Page 1 RFS7000 Series RF Switch CLI Reference Guide...
Page 2 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners. © Motorola, Inc. 2007. All rights reserved.
Page 3: About This Guide
Who Should Use this Guide The RFS7000 Series CLI Reference Guide is intended for system administrators responsible for the implementing, configuring, and maintaining the RFS7000 using the switch command line interface (CLI). It also serves as a reference for configuring and modifying most common system settings.
Page 4: Conventions Used In This Guide
RFS7000 Series CLI Reference Guide Table 1 Quick Reference on How This Guide Is Organized (Continued) Chapter Jump to this section if you want to... Chapter 9, “Extended ACL Instance” Summarizes the commands within the RFS7000 Switch CLI. (config-ext-nacl) Chapter 10, “Standard ACL Instance”...
Page 5: Notational Conventions
Notational Conventions The following notational conventions are used in this document: • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related documents. • Bullets (•) indicate: • action items •...
Page 6: General Information
Use the Motorola Support Center as the primary contact for any technical problem, question, or support issue involving Motorola products. Motorola Support Center responds to calls by email, telephone or fax within the time limits set forth in individual contractual...
Page 7 WARRANT THAT YOU HAVE THE AUTHORITY TO BIND THAT COMPANY, PERSON OR ENTITY. 1. LICENSE GRANT. Subject to the terms of this Agreement, Motorola, Inc. and/or its subsidiaries ("Licensor") hereby grants Licensee a limited, personal, non-sublicensable, non transferable, nonexclusive license to use the software that Licensee is about to download or install and the documentation that accompanies it (collectively, the "Software") for Licensee's personal...
Page 8 RFS7000 Series CLI Reference Guide conditions of this EULA. With respect to technical information you provide to Licensor as part of any Support Services, Licensor may use such information for its business purposes, including for product support and development. Licensor will not utilize such technical information in a form that personally identifies Licensee.
Page 9 Rights" as provided for in FAR, 48 CFR 52.227-14 (JUNE 1987) or DFAR, 48 CFR 252.227- 7013 (OCT 1988), as applicable. The "Manufacturer" for purposes of these regulations is Motorola, Inc., One Symbol Plaza, Holtsville, NY 11742. 12. EXPORT RESTRICTIONS. Licensee shall comply with all export laws and restrictions and regulations of the Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control ("OFAC"), or other United States or...
Page 10 RFS7000 Series CLI Reference Guide...
Page 11: Table Of Contents
Contents About This Guide Chapter 1. Introduction CLI Overview............1-1 Getting Context Sensitive Help .
Page 12 RFS7000 Series CLI Reference Guide logging ............2-43 mac .
Page 13 xiii logout ............3-8 page .
Page 14 RFS7000 Series CLI Reference Guide boot............5-13 bridge .
Page 15 Chapter 7. interface Instance Interface Config commands ......... . . 7-1 clrscr .
Page 16 RFS7000 Series CLI Reference Guide service............9-19 show .
Page 17 xvii host ............12-16 lease .
Page 18 RFS7000 Series CLI Reference Guide Chapter 14. Wireless Instance Wireless Configuration Commands ........14-1 adopt-unconf-radio .
Page 19: Chapter 1. Introduction
This chapter describes the basic features of the Motorola CLI and how to use them. Topics covered include an introduction to command modes, navigation and editing features, help features, and command history features.
Page 20 Overview To access commands, enter the PRIV EXEC mode, which is the second level of access for the EXEC mode. In the PRIV EXEC mode, enter any EXEC command. The PRIV EXEC mode is a superset of the USER EXEC mode. Most of the USER EXEC mode commands are one-time commands and are not saved across reboots of the switch.
Page 21: Getting Context Sensitive Help
Table 1.1 CLI Context Hierarchy for RFS7000 User Exec Mode Priv Exec Mode Global Configuration Mode exit interface help kill license logout line mkdir logging more management page ping prompt quit radius-server reload redundancy rename service rmdir show service snmp-server show spanning-tree telnet...
Page 22 Overview Use any of the following commands to get help specific to a command mode, command name, keyword or argument: Command Description (prompt)# help Displays a brief description of the help system. (prompt)# abbreviated-command-entry ? Lists commands in the current mode that begin with a particular character string.
Page 23: Using The No And Default Forms Of Commands
1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g.
Page 24: Using Cli Editing Features And Shortcuts
Overview 1.5 Using CLI Editing Features and Shortcuts A variety of shortcuts and editing features are enabled for the CLI. The following sections describe these features: • Moving the Cursor on the Command Line • Completing a Partial Command Name •...
Page 25: Completing A Partial Command Name
Keystrokes Function Function Details Summary Ctrl-N Gets the next command from history. Esc-C Converts the rest of word to uppercase. Esc-L Converts the rest of word to lowercase. Esc-D Deletes the remainder of word. Ctrl-W Deletes a word up to the cursor. Ctrl-Z Enters the command and retursn to the root prompt.
Page 26: Deleting Entries
Overview 1.5.3 Deleting Entries Use any of the following keystrokes to delete command entries: Keystrokes Purpose Backspace Deletes the character to the left of the cursor. Ctrl-D Deletes the character at the cursor. Ctrl-K Deletes all characters from the cursor to the end of the command line. Ctrl-W Deletes the word up to the cursor.
Page 27: Controlling Capitalization
1.5.7 Controlling Capitalization CLI commands are generally case-insensitive, and are typically in lowercase. To change the capitalization of the commands, use any of the following key sequences: Keystrokes Purpose Esc, C Capitalizes the letters at the right of cursor. Esc, L Changes the letters at the right of cursor to lowercase.
Page 28 1-10 Overview...
Page 29: Common Commands
Common Commands This chapter explains the common CLI commands used amongst the USER EXEC and PRIV EXEC modes. The PRIV EXEC command set contains the commands available in USER EXEC mode, some commands can be entered in either mode. Commands entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands.
Page 30 Overview 2.1 Common Commands Table 2.1 summarizes commands common amongst many switch contexts and instance. Table 2.1 Common commands amongst most contexts Command Description Ref. clrscr Clears the display screen. page 2-3 debug Debugging functions. page 2-4 exit Ends the current mode and moves down to the previous mode. page 2-10 help Describes the interactive help system.
Page 31: Clrscr
2.1.1 clrscr Common Commands Use this command to clear the screen displaying and refresh the prompt (#). Syntax clrscr Parameters None. Example RFS7000#clrscr...
Page 32: Debug
Overview 2.1.2 debug Common Commands Use this command to debug certificate management, ip, mobility and MSTP functionalities. Syntax (User Exec) debug [certmgr (all|error|info)|ip (https|ssh)| mobility (cc|error|forwarding <MAC Address>|mu|packet|peer|system)| mstp (all|cli|packet|protocol|timer)] Syntax (Priv Mode) debug [all|cc|ccstats|certmgr|dhcpsvr|imi|ip|logging|mgmt|mobility|mstp|nsm| pktdrvr|pm|radius|redundancy|securitymgr] Parameters (User Exec) Debugs certificate manager messages. certmgr (all|error|info) •...
Page 33 Parameters (Priv Mode) Enables debugging. Cell controller (wireless) debugging messages. cc [access-port|all|al tap-detect| • access-port – Access port logs. capwap| • all – All modules. cluster|config|dot11|eap| ids|kerberos| • alt – Address lookup logs. l3-mob|media|mobile- • ap-detect – Rogue AP detection logs. unit|radio|radius| •...
Page 34 Overview DHCP Conf Serv er Debugging Messages. dhcpsvr [all|error|info] • all – Traces error and info messages from the DHCP Conf Server. • error – Traces error messages from the DHCP Conf Server. • info – Traces informational messages from the DHCP Conf Server. Integrated Management Interface.
Page 35 L3 Mobility. mobility [all|cc|error|forwarding • all – All debugging (except "forwarding"). <MAC Address>| • cc – ccserver events. mu|packet|peersystem] • error – Error. • forwarding – Dataplane forwarding. • <MAC Address> – MAC address of the mobbile unit. • mu – MU events and state changes. •...
Page 36 Overview RADIUS server debugging messages. radius [all|err|info|warn] • all – Traces all messages from the RADIUS server. • err – Traces error messages from the local RADIUS server. • info – Traces error, warning and informational messages from the RADIUS server.
Page 37 Example RFS7000#debug cc all RFS7000#configure t Enter configuration commands, one per line. End with CNTL/Z. RFS7000(config)#logging console 7 RFS7000(config)#Mar 15 15:41:47 2008: CC: cluster: portal unadopted. portal count now: 7 Mar 15 15:41:47 2008: CC: cluster: tx-to-wccp ap: 4, radio: 7, mu: 0, rogue: 0, sheal: 0, max-ap: 256 Mar 15 15:41:47 2008: CC: cluster: portal unadopted.
Page 38: Exit
2-10 Overview 2.1.3 exit Common Commands Use this command to end the current mode and move to the previous mode. Syntax exit Parameters None. Example RFS7000(config)#exit...
Page 39: Help
2-11 2.1.4 help Common Commands Use this command to get access to the advanced help feature. Use “?” anytime at the command prompt to get access to the help topic. Two styles of help are provided: 1. Full help is available when ready to enter a command argument and describe each possible argument. There is a space between the command and ?, (e.g.
Page 40 2-12 Overview 2.1.5 no Common Commands Use this command to either negate a command or set its defaults. Syntax Parameters None. Example RFS7000(config)#no ? access-list Internet Protocol (IP) autoinstall autoinstall configuration command banner Reset login banner to nothing bridge Bridge group commands country-code Clear the currently configured country code.
Page 41: Service
2-13 2.1.6 service Common Commands Use this command to service/debug the RFS7000 Switch. Syntax (User Exec) service [diag|encrypt|locator|save-cli|show] service diag [enable|identify|limit|period <100-30000>|watchdog] service diag limit [buffer(128|128k|16k|1k|256|2k|32|32k|4k|512|64|64k|8k)<0- 65535> | fan <1-3>|filesys (etc2|flash|var)| inodes (etc2|flash|var)|load (1|15|5)|maxFDs <0-32767>| pkbuffers <0-65535>|procRAM < 0.0-100.0>|ram <0.0-25.0>| routecache <0-65535>|temperature <1-8>] service encrypt (secret)<2>...
Page 42 2-14 Overview Use this parameter to set the file system freespace limit. Select the freespace filesys (etc2|flash|var) limit for the following sub context: • etc2 • flash • ram inodes (etc2|flash|var) File system inode limit. Select the freespace limit for the following sub context: •...
Page 43 2-15 show {cli| Displays the running system information. command-history| • cli – Shows CLI tree of current mode. crash-info| • command-history – Displays a command (except show commands) diag|info|memory| history. process| reboot-history| • crash-info – Displays information about core, panic and access port dump startup-log| files.
Page 44 2-16 Overview Parameters (Priv Exec mode only) clear Resets different functions. [all|aplogs|clitree|cores| • all – Removes all core, dump and panic files. dumps|panics| • aplogs – Removes all ap log files. pm (statistics|sys-restart- count)| • clitree – Removes clitree.html (created by the save-cli command). securitymgr (flows) •...
Page 45 2-17 encrypt (secret) <2> LINE Encrypt passwords with secret phrase, using a SHA256-AES256 type of encryption. securitymgr [dump- Securitymgr parameters. core|enable-http-stats] • dump-core – Create a core file of the securitymgr process. • enable-http-stats – Enable securitymgr HTTP statistics interface. show [cli|command- Displays running system information.
Page 46 2-18 Overview Parameters(Global Config) advanced-vty Enables advanced mode vty interface. dhcp Enables the DHCP server service. password-encryption Encrypts passwords. (secret)2 LINE • secret (2) – Encrypts passwords with secret phrase, using SHA256- AES256 encryption. • LINE – Enter a passphrase for encryption. Process Monitor.
Page 47 2-19 RFS7000#service diag limit buffer ? 128 byte buffer limit 128k 128k byte buffer limit 16k byte buffer limit 1k byte buffer limit 256 byte buffer limit 2k byte buffer limit 32 byte buffer limit 32k byte buffer limit 4k byte buffer limit 512 byte buffer limit 64 byte buffer limit 64k byte buffer limit...
Page 48 2-20 Overview RFS7000#service diag limit ram 20 RFS7000#service diag limit routecache ? <0-65535> limit from 0-65535 RFS7000#service diag limit routecache 10240 RFS7000#service diag limit temperature ? <1-8> temperature sensor number RFS7000#service diag period ? <100-30000> Diagnostics period <100-30000> default 1000 milliseconds RFS7000#service diag period 20000 RFS7000#service save-cli /usr/scripts/genclitree.sh: /usr/scripts/genclitree.sh: 15: eth: not found...
Page 49 2-21 RFS7000>service show crash-info Coredump files: Name Size Date & Time ============================================= imish_8990_200B.core.gz 299.5k Aug 31 23:50 RFS7000> RFS7000>service show info 4.0M out of 4.0M available for logs. 9.7M out of 11.4M available for history. 16.1M out of 18.6M available for crashinfo. List of Files: imish_8990_200B.core.gz 299.5k...
Page 50 2-22 Overview 1676 0.6 logd 1672 0.6 wccpd 1636 0.6 pmd 1636 0.6 stunnel 1370 1512 0.5 sshd 1448 0.5 mobd 1308 0.5 fileXferd....RFS7000> service show reboot-history Configured size of reboot history is 50 Date & Time Event ===================================================== Aug 30 15:32:39 2006 startup Aug 30 15:31:17 2006...
Page 51 2-23 RFS7000> service show upgrade-history Configured size of upgrade history is 50 Date & Time Old Version New Version Status ===================================================================== Aug 29 18:30:43 2006 3.0.0.0-180B 3.0.0.0-200B Successful Aug 17 15:07:03 2006 3.0.0.0-17872X 3.0.0.0-180B Successful Aug 11 19:29:41 2006 3.0.0.0-170B 3.0.0.0-17872X Successful Aug 11 19:28:52 2006 3.0.0.0-170B 3.0.0.0-170B Unable to get update file.
Page 52: Terminal
2-24 Overview 2.1.7 terminal Common Commands Use this command to set the length /number of lines displayed on the terminal window. Syntax terminal[length <0-512>|no(length <0-512>|width)|width <0-512> ] Parameters length Sets the number of lines on a screen. Negates a command or sets its defaults. width Sets the width/number of characters on a screen line.
Page 53: Show
2-25 2.2 show Common Commands This command displays the settings for the specified system component. There are a number of ways to invoke the show command: • Invoked without any arguments, show displays information about the current context. If the current context contains instances, then show command (usually) displays a list of these instances.
Page 54 2-26 Overview Display Description Mode Example Parameters redundancy-history Displays the switch state transition history. Common page 2-54 redundancy- Displays redundancy group members in detail. Common page 2-55 members snmp Displays SNMP engine parameters. Common page 2-56 snmp-server Displays SNMP engine parameters. Common page 2-57 spanning-tree...
Page 55 2-27 Display Description Mode Example Parameters Displays the FTP Server configuration. Privilege/Global page 2-82 Config password- Displays the password’s encryption settings. Privilege/Global page 2-83 encryption Config running-config Displays the current operating configuration. Privilege/Global page 2-84 Config securitymgr Displays debug info for ACL, VPN and NAT. Privilege/Global page 2-87 Config...
Page 56: Autoinstall
2-28 Overview 2.2.1 autoinstall Common to all modes Syntax show autoinstall Parameters None. Example RFS7000>show autoinstall RFS7000>...
Page 57: Banner
2-29 2.2.2 banner Common to all modes Syntax show banner Parameters motd Enters the Message of the Day banner. Example RFS7000>show banner motd Welcome to CLI RFS7000>...
Page 58: Commands
2-30 Overview 2.2.3 commands Common to all modes Syntax RFS7000>show commands Parameters None. Example RFS7000>show commands clear mobility event-log (mobile-unit|peer) clear mobility event-log (mobile-unit|peer) clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all) clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all) clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all) clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all) clear mobility peer-statistics (A.B.C.D|) clear mobility peer-statistics (A.B.C.D|)
Page 59 2-31 no page no service diag enable no service diag period no service diag watchdog no service locator page (exit|logout|quit) show autoinstall show autoinstall status show banner motd show commands show debugging show debugging mstp show environment show history .............(contd) RFS7000>...
Page 60: Debugging
2-32 Overview 2.2.4 debugging Common to all modes Syntax show debugging (mstp) Parameters Displays information related to the Multiple Spanning Tree Protocol (MSTP). mstp Example RFS7000(config)#show debugging mstp MSTP debugging status: RFS7000(config)#...
Page 61: Environment
2-33 2.2.5 environment Common to all modes Syntax show environment Parameters None. Example RFS7000>show environment upwind of CPU temperature : 30.0 C CPU die temperature : 53.0 C left side temperature : 30.0 C by FPGA temperature : 29.0 C front right temperature : 27.0 C front left temperature :...
Page 62: History
2-34 Overview 2.2.6 history Common to all modes Syntax show history Parameters None. Example RFS7000>show history 1 show 2 clrscr 3 enable 4 clrscr 5 configure terminal 6 exit 7 clrscr 8 show history RFS7000>...
Page 63: Interfaces
2-35 2.2.7 interfaces Common to all modes Syntax show interfaces [<name>|fe|ge <1-4>|sa <1-4>| switchport(<name>|fe|ge|sa|tunnel|vlan)|tunnel <1-32>|vlan <1-4094>] Parameters IFNAME Interface name. FastEthernet interface. ge <1-4> GigabitEthernet interface. Select an index value between 1- 4. sa <1- 4> StaticAggregate interface. Select an index value between 1- 4. switchport () Status of Layer2 interfaces.
Page 64 2-36 Overview Speed: Admin Auto, Operational Unknown, Maximum 1G Duplex: Admin Auto, Operational Unknown Active Medium: Unknown Switchport Settings: Mode: Access, Access Vlan: 1 input packets 0, bytes 0, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 0, bytes 0, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 RFS7000(config)#...
Page 65 2-37 2.2.8 ip Common to all modes Syntax show ip [access-group (IFNAME | eth <1-2> | vlan <1-4094>) | access-list |arp | ddns(binding)| dhcp (binding|pool)| dhcp-vendor-options | domain-name | http(secure-server|server)| interface(IFNAME|brief|tunnel|vlan) | name-server | nat (interfaces|translations[inside|outside][destination|source])| route(A.B.C.D|A.B.C.D/M|detail) | routing | ssh | telnet ] show ip access-group (IFNAME|eth <1-2>...
Page 66 2-38 Overview IFNAME Interface name. brief Brief summary of IP status and configuration. tunnel Tunnel interface. vlan VLAN interface. name-server DNS nameservers. nat ( ) Network Address Translation (NAT). • interfaces – NAT Configuration on Interfaces. • translations – NAT translations. •...
Page 67 2-39 vlan1 157.235.208.69(DHCP) vlan3 unassigned administratively down down RFS7000(config)# 2. The above instance may occur when a DHCP interface is disconnected. DHCP is not effected because it runs on a virtual interface and not on the physical interface. In this case, it is the physical interface that is disconnected not the virtual interface.
Page 68 2-40 Overview RFS7000#show ip domain-name IP domain-lookup : Enable Domain Name : symbol.com RFS7000#show ip http server HTTP server: Running Config status: Enabled RFS7000#show ip http secure-server HTTP secure server: Running Config status: Enabled Trustpoint: default-trustpoint RFS7000#show ip interface brief Interface IP-Address Status...
Page 69: Ldap
2-41 2.2.9 ldap Common to all modes Syntax show ldap(configuration(primary|secondary)) Parameters ldap LDAP server. configuration LDAP server configuration parameters. primary Primary LDAP server. secondary Secondary LDAP server. Example RFS7000(config-radsrv)#show ldap configuration LDAP Server Config Details __________________________ Primary LDAP Server configuration IP Address : 10.10.10.1 Port...
Page 70: Licenses
2-42 Overview 2.2.10 licenses Common to all modes Syntax show licenses Parameters None. Example RFS7000(config)#show licenses feature usage license string license value usage 2FFD7fE9 CD016155 14A92C70...
Page 71: Logging
2-43 2.2.11 logging Common to all modes Syntax show logging Parameters None. Example RFS7000(config)#show logging Logging module: enabled Aggregation time: disabled Console logging: level debugging Monitor logging: disabled Buffered logging: level informational Syslog logging: disabled Log Buffer (3840 bytes): Feb 19 22:25:28 2007: %NSM-6-DHCPIP: Interface fe acquired IP address 157.235.208.122/24 via DHCP Feb 19 21:33:09 2007: %KERN-6-INFO: fe: Setting full-duplex based on negotiated link capability..
Page 72: Mac
2-44 Overview 2.2.12 mac Common to all modes Syntax show mac(access-list) Parameters access-list Lists MAC access lists. Example RFS7000(config)#show mac access-list RFS7000(config)#...
Page 73: Mac-Address-Table
2-45 2.2.13 mac-address-table Common to all modes Syntax show mac-address-table Parameters None. Example RFS7000#show mac-address-table bridge VLAN port fwd timeout ifindex 0 0090.2762.c786 1 ifindex 0 0014.85a0.ebc4 1 ifindex 0 0008.7493.8134 1 ifindex 0 0008.c7eb.070b 1 ifindex 0 000d.56d1.742c 1 ifindex 0 000e.0c6e.ade7 1 ifindex 0...
Page 74: Management
2-46 Overview 2.2.14 management Common to all modes Syntax show management Parameters None. Example RFS7000(config)#show management Mgmt Interface: vlan1 Management access permitted via any vlan interface RFS7000(config)#...
Page 75: Mobility
2-47 2.2.15 mobility Common to all modes Syntax show mobility [event-log|forwarding|global|mobile-unit|peer|statistics] show mobility event-log [mobile-unit|peer] show mobility forwarding (AA-BB-CC-DD-EE-FF) show mobility mobile-unit [<AA-BB-CC-DD-EE-FF>|detail] show mobility peer [<A.B.C.D>|detail] show mobility statistics <AA-BB-CC-DD-EE-FF> Parameters event-log Displays mobility event logs . • mobile-unit – MU event logs. •...
Page 76 2-48 Overview 09/14 19:17:52 IP-UPD-MU 00-0f-3d-e9-a6-54 157.235.208.134 157.235.208.16 157.235.208.16 09/14 19:17:51 ADD-MU 00-0f-3d-e9-a6-54 0.0.0.0 157.235.208.16 157.235.208.16 09/14 19:17:51 DEL-MU 00-0f-3d-e9-a6-54 0.0.0.0 157.235.208.16 157.235.208.16 09/14 19:17:50 ADD-MU 00-0f-3d-e9-a6-54 0.0.0.0 157.235.208.16 157.235.208.16 RFS7000>show mobility forwarding Mac-Address IP-Address State Tunnel HS-Vlan RFS7000> RFS7000>show mobility global Mobility Global Parameters Admin-Status : DISABLED...
Page 77: Ntp
2-49 2.2.16 ntp Common to all modes Syntax show ntp (association (detail)|status) Parameters Network time protocol. association NTP associations. detail Displays NTP association details. status Displays NTP status. Example RFS7000>show ntp associations address ref clock when poll reach delay offset disp * master (synced), # master (unsynced), + selected, - candidate, ~ configured RFS7000>(config)#...
Page 78: Privilege
2-50 Overview 2.2.17 privilege Common to all modes Syntax show privilege Parameters None. Example RFS7000>show privilege Current user privilege: superuser RFS7000>...
Page 79: Radius
2-51 2.2.18 radius Common to all modes Syntax show radius [configuration|eap(configuration)|group|nas( A.B.C.D/M)|proxy| rad- user|trust-point] Parameters radius RADIUS configuration commands. configuration RADIUS server configuration parameters. eap (configuration) EAP parameters and configuration. group RADIUS group configuration. nas (A.B.C.D/M) Enter a client IP address and mask. proxy Proxy information.
Page 80: Redundancy-Group
2-52 Overview 2.2.19 redundancy-group Common to all modes Syntax show redundancy-group [config|runtime] Parameters config Displays redundancy group information. runtime Displays runtime redundancy group information. Example RFS7000(config)#show redundancy-group config Redundancy Group Configuration Detail Redundancy Feature : Disabled Redundancy group ID Redundancy Mode : Primary Redundancy Interface IP : 0.0.0.0...
Page 81 2-53 Redundancy Group Runtime Information Redundancy Protocol Version : 2.0 Redundancy Group License Cluster AP Adoption Count : Not Applicable Switch AP Adoption Count : Not Applicable Redundancy State : Disabled Radio Portals adopted by Group : Not Applicable Radio Portals adopted by this Switch : Not Applicable Rogue APs detected in this Group : Not Applicable Rogue APs detected by this Switch...
Page 82: Redundancy-History
2-54 Overview 2.2.20 redundancy-history Common to all modes Syntax show redundancy-history Parameters None. Example RFS7000>show redundancy-history State Transition History Time Event Triggered State --------------------------------------------------------- Sep 06 18:20:56 2006 Redundancy Disabled Disabled RFS7000>...
Page 83: Redundancy-Members
2-55 2.2.21 redundancy-members Common to all modes Syntax show redundancy-members (A.B.C.D) Parameters A.B.C.D IP address of the member switch. Example RFS7000(config)#show redundancy-members brief Member ID (Self) : 10.10.10.10 Member State : Not Applicable Member ID : 10.10.10.1 Member State : Peer Configured...
Page 84: Snmp
2-56 Overview 2.2.22 snmp Common to all modes Syntax show snmp [user(snmpmanager|snmpoperator|snmptrap)] Parameters user Displays the SNMP user. snmpmanager Shows manager information. snmpoperator Shows operator information. snmptrap Shows trap information. Example RFS7000(config)#show snmp user snmpmanager userName access engineId Authentication Encryption snmpmanager 80000184806b8b456745a3cccc RFS7000(config)#...
Page 85: Snmp-Server
2-57 2.2.23 snmp-server Common to all modes Syntax show snmp-server[traps(wireless-statistics( mobile-unit | radio | wireless-switch | wlan))] Parameters traps Displays trap enabled flags. wireless-statistics Displays wireless-stats rate traps. mobile-unit Displays mobile unit rate traps. radio Displays radio rate traps. wireless-switch Displays switch rate traps.
Page 86 2-58 Overview tput-greater-than disabled avg-bit-speed-less-than disabled avg-signal-less-than disabled nu-percent-greater-than disabled gave-up-percent-greater-than disabled avg-retry-greater-than disabled undecrypt-percent-greater-than disabled RFS7000> RFS7000>show snmp-server traps wireless-statistics radio pktsps-greater-than disabled tput-greater-than disabled avg-bit-speed-less-than disabled avg-signal-less-than disabled nu-percent-greater-than disabled gave-up-percent-greater-than disabled avg-retry-greater-than disabled undecrypt-percent-greater-than disabled num-stations-greater-than disabled RFS7000>...
Page 87: Spanning-Tree
2-59 2.2.24 spanning-tree Common to all modes Syntax show spanning-tree mst [config|detail (interface){<IF Name>|fe|ge <1-4>|sa <1-4>|tunnel <1-32> |vlan <1- 4094>}|instance <1-15>(interface){<IF Name>|fe|ge <1-4>|sa <1-4>|tunnel <1-32> |vlan <1-4094>}] Parameters config Displays MSTP configuration information. detail (interface) Displays detailed interface information. {<IF Name>|fe|ge <1-4>| •...
Page 88 2-60 Overview ge1: Configured Path Cost 200000 - Add type Explicit ref count 1 ge1: Designated Port Id 87d1 - CST Priority 128 ge1: CIST Root 800000157037fbef ge1: Regional Root 800000157037fbef ge1: Designated Bridge 800000157037fbef ge1: Message Age 0 - Max Age 20 ge1: CIST Hello Time 2 - Forward Delay 15 ge1: CIST Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0 ge1: Version Multiple Spanning Tree Protocol - Received None - Send MSTP...
Page 89: Static-Channel-Group
2-61 2.2.25 static-channel-group Common to all modes Syntax show static-channel-group Parameters None. Example RFS7000>show static-channel-group RFS7000>...
Page 90: Terminal
2-62 Overview 2.2.26 terminal Common to all modes Syntax show terminal Parameters None. Example RFS7000(config)#show terminal Terminal Type: vt102 Length: 42 Width: 125 RFS7000(config)#...
Page 91: Timezone
2-63 2.2.27 timezone Common to all modes Syntax show timezone Parameters None. Example RFS7000>show timezone Timezone is Etc/UTC RFS7000>...
Page 92: Users
2-64 Overview 2.2.28 users Common to all modes Syntax show users Parameters None. Example RFS7000(config)#show users Line User Uptime Location 0 con 0 1003 admin 11:38m ttyS0 130 vty 0 27693 admin 10:21m RFS7000(config)#...
Page 93: Version
2-65 2.2.29 version Common to all modes Syntax show version (verbose) Parameters verbose Displays software and hardware details. Example RFS7000(config)#show version RFS7000 version 1.0.0.0-228D MIB=01a Copyright (c) 2006 Symbol Technologies, Inc. Booted from primary. Switch uptime is 0 days, 5 hours 50 minutes CPU is RMI Phoenix V0.4 255188 kB of on-board RAM RFS7000(config)#...
Page 94: Wireless
2-66 Overview 2.2.30 wireless Common to all modes Syntax show wireless [ap (<1-48>|AA-BB-CC-DD-EE-FF)| ap-detection-config | ap-images | ap-unadopted | approved-aps | channel-power(11a {indoor|outdoor}|11b {indoor|outdoor}| 11bg {indoor|outdoor})| config | hotspot-config <1-32>| ids (filter-list)| mac-auth-local<1-1000> | mobile-unit (<1-4096>|AA-BB-CC-DD-EE-FF| association-history <MAC address>| probe-history [<1-200>|config-list]| radio <1-4096>| statistics|wlan) phrase-to-key (wep128 | wep64)| qos-mapping (wired-to-wireless | wireless-to-wired)|...
Page 95 2-67 Parameters Status of adopted access port. <1-48> The index of the access port. AA-BB-CC-DD-EE-FF The MAC address of a access port. ap-detection-config Detected AP configuration parameters. ap-images Lists the access port images on the switch. ap-unadopted Lists unadopted access ports. approved-aps Approved APs seen by access port scans.
Page 96 2-68 Overview statistics Mobile unit rf statistics. wlan <wlan_range> Show mobile units associated to this WLAN. • <wlan_range> – A WLAN index between 1 to 256. phrase-to-key Displays the WEP keys generated by a passphrase. wep128 Displays WEP128 keys. wep64 Displays WEP64 keys.
Page 97 2-69 wlan Wireless LAN related parameters. config WLAN configuration. <1-256> A WLAN index <1-256>. All WLANs in configuration. enabled Only WLANs currently enabled. statistics WLAN statistics. <1-256> A WLAN index <1-256>. Example RFS7000>show wireless ap Number of access-ports adopted Available licenses Clustering enabled Clustering mode : primary...
Page 98 2-70 Overview RFS7000>show wireless hotspot-config WLAN: 1 status: disabled description: WLAN1 ssid: 101 Page-Location: simple Internal Pages Page-type : login Title : Login Page Header : Network Login Description : Please enter your username and password Footer : Contact the network administrator if you do not have an account Image URL main: Image URL small: Page-type : welcome...
Page 99 2-71 eap-starts disabled 60 Sec null-destination disabled 60 Sec same-source-destination disabled 60 Sec multicast-source disabled 60 Sec weak-wep-iv disabled 60 Sec tkip-countermeasures disabled 60 Sec invalid-frame-length disabled 60 Sec RFS7000> RFS7000>show wireless mac-auth-local 50 RFS7000> RFS7000>show wireless mobile-unit statistics % Error: None of the mobile-units are associated!!
Page 100: Wlan-Acl
2-72 Overview 2.2.31 wlan-acl Common to all modes Syntax show wlan-acl [<1-256>|all] Parameters <1-256> Displays ACLs attached to the specified WLAN ID. Displays ACLs attached to the WLAN port. Example RFS7000>show wlan-acl 200 WLAN port: 200 Inbound IP Access List Inbound MAC Access List Outbound IP Access List Outbound MAC Access List :...
Page 101: Access-List
2-73 2.2.32 access-list Priviledge / Global Config This command lists all the access lists (numbered and named) configured on the switch. The numbered access list displays all numbered ACLs. The named access-list displays the details of the name ACL. Syntax show access-list show access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD) Show access-list <acl-name>...
Page 102: Aclstats
2-74 Overview 2.2.33 aclstats Priviledge / Global Config This command displays the statisitcs of all the access lists configured on the switch. Syntax aclstats [<name>|fe|ge <1-4>|sa <1-4>|tunnel <1-32>|vlan <1-4094>] Parameters IFNAME Interface name. FastEthernet interface. ge <1-4> GigabitEthernet interface. Select an index value between 1-4. sa <1- 4>...
Page 103: Alarm-Log
2-75 2.2.34 alarm-log Priviledge / Global Config Syntax show alarm-log ( <1-65535>| acknowledged | all | count | new | severity-to-limit( critical |informational | major | normal | warning)) Parameters <1-65535> Displays details for specific alarm Id. acknowledged Displays acknowledged alarms currently in the system. Displays all alarms currently in the system.
Page 104: Boot
2-76 Overview 2.2.35 boot Priviledge / Global Config Syntax show boot Parameters None. Example RFS7000#show boot Image Build Date Install Date Version ----- -------------------- -------------------- -------------- Primary Feb 05 20:27:25 2007 Feb 13 19:29:28 2007 1.0.0.0-228D Secondary Jan 19 06:41:09 2007 Jan 23 20:14:19 2007 1.0.0.0-200D Current Boot...
Page 105: Clock
2-77 2.2.36 clock Priviledge / Global Config Syntax show clock Parameters None. Example RFS7000#show clock Sep 13 16:46:27 UTC 2006 RFS7000#...
Page 106: Debugging
2-78 Overview 2.2.37 debugging Priviledge / Global Config Syntax show debugging (mstp) Parameters mstp Displays MSTP debugging information. Example RFS7000#show debugging mstp MSTP debugging status: MSTP all debugging is on RFS7000#show debugging mstp MSTP debugging status: MSTP all debugging is on RFS7000#...
Page 107: Dhcp
2-79 2.2.38 dhcp Priviledge / Global Config Use this command to display DHCP Server configurations. Syntax show dhcp [config|status] Parameters config Displays DHCP server configuration. status Displays whether the DHCP server is running or not. Example RFS7000#show dhcp config service dhcp ip dhcp pool vlan63 default-router 192.168.157.2 network 192.168.63.0/24...
Page 108: Environment
2-80 Overview 2.2.39 environment Privilege / Global Config Syntax show environment Parameters None. Example RFS7000#show environment upwind of CPU temperature : 33.0 C CPU die temperature : 62.0 C left side temperature : 31.0 C by FPGA temperature : 30.0 C front right temperature : 28.0 C front left temperature :...
Page 109: File
2-81 2.2.40 file Privilege / Global Config Syntax show file (information (FILE)| systems) Parameters information (FILE) Displays information on FILE. systems Lists filesystems. Example RFS7000(config)#show file systems File Systems: Size(b) Free(b) Type Prefix opaque system: 10485760 9912320 flash nvram: 20971520 19742720 flash flash:...
Page 110: Ftp
2-82 Overview 2.2.41 ftp Privilege / Global Config Syntax show ftp Parameters None. Example RFS7000#show ftp FTP Server: Disabled User Name: anonymous or ftpuser Password: ******** Root dir: flash:/ RFS7000#...
Page 111: Password-Encryption
2-83 2.2.42 password-encryption Priviledge / Global Config Syntax show password-encryption (status) Parameters status Displays password-encryption status. Example RFS7000#show password-encryption status Password encryption is disabled RFS7000#...
Page 112: Running-Config
2-84 Overview 2.2.43 running-config Privilege / Global Config Displays the contents of the configuration file for the switch, including all configured MAC and IP access lists and access groups applied to an interface. Syntax show running-config(full|include-factory) Parameters full Full configuration. include-factory Includes factory defaults.
Page 113 2-85 switchport access vlan 1 interface sa2 mtu 0 switchport access vlan 1 shutdown no multicast interface tunnel27 no ip address interface vlan1 ip address dhcp interface vlan400 no ip address ip route 157.235.0.0/16 157.235.208.246 aaa authentication login default local none line con 0 line vty 0 24 RFS7000(config)#...
Page 114 2-86 Overview logging host 0.0.0.0 logging host 0.0.0.0 logging host 0.0.0.0 no logging syslog logging on snmp-server community public snmp-server community private snmp-server location snmp-server contact snmp-server sysname RFS7000 snmp-server manager v2 snmp-server manager v3 snmp-server user snmptrap v3 encrypted auth md5 0x218d29df4dfde16bdec86f22cb11bc1a snmp-server user snmpmanager v3 encrypted auth md5 0x218d29df4dfde16bdec86f22cb11bc1a...
Page 115: Securitymgr
2-87 2.2.44 securitymgr Privilege / Global Config Syntax show securitymgr(event-logs) Parameters event-logs Displays securitymgr event logs. Example RFS7000#show securitymgr event-logs ======================== Event Logs ======================== 1> Tue Mar 13 2007 19:15:55: CORRUPT_PACKET: source vlan200: udp: Src 157.235.188.241: Dst 157.235.188.255: Src Port 137: Dst Port 137: IP TTL less than required: traceroute RFS7000#...
Page 116: Sessions
2-88 Overview 2.2.45 sessions Privilege / Global Config Syntax show sessions Parameters None. Example RFS7000(config)#show sessions SESSION USER LOCATION IDLE START TIME Console 10:18m Feb 19 13:31:42 2007 ** 2 xxx.xxx.xxx.xxx 00:00m Feb 19 14:48:24 2007 RFS7000(config)#...
Page 117: Spanning-Tree
2-89 2.2.46 spanning-tree Privilege / Global Config Use this command to display spanning tree information. Syntax show spanning-tree (mst)[config|detail|instance] Parameters Displays MST information. • config – Displays configuration information. • detail – Displays detailed information. • instance – Displays instance information. Example RFS7000(config)#show spanning-tree mst detail % Bridge up - Spanning Tree Enabled...
Page 118 2-90 Overview ge4: Designated Port Id 0 - CST Priority 128 ge4: CIST Root 0000000000000000 ge4: Regional Root 0000000000000000 ge4: Designated Bridge 0000000000000000 ge4: Message Age 0 - Max Age 0 ge4: CIST Hello Time 0 - Forward Delay 0 ge4: CIST Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0 ge4: Version Multiple Spanning Tree Protocol - Received None - Send STP ge4: No portfast configured - Current...
Page 119 2-91 sa2: Version Multiple Spanning Tree Protocol - Received None - Send STP sa2: No portfast configured - Current portfast off sa2: portfast bpdu-guard default - Current portfast bpdu-guard off sa2: portfast bpdu-filter default - Current portfast bpdu-filter on sa2: no root guard configured - Current root guard off sa2: Configured Link Type point-to-point - Current shared...
Page 120 2-92 Overview ge1: no root guard configured - Current root guard off ge1: Configured Link Type point-to-point - Current shared RFS7000(config)#...
Page 121: Startup-Config
2-93 2.2.47 startup-config Privilege / Global Config Syntax show startup-config Parameters None. Example RFS7000#show startup-config ! configuration of RFS7000 version 1.0.0.0-228D! version 1.0 service prompt crash-info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser spanning-tree mst config bridge region My Name no country-code logging console 7 snmp-server manager v2...
Page 122: Static-Channel-Group
2-94 Overview 2.2.48 static-channel-group Privilege / Global Config Use the privileged EXEC command to display configured static channel groups. show static-channel-group Syntax show static-channel-group Parameters None. Example RFS7000(config)#show static-channel-group % Static Aggregator: sa2 % Member: RFS7000(config)#...
Page 123: Upgrade-Status
2-95 2.2.49 upgrade-status Privilege / Global Config Syntax show upgrade-status(detail) Parameters detail Last image upgrade log. Example RFS7000#show upgrade-status detail Last Image Upgrade Status : Successful Last Image Upgrade Time : Tue Aug 29 18:32:17 2006 -------------------------------------------------------- var2 is 10 percent full /tmp is 5 percent full Free Memory 151944 kB FWU invoked via Linux shell...
Page 124: Wlan-Acl
2-96 Overview 2.2.50 wlan-acl Privilege / Global Config Syntax show wlan-acl [<1-256>|all] <1-256> Displays ACLs attached to the specified WLAN ID. Displays ACLs attached to WLAN port. Example RFS7000(config)#show wlan-acl 102 WLAN port: 102 Inbound IP Access List : 110 Inbound MAC Access List : Outbound IP Access List: Outbound MAC Access List :...
Page 125: User Exec Commands
User Exec Commands Logging in to the switch places you within the USER EXEC command mode. Typically, a log-in requires a user name and a password. You have three attempts to enter a password correctly before a connection attempt is refused.The USER EXEC commands available at the user level are a subset of those available at the privileged level.
Page 126 Overview 3.1 User Exec Commands Table 3.1 summarizes User Exec commands. Table 3.1 User Exec commands Summary Command Description Ref. clear Resets the command to previous configuration. page 3-3 clrscr Clears the display screen. page 2-3 cluster-cli Cluster context. page 3-4 debug Debugging functions.
Page 127: Clear
3.1.1 clear User Exec Commands Use this command to reset the command to previous configuration. Syntax clear (mobility|spanning-tree) clear mobility(event-log|mobile-unit|peer-statistics) clear mobility event-log(mobile-unit|peer) clear spanning-tree (detected)(protocols)(bridge|interface) Parameters mobility Clears mobility attributes. event-log Clears mobility attirbutes from event log of: • mobile-unit – Mobile unit event-logs. •...
Page 128: Cluster-Cli
Overview 3.1.2 cluster-cli User Exec Commands Use this command to cluster all the CLI pertaining to the context it appears in. This feature is useful to configure each switch in the cluster by logging in to one switch which participates in the cluster. This eliminates the administrator time and effort N-1 times if there are N switches in the cluster.
Page 129: Debug
3.1.3 debug User Exec Commands Use this command to debug the switch. Syntax debug (certmgr(all|err|info)| ip(https|ssh)| mobility(cc|error|forwarding|mu|packet|peer|system)| mstp(all|cli|packet(rx|tx)|protocol (detail)|timer (detail)) Parameters certmgr Certificate manager debugging messages. ip ( ) Internet Protocol (IP). • https – Secure HTTP (HTTPS) server. • ssh – Secured SHell (SSH) server. mobility ( ) L3 Mobility •...
Page 130: Disable
Overview 3.1.4 disable User Exec Commands Enable the PRIV mode to use this command. Then, use the command to exit the PRIV mode. disable Syntax disable Parameters None. Example RFS7000>disable RFS7000>...
Page 131: Enable
3.1.5 enable User Exec Commands Use this command to enter the PRIV mode. Syntax enable Parameters None. Example RFS7000>enable...
Page 132: Logout
Overview 3.1.6 logout User Exec Commands Use this command instead of command to exit the EXEC mode. exit Syntax logout Parameters None. Example The RFS7000 Series Switch logs off on execution of this command.
Page 133 3.1.7 page User Exec Commands Use this command to toggle paging. Enabling this command displays the CLI command output page by page, instead of running the entire output at once. Syntax page Parameters None. Example RFS7000>page ? <cr> RFS7000>page RFS7000>enable RFS7000#show running-config ! configuration of RFS7000 version 1.0.0.0-280D! version 1.0...
Page 134: Quit
3-10 Overview 3.1.8 quit User Exec Commands Use this command to exit the current mode, and move back down to the previous mode. Syntax quit Parameters None. Example The switch logs off upon execution of this command.
Page 135: Show
3-11 3.1.9 show User Exec Commands Use this command to exit the current mode and go down to previous mode. Syntax show Parameters autoinstall Displays the autoinstall configuration. banner Displays the “Message of the Day Login” banner. commands Displays command lists. debugging Displays debugging information outputs.
Page 136 3-12 Overview version Displays the software and hardware version. wireless Displays wireless configuration commands. wlan-acl Displays WLAN based ACL information. Example RFS7000>show autoinstall feature enabled config --not-set-- cluster cfg --not-set-- image --not-set-- expected image version --not-set-- RFS7000> RFS7000>show commands clear mobility event-log (mobile-unit|peer) clear mobility event-log (mobile-unit|peer) clear mobility mobile-unit (AA-BB-CC-DD-EE-FF|home-database|foreign- database|all)
Page 137 3-13 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 Interface vlan1 Hardware Type VLAN, Interface Mode Layer 3, address is 00-15-70-37-fc-8f index=5, metric=1, mtu=1500, (PAL-IF) <UP,BROADCAST,RUNNING,MULTICAST> input packets 0, bytes 0, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 1375, bytes 475750, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0...
Page 138 3-14 Overview Log Buffer (3552 bytes): Feb 16 18:38:03 2007: %IMI-5-USERAUTHSUCCESS: User 'admin' logged in with role of ' superuser' from auth source 'local' Feb 16 18:37:58 2007: %AUTH-6-INFO: login[20553]: root login on `pts/0' from `157.235.206.225' Feb 16 18:14:32 2007: %USER-0-EMERG: WIOS_CCSERVER[1018]: ccsrvr is creating core on users request Feb 16 18:14:25 2007: %DIAG-6-FREERAMDISK: Free /var file system space, 0.0% is...
Page 139: Chapter 4. Privileged Exec Commands
Privileged Exec Commands Most PRIV EXEC mode commands set operating parameters. Privileged-level access must be password protected to prevent unauthorized use. The PRIV EXEC command set includes those commands contained in USER EXEC mode. The PRIV EXEC mode also provides access to configuration modes using the configure command, and includes advanced testing commands.
Page 140 Overview 4.1 Priv Exec Command Table 4.1 summarizes the Priv Exec commands. Table 4.1 Priv Exec Command Summary Command Description Ref. acknowledge Acknowledges alarms. page 4-4 archive Manages archive files. page 4-5 Changes the current directory. page 4-6 change-passwd Changes the password of the logged in user. page 4-7 clear Reset function.
Page 141 Command Description Ref. ping Sends an ICMP echo message. page 4-28 Displays the current directory. page 4-29 quit Exits the current mode and moves down to the previous mode. page 4-30 reload Halts the switch and performs a warm reboot. page 4-31 rename Renames a file.
Page 142: Priv Exec Command
Overview 4.1.1 acknowledge Priv Exec Command Use this command to acknowledge alarms. Syntax acknowledge alarm-log [<1-65535> | all] Parameters alarm-log Acknowledge an alarm. • <1-65535> – Acknowledges specific alarm id. • all – Acknowledges all alarms. Example RFS7000#acknowledge alarm-log all No corresponding record found in the Alarm Log.
Page 143: Archive
4.1.2 archive Priv Exec Command Use this command to manage archive files. Syntax archive tar /table [FILE|URL] archive tar /create [FILE|URL] FILE archive tar /xtract [FILE|URL] DIR Parameters Manipulates (creates, lists or extracts) a tar file. /table Lists files in a tar file. /create Creates a tar file.
Page 144 Overview 4.1.3 cd Priv Exec Command Use this command to change the current directory. Syntax cd [DIR|] Parameters Changes the current directory to DIR. Example RFS7000#cd nvram:/ system:/ flash:/ RFS7000#cd flash:/? Change current directory to DIR RFS7000#cd flash:/ flash:/backup/ flash:/crashinfo/ flash:/hotspot/ flash:/log/ flash:/out/...
Page 145: Change-Passwd
4.1.4 change-passwd Priv Exec Command Use this command to change the password of the logged in user. Syntax change-passwd Parameters None. Usage Guidelines A password must be between 8 to 32 characters in length. For safety reasons, the console does not display the user entered key words (refer example) for the fields.
Page 146: Clear
Overview 4.1.5 clear Priv Exec Command Use this command to reset the current context. Syntax clear [alarm-log|arp-cache|ip|logging|mac|mobility|spanning-tree] clear alarm-log (<1-65535>|acknowledge|all|new) clear ip(dhcp(binding)[*|A.B.C.D]) clear mac (address-table) [dynamic|multicast|static] [address|bridge <1-32>|interface|vlan <1-4094>] clear mobility [event-log (mobile-unit|peer)| mobile-unit (<MAC Address >|all|foreign-database|home-database)| peer-statistics <Peer IP Address>] clear spanning-tree (detected)[bridge|interface(name)] Parameters alarm-log...
Page 147 mobility [event-log Clear mobility attributes. (mobile-unit|peer)| • event-log – Clears all event logs. mobile-unit (<MAC • mobile-unit – Mobile unit event logs. Address >|all|foreign- database|home- • peer – Peer event logs. database)| • mobile-unit – Clears a mobile unit. peer-statistics <Peer IP •...
Page 148: Clock
4-10 Overview 4.1.6 clock Priv Exec Command Use this command to configure the software system clock. Syntax clock set HH:MM:SS [1-31] MONTH [1993-2035] Parameters Sets the system date and time. Example RFS7000#clock set 15:10:30 08 Sep 2006 RFS7000#show clock Sep 08 15:10:31 UTC 2006...
Page 149: Cluster-Cli
4-11 4.1.7 cluster-cli Priv Exec Command Use this command to cluster all the CLI pertaining to the context it appears in. This feature is useful to configure each switch in the cluster by logging in to one participating switch. This eliminates administrator time and effort, as one switch configuration can represent the entire cluster.
Page 150: Configure
4-12 Overview 4.1.8 configure Priv Exec Command Use this command to move into the configuration mode. Syntax configure terminal Parameters terminal Configures from the terminal. Example RFS7000#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RFS7000(config)#...
Page 151: Copy
4-13 4.1.9 copy Priv Exec Command Use this command to copy any file (config,log,txt ...etc) from any location to the switch and vice-versa. NOTE Copying a new config file onto an exisitng running-config file merges it with the existing running-config on the switch. Both, the exisitng running-config and the new config file parameters are applied as the current running-config of the switch.
Page 152: Debug
4-14 Overview 4.1.10 debug Priv Exec Command Use this command for debugging purposes. This command is also used to debug various features. Syntax debug all debug cc [access-port|all|alt|ap-detect|capwap|cluster| config|dot11|eap|ids|kerberos|l3-mob|media|mobile-unit|radio| radius|self-heal|snmp|system|wips|wisp] debug ccstats <CCStats Module> debug certmgr [all|error|info] debug dhcpsvr [all|error|info] debug imi [all|cli-client|cli-server|errors|init|ntp] debug ip [https|ssh] debug logging [all|errors|monitor|subagent]...
Page 153 4-15 Example RFS7000#debug ? Enable all debugging Cellcontroller (wireless) debugging messages ccstats Cellcontroller (wireless) debugging messages certmgr Certificate Manager Debugging Messages dhcpsvr DHCP Conf Server Debugging Messages Integrated Management Interface Internet Protocol (IP) logging Modify message logging facilities mgmt Mgmt daemon mobility L3 Mobility mstp...
Page 154: Delete
4-16 Overview 4.1.11 delete Priv Exec Command Use this command to delete the specified file from the system. Syntax delete ({/force|/recursive}|) .FILE Parameters /force Forces deletion without a prompt. /recursive Performs a recursive delete. FILE Specifies the filename(s) to be deleted. Example RFS7000#delete flash:/out.tar flash:/out.tar.gz Delete flash:/out.tar [y/n]? y...
Page 155: Diff
4-17 4.1.12 diff Priv Exec Command Use this command to view the difference between two files. Syntax diff (FILE|URL) (FILE|URL) Parameters FILE Displays the differences between FILE. Displays the differences between URL. Example RFS7000#diff startup-config running-config --- startup-config +++ running-config @@ -89,7 +89,7 @@ mobility peer 157.235.208.16 wlan 1 enable...
Page 156: Dir
4-18 Overview 4.1.13 dir Priv Exec Command Use this command to view the list of files on a filesystem. Syntax dir ({/all|/recursive}|) (DIR|all-filesystems|) Parameters /all Lists all files. /recursive Lists files recursively. Lists files in named file path. all-filesystems Lists files on all filesystems. Example RFS7000#dir Directory of flash:/...
Page 157: Disable
4-19 4.1.14 disable Priv Exec Command Use this command to exit the Exec mode. Syntax disable Parameters None. Example RFS7000#disable RFS7000>...
Page 158: Edit
"ss" ss "ss" "ss" "ss" "ss" crypto pki trustpoint kumar2 subject-name "ss" ss "ss" "ss" "ss" "ss" crypto pki trustpoint thippeswamy subject-name "TestPool" US "OH" "PB" "MOTOROLA" "WID" fqdn "RetailKing.com" email abcTestmailid@motorola.com rsakey were company-name "RetailKing"...
Page 159: Enable
4-21 4.1.16 enable Priv Exec Command Use this command to turn on the privileged mode command. Syntax enable Parameters None. Example RFS7000#enable RFS7000#...
Page 160: Erase
4-22 Overview 4.1.17 erase Priv Exec Command Use this command to erase a target filesystem. Syntax erase [cf:|flash:|nvram:|startup-config:] Parameters Erases contents of compact flash. flash Erases contents of flash. nvram Erases contents of nvram. startup-config Resets the switch configuration to factory default settings. Example RFS7000#erase cf RFS7000#erase flash...
Page 161: Kill
4-23 4.1.18 kill Priv Exec Command Use this command to kill (terminate) a specified session. Syntax kill session <1-16> Parameters session Active session. There are 16 active sessions which can be terminated. Example RFS7000#show sessions SESSION USER LOCATION IDLE START TIME Console 00:00m Apr 16 20:58:58 2007...
Page 162: Logout
4-24 Overview 4.1.19 logout Priv Exec Command Use this command to exit from the EXEC mode. Syntax logout Parameters None. Example RFS7000#logout Please press Enter to activate this console.
Page 163: Mkdir
4-25 4.1.20 mkdir Priv Exec Command Use this command to create a new directory in the filesystem. Syntax mkdir DIR Parameters Directory name. Example RFS7000#mkdir TestDIR RFS7000#...
Page 164: More
4-26 Overview 4.1.21 more Priv Exec Command Use this command to view the contents of a file. Syntax more FILE Parameters FILE Displays the content of the file. Example RFS7000#more flash:/log/messages.log Sep 08 12:27:30 2006: %PM-5-PROCSTOP: Process "radiusd" has been stopped Sep 08 12:27:31 2006: %LICMGR-6-NEWLICENSE: Licensed AP count changed to 48 Sep 08 12:27:31 2006: %CC-5-COUNTRYCODE:...
Page 165 4-27 4.1.22 page Priv Exec Command Use this command to toggle switch paging. Enabling this command displays the command output page by page, instead of running the entire output at once. Syntax page Parameters None. Example RFS7000>page ? <cr> RFS7000>page RFS7000>enable RFS7000#show running-config ! configuration of RFS7000 version 1.0.0.0-280D!
Page 166: Ping
4-28 Overview 4.1.23 ping Priv Exec Command Use this command to send ICMP echo messages. Syntax ping [IP address|hostname] Parameters [IP address|hostname] Ping destination address or hostname. Example RFS7000#ping 111.222.222.39 PING 1111.222.222.39 (111.222.222.39): 100 data bytes 128 bytes from 111.222.222.39: icmp_seq=0 ttl=64 time=2.3 ms 128 bytes from 111.222.222.39: icmp_seq=1 ttl=64 time=0.2 ms 128 bytes from 111.222.222.39: icmp_seq=2 ttl=64 time=0.3 ms 128 bytes from 111.222.222.39: icmp_seq=3 ttl=64 time=0.2 ms...
Page 167: Pwd
4-29 4.1.24 pwd Priv Exec Command Use this command to view the contents of the current directory. Syntax Parameters None. Example RFS7000#pwd flash:/ RFS7000#...
Page 168: Quit
4-30 Overview 4.1.25 quit Priv Exec Command Use this command to exit the current mode and move down to the previous mode. Syntax quit Parameters None. Example RFS7000#quit RFS7000 release 1.0.0.0-264B Login as 'cli' to access CLI. RFS7000 login:...
Page 169: Reload
4-31 4.1.26 reload Priv Exec Command Use this command to halt the switch and perform a warm reboot. Syntax reload Parameters None. Example RFS7000#reload Wireless switch will be rebooted, do you want to continue? (y/n): y The system is going down NOW !! % Connection is closed by administrator! WIOS_SECURITYMGR[1037]: FTPALG: Shutting down.
Page 170: Rename
4-32 Overview 4.1.27 rename Priv Exec Command Use this command to rename a file in the existing filesystem. Syntax rename FILE FILE Parameters FILE FIle to rename. Example RFS7000#rename flash:/TestDIR/ NewTestDir RFS7000#DIR Directory of flash:/ drwx 1024 Wed Jul 19 19:14:05 2006 hotspot drwx Wed Aug 30 15:32:44 2006...
Page 171: Rmdir
4-33 4.1.28 rmdir Priv Exec Command Use this command to delete an existing file. Syntax rmdir DIR Parameters Name of the directory to delete. Example RFS7000#rmdir flash:/NewTestDir/ RFS7000#DIR Directory of flash:/ drwx 1024 Wed Jul 19 19:14:05 2006 hotspot drwx Wed Aug 30 15:32:44 2006 drwx 1024...
Page 172: Show
4-34 Overview 4.1.29 show Priv Exec Command Use this command to show currently running system information. Syntax show <display parameter> Parameters access-list Displays Internet Protocol (IP) details of the access list. aclstats Displays ACL statistics information. alarm-log Displays alarms currently in the system. autoinstall Displays autoinstall configuration details.
Page 173 4-35 privilege Displays the current privilege level. radius Displays RADIUS configuration commands. redundancy-group Displays redundancy group parameters. redundancy-history Displays the state transition history of the switch. redundancy-members Displays redundancy group members in detail. running-config Displays the current operating configuration. securitymgr Displays securitymgr parameters.
Page 174 4-36 Overview interfaces Interface status Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer MAC access-list assignment mac-address-table Display MAC address table management Display L3 Managment Interface name mobility Display Mobility Parameters Network time protocol password-encryption password encryption...
Page 175: Telnet
4-37 4.1.30 telnet Priv Exec Command Use this command to open a telnet session. Syntax telnet [IP address|hostname] Parameters [IP address| host name] IP address or hostname of a remote system. Example RFS7000#telnet 157.111.222.33 Entering character mode Escape character is '^]'. Red Hat Linux release 9 (Shrike) Kernel 2.4.20-6bigmem on an i686 login: cli...
Page 176: Traceroute
4-38 Overview 4.1.31 traceroute Priv Exec Command Use this command to trace the route to a destination. Syntax traceroute (WORD | ip WORD) Parameters WORD Traces the route to a destination address or hostname . IP trace. Example RFS7000#traceroute 157.222.333.33 traceroute to 157.235.208.39 (157.235.208.39), 30 hops max, 38 byte packets 157.235.208.39 (157.235.208.39) 0.466 ms...
Page 177: Upgrade
4-39 4.1.32 upgrade Priv Exec Command Use this command to upgrade the switch software image. Syntax upgrade URL (background|) Parameters Defines location of firmware image. Example RFS7000#upgrade tftp://xxx.xxx.xxx.xxx:/img var2 is 10 percent full /tmp is 2 percent full Free Memory 161896 kB FWU invoked via Linux shell Running from partition /dev/hda5, partition to update is /dev/hda6...
Page 178 4-40 Overview Successful Sep 08 15:58:46 2006: %FWU-6-FWUDONE: Firmware update successful, new version is 1.0.0.0-264B RFS7000#...
Page 179: Upgrade-Abort
4-41 4.1.33 upgrade-abort Priv Exec Command Use this command to abort an ongoing upgrade process. Syntax upgrade-abort Parameters None. Example RFS7000#upgrade-abort % Error: No upgrade in progress RFS7000#upgrade tftp://xxx.xxx.xxx.xxx:/img background RFS7000#Sep 08 16:01:38 2006: %KERN-4-WARNING: EXT3-fs warning: maximal mount count reached, running e2fsck is recommended. Sep 08 16:01:38 2006: %KERN-6-INFO: EXT3 FS on hda1, internal journal.
Page 180: Write
4-42 Overview 4.1.34 write Priv Exec Command Use this command to write the running configuration to memory or terminal Syntax write [memory | terminal] Parameters memory Writes to NV memory. terminal Writes to terminal. Example RFS7000#write terminal ! configuration of RFS7000 version 1.0.0.0-264B! version 1.0 service prompt crash-info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d...
Page 181: Global Configuration Commands
Global Configuration Commands The term global is used to indicate characteristics or features effecting the system as a whole. Use the Global configuration mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols). Use the configure terminal command, under PRIV EXEC, to enter global configuration mode.
Page 182 Overview 5.1 Global Configuration Commands Table 5.1 summarizes the Global Config commands. Table 5.1 Global Configuration Command Summary Command Description Ref. Authentication, Authorization and Accounting. page 5-4 access-list Adds an access list entry. page 5-5 autoinstall Autoinstalls a configuration command. page 5-11 banner Defines a login banner.
Page 183 Command Description Ref. prompt Sets the system prompt. page 5-39 radius-server Enters radius-server mode. page 5-40 redundancy Configures redundancy group parameters. page 5-41 service Service commands. page 5-43 show Shows running system information. Refer to Global Config show page 2-25 commands.
Page 184: Aaa
Uses external RADIUS server. Usage Guidelines Use AAA login to determine whether management user authentication must be performed against a loacl user database or a external RADIUS server. Example RFS7000(config)#username motorolaadmin password motorola RFS7000(config)#username motorolaadmin privilege superuser RFS7000(config)#aaa authentication login default local RFS7000(config)#...
Page 185: Access-List
5.1.2 access-list Global Configuration Commands Use this command to add an access list entry. Use the access list command under global configuration to configure the access list mechanism for filtering frames by protocol type or vendor code. Syntax access-list For Standard IP ACL’s: access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7>...
Page 186 Overview Parameters access-list Add a standard access list entry. (<1-99>|<1300-1999>) • (<1-99>|<1300-1999>) – Access numbers from 1 to 99 or 1300 to 1999. (deny|permit|mark • (deny|permit|mark) – Action types on an ACL. The action type (8021p <0-7> | mark functional only over a Port ACL. tos <0-255>)) (A.B.C.D/M | host A.B.C.D | •...
Page 187 access-list Add an Extended IP access list entry using IP keyword. (<100-199>|<2000-2699>) • <100-199>|<2000-2699> – For IP type of extended ACL, the ACL number {deny | permit | mark {dot1p must be between 100-199. <0-7> | tos <0-255>}} • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on an {ip} {source/source-mask | ACL.
Page 188 Overview access-list Add an Extended IP access list entry using icmp keyword. (<100-199>|<2000-2699>) • (<100-199>|<2000-2699>) – For ICMP extended ACLs, the ACL number {deny | permit | mark {dot1p must be between 2000-2699. <0-7> | tos <0-255>}} • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on {icmp} an ACL.
Page 189 access-list Add an Extended IP access list entry using tcp or udp keyword. (<100-199>|<2000-2699>) • (<100-199>|<2000-2699>) – For tcp or udp type of extended ACL, the {deny | permit | mark {dot1p ACL number must be between 2000-2699. <0-7> | tos <0-255>}} •...
Page 190 5-10 Overview Example The example below creates a standard access list (ACL) to permit any traffic coming to the interface. RFS7000(config)#access-list 1 permit any RFS7000(config)# The example below creates a extended IP access list to permit IP traffic between two networks. RFS7000(config)#access-list 101 permit ip 192.168.1.0/24 192.168.2.0/24 RFS7000(config)# The example below creates a extended access list to permit tcp traffic, between two networks, with...
Page 191: Autoinstall
5-11 5.1.3 autoinstall Global Configuration Commands Use this command to autoinstall the switch image. Syntax autoinstall [clear-config-history|cluster-config|config|image|start] autoinstall (cluster-config|config|image) (URL[tftp|ftp|http|cf]) autoinstall image version <number> Parameters clear-config-history Autoinstalls a clear configuration history, resulting in a reversion. cluster-config Autoinstalls a cluster-config setup. config Autoinstalls a config setup.
Page 192: Banner
5-12 Overview 5.1.4 banner Global Configuration Commands Use this command to define a login banner for the switch. Syntax banner(motd(LINE|default)) Parameters motd Sets the “message of the day” banner. LINE Custom MOTD string. default Default MOTD string. Example RFS7000(config)#banner motd Welcome to my RFS7000 CLI RFS7000(config) RFS7000 release 3.0.0.0-200B Login as 'cli' to access CLI.
Page 193: Boot
5-13 5.1.5 boot Global Configuration Commands This command reboots the switch with an image present in the mentioned partition ( either the primary or secondary partition). Syntax boot(system [primary|secondary]) Parameters system Specifies the boot image used after reboot. primary Specifies the primary image. secondary Specifies the secondary image.
Page 194: Bridge
5-14 Overview 5.1.6 bridge Global Configuration Commands Configures bridge specific details. Syntax bridge [<1-32>|multiple-spanning-tree] bridge <1-32> [address|ageing-time] bridge <1-32> (address)MAC [discard|forward](NAME|fe|ge|sa|tunnel|vlan) bridge <1-32> (address)MAC [discard|forward] fe (vlan <2-4094>) bridge <1-32> (address)MAC [discard|forward] ge <1-4> (vlan <2-4094>) bridge <1-32> (address)MAC [discard|forward] sa <1-4> (vlan <2-4094>) bridge <1-32>...
Page 195: Country-Code
5-15 5.1.7 country-code Global Configuration Commands Use this command to configure the country of operation. Syntax country-code Parameters None. Usage Guidelines This command erases all existing radio configuration. Example RFS7000(config)#country-code ? United Arab Emirates Argentina Austria Australia Bosnia Herzegovina Belgium Bulgaria Bahrain Bermuda...
Page 196 5-16 Overview Kuwait Kazakhstan Liechtenstein Sri Lanka Lithuania Luxembourg Latvia Morocco Malta Mexico Malaysia Netherlands Norway New Zealand Oman Peru Philippines Pakistan Poland Portugal Qatar Romania Russia Saudi Arabia Sweden Singapore Slovenia Slovak Republic Thailand Turkey Taiwan Ukraine United States Uruguay Venezuela Vietnam...
Page 197: Crypto
5-17 5.1.8 crypto Global Configuration Commands Use this command to configure encryption related commands. NOTE mode leads to instance. For crypto pki trustpoint (config-trustpoint) more information, see crypto-trustpoint Instance on page 6-1. Syntax crypto(key|pki) crypto key(export|generate|import|zeroize) crypto key export rsa<name> URL[tftp|ftp] crypto key generate rsa<name>...
Page 198 5-18 Overview self-signed Selfsigned mode of enrollment. trustpoint Trustpoint configuration. terminal Copies and pastes enrollment mode. Usage Guidelines Use crypto pki with diffrent parameters to configure trustpoint and its parameters. Use crypto key to configure RSA key pairs. Example RFS7000(config)#crypto pki ? authenticate Authenticate and import CA Certificate enroll...
Page 199: Debug
5-19 5.1.9 debug Global Configuration Commands Use this command to turn on and off mstp debugging messages. Syntax debug (mstp) [all|cli|packet(rx |tx)|protocol (detail)|timer(detail)] Parameters Echoes all MSTP debugging levels to the console. Echoes all MSTP debugging levels to the console. packet Echoes MSTP packets (received and transmitted) to the console.
Page 200 5-20 Overview 5.1.10 do Global Configuration Commands Use this command to run commands from either the User Exec or Priv Exec mode. Syntax do (command of other mode) Parameters None. Example RFS7000(config)#do ping 157.235.208.69 PING 157.235.208.69 (157.235.208.69): 100 data bytes 128 bytes from 157.235.208.69: icmp_seq=0 ttl=64 time=0.1 ms 128 bytes from 157.235.208.69: icmp_seq=1 ttl=64 time=0.0 ms 128 bytes from 157.235.208.69: icmp_seq=2 ttl=64 time=0.0 ms...
Page 201: End
5-21 5.1.11 end Global Configuration Commands Use this command to end the current mode and change to the Exec mode. Syntax Parameters None. Example RFS7000(config)#end RFS7000#? Priv Exec commands: acknowledge Acknowledge alarms archive Manage archive files autoinstall autoinstall configuration command Change current directory ..........
Page 202: Format
5-22 Overview 5.1.12 format Global Configuration Commands Use this command to format the Compact Flash (CF) card. Syntax format Parameters Format compact flash. Example RFS7000(config)#format cf RFS7000(config)#...
Page 203: Ftp
5-23 5.1.13 ftp Global Configuration Commands Use this command to configure the switch as an FTP server. Syntax ftp enable ftp password(0|1|LINE) ftp rootdir(DIR) Parameters enable Enables FTP server. password Configures a FTP password. Set the password using one of the folllowing: •...
Page 204: Hostname
5-24 Overview 5.1.14 hostname Global Configuration Commands Use this command to change the system’s network name. Syntax hostname(WORD) Parameters WORD Use this command to provide the name for the network. Example RFS7000(config)#hostname Eldorado Eldorado(config)#...
Page 205: Interface
5-25 5.1.15 interface Global Configuration Commands Use this command configure a selected interface. NOTE The interface mode leads to the instance. For additional information, config-if interface Instance on page 7-1. The prompt changes from RFS7000(config) # RFS7000(config-if) Syntax interface(IFNAME|fe|ge <1-4>|sa <1-4>|tunnel <1-32>|vlan <1-4094>) Parameters IFNAME Interface name.
Page 206 5-26 Overview 5.1.16 ip Global Configuration Commands Use this CLI command to configure a selected Internet Protocol. NOTE Use an command to move to the ip access-list extended instance. For additional information, see (config-ext-nacl) Extended ACL Instance on page 9-1. Use an command to move to the ip access-list standard...
Page 207 5-27 Parameters access-list Use the access list parameter to enter the context and ext-nacl std-nacl context. The prompt changes to the context entered. For additional information, see Extended ACL Instance on page 9-1 (for extended ACLs) and Standard ACL Instance on page 10-1 (for standard ACLs).
Page 208 5-28 Overview ip nat <inside | outside> • <inside|outside> – Defines the interface as private (inside) or public source list <access-list (external). NAT translations refer to this keyword to identify the name> overload interface translations applied to incoming packets on an interface. <interface name>...
Page 209 5-29 Usage Guidelines By using the parameter you enter the following contexts: ip access-list • ext-nacl — Extended ACL. For more details see Extended ACL Instance on page 9-1. • std-nacl — Standard ACL. For more details see Standard ACL Instance on page 10-1. •...
Page 210: License
5-30 Overview 5.1.17 license Global Configuration Commands Use this command to see the details of the license. Syntax license Parameters WORD Enter the name of the feature for which you wish to add a license. Example RFS7000(config)#show licenses Serial Number 6283529900020 feature license string license value...
Page 211: Line
5-31 5.1.18 line Global Configuration Commands Use this command to configure the terminal line. NOTE Using the command moves you to the instance. line vty (config-line) Syntax line(console|vty) Parameters console Primary terminal line. Virtual terminal. Configure a value between 0-871.
Page 212: Logging
5-32 Overview 5.1.19 logging Global Configuration Commands Use this command to modify message logging facilities. Syntax logging(aggregation-time|buffered|console|facility|host|monitor|on|syslog) logging aggregation-time(<1-20>) logging buffered(<0-7>|alerts|critical|debugging|emergencies|errors| informational|notifications|warnings) Parameters aggregation-time Sets number of seconds (between 1 - 120) for aggregating repeated messages. buffered Sets the buffered logging level. console Sets the console logging level.
Page 213 5-33 host Configures the remote host to receive log messages. A.B.C.D Remote host's IP address. Enables the logging of system messages. Example RFS7000(config)#logging aggregation-time 20 RFS7000(config)#...
Page 214: Mac
5-34 Overview 5.1.20 mac Global Configuration Commands Use this command to configure MAC access-lists. Syntax mac(access-list(extended(WORD))) Parameters access-list Enter a name for MAC extended ACL. (extended <name>) Usage Guidelines To delete a Standard/Extended or MAC ACL, use under the Global no access-list <access-list name>...
Page 215: Management
5-35 5.1.21 management Global Configuration Commands Use this command to set management interface properties. Syntax management(secure) Parameters secure Limits local access (Web/Telnet etc.) to the management interface. Example RFS7000(config)#management secure RFS7000(config)#...
Page 216: Ntp
5-36 Overview 5.1.22 ntp Global Configuration Commands Use this command to configure NTP. Syntax ntp(access-group|authenticate|authentication-key|autokey| broadcast|broadcastdelay|master|peer|server|trusted-key) ntp access-group(peer|query-only|serve|serve-only) ntp access-group peer(<1-99>|<1300-1999>) ntp access-group query-only(<1-99>|<1300-1999>) ntp access-group serve(<1-99>|<1300-1999>) ntp access-group serve-only(<1-99>|<1300-1999>) ntp authenticate ntp authentication-key <1-65534> ntp autokey(client-only|host) ntp broadcast(client|destination) ntp broadcast destination(<name>(key<1-65534>|version<1-4>)) ntp broadcastdelay <1-999999>...
Page 217 5-37 authentication-key Define an authentication key for trusted time sources. Select a keynumber <1-65534> between 1 and 65534. autokey Enables NTP autokey authentication scheme. client-only Switch will be a client to other trusted-hosts in the autokey group. host Configures the switch as a trusted host. broadcast Configures NTP broadcast service.
Page 218 5-38 Overview Example RFS7000(config)#ntp peer ? WORD Name/IP address of peer RFS7000(config)#ntp peer TestPeer ? autokey Configure autokey peer authentication scheme Configure peer authentication key prefer Prefer this peer when possible version Configure NTP version <cr> RFS7000(config)#ntp peer TestPeer autokey ? prefer Prefer this peer when possible version...
Page 219: Prompt
5-39 5.1.23 prompt Global Configuration Commands Use this command to configure and set the systems prompt. Syntax prompt(LINE) Parameters LINE Enter the new prompt displayed by the switch. Example RFS7000(config)#prompt NobleMan NobleMan...
Page 220: Radius-Server
5-40 Overview 5.1.24 radius-server Global Configuration Commands Use this CLI command to enter the RADIUS Server mode. The system prompt changes from the default config mode to RADIUS server mode. NOTE mode leads you to the radius-server context. For more radius-server local details see RADIUS Server Instance on page 13-1...
Page 221: Redundancy
5-41 5.1.25 redundancy Global Configuration Commands Use this command to configure redundancy group parameters. Syntax redundancy(discovery-period|enable|group-id|handle-stp| heartbeat-period|hold-period|interface-ip|manual-revert|member-ip|mode) redundancy discovery-period <10-60> redundancy enable redundancy group-id <1-65535> redundancy handle-stp(enable) redundancy heartbeat-period redundancy hold-period <10-255> redundancy interface-ip(A.B.C.D) redundancy member-ip (A.B.C.D) redundancy mode(primary|standby) Parameters discovery-period Sets the redundancy discovery interval.
Page 222 5-42 Overview Example RFS7000(config)#redundancy discovery-period 20 RFS7000(config)# RFS7000(config)#redundancy handle-stp enable RFS7000(config)# RFS7000(config)#redundancy heartbeat-period 20 RFS7000(config)# RFS7000(config)#redundancy hold-period 25 RFS7000(config)# RFS7000(config)#redundancy mode primary RFS7000(config)#...
Page 223: Service
5-43 5.1.26 service Global Configuration Commands Use this command to retrieve system data (tables, log files, configuration, status and operation) for use in debugging and problem resolution. Syntax service(advanced-vty|dhcp|password-encryption| pm (max-sys-restarts<1-5>|sys-restart)| prompt(crash-info)|radius(restart)|set|show (cli)|terminal-length <0-512>) service set ( command-history <10-300>|reboot-history <10-100>| upgrade-history <10-100>) Parameters advanced-vty...
Page 224 5-44 Overview Example RFS7000(config)#service dhcp RFS7000(config)# RFS7000(config)#service radius restart RFS7000(config)# RFS7000(config)#service show cli Global Config mode: +-aaa +-authentication +-login +-default +-local [aaa authentication login default {none|{local|radius}}] +-none [aaa authentication login default {none|{local|radius}}] +-radius [aaa authentication login default {none|{local|radius}}] +-access-list +-<1-99> +-deny +-A.B.C.D/M [access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0- 7>...
Page 225: Show
5-45 5.1.27 show Global Configuration Commands Use this command to view running system information. Syntax show <display parameter> Parameters access-list Displays Internet Protocol (IP) details of the access list. aclstats Displays ACL statistics information. alarm-log Displays system alarms. autoinstall Displays autoinstall configuration details. banner Displays the “Message of the Day”...
Page 226 5-46 Overview privilege Displays current privilege level. radius Displays RADIUS configuration commands. redundancy-group Displays redundancy group parameters. redundancy-history Displays switch state transition history. redundancy-members Displays redundancy group members in detail. running-config Displays current operating configuration. securitymgr Displays securitymgr parameters. sessions Displays current active open connections.
Page 227 5-47 MAC access-list assignment mac-address-table Display MAC address table management Display L3 Managment Interface name mobility Display Mobility Parameters Network time protocol password-encryption password encryption privilege Show current privilege level radius RADIUS configuration commands redundancy-group Display redundancy group parameters redundancy-history Display state transition history of the switch.
Page 228: Snmp-Server
5-48 Overview 5.1.28 snmp-server Global Configuration Commands Use this command to modify SNMP engine parameters. Syntax snmp-server(community|contact|enable|host|location|manager|sysname|user) snmp-server community <community name>(ro|rw) snmp-server contact LINE snmp-server enable traps (all|dhcp-server|miscellaneous|mobility| nsm|radius-server|redundancy|snmp|wireless|wireless-statistics) snmp-server enable traps all snmp-server enable traps miscellaneous (caCertExpired|lowFsSpace|processMaxRestartsReached|savedConfigModified| serverCertExpired) snmp-server enable traps nsm dhcpIPChanged snmp-server enable traps redundancy (adoptionExceeded|grpAuthLevelChanged|memberDown|memberMisConfigured| memberUp)
Page 229 5-49 snmp-server enable traps wireless-statistics wlan (avg-bit-speed-less-than|avg-retry-greater-than|avg-signal-less-than| gave-up-percent-greater-than|nu-percent-greater-than| num-mobile-units-greater-than|pktsps-greater-than|tput-greater-than| undecrypt-percent-greater-than) snmp-server host <host IP address>(v2c<1-65535>|v3<1-65535>) snmp-server location (LINE) snmp-server manager(all|v2|v3) snmp-server sysname snmp-server user(snmpmanager|snmpoperator|snmptrap) snmp-server user (snmpmanager|snmpoperator|snmptrap) v3(auth|encrypted) snmp-server user (snmpmanager|snmpoperator|snmptrap) v3 auth (md5<password>) snmp-server user (snmpmanager|snmpoperator|snmptrap) v3 encrypted (auth|des)(md5<password>) Parameters (community) Sets the community string and access privileges.
Page 230 5-50 Overview miscellaneous ( ) Enables miscellaneous traps. • caCertExpired – Ca certificate has expired. • lowFsSpace – Available file system space lower than the limit. • processMaxRestartsReached – Process has reached the max restart limit. • savedConfigModified – Saved configuration has been modified.
Page 231 5-51 ids ( ) Enables wireless IDS traps. • muExcessiveEvents – Excessive MU events. • radioExcessiveEvents – Excessive radio events. • switchExcessiveEvents – Excessive switch events. radio ( ) Enables wireless radio traps. • adopted – Radio adopted. • detectedRadar – Radio detected radar. •...
Page 232 5-52 Overview wireless-statistics ( ) Modifies wireless-stats rate traps. • min-packets– Explained in the sections that follow. • mobile-unit– Explained in the sections that follow. • radio– Explained in the sections that follow. • wireless-switch– Explained in the sections that follow. •...
Page 233 5-53 radio Modifies radio rate traps. • avg-bit-speed-less-than <value>– Average bit speed in Mbps is less than <a decimal number greater than 0.00 and less than or equal to 54.00>. • avg-retry-greater-than <value> – Average retry is greater than <a decimal number greater than 0.00 and less than or equal to 16.00>.
Page 234 5-54 Overview wireless-switch Modify wireless-switch rate traps. • num-mobile-units-greater-than <1-8192> – Number of associated MUs is greater than <a decimal number in the range 1-8192 >. • pktsps-greater-than <value> – Packets per sec is greather than <a decimal number greater than 0.00 and less than or equal to 100000.00>.
Page 235 5-55 host <host IP address> SNMP server host IP-address. v2c <1-65535> Uses SNMP version 2c. Select a host port number within the range of <1-65535>. v3 <1-65535> Uses SNMP version 3. Select a host port number within the range of <1-65535>.
Page 236 5-56 Overview RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless ids excessiveProbes RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless radio adopted RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless self-healing activated RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless station tkipCounterMeasures RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless-statistics min-packets 120 RFS7000(config)# RFS7000(config)#snmp-server location "Located at thh 5th FLoor" RFS7000(config)# RFS7000(config)#snmp-server sysname "Gold Mine"...
Page 237: Spanning-Tree
5-57 5.1.29 spanning-tree Global Configuration Commands Use this command to configure the spanning-tree commands. Syntax spanning-tree [mst|portfast] spanning-tree mst [<0-15> (priority <0-61440>)| cisco-interoperability (enale|disable)|configuration| forward-time <4-30>|hello-time <1-10>|max-age <6-40>|max-hops <7-127>] spanning-tree portfast [bpdufilter|bpduguard](default) Parameters Enables the Multiple Spanning Tree Protocol on a bridge. [<0-15>...
Page 238 5-58 Overview • forward-time <4-30> – Sets the time (in seconds) after which (if this bridge is the root bridge) each port changes states to learning and forwarding. This value is used by all instances. The default value is 15 seconds. •...
Page 239 5-59 Usage Guidelines command moves you to the spanning tree-mst Instance instance. mst > configuration If a bridge does not hear bridge protocol data units (BPDUs) from the root bridge within the specified interval, defined in the max-age (seconds) parameter, then assume that the network has changed and recompute the spanning-tree topology.
Page 240: Timezone
5-60 Overview 5.1.30 timezone Global Configuration Commands Use this command to configure switch timezone settings. Syntax timezone Parameters TIMEZONE Press <tab> to navigate the list of files. This action displays a list of files containing timezone information. Example RFS7000(config)#timezone Africa/ America/ Asia/ Atlantic/...
Page 241: Username
5-61 5.1.31 username Global Configuration Commands Use this CLI command to establish the user name authentication. Syntax username <name> (access|password|privilege) username <name> access (console|ssh|telnet|web) username <name> password(0|1|Line) username <name> privilege(helpdesk|monitor|nwadmin|superuser|sysadmin|webadmin) Parameters name Enter a name to authenticate the switch. The username must be between 1 - 28 characters.
Page 242: Wireless
5-62 Overview 5.1.32 wireless Global Configuration Commands Use this command to configure switch wireless parameters. This command leads moves you to the instance. For additional information, see Wireless Instance on page 14-1. config-wireless Syntax wireless Parameters None. Usage Guidelines The wireless command is used to enter the config-wireless instance. The prompt changes from the regular RFS7000(config)# RFS7000(config-wireless)#.
Page 243: Wlan-Acl
5-63 5.1.33 wlan-acl Global Configuration Commands Use this command to apply an ACL on a WLAN index. Syntax wlan-acl [<1-256>{<1-99>|<100-199>|<1300|1999>|<2000|2699>|word}][in|out] Parameters <1-256>[] WLAN number. • <1-99> — IP standard access list. • <100-199> — IP extended access list. • <1300-1999> — IP standard access list (expanded range). •...
Page 244 5-64 Overview Example The example below applies an ACL to WLAN index 200 in inbound direction from the global config mode. RFS7000(config)#wlan-acl 200 150 in RFS7000(config)# NOTE A MAC access list entry to allow is mandatory to apply an IP based ACL to an interface.
Page 245 crypto-trustpoint Instance commands to define a Certificate Authority (CA) trustpoint. config-crypto-trustpoint is a seperate instance, belonging to the mode under config-crypto-trustpoint crypto pki trustpoint instance. config 6.1 Trustpoint Config commands Table 6.1 summarizes the commands. config-crypto-trustpoint Table 6.1 Trustpoint Config Commands Summary Command Description Ref.
Page 246 Overview Command Description Ref. password Challenge password (appplicable only by request). page 6-12 rsakeypair Rsa Keypair to associate with the trustpoint. page 6-13 service Service commands. page 6-14 show Shows the running system information. page 6-15 subject-name Subject name is a collection of required parameters to configure a page 6-17 trustpoint.
Page 247: Trustpoint Config Commands
6.1.1 clrscr Trustpoint Config commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-trustpoint)#clrscr RFS7000(config-trustpoint)#...
Page 248: Company-Name
Overview 6.1.2 company-name Trustpoint Config commands Use this command to set the company name (applicable only by request) to a trustpoint. Syntax company-name Parameters WORD Company name (2 - 64 characters in length). Usage Guidelines The company name defined must be in the range of 2 to 64 characters only. Example RFS7000(config-trustpoint)#company-name RetailKing RFS7000(config-trustpoint)#...
Page 249: Email
Use this command to configure an e-mail ID for a trustpoint. Syntax email Parameters WORD email address (2 to 64 characters). Usage Guidelines The email defined must be in the range of 2 to 64 characters only. Example RFS7000(config-trustpoint)#email abcTestemailID@motorola.com RFS7000(config-trustpoint)#...
Page 250: End
Overview 6.1.4 end Trustpoint Config commands Use this command to end and exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax Parameters None. Example RFS7000(config-trustpoint)#end RFS7000#...
Page 251: Exit
6.1.5 exit Trustpoint Config commands Use this command to end the current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)#. Syntax exit Parameters None. Example RFS7000(config-trustpoint)#exit RFS7000(config)#...
Page 252: Fqdn
Overview 6.1.6 fqdn Trustpoint Config commands Use this command to configure the fully qualified domain name (fqdn) for the trustpoint. Syntax fqdn Parameters None Usage Guidelines The string length of the domain name must between 9 to 64 characters. Example RFS7000(config-trustpoint)#fqdn RetailKing.com RFS7000(config-trustpoint)#...
Page 253: Help
6.1.7 help Trustpoint Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-trustpoint)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 254: Ip-Address
6-10 Overview 6.1.8 ip-address Trustpoint Config commands Use this command to configure an IP address for the trustpoint. Syntax ip-address Parameters A.B.C.D Enter the IP address configured for the trustpoint. Example RFS7000(config-trustpoint)#ip-address 157.200.200.02 RFS7000(config-trustpoint)#...
Page 255 6-11 6.1.9 no Trustpoint Config commands Use this command to negate a command or set defaults. Syntax no <previous command used> Parameters None. Example RFS7000(config-trustpoint)#no ip-address RFS7000(config-trustpoint)#...
Page 256: Password
6-12 Overview 6.1.10 password Trustpoint Config commands Use this command to set the challenge password, applicable only for trustpoint access requests . Syntax password(0|2|WORD) Parameters Password is specified UNENCRYPTED. The password must be between 4 - 20 characters. Password is encrypted with a password-encryption secret. The string length of an encrypted password must be between 44 - 64 characters.
Page 257: Rsakeypair
6-13 6.1.11 rsakeypair Trustpoint Config commands Use this command to configure a RSA Keypair to associate with the trustpoint. Syntax rsakeypair Parameters WORD RSA keypair identifier. Usage Guidelines Use RSA Key Pair support to configure the switch to have Rivest, Shamir, and Adelman (RSA) key pairs. The switch software can maintain a different key pair for each identity certificate.
Page 258: Service
6-14 Overview 6.1.12 service Trustpoint Config commands Use this command to invoke service commands to trobuleshoot or debug instance crypto pki trustpoint configurations. Syntax service(show)(cli) Parameters show (cli) Shows the CLI tree of current mode. Example RFS7000(config-trustpoint)#service show cli Trustpoint Config mode: +-clrscr [clrscr] +-company-name +-WORD [company-name WORD]...
Page 259: Show
6-15 6.1.13 show Trustpoint Config commands Use this command to view current system information. Syntax show <parameter> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-trustpoint)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 260 6-16 Overview RFS7000(config)#show crypto pki trustpoints Trustpoint :default-trustpoint ----------------------------------------------- Server certificate configured Subject Name: Common Name: Symbol Technologies Issuer Name: Common Name: Symbol Technologies Valid From: Mar 11 03:38:26 2007 GMT Valid Until: Mar 10 03:38:26 2008 GMT RFS7000(config)# RFS7000(config-trustpoint)#show access-list Standard IP access list 1 deny any rule-precedence 1 RFS7000(config-trustpoint)#...
Page 261: Subject-Name
RFS7000(config-trustpoint)#subject-name TestPool US OH PB ? WORD Organization( 2 to 64 characters ) RFS7000(config-trustpoint)#subject-name TestPool US OH PB MOTOROLA ? WORD Organization Unit( 2 to 64 characters ) RFS7000(config-trustpoint)#subject-name TestPool US OH PB MOTOROLA WID ? <cr> RFS7000(config-trustpoint)#subject-name TestPool US OH PB MOTOORLA WID RFS7000(config-trustpoint)#...
Page 262 6-18 Overview...
Page 263 interface Instance Use the ) instance to configure Fast Ethernet (fe), Giga Ehternet (ge), StaticAggregate interface (config-if (sa), VLAN and tunnel . Use the to reach this instance. (config)# interface [fe|ge|sa|tunnel|vlan] 7.1 Interface Config commands Table 7.1 summarizes the commands. config-if Table 7.1 Interface Config Command Summary Command...
Page 264 Overview Command Description Ref. port-channel Port channel commands. page 7-15 service Service commands. page 7-16 show Shows the running system information. page 7-17 shutdown Shutsdown the selected interface. page 7-20 spanning-tree Configures spanning-tree. page 7-21 speed Configures speed. page 7-23 static-channel- Configures static channel commands.
Page 265: Interface Config Commands
7.1.1 clrscr Interface Config commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-if)#clrscr RFS7000(config-if)#...
Page 266: Description
Overview 7.1.2 description Interface Config commands Use this command to create an interface specific desciption. Syntax description Parameters LINE Characters to describe this interface. Example RFS7000(config-if)#description "interface for RetailKing" RFS7000(config-if)#...
Page 267: Duplex
7.1.3 duplex Interface Config commands Use this command to configure a duplex type for the interface. NOTE • Duplexity can only be set for an Ethernet type interface. Enter the (config-if) instance using an parameter in an mode. ge/me interface •...
Page 268: End
Overview 7.1.4 end Interface Config commands Use this command to exit from the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-if)#end RFS7000#...
Page 269: Exit
7.1.5 exit Interface Config commands Use this command to end the current mode and move down to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-if)#exit RFS7000(config)#...
Page 270: Help
Overview 7.1.6 help Interface Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-if)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 271 7.1.7 ip Interface Config commands Use this command to configure an IP address for the assigned Ethernet, VLAN or tunnel. Syntax ip(access-group|address|helper-address|nat) ip access-group(<1-99>|<100-199>|<1300-1999>|<2000-2699>)in ip address(A.B.C.D/M|dhcp) ip helper-address A.B.C.D ip nat(inside|outside) Parameters access-group Access group. (<1-99> |<100-199>) IP extended access list. (<1300-1999>|<2000- IP extended access list (expanded range).
Page 272 7-10 Overview RFS7000(config-if)#interface vlan 2000 RFS7000(config-if)#ip address 172.168.200.1/24 RFS7000(config-if)#ip helper-address 172.168.100.10 vlan 1000 RFS7000(config-if)# The example below displays static NAT source translation. RFS7000(config)#interface vlan 1000 RFS7000(config-if)#ip nat inside RFS7000(config-if)#interface vlan 2000 RFS7000(config-if)#ip nat outside RFS7000(config)#ip nat inside source static 172.168.200.10 157.235.205.57 RFS7000(config)#...
Page 273: Mac
7-11 7.1.8 mac Interface Config commands Use this command to apply a MAC access list to a gigabit ethernet interface. NOTE Access list cannot be appllied on a management interface (me1). Syntax mac (access-group <acl_name>) (in) Parameters access-group Sets MAC access groups ACL. <acl_name>...
Page 274: Management
7-12 Overview 7.1.9 management Interface Config commands Use this command to configure the selected interface as a management interface. Syntax management Parameters None. Usage Guidelines Management privilage can be set only on a L3 interface. Use this command along with the (config) in config mode.
Page 275: Mtu
7-13 7.1.10 mtu Interface Config commands Use this command to set the mtu value for a VLAN interface. NOTE This command is valid only with a VLAN interface. Syntax mtu <512-1500> Parameters <512-1500> Maximum packet size in bytes. The minimum value is 512 and maximum value is 1500.
Page 276 7-14 Overview 7.1.11 no Interface Config commands Use this command to negate a command or set defaults. Syntax no [description|duplex|ip|mtu|shutdown| spanning-tree|speed|static-channel-group|switchport|tunnel] Parameters command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated. Example RFS7000(config-if)#no mtu RFS7000(config-if)#...
Page 277: Port-Channel
7-15 7.1.12 port-channel Interface Config commands Use this command to select the load-balance criteria of a aggregated port. This command Syntax port-channel (load-balance [src-dst-ip|src-dst-mac]) Parameters load-balance Sets load-balancing for port channel. [src-dst-ip|src-dst-mac] • src-dst-ip – Source and Destination IP address based load balancing. •...
Page 278: Service
7-16 Overview 7.1.13 service Interface Config commands Use this command to invoke service commands to trobuleshoot or debug the instance (config-if) configurations. Syntax service(show) (cli) Parameters show Shows running system information. Shows the CLI tree of current mode. Example RFS7000(config-if)#service show cli Interface Config mode: +-cisco-interoperability +-disable [cisco-interoperability ( enable | disable)]...
Page 279: Show
7-17 7.1.14 show Interface Config commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-if)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 280 7-18 Overview RFS7000(config-if)#show boot Image Build Date Install Date Version ----- -------------------- -------------------- -------------- Primary Aug 28 14:05:16 2006 Aug 29 18:32:17 2006 3.0.0.0-200B Secondary Aug 14 06:18:03 2006 Aug 17 15:08:28 2006 3.0.0.0-180B Current Boot : Primary Next Boot : Primary Software Fallback : Enabled...
Page 281 7-19 % portfast bpdu-guard disabled % portfast errdisable timeout disabled % portfast errdisable timeout interval 300 sec % cisco interoperability not configured - Current cisco interoperability off Instance VLAN 1-4095 RFS7000(config-if)#...
Page 282: Shutdown
7-20 Overview 7.1.15 shutdown Interface Config commands Use this command to shutdown the selected interface. Syntax shutdown Parameters None. Example RFS7000(config-if)#shutdown RFS7000(config-if)#...
Page 283: Spanning-Tree
7-21 7.1.16 spanning-tree Interface Config commands Use this command to configure spanning tree parameters. Syntax spanning-tree [bpdufilter(enable|disable)|bpduguard (enable|disable)|edgeport|force-version <0-3>|guard (root)|link-type (point-to- point|shared)|mst(<0-15>|port-cisco-interoperability)|portfast] spanning-tree mst [<0-15>(cost <1-200000000>|port-priority <0-240>)| port-cisco-interoperability (disable|enable)] Parameters bpdufilter (disable|enable) Use this command to set a portfast BPDU filter for the port. Use the parameter with this command to revert the port BPDU filter value to default.
Page 284 7-22 Overview mst [<0-15> Configures mst on a spanning tree. (cost <1-200000000>| • <0-15> – Instance ID. port-priority <0-240>)| • cost <1-200000000> – Path cost for a port. port-cisco-interoperability (disable|enable)] • port-priority <0-240> – Port priority for a bridge. • port-cisco-interoperability (disable|enable) – Enables or disables interoperability with Cisco's version of MSTP (which is incompatible with standard MSTP).
Page 285: Speed
7-23 7.1.17 speed Interface Config commands Use this command to configure the speed of the selected interface in Mbps. Syntax speed(10|100|1000|auto) Parameters Forces 10 Mbps operation. Forces 100 Mbps operation. 1000 Forces 1000 Mbps operation. auto Enables AUTO speed configuration. Usage Guidelines Set the interface speed to to detect and use the fastest speed avaiable.
Page 286: Static-Channel-Group
7-24 Overview 7.1.18 static-channel-group Interface Config commands Use this command to to add an interface to a static channel group. Syntax static-channel-group <1-4> Parameters <1-4> Static channel group to associate the link with. Usage Guidelines This command aggregates individual giga port’s into a single aggregate link to provide a larger bandwidth. Static channel group is used to provide additional bandwidth in multiples of 1Gbps on the switch.
Page 287: Switchport
7-25 7.1.19 switchport Interface Config commands Use this command to set switching mode characteristics for the selected interface. The mode can be either access or trunk. NOTE The interface earlier configured as a trunk with all VLAN's allowed on it looses its confiugration and has only VLAN 1 set to allowed.
Page 288 7-26 Overview Example RFS7000(config-if)#switchport mode access RFS7000(config-if)#...
Page 289: Tunnel
7-27 7.1.20 tunnel Interface Config commands Use this command to configure protocol-over-protocol tunneling. Syntax tunnel(destination|source|ttl) tunnel destination A.B.C.D tunnel source A.B.C.D tunnel ttl<1-255> Parameters destination Destination of tunnel packets. source Source of tunnel packets. A.B.C.D Internet Protocol (IP). Sets the time to live interval. <1-255>...
Page 290 7-28 Overview...
Page 291 spanning tree-mst Instance Use the ) instance to configure the Multi Spanning Tree Protocol (MSTP). Use (config-mst to reach this instance. (config)#spanning-tree mst configuration 8.1 mst Config commands Table 8.1 summarizes the commands. config-mst Table 8.1 MSTP Config Command Summary Command Description Ref.
Page 292: Mst Config Commands
Overview 8.1.1 clrscr mst Config commands Use this command to clear the display. Syntax clrscr Parameters None. Example RFS7000(config-mst)#clrscr RFS7000(config-mst)#...
Page 293: End
8.1.2 end mst Config commands Use this command to end and exit from the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-mst)#end RFS7000#...
Page 294: Exit
Overview 8.1.3 exit mst Config commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-mst)#exit RFS7000(config)#...
Page 295: Help
8.1.4 help mst Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-mst)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 296: Instance
Overview 8.1.5 instance mst Config commands Use this command to associate VLAN(s) with an instance. Syntax instance <1-15> vlan <VLAN_ID> Parameters <1-15> Enters the instance ID to which the VLAN is associated. vlan <VLAN_ID> Enters the VLAN ID for its association with an instance. Usage Guidelines MSTP works based on instances.
Page 297: Name
8.1.6 name mst Config commands Use this command to set a name for the MST region. Syntax name (region name) Parameters region name MST region name. Example RFS7000(config-mst)#name MyRegion RFS7000(config-mst)#...
Page 298 Overview 8.1.7 no mst Config commands Use this command to negate a command or set defaults. Syntax no [instance|name|revision] Parameters instance Instance. name MST region. revision Revision number for configuration information. Usage Guidelines command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
Page 299: Revision
8.1.8 revision mst Config commands Use this command to configure the revision number of the MST bridge. Syntax revision <0-255> Parameters 0-255 Revision number for configuration information. Example RFS7000(config-mst)#revision 20 RFS7000(config-mst)#...
Page 300: Service
8-10 Overview 8.1.9 service mst Config commands Use this command to invoke the service commands needed to trobuleshoot or debug instance (config-if) configurations. Syntax service(show) (cli) Parameters show (cli) Shows running system information. • cli – Show CLI tree of current mode. Example RFS7000(config-mst)*#service show cli MSTI configuration mode:...
Page 301 8-11 ......................................................RFS7000(config-mst)#...
Page 302: Show
8-12 Overview 8.1.10 show mst Config commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-mst)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system...
Page 303 8-13 RFS7000(config-mst)#show access-list Extended IP access list 110 permit ip 192.168.1.0/24 192.168.100.0/24 rule-precedence 5 permit ip 192.168.63.0/24 192.168.100.0/24 rule-precedence 63 permit ip 192.168.157.0/24 192.168.100.0/24 rule-precedence 157 RFS7000(config-mst)# RFS7000(config-mst)#show wlan-acl all WLAN port: 102 Inbound IP Access List : 110 Inbound MAC Access List : Outbound IP Access List: Outbound MAC Access List : RFS7000(config-mst)#...
Page 304: Configuring Interface Using Mstp
8-14 Overview 8.2 Configuring Interface using MSTP MSTP runs by default. All VLANs are in default instance 0 by default. 1. Use the following command to create a non-default instance and region configuration using the mode. config RFS7000(config-mst)#instance 1 vlan <vlan-id> 2.
Page 305 Extended ACL Instance Use the instance to configure ACLs.. (config-ext-nacl) ip access-list extended 9.1 Extended ACL Config Commands Table 9.1 summarizes the commands. config-ext-nacl Table 9.1 Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen. page 9-2 deny Specifies packets to reject.
Page 306: Extended Acl Config Commands
Overview 9.1.1 clrscr Extended ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-ext-nacl)#clrscr RFS7000(config-ext-nacl)#...
Page 307: Deny
9.1.2 deny Extended ACL Config Commands Use this command to specify packets to reject. Syntax deny(icmp|ip|tcp|udp) deny {ip} {source/source-mask | host source | any} {destination/destination-mask | host destination | any} [log] [rule-precedence access-list-entry precedence] deny {icmp} {source/source-mask | host source | any} {destination/ destination- mask | host destination | any} [icmp-type | [icmp-type icmp-code]] [log] [rule- precedence access-list-entry precedence] deny {tcp|udp} {source/source-mask | host source | any} [operator source-port]...
Page 308 Overview deny {icmp} {source/ Use with command to reject icmp packets. deny source-mask | host source • deny – Action types on an ACL. | any} {destination/ • {icmp} – Specifies icmp as the protocol. destination-mask | host destination | any} [icmp- •...
Page 309 deny {tcp|udp} {source/ Use with command to reject tcp or udp packets. deny source-mask | host source • deny – Action types on an ACL. | any} [operator source- • {tcp|udp} – Specify tcp or udp as protocol. port] {destination/ destination-mask | host •...
Page 310 Overview • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp provies the option of filtering icmp packets based on icmp type and code. NOTE The log option is functional only for router ACL’s. The log option causes an informational logging message about the packet that matches the entry to be sent to the console.
Page 311: End
9.1.3 end Extended ACL Config Commands Use this command to end and exit from the current mode and change to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-ext-nacl)#end RFS7000#...
Page 312: Exit
Overview 9.1.4 exit Extended ACL Config Commands Use this command to end current mode and go to the previous mode (GLOBAL-CONFIG). The prompt changes RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-ext-nacl)#exit RFS7000(config)#...
Page 313: Help
9.1.5 help Extended ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-ext-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 314: Mark
9-10 Overview 9.1.6 mark Extended ACL Config Commands Use this command to mark specific packets. Syntax mark {dot1p <0-7> | tos <0-255>}} {ip} {source/source-mask | host source | any} {destination/destination-mask | host destination | any} [log] [rule-precedence access-list-entry precedence] mark {dot1p <0-7> | tos <0-255>}} {icmp} {source/source-mask | host source | any} {destination/ destination-mask | host destination | any} [icmp-type | [icmp-type icmp-code]] [log] [rule-precedence access-list-entry precedence] mark {dot1p <0-7>...
Page 315 9-11 mark {dot1p <0-7> | tos Use with the command to specify icmp packets as marked. mark <0-255>}} {icmp} • mark {dot1p <0-7> | tos <0-255>} – Action types on an ACL. The action {source/source-mask | type is functional only over a Port ACL. mark host source | any} •...
Page 316 9-12 Overview mark {dot1p <0-7> | tos Use with the command to specify tcp or udp packets as marked. mark <0-255>}} {tcp|udp} • mark {dot1p <0-7> | tos <0-255>} – Action types on an ACL. The action {source/source-mask | type is functional only over a Port ACL.
Page 317 9-13 • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp protocol allow you the option of filtering icmp packets based on icmp type and icmp code. NOTE The log option is functional only for router ACL’s. The log option provides an informational logging message about the packet matching the entry sent to the console.
Page 318: Deny Specifies Packets To Reject
9-14 Overview 9.1.7 no Extended ACL Config Commands Use this command to negate a command or set its defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark permit commands to configure the Extended ACL. Parameters deny Specifies packets to reject.
Page 319: Permit
9-15 9.1.8 permit Extended ACL Config Commands Use this command to permit specific packets. NOTE ACLs do not allow DHCP messages to flow through by default. Configure an Access Control Entry (ACE) to allow DHCP messages to flow through. RFS7000(config-ext-nacl)#permit ip 192.168.1.0/24 192.168.2.0/24 RFS7000(config-ext-nacl)#permit ip any host 255.255.255.255 RFS7000(config-ext-nacl)# Syntax...
Page 320 9-16 Overview permit {icmp} Use with the command to allow icmp packets. permit {source/source-mask | • permit – Action types on an ACL. host source | any} • {icmp} – Specifies icmp as the protocol. {destination/ destination- mask | host destination | •...
Page 321 9-17 permit{tcp|udp} Use with the command to allow tcp or udp packets. permit {source/source-mask | • permit – Action types on an ACL. host source | any} • {tcp|udp} – Specify tcp or udp as protocol. [operator source-port] {destination/destination- • {source/source-mask | host source | any} – source is the source IP mask | host destination | address of the network or host in dotted decimal.
Page 322 9-18 Overview • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp protocol allow you the option of filtering icmp packets based on icmp type and icmp code. NOTE The log option is functional only for router ACL’s. The log option causes an informational logging message about the packet matching the entry sent to the console.
Page 323: Service
9-19 9.1.9 service Extended ACL Config Commands Use this command to invoke service commands to troubleshoot or debug instance (config-if) configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the RFS7000 Switch. save-cli Saves the CLI tree for all modes in html format.
Page 324: Show
9-20 Overview 9.1.10 show Extended ACL Config Commands Use this command to view the current system information. Syntax show <paramater> Parameters Displays all the parameters for which the information can be viewed using the show command. Usage Guidelines command displays all the access lists configured in the switch in the console. show access-list Mention the access list name or number to view the details of a particular ACL.
Page 325 9-21 RFS7000(config-ext-nacl)#show access-list Extended IP access list 101 deny ip 192.168.1.0/24 192.168.2.0/24 rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list 110 deny ip host 192.168.1.95 host 192.168.2.98 log rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list symbol deny tcp 192.168.2.0/24 192.168.1.0/24 rule-precedence 10 permit ip any any rule-precedence 20...
Page 326: Terminal
9-22 Overview 9.1.11 terminal Extended ACL Config Commands Use this command to set the length /number of lines displayed on the terminal window. Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. Negates a command or set its defaults. •...
Page 327 Standard ACL Instance Use the instance to configure ACLs. Standard ACLs (config-std-nacl) ip access-list standard allow filtering based on the source address only. 10.1 Standard ACL Config Commands Table 10.1 summarizes commands. config-std-nacl Table 10.1 Extended ACL Config Command Summary Command Description Ref.
Page 328: Standard Acl Config Commands
10-2 Overview 10.1.1 clrscr Standard ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-std-nacl)#clrscr RFS7000(config-std-nacl)#...
Page 329: Deny
10-3 10.1.2 deny Standard ACL Config Commands Use this command to specify packets to reject. Syntax deny(A.B.C.D/M|any|host) deny any(log|rule-precedence) deny any log(rule-precedence)<1-5000> deny any rule-precedence<1-5000> deny host A.B.C.D Parameters A.B.C.D/M Source IP address range to match. Any source IP address. •...
Page 330: End
10-4 Overview 10.1.3 end Standard ACL Config Commands Use this command to exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-std-nacl)#end RFS7000#...
Page 331: Exit
10-5 10.1.4 exit Standard ACL Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-std-nacl)#exit RFS7000(config)#...
Page 332: Help
10-6 Overview 10.1.5 help Standard ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-std-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 333: Mark
10-7 10.1.6 mark Standard ACL Config Commands Use this command to mark specific packets. Syntax mark(8021.1p<0-7>|tos<0-255>)(A.B.C.D/M|any|host) mark(8021.1p<0-7>|tos<0-255>)any|host(log|rule-precedence<1-5000>| |A.B>C.D) Parameters 8021.1p<0-7>|tos<0-255>) • Specifies .1p priority value between 0 and 7 • Specifies a Type of Service (tos) value between 0 and 255. (A.B.C.D/M|any|host) source is the source IP address of the network or host in dotted decimal format.
Page 334 10-8 Overview 10.1.7 no Standard ACL Config Commands Use this command to negate a command or set its defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark permit commands to configure the Extended ACL. Parameters deny Specifies packets to reject.
Page 335: Permit
10-9 10.1.8 permit Standard ACL Config Commands Use this command to permit specific packets. Syntax permit(A.B.C.D/M|any|host) permit any(log|rule-precedence) permit any log(rule-precedence)<1-5000> permit any rule-precedence<1-5000> permit host A.B.C.D Parameters A.B.C.D/M Source IP address range to match. Any source IP address. • log – Log matches against this entry. •...
Page 336: Service
10-10 Overview 10.1.9 service Standard ACL Config Commands Use this command to invoke service commands to troubleshoot or debug instance (config-if) configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the switch. save-cli Saves the CLI tree for all modes in html format.
Page 337: Show
10-11 10.1.10 show Standard ACL Config Commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Usage Guidelines command displays all the access lists configured in the switch in the console. Provide show access-list the access list name or number to view the details of a particular ACL.
Page 338 10-12 Overview RFS7000(config-std-nacl)#show access-list Standard IP access list 1 permit any rule-precedence 10 Extended IP access list 101 deny ip 192.168.1.0/24 192.168.2.0/24 rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list 110 deny ip host 192.168.1.95 host 192.168.2.98 log rule-precedence 10 permit ip any any rule-precedence 20 Standard IP access list moto deny 192.168.1.0/24 rule-precedence 10...
Page 339: Terminal
10-13 10.1.11 terminal Standard ACL Config Commands Use this command to set the length /number of lines displayed on the terminal. Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. Negates a command or set its defaults. •...
Page 340 10-14 Overview...
Page 341: Chapter 11. Extended Mac Acl Instance
Extended MAC ACL Instance Use the instance to configure ACLs associated with the (config-ext-macl) mac access-list extended switch. Use decimal value representation of ethertypes to implement packet. The command set permit/deny/mark for Extended MAC ACLs provides hexadecimal values for each of its listed ether types. The switch supports all ethertypes.
Page 342 11-2 Overview 11.1 MAC Extended ACL Config Commands Table 11.1 summarizes the commands. config-ext-macl Table 11.1 Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen. page 11-3 deny Specifies packets to reject. page 11-4 Ends the current mode and moves to the EXEC mode. page 11-6 exit Ends the current mode and moves to the previous mode.
Page 343: Mac Extended Acl Config Commands
11-3 11.1.1 clrscr MAC Extended ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None. Example RFS7000(config-ext-macl)#clrscr RFS7000(config-ext-macl)#...
Page 344: Deny
11-4 Overview 11.1.2 deny MAC Extended ACL Config Commands Use this command to specify packets that you want to reject. NOTE Use a decimal value representation of ethertypes to implement a designation for a packet. The command set for Extended permit/deny/mark MAC ACLs provide the hexadecimal values for each listed ether type.
Page 345 11-5 • ip • 802.1q By default, the switch does not allow layer 2 traffic to pass through the interface. To adopt access port through an interface, configure an access control list to allow an ethernet wisp. NOTE A MAC access list entry to allow arp is mandatory to apply an IP based ACL to an interface.
Page 346: End
11-6 Overview 11.1.3 end MAC Extended ACL Config Commands Use this command to exit from the current mode and change to PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-ext-macl)#end RFS7000#...
Page 347: Exit
11-7 11.1.4 exit MAC Extended ACL Config Commands Use this command to end current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-ext-macl)#exit RFS7000(config)#...
Page 348: Help
11-8 Overview 11.1.5 help MAC Extended ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-ext-macl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 349: Mark
11-9 11.1.6 mark MAC Extended ACL Config Commands Use this command to specify a packet to mark. NOTE Use a decimal value representation of ethertypes to implement permit/deny/ designations for a packet. The command set for an Extended MAC ACL mark provides the hexadecimal values for each of its listed ether types.
Page 350 11-10 Overview Usage Guidelines Use the mark option to specify the type of service (tos) and priority value. The tos value is marked in the IP header and the 802.1p priority value is marked in the dot1q frame. Whenever the interface receives the packet, its content is checked against all the ACE’s in the ACL. It is marked based on the ACL configuration.
Page 351 11-11 11.1.7 no MAC Extended ACL Config Commands Use this command to negate a command or set defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinatins that you have used in deny, mark permit to configure the Extended ACL. Parameters deny Specifies packets to reject.
Page 352: Permit
11-12 Overview 11.1.8 permit MAC Extended ACL Config Commands Use this command to specify packets to forward. NOTE Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. The command set an an Extended MAC ACL provides the hexadecimal values for each listed ethertype.
Page 353 11-13 Usage Guidelines When creating a Port ACL, the switch by default does not permit an ethertype WISP. First create a rule to allow WISP to adopt access ports. Use the following CLI command to adopt access ports: permit any any type wisp NOTE Use the following command to attach a MAC access list to a port on a layer 2 interface: mac access-group <acl number/name>...
Page 354: Service
11-14 Overview 11.1.9 service MAC Extended ACL Config Commands Use this command to invoke service commands to trobuleshoot or debug instance (config-if) configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the switch. save-cli Saves the CLI tree for all modes in html format.
Page 355: Show
11-15 11.1.10 show MAC Extended ACL Config Commands Use this command to view current system information. Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command. Usage Guidelines command displays the access lists configured for the switch. Provide the access list show access-list name or number to view specific ACL details.
Page 356 11-16 Overview RFS7000(config-ext-macl)#show access-list Extended MAC access list 200 permit any any type arp rule-precedence 10 permit any any type wisp rule-precedence 20 Extended MAC access list 250 deny host 01:02:fe:45:76:89 host 01:02:89:78:78:45 rule-precedence 10 permit any any type arp rule-precedence 20 RFS7000(config-ext-macl)#...
Page 357: Terminal
11-17 11.1.11 terminal MAC Extended ACL Config Commands Use this command to set the length or number of lines displayed Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. Negates a command or sets defaults. •...
Page 358 11-18 Overview...
Page 359 DHCP Instance Use the instance to configure the DHCP server address pool associated the switch. (config-dhcp) 12.1 DHCP Config Commands Table 12.1 summarizes commands. config-std-nacl Table 12.1 Extended ACL Config Command Summary Command Description Ref. address Configures DHCP server include range. page 12-3 bootfile Assigns a boot file name.
Page 360 12-2 Overview Command Description Ref. exit Ends the current mode and moves to the previous mode. page 12-13 hardware- Configures the hardware address using either a dashed or dotted page 12-14 address hexadecimal string. help Describes the interactive help system. page 12-15 host Configures the IP address for the host.
Page 361: Dhcp Config Commands
12-3 12.1.1 address DHCP Config Commands Use this command to specify a range of addresses for DHCP network pool. Syntax address (range) (low IP address) (high IP address) Parameters range (low IP address) Use this commnad to add an address range for the DHCP server. (high IP address) •...
Page 362: Bootfile
12-4 Overview 12.1.2 bootfile DHCP Config Commands Use this command to assign a bootfile name for the DHCP configuration on the network pool. Syntax bootfile <filename> Parameters bootfile <filename> Indicates the boot image for bootp clients. The file name can contain letters, numbers, dots and hyphens.
Page 363: Client-Identifier
12-5 12.1.3 client-identifier DHCP Config Commands Use this command to assign a name to the client-identifier. A client identifier is used to reserve an IP address for DHCP clients. Syntax client-identifier <ascii string> Parameters client-identifier To prepend a null character , use at beginning.
Page 364: Client-Name
12-6 Overview 12.1.4 client-name DHCP Config Commands Use this command to a add client name for the DHCP clients. Syntax client-name <name> Parameters client-name <name> to add a client name. Domain name must not be included. client-name Example RFS7000(config-dhcp)#client-name testpc RFS7000(config-dhcp)#...
Page 365: Clrscr
12-7 12.1.5 clrscr DHCP Config Commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-dhcp)#clrscr RFS7000(config-dhcp)#...
Page 366: Ddns
12-8 Overview 12.1.6 ddns DHCP Config Commands Use this command to configure dynamic DNS parameters like domain name, enabling multi-user class and IP address of the server. Syntax ddns [domainname (name)|multiple-user-class|server (IP address) (IP address)| ttl <1-864000>|update-all] Parameters domainname (name) Sets domain name used for DDNS updates.
Page 367: Default-Router
12-9 12.1.7 default-router DHCP Config Commands Use this command to configure the default router or gateway IP address for the network pool. To remove the default router list, use the command. no default-router default-router <Router IP address> Parameters default-router Specifies the default router IP address for the network pool. <router IP address>...
Page 368: Dns-Server
12-10 Overview 12.1.8 dns-server DHCP Config Commands Use this command to configure the DNS server’s IP address available to all the DHCP clients connected to the pool. Use the command to remove DNSserver list. no dns-server Syntax dns-server <ip address1> <ip address2> <ip address3> ..<ip address8> Parameters dns-server <IP address>...
Page 369: Domain-Name
12-11 12.1.9 domain-name DHCP Config Commands Use this command to configure the domain name for the network pool. Use the command no domain-name to remove the domain name. Syntax domain-name (name) Parameters domain-name (name) Configures the domain name for the network pool. Usage Guidelines The doamin name can not be more than 256 characters.
Page 370: End
12-12 Overview 12.1.10 end DHCP Config Commands Use this command to exit from the current mode and change to PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-dhcp)#end RFS7000#...
Page 371: Exit
12-13 12.1.11 exit DHCP Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config)#ip dhcp pool TestPool RFS7000(config-dhcp)#exit RFS7000(config)#...
Page 372: Hardware-Address
12-14 Overview 12.1.12 hardware-address DHCP Config Commands Use this command to reserve IP address (manually) based on a DHCP client’s hardware address. Use the command to remove this form the DHCP pool. hardware-address Syntax hardware-address [XX-XX-XX-XX-XX-XX | XX:XX:XX:XX:XX:XX] Parameters hardware-address Configures the client’s hardware address.
Page 373: Help
12-15 12.1.13 help DHCP Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-dhcp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 374: Host
12-16 Overview 12.1.14 host DHCP Config Commands Use this command to configure a fixed IP address for the host in dotted decimal format. Use the no host command to remove the host from the DHCP pool. Syntax host <IP address> Parameters host <IP address>...
Page 375: Lease
12-17 12.1.15 lease DHCP Config Commands Use this command to configure a valid lease time for the IP address used by all DHCP clients in the network pool. Syntax lease [{<0-365> <0-23> <0-59>}|infinite] Parameters lease [ Sets the lease time for IP address. {<0-365>...
Page 376: Netbios-Name-Server
12-18 Overview 12.1.16 netbios-name-server DHCP Config Commands Use this command to configure the netbios-name server’s IP address. Syntax netbios-name-server <IP address> Parameters netbios-name-server NetBIOS (WINS) name servers. <IP address> • <IP address> – NetBIOS name server's IP address. Example RFS7000(config-dhcp)#netbios-name-server 2.2.2.222 RFS7000(config-dhcp)#...
Page 377: Netbios-Node-Type
12-19 12.1.17 netbios-node-type DHCP Config Commands Use this command to configure the netbios-node type. Syntax netbios-node-type [b-node|h-node|m-node|p-node] Parameters netbios-node-type NetBIOS (WINS) name servers. [b-node | h-node | • b-node – Broadcast node. m-node | p-node • h-node – Hybrid node. •...
Page 378: Network
12-20 Overview 12.1.18 network DHCP Config Commands Use this command to configure the network pool’s IP address. This will map the current DHCP pool with the specific network. Syntax network [A.B.C.D|A.B.C.D/M] Parameters network Network number and mask. [A.B.C.D|A.B.C.D/M] • A.B.C.D – Network number in dotted decimal format. •...
Page 379: Next-Server
12-21 12.1.19 next-server DHCP Config Commands Use this command to configure the IP address of the next server in the boot process. Syntax next-server <IP address> Parameters next-server <IP address> Next server in boot process. • <IP address> – Server's IP address. Example RFS7000(config-dhcp)#next-server 2.2.2.22 RFS7000(config-dhcp)#...
Page 380 12-22 Overview 12.1.20 no DHCP Config Commands Use this command to negate a command or set defaults. Syntax no [address|bootfile|client-identifier|client-name|ddns|default-router|dns- server|domain-name|hardware-address|host|lease|netbios-name-server|netbios-node- type|network|next-server|option|update] Parameters The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated. Example RFS7000(config)#no ip dhcp pool hotpool RFS7000(config)#...
Page 381: Option
12-23 12.1.21 option DHCP Config Commands Use this command to define the raw DHCP option used in DHCP pools. Syntax option (name) Parameters option (name) Raw DHCP options. • (name) – Name of the DHCP option. Usage Guidelines Used to define non standard DHCP options option-code (0-254). Example RFS7000(config)#ip dhcp option option189 189 ascii RFS7000(config)#...
Page 382: Service
12-24 Overview 12.1.22 service DHCP Config Commands Use this command to invoke service commands to trobuleshoot or debug the instance (config-dhcp) configurations. Syntax service(show) (cli) Parameters show Shows running system information. Shows CLI tree of current mode. Example RFS7000(config-dhcp)#service show cli DHCP Server Config mode: +-address +-range...
Page 383: Show
12-25 12.1.23 show DHCP Config Commands Use this command to view current system information. Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-dhcp)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 384 12-26 Overview RFS7000(config)#show dhcp config service dhcp ip dhcp option option189 189 ascii ip dhcp pool vlan4 default-router 2.2.2.1 network 4.4.4.0/24 address range 4.4.4.100 4.4.4.200 ip dhcp pool vlan2 ip dhcp pool TestPool lease 200 12 30 domain-name TestDomain bootfile DHCPbootfile netbios-node-type p-node ddns domainname TestDomain address range 1.2.3.2 2.3.2.1...
Page 385: Update
12-27 12.1.24 update DHCP Config Commands Use this command to control the usage of the DDNS service. Syntax update (dns)(override) Parameters update (dns) (override) Controls the usage of the DDNS service. • (dns) – Dynamic DNS Configuration. • (override) – Enable Dynamic Updates by onboard DHCP Server. Usage Guidelines A DHCP client may not perform updates for RR’s A, TXT and PTR.
Page 386: Configuring Dhcp Server Using Cli
12-28 Overview 12.2 Configuring DHCP Server using CLI DHCP configuration is accomplished by creating pools and mapping them to L3 interfaces (SVI). A pool can be configured either as a network pool or host pool. A network pool includes ranges. When the network pool is mapped to a L3 interface, DHCP clients requesting IP from the interface get an IP from the included range.
Page 387 12-29 2. A DHCP reboot is required to implement the configuration made at both levels — the DHCP pool context level and DHCP global context level. The following example defines the need to reboot the DHCP Server to implement changes at the global level: RFS7000(config)#ip dhcp excluded-address 192.168.0.20 192.168.0.30 RFS7000(config)#ip dhcp restart NOTE To avoid multiple e DHCP Server requests, restart the DHCP Server only after...
Page 388 12-30 Overview 11. A pool can be configured as the host pool or network pool, but not both. 12. A host pool can have either configured, but not both. client-identifier hardware-address 13. An excluded address range has higher precedence then an included address range. If a range is part of both an excluded and included address range, it will be excluded.
Page 389 RADIUS Server Instance command takes you to the RADIUS server mode. Local (Onboard) RADIUS server radius-server local configuration commands are listed under this mode. Use the instance to configure local (config-radsrv) RADIUS server parameters. 13.1 RADIUS Configuration Commands Table 13.1 summarizes the Gloabl Config commands.
Page 390 13-2 Overview Command Description Ref. ldap-server LDAP server parameters. page 13-20 RADIUS client. page 13-22 Negates a command or set its defaults. page 13-23 proxy RADIUS proxy server. page 13-24 rad-user RADIUS user configuration. page 13-25 server Configures server certificate parameters. page 13-26 service Service commands.
Page 391: Radius Configuration Commands
13-3 13.1.1 authentication RADIUS Configuration Commands Use this command to configure authentication used with RADIUS server. Syntax authentication(data-source|eap-auth-type) authentication data-source(ldap|local) authentication eap-auth-type(all|peap-gtc|peap-mschapv2|tls|ttls-md5| ttls-mschapv2|ttls-pap) Parameters data-source RADIUS data source for user authentication. • ldap – Remote LDAP server. • local – Local user database. eap-auth-type RADIUS EAP and default authentication type configuration.
Page 392 13-4 Overview 13.1.2 ca RADIUS Configuration Commands Use this command to configure CA (Certificate Authority) parameters. Syntax ca trust-point(WORD) Parameters trust-point (WORD) Trust point configuration. • WORD – Existing trust point name. Usage Guidelines Configure the trustpoint used by the local RADIUS server. Create the before it is used by the trustpoint command.
Page 393: Clrscr
13-5 13.1.3 clrscr RADIUS Configuration Commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-radsrv)#clrscr RFS7000(config-radsrv)#...
Page 394: Crl-Check
13-6 Overview 13.1.4 crl-check RADIUS Configuration Commands Use this command to enable a Certificate Revocation List (CRL) check. To enable the certificate revocation list, ensure is loaded using the command. crl list crypto pki import <trustpoint-name> crl Syntax crl-check Parameters enable Enables a CRL check.
Page 395: End
13-7 13.1.5 end RADIUS Configuration Commands Use this command to exit from the current mode and change to the PRIV EXEC mode. The prompt now changes RFS7000# Syntax Parameters None. Example RFS7000(config-radsrv)#end RFS7000#...
Page 396: Exit
13-8 Overview 13.1.6 exit RADIUS Configuration Commands Use this command to exit current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-radsrv)#exit RFS7000(config)#...
Page 397: Group
13-9 13.1.7 group RADIUS Configuration Commands Use this command to configure RADIUS user groups. The CLI moves to a sub-instance config-radsrv-group to create a new group. The prompt changes from RFS7000(config-radsrv)# RFS7000(config-radsrv-group)#. Table 13.2 summarizes the RADIUS User Group commands within sub-instance.
Page 398: End
13-10 Overview 13.1.7.2 end RADIUS Configuration Commands Use this command to exit from the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-radsrv-group)#end RFS7000# 13.1.7.3 exit RADIUS Configuration Commands Use this command to exit the current mode and move to the previous mode ).
Page 399: Guest-Group
13-11 13.1.7.5 guest-group RADIUS Configuration Commands Use this command to manage a guest-user linked with hotspot. Create a guest-user and associate it with the guest-group. The guest-user and the policies of the guest-group is used for hotspot authentication/ authorization. Syntax guest-group Parameters enable...
Page 400: Policy
13-12 Overview Parameters policy RADIUS group access policy configuration. Resets access policy day for this group. time Configures access policy time for this group. vlan VLAN ID for this group. wlan Configures WLAN access policy for this group. <1-32> WLAN Range. Removes allowed WLANs.
Page 401 13-13 Syntax policy(day|time|vlan|wlan) policy day(all|fr|mo|sa|su|th|tu|we|weekdays) ploicy time(start|end)<0-23><0-59> policy vlan<1-4094> Parameters Day of access policy configuration. All days (from Sunday to Saturday). Friday Monday Saturday Sunday Thursday Tuesday Wednesday weekdays Allows access only in week days ( Mo-Fr ). time Configures time of access policy for this group. start Start time.
Page 402: Rad-User
13-14 Overview 13.1.7.9 rad-user RADIUS Configuration Commands Use this command to add an exisitng RADIUS user to this group.If the RADIUS user is not available in the Onboard RADIUS server’s database, create a new RADIUS user using command from rad-user (config- mode.
Page 403: Show
13-15 +-mo [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-sa [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-su [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-th [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-tu [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-we [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-weekdays [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-time +-start +-<0-23> +-<0-59> +-end +-<0-23> +-<0-59> [policy time start <0-23> <0-59> end <0-23> <0-59>] -- MORE --, next page: Space, next line: Enter, quit: Control-C RFS7000(config-radsrv-group)# 13.1.7.11 show...
Page 404 13-16 Overview sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters startup-config Contents of startup configuration terminal Display terminal configuration parameters timezone Display timezone upgrade-status Display last image upgrade status users Display information about terminal lines version Display software &...
Page 405: Example-Creating A Group
13-17 13.1.7.12 Example–Creating a Group The use of the sub-instance is explained below: (config-radsrv-group) 1. Create a group called Sales in the local RADIUS Server database. RFS7000(config-radsrv)#group sales 2. Check the RADIUS user group configuration commands. RFS7000(config-radsrv-group)#? Radius user group configuration commands: clrscr Clears the display screen End current mode and change to EXEC mode...
Page 406 13-18 Overview 8. Use to add a realm name. (config-radsrv)#proxy RFS7000(config-radsrv)#proxy realm mydomain.com server 10.10.1.10 port 1812 secret 0 testing 9. Save the changes and restart the RADIUS service. RFS7000(config-radsrv)#service radius restart Sep 08 17:48:04 2006: %PM-5-PROCSTOP: Process "radiusd" has been stopped Sep 08 17:48:05 2006: RADCONF: radius config files generated successfully RFS7000(config-radsrv)#Sep 08 17:48:05 2006: %DAEMON-6-INFO: radiusd[8830]: Ready to process requests.
Page 407: Help
13-19 13.1.8 help RADIUS Configuration Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-radsrv)#help? help Description of the interactive help system RFS7000(config-radsrv)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 408: Ldap-Server
13-20 Overview 13.1.9 ldap-server RADIUS Configuration Commands Use this command to configure LDAP server parameters. It uses the exisitng external database in form of active directory with the onboard RADIUS server instead of loacl database on the switch. Syntax ldap-server[primary|secondary] (host <A.B.C.D>) (port <1-65535>) (login <name>) (bind-dn <name>) (base-dn <name>) (passwd [0|2|WORD]) (passwd- attr0 (group-attr)(group-filter)(group-membership)(net-timeout) Parameters...
Page 409 13-21 Example RFS7000(config)#ldap-server primary host 192.192.1.88 port 389 login (sAMAccountName=%{Stripped-User-Name:-%{User-Name}}) bin d-dn cn=admin,ou=wid,dc=symbolTech,dc=local base-dn ou=wid,dc=symbolTech,dc=local passwd SYMBOL@123 passwd-attr UserPassword group-attr cn group-filter (|(&(objectClass=group)(member=%{Ldap- UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{L dap-UserDn}))) group-membership radiusGroupName net-timeout 1 RFS7000(config)#...
Page 410: Nas
13-22 Overview 13.1.10 nas RADIUS Configuration Commands Use this command to configure the RADIUS client. Syntax nas(A.B.C.D/M)key(0|2|LINE) Parameters A.B.C.D/M RADIUS Client IP address. RADIUS Client shared key. Password is specified UNENCRYPTED. Password is encrypted with password-encryption secret. LINE The secret (client shared secret), up to 32 characters. Usage Guidelines Configure the IP address range in network access service (NAS) to service RADIUS access request from clients falling within the range mentioned.
Page 411 13-23 13.1.11 no RADIUS Configuration Commands Use this command to negate a command or set its defaults. Syntax no(authentication|ca|crl-check|group|ldap-server|nas|proxy|rad- user|server|service) Parameters authentication RADIUS authentication. Configures ca certificate parameters. crl-check Certificate Revocation List (CRL) check. group Local RADIUS Server group configuration. ldap-server LDAP server parameters.
Page 412: Proxy
13-24 Overview 13.1.12 proxy RADIUS Configuration Commands Use this command to configure a proxy RADIUS server based on the realm/suffix. Syntax proxy(realm|retry-count|retry-delay) proxy relam(WORD)server(A.B.C.D)port(<1024-65535>)secret(0|2|WORD) Parameters realm WORD Realm name is a string of up to 50 characters. • server (A.B.C.D) – Proxy server IP address. •...
Page 413: Rad-User
13-25 13.1.13 rad-user RADIUS Configuration Commands Use this command to configure RADIUS user parameters. Syntax rad-user(WORD)password(0|2|WORD) (group)(guest)(expiry-time)(expiry-date) (start-time))start-date) Parameters WORD Enter a user name up to 64 characters in length. password(0|2|WORD) RADIUS user password. • 0 – Password is specified as UNENCRYPTED. •...
Page 414: Server
13-26 Overview 13.1.14 server RADIUS Configuration Commands Use this command to configure server certificate parameters used by RADIUS server. The server certiificate is a part of trustpoint created crypto on page 5-17. Syntax server trust-point Parameters trust-point (WORD) Trust point configuration. •...
Page 415: Service
13-27 13.1.15 service RADIUS Configuration Commands Use this command to invoke service commands to trobuleshoot or debug instance (config-radsrv) configurations. This command is also used to enable the RADIUS Server. Syntax service (show) (cli) Parameters show (cli) Shows running system information. Example RFS7000(config-radsrv)#service show cli Radius Configuration mode:...
Page 416: Show
13-28 Overview 13.1.16 show RADIUS Configuration Commands Use this command to view current system information. Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command. Usage Guidelines To view the show command parameters of RADIUS, refer to radius on page 2-51.
Page 417 13-29 RFS7000(config)#show radius trust-point Trust-point Configured For Radius ________________________________ Server Trust-point : tp1 CA Trust-point : default-trustpoint RFS7000(config)#show radius configuration Radius Server Configuration --------------------------- Server Status : enabled Data Source : local RFS7000(config)#...
Page 418 13-30 Overview...
Page 419: Chapter 14. Wireless Instance
Wireless Instance Use the instance to configure wireless parameters. (config-wireless) 14.1 Wireless Configuration Commands Table 14.1 summarizes the Global Config commands. Table 14.1 Wireless Configuration Command Summary Command Description Ref. adopt-unconf-radio Adopts a radio even if not configured. The default templates is page 14-3 used for configuration.
Page 420 14-2 Overview Command Description Ref. dhcp-sniff-state Record mobile unit DHCP state information. page 14-10 dot11-shared-key-auth Enables support for 802.11 shared key authentication. page 14-11 Ends the current mode and moves to the EXEC mode. page 14-12 exit Ends the current mode and moves to the previous mode. page 14-13 fix-windows-dhcp Converts Windows DHCP Server responses to...
Page 421: Adopt-Unconf-Radio
14-3 14.1.1 adopt-unconf-radio Wireless Configuration Commands Use this command to adopt a radio (even if not yet configured). The default templates is used for configuration. Syntax adopt-unconf-radio Parameters enable Enables the adoption of unconfigured radios. Example RFS7000(config-wireless)#adopt-unconf-radio enable RFS7000(config-wireless)#...
Page 422: Adoption-Pref-Id
14-4 Overview 14.1.2 adoption-pref-id Wireless Configuration Commands Use this command as a preference identifier for the switch. Radios configured with this preference identifier are more likely to be adopted by this switch. Syntax adoption-pref-id Parameters <1-65535> Select a pref-ID within 1-65535. Example RFS7000(config-wireless)#adoption-pref-id 500 RFS7000(config-wireless)#...
Page 423: Ap-Detection
14-5 14.1.3 ap-detection Wireless Configuration Commands Use this command to configure access port detection. Syntax ap-detection [approved|enable|mu-assisted-scan|timeout (approved|unapproved)] ap-detection approved add <1-200> (MAC Address)(SSID) ap-detection mu-assisted-scan(enable|refresh<10-86400>) Parameters approved The approved access port list. • add <1-200> – Adds an entry to the approved access port list. •...
Page 424: Broadcast-Tx-Speed
14-6 Overview 14.1.4 broadcast-tx-speed Wireless Configuration Commands Use this command to configure the rate broadcast and multicast traffic must be transmitted between the switch and mobile units. Syntax broadcast-tx-speed(range|throughput) Parameters range Uses the lowest basic rate. Provides maximum range. throughput Uses thhighest be asic rate.
Page 425: Clrscr
14-7 14.1.5 clrscr Wireless Configuration Commands Use this command to clear the screen. Syntax clrscr Parameters None. Example RFS7000(config-wireless)#clrscr RFS7000(config-wireless)#...
Page 426: Convert-Ap
14-8 Overview 14.1.6 convert-ap Wireless Configuration Commands Use this command to change an access port’s mode of operation to either sensor or standalone. Syntax convert-ap <1-256>(default|sensor) Parameters Indices of the access port’s to be converted (from the ['show wireless ap' <1-256>...
Page 427: Country-Code
14-9 14.1.7 country-code Wireless Configuration Commands Use this command to configure the country of operation. This command erases the radio’s existing configuration. Syntax country-code <country-code> Parameters country-code Uses the two letter ISO-3166 country code ("show wireless country-code-list") to view the list of supported countries. Usage Guidelines Use show wireless country code to view the list of supported countries.
Page 428: Dhcp-Sniff-State
14-10 Overview 14.1.8 dhcp-sniff-state Wireless Configuration Commands Use this command to record mobile unit DHCP state information. Syntax dhcp-sniff-state Parameters enable Enables the recording of DHCP state information for mobile units. Example RFS7000(config-wireless)#dhcp-sniff-state enable RFS7000(config-wireless)#...
Page 429: Dot11-Shared-Key-Auth
14-11 14.1.9 dot11-shared-key-auth Wireless Configuration Commands Use this command to enable support for 802.11 shared key authentication. NOTE Shared key authentication has known weaknesses that can compromise your WEP key. It must only be configured to accomodate wireless stations unable to conduct Open System authentication.
Page 430: End
14-12 Overview 14.1.10 end Wireless Configuration Commands Use this command to end and exit from the current mode and change to the PRIV EXEC mode. The prompt changes to RFS7000# Syntax Parameters None. Example RFS7000(config-wireless)#end RFS7000#...
Page 431: Exit
14-13 14.1.11 exit Wireless Configuration Commands Use this command to exit the current mode and move to the previous mode . The prompt changes to (config) RFS7000(config)# Syntax exit Parameters None. Example RFS7000(config-wireless)#exit RFS7000(config)#...
Page 432: Fix-Windows-Dhcp
14-14 Overview 14.1.12 fix-windows-dhcp Wireless Configuration Commands Use this command to convert Windows DHCP Server responses to unicast instead of broadcast. Syntax fix-windows-dhcp Parameters enable Enables support for converting Windows DHCP Server responses. Example RFS7000(config-wireless)#fix-windows-dhcp enable RFS7000(config-wireless)#...
Page 433: Help
14-15 14.1.13 help Wireless Configuration Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-wireless)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 434: Ids
14-16 Overview 14.1.14 ids Wireless Configuration Commands Use this command to configure Intrusion Detection System settings. Syntax ids(anomaly-detection|detect-window|ex-ops) ids anomaly-detection(all|invalid-frame-length|multicast-source| null-destination|same-source-destination|tkip-countermeasures|weak-wep-iv) (enable|filter-ageout) ids detect-window<5-300> ids ex-ops(80211-replay-fails|all|association-requests| authentication-fails|crypto-replay-fails|decryption-fails| disassociations|eap-starts|probe-requests|unassoc-frames) <0-86400> (filter-ageout |threshold(mu|radio|switch)<0-9999>) Parameters anomaly-detection Configures parameters related to the detection of anomalous frames on the RF network.
Page 435 14-17 ex-ops Configures parameters related to the detection of excessive operations on the RF network. • 80211-replay-fails – 802.11 replay check failure. • all – Changes for all types of excessive operations. • association-requests – 802.11 Authentication and Association Requests. •...
Page 436: Mac-Auth-Local
14-18 Overview 14.1.15 mac-auth-local Wireless Configuration Commands Use this command to configure local MAC authentication list. Syntax mac-auth-local<1-1000> (allow|deny)(Starting MAC Address)(Ending MAC Address)(range/list of WLAN indicies)WORD Parameters <1-1000> Entry for mac-auth-local allow Allows mobile units that match this rule to associate. deny Denies association to mobile units that match this rule.
Page 437: Manual-Wlan-Mapping
14-19 14.1.16 manual-wlan-mapping Wireless Configuration Commands Use this command to manually map/un-map WLANs configured on a radio. Syntax manual-wlan-mapping Parameters enable Enables support for manual WLAN mapping. Example RFS7000(config-wireless)#manual-wlan-mapping enable RFS7000(config-wireless)#...
Page 438: Mobile-Unit
14-20 Overview 14.1.17 mobile-unit Wireless Configuration Commands Use this command to configure mobile unit related parameters. Syntax mobile-unit (association-history(enable)|probe-history) mobile-unit probe-history (add<1-200> <MAC Address>|enable) Parameters association-history Enables the mobile unit’s association history. • enable – Enables the mobile unit’s association history. probe-history Mobile unit probe logging configuration commands.
Page 439: Mobility
14-21 14.1.18 mobility Wireless Configuration Commands Use this command to configure mobility parameters Syntax mobility(enable|local-address|max-roam-period|peer) mobility local-address (IP Address) mobility max-roam-period<1-300> mobililty peer (IP Address) Parameters enable Enables mobility globally. local-address Sets the local address for mobility. • A.B.C.D – IP Address of A.B.C.D format. max-roam-period Sets the maximum roam period for a mobile unit (in seconds).
Page 440: Multicast-Packet-Limit
14-22 Overview 14.1.19 multicast-packet-limit Wireless Configuration Commands Use this command to a configure multicast packet limit per second for VLAN. Syntax multicast-packet-limit <0-128> (<1-4094>|<vlan range>) Parameters <0-128> Multicast packet limit per second. <1-4094> Single VLAN ID (1-4094) that the new limit applies to. <vlan range>...
Page 441 14-23 14.1.20 no Wireless Configuration Commands Use this command to negate a command or set its defaults. Syntax no(adopt-unconf-radio|adoption-pref-id|ap-detection|broadcast-tx-speed|country- code|dhcp-sniff-state|dot11-shared-key-auth|fix-windows-dhcp|ids|mac-auth- local|manual-wlan-mapping|mobile-unit|mobility|oversized-frames|proxy-arp|qos- mapping|radio|self-heal|sensor|service|smart-scan-channels|wlan) Parameters Refer to Table 14.1 on page 14-1 for the parameters negated using the command. Example RFS7000(config-wireless)#no mobility enable RFS7000(config-wireless)#...
Page 442: Oversized-Frames
14-24 Overview 14.1.21 oversized-frames Wireless Configuration Commands Use this command to use oversized frames for data traffic. Syntax oversized-frames Parameters enable Enables support for oversized frames. Example RFS7000(config-wireless)#oversized-frames enable RFS7000(config-wireless)#...
Page 443: Proxy-Arp
14-25 14.1.22 proxy-arp Wireless Configuration Commands Use this command to respond to ARP requests on behalf of mobile units. Syntax proxy-arp Parameters enable Enables support for proxy arp. Example RFS7000(config-wireless)#proxy-arp enable RFS7000(config-wireless)#...
Page 444: Qos-Mapping
14-26 Overview 14.1.23 qos-mapping Wireless Configuration Commands Use this command to configure QoS mappings between wired and wireless domains. Syntax qos-mapping(wired-to-wireless|wireless-to-wired) qos-mapping wired-to-wireless(dot1p<0-7>|dscp<0-63>) (background|best-effort|video|voice) qos-mapping wireless-to-wired(background|best-effort|video|voice) dot1p<0-7> Parameters wired-to-wireless Mappings used while switching wired traffic over the air. • dot1p<0-7> – Configures the mapping of 802.1p tags to access categories.
Page 445: Radio
14-27 14.1.24 radio Wireless Configuration Commands Use this command to configure radio related settings. Syntax radio (<1-4096>|RADIO|add|all-11a|all-11b|all-11bg| configure-8021X|default-11a|default-11b|default-11bg|dns-name) radio<1-4096>(adoption-pref-id|antenna-mode|beacon-interval|bss| cca-level|cca-mode|channel-power|coordinates| copy-config-from|description|detector|dtim-period|enforce-spec-mgmt| location-message|mac|max-mobile-units|mu-power <0-20>| on-channel-scan|reset|reset-ap|rts-threshold|run-acs| self-heal-offset|short-preamble|speed|wmm) radio <1-4096> bss(<1-4>|auto>)WLAN radio <1-4096> channel-power(indoor|outdoor)(<1-200>|acs|random)<4-20> radio <1-4096> coordinates (x coordinates) (y coordinates)(z coordinates) radio <1-4096> copy-config-from(<1-1000>|default-11a|default-11b|default-11bg) radio <1-4096>...
Page 446 14-28 Overview Map wireless LANs to radio BSSID’s. bss (<1-4>|auto) WLAN • <1-4> –The BSS where a wireless lLAN is mapped. • auto – Automatic assignment of BSS. If the user selects wireless lans d the system assigns them to a BSS automatically. •...
Page 447 14-29 Changes the parent (access port) MAC address of the radio. mac (AA-BB-CC-DD-EE-FF) • AA-BB-CC-DD-EE-FF – MAC address in AA-BB-CC-DD-EE-FF format. Maximum number of mobile units allowed to associate. max-mobile-units <1-256> Power adjustment level for mobile units associated with this access port. mu-power <0-20>...
Page 448 14-30 Overview Configures the basic and supported data rates. speed • 1 1-Mbps. • 11 11-Mbps. • 12 12-Mbps. • 18 18-Mbps. • 2 2-Mbps. • 24 24-Mbps. • 36 36-Mbps. • 48 48-Mbps. • 54 54-Mbps. • 5p5 5.5-Mbps. •...
Page 449 14-31 802.11e / Wireless MultiMedia (WMM) parameters (supported only on wmm (background|best- AP300). effort|video|voice) (aifsn<1-15>|burst<0- • background – Background category traffic. 65535>| cw<0-15>) • best-effort– Best effort category traffic. • video –Video traffic category traffic. • voice – Voice traffic category traffic. •...
Page 450 14-32 Overview Example RFS7000(config-wireless)#radio 250 bss auto 3-5 RFS7000(config-wireless)# RFS7000(config-wireless)#radio 1 channel-power indoor 1 16 Regulatory parameter values depend on country of operation and radio type. Refer to documentation for more regulatory information RFS7000(config-wireless)# RFS7000(config-wireless)#radio 1 antenna-mode diversity RFS7000(config-wireless)#...
Page 451: Self-Heal
14-33 14.1.25 self-heal Wireless Configuration Commands Use this command to configure self healing. Syntax self-heal(interference-avoidance|neighbor-recovery) self-heal interference-avoidance(enable|hold-time<0-65535>| retries<0.0-15.0>) self-heal neighbor-recovery(action|enable|neighbors|run-neighbor-detect) self-heal neighbor-recovery action(both|none|open-rates|raise-power) radio(<1-4096>|RADIO) self-heal neighbor-recovery neighbors<1-1000>(<1-1000>|RADIO) Parameters Interference avoidance configuration. interference-avoidance Enables/disables interference avoidance. enable The interval (in seconds) to disable interference avoidance after a detection . This hold-time<0-65535>...
Page 452 14-34 Overview Example RFS7000(config-wireless)#self-heal interference-avoidance enable RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal interference-avoidance hold-time 600 RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal neighbor-recovery enable Note: reducing the configured transmit power of radios will ensure that there is room to increase power when a neighbor fails RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal neighbor-recovery neighbors 1 1 RFS7000(config-wireless)#...
Page 453: Sensor
14-35 14.1.26 sensor Wireless Configuration Commands Use this command to configure Wireless Intrusion Protection System parameters. Syntax sensor(default-config|vlan) sensor default-config(ip-mode|wips-server-ip) sensor default-config ip-mode(dhcp|static(A.B.C.D/M)(A.B.C.D)) sensor default-config wips-server-ip(primary|secondary)(A.B.C.D) Parameters Default configuration sent to sensors when configured. default-config Configures the IP address mode of the sensors. ip-mode •...
Page 454: Service
14-36 Overview 14.1.27 service Wireless Configuration Commands Use this command to invoke service commands to troubleshoot or debug the instance (config-wireless) configuration. Syntax service(show|wireless) service show (cli) service show wireless (ap(history)<accessport MAC address> service wireless (clear-ap-log<1-256>|dump-core|dump-state|rate-scale| request-ap-log <1-256>|save-ap-log) Parameters Shows running system information. show Shows CLI tree of current mode.
Page 455 14-37 RFS7000(config-wireless)#service show wireless ap history RFS7000(config-wireless)# RFS7000(config-wireless)#service wireless clear-ap-log 20 RFS7000(config-wireless)#service RFS7000(config-wireless)#service wireless dump-core RFS7000(config-wireless)# RFS7000(config-wireless)#service wireless dump-core RFS7000(config-wireless)# RFS7000(config-wireless)#service wireless rate-scale RFS7000(config-wireless)# RFS7000(config-wireless)#service wireless request-ap-log 35 RFS7000(config-wireless)# RFS7000(config-wireless)#service wireless save-ap-log RFS7000(config-wireless)#...
Page 456: Show
14-38 Overview 14.1.28 show Wireless Configuration Commands Use this command to view current system information. Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-wireless)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall...
Page 457 14-39 RFS7000(config-wireless)#show RFS7000(config-wireless)#show wireless AP Number of access-ports adopted Available licenses : 254 Redundancy enabled Redundancy mode : active Radios [indices] Model-Number Adoption- Mode 00-15-70-11-34-82 2 [ 3 4 ] WSAP-5100-100-WW L2 (vlan: 1) 00-A0-F8-EA-4C-99 2 [ 1 2 ] WSAP-5100-100-WW L2 (vlan: 2) RFS7000(config-wireless)#...
Page 458: Smart-Scan-Channels
14-40 Overview 14.1.29 smart-scan-channels Wireless Configuration Commands Use this command to configure a list of channels used on the network. This list is provided to mobile units that support partial scanning. Syntax smart-scan-channels(11a|11bg)<1-200> Parameters Specifies a channel list for the 5Ghz band used by 802.11a mobile units. Specifies a channel list for the 2.4Ghz band used by 802.11bg mobile units.
Page 459: Wlan
14-41 14.1.30 wlan Wireless Configuration Commands Use this command to configure Wireless LAN related commands. Syntax wlan(<1-256>|WLAN) (accounting|answer-bcast-ess|authentication-type| description |dot11i|enable|encryption-type|hotspot|inactivity-timeout|kdc|mobility| mu-mu-disallow|qos|radius|secure-beacon|ssid|symbol-extensions |syslog|tunnel|vlan|wep128|wep64) wlan <1-256> accounting(none|radius|ssyslog) wlan <1-256> authentication-type(eap|hotspot|kerberos|mac-auth|none) wlan <1-256> dot11i(handshake|key|key-rotation|key-rotation-interval| opp-pmk-caching|phrase|pmk-caching|preauthentication|second-key| tkip-cntrmeas-hold-time|wpa2-tkip) wlan <1-256> dot11i handshake timeout<100-5000> retransmit<1-10> wlan <1-256> key(0|2|WORD) wlan <1-256>...
Page 460 14-42 Overview Parameters Select a single WLAN index. You also have the option of selecting a list (1,3,7) [ <1-256> | WLAN] or range (3-7) of WLAN indices. Accounting on this WLAN. accounting (none|radius|syslog) • none – No accounting on this WLAN. •...
Page 461 14-43 dot11i [handshake | key | Modifies tkip/ccmp (802.11i) related parameters. key-rotation | key-rotation- • handshake (timeout <100-5000>) (retransmit<1-10>) – Use a handshake interval | to configure timeout and retransmission. opp-pmk-caching | • timeout<100-5000> – The timeout (in milliseconds) between phrase|pmk-caching | retries.
Page 462 14-44 Overview The encryption type for this WLAN. encryption-type() • ccmp – AES Counter Mode CBC-MAC Protocol (AES-CCM/CCMP). • keyguard – Keyguard-MCM (Mobile Computing Mode). • none – No encryption. • tkip – Enables Temporal Key Integrity Protocol (TKIP). • tkip-ccmp – Enables both tkip and ccmp on this WLAN. •...
Page 463 14-45 Modifies hotspot related parameters. hotspot() • allow (rule index) (IP address) – Modifies hotspot allow-list parameters. Users who have not yet authenticated must be allowed access to these IP addresses. • Rule index – Allow-list Rule index (must be between (1-10). •...
Page 464 14-46 Overview Modifies KDC related parameters. [password (0||LINE) | • password(0|2|LINE) – KDC server password, up to 127 characters. realm (LINE) | server • 0 – Password is specified UNENCRYPTED. (primary|secondary|timeo ut)] auth-port<1-65535> • 2 – Password is encrypted with password-encryption secret. •...
Page 465 14-47 Quality of Service commands. [classification | mcast1 | • classification [background|best-effort|video|voice|wmm] – Select how mcast2 | prioritize-voice | traffic on this WLAN is classified (relative prioritization on the access svp | wmm] port). • background – Traffic on this WLAN is treated as background traffic. •...
Page 466 14-48 Overview • aifsn – (Arbitration Inter Frame Spacing Number) The wait time (in milliSeconds) between data frames derived using AIFSN and the slot-time. • cw – (Contention Window parameters) Wireless stations pick a number between 0 and the minimum contention window to wait before retrying transmissions.
Page 467 14-49 • pap – Password Authentication Protocol. • dscp<0-63> – Specifies a DSCP (Differentiated Services Code Point) v to provide QoS to RADIUS packets. The DSCP value must be between 0-63. • dynamic-authorization (enable) – Configures support for RADIUS dynamic authorization extensions (such as Disconnect Message) and Change-Of-Authorization, as described in RFC 3576.
Page 468 14-50 Overview Do not include the SSID of this WLAN in Beacon frames. secure-beacon The SSID of this WLAN. ssid Enables support for Symbol extensions. symbol-extensions fast- roaming (enable) • fast-roaming (enable) – Enables support for Symbol fast roaming. Syslog Accounting. syslog (accounting) server <IP Address>...
Page 469 14-51 RFS7000(config-wireless)#wlan 25 dot11i handshake timeout 2500 retransmit 5 RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 dot11i key-rotation enable RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 dot11i key-rotation-interval 2000 RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 enable RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 hotspot webpage external failure "This feature is under development" RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 kdc server primary 1.2.3.4 auth-port 50000 RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 mobility enable RFS7000(config-wireless)#...
Page 470 14-52 Overview...
Page 471: Appendix A Customer Support
Software type and version number • Motorola responds to calls by email, telephone or fax within the time limits set forth in support agreements. If you purchased your Enterprise Mobility business product from a Motorola business partner, contact that business partner for support.
Page 472 A - 2 RFS7000 Series CLI Reference Guide...
Page 474 MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.com 72E-85984-01 Revision A April 2007...

Motorola RFS7000 Series Reference Manual

About this Guide

Chapter 1. Introduction

Chapter 2 . Common Commands

Chapter 3 . User Exec Commands

Chapter 4. Privileged Exec Commands

Chapter 5 . Global Configuration Commands

Chapter 6 . Crypto-Trustpoint Instance

Chapter 7 . Interface Instance

Chapter 8 . Spanning Tree-Mst Instance

Chapter 9 . Extended ACL Instance

Chapter 10 . Standard ACL Instance

Chapter 11. Extended MAC ACL Instance

Chapter 12 . DHCP Instance

Chapter 13 . RADIUS Server Instance

Chapter 14. Wireless Instance

Quick Links

Related Manuals for Motorola RFS7000 Series

Summary of Contents for Motorola RFS7000 Series