Brocade RFS7000-GR Reference Guide

53-1001944-01
September 2010

Brocade Mobility
RFS7000-GR Controller

®

System Reference Guide

Supporting software release 4.1.0.0-040GR and later

Copyright © 2010 Brocade Communications Systems, Inc. All Rights Reserved.

Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron,
SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health
are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands,
products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their
respective owners.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning
any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to
this document at any time, without notice, and assumes no responsibility for its use. This informational document describes
features that may not be currently available. Contact a Brocade sales office for information on feature and product availability.
Export of technical data contained in this document may require an export license from the United States government.

The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with
respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that
accompany it.

The product described by this document may contain “open source” software covered by the GNU General Public License or other
open source license agreements. To find out which open source software is included in Brocade products, view the licensing
terms applicable to the open source software, and obtain a copy of the programming source code, please visit
http://www.brocade.com/support/oscd.

Brocade Communications Systems, Incorporated

Corporate and Latin American Headquarters
Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
Tel: 1-408-333-8000
Fax: 1-408-333-8101
E-mail: info@brocade.com

European Headquarters
Brocade Communications Switzerland Sàrl
Centre Swissair
Tour B - 4èm e étag e
29, Route de l'Aéroport
Case Postale 105
CH-1215 Genève 15
Switzerland
Tel: +41 22 799 5640
Fax: +41 22 799 5641
E-mail: emea-info@brocade.com

Asia-Pacific Headquarters
Brocade Communications Systems China HK, Ltd.
No. 1 Guanghua Road
Chao Yang District
Units 2718 and 2818
Beijing 100020, China
Tel: +8610 6588 8888
Fax: +8610 6588 9999
E-mail: china-info@brocade.com

Asia-Pacific Headquarters
Brocade Communications Systems Co., Ltd. (Shenzhen WFOE)
Citic Plaza
No. 233 Tian He Road North
Unit 1308 – 13th Floor
Guangzhou, China
Tel: +8620 3891 2000
Fax: +8620 3891 2111
E-mail: china-info@brocade.com

Document History

Title Publication number Summary of changes Date

Brocade Mobility RFS7000-GR Controller
System Reference Guide

53-1001944-01 New document September 2010

Table of Contents

1 Overview 1

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Hardware overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Physical specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Software overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Infrastructure features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Wireless switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Wired switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Management features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Security features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Supported Access Ports/Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Standards support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

2 Controller Web UI Access and Image Upgrades 33

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Accessing the switch Web UI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Web UI requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Connecting to the switch Web UI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Switch password recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

Upgrading the switch image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

Auto installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3 Controller Information 39

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Viewing the switch interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Setting the switch country code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Viewing the switch configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Switch dashboard details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Viewing switch statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Viewing switch port information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Viewing the port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Viewing the ports runtime status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Reviewing port statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Viewing switch configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55

Viewing the detailed contents of a config file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Transferring a config file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Viewing switch firmware information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Editing the switch firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Updating the switch firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Switch file management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Transferring files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Viewing files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Configuring automatic updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

Viewing the switch alarm log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Viewing alarm log details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Brocade Mobility RFS7000-GR Controller System Reference Guide iii
53-1001944-01

Viewing switch licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

How to use the filter option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

4 Network Setup 75

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Displaying the network interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Viewing network IP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Configuring DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Configuring IP forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Viewing address resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Viewing and configuring Layer 2 virtual LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Viewing and configuring VLANs by port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Editing the details of an existing VLAN by port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Viewing and configuring ports by VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Configuring switch virtual interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Configuring the virtual interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Viewing virtual interface statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Viewing and configuring switch WLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Configuring WLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Viewing WLAN statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Configuring WMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Configuring the NAC inclusion list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Configuring the NAC exclusion list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

NAC configuration examples using the switch CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Viewing associated MU details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Viewing MU status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Configuring Mobile Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Viewing MU statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Viewing voice statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Viewing Access Port Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Configuring access port radios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Viewing AP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Configuring WLAN assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Configuring WMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Configuring access point radio bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Configuring radio groups for MU load balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Viewing Active Calls (AC) statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Viewing mesh statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Smart RF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Voice statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Viewing access port adoption defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Configuring AP adoption defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Configuring Layer 3 access port adoption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Configuring WLAN assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Configuring WMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Configuring access ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

iv Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Viewing adopted access ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Viewing unadopted access ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Access port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Configuring Adaptive AP firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Multiple spanning tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219

Configuring a bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Viewing and configuring bridge instance details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

Configuring a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

Viewing and configuring port instance details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230

IGMP Snoop configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

IGMP Snoop Querier configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

5 Controller Services 235

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Displaying the services interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

DHCP server settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237

Configuring the switch DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Viewing the attributes of existing host pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Configuring excluded IP address information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Configuring the DHCP server relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Viewing DDNS bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Viewing DHCP bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Reviewing DHCP dynamic bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Configuring the DHCP user class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Configuring DHCP pool class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Configuring secure NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Defining the SNTP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Configuring symmetric key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Defining a NTP neighbor configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Adding an NTP neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

Viewing NTP associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Viewing NTP status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Configuring switch redundancy & clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Configuring redundancy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Reviewing redundancy status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Configuring redundancy group membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Redundancy group license aggregation rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Managing clustering using the Web UI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Layer 3 Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Configuring Layer 3 Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

Defining the Layer 3 peer list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

Reviewing Layer 3 peer list statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

Reviewing Layer 3 MU status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

Configuring self healing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288

Configuring self healing neighbor details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Configuring switch discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292

Brocade Mobility RFS7000-GR Controller System Reference Guide v
53-1001944-01

Configuring Discovery Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Viewing discovered switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Locationing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

RTLS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

SOLE - Smart Opportunistic Location Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Defining site parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Configuring SOLE parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Configuring Aeroscout parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Configuring Ekahau parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

6 Controller Security 307

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

Displaying the main security interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

AP intrusion detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Enabling and configuring AP detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Authorized APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Unauthorized APs (AP reported) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

Unauthorized APs (MU reported) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

AP containment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

MU intrusion detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Configuring wireless intrusion detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Viewing filtered MUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

Configuring firewalls and access control lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

ACL overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Attaching an ACL on a WLAN interface/port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

Attaching an ACL Layer 2/Layer 3 configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Configuring the role based firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

Attaching adaptive AP WLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

Attaching adaptive AP LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

Configuring wireless filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

Editing an existing wireless filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Adding a new wireless filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Associating an ACL with WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

Configuring the firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

Configuring Layer 2 firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345

Configuring WLAN firewall rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348

Configuring Denial of Service (DoS) Attack firewall rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

Configuring the role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353

Configuring firewall logging options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Reviewing firewall and ACL statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Configuring NAT information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364

Defining Dynamic NAT translations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365

Defining static NAT translations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

Configuring NAT interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Viewing NAT status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

Configuring IKE settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Defining the IKE configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

vi Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Setting IKE policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

Viewing SA statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

Configuring IPSec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382

Defining the IPSec configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Defining the IPSec VPN remote configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

Configuring IPSEC VPN authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

Configuring Crypto Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392

Viewing IPSec security associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401

Configuring the RADIUS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

RADIUS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

Using the switch’s RADIUS Server versus an External RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406

Defining the RADIUS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406

RADIUS client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

Configuring RADIUS authentication and accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

Configuring RADIUS users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

Configuring RADIUS user groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

Viewing RADIUS accounting logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Creating server certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Using trustpoints to configure certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Configuring trustpoint associated keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429

Configuring enhanced beacons and probes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432

Configuring the beacon table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433

Configuring the probe table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435

Reviewing found beacons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436

Reviewing found probes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437

7 Controller Management 439

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

Displaying the Management Access Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .439

Configuring Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440

Configuring SNMP Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442

Configuring SNMP v3 Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442

Accessing Message Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445

Accessing SNMP v3 Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445

Configuring SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .447

Enabling trap configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Configuring Trap Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450

Configuring SNMP trap receivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453

Editing SNMP trap receivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455

Adding SNMP trap receivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455

Configuring management users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456

Configuring local users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456

Configuring switch authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462

8 Diagnostics 467

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Brocade Mobility RFS7000-GR Controller System Reference Guide vii
53-1001944-01

Displaying the main diagnostic interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Switch environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

CPU performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

Switch memory allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470

Switch disk allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

Switch memory processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

Other switch resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472

Configuring system logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Log options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

File management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

Debugging the applet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Configuring a ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481

Modifying the configuration of an existing ping test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482

Adding a new ping test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

Viewing ping statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485

A Adaptive AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

Adaptive AP management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

Switch discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

Securing a configuration channel between switch and AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489

Adaptive AP WLAN topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489

Configuration updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490

Securing data tunnels between the switch and AAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490

Adaptive AP switch failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490

Remote Site Survivability (RSS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

Adaptive mesh support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

Supported Adaptive AP topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494

Topology deployment considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494

Extended WLANs only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

Independent WLANs only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

Extended WLANs with independent WLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

Extended VLAN with mesh networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

How the AP receives its adaptive configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

Adaptive AP pre-requisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Configuring the Adaptive AP for adoption by the switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Configuring the switch for Adaptive AP adoption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Establishing basic Adaptive AP connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497

Adaptive AP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497

Switch configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499

Adaptive AP deployment considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502

Sample switch configuration file for IPSec and independent WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503

B Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

viii Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

General troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .507

Wireless switch issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

Access Port Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510

Mobile unit issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511

Miscellaneous issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512

System logging mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513

Troubleshooting SNMP issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .513

MIB browser not able to contact the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513

Not able to SNMP WALK for a GET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

MIB not visible in the MIB browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

SNMP SETs not working . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

Not receiving SNMP traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

Additional Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

Security issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

Switch password recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

RADIUS troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515

Troubleshooting RADIUS Accounting issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517

Rogue AP detection troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .517

Troubleshooting Firewall configuration issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518

C How To Tutorials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521

Wireless IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521

Unauthorized Access Point Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522

Unauthorized Access Point Containment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522

Wireless Intrusion Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523

Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524

Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524

Configuring a Wireless IDS Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525

Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525

Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526

Unauthorized AP Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526

Unauthorized AP Containment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529

Mobile Unit Intrusion Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531

SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534

RF Switch Running Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537

Brocade Mobility RFS7000-GR Controller System Reference Guide ix
53-1001944-01

x Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

About This Document

In this chapter

•Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

•Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

•Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

•Web support sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Audience

This document is designed for system administrators with a working knowledge of Layer 2 and
Layer 3 switching and routing.

If you are using a Brocade Layer 3 router, you should be familiar with the following protocols if
applicable to your network – IP, RIP, OSPF, BGP, ISIS, IGMP, PIM, and VRRP.

Supported hardware and software

The following hardware platforms are supported by this release of this guide:

• Brocade Brocade Mobility RFS7000-GR Controller

The following software version is supported by this release of this guide:

• Software version 4.1.0.0-040GR and later

Document conventions

This section describes text formatting conventions and important notice formats used in this
document.

Text formatting

The narrative-text formatting conventions that are used are as follows:

Brocade Mobility RFS7000-GR Controller System Reference Guide xi
53-1001944-01

bold text Identifies command names

Identifies the names of user-manipulated GUI elements

Identifies keywords

Identifies text to enter at the GUI or CLI

italic text Provides emphasis

Identifies variables

Identifies document titles

code text Identifies CLI output

For readability, command names in the narrative portions of this guide are presented in mixed
lettercase: for example, controllerShow. In actual examples, command lettercase is often all
lowercase. Otherwise, this manual specifically notes those cases in which a command is case
sensitive.

.

Command syntax conventions

Command syntax in this manual follows these conventions:

command and
parameters

[ ] Optional parameter.

variable Variables are printed in italics enclosed in angled brackets < >.

... Repeat the previous element, for example “member[;member...]”

| Choose from one of the parameters.

Commands and parameters are printed in bold.

Notes, cautions, and warnings

The following notices and statements are used in this manual. They are listed below in order of
increasing severity of potential hazards.

NOTE

A note provides a tip, guidance or advice, emphasizes important information, or provides a
reference to related information.

CAUTION

A Caution statement alerts you to situations that can be potentially hazardous to you or cause
damage to hardware, firmware, software, or data.

xii Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

DANGER

A Danger statement indicates conditions or situations that can be potentially lethal or extremely
hazardous to you. Safety labels are also attached directly to products to warn of these conditions
or situations.

Web support sites

Customer Support Web Site

Brocade Support Central Web site, located at www.brocade.com/support provides information and
online assistance including developer tools, software downloads, product manuals and online
repair requests.

Downloads

http://www.brocade.com/support/

Manuals

http://www.brocade.com/support/

Because quality is our first concern at Brocade, we have made every effort to ensure the accuracy
and completeness of this document. However, if you find an error or an omission, or you think that
a topic needs further development, we want to hear from you. Forward your feedback to:

documentation@brocade.com

Provide the title and version number and as much detail as possible about your comment,
including the topic heading and page number and your suggestions for improvement.

.

E-mail and telephone access

Go to http://www.brocade.com/services-support/index.page for email and telephone contact
information.

Brocade Mobility RFS7000-GR Controller System Reference Guide xiii
53-1001944-01

xiv Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

In this chapter

A Brocade wireless controller is a centralized management solution for wireless networking. It
connects to non-legacy Access Ports through Layer 2 or Layer 3 (Layer 2 is preferable, if the
situation allows it).

Access ports function as radio antennas for data traffic management and routing. System
configuration and intelligence for the wireless network resides with the switch. The switch uses
Access Ports to bridge data to and from wireless devices. The wireless switch applies appropriate
policies to data packets before forwarding them to their destination.

Chapter

1Overview

•Hardware overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

•Software overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

•Standards support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

All data packets to and from wireless devices are processed by the switch, where appropriate
policies are applied before they are decapsulated and sent to their destination.

NOTE

Access port configuration is managed by the switch through a Web UI Graphical User Interface (GUI),
SNMP or the switch Command Line Interface (CLI). The discussion of the switch GUI within t his guide
is presented generically, making it equally relevant to the Brocade Mobility RFS7000-GR Controller.
However, some subtle differences do exist amongst these baselines. These differences are noted
within the specific GUI elements impacted. When these differences are noted, the options available
to each switch baseline are described in detail.

Hardware overview

The Brocade Mobility RFS7000-GR Controller is a rack-mountable device that manage all inbound
and outbound traffic on the wireless network. They provide security, network service and system
management applications.

Unlike traditional wireless infrastructure devices that reside at the edge of a network, the switch
uses centralized, policy-based management to apply sets of rules or actions to all devices on the
wireless network. The switch collects management “intelligence” from individual Access
Ports/Points and moves the collected information to the centralized switch.

Access ports (APs) are 48V Power-over-Ethernet devices connected to the switch by an Ethernet
cable. An Access Port receives 802.11x data from MUs and forwards the data to the switch which
applies the appropriate policies and routes the packets to their destinations.

Access ports do not have software or firmware upon initial receipt from the factory. When the
Access Port is first powered on and cleared for the network, the switch initializes the Access Port
and installs a small firmware file automatically. Therefore, installation and firmware upgrades are
automatic and transparent.

Brocade Mobility RFS7000-GR Controller System Reference Guide 1
53-1001944-01

Hardware overview

1

Physical specifications

The physical dimensions and operating parameters of the Brocade Mobility RFS7000-GR Controller
include:

Width

Height

Depth

Weight

Operating Temperature

Operating Humidity

A power cord is not supplied with a Brocade Mobility RFS7000-GR Controller. Use only a correctly
rated power cord certified for the country of operation

440mm (17.32 in)

44.45mm (1.75 in)

390.8mm (15.38 in)

6.12 Kg (13.5 lbs)

0°C - 40°C (32°F - 104°F)

5% - 85% RH, non-condensing

.

Power protection

To best protect the switch from unexpected power surges or other power-related problems, ensure
the switch installation meets the following guidelines:

• If possible, use a dedicated circuit to protect data processing equipment. Commercial

electrical contractors are familiar with wiring for data processing equipment and can help with
the load balancing of dedicated circuits.

• Install surge protection. Use a surge protection device between the electricity source and the

switch.

• Install an Uninterruptible Power Supply (UPS). A UPS provides continuous power during a

power outage. Some UPS devices have integral surge protection. UPS equipment requires
periodic maintenance to ensure reliability.

Cabling requirements

• A minimum of one category 6 Ethernet cables (not supplied) are required to connect the switch

to the LAN and WLAN. The cable(s) are used with the Ethernet ports on the front panel of the
switch.

NOTE

On a Brocade Mobility RFS7000-GR Controller, Brocade recommends connecting via the
Management Ethernet (ME) interface to better ensure secure and easier management. The ME
interface is connected to the management VLAN, and is therefore separate from production VLANs.

NOTE

On the Brocade Mobility RFS7000-GR Controller, the Uplink (UP) port is the preferred method of
connecting the switch to the network. The Uplink port has its own dedicated 1Gbps connection
which is unaffected by internal traffic across the GE ports.

The console cable included with the switch connects the switch to a computer running a serial
terminal emulator program to access the switch’s Command Line Interface (CLI) for initial
configuration. An initial configuration is described within the Installation Guide shipped with each
switch.

2 Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Software overview

The switch includes a robust set of features. The features are listed and described in the following
sections:

• Infrastructure features

• Wireless switching

• Wired switching

• Management features

• Security features

• Supported Access Ports/Points

Infrastructure features

The switch includes the following Infrastructure features:

• Installation feature

• Configuration management

• Diagnostics

• Serviceability

• Tracing / logging

• Process monitor

• Hardware abstraction layer and drivers

• Redundancy

• Secure Network Time Protocol (SNTP)

• Password recovery

Software overview

1

Installation feature

The upgrade/downgrade of the switch can be performed at boot time using one of the following
methods:

• Web UI

• DHCP

• CLI

• SNMP

• Patches

The switch has sufficient non-volatile memory to store two firmware images. Having a second
firmware image provides a backup in case of failure of the primary image. It also allows for testing
of new firmware on a switch with the ability to easily revert to a previous image.

Configuration management

The switch supports the redundant storage of configuration files to protect against corruption
during a write operation and ensure (at any given time) a valid configuration file exists. If writing the
configuration file fails, it is rolled back and a pre-write file is used.

Brocade Mobility RFS7000-GR Controller System Reference Guide 3
53-1001944-01

Software overview

1

Text based configuration
The configuration is stored in a human readable format (as a set of CLI commands).

Diagnostics

The following diagnostics are available:

1. In-service Diagnostics – In-service diagnostics provide a range of automatic health monitoring
features ensuring both the system hardware and software are in working order.
In-service-diagnostics continuously monitor available physical characteristics (as detailed
below) and issue log messages when warning or error thresholds are reached. There are three
types of in-service diagnostics:

• Hardware – Ethernet ports, chip failures, system temperature via the temperature sensors

provided by the hardware, etc.

• Software – CPU load, memory usage, etc.

• Environmental – CPU and air temperature, fans speed, etc.

2. Out-of-service Diagnostics – Out-of-service diagnostics are a set of intrusive tests run from the
user interface. Out-of-service diagnostics cannot be run while the switch is in operation.
Intrusive tests include:

Ethernet loopback tests

RAM tests, Real Time Clock tests, etc.

3. Manufacturing Diagnostics – Manufacturing diagnostics are a set of diagnostics used by
manufacturing to inspect quality of hardware.

Serviceability

A special set of Service CLI commands are available to provide additional troubleshooting
capabilities for service personnel (access to Linux services, panic logs, etc.). Only authorized users
or service personnel are provided access to the Service CLI.

A built-in Packet Sniffer enables service personnel and users to capture incoming and outgoing
packets in a buffer.

The switch also collects statistics for RF activity, Ethernet port activity etc. RF statistics include
roaming stats, packet counters, octets tx/rx, signal, noise SNR, retry, and information for each MU.

Tracing / logging

Log messages are well-defined and documented system messages with various destinations. They
are numbered and referenced by ID. Each severity level group, can be configured separately to go
to either the serial console, telnet interface, log file or remote syslog server.

Trace messages are more free-form and are used mainly by support personnel for tracking
problems. They are enabled or disabled via CLI commands. Trace messages can go to a log file, the
serial console, or the current tty.

Log and trace messages are interleaved in the same log file, so chronological order is preserved.
Log and trace messages from different processes are similarly interleaved in the same file for the
same reason.

4 Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Software overview

Log message format is similar to the format used by syslog messages (RFC 3164). Log messages
include message severity, source (facility), the time the message was generated and a textual
message describing the situation triggering the event. For more information on using the switch
logging functionality, see “Configuring system logging” on page 473.

1

Process monitor

The switch Process Monitor checks to ensure processes under its control are up and running. Each
monitored process sends periodic heartbeat messages. A process that is down (due to a software
crash or stuck in an endless loop) is detected when its heartbeat is not received. Such a process is
terminated (if still running) and restarted (if configured) by the Process Monitor.

Hardware abstraction layer and drivers

The Hardware Abstraction Layer (HAL) provides an abstraction library with an interface hiding
hardware/platform specific data. Drivers include platform specific components such as Ethernet,
Flash Memory storage and thermal sensors.

Redundancy

Using the switch redundancy, up to 12 switches can be configured in a redundancy group (and
provide group monitoring). In the event of a switch failure, an existing cluster member assumes
control. Therefore, the switch supported network is always up and running even if a switch fails or is
removed for maintenance or a software upgrade.

The following redundancy features are supported:

• Up to 12 switch redundancy members are supported in a single group. Each member is

capable of tracking statistics for the entire group in addition to their own.

• Each redundancy group is capable of supporting an Active/Active configuration responsible for

group load sharing.

• Members within the same redundancy group can be deployed across different subnets.

• APs are load balanced across members of the group.

• Licenses are aggregated across the group. When a new member joins the group, the new

member can leverage the Access Port adoption license(s) of existing members.

• Each member of the redundancy group (including the reporting switch) is capable of displaying

cluster performance statistics for all members in addition to their own.

• Centralized redundancy group management using the switch CLI.

For more information on configuring the switch for redundancy support, see

“Configuring switch redundancy & clustering” on page 269.

Secure Network Time Protocol (SNTP)

Secure Network Time Protocol (SNTP) manages time and/or network clock synchronization within
the switch managed network. SNTP is a client/server implementation. The switch (a SNTP client)
periodically synchronizes its clock with a master clock (an NTP server). For example, the switch
resets its clock to 07:04:59 upon reading a time of 07:04:59 from its designated NTP server. Time
synchronization is recommended for the switch’s network operations. The following holds true:

• The switch can be configured to provide NTP services to NTP clients.

Brocade Mobility RFS7000-GR Controller System Reference Guide 5
53-1001944-01

Software overview

1

• The switch can provide NTP support for user authentication.

• Secure Network Time Protocol (SNTP) clients can be configured to synchronize switch time with

an external NTP server.

For information on configuring the switch to support SNTP, see “Configuring secure NTP” on
page 258.

Password recovery

The access point has a means of restoring its password to its default value. Doing so also reverts
the access point’s security, radio and power management configuration to their default settings.
Only an installation professional should reset the access point’s password and promptly define a
new restrictive password.

To contact Brocade Support in the event of a password reset requirement, go to

http://www.brocade.com/support/

CAUTION

Only a qualified installation professional should set or restore the access point’s radio and power
management configuration in the event of a password reset.

Wireless switching

The switch includes the following wireless switching features:

• Adaptive AP

• Physical layer features

• Rate limiting

• Proxy-ARP

• HotSpot / IP Redirect

• IDM (identity driven management)

• Voice prioritization

• Self healing

• Wireless capacity

• AP and MU load balancing

• Wireless roaming

• Power save polling

• QoS

• Wireless Layer 2 switching

• Automatic channel selection

• WMM-unscheduled APSD

• Multiple VLANs per WLAN

6 Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Software overview

1

Adaptive AP

An adaptive AP (AAP) is a Brocade Mobility 7131N-FGR Access Point adopted by a wireless switch.
The management of an AAP is conducted by the switch, once the Access Point connects to the
switch and receives its AAP configuration.

An AAP provides:

• local 802.11 traffic termination

• local encryption/decryption

• local traffic bridging

• tunneling of centralized traffic to the wireless switch

The connection between the AAP and the switch can be secured using IPSec depending on
whether a secure WAN link from a remote site to the central site already exists.

The switch can be discovered using one of the following mechanisms:

• DHCP

• Switch fully qualified domain name (FQDN)

• Static IP addresses

The benefits of an AAP deployment include:

• Centralized Configuration Management & Compliance - Wireless configurations across

distributed sites can be centrally managed by the wireless switch or cluster.

• WAN Survivability - Local WLAN services at a remote sites are unaffected in the case of a WAN

outage.

• Securely extend corporate WLAN's to stores for corporate visitors - Small home or office

deployments can utilize the feature set of a corporate WLAN from their remote location.

• Maintain local WLAN's for specific applications - WLANs created and supported locally can be

concurrently supported with your existing infrastructure.

For an overview of AAP and how it is configured and deployed using the switch and Access Point,
see “Ad aptive AP ” on page 487.

Physical layer features

802.11a

• DFS Radar Avoidance – Dynamic Frequency Selection (DFS) is mandatory for WLAN equipment

intended to operate in the frequency bands 5150 MHz to 5350 MHz and 5470 MHz to 5725
MHz when in countries of the EU.

The purpose of DFS is:

• Detect interference from other systems and avoid co-channeling with those systems (most

notably radar systems).

• Provide uniform spectrum loading across all devices.

This feature is enabled automatically when the country code indicates that DFS is required
for at least one of the frequency bands that are allowed in the country.

• TPC – Tr an s m i t P ower Control (TPC) meets the regulatory requirement for maximum power and

mitigation for each channel. TPC functionality is enabled automatically for every AP that
operates on the channel.

Brocade Mobility RFS7000-GR Controller System Reference Guide 7
53-1001944-01

Software overview

1

802.11bg

• Dual mode b/g protection – ERP builds on the payload data rates of 1 and 2 Mbit/s that use

DSSS modulation and builds on the payload data rates of 1, 2, 5.5, and 11 Mbit/s, that use
DSSS, CCK, and optional PBCC modulations. ERP provides additional payload data rates of 6,
9, 12, 18, 24, 36, 48, and 54 Mbit/s. The transmission and reception capability for 1, 2, 5.5,
11, 6, 12, and 24 Mbit/s data rates is mandatory.

Two additional optional ERP-PBCC modulation modes with payload data rates of 22 and 33
Mbit/s are defined. An ERP-PBCC station may implement 22 Mbit/s alone or 22 and 33
Mbit/s. An optional modulation mode (known as DSSS-OFDM) is also incorporated with
payload data rates of 6, 9, 12, 18, 24, 36, 48, and 54 Mbit/s.

• Short slot protection – The slot time is 20 µs, except an optional 9 µs slot time may be used

when the BSS consists of only ERP STAs capable of supporting this option. The optional 9 µs
slot time should not be used if the network has one or more non-ERP STAs associated. For
IBSS, the Short Slot Time field is set to 0, corresponding to a 20 µs slot time.

Rate limiting

Rate Limiting limits the maximum rate sent to or received from the wireless network per mobile
unit. It prevents any single user from overwhelming the wireless network. It can also provide
differential service for service providers. The uplink and downlink rate limits are usually configured
on the RADIUS server using Brocade vendor specific attributes. The switch extracts the rate limits
from RADIUS server response. When such attributes are not present, the global settings on the
switch are then applied.

Proxy-ARP

Proxy ARP is provided for MU's whose IP address is known. The WLAN generates an ARP reply on
behalf of a MU (if the MU's IP address is known). The ARP reply contains the MAC address of the
MU (not the MAC address of switch). Thus, the MU does not awaken to send ARP replies (increasing
MU battery life and conserving wireless bandwidth).

If an MU goes into PSP without transmitting at least one packet, its Proxy ARP will not work.

HotSpot / IP Redirect

A hotspot is a Web page users are forced to visit before they are granted access to the Internet.
With the advent of Wi-Fi enabled client devices (such as laptops and PDAs) commercial hotspots
are common and can be found at many airports, hotels and coffee shops. The hotspot re-directs
the user’s traffic on hotspot enabled WLANs to a web page that requires them to authenticate
before granting access to the WLAN. The following is a typical sequence for hotspot access:

1. A visitor with a laptop requires hotspot access at a site.

2. A user ID/ Password and hotspot ESSID is issued by the site receptionist or IT staff.

3. The user connects their laptop to this ESSID.

4. The laptop receives its IP configuration via DHCP.

5. The user opens a Web browser and connects to their home page.

6. The switch re-directs them to the hotspot Web page for authentication.

7. The user enters their User ID/ Password.

8 Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Software overview

8. A RADIUS server authenticates the user.

9. Upon successful authentication, the user is directed to a Welcome Page that lists (among other
things) an Acceptable Use Policy.

10. The user agrees to the usage terms and is granted access to the Internet. (or other network
services).

To setup a hotspot, create a WLAN ESSID and select Hotspot authentication from the
Authentication menu. This is simply another way to authenticate a WLAN user, as it would be
impractical to authenticate visitors using 802.1x. For information on configuring a hotspot, see

“Configuring hotspots” on page 107.

1

IDM (identity driven management)

RADIUS authentication is performed for all protocols using a RADIUS-based authentication scheme
(such as EAP). Identity driven management is provided using a RADIUS client. The following IDMs
are supported:

• User based SSID authentication — Denies authentication to MUs if associated to a ESSID

configured differently by their RADIUS server.

• User based VLAN assignment — Allows the switch to extract VLAN information from the RADIUS

server.

• User based QoS — Enables QoS for the MU based on settings within the RADIUS Server.

Voice prioritization

The switch has the capability of having its QoS policy configured to prioritize network traffic
requirements for associated MUs. Use QoS to enable voice prioritization for devices using voice as
its transmission priority.

Voice prioritization allows you to assign priority to voice traffic over data traffic, and (if necessary)
assign legacy voice supported devices (non WMM supported voice devices) additional priority.

Currently voice support implies the following:

• Spectralink voice prioritization - Spectralink sends packets that allow the switch to identify

these MU's as voice MU's. Thereafter, any UDP packet sent by these MU's is prioritized ahead
of data.

• Strict priority - The prioritization is strict.

• Multicast prioritization - Multicast frames that match a configured multicast mask bypass the

PSP queue. This features permits intercom mode operation without delay (even in the
presence of PSP MU's).

For more information on configuring voice prioritization for a target WLAN, see “Configuring WMM”
on page 137.

Self healing

Self healing is the ability to dynamically adjust the RF network by modifying transmit power and/or
supported rates upon an AP failure.

In a typical RF network deployment, APs are configured for Transmit Power below their maximum
level. This allows the Tx Power to be increased when there is a need to increase coverage when an
AP fails.

Brocade Mobility RFS7000-GR Controller System Reference Guide 9
53-1001944-01

Software overview

1

When an AP fails, the Tx Power/Supported rates of APs neighboring the failed AP are adjusted. The
Tx power is increased and/or Supported rates are decreased. When the failed AP becomes
operational again, Neighbor AP’s Tx Power/Supported rates are brought back to the levels before
the self healing operation changed them.

The switch detects an AP failure when:

• AP stops sending heartbeats.

• AP beacons are no longer being sent. This is determined when other detector APs are no longer

hearing beacons from a particular AP.

Configure 0 (Zero) or more APs to act as either:

• Detector APs — Detector APs scan all channels and send beacons to the switch which uses the

information for self-healing.

• Neighbor APs — When an AP fails, neighbor APs assist in self healing.

• Self Healing Actions — When an AP fails, actions are taken on the neighbor APs to do

self-healing.

Detector APs
Configure an AP in either – Data mode (the regular mode) or Detector mode.

In Detector mode, an AP scans all channels at a configurable rate and forwards received beacons
the switch. The switch uses the information to establish a receive signal strength baseline over a
period of time and initiates self-healing procedures (if necessary).

Neighbor configuration
Neighbor detect is a mechanism allowing an AP to detect its neighbors as well as their signal

strength. This enables you to verify your installation and configure it for self-healing when an AP
fails.

Self healing actions
If AP1 detects AP2 and AP3 as its neighbors, you can assign failure actions to AP2 and AP3

whenever AP1 fails.

Assign up to four self healing actions:

1. No action

2. Decrease supported rates

3. Increase Tx power

4. Both 2 and 3.

You can specify the Detector AP (AP2 or AP3) to stop detecting and adopt the RF settings of the
failed AP. For more information on configuring self healing, see “Configuring self healing” on
page 288.

Wireless capacity

Wireless capacity specifies the maximum numbers of MUs, Access Ports and wireless networks
usable by a switch. Wireless capacity is largely independent of performance. Aggregate switch
performance is divided among the switch clients (MUs and Access Ports) to find the performance
experienced by a given user. Each switch platform is targeted at specific market segments, so the
capacity of each platform is chosen appropriately. Wireless switch capacity is measured by:

10 Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Software overview

1

• The maximum number of WLANs per switch

• The maximum number of Access Ports adopted per switch

• The maximum number of MUs per switch

• The maximum number of MUs per Access Port.

The actual number of Access Ports adoptable by a switch is defined by the switch licenses or the
total licenses in the cluster in which this switch is a member.

AP and MU load balancing

Fine tune a network to evenly distribute data and/or processing across available resources. Refer
to the following:

• MU balancing across multiple APs

• AP balancing across multiple switches

MU balancing across multiple APs
Per the 802.11 standard, AP and MU association is a process conducted independently of the

switch. 802.11 provides message elements used by the MU firmware to influence roaming
decisions. The switch implements the following MU load balancing techniques:

• 802.11e admission control — 1 byte: channel utilization % and 1 byte: MU count is sent in

QBSS Load Element in beacons to MU.

• Load balancing element — 2 byte: MU Count are sent in beacon to MU.

AP balancing across multiple switches
At adoption, the AP solicits and receives multiple adoption responses from the switches on the

network. These adoption responses contain preference and loading information the AP uses to
select the optimum switch to be adopted by. Use this mechanism to define which APs are adopted
by which switches. By default, the adoption algorithm generally distributes AP adoption evenly
among the switches available.

NOTE

Port adoption per switch is determined by the number of licenses acquired.

For more information on Access Port adoption in a layer 3 environment, see “Configuring Layer 3

access port adoption” on page 206.

Wireless roaming

The following types of wireless roaming are supported by the switch:

• Interswitch Layer 2 roaming

• Interswitch Layer 3 roaming

• Fast roaming

• International roaming

• MU move command

• Power save polling

Brocade Mobility RFS7000-GR Controller System Reference Guide 11
53-1001944-01

Software overview

1

Interswitch Layer 2 roaming
An associated MU (connected to a switch) can roam to another Access Port connected to a

different switch. Both switches must be on the same Layer 2 domain. Authentication information is
not shared between the switches, nor are buffered packets on one switch transferred to the other.
Pre-authentication between the switch and MU allows faster roaming.

Interswitch Layer 3 roaming
Interswitch Layer 3 roaming allows MUs to roam between switches which are not on the same LAN

or IP subnet without the MUs or the rest of the network noticing. This allows switches to be placed
in different locations on the network without having to extend the MU VLANs to every switch.

Fast roaming
Using 802.11i can speed up the roaming process from one AP to another. Instead of doing a

complete 802.1x authentication each time a MU roams between APs, 802.11i allows a MU to
re-use previous PMK authentication credentials and perform a four-way handshake. This speeds
up the roaming process. In addition to reusing PMKs on previously visited APs, Opportunistic Key
Caching allows multiple APs to share PMKs amongst themselves. This allows an MU to roam to an
AP it has not previously visited and reuse a PMK from another AP to skip the 802.1x authentication.

International roaming
The wireless switch supports international roaming per the 802.11d specification.

MU move command
As a value added proprietary feature between Brocade infrastructure products and Brocade MUs, a

move command has been introduced. The move command permits an MU to roam between ports
connected to the same switch without the need to perform the full association and authentication
defined by the 802.11 standard. The move command is a simple packet up/packet back exchange
with the Access Port. Verification of this feature is dependent on its implementation in one or more
mobile units.

Power save polling

An MU uses Power Save Polling (PSP) to reduce power consumption. When an MU is in PSP mode,
the switch buffers its packets and delivers them using the DTIM interval. The PSP-Poll packet polls
the AP for buffered packets. The PSP null data frame is used by the MU to signal the current PSP
state to the AP.

QoS

QoS provides a data traffic prioritization scheme. QoS reduces congestion from excessive traffic.

If there is enough bandwidth for all users and applications (unlikely because excessive bandwidth
comes at a ver y high cost), then applying QoS has very little value. QoS provides policy enforcement
for mission-critical applications and/or users that have critical bandwidth requirements when the
switch’s bandwidth is shared by different users and applications.

QoS helps ensure each WLAN on the switch receives a fair share of the overall bandwidth, either
equally or as per the proportion configured. Packets directed towards MUs are classified into
categories such as Management, Voice and Data. Packets within each category are processed
based on the weights defined for each WLAN.

The switch supports the following QoS mechanisms:

12 Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Software overview

802.11e QoS

802.11e enables real-time audio and video streams to be assigned a higher priority over data

traffic. The switch supports the following 802.11e features:

1

• Basic WMM

• WMM Linked to 802.1p Priorities

• WMM Linked to DSCP Priorities

• Fully Configurable WMM

• Admission Control

• Unscheduled-APSD

• TSPEC Negotiation

• Block ACKQBSS Beacon Element

802.1p support

802.1p is a standard for providing QoS in 802-based networks. 802.1p uses three bits to allow

switches to re-order packets based on priority level.

Voice QoS
When switch resources are shared between a Voice over IP (VoIP) conversation and a file transfer,

bandwidth is normally exploited by the file transfer, thus reducing the quality of the conversation or
even causing it to disconnect. With QoS, a VoIP conversation (a real-time session), receives priority,
maintaining a high level of voice quality. Voice QoS ensures:

• Strict Priority

• Spectralink Prioritization

• VOIP Prioritization (IP ToS Field)

• Multicast Prioritization

Data QoS
The switch supports the following data QoS techniques:

• Egress Prioritization by WLAN

• Egress Prioritization by ACL

DCSCP to AC mapping
The switch provides arbitrary mapping between Differentiated Services Code Point (DCSCP) values

and WMM Access Categories. This mapping can be set manually.

Wireless Layer 2 switching

The switch supports the following layer 2 wireless switching techniques:

• WLAN to VLAN

• MU User to VLAN

• WLAN to GRE

Automatic channel selection

Automatic channel selection works sequentially as follows:

Brocade Mobility RFS7000-GR Controller System Reference Guide 13
53-1001944-01

Software overview

1

1. When a new AP is adopted, it scans each channel. However, the switch does not forward traffic
at this time.

2. The switch then selects the least crowded channel based on the noise and traffic detected on
each channel.

3. The algorithm used is a simplified maximum entropy algorithm for each radio, where the signal
strength from adjoining AP's/MU's associated to adjoining AP's is minimized.

4. The algorithm ensures adjoining AP's are as far away from each other as possible (in terms of
channel assignment).

NOTE

Individual radios can be configured to perform automatic channel selection.

WMM-unscheduled APSD

This feature is also known as WMM Power Save or WMM-UPSD (Unscheduled Power Save Delivery).
WMM-UPSD defines an unscheduled service period, which are contiguous periods of time during
which the switch is expected to be awake. If the switch establishes a downlink flow and specifies
UPSD power management, it requests (and the AP delivers) buffered frames associated with that
flow during an unscheduled service period. The switch initiates an unscheduled service period by
transmitting a trigger frame. A trigger frame is defined as a data frame (e.g. an uplink voice frame)
associated with an uplink flow with UPSD enabled. After the AP acknowledges the trigger frame, it
transmits the frames in its UPSD power save buffer addressed to the triggering switch.

UPSD is well suited to support bi-directional frame exchanges between a voice STA and its AP.

Multiple VLANs per WLAN

The switch permits the mapping of a WLAN to more than one VLAN. When a MU associates with a
WLAN, the MU is assigned a VLAN by means of load balance distribution. The VLAN is picked from a
pool assigned to the WLAN. The switch tracks the number of MUs per VLAN, and assigns the least
used/loaded VLAN to the MU. This number is tracked on a per-WLAN basis.

A broadcast key, unique to the VLAN, encrypts packets coming from the VLAN. If two or more MUs
are on two different VLANs, they both hear the broadcast packet, but only one can decrypt it. The
switch provides each MU a unique VLAN broadcast key as part of the WPA2 handshake or group
key update message of a WPA handshake.

Limiting users per VLAN
Not all VLANs within a single WLAN must have the same DHCP pool size. Assign a user limit to each

VLAN to allow the mapping of different pool sizes.

Specify the VLAN user limit. This specifies the maximum number of MUs associated with a VLAN
(for a particular WLAN). When the maximum MU limit is reached, no more MUs can be assigned to
that VLAN.

Packet flows
There are four packet flows supported when the switch is configured to operate with multiple VLAN

per WLAN:

14 Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Software overview

1

• Unicast From Mobile Unit – Frames are decrypted, converted from 802.11 to 802.3 and

switched to the wired side of the VLAN dynamically assigned to the mobile device. If the
destination is another mobile device on the wireless side, the frame is encrypted and switched
over the air.

• Unicast To Mobile Unit – The frame is checked to ensure the VLAN is same as that assigned to

the mobile device. It is then converted to an 802.11 frame, encrypted, and sent over the air.

• Multicast/Broadcast From Mobile Unit – The frame is treated as a unicast frame from the MU,

with the exception that it is encrypted with the per-VLAN broadcast key and then transmitted
over the air.

• Multicast/Broadcast from Wired Side – If the frame comes from a VLAN mapped to the WLAN,

it’s encrypted using a per-VLAN broadcast key and transmitted over the air. Only MUs on that
VLAN have a broadcast key that can decrypt this frame. Other MUs receive it, but discard it.

In general, when there are multiple VLANs mapped to the same WLAN, the broadcast buffer
queue size scales linearly to accommodate a potential increase in the broadcast packet
stream.

Roaming within the switch
When a MU is assigned to a VLAN, the switch registers the VLAN assignment in its credential cache.

If the MU roams, it is assigned back to its earlier assigned VLAN. The cache is flushed upon
detected MU inactivity or if the MU associates over a different WLAN (on the same switch).

Roaming across a cluster
MUs roam amongst switch cluster members. The switch must ensure a VLAN remains unchanged

as an MU roams. This is accomplished by passing MU VLAN information across the cluster using
the interface used by a hotspot. It automatically passes the username/password across the
credential caches of the member switches. This ensures a VLAN MU association is maintained
even while the MU roams amongst cluster members.

Roaming across a Layer 3 mobility domain
When an MU roams amongst switches in different Layer 3 mobility domains, Layer 3 ensures traffic

is tunneled back to the correct VLAN (on the home switch).

Interaction with RADIUS assigned VLANs
Multiple VLANs per WLAN can co-exist with VLANs assigned by a RADIUS server. Upon association,

an MU is assigned to a VLAN from a pool of available VLANs. When the RADIUS server assigns the
user another VLAN, MU traffic is forwarded to that VLAN.

When 802.1x is used, traffic from the MU is dropped until authentication is completed. None of the
MU data is switched onto the temporarily VLAN. A RADIUS assigned VLAN overrides the statically
assigned VLAN.

If the RADIUS assigned VLAN is among the VLANs assigned to a WLAN, it is available for VLAN
assignment in the future. If the RADIUS assigned VLAN is not one of the VLANs assigned to a
WLAN, it is not available for future VLAN assignment. To configure Multiple VLANs for a single
WLAN, see “Assigning multiple VLANs per WLAN” on page 104.

Wired switching

The switch includes the following wired switching features:

• DHCP servers

Brocade Mobility RFS7000-GR Controller System Reference Guide 15
53-1001944-01

Software overview

1

• DHCP user class options

• DDNS

• VLAN enhancements

• Interface management

DHCP servers

Dynamic Host Configuration Protocol (DHCP) allows hosts on an IP network to request and be
assigned IP addresses as well as discover information about the network to which they are
attached. Each subnet may be configured with its own address pool. Whenever a DHCP client
requests an IP address, the DHCP server assigns an IP address from that subnet’s address pool.

When a DHCP server allocates an address for a DHCP client, the client is assigned a lease, which
expires after an pre-determined interval. Before a lease expires, clients (to which leases are
assigned) are expected to renew them to continue to use the addresses. Once the lease expires,
the client is no longer permitted to use the leased IP address. For information on defining the
switch DHCP configuration, see “DHCP server settings” on page 237.

DHCP user class options

A DHCP Server groups clients based on defined user-class option values. Clients with a defined set
of user-class values are segregated by class. The DHCP Server can associate multiple classes to
each pool. Each class in a pool is assigned an exclusive range of IP addresses.

DHCP clients are compared against classes. If the client matches one of the classes assigned to
the pool, it receives an IP address from the range assigned to the class. If the client doesn't match
any of the classes in the pool, it receives an IP address from a default pool range (if defined).

Multiple IP addresses for a single VLAN allow the configuration of multiple IP addresses, each
belonging to different subnet. Class configuration allows a DHCP client to obtain an address from
the first pool to which the class is assigned. For more information, see “Configuring the DHCP user

class” on page 252.

DDNS

Dynamic DNS (DDNS) keeps a domain name linked to a changing IP address. Typically, when a user
connects to a network, the user’s ISP assigns it an unused IP address from a pool of IP addresses.
This address is only valid for a short period. Dynamically assigning IP addresses increases the pool
of assignable IP addresses. DNS maintains a database to map a given name to an IP address used
for communication on the Internet. The dynamic assignment of IP addresses makes it necessary to
update the DNS database to reflect the current IP address for a given name. Dynamic DNS updates
the DNS database to reflect the correct mapping of a given name to an IP address.

VLAN enhancements

The switch has incorporated the following VLAN enhancements:

• Network interfaces operate in either trunk or access modes.

• A network interface in access mode can only send and receive untagged packets.

• A trunk port can now receive both tagged and untagged packets. Each ethernet port is

assigned a native VLAN.

16 Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01