Page 1 53-1001858-01 ® Mar 2010 Brocade Mobility RFS6000 and RFS7000 System Reference Guide Supporting software release 4.2.1.0...
Page 2 Export of technical data contained in this document may require an export license from the United States government. The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it.
Page 3 Editing port PoE settings ................56 Brocade Mobility RFS6000 and RFS7000 System Reference Guide...
Page 4 Viewing AP statistics ................191 Brocade Mobility RFS6000 and RFS7000 System Reference Guide...
Page 5 Configuring symmetric keys ............... 284 Brocade Mobility RFS6000 and RFS7000 System Reference Guide...
Page 6 Configuring wireless filters ............... . 363 Brocade Mobility RFS6000 and RFS7000 System Reference Guide...
Page 7 Configuring SNMP v1/v2 access ..............467 Brocade Mobility RFS6000 and RFS7000 System Reference Guide...
Page 8 Adaptive AP WLAN Topology ............... 526 viii Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 9 Troubleshooting Firewall Configuration Issues ..........556 Brocade Mobility RFS6000 and RFS7000 System Reference Guide...
Page 10 Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 11 Brocade Mobility RFS7000 Controller software release 4.2 Document conventions This section describes text formatting conventions and important notice formats used in this document. Text formatting The narrative-text formatting conventions that are used are as follows: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 12 A note provides a tip, guidance or advice, emphasizes important information, or provides a reference to related information. CAUTION A Caution statement alerts you to situations that can be potentially hazardous to you or cause damage to hardware, firmware, software, or data. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 13 A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you. Safety labels are also attached directly to products to warn of these conditions or situations. Web support sites Product downloads http://www.brocade.com Manuals http://www.brocade.com Additional information http://www.brocade.com Brocade Mobility RFS6000 and RFS7000 System Reference Guide xiii 53-1001858-01...
Page 14 Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 15: Overview
The discussion of the controller Web UI within this guide is presented generically, making it equally relevant to both the Mobility RFS6000 Controller and Mobility RFS7000 Controller platforms. However, some subtle differences do exist between these baselines. These differences are noted within the specific GUI elements impacted.
Page 16: Physical Specifications
0°C - 40°C (32°F - 104°F) Operating humidity 5% - 85% RH, non-condensing A power cord is not supplied with a Mobility RFS6000 Controller or Mobility RFS7000 Controller model controller. Use only a correctly rated power cord certified for the country of operation Power protection...
Page 17: Software Overview
VLANs. NOTE On the Mobility RFS6000 Controller, the Uplink (UP) port is the preferred method of connecting the controller to the network. The Uplink port has its own dedicated 1Gbps connection which is unaffected by internal traffic across the GE ports.
Page 18 • Ethernet loopback tests • RAM tests, Real Time Clock tests, etc. 3. Manufacturing Diagnostics – Manufacturing diagnostics are a set of diagnostics used by manufacturing to inspect quality of hardware. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 19 Therefore, the controller supported network is always up and running even if a controller fails or is removed for maintenance or a software upgrade. The following redundancy features are supported: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 20: Wireless Controlling
Wireless controlling The controller includes the following wireless controlling features: • Adaptive AP • Physical layer features • Rate limiting • Proxy-ARP • HotSpot / IP redirect • IDM (identity driven management) Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 21 Maintain local WLAN's for specific applications - WLANs created and supported locally can be concurrently supported with your existing infrastructure. For an overview of AAP and how it is configured and deployed using the controller and Access Point, see “Adaptive AP” on page 523. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 22 Client (not the MAC address of controller). Thus, the Client does not awaken to send ARP replies (increasing Client battery life and conserving wireless bandwidth). If an Client goes into PSP without transmitting at least one packet, its Proxy ARP will not work. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 23 Voice prioritization allows you to assign priority to voice traffic over data traffic, and (if necessary) assign legacy voice supported devices (non WMM supported voice devices) additional priority. Currently voice support implies the following: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 24 This enables you to verify your installation and configure it for self-healing when an AP fails. Self healing actions If AP1 detects AP2 and AP3 as its neighbors, you can assign failure actions to AP2 and AP3 whenever AP1 fails. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 25 802.11e admission control — 1 byte: channel utilization % and 1 byte: Client count is sent in QBSS Load Element in beacons to Client. • Brocade load balancing element (proprietary) — 2 byte: Client Count are sent in beacon to Client. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 26 AP it has not previously visited and reuse a PMK from another AP to skip the 802.1x authentication. International roaming The wireless controller supports international roaming per the 802.11d specification. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 27 • Block ACKQBSS Beacon Element 802.1p support 802.1p is a standard for providing QoS in 802-based networks. 802.1p uses three bits to allow controllers to re-order packets based on priority level. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 28 4. The algorithm ensures adjoining AP's are as far away from each other as possible (in terms of channel assignment). NOTE Individual radios can be configured to perform automatic channel selection. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 29 Only Clients on that VLAN have a broadcast key that can decrypt this frame. Other Clients receive it, but discard it. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 30: Wired Controlling
Each subnet may be configured with its own address pool. Whenever a DHCP client requests an IP address, the DHCP server assigns an IP address from that subnet’s address pool. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 31 Manual bandwidth configuration of a physical interface speed to 10/100/1000Mbps. • Manual duplex configuration of a physical interface to Full Duplex or Half Duplex. • Manual configuration of administrative shutdown of a physical interface. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 32: Management Features
Upload and download of Access Point firmware and configuration files using TFTP and FTP • Transfer of firmware and configuration files using Compact Flash (Mobility RFS7000 Controller only) or USB (Mobility RFS6000 Controller and Mobility RFS7000 Controller platforms) • The graphing of wireless statistics •...
Page 33 Client authentication The controller uses the following authentication schemes for Client association: • Kerberos • 802.1x EAP • MAC ACL Refer to “Editing the WLAN configuration” on page 109 for additional information. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 34 109. 802.1x authentication 802.1x authentication cannot be disabled (its always enabled). A factory delivered out-of-the-box Mobility 300 supports 802.1x authentication using a default username and password. EAP-MD5 is used for 802.1x. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 35 Basic WIPS functionality does not require monitoring APs and does not perform off-channel scanning. NOTE When converting a Mobility 300 to an Intrusion Detection Sensor, the conversion requires approximately 60 seconds. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 36 An SNMP trap is sent for each detected and Rogue AP. Rogue APs are only detected, and notification is provided via a SNMP trap. NOTE Wired side scanning for Rogue APs using WNMP is not supported. Similarly, Radius lookup for approved AP is not provided. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 37 Remote VPN — Provides remote user ability to access company resources from outside the company premises. The controller supports: • IPSec termination for site to site • IPSec termination for remote access • IPSec traversal of firewall filtering • IPSec traversal of NAT Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 38: Supported Access Points
“Configuring NAC server support” on page 136. Supported Access Points A RF controller supports the adoption of the following Brocade Enterprise Access Points: • Mobility 300 • Mobility 5181 • Mobility 7131 Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 39: Ieee Standards Support
Mobility RFS6000 Controller • Mobility RFS7000 Controller The IEEE 802.11d standard is implemented for Mesh networking on the following AP Platforms: • Mobility 5181 Access Point • Mobility 7131 Access Point Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 40 • Mobility RFS6000 Controller • Mobility RFS7000 Controller The IEEE 802.11n standard is fully supported on the following AP Platforms: Mobility 7131 Access Point (Standalone and Adaptive) Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 41 Mobility RFS7000 Controller The IEEE 802.3u (100BASE-T) standard is fully supported on the following AP Platforms: • Mobility 300 Access Point • Mobility 5181 Access Point • Mobility 7131 Access Point Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 42 Mobility RFS6000 Controller • Mobility RFS7000 Controller The IEEE 802.1Q (VLAN Tagging) standard is fully supported on the following AP Platforms: • Mobility 5181 Access Point • Mobility 7131 Access Point Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 43: Standards Support
ESP and AH RFC 2404 HMAC-SHA-1-96 within ESP and AH RFC 2405 ESP DES-CBC Cipher Algorithm with Explicit IV RFC 2406 IPsec RFC 2407 Interpretation for ISAKMP RFC 2408 ISAKMP RFC 2409 IKE Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 44 RFC 1157 SNMP RFC 1213 SNMP MIB II RFC 1350 TFTP Client only. RFC 1643 Ethernet MIB This RFC is obsolete http://tools.ietf.org/html/rfc3638. RFC 2030 SNTP Client and Server. RFC 2616 HTTP Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 45 (mib-2 dot 2 dot 2) is not supported. RFC 3164 Syslog RFC 3414 User-Based Security Model (USM) for SNMPv3 RFC 3418 MIB for SNMP Web-based: HTTP/HTTPS Command-line interface: Telnet, SSH, serial port Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 46 Standards support Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 47: Controller Web Ui Access And Image Upgrades
To display the Web UI, launch a Web browser on a computer with the capability of accessing the controller. NOTE Ensure you have HTTP connectivity to the controller, as HTTP is a required to launch the controller Web UI from a browser. To display the controller Web UI: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 48: Controller Password Recovery
To contact Brocade Support in the event of a password reset requirement, go to http://www.brocade.com. CAUTION Only a qualified installation professional should set or restore the controller’s radio and power management configuration in the event of a password reset. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 49: Upgrading The Controller Image
There are three compulsory and four optional configuration parameters. The compulsory parameters are: • configuration upgrade enable • cluster configuration upgrade enable • image upgrade enable Optional (only for the static case): • configuration file URL Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 50 4.2.1.0 Once again, for DHCP option based auto install the URLs is ignored and those passed by DHCP are not stored. Whenever a string is blank it is shown as --not-set--. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 51: Controller Information
Status field and the screen remains displayed. With file transfer operations, the transfer screen remains open during the transfer and remains open upon completion (with status displayed within the Status field). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 52: Setting The Controller Country Code
To view a high-level display of the controller configuration: 1. Select Controller from the main menu tree. 2. Click the Configuration tab. 3. Refer the System field to view or define the following information: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 53 5. Click the Shutdown button to shutdown and power off the controller. NOTE On the Mobility RFS6000 Controller and Mobility RFS7000 Controller the shutdown command will shutdown the controller but the fans on the controller will remain on. 6. Click the Show Dashboard button to display a screen with important indicators of controller health and status.
Page 54: Controller Dashboard Details
Click the Show Dashboard button (within the Controller screen’s Configuration tab) to display the current health of the controller Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 55 The Dashboard screen displays the current health of the controller and is divided into fields representing the following important diagnostics: • Alarms • Ports • Environment • CPU/Memory • File Systems Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 56 Displays the status of the port, either— Up or Down Speed Displays the speed at which the port transmits or receives data. Duplex Displays the status of the port, either— Full Duplex or Unknown. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 57 48 hours. The alarms are classified as: • Critical — Denoted by a red indicator. These alarms warrant immediate attention. • Major — Denoted by a yellow indicator. These alarms warrant attention. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 58: Viewing Controller Statistics
The Controller Statistics tab displays an overview of the recent network traffic and RF status for the controller. To display the Controller Statistics tab: 1. Select Controller from the main menu tree. 2. Click the Controller Statistics tab at the top of the Controller screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 59 WLAN and therefore have a much larger airtime utilization than unicast packets a greater chance of causing collisions. 5. The RF Status section displays the following read-only RF radio signal information for associated APs and radios: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 60: Viewing Controller Port Information
The Port screen displays configuration, runtime status and statistics of the ports on the controller. NOTE The ports available vary by controller platform. Mobility RFS6000 Controller: ge1, ge2, ge3, ge4, ge5, ge6, ge7, ge8, me1, up1, wan Mobility RFS7000 Controller: ge1, ge2, ge3, ge4, me1 The port types are defined as follows: GE ports are available on the Mobility RFS6000 Controller and Mobility RFS7000 Controller platforms.
Page 61: Viewing The Port Configuration
CLI or Web UI even when the other ports on the controller are unreachable. An UP port is available on the Mobility RFS6000 Controller platform only. This port is used to connect the Mobility RFS6000 Controller to the backbone network. The UP port on the Mobility RFS6000 Controller supports either RJ-45 or fiber.
Page 62 Optionally, select the Don’t show this message again for the rest of the session checkbox to disable the pop-up. 4. Use the Edit screen to modify the following port configurations for the selected port Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 63: Viewing The Ports Runtime Status
6. Click Cancel to disregard any changes and revert back to the last saved configuration. Viewing the ports runtime status The Runtime tab displays read-only runtime configuration for uplink and downlink ports. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 64: Reviewing Port Statistics
To view the runtime configuration details of the controller ports: 1. Select Controller > Ports from the main menu tree. 2. Select the Statistics tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 65 3. Refer to the Statistics tab to display the following read-only information: Name Displays the current port name. The port names available vary by controller. Mobility RFS6000 Controller: ge1, ge2, ge3, ge4, ge5, ge6, ge7, ge8, me1, up1, Mobility RFS7000 Controller: ge1, ge2, ge3, ge4, me1 Bytes In Displays the total number of bytes received by the port.
Page 66 Displays the number of unicast packets (packets directed towards the interface) received on the interface. Input NonUnicast Displays the number of NonUnicast Packets (Multicast and Broadcast Packets) Packets received on the interface. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 67 Periodically display the port statistics graph for assessing the latest information. To view a detailed graph for a port: 1. Select a port from the table displayed in the Statistics screen. 2. Click the Graph button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 68 3. Display any of the above by selecting the checkbox associated with it. NOTE You are not allowed to select (display) more than four parameters at any given time. 4. Click on the Close button to exit out of the screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 69: Power Over Ethernet (Poe)
Power over Ethernet (PoE) NOTE Power over Ethernet is only supported on the Mobility RFS6000 Controller controller. The following information only applies to the Mobility RFS6000 Controller controller. The Mobility RFS6000 Controller controller supports 802.3af Power over Ethernet (PoE) on each of its eight ge ports.
Page 70: Editing Port Poe Settings
To modify the PoE settings for a port: 1. Select a port to edit from the table. 2. Click the Edit button. The PoE Edit screen shows the port PoE status, Priority and Power Limit. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 71: Configuring Wan Interface Cards
6. Click OK to save and add the changes to the running configuration and close the dialog. Configuring WAN interface cards The Mobility RFS6000 controller supports 3G Wireless WAN cards using the ExpressCard slot. In order to use a 3G Wireless WAN card with the controller it must first be activated on a laptop. For activation information please consult the carier’s activation instructions included with the card.
Page 72 In order to use a 3G Wireless WAN interface card with the controller it must first be activated on a laptop. For activation information please consult the carier’s activation instructions included with the card. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 73: Viewing Controller Configurations
If a file (for example, sample-config) is selected, a message displays stating, “When sample-config is installed, it will replace start-up config. Are you sure you want to install sample-config.” Click Yes to continue. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 74: Viewing The Detailed Contents Of A Config File
Config Files screen for edit or designation as the controller startup configuration. 1. Select a configuration file from the Configuration screen by highlighting the file. 2. Click the View button to see the contents of the selected configuration file. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 75 5. Click the Refresh button to get the most recent updated version of the configuration file. 6. Click Close to close the dialog without committing updates to the running configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 76: Transferring A Config File
Click the Close button to exit the Transfer screen and return to the Config Files screen. Once a file is transferred, there is nothing else to be saved within the Transfer screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 77: Viewing Controller Firmware Information
Next Boot indicates which version should be used on the next reboot. The Next Boot version should match the Running Version, unless the system has failed over to another version. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 78 Viewing controller firmware information To view the firmware files available to the controller: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 79: Editing The Controller Firmware
1. Select the primary firmware image from the Firmware screen. 2. Click the Edit button. The Firmware screen displays the current firmware version and whether this version is used for the next reboot. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 80: Enabling Global Settings For The Image Failover
Use the Update screen to update the firmware version currently used by the controller. NOTE When performing a firmware update using the controller CLI, use the following syntax (specific to FTP) ftp://username:password@ipaddress:port/path/filename. If using TFTP, use tftp://ipaddress/path/filename. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 81 NOTE On the Mobility RFS7000 Controller, users can also transfer firmware files using USB or Compact Flash. On the Mobility RFS6000 Controller, users can transfer firmware files using USB. 6. Enter the IP address for the FTP or TFTP server in the IP address field.
Page 82: Controller File Management
The following file transfer options are available: • Wireless Controller to Wireless Controller • Wireless Controller to Server • Server to Wireless Controller To define the properties of the file transfer configuration: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 83 From drop-down menu (within the Source field), the file used at startup automatically displays. Transferring a file from wireless controller to wireless controller To transfer a file from one controller to another: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 84 Click Abort at any time during the transfer process to abort the file transfer. Transferring a file from a wireless controller to a server To transfer a file from the controller to a Server: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 85 On the Mobility RFS7000 Controller users can also transfer files using USB or Compact Flash. On the Mobility RFS6000 Controller users can also transfer files using USB. 5. Enter the Password required to send the configuration file from an FTP server.
Page 86: Viewing Files
11. Click Abort button any time during the transfer process to abort the file transfer. Viewing files Use the File Systems tab to review the files available to the controller. The controller maintains the following file types: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 87 USB 2 NOTE USB 1 is available on the Mobility RFS6000 Controller and Mobility RFS7000 Controller controllers. USB2 and Compact Flash are only available on the Mobility RFS7000 Controller controller. Transfer files between the controller and the server from any one of the above mentioned locations.
Page 88: Configuring Automatic Updates
To enable and configure the automatic update feature for controller firmware, configuration files and cluster configurations: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 89 Use the Protocol drop-down menu to specify the FTP, TFTP, HTTP, SFTP or resident controller FLASH medium used for the file update from the server. FLASH is the default setting. Password Enter the password required to access the server. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 90 NOTE In addition to the Protocols listed, on the Mobility RFS7000 Controller users can also auto-update using USB or Compact Flash. On the Mobility RFS6000 Controller users can also auto-update using USB. 3. Refer to the Redundancy Configuration field to enable and define the configuration for automatic cluster file updates.
Page 91: Viewing The Controller Alarm Log
Select the View All radio button to display the complete alarm log with in the table. If there are a large number of alarms, the View All option will take several minutes to load. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 92: Viewing Alarm Log Details
To review controller alarm details: 1. Select Controller > Alarm Log from the main menu tree. 2. Select an alarm and click the Details button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 93: Viewing Controller Licenses
4. Click Close to exit the dialog. Viewing controller licenses Use the Licenses screen to install and add a new controller license. To install a new license: 1. Select Controller > Licenses from the main menu tree. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 94: How To Use The Filter Option
How to use the filter option Use the Filter Option to sort the display details of screen that employ the filtering option as a means of sorting how data is displayed within the screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 95 4. Click the Turn Off Filtering button to disable the filtering option for the screen where it appears. Filtering status (when filtering is turned off) displays at the bottom of the table. 5. Click the Hide Filtering Option button to hide the Filter Option zone. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 96 How to use the filter option Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 97: Network Setup
(with status displayed within the Status field). To view the controller’s Network configuration: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 98 For more information, see “Configuring access point radios” on page 177. The Apply and Cancel buttons are greyed out within this screen, as there is no data to be configured or saved. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 99: Viewing Network Ip Information
1. Select Network > Internet Protocol from the main tree menu. 2. Select the Domain Network System tab (displayed by default). Use the Show Filtering Options link to view the details displayed in the table. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 100 Use the Global Settings screen to query domain name servers to resolve domain names to IP addresses. Use this screen to enable/disable the Domain look up, which allows you to use commands like ping, traceroute etc. using hostnames rather than IP addresses. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 101: Configuring Ip Forwarding
IP forwarding configuration: 1. Select Network > Internet Protocol from the main tree menu. 2. Select the IP Forwarding tab. Use the Filtering Option to view the details displayed in the table. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 102 Displays the IP address of the Gateway used to route the packets to the specified destination subnet. Do not set the gateway address to any VLAN interface used by the controller. Interface Displays the interface name with which the destination subnet entries are attached. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 103 3. Enter a subnet mask for the destination subnet in the Subnet Mask field. The Subnet Mask is the IP mask used to divide internet addresses into blocks known as subnets. A value of 255.255.255.0 support 256 IP addresses. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 104: Viewing Address Resolution
The Address Resolution table displays the mapping of layer three (IP) addresses to layer two (MAC) addresses. To view address resolution details: 1. Select Network > Internet Protocol from the main tree menu. 2. Select the Address Resolution tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 105: Viewing And Configuring Layer 2 Virtual Lans
Virtual LANs screen to view and configure VLANs by Port and Ports by VLAN information. Refer to the following VLAN configuration activities: • Viewing and Configuring VLANs by Port • Viewing and Configuring Ports by VLAN Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 106: Viewing And Configuring Vlans By Port
Native VLAN is tagged. If the Native VLAN is not tagged the column will display a red “x”. A Native VLAN is the VLAN which untagged traffic will be directed over when using a port in trunk mode. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 107: Editing The Details Of An Existing Vlan By Port
The system prompts you with a Port VLAN Change Warning message stating communication disruptions could occur with the controller. 3. Click OK to continue. 4. Use the Edit screen to modify the VLAN’s mode, access VLAN and allowed VLAN designation. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 108: Viewing And Configuring Ports By Vlan
To view VLAN by Port information: 1. Select Network > Layer 2 Virtual LANs from the main menu tree. 2. Select the Ports by VLAN tab. VLAN details display within the VLANs by Port tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 109 Warning message. Be advised, changing VLAN designations could disrupt access to the controller. 4. Click OK to continue. A new window displays wherein the VLAN assignments can be modified for the selected VLAN. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 110: Configuring Controller Virtual Interfaces
Configuring controller virtual interfaces NOTE The ports available vary by controller. On the Mobility RFS6000 Controller, the available ports are ge1, ge2, ge3, ge4, ge5, ge6, ge7, ge8 and up1. On the Mobility RFS7000 Controller, the available ports are ge1, ge2, ge3 and ge4.
Page 111 DHCP servers.The one assigned over the selected Management Interface would be the only one used by the controller. This setting does not affect any of the Management Access Interfaces configured using “Configuring access control” page 464. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 112 Selecting this option disables the IP address field. 8. Enter the IP Address for the VLAN associated virtual interface. 9. Enter the Subnet Mask for the IP address. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 113 The screen displays with the name of the VLAN in the upper left-hand side. The VLAN ID cannot be modified and should be used to associate the VLAN ID with the description and IP address assignments defined. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 114: Viewing Virtual Interface Statistics
The Statistics screen displays information about packet level statistics and errors at the interface. To view virtual interface statistics: 1. Select Network > Controller Virtual Interface from the main tree menu. 2. Select the Statistics tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 115 The input queue for the hardware device/software module handling the interface definition is saturated/full. Overruns occur when the interface receives packets faster than it can transfer them to a buffer. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 116 “Viewing the virtual interface statistics graph” page 104. Viewing virtual interface statistics To view detailed virtual interface statistics: 1. Select a virtual interface from the Statistics tab 2. Click the Details button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 117 Output NonUnicast Displays the number of unicast packets transmitted from the interface. Packets Output Total Packets Displays the total number of packets transmitted from the interface. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 118 Input Pkts Error • Output Pkts NUCast • Input Pkts NUCast • Output Bytes • Output Pkts Dropped Select any of the above parameters by clicking on the checkbox associated with it. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 119: Viewing And Configuring Controller Wlans
Wireless LANs screen is partitioned into 5 tabs supporting the following configuration activities: • Configuring WLANs • Viewing WLAN statistics • Configuring WMM • Configuring the NAC inclusion list • Configuring the NAC exclusion list Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 120: Configuring Wlans
VLAN assignments, updates to a WLAN’s description and their current authentication and encryption schemes. Be careful to properly map BSS WLANs and security schemes. NOTE The Mobility RFS6000 Controller supports a maximum of 256 WLANs. The Mobility RFS7000 Controller supports a maximum of 1024 WLANs. To configure a WLAN: 1.
Page 121 When disabled, a red "X" displays. To enable or disable a WLAN, select it from the table and click the Enable or Disable button. The Disable button is only available when the selected WLAN is enabled. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 122 BSS ID 1 – Possible WLANs 1,5,9,13 BSS ID 2 – Possible WLANs 2,6,10,14 BSS ID 3 – Possible WLANs 3,7,11,15 BSS ID 4 – Possible WLANs 4, 8, 12,16 Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 123 1. Select Network > Wireless LANs from the main menu tree. 2. Click the Configuration tab. 3. Select a WLAN to modify from the table. 4. Click the Edit button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 124 Viewing and configuring controller WLANs The Wireless LANs Edit screen is divided into the following fields: • Configuration • Authentication • Encryption • Advanced Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 125 For information on configuring an Access Point for AAP support, see “Adaptive AP Configuration” on page 534. NOTE For a Radius supported VLAN to function, the Dynamic Assignment checkbox must be enabled for the WLAN supporting the VLAN. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 126 Cipher Block Chaining (CBC) technique. Changing just one bit in a message produces a totally different result. For detailed information on configuring CCMP for the WLAN, see “Configuring WPA/WPA2 using TKIP and CCMP” on page 143. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 127 DTIM period. Any multicast/broadcast that does not match this mask will go out only on DTIM Intervals. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 128 A WLAN screen displays with the WLAN’s existing configuration. 3. Select the VLAN radio button from the Configuration screen to change the VLAN designation for this WLAN. By default, all WLANs are initially assigned to VLAN 1. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 129 Configuring authentication types Refer to the following to configure the WLAN authentication options available on the controller: • Configuring 802.1x EAP • Configuring Kerberos • Configuring hotspots Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 130 EAP 802.1x supported WLAN. For more information, see “Configuring external Radius server support” on page 132. 4. Click the Config button to the right of the 802.1X EAP checkbox. The 802.1x EAP screen displays. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 131 128 or KeyGuard is enabled, WEP 128 will automatically be enabled for use with Kerberos. 5. Click the Config button to the right of the Kerberos checkbox. The Kerberos screen displays. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 132 DHCP server, authenticates the user and grants the user access the Internet. The hotspot feature supports both internal and external radius servers. It also supports the following three HTTP redirection options to satisfy various customer configurations: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 133 External - a customer may wish to host their own external Web server using advanced Web content (using XML, Flash). Use the External option to point the controller to an external hotspot. For more information, see “Configuring an external hotspot” on page 123. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 134 2. Select an existing WLAN from those displayed within the Configuration tab and click the Edit button. 3. Select the Hotspot button from within the Authentication field. Ensure Internal is selected from within the This WLAN’s Web Pages are of the drop-down menu. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 135 Failed page. This option is only available if Internal is chosen from the drop-down menu above. The default text is: “Either the username and password are invalid, or service is unavailable at this time.” Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 136 Refer to the Allow List field, and enter any IP address (for internal or external Web sites) that may be accessed by the Hotspot user without authentication. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 137 2. Select an existing WLAN from those displayed within the Configuration tab and click the Edit button. 3. Select the Hotspot button from within the Authentication field. Ensure External is selected from within the This WLAN’s Web Pages are of the drop-down menu. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 138 Internet and you need to provide correct login information to access the Web.Ensure the RADIUS server port number is included in the URL using the following format: https://192.168.0.70:444/wlan2/login.html Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 139 To use the Advanced option to define the hotspot: 1. Select Network > Wireless LANs from the main menu tree. 2. Select an existing WLAN from those displayed within the Configuration tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 140 FTP or TFTP. Enter the IP Address of the server or system receiving the source hotspot configuration. Ensure the IP address is valid or risk jeopardizing the success of the file transfer. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 141 2. Select an existing WLAN from those displayed within the Configuration tab. 3. Click the Edit button. 4. Select the Hotspot button from within the Authentication field. 5. Select the Config... button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 142 2 radius accounting server primary 192.168.10.14 wlan 2 radius accounting server primary radius-key 0 ESELAB ! Output Omitted radius-server local authentication eap-auth-type all nas 192.168.10.0/24 key 0 ESELAB ldap-group-verification disable ca trust-point ESELAB Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 143 6383 Wed Sep 24 12:44:09 2008 header_bg.png -rw- 18320 Wed Sep 24 12:23:21 2008 bg_nav.jpg -rw- 2456 Wed Sep 24 12:39:28 2008 logo.png -rw- 1512 Wed Sep 24 12:38:16 2008 fail.html Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 144 On this page you can include support information, a link to sign-up for service (assuming the external server is included in the allowed list) as well as a URL to re-attempt authentication. <a href="/wlan4/login.html">Try Again</a> Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 145 Middle Dash delimiter: The 12 digit MAC Address is in a format separated in the middle by a dash. Click OK to use the changes to the running configuration and close the dialog. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 146 Authentication field. This enables the Radius Config... button at the bottom of the Network > Wireless LANs > Edit screen. 5. Select the Radius Config... button. The Radius Configuration screen displays for defining an external Radius or NAC Server. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 147 Viewing and configuring controller WLANs The Radius Configuration screen contains tabs for defining both the Radius and NAC server settings. For NAC overview and configuration information, see “Configuring NAC server support” page 136. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 148 8. Select the Re-authentication checkbox to force a periodic re-authentication with the Radius server. Periodic repetition of the authentication process provides ongoing security for currently authorized connections. Define an interval between 30 and 65535 seconds. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 149 1 for monitor access and then with a value 2 for the helpdesk role. Multiple roles can also be defined by configuring the Radius Server with attribute 1 and value 3 (or monitor value 1 and helpdesk value 2). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 150 Devices in the exclude-list will not have any NAC checks. • Bypass NAC except include list – A Client NAC check is conducted only for those Clients in the include-list. To configure NAC Server support: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 151 5. Select the Radius button. The Radius Configuration screen displays (with the Radius tab displayed by default) for defining an external Radius or NAC Server. 6. .Select the NAC tab to configure NAC support. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 152 Viewing and configuring controller WLANs Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 153 9. Select the Re-authentication checkbox to force a periodic re-authentication with the NAC server. Periodic repetition of the authentication process provides ongoing security for currently authorized connections. Define an interval between 30 and 65535 seconds. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 154 Encryption columns to assess the WLAN’s existing security configuration. 3. Select the WEP 64 button from within the Encryption field. 4. Click the Config button to the right of the WEP 64 checkbox. The WEP 64 screen displays. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 155 9. Click OK to use the changes to the running configuration and close the dialog. 10. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 156 The key can be either a hexadecimal or ASCII. The keys are 26 hexadecimal characters in length or 13 ASCII characters. Select one of these keys for activation by clicking its radio button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 157 Encryption columns to assess the WLAN’s existing security configuration. 3. Select either the WPA/WPA2-TKIP or WPA2-CCMP button from within the Encryption field. 4. Click the Config button to the right of the WPA/WPA2-TKIP and WPA2-CCMP checkboxes. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 158 Command Line Interface. Refer to the CLI Reference Guide for details on configuring passphrases using the CLI. Default (hexadecimal) 256-bit keys for WPA/TKIP include: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 159: Viewing Wlan Statistics
WLAN statistics is required, select a WLAN from the table and click the Details button. To view WLAN configuration details: 1. Select Network > Wireless LANs from the main menu tree. 2. Click the Statistics tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 160 WLAN. The Tx value is the average throughput for packets sent on the selected WLAN. Avg BPS Displays the average bit speed in Mbps for the selected WLAN. This includes all packets sent and received. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 161 1. Select a Network > Wireless LANs from the main menu tree. 2. Click the Statistics tab. 3. Select a WLAN from the table displayed in the Statistics screen. and click the Details button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 162 Authentication Type Displays the authentication method deployed on the WLAN. Encryption Type Displays the encryption type deployed on the selected WLAN. Adopted Radios Displays the radios adopted by the selected WLAN. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 163 9. Click OK to use the changes to the running configuration and close the dialog. 10. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 164 Avg Signal (dBm) • Dropped Pkts • TX Pkts per sec • TX Tput (Mbps) • NUcast Pkts • Avg Noise (dBm) • Undecr Pkts • RXPkts per sec • RX Tput (Mbps) Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 165 (Rx) at data rates from 1.0 to 54.0 Mbps. If a large number of packets are sent and received at a slower data rate, then perhaps the controller is not adequately positioned or configured to support the Clients within that WLAN. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 166: Configuring Wmm
Use the WMM tab to review a WLAN’s current index (numerical identifier), SSID, description, current enabled/disabled designation, and Access Category. To view existing WMM Settings: 1. Select Network > Wireless LANs from the main menu tree. 2. Click the WMM tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 167 3. Click the Edit button to display a screen used to modify the WMM parameters. For more information, see “Editing WMM settings” on page 155. 4. Select the QoS Mappings button to revise the existing mappings of access category to 802.1p and DSCP to access category settings. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 168 DSCP code and appropriating to it the corresponding level of service or priority. QoS enabled programs request a specific service type for a traffic flow through the generic QoS (GQoS) application programming interface (API). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 169 Background - Optimized for background traffic • Best-effort - Optimized for best effort traffic • Video - Optimized for video traffic. Video traffic receives priority. • Voice - Optimized for voice traffic. Voice traffic receives priority. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 170: Configuring The Nac Inclusion List
No NAC Agent – NAC support is achieved using an exclude list. For more information, see “Configuring the NAC exclusion list” on page 160. By default, a WLAN is NAC disabled. Each WLAN can be configured to: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 171 4. Use the Add button (within the List Configuration field) to add more than one device to the WLAN. You can create 32 lists (both include and exclude combined together) and 64 MAC entries per list. For more information, see “Configuring devices on the include list” page 158. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 172 1. Select Network > Wireless LANs from the main menu tree. 2. Select the NAC Include tab to view and configure all the NAC Include enabled devices. 3. Click on the Add button within the List Configuration area. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 173 2. Select the NAC Include tab to view NAC Included devices. 3. Select an item from the Include List’s List Name field and click the Edit button (within the Configured WLANs field). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 174: Configuring The Nac Exclusion List
WLAN. For a NAC configuration example using the controller CLI, see “NAC configuration examples using the controller CLI” on page 164. To view the attributes of a NAC exclusion list: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 175 WLANs” on page 163. 6. To delete a device, select a device from the Exclude List and click the Delete button. Use the Edit button to modify devices parameters. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 176 1. Select Network > Wireless LANs from the main menu tree. 2. Select the NAC Exclude tab to view and configure all the NAC exclude devices. 3. Click on the Add button in the List Configuration field. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 177 Requests are any “SET/GET” operation from the applet. The Status field displays error messages if something goes wrong in the transaction between the applet and the controller. Click OK to save and add the new configuration and close the dialog window. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 178: Nac Configuration Examples Using The Controller Cli
1. Set the NAC mode for WLAN. A NAC validation is conducted for station entries in the include list. The station entries are authenticated using the Radius server. RF Controller(config-wireless) #wlan 1 nac-mode bypass-nac-except-include-list Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 179 RF Controller(config-wireless) #wlan 1 nac-server timeout 30 retransmit 10 RF Controller(config-wireless) # 5. Configure WLAN for EAP authentication and define the encryption type. RF Controller(config-wireless) #wlan 1 authentication-type eap RF Controller(config-wireless) #wlan 1 encryption-type wep128 Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 180: Viewing Associated Client Details
Addresses with a user friendly name. IP Address Displays the unique IP address for the Client. Use this address as necessary throughout the applet for filtering and device intrusion recognition and approval. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 181 1. Select a Network > Wireless Clients from the main menu tree. 2. Click the Status tab. 3. Select a Client from the table in the Status screen and click the Details button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 182 Displays whether or not the Client is a voice capable device. Traffic from a voice enabled Client is handled differently than traffic from Clients without this capability. Clients grouped to particular WLANs can be prioritized to transmit and receive voice traffic over data traffic. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 183 3. Select a Client from the table in the Status screen and click the dot11k button. 4. Check the Trigger Beacon Request box to enable Radio Resource Management services on the selected Client. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 184: Configuring Wireless Clients
The MAC Name is a user created name used to identify individual wireless client MAC Addresses with a user friendly name. To edit an existing entry, double click the MAC Name and type in the new name. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 185: Viewing Client Statistics
If a more detailed set of Client statistics is required, select a Client from the table and click the Details button. NOTE The Mobility RFS6000 Controller supports a maximum of 4096 Clients. The Mobility RFS7000 Controller supports 8192 Clients. To view Client statistics details:...
Page 186 WLAN Displays the name of the WLAN the Client is currently associated with. Use this information to determine if the Client/WLAN placement best suits the intended operation and Client coverage area. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 187 Displays the current IP address for the Client. Voice Displays whether the Client is a voice capable device. Traffic from voice enabled Clients is handled differently (higher priority) than traffic from Clients without this capability. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 188 This information can be used for comparison purposes to chart Client and overall controller performance. To view the Client Statistics in a graphical format: 1. Select a Network > Wireless Clients from the main menu tree. 2. Click the Statistics tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 189: Viewing Voice Statistics
Details button. To view Client voice statistics details: 1. Select Network > Wireless Clients from the main menu tree. 2. Click the Voice Statistics tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 190: Viewing Access Point Information
VLAN assignments, updates to a APs description as well as their current authentication and encryption schemes. NOTE The Mobility RFS6000 Controller supports up to 256 access points. The Mobility RFS7000 Controller supports up to 1024 access points. However, port adoption per controller is determined by the number of licenses acquired.
Page 191: Configuring Access Point Radios
To view Access Point Radio configuration details: 1. Select Network > Access Point Radios from the main menu tree. 2. Click the Configuration tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 192 If using a value of “Outdoor” verify it is in compliance with the country of operation’s regulatory restrictions. AP IP Address Displays the AP’s IP address. Last Adopted Displays the time this radio was last adopted by the controller. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 193 1. Select Network > Access Point Radios from the main menu tree. 2. Click the Configuration tab. 3. Click the AP Mesh button to display a screen containing AP Mesh settings which apply to the selected AP. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 194 Access Point’s configuration but require the Access Point be adopted. To edit Global Radio configuration settings: 1. Select Network > Access Point Radios from the main menu tree. 2. Click the Configuration tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 195 NOTE When using a Mobility 5181 for use with WIPS and as a sensor you must first configure the WIPS server IP Addresses before converting the Mobility 5181 to a sensor. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 196 The Edit screen also enables you to modify placement, channel and power settings as well as a set of advanced properties in case its transmit and receive capabilities need to be adjusted. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 197 Select the Dedicate this AP as Detector AP option to use this radio as a detector port to identify rogue APs on the network. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 198 Available settings are determined according to the selected channel. Set a higher power level to ensure RF coverage in WLAN environments that have more electromagnetic interference or greater distances between the Access Point and Clients. Decrease the power Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 199 If using an 802.11bg radio, select this checkbox for the radio to transmit using a short preamble. Short preambles improve throughput. However, some devices (SpectraLink phones) require long preambles. This checkbox does not display if using an 802.11a radio. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 200 DTIM/beacon settings (lengthening the time) to let nodes sleep longer and preserve their battery life. Decrease these settings (shortening the time) to support streaming-multicast audio and video applications that are jitter-sensitive. The default DTIM period is 10 beacons for BSS 1-4. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 201 1. Click the Rate Settings button within the radio edit screen to launch a new screen with rate setting information. 2. Check the boxes next to all the Basic Rates you want supported. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 202 1. Select Network > Access Point Radios from the main menu. 2. Click the Configuration tab. 3. Click the Add button to display at screen containing settings for adding a radio Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 203 A separate mesh configuration can be set for each AP radio. Define mesh configurations as required when dedicating an AP radio as either a base or client bridge within a mesh configuration. To define the selected AP radio’s mesh configuration: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 204 Define the client bridge load on this particular base bridge. Bridges Client Bridge Select the Client Bridge checkbox to enable the access point radio to initiate client bridge connections with other mesh network supported access point’s using the same WLAN. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 205: Viewing Ap Statistics
Details button to display additional information for an individual radio. To view radio statistics: 1. Select Network > Access Point Radios from the main menu tree. 2. Click the Statistics tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 206 The Tx column displays the average throughput for packets sent on the selected radio. Displays the average bit speed in Mbps on the selected Access Point. This value includes packets both sent and received. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 207 The configured channel in this case, is the value in parentheses. The AP may not be operating on the configured channel for 2 reasons: Uniform spreading is enabled or radar was encountered on the configured channel. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 208 9. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the controller. 10. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 209: Configuring Wlan Assignment
The WLAN Assignment tab displays a high-level description of the radio. It also displays the radios WLAN and BSSID assignments on a panel on the right-hand side of the screen. To view existing WLAN assignments: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 210 WLAN must be the primary WLAN. 5. Select a WLAN Assignment (by index) and click the Edit button to modify its properties.For more information, see “Editing a WLAN assignment” on page 197. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 211 5. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the controller. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 212: Configuring Wmm
(1/4, 1/3, etc.). Displays the name of the Access Point associated with the index. The Access Point name comes from the description field in the Radio Configuration screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 213 1. Select Network > Access Point Radios from the main menu tree. 2. Click the WMM tab. 3. Select a radio from the table and click the Edit button to launch a screen displaying the WMM configuration for that radio. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 214 9. Click OK to use the changes to the running configuration and close the dialog. 10. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 215: Configuring Access Point Radio Bandwidth
Displays the Quality of Service weight for the AP. The default value for the weight is 1. AP QoS will be applied based on the QoS weight value with the higher values given priority. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 216: Configuring Radio Groups For Client Load Balancing
8. To verify the radio groups click on the Groups tab to view configured radio groups. For more information on viewing radio groups refer to “Viewing Access Point radio groups” on page 203. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 217: Viewing Access Point Radio Groups
(along with the radio name) to differentiate the radio from other device radios. Viewing active calls (VCAC) statistics To view active call statistics: 1. Select Network > Access Point Radios from the main menu tree. 2. Click the VCAC Statistics tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 218: Viewing Mesh Statistics
Displays the total percentage of air time that each Access Point has dedicated to voice calls. Total Air Time (%) Displays the total percentage of air time allocated for TPSEC clients. Viewing mesh statistics To view mesh statistics: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 219 Displays the WLAN that each Access Point is associated to. Throughput Mbps Throughput Mbps is the average throughput in Mbps on the selected Access Point. Average Mbps is the average throughput in Mbps on the selected Access Point. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 220: Smart Rf
When a radio is down, it is referred to as the caretaker. Neighbor radios raising their transmit power to cover for the failed radio are referred to as caregivers. Smart RF calibration automatically chooses caregiver radios along with the power needed to cover. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 221 Extensible to future smart-tuning. For example, distinguish between AP to AP interference and static interference Viewing Smart RF information To view Smart RF information: 1. Select Network > Access Point Radios from the main menu tree. 2. Click the Smart RF tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 222 Displays whether or not each Access Point is locked to group of rescuer APs. Controller IP Displays the IP address of the 4. To view the details of individual radio Smart RF information, select a radio from the list and click the Details button Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 223 Displays the name assigned to the AP. The AP name can be configured on the Access Point Radios Configuration page. AP Type Displays the type of Access Point detected. The controllers support Brocade Mobility 300, Mobility 5181 and Mobility 7131 model Access Points. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 224 Displays the name assigned to the AP. The AP name can be configured on the Access Point Radios Configuration page. AP Type Displays the type of Access Point detected. The controllers support Brocade Mobility 300, Mobility 5181 and Mobility 7131 model Access Points. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 225 Viewing Smart RF history To view Smart RF history: 1. Select Network > Access Point Radios from the main menu tree. 2. Click the Smart RF tab 3. Click the Smart RF History button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 226 5. Check the Enable Smart RF Module box to enable Smart RF functions on the controller. The remainder of the Smart RF Settings screen is divided into the following four sections: • Calibration Configuration • Monitoring/Recovery Configuration • Diagnostic Configuration • Calibration Schedule Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 227 Schedule Calibration Check this box to enable scheduled RF Calibration. Start Date If scheduled RF Calibration is enabled, enter a start date in MM/DD/YY format for the start date of scheduled calibration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 228 12. Click OK to use the changes to the running configuration and close the dialog. 13. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 229: Voice Statistics
Calls per radio (Max) Displays the maximum number of concurrent voice calls that each Access Point has seen. Calls per radio (Avg) Displays an average number of calls active on each Access Point. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 230: Viewing Access Point Adoption Defaults
Point adoption process is somewhat unique, for more information, see “Configuring layer 3 Access Point adoption” on page 223. • Configuring AP adoption defaults • Configuring layer 3 Access Point adoption • Configuring WLAN assignment • Configuring WMM Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 231: Configuring Ap Adoption Defaults
This value can be a specific channel, Random, or ACS. Random assigns each radio a random channel. ACS (Automatic Channel Selection) allows the controller to systematically assign the channel. Default is random. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 232 “Editing default Access Point adoption settings” on page 218. NOTE The Mobility RFS6000 Controller supports up to 256 access points. The Mobility RFS7000 Controller supports up to 1024 access points. However, port adoption per controller is determined by the number of licenses acquired.
Page 233 Outdoors. The setting will affect the selection channel and power levels. Default is Indoor. 10. Select a channel for communications between the Access Point and Clients in the Desired Channel field. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 234 If using an 802.11 bg radio, select this checkbox for the radio to transmit using a short preamble. Short preambles improve throughput. However, some devices (SpectraLink phones) require long preambles. This checkbox does not display if using an 802.11a radio. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 235 Limiting the number of Clients can ensure that all voice Clients receive enough bandwidth to ensure voice quality. Admission control is only available for TSPEC enabled voice clients. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 236 Basic Rates are used for management frames, broadcast traffic and multicast frames. If a rate is selected as a basic rate it is automatically selected as a supported rate. 3. Check the boxes next to all Supported Rates you want supported by this radio. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 237: Configuring Layer 3 Access Point Adoption
IP address from a DHCP (or DNS) server and checking the options field within the DHCP response. The options field (Option 189) contains a list of controller IP addresses available for the Access Point. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 238: Configuring Wlan Assignment
Use the WLAN Assignment tab to assign WLANs and security schemes. To view existing WLAN Assignments: 1. Select Network > Access Point Adoption Defaults from the main menu tree. 2. Click the WLAN Assignment tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 239 Description Use the WLAN description (along with the WLANs index) as a means of identifying WLANs assigned to different radio BSSIDs. A BSSID cannot support two WLANs with the same description. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 240: Configuring Wmm
WMM tab displays the transmit intervals defined for the target access category. To view existing WMM Settings: 1. Select Network Setup > Radio Adoption Defaults from the main menu tree. 2. Click the WMM tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 241 The Transmit Ops value is the maximum duration a device can transmit after obtaining a transmit opportunity. For Higher-priority traffic categories, this value should be set higher. 6. Enter a value between 0 and 15 for the Contention Window minimum value. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 242: Configuring Access Points
To view existing adopted Access Point information: 1. Select Network > Access Point from the main menu tree. 2. Click the Adopted AP tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 243 Displays the hardware version of the Access Point. This information can be helpful when troubleshooting problems with the Access Point. IP Address Displays the IP address of the adopted Access Point. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 244 • Use of encryption and authentication • Vendor identification of all devices • Total data transferred Preprocessing data centrally ensures a reduced reliance on network bandwidth to perform wireless network management. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 245: Viewing Unadopted Access Points
Use the Unadopted AP tab for gathering device hardware address and software version information for the Access Point. To view existing Radio Configuration information: 1. Select Network > Access Point from the main menu tree. 2. Click the Unadopted AP tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 246: Access Point Configuration
Use the Configuration tab to view information on all known Access Points and edit their profiles. To view existing adopted Access Point information: 1. Select Network > Access Point from the main menu tree. 2. Click the Configuration tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 247 To edit Access Point Settings: 1. Select Network > Access Point from the main menu tree. 2. Click the Configuration tab. 3. Select an Access Point from the table and click the Edit button Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 248 Enables 802.11a, 802.11g, 802.11bgn and 802.11an for the WLAN and dedicates the AP as a sensor. Sensor B/G/N WLAN and Enables 802.11g and 802.11bgn for the WLAN and dedicates the AP as a sensor. Sensor Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 249: Viewing Sensor Information
Use the Sensor tab to view information on Mobility 300s configured as sensors and if needed revert them to Access Points. To view existing Sensor information: 1. Select Network > Access Point from the main menu tree. 2. Click the Sensor tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 250 WIPS Server. Address Secondary WIPS Server Define an alternate (second choice) IP address where the controller managed network will attempt to obtain rogue device information from a WIPS Server. Address Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 251: Configuring Secure Wispe
AP back to a standard Access Point. Configuring Secure WiSPe To configure Secure WiSPe: 1. Select Network > Access Point from the main menu tree. 2. Click the Secure WiSPe tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 252 Pre-Staging is enabled and a red X indicates that Pre-Staging is disabled. 5. To edit the Secure WiSPe settings for an AP, select an AP from the Secure WiSPe Table and click the Edit button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 253: Configuring Adaptive Ap Firmware
Adaptive APs that associate with the controller. To view AP firmware information: 1. Select Network > Access Point from the main menu tree. 2. Click the AP Firmware tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 254 5. To add a new AP firmware image, click the Add button. For information on adding a new AP firmware refer to “Adding a new AP Firmware image” on page 241. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 255 AP images must be on the flash, system, nvram or usb file systems in order for them to be selected. Click the OK button to save the changes and return to the AP Firmware tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 256: Configuring Ip Filtering
Specify the protocol used for the filter policy. The options are ALL, TCP, UDP, ICMP, PIM, GRE, RSVP, IDP, PUP, EGP, IPIP, ESP, AH, IGMP, IPVG, COMPR_H and RAW_IP. The protocol number can also be used as the protocol name. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 257: Multiple Spanning Tree
Common Spanning Tree) that interconnects all the bridges in a network. This instance treats each region as a single bridge. In all other ways, it operates exactly like Rapid Spanning Tree (RSTP). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 258: Configuring A Bridge
Viewing and configuring port instance details Configuring a bridge Use the Bridge tab to configure the Bridge. This window displays bridge configuration details for the controller To configure the MSTP bridge: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 259 Each controller running MSTP is configured with a unique MST region name. This helps when keeping track of MSTP configuration changes. Increment this number with each configuration change. The revision-level specifies the revision-level of the current configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 260 This value is used by all instances. Bridge Hello Time Displays the configured Hello Time. If this is the root bridge, the value is equal to the configured Hello Time. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 261: Viewing And Configuring Bridge Instance Details
The Bride Instance tab displays the number of MSTP instance created and VLANS associated with it. To view and configure the MSTP bridge instance: 1. Select Network > Multiple Spanning Tree from the main menu tree. 2. Select the Bridge Instance tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 262 3. Select an ID and click the Delete button to remove from the list. Creating a Bridge Instance To create a VLAN instance and associate it with a bridge as a numerical identifier: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 263: Configuring A Port
Use the Port tab to view and configure MSTP port parameters, including enabling/disabling the spanning tree algorithm on one or more ports (displaying the designated bridge and port/root information). To view and configure MSTP port details: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 264 STP state. This state is equivalent to a listening state. No data is forwarded across the port. Thus, the guard root enforces the root bridge position. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 265 802.1D configuration BPDU, it only sends 802.1D BPDUs over its port from that point on. Enable this option to restart detection of whether the port is connected to an MSTP capable bridge or a legacy 802.1 bridge. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 266 Displays the status of the Admin MAC Enable. A green check mark indicates the status as enabled. Port auto Edge Select the checkbox to use the port as an edge port. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 267: Viewing And Configuring Port Instance Details
Port Priority and Admin Internal Path Cost. To view and configure the MSTP bridge instance: 1. Select Network > Multiple Spanning Tree from the main menu tree. 2. Select the PortInstance tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 268 Cost OperInternal Path Cost Displays the Operational Path Cost of a port. This displays the default cost if AdminInternal Path Cost is 0. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 269: Igmp Snooping
Use the IGMP Snoop Config tab to view and configure IGMP Snoop Configuration. To view and configure IGMP Snoop details: 1. Select Network > IGMP Snooping from the main menu tree. 2. Select the IGMP Snoop Config tab Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 270 Indicates how the controller learns IGMP Snooping information. Can be one of pimDvmrp or static. Multicast Router Ports Lists the ports used for Multicast Routing. Can be one of the available ge ports. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 271: Igmp Snoop Querier Configuration
Snooping Table. For IGMP reports from wired ports, the controller forwards these reports to the Multicast Router Ports. Version Sets the IGMP version compatibility. Select from IGMP v1, v2, or v3. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 272 IGMP Snoop Querier is enabled on this VLAN. Displays 'disabled' otherwise. IP Address The IP address to be inserted in IGMP Query packets generated by the IGMP Querier for this VLAN. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 273: Controller Services
Status field. In the case of file transfer operations, the transfer screen remains open during the transfer operation and remains open upon completion (with status displayed within the Status field). To display a Services Summary: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 274 (in for voice applications in particular). Layer 3 mobility enables TCP/UDP sessions to be maintained in spite of roaming among different IP subnets. For more information on configuring Layer 3 Mobility, see “Layer 3 mobility” on page 307. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 275: Dhcp Server Settings
NOTE When using the controller’s internal DHCP server ensure that traffic can pass on UDP ports 67 & 68 between the controller and the clients receiving DHCP information. To configure DHCP: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 276 IP addresses. This is useful, for example, in education and customer environments where Client users change frequently. Use longer leases if there are fewer users. Domain Displays the domain name for the current interface. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 277 A h-hybrid is a combination of two or all of the nodes mentioned above. 6. Change the name of the boot file used for this pool within the Boot File parameter. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 278 Add a new DHCP pool as needed to suit the address distribution requirements of your network. To add a DHCP pool: 1. Select Services > DHCP Server from the main menu tree. 2. Click the Add button at the bottom of the screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 279 From the Network field, use the Associated Interface drop-down menu to define the controller interface is used for the newly created DHCP configuration. Use VLAN1 as a default interface if no others have been defined. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 280 1. Select Services > DHCP Server from the main menu tree. 2. Highlight an existing pool name from within either the Configuration or Host Pool tab and click the Options Setup button at the bottom of the screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 281 1. Select Services > DHCP Server from the main menu tree. 2. Highlight an existing pool name from within either the Configuration or Host Pool tabs and click the DDNS button at the bottom of the screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 282: Viewing The Attributes Of Existing Host Pools
To view the attributes of existing host pools: 1. Select Services > DHCP Server from the main menu tree. 2. Select the Host Pool tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 283 “Editing the properties of an existing DHCP pool” on page 263. 5. To delete an existing DHCP pool from the list of those available, highlight the pool from within the Pool Name field and click the Delete button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 284: Configuring Excluded Ip Address Information
1. Select Services > DHCP Server from the main menu tree. 2. Click the Excluded tab. The Excluded tab displays fixed IP addresses statically assigned and unavailable for assignment with a pool. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 285: Configuring The Dhcp Server Relay
Server on subnet1 to provide IP addresses to DHCP clients requesting IP addresses using DHCP relay. To view and configure DHCP relay information: 1. Select Services > DHCP Server from the main menu tree. 2. Click the Relay tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 286 VLAN and gateway interface should not have DHCP client or DHCP Server enabled. DHCP packets cannot be relayed to an onboard DHCP Server. The interface VLAN and gateway interface cannot be the same. 6. Click the Add button to create a new DHCP pool. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 287: Viewing Ddns Bindings
IP address for a given name. To view controller DDNS binding information: 1. Select Services > DHCP Server from the main menu tree. 2. Select the DDNS Bindings tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 288: Viewing Dhcp Bindings
IP address from a pool of available addresses. To view detailed binding information: 1. Select Services > DHCP Server from the main menu tree. 2. Select the Bindings tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 289: Reviewing Dhcp Dynamic Bindings
The Dynamic Bindings tab displays only automatic bindings. To view detailed Dynamic DHCP Binding Status information: 1. Select Services > DHCP Server from the main menu tree. 2. Select the Dynamic Bindings tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 290 This button is enabled when one or more rows exist. 6. Click the Export button to display a screen used to export the DHCP Binding information to a secure location. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 291: Configuring The Dhcp User Class
6. Click the Edit button to modify the properties displayed for an existing DHCP User Class Name. For more information, see “Editing the properties of an existing DHCP user class” on page 279. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 292 Requests are any “SET/GET” operation from the applet. The Status field displays error messages if something goes wrong in the transaction between the applet and the controller. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 293: Configuring Dhcp Pool Class
To view the attributes of existing host pools: 1. Select Services > DHCP Server from the main menu tree. 2. Select the Pool Class tab to view the DHCP pool class details. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 294 2. Select the Pool Class tab. 3. Click on the Edit button from the Pool Class Names section. 4. Refer to the read-only Pool Name to ensure modifications are made to the correct pool name. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 295 Use the Insert button to enter the Start IP and End IP address range for a class. b. Select a address range and click Remove to delete that particular address range. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 296: Configuring Secure Ntp
When using the SNTP service, ensure that traffic can pass on UDP port 123 between the controller and the NTP server. To define the SNTP configuration: 1. Select Services > Secure NTP from the main menu tree. 2. Select the Configuration tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 297 Revert buttons become enabled to save or cancel settings. Act As NTP Master When this checkbox is selected, the Apply and Revert buttons become enabled to save or cancel settings within the Other Settings field. Clock Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 298: Configuring Symmetric Keys
To review existing Symmetric Key configurations, and (if necessary) add a new one: 1. Select Services > Secure NTP from the main menu tree. 2. Select the Symmetric Keys tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 299 4. Select an existing key and click the Delete button to permanently remove it from the list of Key IDs. 5. Click the Add button to create a new Symmetric Key that can be used by the controller. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 300: Defining A Ntp Neighbor Configuration
SNTP configuration. To review the controller’s existing NTP neighbor configurations: 1. Select Services > Secure NTP from the main menu tree. 2. Select the NTP Neighbor tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 301 4. Select an existing neighbor and click the Edit button to modify the existing peer or server designation, IP address, version, authentication key ID and preferred source designation. 5. Select an existing entry and click the Delete button to remove it from the table. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 302: Adding An Ntp Neighbor
(and controller) must be on the same subnet. NTP broadcasts reduce configuration complexity since both the controller and its NTP resources can be configured to send and receive broadcast messages. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 303: Viewing Ntp Associations
SNTP resource, not the other way around). To review the controller’s current SNTP associations: 1. Select Services > Secure NTP from the main menu tree. 2. Select the NTP Associations tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 304 Displays the status of the last eight SNTP messages. If an SNTP packet is lost, the lost packet is tracked over the next eight SNTP messages. Delay (sec) Displays the round-trip delay (in seconds) for SNTP broadcasts between the SNTP server and the controller. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 305: Viewing Ntp Status
NTP association. Verifying the controller’s SNTP status is important to assess which resource the controller is currently getting its system time from, as well as the time server’s current differences in time attributes as compared to the current controller time. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 306 Displays the precision (accuracy) of the controller’s time clock (in Hz). The values that normally appear in this field range from -6 for mains-frequency clocks to -20 for microsecond clocks found in some workstations. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 307: Configuring Controller Redundancy And Clustering
Once the virtual session is created, any command executed on WS1 is executed on the other controllers at the same time. This is done by the cluster-protocol running on WS1, by duplicating the commands and sending them to the group over the virtual connection: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 308 To view status and membership data and define a redundancy group configuration, refer to the following: • Configuring redundancy settings • Reviewing redundancy status • Configuring redundancy group membership • Redundancy group license aggregation rules • Managing clustering using the Web UI Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 309: Configuring Redundancy Settings
Redundancy ID Define an ID for the cluster group. All the controllers configured in the cluster should have the same Cluster ID. The valid range is 1-65535. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 310 (passive) mode only if all configured members are up again. The revert function does not push APs to the primary controller unless the primary controller has failed over. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 311 Apply button results in all the changes on the screen being discarded. 8. Click the Revert button to undo the changes to the screen and revert to the last saved configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 312: Reviewing Redundancy Status
AP will continue to be adopted by the controller with no ETH2 connectivity. To configure controller redundancy memberships: 1. Select Services > Redundancy from the main menu tree. The Redundancy screen displays with the Configuration tab selected. 2. Select the Status tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 313 Displays the controller firmware image version currently running on the controller. Compare this version with the latest version available from Brocade to ensure the image version controller supports the latest feature set available. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 314: Configuring Redundancy Group Membership
2 members needed to comprise a Redundancy Group, including the initiating controller To configure controller redundancy memberships: 1. Select Services > Redundancy from the main menu tree. The Redundancy screen displays with the Configuration tab selected. 2. Select the Member tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 315 Displays the number of Access Points adopted by this member. AAP Adoption Count Displays the number of Adaptive APs adopted by this member. AP License Count Displays the number of Access Point licenses installed on this member. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 316 1. Select Services > Redundancy from the main menu tree. The Redundancy screen displays with the Configuration tab selected. 2. Select the Member tab. 3. Highlight a member of the group and select the Details button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 317 Radio Portals Displays the number of radio portals detected on each redundancy member listed. Associated Clients Display the number of Clients associated with each member listed. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 318 “SET/GET” operation from the applet. The Status field displays error messages if something goes wrong in the transaction between the applet and the controller. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 319: Redundancy Group License Aggregation Rules
Web UI allowing you to see APs and Clients managed by all active members of a cluster. To enable the Cluster GUI feature: 1. Select Services > Redundancy from the main menu tree The Redundancy screen displays with the Configuration tab selected. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 320 When accessing the controller Web UI through a NATed interface the Cluster GUI features will only be accessible if TCP ports 80 and 161 are opened on the router or gateway. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 321: Layer 3 Mobility
Point has to get DNS server information as part of its DHCP information. The default DNS name requested is “Brocade-CAPWAP-Address”. However, since the default name is configurable, it can be set as a factory default to whatever value is needed. Key aspects of Layer 3 Mobility include: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 322 To configure Layer 3 Mobility for the controller: 1. Select Services > Layer 3 Mobility from the main menu tree. The Layer 3 Mobility screen appears with the Configuration tab displayed. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 323 If unsure if you want to enable mobility for each WLAN, manually select just those you want to enable. 8. Select the All WLANs Off button to disable mobility for each WLAN listed. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 324: Defining The Layer 3 Peer List
3. Refer to the contents of the Peer List for existing IP addresses and Layer 3 Client session status. Use this information to determine whether a new IP address needs to be added to the list or an existing address needs to be removed. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 325: Reviewing Layer 3 Peer List Statistics
To view layer 3 peer statistics 1. Select Services > Layer 3 Mobility from the main menu tree. The Layer 3 Mobility screen appears with the Configuration tab displayed. 2. Select the Peer Statistics tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 326 The current controller sends the LEAVE message with the Client's MAC address information to the home controller, which eventually forwards the message to each mobility peer. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 327: Reviewing Layer 3 Client Status
Clients roaming within the mobility domain. To view Layer 3 mobility client statistics 1. Select Services > Layer 3 Mobility from the main menu tree. 2. Select the Client Status tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 328: Configuring Self Healing
(configured in detector mode) informs the controller a particular radio is not transmitting beacons. To configure self-healing on the controller: 1. Select Services > Self Healing from the main menu tree. The Self Healing page launches with the Configuration tab displayed. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 329 4. Click the Apply button to save the changes made within this screen. Clicking Apply overwrites the previous configuration. 5. Click the Revert button to disregard any changes made within this screen and revert back to the last saved configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 330: Configuring Self Healing Neighbor Details
Description Displays a text description used (in conjunction with the radio’s index) to differentiate the radio from its peers. Type Displays the radio as either a 802.11a or 802.11bg radio. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 331 • None - The radio takes no action at all when its neighbor radio fails. • Open Rates - The radio will default to factory-default rates when its neighbor radio fails. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 332: Configuring Controller Discovery
Configuring discovery profiles To configure controller discovery: 1. Select Services > Discovery from the main menu tree. The Discovery page launches with the Discovery Profiles tab displayed Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 333 4. Select an existing profile and click the Delete button to remove this profile from the list of available profiles. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 334 To create a new controller discovery profile: 1. Select Services > Discovery from the main menu tree. 2. Click the Add button at the bottom of the screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 335: Viewing Discovered Controllers
To view the devices located by the controller: 1. Select Services > Discovery from the main menu tree. 2. Select the Recently Found Devices tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 336 The Redundancy ID would have been assigned using the Controller > Redundancy screen. Device Name Displays the device name assigned to the discovered device. This name would have been assigned using the Controller > Configuration screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 337: Locationing
By default all clients are allowed admission in all zones and the Wireless ACLs can be configured to deny admission to a single MAC address (client) or a group of clients for each defined zone. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 338: Rtls Overview
Smart surroundings (fixed wireless devices such as printers, price verifiers, near me tags as installed in the facility) • Runtime RF environment • The previous position of the tag • TDoA • Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 339: Defining Site Parameters
Enter a name for the site where locationing is deployed. This is for identification purposes only. Description Provide a description of the site where locationing is deployed. This is an optional field. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 340 8. Click the Revert button to disregard any changes made within this screen and revert back to the last saved configuration. Adding AP location information To add AP Location information for your site Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 341: Configuring Sole Parameters
3. Check the Locate All Mobile-Units checkbox to locate all Clients known to the controller across all WLANs. This will also disable manual entry of Client MAC addresses in the field below. This takes effect immediately when the box is checked. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 342 Lists the last known zone for each located Client. Zone configuration can be defined using the CLI interface only. When no zones are configured, the controller defaults the entire site to Zone 0. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 343: Configuring Aeroscout Parameters
To use the onboard SOLE engine to locate Aeroscout tags, site parameters, AP location (Command Line Interface only) and Zone configuration (optional, Command Line Interface only) must be configured. 5. Click the Apply button to save the Multicast MAC Address value. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 344: Configuring Ekahau Parameters
Zone configuration can be defined using the CLI interface only. For information on Zone Configuration please see the Brocade RF Controller CLI Reference. Configuring Ekahau parameters To configure the controller to work with an external Ekahau RTLS engine: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 345 Displays the Date and Time that the last message was received from the external Ekahau RTLS engine. No. of TX Msgs Displays the number of messages transmitted by the controller to the external Ekahau RTLS engine. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 346 Zone 0. NOTE Zone configuration can be defined using the CLI interface only. For information on Zone Configuration please see the Brocade RF Controller CLI Reference. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 347: Controller Security
Status field remains displayed. In the case of file transfer operations, the transfer screen remains open during the transfer operation and remains open upon completion (with status displayed within the Status field). To view main menu security information: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 348 Displays the number of Key Pairs currently used by the controller. For more information, see “Configuring trustpoint associated keys” on page 452. The Apply and Revert buttons are greyed out within this screen, as there is no data to be configured or saved. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 349: Ap Intrusion Detection
Access Point hacking into the controller managed network. To configure AP Detection: 1. Select Security > Access Point Intrusion Detection from the main menu. 2. Select the Configuration tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 350 Refresh Time Define a value (in seconds) associated Clients use to scan for Access Points. The range is from 300 - 86400 seconds, with a default of 1800 seconds. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 351 3. Select an existing Allowed AP and click the Edit button to modify the properties of an existing Allowed AP or click the Add button to define the attributes of a new Allowed AP. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 352 8. Click OK to use the changes to the running configuration and close the dialog. 9. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 353: Approved Aps
Displays the channel the approved AP is currently transmitting on. If this device is operating on a channel not frequently used within your network segment, perhaps the device is correctly defined as an approved AP. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 354: Unapproved Aps (Ap Reported)
Detection > Configuration screen. To view Access Point detected unapproved Access Points: 1. Select Security > Access Point Intrusion Detection from the main menu tree. 2. Click on the Unapproved APs (AP Reported) tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 355: Unapproved Aps (Client Reported)
Clients. The criteria for Access Point approval was defined using the Security > Access Point Intrusion Detection > Configuration screen, using the values defined within the Client Assisted Scan field.To view unapproved Access Points detected by controller radio associated Clients: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 356 4. The Number of Unapproved APs is simply the sum of all of Unapproved Radio MAC Addresses detected. 5. Click the Export button to export the contents of the table to a Comma Separated Values file (CSV). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 357: Ap Containment
A unique numerical ID assigned by the controller for each of the known rogue APs. Rogue BSS Mac Display a list of all know Rogue BSS MAC Addresses known to the controller. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 358: Client Intrusion Detection
Use the controller’s Wireless Intrusion Detection facility to view and configure wireless intrusion related information. The Wireless Intrusion Detection screen provides the following functionalities: • Configuring client intrusion detection • Viewing filtered clients Configuring client intrusion detection To configure Client intrusion detection: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 359 X. Threshold Values for Set the Client threshold value for each violation type. If exceeded, the Client will be filtered and displayed within the Filtered Clients screen. Wireless Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 360: Viewing Filtered Clients
To view status of those Clients filtered using the settings defined within the Configuration tab: 1. Select Security > Wireless Client Intrusion Detection from the main tree menu. 2. Click on the Filtered Clients tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 361 Client’s identifier. Radio Index The radio index displays the index of the detected Client. Use this information to discern whether the detected Client is known and whether is truly constitutes a threat. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 362: Configuring Firewalls And Access Control Lists
ACLs to verify the packet has the required permissions to be forwarded, based on the criteria specified in the access lists. NOTE If a packet does not meet any of the criteria specified in the ACL, the packet is dropped. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 363: Acl Overview
LAN from which they arrived rather than filtering the packets arrived on Layer 2 ports. For more information, see • Router ACLs • Port ACLs • Wireless LAN ACLs • ACL actions • Precedence order Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 364 Port ACLs The controller supports Port ACLs on physical interfaces and inbound traffic only. The following Port ACLs are supported: • Standard IP ACL— Uses a source IP address as matching criteria. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 365 ACL replaces the previously configured one. Wireless LAN ACLs Wireless LAN ACLs filter/mark packets based on the wireless LAN from which they arrive rather than filtering packets on Layer 2 ports. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 366 Either delete the entry or add new entries with precedence values less than 5000. A user can add a maximum of 500 ACE's in an ACL. • Rules within an ACL are displayed in an ascending order of precedence. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 367: Configuring The Firewall
4. Add a new ACL entry as explained in “Adding a new ACL” on page 354. 5. The Configuration tab consists of the following two fields: • ACLs - existing access lists • Associated Rules - allow/deny rules Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 368 • MAC Extended List – Uses source and destination MAC addresses, VLAN ID and optional protocol information. 6. Enter a numeric index name for the ACL in the ACL ID field. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 369 Select the Logging checkbox to generate log messages when a packet has been forwarded, denied or marked based on the criteria specified in the access lists. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 370 2. Click the Configuration tab. 3. Click the ACL tab. 4. Select an ACL from the ACLs field. The rules associated with the selected ACL display in the Associated Rules section. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 371 The Source Wildcard/Mask is the size of the network or host (in mask format). The mask length defines a match based on the Network / Host. NOTE If an Extended IP ACL is used, a Destination Wildcard/Mask and Destination Address are required. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 372: Attaching An Acl On A Wlan Interface/Port
Layer 2 ACLs, which just support the inbound direction. To configure a WLAN ACL: 1. Select Security > Wireless Firewall from the main menu tree. 2. Select the Security Policy tab. 3. Select the Attach-WLAN tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 373 9. Refer to the Status field for the state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the controller. 10. Click OK to use the changes to the running configuration and close the dialog. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 374: Attaching An Acl Layer 2/Layer 3 Configuration
Displays the MAC ACL to be configured as the MAC IP for the layer 2 interface. 5. Select an interface and click on Edit to modify the ACL interface, IP ACL and MAC ACL values. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 375: Configuring The Role Based Firewall
10. Click Cancel to close the dialog without committing updates to the running configuration. Configuring the role based firewall Use the Attach Role screen to view and assign an ACL to a role. To attach a role: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 376 ACL tab. 5. Click on Add button to add a new role. 6. Select an interface and click the Delete button to delete the interface configuration from the controller. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 377: Configuring Wireless Filters
Client’s address range required. To display the Wireless Filters main page: 1. Select Security > Wireless Firewall from the main menu tree. 2. Click on the Security Policy tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 378 5. If the properties of an existing filter fulfill to your needs but still require modification to better filter devices, select the Edit button. For more information see, “Editing an existing wireless filter” on page 365. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 379: Editing An Existing Wireless Filter
The available index range is 1 - 1000. However, the index is not editable, only its starting/ending MAC range and allow/deny designation. If a new index is needed, create a new filter. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 380: Adding A New Wireless Filter
4. Click the Add button at the bottom of the screen to launch a new dialogue for creating an ACL. Define an Index (numerical identifier) for the ACL and the starting and ending MAC address range for devices allowed/denied access to the controller managed network. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 381: Associating An Acl With A Wlan
1. Select Security > Wireless Firewall from the main menu tree. 2. Click the Security Policy tab. 3. Click the Wireless Filters tab. 4. Select one or more of the existing ACLs from the filters list. 5. Click the Memberships button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 382: Configuring Layer 2 Firewall
Configuring Layer 2 Firewall To review Layer 2 firewall rules: 1. Select Security > Wireless Firewall from the main tree menu. 2. Select the Configuration tab. 3. Click the L2 tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 383 Thresholds are configured in terms of packets per second. The threshold range is 1-1000000 packets per second. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 384 DHCP trust enabled. ARP Trust Select to enable ARP trust on this interface. ARP packets received on this interface are considered trusted and information from these packets is used to identify rogue devices. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 385: Configuring Wlan Firewall Rules
To review WLAN firewall rules: 1. Select Security > Wireless Firewall from the main tree menu. 2. Click the Configuration tab. 3. Click the WLAN tab. 4. The WLAN tab contains the following information: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 386 Displays the permissible number of denied packets per second that a wireless per sec client on this WLAN may send before it is deauthenticated. The threshold range is 0-1000000 packets per second. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 387 373. WLAN level configuration To add new WLAN firewall rules: 1. Select Security > Wireless Firewall from the main tree menu. 2. Click the Configuration tab. 3. Click the WLAN tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 388 To enable deauthentication, check the box. DHCP Trust Select to enable DHCP trust on this WLAN. When disabled, any DHCP packets received on the interface is dropped. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 389: Configuring Denial Of Service (Dos) Attack Firewall Rules
1. Select Security > Wireless Firewall from the main tree menu. 2. Click the Configuration tab. 3. Click the DoS Attack tab. 4. The DoS Attack tab contains the following information: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 390 8. To disable all Denial of Service Attack filters, click on the Disable All button. When a DoS Attack filter is disabled a red “X” will be shown in the Check Enabled column. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 391: Configuring The Role
Role Name Displays the name of each role. The role name is configured when the role is created and cannot be edited. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 392 Creating a new role To add new role: 1. Select Security > Wireless Firewall from the main tree menu. 2. Click the Configuration tab. 3. Click the Role tab. 4. Click the Add button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 393 Not Contains: The role will be applied to APs whose location does not contain the location string specified in the role Any: The role will be applied to any AP Locations Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 394: Configuring Firewall Logging Options
Configuring firewall logging options To view firewall logging rules: 1. Select Security > Wireless Firewall from the main tree menu. 2. Click the Configuration tab. 3. Click the Log Options tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 395 The logging level uses the same standard Syslog levels. To change the logging level, click on the specific field and choose the logging level from the drop-down menu. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 396: Reviewing Firewall And Acl Statistics
Use the Statistics tab to view set of statistics for ACL, DHCP Snoop Entry and Role based firewalls. Reviewing ACL statistics To review ACL statistics: 1. Select Security > Wireless Firewall from the main menu tree. 2. Click the Statistics tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 397 ACLs should be deleted or modified to make relevant. 5. Select an interface and click the Details button to display a more robust set of statistics for the selected interface. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 398 Displays the MAC Address of each DHCP Client, DHCP Server or Router in the table. Type Displays the type for each DHCP Snoop Entry. Available entry types include: • DHCP Client • DHCP Server • Router • DHCP Server Router • DHCP Client Router Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 399 Displays the Role Names for all roles that are active and have wireless clients associated with them. Assigned Clients Clicking on a Role Name will display all wireless clients that are associated with the selected role. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 400: Configuring Nat Information
Refer to the NAT screen’s Dynamic Translation tab to view existing dynamic NAT configurations available to controller. To view and add/edit a dynamic NAT configuration: 1. Select Security > NAT from the main menu tree. 2. Click on the Dynamic Translation tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 401 Defines the interface through which packets are routed. The source IP address and source port number (only if IP protocol is TCP or UDP) of packets is changed to the interface IP address and a random port number. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 402 LAN are searched against to the records kept by the NAT engine. There the destination IP address is changed back to the specific internal private class IP address in order to reach the LAN over the controller managed network. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 403: Defining Static Nat Translations
Refer to the NAT screen’s Static Translation tab to view existing static NAT configurations available to controller. To view and add/edit a dynamic NAT configuration: 1. Select Security > NAT from the main menu tree. 2. Click the Static Translation tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 404 Applies NAT on packets matching the specified port number. The port number matched can be either source or destination based on the direction specified. This option is valid only if the direction specified is destination. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 405 Outside - All other addresses (usually valid addresses located on the Internet). Outside addresses pose no risk if exposed over a publicly accessible network. 5. Define the NAT Direction from the drop-down menu. Options include: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 406: Configuring Nat Interfaces
NAT interface, in addition to any other VLANs created. In addition to selecting the VLAN, specify the Inside or Outside NAT type. To view and configure a NAT interface: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 407 5. If an interface is obsolete or of no use to the NAT translation process, select it and click the Delete button to remove it from the list of interfaces available Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 408: Viewing Nat Status
Use the Status tab to review the NAT translations configured thus far for the controller. The Status tab displays the inside and outside local and global IP addresses. To view and configure a NAT interface: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 409 The configured IP address assigned to a host in the outside network. 4. Click on the Export button to export the contents of the table to a Comma Separated Values file (CSV). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 410: Configuring Ike Settings
Radius server) and more than one controller and application can use the information. To view the current set of IKE configurations: 1. Select Security > IKE Settings from the main menu tree. 2. Click the Configurations tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 411 Please note that RSA keys are not supported for IKE negotiation on this controller. Highlight an existing set of pre-shared Keys and click the Edit button to revise the existing peer IP address, key and aggressive mode designation. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 412: Setting Ike Policies
A HMAC method to ensure the identity of the sender, and validate a message has not been altered • A Diffie-Hellman group establishing the strength of the of the encryption-key algorithm. • A time limit for how long the encryption key is used before it is replaced. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 413 If no match exists, IKE refuses negotiation. To view the current set of IKE policies: 1. Select Security > IKE Settings from the main menu tree. 2. Click the IKE Policies tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 414 4. Highlight an existing policy and click the Edit button to revise the policy’s existing encryption scheme, hash value, authentication type, SA lifetime and DH group. The sequence number cannot be revised. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 415 5. Select an existing policy and click the Delete button to remove it from the table. 6. If the properties of an existing policy are no longer relevant and cannot be edited to be useful, click the Add button to define a new policy. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 416: Viewing Sa Statistics
IKE requires SAs to identify connection attributes. IKE can negotiate and establish its own SA. An IKE SA is used by IKE only, and is bi-directional. To view SA statistics: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 417 4. Select an index and click the Details button to display a more robust set of statistics for the selected index. Use this information to discern whether changes to an existing IKE configuration is warranted or if a new configuration is required. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 418: Configuring Ipsec Vpn
Define transform sets A transform set represents a combination of security protocols and algorithms. During the IPSec security association negotiation, peers agree to use a particular transform set for protecting data flow. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 419: Defining The Ipsec Configuration
Use the IPSec VPN Configuration tab to view the attributes of existing VPN tunnels and modify the security association lifetime and keep alive intervals used to maintain the sessions between VPN peers. From the Configuration tab, transform sets can be created as existing sets, modified or deleted. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 420 Click Apply to save any updates you may have made to the screen. Revert Click the Revert button to disregard any changes you have made and revert back to the last saved configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 421 To edit the attributes of an existing transform set: 1. Select Security > IPSec VPN from the main menu tree. 2. Click the Configuration tab. 3. Select an existing transform set and click the Edit button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 422 6. Click OK to use the changes to the running configuration and close the dialog. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 423 ESP-AES - ESP with 3DES, ESP with AES (128 bit key). • ESP-AES 192 - ESP with 3DES, ESP with AES (192 bit key). • ESP-AES 256 - ESP with 3DES, ESP with AES (256 bit key). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 424: Defining The Ipsec Vpn Remote Configuration
IPSec VPN tunnel. The Remote tab is also used for defining the IP address range used within the IPSec VPN tunnel and configuring the authentication scheme for user permissions within the IPSec VPN tunnel. To define the IPSEc VPN’s remote configuration: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 425 Ending IP Address Enter a numerical IP address to complete the range. If the Ending IP address is blank, only the starting address is used as the destination address. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 426: Configuring Ipsec Vpn Authentication
IPSec resource. Select the Authentication tab to define the credential verification mechanisms used with the IPSEC VPN configuration. To define the IPSEc VPN authentication configuration: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 427 Displays whether this target server is a Primary or Secondary Radius Server. Server IP Address Displays the IP address of the server acting as the data source for the Radius server. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 428: Configuring Crypto Maps
Crypto Maps (referring to large identity sections) instead of specifying a large number of Crypto Maps (referring to small identity sections). To define the Crypto Map configuration: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 429 Crypto Map entries To review, revise or add Crypto Map entries: 1. Select Security > IPSec VPN from the main menu tree. 2. Click the Crypto Maps tab and select Crypto Map Entries. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 430 Refer to the definitions supplied for the Add Crypto Map screen (on the next page) to ascertain the requirements for editing a Crypto Map. 5. Select an existing Crypto Map and click the Delete button to remove it from the list of available. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 431 Radius tunnel attributes for IP Security (IPSec) peers. Optionally select the SA Per Host checkbox to specify that separate IPSec SAs should be requested for each source/destination host pair. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 432 Crypto Map peers To review, revise or add Crypto Map peers: 1. Select Security > IPSec VPN from the main menu tree. 2. Click the Crypto Maps tab and select Peers. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 433 To review, revise or add a Crypto Map using a manually defined security association: 1. Select Security > IPSec VPN from the main menu tree. 2. Click the Crypto Maps tab and select Manual SAs. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 434 5. Select an existing table entry and click the Delete button to remove it from the list of those available to the controller. 6. If a new Crypto Map manual security association requires creation, click the Add button Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 435 Crypto Map transform sets A transform set is a combination of security protocols and algorithms defining how the controller protects data. To review, revise or add a Crypto Map transform set: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 436 5. Select an existing entry from the table and click the Delete button to remove it from the list. 6. If a new Crypto Map transform set requires creation, click the Add button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 437 Crypto Map for each interface. 1. Select Security > IPSec VPN from the main menu tree. 2. Click the Crypto Maps tab and select Interfaces. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 438 Map to the interface resynchronizes the run-time data structures with the Crypto Map configuration. Also, adding new peers through the new sequence numbers and reassigning the Crypto Map does not break existing connections. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 439: Viewing Ipsec Security Associations
ESP SPI Out SPI specified in the Encapsulating Security Payload (ESP) outbound header. AH SPI In Displays the inbound Authentication Header (AH). AH SPI Out Displays the outbound Authentication Header (AH). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 440: Configuring The Radius Server
NOTE For hotspot deployment, Brocade recommends using the controller’s onboard Radius server and built-in user database. This is the easiest setup option and offers a high degree of security and accountability. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 441: Radius Overview
For a Radius supported VLAN to function properly, the Dynamic Assignment checkbox must be enabled for the WLAN supporting the VLAN. For more information, see “Editing the WLAN configuration” on page 109. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 442 Access policies allow the administrator to control access to a set of users based on the WLANs (ESSID). Group to WLAN access is controlled using a “Time of the day” access policy. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 443: Using The Controller's Radius Server Versus An External Radius
Server’s database, since the primary method has rejected the authentication attempt. Defining the Radius configuration To configure Radius support on the controller: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 444 6. Click the Apply button to save the changes made to within the Global Settings field. Click the Revert button to cancel any changes made within the Global Settings field and revert back to the last saved configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 445 Radius -enabled device configured with the same shared secret. The shared secret is a case-sensitive string that can include letters, numbers, or symbols. Make the shared secret at least 31 characters to protect the Radius server from brute-force attacks. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 446 Specify the IP Address of the new Radius proxy server. Enter the TCP/IP Port Number used by the proxy Radius server. d. Specify a Radius Shared Secret for authenticating the Radius client. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 447: Configuring Radius Authentication And Accounting
Radius accounting supplies administrators with user data as Radius sessions are started and terminated. To define the Radius authentication and accounting configuration: 1. Select Security > Radius Server from the main menu. 2. Select the Authentication tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 448 Refer to the Users and Groups tabs to define user and group permissions for the controller’s local Radius server. • If LDAP is selected, the controller uses the data within an LDAP server. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 449 5. Click the Apply button to save the changes made to within the screen. 6. Click the Revert button to cancel any changes made within the screen and revert back to the last saved configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 450: Configuring Radius Users
Displays whether a specific user has been defined as a guest user (with a green check) or has been configured as permanent user. Guest users have temporary access. Group Name Lists the group name that was assigned to the Radius User ID and Group. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 451 (guest) permissions. Available Groups Use the Available Groups Add -> and Remove <- functions to map groups (for inclusion) for this specific user. Configured Group Displays existing groups available for the user. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 452: Configuring Radius User Groups
To access the configuration of existing user groups: 1. Select Security > Radius Server from the main menu. 2. Select the Groups tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 453 However, if a user is part of a different group that has not exceeded their access interval, then the user may still interoperate with the controller (remain authenticated) as part of that group. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 454 If an existing group is no longer needed (perhaps obsolete in function), select the group and click the Delete button to permanently remove the group from the list. The group can only be removed if all the users in the group are removed first. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 455 10. Click OK to use the changes to the running configuration and close the dialog. 11. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 456: Viewing Radius Accounting Logs
Displays the type of file each file is. Size Display the size of the file. NOTE An explicit purge operation is not supported, the accounting logs are purged automatically once they reach their limit. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 457: Creating Server Certificates
CA, CA-specific configuration parameters, and an association with an enrolled identity certificate. To view current certificates values: 1. Select Security > Server Certificates from the main menu tree. 2. Select the Trustpoints tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 458 If there is a common name (IP address) for the organizational unit making the certificate request, it displays here. Issued By Country (C) Displays the country of the certificate issuer. State (ST) Displays the state or province for the country the certificate was issued. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 459 446. Creating a server / CA root certificate To create a Server Certificate or import a CA Root Certificate: 1. Select Security > Server Certificates from the main menu tree. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 460 Using the wizard to create a new certificate To generate a new self-signed certificate or prepare a certificate request: 1. Select the Create new self-signed certificate /certificate request radio button in the wizard and click the Next button Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 461 Use a new key — Select this option to create a new key for the trustpoint. Define a key name and size as appropriate. Associate the certificate selected with one of the options provided in the Specify a key for your new certificate and click the Next button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 462 Certificate. By default, the State/Prov. field is CA. This is a required field. City Enter a City to represent the city name used in the Self-Signed Certificate. By default, the City name is San Jose. This is a required field. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 463 If you selected to prepare a certificate request in the page 2, the wizard continues, prompting the user for the required information to complete the certificate request. Click Next to continue. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 464 CA root certificate use with a trustpoint. Delete trustpoint properties as they become obsolete or the properties of a certificate are no longer relevant to the operation of the controller. To use the wizard to delete trustpoint properties: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 465 Creating Server Certificates 1. Select the Delete Operations radio button and click the Next button. The next page of the wizard is used to delete a trustpoint. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 466: Configuring Trustpoint Associated Keys
To configure the keys associated with trustpoints: 1. Select Security > Server Certificates from the main menu tree. 2. Select the Keys tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 467 If none of the keys listed within the Keys tab are suitable for use with a certificate, consider creating a new key pair. 1. Select Security > Server Certificates from the main menu tree. 2. Select the Keys tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 468 1. Select Security > Server Certificate from the main menu tree. 2. Click the Keys Tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 469: Configuring Enhanced Beacons And Probes
Use the Enhanced Beacons/Probe screen to configure enhanced beacons/probes and their output reports. The Enhanced Probes and Beacons screens displays four tabs supporting the following configuration activities: • Configuring the beacon table Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 470: Configuring The Beacon Table
Channel on which the AP was detected • Time when the AP was detected. To configure enhanced beacons: 1. Select Security > Enhanced Probe/Beacon Table from the main menu tree. 2. Select the Beacon Table tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 471 AP’s. <- Remove Select the channel’s frequency from the Configured list box and click <- Remove to remove a channel from the list of channels provided to the controller. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 472: Configuring The Probe Table
Mobility 300 receives from Clients. To configure enhanced beacons: 1. Select Security > Enhanced Probe/Beacon Table from the main menu tree. 2. Select the Probe Table tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 473 10. 802.11bg Mobility 300 Radios: Click the Enable all button to allow the AP’s 802.11bg radios to receive Client probe requests and forward them to the controller. Click the Disable all button to stop AP’s 802.11bg radios from forwarding Client probe requests to the controller. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 474: Reviewing Found Beacons
3. Refer to the following information as displayed within the Beacons Found tab. Portal MAC Displays the MAC address of the unadopted AP detected by the enhanced beacon supported AP. Rogue AP MAC Displays the MAC address of the enhanced beacon supported AP. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 475: Reviewing Found Probes
Probes Found tab is read-only with no user configurable parameters. To view the enhanced beacons table report: 1. Select Security > Enhanced Probe/Beacon Table from the main menu tree. 2. Select the Probes Found tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 476 Displays the channel frequency used when the unadopted Client was detected. Heard Time Displays the time the unadopted Client was detected. 4. Select the Clear Report button to clear the statistic counters and begin a new data calculation. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 477: Controller Management
(with status displayed within the Status field). To display the main Management screen: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 478: Configuring Access Control
The Access Control screen is not meant to function as an ACL (in routers or other firewalls), where you can specify and customize specific IPs to access specific interfaces. To configure access control settings: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 479 The default value is 3 retry attempts. Timeout When the provided interval is exceeded, the user is logged out of the SNMP session and forced re-initiate their connection. The default value is 10 minutes. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 480: Configuring Snmp Access
The SNMP Access window consists of the following tabs: • Configuring SNMP v1/v2 access • Configuring SNMP v3 access • Setting SNMP access message parameters • Accessing SNMP v2/v3 statistics Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 481: Configuring Snmp V1/V2 Access
Community names can be modified by selecting a community name and clicking the Edit button. NOTE The SNMP undo feature is not supported. To review existing SNMP v1/v2 definitions: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 482 (and user) requirement used by the management software. To modify an existing SNMP v1/v2 Community Name and Access Control setting: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 483: Configuring Snmp V3 Access
The SNMP undo feature is not supported in this product. To review existing SNMP v3 definitions: 1. Select Management Access > SNMP Access from the main menu tree. 2. Select the V3 tab from within the SNMP Access screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 484 4. Highlight an existing v3 entry and click the Edit button to modify the password for the Auth Protocol and Priv Protocol. For additional information, see “Editing an existing SNMP v1/v2 community name” page 468 Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 485: Setting Snmp Access Message Parameters
The controller Web UI enables an administrator to set SNMP data access retry attempts and timeout values. This affords an administrator the ability define how controller resources are utilized in respect to SNMP connection attempts. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 486: Accessing Snmp V2/V3 Statistics
User-based Security Model) and their values. To edit an SNMP v3 user profile: 1. Select Management Access > SNMP Access from the main menu tree. 2. Select the Statistics tab from within the SNMP Access screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 487 Displays the current numerical value for the Usm Metric described on the left-hand side of the screen. The value equals the number of times the target event occurred. This data is helpful in troubleshooting Usm (Authentication and Encryption) related problems within the network. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 488: Configuring Snmp Traps
2. Select the Allow Traps to be generated checkbox to enable the selection (and employment) of all the traps within the screen. Leaving the checkbox unselected means traps must be enabled by category or individually. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 489 5. Click the Expand All Items button to display the sub-items within each trap category. Use this item to display every trap that can be enabled. Once expanded, traps can then be enabled by trap category or individually within each trap category. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 490 1. Select Management Access > SNMP Trap Configuration from the main menu tree. 2. Click the Email Configuration button to launch a dialogue where you can configure outgoing E-mail servers and addresses for alerts. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 491 Click the Add button to add an e-mail address that is in the To Address(es) field to the list below. Remove Select an e-mail address from the list and click the Remove button to delete that address from the list. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 492: Configuring Trap Thresholds
To configure SNMP trap threshold values: 1. Select Management Access > SNMP Trap Configuration from the main menu tree. 2. Click the Wireless Statistics Thresholds tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 493 6. Click the Apply button to save changes made to the screen since the last saved configuration. Click the Revert button to revert the screen back to its last saved configuration. Changes made since the contents of the screen were last applied are discarded. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 494 0.00 and less 0.00 and less 0.00 and less than or equal than or equal than or equal to 16.00 to 16.00 to 16.00 Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 495: Configuring Snmp Trap Receivers
Add button. To configure the attributes of SNMP trap receivers: 1. Select Management Access > SNMP Trap Receivers from the main menu tree. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 496: Editing Snmp Trap Receivers
1. Select Management Access > SNMP Trap Receivers from the main menu tree. 2. Select (highlight) an existing SNMP trap receiver and click the Edit button. 3. Modify the existing IP Address if it is no longer a valid address. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 497: Adding Snmp Trap Receivers
Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the controller. 8. Click Cancel to close the dialog without committing updates to the running configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 498: Configuring Management Users
To configure the attributes of Local User Details: 1. Select Management Access > Users from the main menu tree. 2. Click the Local Users tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 499 3. Enter the login name for the user in the Username field. Ensure this name is practical and identifiable to the user. 4. Enter the authentication password for the new user in the Password field and reconfirm the same again in the Confirm Password field. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 500 When establishing a connection to the controller’s applet, ensure that traffic can pass on TCP port 80 for HTTP access and TCP port 443 for HTTPS between the client and the controller. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 501 Access Modes panel. Select one or more of the following options: Console Provides the new user access to the controller using the console (applet) Provides the new user access to the controller using SSH. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 502 A guest user added from controller Web UI will be 5 minutes ahead of the controller's current time. To create a guest administrator: 1. Select Management Access > Users from the main menu tree. 2. Click the Add button within the Local Users tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 503: Configuring Controller Authentication
The controller provides the capability to proxy authenticate requests to a remote Radius Server. Refer to the Authentication tab to view and configure the Radius Server used by the local user to log into the controller. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 504 4. Click the Apply button to commit the authentication method for the controller. 5. Click the Revert button to rollback to the previous authentication configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 505 1. Select Management Access > Users from the main menu tree. The Users screen displays. 2. Click on the Authentication tab. 3. Select an existing Radius Server from those listed and click the Edit button at the bottom of the screen. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 506 The attributes of a new Radius Server can be defined by the controller to provide a new user authentication server. Once the server is configured and added, it displays within the Authentication tab as an option available to the controller. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 507 6. Click on OK to complete the addition of the Radius Server. Click Cancel to revert back to the last saved configuration without saving any of your changes. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 508 NOTE: To configure multiple access methods, this value can be set multiple times with different access values, or the desired values can be added together and and entered as a single entry. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 509: Diagnostics
Use the Environment tab to view and modify the controller diagnostic interval, temperature sensors and fan speeds. 1. Select Diagnostics from the main tree menu. 2. Select the Environment tab (opened by default). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 510 5. Use the Temperature Sensors field to monitor the CPU and system temperatures. This information is extremely useful in assessing if the controller exceeds its critical limits. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 511: Cpu Performance
1. Select Diagnostics from the main tree menu. 2. Select the CPU tab. 3. The CPU screen consists of 2 fields: • Load Limits • CPU Usage Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 512: Controller Memory Allocation
The Memory tab is partitioned into the following two fields: • • Buffer 3. Refer to the RAM field to view the percentage of CPU memory in use (in a pie chart format). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 513: Controller Disk Allocation
The Disk tab contains parameters related to the various disk partitions on the controller. It also displays available space in the external drives (compact flash etc). 1. Select Diagnostics from the main tree menu. 2. Select the Disk tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 514: Controller Memory Processes
The Processes tab displays the number of processes in use and percentage of memory usage limit per process. 1. Select Diagnostics from the main tree menu. 2. Select the Processes tab. 3. The Processes tab has two fields: • General Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 515: Other Controller Resources
The Other Resources tab displays the memory allocation of Packet Buffer, IP Route Cache and File Descriptors. 1. Select Diagnostics from the main tree menu. 2. Select the Other Resources tab. Keep the Cache allocation in line with cache expectations required within the controller managed network. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 516: Configuring System Logging
Ensure the correct destination server address is supplied. To view the Log options available to the controller: 1. Select Diagnostics > System Logging from the main menu tree. 2. Select the Log Options tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 517 (within the Server 1 field. Optionally, use the Server 2 parameter to specify the numerical (non DNS name) IP address of an alternative syslog server if the first syslog server is unavailable. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 518: File Management
To view the Log options: 1. Select Diagnostics > System Logging from the main menu tree. 2. Select the File Mgmt tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 519 To view the entire content of an individual log file, see “Viewing the entire contents of individual log files” on page 506. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 520 On the Mobility RFS7000 Controller users can also transfer log files using USB or Compact Flash. On the Mobility RFS6000 Controller users can also transfer log files using USB. Transferring files is recommended when the log file is frequently cleared, but an archive of the log files is required in a safe location.
Page 521 Displays the name of the controller logging the target event. This metric is important for troubleshooting issues of a more serious priority, as it helps isolate the controller resource detecting the problem. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 522 8. If Server has been selected as the source, use the Using drop down-menu to configure whether the log file transfer is conducted using FTP or TFTP. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 523: Reviewing Core Snapshots
.core extension) logged by the system. Core snapshots are issues impacting controller core (or distribution layer). Once reviewed, core files can be deleted or transferred for archive. To view core snapshots available on the controller: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 524: Transferring Core Snapshots
For more information on transferring core snapshots, see “Transferring core snapshots” on page 510. Transferring core snapshots Use the Transfer screen to define a source for transferring core snapshot files to a secure location for potential archive. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 525: Reviewing Panic Snapshots
Use the information displayed within the screen to make informed decisions whether a target file should be discarded or transferred to a secure location for permanent archive. To review the current panic snapshots on the controller: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 526 5. Select a target panic file and click the View button to open a separate viewing screen to display the panic information in greater detail. For more information, see “Viewing panic details” page 513. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 527: Viewing Panic Details
The User ID is required for FTP transfers only. 10. If Server has been selected as the source, enter the Password required (for FTP transfers) to send the file to the target location. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 528: Debugging The Applet
1. Select Diagnostics > Applet Debugging from the main menu. 2. To use this window, select the Enable Web-UI Debug Mode checkbox. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 529 Click the No Messages button if you do not want to select any of the message categories. Click the Apply button to save the changes you have applied within this screen. 8. Click the Revert button to revert back to the last saved configuration. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 530: Configuring A Ping
Timeout (sec) Displays the timeout value (in seconds) used to timeout the ping test if a round trip packet is not received from the target device. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 531: Modifying The Configuration Of An Existing Ping Test
DNS address) destination for the device transmitted the ping packets. No. of Probes If necessary, modify the number of packets transmitted to the target IP address to discern the round trip time between the controller and its connected device. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 532: Adding A New Ping Test
Description Ensure the description is representative of the test, as this is the description displaying within the Configuration tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 533: Viewing Ping Statistics
Clients within an existing network segment. To view ping test statistics: 1. Select Diagnostics > Ping from the main menu. 2. Select the Statistics tab. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 534 Displays the longest round trip time for ping packets transmitted from the controller to its destination IP address. This may reflect the time when data traffic was at its most congested for the two devices. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 535 Displays the time (in seconds) the controller last “heard” the destination IP address over the controller managed network. Use this time (in contention with the RTT values displayed) to determine whether this device warrants a permanent controller connection. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 536 Configuring a ping Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 537: In This Chapter
An adaptive AP (AAP) is an Access Point that can adopt like a Mobility 300 (Layer 3). The management of an AAP is conducted by the controller, once the Access Point connects to a Brocade Mobility RFS6000 Controller or Mobility RFS7000 Controller model controller and receives its AAP configuration.
Page 538: A Adaptive Ap
NOTE To support AAP functionality, a controller must be running firmware version the appropriate firmware version as follows: - Mobility RFS6000 Controller: Versions 1.0 and higher - Mobility RFS7000 Controller Versions 1.1 and higher NOTE An AAP cannot support a firmware download from the wireless controller.
Page 539: Types Of Adaptive Aps
** The Mobility 5181 uses an encryption key to hash passphrases and security keys. To obtain the encryption passphrase, configure a Mobility 5181 with the passphrase and export the configuration file. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 540: Securing A Configuration Channel Between Controller And Ap
The AP will connect to the controller and request a configuration. Adaptive AP WLAN Topology An AAP can be deployed in the following WLAN topologies: • Extended WLANs - Extended WLANs are centralized WLANs created on the controller Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 541: Configuration Updates
The AAP attempts to connect to other controllers (if available) in background. Extended WLANs are disabled once controller adoption is lost. When a new controller is discovered and a connection is secured, an extended WLAN can be enabled. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 542: Remote Site Survivability (Rss)
180 seconds) so Mesh AAPs remain adopted to the controller during the period when the configuration is applied and mesh links are re-established. Configuring Adaptive AP Mesh To configure mesh support for Adaptive AP: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 543 4. Configure Adaptive AP support on the Mobility RFS7000 Controller by adopting the AP’s base bridge as well as client bridge. The client-bridge radios must be directly wired to the controller during this configuration step. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 544: Aap Radius Proxy Support
If AAP Proxy Radius is configured, the onboard Radius server has to be enabled. By default the onboard Radius server is disabled. To enable the onboard Radius server use the Web UI or issue the “service radius” command in the CLI. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 545: Supported Adaptive Ap Topologies
VLAN IDs configured. Additionally, the AAP needs to be connected to a 802.1q trunk port on the wired controller. • Be aware IPSec Mode supports NAT Traversal (NAT-T). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 546: Extended Wlans Only
AP obtains its configuration from the controller. If the AP’s WAN link fails, it continues to operate using the last valid configuration until its link is re-established and a new configuration is pushed down from the controller. There is no separate file-based configuration stored on the controller. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 547: Adaptive Ap Pre-Requisites
“Adaptive AP Configuration” on page 534. Configuring the Controller for Adaptive AP Adoption The tasks described below are configured on a Brocade RF controller. To adopt an AAP on a controller: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 548: Establishing Basic Adaptive Ap Connectivity
Access Point or adopted using DHCP options. Each of these adoption techniques is described in the sections that follow. Adopting an Adaptive AP Manually To manually enable the Access Point’s controller discovery method and connection medium required for adoption: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 549 The manual AAP adoption described above can also be conducted using the Access Point’s CLI interface using the admin(system.aapsetup)> command. Adopting an Adaptive AP Using a Configuration File To adopt an AAP using a configuration file: Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 550: Controller Configuration
To disable automatic adoption on the controller: 1. Select Network > Access Point Radios from the controller main menu tree. 2. Select the Configuration tab (should be displayed be default) and click the Global Settings button. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 551 Independent WLANs behave like WLANs as used on a a standalone Access Point. Leave this option unselected (as is by default) to keep this WLAN an extended WLAN (a typical centralized WLAN created on the controller). Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 552 Once an AAP is adopted by the controller, it displays within the controller Access Point Radios screen (under the Network parent menu item) as a Mobility 5181 within the AP Type column. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 553: Adaptive Ap Deployment Considerations
Sample Controller Configuration File for IPSec and Independent WLAN The following constitutes a sample controller configuration file supporting an AAP IPSec with Independent WLAN configuration. Please note new AAP specific CLI commands in and relevant comments in blue. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 554 America/Los_Angeles license AP xyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyx yxyxyxyxxyxyxyx wireless no adopt-unconf-radio enable manual-wlan-mapping enable wlan 1 enable Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 555 4 bss 2 6 radio 4 channel-power indoor 48 4 radio 4 rss enable radio 4 client-bridge bridge-select-mode auto radio 4 client-bridge ssid Mesh radio 4 client-bridge mesh-timeout 0 radio 4 client-bridge enable Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 556 1-9,100,110,120,130,140,150,160,170, controllerport trunk allowed vlan add 180,190,200,210,220,230,240,250, interface vlan1 ip address dhcp To attach a Crypto Map to a VLAN Interface crypto map AAP-CRYPTOMAP Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 557 Establishing Basic Adaptive AP Connectivity sole ip route 157.235.0.0/16 157.235.92.2 ip route 172.0.0.0/8 157.235.92.2 ntp server 10.10.10.100 prefer version 3 line con 0 line vty 0 24 Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 558 Establishing Basic Adaptive AP Connectivity Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 559: In This Chapter
Web UI is Sluggish, Does Not Refresh Properly, or Does Not Respond • Console Port is Not Responding Controller Does Not Boot Up The Brocade RF Series Controller does not boot up to a username prompt via CLI console or Telnet. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 560 Primary LAN is not receiving Verify Telnet and SSH traffic is allowed on the primary VLAN Telnet or SSH traffic All else... Contact Brocade Support Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 561 Ensure a console cable is connected from the console port to the host computer’s serial port Not using a terminal Verify a serial terminal emulation program, such as HyperTerminal, is in use on emulation program the host computer Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 562: Access Point Issues
With a packet sniffer, look for 8375 (broadcast) packets Reset the Brocade RF Series Controller. If the controller is hung, it may begin to adopt Access Points properly once it has been reset. All else... Contact Brocade Support Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 563: Wireless Client Issues
DHCP services are enabled Incorrect security settings Verify the correct security settings are applied to a WLAN in which the Client is tryng to associate All else... Contact Brocade Support Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 564: Miscellaneous Issues
Possible issues include: • Excessive Fragmented Data or Excessive Broadcast • Excessive Memory Leak Excessive Fragmented Data or Excessive Broadcast Excessive fragmented data or excessive broadcast. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 565: System Logging Mechanism
General error messages on the MIB Browser: Timeout, No Response. The client IP where the MIB browser is present should be made known to the agent. Adding SNMP clients through CLI or Web UI can do this. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 566: Mib Not Visible In The Mib Browser
This chapter describes the known troubleshooting techniques for the following data protection activities: • Controller Password Recovery • RADIUS Troubleshooting • Troubleshooting RADIUS Accounting Issues • Rogue AP Detection Troubleshooting • Troubleshooting Firewall Configuration Issues Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 567: Controller Password Recovery
Time of Restriction configured does not work • Authentication fails at exchange of certificates • When using another Mobility RFS7000 Controller (controller 2) as RADIUS server, access is rejected • Authentication using LDAP fails Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 568 When using another Mobility RFS7000 Controller (controller 2) as RADIUS server, access is rejected Ensure the following have been attempted: • Make sure that the user, group and access policies are properly defined on controller 2 Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 569: Troubleshooting Radius Accounting Issues
If using the on-board RADIUS Accounting server, one can delete the accounting files, using the del command in the enable context. • If using the on-board RADIUS Accounting server, the files would be logged under the path: /flash/log/radius/radacct/ Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 570: Rogue Ap Detection Troubleshooting
4. After last step, check again, that IP Ping from Host1 to the Interface on the Trusted Side of the Brocade RF Series Controller works. If it works then problem is solved. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 571 4. Add the newly created PO to the active Network Policy. Associate WLAN and Network Policy to the active Access Point Policy. Any request matching the configured criteria should take the action configured in the Classification Element. Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...
Page 572 Troubleshooting Firewall Configuration Issues Brocade Mobility RFS6000 and RFS7000 System Reference Guide 53-1001858-01...

This manual is also suitable for:

Rfs7000

Brocade Communications Systems RFS6000 System Reference Manual

Quick Links

Related Manuals for Brocade Communications Systems RFS6000

Summary of Contents for Brocade Communications Systems RFS6000