You are here: Connecting to a CLI Session
Previous TopicNext Topic

Chapter 32 

Instant CLI

Instant supports the use of Command Line Interface (CLI) for scripting purposes. You can access the Instant CLI through a Secure Shell (SSH).

To enable the SSH access to the Instant CLI:

1. From the Instant UI, navigate to System > Show advanced options.
2. Select Enabled from the Terminal access drop-down list.
3. Click OK.

Connecting to a CLI Session

On connecting to a CLI session, the system displays its host name followed by the login prompt. Use the administrator credentials to start a CLI session. For example:

(Instant AP)

User: admin

Password: *****

If the login is successful, the privileged command mode is enabled and a command prompt is displayed. For example:

(Instant AP)#

The privileged mode provides access to show, clear, ping, traceroute, and commit commands. The configuration commands are available in the configuration (config) mode. To move from privileged mode to the configuration mode, enter the following command at the command prompt:

(Instant AP)# configure terminal

The configure terminal command allows you to enter the basic configuration mode and the command prompt is displayed as follows:

(Instant AP)(config)#

The Instant CLI allows CLI scripting in several other sub-command modes to allow the users to configure individual interfaces, SSIDs, access rules, and security settings.

You can use the question mark (?) to view the commands available in a privileged mode, configuration mode, or sub-mode.

 

Although automatic completion is supported for some commands such as configure terminal, the complete exit and end commands must be entered at command prompt for successful execution.

Applying Configuration Changes

Each command processed by the Virtual Controller is applied on all the slave IAPs in a cluster. When you make configuration changes on a master IAP in the CLI, all associated IAPs in the cluster inherit these changes and subsequently update their configurations. The changes configured in a CLI session are saved in the CLI context.

The CLI does not support the configuration data exceeding the 4K buffer size in a CLI session: therefore, Aruba recommends that you configure fewer changes at a time and apply the changes at regular intervals.

To apply and save the configuration changes at regular intervals, use the following command in the privileged mode:

(Instant AP)# commit apply

To apply the configuration changes to the cluster, without saving the configuration, use the following command in the privileged mode:

(Instant AP)# commit apply no-save

To view the changes that are yet to be applied, use the following command in the privileged mode:

(Instant AP)# show uncommitted-config

To revert to the earlier configuration, use the following command in the privileged mode.

(Instant AP)# commit revert

Example:

(Instant AP)(config)# rf dot11a-radio-profile

(Instant AP)(RF dot11a Radio Profile)# beacon-interval 200

(Instant AP)(RF dot11a Radio Profile)# no legacy-mode

(Instant AP)(RF dot11a Radio Profile)# dot11h

(Instant AP)(RF dot11a Radio Profile)# interference-immunity 3

(Instant AP)(RF dot11a Radio Profile)# csa-count 2

(Instant AP)(RF dot11a Radio Profile)# spectrum-monitor

(Instant AP)(RF dot11a Radio Profile)# end

 

(Instant AP)# show uncommitted-config

rf dot11a-radio-profile

no legacy-mode

beacon-interval 200

no dot11h

interference-immunity 3

csa-count 1

no spectrum-monitor

 

Instant Access Point# commit apply

Configuration Sub-modes

Some commands in configuration mode allow you to enter into a sub-mode to configure the commands specific to that mode. When you are in a configuration sub-mode, the command prompt changes to indicate the current sub-mode.

You can exit a sub-command mode and return to the basic configuration mode or the privileged Exec (enable) mode at any time by executing the exit or end command.

Deleting Configuration Settings

Use the no command to delete or negate previously-entered configurations or parameters.

To view a list of no commands, type no at the prompt in the relevant mode or sub-mode followed by the question mark. For example:

(Instant AP)(config) # no?

To delete a configuration, use the no form of a configuration command. For example, the following command removes a configured user role:

(Instant AP)(config) # no user <username>

To negate a specific configured parameter, use the no parameter within the command. For example, the following command deletes the PPPoE user configuration settings:

(Instant AP)(config) # pppoe-uplink-profile

(Instant AP)(pppoe_uplink_profile)# no pppoe-username

Using Sequence Sensitive Commands

The Instant CLI does not support positioning or precedence of sequence-sensitive commands. Therefore, Aruba recommends that you remove the existing configuration before adding or modifying the configuration details for sequence-sensitive commands. You can either delete an existing profile or remove a specific configuration by using the no… commands.

The following table lists the sequence-sensitive commands and the corresponding no command to remove the configuration.

Table 1: Sequence-Sensitive Commands

Sequence-Sensitive Command

Corresponding no command

opendns <username <password>

no opendns

rule <dest> <mask> <match> <protocol> <start-port> <end-port> {permit |deny | src-nat | dst-nat {<IP-address> <port>| <port>}}[<option1…option9>]

no rule <dest> <:mask> <match> <protocol> <start-port> <end-port> {permit | deny | src-nat | dst-nat}

mgmt-auth-server <auth-profile-name>

no mgmt-auth-server <auth-profile-name>

set-role <attribute>{{equals| not-equals| starts-with| ends-with| contains} <operator> <role>| value-of}

no set-role <attribute>{{equals| not-equals| starts-with| ends-with| contains} <operator>| value-of}

no set-role

set-vlan <attribute>{{equals| not-equals| starts-with| ends-with| contains} <operator> <VLAN-ID>| value-of}

no set-vlan <attribute>{{equals| not-equals| starts-with| ends-with| contains} <operator>| value-of}

no set-vlan

auth-server <name> no auth-server <name>

New Commands and Modified Commands in Aruba Instant 6.4.0.2-4.1

a-channel

a-external-antenna

aaa test-server

aeroscout-rtls

airgroup

airgroupservice

airwave-rtls

ale-report-interval

ale-server

alg

allow-new-aps

allowed-ap

ams-backup-ip

ams-identity

ams-ip

ams-key

apply

arm

attack

auth-failure-blacklist-time

auth-survivability cache-time-out

blacklist-client

blacklist-time

calea

cellular-uplink-profile

clear airgroup state statistics

clear-cert

clear

clock summer-time

clock timezone

clock set

commit

configure terminal

console

content-filtering

convert-aos-ap

copy

deny-inter-user-bridging

deny-local-routing

device-id

disable-prov-ssid

disconnect-user

download-cert

dpi

dynamic-cpu-mgmt

dynamic-radius-proxy

enet-vlan

enet0-bridging

enet0-port-profile

enet1-port-profile

enet2-port-profile

enet3-port-profile

enet4-port-profile

extended-ssid

factory-ssid-enable

firewall-external-enforcement

g-channel

g-external-antenna

gre per-ap-tunnel

gre primary

gre type

help

hostname

hotspot hs-profile

hotspot anqp-3gpp-profile

hotspot anqp-domain-name-profile

hotspot anqp-ip-addr-avail-profile

hotspot anqp-nai-realm-profile

hotspot anqp-nwk-auth-profile

hotspot anqp-roam-cons-profile

hotspot anqp-venue-name-profile

hotspot h2qp-conn-cap-profile

hotspot h2qp-oper-name-profile

hotspot h2qp-oper-class-profile

hotspot h2qp-wan-metrics-profile

iap-master

ids

ignore-image-check

inactivity-ap-timeout

inbound-firewall

internal-domains

ip dhcp

ip dhcp pool

ip-address

l2tpv3 session

l2tpv3 tunnel

l3-mobility

led-off

logout

mas-integration

mesh

mgmt-accounting

mgmt-auth-server-load-balancing

mgmt-auth-server-local-backup

mgmt-auth-server

mgmt-user

name

ntp-server

opendns

organization

ping

pppoe-uplink-profile

proxy

reload

remove-blacklist-client

restrict-corp-access

restricted-mgmt-access

rf dot11a-radio-profile

rf dot11g-radio-profile

rf-band

rft

routing-profile

show acl

show ale

show alert global

show all monitor

show allowed-aps

show amp-audit

show ap allowed-channels

show ap allowed-max-EIRP

show ap association

show ap virtual-beacon-report

show ap client-match-history

show ap client-match-live

show ap client-match-refused

show ap client-match-triggers

show ap client-probe-report

show ap client-view

show ap debug airwave

show ap debug airwave-config-received

show ap debug airwave-data-sent

show ap debug airwave-events-pending

show ap debug airwave-signon-key

show ap debug auth-trace-buf

show ap debug client-match

show ap debug airwave-state

show ap debug airwave-stats

show ap debug am-config

show ap debug dhcp-packets

show ap debug persistent-clients

show ap dot11k-beacon-report

show ap dot11k-nbrs

show ap-env

show ap flash-config

show ap mesh counters

show ap pmkcache

show ap-alert

show apas status

show app-services

show auth-survivability

show blacklist-client

show calea config

show calea statistics

show captive-portal

show captive-portal-domains

show config-status

show console-settings

show cpcert

show datapath

show delta-config

show derivation-rules

show dhcp subnets

show dhcp-allocation

show dhcps config

show distributed-dhcp-branch-counts

show domain-names

show dpi-stats

show dpi

show election

show external-captive-portal

show fault

show image

show l3-mobility

show ldap-servers

show log apifmgr

show log debug

show log upgrade

show log vpn-tunnel

show mgmt-user

show network-summary

show port status

show spectrum-alert

show stats

show supported-cert-formats

show tacacs-servers

show tech-support

show uncommitted-config

show upgrade info

show uplink-vlan

show valid-channels

show xml-api-server

show wifi-uplink

show aps

show backup-config

show cellular

show clock

show configuration

show country-codes

show cpu

show datapath

show memory

show network

show pppoe

show process

show running-config

show snmp-configuration

show snmp trap-queue

show subscription-aps

show summary

show uplink

show users

show version

show vpn

show 1xcert

show about

show access-rule

show access-rule-all

show airgroupservice-ids

show airgroupservice

show airgroup

show alg

show ap arm

show ap bss-table

show ap debug client-stats

show ap debug client-table

show ap debug crash-info

show ap debug dot1x-statistics

show ap debug driver-config

show ap debug mgmt-frames

show ap debug radio-stats

show ap debug radius-statistics

show ap debug shaping-table

show ap debug spanning-tree

show ap debug stm-config

show ap debug system-status

show ap mesh link

show ap mesh neighbors

show ap monitor

show arm-channels

show arm config

show arp

show attack

show cert all

show clients

show dhcpc-opts

show ids

show ids-detection config

show ids-protection config

show inbound-firewall-rules

show interface counters

show ip dhcp database

show ip igmp

show ip route

show l2tpv3 config

show l2tpv3 global

show l2tpv3 session

show l2tpv3 system

show l2tpv3 tunnel

show lacp status

show log ap-debug

show log convert

show log driver

show log kernel

show log l3-mobility

show log network

show log pppd

show log rapper

show log sapd

show log security

show log system

show log user

show log user-debug

show log wireless

show opendns

show proxy config

show radio config

show radius-servers support

show rft trans-id

show rft profile

show swarm

show syslog-level

show walled-garden

show wired-port-settings

show wired-port

show wispr config

show ip interface brief

snmp-server

subscription-ap-enable

subscription-ap

syslocation

syslog-level

syslog-server

telnet-server

terminal-access

tftp-dump-server

traceroute

upgrade-image

uplink-vlan

uplink

user

version

virtual-controller-country

virtual-controller-ip

virtual-controller-key

virtual-controller-vlan

vpn backup

vpn fast-failover

vpn gre-outside

vpn hold-time

vpn ikepsk

vpn monitor-pkt-lost-cnt

vpn monitor-pkt-send-freq

vpn preemption

vpn primary

vpn reconnect-time-on-failover

vpn reconnect-user-on-failover

wifi0-mode

wifi1-mode

wired-port-profile

wlan access-rule

wlan auth-server

wlan captive-portal

wlan external-captive-portal

wlan ldap-server

wlan ssid-profile

wlan sta-profile

wlan tacacs-server

wlan walled-garden

wlan wispr-profile

write

xml-api-server

zonename