ArubaOS 6.1
`Command Line Interface
`
`Reference Guide
`
`Exhibit 2040
`IPR2016-00309
`
`

`
`
`
`Copyright
`
`, Aruba Networks®, Aruba Wireless Networks®, the
`© 2011 Aruba Networks, Inc. Aruba Networks trademarks include
`registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move.
`Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners.
`Open Source Code
`
`Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU
`General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used
`can be found at this site:
`
`http://www.arubanetworks.com/open_source
`Legal Notice
`The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN
`client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba
`Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those
`vendors.
`Warranty
`This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the
`ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS.
`
`Altering this device (such as painting it) voids the warranty.
`
`www.arubanetworks.com
`1344 Crossman Avenue
`Sunnyvale, California 94089
`Phone: 408.227.4500
`Fax 408.227.4550
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`0510659-02 | May 2011
`
`

`
`Introduction
`
`The ArubaOS command line interface (CLI) allows you to configure and manage your controllers. The
`CLI is accessible from a local console connected to the serial port on the controllers or through a Telnet
`or Secure Shell (SSH) session from a remote management console or workstation.
`
`Telnet access is disabled by default. To enable Telnet access, enter the telnet cli command from a serial
`connection or an SSH session, or in the WebUI navigate to the Configuration > Management > General
`page.
`
`What’s New In ArubaOS 6.1
`The following commands have been added in the ArubaOS 6.1 command line interface.
`
`Command
`clear wms wired-mac
`cluster-member-custom-
`cert
`
`cluster-member-factory-
`cert
`
`controller-ipv6
`
`Description
`
`Clear learned and collected Wired MAC information.
`
`This command sets the controller as a control plane security cluster root,
`and specifies a custom user-installed certificate for authenticating cluster
`members
`
`This command sets the controller as a control plane security cluster root,
`and specifies a custom user-installed certificate for authenticating cluster
`members.
`
`This command sets the default IPv6 address of the controller to the IPv6
`loopback interface address or a specific VLAN interface address.
`
`Issue this command to clean IPsec security associations (SAs).
`
`Issue this command to configure an IKE Certificate Group for VPN clients.
`
`This command enables the cleanup of IKE SAs.
`
`crypto-local ipsec sa-
`cleanup
`crypto-local isakmp
`certificate-group
`crypto-local isakmp sa-
`cleanup
`crypto-local isakmp xauth This command assigns the server certificate used to authenticate the
`controller for VPN clients using IKEv2.
`Added parameters: max-members-per-group and quick-client-
`conver
`This command configures the link local address or the global unicast
`adress for this interface.
`
`ip igmp
`
`interface vlan ipv6
`address
`ipv6 cp-redirect-address
`ipv6 default-gateway
`ipv6 mld
`
`ipv6 neighbor
`ipv6 route
`
`This command configures a redirect address for captive portal.
`
`This command configures an IPv6 default gateway.
`
`This command configures the IPv6 MLD(Multi-listener discovery)
`parameters.
`
`This command configures an IPv6 static neighbor on a VLAN interface.
`
`This command configures static IPv6 routes on the controller.
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`Introduction | 3
`
`

`
`Command
`local-custom-cert
`
`local-factory-cert
`
`netdestination6
`
`netexthdr
`
`ntp authenticate
`ntp authentication-key
`
`ntp trusted-key
`
`remote-node-local-
`factory-cert
`show controller-ipv6
`
`show ipv6 interface
`show ipv6 neighbors
`
`show ipv6 route
`show local-cert-mac
`
`show netexthdr
`
`show wms wired-mac
`
`
`
`Description
`
`This command configures the user-installed certificate for secure
`communication between a local controller and a master controller.
`
`This command configures the factory-installed certificate for secure
`communication between a local controller and a master controller.
`
`This command configures an alias for an IPv6 -only network host,
`subnetwork, or range of addresses.
`
`This command allows you to edit the packet filter options in the extension
`header (EH).
`
`This command enables or disables NTP authentication.
`
`This command configures a key identifier and secret key and adds them to
`the database. NTP authentication works with a symmetric key configured
`by user. The key is shared by the client (Aruba controller) and an external
`NTP server.
`
`This command configures an additional subset of trusted keys which can
`be used for NTP authentication.
`
`Configure factory certificates for secure traffic between Remote-Node-
`Masters and Remote-Nodes.
`
`This command displays the controller’s IPv6 address and VLAN interface
`ID.
`
`This command displays IPv6-related information on all interfaces.
`
`This command displays the IPv6 neighbors configured on a VLAN
`interface.
`
`This command displays the controller IPv6 routing table.
`
`Display the IP, MAC address and certificate configuration of local
`controllers in a master-local configuration.
`
`This command displays the IPv6 extension header (EH) types that are
`denied.
`
`Display a summary table of Wireless Management System (wms) wired
`MAC information.
`
`tracepath
`
`Traces the path of an IPv6 host.
`
`Modified Commands
`The following commands were modified in ArubaOS 6.1.
`
`Command
`aaa authentication
`captive-portal black-list
`<black-list> | white-list
`<white-list>
`aaa authentication-server
`radius source-interface
`<vlan>
`aaa derivation-rules user
`<name> set {role|vlan}
`condition dhcp-option
`
`Parameter Description
`
`Name of an existing black list or white list on an IPv4 or IPv6 network
`destination. The black list contains websites (unauthenticated) that a guest
`cannot access. The white list contains authenticated websites that a guest
`can access.
`
`Associates a VLAN interface with the RADIUS server to allow the group-
`specific source interface to override the global configuration.
`
`Use DHCP signature matching to assign a role or VLAN to a specific
`device type.
`
`4 | Introduction
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`

`
`Command
`aaa profile <profile>
`devtype-clasification
`
`aaa profile <profile>
`enforce-dhcp
`aaa profile <profile>
`radius-interim-accounting
`
`aaa authentication via
`connection-profile admin-
`logoff-script |
`admin-logon-script
`aaa authentication via
`connection-profile ikev2-
`policy | ikev2-proto |
`ikev2auth | ipsecv2-
`cryptomap
`aaa authentication via
`connection-profile
`suiteb-crypto
`clear
`
`cluster-root-ip
`ipsec-factory-cert|
`ipsec-custom-cert
`crypto dynamic-map set
`pfs group19|group20
`crypto ipsec transform-
`set <transform-set-mtu>
`esp-aes128-gcm |esp-
`aes256-gcm
`crypto isakmp eap-
`passthrough eap-
`mschapv2|eap-peap|eap-tls
`crypto isakmp policy
`authentication ecdsa-256
`crypto isakmp policy
`authentication ecdsa-384
`crypto isakmp policy
`hash sha1-96
`crypto isakmp policy
`hash sha2-256-128
`crypto isakmp policy
`hash sha2-384-192
`
`
`
`Parameter Description
`
`When the devtype-classification parameter is enabled, the output of the
`show user and show user-table commands shows each client’s device
`type, if that client device can be identified
`
`When you enable this option, clients must complete a DHCP exchange to
`obtain an IP address.
`
`By default, the RADIUS accounting feature sends only start and stop
`messages to the RADIUS accounting server. Issue the interim-radius-
`accounting command to allow the controller to send Interim-Update
`messages with current user statistics to the server at regular intervals.
`
`Use this option to specify scripts that must be executed after VIA
`connection is established and terminated.
`
`Use this option to enable IKEv2 authentication mechanism.
`
`Use this option to enable Suite B cryptography support.
`
`Clears all IPv6 session statistics, multicast listener discovery (MLD) group
`and member information, MLD statistics, and counters. The following MLD
`parameters are added to the ipv6 option:
`(cid:122) mld group
`(cid:122) mld stats-counters
`
`The ipsec-factory-cert and ipsec-custom-cert parameters were
`introduced to allow certificate-based authentication of cluster members.
`
`The pfs parameter was modified to support the group19 and group20 PFS
`group values.
`
`This command configures IPsec parameters.
`(cid:122) Use ESP with 128-bit AES-GCM encryption.
`(cid:122) Use ESP with 256-bit AES-GCM encryption.
`
`Select one of the following authentication types for IKEv2 user
`authentication using EAP.
`
`Use ECDSA-256 signatures for IKE authentication.
`
`Use ECDSA-384 signaturesfor IKE authentication.
`
`Use SHA1-96 as the hash algorithm.
`
`Use SHA2-256-128 as the hash algorithm.
`
`Use SHA2-384-192 as the hash algorithm.
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`Introduction | 5
`
`

`
`Command
`crypto isakmp policy
`prf
`
`crypto pki ec curve-name
`<key_val>
`crypto pki-import
`{CRL|IntermediateCA|
`OCSPResponderCert|
`OCSPSignerCert} <name>
`crypto-local ipsec-map
`<map> <priority> peer-
`cert-dn <peer-dn>
`crypto-local ipsec-map
`<map> <priority> peer-
`fqdn any-fqdn|fqdn-id
`<peer-id-fqdn>
`crypto-local ipsec-map
`<map> <priority> set pfs
`{group1|group2|group19|gr
`oup20}
`
`crypto-local isakmp key
`fqdn <ike-id-fqdn>
`crypto-local isakmp key
`fqdn-any
`crypto-local pki
`
`firewall amsdu| clear-
`sessions-role-update
`prohibit-ip-spoofing|
`
`ids dos-profile
`
`
`
`Parameter Description
`
`Set one of the following pseudo-random function (PRF) values for an
`IKEv2 policy:
`PRF-HMAC-MD5 (default)
`PRF-HMAC-SHA1
`PRF-HMAC-SHA256
`PRF-HMAC-SHA384
`
`The ec curve-name parameter was introduced to support certificate
`signing requests using an elliptic-curve (EC) key
`
`CRL, IntermediateCA, OCSPResponderCert and OCSPSignerCert
`certificates can now be imported.
`
`If you are using IKEv2 to establish a site-to-site VPN to a statically
`addressed remote peer, identify the peer device by entering its certificate
`subject name in the Peer Certificate Subject Name field
`
`For site-to-site VPNs with dynamically addressed peers, specify a fully
`qualified domain name (FQDN) for the controller.
`
`The set pfs command introduced the group19 and group20 parameters.
`group19: 256-bit random Diffie Hellman ECP modulus group. (For IKEv2
`only)
`group20: 384-bit random Diffie Hellman ECP modulus group. (For IKEv2
`only)
`
`Configure the PSK for the specified FQDN.
`
`Configure the PSK for any FQDN.
`
`The following parameters were added for the certificate revocation feature:
`(cid:122) CRL
`(cid:122) Intermediate CA
`(cid:122) OCSPResponderCert
`(cid:122) OCSPSignerCert
`(cid:122) global-ocsp-signer-cert
`(cid:122) rcp
`(cid:122) service-ocsp-responder
`
`The parameter amsdu, when enabled, causes Aggregated Medium
`Access Control Service Data Units (AMSDU) packets to be dropped.
`
`The parameter clear-sessions-role-update clears the datapath sessions
`when roles are updated.
`
`The funtionality of the prohibit-ip-spoofing feature was enhanced. In
`previous versions of ArubaOS, this feature checked only the source IP and
`the source MAC address in the frame. Starting with ArubaOS 6.1, this
`feature also checks the destination IP and the destination MAC address in
`the frame.
`Added the following new parameters to detect Meiners DoS Power Save
`attack:
`detect-power-save-dos-attack
`power-save-dos-min-frames
`power-save-dos-quiet-time
`power-save-dos-threshold
`
`6 | Introduction
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`

`
`Command
`ids unauthorized-device-
`profile
`
`interface fastethernet |
`gigabitethernet tunneled-
`node-port
`interface loopback
`interface mgmt
`interface vlan option-82
`
`ipv6 firewall
`
`
`
`Parameter Description
`
`Added the following parameter to internally generate a list of valid SSIDs
`to use in addition to the user configured list of Valid and Protected SSIDs
`detect-valid-ssid-misuse
`The parameter muxport has had a name change to tunneled-node-
`port. The functionality has not changed.
`
`The parameter ipv6 address was added.
`
`The parameter ipv6 address was added.
`
`Allows a DHCP relay agent to insert circuit specific information (about the
`AP and SSID) into a request that is being forwarded to a DHCP server.
`The enable parameter has been removed from this command. The ipv6
`enable command is the global command to enable/disable ipv6
`processing on the controller.
`
`The secondary-server parameter has been deprecated.
`
`mgmt-server secondary-
`server <ip-addr>
`masterip ipsec-custom-
`cert| ipsec-factory-cert
`master-redundancy peer-ip
`The ipsec-factory-cert and ipsec-custom-cert parameters were
`ipsec-factory-cert|ipsec-
`introduced to allow certificate-based authentication of master and local
`custom-cert
`controllers.
`ntp server [key <key-id>] The key-id parameter authenticate sthe NTP server. This needs to match
`the key identifier configured in the ntp authentication-key command.
`
`Use a custom-installed or factory-installed certificate on the master
`controller to establish a master-local IPsec tunnel using IKEv2.
`
`netdestination
`
`ping
`provision-ap
`
`remote-node-masterip
`ipsec-factory-cert
`
`remote-node-profile
`
`rf dot11a-radio-profile
`<profile> spectrum-
`monitoring
`
`This command configures an alias for an IPv4 -only network host,
`subnetwork, or range of addresses.
`
`Introduced ipv6 parameter to provide support for IPv6.
`
`The following new parameters were introduced for provisioning IPv6 APs:
`(cid:122) dns-server-ip6
`(cid:122) ip6addr
`(cid:122) ip6prefix
`(cid:122) gateway6
`
`Secure communication between a Remote-Node and Remote-Node
`master by identifying a factory-installed certificate on the Remote-Node
`Master.
`
`The following parameters were introduced for configuring a remote node
`profile:
`(cid:122) ipv6
`(cid:122) mgmt-server
`(cid:122) mobility-manager
`(cid:122) snmp-server
`(cid:122) syscontact
`(cid:122) syslocation
`The controller-ip parameter has been deprecated.
`
`Issue this command to turn an AP in ap-mode into a hybrid AP. An AP in
`hybrid AP mode will continue to serve clients as an access point while it
`scans and analyzes spectrum analysis data for a single radio channel. For
`further details on using hybrid APs and spectrum monitors to examine the
`radio frequency (RF) environment in which the Wi-Fi network is operating,
`refer to the Spectrum Analysis chapter of the ArubaOS User Guide
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`Introduction | 7
`
`

`
`Command
`rf dot11g-radio-profile
`<profile> spectrum-
`monitoring
`
`show aaa state debug-
`statistics
`show ap active
`show ap details
`show crypto-local pki
`
`show crypto-local isakmp
`show datapath
`
`
`
`Parameter Description
`
`Issue this command to turn an AP in ap-mode into a hybrid AP. An AP in
`hybrid AP mode will continue to serve clients as an access point while it
`scans and analyzes spectrum analysis data for a single radio channel. For
`further details on using hybrid APs and spectrum monitors to examine the
`radio frequency (RF) environment in which the Wi-Fi network is operating,
`refer to the Spectrum Analysis chapter of the ArubaOS User Guide.
`
`The Mobility Stats parameter was introduced.
`
`The parameter ip6-addr was added to view data for an IPv6 AP.
`
`The parameter ip6-addr was added to view data for an IPv6 AP.
`
`The following new parameters now display output:
`(cid:122) CRL
`(cid:122) Intermediate CA
`(cid:122) OCSPResponderCert
`(cid:122) OCSPSignerCert
`(cid:122) global-ocsp-signer-cert
`(cid:122) rcp
`(cid:122) service-ocsp-responder
`
`The parameter certificate-group was introduced.
`
`The crypto counters parameter now displays a number of TKIP/
`AESCCM/AESGCM decriptions per priority level along with any counter
`errors per priority.
`The ipv6 filter option is added to the following parameters in the
`command:
`(cid:122) session
`(cid:122) tunnel
`(cid:122) user
`(cid:122) route-cache
`(cid:122) route
`(cid:122) ip-reassembly
`The parameter vlan-mcast has been added to view the datapath VLAN
`multicast table entries.
`
`View IP-related information on all interfaces in summary format.
`
`show ip interface brief
`show ntp servers brief
`show tunneled-node
`This command name has changed from show mux to show tunneled
`[state|database]
`node. A new parameter, database, was added.
`show tunneled-node config This command name has changed from show mux to show tunneled-node
`config. The command functionality did not change..
`
`The key-id parameter output displays if configured for this ntp server.
`
`show wms general
`
`tunnel-loop-prevention
`
`tunneled-node-address
`
`Added the following display parameterss
`adhoc-ap-ageout-interval
`persistent-neighbor
`event-correlation
`event-correlation-quiet-time
`Minutes Tick
`This command name has changed from mux-loop-prevention to
`tunnel-loop-prevention. The command functionality did not change.
`
`This command name has changed from mux-address to tunneled-node
`address. The functionality command did not change.
`
`vrrp
`
`The delay option is added to the preempt parameter.
`
`8 | Introduction
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`

`
`Command
`user-role
`
`wlan ssid-profile
`<profile>
`opmode wpa2-aes-gcm-
`128|wpa2-aes-gcm-256
`qbss-load-enable
`wlan ht-ssid-profile
`wms general learn-system-
`wired-macs
`wms-local system max-
`system-wm | system-wm-
`update-interval
`
`
`
`Parameter Description
`
`ipv6 session-acl parameter was removed. The session-acl parameter is
`common for both IPv4 and IPv6 ACLs.
`
`The opmode options wpa2-aes-gcm-128 and wpa2-aes-gcm-256 were
`introduced.
`The qbss-load-enable option is included.
`
`The allow-weak-encrytion parameter was deprecated.
`
`Added parameter to enable or disable “learning” of wired MACs at the
`controller.
`
`Added parameter to set the max number of system wired MAC table
`entries learned at the controller and set the interval, in minutes, for
`repopulating the system wired MAC table at the controller.
`
`Deprecated Commands
`The folowing commands were deprecated in ArubaOS 6.1:
`
`Command
`
`Description
`
`show ipv6 access-list
`(deprecated)
`
`show ipv6 datapath session
`counters (deprecated)
`show ipv6 datapath session
`table (deprecated)
`
`Displays IPv6 access lists configured in the controller. This
`command has been replaced by the show ip access-list
`command.
`
`Displays datapath session table statistics. This command has been
`replaced by the show datapath session ipv6 counters command.
`
`Displays current IPv6 session on the controller. This command has
`been replaced by the show datapath session ipv6 table
`command.
`
`show ipv6 datapath user
`counters (deprecated)
`show ipv6 datapath user table
`(deprecated)
`
`Displays datapath user table statistics. This command has been
`replaced by the show datapath user ipv6 command.
`
`Displays ipv6 datapath user table entries. This command has been
`replaced by the show datapath user ipv6 command.
`
`About this Guide
`This guide describes the ArubaOS command syntax. The commands in this guide are listed
`alphabetically.
`
`The following information is provided for each command:
`
`(cid:122) Command Syntax—The complete syntax of the command.
`(cid:122) Description—A brief description of the command.
`(cid:122) Syntax—A description of the command parameters, including license requirements for specific
`parameters if needed. The applicable ranges and default values, if any, are also included.
`(cid:122) Usage Guidelines—Information to help you use the command, including: prerequisites, prohibitions,
`and related commands.
`(cid:122) Example—An example of how to use the command.
`(cid:122) Command History—The version of ArubaOS in which the command was first introduced.
`Modifications and changes to the command are also noted
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`Introduction | 9
`
`

`
`
`
`(cid:122) Command Information—This table describes any licensing requirements, command modes and
`platforms for which this command is applicable. For more information about available licenses, see
`the “Software Licenses” chapter in the ArubaOS User Guide.
`
`Connecting to the Controller
`This section describes how to connect to the controller to use the CLI.
`
`Serial Port Connection
`The serial port is located on the front panel of the controller. Connect a terminal or PC/workstation
`running a terminal emulation program to the serial port on the controller to use the CLI. Configure your
`terminal or terminal emulation program to use the following communication settings.
`
`Baud Rate
`
`Data Bits
`
`9600
`
`8
`
`Parity
`
`None
`
`Stop Bits
`
`Flow Control
`
`1
`
`None
`
`Telnet or SSH Connection
`Telnet or SSH access requires that you configure an IP address and a default gateway on the controller
`and connect the controller to your network. This is typically performed when you run the Initial Setup
`on the controller, as described in the Aruba Quick Start Guide. In certain deployments, you can also
`configure a loopback address for the controller; see the “Deploying a Basic Aruba User-Centric System”
`chapter in the ArubaOS User Guide for more information.
`
`Configuration changes on Master Controllers
`Some commands can only be issued when connected to a master controller. If you make a
`configuration change on a master controller, all connected local controllers will subsequently update
`their configurations as well. You can manually synchronize all of the controllers at any time by saving
`the configuration on the master controller.
`
`CLI Access
`When you connect to the controller using the CLI, the system displays its host name followed by the
`login prompt. Log in using the admin user account and the password you entered during the Initial
`Setup on the controller (the password displays as asterisks). For example:
`(host)
`User: admin
`Password: *****
`When you are logged in, the user mode CLI prompt displays. For example:
`(host) >
`User mode provides only limited access for basic operational testing such as running ping and
`traceroute.
`
`Certain management functions are available in enable (also called “privileged”) mode. To move from
`user mode to enable mode requires you to enter an additional password that you entered during the
`Initial Setup (the password displays as asterisks). For example:
`(host) > enable
`Password: ******
`When you are in enable mode, the > prompt changes to a pound sign (#):
`(host) #
`
`10 | Introduction
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`

`
`
`
`Configuration commands are available in config mode. Move from enable mode to config mode by
`entering configure terminal at the # prompt:
`(host) # configure terminal
`Enter Configuration commands, one per line. End with CNTL/Z
`When you are in basic config mode, (config) appears before the # prompt:
`(host) (config) #
`
`There are several other sub- command modes that allow users to configure individual interfaces,
`subinterfaces, loopback addresses, GRE tunnels and cellular profiles. For details on the prompts and the
`available commands for each of these modes, see Appendix A: Command Modes on page 1250.
`
`Command Help
`You can use the question mark (?) to view various types of command help.
`
`When typed at the beginning of a line, the question mark lists all the commands available in your
`current mode or sub-mode. A brief explanation follows each command. For example:
`(host) > ?
`
`enable Turn on Privileged commands
`logout Exit this session. Any unsaved changes are lost.
`ping Send ICMP echo packets to a specified IP address.
`traceroute Trace route to specified IP address.
`When typed at the end of a possible command or abbreviation, the question mark lists the commands
`that match (if any). For example:
`(host) > c?
`
`clear Clear configuration
`clock Configure the system clock
`configure Configuration Commands
`copy Copy Files
`If more than one item is shown, type more of the keyword characters to distinguish your choice.
`However, if only one item is listed, the keyword or abbreviation is valid and you can press tab or the
`spacebar to advance to the next keyword.
`
`When typed in place of a parameter, the question mark lists the available options. For example:
`(host) # write ?
`erase Erase and start from scratch
`file Write to a file in the file system
`memory Write to memory
`terminal Write to terminal
`<cr>
`The <cr> indicates that the command can be entered without additional parameters. Any other
`parameters are optional.
`
`Command Completion
`To make command input easier, you can usually abbreviate each key word in the command. You need
`type only enough of each keyword to distinguish it from similar commands. For example:
`(host) # configure terminal
`could also be entered as:
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`Introduction | 11
`
`

`
`
`
`(host) # con t
`Three characters (con) represent the shortest abbreviation allowed for configure. Typing only c or co
`would not work because there are other commands (like copy) which also begin with those letters. The
`configure command is the only one that begins with con.
`
`As you type, you can press the spacebar or tab to move to the next keyword. The system then attempts
`to expand the abbreviation for you. If there is only one command keyword that matches the
`abbreviation, it is filled in for you automatically. If the abbreviation is too vague (too few characters),
`the cursor does not advance and you must type more characters or use the help feature to list the
`matching commands.
`
`Deleting Configuration Settings
`Use the no command to delete or negate previously-entered configurations or parameters.
`
`(cid:122) To view a list of no commands, type no at the enable or config prompt followed by the question
`mark. For example:
`(host) (config) # no?
`(cid:122) To delete a configuration, use the no form of a configuration command. For example, the following
`command removes a configured user role:
`(host) (config) # no user-role <name>
`(cid:122) To negate a specific configured parameter, use the no parameter within the command. For example,
`the following commands delete the DSCP priority map for a priority map configuration:
`(host) (config) # priority-map <name>
`(host) (config-priority-map) # no dscp priority high
`
`Saving Configuration Changes
`Each Aruba controller contains two different types of configuration images.
`
`(cid:122) The running config holds the current controller configuration, including all pending changes which
`have yet to be saved. To view the running-config, use the following command:
`(host) # show running-config
`(cid:122) The startup config holds the configuration which will be used the next time the controller is
`rebooted. It contains all the options last saved using the write memory command. To view the
`startup-config, use the following command:
`(host) # show startup-config
`When you make configuration changes via the CLI, those changes affect the current running
`configuration only. If the changes are not saved, they will be lost after the controller reboots. To save
`your configuration changes so they are retained in the startup configuration after the controller
`reboots, use the following command in enable mode:
`(host) # write memory
`Saving Configuration...
`Saved Configuration
`Both the startup and running configurations can also be saved to a file or sent to a TFTP server for
`backup or transfer to another system.
`
`Commands That Reset the Controller or AP
`If you use the CLI to modify a currently provisioned and running radio profile, those changes take place
`immediately; you do not reboot the controller or the AP for the changes to affect the current running
`configuration. Certain commands, however, automatically force the controller or AP to reboot. You
`may want to consider current network loads and conditions before issuing these commands, as they
`
`12 | Introduction
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`

`
`
`
`may cause a momentary disruption in service as the unit resets. Note also that changing the lms-ip
`parameter in an AP system profile associated with an AP group will cause all APs in that AP group to
`reboot.
`
`Commands that reset a controller
`(cid:122) reload
`(cid:122) reload-peer-sc
`
`Commands that reset an AP
`(cid:122) ap-regroup
`(cid:122) ap-rename
`(cid:122) apboot
`(cid:122) apflash
`(cid:122) provision-ap reprovision
`(cid:122) ap wired-ap-profile <profile>
`forward-mode {bridge|split-
`tunnel|tunnel}
`(cid:122) wlan virtual-ap <profile>
`{aaa-profile
`<profile>|forward-mode
`{tunnel|bridge|split-
`tunnel|decrypt-tunnel}|ssid-
`profile <profile>|vlan
`<vlan>...}
`(cid:122) ap system-profile <profile>
`{bootstrap-threshold
`<number>|lms-ip
`<ipaddr>|master-ip <ipaddr>}
`(cid:122) wlan ssid-profile <profile>
`{battery-boost|deny-
`bcast|essid|opmode|strict-
`svp|wepkey1 <key>|wepkey2
`<key>|wepkey3 <key>|wepkey4
`<key>|weptxkey
`<index>|wmm|wmm-be-dscp <best-
`effort>|wmm-bk-dscp
`<background>|wmm-ts-min-inact-
`int <milliseconds>|wmm-vi-dscp
`<video>|wmm-vo-dscp
`<voice>|wpa-hexkey <psk>|wpa-
`passphrase <string>}
`(cid:122) wlan dotllk <profile> {bcn-
`measurement-mode|dot11k-
`enable|force-dissasoc}
`
`Command Line Editing
`The system records your most recently entered commands. You can review the history of your actions,
`or reissue a recent command easily, without having to retype it.
`
`To view items in the command history, use the up arrow to move back through the list and the down
`arrow key to forward. To reissue a specific command, press Enter when the command appears in the
`command history. You can even use the command line editing feature to make changes to the command
`prior to entering it.
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`Introduction | 13
`
`

`
`
`
`The command line editing feature allows you to make corrections or changes to a command without
`retyping. Table 1 lists the editing controls: To use key shortcuts, press and hold the Ctrl button while
`you press a letter key.
`
`Table 1 Line Editing Keys
`
`Key
`
`Ctrl A
`
`Ctrl B or the
`left arrow
`
`Ctrl D
`
`Ctrl E
`
`Ctrl F or the
`right arrow
`
`Ctrl K
`
`Ctrl N or the
`down arrow
`
`Ctrl P or
`up arrow
`
`Ctrl T
`
`Ctrl U
`
`Ctrl W
`
`Ctrl X
`
`Effect
`
`Home
`
`Back
`
`Description
`
`Move the cursor to the beginning of the line.
`
`Move the cursor one character left.
`
`Delete Right
`
`Delete the character to the right of the cursor.
`
`End
`
`Forward
`
`Move the cursor to the end of the line.
`
`Move the cursor one character right.
`
`Delete Right
`
`Delete all characters to the right of the cursor.
`
`Next
`
`Display the next command in the command history.
`
`Previous
`
`Transpose
`
`Display the previous command in the command
`history.
`
`Swap the character to the left of the cursor with the
`character to the right of the cursor.
`
`Clear
`
`Clear the line.
`
`Delete Word
`
`Delete the characters from the cursor up to and
`including the first space encountered.
`
`Delete Left
`
`Delete all characters to the left of the cursor.
`
`Typographic Conventions
`The following conventions are used throughout this manual to emphasize important concepts:
`
`Table 2 Text Conventions
`
`Type Style
`
`Italics
`
`Boldface
`
`Commands
`
`Description
`
`This style is used to emphasize important terms and to mark the
`titles of books.
`
`This style is used to emphasize command names and parameter
`options when mentioned in the text.
`
`This fixed-width font depicts command syntax and examples of
`commands and command output.
`
`14 | Introduction
`
`ArubaOS 6.1 Command Line Interface | Reference Guide
`
`

`
`Table 2 Text Conventions
`
`Type Style
`
`<angle brackets>
`
`[square brackets]
`
`{Item_A|Item_B}
`
`{ap-name <ap-name>}|{ipaddr
`<ip-addr>}
`
`
`
`Description
`
`In the command syntax, text within angle brackets represents
`items that you should replace with information appropriate to your
`specific situation. For example:
`ping <ipaddr>
`In this example, you would type “ping” at the system prompt
`exactly as shown, followed by the IP address of the system to
`which ICMP echo packets are to be sent. Do not type the angle
`brackets.
`
`In the command syntax, items enclosed in brackets are optional.
`Do not type the brackets.
`
`In the command examples, single items within curled braces and
`separated by a vertical bar represent the available choices. Enter
`only one cho