Brocade To Cisco Reference Command Guide

Brocade Command Line Interface
___________________________________________________________
Quick Reference Guide for the Brocade Ethernet Product Portfolio
Default Terminal Settings

Baud Rate
9600
Stop Bits
1
Data Bits
8
Flow Control
None
Parity
None
Configuring Brocade Devices Using CLI

Attach to the serial interface using the straight through console cable provided and your favorite terminal
emulator configured with the above settings. You can also use Telnet, SSH and SNMP to configure the device if
an IP interface is already available.
After connecting to the serial console port or by remote IP access the following CLI prompt should appear in
the terminal emulation window:
Device>
(Start
in user EXEC mode)
Navigating the CLI

Device> ?
Device>show
Device>en<tab>
Device>enable
No password has been assigned yet.
Device# conf t
Device(config)#
Device(config)#end
Device#exit
Device><cntrl p> or <up arrow>
Device><cntrl n> or <dn arrow>
(Display command options)

(Display list of commands)
(Tab key for autofil commands)
(Enter privilege EXEC mode)
(Abreviate commands ex conf t = configure terminal)

(Now in Global CONFIG Mode)
(End privilege EXEC)
(Exit to next higher level)
(Scroll back through command history buffer)
(Scroll forward through command history buffer)
Additional CLI navigation aids are located at the end of this guide.
Device Quick Reference Guide
Page 1
CLI Prompt Modes

Device>
Device#
Device(config)#
Device(config-if-e1000-1/5)
Device(config-vif-10)
Device(config-vlan-10)
Device(config-ospf-router)
Device(config-bgp)
(User EXEC mode)

(Privelege EXEC mode)
(Global configuration mode)
(Physical interface configuration mode)
(Virtual interface configuration mode)
(VLAN configuration mode)
(OSPF Router configuration mode)
(BGP Router configuration mode)
Saving the Configuration

Device(config)#write memory
Device(config)#sh run
Device(config)#sh config
(Copy running configuration to startup configuration)

(View running configuration)
(View startup configuration)
Other Useful Commands

Device# reload
(Reset the device)
Are you sure? (y or n)
Device# erase start

Device# show log
Device# show cpu
Device# show process cpu
Device# show flash
Device# show ver
Device# show default
Device# show default values
Device# show mac
Device# show arp
Device# show ip traffic
(Delete the startup configuration file. Reload will restore

factory default settings)
(Show syslog entries)
(Show current CPU Utilization)
(Show CPU Utilization of different Processes)
(Show contents of primary and secondary memory locations)
(Show code version plus system information)
(Show default services)
(Show default values for services)
(Show MAC tables)
(Show ARP tables)
(Show IP traffic statistics to CPU IP process)
Preliminary Device Configuration

Configuring Local User Accounts and Passwords
Device(config)#enable super-user-password <pwd>
Device(config)#enable read-only-password <pwd>
Device(config)#enable telnet password <pwd>
Device(config)#username <admin> password <pwd>
(NOTE: Passwords can be up to 32 characters long.)
Page 2
Resetting the super user password

NOTE: Requires direct access to the Serial Port and a System Reset
1.
2.
3.
Power cycle the device

Within 2 seconds press lower case b
Device should resort to boot monitor mode
BOOT MONITOR> no password

BOOT MONITOR> boot system flash primary
Device> enable
No password has been assigned yet
At this point the password can be changed or deleted from the CLI Privileged configuration mode
Configuring a System Hostname

Device (config)#hostname <Device>
Device(config)#
(Prompt changes to reflect new hostname)
Configuring a Management IP Address on a switch

(Note: If a Brocade Switch is running Layer 2 code, a management IP address is defined for the whole box. If the Switch is running
Layer 3 code, management IP addresses must be configured on a management VLAN. See pages 3&4 of this guide to do this.)
Device(config)#ip address 192.168.10.100/24
(Layer-2 IP address)
Setting SNMP Parameters

Device(config)#snmp-server community <private> rw
(Sets Read/Write Comm String)
Device(config)#snmp-server community <public> ro
(Sets the Read-Only Comm String)
Device(config)#snmp-server contact <Network Support, 555-1212>
Device(config)#snmp-server location <BldgX-Closet123>
Device(config)#snmp-server host <a.b.c.d> private
Device(config)#snmp-server host <a.b.c.d> public
Configure System Time

Device# clock set <10:15:05 10-15-99>
(Local clock configuration)
(NOTE: By default, Brocade switches and routers do not change the system time for daylight savings time. To enable
daylight savings time, enter the following command)
Device(config)#clock summer-time
Device(config)#sntp server <a.b.c.d>
Page 3
Configure System Banners

Device(config)#banner exec_mode c <cr>
Enter TEXT message, End with the character c.
cYou are entering Privileged EXEC level
Be Careful when typing! c
(This sets the banner when one enters the Privileged EXEC mode)
Device(config)#banner motd c (Press Return)
Enter TEXT message, End with the character c.
Welcome to Device!! c
(This sets the Banner seen when someone telnets to the device)
Configure AAA Parameters for Login

Device(config)#aaa authentication default login radius local
(Note: System Default is 255. System max is typically 4095.)
Viewing the Module Inventory

Device (config)#show module
Module
S1: B8GMR Fiber Management Module
S2: B8GMR Fiber Management Module
S3: B24E Copper Switch Module
Status
ACTIVE
STANDBY
OK
Ports
8
8
24
Starting MAC
00e0.5202.a2d4
00e0.5202.a334
00e0.5202.a2d4
Configuring MAC Port Security

Device (config)#port security
Device (config-port-security)#enable
(Enables Port-Locking globally)
Device(config)#int e 7/11
Device(config-if-e100-7/11)#port security
Device(config-port-security-e100-7/11)#enable
(Enables Port-Locking per port)
Device(config-port-security-e100-7/11)#secure <0568.1234.ac56> (Lock a static MAC to the port)
Device(config-port-security)#no enable
(Disables Port-Locking globally)
Device(config-port-security)#show port security
Configuring a Port Based VLAN

(Note: Ports will always be referenced by their module/port number. Port 1 on module 4 is represented as 4/1.)
Device(config)#vlan 401 name <vlan_10-10-201>

Device(config-vlan-401)#untagged ethernet 3/1 to 3/8
Device(config-vlan-401)#tagged ethernet 4/1 to 4/8
(Note: There is one default VLAN, called default. The Default vlan-id is 1)
Page 4
Deleting a VLAN
Device(config)#no vlan <401>
(Note: The default VLAN cannot be deleted however it can be moved to a different VLAN ID.)
Adding a port to a VLAN

Device(config)#vlan <401>
Device(config-vlan-401)#untagged ethernet 2/8
Device(config-vlan-401)#tagged ethernet 2/1
Deleting Ports from a VLAN
Device(config-vlan-401)#no untagged ethernet 2/8
Device(config-vlan-401)#no tagged ethernet 2/1
To Display Ports in a VLAN and Check PVST Status

Device(config)# show vlan
Device(config)# show vlan <401>
Total PORT-VLAN entries: 2
legend: [S=Slot]
PORT-VLAN 401, Name vlan_10-10-201, Priority level0, Spanning tree On
Untagged Ports: (S3) 1 2 3 4 5 6 7 8
Tagged Ports: (S4) 1 2 3 4 5 6 7 8
Uplink Ports: None
Configure Layer 3 IP interfaces

You can create an IP address on a physical port (ie: Port 4/1), or on a VLAN. The VLAN IP Address is
configured on a Virtual Ethernet Interface, simply known as a ve
To Create an IP Address on a Physical Interface
Device(config)# interface ethernet 4/1
Device(config-if-e1000-4/1)# ip address <192.168.10.201/24>
To Create a Virtual Interface (VE) and Assign it an IP address
Device(config-vlan-401)#router-interface ve <401>
Device(config-vlan-401)#interface ve <401>
Device(config-vif-401)#ip address <10.10.201.254/24>
Page 5
Change the IP address of a Virtual Interface:

Device(config)# interface ve <401>
Device(config-vif-401)# no ip address <10.10.201.254/24>
Device(config-vif-401)# ip address <10.10.201.250/24>
To Remove an Interface
Device(config-vif-401)#exit
Device(config)#no interface ve <401>
(Note: To keep things simpleAssign the Virtual Ethernet Interface (ve) the same as the VLAN ID. (ie: VLAN 401 has Virtual
Interface 401 associated with it.) This makes it much easier to associate these things together when looking at them as a whole.)
Change the Maximun VE Interfaces Supported

Device(config)#system-max virtual-interfaces 1024
(Note: System Default is 255. System max with a Management Module-4 card and 256 MB memory is 4095.)
To Show the Status of an Interface

Device(config)#show ip interface
Device(config)#show interface [brief]
Rapid Spanning Tree Protocol (802.1W)

Enable Rapid Spanning Tree Globally
Device(config)#spanning-tree 802-1w
Device(config)#no spanning-tree 802-1w
(disables Spanning Tree)
Enable Rapid Spanning Tree per VLAN

Device(config-vlan-401)#spanning-tree 802-1w
Device(config-vlan-401)#no spanning-tree 802-1w
(disables Spanning Tree)
Enable Rapid Spanning Tree per Port

Device(config-if-1/1)# spanning-tree 802-1w
Changing Priority of RSTP per VLAN or per Port
Device(config-vlan-401)#spanning-tree 802-1w priority 10
(default priority is 32768)
Device(config-vlan-401)#spanning-tree 802-1w ethernet 1/5 path-cost 15 priority 64
Page 6
Show Rapid Spanning Tree Details

Device(config)#show 802-1w
Device(config)#show 802-1w detail
Configure Routing
Configuring a Static Route
Device(config)# ip route <10.10.202.0> <255.255.255.0>< 20.20.201.10> 1
View the Route Table
Device(config)# show ip route
Configuring a Static ARP entry
Device(config)# arp 1 < 10.10.201.5> <00:30:6d:15:ec:01> ethernet <4/1>
View the ARP Table
Device(config)# show arp
(Note: you can view the entire ARP table, or selective entries)
Clearing the ARP Cache

Device(config)# clear arp
Device(config)# clear arp ethernet 4/1
RIP Configuration
Enable RIP Routing Globally
Device(config)#router rip
Device(config-rip-router)#
Put RIP on Network Interfaces
Device(config-rip-router)#interface ve 1
Device(config-vif-1)#ip rip v1-compatible-v2
(Enables both RIPv1 and v2 to be used)
Show IP RIP Statistics

Device#show ip rip
OSPF Configuration
Enable OSPF Routing Globally
Device(config)#router ospf
Device(config-ospf-router)#
Page 7
Assign OSPF Areas

Device(config-ospf-router)#area <0.0.0.0>
Device(config-ospf-router)#area <0>
(This would be a Core Router)
Put OSPF on Network Interfaces

Device(config-ospf-router)#interface ve <1>
Device(config-vif-1)#ip ospf area 0.0.0.0
Modify OSPF Path Costs
Device(config)#interface e <4/1>
Device(config-if-e1000-4/1)#ip ospf cost <10>
Show OSPF Statistics
Device(config)# show ip ospf
Device(config)# show ip ospf config
Device(config)# show ip ospf area
Device(config)# show ip ospf database
Device(config)# show ip ospf interface
Device(config)# show ip ospf neighbor
Device(config)# show ip ospf route
(shows general OSPF configuration details)

(shows Router-id & general OSPF configuration details)
(shows OSPF area details)
(shows link-state database)
(shows which interfaces are configured for OSPF)
(shows neighbor OSPF status)
(shows routes learned via OSPF)
Virtual Router Redundancy Protocol (VRRP)

Brocade Networks provides a proprietary VRRP implementation called VRRP-E(xtended). Brocade supports VRRP, but VRRP-E is
more flexible than VRRP as defined by RFC2338. VRRP-E is virtually the same as VRRP, except in the following ways:
There is no Owner router. You do not need to use an IP address configured on one of the Layer 3 Switches
as the virtual router IP Address. The Virtual Routers IP Address is independent of the IP interfaces on the Layer 3 Switches.
There is no restriction on which router can be the master router. In VRRP, the Owner (the Layer 3 Switch on which the IP
interface that is used for the Virtual Routers IP Address is configured) must be the default Master.
Enable VRRP-Extended Globally

Device(config)#router vrrp-extended
DeviceB(config)#router vrrp-extended
Page 8
Configuring the Master and Backup VRRP-E IP Address

Assume that Interface ve1 on RouterA already exists and has a configured IP address of 10.10.201.251
Assume that Interface ve1 on RouterB already exists and has a configured IP address of 10.10.201.252
Configuring the Master

Device(config)#inter ve <1>
Device(config-vif-1)#ip vrrp-extended vrid <1>
Device(config-vif-1-vrid-1)#backup priority <110>
Device(config-vif-1-vrid-1)#ip-address <10.10.201.254>
Device(config-vif-1-vrid-1)#advertise backup
Device(config-vif-1-vrid-1)#activate
Configuring the Backup
DeviceB(config)#inter ve <1>
DeviceB(config-vif-1)#ip vrrp-extended vrid <1>
DeviceB(config-vif-1-vrid-1)#backup priority <100>
DeviceB(config-vif-1-vrid-1)#ip-address <10.10.201.254>
DeviceB(config-vif-1-vrid-1)#advertise backup
DeviceB(config-vif-1-vrid-1)#activate
(Note: The default priority of all backup Virtual Routers is 100. Master Router status can be attained by manually making one
priority higher than the other.)
Displaying VRRP-E Configuration

Device(config)# show ip vrrp-e
Device(config)# show ip vrrp-e brief
Device(config)# show ip vrrp-e status
Device(config)# show ip vrrp-e ve 1
Standards Based VRRP Configuration
Brocade Networks also supports standardized VRRP implementations. Configuration of VRRP is almost identical to VRRP-E
except for one step. One of the Routers in a VRRP configuration must be identified as Owner, instead of both Routers being
identified as Backups for VRRP-E. Since one Router is the Owner, the IP Address used for the Virtual Router must be the
same as the physical address on that router. Its not as flexible as VRRP-E, but it meets all standards definitions.
Network Timing Configuration

Enable Network Timing
Device(config)# sntp server 100.100.100.73 <version>
Device(config)# sntp server 100.100.100.73 <version>
(version can be 1 to 4Default is 1)

(up to 3 SNTP servers can be defined)
View Network Timing Statistics

Device(config)# show sntp associations
(shows clock source information)
Page 9
Device(config)# show sntp status
(shows more NTP information)
Access Control List (ACL) Configuration

Configuring ACLs
Syntax: access-list <num> permit|deny <ip-protocol> <source-ip>|<hostname> <wildcard>
[<operator><source-tcp/udp-port>] <destination-ip>|<hostname> <wildcard>
[<operator><destination-tcp/udp-port>] [log]
Standard Access List Number Range: 1-99
Extended Access List Number Range: 100-199
Device(config)# access-list 100 permit icmp 209.157.22.0/24 209.157.21.0/24
Device(config)# access-list 100 deny tcp host rkwong 209.157.21.0/24 eq telnet log
Device(config)# access-list 100 deny udp 209.157.21.0/24 host rkwong eq tftp log
Device(config)# access-list 100 deny ip host 209.157.21.100 host 209.157.22.1
Device(config)# access-list 100 deny ospf any any
Device(config)# access-list 100 permit ip any any
Deleting ACLs
Device(config)# no access-list 100 permit icmp 209.157.22.0/24 209.157.21.0/24
Device(config)# no access-list 100
(deletes the entire list)
Enabling an ACL on an Interface
Device(config)# int eth 3/8
Device(config-if-1/2)# ip access-group 100 in
Device(config-if-1/2)# int eth 4/3
Device(config-if-4/3)# ip access-group 100 out
Device(config-if-4/3)# write memory
Disabling an ACL on an Interface
Device(config)# int eth 3/8
Device(config-if-1/2)# no ip access-group 100 in
(Note: If one has a long Access List, and needs to insert a new entry into that list, use the following steps to accomplish this:)
1.
2.
3.
4.
5.
6.
7.
8.
Execute a show running-config on the device

Cut and paste the Access List entries into a Notepad or text file of some kind
Add or delete new entries into the Access List
Back on the router, disable the Access Group on the interface(s) it is applied (See above)
Disable the Access list (See above)
Cut the Access List from the Notepad and Paste right into the Command Line Interface
a. The Access List entries will execute automatically
Re-enable the Access Group to the Interface(s) where it was applied previously
done
Page 10
Link Aggregation Configuration

Manually Configuring Link Aggregation
Device(config)# trunk switch ethernet 1/1 to 1/2
Device(config)# trunk switch ethernet 2/1 to 2/4 ethernet 4/5 to 4/8
Device(config)# trunk switch ethernet 3/1 to 3/1 ether 4/1 to 4/1 (Trunks 10G cards together)
Device(config)# trunk deploy
Note: Trunk Definition Rules (Some rules may vary depending on device type, please refer to the specific device manual for
additional information)
You can configure up to 64 trunk groups on a Chassis device.
You can configure up to 8 ports in a trunk group on a Chassis device.
Each trunk group must start with a primary port. Primary ports are always odd-numbered ports:
Chassis devices: 1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, 23
For 10G cards, trunk group must start on an odd-numbered card-slot (ie: 1, 3, 5, 7, etc)
Trunk members must have the same characteristics (ie. Speed, tagging, etc)
All the ports must be connected to the same device at the other end.
Display Trunk Configurations

Device(config)# show trunk
Dynamic (802.3ad) Trunk Configuration Edge Devices
(NOTE: For NetIron products please read the configuration manual for LAG commands)

Device(config-if-e1000-2/1)# link-aggregate active
Device(config-if-e1000-2/2)# link-aggregate active
Display Dynamic Link Aggregation Configurations
Device(config)# show link-aggregation
Link Aggregation to Servers
Device(config)# trunk server ethernet 4/7 to 4/8
(This creates a 2 Gig connection to a Server)
To Disable a Trunk Group
(enter the Trunks primary interface, then disable that port. The entire trunk gets disabled this way.)
Device(config)# interface eth 1/1

Device(config)# disable
To Delete a Trunk Group
Device(config)# no trunk ethernet 1/1 to 1/2
Device(config)# no trunk ethernet 2/1 to 2/4 ethernet 4/5 to 4/8
Configure Interface Speed and Duplex

Page 11
Device(config)# interface ethernet 3/1 to 3/24

Device(config-mif-3/1-3/24)# speed-duplex ?
(Sets Duplex mode for Interfaces)

(Options: 10-full/10-half/100-full/100-half/auto)
TFTPing Files To/From the Device

Device# copy tftp flash 192.168.10.249 Device-code-v7.5.04 primary
Device# copy startup-config tftp 192.168.10.249 RouterA_Backup_Config
Upgrading software on Edge devices

(Note: It is recommended that a Device be upgraded in the following manner: For NetIron and BigIron devices please see the
appropriate release notes for detailed upgrade instructions)
1. Download new version of code to the Secondary flash area of the Device
Device# copy tftp flash 192.168.10.249 Device-code-v7.5.04 secondary
2. Set the Device to boot from secondary flash upon next reload
Device(config)# boot system flash secondary
Device(config)# wr mem
3. Then reload the device and run on secondary flash for a week or so
Device# reload
4. Once the new code is proven to be working fine, copy the secondary flash into primary
Device# copy flash flash primary
5. remove the command for the box to boot up using the secondary flash code.
Device(config)# no boot system flash secondary
Device(config)# wr mem
Page 12
Appendix A - CLI Line Editing Commands

Ctrl-Key Combination Description
Ctrl-A
Move to the first character on the command line.
Ctrl-B
Move the cursor back one character.
Ctrl-C
Escape and terminate command prompts and ongoing tasks (such as lengthy displays), and
displays a fresh command prompt.
Ctrl-D
Delete the character at the cursor.
Ctrl-E
Move to the end of the current command line.
Ctrl-F
Move the cursor forward one character.
Ctrl-K
Delete all characters from the cursor to the end of the command line.
Ctrl-R/L
Repeat the current command line on a new line.
Ctrl-N
Enter the next command line in the history buffer.
Ctrl-P
Enter the previous command line in the history buffer.
Ctrl-X/U
Delete all characters from the cursor to the beginning of the command line.
Ctrl-W
Delete the last word you typed.
Ctrl-Z
Move from any CONFIG level of the CLI to the Privileged EXEC level;
at the Privileged EXEC level, moves to the User EXEC level.
Page 13
Special Characters for Regular Expressions Character Operation

. The period matches on any single character, including a blank space.
For example, the following regular expression matches aaz, abz, acz, and so on, but not just az: a.z
* The asterisk matches on zero or more sequential instances of a pattern.
For example, the following regular expression matches output that contains the string abc, followed by zero or more Xs: abcX*
+ The plus sign matches on one or more sequential instances of a pattern.
For example, the following regular expression matches output that contains "de", followed by a sequence of gs, such as deg,
degg, deggg, and so on: deg+
? The question mark matches on zero occurrences or one occurrence of a pattern.
For example, the following regular expression matches output that contains "dg" or "deg": de?g
Note: Normally when you type a question mark, the CLI lists the commands or options at that CLI level that begin with the character
or string you entered. However, if you enter Ctrl-V and then type a question mark, the question mark is inserted into the command
line, allowing you to use it as part of a regular expression.
^ A caret (when not used within brackets) matches on the beginning of an input string.
For example, the following regular expression matches output that begins with deg: ^deg
$ A dollar sign matches on the end of an input string.
For example, the following regular expression matches output that ends with deg: deg$
_ An underscore matches on one or more of the following:
, (comma)
{ (left curly brace)
} (right curly brace)
( (left parenthesis)
) (right parenthesis)
The beginning of the input string
The end of the input string
A blank space
For example, the following regular expression matches on 100 but not on 1002, 2100,and so on. _100_
[ ] Square brackets enclose a range of single-character patterns.
For example, the following regular expression matches output that contains 1, 2, 3, 4, or 5: [1-5]
You can use the following expression symbols within the brackets. These symbols are allowed only inside the brackets.
^ The caret matches on any characters except the ones in the brackets. For example, the following regular expression matches
output that does not contain 1, 2, 3, 4, or 5:[^1-5]
- The hyphen separates the beginning and ending of a range of characters. A match occurs if any of the characters within the range
is present. See the example above.
Character Operation
| A vertical bar separates two alternative values or sets of values. The output can match one
or the other value. For example, the following regular expression matches output that contains either abc or defg: abc|defg
( ) Parentheses allow you to create complex expressions.
For example, the following complex expression matches on abc, abcabc, or defg, but not on abcdefgdefg: ((abc)+)|((defg)?)
Page 14
APPENDIX B - Basic Hardening of a Brocade Device

o Turn off undesired services
o disable telnet
config)#no telnet server
(DONOT ATTEMPT IF YOU ARE USING TELNET TO CONFIGURE DEVICE)
o disable snmp
config)#no snmp-server
o disable web management
config)#no web-management enable
o enable route-only
int-3/1)#route-only
o disable source routing
config)#no ip source-route
o remove ICMP issues
config)#no ip directed-broadcast
o disable proxy arp
config)#no ip proxy-arp
o Configure warning banners
o MOTD
o Login
o EXEC
o Configure access methods
o enable password
o usernames
o AAA
o Radius
o SSH
config)#banner motd c THIS IS MY MESSAGE c

config)#banner incoming c THIS IS MY MESSAGE c
config)#banner exec c THIS IS MY MESSAGE c
config)#enable super-user-password my_password
config)#username my_username password my_password
config)#aaa authentication login default local enable
config)#crypto key generate
o Configure time
#clock set hh:mm:ss mm-dd-yy
o Configure logging
config)#logging host a.b.c.d
o Configure port security
int-3/1)# port security

port-sec-3/1)#enable
o Configure ACLs
o management access
o management traffic control
config)#access-list 1 permit host my_management_host

config)#snmp-server community private rw 1
Page 15
APPENDIX C Cisco Command Cross Reference

CISCO SYNTAX
ROUTER CLI
Router> enable
BROCADE SYNTAX
COMMENTS
Router> enable
Router# conf t
Router# conf t
Router# show
Router(conf)# show
Enter privileged exec

mode
Global configuration
level
Show command from
any level of the CLI
Router# clock set hh:mm:ss

Router# exit
Router# disable
Router# sh ver
Router# sh flash
Router# sh users
Router# copy run start
Router# clock set hh:mm:ss

Router# exit
Router# end
Router# sh ver
Router# sh flash
Router# sh who
Router(config)# write mem
Router# erase start

Router# sh start
Router(config)# hostname
Router(config)# enable secret
pass test
Router(config)# sh interface
Router(config)# sh ip interface
brief
Router(config)# int e0
Router(config-int)#
Router(config-int)# description
link to router
Router(config-int)# ip address
10.1.2.3 255.255.255.0
Router(config-int)# no shut
Router# erase start

Router# sh config
Router(config)# hostname
Router(config)# enable pass test
Router(config)# cdp run
Router(config)# fdp run

Router(config)# cdp run
Router(config)# sh fdp neighbor
Router# reload
Router# sh cdp neighbor

Router# reload
Exit privileged mode
Save configuration from

any level of CLI
Set hostname
Brocade passwords
encrypted by default
Router(config)# sh interface
Router(config)# sh ip interface
Router(config)# int e1
Router(config-int-e1)#
Router(config-int-e1)# port-name
link to router
Router(config-int-e1)# ip address
10.1.2.3/24
Router(config-int-e1)# enable
Brocade supports both

classful and CIDR mask
Brocade supports both

FDP and CDP
Page 16
Sample Edge Device Configuration

CISCO SYNTAX
BROCADE SYNTAX
NOTES
Conf t
Hostname <___-swg-___-xxx>
end
Conf t
Hostname <___-swg-___-xxx>
end
Configure hostname
Conf t
Interface vlan <sss>
Ip address <150.sss.30.___><
255.255.240.0>
Conf t
---Ip address <150.sss.30.___><
255.255.240.0>
Ip address <150.sss.30.___/20>
end
end
Conf t
Interface range GigabitEthernet
<d/0/1-ccc>
Switchport access vlan <sss>
Switchport mode access
Spanning-tree portfast
Spanning-tree bpduguard enable
Conf t
----
No cdp enable
No shutdown
end
Vlan <sss>
Untag eth 1 to <ccc-1>
---- (enabled by default)
Int eth 1 to <ccc-1><cr>stp-bpduguard<cr>
---- (disabled by default)
---- (interfaces enabled by default)
end
Conf t
Interface GigabitEthernet <d/0/ccc>
Conf t
----
shutdown
Switchport trunk encapsulation dot1q
Switchport mode trunk
Switchport trunk allow vlan <sss>
No shutdown
end
Vlan <sss>
Tag eth <ccc>
---------end
Conf t
Ip default-gateway <150.sss.30.250>
end
Conf t
Ip default-gateway <150.sss.30.250>
end
Conf t
Banner login L
*****enter banner here****
L
end
Conf t
Banner login L
*****enter banner here****
L
end
Conf t
Snmp-server community
<asciistring> ro
<asciistring> rw
<asciistring> rw
Snmp-server enable traps
Snmp-server host <ipaddr> traps
<string>
Conf t
Snmp-server community <asciistring> ro
Configure mgmt ip address
Configure all interfaces

Add vlan to interfaces
Configure access mode
Configure proprietary stp
Configure bpduguard
Disable cdp
Configure high order port as

uplink
Enable IEEE 802.1q
configure tagging mode
Configure allowed vlan
Snmp-server community <asciistring> rw

Snmp-server community <asciistring> rw
Snmp-server host <ipaddr> <string>
Page 17
Snmp-server host <ipaddr> envmon

Logging <ipaddr>
end
(all traps sent to one or multiple hosts)

Logging <ipaddr>
end
Conf t
Ip domain-name <xxx.hqs.gov>
Crypto key generate rsa 2048
end
Conf t
Ip dns domain-name <xxx.hqs.gov>
Crypto key generate (DSA with default
1024)
end
Conf t
Enable secret <enable>
Conf t
Enable super-user-password <enable>
Service password-encryption
Line console 0
Password <enable>
login
Exec-timeout 5 0
Line vty 0 4
Password <enable>
login
Exec-timeout 5 0
Transport input telnet ssh
Line vty 5 15
Password <enable>
login
Exec-timeout 5 0
Transport input telnet ssh
end

---------Console timeout 5
---Enable telnet password <enable>
Enable telnet authentication
telnet timeout 5
Ip ssh timeout 120
---------------end
Conf t
Ntp server <150.sss.30.250> prefer
Clock timezone GMT 0
Service timestamps debug datetime
msec
Service timestamps log database
msec
Logging buffered 4096 informational
Logging console informational
No ip domain-lookup
No ip http server
No snmp-server system-shutdown
Privilege exec level 3 erase
Ip classless
Errdisable recovery cause psecureviolation
Errdisable recovery interval 30
end
Sntp server <150.sss.30.250>

Clock timezone gmt+0
------Logging buffered 100 informational
Logging console
---No web-management http
---Privilege exec level 4 erase
---- (default configuration)
Errdisable recovery cause all
Errdisable recovery interval 30
end
Conf t
Username <fielduser> privilege 3
<password>
end
Conf t
Username <fielduser> privilege 4
<password>
end
Conf t
Tacacs-server host <ipaddr>
Tacacs-server key <asciikey>
Conf t
Tacacs-server key <asciikey>
Configure encrypted secret

pwd
Turn on pwd encryption
Enter line configuration mode
Set console pwd to enable
User must login to console
Console timeout value
Page 18
Ip tacacs source-interface loopback1

End
Ip tacacs source-interface loopback1

end
Conf t
Aaa new-model
Aaa authentication login default
group tacacs+ local
Aaa authorization console
Aaa authorization exec default group
tacacs+ local
Aaa authorization commands 1
default group tacacs+ local
Aaa authorization config-commands
end
Conf t
---Aaa authentication login default tacacs+
local
Enable aaa console
Aaa authorization exec default tacacs+
none
Aaa authorization commands 0 default
tacacs+ none
----
Conf t
Aaa accounting exec default startstop group tacacs+
Aaa accounting commands 1 default
start-stop group tacacs+
Aaa accounting connection default
end
This configures authorization

for all cmnds including cfg >
------end
Conf t
Aaa accounting exec default start-stop
tacacs+
Aaa accounting commands 0 default startstop tacacs+
Aaa accounting system default start-stop
tacacs+
----
This configures accounting for

all cmnds >
(not supported)
end
END CONFIGURATION
Additional Notes:
A Cisco trunk port is equivalent to a Brocade tagged port.
A Cisco access port is equivalent to a Brocade untagged port.
A Cisco channel is equivalent to a Brocade trunk/LAG
Cisco defines VLAN membership under each interface.
Brocade defines VLAN membership globally.
Page 19
Cisco Brocade Code Fragment Comparison

VLAN Configuration
Spanning Tree Configuration (RX-MLX)
Page 20
Spanning Tree Configuration (SX-FESX)
Link Aggregation Configuration (IEEE 802.3ad) (RX-MLX)
Page 21
Link Aggregation Configuration (IEEE 802.3ad) (SX-FESX)
OSPF
Page 22
OSPF v3
BGP v4
Page 23
BGP v6
Page 24
This document briefly describes a connection between a Cisco IOS based LAN switch and a Brocade LAN
Switch with either single link or in a second example with a trunk (link aggregation).
Lab setup:
Both switches are embedded in an RSTP environment with a per VLAN Spanning Tree configuration.
Cisco is using a different BPDU Mac address in their so called PVST+ implementation of RSTP but Brocade
can autodetect this on interconnection links and interoperate without any problems.
Make shure the Cisco switch runs an RSTP capable IOS version !
Due to the fact that Cisco is more standard compliant to IEEE 802.1q we need to convert the Brocade config
to make the default VLAN 1 being send over tagged links untagged by default as Cisco does.
This can be achieved in setting the default VLAN to a different number on the Brocade site and create a new
VLAN 1. Finally dual-mode is activated on the connecting link to make the interconnection work.
The configuration for both sides looks like this:
Brocade configuration: (Root Switch)

global-stp
!
vlan 1 name Management by port
tagged ethe 49 to 50
router-interface ve 1
spanning-tree 802-1w
spanning-tree 802-1w priority 128
!
vlan 10 name Testnet by port
vlan 77 name Servernet by port

untagged ethe 1
!
vlan 3999 name DEFAULT-VLAN by port
!
Page 25
default-vlan-id 3999
fdp run (optional)
cdp run (optional)
clock summer-time
clock timezone gmt GMT+01
no vlan-dynamic-discovery
!
interface ethernet 49
port-name Backup Link -> Cat 2960
spanning-tree 802-1w admin-pt2pt-mac
no fdp enable
dual-mode 1
!
port-name LWL Link -> Cat 2950
no fdp enable
dual-mode 1
!
interface ve 1
ip address 172.30.1.1 255.255.255.0
!
interface ve 77
ip address 192.168.1.77 255.255.255.0
!
end
Cisco Config:
version 12.2
service timestamps log datetime localtime
!
hostname Cat2960
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
interface GigabitEthernet0/1
description Link -> Brocade Switch
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/2
description Link -> Cisco Catalyst 2950
!
interface Vlan1
ip address 172.30.1.254 255.255.255.0
no ip route-cache
Page 26
!
end
Recommendation is to switch off al proprietary protocols on the interconnection links.
- Cisco: On ports to Brocade "switchport nonegotiate" (Cisco DTP etc. disable !) - Brocade: Global "no vlandynamic-discovery"
Link Aggregation:
Lab setup:
Brocade configuration: (Root Switch, Dynamic Version)

global-stp
!
vlan 1 name Management by port
tagged ethe 16 ethe 49 to 50
!
vlan 10 name Testnet by port
!
vlan 77 name Servernet by port
untagged ethe 1
!
vlan 3999 name DEFAULT-VLAN by port
!
default-vlan-id 3999
fdp run (optional)
cdp run (optional)
clock summer-time
clock timezone gmt GMT+01
no vlan-dynamic-discovery
Page 27
port-name Red Link -> Cat 2950
dual-mode 1
!
port-name LWL LAG Trunk -> Cat 2960
link-aggregate configure key 10100
link-aggregate active
dual-mode 1
!
port-name LWL LAG Trunk -> Cat 2960
link-aggregate configure key 10100
link-aggregate active
dual-mode 1
!
interface ve 1
ip address 172.30.1.1 255.255.255.0
!
interface ve 77
ip address 192.168.7.77 255.255.255.0
!
end
Cisco configuration: (Dynamic Version)

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel1
switchport nonegotiate
!
interface FastEthernet0/24
description Backup Link -> Cat 2950
interface GigabitEthernet0/1 description LAG Trunk -> Brocade
switchport mode trunk switchport nonegotiate channel-group 1 mode active
Page 28
!
interface GigabitEthernet0/2 description LAG Trunk -> Brocade
switchport mode trunk switchport nonegotiate channel-group 1 mode active
!
interface Vlan1
ip address 172.30.1.254 255.255.255.0
no ip route-cache
!
end
Additional show outputs Brocade:

#sh link-agg
System ID: 00e0.8051.fe00
Long timeout: 90, default: 90
Short timeout: 3, default: 3
Port [Sys P] [Port P] [ Key ] [Act][Tio][Agg][Syn][Col][Dis][Def][Exp][Ope]
49
1
1 481 Yes L Agg Syn Col Dis No No Ope
50
1
1 481 Yes L Agg Syn Col Dis No No Ope
#sh trunk
Max number of server trunks: 25; available: 25
Number of hash buckets per server trunk: 256
Configured number of hash buckets per server trunk: 256
Configured trunks:
Trunk ID: 25
Type: Switch ( 8023ad Trunk )
Ports_Configured: 2
Primary Port Monitored: Jointly
Ports 49
50
Port Names none none Port_Status enable enable Monitor off off
Mirror Port N/A N/A
Monitor Dir N/A N/A
Operational trunks:
Trunk ID: 25
Type: Switch ( 8023ad Trunk )
Duplex: Full
Speed: 1G
Tag: Yes
Priority: level0
Active Ports: 2
Page 29
Additional show outputs Cisco:
Cat2960#sh int port-channel 1 ether

Port-channel1 (Primary aggregator)
Age of the Port-channel = 0d:00h:08m:04s Logical slot/port = 2/1 Number of ports = 2
HotStandBy port = null
Port state
= Port-channel Ag-Inuse
Protocol
= LACP
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC stateNo of bits
--- + --- + --- + ------------ + ------0 00 Gi0/1 Active
0
0 00 Gi0/2 Active
0
Time since last port bundled: 0d:00h:07m:29s Gi0/2
Time since last port Un-bundled: 0d:00h:07m:35s Gi0/1
Cat2960#sh span
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 128
Address 00e0.8051.fe0f
Cost
3
Port
56 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0017.5a99.fa00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface
Fa0/2
Fa0/24
Po1
Role Sts Cost Prio.Nbr Type

Desg FWD 100
128.2 Shr
Desg FWD 19
128.24 P2p
Root FWD 3
128.56 P2p
Port 56 (Port-channel1) of VLAN0001 is root forwarding

Port path cost 3, Port priority 128, Port Identifier 128.56. Designated root has priority 128, address
00e0.8051.fe0f
Designated bridge has priority 128, address 00e0.8051.fe0f Designated port id is 128.49, designated path
cost 0 Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 2
Link type is point-to-point by default
BPDU: sent 17, received 93
Page 30
REMARKS:
It is not possible to negotiate the LACP group key from Brocade to Cisco!
The key on the Brocade configuration site is just ignored and replaced by a default key if the Cisco site is in
LACP passive mode and link negotiation is set to on.
You cannot define LAG key groups on the Brocade site in mixed environments. Different groups must be
selected via the port-channel group and the corresponding interface number on the Cisco site.
Page 31

Brocade To Cisco Reference Command Guide

Uploaded by

Copyright:

Available Formats

Brocade To Cisco Reference Command Guide

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Brocade To Cisco Reference Command Guide

Uploaded by

Copyright:

Available Formats

How do you navigate through the CLI?

How do you navigate through the CLI?

What are the different CLI prompt modes?

What are the different CLI prompt modes?

Brocade Command Line Interface

Default Terminal Settings

Configuring Brocade Devices Using CLI

in user EXEC mode)

Navigating the CLI

(Display command options)

(Abreviate commands ex conf t = configure terminal)

Device Quick Reference Guide

CLI Prompt Modes

(User EXEC mode)

Saving the Configuration

(Copy running configuration to startup configuration)

Other Useful Commands

(Reset the device)

Are you sure? (y or n)

Device# erase start

(Delete the startup configuration file. Reload will restore

Preliminary Device Configuration

Device Quick Reference Guide

Resetting the super user password

Power cycle the device

BOOT MONITOR> no password

Configuring a System Hostname

(Prompt changes to reflect new hostname)

Configuring a Management IP Address on a switch

Device(config)#ip address 192.168.10.100/24

Setting SNMP Parameters

Configure System Time

(Local clock configuration)

Device Quick Reference Guide

Configure System Banners

Configure AAA Parameters for Login

Viewing the Module Inventory

Configuring MAC Port Security

Configuring a Port Based VLAN

Device(config)#vlan 401 name <vlan_10-10-201>

Device Quick Reference Guide

Adding a port to a VLAN

To Display Ports in a VLAN and Check PVST Status

Configure Layer 3 IP interfaces

Device Quick Reference Guide

Change the IP address of a Virtual Interface:

Change the Maximun VE Interfaces Supported

To Show the Status of an Interface

Rapid Spanning Tree Protocol (802.1W)

(disables Spanning Tree)

Enable Rapid Spanning Tree per VLAN

(disables Spanning Tree)

Enable Rapid Spanning Tree per Port

Device Quick Reference Guide

Show Rapid Spanning Tree Details

Clearing the ARP Cache

(Enables both RIPv1 and v2 to be used)

Show IP RIP Statistics