Brocade To Cisco Reference PDF

Brocade Command Line Interface
___________________________________________________________
Quick Reference Guide for the Brocade Ethernet Product Portfolio
Default Terminal Settings
Baud Rate Stop Bits Data Bits Flow Control Parity

9600 1 8 None None
Configuring Brocade Devices Using CLI

Attach to the serial interface using the straight through console cable provided and your favorite terminal
emulator configured with the above settings. You can also use Telnet, SSH and SNMP to configure the device if
an IP interface is already available.
After connecting to the serial console port or by remote IP access the following CLI prompt should appear in
the terminal emulation window:
Device> (Start in user EXEC mode)
Navigating the CLI

Device> ? (Display command options)
Device>show (Display list of commands)
Device>en<tab> (Tab key for autofil commands)
Device>enable (Enter privilege EXEC mode)
No password has been assigned yet.
Device# conf t (Abreviate commands ex conf t = configure terminal)
Device(config)# (Now in Global CONFIG Mode)
Device(config)#end (End privilege EXEC)
Device#exit (Exit to next higher level)
Device><cntrl p> or <up arrow> (Scroll back through command history buffer)
Device><cntrl n> or <dn arrow> (Scroll forward through command history buffer)
Additional CLI navigation aids are located at the end of this guide.
Device Quick Reference Guide Page 1

CLI Prompt Modes
Device> (User EXEC mode)
Device# (Privelege EXEC mode)
Device(config)# (Global configuration mode)
Device(config-if-e1000-1/5) (Physical interface configuration mode)
Device(config-vif-10) (Virtual interface configuration mode)
Device(config-vlan-10) (VLAN configuration mode)
Device(config-ospf-router) (OSPF Router configuration mode)
Device(config-bgp) (BGP Router configuration mode)
Saving the Configuration

Device(config)#write memory (Copy running configuration to startup configuration)
Device(config)#sh run (View running configuration)
Device(config)#sh config (View startup configuration)
Other Useful Commands

Device# reload (Reset the device)
Are you sure? (y or n)
Device# erase start (Delete the startup configuration file. Reload will restore
factory default settings)
Device# show log (Show syslog entries)
Device# show cpu (Show current CPU Utilization)
Device# show process cpu (Show CPU Utilization of different Processes)
Device# show flash (Show contents of primary and secondary memory locations)
Device# show ver (Show code version plus system information)
Device# show default (Show default services)
Device# show default values (Show default values for services)
Device# show mac (Show MAC tables)
Device# show arp (Show ARP tables)
Device# show ip traffic (Show IP traffic statistics to CPU IP process)
Preliminary Device Configuration

Configuring Local User Accounts and Passwords
Device(config)#enable super-user-password <pwd>
Device(config)#enable read-only-password <pwd>
Device(config)#enable telnet password <pwd>
Device(config)#username <admin> password <pwd>
(NOTE: Passwords can be up to 32 characters long.)

Resetting the super user password
NOTE: Requires direct access to the Serial Port and a System Reset
1. Power cycle the device

2. Within 2 seconds press lower case b
3. Device should resort to boot monitor mode
BOOT MONITOR> no password

BOOT MONITOR> boot system flash primary
Device> enable
No password has been assigned yet
At this point the password can be changed or deleted from the CLI Privileged configuration mode
Configuring a System Hostname

Device (config)#hostname <Device>
Device(config)# (Prompt changes to reflect new hostname)
Configuring a Management IP Address on a switch

(Note: If a Brocade Switch is running Layer 2 code, a management IP address is defined for the whole box. If the Switch is running
Layer 3 code, management IP addresses must be configured on a management VLAN. See pages 3&4 of this guide to do this.)
Device(config)#ip address 192.168.10.100/24 (Layer-2 IP address)
Setting SNMP Parameters

Device(config)#snmp-server community <private> rw (Sets Read/Write Comm String)
Device(config)#snmp-server community <public> ro (Sets the Read-Only Comm String)
Device(config)#snmp-server contact <Network Support, 555-1212>
Device(config)#snmp-server location <BldgX-Closet123>
Device(config)#snmp-server host <a.b.c.d> private
Device(config)#snmp-server host <a.b.c.d> public
Configure System Time

Device# clock set <10:15:05 10-15-99> (Local clock configuration)
(NOTE: By default, Brocade switches and routers do not change the system time for daylight savings time. To enable
daylight savings time, enter the following command)
Device(config)#clock summer-time
Device(config)#sntp server <a.b.c.d>

Configure System Banners
Device(config)#banner exec_mode c <cr>
Enter TEXT message, End with the character c.
cYou are entering Privileged EXEC level
Be Careful when typing! c (This sets the banner when one enters the Privileged EXEC mode)
Device(config)#banner motd c (Press Return)

Enter TEXT message, End with the character c.
Welcome to Device!! c (This sets the Banner seen when someone telnets to the device)
Configure AAA Parameters for Login
Device(config)#aaa authentication default login radius local

(Note: System Default is 255. System max is typically 4095.)
Viewing the Module Inventory

Device (config)#show module
Module Status Ports Starting MAC

S1: B8GMR Fiber Management Module ACTIVE 8 00e0.5202.a2d4
S2: B8GMR Fiber Management Module STANDBY 8 00e0.5202.a334
S3: B24E Copper Switch Module OK 24 00e0.5202.a2d4
Configuring MAC Port Security

Device (config)#port security
Device (config-port-security)#enable (Enables Port-Locking globally)
Device(config)#int e 7/11
Device(config-if-e100-7/11)#port security
Device(config-port-security-e100-7/11)#enable (Enables Port-Locking per port)
Device(config-port-security-e100-7/11)#secure <0568.1234.ac56> (Lock a static MAC to the port)
Device(config-port-security)#no enable (Disables Port-Locking globally)
Device(config-port-security)#show port security
Configuring a Port Based VLAN

(Note: Ports will always be referenced by their module/port number. Port 1 on module 4 is represented as 4/1.)
Device(config)#vlan 401 name <vlan_10-10-201>

Device(config-vlan-401)#untagged ethernet 3/1 to 3/8
Device(config-vlan-401)#tagged ethernet 4/1 to 4/8
(Note: There is one default VLAN, called default. The Default vlan-id is 1)

Deleting a VLAN
Device(config)#no vlan <401>
(Note: The default VLAN cannot be deleted however it can be moved to a different VLAN ID.)
Adding a port to a VLAN

Device(config)#vlan <401>
Device(config-vlan-401)#untagged ethernet 2/8
Device(config-vlan-401)#tagged ethernet 2/1
Deleting Ports from a VLAN

Device(config-vlan-401)#no untagged ethernet 2/8
Device(config-vlan-401)#no tagged ethernet 2/1
To Display Ports in a VLAN and Check PVST Status

Device(config)# show vlan
Device(config)# show vlan <401>
Total PORT-VLAN entries: 2
legend: [S=Slot]
PORT-VLAN 401, Name vlan_10-10-201, Priority level0, Spanning tree On

Untagged Ports: (S3) 1 2 3 4 5 6 7 8
Tagged Ports: (S4) 1 2 3 4 5 6 7 8
Uplink Ports: None
Configure Layer 3 IP interfaces

You can create an IP address on a physical port (ie: Port 4/1), or on a VLAN. The VLAN IP Address is
configured on a Virtual Ethernet Interface, simply known as a ve
To Create an IP Address on a Physical Interface

Device(config)# interface ethernet 4/1
Device(config-if-e1000-4/1)# ip address <192.168.10.201/24>
To Create a Virtual Interface (VE) and Assign it an IP address

Device(config-vlan-401)#router-interface ve <401>
Device(config-vlan-401)#interface ve <401>
Device(config-vif-401)#ip address <10.10.201.254/24>

Change the IP address of a Virtual Interface:
Device(config)# interface ve <401>
Device(config-vif-401)# no ip address <10.10.201.254/24>
Device(config-vif-401)# ip address <10.10.201.250/24>
To Remove an Interface
Device(config-vif-401)#exit
Device(config)#no interface ve <401>
(Note: To keep things simpleAssign the Virtual Ethernet Interface (ve) the same as the VLAN ID. (ie: VLAN 401 has Virtual
Interface 401 associated with it.) This makes it much easier to associate these things together when looking at them as a whole.)
Change the Maximun VE Interfaces Supported

Device(config)#system-max virtual-interfaces 1024
(Note: System Default is 255. System max with a Management Module-4 card and 256 MB memory is 4095.)
To Show the Status of an Interface

Device(config)#show ip interface
Device(config)#show interface [brief]
Rapid Spanning Tree Protocol (802.1W)

Enable Rapid Spanning Tree Globally
Device(config)#spanning-tree 802-1w
Device(config)#no spanning-tree 802-1w (disables Spanning Tree)
Enable Rapid Spanning Tree per VLAN

Device(config-vlan-401)#spanning-tree 802-1w
Device(config-vlan-401)#no spanning-tree 802-1w (disables Spanning Tree)
Enable Rapid Spanning Tree per Port

Device(config-if-1/1)# spanning-tree 802-1w
Changing Priority of RSTP per VLAN or per Port

Device(config-vlan-401)#spanning-tree 802-1w priority 10 (default priority is 32768)
Device(config-vlan-401)#spanning-tree 802-1w ethernet 1/5 path-cost 15 priority 64

Show Rapid Spanning Tree Details
Device(config)#show 802-1w
Device(config)#show 802-1w detail
Configure Routing
Configuring a Static Route
Device(config)# ip route <10.10.202.0> <255.255.255.0>< 20.20.201.10> 1
View the Route Table

Device(config)# show ip route
Configuring a Static ARP entry
Device(config)# arp 1 < 10.10.201.5> <00:30:6d:15:ec:01> ethernet <4/1>
View the ARP Table

Device(config)# show arp (Note: you can view the entire ARP table, or selective entries)
Clearing the ARP Cache

Device(config)# clear arp
Device(config)# clear arp ethernet 4/1
RIP Configuration
Enable RIP Routing Globally
Device(config)#router rip
Device(config-rip-router)#
Put RIP on Network Interfaces

Device(config-rip-router)#interface ve 1
Device(config-vif-1)#ip rip v1-compatible-v2 (Enables both RIPv1 and v2 to be used)
Show IP RIP Statistics
Device#show ip rip
OSPF Configuration
Enable OSPF Routing Globally
Device(config)#router ospf
Device(config-ospf-router)#

Assign OSPF Areas
Device(config-ospf-router)#area <0.0.0.0> (This would be a Core Router)

Device(config-ospf-router)#area <0>
Put OSPF on Network Interfaces
Device(config-ospf-router)#interface ve <1>
Device(config-vif-1)#ip ospf area 0.0.0.0
Modify OSPF Path Costs

Device(config)#interface e <4/1>
Device(config-if-e1000-4/1)#ip ospf cost <10>
Show OSPF Statistics

Device(config)# show ip ospf (shows general OSPF configuration details)
Device(config)# show ip ospf config (shows Router-id & general OSPF configuration details)
Device(config)# show ip ospf area (shows OSPF area details)
Device(config)# show ip ospf database (shows link-state database)
Device(config)# show ip ospf interface (shows which interfaces are configured for OSPF)
Device(config)# show ip ospf neighbor (shows neighbor OSPF status)
Device(config)# show ip ospf route (shows routes learned via OSPF)
Virtual Router Redundancy Protocol (VRRP)

Brocade Networks provides a proprietary VRRP implementation called VRRP-E(xtended). Brocade supports VRRP, but VRRP-E is
more flexible than VRRP as defined by RFC2338. VRRP-E is virtually the same as VRRP, except in the following ways:
There is no Owner router. You do not need to use an IP address configured on one of the Layer 3 Switches
as the virtual router IP Address. The Virtual Routers IP Address is independent of the IP interfaces on the Layer 3 Switches.
There is no restriction on which router can be the master router. In VRRP, the Owner (the Layer 3 Switch on which the IP
interface that is used for the Virtual Routers IP Address is configured) must be the default Master.
Enable VRRP-Extended Globally

Device(config)#router vrrp-extended
DeviceB(config)#router vrrp-extended

Configuring the Master and Backup VRRP-E IP Address
Assume that Interface ve1 on RouterA already exists and has a configured IP address of 10.10.201.251
Assume that Interface ve1 on RouterB already exists and has a configured IP address of 10.10.201.252
Configuring the Master

Device(config)#inter ve <1>
Device(config-vif-1)#ip vrrp-extended vrid <1>
Device(config-vif-1-vrid-1)#backup priority <110>
Device(config-vif-1-vrid-1)#ip-address <10.10.201.254>
Device(config-vif-1-vrid-1)#advertise backup
Device(config-vif-1-vrid-1)#activate
Configuring the Backup
DeviceB(config)#inter ve <1>
DeviceB(config-vif-1)#ip vrrp-extended vrid <1>
DeviceB(config-vif-1-vrid-1)#backup priority <100>
DeviceB(config-vif-1-vrid-1)#ip-address <10.10.201.254>
DeviceB(config-vif-1-vrid-1)#advertise backup
DeviceB(config-vif-1-vrid-1)#activate
(Note: The default priority of all backup Virtual Routers is 100. Master Router status can be attained by manually making one
priority higher than the other.)
Displaying VRRP-E Configuration

Device(config)# show ip vrrp-e
Device(config)# show ip vrrp-e brief
Device(config)# show ip vrrp-e status
Device(config)# show ip vrrp-e ve 1
Standards Based VRRP Configuration
Brocade Networks also supports standardized VRRP implementations. Configuration of VRRP is almost identical to VRRP-E
except for one step. One of the Routers in a VRRP configuration must be identified as Owner, instead of both Routers being
identified as Backups for VRRP-E. Since one Router is the Owner, the IP Address used for the Virtual Router must be the
same as the physical address on that router. Its not as flexible as VRRP-E, but it meets all standards definitions.
Network Timing Configuration

Enable Network Timing
Device(config)# sntp server 100.100.100.73 <version> (version can be 1 to 4Default is 1)

Device(config)# sntp server 100.100.100.73 <version> (up to 3 SNTP servers can be defined)
View Network Timing Statistics

Device(config)# show sntp associations (shows clock source information)

Device(config)# show sntp status (shows more NTP information)
Access Control List (ACL) Configuration

Configuring ACLs
Syntax: access-list <num> permit|deny <ip-protocol> <source-ip>|<hostname> <wildcard>
[<operator><source-tcp/udp-port>] <destination-ip>|<hostname> <wildcard>
[<operator><destination-tcp/udp-port>] [log]
Standard Access List Number Range: 1-99

Extended Access List Number Range: 100-199
Device(config)# access-list 100 permit icmp 209.157.22.0/24 209.157.21.0/24

Device(config)# access-list 100 deny tcp host rkwong 209.157.21.0/24 eq telnet log
Device(config)# access-list 100 deny udp 209.157.21.0/24 host rkwong eq tftp log
Device(config)# access-list 100 deny ip host 209.157.21.100 host 209.157.22.1
Device(config)# access-list 100 deny ospf any any
Device(config)# access-list 100 permit ip any any
Deleting ACLs
Device(config)# no access-list 100 permit icmp 209.157.22.0/24 209.157.21.0/24
Device(config)# no access-list 100 (deletes the entire list)
Enabling an ACL on an Interface

Device(config)# int eth 3/8
Device(config-if-1/2)# ip access-group 100 in
Device(config-if-1/2)# int eth 4/3
Device(config-if-4/3)# ip access-group 100 out
Device(config-if-4/3)# write memory
Disabling an ACL on an Interface

Device(config)# int eth 3/8
Device(config-if-1/2)# no ip access-group 100 in
(Note: If one has a long Access List, and needs to insert a new entry into that list, use the following steps to accomplish this:)
1. Execute a show running-config on the device

2. Cut and paste the Access List entries into a Notepad or text file of some kind
3. Add or delete new entries into the Access List
4. Back on the router, disable the Access Group on the interface(s) it is applied (See above)
5. Disable the Access list (See above)
6. Cut the Access List from the Notepad and Paste right into the Command Line Interface
a. The Access List entries will execute automatically
7. Re-enable the Access Group to the Interface(s) where it was applied previously
8. done

Link Aggregation Configuration
Manually Configuring Link Aggregation
Device(config)# trunk switch ethernet 1/1 to 1/2
Device(config)# trunk switch ethernet 2/1 to 2/4 ethernet 4/5 to 4/8
Device(config)# trunk switch ethernet 3/1 to 3/1 ether 4/1 to 4/1 (Trunks 10G cards together)
Device(config)# trunk deploy
Note: Trunk Definition Rules (Some rules may vary depending on device type, please refer to the specific device manual for
additional information)
You can configure up to 64 trunk groups on a Chassis device.
You can configure up to 8 ports in a trunk group on a Chassis device.
Each trunk group must start with a primary port. Primary ports are always odd-numbered ports:
Chassis devices: 1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, 23
For 10G cards, trunk group must start on an odd-numbered card-slot (ie: 1, 3, 5, 7, etc)
Trunk members must have the same characteristics (ie. Speed, tagging, etc)
All the ports must be connected to the same device at the other end.
Display Trunk Configurations
Device(config)# show trunk
Dynamic (802.3ad) Trunk Configuration Edge Devices

(NOTE: For NetIron products please read the configuration manual for LAG commands)

Device(config-if-e1000-2/1)# link-aggregate active
Device(config-if-e1000-2/2)# link-aggregate active
Display Dynamic Link Aggregation Configurations

Device(config)# show link-aggregation
Link Aggregation to Servers

Device(config)# trunk server ethernet 4/7 to 4/8
Device(config)# trunk deploy (This creates a 2 Gig connection to a Server)
To Disable a Trunk Group

(enter the Trunks primary interface, then disable that port. The entire trunk gets disabled this way.)
Device(config)# interface eth 1/1

Device(config)# disable
To Delete a Trunk Group
Device(config)# no trunk ethernet 1/1 to 1/2

Device(config)# no trunk ethernet 2/1 to 2/4 ethernet 4/5 to 4/8
Device(config)# trunk deploy
Configure Interface Speed and Duplex

Device(config)# interface ethernet 3/1 to 3/24 (Sets Duplex mode for Interfaces)
Device(config-mif-3/1-3/24)# speed-duplex ? (Options: 10-full/10-half/100-full/100-half/auto)
TFTPing Files To/From the Device

Device# copy tftp flash 192.168.10.249 Device-code-v7.5.04 primary
Device# copy startup-config tftp 192.168.10.249 RouterA_Backup_Config
Upgrading software on Edge devices

(Note: It is recommended that a Device be upgraded in the following manner: For NetIron and BigIron devices please see the
appropriate release notes for detailed upgrade instructions)
1. Download new version of code to the Secondary flash area of the Device
Device# copy tftp flash 192.168.10.249 Device-code-v7.5.04 secondary
2. Set the Device to boot from secondary flash upon next reload
Device(config)# boot system flash secondary
Device(config)# wr mem
3. Then reload the device and run on secondary flash for a week or so
Device# reload
4. Once the new code is proven to be working fine, copy the secondary flash into primary
Device# copy flash flash primary
5. remove the command for the box to boot up using the secondary flash code.
Device(config)# no boot system flash secondary
Device(config)# wr mem

Appendix A - CLI Line Editing Commands
Ctrl-Key Combination Description
Ctrl-A Move to the first character on the command line.
Ctrl-B Move the cursor back one character.
Ctrl-C Escape and terminate command prompts and ongoing tasks (such as lengthy displays), and
displays a fresh command prompt.
Ctrl-D Delete the character at the cursor.
Ctrl-E Move to the end of the current command line.
Ctrl-F Move the cursor forward one character.
Ctrl-K Delete all characters from the cursor to the end of the command line.
Ctrl-R/L Repeat the current command line on a new line.
Ctrl-N Enter the next command line in the history buffer.
Ctrl-P Enter the previous command line in the history buffer.
Ctrl-X/U Delete all characters from the cursor to the beginning of the command line.
Ctrl-W Delete the last word you typed.
Ctrl-Z Move from any CONFIG level of the CLI to the Privileged EXEC level;
at the Privileged EXEC level, moves to the User EXEC level.

Special Characters for Regular Expressions Character Operation
. The period matches on any single character, including a blank space.

For example, the following regular expression matches aaz, abz, acz, and so on, but not just az: a.z
* The asterisk matches on zero or more sequential instances of a pattern.

For example, the following regular expression matches output that contains the string abc, followed by zero or more Xs: abcX*
+ The plus sign matches on one or more sequential instances of a pattern.

For example, the following regular expression matches output that contains "de", followed by a sequence of gs, such as deg,
degg, deggg, and so on: deg+
? The question mark matches on zero occurrences or one occurrence of a pattern.

For example, the following regular expression matches output that contains "dg" or "deg": de?g
Note: Normally when you type a question mark, the CLI lists the commands or options at that CLI level that begin with the character
or string you entered. However, if you enter Ctrl-V and then type a question mark, the question mark is inserted into the command
line, allowing you to use it as part of a regular expression.
^ A caret (when not used within brackets) matches on the beginning of an input string.
For example, the following regular expression matches output that begins with deg: ^deg
$ A dollar sign matches on the end of an input string.

For example, the following regular expression matches output that ends with deg: deg$
_ An underscore matches on one or more of the following:

, (comma)
{ (left curly brace)
} (right curly brace)
( (left parenthesis)
) (right parenthesis)
The beginning of the input string
The end of the input string
A blank space
For example, the following regular expression matches on 100 but not on 1002, 2100,and so on. _100_
[ ] Square brackets enclose a range of single-character patterns.

For example, the following regular expression matches output that contains 1, 2, 3, 4, or 5: [1-5]
You can use the following expression symbols within the brackets. These symbols are allowed only inside the brackets.
^ The caret matches on any characters except the ones in the brackets. For example, the following regular expression matches
output that does not contain 1, 2, 3, 4, or 5:[^1-5]
- The hyphen separates the beginning and ending of a range of characters. A match occurs if any of the characters within the range
is present. See the example above.
Character Operation
| A vertical bar separates two alternative values or sets of values. The output can match one
or the other value. For example, the following regular expression matches output that contains either abc or defg: abc|defg
( ) Parentheses allow you to create complex expressions.

For example, the following complex expression matches on abc, abcabc, or defg, but not on abcdefgdefg: ((abc)+)|((defg)?)

APPENDIX B - Basic Hardening of a Brocade Device
o Turn off undesired services
o disable telnet config)#no telnet server
(DONOT ATTEMPT IF YOU ARE USING TELNET TO CONFIGURE DEVICE)
o disable snmp config)#no snmp-server
o disable web management config)#no web-management enable
o enable route-only int-3/1)#route-only
o disable source routing config)#no ip source-route
o remove ICMP issues config)#no ip directed-broadcast
o disable proxy arp config)#no ip proxy-arp
o Configure warning banners

o MOTD config)#banner motd c THIS IS MY MESSAGE c
o Login config)#banner incoming c THIS IS MY MESSAGE c
o EXEC config)#banner exec c THIS IS MY MESSAGE c
o Configure access methods

o enable password config)#enable super-user-password my_password
o usernames config)#username my_username password my_password
o AAA config)#aaa authentication login default local enable
o Radius
o SSH config)#crypto key generate
o Configure time #clock set hh:mm:ss mm-dd-yy
o Configure logging config)#logging host a.b.c.d
o Configure port security int-3/1)# port security

port-sec-3/1)#enable
o Configure ACLs
o management access config)#access-list 1 permit host my_management_host
o management traffic control config)#snmp-server community private rw 1

APPENDIX C Cisco Command Cross Reference
CISCO SYNTAX BROCADE SYNTAX COMMENTS
ROUTER CLI
Router> enable Router> enable Enter privileged exec
mode
Router# conf t Router# conf t Global configuration
level
Router# show Router(conf)# show Show command from
any level of the CLI
Router# clock set hh:mm:ss Router# clock set hh:mm:ss
Router# exit Router# exit
Router# disable Router# end Exit privileged mode
Router# sh ver Router# sh ver
Router# sh flash Router# sh flash
Router# sh users Router# sh who
Router# copy run start Router(config)# write mem Save configuration from
any level of CLI
Router# erase start Router# erase start
Router# sh start Router# sh config
Router(config)# hostname Router(config)# hostname Set hostname
Router(config)# enable secret Router(config)# enable pass test Brocade passwords
pass test encrypted by default
Router(config)# sh interface Router(config)# sh interface
Router(config)# sh ip interface Router(config)# sh ip interface
brief
Router(config)# int e0 Router(config)# int e1
Router(config-int)# Router(config-int-e1)#
Router(config-int)# description Router(config-int-e1)# port-name
link to router link to router
Router(config-int)# ip address Router(config-int-e1)# ip address Brocade supports both
10.1.2.3 255.255.255.0 10.1.2.3/24 classful and CIDR mask
Router(config-int)# no shut Router(config-int-e1)# enable
Router(config)# cdp run Router(config)# fdp run Brocade supports both

Router(config)# cdp run FDP and CDP
Router# sh cdp neighbor Router(config)# sh fdp neighbor
Router# reload Router# reload

Sample Edge Device Configuration
CISCO SYNTAX BROCADE SYNTAX NOTES

Conf t Conf t
Hostname <___-swg-___-xxx> Hostname <___-swg-___-xxx> Configure hostname
end end
Conf t Conf t
Interface vlan <sss> ----
Ip address <150.sss.30.___>< Ip address <150.sss.30.___>< Configure mgmt ip address
255.255.240.0> 255.255.240.0>
Ip address <150.sss.30.___/20>
end end
Conf t Conf t
Interface range GigabitEthernet ---- Configure all interfaces
<d/0/1-ccc>
Switchport access vlan <sss> Vlan <sss> Add vlan to interfaces
Switchport mode access Untag eth 1 to <ccc-1> Configure access mode
Spanning-tree portfast ---- (enabled by default) Configure proprietary stp
Spanning-tree bpduguard enable Int eth 1 to <ccc-1><cr>stp-bpdu- Configure bpduguard
guard<cr>
No cdp enable ---- (disabled by default) Disable cdp
No shutdown ---- (interfaces enabled by default)
end end
Conf t Conf t
Interface GigabitEthernet <d/0/ccc> ---- Configure high order port as
uplink
shutdown Vlan <sss>
Switchport trunk encapsulation dot1q Tag eth <ccc> Enable IEEE 802.1q
Switchport mode trunk ---- configure tagging mode
Switchport trunk allow vlan <sss> ---- Configure allowed vlan
No shutdown ----
end end
Conf t Conf t
Ip default-gateway <150.sss.30.250> Ip default-gateway <150.sss.30.250>
end end
Conf t Conf t
Banner login L Banner login L
*****enter banner here**** *****enter banner here****
L L
end end
Conf t Conf t
Snmp-server community Snmp-server community <asciistring> ro
<asciistring> ro
Snmp-server community Snmp-server community <asciistring> rw
<asciistring> rw
Snmp-server community Snmp-server community <asciistring> rw
<asciistring> rw
Snmp-server enable traps ---- (enabled by default)
Snmp-server host <ipaddr> traps Snmp-server host <ipaddr> <string>
<string>

Snmp-server host <ipaddr> envmon (all traps sent to one or multiple hosts)
Logging <ipaddr> Logging <ipaddr>
end end
Conf t Conf t
Ip domain-name <xxx.hqs.gov> Ip dns domain-name <xxx.hqs.gov>
Crypto key generate rsa 2048 Crypto key generate (DSA with default
1024)
end end
Conf t Conf t
Enable secret <enable> Enable super-user-password <enable> Configure encrypted secret
pwd
Service password-encryption ---- (enabled by default) Turn on pwd encryption
Line console 0 ---- Enter line configuration mode
Password <enable> ---- Set console pwd to enable
login ---- User must login to console
Exec-timeout 5 0 Console timeout 5 Console timeout value
Line vty 0 4 ----
Password <enable> Enable telnet password <enable>
login Enable telnet authentication
Exec-timeout 5 0 telnet timeout 5
Transport input telnet ssh Ip ssh timeout 120
Line vty 5 15 ----
Password <enable> ----
login ----
Exec-timeout 5 0 ----
Transport input telnet ssh ----
end end
Conf t
Ntp server <150.sss.30.250> prefer Sntp server <150.sss.30.250>
Clock timezone GMT 0 Clock timezone gmt+0
Service timestamps debug datetime ----
msec
Service timestamps log database ----
msec
Logging buffered 4096 informational Logging buffered 100 informational
Logging console informational Logging console
No ip domain-lookup ----
No ip http server No web-management http
No snmp-server system-shutdown ----
Privilege exec level 3 erase Privilege exec level 4 erase
Ip classless ---- (default configuration)
Errdisable recovery cause psecure- Errdisable recovery cause all
violation
Errdisable recovery interval 30 Errdisable recovery interval 30
end end
Conf t Conf t
Username <fielduser> privilege 3 Username <fielduser> privilege 4
<password> <password>
end end
Conf t Conf t
Tacacs-server host <ipaddr> Tacacs-server host <ipaddr>
Tacacs-server host <ipaddr> Tacacs-server host <ipaddr>
Tacacs-server key <asciikey> Tacacs-server key <asciikey>
Ip tacacs source-interface loopback1 Ip tacacs source-interface loopback1
End end
Conf t Conf t
Aaa new-model ----
Aaa authentication login default Aaa authentication login default tacacs+
group tacacs+ local local
Aaa authorization console Enable aaa console
Aaa authorization exec default group Aaa authorization exec default tacacs+
tacacs+ local none
Aaa authorization commands 1 Aaa authorization commands 0 default This configures authorization
default group tacacs+ local tacacs+ none for all cmnds including cfg >
Aaa authorization commands 3 ----
default group tacacs+ local
Aaa authorization commands 15 ----
default group tacacs+ local
Aaa authorization config-commands ----
end end
Conf t Conf t
Aaa accounting exec default start- Aaa accounting exec default start-stop
stop group tacacs+ tacacs+
Aaa accounting commands 1 default Aaa accounting commands 0 default start- This configures accounting for
start-stop group tacacs+ stop tacacs+ all cmnds >
Aaa accounting commands 3 default Aaa accounting system default start-stop
start-stop group tacacs+ tacacs+
Aaa accounting commands 15 default ----
start-stop group tacacs+
Aaa accounting connection default (not supported)
start-stop group tacacs+
end end
END CONFIGURATION
Additional Notes:
A Cisco trunk port is equivalent to a Brocade tagged port.

A Cisco access port is equivalent to a Brocade untagged port.
A Cisco channel is equivalent to a Brocade trunk/LAG
Cisco defines VLAN membership under each interface.
Brocade defines VLAN membership globally.

Cisco Brocade Code Fragment Comparison
VLAN Configuration
Spanning Tree Configuration (RX-MLX)

Spanning Tree Configuration (SX-FESX)
Link Aggregation Configuration (IEEE 802.3ad) (RX-MLX)

Link Aggregation Configuration (IEEE 802.3ad) (SX-FESX)
OSPF

OSPF v3
BGP v4

BGP v6

This document briefly describes a connection between a Cisco IOS based LAN switch and a Brocade LAN
Switch with either single link or in a second example with a trunk (link aggregation).
Lab setup:
Both switches are embedded in an RSTP environment with a per VLAN Spanning Tree configuration.
Cisco is using a different BPDU Mac address in their so called PVST+ implementation of RSTP but Brocade
can autodetect this on interconnection links and interoperate without any problems.
Make shure the Cisco switch runs an RSTP capable IOS version !
Due to the fact that Cisco is more standard compliant to IEEE 802.1q we need to convert the Brocade config
to make the default VLAN 1 being send over tagged links untagged by default as Cisco does.
This can be achieved in setting the default VLAN to a different number on the Brocade site and create a new
VLAN 1. Finally dual-mode is activated on the connecting link to make the interconnection work.
The configuration for both sides looks like this:
Brocade configuration: (Root Switch)

global-stp
!
vlan 1 name Management by port
tagged ethe 49 to 50
router-interface ve 1
spanning-tree 802-1w
spanning-tree 802-1w priority 128
!
vlan 10 name Testnet by port
vlan 77 name Servernet by port

untagged ethe 1
!
vlan 3999 name DEFAULT-VLAN by port
!
default-vlan-id 3999
fdp run (optional)
cdp run (optional)
clock summer-time
clock timezone gmt GMT+01
no vlan-dynamic-discovery
!
interface ethernet 49
port-name Backup Link -> Cat 2960
spanning-tree 802-1w admin-pt2pt-mac
no fdp enable
dual-mode 1
!
port-name LWL Link -> Cat 2950
no fdp enable
dual-mode 1
!
interface ve 1
ip address 172.30.1.1 255.255.255.0
!
interface ve 77
ip address 192.168.1.77 255.255.255.0
!
end
Cisco Config:
version 12.2
service timestamps log datetime localtime
!
hostname Cat2960
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
interface GigabitEthernet0/1
description Link -> Brocade Switch
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/2
description Link -> Cisco Catalyst 2950
!
interface Vlan1
ip address 172.30.1.254 255.255.255.0
no ip route-cache
!
end
Recommendation is to switch off al proprietary protocols on the interconnection links.
- Cisco: On ports to Brocade "switchport nonegotiate" (Cisco DTP etc. disable !) - Brocade: Global "no vlan-
dynamic-discovery"
Link Aggregation:
Lab setup:
Brocade configuration: (Root Switch, Dynamic Version)
global-stp
!
vlan 1 name Management by port
tagged ethe 16 ethe 49 to 50
!
vlan 10 name Testnet by port
!
vlan 77 name Servernet by port
untagged ethe 1
!
vlan 3999 name DEFAULT-VLAN by port
!
default-vlan-id 3999
fdp run (optional)
cdp run (optional)
clock summer-time
clock timezone gmt GMT+01
no vlan-dynamic-discovery
port-name Red Link -> Cat 2950
dual-mode 1
!
port-name LWL LAG Trunk -> Cat 2960
link-aggregate configure key 10100
link-aggregate active
dual-mode 1
!
port-name LWL LAG Trunk -> Cat 2960
link-aggregate configure key 10100
link-aggregate active
dual-mode 1
!
interface ve 1
ip address 172.30.1.1 255.255.255.0
!
interface ve 77
ip address 192.168.7.77 255.255.255.0
!
end
Cisco configuration: (Dynamic Version)

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel1
switchport nonegotiate
!
interface FastEthernet0/24
description Backup Link -> Cat 2950
interface GigabitEthernet0/1 description LAG Trunk -> Brocade

switchport mode trunk switchport nonegotiate channel-group 1 mode active
!
interface GigabitEthernet0/2 description LAG Trunk -> Brocade
switchport mode trunk switchport nonegotiate channel-group 1 mode active
!
interface Vlan1
ip address 172.30.1.254 255.255.255.0
no ip route-cache
!
end
Additional show outputs Brocade:

#sh link-agg
System ID: 00e0.8051.fe00
Long timeout: 90, default: 90
Short timeout: 3, default: 3
Port [Sys P] [Port P] [ Key ] [Act][Tio][Agg][Syn][Col][Dis][Def][Exp][Ope]
49 1 1 481 Yes L Agg Syn Col Dis No No Ope
50 1 1 481 Yes L Agg Syn Col Dis No No Ope
#sh trunk
Max number of server trunks: 25; available: 25
Number of hash buckets per server trunk: 256
Configured number of hash buckets per server trunk: 256
Configured trunks:
Trunk ID: 25
Type: Switch ( 8023ad Trunk )
Ports_Configured: 2
Primary Port Monitored: Jointly
Ports 49 50
Port Names none none Port_Status enable enable Monitor off off
Mirror Port N/A N/A
Monitor Dir N/A N/A
Operational trunks:
Trunk ID: 25
Type: Switch ( 8023ad Trunk )
Duplex: Full
Speed: 1G
Tag: Yes
Priority: level0
Active Ports: 2

Additional show outputs Cisco:
Cat2960#sh int port-channel 1 ether

Port-channel1 (Primary aggregator)
Age of the Port-channel = 0d:00h:08m:04s Logical slot/port = 2/1 Number of ports = 2

HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = LACP
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC stateNo of bits

--- + --- + --- + ------------ + -------
0 00 Gi0/1 Active 0
0 00 Gi0/2 Active 0
Time since last port bundled: 0d:00h:07m:29s Gi0/2

Time since last port Un-bundled: 0d:00h:07m:35s Gi0/1
Cat2960#sh span
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 128
Address 00e0.8051.fe0f
Cost 3
Port 56 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0017.5a99.fa00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type

Fa0/2 Desg FWD 100 128.2 Shr
Fa0/24 Desg FWD 19 128.24 P2p
Po1 Root FWD 3 128.56 P2p
Port 56 (Port-channel1) of VLAN0001 is root forwarding

Port path cost 3, Port priority 128, Port Identifier 128.56. Designated root has priority 128, address
00e0.8051.fe0f
Designated bridge has priority 128, address 00e0.8051.fe0f Designated port id is 128.49, designated path
cost 0 Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 2
Link type is point-to-point by default
BPDU: sent 17, received 93

REMARKS:
It is not possible to negotiate the LACP group key from Brocade to Cisco!
The key on the Brocade configuration site is just ignored and replaced by a default key if the Cisco site is in
LACP passive mode and link negotiation is set to on.
You cannot define LAG key groups on the Brocade site in mixed environments. Different groups must be
selected via the port-channel group and the corresponding interface number on the Cisco site.

Brocade To Cisco Reference PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Brocade To Cisco Reference PDF

Uploaded by

Copyright:

Available Formats

Brocade Command Line Interface

Default Terminal Settings

Baud Rate Stop Bits Data Bits Flow Control Parity

Configuring Brocade Devices Using CLI

Device> (Start in user EXEC mode)

Navigating the CLI

Device Quick Reference Guide Page 1

Saving the Configuration

Other Useful Commands

Preliminary Device Configuration

Device Quick Reference Guide Page 2

1. Power cycle the device

BOOT MONITOR> no password

Configuring a System Hostname

Configuring a Management IP Address on a switch

Device(config)#ip address 192.168.10.100/24 (Layer-2 IP address)

Setting SNMP Parameters

Configure System Time

Device(config)#sntp server <a.b.c.d>

Device Quick Reference Guide Page 3

Device(config)#banner motd c (Press Return)

Configure AAA Parameters for Login

Device(config)#aaa authentication default login radius local

Viewing the Module Inventory

Module Status Ports Starting MAC

Configuring MAC Port Security

Configuring a Port Based VLAN

Device(config)#vlan 401 name <vlan_10-10-201>

Device Quick Reference Guide Page 4

Adding a port to a VLAN

Deleting Ports from a VLAN

To Display Ports in a VLAN and Check PVST Status

PORT-VLAN 401, Name vlan_10-10-201, Priority level0, Spanning tree On

Configure Layer 3 IP interfaces

To Create an IP Address on a Physical Interface

To Create a Virtual Interface (VE) and Assign it an IP address

Device Quick Reference Guide Page 5

Change the Maximun VE Interfaces Supported

To Show the Status of an Interface

Rapid Spanning Tree Protocol (802.1W)

Enable Rapid Spanning Tree per VLAN

Enable Rapid Spanning Tree per Port

Changing Priority of RSTP per VLAN or per Port

Device Quick Reference Guide Page 6

View the Route Table

Configuring a Static ARP entry

Device(config)# arp 1 < 10.10.201.5> <00:30:6d:15:ec:01> ethernet <4/1>

View the ARP Table

Clearing the ARP Cache

Put RIP on Network Interfaces

Show IP RIP Statistics

Device Quick Reference Guide Page 7

Device(config-ospf-router)#area <0.0.0.0> (This would be a Core Router)

Put OSPF on Network Interfaces

Modify OSPF Path Costs

Show OSPF Statistics

Virtual Router Redundancy Protocol (VRRP)

Enable VRRP-Extended Globally

Device Quick Reference Guide Page 8

Configuring the Master

Displaying VRRP-E Configuration

Network Timing Configuration

Device(config)# sntp server 100.100.100.73 <version> (version can be 1 to 4Default is 1)