Page 1 53-1002515-01 ® 14 May 2012 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide Supporting software release 4.4.0.0 and later...
Page 2 Export of technical data contained in this document may require an export license from the United States government. The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it.
Page 3 In this chapter ......... . . 39 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide...
Page 4 Configuring the Virtual Interface......97 Viewing Virtual Interface Statistics ..... .101 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 5 In this chapter ......... .259 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide...
Page 6 In this chapter ......... .331 Displaying the Main Security Interface ..... .331 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 7 Configuring Radius User Groups......429 Viewing Radius Accounting Logs......432 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 8 Transferring Panic Files .......497 viii Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 9 System Logging Mechanism ......533 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 10 Rogue AP Detection Troubleshooting......537 Troubleshooting Firewall Configuration Issues ....538 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 11 The following hardware platforms are supported by this release of this guide: • Brocade Mobility RFS4000 Controller software release 4.4 and later • Brocade Mobility RFS6000 Controller software release 4.4 and later • Brocade Mobility RFS7000 Controller software release 4.4 and later Document conventions This section describes text formatting conventions and important notice formats used in this document.
Page 12 (this document) - Describes configuration of the Brocade wireless controllers using the Web UI. • Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide - Describes the Command Line Interface (CLI) and Management Information Base (MIB) commands used to configure the Brocade controllers.
Page 13: In This Chapter
The discussion of the switch GUI within this guide is presented generically, making it equally relevant to the Brocade Mobility RFS4000, Brocade Mobility RFS6000, and Brocade Mobility RFS7000 switch platforms. However, some subtle differences do exist amongst these baselines. These differences are noted within the specific GUI elements impacted.
Page 14: Physical Specifications
Operating Humidity 5% - 85% RH, non-condensing A power cord is not supplied with a Brocade Mobility RFS4000, Brocade Mobility RFS6000 or Brocade Mobility RFS7000 model switch. Use only a correctly rated power cord certified for the country of operation...
Page 15: Software Overview
VLANs. NOTE On the Brocade Mobility RFS4000 and Brocade Mobility RFS6000 the Uplink (UP) port is the preferred method of connecting the switch to the network. The Uplink port has its own dedicated 1Gbps connection which is unaffected by internal traffic across the GE ports.
Page 16: Infrastructure Features
It also allows for testing of new firmware on a switch with the ability to easily revert to a previous image. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 17 Log messages are well-defined and documented system messages with various destinations. They are numbered and referenced by ID. Each severity level group, can be configured separately to go to either the serial console, telnet interface, log file or remote syslog server. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 18 • Centralized redundancy group management using the switch CLI. For more information on configuring the switch for redundancy support, see Configuring Switch Redundancy & Clustering on page 5-293. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 19: Wireless Switching
HotSpot / IP Redirect • IDM (Identity Driven Management) • Voice Prioritization • Self Healing • Wireless Capacity • AP and client Load Balancing • Wireless Roaming • Power Save Polling • Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 20 5150 MHz to 5350 MHz and 5470 MHz to 5725 MHz when in countries of the EU. The purpose of DFS is: • Detect interference from other systems and avoid co-channeling with those systems (most notably radar systems). Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 21 WLAN. The following is a typical sequence for hotspot access: 1. A visitor with a laptop requires hotspot access at a site. 2. A user ID/ Password and hotspot ESSID is issued by the site receptionist or IT staff. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 22 PSP queue. This features permits intercom mode operation without delay (even in the presence of PSP client's). For more information on configuring voice prioritization for a target WLAN, see Configuring WMM on page 4-146. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 23 If AP1 detects AP2 and AP3 as its neighbors, you can assign failure actions to AP2 and AP3 whenever AP1 fails. Assign up to four self healing actions: 1. No action 2. Decrease supported rates 3. Increase Tx power 4. Both 2 and 3. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 24 By default, the adoption algorithm generally distributes AP adoption evenly among the switches available. NOTE Port adoption per switch is determined by the number of licenses acquired. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 25 802.11 standard. The move command is a simple packet up/packet back exchange with the Access Port. Verification of this feature is dependent on its implementation in one or more mobile units. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 26 With QoS, a VoIP conversation (a real-time session), receives priority, maintaining a high level of voice quality. Voice QoS ensures: • Strict Priority • Spectralink Prioritization • VOIP Prioritization (IP ToS Field) • Multicast Prioritization Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 27 UPSD power save buffer addressed to the triggering switch. UPSD is well suited to support bi-directional frame exchanges between a voice STA and its AP. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 28 If the client roams, it is assigned back to its earlier assigned VLAN. The cache is flushed upon detected client inactivity or if the client associates over a different WLAN (on the same switch). Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 29: Wired Switching
Once the lease expires, the client is no longer permitted to use the leased IP address. For information on defining the switch DHCP configuration, see DHCP Server Settings on page 5-261. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 30: Management Features
The switch supports the following management features: • A secure, browser-based management console • A Command Line Interface (CLI) accessible via the serial port or through Telnet or a Secure Shell (SSH) application Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 31: Security Features
Upload and download of Access Port firmware and configuration files using TFTP and FTP. • Transfer of firmware and configuration files using Compact Flash (Brocade Mobility RFS7000 only) or USB (Brocade Mobility RFS6000 and Brocade Mobility RFS7000 platforms only) • The graphing of wireless statistics •...
Page 32 Keys are never shared or reused, and are automatically distributed in a secure manner. For information on configuring Kerberos for a WLAN, Configuring Kerberos on page 4-116. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 33 When you initially switch packets on an out-of-the-box Brocade Mobility 300 Access Point port, it immediately attempts to authenticate using 802.1x. Since 802.1x supports supplicant initiated authentication, the Brocade Mobility 300 Access Point attempts to initiate the authentication process. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 34 Basic WIPS functionality does not require monitoring APs and does not perform off-channel scanning. NOTE When converting an Brocade Mobility 300 Access Point to an Intrusion Detection Sensor, the conversion requires approximately 60 seconds. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 35 An switch then processes this information SNMP Trap on discovery An SNMP trap is sent for each detected and Rogue AP. Rogue APs are only detected, and notification is provided via a SNMP trap. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 36 Also unlike SSL (which is typically built into the Web browser), IPsec requires a client installation. IPsec can access both Web and non-Web applications, whereas SSL requires workarounds for non-Web access such as file sharing and backup. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 37 EAP/802.1x type of NAC. However, the switch also provides a mean to bypass NAC authentication for client’s that do not have NAC 802.1x support (printers, phones, PDAs etc.). For information on configuring NAC support, see Configuring NAC Server Support on page 4-132. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 38: Supported Access Ports/Points
A RF switch supports the adoption of the following Enterprise Access Ports and Access Points: • Brocade Mobility 300 Access Point • Brocade Mobility 5181 Access Point • Brocade Mobility 7131 Series Access Points • Brocade Mobility 650 Access Point Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 39: Ieee Standards Support
The IEEE 802.11d standard is implemented for Mesh networking on the following AP Platforms: • Brocade Mobility 5181 Access Point • Brocade Mobility 5181 Access Point • Brocade Mobility 7131 Access Point Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 40 The IEEE 802.1x standard is fully supported on the following AP Platforms: • Brocade Mobility 300 Access Point Access Port • Brocade Mobility 5181 Access Point • Brocade Mobility 7131 Access Point Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 41: Standards Support
Switch -> AP communications. RFC 791 IP In addition we provide full IP4 routing support on the RF Switch as well as support IPv4 on our wired / wireless stateful inspection firewall. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 42 1024- and 2048-bit IPSec: DES-CBC, 3DES, AES-CBC RFC 2548 Microsoft Vendor-Specific RADIUS Attributes RFC 2716 PPP EAP-TLS RFC 2865 RADIUS Authentication Integrated and Pass-through RFC 2866 RADIUS Accounting Integrated and Pass-through Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 43 (mib-2 dot 2 dot 2). RFC 3164 Syslog RFC 3414 User-Based Security Model (USM) for SNMPv3 RFC 3418 MIB for SNMP Web-based: HTTP/HTTPS Command-line interface: Telnet, SSH, serial port Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 44 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 45: In This Chapter
NOTE Ensure you have HTTP connectivity to the switch, as HTTP is a required to launch the switch Web UI from a browser. To display the switch Web UI: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 46 The chapters within this System Reference Guide are arranged to be complimentary with the main menu items in the menu tree of the switch Web UI. Refer to this content to configure switch network addressing, security and diagnostics as required. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 47: Switch Password Recovery
Configuration files are tracked by their MD5 checksum. Configuration files are tracked by their contents. If a file is renamed its contents remain the same and the file will not be reloaded. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 48 In the following example, define the three URLs and the expected version of the image file, then enable all three features for the auto install. RF Switch(config)#autoinstall config url ftp://ftp:ftp@192.9.200.1/RFSwitch/config RF Switch(config)#autoinstall cluster-config url ftp://ftp:ftp@192.9.200.1/RFSwitch/cluster-config Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 49 Once again, for DHCP option based auto install the URLs is ignored and those passed by DHCP are not stored. Whenever a string is blank it is shown as --not-set--. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 50 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 51: In This Chapter
Status field and the screen remains displayed. With file transfer operations, the transfer screen remains open during the transfer and remains open upon completion (with status displayed within the Status field). Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 52: Setting The Switch Country Code
To view a high-level display of the switch configuration: 1. Select Switch from the main menu tree. 2. Click the Configuration tab. 3. Refer the System field to view or define the following information: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 53 5. Click the Shutdown button to shutdown and power off the switch. NOTE On the Brocade Mobility RFS4000, Brocade Mobility RFS6000, and Brocade Mobility RFS7000 the shutdown command will shutdown the switch but the fans on the switch will remain on.
Page 54: Switch Dashboard Details
Click the Show Dashboard button (within the Switch screen’s Configuration tab) to display the current health of the switch Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 55 The Dashboard screen displays the current health of the switch and is divided into fields representing the following important diagnostics: • Alarms • Ports • Environment • CPU/Memory • File Systems Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 56 Duplex Displays the status of the port, either— Full Duplex or Unknown. 3. The Environment section displays the CPU temperature. It displays the valid threshold range set by the user. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 57 The Dashboard screen displays the current health of the switch and is divided into fields representing the following important diagnostics: • Alarms • Ports • Environment • CPU/Memory • File Systems Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 58 Duplex Displays the status of the port, either— Full Duplex or Unknown. 3. The Environment section displays the CPU temperature. It displays the valid threshold range set by the user. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 59 The Dashboard screen displays the current health of the switch and is divided into fields representing the following important diagnostics: • Alarms • Ports • Environment • CPU/Memory • File Systems Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 60 Duplex Displays the status of the port, either— Full Duplex or Unknown. 3. The Environment section displays the CPU temperature. It displays the valid threshold range set by the user. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 61: Viewing Switch Statistics
The Switch Statistics tab displays an overview of the recent network traffic and RF status for the switch. To display the Switch Statistics tab: 1. Select Switch from the main menu tree. 2. Click the Switch Statistics tab at the top of the Switch screen. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 62 Displays the average Signal to Noise Ratio (SNR) for all Clients associated with the switch. The Signal to Noise Ratio is an indication of overall RF performance on the wireless network. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 63: Viewing Switch Port Information
An UP port is available on the Brocade Mobility RFS4000 and Brocade Mobility RFS6000 platform only. This port is used to connect the switch to the backbone network. The UP port on the switch supports either RJ-45 or fiber.
Page 64: Viewing The Port Configuration
Name Displays the current port name. The port names available vary by switch. Brocade Mobility RFS6000: ge1, ge2, ge3, ge4, ge5, ge6, ge7, ge8, me1, up1, wan Brocade Mobility RFS7000: ge1, ge2, ge3, ge4, me1 Brocade Mobility RFS4000: ge1, ge2, ge3, ge4, ge5. up1 Aggregation Membership The Aggregation Membership value displays the channel group the port is a member of.
Page 65 Communication errors may occur even if modifications made are successful. 3. Click the OK button to continue. Optionally, select the Don’t show this message again for the rest of the session checkbox to disable the pop-up. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 66: Viewing The Ports Runtime Status
6. Click Cancel to disregard any changes and revert back to the last saved configuration. Viewing the Ports Runtime Status The Runtime tab displays read-only runtime configuration for uplink and downlink ports. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 67: Reviewing Port Statistics
The Statistics tab displays read-only statistics for ethernet ports. Use this information to assess if configuration changes are required to improve network performance. To view the runtime configuration details of the switch ports: 1. Select Switch > Ports from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 68 Name Defines the port name. The port names available vary by switch. Brocade Mobility RFS6000: ge1, ge2, ge3, ge4, ge5, ge6, ge7, ge8, me1, up1, wan Brocade Mobility RFS7000: ge1, ge2, ge3, ge4, me1 Brocade Mobility RFS4000: ge1, ge2, ge3, ge4, ge5, up1 Bytes In Displays the total number of bytes received by the port.
Page 69 In all of these cases, an error is reported and logged. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 70 Periodically display the port statistics graph for assessing the latest information. To view a detailed graph for a port: 1. Select a port from the table displayed in the Statistics screen. 2. Click the Graph button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 71 3. Display any of the above by selecting the checkbox associated with it. NOTE You are not allowed to select (display) more than four parameters at any given time. 4. Click on the Close button to exit out of the screen. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 72: Power Over Ethernet (Poe)
Power over Ethernet is supported on the Brocade Mobility RFS6000 and Brocade Mobility RFS4000 switches. The Brocade Mobility RFS6000 switch supports 802.3af Power over Ethernet (PoE) on each of its eight ge ports. The PoE screen allows users to monitor the power consumption of the ports and configure power usage limits and priorities for each of the ge ports.
Page 73: Editing Port Poe Settings
To modify the PoE settings for a port: 1. Select a port to edit from the table. 2. Click the Edit button. The PoE Edit screen shows the port PoE status, Priority, and Power Limit. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 74: Configuring Wan Interface Cards
6. Click OK to save and add the changes to the running configuration and close the dialog. Configuring WAN Interface Cards The Brocade Mobility RFS6000 switch supports 3G Wireless WAN cards using the ExpressCard slot. In order to use a 3G Wireless WAN card with the switch, it must first be initialized on a laptop.
Page 75: Viewing Switch Configurations
For more information, refer to the Brocade Website. To view the Configuration files available to the switch: 1. Select Switch > Configurations from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 76 If a file (for example, sample-config) is selected, a message displays stating, “When sample-config is installed, it will replace start-up config. Are you sure you want to install sample-config.” Click Yes to continue. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 77: Viewing The Detailed Contents Of A Config File
1. Select a configuration file from the Configuration screen by highlighting the file. 2. Click the View button to see the contents of the selected configuration file. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 78 5. Click the Refresh button to get the most recent updated version of the configuration file. 6. Click Close to close the dialog without committing updates to the running configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 79: Transferring A Config File
The Target options are different depending on the target selected. 3. Refer to the Target field to specify the details of the target file. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 80: Viewing Switch Firmware Information
To view the firmware files available to the switch: 1. Select Switch > Firmware from the main menu tree. 2. Refer to the following information displayed within the Firmware screen: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 81: Editing The Switch Firmware
The Edit screen enables the user to select a firmware file and designate it as the version used the next time the switch is booted. 1. Select the primary firmware image from the Firmware screen. 2. Click the Edit button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 82: Enabling Global Settings For The Image Failover
“SET/GET” operation from the applet. The Status field displays error messages if something goes wrong in the transaction between the applet and the switch. 5. Click OK to save and add the changes to the running configuration and close the dialog. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 83: Updating The Switch Firmware
Use SFTP to get the firmware update from a Secure File Transfer Protocol (SFTP) server. A user account must be established on the SFTP server specified for the firmware update. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 84: Switch File Management
On the Brocade Mobility RFS7000, users can also transfer firmware files using USB or Compact Flash. On the Brocade Mobility RFS6000, users can also transfer firmware files using USB. On the Brocade Mobility RFS4000, users can also transfer firmware files using USB or PCI Express card.
Page 85 (within the field), the file used at startup automatically displays. Transferring a file from Wireless Switch to Wireless Switch To transfer a file from one switch to another: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 86 Click Abort at any time during the transfer process to abort the file transfer. Transferring a File from a Wireless Switch to a Server To transfer a file from the Switch to a Server: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 87 On the Brocade Mobility RFS7000, users can also transfer files using USB or Compact Flash. On the Brocade Mobility RFS6000, users can also transfer files using USB. On the Brocade Mobility RFS4000, users can also transfer the files using USB, or PCI Express.
Page 88 10. Click the Transfer button to complete the file transfer. The Message section displays the status of the file transfer message. 11. Click the Abort button any time during the transfer process to abort the file transfer. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 89: Viewing Files
USB 2 NOTE USB 1 is available on the Brocade Mobility RFS6000 and Brocade Mobility RFS7000 switches. USB2 and Compact Flash are only available on the Brocade Mobility RFS7000 switch. Transfer files between the switch and the server from any one of the above mentioned locations.
Page 90: Configuring Automatic Updates
To enable and configure the automatic update feature for switch firmware, configuration files, and cluster configurations: 1. Select Switch > Automatic Updates from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 91 NOTE In addition to the Protocols listed on the Brocade Mobility RFS7000, users can also auto-update using USB or Compact Flash. On the Brocade Mobility RFS6000, users can also auto-update using USB. 3. Refer to the Redundancy Configuration field to enable and define the configuration for automatic cluster file updates.
Page 92: Viewing The Switch Alarm Log
1. Select Switch > Alarm Log from the main menu tree. 2. Use the Alarm Log screen’s filtering options to view alarm log data by page or by its entire content. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 93: Viewing Alarm Log Details
Viewing Alarm Log Details Use the Details option when additional information is required for a specific alarm to make an informed decision on whether to delete, acknowledge, or export the alarm. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 94: Viewing Switch Licenses
• 6 AP licenses, which will work for Access Ports or Adaptive APs • Advanced Security License • Locationing Application License • WAN Backhaul License To install a new license: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 95 Wi-Fi tags. It also enables RFID support, and reader management and Gen2 tag support. In addition this, license enables Application Level Event support for sending location updates to 3rd-party applications. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 96: How To Use The Filter Option
4. Click the Turn Off Filtering button to disable the filtering option for the screen where it appears. Filtering status (when filtering is turned off) displays at the bottom of the table. 5. Click the Hide Filtering Option button to hide the Filter Option zone. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 97: In This Chapter
(with status displayed within the Status field). NOTE To view the switch’s Network configuration: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 98: Viewing Network Ip Information
Viewing Network IP Information Use the Internet Protocol screen to view and configure network-associated IP details. The Internet Protocol screen contains tabs supporting the following configuration activities: • Configuring DNS Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 99: Configuring Dns
5. Click the Add button to display a screen used to add another domain name server. For more information, see Adding an IP Address for a DNS Server on page 4-88. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 100 IP addresses. NOTE The order of look up is determined by the order of the servers within the Domain Name System tab. The first server queried is the first server displayed. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 101: Configuring Ip Forwarding
3. The read-only IP Forwarding tab displays the current status between VLANs. To toggle the status of routing between VLANs, use the Enable/Disable options located at the bottom of the screen. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 102 A new Configuration screen displays enabling you to add a new destination subnet, subnet mask, and gateway for routing packets to a defined destination. 2. In the Destination Subnet field, enter an IP address to route packets to a specific destination address. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 103: Viewing Address Resolution
The Address Resolution table displays the mapping of layer three (IP) addresses to layer two (MAC) addresses. To view address resolution details: 1. Select Network > Internet Protocol from the main tree menu. 2. Select the Address Resolution tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 104: Viewing And Configuring Layer 2 Virtual Lans
Virtual LANs screen to view and configure VLANs by Port and Ports by VLAN information. Refer to the following VLAN configuration activities: • Viewing and Configuring VLANs by Port on page 4-93 • Viewing and Configuring Ports by VLAN on page 4-95 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 105: Viewing And Configuring Vlans By Port
NOTE For Adaptive AP to work properly with Brocade Mobility RFS7000, you need to have independent and extended WLANs mapped to a different VLAN than the ge port. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 106: Editing The Details Of An Existing Vlan By Port
The system prompts you with a Port VLAN Change Warning message stating that communication disruptions could occur with the switch. 3. Click OK to continue. 4. Use the Edit screen to modify the VLAN’s mode, access VLAN, and allowed VLAN designation. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 107: Viewing And Configuring Ports By Vlan
To view VLAN by Port information: 1. Select Network > Layer 2 Virtual LANs from the main menu tree. 2. Select the Ports by VLAN tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 108 3. Highlight an existing VLAN and click the Edit button. The system displays a Port VLAN Change Warning message stating that changing VLAN designations could disrupt access to the switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 109: Configuring Switch Virtual Interfaces
NOTE The ports available vary by switch. On the Brocade Mobility RFS6000, the available ports are ge1, ge2, ge3, ge4, ge5, ge6, ge7, ge8, and up1. On the Brocade Mobility RFS7000, the available ports are ge1, ge2, ge3, and ge4.
Page 110 Management Interface would be the only one used by the switch. This setting does not affect any of the Management Access Interfaces configured using Configuring Access Control on page 7-452. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 111 4. Enter the VLAN ID for the switch virtual interface. 5. Provide a Description for the VLAN, representative of the VLAN’s intended operation within the switch managed network. 6. The Primary IP Settings field consists of the following: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 112 DHCP. 1. Select Network > Switch Virtual Interface from the main tree menu. 2. Select the Configuration tab and click the Edit button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 113: Viewing Virtual Interface Statistics
The Statistics screen displays information about packet level statistics and errors at the interface. To view virtual interface statistics: 1. Select Network > Switch Virtual Interface from the main tree menu. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 114 Misalignment is reported if the frame ends with a CRC error and extra bits are also detected. Bytes Out Displays the number of bytes going out on the interface. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 115 Input Packets Dropped Displays the number of packets dropped at the interface by the input Queue of the hardware unit /software module associated with the VLAN interface. Packets are dropped when the input Queue of the interface is full or unable to handle incoming traffic. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 116 Output Pkts Total • Output Pkts Error • Input Pkts Total • Input Pkts Error • Output Pkts NUCast • Input Pkts NUCast • Output Bytes • Output Pkts Dropped Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 117: Viewing And Configuring Switch Wlans
Wireless LANs screen is partitioned into 5 tabs supporting the following configuration activities: • Configuring WLANs • Viewing WLAN Statistics • Configuring WMM • Configuring the NAC Inclusion List • Configuring the NAC Exclusion List Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 118: Configuring Wlans
Be careful to properly map BSS WLANs and security schemes. NOTE The Brocade Mobility RFS6000 supports a maximum of 32 WLANs. The Brocade Mobility RFS7000 supports a maximum of 256 WLANS. Brocade Mobility RFS4000 supports a maximum of 24 WLANs.
Page 119 MFP is only available on WLANS with CCMP encryption. The range is between 1000ms to 6000ms and default value is 100ms for Brocade Mobility RFS6000 and Brocade Mobility RFS7000. 3. Click the Edit button to display a screen where WLAN information, encryption, and authentication settings can be viewed or changed.
Page 120 Enter a title that is displayed on each Hotspot Voucher generated for each guest user. Use this to include any information or your organization’s Name as a part of the generated Hotspot Voucher. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 121 To edit WLAN configuration settings: 1. Select Network > Wireless LANs from the main menu tree. 2. Click the Configuration tab. 3. Select a WLAN to modify from the table. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 122 3 entity table. If the IP entry is not present in the layer 3 entity table, the event will be logged and the packet dropped. Enable URL Logging Enable URL Logging to log all HTTP GET requests.Along with the URL, a mobile unit IP address will also be logged. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 123 A Radius server is used to authenticate users. For detailed information on configuring EAP for the WLAN, see Configuring 802.1x EAP on page 4-115. Kerberos A Kerberos server is used to authenticate users. For detailed information on configuring Kerberos for the WLAN, Configuring Kerberos on page 4-116. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 124 Sets the Quality of Service weight for the WLAN. WLAN QoS will be applied based on the QoS weight value with the higher values given priority.The default value for the weight is 1. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 125 VLAN, and assigns the least used/loaded VLAN to the client. This number is tracked on a per-WLAN basis. To assign multiple VLANs to a WLAN: 1. Select Network > Wireless LANs from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 126 11. Click Cancel to close the dialog without committing updates to the running configuration. NOTE In a cluster environment with multiple switches, ensure that the VLAN list is consistent across all switches. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 127 EAP 802.1x supported WLAN. For more information, see Configuring External Radius Server Support on page 4-128. 4. Click the Config button to the right of the 802.1X EAP checkbox. The 802.1x EAP screen displays. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 128 A WLAN screen displays with the WLAN’s existing configuration. Refer to the Authentication and Encryption columns to assess the WLAN’s existing security configuration. 4. Select the Kerberos button from within the Authentication field. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 129 WLAN with no WEP (an open network). The switch issues an IP address using a DHCP server, authenticates the user, and grants the user access to the Internet. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 130 Login.htm, send them to a Radius server and display a Welcome.htm or a Faliure.htm depending on the result of the authentication attempt. For more information, see Configuring an Internal Hotspot on page 4-119. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 131 1. Select Network > Wireless LANs from the main menu tree. Select an existing WLAN from those displayed within the Configuration tab and click the Edit button. 2. Select an existing WLAN from those displayed within the Configuration tab and click the Edit button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 132 The default text is: “Either the username and password are invalid, or service is unavailable at this time.” Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 133 The Footer Text is the HTML footer text displayed on the No Service page when using the internal Web server. This Internal option is only available if is chosen from the drop-down menu above. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 134 Selecting the external option entails hosting your own external Web server using advanced Web content (using XML, Flash). To create a hotspot maintained by an external server: 1. Select Network > Wireless LANs from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 135 Welcome page. For example, the Login page URL can be the following: http://192.168.150. 5/login.html?ip_address=192. 168.30.1. Here, 192.168.150.5 is the Web server IP address and 192.168.30.1 is the switch IP address. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 136 15. Click OK to use the changes to the running configuration and close the dialog. 16. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 137 1. Select Network > Wireless LANs from the main menu tree. 2. Select an existing WLAN from those displayed within the Configuration tab. 3. Click the Edit button. 4. Select the Hotspot button from within the Authentication field. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 138 Specify the appropriate Path name to the hotspot configuration on the local system disk or server. Once the location and settings for the advanced hotspot configuration have been defined, click the Install button to use the hotspot configuration with the switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 139 3. Click the Edit button. 4. Select the MAC Authentication button from within the Authentication field. This enables the Radius button at the bottom of the Network > Wireless LANs > Edit screen. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 140 Radius Server as the primary user authentication source and the local switch Radius Server as the secondary user authentication source. To use an external Radius Server as either a primary or secondary authentication source, it must be specified appropriately. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 141 Radius or NAC Server. The Radius Configuration screen contains tabs for defining both the Radius and NAC server settings. For NAC overview and configuration information, see Configuring NAC Server Support on page 4-132. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 142 Per Hop Behaviors (PHB). Service can be provisioned (if necessary) by assigning a DCSP point code from 1 - 6. 10. Click OK to save the changes made to this screen. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 143 Set the Console Access value to 128 (user is allowed login privileges only from console). b. Set the Telnet Access value to 64 (user is allowed login privileges only from a Telnet session). Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 144 This enables the Radius button at the bottom of the Network > Wireless LANs > Edit screen. 5. Click the Radius button. The Radius Configuration screen displays (with the Radius tab displayed by default) for defining an external Radius or NAC Server. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 145 The server’s Timeout and Retries should be less than what is defined for a client’s timeout and retries. If the client’s time is less than the server’s, a fall back to the secondary server will not work. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 146 To configure the WLAN data encryption options available on the switch, refer to the following: • Configuring WEP 64 • Configuring WEP 128 / KeyGuard • Configuring WPA/WPA2 using TKIP and CCMP Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 147 The key can be either a hexadecimal or ASCII. For WEP 64 (40-bit key), the keys are 10 hexadecimal characters in length or 5 ASCII characters. Select one of these keys for activation by clicking its radio button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 148 3. Select either the WEP 128 or KeyGuard button from within the Encryption field. 4. Click the Config button to the right of the WEP 128 and KeyGuard checkboxes. The WEP 128 / KeyGuard screen displays. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 149 (Wi-Fi) standard, 802.11i. WPA provides more sophisticated data encryption than WEP. WPA is designed for corporate networks and small-business environments where more wireless traffic allows quicker discovery of encryption keys by an unauthorized person. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 150 The WPA/WPA2-TKIP/CCMP screen displays. This single screen can be used to configure either WPA/WPA2-TKIP, or WPA-CCMP. 5. Select the Broadcast Key Rotation checkbox to enable periodically changing the broadcast key for this WLAN. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 151 10. Click OK to use the changes to the running configuration and close the dialog. 11. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 152: Viewing Wlan Statistics
WLAN statistics is required, select a WLAN from the table and click the Details button. To view WLAN configuration details: 1. Select Network > Wireless LANs from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 153 Displays the average number of retries for all Clients associated with the selected WLAN. 4. To view WLAN statistics in greater detail, select a WLAN and click the Statistics button. For more information, see Viewing WLAN Statistics in Detail on page 4-142. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 154 3. Select a WLAN from the table displayed in the Statistics screen. and click the Details button. v The Details screen displays the WLAN statistics of the selected WLAN. The Details screen contains the following fields: • Information • Traffic • RF Status • Errors Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 155 Displays the percentage of undecryptable packets for all Clients associated with the selected WLAN. The number in Pkts black represents this statistics for the last 30 seconds and the number in blue represents this statistic for the last hour. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 156 Throughput (Mbps) • Avg Bits per sec • Avg Signal (dBm) • Dropped Pkts • TX Pkts per sec • TX Tput (Mbps) • NUcast Pkts • Avg Noise (dBm) Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 157 1. Select a Network > Wireless LANs from the main menu tree. 2. Click the Statistics tab. 3. Select a WLAN from the table displayed in the Statistics screen and click the Switch Statistics button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 158: Configuring Wmm
Use the WMM tab to review a WLAN’s current index (numerical identifier), SSID, description, current enabled/disabled designation, and Access Category. To view existing WMM Settings: 1. Select Network > Wireless LANs from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 159 Displays the current Arbitrary Inter-frame Space Number (AIFSN). Higher-priority traffic categories should have lower AIFSNs than lower-priority traffic categories. This will cause lower-priority traffic to wait longer before attempting access. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 160 4. Select the QoS Mappings button to revise the existing mappings of access category to 802.1p and DSCP to access category settings. With a drastic increase in bandwidth absorbing network traffic (VOIP, multimedia, etc.), the importance of data prioritization is critical to effective network management. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 161 1. Select Network Setup > WLAN Setup from the main menu tree. 2. Click the WMM tab. 3. Select a Access Category from the table and click the Edit button to launch a dialog with WMM configuration for that radio. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 162: Configuring The Nac Inclusion List
The switch uses the include list to add devices that are NAC supported. The following explains how authentication is achieved using 802.1x. The switch authenticates 802.1x enabled devices using one of the following: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 163 The List Configuration field displays a list of MAC addresses that can be included on a WLAN. You can add more than one device in this list. For example, printer 1, printer 2, etc. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 164 To add a multiple number of devices for a single device type: 1. Select Network > Wireless LANs from the main menu tree. 2. Select the NAC Include tab to view and configure all the NAC Include enabled devices. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 165 To assign include list items to one or more WLANs: 1. Select Network > Wireless LANs from the main menu tree. 2. Select the NAC Include tab to view NAC Included devices. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 166: Configuring The Nac Exclusion List
WLAN. For a NAC configuration example using the switch CLI, see NAC Configuration Examples Using the Switch CLI on page 4-157. To view the attributes of a NAC exclusion list: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 167 Use the Edit button to modify devices parameters. 8. To delete a list configuration for a device, select a row from the List Configuration field and click the Delete button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 168 5. Enter the Host Name for the device you wish to add for the selected exclude list. 6. Enter a valid MAC Address for the device you wish to add. Optionally, enter the MAC Mask for the device you wish to add. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 169: Nac Configuration Examples Using The Switch Cli
8. Click Cancel to close the dialog without committing updates to the running configuration. NAC Configuration Examples Using the Switch CLI The following are NAC include list, exclude list, and WLAN configuration examples using the switch CLI interface: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 170 1. Set the NAC mode for WLAN. A NAC validation is conducted for station entries in the include list. The station entries are authenticated using the Radius server. RF Switch(config-wireless) #wlan 1 nac-mode bypass-nac-except-include-list RF Switch (config-wireless) # 2. Configure the WLAN’s NAC server settings. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 171 This is a global setting for both the primary and secondary server. The re-transmit parameter defines the number of retries a switch attempts before dis-associating the client. RF Switch(config-wireless) #wlan 1 nac-server timeout 30 retransmit 10 RF Switch(config-wireless) # Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 172: Viewing Associated Client Details
For more information, refer to the Brocade Website. Viewing client Status To view client Status is detail: 1. Select Network > Mobile Units from the main menu tree. 2. Click the Status tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 173 The Clients Details screen displays read-only client transmit and receive statistics. To view client Details: 1. Select a Network > Mobile Units from the main menu tree. 2. Click the Status tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 174 Displays the encryption type used by the client for transmitting or receiving data frames on this WLAN. Roam Count Refer to the Roam Count value to assess the number of times the client has roamed from the switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 175 Radio Resource Measurement services will poll the selected client for traffic information. 6. Click OK to use the changes to the running configuration and close the dialog. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 176: Configuring Mobile Units
IP address from the pull-down menu. 5. To add a MAC address to client association, click the Add button. For more information on adding an association, see MAC Naming of Mobile Units. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 177: Viewing Client Statistics
Details button. NOTE The Brocade Mobility RFS6000 supports a maximum of 4096 Clients. The Brocade Mobility RFS7000 supports 8192 Clients.Enter Brocade Mobility RFS4000 statistics here. To view client statistics details: 1.
Page 178 Displays the percentage of the total packets for the selected client that are non-unicast packets. Non-unicast packets include broadcast and multicast packets. Retries Displays the average number of retries per packet. A high number in this field could indicate possible network or hardware problems. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 179 3. Select a client from the table displayed in the Statistics screen and click the Details button. The Details screen displays WLAN statistics for the selected WLAN, including: • Information • Traffic • RF Status • Errors Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 180 9. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 181: Viewing Client Voice Statistics
6. Click Close to close the dialog without committing updates to the running configuration. Voice Statistics tab is not mentioned. Viewing client Voice Statistics To view client Voice Statistics details: Select Network > Mobile Units from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 182 1-5 with higher scores being better. If the MOS score is lower than 3.5 it is likely that users will not be satisfied with the voice quality of calls. Lost Packets Displays the total number of voice packets lost for each client. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 183: Viewing Access Port Information
NOTE Up to 256 Access Ports are supported by the Brocade Mobility RFS6000 and Brocade Mobility RFS7000 switches. Up to 6 Access Ports and 24 Adaptive APs are supported by the Brocade Mobility RFS4000 switch. The actual number of Access Ports adoptable by a switch is defined based on access port or Adaptive AP licenses and on a per platform basis and will typically be lower than 256.
Page 184 Displays the radio’s current operational mode. If the radio is set as a Detector AP, the state is "Detector", otherwise the state is "Normal". VLAN Displays the name of the VLAN currently used with each Access Port radio. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 185 For more information, see Configuring an AP’s Global Settings on page 4-174. Configuring an AP Mesh Network Use the AP Mesh screen to configure mesh network settings for the selected Access Point. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 186 This can be helpful when you do not want to change an Access Port’s configuration but require the Access Port be adopted. To edit Global Radio configuration settings: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 187 8. Click the Configure Port Authentication button to open a new dialogue with port authentication configuration information. 9. Click OK to save the changes and return to the previous screen. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 188 9. Click OK to use the changes to the running configuration and close the dialog. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 189 Select the Dedicate this AP as Detector AP option to use this radio as a detector port to identify rogue APs on the network. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 190 (Automatic Channel Selection) allows the switch to systematically assign channels. Default is Random.Select a channel for communications between the Access Port and its associated Clients within the Desired Channel field. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 191 Access Port preference ID should be the same as adoption preference ID. The adoption preference ID is used for AP load-balancing. A switch will preferentially adopt APs, which have the same adoption-preference-ID as the switch itself. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 192 The default DTIM period is 10 beacons for BSS 1-4. Aggregation This allows the type ‘n’ packets to be aggregated before transmission. This feature is available only for type ‘n’ radios. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 193 Basic Rates are used for management frames, broadcast traffic, and multicast frames. If a rate is selected as a basic rate, it is automatically selected as a supported rate. 3. Check the boxes next to all the Supported Rates you want supported. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 194 You can select the Enable Short Guard Interval option in the 11n Modulation Coding Schemes (MCS) section to increase the data rates. Checking the Enable Basic MCS0-7 option will allow only 11n capable clients to get connected to this radio. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 195 Configuration screen. Use the Add screen to add the new radio’s MAC address and define its radio type. To add a Radio to the switch: 1. Select Network > Access Port Radios from the main menu. 2. Click the Configuration tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 196: Viewing Ap Statistics
Refer to the Statistics tab for information and high-level performance data for individual radios. Performance information can be reviewed for either a 30 second or one hour interval. Use the Details button to display additional information for an individual radio. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 197 Mbps for packets received on the selected radio. The Tx column displays the average throughput for packets sent on the selected radio. Displays the average bit speed in Mbps on the selected Access Port. This value includes packets both sent and received. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 198 The configured channel, in this case, is the value in parentheses. The AP may not be operating on the configured channel for 2 reasons: Uniform spreading is enabled or radar was encountered on the configured channel. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 199 This information can be used to chart associated switch radio performance and help diagnose radio performance issues. To view the client Statistics in a graphical format: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 200: Configuring Wlan Assignment
WLAN and BSSID assignments on a panel on the right-hand side of the screen. To view existing WLAN Assignments: 1. Select Network > Access Port Radios from the main menu tree. 2. Click the WLAN Assignment tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 201 The properties of an existing WLAN assignment can be modified to meet the changing needs of your network. To edit an exiting WLAN assignment: 1. Select Network > Access Port Radios from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 202: Configuring Wmm
(Video, Voice, Best Effort, and Background) as well as the transmit intervals defined for the target access category. To view existing WMM Settings: 1. Select Network > Access Port Radios from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 203 Access Category, AIFSN, Transmit Ops, CW Min, or CW Max. Select Turn Filtering Off to disable filtering. 4. Select a radio and click the Edit button to modify its properties. For more information, see Editing WMM Settings on page 4-192. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 204 Lower values are used for higher priority (video or voice) traffic. Enter a value between 0 and 15 for the Extended Contention Window maximum (ECW Max) value. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 205: Configuring Access Point Radio Bandwidth
WLAN, see Editing the WLAN Configuration on page 4-109. To view existing radio bandwidth weight settings: 1. Select Network > Access Port Radios from the main menu tree. 2. Click the Bandwidth tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 206: Configuring Radio Groups For Client Load Balancing
6. Repeat steps 3 through 5 for each radio you wish to add to groups. When you have finished adding radios to groups, click the Apply button on the Configuration tab to save your changes. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 207: Viewing Active Calls (Ac) Statistics
Viewing Active Calls (AC) Statistics To view Active Calls statistics: 1. Select Network > Access Port Radios from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 208: Viewing Mesh Statistics
Displays the total percentage of air time allocated for TPSEC clients. Viewing Mesh Statistics To view Mesh Statistics: 1. Select Network > Access Port Radios from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 209 % Non-Uni is the percentage of the total packets for the selected radio that are non-unicast packets. Non-unicast packets include broadcast and multicast packets. Retries Displays the total number of retries for each Access Port. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 210: Smart Rf
Self-healing to monitor whether a radio is down • Interference monitoring using retry stats • Defines coverage holes and discerns transmit rates and client signal strength. When necessary, Smart RF increases client power to maintain coverage Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 211 Displays whether or not an Access Port is a detector or not.Detector status is determined through Smart RF based on coverage and location of other APs in the network. Lock Detector Displays whether or not each Access Port is locked in detector status. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 212 • 802.11an • 802.11b • 802.11bg • 802.11bgn AP Location Displays the current location for the selected AP. The location can be configured on the Access Port Radios Configuration page. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 213 Displays the transmit, receive, and attenuation information of the selected neighbor radio. Editing Smart RF Radio Settings To edit Smart RF radio settings: 1. Select Network > Access Port Radios from the main menu tree. 2. Click the Smart RF tab Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 214 Displays the Media Access Control (MAC) Address of the selected AP. AP Name Displays the name assigned to the AP. The AP name can be configured on the Access Port Radios Configuration page. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 215 8. Click Cancel to close the dialog without committing updates to the running configuration. Viewing Smart RF History To view Smart RF history: 1. Select Network > Access Port Radios from the main menu tree. 2. Click the Smart RF tab Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 216 4. The Smart RF History window displays the Index number and Assignment History of Smart RF activity. Configuring Smart RF Settings To configure Smart RF settings: 1. Select Network > Access Port Radios from the main menu tree. 2. Click the Smart RF tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 217 To remove a channel from the configured list, select one or more channels from the Available box and click the Remove button. Number of Rescuers Assign a number of radios to dedicate as rescuers. The valid range is between 1 and 5. Default value is 3. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 218 If scheduled RF Calibration is enabled, enter an interval in days for how long the scheduled calibration should continue after its start date. 10. Once the settings have been configured, click the Run Calibration button to start a Smart RF calibration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 219: Voice Statistics
13. Click Cancel to close the dialog without committing updates to the running configuration. Voice Statistics To view Voice Statistics: 1. Select Network > Access Port Radios from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 220 Displays the total number of packets dropped by each Access Port. Delay to AP Displays the current delay time for each Access Port. Clients Associated Displays the total number of mobile units associated with each Access Port. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 221: Viewing Access Port Adoption Defaults
Edit button. These settings are the default configurations when the radios are set to auto-adopt. To view existing Radio Configuration information: 1. Select Network > Access Port Adoption Defaults from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 222 Editing Default Access Port Adoption Settings on page 4-211. NOTE Up to 256 Access Ports are supported by the Brocade Mobility RFS6000 and Brocade Mobility RFS7000 switches. Up to 6 Access Ports and 24 Adaptive APs are supported by the Brocade Mobility RFS4000 switch.
Page 223 To edit radio adoption configuration settings: 1. Select Network Setup > Access Port Adoption Defaults from the main menu tree. 2. Click the Configuration tab. 3. Select a radio from the table. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 224 ACS (Automatic Channel Selection) allows the switch to systematically assign channels. Default is Random. 11. After first selecting a channel, select a power level in dBm for RF signal strength in the Desired Power (dBm) field. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 225 If using an 802.11 bg radio, select this checkbox for the radio to transmit using a short preamble. Short preambles (this is not seen in improve throughput. However, some devices (SpectraLink phones) require long preambles. This checkbox does not Brocade Mobility display if using an 802.11a radio. RFS4000) Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 226 Clients receive enough bandwidth to ensure voice quality. Admission control is only available for TSPEC enabled voice clients. 16. In the Max Airtime for Voice field, specify a maximum percentage out of the radio's total airtime that may be used for voice. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 227 6. Click OK to use the changes to the running configuration and close the dialog. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 228: Configuring Layer 3 Access Port Adoption
Configuring WLAN Assignment Use the WLAN Assignment tab to assign WLANs and security schemes. To view existing WLAN Assignments: 1. Select Network > Access Port Adoption Defaults from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 229 Displays the VLAN ID of VLANs assigned to WLANs. By default, all WLANs are assigned to VLAN 1. 6. Click Apply to save the changes made within the screen. Click Revert to cancel the changes made and revert back to the last saved configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 230: Configuring Wmm
The ECW Max is combined with the ECW Min to make the Contention Window. From this range, a random number is selected for the back off mechanism. Lower values are used for higher priority traffic. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 231 Lower values are used for higher priority traffic. Enter a value between 0 and 15 for the Contention Window maximum value. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 232: Configuring Access Ports
Access Port. Use this information to determine whether the Access Port’s version supports the optimal feature set available for the network. To view existing adopted Access Port information: 1. Select Network > Access Port from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 233 Displays the software version the Access Port boots from. This information can be helpful when troubleshooting problems. Protocol Version Displays the version of the interface protocol between the Access Port and the switch. This information can be helpful when troubleshooting problems with the Access Port. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 234: Viewing Unadopted Access Ports
Click the Location LED button to flash the LEDs on the AP to assist in locating and identifying a selected AP within an installation. Viewing Unadopted Access Ports Use the Unadopted AP tab for gathering device hardware address and software version information for the Access Port. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 235 Additionally, the Access Port must be able to find the IP addresses of the switches on the network. To locate switch IP addresses on the network: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 236: Access Port Configuration
Displays the radio's first MAC address when it is adopted by the switch. AP Type Displays the Access Port type. Country Displays the country the Access Port is configured to operate in. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 237 These tags help distinguish data traffic. Authentication servers (such as RADIUS and Kerberos) must be on the same Management VLAN. Additionally, DHCP and BOOTP servers must be on the same Management VLAN as well. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 238 4. Check the Enable Logging to Syslog Server option to enable logging to an external Syslog server. Select the logging level from the drop-down menu. 5. Enter the IP address of the external Syslog server in the Syslog Server IP Addr field. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 239: Viewing Sensor Information
Use the Sensor tab to view information on Brocade Mobility 300 Access Points configured as sensors and if needed revert them to Access Ports. To view existing Sensor information: 1. Select Network > Access Port from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 240 Displays the current IP address for each sensor AP. Revert to AP Revert to AP Select a sensor AP from the table and click the button to return to convert the AP back to a standard Access Port. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 241: Configuring Secure Wispe
Pre-Staging is enabled and a red X indicates that Pre-Staging is disabled. 5. To edit the Secure WiSPe settings for an AP, select an AP from the Secure WiSPe Table and click the Edit button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 242: Configuring Adaptive Ap Firmware
Adaptive APs that associate with the switch. To view AP firmware information: 1. Select Network > Access Port from the main menu tree. 2. Click the AP Firmware tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 243 6. Click the OK button to save the changes and return to the AP Firmware tab. Editing an Existing AP Firmware Image To modify the AP Firmware Image settings: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 244 Adaptive AP image firmware. To update an AP image: 1. Select Networks > Access Port from the main menu tree. 2. Click the AP Firmware tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 245 You can update an AAP image from an external SFTP server using the SFTP Image Update button. To update using SFTP: 1. Select Networks > Access Port from the main menu tree. 2. Click the AP Firmware tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 246: Multiple Spanning Tree
Internal Spanning Tree (IST). The Common and Internal Spanning Tree (CIST) (which consists of the CST as well as all ISTs across regions) interconnects all bridges in the network. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 247: Configuring A Bridge
Configuring a Port • Viewing and Configuring Port Instance Details Configuring a Bridge Use the Bridge tab to configure the Bridge. This window displays bridge configuration details for the switch Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 248 MSTP name and revision number. This helps when keeping track of MSTP configuration changes. Increment this number with each configuration change. The revision level specifies the revision level of the current configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 249 Bridge Maximum Age Displays the BPDU maximum age value. If this is the root bridge, the value will be equal to the Configured Max Age. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 250: Viewing And Configuring Bridge Instance Details
Select an ID and click the Delete button to remove from the list. Creating a Bridge Instance To create a VLAN instance and associate it with a bridge as a numerical identifier: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 251: Configuring A Port
Use the Port tab to view and configure MSTP port parameters, including enabling/disabling the spanning tree algorithm on one or more ports (displaying the designated bridge and port/root information). To view and configure MSTP port details: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 252 When the OperPort PortFast BPDU Guard feature is set for a bridge, all PortFast-enabled ports that have the bpdu-guard set to default shut down the port on receiving a BPDU. When this occurs, the BPDU is not processed. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 253 “X” indicates the port as having point-to-point disabled. Select an Id and click the Edit button to revise the selected MSTP port configuration. Editing a MSTP Port Configuration To edit and reconfigure MSTP Port parameters. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 254 ForceFalse indicates this port should be treated as having a shared connection. A port connected to a hub is on a shared link, while one connected to a switch or workstation is a point-to-point link. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 255: Viewing And Configuring Port Instance Details
Displays the MSTP state of the port. Internal Root Cost Displays the Internal Root Cost of a path associated with an interface. The lower the path cost, the greater likelihood of the interface becoming the root. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 256: Igmp Snooping
On the wired side of the network, the switch floods all the wired interfaces. This feature reduces unnecessary flooding of multicast traffic in the network. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 257: Igmp Snoop Configuration
Multicast Router Ports Lists the ports used for Multicast Routing. Can be one of the available ge ports. IGMP Snoop Querier Configuration Use the IGMP Snoop Querier Config tab to view and configure IGMP Snoop Querier Configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 258 This is the common interval in seconds between two IGMP Queries generated by the IGMP Querier. This is valid for all VLANs. VLAN Index The index of the selected VLAN. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 259: Wired Hotspot
Wired Hotspot Configuration Use the Network > Wired Hotspot screen to configure the wired hotspot. To configure the wired hotspot: 1. Select Network > Wired Hotspot from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 260 When using an internal hotspot, ensure that traffic can pass on TCP port 444 between the switch’s internal Web server and the hotspot clients. To create a hotspot maintained by the switch’s own internal resources: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 261 Specify any additional text containing instructions or information for the users who access the Login page. This Internal option is only available if is chosen from the drop-down menu above. The default text is: “Please enter your username and password.” Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 262 6. Click the Restore Defaults button to revert to the default settings in the Internal (Generated) Web Page. Refer to the Allow List field, and enter any IP address (for internal or external Web sites) that may be accessed by the Hotspot user without authentication. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 263 Selecting the External option entails hosting your own external Web server using advanced Web content (using XML, Flash). To create a hotspot maintained by an external server: 1. Select Network > Wired Hotspot from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 264 Web. For example, the Login page URL can be the following: http://192.168.150. 5/fail.html?ip_address=192. 168.30.1. Here, 192.168.150.5 is the Web server IP address and 192.168.30.1 is the switch IP address. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 265 To use the Advanced option to define the wired hotspot: 1. Select Network > Wired Hotspot from the main menu tree. 2. Select an existing hotspot entry from those displayed within the Configuration tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 266 If using FTP, enter the User ID credentials required to transfer the configuration file from an FTP server. If using FTP, enter the Password required to send the configuration file from an FTP server. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 267 11. Click OK to use the changes to the running configuration and close the dialog. 12. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 268 Enter the TCP/IP port number for the primary and secondary servers acting as the Radius user authentication data source. The default port is 1812. RADIUS Shared Secret Provide a shared secret (password) for user credential authentication with the primary or secondary Radius server. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 269 5. Click OK to save the changes made to this screen. 6. Click Cancel to revert back to the last saved configuration and move back to the Network > Wired Hotspot > Edit screen. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 270 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 271: In This Chapter
Status field. In the case of file transfer operations, the transfer screen remains open during the transfer operation and remains open upon completion (with status displayed within the Status field). To display a Services Summary: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 272 An 11bg radio can be the neighbor of a 11a radio and either of them can self heal when one fails. For information on configuring self healing, see Configuring Self Healing on page 5-311. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 273: Dhcp Server Settings
When using the switch’s internal DHCP server ensure that traffic can pass on UDP ports 67 & 68 between the switch and the clients receiving DHCP information. To configure DHCP: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 274 Editing the Properties of an Existing DHCP Pool on page 5-263. To delete an existing DHCP pool from the list of those available, highlight the pool from within the Network Pool field and click the Delete button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 275 DHCP configuration. Use VLAN1 as a default interface if no others have been defined. 8. Additionally, define the IP Address and Subnet Mask used for DHCP discovery and requests between the DHCP Server and DHCP clients. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 276 Add a new DHCP pool as needed to suit the address distribution requirements of your network. To add a DHCP pool: 1. Select Services > DHCP Server from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 277 The IP address and subnet mask of the pool are required to match the addresses of the layer 3 interface in order for the addresses to be supported through that interface. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 278 Global Options screen and click the Remove button to delete the name and value. 5. Click OK to save and add the changes to the running configuration and forward the updates to the other peer switches comprising the mobility domain. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 279 Use the DDNS Servers field to define the IP addresses of the DNS servers. 8. Click OK to save and add the changes to the running configuration and close the dialog. 9. Refer to the Status field. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 280: Viewing The Attributes Of Existing Host Pools
The pool is the range of IP addresses for which addresses can be assigned. IP Address Displays the IP address for the client on this interface using the pool name listed. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 281: Configuring Excluded Ip Address Information
If IP addresses have been manually assigned and fixed, they need to be made available for the administrator to exclude from possible selection. To view excluded IP address ranges: 1. Select Services > DHCP Server from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 282: Configuring The Dhcp Server Relay
External DHCP Server and DHCP client (present on one of the switch’s available VLANs). NOTE DHCP Server and relay can run on different switch VLAN interfaces. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 283 Server on subnet1 to provide IP addresses to DHCP clients requesting IP addresses using DHCP relay. To view and configure DHCP relay information: 1. Select Services > DHCP Server from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 284 DHCP client or DHCP Server enabled. DHCP packets cannot be relayed to an onboard DHCP Server. The interface VLAN and gateway interface cannot be the same. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 285: Viewing Ddns Bindings
Internet. The dynamic assignment of IP addresses makes it necessary to update the DNS database to reflect the current IP address for a given name. To view switch DDNS binding information: 1. Select Services > DHCP Server from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 286: Viewing Dhcp Bindings
IP address from a pool of available addresses. To view detailed binding information: 1. Select Services > DHCP Server from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 287: Reviewing Dhcp Dynamic Bindings
Dynamic DHCP bindings automatically map a hardware address to an IP address from a pool of available addresses. The Dynamic Bindings tab displays only automatic bindings. To view detailed Dynamic DHCP Binding Status information: 1. Select Services > DHCP Server from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 288: Configuring The Dhcp User Class
The DHCP server assigns IP addresses from multiple IP address ranges. The DHCP user class associates a particular range of IP addresses to a device in such a way that all devices of that type are assigned IP addresses from the defined range. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 289 To view and configure the user class options associated with the particular class: 1. Select Services > DHCP Server from the main menu tree. 2. Select the User Class tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 290 The properties of an existing DHCP user class can be modified to suit the changing needs of your network. To modify the properties of an existing DHCP user class: 1. Select Services > DHCP Server from the main menu tree. 2. Select the User Class tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 291: Configuring Dhcp Pool Class
IP address from the range assigned to the class. If the client does not match any of the classes in the pool, it’s assigned the IP address from the pool’s default range (if configured). Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 292 2. Select the Pool Class tab. 3. Click on the Edit button from the Pool Class Names section. 4. Refer to the read-only Pool Name to ensure modifications are made to the correct pool name. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 293 Use the Insert button to enter the Start IP and End IP address range for a class. b. Select a address range and click Remove to delete that particular address range. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 294: Configuring Secure Ntp
When using the SNTP service, ensure that traffic can pass on UDP port 123 between the switch and the NTP server. To define the SNTP configuration: 1. Select Services > Secure NTP from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 295 The SNTP enabled switch compares the time reported by several sources, and does not synchronize to a time source whose time is significantly different than others, even if its stratum is lower. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 296: Configuring Symmetric Key
To review existing Symmetric Key configurations, and (if necessary) add a new one: 1. Select Services > Secure NTP from the main menu tree. 2. Select the Symmetric Keys tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 297 A trusted key should be used when a public key is known, but cannot be securely obtained. Adding a trusted key allows data to be considered secure between the switch and its SNTP resource. 9. Refer to the Status field. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 298: Defining A Ntp Neighbor Configuration
SNTP configuration. To review the switch’s existing NTP neighbor configurations: 1. Select Services > Secure NTP from the main menu tree. 2. Select the NTP Neighbor tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 299: Adding An Ntp Neighbor
To add a new NTP peer or server neighbor configuration to those available for synchronization: 1. Select Services > Secure NTP from the main menu tree. 2. Select the NTP Neighbor tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 300 9. Use the NTP Version drop-down menu to select the version of SNTP to use with this configuration Currently version three and version four implementations of NTP are available. The latest version is NTPv4, but the official Internet standard is NTPv3. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 301: Viewing Ntp Associations
(only the switch synchronizes to the SNTP resource, not the other way around). To review the switch’s current SNTP associations: 1. Select Services > Secure NTP from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 302 The offset gravitates toward zero over time, but never completely reduces its offset to zero. Dispersion (sec) Displays how scattered the time offsets are (in seconds) from a SNTP time server Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 303: Viewing Ntp Status
After an NTP synchronization using a Symmetric Key, the NTP status will not automatically update. To review the switch’s current NTP associations: 1. Select Services > Secure NTP from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 304 Root Dispersion Displays the nominal error relative to the primary time source in seconds. The values that normally appear in this field range from 0 to several hundred milliseconds. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 305: Configuring Switch Redundancy & Clustering
WS1 is executed on the other switches at the same time. This is done by the cluster-protocol running on WS1, by duplicating the commands and sending them to the group over the virtual connection: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 306 When using the redundancy feature make sure that UDP traffic on port 51515 is open between the redundant switches. To view status and membership data and define a redundancy group configuration, refer to the following: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 307: Configuring Redundancy Settings
‘Active’ members adopt Access Ports except the ‘Standby’ members who adopt Access Ports only when an ‘Active’ member has failed or sees an access-port not adopted by a switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 308 (passive) mode only if all configured members are up again. The revert function does not push APs to the primary switch unless the primary switch has failed over. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 309: Reviewing Redundancy Status
Reviewing Redundancy Status The switch is capable of displaying the status of the collective membership of the cluster. Use this information to assess the overall health and performance of the group. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 310 AAP Licenses in group Displays the number of adaptive access ports that can be adopted in the redundancy group. Access Ports in group Displays the total number of Access Ports adopted by the entire membership of the redundancy group. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 311 Displays the number of Clients currently associated with the radio(s) used with this switch switch. Compare this number with the number of Clients within the group to determine how effectively Clients are distributed within the cluster. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 312: Configuring Redundancy Group Membership
2 members needed to comprise a Redundancy Group, including the initiating switch To configure switch redundancy memberships: 1. Select Services > Redundancy from the main menu tree. The Redundancy screen displays with the Configuration tab selected. 2. Select the Member tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 313 Member screen. To review the details 1. Select Services > Redundancy from the main menu tree. The Redundancy screen displays with the Configuration tab selected. 2. Select the Member tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 314 First Seen Displays the time this member was first seen by the switch. Last Seen Displays the time this member was last seen by the switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 315 3. Select the Add button. 4. Enter the IP Address of a new member. 5. Click OK to save and add the changes to the running configuration and close the dialog. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 316: Redundancy Group License Aggregation Rules
Web UI allowing you to see APs and Clients managed by all active members of a cluster. To enable the Cluster GUI feature: 1. Select Services > Redundancy from the main menu tree Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 317: Layer 3 Mobility
Refer to the following sections to configure Layer 3 Mobility: • Configuring Layer 3 Mobility • Defining the Layer 3 Peer List • Reviewing Layer 3 Peer List Statistics • Reviewing Layer 3 client Status Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 318: Configuring Layer 3 Mobility
A full mesh of GRE tunnels can be established between mobility peers. Each tunnel is between a pair of switches and can handle data traffic for all Clients (for all VLANs) associated directly or indirectly with the client. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 319 4. Use the Roam Interval to define maximum length of time Clients within selected WLAN are allowed to roam amongst different subnets. 5. Refer to the table of WLANs and select the checkboxes of those WLANs you wish to enable Layer 3 mobility for. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 320: Defining The Layer 3 Peer List
To define the Layer 3 Peer List: 1. Select Services > Layer 3 Mobility from the main menu tree. The Layer 3 Mobility screen appears with the Configuration tab displayed. 2. Select the Peer List tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 321: Reviewing Layer 3 Peer List Statistics
To view layer 3 peer statistics 1. Select Services > Layer 3 Mobility from the main menu tree. The Layer 3 Mobility screen appears with the Configuration tab displayed. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 322 This L2-ROAM message is then forwarded by the old home switch to each peer. 4. Click the Clear Statistics button to remove the data displayed for the selected peer IP address. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 323: Reviewing Layer 3 Client Status
(configured in detector mode) informs the switch a particular radio is not transmitting beacons. To configure self-healing on the switch: 1. Select Services > Self Healing from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 324: Configuring Self Healing Neighbor Details
The Neighbor Details page displays all the radios configured on the switch and their neighbor designations. To configure self-healing on the switch: 1. Select Services > Self Healing from the main menu tree. The Self Healing page launches with the Configuration tab displayed. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 325 4. Highlight an existing neighbor and click the Edit button to launch a screen designed to modify the self healing action and/or neighbors for the radio. For more information, see Editing the Properties of a Neighbor on page 5-314. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 326 Raise Power - The radio raises its transmit power to the maximum provided its power is lower than the maximum permissible value. • Both - The radio will open its rates as well as raise its power. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 327: Configuring Switch Discovery
This allows users to perform other configuration operations when discovery is running in the background. Configuring Discovery Profiles To configure switch discovery: 1. Select Services > Discovery from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 328 Adding a New Discovery Profile on page 5-317. 6. Click the Start Discovery button to display a Read Community String (SNMP v2) or V3 Authentication (SNMP v3) screen. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 329 To create a new switch discovery profile: 1. Select Services > Discovery from the main menu tree. 2. Click the Add button at the bottom of the screen. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 330: Viewing Discovered Switches
UI enables users display the Web UI of the discovered device in a separate browser window. To view the devices located by the switch: 1. Select Services > Discovery from the main menu tree. 2. Select the Recently Found Devices tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 331 Discovery Profiles tab and selected a different profile for the switch discovery process. 4. If a discovered switch is of no interest, select it from amongst the discovered devices displayed and click the Delete button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 332: Locationing
Additionally the zones perimeter must not overlap another defined zone. Each Zone is assigned a ZoneID which is in turn used in creating the ACLs which will deny admission within that specific zone. The following figure shows some sample zones Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 333: Rtls Overview
Sites are defined on an X,Y axis with the upper left corner of the site being assigned a value of 0,0. When locations of tags are displayed they are displayed in the same X,Y format relative to the origin value of 0,0. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 334 The acceptable range for height is 0-20m or 0-60ft. Height is an optional parameter and is not taken into account by the locationing algorithm. Unit Use the pull-down menu to select the unit of measure used for dimensions. The options are feet or meters. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 335: Configuring Sole Parameters
1. To add AP Location information for your site: Select Services > RTLS from the main menu tree. 2. Select the Site tab. 3. Click the Add button. Configuring SOLE Parameters To configure the switch’s internal SOLE locationing engine: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 336 The client MAC table allows you to manually add or remove MAC Addresses which can be located by the SOLE engine. This supports a maximum of 512 Clients. This table is disabled when the Locate All Clients checkbox is selected. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 337: Configuring Aeroscout Parameters
Zone configuration can be defined using the CLI interface only. For information on Zone Configuration please see the Brocade RF Switch CLI Reference. Configuring Aeroscout Parameters To configure the switch to work with an external Aeroscout RTLS engine: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 338 Displays the number of messages received by the switch from the external Aeroscout RTLS engine. Last Msg RX Time Displays the Date and Time that the last message was received from the external Aeroscout RTLS engine. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 339: Configuring Ekahau Parameters
Zone configuration can be defined using the CLI interface only. For information on Zone Configuration please see the Brocade RF Switch CLI Reference. Configuring Ekahau Parameters To configure the switch to work with an external Ekahau RTLS engine: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 340 Displays the number of Tag Reports received from the external Ekahau RTLS engine. 10. To use the onboard SOLE engine to locate Ekahau tags check the Enable checkbox. This is enabled immediately after checking the box. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 341 When no zones are configured, the switch defaults the entire site to Zone 0. NOTE Zone configuration can be defined using the CLI interface only. For information on Zone Configuration please see the Brocade RF Switch CLI Reference. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 342 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 343: In This Chapter
Status field remains displayed. In the case of file transfer operations, the transfer screen remains open during the transfer operation and remains open upon completion (with status displayed within the Status field). To view main menu security information: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 344: Access Point Detection
Use the Access Point Detection menu options to view and configure the detection of other Access Points. The Access Point Detection screen consists of the following tabs: • Enabling and Configuring AP Detection Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 345: Enabling And Configuring Ap Detection
Define a value (in seconds) the switch uses to remove Access Points that have not communicated with the switch. timeout The range is from 1-65535 seconds, with a default of 300 seconds. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 346 To add a new address range or modify the address range used to designate devices as allowed: 1. Select Security > Access Point Detection from the main tree menu. 2. Click the Configuration tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 347: Authorized / Ignored Aps
Access Point was incorrectly defined as approved and requires categorization as an unapproved and disallowed AP. To review the attributes of allowed APs: 1. Select Security > Access Point Detection from the main menu. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 348: Unauthorized Aps (Ap Reported)
Security > Access Point Detection > Configuration screen. To view Access Port detected unapproved Access Points: 1. Select Security > Access Point Detection from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 349 Access Point MAC addresses. The number of Unapproved APs updates accordingly as devices are added and removed. Click the Export button to export the contents of the table to a Comma Separated Values file (CSV). Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 350: Unauthorized Aps (Client Reported)
Use the rogue AP Containment feature to provide protection from rogue Access Points by disrupting traffic to mobile units associated with the Rogue AP and prevents new mobile units from getting associated to the Rogue AP. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 351 6. To manually add a rogue AP to the table, click the Add button and enter the MAC address of the known rogue AP. To remove an AP from the rogue AP table, select that AP and click the Delete button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 352: Wireless Intrusion Detection / Protection
3. Within the Collection Settings field, set the Detection Window interval (in seconds) the switch uses to scan for client violations. The available range is from 5 - 300 seconds. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 353 ESSIDs can be added and removed. NOTE If using the Frames with known bad ESSIDs violation parameter if no ESSIDs are entered in the Bad Essid Config dialogue, this parameter will not function. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 354: Viewing Filtered Clients
To view status of those Clients filtered using the settings defined within the Configuration tab: 1. Select Security > Wireless IDS/ IPS from the main tree menu. 2. Click on the Filtered Clients tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 355: Configuring Firewalls And Access Control Lists
When a packet is received on an interface, the switch compares the fields in the packet against any applied ACLs to verify the packet has the required permissions to be forwarded, based on the criteria specified in the access lists. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 356: Acl Overview
LAN from which they arrived rather than filtering the packets arrived on Layer 2 ports. For more information, see • Router ACLs • Port ACLs • Wireless LAN ACLs • ACL Actions • Precedence Order Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 357 The switch supports Port ACLs on physical interfaces and inbound traffic only. The following Port ACLs are supported: • Standard IP ACL— Uses a source IP address as matching criteria. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 358 ACL replaces the previously configured one. Wireless LAN ACLs Wireless LAN ACLs filter/mark packets based on the wireless LAN from which they arrive rather than filtering packets on Layer 2 ports. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 359 Either delete the entry or add new entries with precedence values less than 5000. A user can add a maximum of 500 ACE's in an ACL. • Rules within an ACL are displayed in an ascending order of precedence. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 360: Attaching An Acl On A Wlan Interface/Port
Displays whether the WLAN ACL is configured to work in an inbound or outbound direction. 5. Select a WLAN (by row) and click Edit to modify the WLAN Index, IP ACL and MAC ACL values. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 361: Attaching An Acl Layer 2/Layer 3 Configuration
11. Click Cancel to close the dialog without committing updates to the running configuration. Attaching an ACL Layer 2/Layer 3 Configuration Use the Attach-L2/L3 screen to view and assign the ACL to a physical interface or VLAN. To attach an interface: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 362 4. Refer to the following information as displayed within the Attach tab: Interface The interface to which the switch is configured. It can be one of the following: • ge 1-8 for Brocade Mobility RFS6000 and it is ge 1-5 Brocade Mobility RFS4000 • up 1 •...
Page 363: Configuring The Role Based Firewall
Use the Attach Role screen to view and assign an ACL to a role. To attach a role: 1. Select Security > Wireless Firewall from the main menu tree. 2. Click the Security Policy tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 364 To add an ACL interface to the switch: 1. Select Security > Wireless Firewall from the main menu tree. 2. Click the Security Policy tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 365: Attaching Adaptive Ap Wlans
To display the AAP WLANs page: 1. Select Security > Wireless Firewall from the main menu tree. 2. Click on the Security Policy tab. 3. Click on the Wireless Filters tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 366 To Edit an AAP WLANs page: 1. Select Security > Wireless Firewall from the main menu tree. 2. Click on the Security Policy tab. 3. Click on the Wireless Filters tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 367 IP ACL Select an IP ACL configured for the WLAN interface in the inbound/outbound direction. Inbound/Outbound Select either the Inbound or Outbound radio button to define which direction the ACL applies. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 368: Attaching Adaptive Ap Lans
5. Select an interface and click on Edit to modify the LAN Index, IP ACL and MAC ACL values. For more information see,Editing an Adaptive AP LAN on page 6-357. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 369: Configuring Wireless Filters
To display the Wireless Filters main page: 1. Select Security > Wireless Firewall from the main menu tree. 2. Click on the Security Policy tab. 3. Click on the Wireless Filters tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 370 Edit button. For more information see, Editing an Existing Wireless Filter on page 6-359. If an existing filter is now obsolete, select it from those listed and click the Delete button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 371: Editing An Existing Wireless Filter
8. Modify the existing Ending MAC for the target Index. Enter the same Starting MAC address within the Ending MAC field to use only the Starting MAC address as either allowed or denied access to the switch managed network. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 372: Adding A New Wireless Filter
MAC addresses (or a single MAC address) either allowed or denied access to the switch managed network. Enter a new Index to define a new MAC Address range and allow/deny ACL Index designation. 6. Enter the a hex value for the Starting MAC address. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 373: Associating An Acl With Wlan
1. Select Security > Wireless Firewall from the main menu tree. 2. Click the Security Policy tab. 3. Click the Wireless Filters tab. 4. Select one or more of the existing ACLs from the filters list. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 374: Configuring The Firewall
4. Add a new ACL entry as explained in Appendix , Adding a New ACL. 5. The Configuration tab consists of the following two fields: • ACLs - existing access lists • Associated Rules - allow/deny rules Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 375 1. Select Security > Wireless Firewall from the main tree menu. 2. Click the Configuration tab. 3. Click on the ACL tab to view the list of ACLs currently associated with the switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 376 Adding a New ACL Rule To add a new rule: 1. Select Security > Wireless Firewall from the main tree menu. 2. Click the Configuration tab. 3. Click the ACL tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 377 Editing an Existing Rule As network and access permission requirements change, existing ACL rules need to be modified to be relevant with new client access requests. To modify an existing ACL rule: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 378 11. Use the Source Address field to revise (if necessary) the IP address where the packets are sourced. NOTE If an Extended IP ACL is used, a Destination Wildcard/Mask and Destination Address are required. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 379: Configuring Layer 2 Firewall
Displays the ARP trust status for the selected L2 interface. Trusted ARP packets are also used to update the DHCP Snoop Table to prevent IP spoof and arp-cache-poisoning attacks. By default, none of the physical or aggregate interfaces are ARP trusted. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 380 ARP Trust Select to enable ARP trust on this interface. ARP packets received on this interface are considered trusted and information from these packets is used to identify rogue devices. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 381: Configuring Wlan Firewall Rules
Configuring WLAN Firewall rules To review WLAN firewall rules: 1. Select Security > Wireless Firewall from the main tree menu. 2. Click the Configuration tab. 3. Click the WLAN tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 382 5. If the properties of an existing WLAN firewall setting fulfill to your needs but still require modification to better filter traffic, select the WLAN and click the Edit button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 383 Configure whether or not mobile unit deauthentication is enabled for each WLAN. If enabled any associated mobile unit which hit the thresholds configured for storm traffic will be deauthenticated. To enable deauthentication, check the box. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 384: Configuring Denial Of Service (Dos) Attack Firewall Rules
To review Denial of Service Attack firewall rules: 1. Select Security > Wireless Firewall from the main tree menu. 2. Click the Configuration tab. 3. Click the DoS Attack tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 385 Displays the amount of time since each DoS attack has been observed by the switch firewall. Clicking the Stats Last Occurrence button on this page will reset all timers to 0:00:00.00. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 386: Configuring The Role
11. Click the Revert button to cancel any changes made within the DoS Attach screen and revert back to the last saved configuration. Configuring the Role To view configured roles: 1. Select Security > Wireless Firewall from the main tree menu. 2. Click the Configuration tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 387 To edit an existing role, click the Edit button and modify the filter settings. 8. To remove a role, select that rule from the table and click the Delete button. A confirmation will be displayed before the rule is deleted from the switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 388 Not Contains : The role will be applied when the ESSID does not contain the string specified in the role • : The role will be applied to any ESSIDs Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 389: Configuring Firewall Logging Options
8. Click Cancel to close the dialog without committing updates to the running configuration. Configuring Firewall Logging Options To view firewall logging rules: 1. Select Security > Wireless Firewall from the main tree menu. 2. Click the Configuration tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 390 3. Click the Log Options tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 391 Error • Warning • Notice • Info • Debug • None To change the logging level, click on the specific field and choose the logging level from the pull-down menu. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 392 5. When all logging options have been modified, click the Apply button to commit those changes to the switch. 6. To undo any changes and go back to the previously saved logging options, click the Revert button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 393: Reviewing Firewall And Acl Statistics
Displays the number of packets (in bytes) transmitted over the ACL. Packets Out Displays the number of instances this ACL has been used. Periodically review to determine whether specific ACLs should be deleted or modified to make relevant. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 394 To review DHCP Snoop Entry statistics: 1. Select Security > Wireless Firewall from the main menu tree. 2. Click the Statistics tab. 3. From the Statistics section select the DHCP Snoop Entry tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 395 To review Role Based Firewall statistics: 1. Select Security > Wireless Firewall from the main menu tree. 2. Click the Statistics tab. 3. From the Statistics section select the Role tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 396 Displays the number of times each AAP LAN Inbound ACL has been triggered. Viewing Adaptive AP WLAN Statistics To review Adaptive AP WLAN statistics: 1. Select Security > Wireless Firewall from the main menu tree. 2. Click the Statistics tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 397: Configuring Nat Information
IP address either belongs to the switch or from a pool of global addresses. The switch NAT configuration process is divided into the following configuration activities: • Defining Dynamic NAT Translations Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 398: Defining Dynamic Nat Translations
Refer to the NAT screen’s Dynamic Translation tab to view existing dynamic NAT configurations available to switch. To view and add/edit a dynamic NAT configuration: 1. Select Security > NAT from the main menu tree. 2. Click on the Dynamic Translation tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 399 If the existing NAT configurations displayed with the Configuration prove unsuitable for translation, consider creating a new one. To define a new NAT configuration: 1. Select Security > NAT from the main menu tree. 2. Click on the Dynamic Translation tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 400 11. Click OK to use the changes to the running configuration and close the dialog. 12. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 401: Defining Static Nat Translations
NAT engine. There the destination IP address is changed back to the specific internal private class IP address to reach the LAN over the switch managed network. Protocol Displays the tcp or udp option selected for use with the static translation. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 402 4. Define the NAT Type from the drop-down menu. Options include: • Inside - The set of networks subject to translation. These are the internal addresses you are trying to prevent from being exposed to the outside world. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 403: Configuring Nat Interfaces
NAT interface, in addition to any other VLANs created. In addition to selecting the VLAN, specify the Inside or Outside NAT type. To view and configure a NAT interface: 1. Select Security > NAT from the main menu tree. 2. Click on the Interfaces tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 404 Click OK to use the changes to the running configuration and close the dialog. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 405: Viewing Nat Status
For the default isakmp policy to be picked up for AAP adoption you must first create the default isakmp policy as a new policy with default parameters. This needs to be done if multiple crypto isakmp policies are needed in the switch configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 406: Defining The Ike Configuration
Please note that RSA keys are not supported for IKE negotiation on this switch. Highlight an existing set of pre-shared Keys and click the Edit button to revise the existing peer IP address and key. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 407: Setting Ike Policies
When IKE negotiations begin, the peer initiating the negotiation sends its policies to the remote peer. The remote peer searches for a match with its own policies using the defined priority scheme. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 408 Encryption strength is great enough to ensure security without using fast rekey times. Brocade recommends using the default value. DH Group Displays the Diffie-Hellman (DH) group identifier. IPSec peers use the defined value to derive a shared secret without transmitting it to one another. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 409 Options include: • SHA - The default value. • MD5 - MD5 has a smaller digest and is somewhat faster than SHA-1. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 410: Viewing Sa Statistics
Phase 1 done Displays whether this index is completed with the phase 1 (authentication) credential exchanged between peers. Created Date Displays the exact date the SA was configured for each index displayed. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 411: Configuring Ipsec Vpn
An IPSec client needs an IP address before it can connect to the VPN Server and create an IPSec tunnel. A DHCP Server needs to be configured on the interface to distribute public IP addresses to the IPSec clients. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 412 For more information on configuring IPSec VPN, refer to the following: • Defining the IPSec Configuration • Defining the IPSec VPN Remote Configuration Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 413: Defining The Ipsec Configuration
Revert Revert Click the button to disregard any changes you have made and revert back to the last saved configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 414 VPN peers. To edit the attributes of an existing transform set: 1. Select Security > IPSec VPN from the main menu tree. 2. Click the Configuration tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 415 To edit the attributes of an existing transform set: 1. Select Security > IPSec VPN from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 416: Defining The Ipsec Vpn Remote Configuration
IPSec VPN tunnel. The Remote tab is also used for defining the IP address range used within the IPSec VPN tunnel and configuring the authentication scheme for user permissions within the IPSec VPN tunnel. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 417 5. Click the Edit button (within the IP Range tab) to modify the range of existing IP addresses displayed. 6. Select an IP address range index and click the Delete button to remove this range from those available within the IP Range tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 418: Configuring Ipsec Vpn Authentication
User Table radio button) or if no authentication is used for credential verification (by selecting the No Authentication radio button). 4. Enter a NAS ID for the NAS port. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 419 9. If the User Table checkbox was selected from within the Configuration field, select the User Table tab to review the User Name and Passwords defined for use. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 420: Configuring Crypto Maps
Crypto Maps (referring to small identity sections). To define the Crypto Map configuration: 1. Select Security > IPSec VPN from the main menu tree. 2. Click the Crypto Maps tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 421 Displays the number of peers used by each Crypto Map displayed. SA Lifetime (secs) Displays a SA Lifetime (in seconds) that forces the periodical expiration and re-negotiation of peer credentials. Thus, continually validating the peer relationship. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 422 Use the Remote Type drop-down menu to specify a remote type (either XAuth or L2TP). Optionally select the SA Per Host checkbox to specify that separate IPSec SAs should be requested for each source/destination host pair. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 423 4. If a Crypto Map Seq # or IKE peer requires revision, select it from amongst those displayed and click the Edit button. 5. Select an existing Crypto Map and click the Delete button to remove it from the list of those available to the switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 424 To review, revise or add a Crypto Map using a manually defined security association: 1. Select Security > IPSec VPN from the main menu tree. 2. Click the Crypto Maps tab and select Manual SAs. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 425 Select either the AH or ESP radio button to define whether the Crypto Map’s manual security association is an AH Transform Authentication scheme or an ESP Encryption Transform scheme. The AH SPI or ESP SPI fields become enabled depending on the radio button selected. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 426 4. Select an existing Crypto Map and click the Edit button to revise its Seq #, Name and Transform Set. 5. Select an existing entry from the table and click the Delete button to remove it from the list. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 427 Crypto Map for each interface. 1. Select Security > IPSec VPN from the main menu tree. 2. Click the Crypto Maps tab and select Interfaces. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 428: Viewing Ipsec Security Associations
VPN peers as well other device address information. To display IPSec VPN security associations: 1. Select Security > IPSec VPN from the main menu tree. 2. Click the IPSec SAs tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 429: Configuring The Radius Server
For an overview on the switch’s Radius deployment, see Radius Overview on page 6-418. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 430: Radius Overview
EAP authentication types are supported by the switch’s onboard Radius server: • • TLS and MD5 • TTLS and PAP • TTLS and MSCHAPv2 • PEAP and GTC • PEAP and MSCHAPv2 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 431 User ID in the received access request is mapped to the associated wireless group for authentication. The switch supports the creation of 500 users and 100 groups within its local database. Each group can have a maximum of 500 users. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 432: Using The Switch's Radius Server Versus An External Radius
For information on configuring an external Radius Server, see Configuring External Radius Server Support on page 4-128. For instructions on how to configure the switch’s local Radius Server, see Defining the Radius Configuration on page 6-421. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 433: Defining The Radius Configuration
5. Set a Retires value (between 3and 6) to define the number of times the switch transmits each Radius request to the server before giving up. The default value is 3. 6. Click the Apply button to save the changes made to within the Global Settings field. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 434 6. To create a new Radius client configuration, click the Add button at the bottom of the screen. a. Specify the IP Address/Mask of the subnet or host authenticating with the Radius client. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 435 Create a new User ID Suffix as an abbreviation to differentiate the configuration from others with similar attributes. b. Specify the IP Address of the new Radius proxy server. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 436: Configuring Radius Authentication And Accounting
Radius accounting supplies administrators with user data as Radius sessions are started and terminated. To define the Radius authentication and accounting configuration: 1. Select Security > Radius Server from the main menu. 2. Select the Authentication tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 437 Specify the group attribute used by the LDAP server. Net Timeout Enter a timeout value (between 1-10 seconds) the system uses to terminate the connection to the Radius Server if no activity is detected. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 438: Configuring Radius Users
The Users tab is employed when Local is selected as the Auth Data Source within the Authentication & Accounting tab. To define the Radius user permissions for switch access: 1. Select Security > Radius Server from the main menu. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 439 5. If an existing user is no longer needed, select the user from those displayed and click the Delete button to permanently remove the user. 6. To create a new user for use with the local Radius server, click the Add button and provide the following information. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 440 Add -> Remove <- Available Groups Use the Available Groups functions to map groups (for inclusion) for this specific user. Configured Group Displays existing groups available for the user. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 441: Configuring Radius User Groups
To access the configuration of existing user groups: 1. Select Security > Radius Server from the main menu. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 442 5. Refer to the Time of access in days field to assess the intervals (which days) the group has been assigned access to the switch managed network (after each user has been authenticated). At least one day is required. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 443 Set the rate limit from the wireless client to the network when using Radius authentication. A rate limit of 0 disables (0,100-100000) rate limiting for this direction. Any rate limit obtained through radius server authentication overwrites the initial user rate limit for the given client. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 444: Viewing Radius Accounting Logs
Remote user information can be archived to a location outside of the switch for periodic network and user permission administration. To display the Radius accounting logs: 1. Select Security > Radius Server from the main menu. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 445: Creating Server Certificates
• create a new key • upload/download keys to and from the switch to and from a server or local disk • delete all the keys in the switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 446: Using Trustpoints To Configure Certificates
State/Prov. stated. Organization (O) Displays the name of the organization making the certificate request. Org. Unit (OU) Displays the name of the organizational unit making the certificate request. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 447 To create a Server Certificate or import a CA Root Certificate: 1. Select Security > Server Certificates from the main menu tree. 2. Click the Certificate Wizard button on the bottom of the screen. 3. Use this wizard for: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 448 Generate a self signed certificate — Configure the properties of a new self-signed certificate. Once the values of the certificate are defined, the user can create and install the certificate. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 449 Use a new key — Select this option to create a new key for the trustpoint. Define a key name and size as appropriate. Associate the certificate selected with one of the options provided in the Specify a key for your new certificate and click the Next button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 450 Organization Unit Enter an Org. Unit for the name of the organization unit used in the Self-Signed Certificate. By default, it is Wireless Switch Division. This is a required field. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 451 8. Click Next to proceed with the certificate creation. If you created a self-signed certificate on page 2, the wizard completes and displays the details of the newly created self-signed certificate. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 452 CA root certificate use with a trustpoint. Delete trustpoint properties as they become obsolete or the properties of a certificate are no longer relevant to the operation of the switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 453 3. Select and use the Remove certificates from this trustpoint drop-down menu define the trustpoint that will have either its Server Certificate or CA Root Certificate removed Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 454: Configuring Trustpoint Associated Keys
If none of the keys listed within the Keys tab are suitable for use with a certificate, consider creating a new key pair. 1. Select Security > Server Certificates from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 455 4. Use the From drop-down menu to specify the location from which the log file is sent. If only the applet is available as a transfer location, use the default switch option. 5. Select a target file for the file transfer from the File drop-down menu. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 456: Configuring Enhanced Beacons And Probes
The Enhanced Probes and Beacons screens displays four tabs supporting the following configuration activities: • Configuring the Beacon Table • Configuring the Probe Table • Reviewing Found Beacons • Reviewing Found Probes Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 457: Configuring The Beacon Table
To configure enhanced beacons: 1. Select Security > Enhanced Probe/Beacon Table from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 458 (within the 802.11a Radios field) to enable all 802.11a radios from receive beacons. Disable all Disable all Select the button (within the 802.11a Radios field) to disable all 802.11a radios from receiving beacons. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 459: Configuring The Probe Table
Brocade RFMS maintained site map. To configure enhanced beacons: 1. Select Security > Enhanced Probe/Beacon Table from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 460 14. Click the Revert button to undo the changes to the screen and revert to the last saved configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 461: Reviewing Found Beacons
Probes Found tab is read-only with no user configurable parameters. To view the enhanced beacons table report: 1. Select Security > Enhanced Probe/Beacon Table from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 462 Displays the channel frequency used when the unadopted client was detected. Heard Time Displays the time the unadopted client was detected. 4. Select the Clear Report button to clear the statistic counters and begin a new data calculation. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 463: In This Chapter
(with status displayed within the Status field). To display the main Management screen: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 464: Configuring Access Control
The Access Control screen is not meant to function as an ACL (in routers or other firewalls), where you can specify and customize specific IPs to access specific interfaces. To configure access control settings: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 465 Use the Trustpoint drop-down menu to select the local or default trustpoint used with a HTTPS session with the switch. For information on creating a new certificate, see Creating Server Certificates on page 6-433. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 466: Configuring Snmp Access
SNMP interface. NOTE The SNMP facility cannot retrieve a configuration file directly from its SNMP interface. First deposit the configuration file to a computer, then FTP the file to the switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 467: Configuring Snmp V1/V2 Access
The Access Control field specifies a read-only (R) access or read/write (RW) access for the community. Read-only access allows a remote device to retrieve information, while read/write access allows a remote device to modify Edit settings. Click the button to modify an existing Access Control permission. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 468: Configuring Snmp V3 Access
Refer to the v3 screen to review the current SNMP v3 configuration. An Existing User Name can be selected and edited, enabled or disabled. NOTE The SNMP undo feature is not supported in this product. To review existing SNMP v3 definitions: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 469 6. Highlight an existing SNMP v3 User Name and click the Disable button to disable the log-in for the specified user. When selected the status of the user is defined as inactive. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 470: Accessing Snmp V2/V3 Statistics
The screen also displays Usm Statistics (SNMP V3 specific events specific to the User-based Security Model) and their values. To edit an SNMP v3 user profile: 1. Select Management Access > SNMP Access from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 471: Message Parameters
This data is helpful in troubleshooting Usm (Authentication and Encryption) related problems within the network. Message Parameters To view Message Parameters: 1. Select Management Access > SNMP Access from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 472: Configuring Snmp Traps
It is also used for modifying the existing threshold conditions values for individual trap descriptions. Refer to the tabs within the SNMP Trap Configuration screen to conduct the following configuration activities: • Enabling Trap Configuration • Configuring Trap Thresholds Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 473: Enabling Trap Configuration
NSM trap family parent item Enable all sub-items and click to enable all traps within the NSM category. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 474 10. Click Apply to save the trap configurations enabled using the Enable or Enable all sub-items options. 11. Click Revert to discard any updates and revert back to its last saved configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 475 Enter an e-mail address that will serve as the From address for the notifications sent by the switch. Subject Prefix Enter a short subject line that will prepend the subject line in each outgoing notification e-mail. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 476: Configuring Trap Thresholds
Set a threshold value for adopted APs. Use the as input criteria to define an appropriate Threshold Value unique to the APs within the network. For information on specific values, see Wireless Trap Threshold Values on page 7-466. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 477 6. Click the Apply button to save changes made to the screen since the last saved configuration. Click the Revert button to revert the screen back to its last saved configuration. Changes made since the contents of the screen were last applied are discarded. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 478: Configuring Snmp Trap Receivers
(including destination address, port, community and trap version). A new v2c or v3 trap receiver can be added to the existing list by clicking the Add button. To configure the attributes of SNMP trap receivers: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 479 Port Number and v2c or v3 designation to the new trap. Add trap receivers as needed if the existing trap receiver information is insufficient. For more information, see Adding SNMP Trap Receivers on page 7-468. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 480: Editing Snmp Trap Receivers
To add a new SNMP trap receiver: 1. Select Management Access > SNMP Trap Receivers from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 481: Creating And Managing Users
To configure the attributes of Local User Details: 1. Select Management Access > Users from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 482 Local users are those users connected directly into the switch and do not require any sort of configurable remote connection. To create a new local user: 1. Select Management Access > Users from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 483 6. Select the access modes to assign to the new user from the options provided in the Access Modes panel. Select one or more of the following options: Console This option provides the new user access to the switch using the console. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 484 Web User Administrator Web User Assign privileges (if necessary) to add users for Web authentication (hotspot). Administrator Super User Super User Select (if necessary) to assign complete administrative rights. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 485 A guest user added from switch Web UI will be 5 minutes ahead of the switch's current time. To create a guest administrator: 1. Select Management Access > Users from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 486: Configuring Switch Authentication
The Radius configuration described in this section is independent of other Radius Server configuration activities performed using other parts of the switch. 1. Select Management Access > Users from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 487 Displays the IP address of the external Radius server. Ensure this address is a valid IP address and not a DNS name. Port Displays the TCP/IP port number for the Radius Server. The port range available for assignment is from 1 - 65535. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 488 The Users screen displays. 2. Click on the Authentication tab. 3. Select an existing Radius Server from those listed and click the Edit button at the bottom of the screen. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 489 1. Select Management Access > Users from the main menu tree. The Users screen displays. 2. Select the Authentication tab. 3. Click the Add button at the bottom of the screen. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 490 External Radius Server Settings When using an external Radius Server with the switch, ensure that the following values are configured on your server to ensure maximum compatibility with the switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 491 NOTE: To configure multiple access methods this value can be set multiple times with different access values, or the desired values can be added together and and entered as a single value. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 492 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 493: In This Chapter
Status field and the screen remains displayed. In the case of file transfer operations, the transfer screen remains open during the transfer operation and remains open upon completion (with status displayed within the Status field). Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 494: Switch Environment
5. Use the Temperature Sensors field to monitor the CPU and system temperatures. This information is extremely useful in assessing if the switch exceeds its critical limits. NOTE A RF7000 Series Switch has six sensors. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 495: Cpu Performance
If CPU usage is substantial during periods of low network activity, then perhaps, the situation requires troubleshooting. 6. Click the Apply button to commit and apply the changes. Click the Revert button to revert back to the last saved configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 496: Switch Memory Allocation
Buffers current usage Limit The buffer limit. 6. Click the Apply button to commit and apply the changes. Click the Revert button to revert back to the last saved configuration. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 497: Switch Disk Allocation
6. Click the Revert button to revert back to the last saved configuration. Switch Memory Processes The Processes tab displays the number of processes in use and percentage of memory usage limit per process. 1. Select Diagnostics from the main tree menu. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 498: Other Switch Resources
Click the Revert button to revert back to the last saved configuration. Other Switch Resources The Other Resources tab displays the memory allocation of Packet Buffer, IP Route Cache and File Descriptors. 1. Select Diagnostics from the main tree menu. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 499: Configuring System Logging
Ensure the correct destination server address is supplied. To view the Log options available to the switch: 1. Select Diagnostics > System Logging from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 500 Optionally, use the Server 3 parameter to specify the numerical (non DNS name) IP address of a third syslog server to log system events if the first two syslog servers are unavailable. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 501: File Management
Displays a read-only list of the log files (by name) created since the last time the Log Options display was cleared. To define the type of log files created, click the tab to enable logging and define the log level. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 502 On the Brocade Mobility RFS7000 users can also transfer log files using USB or Compact Flash. On the Brocade Mobility RFS6000 users can also transfer log files using USB. On Brocade Mobility RFS4000 users can also transfer log files using USB or PCI Express card.
Page 503 Displays the name of the switch logging the target event. This metric is important for troubleshooting issues of a more serious priority, as it helps isolate the switch resource detecting the problem. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 504 1. Select Diagnostics > System Logging from the main menu tree. 2. Select the File Mgt tab. 3. Select a target log file to transfer and click the Transfer File button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 505: Reviewing Core Snapshots
Core snapshots are issues impacting switch core (or distribution layer). Once reviewed, core files can be deleted or transferred for archive. To view core snapshots available on the switch: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 506: Transferring Core Snapshots
Use the Transfer screen to define a source for transferring core snapshot files to a secure location for potential archive. To transfer core snapshots to a user defined location: 1. Select Diagnostics > Core Snapshots from the main menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 507 14. If a problem condition is discovered during the file transfer, click the Abort button to terminate the transfer. 15. Click the Close button to exit the screen after a transfer. There are no changes to save or apply. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 508: Reviewing Panic Snapshots
5. Select a target panic file and click the View button to open a separate viewing screen to display the panic information in greater detail. For more information, see Viewing Panic Details on page 8-497. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 509: Viewing Panic Details
4. Select a file for the file transfer from the File drop-down menu. The drop-down menu contains the panic files listed within the File-Mgmt screen. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 510: Debugging The Applet
15. Click the Close button to exit the dialogue and abandon the transfer. Debugging the Applet Refer to the Applet Debugging screen to debug the applet. This screen allows you to view and debug system events by a criticality level you define. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 511 Error - switch data compilation problem, could result in data loss • Warning - potential data loss of configuration corruption • Informational - data that may be useful in assessing a potential error • Debug - information relevant to troubleshooting Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 512: Configuring A Ping
This number can vary significantly due to the random nature of packet routings and random loads on the switch and its destination. To view the switch’s existing ping configuration: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 513 5. Click the Add button to display a screen used to define the attributes of a new ping test. For more information, see Adding a New Ping Test on page 8-502. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 514: Modifying The Configuration Of An Existing Ping Test
Configuration tab. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 515: Viewing Ping Statistics
IP represents a device offering the switch a viable connection to either extend the switch’s existing radio coverage area or provide support for additional Clients within an existing network segment. To view ping test statistics: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 516 Displays the time (in seconds) the switch last “heard” the destination IP address over the switch managed network. Use this time (in contention with the RTT values displayed) to determine whether this device warrants a permanent switch connection. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 517: Adaptive Ap Overview
An adaptive AP (AAP) is Brocade Mobility 7131 Series Access Point that can adopt like an Brocade Mobility 300 Access Point (Layer 3). The management of an AAP is conducted by the switch, once the Access Point connects to a Brocade Brocade Mobility RFS6000 or Brocade Mobility RFS7000 model switch and receives its AAP configuration.
Page 518: Adaptive Ap Management
Brocade Mobility 5181 Access Point continues operating as a stand-alone access point for a period of 3 days before resetting and executing the controller discovery algorithm again. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 519: Licensing
(separate by comma, semi-colon, or space delimited) Switch FQDN String AP-51XX Encryption IPSec Passphrase (Hashed)** String AP-51XX switch discovery mode String 1 = auto discovery enable 2 = auto discover enabled (using IPSec) Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 520: Securing A Configuration Channel Between Switch And Ap
If the switch is on the Access Point’s LAN, ensure the LAN subnet is on a secure channel. The AP will connect to the switch and request a configuration. Adaptive AP WLAN Topology An AAP can be deployed in the following WLAN topologies: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 521: Configuration Updates
If a new switch is located, the AAP synchronizes its configuration with the located switch once adopted. If Remote Site Survivability (RSS) is disabled, the independent WLAN is also disabled in the event of a switch failure. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 522: Remote Site Survivability (Rss)
180 seconds) so Mesh AAPs remain adopted to the switch during the period when the configuration is applied and mesh links are re-established. Configuring Adaptive AP Mesh To configure mesh support for Adaptive AP: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 523 Client Bridge Radios Configuration: (AP51x1’s that are wirelessly connected) Brocade Mobility RFS7000(config-wireless)#radio add 3 “client bridge radio mac” 11bg aap51x1 Brocade Mobility RFS7000(config-wireless)#radio add 4 “client bridge radio mac” 11a aap51x1 Brocade Mobility RFS7000(config-wireless)#radio 3 client-bridge enable Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 524: Aap Radius Proxy Support
If AAP Proxy Radius is configured, the onboard Radius server has to be enabled. By default the onboard Radius server is disabled. To enable the onboard Radius server use the Web UI or issue the “service radius” command in the CLI. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 525: Supported Adaptive Ap Topologies
VLAN IDs configured. Additionally, the AAP needs to be connected to a 802.1q trunk port on the wired switch. • Be aware IPSec Mode supports NAT Traversal (NAT-T). Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 526: Extended Wlans Only
AP obtains its configuration from the switch. If the AP’s WAN link fails, it continues to operate using the last valid configuration until its link is re-established and a new configuration is pushed down from the switch. There is no separate file-based configuration stored on the switch. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 527: Adaptive Ap Pre-Requisites
The tasks described below are configured on a Brocade RF switch. To adopt an AAP on a switch: 1. Ensure enough licenses are available on the switch to adopt the required number of AAPs. 2. As soon as the AAP displays in the adopted list: Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 528: Establishing Basic Adaptive Ap Connectivity
Adopting an Adaptive AP Manually To manually enable the Access Point’s switch discovery method and connection medium required for adoption: 1. Select System Configuration -> Adaptive AP Setup from the Access Point’s menu tree. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 529 To adopt an AAP using a configuration file: 1. Refer to Adopting an Adaptive AP Manually and define the AAP switch connection parameters. 2. Export the AAP’s configuration to a secure location. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 530: Switch Configuration
To disable automatic adoption on the switch: 1. Select Network > Access Port Radios from the switch main menu tree. 2. Select the Configuration tab (should be displayed be default) and click the Global Settings button. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 531 Independent WLANs behave like WLANs as used on a a standalone Access Point. Leave this option unselected (as is by default) to keep this WLAN an extended WLAN (a typical centralized WLAN created on the switch). Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 532 "wlan <index> independent" command from the config-wireless context. NOTE For AAP to work properly with Brocade Mobility RFS7000 you need to have independent and extended WLANs mapped to a different VLAN than the ge port. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 533: Adaptive Ap Deployment Considerations
An AAP uses UDP port 24576 for control frames and UDP port 24577 for data frames. • Multiple VLANs per WLAN, Layer 3 mobility, NAC, and self healing are some of the important wireless features not supported in an AAP supported deployment. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 534: Sample Switch Configuration File For Ipsec And Independent Wlan
To configure the passkey for a Remote VPN Peer - 255.255.255.255 denotes all AAPs. 12345678 is the default passkey. If you change on the AAP, change here as well. crypto isakmp key 0 12345678 address 255.255.255.255 ip http server ip http secure-trustpoint default-trustpoint Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 535 2 00-15-70-00-79-30 11a aap5131 radio 2 bss 1 5 radio 2 bss 2 1 radio 2 bss 3 2 radio 2 channel-power indoor 48 8 radio 2 rss enable Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 536 180,190,200,210,220,230,240,250, static-channel-group 1 interface ge2 switchport access vlan 1 interface ge3 switchport mode trunk switchport trunk native vlan 1 switchport trunk allowed vlan none switchport trunk allowed vlan add 1-9,100,110,120,130,140,150,160,170, Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 537 To attach a Crypto Map to a VLAN Interface crypto map AAP-CRYPTOMAP sole ip route 157.235.0.0/16 157.235.92.2 ip route 172.0.0.0/8 157.235.92.2 ntp server 10.10.10.100 prefer version 3 line con 0 line vty 0 24 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 538 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 539: General Troubleshooting
Switch Does Not Obtain an IP Address through DHCP A Brocade RF Series Switch requires a routable IP address for the administrator to manage it via Telnet, SSH or a Web browser. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 540 Set the country name for the switch, which is set to “none” by default. adopt while country code is not set Packet storm Check Syslog for any type of a packet storm. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 541: Access Port Issues
This section describes various issues related to Access Ports within the Brocade RF Series Switch network. Possible issues include: • Access Ports are Not Adopted • Access Ports are Not Responding Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 542: Mobile Unit Issues
Access Ports. Possible issues include: • Access Port Adopted, but client is Not Being Associated • Clients Cannot Associate and/or Authenticate with Access Ports • Poor Voice Quality Issues Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 543 If you are using Authentication and/or Encryption on the switch, and the previous Problems troubleshooting steps have not fixed the problem, try temporarily disabling Authentication and Encryption to see if that fixes the problem. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 544: Miscellaneous Issues
Too many concurrent Telnet Keep the maximum number of Telnet or SSH sessions low (6 or less), even though or SSH sessions up to 8 sessions are allowed. All else... Contact Brocade Support. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 545: System Logging Mechanism
This file must be loaded in the MIB browser. SNMP SETs not working Check to see if environment variables are set. The following are the environment variables to be set. SNMPCONFPATH=/butterfly/snmp MIBDIRS=/butterfly/snmp/mibs MIBS=ALL Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 546: Not Receiving Snmp Traps
The switch login screen displays. Use the following CLI command for normal login process: RFSwitch login: cli 2. Enter a password recovery username of restore and password recovery password of restoreDefaultPassword. User Access Verification Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 547: Radius Troubleshooting
Ensure the following have been attempted: • Add a Radius client in Radius server configuration with the Switch’s VLAN interface, IP address and subnet, which have been marked as management • Save the current configuration Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 548 Ensure the following have been attempted: • Ensure that the VPN user is present in AAA users • This VPN user MUST NOT added to any group. • Save the current configuration Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 549: Troubleshooting Radius Accounting Issues
Just enabling detectorscan will not send any detectorscan request to any adopted AP. User should also configure at least a single radio as a detectorAP. This can be done using the set detectorap command in rogueap context. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 550: Troubleshooting Firewall Configuration Issues
2. Check whether ftp, telnet and web are in the denied list. In this case, web is https traffic and not http. 3. Ensure that "network policy" and "Ethernet port" set to the LAN is correct. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 551 4. Add the newly created PO to the active Network Policy. Associate WLAN and Network Policy to the active Access Port Policy. Any request matching the configured criteria should take the action configured in the Classification Element. Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...
Page 552 Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide 53-1002515-01...

This manual is also suitable for:

Rfs4000 Rfs7000

Brocade Communications Systems RFS6000 System Reference Manual

Quick Links

Troubleshooting

Related Manuals for Brocade Communications Systems RFS6000

Summary of Contents for Brocade Communications Systems RFS6000