CLI Overview

The CLI is used for configuring, monitoring, and maintaining the network. The user interface allows you to execute commands on supported wireless controllers, service platforms, and APs, using either a serial console or a remote access method.

This chapter describes basic CLI features. Topics covered include an introduction to command modes, navigation and editing features, help features and command history.

The CLI is segregated into different command modes. Each mode has its own set of commands for configuration, maintenance, and monitoring. The commands available at any given time depend on the mode you are in, and to a lesser extent, the particular model used. Enter a question mark (?) at the system prompt to view a list of commands available for each command mode/instance.

Use specific commands to navigate from one command mode to another. The standard order is: USER EXEC mode, PRIV EXEC mode and GLOBAL CONFIG mode.

Click to expand in new window
GUID-9D50D2DB-80DF-4C5D-887B-89FC33E0B167-low.png

Figure: Hierarchy of User Modes

Command Modes

A session generally begins in the USER EXEC mode (one of the two access levels of the EXEC mode). For security, only a limited subset of EXEC commands are available in the USER EXEC mode. This level is reserved for tasks that do not change the device‘s (wireless controller, service platform, or AP) configuration.

rfs4000-6DB5D4>

The system prompt signifies the device name and the last three bytes of the device MAC address.

To access commands, enter the PRIV EXEC mode (the second access level for the EXEC mode). Once in the PRIV EXEC mode, enter any EXEC command. The PRIV EXEC mode is a superset of the USER EXEC mode.

rfs4000-6DB5D4>enable
rfs4000-6DB5D4#

Most of the USER EXEC mode commands are one-time commands and are not saved across device reboots. Save the command by executing ‘commit‘ command. For example, the show command displays the current configuration and the clear command clears the interface.

Access the GLOBAL CONFIG mode from the PRIV EXEC mode. In the GLOBAL CONFIG mode, enter commands that set general system characteristics. Configuration modes, allow you to change the running configuration. If you save the configuration later, these commands are stored across device reboots.

Access a variety of protocol specific (or feature-specific) modes from the global configuration mode. The CLI hierarchy requires you to access specific configuration modes only through the global configuration mode.

rfs4000-6DB5D4#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
rfs4000-6DB5D4(config)#

You can also access sub-modes from the global configuration mode. Configuration sub-modes define specific features within the context of a configuration mode.

rfs4000-6DB5D4(config)#aaa-policy test
rfs4000-6DB5D4(config-aaa-policy-test)#

The following table summarizes the available controller commands:

Click to expand in new window

Controller CLI Modes and Commands

User Exec Mode

Priv Exec Mode

Global Configuration Mode

captive-portal-page-upload archive aaa-policy
change-passwd boot aaa-tacacs-policy
clear captive-portal-page-upload alias
clock cd AP 6522
cluster change-passwd AP 6562
commit clear AP 7502
connect clock AP-7522
create-cluster cluster AP 7532
crypto commit AP 7562
crypto-cmp-cert-update configure AP 7602
database connect AP-7612
database-backup copy AP 7622
database-restore cpe (supported on NX 7500, NX 9600 and VX) AP7632
debug create-cluster AP7662
device-upgrade crypto AP-8163
disable crypto-cmp-cert-updateted AP-8432
enable database AP-8533
file-sync database-backup application
help database-restore application-group
join-cluster debug application-policy
l2tpv3 delete  
logging device-upgrade auto-provisioning-policy
mint diff bgp
no dir bonjour-gw-discovery-policy
on disable bonjour-gw-forwarding-policy
opendns edit bonjour-gw-query-forwarding-policy
page enable captive-portal
ping erase clear
ping6 factory-reset client-identity
revert file-sync client-identity-group
service halt clone
show help crypto-cmp-policy
ssh join-cluster customize
telnet l2tpv3 database-client-policy (supported only on VX)
terminal logging database-policy (supported only on NX 9500, NX 9600, and VX)
time-it mint device
traceroute mkdir device-categorization
traceroute6 more dhcp-server-policy
virtual-machine (supported only on NX 9500, NX 96XX and VX) no dhcp6-server-policy
watch on dns-whitelist
write opendns event-system-policy
clrscr page firewall-policy
exit ping global-association-list
  ping6 guest-management
  pwd help
  raid (supported only on NX 9500 and NX 7530) host
  re-elect igmp-snoop-policy (This command has been deprecated. IGMP snooping is now configurable under the profile/device configuration mode. For more information, see ip.
  reload inline-password-encryption
  remote-debug ip
  rename ipv6
  revert ipv6-router-advertisement-policy
  rmdir l2tpv3
  self mac
  service management-policy
  show meshpoint
  ssh meshpoint-qos-policy
  t5 (supported only on RFS 4000, NX 9600, and VX) mint-policy
  telnet nac-list
  terminal no
  time-it nsight-policy
  traceroute NX 5500 (supported only on NX 9600 and VX)
  traceroute6 NX 7500 (supported only on NX 9600 and VX)
  upgrade NX 9000 (supported only on NX 9600 and VX)
  upgrade-abort NX 9600
  virtual-machine (supported only on NX 9600 and VX) passpoint-policy
  watch password-encryption
  write profile
  clrscr radio-qos-policy
  exit radius-group
    radius-server-policy
    radius-user-pool-policy
    rename
    roaming-assist-policy
    role-policy
    route-map
    routing-policy
    rtl-server-policy
    schedule-policy
    self
    sensor-policy
    smart-rf-policy
    t5 (supported only on NX 7500, NX 9600 and VX)
    url-filter (supported only on NX 9600 and VX)
    url-list (supported only on NX 9600 and VX)
    vx9000 (supported only on NX 9600 and VX)
    web-filter-policy
    wips-policy
    wlan
    wlan-qos-policy
    write
    clrscr
    commit
    do
    end
    exit
    revert
    service
    show