Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

368

Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

4

service eap-mac-mode

[mac-always|normal]

service key-index eap-wep-unicast <1-4>

service monitor [aaa-server|adoption vlan <1-4094>|captive-portal

external-server|

dhcp crm <CRM-NAME> vlan <1-4094>]

enforce-pmkid-validation

Validates the Predictive real-time pairwise master key identifier (PMKID) contained in a client’s association
request against the one present in the wpa-wpa2 handshake
This functionality is based on the Proactive Key Caching (PKC) extension of the 802.11i EEEE standard.
Whenever a wireless client successfully authenticates with a AP it receives a pairwise master key (PMK).
PKC allows clients to cache this PMK and reuse it for future re-authentications with the same AP. The PMK
is unique for every client and is identified by the PMKID. The PMKID is a combination of the hash of the
PMK, a string, the station and the MAC addresses of the AP.

radio-crypto

Uses radio hardware for encryption and decryption. This is applicable only for devices using Counter Cipher
Mode with Block Chaining Message Authentication Code Protocol (CCMP) encryption mode.

reauthentication
seamless

Enables seamless EAP client reauthentication without disconnecting client after the session has timed out

session-timeout mac

Enables reauthentication of MAC authenticated clients without disconnecting client after the session has
timed out

tx-deauth-on-roam-detectio
n

Transmits a deauthentication on the air while disassociating a client because its roam is detected on the
wired side

show cli

Displays the CLI tree of the current mode. When used in the WLAN mode, this command displays the WLAN
CLI structure.

eap-mac-mode

Configures the EAP and/or MAC authentication mode used with this WLAN

mac-always

Enables both EAP and MAC authentication. MAC authentication is performed first, followed by EAP
authentication. Clients are granted access based on the EAP authentication result. If a client does not have
EAP, the MAC authentication result is used to grant access.

normal

Grants client access if the client clears either EAP or MAC authentication

key-index eap-wep-unicast
<1-4>

Configures an index with each key during EAP authentication with WEP

•

<1-4> – Select a index form 1 - 4.

monitor

Enables critical resources for failure

aaa-server‘

Enables AAA server failure monitoring. This feature is disabled by default.

adoption vlan
<1-4094>

Enables adoption failure monitoring on an adopted AP. Also configures a adoption failover VLAN. This
feature is disabled by default.

•

VLAN <1-4094> – Specify the VLAN on which clients are placed when the connectivity between the
AAP and the controller is lost.

Configure a DHCP pool and gateway for the failover VLAN. Ensure the DHCP server is running on the AP.
Also ensure that the DHCP pool is configured to have less lease time.
When this feature is enabled on a WLAN, it allows adopted APs to monitor their connectivity with the
controller. If and when this connectivity is lost, all new clients are placed in the configured adoption failover
VLAN. They are served an IP by the DHCP server running on the AP. In this situation if a client tries to access
a Web URL, the AP redirects the client to a page stating that the service is down.
When the AAP’s link to the switch is restored, clients are placed back in the WLAN’s configured VLAN, and
are served an IP from the corresponding configured DHCP server (external or on the AP/controller).