to configure server certificate parameters used by RADIUS server. The server certiificate is a part of trustpoint created crypto on page 5-17. Syntax server trust-point Parameters trust-point (WORD) Trust point configuration. •...
13-27 13.1.15 service RADIUS Configuration Commands Use this command to invoke service commands to trobuleshoot or debug instance (config-radsrv) configurations. This command is also used to enable the RADIUS Server. Syntax service (show) (cli) Parameters show (cli) Shows running system information. Example RFS7000(config-radsrv)#service show cli Radius Configuration mode:...
13-28 Overview 13.1.16 show RADIUS Configuration Commands Use this command to view current system information. Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command. Usage Guidelines To view the show command parameters of RADIUS, refer to radius on page 2-51.
Page 417
13-29 RFS7000(config)#show radius trust-point Trust-point Configured For Radius ________________________________ Server Trust-point : tp1 CA Trust-point : default-trustpoint RFS7000(config)#show radius configuration Radius Server Configuration --------------------------- Server Status : enabled Data Source : local RFS7000(config)#...
Wireless Instance Use the instance to configure wireless parameters. (config-wireless) 14.1 Wireless Configuration Commands Table 14.1 summarizes the Global Config commands. Table 14.1 Wireless Configuration Command Summary Command Description Ref. adopt-unconf-radio Adopts a radio even if not configured. The default templates is page 14-3 used for configuration.
Page 420
14-2 Overview Command Description Ref. dhcp-sniff-state Record mobile unit DHCP state information. page 14-10 dot11-shared-key-auth Enables support for 802.11 shared key authentication. page 14-11 Ends the current mode and moves to the EXEC mode. page 14-12 exit Ends the current mode and moves to the previous mode. page 14-13 fix-windows-dhcp Converts Windows DHCP Server responses to...
14-3 14.1.1 adopt-unconf-radio Wireless Configuration Commands Use this command to adopt a radio (even if not yet configured). The default templates is used for configuration. Syntax adopt-unconf-radio Parameters enable Enables the adoption of unconfigured radios. Example RFS7000(config-wireless)#adopt-unconf-radio enable RFS7000(config-wireless)#...
14-4 Overview 14.1.2 adoption-pref-id Wireless Configuration Commands Use this command as a preference identifier for the switch. Radios configured with this preference identifier are more likely to be adopted by this switch. Syntax adoption-pref-id Parameters <1-65535> Select a pref-ID within 1-65535. Example RFS7000(config-wireless)#adoption-pref-id 500 RFS7000(config-wireless)#...
14-5 14.1.3 ap-detection Wireless Configuration Commands Use this command to configure access port detection. Syntax ap-detection [approved|enable|mu-assisted-scan|timeout (approved|unapproved)] ap-detection approved add <1-200> (MAC Address)(SSID) ap-detection mu-assisted-scan(enable|refresh<10-86400>) Parameters approved The approved access port list. • add <1-200> – Adds an entry to the approved access port list. •...
14-6 Overview 14.1.4 broadcast-tx-speed Wireless Configuration Commands Use this command to configure the rate broadcast and multicast traffic must be transmitted between the switch and mobile units. Syntax broadcast-tx-speed(range|throughput) Parameters range Uses the lowest basic rate. Provides maximum range. throughput Uses thhighest be asic rate.
14-7 14.1.5 clrscr Wireless Configuration Commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-wireless)#clrscr RFS7000(config-wireless)#...
14-8 Overview 14.1.6 convert-ap Wireless Configuration Commands Use this command to change an access port’s mode of operation to either sensor or standalone. Syntax convert-ap <1-256>(default|sensor) Parameters Indices of the access port’s to be converted (from the ['show wireless ap' <1-256>...
14-9 14.1.7 country-code Wireless Configuration Commands Use this command to configure the country of operation. This command erases the radio’s existing configuration. Syntax country-code <country-code> Parameters country-code Uses the two letter ISO-3166 country code ("show wireless country-code-list") to view the list of supported countries. Usage Guidelines Use show wireless country code to view the list of supported countries.
14-10 Overview 14.1.8 dhcp-sniff-state Wireless Configuration Commands Use this command to record mobile unit DHCP state information. Syntax dhcp-sniff-state Parameters enable Enables the recording of DHCP state information for mobile units. Example RFS7000(config-wireless)#dhcp-sniff-state enable RFS7000(config-wireless)#...
14-11 14.1.9 dot11-shared-key-auth Wireless Configuration Commands Use this command to enable support for 802.11 shared key authentication. NOTE Shared key authentication has known weaknesses that can compromise your WEP key. It must only be configured to accomodate wireless stations unable to conduct Open System authentication.
14-12 Overview 14.1.10 end Wireless Configuration Commands Use this command to end and exit from the current mode and change to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-wireless)#end RFS7000#...
14-13 14.1.11 exit Wireless Configuration Commands Use this command to exit the current mode and move to the previous mode . The prompt changes to (config) RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-wireless)#exit RFS7000(config)#...
14-14 Overview 14.1.12 fix-windows-dhcp Wireless Configuration Commands Use this command to convert Windows DHCP Server responses to unicast instead of broadcast. Syntax fix-windows-dhcp Parameters enable Enables support for converting Windows DHCP Server responses. Example RFS7000(config-wireless)#fix-windows-dhcp enable RFS7000(config-wireless)#...
14-15 14.1.13 help Wireless Configuration Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-wireless)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
14-16 Overview 14.1.14 ids Wireless Configuration Commands Use this command to configure Intrusion Detection System settings. Syntax ids(anomaly-detection|detect-window|ex-ops) ids anomaly-detection(all|invalid-frame-length|multicast-source| null-destination|same-source-destination|tkip-countermeasures|weak-wep-iv) (enable|filter-ageout) ids detect-window<5-300> ids ex-ops(80211-replay-fails|all|association-requests| authentication-fails|crypto-replay-fails|decryption-fails| disassociations|eap-starts|probe-requests|unassoc-frames) <0-86400> (filter-ageout |threshold(mu|radio|switch)<0-9999>) Parameters anomaly-detection Configures parameters related to the detection of anomalous frames on the RF network.
Page 435
14-17 ex-ops Configures parameters related to the detection of excessive operations on the RF network. • 80211-replay-fails – 802.11 replay check failure. • all – Changes for all types of excessive operations. • association-requests – 802.11 Authentication and Association Requests. •...
14-18 Overview 14.1.15 mac-auth-local Wireless Configuration Commands Use this command to configure local MAC authentication list. Syntax mac-auth-local<1-1000> (allow|deny)(Starting MAC Address)(Ending MAC Address)(range/list of WLAN indicies)WORD Parameters <1-1000> Entry for mac-auth-local allow Allows mobile units that match this rule to associate. deny Denies association to mobile units that match this rule.
14-19 14.1.16 manual-wlan-mapping Wireless Configuration Commands Use this command to manually map/un-map WLANs configured on a radio. Syntax manual-wlan-mapping Parameters enable Enables support for manual WLAN mapping. Example RFS7000(config-wireless)#manual-wlan-mapping enable RFS7000(config-wireless)#...
14-20 Overview 14.1.17 mobile-unit Wireless Configuration Commands Use this command to configure mobile unit related parameters. Syntax mobile-unit (association-history(enable)|probe-history) mobile-unit probe-history (add<1-200> <MAC Address>|enable) Parameters association-history Enables the mobile unit’s association history. • enable – Enables the mobile unit’s association history. probe-history Mobile unit probe logging configuration commands.
14-21 14.1.18 mobility Wireless Configuration Commands Use this command to configure mobility parameters Syntax mobility(enable|local-address|max-roam-period|peer) mobility local-address (IP Address) mobility max-roam-period<1-300> mobililty peer (IP Address) Parameters enable Enables mobility globally. local-address Sets the local address for mobility. • A.B.C.D – IP Address of A.B.C.D format. max-roam-period Sets the maximum roam period for a mobile unit (in seconds).
14-22 Overview 14.1.19 multicast-packet-limit Wireless Configuration Commands Use this command to a configure multicast packet limit per second for VLAN. Syntax multicast-packet-limit <0-128> (<1-4094>|<vlan range>) Parameters <0-128> Multicast packet limit per second. <1-4094> Single VLAN ID (1-4094) that the new limit applies to. <vlan range>...
Page 441
14-23 14.1.20 no Wireless Configuration Commands Use this command to negate a command or set its defaults. Syntax no(adopt-unconf-radio|adoption-pref-id|ap-detection|broadcast-tx-speed|country- code|dhcp-sniff-state|dot11-shared-key-auth|fix-windows-dhcp|ids|mac-auth- local|manual-wlan-mapping|mobile-unit|mobility|oversized-frames|proxy-arp|qos- mapping|radio|self-heal|sensor|service|smart-scan-channels|wlan) Parameters Refer to Table 14.1 on page 14-1 for the parameters negated using the command. Example RFS7000(config-wireless)#no mobility enable RFS7000(config-wireless)#...
14-24 Overview 14.1.21 oversized-frames Wireless Configuration Commands Use this command to use oversized frames for data traffic. Syntax oversized-frames Parameters enable Enables support for oversized frames. Example RFS7000(config-wireless)#oversized-frames enable RFS7000(config-wireless)#...
14-25 14.1.22 proxy-arp Wireless Configuration Commands Use this command to respond to ARP requests on behalf of mobile units. Syntax proxy-arp Parameters enable Enables support for proxy arp. Example RFS7000(config-wireless)#proxy-arp enable RFS7000(config-wireless)#...
14-26 Overview 14.1.23 qos-mapping Wireless Configuration Commands Use this command to configure QoS mappings between wired and wireless domains. Syntax qos-mapping(wired-to-wireless|wireless-to-wired) qos-mapping wired-to-wireless(dot1p<0-7>|dscp<0-63>) (background|best-effort|video|voice) qos-mapping wireless-to-wired(background|best-effort|video|voice) dot1p<0-7> Parameters wired-to-wireless Mappings used while switching wired traffic over the air. • dot1p<0-7> – Configures the mapping of 802.1p tags to access categories.
14-27 14.1.24 radio Wireless Configuration Commands Use this command to configure radio related settings. Syntax radio (<1-4096>|RADIO|add|all-11a|all-11b|all-11bg| configure-8021X|default-11a|default-11b|default-11bg|dns-name) radio<1-4096>(adoption-pref-id|antenna-mode|beacon-interval|bss| cca-level|cca-mode|channel-power|coordinates| copy-config-from|description|detector|dtim-period|enforce-spec-mgmt| location-message|mac|max-mobile-units|mu-power <0-20>| on-channel-scan|reset|reset-ap|rts-threshold|run-acs| self-heal-offset|short-preamble|speed|wmm) radio <1-4096> bss(<1-4>|auto>)WLAN radio <1-4096> channel-power(indoor|outdoor)(<1-200>|acs|random)<4-20> radio <1-4096> coordinates (x coordinates) (y coordinates)(z coordinates) radio <1-4096> copy-config-from(<1-1000>|default-11a|default-11b|default-11bg) radio <1-4096>...
Page 446
14-28 Overview Map wireless LANs to radio BSSID’s. bss (<1-4>|auto) WLAN • <1-4> –The BSS where a wireless lLAN is mapped. • auto – Automatic assignment of BSS. If the user selects wireless lans d the system assigns them to a BSS automatically. •...
Page 447
14-29 Changes the parent (access port) MAC address of the radio. mac (AA-BB-CC-DD-EE-FF) • AA-BB-CC-DD-EE-FF – MAC address in AA-BB-CC-DD-EE-FF format. Maximum number of mobile units allowed to associate. max-mobile-units <1-256> Power adjustment level for mobile units associated with this access port. mu-power <0-20>...
Page 450
14-32 Overview Example RFS7000(config-wireless)#radio 250 bss auto 3-5 RFS7000(config-wireless)# RFS7000(config-wireless)#radio 1 channel-power indoor 1 16 Regulatory parameter values depend on country of operation and radio type. Refer to documentation for more regulatory information RFS7000(config-wireless)# RFS7000(config-wireless)#radio 1 antenna-mode diversity RFS7000(config-wireless)#...
14-33 14.1.25 self-heal Wireless Configuration Commands Use this command to configure self healing. Syntax self-heal(interference-avoidance|neighbor-recovery) self-heal interference-avoidance(enable|hold-time<0-65535>| retries<0.0-15.0>) self-heal neighbor-recovery(action|enable|neighbors|run-neighbor-detect) self-heal neighbor-recovery action(both|none|open-rates|raise-power) radio(<1-4096>|RADIO) self-heal neighbor-recovery neighbors<1-1000>(<1-1000>|RADIO) Parameters Interference avoidance configuration. interference-avoidance Enables/disables interference avoidance. enable The interval (in seconds) to disable interference avoidance after a detection . This hold-time<0-65535>...
Page 452
14-34 Overview Example RFS7000(config-wireless)#self-heal interference-avoidance enable RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal interference-avoidance hold-time 600 RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal neighbor-recovery enable Note: reducing the configured transmit power of radios will ensure that there is room to increase power when a neighbor fails RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal neighbor-recovery neighbors 1 1 RFS7000(config-wireless)#...
14-35 14.1.26 sensor Wireless Configuration Commands Use this command to configure Wireless Intrusion Protection System parameters. Syntax sensor(default-config|vlan) sensor default-config(ip-mode|wips-server-ip) sensor default-config ip-mode(dhcp|static(A.B.C.D/M)(A.B.C.D)) sensor default-config wips-server-ip(primary|secondary)(A.B.C.D) Parameters Default configuration sent to sensors when configured. default-config Configures the IP address mode of the sensors. ip-mode •...
14-36 Overview 14.1.27 service Wireless Configuration Commands Use this command to invoke service commands to troubleshoot or debug the instance (config-wireless) configuration. Syntax service(show|wireless) service show (cli) service show wireless (ap(history)<accessport MAC address> service wireless (clear-ap-log<1-256>|dump-core|dump-state|rate-scale| request-ap-log <1-256>|save-ap-log) Parameters Shows running system information. show Shows CLI tree of current mode.
14-38 Overview 14.1.28 show Wireless Configuration Commands Use this command to view current system information. Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-wireless)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 457
14-39 RFS7000(config-wireless)#show RFS7000(config-wireless)#show wireless AP Number of access-ports adopted Available licenses : 254 Redundancy enabled Redundancy mode : active Radios [indices] Model-Number Adoption- Mode 00-15-70-11-34-82 2 [ 3 4 ] WSAP-5100-100-WW L2 (vlan: 1) 00-A0-F8-EA-4C-99 2 [ 1 2 ] WSAP-5100-100-WW L2 (vlan: 2) RFS7000(config-wireless)#...
14-40 Overview 14.1.29 smart-scan-channels Wireless Configuration Commands Use this command to configure a list of channels used on the network. This list is provided to mobile units that support partial scanning. Syntax smart-scan-channels(11a|11bg)<1-200> Parameters Specifies a channel list for the 5Ghz band used by 802.11a mobile units. Specifies a channel list for the 2.4Ghz band used by 802.11bg mobile units.
14-41 14.1.30 wlan Wireless Configuration Commands Use this command to configure Wireless LAN related commands. Syntax wlan(<1-256>|WLAN) (accounting|answer-bcast-ess|authentication-type| description |dot11i|enable|encryption-type|hotspot|inactivity-timeout|kdc|mobility| mu-mu-disallow|qos|radius|secure-beacon|ssid|symbol-extensions |syslog|tunnel|vlan|wep128|wep64) wlan <1-256> accounting(none|radius|ssyslog) wlan <1-256> authentication-type(eap|hotspot|kerberos|mac-auth|none) wlan <1-256> dot11i(handshake|key|key-rotation|key-rotation-interval| opp-pmk-caching|phrase|pmk-caching|preauthentication|second-key| tkip-cntrmeas-hold-time|wpa2-tkip) wlan <1-256> dot11i handshake timeout<100-5000> retransmit<1-10> wlan <1-256> key(0|2|WORD) wlan <1-256>...
Page 460
14-42 Overview Parameters Select a single WLAN index. You also have the option of selecting a list (1,3,7) [ <1-256> | WLAN] or range (3-7) of WLAN indices. Accounting on this WLAN. accounting (none|radius|syslog) • none – No accounting on this WLAN. •...
Page 461
14-43 dot11i [handshake | key | Modifies tkip/ccmp (802.11i) related parameters. key-rotation | key-rotation- • handshake (timeout <100-5000>) (retransmit<1-10>) – Use a handshake interval | to configure timeout and retransmission. opp-pmk-caching | • timeout<100-5000> – The timeout (in milliseconds) between phrase|pmk-caching | retries.
Page 462
14-44 Overview The encryption type for this WLAN. encryption-type() • ccmp – AES Counter Mode CBC-MAC Protocol (AES-CCM/CCMP). • keyguard – Keyguard-MCM (Mobile Computing Mode). • none – No encryption. • tkip – Enables Temporal Key Integrity Protocol (TKIP). • tkip-ccmp – Enables both tkip and ccmp on this WLAN. •...
Page 463
14-45 Modifies hotspot related parameters. hotspot() • allow (rule index) (IP address) – Modifies hotspot allow-list parameters. Users who have not yet authenticated must be allowed access to these IP addresses. • Rule index – Allow-list Rule index (must be between (1-10). •...
Page 464
14-46 Overview Modifies KDC related parameters. [password (0||LINE) | • password(0|2|LINE) – KDC server password, up to 127 characters. realm (LINE) | server • 0 – Password is specified UNENCRYPTED. (primary|secondary|timeo ut)] auth-port<1-65535> • 2 – Password is encrypted with password-encryption secret. •...
Page 465
14-47 Quality of Service commands. [classification | mcast1 | • classification [background|best-effort|video|voice|wmm] – Select how mcast2 | prioritize-voice | traffic on this WLAN is classified (relative prioritization on the access svp | wmm] port). • background – Traffic on this WLAN is treated as background traffic. •...
Page 466
14-48 Overview • aifsn – (Arbitration Inter Frame Spacing Number) The wait time (in milliSeconds) between data frames derived using AIFSN and the slot-time. • cw – (Contention Window parameters) Wireless stations pick a number between 0 and the minimum contention window to wait before retrying transmissions.
Page 467
14-49 • pap – Password Authentication Protocol. • dscp<0-63> – Specifies a DSCP (Differentiated Services Code Point) v to provide QoS to RADIUS packets. The DSCP value must be between 0-63. • dynamic-authorization (enable) – Configures support for RADIUS dynamic authorization extensions (such as Disconnect Message) and Change-Of-Authorization, as described in RFC 3576.
Page 468
14-50 Overview Do not include the SSID of this WLAN in Beacon frames. secure-beacon The SSID of this WLAN. ssid Enables support for Symbol extensions. symbol-extensions fast- roaming (enable) • fast-roaming (enable) – Enables support for Symbol fast roaming. Syslog Accounting. syslog (accounting) server <IP Address>...
Software type and version number • Motorola responds to calls by email, telephone or fax within the time limits set forth in support agreements. If you purchased your Enterprise Mobility business product from a Motorola business partner, contact that business partner for support.
Page 472
A - 2 RFS7000 Series CLI Reference Guide...
Page 474
MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.com 72E-85984-01 Revision A April 2007...