Network Commands

The ClearPass Policy Manager command line interface includes the following network commands:

network ip6

network ip

nslookup

network ping6

network reset

network traceroute6

network traceroute

network ip6

Use the network ip6 command to add, delete, or list custom routes to the data or management interface routing table in IPv6 networks. Note that network IP routing commands are disabled for ClearPass cloud deployments (such as deployments hosted in Azure or AWS) because:

The network IP assignments are managed by the cloud networking vendor.

The process  through which the cloud deployment DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  and IP assignments are not managed by ClearPass, so there is no way to define static IP addresses

The routing configuration defined in the cloud deployment will no longer be valid if the system renews its IP address in the next DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  refresh cycle.

If you must add static routes to a cloud deployment, contact Aruba support for more information.

Syntax: network ip6 add

network ip6 add <mgmt|data> [-i <id>] <[-s <SrcAddr>] [-d <DestAddr>]> [-g <ViaAddr>]

The following table describes the required and optional parameters for the network ip6 command:

Table 1: Network IP6 Add Command Parameters

Flag/Parameter

Description

<mgmt|data>

Specifies the management or the data interface.

-i <id>

Specifies the ID of the network IP rule. If this ID is not specified, the system generates an ID automatically.

NOTE: This ID determines the priority in the ordered list of rules in the routing table.

-s <SrcAddr>

Specifies the source interface IPv6 address or netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses. from where the network IPv6 rule is specified. For example, fe82::20c:29ff:fe7e:d3e1. A valid IPv6 address or a netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses. or 0/0 values are allowed. This parameter is optional.

-d <DestAddr>

Specifies the destination interface IPv6 address or netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses. where the network IPv6 rule is specified. A valid IPv6 address or a netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses. or 0/0 values are allowed. This parameter is optional.

-g <ViaAddr>

Specifies the via or gatewayGateway is a network node that allows traffic to flow in and out of the network. IPv6 address through which the network traffic should flow. A valid IPv6 address is allowed. This parameter is optional.

Example: Adding an IPv6 Custom Route

You can use an IPv6 address when adding a custom route.

The following example adds a custom route:

[appadmin]# network ip6 add data -s fe82::20c:29ff:fe7e:d3e1/d3e24

Syntax: network ip6 del

This command deletes an IPv6 custom route.

network ip6 del <-i <id>>

Syntax: network ip6 list

This command lists all custom routing rules.

network ip6 list

Example: Listing All IPv6 Custom Routing Rules

The following example lists all custom routing rules:

[appadmin]# network ip6 list

===============================================

IP Rule Information

-----------------------------------------------

0: from all lookup local

13000: from all to fe82::20c:99ff:fe7e:d3e1 lookup mgmt

13001: from all to fe82::20c:99ff:fe7e:d3e4 lookup mgmt

13002: from all to fe82::20c:99ff:fe7e:d3e7 lookup mgmt

13003: from all to fe82::20c:99ff:fe7e:d3e8 lookup mgmt

13004: from all to fe82::20c:99ff:fe7e:d3e9 lookup mgmt

13005: from all to fe82::20c:99ff:fe7e:d3ea lookup static

32766: from all lookup main

===============================================

Syntax: network ip6 reset

network ip6 reset

This command resets the routing table to the factory default settings and all custom routes are removed.

network ip

Use the network ip command to add, delete, or list custom routes to the data or management interface routing table. Note that network IP routing commands are disabled for ClearPass cloud deployments (such as deployments hosted in Azure or AWS) because:

The network IP assignments are managed by the cloud networking vendor.

The process  through which the cloud deployment DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  and IP assignments are not managed by ClearPass, so there is no way to define static IP addresses

The routing configuration defined in the cloud deployment will no longer be valid if the system renews its IP address in the next DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  refresh cycle.

If you must add static routes to a cloud deployment, contact Aruba support for more information.

Syntax: network ip add

network ip add <mgmt|data|greN|vlanN> [-i <id>] <[-s <SrcAddr>] [-d <DestAddr>]> [-g <ViaAddr>]

The following table describes the required and optional parameters for the network ip add command:

Table 2: Network IP Add Command Parameters

Flag/Parameter

Description

<mgmt | data| greN |vlanN>

Configures the management interface, data interface, the name of the GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel, or the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. number.

<greN>: N specifies the GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel number ranging from 1,2,3...N.

<vlanN>: N specifies the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. number.

-i <id>

 

Specifies the ID of the network IP rule. If this ID is not specified, the system generates an ID automatically.

NOTE: This ID determines the priority in the ordered list of rules in the routing table.

-s <SrcAddr>

Specifies the IP address or network. For example, 192.168.xx.0/24 or 0/0 (for all traffic) of traffic originator. You must specify only one source IP address. This parameter is optional.

-d <DestAddr>

Specifies the destination IP address or network. For example, 192.168.xx.0/24 or 0/0 (for all traffic). You must specify only one destination IP address. This parameter is optional.

-g <ViaAddr>

Specifies the via or gatewayGateway is a network node that allows traffic to flow in and out of the network. IP address through which the network traffic should flow. A valid IP address is allowed. This parameter is optional.

Syntax: network ip del

network ip del <-i <id>>

The following table describes the parameter for the network ip del command:

Table 3: Network IP Del Command Parameters

Flag/Parameter

Description

-i <id>

Specifies the ID of the rule to delete.

Syntax: network ip list

network ip list

This command lists all routing rules.

Example: Adding a Custom Route

The following example adds a custom route:

[appadmin]# network ip add data -s 192.168.xx.0/24

Example: Listing All Custom Routes

The following example lists all custom routes:

[appadmin]# network ip list =============================================== IP Rule Information ----------------------------------------------- 0: from all lookup local 10020: from all to 10.xx.4.0/24 lookup mgmt 10040: from 10.xx.4.200 lookup mgmt 10060: from 10.xx.5.200 lookup data 32766: from all lookup main 32767: from all lookup default ===============================================

Syntax: network ip reset

network ip reset

This command resets the routing table to the factory default settings. All custom routes are removed.

nslookup

Use the network nslookup command to get the IP address of the host using DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element..

Syntax: network nslookup

network nslookup -q <record-type> <host>

The following table describes the required and optional parameters for the nslookup command:

Table 4: Network Nslookup Command Parameters

Flag/Parameter

Description

<record-type>

Specifies the type of DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. record. The record types available are:

A

AAAA

CNAME

PTR

SRV

<host>

Specifies the host or domain name to be queried.

Example: Obtaining Address of Host or Domain

The following examples obtain the IPv4 and IPv6 addresses of the host or domain using DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element.:

[appadmin]# nslookup sun.us.arubanetworks.com

[appadmin]# network nslookup 2001:4860:4860::8888

Example: Querying for SRV Records

The following example queries a host or domain for SRV records:

[appadmin]# nslookup -q SRV arubanetworks.com

Syntax

Use the AAAA flag with the -q option to perform network nslookup with IPv6 destinations.

nslookup -q AAAA <IPv6_addr>

Example: Nslookup for IPv6 Address

The following example performs network nslookup for the destination with an IPv6 address:

[appadmin]# network nslookup 2001::93

Server: 2001::94

Address: 2001::94#53

3.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.2.ip6.arpa name = ipv6test-n1.cppmipv6.com

[appadmin]# network nslookup -q AAAA ipv6test-n1.cppmipv6.com

Server: 2001::94

Address: 2001::94#53

ipv6test-n1.cppmipv6.com has AAAA address 2001::93

network ping6

Use the network ping6 command to test the reachability of the network host.

Syntax: network ping6

network ping6 [-i <SrcIPv6Addr>] [-t] <host>

The following table describes the required and optional parameters for the network ping6 command:

Table 5: Network Ping6 Command Parameters

Flag/Parameter

Description

-i <SrcIPv6Addr>

Specifies the originating IPv6 address for the ping. This field is optional.

-t

Use this parameter to ping indefinitely. This field is optional.

<host>

Specifies the host to be pinged.

Example

The following example pings an IPv6 network host to test its reachability:

[appadmin]# network ping6 –i fe82::20c:29ff:fe7e:d3e1 –t sun.us

network ping

Use the network ping command to test the reachability of the network host.

Syntax: network ping

network ping [-i <SrcIpAddr>] [-t] <host>

The following table describes the required and optional parameters for the network ping command:

Table 6: Network Ping Command Parameters

Flag/Parameter

Description

-i <SrcIpAddr>

Specifies the originating IP address for the ping. This field is optional.

-t

Use this parameter to ping indefinitely. This field is optional.

<host>

Specifies the host to be pinged.

Example: Testing Reachability

The following example pings a network host to test the reachability:

[appadmin]# network ping –i 192.168.xx.10 –t sun.us.arubanetworks.com

network reset

Use the network reset command to reset the network data and management ports. You can use this command to reset both IPv4 and IPv6 addresses. Before resetting an IPv4 address for the port, ensure than an IPv6 address is set for the port and that the cluster communication mode is set to IPv6. Conversely, before resetting an IPv6 address for the port, ensure that an IPv4 address is set for it and that the cluster communication mode is set to IPv4. Before Policy Manager resets an IPv4 or IPv6 address, it displays the warning message "This command erases network management port configuration and reconfigures the network. This might cause the system to lose network connectivity and require you to log in again."

Syntax: network reset

network reset <data/mgmt>/[v4|v6]

The following table describes the required and optional parameters for the network reset command:

Table 7: Network Reset Command Parameters

Flag/Parameter

Description

data [v4|v6]

Specifies the name of network data port to reset, as well as whether it is an IPv4 or IPv6 address.

mgmt [v4|v6]

Specifies the name of network management port to reset. as well as whether it is an IPv4 or IPv6 address.

Examples

The following example resets the IPv4 network data port:

[appadmin]# network reset data v4

The following example resets the IPv6 network management port:

[appadmin]# network reset mgmt v6

network traceroute6

Use the network traceroute6 command to print the route taken to reach the IPv6 network host.

Syntax: network traceroute6

network traceroute6 <host>

The following table describes the required and optional parameters for the network traceroute6 command:

Table 8: Network Traceroute6 Command Parameters

Flag/Parameter

Description

<host>

Specifies the name of network host. You can specify the host with an IPv6 address.

Example

The following example prints the route taken to reach the network host:

[appadmin]# network traceroute6 sun.us.arubanetworks.com

network traceroute

Use the network traceroute command to print the route taken to reach the network host.

Syntax: network traceroute

network traceroute <host>

The following table describes the required parameter for the network traceroute command:

Table 9: Network Traceroute Command Parameters

Flag/Parameter

Description

<host>

Specifies the name of the network host.

Example

The following example prints the route taken to reach the network host:

[appadmin]# network traceroute sun.us.arubanetworks.com