You are here: Connecting to a CLI Session
Previous TopicNext Topic

Chapter 35 

Instant CLI

Instant supports the use of Command Line Interface (CLI) for scripting purposes. You can access the Instant CLI through a Secure Shell (SSH).

To enable the SSH access to the Instant CLI:

1. From the Instant UI, navigate to System > Show advanced options.
2. Select Enabled from the Terminal access drop-down list.
3. Click OK.

Connecting to a CLI Session

On connecting to a CLI session, the system displays its host name followed by the login prompt. Use the administrator credentials to start a CLI session. For example:

(Instant Access Point)

User: admin

Password: *****

If the login is successful, the privileged command mode is enabled and a command prompt is displayed. For example:

(Instant Access Point)#

The privileged mode provides access to show, clear, ping, traceroute, and commit commands. The configuration commands are available in the configuration (config) mode. To move from privileged mode to the configuration mode, enter the following command at the command prompt:

(Instant Access Point)# configure terminal

The configure terminal command allows you to enter the basic configuration mode and the command prompt is displayed as follows:

(Instant Access Point)(config)#

The Instant CLI allows CLI scripting in several other sub-command modes to allow the users to configure individual interfaces, SSIDs, access rules, and security settings.

You can use the question mark (?) to view the commands available in a privileged mode, configuration mode, or sub-mode.

 

Although automatic completion is supported for some commands such as configure terminal, the complete exit and end commands must be entered at command prompt for successful execution.

Applying Configuration Changes

Each command processed by the Virtual Controller is applied on all the slave IAPs in a cluster. When you make configuration changes on a master IAP in the CLI, all associated IAPs in the cluster inherit these changes and subsequently update their configurations. The changes configured in a CLI session are saved in the CLI context.

The CLI does not support the configuration data exceeding the 4K buffer size in a CLI session: therefore, Aruba recommends that you configure fewer changes at a time and apply the changes at regular intervals.

To apply and save the configuration changes at regular intervals, use the following command in the privileged mode:

(Instant Access Point)# commit apply

To apply the configuration changes to the cluster, without saving the configuration, use the following command in the privileged mode:

(Instant Access Point)# commit apply no-save

To view the changes that are yet to be applied, use the following command in the privileged mode:

(Instant Access Point)# show uncommitted-config

To revert to the earlier configuration, use the following command in the privileged mode.

(Instant Access Point)# commit revert

Example:

(Instant Access Point)(config)# rf dot11a-radio-profile

(Instant Access Point)(RF dot11a Radio Profile)# beacon-interval 200

(Instant Access Point)(RF dot11a Radio Profile)# no legacy-mode

(Instant Access Point)(RF dot11a Radio Profile)# dot11h

(Instant Access Point)(RF dot11a Radio Profile)# interference-immunity 3

(Instant Access Point)(RF dot11a Radio Profile)# csa-count 2

(Instant Access Point)(RF dot11a Radio Profile)# spectrum-monitor

(Instant Access Point)(RF dot11a Radio Profile)# end

 

(Instant Access Point)# show uncommitted-config

rf dot11a-radio-profile

no legacy-mode

beacon-interval 200

no dot11h

interference-immunity 3

csa-count 1

no spectrum-monitor

 

Instant Access Point# commit apply

Configuration Sub-modes

Some commands in configuration mode allow you to enter into a sub-mode to configure the commands specific to that mode. When you are in a configuration sub-mode, the command prompt changes to indicate the current sub-mode.

You can exit a sub-command mode and return to the basic configuration mode or the privileged Exec (enable) mode at any time by executing the exit or end command.

Deleting Configuration Settings

Use the no command to delete or negate previously-entered configurations or parameters.

To view a list of no commands, type no at the prompt in the relevant mode or sub-mode followed by the question mark. For example:

(Instant Access Point)(config) # no?

To delete a configuration, use the no form of a configuration command. For example, the following command removes a configured user role:

(Instant Access Point)(config) # no user <username>

To negate a specific configured parameter, use the no parameter within the command. For example, the following command deletes the PPPoE user configuration settings:

(Instant Access Point)(config) # pppoe-uplink-profile

(Instant Access Point)(pppoe_uplink_profile)# no pppoe-username

Using Sequence Sensitive Commands

The Instant CLI does not support positioning or precedence of sequence-sensitive commands. Therefore, Aruba recommends that you remove the existing configuration before adding or modifying the configuration details for sequence-sensitive commands. You can either delete an existing profile or remove a specific configuration by using the no… commands.

The following table lists the sequence-sensitive commands and the corresponding no command to remove the configuration.

Table 1: Sequence-Sensitive Commands

Sequence-Sensitive Command

Corresponding no command

opendns <username <password>

no opendns

rule <dest> <mask> <match> <protocol> <start-port> <end-port> {permit |deny | src-nat | dst-nat {<IP-address> <port>| <port>}}[<option1…option9>]

no rule <dest> <:mask> <match> <protocol> <start-port> <end-port> {permit | deny | src-nat | dst-nat}

mgmt-auth-server <auth-profile-name>

no mgmt-auth-server <auth-profile-name>

set-role <attribute>{{equals| not-equals| starts-with| ends-with| contains} <operator> <role>| value-of}

no set-role <attribute>{{equals| not-equals| starts-with| ends-with| contains} <operator>| value-of}

no set-role

set-vlan <attribute>{{equals| not-equals| starts-with| ends-with| contains} <operator> <VLAN-ID>| value-of}

no set-vlan <attribute>{{equals| not-equals| starts-with| ends-with| contains} <operator>| value-of}

no set-vlan

auth-server <name> no auth-server <name>

New and Modified Commands in Aruba Instant 6.3.1.0-4.0

aaa test-server

a-channel

a-external-antenna

aeroscout-rtls

airgroup

airgroupservice

airwave-rtls

ale-report-interval

ale-server

alg

allow-new-aps

allowed-ap

ams-backup-ip

ams-identity

ams-ip

ams-key

arm

attack

auth-failure-blacklist-time

auth-survivability cache-time-out

blacklist-client

blacklist-time

calea

cellular-uplink-profile

clear

clear airgroup state statistics

clear-cert

clock set

clock summer-time

clock timezone

commit

configure terminal

content-filtering

convert-aos-ap

copy

deny-inter-user-bridging

deny-local-routing

device-id

disconnect-user

download-cert

dynamic-cpu-mgmt

dynamic-radius-proxy

enet-vlan

enet0-bridging

enet0-port-profile

enet1-port-profile

enet2-port-profile

enet3-port-profile

enet4-port-profile

extended-ssid

factory-ssid-enable

firewall-external-enforcement

g-channel

g-external-antenna

gre per-ap-tunnel

gre primary

gre type

help

hostname

hotspot anqp-3gpp-profile

hotspot anqp-domain-name-profile

hotspot anqp-ip-addr-avail-profile

hotspot anqp-nai-realm-profile

hotspot anqp-nwk-auth-profile

hotspot anqp-roam-cons-profile

hotspot anqp-venue-name-profile

hotspot h2qp-conn-cap-profile

hotspot h2qp-oper-name-profile

hotspot h2qp-oper-class-profile

hotspot h2qp-wan-metrics-profile

hotspot hs-profile

iap-master

ids

inactivity-ap-timeout

internal-domains

ip-address

ip dhcp

ip dhcp pool

l2tpv3 session

l2tpv3 tunnel

l3-mobility

led-off

logout

mas-integration

mesh

mgmt-auth-server

mgmt-auth-server-load-balancing

mgmt-auth-server-local-backup

mgmt-user

name

ntp-server

opendns

organization

ping

pppoe-uplink-profile

proxy

reload

remove-blacklist-client

restrict-corp-access

restricted-mgmt-access

rf dot11a-radio-profile

rf dot11g-radio-profile

rf-band

routing-profile

show 1xcert

show about

show access-rule

show access-rule-all

show airgroup

show airgroupservice

show airgroupservice-ids

show ale

show alert global

show alg

show allowed-aps

show apas status

show ap-env

show aps

show ap allowed-channels

show ap allowed-max-EIRP

show ap arm

show ap association

show ap bss-table

show ap client-match-history

show ap client-match-live

show ap client-match-history

show ap client-match-history

show ap client-view

show ap debug airwave

show ap debug airwave-config-received

show ap debug airwave-data-sent

show ap debug airwave-events-pending

show ap debug airwave-signon-key

show ap debug airwave-state

show ap debug airwave-stats

show ap debug am-config

show ap debug auth-trace-buf

show ap debug client-match

show ap debug client-stats

show ap debug client-table

show ap debug crash-info

show ap debug dhcp-packets

show ap debug dot1x-statistics

show ap debug driver-config

show ap debug mgmt-frames

show ap debug persistent-clients

show ap debug radio-stats

show ap debug radius-statistics

show ap debug shaping-table

show ap debug spanning-tree

show ap debug stm-config

show ap debug system-status

show ap flash-config

show ap mesh counters

show ap mesh link

show ap mesh neighbors

show ap monitor

show ap pmkcache

show ap virtual-beacon-report

show arm-channels

show arm config

show arp

show attack

show app-services

show auth-survivability

show blacklist-client

show calea config

show calea statistics

show captive-portal

show captive-portal-domains

show cellular

show cert all

show clients

show clock

show configuration

show country-codes

show cpu

show datapath

show derivation-rules

show dhcp-allocation

show dhcps config

show distributed-dhcp-branch-counts

show domain-names

show election

show external-captive-portal

show fault

show ids

show ids-detection config

show ids-protection config

show image

show interface counters

show ip dhcp database

show ip igmp

show ip interface brief

show ip route

show lacp status

show l2tpv3 config

show l2tpv3 global

show l2tpv3 session

show l2tpv3 tunnel

show l2tpv3 system

show l3-mobility

show ldap-servers

show log ap-debug

show log apifmgr

show log convert

show log debug

show log driver

show log kernel

show log l3-mobility

show log network

show log pppd

show log rapper

show log sapd

show log security

show log system

show log upgrade

show log user

show log user-debug

show log vpn-tunnel

show log wireless

show memory

show mgmt-user

show network

show opendns

show port status

show pppoe

show process

show proxy config

show radio config

show radius-servers support

show running-config

show snmp-configuration

show snmp trap-queue

show spectrum-alert

show stats

show summary

show swarm-state

show supported-cert-formats

show syslog-level

show tech-support

show uncommitted-config

show upgrade info

show uplink

show uplink-vlan

show user

show valid-channels

show version

show vpn

show walled-garden

show wifi-uplink

show wired-port

show wired-port-settings

show wispr config

snmp-server

syslog-level

syslog-server

telnet-server

terminal-access

tftp-dump-server

traceroute

upgrade-image

uplink

uplink-vlan

user

version

virtual-controller-country

virtual-controller-ip

virtual-controller-key

virtual-controller-vlan

vpn backup

vpn fast-failover

vpn gre-outside

vpn hold-time

vpn ikepsk

vpn monitor-pkt-lost-cnt

vpn monitor-pkt-send-freq

vpn preemption

vpn primary

vpn reconnect-time-on-failover

vpn reconnect-user-on-failover

wifi0-mode

wifi1-mode

wired-port-profile

wlan access-rule

wlan auth-server

wlan captive-portal

wlan external-captive-portal

wlan ldap-server

wlan ssid-profile

wlan sta-profile

wlan walled-garden

wlan wispr-profile

write