SmartSwitch Router Command Line Interface Reference Manual 9032553-05
Notice Notice Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
Notice FCC Notice This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules.
Notice NOTICE: The Ringer Equivalence Number (REN) assigned to each terminal device provides an indication of the maximum number of terminals allowed to be connected to a telephone interface. The termination on an interface may consist of any combination of devices subject only to the requirement that the sum of the ringer equivalence Numbers of all the devices does not exceed 5.
Notice CABLETRON SYSTEMS, INC. PROGRAM LICENSE AGREEMENT IMPORTANT: THIS LICENSE APPLIES FOR USE OF PRODUCT IN THE FOLLOWING GEOGRAPHICAL REGIONS: CANADA MEXICO CENTRAL AMERICA SOUTH AMERICA BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems, Inc.
Notice Sections 1 or 2 of this Agreement, You agree not to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba, Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may b
Notice CABLETRON SYSTEMS SALES AND SERVICE, INC. PROGRAM LICENSE AGREEMENT IMPORTANT: THIS LICENSE APPLIES FOR USE OF PRODUCT IN THE UNITED STATES OF AMERICA AND BY UNITED STATES OF AMERICA GOVERNMENT END USERS. BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems Sales and Service, Inc.
Notice Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S.
Notice CABLETRON SYSTEMS LIMITED PROGRAM LICENSE AGREEMENT IMPORTANT: THIS LICENSE APPLIES FOR THE USE OF THE PRODUCT IN THE FOLLOWING GEOGRAPHICAL REGIONS: EUROPE MIDDLE EAST AFRICA ASIA AUSTRALIA PACIFIC RIM BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT.
Notice If the Program is exported from the United States pursuant to the License Exception TSR under the U.S.
Notice SAFETY INFORMATION CLASS 1 LASER TRANSCEIVERS The SSR-HFX11-08 100Base-FX Module, SSR-GSX11-02 1000Base-LX Module, SSR-GLX19-02 1000Base-LX Module, SSR-HFX29-08 100Base-FX SMF Module, SSR-GLX70-01 1000Base-LLX module, SSR-2-SX 1000Base-SX Module, SSR-2-LX 1000Base-LX Module, SSR-2-LX70 1000Base-LX Module, and SSR-2-GSX system use Class 1 Laser transceivers. Read the following safety information before installing or operating these modules.
Notice DECLARATION OF CONFORMITY ADDENDUM Application of Council Directive(s): Manufacturer’s Name: Manufacturer’s Address: European Representative Name: European Representative Address: Conformance to Directive(s)/Product Standards: Equipment Type/Environment: 89/336/EEC 73/23/EEC Cabletron Systems, Inc. 35 Industrial Way PO Box 5005 Rochester, NH 03867 Mr. J.
Notice SSR Command Line Interface Reference Manual 13
Notice 14 SSR Command Line Interface Reference Manual
Contents About This Manual ................................................................................. 31 Who Should Read This Manual? .........................................................................................31 How to Use This Manual ......................................................................................................31 Related Documentation.........................................................................................................31 CLI Parameter Types ..
Contents Chapter 3: aging Commands .................................................................. 79 Command Summary............................................................................................................. 79 aging l2 disable ...................................................................................................................... 80 aging l2 set aging-timeout....................................................................................................
Contents Chapter 7: configure Command........................................................... 147 Chapter 8: copy Command................................................................... 149 Chapter 9: diff Command..................................................................... 153 Chapter 10: dhcp Commands ............................................................... 155 Command Summary ...........................................................................................................
Contents Chapter 16: filters Commands.............................................................. 203 Command Summary........................................................................................................... 203 filters add address-filter ..................................................................................................... 205 filters add port-address-lock..............................................................................................
Contents Chapter 20: ip Commands .................................................................... 265 Command Summary ...........................................................................................................265 ip add route ...........................................................................................................................267 ip disable................................................................................................................................
Contents Chapter 22: ip-router Commands......................................................... 307 Command Summary........................................................................................................... 307 ip-router authentication add key-chain ........................................................................... 309 ip-router authentication create key-chain........................................................................ 310 ip-router find route .........................
Contents Chapter 24: ipx Commands .................................................................. 377 Command Summary ...........................................................................................................377 ipx add route.........................................................................................................................379 ipx add sap ............................................................................................................................
Contents Chapter 27: load-balance Commands.................................................. 425 Command Summary........................................................................................................... 425 load-balance add host-to-group ........................................................................................ 427 load-balance add host-to-vip-range.................................................................................. 429 load-balance allow access-to-servers......
Contents Chapter 35: ospf Commands................................................................ 491 Command Summary ...........................................................................................................491 ospf add interface .................................................................................................................493 ospf add nbma-neighbor.....................................................................................................
Contents Chapter 38: port mirroring Command ................................................. 551 Chapter 39: ppp Commands ................................................................. 553 Command Summary........................................................................................................... 553 ppp add-to-mlp.................................................................................................................... 555 ppp apply service ......................................
Contents Chapter 42: radius Commands............................................................. 611 Command Summary ...........................................................................................................611 radius accounting command level.....................................................................................612 radius accounting shell........................................................................................................614 radius accounting snmp ........
Contents Chapter 46: reboot Command.............................................................. 651 Chapter 47: rip Commands ................................................................... 653 Command Summary........................................................................................................... 653 rip add................................................................................................................................... 655 rip set auto-summary......................
Contents Chapter 48: rmon Commands .............................................................. 675 Command Summary ...........................................................................................................675 rmon address-map ...............................................................................................................678 rmon al-matrix-top-n ...........................................................................................................680 rmon alarm........
Contents rmon user-history-control .................................................................................................. 772 rmon user-history-objects .................................................................................................. 774 Chapter 49: save Command.................................................................. 777 Chapter 50: sfs Commands ................................................................... 779 Command Summary....................................
Contents Chapter 56: system Commands ........................................................... 819 Command Summary ...........................................................................................................819 system hotswap ....................................................................................................................821 system image add.................................................................................................................
Contents Chapter 59: telnet Command ............................................................... 881 Chapter 60: traceroute Command........................................................ 883 Chapter 61: vlan Commands ................................................................ 885 Command Summary........................................................................................................... 885 vlan add ports ...............................................................................
About This Manual This manual provides reference information for the commands in the SmartSwitch Router (SSR) Command Line Interface (CLI). For product information not available in this manual, see the manuals listed in “Related Documentation” on page 31. Note: If you plan to use Cabletron CoreWatch to configure or manage the SSR, see the CoreWatch User’s Manual and the CoreWatch online help for information.
About this Manual For Information About... See the... How to use CLI (Command Line Interface) commands to configure and manage the SSR SmartSwitch Router User Reference Manual SYSLOG messages and SNMP traps SmartSwitch Router Error Reference Manual CLI Parameter Types The following table describes all the parameter types you can use with the CLI. 32 Data Type Descripton Example conditional A numerical conditional expression.
About this Manual Data Type Descripton IPX network address An IPX network address in hexadecimal IPX An IPX network and node address of the form . where is the network address of a host and is the node or MAC address of the IPX host. For some commands, if the node address is not given, the node address is assumed to be a wildcard. a1b2c3d4.
About this Manual Data Type Descripton Example string A character string. To include spaces in a string, specify the entire string in double quotes (“). abc or “abc def” URL A Uniform Resource Locator. The type of URL depends on the command where the URL is used. Currently, two URLs are supported: tftp://10.1.4.5/test/abc.txt rcp://dave@rtr/test/abc.
Chapter 1 acl Commands The acl commands allow you to create ACLs (Access Control Lists) and apply them to IP and IPX interfaces on the SSR. An ACL permits or denies switching of packets based on criteria such as the packet’s source address and destination address, TCP or UDP port number, and so on. When you apply an ACL to an interface, you can specify whether the ACL affects incoming traffic or outgoing traffic. You also can enable a log of the ACL’s use. Command Summary Table 1 lists the acl commands.
Command Summary Table 1.
acl apply interface acl apply interface Purpose Apply an ACL to an interface. Format acl apply interface input|output [logging on|off|deny-only|permit-only] [policy local|external] Mode Configure Description The acl apply interface command applies a previously defined ACL to an interface. When you apply an ACL to an interface, you implicitly enable access control on that interface.
acl apply interface input Applies the ACL to filter out inbound traffic. output Applies the ACL to filter out outbound traffic. logging on|off|deny-only|permit-only Enables or disables ACL logging for this interface. You can specify one of the following keywords: off Disables all logging. on Enables logging of packets that are dropped or forwarded because of ACL. deny-only Enables logging of dropped packets only. permit-only Enables logging of forwarded packets only.
acl apply service acl apply service Purpose Apply an ACL to a service on the SSR. Format acl apply service [logging [on|off]] Mode Configure Description The acl apply service command applies a previously defined ACL to a service provided by the SSR. A service is typically a server or agent running on the SSR, for example, a Telnet server or SNMP agent. By applying an ACL to a service, you can control which host can access individual services on the SSR.
acl apply service http HTTP web server snmp SNMP agent telnet Telnet server [logging [on|off]] Enables or disables ACL logging for this interface. You can specify one of the following keywords: off Disables logging. on Enables logging. Restrictions You can apply only one ACL of each type (IP or IPX) to a service at one time. For example, although you can define two ACLs, “ipacl1” and “ipacl2”, you cannot apply them both to the same service.
acl permit|deny icmp acl permit|deny icmp Purpose Create an ICMP ACL. Format acl permit|deny icmp Mode Configure Description The acl permit icmp and acl deny icmp commands define an ACL to allow or block ICMP traffic from entering or leaving the SSR. For each of the values describing a flow, you can use the keyword any to specify a wildcard (“don’t care”) condition.
acl permit|deny icmp Restrictions When you apply an ACL to an interface, the SSR appends an implicit deny rule to that ACL. The implicit deny rule denies all traffic. If you intend to allow all traffic that doesn’t match your specified ACL rules to go through, you must explicitly define a rule to permit all traffic. Examples To deny ICMP traffic from the subnet 10.24.5.0 (with a 24 bit netmask) to any destination: ssr(config)# acl 310 deny icmp 10.24.5.
acl permit|deny igmp acl permit|deny igmp Purpose Create an IGMP ACL. Format acl permit|deny igmp Mode Configure Description The acl permit igmp and acl deny igmp commands define an ACL to allow or block IGMP traffic from entering or leaving the SSR. For each of the values describing a flow, you can use the keyword any to specify a wildcard (“don’t care”) condition.
acl permit|deny igmp Examples To create an ACL to deny IGMP traffic from the subnet 10.1.5.0 (with a 24 bit netmask) to any destination: ssr(config)# acl 410 deny igmp 10.1.5.0/24 any To create an ACL to permit IGMP traffic from the host 10.33.34.44 to subnet 10.11.21.0: ssr(config)# acl 714 permit igmp 10.33.34.44 10.11.21.
acl permit|deny ip acl permit|deny ip Purpose Create an IP ACL. Format acl permit|deny ip [accounting] Mode Configure Description The acl permit ip and acl deny ip commands define an Access Control List to allow or block IP traffic from entering or leaving the router. Unlike the more specific variants of the acl commands for tcp and udp, the IP version of the command includes IP-based protocols such as tcp, udp, icmp and igmp.
acl permit|deny ip The destination address and the filtering mask of this flow. The same requirements and restrictions for apply to . For TCP or UDP, the number of the source TCP or UDP port. This field applies only to TCP or UDP traffic. If the incoming packet is ICMP or another non-TCP or non-UDP packet and you specified a source or destination port, the SSR does not check the port value.
acl permit|deny ip SSR check only the source and destination addresses, not the port number. Therefore, this ACL will deny all non-TCP and non-UDP traffic. ssr(config)# acl 120 deny ip any any 1-1024 any To create an ACL to permit Telnet traffic (port 23) from the host 10.23.4.8 to the subnet 10.2.3.0: ssr(config)# acl 130 permit ip 10.23.4.8 10.2.3.0/24 The following command creates an ACL to permit all IP traffic. Since none of the ACL fields are specified, they are all assumed to be wildcards.
acl permit|deny ip-protocol acl permit|deny ip-protocol Purpose Create an ACL for any IP protocol type. Format acl permit|deny ip-protocol Mode Configure Description The acl permit ip-protocol and acl deny ip-protocol commands define an Access Control List to allow or block IP traffic from entering or leaving the router for any protocol type.
acl permit|deny ip-protocol The destination address and the filtering mask of this flow. The same requirements and restrictions for apply to . IP TOS (Type of Service) value. You can specify a TOS from 0 – 15. Restrictions When you apply an ACL to an interface, the SSR appends an implicit deny rule to that ACL. The implicit deny rule denies all traffic.
acl permit|deny ipx acl permit|deny ipx Purpose Create an IPX ACL. Format acl permit|deny ipx Mode Configure Description The acl permit ipx and acl deny ipx commands define an ACL to allow or block IPX traffic from entering or leaving the SSR. Parameters Name of this ACL. You can use a string of characters or a number. The source IPX address in .
acl permit|deny ipx Destination IPX socket. The SSR will interpret this number in hexadecimal format. You do not need to use a “0x” prefix. You can use the keyword any to specify a wildcard (“don’t care”) condition. Source network mask. This field specifies a group of networks for which the ACL applies. This mask field is ANDed with the network portion of and the source network of the incoming packets to determine a hit.
acl permit|deny ipxgns acl permit|deny ipxgns Purpose Create an IPX GNS (Get Nearest Server) ACL. Format acl permit|deny ipxgns Mode Configure Description The acl permit ipxgns and acl deny ipxgns commands define an ACL to allow or block replying to GNS requests. Parameters Name of this ACL. You can use a string of characters or a number. The SAP server’s IPX address in .
acl permit|deny ipxgns all traffic. You can only apply the acl permit ipxgns and acl deny ipxgns commands to output. Examples To create a GNS ACL to permit the SSR to reply with the server “FILESERVER”, whose IPX address is F6D5E4.01:20:0A:F3:24:5D, to get nearest server requests: ssr(config)# acl 100 permit ipxgns F6D5E4.01:20:0A:F3:24:5D 0004 FILESERVER To create a GNS ACL to prevent the SSR from replying with the server “ARCHIVESERVER”, whose IPX address is F6D5E4.
acl permit|deny ipxrip acl permit|deny ipxrip Purpose Create an IPX RIP (Route Information Protocol) ACL. Format acl permit|deny ipxrip Mode Configure Description The acl permit ipxrip and acl deny ipxrip commands define an ACL to allow or block IPX RIP traffic from entering or leaving the SSR. Parameters Name of this ACL. You can use a string of characters or a number. The “from” IPX network address.
acl permit|deny ipxrip Restrictions When you apply an ACL to an interface, the SSR appends an implicit deny rule to that ACL. The implicit deny rule denies all traffic. If you intend to allow all traffic that doesn’t match your specified ACL rules to go through, you must explicitly define a rule to permit all traffic.
acl permit|deny ipxsap acl permit|deny ipxsap Purpose Create an IPX SAP (Service Advertisement Protocol) ACL. Format acl permit|deny ipxsap Mode Configure Description The acl permit ipxsap and acl deny ipxsap commands define an ACL to allow or block IPX SAP traffic from entering or leaving the SSR. Parameters Name of this ACL. You can use a string of characters or a number. The SAP server’s IPX address in .
acl permit|deny ipxsap Restrictions When you apply an ACL to an interface, the SSR appends an implicit deny rule to that ACL. The implicit deny rule denies all traffic. If you intend to allow all traffic that doesn’t match your specified ACL rules to go through, you must explicitly define a rule to permit all traffic. Examples To create a SAP ACL to permit SAP information related to the server “FILESERVER” whose IPX address is F6D5E4.01:20:0A:F3:24:5D: ssr(config)# acl 100 permit ipxsap F6D5E4.
acl permit|deny ipxtype20 acl permit|deny ipxtype20 Purpose Create an IPX type 20 ACL. Format acl permit|deny ipxtype20 Mode Configure Description The acl permit ipxtype20 and acl deny ipxtype20 commands define an ACL to allow or block IPX type 20 packets from entering or leaving the SSR. Parameters Name of this ACL. You can use a string of characters or a number. Restrictions When you apply an ACL to an interface, the SSR appends an implicit deny rule to that ACL.
acl permit|deny tcp acl permit|deny tcp Purpose Create a TCP ACL. Format acl permit|deny tcp [accounting][established] Mode Configure Description The acl permit tcp and acl deny tcp commands define an ACL to allow or block TCP traffic from entering or leaving the SSR. For each of the values describing a flow, you can use the keyword any to specify a wildcard (“don’t care”) condition.
acl permit|deny tcp For TCP or UDP, is the number of the source TCP or UDP port. This field applies only to incoming TCP or UDP traffic. You can specify a range of port numbers using operator symbols; for example, 10-20 (between 10 and 20 inclusive), >1024 (greater than 1024), <1024 (less than 1024), !=1024 (not equal to 1024). The port numbers of some popular services are already defined as keywords. For example, for Telnet, you can enter the port number 23 as well as the keyword telnet.
acl permit|deny udp acl permit|deny udp Purpose Create a UDP ACL. Format acl permit|deny udp [accounting] Mode Configure Description The acl permit udp and acl deny udp commands define an ACL to allow or block UDP traffic from entering or leaving the SSR. For each of the values describing a flow, you can use the keyword any to specify a wildcard (“don’t care”) condition.
acl permit|deny udp For TCP or UDP, the number of the source TCP or UDP port. This field applies only to incoming TCP or UDP traffic. You can specify a range of port numbers using operator symbols; for example, 10-20 (between 10 and 20 inclusive), >1024 (greater than 1024), <1024 (les than 1024), !=1024 (not equal to 1024). The port numbers of some popular services are already defined as keywords. For example, for Telnet, you can enter the port number 23 as well as the keyword telnet.
acl-policy enable external acl-policy enable external Purpose Allow an external server to create and delete ACLs. Format acl-policy enable external Mode Configure Description The acl-policy enable external command allows ACLs to be configured by an external agent, such as the Policy Manager. If this command is in the active configuration, an external server can create, modify, and delete ACLs on the SSR.
acl-policy enable external 64 SSR Command Line Interface Reference Manual
Chapter 2 acl-edit Commands The acl-edit command activates the ACL Editor mode. The ACL Editor provides a userfriendly interface for maintaining and manipulating rules in an ACL. Using the editor, you can add, delete or re-order ACL rules. In addition, if the modified ACL is currently applied to an interface, the ACL is automatically “re-applied” to the interface and takes effect immediately. To edit an ACL, you enter the acl-edit command in Configure mode.
acl-edit acl-edit Purpose Enter ACL Editor to edit the specified ACL. Format acl-edit Mode Configure Description The acl-edit command enters the ACL Editor to edit an ACL specified by the user. Once inside the ACL editor, the user can then add, delete or re-order ACL rules for that ACL. If the ACL happens to be applied to an interface, changes made to that ACL will automatically take effect when the changes are committed to the running system. Parameters Name of the ACL to edit.
acl-edit Example To edit ACL 111: ssr(config)# acl-edit 111 1*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2000-2002 any 2*: acl 111 permit tcp 10.1.15.0/24 10.1.11.
acl permit|deny acl permit|deny Purpose Create an ACL rule to permit or deny traffic. Format acl permit|deny Mode ACL Editor Description The acl permit|deny commands are equivalent to the same commands in the Configuration mode. You can use these commands to create rules for the ACL that you are editing. Just like the acl commands in Configuration mode, new rules are appended to the end of the rules. You can use the move command to re-order the rules.
delete delete Purpose Deletes a rule from an ACL. Format delete Mode ACL Editor Description The delete commands allows the administrator to delete a specific rule from an ACL. When in the ACL Editor, each rule is displayed with its rule number. One can delete a specific rule from an ACL by specifying its rule number with the delete command. Parameters Number of the ACL rule to delete.
delete Example To delete ACL rule number 2 from the ACL: ssr(config)# acl-edit 111 1*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2000-2002 any 2*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2003-2005 any 3*: acl 111 deny udp ssr(acl-edit)> delete 2 1*: acl 111 permit tcp 10.1.15.0/24 10.1.11.
exit exit Purpose Exit ACL Editor. Format exit Mode ACL Editor Description The exit command allows the user to exit the ACL Editor. Before exiting, if changes are made to this ACL, the system will prompt the user to see if the changes should be committed to the running system or discarded. If the user commits the changes then changes made to this ACL will take effect immediately. If the ACL is applied to an interface, the ACL is automatically re-applied to the interface.
exit Example To create an ACL to deny IGMP traffic from the subnet 10.1.5.0 (with a 24 bit netmask) to any destination: ssr(config)# acl-edit 111 1*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2000-2002 any 2*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2003-2005 any 3*: acl 111 deny udp ssr(acl-edit)> delete 2 1*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2000-2002 any 2*: acl 111 deny udp ssr(acl-edit)> exit ssr(config)# acl 410 deny igmp 10.1.5.
move move Purpose Re-order ACL rules by moving a rule to another position. Format move after Mode ACL Editor Description The move command provides the user with the ability to re-order rules within an ACL. When new rules are entered in the ACL Editor, they are appended to the end of the rules. One can move these rules to the desired location by using the move command. The move command can also be used on existing ACL rules created in Configuration mode instead of the ACL Editor.
move Examples To move rule #2 to the end of the list: 74 ssr(config)# acl-edit 111 1*: acl 111 permit tcp 10.1.15.0/24 2*: acl 111 permit tcp 10.1.15.0/24 3*: acl 111 permit udp 10.1.17.0/24 4*: acl 111 permit udp 10.1.18.0/24 10.1.11.0/24 10.1.11.0/24 10.1.22.0/24 10.1.34.0/24 2000-2002 2003-2005 2000-2002 2003-2005 any any any any ssr(acl-edit)> move 2 after 4 1*: acl 111 permit tcp 10.1.15.0/24 2*: acl 111 permit udp 10.1.17.0/24 3*: acl 111 permit udp 10.1.18.0/24 4*: acl 111 permit tcp 10.1.15.
save save Purpose Save any changes made by the ACL Editor. Format save Mode ACL Editor Description The save command saves any non-committed changes made by the ACL Editor. If changes are made to this ACL, the changes will be saved and will take effect immediately. If the ACL is applied to an interface, the ACL is automatically re-applied to the interface. Packets going through this interface will be matched against the new rules in this ACL. The save command also contains an implicit exit command.
save Examples To save and commit the changes made by the ACL Editor. ssr(config)# acl-edit 111 1*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2000-2002 any 2*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2003-2005 any 3*: acl 111 deny udp ssr(acl-edit)> delete 2 1*: acl 111 permit tcp 10.1.15.0/24 10.1.11.
show show Purpose Displays the contents of the ACL in the current editing session. Format show Mode ACL Editor Description The show command displays the contents of the ACL currently being edited. Parameters None Restrictions None Examples To display the contents of the ACL currently being edited: ssr(acl-edit)# show 1*: acl 111 permit tcp 10.1.15.0/24 10.1.11.0/24 2000-2002 any 2*: acl 111 permit tcp 10.1.15.0/24 10.1.11.
show 78 SSR Command Line Interface Reference Manual
Chapter 3 aging Commands The aging commands control aging of learned MAC address entries in the SSR’s L2 lookup tables or layer3/4 flows. Using the aging commands, you can show L2 or layer 3/4 aging information, set or disable L2 aging on specific ports, set or disable aging of layer 3/4 flows, or set or disable NAT or LSNAT flows. Command Summary Table 3 lists the l2 and l3 aging commands. The sections following the table describe the command syntax. Table 3.
aging l2 disable aging l2 disable Purpose Disable aging of MAC addresses. Format aging l2 disable |all-ports Mode Configure Description By default, the SSR ages learned MAC addresses in the L2 lookup tables. Each port has its own L2 lookup table. When a learned entry ages out, the SSR removes the aged out entry. You can disable this behavior by disabling aging on all ports or on specific ports. Parameters |all-ports The port(s) on which you want to disable aging.
aging l2 disable To disable aging on slot 4, port 2, and slots 1 through 3, ports 4, 6, 7, and 8: ssr(config)# aging l2 disable et.4.2, et.(1-3).
aging l2 set aging-timeout aging l2 set aging-timeout Purpose Set the aging time for learned MAC entries. Format aging l2 set |all-ports aging-timeout Mode Configure Description The aging l2 set aging-timeout command sets the aging time for learned MAC entries. When the aging time expires for a MAC address, the SSR removes the MAC address from the specified port(s). The aging time is specified in seconds.
aging l2 set aging-timeout Example To set the aging time to 15 seconds on all ports: ssr(config)# aging l2 set all-ports aging-timeout 15 SSR Command Line Interface Reference Manual 83
aging l2 show status aging l2 show status Purpose Show the L2 aging status for SSR ports. Format aging l2 show status Mode User Description The aging l2 show status command shows whether L2 aging is enabled or disabled on SSR ports. For ports on which L2 aging is enabled, this command also shows the aging time. Parameters None. Restrictions None.
aging l3 set timeout aging l3 set timeout Purpose Set the aging time for a layer 3/4 flow. Format aging l3 set timeout |disable Mode Configure Description The aging l3 set timeout command sets the aging time for a layer 3/4 flow. The aging time is specified in seconds. Parameters The number of seconds the SSR allows for a layer 3/4 flow. You can specify a value from 30 to 3600 seconds.
aging l3 set nat-flow-timeout aging l3 set nat-flow-timeout Purpose Set the aging time for NAT and LSNAT flows. Format aging l3 set nat-flow-timeout |disable Mode Configure Description The aging l3 set nat-flow-timeout command sets the aging time for Network Address Translation (NAT) and Load Sharing NAT flows. The aging time is specified in minutes. Parameters The number of minutes the SSR allows for NAT and LSNAT flows. You can specify from 2 to 120 minutes.
aging l3 show status aging l3 show status Purpose Show the L3 aging status for SSR ports. Format aging l3 show status Mode User Description The aging l3 show status command shows whether layer 3/4 aging is enabled or disabled on SSR ports. For ports on which layer 3/4 aging is enabled, this command also shows the aging time. Parameters None. Restrictions None.
aging l3 show status 88 SSR Command Line Interface Reference Manual
Chapter 4 arp Commands The arp commands enable you to add, display, and clear ARP entries on the SSR. Command Summary Table 4 lists the arp commands. The sections following the table describe the command syntax. Table 4.
arp add arp add Purpose Add an ARP entry. Format arp add mac-addr exit-port keep-time Mode Enable and Configure Description The arp add command lets you manually add ARP entries to the ARP table. Typically, the SSR creates ARP entries dynamically. Using the arp add command, you can create an ARP entry to last a specific amount of time or as a permanent ARP entry. This command exists in both Enable and Configure mode with a slight variation.
arp add Note: This option is valid only for the Enable mode arp add command. Restrictions If you enter the arp add command while in the Configure mode, you can add only permanent ARP entries. Examples To create an ARP entry for the IP address 10.8.1.2 at port et.4.7 for 15 seconds: ssr# arp add 10.8.1.2 mac-addr 08:00:20:a2:f3:49 exit-port et.4.7 keep-time 15 To create a permanent ARP entry for the host nfs2 at port et.3.1: ssr(config)# arp add nfs2 mac-addr 080020:13a09f exit-port et.3.
arp clear arp clear Purpose Remove an ARP entry from the ARP table. Format arp clear |all Mode Enable Description The arp clear command lets you manually remove entries from the ARP table. The command can remove both dynamic and permanent entries. Parameters Hostname or IP address of the ARP entry to remove. all Remove all ARP entries, thus clearing the entire ARP table. Examples To remove the ARP entry for the host 10.8.1.2 from the ARP table:. ssr# arp clear 10.8.1.
arp clear permanently remove an ARP entry, use the negate command or no command to remove the entry. Here is an example of the no command: ssr# no arp add nfs2 macaddr 080020:13a09f exit-port et.3.1 This command removes the ARP entry for “nfs2”.
arp set interface arp set interface Purpose Set the lifetime of ARP entries in seconds. Format arp set interface |all keep-time Mode Configure Description The arp set interface ... keep-time command lets you specify the lifespan (inseconds) for any or all ARP interface entries. Parameters interface |all Name of the interface(s) for which you will define the lifespan. keep-time number of seconds determining lifespan of ARP interfaces.
arp show arp show Purpose Display the ARP table. Format arp show |all Mode Enable Description The arp show command displays the entire ARP table. Parameters Shows the ARP entry for the specified IP address. all Shows all entries in the ARP table.
statistics show arp statistics show arp Purpose Display ARP statistics. Format statistics show arp |all Mode Enable Description The arp show statistics command displays ARP statistics, such as the total number of ARP requests and replies. Parameters Displays ARP statistics for the specified interface. all 96 Displays ARP statistics for all router interfaces.
Chapter 5 bgp Commands The bgp commands let you display and set parameters for the Border Gateway Protocol (BGP). Command Summary Table 5 lists the bgp commands. The sections following the table describe the command syntax. Table 5.
Command Summary Table 5.
bgp add network bgp add network Purpose Adds a network to a BGP peer group. Format bgp add network |all group Mode Configure Description The bgp add network command lets you add a BGP peer network, thus allowing peer connections from any addresses in the specified range of network and mask pairs. Parameters network |all Specifies a network from which peer connections are allowed. Specify an IP address and Mask value. Example: 1.2.3.4/255.255.0.0 or 1.2.3.
bgp add peer-host bgp add peer-host Purpose Add a BGP peer by adding a peer host. Format bgp add peer-host group Mode Configure Description The bgp add peer-host command adds a peer-host to a BGP group. Parameters peer-host Specifies the peer host’s IP address. group Specifies the group ID of the group to which the peer host belongs. Restrictions None.
bgp clear peer-host bgp clear peer-host Purpose Removes a BGP peer host. Format bgp clear peer-host Mode Configure Description The bgp clear peer-host command removes a peer-host from a BGP group. Parameters peer-host Specifies the peer host’s IP address. Restrictions None.
bgp create peer-group bgp create peer-group Purpose Create a BGP Group based on type or the autonomous system of the peers. You can create any number of groups, but each group must have a unique combination of type and peer autonomous system.
bgp create peer-group routing An internal group which uses the routes of an interior protocol to resolve forwarding addresses. Type routing groups will determine the immediate next hops for routes by using the next hop received with a route from a peer as a forwarding address, and using this to look up an immediate next hop in an IGP’s routes. Such groups support distant peers, but need to be informed of the IGP whose routes they are using to determine immediate next hops.
bgp set cluster-id bgp set cluster-id Purpose Specifies the route reflection cluster ID for BGP. Format bgp set cluster-id Mode Configure Description The bgp set cluster-id command specifies the route reflection cluster ID for BGP. The cluster ID defaults to the same as the router-id. If a router is to be a route reflector, then a single cluster ID should be selected and configured on all route reflectors in the cluster.
bgp set peer-group bgp set peer-group Purpose Set parameters for the specified BGP Peer Group.
bgp set peer-group neighbors, and all routes received from any other internal neighbors will be sent to the reflector clients. Since the route reflector forwards routes in this way, the reflectorclient group need not be fully meshed. Use only for INTERNAL, ROUTING and IGP groups. no-client-reflect If the no-client-reflect option is specified, routes received from reflector clients will only be sent to internal neighbors which are not in the same group as the sending reflector client.
bgp set peer-group generate-default enabled|disabled Specifies whether the router should generate a default route when BGP receives a valid update from its peer. If this option is not specified, then the generation of default route is enabled. gateway If a network is not shared with a peer, this option specifies a router on an attached network to be used as the next hop router for routes received from this neighbor. This field is used for EBGP Multihop.
bgp set peer-group the peer to issue an OPEN. By default, all explicitly configured peers are active, they periodically send OPEN messages until the peer responds. Note that if it is applied to both sides of a peering session, it will prevent the session from ever being established. send-buffer Controls the amount of send buffer acquired from the memory subsystem. The maximum supported is 65535 bytes. By default, BGP acquires the maximum supported. Specify a number from 4096 – 65535.
bgp set peer-group no-v4-asloop Prevents routes with looped AS paths from being advertised to version 4 external peers. This can be useful to avoid advertising such routes to peer which would incorrectly forward the routes on to version 3 neighbors. as-count This option determines how many times the SSR will insert its own AS number when we send the AS path to an external neighbor. Specify a number between 1 and 25. The default is 1.
bgp set DampenFlap bgp set DampenFlap Purpose Configures parameters for Weighted Route Dampening. Format bgp set dampenflap [state enable|disable]|[suppress-above ]| [reuse-below ]|[max-flap ]|[unreach-decay ]| [reach-decay ]|[keep-history ] Mode Configure Description The bgp set dampenflap command configures the state of Weighted Route Dampening. Parameters state enable|disable Causes the Route Instability History to be maintained (enable option) or not (disable option).
bgp set DampenFlap current value when the route is unreachable. This half-life value determines the rate at which the metric value is decayed. The default is 900. reach-decay Specifies the time in seconds for the instability metric value to reach one half of its current value when the route is reachable. This half-life value determines the rate at which the metric value is decayed. A smaller half-life value will make a suppressed route reusable sooner than a larger value. The default is 300.
bgp set default-metric bgp set default-metric Purpose Set the metric used when advertising routes through BGP. Format bgp set default-metric Mode Configure Description The bgp set default-metric command lets you set the default metric BGP uses when it advertises routes. If this command is not specified, no metric is propagated. This metric may be overidden by a metric specified on the neighbor or group statements or in an export policy. Parameters Specifies the default cost.
bgp set peer-host bgp set peer-host Purpose Set parameters for a BGP peer host.
bgp set peer-host The set-pref metric works as a lower limit, below which the imported LOCAL_PREF may not set the GateD preference. For INTERNAL, IGP, and ROUTING hosts, use the group command to set the metric-out. Specify a number from 0 - 255. This parameter applies only to INTERNAL, IGP, and ROUTING hosts only. local-as Identifies the autonomous system which the router is representing to this group of peers. The default is the one configured using the set autonomous_system command.
bgp set peer-host external peer will only be opened when an interface with the appropriate local address (through which the peer or gateway address is directly reachable). In either case incoming connections will only be recognized as matching a configured peer if they are addressed to the configured local address. For INTERNAL, IGP and ROUTING, hosts use the group command to set the local-address. It should be one of the interface addresses.
bgp set peer-host show-warnings This option causes GateD to issue warning messages when receiving questionable BGP updates such as duplicate routes and/or deletions of non-existing routes. Normally these events are silently ignored. no-aggregator-id This option causes GateD to specify the router ID in the aggregator attribute as zero (instead of its router ID) in order to prevent different routers in an AS from creating aggregate routes with different AS paths.
bgp set peer-host optional-attributes-list Specifies the ID of the optional-attributes-list to be associated with this peer-group. Restrictions None.
bgp set preference bgp set preference Purpose Set BGP preference. Format bgp set preference Mode Configure Description The bgp set preference command lets you set the BGP preference for the SSR. Parameters Specifies the preference of routes learned from BGP. Specify a number from 0 255. The default preference is 170. Restrictions None.
bgp show aspaths bgp show aspaths Purpose Displays BGP AS path information Format bgp show aspaths |all [to-terminal|to-file] Mode Enable Description The bgp show aspaths command displays information about a specified AS path or all AS paths. The AS path is listed along with the number of routes that use it. Parameters Displays information about the specified AS path. all Displays information about all AS paths. to-terminal Causes output to be displayed on the terminal.
bgp show aspaths Example To display information about all AS paths: ssr# bgp show aspaths all Hash Ref Path 0 5 IGP (Id 1) 2 1 (64900) 64901 64902 IGP (Id 3) 7 4 (64900) 64901 IGP (Id 2) 120 SSR Command Line Interface Reference Manual
bgp show cidr-only bgp show cidr-only Purpose Display routes in the BGP routing table with CIDR network masks Format bgp show cidr-only |all [to-terminal|to-file] Mode Enable Description The bgp show cidr-only command displays the same type of route information as the bgp show routes command. The difference is that the bgp show cidr-only command limits the display to CIDR routes only. Parameters Displays information about the specified CIDR route.
bgp show cidr-only ssr# bgp show cidr-only all Proto Route/Mask NextHop BGP 12.2.19/25 207.135.89.65 BGP 12.5.172/22 207.135.89.65 BGP 12.5.252/23 207.135.89.65 BGP 12.6.42/23 207.135.89.65 BGP 12.6.134/23 207.135.89.65 BGP 12.7.214/23 207.135.89.
bgp show community bgp show community Purpose Displays routes that belong to a specified community. Format bgp show community community-id autonomous-system | wellknown-community [no-export|no-advertise|no-export-subconfed]| reservedcommunity ] [to-terminal|to-file] Mode Enable Description The bgp show community command displays routes that belong to a specified community in a specified autonomous system.
bgp show community no-export-subconfed Is a special community indicating the routes associated with this attribute must not be advertised to external BGP peers. (This includes peers in other members’ autonomous systems inside a BGP confederation.) reserved-community This option specifies one of the reserved communities that is not well-known. A reserved community is one that is in one of the following ranges (0x0000000 0x0000FFFF) or (0xFFFF0000 - 0xFFFFFFFF).
bgp show peer-as bgp show peer-as Purpose Displays information about TCP and BGP connections to an autonomous system. Format bgp show peer-as [to-terminal|to-file] Mode Enable Description The bgp show peer-as command displays information about routers in a specified autonomous system that are peered with the SSR. Parameters peer-as Is the AS number of a peer autonomous system. to-terminal Causes output to be displayed on the terminal. This is the default.
bgp show peer-as Example To display information about TCP and BGP connections to autonomous system 64901: ssr# bgp show peer-as 64901 group type External AS 64901 local 64900 flags <> peer 172.16.20.
bgp show peer-group-type bgp show peer-group-type Purpose Displays status information about BGP peers by group. Format bgp show peer-group-type external|internal|igp|routing [to-terminal|to-file] Mode Enable Description The bgp show peer-group-type command displays status information about BGP peers according to their group. Parameters external Displays status information about external peers. internal Displays status information about internal peers.
bgp show peer-group-type Example To display status information about external peers: ssr# bgp show peer-group-type external Group Neighbor V AS MsgRcvd MsgSent State external 172.16.20.
bgp show peer-host bgp show peer-host Purpose Displays status information about BGP peer hosts. Format bgp show peer-host received-routes|all-received-routes|advertised-routes [to-terminal|to-file] Mode Enable Description The bgp show peer-host command displays information related to a specified BGP peer host.
bgp show peer-host Restrictions None. Examples To display all valid BGP routes received and accepted from peer host 172.16.20.2: ssr# bgp show peer-host 172.16.20.2 received-routes BGP table : Local router ID is 192.68.11.1 Status codes: s suppressed, d damped, h history, * valid, internal Origin codes: i - IGP, e - EGP, ? - incomplete *> *> *> *> Network 172.16.70/24 172.16.220/24 192.68.20/24 192.68.222/24 Next Hop 172.16.20.2 172.16.20.2 172.16.20.2 172.16.20.
bgp show routes bgp show routes Purpose Displays entries in the BGP routing table. Format bgp show routes |all [to-terminal|to-file] Mode Enable Description The bgp show routes command displays the IP address/netmask, next hop, and AS path for each BGP route. Parameters Displays information about the specified route. all Displays information about all routes. to-terminal Causes output to be displayed on the terminal. This is the default.
bgp show routes Example To display the BGP routing table: ssr# bgp show routes all Proto Route/Mask NextHop BGP 172.16.70/24 172.16.20.2 BGP 172.16.220/24 172.16.20.2 BGP 192.68.20/24 172.16.20.2 BGP 192.68.222/24 172.16.20.
bgp show summary bgp show summary Purpose Displays the status of all BGP connections. Format bgp show summary [to-terminal|to-file] Mode Enable Description The bgp show summary command displays the status of all BGP peers of the SSR. Parameters to-terminal Causes output to be displayed on the terminal. This is the default. to-file Causes output to be saved in the file /gatedtrc/gated.dmp. Restrictions None.
bgp show sync-tree bgp show sync-tree Purpose Displays the BGP synchronization tree. Format bgp show sync-tree Mode Enable Description The bgp show sync-tree command displays the BGP synchronization tree. The synchronization tree is used by IBGP peers to resolve the next hop (forwarding address). It gives information about routes that are orphaned because the next hop could not be resolved. Parameters None. Restrictions None.
bgp show sync-tree Examples The following example shows the next hops for some of the routes that are not resolved (by showing orphaned routes): ssr# bgp show sync tree Task BGP_Sync_64805: IGP Protocol: Any BGP Group: group type Routing AS 64805 Sync Tree (* == active, + == active with alternate, - == inactive with alternate: Orphaned routes Forwarding address 172.23.1.18 3/255 peer 172.23.1.26 preference 170 128.36/255.255 peer 172.23.1.26 preference 170 128.152/255.255 peer 172.23.1.
bgp start|stop bgp start|stop Purpose Start or stop Border Gateway Protocol (BGP). Format bgp start|stop Mode Configure Description The bgp start command starts BGP on the SSR. Parameters start Starts BGP. stop Stops BGP. Restrictions None.
bgp trace bgp trace Purpose Set BGP trace options. Format bgp trace [packets|open|update|keep-alive [detail|send|receive|[group [peer-host ]]] [aspath] [local-options all|general|state|normal|policy|task|timer|route] Mode Configure Description The bgp trace command lets you set BGP trace options for the SSR. Parameters packets Traces all BGP packets. open Traces BGP OPEN packets, which are used to establish a peer relationship.
bgp trace all Traces all additions, changes, and deletions to the GateD routing table. general Activates normal and route tracing. state Traces state machine transitions in the protocol normal Traces normal protocol occurences. (Abnormal protocol occurences are always traced.
Chapter 6 cli Commands The cli commands allow you to change the behavior of the CLI in terms of command completion and command history recall. Command Summary Table 6 lists the cli commands. The sections following the table describe the command syntax. Table 6.
cli set command completion cli set command completion Purpose Turn on or off command completion support. Format cli set command completion on|off Mode User and Configure Description The cli set command completion command lets you enable or disable command completion support. This command works in both User and Configure mode. When executed in Configure mode, it turns on or off command completion support for the entire system.
cli set history cli set history Purpose Modify command history recall characteristics. Format cli set history size |default|maxsize Mode User and Configure Description The cli set history command lets you to set the size of the command history buffer. Each command stored in this buffer can be recalled without having the user type in the same, complete command again. By setting the size of this history buffer, one tells the router how many of the most recently executed commands should be stored.
cli set history Examples To set the history buffer size to 100 commands: ssr# cli set history size 100 142 SSR Command Line Interface Reference Manual
cli set terminal cli set terminal Purpose Modify current session’s terminal settings. Format cli set terminal [columns ] [rows ] Mode User Description The cli set terminal command lets you modify the terminal screen size of the current session. Specifying the number of rows available on your terminal causes the system to automatically pause when screen output fills the entire screen. Parameters columns Number of columns for your terminal. Minimum acceptable value is 20.
cli show history cli show history Purpose Display the command history from the current CLI session. Format cli show history Mode User Description The cli show history command shows the commands you have issued during the current CLI session. A number is associated with each command. A command’s number is useful for re-entering, modifying, or negating the command. Note: You also can perform a command history recall by entering !* at any command prompt. Parameters None. Restrictions None.
cli show terminal cli show terminal Purpose Display information about the current terminal settings. Format cli show terminal Mode User Description The cli show terminal command shows information about the terminal settings. The terminal settings affect the display characteristics of your CLI session. Parameters None. Restrictions None.
cli terminal monitor cli terminal monitor Purpose Allows the current CLI session to receive or not receive console output. Format cli terminal monitor on|off Mode Enable Description Some system messages are normally only sent to the management console. The cli terminal monitor command allows the current CLI session to also receive those messages.
Chapter 7 configure Command The configure command places the CLI session in Configure mode. Configure mode allows you to set and change SSR parameters. Purpose Enter the CLI’s Configure mode. Format configure Mode Enable Description Enters Configure mode. To exit Configure mode, use the exit command. Parameters None.
Restrictions To enter Configure mode, you must already be in Enable mode.
Chapter 8 copy Command The copy command lets you copy a file. Purpose Copy configuration information or files. Format copy active|scratchpad|tftp-server|rcp-server|startup|| to backup-CM|active|scratchpad|tftp-server|rcp-server|startup|| Mode Enable Description The copy command is primarily for transferring configuration information. You can copy configuration information between the SSR and external hosts using protocols such as TFTP or RCP.
Parameters active Specifies information from the active configuration database (the running system configuration). scratchpad Specifies configuration changes from the scratchpad. tftp-server Downloads or uploads a file on a TFTP server. rcp-server Downloads or uploads a file on an RCP server. startup Copies the Startup configuration information stored in the Control Module’s NVRAM. Specifies the name of a file on the SSR’s local file system (NVRAM or PCMCIA card).
To copy the file config.john to config.debi:. ssr# copy config.john to config.debi To copy the Startup configuration to a TFTP server for backup purposes, enter the following command. The CLI prompts for the TFTP server’s IP address or hostname and the filename: ssr# copy startup to tftp-server To copy a previously saved configuration from a TFTP server to the Startup configuration, enter the following command. Note the use of an URL to specify the TFTP server and the filename. ssr# copy tftp://10.1.2.
SSR Command Line Interface Reference Manual
Chapter 9 diff Command The diff configuration command compares the active configuration with the specified configuration file. Format diff configuration |startup Mode Configure Description The diff configuration command compares the active configuration with the specified configuration file. Parameters Name of a configuration file. startup The Startup configuration file.
Restrictions None.
Chapter 10 dhcp Commands The dhcp commands allow you to configure scopes (sets of IP address pools and network parameters) that are to be used by Dynamic Host Configuration Protocol (DHCP) clients and apply them to interfaces on the SSR. Command Summary Table 7 lists the dhcp commands. The sections following the table describe the command syntax. Table 7.
dhcp attach superscope dhcp attach superscope Purpose Creates a group of scopes that share a common interface. Format dhcp attach superscope Mode Configure Description The dhcp attach superscope command allows you to create a “superscope,” a group of scopes that share a common physical interface. For example, you can define and group together scopes for different subnets that are accessed through a single port or VLAN.
dhcp define parameters dhcp define parameters Purpose Define parameters to be used by DHCP clients. Format dhcp define parameters ... Mode Configure Description The dhcp define parameters command allows you to define a set of parameters that are to be used by clients when DHCP is enabled. The client uses these parameters to configure its network environment, for example, the default gateway and DNS domain name.
dhcp define parameters gateway Specify the IP address of the default gateway. lease-time Specify how long, in minutes, the lease is valid. (A lease is the amount of time that an assigned IP address is valid for a client system.) netbios-name-server Specify the IP address of the NetBIOS name server or WINS server. netbios-node-type Specify the NetBIOS node type of the client. netbios-scope Specify the NetBIOS scope of the client. Restrictions None.
dhcp define pool dhcp define pool Purpose Define a pool of IP addresses to be used by DHCP clients. Format dhcp define pool Mode Configure Description The dhcp define pool command allows you to define a pool of IP addresses that can be used by DHCP clients. An IP address pool, along with a set of parameters defined with the dhcp define parameters command, make up a DHCP “scope”. Parameters A name that refers to the specified pool of addresses.
dhcp define pool Examples To specify the addresses between 10.1.1.1 to 10.1.1.20 as the pool of IP addresses for the scope ‘clients’: ssr(config)# dhcp clients define pool 10.1.1.1-10.1.1.20 To specify two separate pools of IP addresses for the scope ‘clients’: ssr(config)# dhcp clients define pool 10.1.1.1-10.1.1.20 ssr(config)# dhcp clients define pool 10.1.1.30-10.1.1.
dhcp define static-ip dhcp define static-ip Purpose Define a static IP address for a specific MAC address. Format dhcp define static-ip mac-address [ ...] Mode Configure Description The dhcp define static-ip command allows you to configure a static IP address for a specific MAC address. For example, you can define a static IP address for a printer’s MAC address to ensure that the printer always receives the same IP address from the DHCP server.
dhcp define static-ip Specifies the client parameters and values for this static IP address. You can specify one or more of the following client parameters and values: broadcast Specify the broadcast address. bootfile Specify the client’s boot filename. dns-domain Specify the DNS domain name. dns-server Specify the IP address of the DNS server. gateway Specify the IP address of the default gateway. lease-time Specify how long, in minutes, the lease is valid.
dhcp define static-ip To define two different scopes (‘public’ and ‘private’) with two different static IP addresses (10.1.44.55 and 10.2.10.23) that map to the MAC address 08:00:20:12:34:56: ssr(config)# dhcp public define static-ip 10.1.44.55 mac-address 08:00:20:12:34:56 ssr(config)# dhcp private define static-ip 10.2.10.
dhcp flush dhcp flush Purpose Forces the DHCP server to update its lease database. Format dhcp flush Mode Enable Description The DHCP server normally updates its lease database at the intervals specified with the dhcp global set commit-interval command. While the DHCP server is running, you can force the server to immediately update its lease database by using the dhcp flush command. Parameters None. Restrictions None.
dhcp global set commit-interval dhcp global set commit-interval Purpose Configure the intervals at which the DHCP server updates the lease database. Format dhcp global set commit-interval Mode Configure Description After each client transaction, the DHCP server does not immediately update the information in the lease database. Lease update information is stored in flash memory and flushed to the database at certain intervals.
dhcp global set lease-database dhcp global set lease-database Purpose Specify a TFTP or RCP server where the lease database is backed up. Format dhcp global set lease-database Mode Configure Description By default, the SSR stores the clients’ lease information (the lease database) in its flash memory. You can use the dhcp global set lease-database command to specify a TFTP or RCP server where the lease database is to be periodically backed up.
dhcp global set lease-database To configure the lease database to be on an RCP server (10.50.89.89) with the user name ‘john’ and the file name ‘lease-db’: ssr(config)# dhcp global set lease-database rcp://john@10.50.89.
dhcp show binding dhcp show binding Purpose Display information from the lease database. Format dhcp show binding [active|expired|static] Mode Enable Description The dhcp show ommand displays information from the lease database. If you do not specify any parameters, the DHCP server displays the entire lease database. Parameters active Displays currently active leases only. expired Displays expired leases only. static Displays leases with static IP address assignments only. Restrictions None.
dhcp show binding Example To display information from the lease database: ssr# dhcp show binding IP address Hardware Address Lease Expiration ---------- ---------------- ---------------10.20.1.22 00:40:05:41:f1:2d 1999-05-24 17:45:06 10.20.1.23 00:00:b4:b1:29:9c 1999-05-24 17:45:04 10.20.1.21 00:00:b4:b0:f4:83 1999-05-24 17:45:01 10.20.1.20 00:80:c8:e1:20:8a 1999-05-24 09:24:30 10.30.7.9 08:00:20:11:22:33 --10.30.7.
dhcp show num-clients dhcp show num-clients Purpose Display the number of allocated bindings for the DHCP server and the maximum number allowed. Format dhcp show num-clients Mode Enable Description This dhcp show ommand displays the number of allocated bindings for the DHCP server and the maximum number allowed. Parameters None. Restrictions None.
dhcp show num-clients SSR Command Line Interface Reference Manual 171
dhcp show num-clients 172 SSR Command Line Interface Reference Manual
Chapter 11 dvmrp Commands The dvmrp commands let you configure and display information about Distance Vector Multicast Routing Protocol (DVMRP) interfaces. Command Summary Table 8 lists the dvmrp commands. The sections following the table describe the command syntax. Table 8.
dvmrp accept route dvmrp accept route Purpose Specifies routes to be accepted from DVMRP neighbor routers. Format dvmrp accept|noaccept route [exact] [interface [router ]] Mode Configure Description The dvmrp accept route command allows you to specify particular routes that can be learned from DVMRP neighbors. A route is always accepted from a DVMRP neighbor unless you use the dvmrp noaccept route to prevent it from being accepted.
dvmrp accept route router Is the IP address of a DVMRP neighbor router. Restrictions None. Examples To cause the SSR to accept only prefix 20.30.40.0/24, and filter out all other routes: ssr(config)# dvmrp noaccept route 0/0 interface customer1 ssr(config)# dvmrp accept route 20.30.40.0/24 interface customer1 If interface customer1 breaks subnet 20.30.40.
dvmrp advertise route dvmrp advertise route Purpose Specifies routes to be advertised to DVMRP neighbor routers. Format dvmrp advertise|noadvertise route [exact] [interface ] Mode Configure Description The dvmrp advertise route command allows you to specify particular routes that can be advertised to DVMRP neighbors. A route is always advertised to a DVMRP neighbor unless you use the dvmrp noadvertise route command to prevent it from being advertised.
dvmrp advertise route Restrictions None. Examples To prevent route 10.0.0.0/8 from being advertised on interface mbone (all other routes are advertised): ssr(config)# dvmrp noadvertise route 10/8 interface mbone To advertise only route 20.20.20.0/24 to its neighbors on interface mbone: ssr(config)# dvmrp noadvertise route 0/0 interface mbone ssr(config)# dvmrp advertise route 20.20.20.
dvmrp create tunnel dvmrp create tunnel Purpose Creates a DVMRP tunnel. Format dvmrp create tunnel local remote Mode Configure Description The dvmrp create tunnel command creates a DVMRP tunnel for sending multicast traffic between two end points. Parameters Name of this DVMRP tunnel. local IP address of the local end point of this tunnel. Note: The local IP address must already be configured on the SSR.
dvmrp create tunnel • Example To create a DVMRP tunnel called tun12 between 10.3.4.15 (the local end of the tunnel) and 10.5.3.78 (the remote end of the tunnel): ssr(config)# dvmrp create tunnel tun12 local 10.3.4.15 remote 10.5.3.
dvmrp enable no-pruning dvmrp enable no-pruning Purpose Disables DVMRP pruning. Note: Pruning is enabled by default. The current DVMRP specification requires pruning capability. Unless you have a good reason for disabling pruning, Cabletron Systems recommends that you leave it enabled. Format dvmrp enable no-pruning Mode Configure Description Disable DVMRP pruning. Parameters None. Restrictions None.
dvmrp enable interface dvmrp enable interface Purpose Enables DVMRP on an interface. Format dvmrp enable interface | Mode Configure Description The dvmrp enable interface command enables DVMRP on the specified interface. Parameters | IP address or tunnel name of the interface on which you are enabling DVMRP. • If you are enabling DVMRP on an interface that does not have a tunnel, specify its name or IP address.
dvmrp enable interface Examples To enable DVMRP on the IP interface with IP address 10.50.78.2: ssr(config)# dvmrp enable interface 10.50.78.
dvmrp set interface dvmrp set interface Purpose Configures various DVMRP parameters on an interface. Format dvmrp set interface [metric ] [neighbor-timeout ] [prunetime ] [rate ] [scope ] [threshold ] Mode Configure Description The dvmrp set interface command sets DVMRP parameters on an IP interface. Parameters
dvmrp set interface rate The multicast rate of this interface in kbps. Specify a number in the range 1 – 10000. The default is 500. Note: The option applies only to tunnels. scope The multicast scope of this interface. The purpose of this option is to disallow the groups specified by a scope from being forwarded across an interface. This option therefore is a filtering mechanism.
dvmrp show interface dvmrp show interface Purpose Displays DVMRP interfaces. Format dvmrp show interface [] Mode Enable Description The dvmrp show interface command displays the state of an interface running DVMRP, along with other neighbor-related information. Neighbors are displayed with their DVMRP version and capability flags and Generation IDs; this information can help in debugging. If rules are in effect for an interface, they are indicated by ExportPol or the ImportPol flags.
dvmrp show interface Examples Here is an example of the dvmrp show interface command. ssr# dvmrp show interface Address: 10.50.1.1 Name : pc Subnet: 10.50.1/24 State: Dn Igmp Dvmrp Met: 1 Thr: 1 Address: 207.135.89.10 Name : corp Peer : 207.135.89.1 Subnet: 207.135.89.0/27 Met: 1 Thr: 1 State: Up Igmp Dvmrp Querier ExportPol Version: 3.255 Flags:0xe GID: 0x31a Address: 10.55.89.101 Name : lab Peer : 10.55.89.100 Subnet: 10.55.89/24 State: Up Dvmrp Version: 3.255 Address: 207.135.89.
dvmrp show routes dvmrp show routes Purpose Displays DVMRP unicast routing table. Format dvmrp show routes host |interface |net |router subordinates|permission Mode Enable Description The dvmrp show routes command displays the contents of DVMRP unicast routing table. DVMRP routes show the topology information for the internet multicasting sites. It is independent of IP unicast routing table or protocol.
dvmrp show routes net Displays the route to the specified prefix (or subnets falling within the prefix). router Displays the route to the specified router. subordinates Displays the downstream routers list. permissions Indicates whether a route is affected by any rules. Routes marked NoAdv are not advertised. Restrictions None. Examples To display DVMRP routes offered by the next-hop router 207.137.137.1: ssr# dvmrp show routes router 207.137.137.
dvmrp show routes To show non-advertised routes on interface lab: ssr# dvmrp show routes interface lab permission DVMRP Routing Table (4232 routes, 5 hold-down-routes) Net: 100.100.100/24 Gateway: 10.55.89.100 Met: 2 Age: Parent: lab Children: corp mbone leaf NoAdv Net: 20.20.20/24 Parent: lab Net: 10.55.89/24 Parent: lab 2 25 Gateway: 10.55.89.
dvmrp show rules dvmrp show rules Purpose Displays the rules in effect for filtering routes from DVMRP neighbor routers. Format dvmrp show rules Mode Enable Description The dvmrp show rules command displays the filtering rules in effect for DVMRP routes. Once you have set rules with the dvmrp accept and dvmrp advertise commands, you can display the active rules by entering the dvmrp show rules command. Parameters None. Restrictions None.
dvmrp show rules To display information about these rules: # dvmrp show NoAdvertise: Advertise : Advertise : NoAdvertise: rules 10.0.0.0/8 207.135.89.0/24 207.135.88.0/24 default IF: IF: IF: IF: corp mbone mbone mbone These rules would affect the routing table as follows: # dvmrp show route net 10/8 permissions Net: 10.55.
dvmrp start dvmrp start Purpose Starts DVMRP multicast routing. Format dvmrp start Mode Configure Description The dvmrp start command starts DVMRP multicast routing on the configured multicastenabled interfaces and tunnels. Note: Because DVMRP is the only multicasting protocol on the SSR, IGMP starts and stops along with DVMRP. If you want to start IGMP on local interfaces, you still must use this command. DVMRP is by default not running. DVMRP does not interact with any unicast protocol.
Chapter 12 enable Command The enable command switches the CLI session from User mode to Enable mode. Format enable Mode User Description The enable command switches your CLI session from User mode to Enable mode. After you issue the command, the CLI will prompt you for a password if a password is configured. If no password is configured, a warning message advising you to configure a password is displayed.
Restrictions None.
Chapter 13 erase Command The erase command erases the contents of the scratchpad or Startup configuration files. Format erase scratchpad|startup Mode Configure Description The erase scratchpad command erases the contents of the SSR’s command scratchpad. The erase startup command erases the Startup configuration from the Control Module’s NVRAM. Parameters scratchpad Erases the contents of the scratchpad. The scratchpad contains configuration commands that you have issued but have not yet activated.
Restrictions The erase commands do not delete other types of files. To delete a file, use the file del command.
Chapter 14 exit Command The exit command exits the current CLI mode to the previous mode. For example, if you are in the Enable mode, exit returns you to the User mode. If you are in Configure mode, exit returns you to Enable mode. If you are in User mode, exit closes your CLI session and logs you off the SSR. Format exit Mode All modes. Parameters None. Restrictions None.
SSR Command Line Interface Reference Manual
Chapter 15 file Commands The file commands enable you to display a directory of the files on a storage device, display the contents of a file on the console, and delete a file. Command Summary Table 9 lists the file commands. The sections following the table describe the command syntax. Table 9.
file delete file delete Purpose Delete a file. Format file delete Mode Enable Description The file delete command deletes the specified file. The filename can include a device name. By default, if a device name is not specified, it is assumed to be the bootflash: device which is where all configuration files are stored. Parameters Name of the file to delete. The filename can include a device name using this format: :.
file dir file dir Purpose Display contents of a file system. Format file dir Mode User. Description Displays a directory of the files on the specified storage device. Parameters Device name. You can specify one of the following: bootflash: The Control Module’s NVRAM. slot0: The PCMCIA flash card in slot 0 (the upper slot). slot1: The PCMCIA flash card in slot 1(the lower slot). Restrictions None.
file type file type Purpose Display contents of a file. Format file type Mode Enable. Description Displays the contents of a file. Parameters Name of the file to display. The filename can include a device name using this format: :. By default, if a device name is not specified, it is assumed to be the bootflash device. The bootflash device is the default device for storing configuration files. Restrictions None.
Chapter 16 filters Commands The filters commands let you create and apply the following types of security filters: • Address filters. Address filters block traffic based on a frame’s source MAC address, destination MAC address, or both. Address filters are always configured and applied on the input port. • Static entry filters. Static entry filters allow or force traffic to go to a set of destination ports based on a frame’s source MAC address, destination MAC address, or both.
Command Summary Table 10.
filters add address-filter filters add address-filter Purpose Applies an address filter. Format filters add address-filter name source-mac dest-mac vlan in-port-list Mode Configure Description The filters add address-filter command blocks traffic based on a frame’s source MAC address (source-mac), destination MAC address (dest-mac), or a flow (specified using both a source MAC address and a destination MAC address).
filters add port-address-lock filters add port-address-lock Purpose Applies a port address lock. Format filters add port-address-lock name source-mac vlan in-port-list Mode Configure Description The filters add port-address-lock command locks a user (identified by the user’s MAC address) to a specific port or set of ports. The source MAC address will be allowed to reach only those stations and other ports that are connected to a port specified by in-portlist.
filters add secure-port filters add secure-port Purpose Applies a port security filter. Format filters add secure-port name direction source|destination vlan in-port-list Mode Configure Description The filters add secure-port command shuts down Layer 2 access to the SSR from the ports specified by in-port-list. The SSR drops all traffic received from these ports.
filters add static-entry filters add static-entry Purpose Applies a static entry.
filters add static-entry dest-mac Specifies the destination MAC address. Use this option for destination or flow static entries. in-port-list Specifies the ports to which you want to apply the static entry. out-port-list Specifies the ports to which you are allowing, disallowing, or forcing packets. Restrictions You should apply flow filters (specified using both a source MAC address and a destination MAC address) only to ports that are using flow-based bridging.
filters show address-filter filters show address-filter Purpose Displays the address filters. Format filters show address-filter [all-source|all-destination|all-flow] [source-mac dest-mac ] [ports ] [vlan ] Mode Enable Description The filters show address-filter command displays the address filters currently configured on the SSR. Parameters all-source|all-destination|all-flow Specifies the types of filters you want to display.
filters show address-filter Restrictions None.
filters show port-address-lock filters show port-address-lock Purpose Display the port address locks. Format filters show port-address-lock [ports ] [vlan ] [source-mac ] Mode Enable Description The filters show port-address-lock command displays the port-address-lock filters currently configured on the SSR. Parameters ports Restricts the display to only those port address locks that have been applied to the specified ports.
filters show secure-port filters show secure-port Purpose Display the port security filters. Format filters show secure-port Mode Enable Description The filters show secure-port command displays the secure-port filters currently configured on the SSR. Parameters None. Restrictions None.
filters show static-entry filters show static-entry Purpose Displays the static entry filters. Format filters show static-entry [all-source|all-destination|all-flow] ports vlan [source-mac dest-mac ] Mode Configure Description The filters show static-entry command displays the static-entry filters currently configured on the SSR. Parameters all-source|all-destination|all-flow Specifies the types of static entries you want to display.
filters show static-entry Restrictions None.
filters show static-entry 216 SSR Command Line Interface Reference Manual
Chapter 17 frame relay Commands The following commands allow you to define frame relay service profiles, and specify and monitor frame relay High-Speed Serial Interface (HSSI) and standard serial ports. Command Summary Table 11 lists the frame relay commands. The sections following the table describe the command syntax. Table 11.
Command Summary Table 11.
frame-relay apply service ports frame-relay apply service ports Purpose Apply a pre-defined service profile to a frame relay virtual circuit (VC). Format frame-relay apply service ports Mode Configure Description Issuing the frame-relay apply service command allows you to apply a previously defined service profile to a given frame relay VC. Parameters The name of the previously defined service profile you wish to apply to the given port(s) or interfaces.
frame-relay create vc frame-relay create vc Purpose Create frame relay virtual circuits (VCs). Format frame-relay create vc Mode Configure Description The frame-relay create vc command allows you to create a frame-relay virtual circuit on a slot and port location specified in the command line. Parameters The port on which you wish to create a frame relay virtual circuit. Restrictions Usage is restricted to frame relay ports only.
frame-relay define service frame-relay define service Purpose Configure service profiles for frame relay ports.
frame-relay define service • The maximum and minimum threshold values for RED high-, low-, and mediumpriority traffic. In general, Cabletron recommends that the maximum threshold values be less than or equal to the respective high-, low-, or medium-priority queue depth. The minimum threshold values should be one-third of the respective maximum threshold. • Activation and deactivation of RMON for frame relay VCs.
frame-relay define service red on|off Specifying the on keyword enables RED for frame relay ports. Specifying the off keyword disables RED for frame relay ports. red-maxTh-high-prio-traffic The maximum allowable number of frames for high-priority RED traffic. You can specify a number between 1 and 65,535. The default value is 12. red-maxTh-low-prio-traffic The maximum allowable number of frames for low-priority RED traffic. You can specify a number between 1 and 65,535.
frame-relay define service • Random Early Discard (RED) disabled • RMON enabled The command line necessary to set up a service profile with the above attributes would be as follows: ssr(config)# frame-relay define service profile1 Bc 35000000 Be 30000000 becn-adaptive-shaping 65000 cir 120000000 red off rmon on 224 SSR Command Line Interface Reference Manual
frame-relay set fr-encaps-bgd frame-relay set fr-encaps-bgd Purpose Force the ingress packets to be encapsulated in bridged format. Format frame-relay set fr-encaps-bgd ports Mode Configure Description Issuing the frame-relay set fr-encaps-bgd command allows you to use bridged format encapsulation on a given frame relay VC. Parameters The port(s) to which you wish to use bridged encapsulation. You can specify a single VC or a comma-separated list of VCs.
frame-relay set lmi frame-relay set lmi Purpose Set frame relay Local Management Interface (LMI) parameters.
frame-relay set lmi full-enquiry-interval The number of status enquiries that will be sent before a full report on status is compiled and transmitted. monitored-events The number of status enquiries over which collection and tabulation of various pieces of LMI information will take place. polling-interval The amount of time (in seconds) that will pass before a subsequent status enquiry takes place. state enabled|disabled Enables the sending and receiving of LMI messages.
frame-relay set payload-compress frame-relay set payload-compress Purpose Enable packet compression for frame-relay ports. Format frame-relay set payload-compress [type frf9_mode1_stac] ports Mode Configure Description The frame-relay set payload-compress command allows you to enable packet compression according to Mode 1 of FRF 9. If this command is not configured, packet compression is not enabled. Parameters type frf9_mode1_stac Specifies the Stacker FRF 9, Mode 1 compression algorithm.
frame-relay set peer-addr frame-relay set peer-addr Purpose Set the peer address in case that InArp is not supported on the remote device. Format frame-relay set peer-addr ports Mode Configure Description Issuing the frame-relay set peer-addr command allows you to set the peer address if it can't be resolved by InArp. Parameters The IP or IPX address you wish to use. The location of the port to which you wish to assign the address.
frame-relay show service frame-relay show service Purpose Displays frame relay service profiles. Format frame-relay show service |all Mode Enable Description The frame-relay show service command allows you to display the available frame relay service profiles. Parameters The name of a particular pre-defined service profile. all Displays all of the available frame relay service profiles. Restrictions None.
frame-relay show stats frame-relay show stats Purpose Displays frame relay statistics. Format frame-relay show stats port [last-error] [lmi] [mibII] Mode Enable Description The frame-relay show stats command allows you to display the following frame relay port statistics for the given port: • The last reported frame relay error. • The active frame relay LMI parameters. • The MIBII statistics for frame relay WAN ports.
frame-relay show stats Restrictions The last error, mibii, and lmi commands are for ports only (no VC designators allowed). Otherwise, the port name may have the “VC” designator. Examples To display the last recorded error and MIB II statistics and for serial port 1 of slot 3: ssr# frame-relay show stats port se.3.1 last-error mibII To display the VC statistics for serial port 1, slot 3, VCs 1-10: ssr# frame-relay show stats port se.3.1.
frame-relay show stats summary frame-relay show stats summary Purpose Displays a summary of all VC statistics. Format frame-relay show stats summary port Mode Enable Description The frame-relay show stats summary command allows you to display all of the summary information for VC statistics. Parameters The port or ports for which you wish to display summary statistics. Restrictions None.
frame-relay show stats summary 234 SSR Command Line Interface Reference Manual
Chapter 18 igmp Commands The igmp commands let you display and set IGMP parameters. Command Summary Table 12 lists the igmp commands. The sections following the table describe the command syntax. Table 12.
igmp enable interface igmp enable interface Purpose Enables IGMP on an interface. Format igmp enable interface Mode Configure Description The igmp enable interface command enables IGMP on the specified interface. Parameters Name or IP address of the interface on which you are enabling IGMP. Restrictions IGMP is not enabled on tunnels. Example To enable IGMP on interface 10.50.1.2: ssr(config)# igmp enable interface 10.50.1.
igmp enable vlan igmp enable vlan Purpose Enables IGMP snooping on a VLAN. Format igmp enable vlan Mode Configure Description The igmp enable vlan command enables IGMP snooping on a specified VLAN. By default, IGMP snooping is disabled on all VLANs. Parameters Is the name of the VLAN where IGMP snooping is to be enabled. Restrictions Layer 3 multicasting and layer-2 snooping cannot be run simultaneously on the same VLAN.
igmp set interface igmp set interface Purpose Configures IGMP parameters. Format igmp set interface [allowed-groups |not-allowed-groups ] [use-all-ports] Mode Configure Description Sets IGMP parameters on a per-interface basis to control group restrictions and optimization. Parameters allowed-groups Restricts the groups to only those specified. not-allowed-groups Allows any groups besides those specified.
igmp set interface Examples The following is an example of the igmp set interface command:: ssr(config)# igmp set interface 200.1.1.1 allowed-groups 225.2.0.0/16 The above command will allow only memberships to groups falling in the specified range. Outside this range, all groups are implicitly ignored.
igmp set queryinterval igmp set queryinterval Purpose Configures IGMP Host Membership Query interval. Format igmp set queryinterval Mode Configure Description Sets the IGMP Host Membership Query time interval. The interval you set applies to all ports on the SSR. Parameters A value from 20 – 3600 seconds. The default is 125 seconds. Restrictions None.
igmp set responsetime igmp set responsetime Purpose Configures IGMP Host Membership response wait time. Format igmp set responsetime Mode Configure Description Sets the wait time for IGMP Host Membership responses. The wait time you set applies to all ports on the SSR. Parameters Response wait time in seconds. Specify a number from 10 – 3599. The default is 10. Restrictions None.
igmp set vlan igmp set vlan Purpose Sets parameters for IGMP snooping on a VLAN. Format igmp set vlan [host-timeout ] [querier-timeout ] [routertimeout leave-timeout ] [filter-ports ] [permanent-ports ] Mode Configure Description The igmp set vlan command allows you to set parameters for VLAN-based IGMP snooping. Parameters host-timeout Allows adjusting to long host timeout values that may have been set up for the IGMP querier.
igmp set vlan ensures that no host there will join any memberships. A port can optionally be either a permanent port or a filter port, but not both. permanent-ports Allows forcing of mulicast data if present on certain ports. A port can optionally be either a permanent port or a filter port, but not both. Restrictions None.
igmp show interfaces igmp show interfaces Purpose Shows the interfaces running IGMP. Format igmp show interfaces [group |interface ] Mode Enable Description The igmp show interfaces command shows memberships on a specified interface or for a multicast group address. When you use the command to show interfaces by group, all interfaces containing the group membership are shown.
igmp show interfaces Example To show information about the interfaces running IGMP: ssr# igmp show interfaces Address: 172.1.1.10 Subnet: 172.1.1/24 Met: 1 Thr: 1 Name : mls15 State: Up Querier Leaf Igmp Dvmrp Address: 207.135.89.64 Subnet: 207.135.89.0/25 Met: 1 Thr: 1 Name : company State: Up Querier Leaf Igmp Dvmrp Groups : 224.0.1.12 224.1.127.255 224.0.1.24 224.2.127.253 224.2.127.254 Address: 10.135.89.10 Subnet: 10.135.89.0/25 Met: 1 Thr: 1 Name : test State: Up Querier Igmp Dvmrp Address: 207.135.
igmp show memberships Purpose Displays IGMP host memberships. Format igmp show memberships [group |port ] Mode Enable Description The igmp show memberships command displays IGMP host members on a specific interface and/or for a particular multicast group. Parameters group Address of the multicast group for which to display host memberships. port Port numbers on which the members reside. Restrictions None. Examples To display host members for multicast group 225.0.1.
igmp show memberships The following is a fuller example. ssr(config)# igmp show memberships Group : Group : et.5.1 Group : Group : Group : et.5.1 Group : et.5.1 Group : 224.0.1.11 Ports: et.1.1 224.0.1.12 Ports: et.1.1 224.0.1.24 Ports: et.5.1 224.1.127.255 Ports: et.5.1 224.2.127.253 Ports: et.1.1 224.2.127.254 Ports: et.1.1 239.255.255.255 Ports: et.1.
igmp show timers igmp show timers Purpose Displays IGMP timers. Format igmp show timers Mode Enable Description The igmp show timers command displays IGMP timers. Parameters None. Restrictions None.
igmp show vlans igmp show vlans Purpose Displays IGMP VLANs. Format igmp show vlans [detail] [name ] [timers] Mode Enable Description The igmp show vlans command displays IGMP VLANs. Parameters detail Shows all IGMP membership information name Shows IGMP membership information for the specified VLAN timers Shows all IGMP L2 snooping related timers Restrictions None.
igmp start-snooping igmp start-snooping Purpose Starts passive IGMP snooping on enabled VLANs. Format igmp start-snooping Mode Configure Description The igmp start-snooping command starts IGMP snooping on enabled VLANs. This task is independent of L3 multicasting. Parameters None. Restrictions None.
Chapter 19 interface Commands The interface commands let you create IP and IPX interfaces, add network mask and broadcast address information to existing IP interfaces, and display configuration information for IP and IPX interfaces. Command Summary Table 13 lists the interface commands. The sections following the table describe the command syntax. Table 13.
interface add ip interface add ip Purpose Configure secondary addresses for an existing interface. Format interface add ip address-mask [broadcast ] Mode Configure Description The interface add ip command configures secondary addresses for an existing IP interface. Note: The interface must already exist. To create an interface, enter the interface create ip command. Parameters Name of the IP interface; for example, int4.
interface add ip Example To configure a secondary address of 10.23.4.36 with a 24-bit netmask (255.255.255.0) on the IP interface int4: ssr(config)# interface add ip int4 address-mask 10.23.4.
interface create ip interface create ip Purpose Create an IP interface. Format interface create ip address-mask [broadcast ] vlan |port mtu [output-mac-encapsulation ] [up|down] [mac-addr ] [type broadcast|point-to-point] Mode Configure Description The interface create ip command creates and configures an IP interface.
interface create ip Parameters Name of the IP interface; for example, int4. address-netmask IP address and netmask of this interface. You can specify the address and mask information using the traditional format (example: 10.1.2.3/255.255.0.0) or the CIDR format (example: 10.1.2.3/16). If you specify an address without mask information, the SSR uses the natural mask for the address ( /8 for Class A, /16 for Class B or /24 for Class C).
interface create ip type broadcast|point-to-point Sets the type of interface. Specify one of the following: – broadcast (the default) – point-to-point Restrictions None. Examples To create a VLAN called IP3, add ports et.3.1 through et.3.4 to the VLAN, then create an IP interface on the VLAN: ssr(config)# vlan create IP3 ip ssr(config)# vlan add ports et.3.1-4 to IP3 ssr(config)# interface create ip int3 address-mask 10.20.3.42/24 vlan IP3 To create an interface called “int7” with the address 10.50.
interface create ipx interface create ipx Purpose Create an IPX interface. Format interface create ipx address vlan | port [output-mac-encapsulation ] [up|down] [mac-addr ] Mode Configure Description The interface create ipx command creates and configures an IPX interface. Configuration of an IPX interface can include information such as the interface’s name, IPX address, VLAN, port, and output MAC encapsulation.
interface create ipx up Sets the state of the interface to up. (This is the default state.) down Sets the state of the interface to down. output-mac-encapsulation The output MAC encapsulation associated with this interface. You can specify one of the following: – ethernet_ii (the default) – ethernet_snap – ethernet_802.2_ipx mac-addr Sets the MAC address for this interface.
interface create ipx The following command creates an interface called “int5” with the IPX address 82af3d57 for port et.1.3. The interface is added in the down (disabled) state. ssr(config)# interface create ipx int5 address 82af3d57 port et.1.3 down To create an interface called “int6” with the MAC address 00:01:02:03:04:05 and IPX address 82af3d58 for port et.1.4. ssr(config)# interface create ipx int6 address 82af3d58 port et.1.
interface show ip interface show ip Purpose Display configuration of an IP interface. Format interface show ip | all Mode Enable Description The interface show ip command displays configuration information for an IP interface. Note: You can display exactly the same information from within the ip facility using the ip show interfaces command. Parameters | all Name of the IP interface; for example, int4.
interface show ip .
interface show ipx interface show ipx Purpose Display configuration of an IPX interface. Format interface show ipx | all Mode Enable Description The interface show ipx command displays configuration information for an IPX interface. Note: You can display exactly the same information from within the ip facility using the ipx show interfaces command. Parameters | all Name of the IPX interface; for example, int9.
interface show ipx To display configuration information for all IPX interfaces: ssr# interface show ipx all SSR Command Line Interface Reference Manual 263
interface show ipx 264 SSR Command Line Interface Reference Manual
Chapter 20 ip Commands The ip commands let you display route table entries and various IP related tables. Command Summary Table 14 lists the ip commands. The sections following the table describe the command syntax. Table 14.
Command Summary Table 14.
ip add route ip add route Purpose Configure a static route. Format ip add route |default gateway [host] [interface ] [preference ] [retain] [reject] [no-install] [blackhole] [gatelist ] Mode Configure Description The ip add route command creates a static route entry in the route table. The static route can be a default route, a route to a network, or a route to a specific host.
ip add route retain If specified, this option prevents this static route from being removed from the forwarding table when the routing service (GateD) is gracefully shutdown. Normally gated removes all routes except interface routes during a graceful shutdown. The retain option can be used to insure that some routing is available even when GateD is not running. reject If specified, install this route as a reject route.
ip add route To configure a reject route entry for packets destined for the subnet 10.14.3.0/24: ssr(config)# ip add route 10.14.3.0/24 gateway 10.1.16.
ip disable ip disable Purpose Disables IP options on the SSR. Format ip disable dns-lookup|fast-icmp|forwarding| [icmp-redirect interface |all]|[proxy-arp interface |all]| source-routing Mode Configure Description The ip disable command allows you to disable features that are enabled by default on the SSR. Parameters dns-lookup Disables DNS name lookup for all commands.
ip disable icmp-redirect interface |all Disables ICMP redirection on the specified IP interface. If you specify the all keyword, ICMP redirection is disabled for all network interfaces. proxy-arp interface |all Disables the proxy ARP feature on the specified IP interface. By default, the SSR acts as a proxy for ARP requests with destination addresses of hosts to which the SSR can route traffic. Unless you actually require the use of proxy ARP, it is advisable to disable it on the SSR.
ip dos disable ip dos disable Purpose Disables denial of service (DOS) features on the SSR. Format ip dos disable directed-broadcast-protection|port-attack-protection Mode Configure Description By default, the SSR installs flows in the hardware so that packets sent as directed broadcasts are dropped in hardware if directed broadcast is not enabled on the interface where the packet is received. You can disable this behavior with the ip dos disable directed-broadcast-protection command.
ip dos disable Restrictions None Examples To cause directed broadcast packets to be processed on the SSR, even if directed broadcast is not enabled on the interface receiving the packet: ssr(config)# ip dos disable directed-broadcast-protection To allow packets destined for the SSR, but do not have a service defined for them on the SSR, to be processed by the SSR’s CPU: ssr(config)# ip dos disable port-attack-protection SSR Command Line Interface Reference Manual 273
ip enable directed-broadcast ip enable directed-broadcast Purpose Configure the router to forward directed broadcast packets received on an interface. Format ip enable directed-broadcast interface |all Mode Configure Description Directed broadcast packets are network or subnet broadcast packets which are sent to a router to be forwarded as broadcast packets. They can be misused to create Denial Of Service attacks.
ip enable directed-broadcast To enable directed broadcast forwarding for all network interfaces: ssr(config)# ip enable directed-broadcast interface all SSR Command Line Interface Reference Manual 275
ip helper-address ip helper-address Purpose Configure the router to forward specific UDP broadcast packets across interfaces. Format ip helper-address interface |all-interfaces [] Mode Configure Description The ip helper-address command allows the user to forward specific UDP broadcast from one interface to another. Typically, broadcast packets from one interface are not forwarded (routed) to another interface.
ip helper-address Parameters Name of the IP interface where UDP broadcast is to be forwarded to the helper address. |all-interfaces Address of the host where UDP broadcast packets should be forwarded. If all-interfaces is specified, UDP broadcast packets are forwarded to all interfaces except the interface on which the broadcast packet was received. Destination UDP port number of the broadcast packets to forward.
ip l3-hash ip l3-hash Purpose Changes the hashing algorithm used for the L3 lookup table. Format ip l3-hash channel |all variant Mode Configure Description The SSR’s L3 Lookup table is organized as a hash table. The hash function reduces the destination and source MAC addresses to 16-bit quantities each. The hashing algorithm generates a uniform distribution within the MAC address space.
ip l3-hash Restrictions None.
ip set data-receive-size | control-receive-size ip set data-receive-size | control-receive-size Purpose Sets the size of the stack data and control receive queues. Format ip set data-receive-size|control-receive-size Mode Configure Description The ip set data-receive-size|control-receive-size command allows you to tune the size of the data and control pipes that reside between the IP stack and internal drivers on the Control Module.
ip set data-receive-size | control-receive-size Example To set the size of the stack data receive queue to 1024 bytes: ssr(config)# ip set data-receive-size 1024 SSR Command Line Interface Reference Manual 281
ip set port forwarding-mode ip set port forwarding-mode Purpose Causes the SSR, when processing an IP packet, to extract only certain fields from a layer-4 flow, rather than the entire flow. Format ip set port forwarding-mode Mode Configure Description The SSR’s flow identifying logic normally extracts the complete application (layer-4) flow from an IP packet.
ip set port forwarding-mode For both unicast and multicast packets, the destination IP address, source IP address, TOS and the L4 protocol are the only fields extracted from the IP packet. These along with the port of entry are set in the flow block. The remaining flow block fields are set to zero. The flow lookup then proceeds as normal.
ip show connections ip show connections Purpose Show all TCP/UDP connections and services. Format ip show connections [no-lookup] Mode Enable Description The ip show connections command displays all existing TCP and UDP connections to the SSR as well as TCP/UDP services available on the SSR. Parameters no-lookup By default, when displaying an IP address, this command attempts to do a reverse DNS lookup to look for the hostname associated with the IP address and display the hostname instead.
ip show connections Example The following example displays all established connections and services of the SSR. ssr# ip show connections Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 *:gated-gii *:* tcp 0 0 *:http *:* tcp 0 0 *:telnet *:* udp 0 0 127.0.0.1:1025 127.0.0.
ip show helper-address ip show helper-address Purpose Display the configuration of IP helper addresses. Format ip show helper-address [] Mode Enable Description The ip show helper-address command displays the configuration of IP helper addresses configured on the system. One can specify the optional parameter, interface-name, to show only the IP helper addresses configured for that interface.
ip show helper-address Example The following example shows that interface int4 has one helper address configured while interface int3 has one helper address configured for the port mapper service (port 111). ssr# ip show helper-address Interface IP address -----------------int6 10.1.17.1 int5 10.1.16.1 int4 10.1.15.1 int1 10.1.12.1 int0 10.1.11.1 int3 10.1.14.1 SSR Command Line Interface Reference Manual Helper Address -------------none none 10.4.1.45 none none 10.5.78.
ip show interfaces ip show interfaces Purpose Display the configuration of IP interfaces. Format ip show interfaces [] Mode Enable Description The ip show interfaces command displays the configuration of an IP interface. If you issue the command without specifying an interface name then the configuration of all IP interfaces is displayed. This command displays the same information as the interface show ip command. Parameters Name of the IP interface; for example, ssr4.
ip show routes ip show routes Purpose Display the IP routing table. Format ip show routes [no-lookup] [show-arps] [show-multicast] [verbose] Mode Enable Description The ip show routes command displays the IP routing table. Different command options can be used to show different aspects of the routing table.
ip show routes Example The following example displays the contents of the routing table. It shows that some of the route entries are for locally connected interfaces (“directly connected”), while some of the other routes are learned from RIP. ssr# ip show routes Destination ----------10.1.0.0/16 10.2.0.0/16 10.3.0.0/16 10.4.0.0/16 14.3.2.1 21.0.0.0/8 30.1.0.0/16 50.1.0.0/16 61.1.0.0/16 62.1.0.0/16 68.1.0.0/16 69.1.0.0/16 127.0.0.0/8 127.0.0.1 210.11.99.0/24 290 Gateway ------50.1.1.2 50.1.1.2 50.1.1.
Chapter 21 ip-policy Commands The ip-policy commands let you set up policies that cause the SSR to forward packets to a specified IP address based on information in a packet’s L3/L4 IP header fields. Command Summary Table 15 lists the ip-policy commands. The sections following the table describe the command syntax. Table 15.
ip-policy apply ip-policy apply Purpose Applies an IP policy to an interface. Format ip-policy apply local|interface |all Mode Configure Description Once you have defined an IP policy, you use the ip-policy apply command to apply the IP policy to an interface. Once the IP policy is applied to the interface, packets start being forwarded using the policy. Parameters Is the name of a previously defined IP policy.
ip-policy apply Examples To apply IP policy p1 to interface int4: ssr(config)# ip-policy p1 apply interface int4 To apply IP policy p2 to all IP packets generated on the SSR: ssr(config)# ip-policy p2 apply local SSR Command Line Interface Reference Manual 293
ip-policy clear ip-policy clear Purpose Clears IP policy statistics. Format ip-policy clear all|policy-name |all Mode Enable Description The ip-policy clear command is used in conjunction with the ip-policy show command, which gathers statistics about IP policies. The ip-policy clear command lets you reset IP policy statistics to zero. Parameters Is the name of an active IP policy. all Causes statistics to be cleared for all IP policies. Restrictions None.
ip-policy clear To clear statistics for all IP policies: ssr(config)# ip-policy clear all SSR Command Line Interface Reference Manual 295
ip-policy deny ip-policy deny Purpose Specifies which packets cannot be subject to policy-based routing. Format ip-policy deny acl |everything-else [sequence ] Mode Configure Description The ip-policy deny command allows you to specifically prevent packets matching a profile from being forwarded with an IP policy. These packets are routed using dynamic routes instead.
ip-policy deny in which the statement is evaluated. Possible values are 1-65535. The ip-policy statement with the lowest sequence number is evaluated first. Restrictions ACLs for non -IP protocols cannot be used for IP policy routing. Examples To create a profile called “prof1” for telnet packets from 9.1.1.5 to 15.1.1.2: ssr(config)# acl prof1 permit ip 9.1.1.5 15.1.1.2 any any telnet 0 Note: See “acl permit|deny ip” on page 45 for more information on creating profiles for IP policy routing.
ip-policy permit ip-policy permit Purpose Specifies gateways and actions for IP policies Format ip-policy permit acl |everything-else [sequence ] [next-hop-list |null] [action policy-first|policy-last|policy-only] Mode Configure Description The ip-policy permit command allows you to specify the next-hop gateway where packets matching a given profile should be forwarded. You can specify up to four nexthop gateways for an IP policy.
ip-policy permit sequence If an IP policy is composed of more than one ip-policy statement, specifies the order in which the statement is evaluated. Possible values are 1-65536. The ip-policy statement with the lowest sequence number is evaluated first. next-hop-list |null Is the IP address of one or more next-hop gateways. Packets matching the profile specified in are forwarded to one of the gateways specified here. You can specify up to four gateways for each profile.
ip-policy permit To cause all packets that have not been specified using policy-based routing (using the ippolicy deny command) to be forwarded to 10.10.10.10: ssr(config)# ip-policy p5 permit acl everything-else next-hop-list 10.10.10.10 To cause packets matching prof1 to use dynamic routes if 10.10.10.10 is not available: ssr(config)# ip-policy p5 permit acl prof1 next-hop-list 10.10.10.10 action policy-first To cause packets matching prof1 to be dropped if 10.10.10.
ip-policy set ip-policy set Purpose Controls how packets are distributed among the next hop gateways in an IP policy and queries the availability of next-hop gateways. Format ip-policy set [pinger on] [load-policy first-available|round-robin| ip-hash sip|dip|both] Mode Configure Description If you specify more than one next-hop gateway in an IP policy, you can use the ip-policy set command to control how the load is distributed among the next-hop gateways.
ip-policy set Note: Some hosts may have disabled responding to ICMP_ECHO packets. Make sure each next-hop gateway can respond to ICMP_ECHO packets before using this option. load-policy first-available|round-robin If an IP policy has more than one next-hop gateway, specifies how the packets are distributed among the gateways. Two options are available: first-available Uses the first available next-hop gateway in the ip-policy permit statement for all flows. This is the default.
ip-policy show ip-policy show Purpose Displays information about active IP policies. Format ip-policy show [all] [policy-name |all] [interface |all] Mode Enable Description The ip-policy show command displays information about active IP policies, including profile definitions, policy configuration settings, and next-hop gateways.
ip-policy show Example To display information about IP policy p1: ssr# ip-policy show policy-name p1 -------------------------------------------------------------------------------IP Policy name : p1 1 2 Applied Interfaces : int1 3 Load Policy : first available 4 5 ACL --prof1 prof2 everything 6 Source IP/Mask -------------9.1.1.5/32 2.2.2.2/32 anywhere 7 Dest. IP/Mask ------------15.1.1.
ip-policy show 11. The sequence in which the statement is evaluated. IP policy statements are listed in the order they are evaluated (lowest sequence number to highest). 12. The rule to apply to the packets matching the profile: either permit or deny 13. The name of the profile (ACL) of the packets to be forwarded using an IP policy. 14. The number of packets that have matched the profile since the IP policy was applied (or since the ip-policy clear command was last used) 15.
ip-policy show 306 SSR Command Line Interface Reference Manual
Chapter 22 ip-router Commands The ip-router commands let you configure and monitor features and functions that work across the various routing protocols. Command Summary Table 16 lists the ip-router commands. The sections following the table describe the command syntax. Table 16.
Command Summary Table 16.
ip-router authentication add key-chain ip-router authentication add key-chain Purpose Add a key to an existing key-chain. Format ip-router authentication add key-chain Mode Configure Parameters Specifies the options you are adding. Specify one of the following: key Adds a new key to an existing key-chain. The key can be up to 16 characters long. type primary|secondary Specifies whether the key is a primary key or a secondary key within the key chain.
ip-router authentication create key-chain ip-router authentication create key-chain Purpose Create a key-chain and associate an identifier with it. Format ip-router authentication create key-chain Mode Configure. Parameters Specifies the options you are adding. Specify one of the following: key Specifies a key to be included in this key chain. The key can be up to 16 characters long.
ip-router find route ip-router find route Purpose Find the active route in the RIB which the packet will use. Format ip-router find route Mode Configure. Parameters Specifies the destination of the packet. Restrictions None.
ip-router global add ip-router global add Purpose Add an interface or martian. Martians are invalid addresses that are rejected by the routing software. Format ip-router global add interface ip-router global add martian |default [host] [allow] Mode Configure Parameters interface Makes an interface known to the IP router. martian |default [host] [allow] Adds a martian.
ip-router global set ip-router global set Purpose Set various global parameters required by various protocols. Format ip-router global set Mode Configure Parameters Specify one of the following: autonomous-system loops The autonomous system number. sets the as number for the router. It is only required if the router is going to run BGP. Specify a number from 1 – 65534. controls the number of times the as may appear in the as-path. Default is 1.
ip-router global set preference Sets the preference for routes to this interface when it is up and functioning. Specify a number from 0 – 255. Default value is 0. down-preference Sets the preference for routes to this interface when it is down. Specify a number from 0 – 255. Default value is 255. passive Prevents changing of route preference to this interface if it is down.
ip-router global set trace-options ip-router global set trace-options Purpose Set various trace options. Format ip-router global set trace-options Mode Configure Parameters Specifies the trace options you are setting. Specify one or more of the following: startup Trace startup events. parse Trace lexical analyzer and parser of gate-d config files. ydebug Trace lexical analyzer and parser in detail. adv Trace allocation and freeing of policy blocks.
ip-router global set trace-options Restrictions None.
ip-router global set trace-state ip-router global set trace-state Purpose Enable or disable tracing. Format ip-router global set trace-state on|off Mode Configure Parameters on|off Specifies whether you are enabling or disabling tracing. Specify on to enable tracing or specify off to disable tracing. The default is off. Restrictions None.
ip-router global use provided_config ip-router global use provided_config Purpose Causes the SSR to use the configuration file stored in the Control Module’s NVRAM. Format ip-router global use provided_config Mode Configure Parameters None. Note: This command requires that you first copy the GateD configuration into the Control Module’s NVRAM. To do this, enter the following command in Enable mode: ssr# copy tftp-server to gated.conf TFTP server [10.50.89.88]? 10.50.89.88 Source filename [tmp/gated.
ip-router kernel trace ip-router kernel trace Purpose Provides trace capabilities between the Routing Information Base and the Forwarding Information Base. Format ip-router kernel trace detail|send|receive Mode Configure Parameters Specifies the kernel trace options. Specify one or more of the following: packets Packets exchanged with the kernel. routes Routes exchanged with the kernel. redirect Redirect messages received from the kernel.
ip-router policy add filter ip-router policy add filter Purpose Adds a route filter. Routes are specified by a set of filters that will match a certain set of routes by destination, or by destination and mask. Format ip-router policy add filter network [exact|refines|between ][host-net] Mode Configure Parameters filter Specifies the identifier of the route filter. network Specifies networks that are to be filtered.
ip-router policy add filter host-net This option qualifies that the specified network is a host. To match, the address must exactly match the specified and the network mask must be a host mask (i.e. all ones). This is equivalent to a network specification of host/255.255.255.255 along with the exact option. Restrictions None.
ip-router policy add optional-attributes-list ip-router policy add optional-attributes-list Purpose Expands a previously created optional-attributes-list. Format ip-router policy add optional-attributes-list Mode Configure Parameters Specifies the options. Specify one or more of the following: optional-attributes-list Specifies the identifier for the optional attributes list you are expanding.
ip-router policy add optional-attributes-list external BGP peers (this includes peers in other members autonomous systems inside a BGP confederation). reserved-community Specifies one of the reserved communities which is not well-known. A reserved community is one which is in one of the following ranges (0x0000000 0x0000FFFF) or (0xFFFF0000 - 0xFFFFFFFF). Restrictions None.
ip-router policy aggr-gen destination ip-router policy aggr-gen destination Purpose Creates an aggregate or generate route. Format ip-router policy aggr-gen destination [source [filter |[network [exact|refines|between ] [preference |restrict]]]] Mode Configure Parameters destination Is the identifier of the aggregate-destination that specifies the aggregate/summarized route.
ip-router policy aggr-gen destination refines This option specifies that the mask of the routes to be aggregated must be more specific (i.e. longer) than the supplied mask. This is used to match subnets. between Specifies that the mask of the destination must be as or more specific (i.e., as long as longer) than the lower limit (the first number parameter) and no more specific (i.e. as long as or shorter) than the upper limit (the second parameter).
ip-router policy create aggregate-export-source ip-router policy create aggregate-export-source Purpose Creates a source for exporting aggregate routes into other protocols. Format ip-router policy create aggregate-export-source [metric |restrict] Mode Configure Parameters Specifies the identifier of the aggregate export source. metric Specifies the metric to be associated with the exported routes.
ip-router policy create aggr-gen-dest ip-router policy create aggr-gen-dest Purpose Creates an aggregate-generation destination. An aggregate-generation destination is one of the building blocks needed to create an aggregate/generate route. Format ip-router policy create aggr-gen-dest network |default [type aggregate|generation] [preference ][brief] Mode Configure Parameters Specifies the identifier of an aggregate-generation destination.
ip-router policy create aggr-gen-dest Restrictions None.
ip-router policy create aggr-gen-source ip-router policy create aggr-gen-source Purpose Creates a source for the routes contributing to a aggregate/generate route. Format ip-router policy create aggr-gen-source protocol all|static|direct|aggregate|rip|ospf|bgp [autonomous-system ][aspath-regular-expression ][tag ][preference |restrict] Mode Configure Parameters Specifies the identifier of an aggregate-generation source.
ip-router policy create aggr-gen-source aspath-regular-expression Restricts selection of routes to those specified by the aspath. tag Restricts selection of routes to those identified by a tag. preference Specifies the preference to assign to the contributing routes. restrict Indicates that these routes cannot contribute to the aggregate. Restrictions None.
ip-router policy create aspath-export-source ip-router policy create aspath-export-source Purpose Create an export source where routes to be exported are identified by the autonomous system path associated with them. This command applies only if you are using BGP. Format ip-router policy create aspath-export-source Mode Configure Parameters Specifies a name or number for the Autonomous System path export source.
ip-router policy create aspath-export-source origin Specifies whether the origin of the routes to be exported was an interior gateway protocol or an exterior gateway protocol. Specify one of the following: – any – igp – egp – incomplete metric Specifies metric associated with the exported routes. restrict Specifies that nothing is exported from the specified source. Note: You can specify metric or restrict even if you specified protocol, aspath-regular-expression, or origin.
ip-router policy create bgp-export-destination ip-router policy create bgp-export-destination Purpose Create an export destination for BGP routes. Format ip-router policy create bgp-export-destination Mode Configure Parameters Creates a BGP export destination and associates an identifier (tag) with it. Specifies the BGP export destination options you are setting.
ip-router policy create bgp-export-destination Restrictions None.
ip-router policy create bgp-export-source ip-router policy create bgp-export-source Purpose Create a source for exporting bgp routes into other protocols. Format ip-router policy create bgp-export-source Mode Configure Parameters Creates a BGP export source and associates an identifier (tag) with it. Specifies the BGP export source options you are setting.
ip-router policy create bgp-import-source ip-router policy create bgp-import-source Purpose Create a source for importing BGP routes. Format ip-router policy create bgp-import-source Mode Configure Parameters Creates a BGP import source and associates an identifier (tag) with it. Specifies the BGP import source options you are setting.
ip-router policy create bgp-import-source specification of import policy based on the path attributes found in the BGP update. If multiple communities are specified in the aspath-opt option, only updates carrying all of the specified communities will be matched. If none is specified, only updates lacking the community attribute will be matched. preference Specifies the preference to be associated with the BGP imported routes. restrict Specifies that nothing is exported from the specified source.
ip-router policy create direct-export-source ip-router policy create direct-export-source Purpose Creates an export source for interface routes. Format ip-router policy create direct-export-source [interface ][metric |restrict] Mode Configure Parameters Creates a source for exporting interface (direct) routes and associates an identifier with it.
ip-router policy create filter ip-router policy create filter Purpose Creates a route filter. Routes are filtered by specifying a set of filters that will match a certain set of routes by destination, or by destination and mask. Format ip-router policy create filter network [exact|refines|between ][host-net] Mode Configure Parameters filter Specifies the identifier of the route filter.
ip-router policy create filter host-net This option qualifies that the specified network is a host. To match, the address must exactly match the specified and the network mask must be a host mask (i.e. all ones). This is equivalent to a network specification of host/255.255.255.255 along with the exact option. Restrictions None.
ip-router policy create optional-attributes-list ip-router policy create optional-attributes-list Purpose Creates an optional-attributes-list for BGP. Format ip-router policy create optional-attributes-list Mode Configure Parameters Specifies the options you are setting. Specify the following: Specifies the identifier for the attributes list. community-id Specifies a community identifier portion of a community split.
ip-router policy create optional-attributes-list external BGP peers (this includes peers in other members autonomous systems inside a BGP confederation). reserved-community Specifies one of the reserved communities which is not well-known. A reserved community is one which is in one of the following ranges (0x0000000 0x0000FFFF) or (0xFFFF0000 - 0xFFFFFFFF). Restrictions None.
ip-router policy create ospf-export-destination ip-router policy create ospf-export-destination Purpose Create a destination for exporting routes into OSPF. Format ip-router policy create ospf-export-destination [tag ][type 1|2][metric |restrict] Mode Configure Parameters Creates an OSPF export destination and associates an identifier with it. tag Tag to be associated with exported OSPF routes.
ip-router policy create ospf-export-source ip-router policy create ospf-export-source Purpose Create a source for exporting OSPF routes into other protocols. Format ip-router policy create ospf-export-source [type ospf|ospf-ase][metric |restrict] Mode Configure Parameters Creates an OSPF export source and associates an identifier with it. type ospf Exported routes are OSPF routes. type ospf-ase Exported routes are OSPF ASE routes.
ip-router policy create ospf-import-source ip-router policy create ospf-import-source Purpose Create a source for importing OSPF routes. Format ip-router policy create ospf-import-source [tag ][preference |restrict] Mode Configure Parameters Creates an OSPF import source and associates an identifier with it. tag Tag to be associated with the imported routes. preference Preference associated with the imported OSPF routes.
ip-router policy create rip-export-destination ip-router policy create rip-export-destination Purpose Create a destination for exporting routes into RIP. Format ip-router policy create rip-export-destination [interface |gateway ] [metric |restrict] Mode Configure Parameters Specifies an identifier for the RIP export destination: interface |all Specifies router interfaces over which to export routes.
ip-router policy create rip-export-source ip-router policy create rip-export-source Purpose Create a source for exporting RIP routes into other protocols Format ip-router policy create rip-export-source [interface |gateway ][metric |restrict] Mode Configure Parameters Specifies an identifier for the RIP export source: interface Indicates that only routes learned over specified interfaces are exported.
ip-router policy create rip-import-source ip-router policy create rip-import-source Purpose Create a source for importing RIP routes. Format ip-router policy create rip-import-source [interface |gateway ][preference |restrict] Mode Configure Parameters Specifies an identifier for the RIP import source: interface Indicates that only routes learned over specified interfaces are imported.
ip-router policy create static-export-source ip-router policy create static-export-source Purpose Creates a source for exporting static routes into other protocols. Format ip-router policy create static-export-source [interface ][metric |restrict] Mode Configure Parameters Creates a source for exporting static routes and associates an identifier with it.
ip-router policy create tag-export-source ip-router policy create tag-export-source Purpose Create an export source where routes to be exported are identified by the tag associated with them. Format ip-router policy create tag-export-source protocol all|static|direct|aggregate|rip|ospf|bgp [tag ][metric |restrict] Mode Configure Parameters Specifies the identifier of an tag-export source.
ip-router policy create tag-export-source restrict Indicates that the matching routes are not exported. Restrictions None.
ip-router policy export destination ip-router policy export destination Purpose Creates an export policy from the various building blocks. Format ip-router policy export destination [source [filter |[network [exact|refines|between ] [metric |restrict]]]] Mode Configure Parameters Is the identifier of the export-destination which determines where the routes are to be exported.
ip-router policy export destination exact This option specifies that the mask of the routes to be exported must match the supplied mask exactly. This is used to match a network, but not subnets or hosts of that network refines This option specifies that the mask of the routes to be exported must be more specific (i.e. longer) than the supplied mask. This is used to match subnets. between Specifies that the mask of the destination must be as or more specific (i.e.
ip-router policy import source ip-router policy import source Purpose Creates an import policy. Format ip-router policy import source [filter |[network [exact|refines|between ] [preference |restrict]]] Mode Configure Parameters Is the identifier of the import-source that determines the source of the imported routes. If no routes from a particular source are to be imported, then no additional parameters are required.
ip-router policy import source refines This option specifies that the mask of the routes to be imported must be more specific (i.e. longer) than the supplied mask. This is used to match subnets. between Specifies that the mask of the destination must be as or more specific (i.e., as long as longer) than the lower limit (the first number parameter) and no more specific (i.e. as long as or shorter) than the upper limit (the second parameter).
ip-router policy redistribute ip-router policy redistribute Purpose Creates a simple route redistribution policy Format ip-router policy redistribute from-proto to-proto [network [exact|refines|between ]] [metric |restrict] [sourceas ] [target-as ] [tag] [ase-type] Mode Configure Parameters from-proto Specifies the protocol of the source routes.
ip-router policy redistribute refines This option specifies that the mask of the routes to be redistributed must be more specific (i.e. longer) than the supplied mask. This is used to match subnets. between Specifies that the mask of the destination must be as or more specific (i.e., as long as longer) than the lower limit (the first number parameter) and no more specific (i.e. as long as or shorter) than the upper limit (the second parameter).
ip-router show configuration file ip-router show configuration file Purpose Display the active or startup configuration file in GateD format. Format ip-router show configuration-file active|permanent Mode Enable Parameters active Shows the active GateD configuration file in RAM; this is the default. permanent Shows the permanent GateD configuration file in NVRAM, if available. Restrictions None.
ip-router show rib ip-router show rib Purpose Display routing information base. Format ip-router show rib [detail] Mode Enable Description The ip-router show rib command shows the route-manager's routing information base (RIB). For any given network, the routing daemon could have multiple routes. The active route to any network is shown with a plus (+) sign next to it. The last active route is shown with a minus (-) next to it.
ip-router show rib Examples: A sample output of the ip-router show rib command is shown below: ssr# ip-router show rib Routing Tables: Generate Default: no Destinations: 63776 Routes: 63776 Holddown: 0 Delete: 53811 Hidden: 1 Codes: Network - Destination Network Address S - Status + = Best Route, - = Last Active, * = Both Src - Source of the route : Ag - Aggregate, B - BGP derived, C - Connected R - RIP derived, St - Static, O - OSPF derived OE - OSPF ASE derived, D - Default Next hop - Gateway for the rou
ip-router show route ip-router show route Purpose Displays the state of GateD. Format ip-router show route [ip-addr-mask|default] [detail] Mode Enable Description This command shows a specific route in the route-manager's routing information base (RIB). For any given network, the routing daemon could have multiple routes. The active route to any network is shown with a plus (+) sign next to it. The last active route is shown with a minus (-) next to it.
ip-router show route Restrictions None. Examples A sample output of the ip-router show route detail command is shown below. ssr# ip-router show route 10.12.1.0/255.255.255.252 detail 10.12.1 mask 255.255.255.252 entries 2 announce 1 TSI: RIP 150.1.255.255mc <> metric 1 RIP 222.1.1.255mc <> metric 1 BGP_Sync_64805 dest 10.12.1/2 metric 0 BGP group type Routing AS 64805 no metrics Instability Histories: *Direct Preference: 0 *NextHop: 10.12.1.2 Interface: 10.12.1.
ip-router show state ip-router show state Purpose Displays the state of GateD. Format ip-router show state [all] [memory] [timers] [to-file] [to-terminal] [task |all|gii |icmp|inet|interface|krt |route] Mode Enable Parameters all Shows all ouput. memory Shows memory allocations. timers Shows various GateD timers. to-file Saves the routing-process state in the gated.dmp file. to-terminal Displays the routing-process state on the console. task Shows task-specific information.
ip-router show state route Shows information for the route task. Restrictions None.
Chapter 23 ip-redundancy Commands The ip-redundancy commands let you display and configure the Virtual Router Redundancy Protocol (VRRP) on the SSR. VRRP is defined in RFC 2338. Command Summary Table 17 lists the ip-redundancy commands. The sections following the table describe the command syntax. Table 17.
ip-redundancy associate ip-redundancy associate Purpose Associates an IP address with a virtual router. Format ip-redundancy associate vrrp interface address Mode Configure Description The ip-redundancy associate command adds an IP address to the list of IP addresses associated with a virtual router. Parameters Is the identifier of a virtual router. Specify a number between 1-255 Is the name of the interface where the virtual router resides.
ip-redundancy clear vrrp-stats ip-redundancy clear vrrp-stats Purpose Clears statistics gathered for VRRP. Format ip-redundancy clear vrrp-stats interface [id ] Mode Enable Description The ip-redundancy clear vrrp-stats command is used in conjunction with the ipredundancy show vrrp command, which displays information about the virtual routers associated with an interface.
ip-redundancy clear vrrp-stats Example To clear statistics for virtual router 1 on interface int1: ssr# ip-redundancy clear vrrp-stats interface int1 id 1 368 SSR Command Line Interface Reference Manual
ip-redundancy create ip-redundancy create Purpose Creates a virtual router. Format ip-redundancy create vrrp interface Mode Configure Description The ip-redundancy create command creates a virtual router on a specified interface. Parameters Is the identifier of the virtual router to create. Specify a number between 1-255. Is the interface on which to create the virtual router. Restrictions None.
ip-redundancy set ip-redundancy set Purpose Sets parameters for a virtual router.
ip-redundancy set auth-type enabled Preempt mode is enabled. A backup router can preempt a lower-priority Master router. disabled Pre-empt mode is disabled. A backup router cannot pre-empt a lower-priority Master router. Specifies the type of authentication used for VRRP exchanges between routers. Use one of the following keywords: none VRRP exchanges are not authenticated (the default). text auth-key VRRP exchanges are authenticated with a clear-text password.
ip-redundancy show ip-redundancy show Purpose Shows information about virtual routers. Format ip-redundancy show vrrp interface [id ] [verbose] Mode Enable Description The ip-redundancy show vrrp command displays configuration information about virtual routers on an interface. You can display information for one virtual router or for all the virtual routers on an interface.
ip-redundancy show Examples To display information about all virtual routers on interface int1: ssr# ip-redundancy show vrrp interface int1 VRRP Virtual Router 100 - Interface int1 -----------------------------------------Uptime 0 days, 0 hours, 0 minutes, State Backup Priority 100 (default value) Virtual MAC address 00005E:000164 Advertise Interval 1 sec(s) (default value) Preempt Mode Enabled (default value) Authentication None (default value) Primary Address 10.8.0.2 Associated Addresses 10.8.0.1 100.0.
ip-redundancy show To display VRRP statistics for virtual router 100 on interface int1: ssr# ip-redundancy show vrrp 1 interface int1 verbose VRRP Virtual Router 100 - Interface int1 -----------------------------------------Uptime 0 days, 0 hours, 0 minutes, State Backup Priority 100 (default value) Virtual MAC address 00005E:000164 Advertise Interval 1 sec(s) (default value) Preempt Mode Enabled (default value) Authentication None (default value) Primary Address 10.8.0.2 Associated Addresses 10.8.0.1 100.
ip-redundancy start vrrp ip-redundancy start vrrp Purpose Starts a virtual router. Format ip-redundancy start vrrp interface Mode Configure Description The ip-redundancy start vrrp command starts a virtual router on the specified interface. Parameters Is the identifier of a virtual router. Specify a number between 1-255. Is the name of the interface where the virtual router resides. Restrictions None.
ip-redundancy trace ip-redundancy trace Purpose Traces VRRP events. Format ip-redundancy trace vrrp events|state-transitions|packet-errors ip-redundancy trace vrrp all enabled|disabled Mode Configure Description The ip-redundancy trace vrrp command displays messages when certain VRRP events take place on the SSR. Use this command to display messages when a virtual router changes from one state to another (i.e., from Backup to Master), a VRRP packet error is detected, or when any VRRP event occurs.
Chapter 24 ipx Commands The ipx commands let you add entries to the IPX SAP table for SAP servers and display the IPX forwarding database, RIP table, and SAP table. Command Summary Table 18 lists the ipx commands. The sections following the table describe the command syntax. Table 18.
Command Summary Table 18.
ipx add route ipx add route Purpose Add an IPX RIP route entry to the routing table. Format ipx add route Mode Configure Description The ipx add route command adds a route into the IPX RIP routing table. Parameters Destination network address. Next router’s Network.Node address. The number of hops to this route. You can specify a number from 0 – 14. Ticks associated with this route.
ipx add route Example To add an IPX route to IPX network A1B2C3F5 via router A1B2C3D4.00:E0:63:11:11:11 with a metric of 1 and a tick of 100: ssr(config)# ipx add route A1B2C3F5 A1B2C3D4.
ipx add sap ipx add sap Purpose Add an IPX SAP entry to the routing table. Format ipx add sap Mode Configure Description The ipx add sap command adds an entry for an IPX server to the IPX SAP table. Parameters The type of service. Specify the service type using its hexadecimal value. Name of the IPX server. You can use any characters in the name except the following: " * .
ipx add sap Restrictions SAP entries that you add using the ipx add sap command override dynamically learned entries, regardless of hop count. Moreover, if a dynamic route entry that is associated with the static SAP entry ages out or deleted, the SSR does not advertise the corresponding static SAP entries for the service until it relearns the route.
ipx find rip ipx find rip Purpose Find an IPX address in the routing table. Format ipx find rip
Mode Enable Description The ipx find rip command searches for an IPX address in the routing table. Parameter The IPX network address of this interface. Specify the IPX address using its hexadecimal value. Restrictions None.ipx find sap ipx find sap Purpose Find a SAP entry in the routing table. Format ipx find sap |all |all |all Mode Enable Description The ipx find sap command searches for a SAP entry in the routing table. Parameters |all The types of service. Specify the service type using its hexadecimal value. Specify all for all types of service. |all Name of the IPX service. You can use any characters in the name except the following: “* .
ipx find sap Restrictions None.
ipx set rip buffers ipx set rip buffers Purpose Sets the RIP socket buffer size in bytes. Format ipx set rip buffers Mode Configure Description The ipx set rip buffers comand sets the RIP socket buffer size. Parameter Specify the socket buffer size in bytes. Restrictions None.
ipx set ripreq buffers ipx set ripreq buffers Purpose Sets the buffers for rip request packets. Format ipx set ripreq buffers Mode Configure Description The ipx set ripreq buffers command sets the buffers for rip request packets. Parameters Size of the buffer in bytes. Restrictions None.
ipx set sap buffers ipx set sap buffers Purpose Sets the the SAP socket buffer size in bytes. Format ipx set sap buffers Mode Configure Description The ipx set sap buffers comand sets the SAP socket buffer size. Parameter Specify the buffer size in bytes. Restrictions None.
ipx set sapgns buffers ipx set sapgns buffers Purpose Sets buffers for sap get nearest server packets. Format ipx set sapgns buffers Mode Configure Description The ipx set sapgns buffers comand sets buffers for sap get nearest server packets. Parameter Specify the buffer size in bytes. Restrictions None.
ipx set type20 propagation ipx set type20 propagation Purpose Controls the propagation of type 20 packets. Format ipx set type20 propagation Mode Configure Description The ipx set type20 propagation command controls the propagation of type 20 packets. Parameter None. Restrictions None.
ipx show buffers ipx show buffers Purpose Display the RIP and SAP socket buffer sizes. Format ipx show buffers Mode Enable Description The ipx show buffers command displays the RIP and SAP socket buffer sizes. Parameters Restrictions None.
ipx show interfaces ipx show interfaces Purpose Display the configuration of IPX interfaces. Format ipx show interfaces Mode Enable Description The ipx show interfaces command displays the configuration of an IPX interface. If you issue the command without specifying an interface name then the configuration of all IPX interfaces is displayed. Parameters Name of the IPX interface; for example, ssr14.
ipx show interfaces Example To display the configuration of all IPX interfaces: ssr# ipx show interfaces ssr12: flags=9863 VLAN: _VLAN-1 Ports: et.1.7 IPX: A1B2C3D4.00:E0:63:11:11:11 ssr14: flags=9863 VLAN: _VLAN-2 Ports: et.1.2 IPX: ABCD1234.
ipx show rib ipx show rib Purpose Show IPX RIP table output sorted by destination. Format ipx show rib Mode User Description The ipx show rib command displays IPX RIP table output sorted by destination. Parameters destination Restrictions None.
ipx show servers ipx show servers Purpose Show IPX server information. Format ipx show servers hop|net|name|type Mode User Description The ipx show servers command displays IPX server information sorted by any or all of the optional arguments. Sorting is done based on the order of optional arguments given. Parameters hop Shows the output sorted by hop count. net Shows the ouput sorted by network number. name Shows the ouput sorted by service name. type Shows the ouput sorted by type.
ipx show summary ipx show summary Purpose Show summary of the IPX RIP/SAP table. Format ipx show summary Mode User Description The ipx show tables command displays a summary of the IPX RIP/SAP table. Parameters None Restrictions None.
Chapter 25 l2-tables Commands The l2-tables commands let you display various L2 tables related to MAC addresses. Command Summary Table 19 lists the l2-tables commands. The sections following the table describe the command syntax. Table 19.
l2-tables show all-flows l2-tables show all-flows Purpose Show all L2 flows (for ports in flow-bridging mode). Format l2-tables show all-flows [vlan [source-mac ]] [undecoded] Mode User or Enable Description The l2-tables show all-flows command shows all the L2 flows learned by the SSR. The SSR learns flows on ports that are operating in flow-bridging mode. Parameters vlan The VLAN number associated with the flows. The VLAN number can be from 1 – 4095.
l2-tables show all-macs l2-tables show all-macs Purpose Show all MAC addresses currently in the L2 tables. Format l2-tables show all-macs [verbose [undecoded]] [vlan ] [source] [destination] [multicast] Mode User or Enable Description The l2-tables show all-macs command shows how many MAC addresses the SSR has in its L2 tables. You can format the displayed information based on VLAN, source MAC address, destination MAC address or multicast.
l2-tables show all-macs Restrictions None.
l2-tables show bridge-management l2-tables show bridge-management Purpose Show information about all MAC addresses registered by the system. Format l2-tables show bridge-management Mode User or Enable Description The l2-tables show bridge-management command shows MAC addresses that have been inserted into the L2 tables for management purposes. Generally, these entries are configured so that a port forwards a frame to the Control Module if the management MAC matches the frame’s destination MAC.
l2-tables show igmp-mcast-registrations l2-tables show igmp-mcast-registrations Purpose Show information about multicast MAC addresses registered by IGMP. Format l2-tables show igmp-mcast-registrations [vlan ] Mode User or Enable Description The l2-tables show igmp-mcast-registrations command shows the multicast MAC addresses that IGMP has registered with the L2 tables. The SSR forwards the multicast MAC addresses only to the ports that IGMP specifies.
l2-tables show mac l2-tables show mac Purpose Show information about a particular MAC address. Format l2-tables show mac vlan Mode User or Enable Description The l2-tables show mac command shows the port number on which the specified MAC address resides. Parameters Is a MAC address. You can specify the address in either of the following formats: xx:xx:xx:xx:xx:xx xxxxxx:xxxxxx vlan Displays the MAC address for this VLAN. Restrictions None.
l2-tables show mac-table-stats l2-tables show mac-table-stats Purpose Show statistics for the MAC addresses in the MAC address tables. Format l2-tables show mac-table-stats Mode User or Enable Description The l2-tables show mac-table-stats command shows statistics for the master MAC address table in the Control Module and the MAC address tables on the individual ports. Parameters None. Restrictions None.
l2-tables show port-macs l2-tables show port-macs Purpose Show information about MACs residing in a port's L2 table. Format l2-tables show port-macs |all-ports [[vlan ] [source] [destination] [multicast] [undecoded] [no-stats] verbose] Mode User or Enable Description The l2-tables show port-macs command shows the information about the learned MAC addresses in individual L2 MAC address tables. Each port has its own MAC address table.
l2-tables show port-macs undecoded Displays the MAC addresses in hexadecimal format rather than undecoded format. Undecoded format dos not show the vendor name in place of the first three hexadecimal digits (example: Cabletron:33:44:55). The default is undecoded (example: 00:11:22:33:44:55). no-stats Lists the MAC addresses without displaying any statistics. verbose Shows detailed statistics for each MAC address entry. Restrictions None.
l2-tables show vlan-igmp-status l2-tables show vlan-igmp-status Purpose Show whether IGMP is on or off on a VLAN. Format l2-tables show vlan-igmp-status vlan Mode Enable Description The l2-tables show vlan-igmp-status command shows the multicast MAC addresses that IGMP has registered with the L2 tables. This command also shows the ports to which the multicast MAC addresses are forwarded.
l2-tables show vlan-igmp-status 408 SSR Command Line Interface Reference Manual
Chapter 26 lfap Commands The lfap commands let you configure the LFAP client on the SSR and manage the Layer-3 IP accounting information that is delivered by TCP to an external server. Command Summary Table 20 lists the lfap commands. The sections following the table describe the command syntax. Table 20.
lfap set batch-interval lfap set batch-interval Purpose Defines the number of seconds between subsequent transmissions of flow creation and deletion information to a FAS. Format lfap set batch-interval Mode Configure Description The lfap set batch-interval command defines the number of seconds between flow creation and deletion transmissions to a FAS.
lfap set batch-size lfap set batch-size Purpose Defines the number of flow creation and deletion records included in batch transmissions to a FAS. Format lfap set batch-size Mode Configure Description The lfap set batch-size command defines the number of flow creation and deletion records included in information transmissions to a FAS. Parameter The number of records (from 1 to 2,000, inclusive) contained in a transmission of flow creation and deletion information to a FAS.
lfap set lost-contact-interval lfap set lost-contact-interval Purpose Defines the period of time (in seconds) before the LFAP client realizes it has lost contact with a FAS. Format lfap set lost-contact-interval Mode Configure Description The lfap set lost-contact-interval command allows you to define the amount of time (in seconds) the LFAP client will wait before realizing it has lost contact with a FAS and declare the connection lost.
lfap set poll-interval lfap set poll-interval Purpose Sets the interval (in minutes) between transmissions of accounting information to the FAS server. Format lfap set poll-interval Mode Configure Description The lfap set poll-interval command allows you to set the time period (in minutes) between subsequent transmissions of accounting data to the FAS server.
lfap set send-queue-max-size lfap set send-queue-max-size Purpose Sets the maximum number of LFAP messages that the send queue can hold before messages are dropped. Format lfap set send-queue-max-size Mode Configure Description The lfap set send-queue-max-size command allows you to set the maximum number of LFAP messages that the send queue can hold before messages are dropped.
lfap set server lfap set server Purpose Sets one or more FAS IP addresses for the LFAP client to contact. Format lfap set server [“] [] [][“] Mode Configure Description The lfap set server command allows you to set up to three FAS IP servers for the LFAP client to contact. Parameters Sets the IP address of the FAS servers to contact. You may specify a maximum of three IP servers in the command line, separating each IP address with a space.
lfap set server Examples To set one IP server to contact: ssr (config)# lfap set server 5.5.5.5 To set three IP servers to contact: ssr (config)# lfap set server “5.5.5.5 6.6.6.6 7.7.7.
lfap set server-retry-interval lfap set server-retry-interval Purpose Sets the interval (in seconds) between the LFAP client’s attempts to restore contact with a lost FAS. Format lfap set server-retry-interval Mode Configure Description The lfap set server-retry-interval command allows you to customize the amount of time (in seconds) the LFAP client should wait before attempting to restore contact with a lost FAS.
lfap show all lfap show all Purpose Displays all of the pertinent LFAP client data, including status, servers, configuration, and statistics. Format lfap show all Mode Enable Description The lfap show all command allows you to analyze the current status of the LFAP client and any servers to which it is currently connected.
lfap show all – connection successes and failures, including the following: – messages sent/received – lost information – flows Parameters None Restrictions None SSR Command Line Interface Reference Manual 419
lfap show configuration lfap show configuration Purpose Displays the current LFAP client configuration information. Format lfap show configuration Mode Enable Description The lfap show configuration command allows you to view the current configuration of the LFAP client.
lfap show servers lfap show servers Purpose Displays a list of server IP addresses to which the LFAP client is connected, or will try to contact. Format lfap show servers Mode Enable Description The lfap show servers command allows you to view the list of IP servers to which the LFAP client is currently connected, or will attempt to contact. In the output of the command execution, you will find a list of, at most, three IP addresses of associated FASs. Parameters None Restrictions None.
lfap show statistics lfap show statistics Purpose Displays all of the LFAP client statistics on a per-server basis. Format lfap show statistics Mode Enable Description The lfap show statistics command allows you to view the current statistics of the LFAP client.
lfap show status lfap show status Purpose Displays the present status of the LFAP client. Format lfap show status Mode Enable Description The lfap show status command allows you to view the current status of the LFAP client.
lfap start lfap start Purpose Starts the LFAP client. Format lfap start Mode Configure Description The lfap start command issues a command to the LFAP client to attempt to connect to a FAS server in the list. Parameters None Restrictions At least one IP server must be configured before this command can execute successfully.
Chapter 27 load-balance Commands The load-balance commands allow you to distribute session load across a pool of servers. These commands provide a way to load balance network traffic to multiple servers. Command Summary Table 21 lists the load-balance commands. The sections following the table describe the command syntax. Table 21.
Command Summary Table 21.
load-balance add host-to-group load-balance add host-to-group Purpose Adds a server to a previously-created group of load balancing servers. Format load-balance add host-to-group group-name port [weight ] Mode Configure Description The load-balance add host-to-group command lets you add a server to a server group that was previously-created with the load-balance create group-name command.
load-balance add host-to-group Restrictions None. Examples To add a server 10.10.13.2 to the server group ‘service2’: ssr(config)# load-balance add host-to-group 10.10.13.2 group-name service2 port 80 To add servers 10.10.13.3, 10.10.13.4, and 10.10.13.5 to the server group ‘service2’: ssr(config)# load-balance add host-to-group 10.10.13.3-10.10.13.
load-balance add host-to-vip-range load-balance add host-to-vip-range Purpose Adds a range of servers to a range of virtual IP addresses that were created with the loadbalance create vip-range-name command.
load-balance add host-to-vip-range This parameter is only valid if you specify the weighted round robin policy for this group of load balancing servers. (The load-balance set policy-for-group command specifies the policy for distributing workload to the servers.) The weight determines how many sessions are assigned to this server during its turn in the weighted round robin selection. Specify a number between 1 and 65535. The default value is 1. Restrictions None.
load-balance allow access-to-servers load-balance allow access-to-servers Purpose Allows specified hosts to access the load balancing servers without address translation. Format load-balance allow access-to-servers client-ip group-name Mode Configure Description Load balancing causes both source and destination addresses to be translated on the SSR.
load-balance allow access-to-servers Examples To allow the host 10.23.4.8 to directly access the server group ‘service2’: ssr(config)# load-balance allow access-to-servers client-ip 10.23.4.
load-balance create group-name load-balance create group-name Purpose Creates a server group for load balancing. Format load-balance create group-name virtual-ip virtual-port protocol tcp|udp [persistence-level tcp|ssl] Mode Configure Description The load-balance create group-name command lets you create a load balancing server group and specify a unique “virtual” IP address and port number that is used by a client to access any server in the group.
load-balance create group-name Note: You cannot specify port number 20, as it is the FTP data port. If you create a group on the FTP control port for FTP, an implicit group will be created on port number 20. protocol tcp|udp The protocol used by this group of load balancing servers. persistence-level tcp|ssl The level of persistence to use for the bindings, either tcp (TCP) or ssl (secure socket layer). tcp is the default if the persistence-level parameter is not specified. Restrictions None.
load-balance create vip-range-name load-balance create vip-range-name Purpose Creates a group of servers for load balancing. Format load-balance create vip-range-name vip-range virtual-port protocol tcp|udp [persistence-level] Mode Configure Description The load-balance create vip-range-name command lets you specify a range of “virtual” IP addresses and a port number that is used by a client to access a server in the virtual IP address range.
load-balance create vip-range-name vip-range The range of virtual IP addresses to be created. virtual-port The port number to be used for this virtual IP range. Specify a number between 1 and 65535. Note: You cannot specify port number 20, as it is the FTP data port. protocol tcp|udp The protocol used by this virtual IP range. persistence-level tcp|ssl The level of persistence to use for the bindings, either tcp (TCP) or ssl (secure socket layer).
load-balance set ftp-control-port load-balance set ftp-control-port Purpose Specifies the port for FTP control. Format load-balance set ftp-control-port Mode Configure Description File Transfer Protocol (FTP) packets require special handling with load balancing, because IP address information is contained within the FTP packet data. You can use the loadbalance set ftp-control-port command to specify the port number that is used for FTP control. The default is port 21.
load-balance set hash-variant load-balance set hash-variant Purpose Sets the hash variant for calculating the load-balancing mappings index. Format load-balance set hash-variant Mode Configure Description The load-balance set hash-variant command sets the hash variant that is used to calculate the load-balancing mappings index. You will only need to set this variant if the loadbalance show hash-stats command output shows extremely uneven distribution of hash table entries.
load-balance set mappings-age-timer load-balance set mappings-age-timer Purpose Specifies the timeout for sessions between hosts and load-balancing servers. Format load-balance set mappings-age-timer Mode Configure Description A mapping between a host (source) and a load-balancing server (destination) times out after a period of non-use. The load-balance set mappings-age-timer command allows you to set the timeout for the mappings. The default is 3 minutes.
load-balance set policy-for-group load-balance set policy-for-group Purpose Specifies the policy for distributing workload on load-balancing servers. Format load-balance set policy-for-group policy Mode Configure Description The load-balance set policy-for-group command allows you to specify how the SSR selects the server that will service a new session.
load-balance set policy-for-group least-loaded The server with the fewest number of sessions bound to it is selected to service the new session. Restrictions None.
load-balance set server-status load-balance set server-status Purpose Sets the status of a load balancing server. Format load-balance set server-status server-ip server-port group-name status up|down Mode Enable Description The load-balance set server-status command allows you to set the status of a load balancing server. When the status of a server is set to “down,” no new sessions are directed to that server. Current sessions on the server are not affected.
load-balance set server-status Restrictions None. Example To set the status for the server 10.10.1.2 to ‘down’: ssr# load-balance set server-status server-ip 10.10.1.
load-balance show hash-stats load-balance show hash-stats Purpose Displays load balancing hashing statistics. Format load-balance show hash-stats Mode Enable Description The load-balance show hash-stats command allows you to display load balancing hash statistics. Parameters None. Restrictions None.
load-balance show hash-stats ssr# load-balance show hash-stats Total Mappings: 4502 Top 10 Hash Depths: +---------+----------------+------------------------+ | Index | Hash Depth | Hash Depth Occurence | +---------+----------------+------------------------+ |1 |0 |11882 | |2 |1 |4226 | |3 |2 |138 | +---------+----------------+------------------------+ Top 10 Hash Depth Occurences: +---------+------------------------+----------------+ | Index | Hash Depth Occurence | Hash Depth | +---------+----------------
load-balance show source-mappings load-balance show source-mappings Purpose Displays load balancing source-destination bindings. Format load-balance show source-mappings client-ip virtual-ip virtual-port destination-host-ip Mode Enable Description The load-balance show source-mappings command allows you to display load balancing source-destination bindings. Parameters client-ip IP address of client whose mappings are to be shown.
load-balance show source-mappings Example To display source-destination bindings: ssr# load-balance show source-mappings Current Mappings: FC: Flow Count AC: Age Count SPort: Source Port VPort: Virtual Port DPort: Destination Port +----------------+-----+----------------+-----+----------------+-----+----+----+ | Source Address |Sport| Virtual IP |VPort| Dst. Address |DPort| FC | AC | +----------------+-----+----------------+-----+----------------+-----+----+----+ |70.1.0.71 |1024 |50.1.1.18 |80 |52.1.1.
load-balance show statistics load-balance show statistics Purpose Displays load balancing statistics. Format load-balance show statistics group-name virtual-ip virtual-port Mode Enable Description The load-balance show statistics command allows you to display load balancing statistics. Parameters group-name Name of the group whose statistics are to be shown. virtual-ip Virtual IP address whose statistics are to be shown.
load-balance show statistics ssr# load-balance show statistics Load Balancing Packets Dropped: No Such Virtual-IP Packet drop count: 73 TTL expired Packet drop count: 0 Load Balance Group Statistics: Group Name: telnet Virtual-IP: 50.1.1.
load-balance show virtual-hosts load-balance show virtual-hosts Purpose Displays hosts in a load balancing group. Format load-balance show virtual-hosts group-name virtual-ip virtualport Mode Enable Description The load-balance show virtual-hosts command allows you to display the hosts in a load balancing group. Parameters group-name The load balancing group that is to be shown. virtual-ip IP address of the group that is to be shown.
load-balance show virtual-hosts Example To display load balance groups: ssr# load-balance show virtual-hosts Load Balanced Groups: Flow Mode Count: 0 OS: Operational state of server AS: Admin state of server +----------------+----------------+------+-------------+----------+------------+ | Group Name | Virtual IP | Port | Hosts Added | Hosts Up | Next Index | +----------------+----------------+------+-------------+----------+------------+ |telnet |50.1.1.
load-balance show virtual-hosts 452 SSR Command Line Interface Reference Manual
Chapter 28 logout Command The logout command ends the CLI session. Format logout Mode All modes Description The logout command ends your CLI session. If you have uncommitted changes in the scratchpad, a message warns you that the changes are not saved and gives you an opportunity to cancel the logout and save the changes. Parameters None. Restrictions None.
SSR Command Line Interface Reference Manual
Chapter 29 multicast Commands The multicast dvmrp commands let you display information about IP multicast interfaces. Command Summary Table 22 lists the multicast commands. The sections following the table describe the command syntax. Table 22.
multicast show interface multicast show interface Purpose Display information about IP multicast interfaces. Format multicast show interface [|] Mode Enable Description The multicast show interface command displays interfaces that are running IGMP or DVMRP. Note: This command is a superset of the dvmrp show interface and igmp show interface commands. Parameters | IP address or hostname of the interface. Restrictions None.
multicast show interface The following example shows a larger listing. ssr# multicast show interface Address: 172.1.1.10 Subnet: 172.1.1/24 Met: 1 Thr: 1 Name : mls15 State: Up Querier Leaf Igmp Dvmrp Address: 207.135.89.64 Subnet: 207.135.89.0/25 Met: 1 Thr: 1 Name : company State: Up Querier Leaf Igmp Dvmrp Groups : 224.0.1.12 224.1.127.255 224.0.1.24 224.2.127.253 224.2.127.254 Address: 10.135.89.10 Subnet: 10.135.89.0/25 Met: 1 Thr: 1 Name : test State: Up Querier Igmp Dvmrp Peer : 10.135.89.
multicast show mroutes multicast show mroutes Purpose Display the IP multicast routing table. Format multicast show mroutes [child ] [group ] [parent ] Mode Enable Description The multicast show mroutes command displays the IP multicast routing table entry for the specified multicast group address.
multicast show mroutes Restrictions None. Examples To display the IP multicast route entry for the group 225.0.0.10: ssr# multicast show mroutes group 225.0.0.10 Here is a fuller example of the output from this command. ssr# multicast show mroutes Network: 130.207.8/24 Group: 224.2.1.1 Age: 99s Parent : mbone Child: test downstream Source : 130.207.8.82 Pkts: 383 Flows: 1 Network: 131.120.63/24 Group: 224.2.1.1 Age: 63s Parent : mbone Pruned Child: test Pruned downstream Pruned Source : 131.120.63.
multicast show mroutes 460 SSR Command Line Interface Reference Manual
Chapter 30 mtrace Command Purpose Trace multicast path between a source and a receiver Format mtrace [destination ] [group ] [max-hops ] Mode User Description The mtrace command tracks the multicast path from a source to a receiver. A trace probe is sent in a reverse path from the receiver back to the source. As the probe passes from hop to hop, it collects information such as interface address and packet counts from each router.
group Multicast destination group address. max-hops Maximum number of hops to trace (default: 0, range: 0-32) Restrictions None. Examples To display the multicast path from IP address 2.2.2.2 to the SSR: ssr# mtrace 2.2.2.2 To display the multicast path from 1.1.1.1 to x.y.z.w for the group 239.1.1.1: ssr# mtrace 1.1.1.1 destination x.y.z.w group 239.1.1.
Chapter 31 nat Commands The nat commands allow you to define Network Address Translation (NAT) bindings for local (inside) and global (outside) network addresses. Command Summary Table 23 lists the nat commands. The sections following the table describe the command syntax. Table 23.
nat create dynamic nat create dynamic Purpose Defines local and global IP address pools for dynamic address binding. Format nat create dynamic local-acl-pool global-pool [matches-interface ] [enable-ip-overload] Mode Configure Description The nat create dynamic command lets you specify the local-acl pool and global IP address pool that are to be used for dynamic address binding.
nat create dynamic A list of IP addresses, separated by spaces and enclosed in quotation marks Note: Do not specify more than 64K global addresses. matches-interface Specifies the interface to use for multiple global pools. enable-ip-overload Enables Port Address Translation (PAT) if no global addresses are available from the pool. This allows many local addresses to be bound to a single global address using port numbers 1024 through 4999 (port numbers are not configurable).
nat create dynamic Port numbers 1024 through 4999 can be used for global addresses 136.1.1.1 and 136.1.1.2, so you can have a maximum of about 4000 bindings per global address.
nat create static nat create static Purpose Defines one-to-one binding between a local address and global address. Format nat create static protocol ip|tcp|udp local-ip global-ip [local-port |any] [global-port |any] Mode Configure Description The nat create static command lets you define fixed address translation from the local network to the global network.
nat create static The local TCP or UDP port number. Specify a number between 1-65535, or any for no port translation. This parameter is only valid if you specified tcp or udp. Note: The number of IP addresses in the local range should be equal to the number of IP addresses in the global range. global-port |any The global TCP or UDP port number. Specify a number between 1-65535, or any for no port translation. This parameter is only valid if you specified tcp or udp.
nat flush-dynamic-binding nat flush-dynamic-binding Purpose Deletes dynamic NAT bindings. Format nat flush-dynamic-binding all| pool-specified [local-acl-pool ] [global-pool ] Mode Enable Description The nat flush-dynamic-binding command deletes dynamic address bindings. You can delete the dynamic address bindings for specific address pools or delete all dynamic bindings. Parameters all Deletes all NAT dynamic bindings.
nat flush-dynamic-binding Restrictions None. Examples To delete dynamic address bindings for the local address pool that corresponds to the ACL ‘lcl’ and the global address pool that corresponds to 136.1.1.1-136.1.1.254: ssr# nat flush-dynamic-binding pool-specified local-acl-pool lcl global-pool 136.1.1.
nat set dynamic-binding-timeout nat set dynamic-binding-timeout Purpose Sets the timeout for dynamic NAT binding. Format nat set dynamic-binding-timeout |disable Mode Configure Description Dynamic address bindings time out after a period of non-use. The nat set dynamicbinding-timeout command lets you set the timeout for dynamic address bindings. The default is 1440 minutes (24 hours). Parameters The number of minutes before an dynamic address binding times out.
nat set dynamic-binding-timeout To disable timeout of dynamic address bindings: ssr(config)# nat set dynamic-binding-timeout disable 472 SSR Command Line Interface Reference Manual
nat set ftp-control-port nat set ftp-control-port Purpose Specifies the port for FTP control. Format nat set ftp-control-port Mode Configure Description File Transfer Protocol (FTP) packets require special handling with NAT, because IP address information is contained within the FTP packet data. You can use the nat set ftpcontrol-port command to specify the port number that is used for FTP control. The default port for FTP control is port 21.
nat set ftp-session-timeout nat set ftp-session-timeout Purpose Specifies the timeout for the FTP session. Format nat set ftp-session-timeout Mode Configure Description The nat set ftp-session-timeout command sets the timeout for the FTP session. The default FTP session timeout is 30 minutes. Parameters The timeout for the FTP session. Specify a value between 3-2880. Restrictions None.
nat set interface nat set interface Purpose Defines an interface as inside or outside for NAT address translation. Format nat set interface inside|outside Mode Configure Description The nat set interface command allows you to define an interface as inside or outside. When NAT is enabled using the nat create static or nat create dynamic command, address translation is applied only to packets that arrive on these interfaces.
nat set interface Examples To create the interface ‘10-net’ and define it as an inside interface for NAT: ssr(config)# interface create ip 10-net address-netmask 10.1.1.1/24 port et.2.1 ssr(config)# nat set interface 10-net inside To create the interface ‘192-net’ and define it as an outside interface for NAT: ssr(config)# interface create ip 192-net address-netmask 192.50.20.1/24 port et.2.
nat show nat show Purpose Displays NAT information. Format nat show [translations ] [timeouts] [statistics] Mode Enable Description The nat show command allows you to display NAT address translations, timeouts, and statistics. Parameters translations Displays NAT translations. Specify one of the following keywords: all Shows all translations. type static|dynamic|overloaded-dynamic Shows static, dynamic, or IP overloaded dynamic translations.
nat show Restrictions None. Examples To display active NAT translations: ssr# nat show translations all Proto ----TCP TCP TCP TCP TCP IP IP Local/Inside --------------------15.15.15.15:1896 15.15.15.15:1897 15.15.15.15:1894 15.15.15.15:1895 15.15.15.15:1892 10.10.10.10:* 4.4.4.4:* Global/Outside IP --------------------100.1.1.1:1026 100.1.1.1:1028 100.1.1.1:1024 100.1.1.1:1025 100.1.1.1:1027 200.1.1.1:* 202.1.1.1:* Type --------------Dyn. ovr. Dyn. ovr. (ftp) Dyn. ovr. Dyn. ovr. Dyn. ovr.
nat show To display NAT statistics: ssr# nat show statistics NAT is currently: active Interface Information --------------------No. of Interfaces: 2 Interface: 20net, configured as nat: outside Interface: 15net, configured as nat: inside STATIC Binding Information -------------------------No. of Static Bindings: 1 DYNAMIC Binding Information --------------------------No. of Dynamic Bindings: None Local Acl pool Max. globals Globals used Max.
nat show 480 SSR Command Line Interface Reference Manual
Chapter 32 negate Command The negate command negates a command in the scratchpad or the active configuration. Format negate [scratchpad|active-config] Mode Configure Description The negate command allows you to negate one or more commands by specifying the command number of the commands you want to negate. The command number for each command can be found using the Configure mode show command.
Restrictions The specified command number must represent a command that exists.
Chapter 33 no Command The no command removes a configuration command from the active configuration of the running system. Format no Mode Configure Description The no command allows you to negate a previously executed command. Following the keyword no, one can specify the command to negate in its entirety or use the wildcard character (*) to negate a group of commands.
Restrictions The command to negate must already be in the active configuration. You cannot negate a command that hasn’t been entered. Examples To negate the specified arp add command, enter the following. By negating this command, the system removes the ARP entry for nfs2 from the ARP table. ssr# no arp add nfs2 macaddr 080020:13a09f exit-port et.3.
Chapter 34 ntp Commands The ntp commands configure and display the characteristics of the NTP (Network Time Protocol) client. Command Summary Table 24 lists the ntp commands. The sections following the table describe the command syntax. Table 24.
ntp set server ntp set server Purpose Specifies the NTP server against which the SSR is to synchronize its clock. Format ntp set server [interval ] [source ] [version ] Mode Configure Description The ntp set server command instructs the SSR’s NTP client to periodically synchronize its clock. By default, the SSR specifies an NTPv3 client that sends a synchronization packet to the server every 60 minutes.
ntp set server Restrictions None. Examples To send NTP packets to the NTP server 10.13.1.1 with default parameters: ssr(config)# ntp set server 10.13.1.1 To synchronize with a NTP server every 15 minutes with a specific source IP address: ssr(config)# ntp set server 10.13.1.1 interval 15 source 10.15.3.
ntp show all ntp show all Purpose Display NTP information about the SSR. Format ntp show all Mode Enable Description The ntp show all command displays various NTP information about the SSR, for example, the last time a successful synchronization was made, synchronization interval, NTP version number, etc. Parameters None. Restrictions None.
ntp synchronize server ntp synchronize server Purpose Manually force the SSR to immediately synchronize with a NTP server. Format ntp synchronize server Mode Enable Description The ntp synchronize server command forces the SSR to immediately synchronize its clock with the NTP server. Unlike the Configuration mode ntp set server command, this Enable mode command does not send periodic synchronization packets to the server.
ntp synchronize server 490 SSR Command Line Interface Reference Manual
Chapter 35 ospf Commands The ospf commands let you display and set parameters for the Open Shortest Path First (OSPF) routing protocol. Command Summary Table 25 lists the ospf commands. The sections following the table describe the command syntax. Table 25.
Command Summary Table 25.
ospf add interface ospf add interface Purpose Associates an interface with an OSPF area. Format ospf add interface [to-area |backbone] [type broadcast|non-broadcast] Mode Configure Parameters An interface name or an IP address. to-area |backbone OSPF Area with which this interface is to be associated. type Specifies whether the interface is broadcast or non-broadcast.
ospf add nbma-neighbor ospf add nbma-neighbor Purpose Specifies an OSPF NBMA Neighbor. Format ospf add nbma-neighbor to-interface [eligible] Mode Configure Parameters to-interface Adds the neighbor to the specified OSPF interface. eligible Specifies whether an OSPF NBMA Neighbor is eligible for becoming a designated router. Restrictions None.
ospf add network | summary-range ospf add network | summary-range Note: Because the OSPF add network command is misinterpreted with commands having similar syntax from other vendors, this command will eventually be dropped from the SSR’s host of CLI commands. The new command is ospf add summary-range. At this time, however, both are acceptable CLI commands, hence both are dealt with in this section. Purpose Configures summary-ranges on Area Border Routers (ABRs).
ospf add network | summary-range host-net Specifies that the network is an OSPF Host Network. Restrictions None. Example In the following example, two summary ranges are created: ospf add summary-range 207.135.16.0/24 to-area 207.135.0.0 ospf add summary-range 207.135.17.0/24 to-area 207.135.0.0 restrict Intra-area Link State Advertisements (LSAs) that fall within the range 207.135.16.0/24 are not advertised into other areas as inter-area routes. Instead, the specified range 207.135.16.
ospf add stub-host ospf add stub-host Purpose Adds a stub-host to an OSPF area. Format ospf add stub-host [to-area |backbone] [cost ] Mode Configure Parameters to-area |backbone OSPF Area to which you are adding a stub host. cost The cost that should be advertised for this directly attached stub host. Specify a number from 0 – 65535. Restrictions None.
ospf add virtual-link ospf add virtual-link Purpose Creates an OSPF Virtual Link. Format ospf add virtual-link [neighbor ] [transit-area ] Mode Configure Parameters A number or character string identifying the virtual link. neighbor The IP address of an OSPF virtual link neighbor. transit-area The Area ID of the transit area. Restrictions None.
ospf create area ospf create area Purpose Create an OSPF area. Format ospf create area |backbone Mode Configure Parameters The Area ID. Normally, Area IDs are formatted like IP addresses: .... backbone Specifies that the Area you are adding is the backbone area. Restrictions None.
ospf create-monitor ospf create-monitor Purpose Create an OSPF monitor destination. Format ospf create-monitor destination Mode Enable Parameters destination Specifies the destination whose OSPF activity is to be monitored. Restrictions None.
ospf monitor ospf monitor Purpose Monitor OSPF.
ospf monitor provided, which describe the total number of routing neighbors and number of active OSPF interfaces. Routing table statistics are summarized and reported as the number of intra-area routes, inter-area routes, and AS external data base entries. errors Shows the various error conditions which can occur between OSPF routing neighbors and the number of occurrences for each. next-hop-list Shows information about all valid next hops mostly derived from the SPF calculation.
ospf monitor lsa Displays the link state advertisement. Area_Id is the OSPF area for which the query is directed. Adv_Rtr is the router -id of the router which originated this link state advertisement. Type specifies the type of advertisement to request: area-id Specifies the OSPF area. type router-links Requests router link advertisements that describe the collected states of the router interfaces. ls-id is set to the originating router’s router-id.
ospf monitor Examples The following are examples of ospf monitor commands. ssr# ospf monitor statistics IO stats Input Output Type 8 0 Monitor request 1322 1314 Hello 716 721 DB Description 39 728 Link-State Req 3037 3355 Link-State Update 1317 354 Link-State Ack ASE: 1903 checksum sum 3BB0F22 LSAs originated: 1915 Router: 5 ASE: 1910 received: 17 Area 0.0.0.
ospf monitor 0: DD: unknown LSA type 0: LS ACK: bad ack 0: LS ACK: Unknown LSA type 0: LS REQ: empty request 8: LS UPD: neighbor state low 0: LS UPD: LSA checksum bad LSA 0: LS UPD: unknown LSA type OSPF 0: Interface: Invalid type 0: Interface: Invalid state 1: No vlinks and src is non local 1: 1140: 0: 0: 0: 131: LS LS LS LS LS LS ACK: ACK: REQ: REQ: UPD: UPD: neighbor state low duplicate ack neighbor state low bad request newer self-gen LSA received less recent 2: Interface: Not configed for 0: Inte
ospf monitor Interface: 172.23.1.5 Area: 0.0.0.0 Router Id Nbr IP Addr State Mode Prio -----------------------------------------------------0.0.0.6 172.23.1.6 Full Slave 1 Interface: 10.12.1.2 Area: 0.0.0.0 Router Id Nbr IP Addr State Mode Prio -----------------------------------------------------172.23.1.14 10.12.1.1 Full Slave 1 Interface: 172.23.1.21 Area: 0.0.0.0 Router Id Nbr IP Addr State Mode Prio -----------------------------------------------------0.0.0.1 172.23.1.
ospf monitor 172.23.1.26 0.0.0.0 3 Stub 172.23.1.6 0.0.0.6 172.23.1.22 16 0.0.0.0 2 SNet 172.23.1.22 0.0.0.1 ASEs: Destination Cost E Tag NextHop AdvRouter --------------------------------------------------------------------------15.1 1 1 c0000000 172.23.1.22 0.0.0.1 Total nets: 9 Intra Area: 5 Inter Area: 4 ASE: 1 done ssr# ospf monitor lsdb LS Data Base: Area: 0.0.0.0 Type LinkState ID AdvRouter Age Len Sequence Metric Where ------------------------------------------------------------------Stub 172.23.
ospf monitor 130.47.29 130.46.234 130.45.39 130.44.244 130.43.49 130.42.254 130.41.59 130.41.8 130.39.69 130.39.18 130.37.79 130.37.28 130.35.89 130.35.38 130.33.99 130.33.48 130.31.109 130.31.58 130.29.119 130.29.68 130.27.129 130.27.78 130.25.139 130.25.88 130.23.149 130.23.98 130.21.159 508 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.4 0.0.0.
ospf set area ospf set area Purpose Sets the parameters for an OSPF area. Format ospf set area [stub] [stub-cost ] [authentication-method none|simple|md5] Mode Configure Parameters The Area ID. stub Makes this Area a stub area. stub-cost Specifies the cost to be used to inject a default route into the area. Specify a number from 0 – 65535. authentication-method none|simple|md5 Specifies the authentication method used within the area.
ospf set ase-defaults ospf set ase-defaults Purpose Sets the defaults used when importing OSPF ASE routes into the routing table and exporting routes from the routing table into OSPF ASEs. Format ospf set ase-defaults [preference ] [cost ] [type ] [inherit-metric] Mode Configure Parameters preference Specifies the preference of OSPF ASE routes. Specify a number between 0 and 255. cost Specifies the cost used when exporting non-OSPF route into OSPF as an ASE.
ospf set export-interval ospf set export-interval Purpose Specifies the interval at which ASE LSAs will be generated and flooded into OSPF. The default is once per second. Format ospf set export-interval Mode Configure Parameters The interval in seconds. Specify a number equal to or greater than 1. The default is 1 (once per second). Restrictions None.
ospf set export-limit ospf set export-limit Purpose Specifies how many ASEs will be generated and flooded in each batch. Format ospf set export-limit Mode Configure Parameters The export limit. Specify a number equal to or greater than 1. The default is 100. Restrictions None.
ospf set interface ospf set interface Purpose Sets parameters for an OSPF interface. Format ospf set interface |all [state disable|enable] [cost ] [no-multicast] [retransmit-interval ] [transit-delay ] [priority ] [hello-interval ] [router-dead-interval ] [poll-interval ] [key-chain ] Mode Configure Parameters |all The OSPF interface for which you are setting OSPF parameters.
ospf set interface transit-delay The estimated number of seconds required to transmit a link state update over this interface. Transit delay takes into account transmission and propagation delays and must be greater than 0. Specify a number equal to or greater than 1. The default is 1. priority A number between 0 and 255 specifying the priority for becoming the designated router on this interface.
ospf set monitor-auth-method ospf set monitor-auth-method Purpose You can query the OSPF state using the OSPF-Monitor utility. This utility sends nonstandard OSPF packets that generate a text response from OSPF. By default these requests are not authenticated. If you specify an authentication key, the incoming requests must match the specified authentication key.
ospf set trace-options ospf set trace-options Purpose Sets various OSPF trace options. Format ospf set trace-options lsa-build|spf|lsa-transmit|lsa-receive ospf set trace-options hello|dd|request|lsu|ack [detail] [send] [receive] Mode Configure Parameters 516 lsa-build Traces Link State Advertisement Creation. spf Traces Shortest Path First (SPF) calculations. lsa-transmit Traces Link State Advertisement (LSA) transmission. lsa-receive Traces Link State Advertisement (LSA) reception.
ospf set trace-options send Shows OSPF packets sent by the router. receive Shows OSPF packets received by the router. Restrictions None.
ospf set virtual-link ospf set virtual-link Purpose Sets the parameters for an OSPF virtual link. Format ospf set virtual-link [state disable|enable] [cost ] [no-multicast] [retransmit-interval ] [transit-delay ] [priority ] [hello-interval ] [router-dead-interval ] [poll-interval ] Mode Configure Parameters The identifier for this virtual link. state disable|enable Enables or disables the virtual link.
ospf set virtual-link priority A number between 0 and 255 specifying the priority for becoming the designated router on this virtual link. When two routers attached to a network both attempt to become the designated router, the one with the higher priority wins. A router whose router priority is set to 0 is ineligible to become designated router. Specify a number from 0 – 255. hello-interval The length of time, in seconds, between hello packets that the router sends on this virtual link.
ospf show ospf show Purpose Show OSPF information. Format ospf show Mode Enable Parameters Specifies the OSPF information you want to display. Specify one or more of the following: all Displays all OSPF tables. globals Displays OSPF globals. timers Displays OSPF timers. areas Displays OSPF areas. interfaces Displays OSPF interfaces. next-hop-list Displays valid next hop entries. import-policies Displays OSPF import policies.
ospf show Note: The areas, virtual-links, summary-asb, AS-external-LDSB, and exported-routes options can be used with the following display options: to file Saves output in the file /gatedtrc/gated.dmp. to terminal Displays output on the console. This is the default.
ospf start|stop ospf start|stop Purpose Start or stop the OSPF protocol. OSPF is disabled by default on the SSR. Format ospf start|stop Mode Configure Parameters start Starts OSPF. stop Stops OSPF. Restrictions None.
Chapter 36 ping Command The ping command tests connection between the SSR and an IP host. Format ping packets size wait [flood] [dontroute] Mode User or Enable Description The ping command test connection between the SSR and an IP host. The ping command sends ICMP echo packets to the host you specify. • If the packets reach the host, the host sends a ping response to the SSR and the CLI displays messages stating that the host can be reached.
size The packet size. For Ethernet, specify a number from 0 – 1364. wait The number of seconds the SSR will wait for a positive response from the host before assuming that the host has not responded. The default is 1. flood Causes the SSR to send a new ping request as soon as a ping reply is received. If you do not specify the flood option, the SSR waits to send a new request. The amount of time the SSR waits is specified by the wait option.
Chapter 37 port Commands The port commands set and display the following parameters: • Port state (enabled or disabled) • Bridging status (flow-based or address-based) • Port operating mode (half duplex or full duplex) • Port speed for the 10/100 ports (10-Mbps or 100-Mbps) • Port mirroring (used for analyzing network traffic) • Port shut down if broadcast threshold is reached Command Summary Table 26 lists the port commands. The sections following the table describe the command syntax.
Command Summary Table 26.
port bmon port bmon Purpose Monitor broadcast traffic on a port. Format port bmon rate duration shutdown Mode Configure Description The port bmon command allows you to monitor the broadcast traffic on one or more ports and shut down a port if its broadcast traffic reaches and sustains a certain rate limit for a specified length of time. You can specify the duration of the port shut down.
port bmon Restrictions None. Examples To monitor broadcast traffic on port et.1.3 and shut it down for 5 minutes if the rate of 10,000 packets per second is sustained for 1 second: ssr(config)# port bmon et.1.3 To monitor broadcast traffic on port et.1.3 and shut it down for 3 minutes if the rate of 25,000 packets per second is sustained for 5 seconds: ssr(config)# port bmon et.1.
port disable port disable Purpose Disable a port. Format port disable Mode Configure Description The port disable command disables the specified ports. Disabled ports do not send or receive any traffic. You might want to disable unused ports to prevent network users from inadvertently or unscrupulously connecting to unoccupied but enabled ports on the SSR. Parameters port Specifies the ports you are disabling. Restrictions None. Examples To disable port et.1.
port flow-bridging port flow-bridging Purpose Set ports to use flow-based bridging. Format port flow-bridging |all-ports Mode Configure Description The port flow-bridging command changes the specified ports from using address-based bridging to using flow-based bridging. A port can use only one type of bridging at a time. Each port has an L2 lookup table where MAC address or flows are stored.
port flow-bridging • MAC addresses B->A • MAC addresses B->C • MAC addresses A->C • MAC addresses C->A • MAC addresses C->B • MAC addresses A->broadcast • MAC addresses B->broadcast • MAC addresses C->broadcast Parameters | all-ports Specifies the ports you are changing to flow-based bridging. The keyword all-ports changes all the ports on the SSR to flow-based bridging. Restrictions None. Examples To configure Ethernet port et.3.
port mirroring port mirroring Purpose Mirror traffic to a port for external analysis. Format port mirroring to cpu-port-traffic | traffic-from [|any] traffic-to [|any] Mode Configure Description The port mirroring command mirrors the type of traffic you specify to a port. By attaching a protocol analyzer to the port, you can observe and analyze the mirrored traffic. Parameters Specifies the port to which you want to send the mirrored traffic.
port mirroring Restrictions Note the following restrictions: • Unless you are mirroring the traffic form the Control Module, you must specify either an input port or an output slot. • You cannot specify the any keyword with both the traffic-from and traffic-to options at the same time. • None of the ports on the slot containing the protocol analyzer port can send or receive traffic while port mirroring is taking place.
port set port set Purpose Set port operating mode and port speed. Format port set [|all-ports] [duplex full|half] [speed 10Mbps|100Mbps|] [auto-negotiation on|off] [hash-mode m0|m1|m2|m3] [wan-encapsulation frame-relay|ppp] [ifg ] [input-encapsulation forced-ethernet_ii] [link-timer ] [clock ] Mode Configure Description Depending on the media type of a port, the port set command lets you set various parameters of each port.
port set For WAN ports, you can set the following: • Wan-encapsulation (either frame-relay or ppp) and clock source (HSSI ports only) • Speed (in Megabits per second) Note: “Duplex”, “autonegotiation”, and “hash mode” are not applicable parameters for WAN interfaces. Parameters |all-ports Specifies the ports. The all-ports keyword applies the settings you select to all the SSR ports. duplex full|half Sets the operating mode to half duplex or full duplex.
port set . The is a value between 0 and 20. This option is valid for Gigabit ports only. clock Sets the clock source. This parameter is applicable only when the wanencapsulation parameter is specified for a HSSI port that will be connected backto-back with a HSSI port on another router. The is one of the following values: external-clock External transmit clock (DCE provided) internal-clock-51mh Internal transmit clock at 51.
port set To set an internal clock source (25.92 Mhz) for a HSSI ppp WAN port located on port 1 of slot 3: ssr(config)# port set hs.3.1 wan-encapsulation ppp speed 45000000 clock internal-clock-25mh To set the speed for a serial frame relay WAN port located at port 4 of slot 2, VC 100: ssr(config)# port set se.2.4.100 wan-encapsulation frame-relay speed 1500000 To increase the interframe gap for port et.1.1 by 400 nanoseconds (10 * 40ns): ssr(config)# port set ifg et.1.
port show bmon port show bmon Purpose Display broadcast monitoring information for SSR ports. Format port show bmon [config][detail][port ][stats] Mode Enable Description The port show bmon command lets you display broadcast monitoring information for SSR ports. Parameters If no parameters are specified, the current states of all ports are displayed. config Displays configuration information for broadcast monitoring. detail Displays all information for broadcast monitoring.
port show bmon Example To display the state of ports with broadcast monitoring: ssr# port show bmon Port: et.1.1 State: On Port: et.6.8 State: ShutDn Expire: 39 (sec) Port: et.7.8 State: On The above example shows three ports, with the port et.6.8 shut down for 39 seconds. To display broadcast monitoring configuration values set for the ports: ssr# port show bmon config Port: et.1.1 Rate (Kpps): 10 Burst (sec): 1 Shutdown (sec):300 Port: et.6.8 Rate (Kpps): 10 Burst (sec): 5 Shutdown (sec):60 Port: et.7.
port show bmon To show broadcast monitoring details for the ports: ssr# port show bmon detail Port: et.1.1 Rate (Kpps): 10 Burst (sec): 1 Shutdown (sec):300 State: On Current Broadcast Rate (Kpps): 0.000 Port: et.6.8 Rate (Kpps): 10 Burst (sec): 5 Shutdown (sec):60 State: ShutDn Expire: 39 (sec) Burst at port shutdown (Kpps): 10.032 ShutDn Count: 2 Port: et.7.8 Rate (Kpps): 2 Burst (sec): 2 Shutdown (sec):60 State: On Current Broadcast Rate (Kpps): 0.
port show bridging-status port show bridging-status Purpose Display the bridging status of SSR ports. Format port show bridging-status |all-ports Mode Enable Description The port show bridging-status command lets you display bridging-status information for SSR ports. Parameters |all-ports Specifies the ports for which you want to display information. The all-ports keyword displays the selected information for all the SSR ports. Restrictions None.
port show bridging-status Example To display the bridging status for all available ports: ssr# port show bridging-status all-ports Port Mgmt Status phy-state link-state -------------- -----------------et.4.1 No Action Disabled Link Down et.4.2 No Action Disabled Link Down et.4.3 No Action Forwarding Link Up et.4.4 No Action Disabled Link Down et.4.5 No Action Disabled Link Down et.4.6 No Action Forwarding Link Up et.4.7 No Action Disabled Link Down et.4.
port show port-status port show port-status Purpose Display various information about specified ports. Format port show port-status |all-ports|all-smarttrunks Mode Enable Description The port show port-status command lets you display port-status information for SSR ports or SmartTRUNKs. Parameters |all-ports|all-smarttrunks Specifies the LAN/WAN ports or SmartTRUNKs for which you want to display status information.
port show port-status ssr# port show port-status et.1.* Flags: M - Mirroring enabled Port ---et.1.1 et.1.2 et.1.3 et.1.4 et.1.5 et.1.6 et.1.7 et.1.
port show stp-info port show stp-info Purpose Display Spanning Tree (STP) information for SSR ports. Format port show stp-info |all-ports Mode Enable Description The port show stp-info command lets you display Spanning-Tree information for SSR ports. Parameters |all-ports Specifies the ports for which you want to display information. The all-ports keyword displays the selected information for all the SSR ports. Restrictions None.
port show stp-info ssr# port show stp-info all-ports Designated Port Priority Cost STP ----------- -----et.1.1 128 00100 Enabled et.1.2 128 00100 Enabled et.1.3 128 00100 Enabled et.1.4 128 00100 Enabled et.1.5 128 00100 Enabled et.1.6 128 00100 Enabled et.1.7 128 00100 Enabled et.1.
port show vlan-info port show vlan-info Purpose Display VLAN information for SSR ports. Format port show vlan-info |all-ports Mode Enable Description The port show vlan-info command lets you display VLAN information about SSR ports. Parameters |all-ports Specifies the ports for which you want to display information. The all-ports keyword displays the selected information for all the SSR ports.
port show vlan-info Example To display the VLAN information for all available ports: ssr# port show vlan-info all-ports Port Access Type IP VLANs ---------------------et.4.1 access DEFAULT et.4.2 access DEFAULT et.4.3 access DEFAULT et.4.4 access DEFAULT et.4.5 access DEFAULT et.4.6 access DEFAULT et.4.7 access DEFAULT et.4.
port show mirroring-status port show mirroring-status Purpose Show the port mirroring status for slots in the SSR chassis.
port show mirroring-status Examples To display the port mirroring status for slot 5: ssr(config)# port show mirroring-status 5 550 SSR Command Line Interface Reference Manual
Chapter 38 port mirroring Command Purpose Apply port mirroring to one or more target ports on an SSR or to traffic specified by an ACL profile. Format port mirroring monitor-port target-port |target-profile Mode Configure Description The port mirroring command allows you to monitor via a single port the activity of one or more ports on an SSR or the traffic that is specified by an ACL. Parameters monitor-port The port you will use to monitor activity.
target-port The port(s) for which you want to monitor activity. You can specify a single port or a comma-separated list of ports. target-profile The name of the ACL that specifies the profile of the traffic that you want to monitor. The ACL must be a previously created IP ACL. The ACL may contain either permit or deny keywords.
Chapter 39 ppp Commands The following commands allow you to define Point-to-Point Protocol (PPP) service profiles, and specify and monitor PPP High-Speed Serial Interface (HSSI) and standard serial ports. Command Summary Table 27 lists the PPP commands. The sections following the table describe the command syntax. Table 27.
Command Summary Table 27.
ppp add-to-mlp ppp add-to-mlp Purpose Add PPP ports to an MLP bundle. Format ppp add-to-mlp port Mode Configure Description The ppp add-to-mlp command allows you to add one or more PPP ports to a previously defined MLP bundle. Parameters The name of the previously defined MLP bundle. The WAN port(s) you want to add to the MLP bundle. Restrictions Usage is restricted to PPP WAN ports only. Example To add the port “hs.3.1” to the MLP bundle “mp.
ppp apply service ppp apply service Purpose Apply a pre-defined service profile to an interface. Format ppp apply service ports Mode Configure Description Issuing the ppp apply service ports command allows you to apply a previously defined service profile to a given PPP WAN port. Parameters The name of the previously defined service you wish to apply to the given port(s) or interfaces.
ppp create-mlp ppp create-mlp Purpose Create MLP bundles. Format ppp create-mlp slot Mode Configure Description The ppp create-mlp command allows you to create one or more MLP bundles. Parameters The name(s) of the MLP bundles you want to create. You can specify a single bundle or a comma-separated list of MLP bundles. The slot number for the MLP bundle(s). Restrictions Usage is restricted to PPP WAN ports only. Example To create the MLP bundle “mp.
ppp define service ppp define service Purpose Define a service profile for WAN ports.
ppp define service • The maximum allowable unacknowledged terminate requests before determining that the peer is unable to respond. • Activate or deactivate Random Early Discard (RED) for PPP ports. • The maximum and minimum threshold values for RED high-, low-, and mediumpriority traffic. In general, Cabletron recommends that the maximum threshold values be less than or equal to the respective high-, low-, or medium-priority queue depth.
ppp define service low-priority-queue-depth The number of items allowed in the PPP queue. You can specify a number between 1 and 65,535. Cabletron recommends a value within the 5 - 100 item range. The default value is 20. max-configure The maximum allowable number of unanswered requests. You can specify any number greater than or equal to 1. The default value is 10. max-failure The maximum allowable number of negative-acknowledgment transmissions.
ppp define service retry-interval The number of seconds between subsequent configuration request transmissions (the interval). You can specify any number greater than or equal to 1. The default value is 30. rmon on|off Specifying the on keyword enables RMON for PPP WAN ports. Specifying the off keyword disables RMON for PPP WAN ports. Restrictions Usage is restricted to PPP WAN ports only.
ppp restart lcp-ncp ppp restart lcp-ncp Purpose Restart PPP LCP/NCP negotiation. Format ppp restart lcp-ncp ports Mode Enable Description The ppp restart lcp-ncp command allows you to reset and restart the LCP/NCP negotiation process for PPP WAN ports. Parameters The ports for which you would like to re-establish LCP/NCP negotiation. Restrictions This command line is available only for PPP WAN ports.
ppp set mlp-encaps-format ppp set mlp-encaps-format Purpose Set MLP encapsulation format. Format ppp set mlp-encaps-format ports [format short-format] Mode Configure Description The ppp set mlp-encaps-format command allows you to specify the encapsulation format for MLP bundles. If this command is not configured, long format encapsulation is used for MLP bundles.
ppp set mlp-frag-size ppp set mlp-frag-size Purpose Set the frame size under which no MLP fragmentation is needed. Format ppp set mlp-frag-size ports [size ] Mode Configure Description The ppp set mlp-frag-size command allows you to set the frame size under which no fragmentation is needed for transmission on the MLP bundle. The default size is 1500 bytes. Any frames that are less than the value set by the ppp set mlp-frag-size command are not fragmented.
ppp set mlp-frag-size Example To specify that frames of 200 bytes or more are fragmented on the MLP bundles “mp.1” and “mp.4-7”: ssr(config)# ppp set mlp-frag-size ports mp.1, mp.
ppp set mlp-fragq-depth ppp set mlp-fragq-depth Purpose Set the depth of the MLP fragment queue. Format ppp set mlp-fragq-depth ports qdepth Mode Configure Description The ppp set mlp-fragq-depth command allows you to set the depth of the queue used by MLP to hold packet fragments for reassembly. Parameters The MLP port(s) to which the queue depth applies. The depth of the queue, in packets, to hold unassembled packet fragments.
ppp set mlp-orderq-depth ppp set mlp-orderq-depth Purpose Set the depth of the MLP packet order queue. Format ppp set mlp-orderq-depth ports qdepth Mode Configure Description The ppp set mlp-orderq-depth command allows you to set the depth of the queue used by MLP to hold MLP packets for preserving the packet order. Parameters The MLP port(s) to which the queue depth applies. The depth of the queue, in packets, to hold MLP packets.
ppp set payload-compress ppp set payload-compress Purpose Enables packet compression for PPP ports. Format ppp set payload-compress [max-histories ] [type stac] ports Mode Configure Description The ppp set payload-compress command allows you to enable the Stacker payload compression. You can enable compression on a single port, an entire multilink PPP (MLP) bundle, or on individual ports that are members of a multilink PPP bundle.
ppp set payload-compress Example To enable LZS Stac payload compression on slot 4, on serial port 2: ssr(config)# ppp set payload-compress port se.4.
ppp set payload-encrypt ppp set payload-encrypt Purpose Enables packet encryption for PPP ports. Format ppp set payload-encrypt [type des-bis] transmit-key receive-key ports Mode Configure Description The ppp set payload-encrypt command allows you to enable the encryption of packets using the DES-bis algorithm. You can enable encryption on a single port, an entire multilink PPP (MLP) bundle, or on individual ports that are members of an MLP bundle.
ppp set payload-encrypt Example To enable DES-bis payload encryption on slot 4, on serial port 2: ssr(config)# ppp set payload-encrypt transmit-key 0x123456789abcdefO receive-key 0xfedcba9876543210 port se.4.
ppp set peer-addr ppp set peer-addr Purpose Set the peer address in case that IPCP/IPXCP can't resolve the address. Format ppp set peer-addr ports Mode Configure Description Issuing the ppp set peer-addr command allows you to set the peer address if it can't be resolved by IPCP or IPXCP. Parameters The IP or IPX address you wish to use. The port to which you wish to assign the address. Restrictions Usage is restricted to PPP port only.
ppp set ppp-encaps-bgd ppp set ppp-encaps-bgd Purpose Force the ingress packets to be encapsulated in bridged format. Format ppp set ppp-encaps-bgd ports Mode Configure Description Issuing the ppp set ppp-encaps-bgd command allows you to use bridged format encapsulation on a given ppp port. Parameters The port(s) to which you wish to use bridged encapsulation. You can specify a single port or a comma-separated list of ports. Restrictions Usage is restricted to ppp port only.
ppp show mlp ppp show mlp Purpose Displays the PPP ports that have been added into an MLP bundle. Format ppp show mlp |all-ports Mode Enable Description The ppp show mlp command allows you to display information about one or more MLP bundles. Parameters The name(s) of the MLP bundles on which you want information. You can specify a single bundle or a comma-separated list of MLP bundles. all-ports Displays information on all MLP ports. Restrictions None.
ppp show service ppp show service Purpose Displays PPP service profiles. Format ppp show service |all Mode Enable Description The ppp show service command allows you to display one or all of the available PPP service profiles. Parameters The service profile you wish to display. all Displays all of the available PPP service profiles. Restrictions None.
ppp show stats ppp show stats Purpose Displays bridge NCP, IP NCP, and link-status parameters. Format ppp show stats port [bridge-ncp] [ip-ncp] [link-status] [summary] Mode Enable Description The ppp show stats command allows you to display parameters for bridge NCP, IP NCP, and link-status on PPP WAN ports. You can specify one, two, or three of the available parameter types. Parameters The PPP WAN port for which you wish to view bridge NCP, IP NCP, and/or link-status parameters.
ppp show stats Example To display the available link-status and IP NCP parameters for the PPP WAN interface located at slot 4, port 1: ssr# ppp show stats port se.4.
ppp show stats 578 SSR Command Line Interface Reference Manual
Chapter 40 pvst Commands The pvst commands let you display and change settings for a VLAN spanning tree. Command Summary Table 28 lists the pvst commands. The sections following the table describe the command syntax. Table 28.
pvst create spanningtree pvst create spanningtree Purpose Create an instance of spanning tree for a particular VLAN. Format pvst create spanningtree vlan-name Mode Configure Description The pvst create spanningtree command creates a spanning tree instance for a particular VLAN. Parameters vlan-name The name of the VLAN for which a new instance of spanning tree is to be created. Restrictions None.
pvst enable port spanning-tree pvst enable port spanning-tree Purpose Enable PVST on one or more ports on a particular spanning tree. Format pvst enable port spanning-tree Mode Configure Description The pvst enable port command enables STP on the specified port for the specified spanning tree. Parameters The ports on which you are enabling STP. You can specify a single port or a comma-separated list of ports. Example: et.1.3,et.(1-3).(4,6-8).
pvst set bridging spanning-tree pvst set bridging spanning-tree Purpose Set STP bridging parameters for a particular VLAN.
pvst set bridging spanning-tree priority Sets the STP bridging priority for the SSR. Specify a number from 0 – 65535. The default is 32768 spanning-tree The name of the spanning-tree instance. This name is the same as the VLAN name. Note: For default VLAN, use stp commands. Restrictions For PVST, the spanning tree instance must have previously been created.
pvst set port spanning-tree pvst set port spanning-tree Purpose Set PVST port priority and port cost for ports for a particular VLAN. Format pvst set port priority port-cost spanning-tree Mode Configure Description The pvst set port command sets the STP priority and port cost for individual ports for a particular VLAN. Parameters port The port(s) for which you are setting STP parameters. You can specify a single port or a comma-separated list of ports.
pvst set port spanning-tree Restrictions For PVST, the spanning tree instance must have previously been created.
pvst show bridging-info spanning-tree pvst show bridging-info spanning-tree Purpose Display STP bridging information for a particular VLAN. Format pvst show bridging-info spanning-tree Mode Enable Description The pvst show bridging-info command displays STP bridging information for a particular VLAN. Parameters spanning-tree The name of the spanning-tree instance. This name is the same as the VLAN name. Note: For default VLAN, use stp commands.
Chapter 41 qos Commands The qos commands define and display Quality of Service (QoS) parameters. Use the command to classify Layer 2, Layer 3, and Layer 4 traffic into the following priorities: • control • high • medium • low By assigning priorities to network traffic, you can ensure that critical traffic will reach its destination even if the exit ports for the traffic are experiencing greater than maximum utilization.
Command Summary Precedence A precedence from 1 – 7 is associated with each field in a flow. The SSR uses the precedence value associated with the fields to break ties if packets match more than one flow. The highest precedence is 1 and the lowest is 7. Here are the default precedences of the fields: • IP – destination port (1), destination address (2), source port (3), source IP address (4), TOS (5), interface (6), protocol (7).
Command Summary Table 29.
qos precedence ip qos precedence ip Purpose Set the precedence of the IP flow fields. Format qos precedence ip [sip ] [dip ] [srcport ] [destport ] [tos ] [protocol ] [intf ] Mode Configure Description The qos precedence ip command lets you set the QoS precedence for various flow fields in IP traffic.
qos precedence ip • interface (6) • protocol (7). Parameters sip Specifies the precedence of the source address field in IP flows. Specify a precedence from 1 – 7. dip Specifies the precedence of the destination address field in IP flows. Specify a precedence from 1 – 7. srcport Specifies the precedence of the source port field in IP flows. Specify a precedence from 1 – 7. dstport Specifies the precedence of the destination port field in IP flows.
qos precedence ipx qos precedence ipx Purpose Set the precedence of the IPX flow fields. Format qos precedence ipx [srcnet ] [srcnode ] [srcport ] [dstnet ] [dstnode ] [dstport ] [intf ] Mode Configure Description The qos precedence ipx command lets you set the precedence of the following fields in IPX flows.
qos precedence ipx • source port (6) • interface (7). Parameters srcnet Specifies the precedence of the source network field in IPX flows. Specify a precedence from 1 – 7. srcport Specifies the precedence of the source port field in IPX flows. Specify a precedence from 1 – 7. srcnode Specifies the precedence of the source node field in IPX flows. Specify a precedence from 1 – 7. dstnet Specifies the precedence of the destination network field in IPX flows.
qos set ip qos set ip Purpose Set a priority for an IP flow.
qos set ip Specifies the priority you are assigning to the flow parameters you specified from the list above. You can specify one of the following priorities: control Assigns control priority to the IP flow parameters you have specified. This is the highest priority. high Assigns high priority to the IP flow parameters you have specified. medium Assigns medium priority to the IP flow parameters you have specified. low Assigns low priority to the IP flow parameters you have specified.
qos set ip |any Specifies the transport layer protocol for which you are assigning priority. You can specify one of the following values: tcp Assigns the priority parameters to the TCP protocol. udp Assigns the priority parameters to the UDP protocol. any Assigns the priority parameters to both the TCP and UDP protocols. Specifies the mask that is used for the TOS byte. Specify a number from 1-255 or any to specify any TOS value. The default is 30.
qos set ipx qos set ipx Purpose Set a priority for an IPX flow.
qos set ipx control Assigns control priority to the IP flow parameters you have specified. This is the highest priority. high Assigns high priority to the IP flow parameters you have specified. medium Assigns medium priority to the IP flow parameters you have specified. low Assigns low priority to the IP flow parameters you have specified. This is the default. |any Specifies the IPX source network and node address. Specify them in the following format: .
qos set ipx Examples The following command creates an IPX flow called “abc”. This flow gives a high priority to IPX traffic on interface mls1 from network 12345678.00:01:00:00:00:00, mask 0000ff00, port 55 to network 22222222.02:00:00:00:00:00, mask 0000ff00, port 65. ssr(config)# qos set ipx abc high 12345678.00:01:00:00:00:00 0000ff00 55 22222222.
qos set l2 qos set l2 Purpose Configure priority for a Layer 2 flow. Format qos set l2 name source-mac dest-mac vlan inport-list priority control | high | medium | low | Mode Configure Description The qos set l2 command lets you set QoS priority on a Layer 2 flow.
qos set l2 source-mac Specifies the L2 source MAC address. Specify the MAC address in either of the following formats: xx:xx:xx:xx:xx:xx xxxxxx:xxxxxx dest-mac Specifies the L2 destination MAC address. vlan Specifies the name of a VLAN. in-port-list Specifies the SSR ports for which you are setting priority for this flow. The priority applies when the L2 packet enters the SSR on one of the specified ports. The priority does not apply to exit ports.
qos set queuing-policy qos set queuing-policy Purpose Change the queueing policy from strict priority to weighted fair. Format qos set queuing-policy weighted-fair port |all-ports Mode Configure Description The qos set queuing-policy command lets you override the default queuing policy (strict priority) in favor of weighted fair queuing on specific ports or on all ports. Only one type of queuing policy can be active at a time.
qos set weighted-fair qos set weighted-fair Purpose Set percentages for weighted-fair queuing. Format qos set weighted-fair control high medium low port |all-ports Mode Configure Description The qos set weighted-fair command lets you set the percentage of SSR bandwidth allocated to the control, high, medium, and low priorities. The percentages apply to specific ports or to all ports.
qos set weighted-fair port |all-ports Specifies the Ethernet ports or WAN modules and ports on which the defined percentages apply. Specify all-ports to apply the percentages to all ports. Restrictions The total percentages for all four QoS levels must equal 100%.
qos show ip qos show ip Purpose Show QoS information for IP flows. Format qos show ip Mode Enable Description The qos show ip command lets you display QoS information for IP flows. Parameters None. Restrictions None.
qos show ipx qos show ipx Purpose Show QoS information for IPX flows. Format qos show ipx Mode Enable Description The qos show ipx command lets you display QoS information for IPX flows. Parameters None. Restrictions None.
qos show l2 qos show l2 Purpose Show QoS information for L2 flows. Format qos show l2 all-destination all-flow ports vlan source-mac dest-mac Mode Enable Description The qos show l2 command lets you display QoS information for L2 flows.
qos show l2 vlan Filters the display to show L2 priority information for specific VLANs. source-mac Filters the display to show L2 priority information for specific source MAC addresses. dest-mac Filters the display to show L2 priority information for specific destination MAC addresses. Restrictions None.
qos show qos show Purpose Show QoS information for L2, IP, and IPX flows. Format qos show ip | ipx | l2 all-destination all-flow ports vlan sourcemac dest-mac Mode User or Enable Description The qos show command lets you display QoS information for IP, IPX, and L2 flows. The command shows information for all IP and IPX flows.
qos show ports Filters the display to show L2 priority information for specific ports. vlan Filters the display to show L2 priority information for specific VLANs. source-mac Filters the display to show L2 priority information for specific source MAC addresses. dest-mac Filters the display to show L2 priority information for specific destination MAC addresses. Restrictions None.
Chapter 42 radius Commands The radius commands let you secure access to the SSR using the Remote Authentication Dial-In User Service (RADIUS) protocol. When a user logs in to the SSR or tries to access Enable mode, he or she is prompted for a password. If RADIUS authentication is enabled on the SSR, it will contact a RADIUS server to verify the user. If the user is verified, he or she is granted access to the SSR. Command Summary Table 30 lists the radius commands.
radius accounting command level radius accounting command level Purpose Causes the specified types of commands to be logged to the RADIUS server. Format radius accounting command level Mode Configure Description The radius accounting command level command allows you specify the types of commands that are logged to the RADIUS server. The user ID and timestamp are also logged. Parameters Specifies the type(s) of commands that are logged to the RADIUS server.
radius accounting command level Example To cause Configure, Enable, and User mode commands to be logged on the RADIUS server: ssr(config)# radius accounting command level 15 SSR Command Line Interface Reference Manual 613
radius accounting shell radius accounting shell Purpose Causes an entry to be logged on the RADIUS server when a shell is stopped or started on the SSR. Format radius accounting shell start|stop|all Mode Configure Description The radius accounting shell command allows you to track shell usage on the SSR. It causes an entry to be logged on the RADIUS server when a shell is started or stopped.
radius accounting shell Example To cause an entry to be logged on the RADIUS server when a shell is either started or stopped on the SSR: radius accounting shell all SSR Command Line Interface Reference Manual 615
radius accounting snmp radius accounting snmp Purpose Logs to the RADIUS server any changes made to the startup or active configuration via SNMP. Format radius accounting snmp active|startup Mode Configure Description The radius accounting snmp command allows you to track changes made to the active or startup configuration through SNMP. It causes an entry to be logged on the RADIUS server whenever a change is made to the ACL configuration.
radius accounting system radius accounting system Purpose Specifies the type(s) of messages to be logged on the RADIUS server. Format radius accounting system fatal|error|warning|info Mode Configure Description The radius accounting system command allows you to specify the types of messages that are logged on the RADIUS server. Parameters fatal Logs only fatal messages. error Logs fatal messages and error messages. warning Logs fatal messages, error messages, and warning messages.
radius accounting system Example To log only fatal and error messages on the RADIUS server: ssr(config)# radius accounting system error 618 SSR Command Line Interface Reference Manual
radius authentication radius authentication Purpose Causes RADIUS authentication to be performed at either the SSR login prompt or when the user tries to access Enable mode. Format radius authentication login|enable Mode Configure Description The radius authentication command allows you to specify when RADIUS authentication is performed: either when a user logs in to the SSR, or tries to access Enable mode. Parameters login Authenticates users at the SSR login prompt.
radius enable radius enable Purpose Enables RADIUS authentication on the SSR. RADIUS authentication is disabled by default on the SSR. Format radius enable Mode Configure Description The radius enable command causes RADIUS authentication to be activated on the SSR. You set RADIUS-related parameters with the radius set, radius accounting shell, and radius authorization commands, then use the radius enable command to activate RADIUS authentication. Parameters None. Restrictions None.
radius enable Example The following commands set RADIUS-related parameters on the SSR. The commands are then activated with the radius enable command: radius radius radius radius radius set server 207.135.89.
radius set radius set Purpose Sets parameters for authenticating the SSR through a RADIUS server.
radius set for optimal security, however, note that you must set a password with the system set password command. succeed Access to the SSR is granted. Restrictions None. Example The following commands specify that hosts 137.72.5.9 and 137.72.5.41 are RADIUS servers, and the SSR should wait no more than 30 seconds for a response from one of these servers.
radius show radius show Purpose Displays information about RADIUS configuration on the SSR. Format radius show stats|all Mode Enable Description The radius show command displays statistics and configuration parameters related to RADIUS configuration on the SSR. The statistics displayed include: accepts Number of times each server responded and validated the user successfully.
radius show Example To display configuration parameters and RADIUS server statistics: radius show all SSR Command Line Interface Reference Manual 625
radius show 626 SSR Command Line Interface Reference Manual
Chapter 43 rarpd Commands The rarpd commands let you configure and display information about Reverse Address Resolution Protocol (RARP) on the SSR. Command Summary Table 31 lists the rarpd commands. The sections following the table describe the command syntax. Table 31.
rarpd add rarpd add Purpose Maps a MAC address to an IP address. Format rarp add hardware-address ip-address Mode Configure Description The rarpd add command allows you to map a MAC address to an IP address for use with RARP. When a host makes a RARP request on the SSR, and its MAC address has been mapped to an IP address with the rarp add command, the RARP server on the SSR responds with the IP address that corresponds to the host’s MAC address.
rarpd set interface rarpd set interface Purpose Specifies the interface(s) to which the SSR’s RARP server responds. Format rarpd set interface |all Mode Configure Description The rarpd set interface command allows you to specify which interfaces the SSR’s RARP server responds to when sent RARP requests. You can specify individual interfaces or all interfaces. Parameters Is the name of an interface. all Causes the RARP server to respond to RARP requests from all interfaces.
rarpd show rarpd show Purpose Displays information about the SSR’s RARP configuration. Format rarpd show interface|mappings Mode Enable Description The rarpd show command displays information about the configuration of the SSR’s RARP server. You can list the MAC-to-IP address mappings or the interfaces to which the SSR responds to RARP requests. Parameters interface Lists the interfaces to which the SSR responds to RARP requests.
Chapter 44 rate-limit Command The rate-limit commands allow you to define rate limits and apply them to IP interfaces. Command Summary Table 32 lists the rate-limit commands. The sections following the table describe the command syntax. Table 32.
rate-limit apply rate-limit apply Purpose Applies a rate limit definition to an interface. Format rate-limit apply inteface |all Mode Configure Description The rate-limit apply command allows you to apply a previously-defined rate limit to an interface. Parameters The name of the rate limit. interface |all The name of the IP interface. The keyword all applies the policy to all IP interfaces. Restrictions None.
rate-limit input rate-limit input Purpose Defines a policy to enable rate limit. Format rate-limit input acl rate exceed-action [sequence ] Mode Configure Description The rate-limit input command allows you to specify the profile for rate limiting by specifying IP ACLs, the rate limit, and the action to be performed if the rate limit is reached. You then use the rate-limit apply command to apply the rate limit to an IP interface.
rate-limit input set-priority-medium Set the priority to medium. set-priority-high Set the priority to high. sequence The sequence number for this policy. This value can be between 1 and 65535. Restrictions None.
rate-limit show rate-limit show Purpose Shows rate limit policies. Format rate-limit show all |policy-name |interface Mode Enable Description The rate-limit show command shows information about rate limit policies. Parameters all Displays information on all rate limit policies configured on the SSR. policy-name | all The name of the rate limit. The keyword all shows all rate limit policies. interface | all The name of the IP interface.
rate-limit show Example To show all configured rate limit policies: ssr# rate-limit show all -------------------------------------------------------------------------Rate Limit Policy name : rlpol 1 Applied Interfaces : if0 2 3 4 ACL --100 200 300 400 500 10 Seq --10 10 10 10 10 5 Source IP/Mask -------------10.212.10.11/32 10.212.10.12/32 10.212.10.13/32 10.212.10.14/32 10.212.10.10/32 11 Dest.
rate-limit show 13. The action to be taken if the rate limit is reached: packets can be dropped or the priority set to low, medium, or high.
rate-limit show 638 SSR Command Line Interface Reference Manual
Chapter 45 rdisc Commands The rdisc commands allow you to configure router advertisement on the SSR. Command Summary Table 33 lists the rdisc commands. The sections following the table describe the command syntax. Table 33.
rdisc add address rdisc add address Purpose Defines the IP address(es) that are to be included in router advertisements send by the SSR. Format rdisc add address Mode Configure Description The rdisc add address command lets you define addresses to be included in router advertisements. If you configure this command, only the specified hostname(s) or IP address(es) are included in the router advertisements.
rdisc add interface rdisc add interface Purpose Enables router advertisement on an interface. Format rdisc add interface |all Mode Configure Description The rdisc add interface command lets you enable router advertisement on an interface. By default, all addresses on the interface are included in router advertisements sent by the SSR. If you want to have only specific addresses included in router advertisements, use the rdisc add address command to specify those addresses.
rdisc set address rdisc set address Purpose Configures router advertisement parameters that apply to a specific address. Format rdisc set address type multicast|broadcast advertise enable|disable preference |ineligible Mode Configure Description The rdisc set address command lets you specify the type of router advertisement in which the address is included and the preference of the address for use as a default route. Parameters Specifies the IP address.
rdisc set address value, the more preference. If the IP address is ineligible to be a default route, specify ineligible. The default value is 0. Restrictions None Examples To specify that an address be included only in broadcast router advertisements and that the address is ineligible to be a default route: ssr#(config) rdisc set address 10.20.36.
rdisc set interface rdisc set interface Purpose Configures router advertisement parameters that apply to a specific interface or to all interfaces. Format rdisc set interface |all min-adv-interval max-adv-interval lifetime Mode Configure Description The rdisc set interface command lets you specify the intervals between the sending of router advertisements and the lifetime of addresses sent in a router advertisement.
rdisc set interface Restrictions None Examples To specify the maximum time between the sending of router advertisements on an interface: ssr#(config) rdisc set interface ssr4 max-adv-interval 1200 Note that since the min-adv-interval and lifetime parameters were not specified, the default values for those parameters become 900 seconds and 3600 seconds, respectively.
rdisc show rdisc show Purpose Shows the state of router discovery on the SSR. Format rdisc show all Mode Enable Description The rdisc show command shows the state of router discovery on the SSR. Parameters all Displays all router discovery information. Restrictions None.
rdisc show Examples To display router discovery information: ssr# rdisc show all Task State: 1 Send buffer size 2048 at 812C68F8 Recv buffer size 2048 at 812C60D0 Timers: RouterDiscoveryServer Priority 30 RouterDiscoveryServer_SSR2_SSR3_IP last: 10:17:21 next: 10:25:05 2 Task RouterDiscoveryServer: Interfaces: Interface SSR2_SSR3_IP: 3 Group 224.0.0.1: 4 minadvint 7:30 maxadvint 10:00 lifetime 30:00 Address 10.10.5.
rdisc start rdisc start Purpose Starts router discovery on the SSR. Format rdisc start Mode Configure Description The rdisc start command lets you start router discovery on the SSR. When router discovery is started, the SSR multicasts or broadcasts periodic router advertisements on each configured interface. The router advertisements contain a list of addresses on a given interface and the preference of each address for use as the default route on the interface. By default, router discovery is disabled.
rdisc stop rdisc stop Purpose Stops router discovery. Format rdisc stop Mode Configure Description The rdisc stop command stops router discovery on the SSR, thereby stopping router advertisements from being sent out. Parameters None.
rdisc stop 650 SSR Command Line Interface Reference Manual
Chapter 46 reboot Command The reboot command reboots the SSR. Format reboot Mode Enable. Parameters None. Restrictions None.
SSR Command Line Interface Reference Manual
Chapter 47 rip Commands The Routing Information Protocol, Version 1 and Version 2, (RIPv1 and RIPv2) is the most commonly used interior gateway protocol. RIP selects the route with the lowest metric as the best route. The metric is a hop count representing the number of gateways through which data must pass in order to reach its destination. The longest path that RIP accepts is 15 hops. If the metric is greater than 15, a destination is considered unreachable and the SSR discards the route.
Command Summary Table 34.
rip add rip add Purpose Adds RIP entities. Note: By default, RIP is disabled on all SSR interfaces. To enable RIP on an interface, you must use the rip add interface command.
rip add trusted-gateway Adds a trusted source for RIP updates. When you add trusted gateways, the SSR will not accept RIP updates from any sources except the trusted gateways. You can specify a single interface name or IP address. The interface name or IP address of the interface, router, or gateway. You can specify a list or use the keyword all to specify all SSR interfaces. The hostname or IP address of the source or trusted gateway. Restrictions None.
rip set auto-summary rip set auto-summary Purpose Enables automatic summarization and redistribution of RIP routes. Format rip set auto-summary disable | enable Mode Configure Description The rip set auto-summary command specifies that routes to subnets should be automatically summarized by the classful network boundary and redistributed into RIP. Parameters disable | enable Enables or disables automatic summarization and redistribution of RIP routes. Restrictions None.
rip set broadcast-state rip set broadcast-state Purpose Determines if RIP packets will be broadcast regardless of the number of interfaces present. This is useful when propagating static routes or routes learned from another protocol into RIP. In some cases, the use of broadcast when only one network interface is present can cause data packets to traverse a single network twice.
rip set check-zero rip set check-zero Purpose Specifies whether RIP should make sure that reserved fields in incoming RIP V1 packets are zero. Normally, RIP will reject packets where the reserved fields are non-zero. Format rip set check-zero disable | enable Mode Configure Description The rip set check-zero command specifies whether RIP should make sure that reserved fields in incoming RIP V1 packets are zero. RIP will reject packets where the reserved fields are non-zero.
rip set check-zero-metric rip set check-zero-metric Purpose Specifies whether RIP should accept routes with a metric of zero. Normally, RIP will reject routes with a metric of zero. Format rip set check-zero-metric disable | enable Mode Configure Description The rip set check-zero-metric command specifies whether RIP should accept routes with a metric of zero. This may be necessary for interoperability with other RIP implementations that send routes with a metric of zero.
rip set default-metric rip set default-metric Purpose Defines the metric used when advertising routes via RIP that were learned from other protocols. If not specified, the default value is 16 (unreachable). This choice of values requires you to explicitly specify a metric in order to export routes from other protocols into RIP. This metric may be overridden by a metric specified in the export command. Note: The metric 16 is equivalent in RIP to “infinite” and makes a route unreachable.
rip set interface rip set interface Purpose Set the RIP state, version, type of update messages, metric and authentication scheme used for each interface running RIP.
rip set interface • The key-chain for RIP update authentication • The authentication method used for RIP updates (none, simple, or MD5) Parameters |all The interface names or IP addresses of the interfaces for which you are setting RIP parameters. Specify the all keyword if you want to set RIP parameters for all IP interfaces on the SSR.
rip set interface multicast Causes RIP V2 packets to be multicasted on this interface; this is the default. authentication-method none|(simple|md5 key-chain ) The authentication method the interface uses to authenticate RIP updates. Specify one of the following: none The interface does not use any authentication. simple The interface uses a simple password in which an authentication key of up to 8 characters is included in the packet. md5 The interface uses MD5 authentication.
rip set interface 3. Router R1 the entire class A network (16.0.0.0/8) behind it. By default, router R1 would not announce a classful network (16.0.0.0/8) over a subnet (16.123.128.1/16). If that is something which is desired, then the below given command should be entered. rip set interface 16.123.128.1 advertise-classfull enable | disable Typically, a user would enable automatic summarization for RIP. This would create an implicit aggregate 16.0.0.0/8.
rip set poison-reverse rip set poison-reverse Purpose Enables poison reverse on all SSR interfaces. Format rip set poison-reverse disable | enable Mode Configure Description The rip set poison-reverse command allows you to enable or disable poison reverse on all SSR interfaces. The SSR supports poison reverse as specified by RFC 1058. Note: Turning on poison reverse will approximately double the amount of RIP updates. Parameters disable | enable Enables or disables poison reverse on the SSR.
rip set preference rip set preference Purpose Sets the preference of routes learned from RIP. The default preference is 100. This preference may be overridden by a preference specified in the import command. Format rip set preference Mode Configure Description The rip set preference command sets the preference for destinations learned through RIP. The preference you specify applies to all IP interfaces for which RIP is enabled on the SSR. The default preference is 100.
rip show rip show Purpose Display RIP information. Format rip show Mode Enable Description The rip show command displays RIP information. Parameters Specifies the RIP dump information you want to display. Specify one or more of the following: all Displays all RIP tables. globals Displays RIP globals. timers Displays RIP timers. interface Displays RIP interfaces. active-gateways Displays active gateways running RIP. interface-policies Displays RIP interface policies.
rip show export-policies Displays RIP export policies. Restrictions None.
rip start rip start Purpose Start RIP on the SSR. Note: RIP is disabled by default. Format rip start Mode Configure Description The rip start command starts RIP on all IP interfaces on the SSR for which RIP is enabled. Parameters None. Restrictions None.
rip stop rip stop Purpose Stop RIP on the SSR. Format rip stop Mode Configure Description The rip stop command stops RIP on all IP interfaces on the SSR for which RIP is enabled. Parameters None. Restrictions None.
rip trace rip trace Purpose Trace RIP packets. Format rip trace [packets|request|response|local-options] [detail | send|receive] Mode Configure Description The rip trace command traces the following sets of RIP packets: • RIP request packets sent or received by the SSR • RIP response packets sent or received by the SSR Depending on the options you specify, you can trace all packets, request packets only, or receive packets only.
rip trace receive Shows information about traced RIP packets received by the SSR. send Shows information about traced RIP packets sent by the SSR. Note: The default is to show both send and receive packets. local-options Sets trace options for this protocol only. These trace options are inherited from those set by the ip-router global set trace options command, or you can override them here. Specify one or more of the following: all Turns on all tracing. general Turns on normal and route tracing.
rip trace 674 SSR Command Line Interface Reference Manual
Chapter 48 rmon Commands The rmon commands let you display and set parameters for RMON statistics on a perport basis. RMON information corresponds to RFCs 1757 and 2021. Command Summary Table 35 lists the rmon commands. The sections following the table describe the command syntax. Table 35.
Command Summary Table 35.
Command Summary Table 35.
rmon address-map rmon address-map Purpose Configures the RMON 2 Address Map group. Format rmon address-map index port [owner ] [status enable|disable] Mode Configure Description The Address Map group maps MAC addresses to network address bindings that are discovered by the SSR on a per-port basis. The rmon address-map command sets various parameters of the RMON 2 Address Map table.
rmon address-map Restrictions None. Example To create an entry in the Address Map table for port et.1.3: ssr(config)# rmon address-map index 20 port et.1.
rmon al-matrix-top-n rmon al-matrix-top-n Purpose Gathers the top n Application Layer Matrix entries. Format rmon al-matrix-top-n index matrix-index ratebase terminalpackets|terminal-octets|all-packets|all-octets duration size [owner ] [status enable|disable] Mode Configure Description The rmon al-matrix-top-n command gathers the top n Application Layer Matrix entries sorted by a specified statistic.
rmon al-matrix-top-n all-octets Sort by all octets. duration Specifies the duration, in seconds, between reports. If the duration is 0 (the default), this implies that no reports have been requested for this entry. The default is 0. size Specifies the maximum number of matrix entries to include in the report. The default is 150. owner Specifies the owner of the event; for example, an IP address, machine name or person’s name.
rmon alarm rmon alarm Purpose Configures the RMON 1 Alarm group. Format rmon alarm index variable [interval ] [falling-eventindex ] [falling-threshold ] [owner ] [rising-event-index ] [rising-threshold ] [startup rising|falling|both] [status enable|disable] [type absolute-value|delta-value] Mode Configure Description The Alarm group takes periodic statistical samples and compares them with previouslyconfigured thresholds.
rmon alarm an alarm. When the sample’s value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single event is generated. The value must be between 1 and 2147483647, inclusive. owner Specifies the owner of the alarm resource; for example, an IP address, machine name or person’s name. rising-event-index Is the action to be taken as defined by the row with this index in the event table when a rising threshold is crossed.
rmon alarm Restrictions None. Examples To cause an alarm event if the variable defined in alarm 10 crosses the rising threshold: ssr(config)# rmon alarm index 10 startup rising interval 30 variable 1.3.6.1.2.1.5.14.0 rising-threshold 40 rising-event-index 1 To monitor the absolute value of the variable against a threshold value: ssr(config)# rmon alarm index 10 type absolute-value startup rising interval 30 variable 1.3.6.1.2.1.5.14.
rmon apply cli-filters rmon apply cli-filters Purpose Apply a specific CLI RMON filter. Format rmon apply cli-filters Mode Enable Description The rmon apply cli-filters command applies a specific CLI RMON filter to the current Telnet or Console session. This enables different users to select the different CLI filters which you should define using the rmon set cli-filter command. Use the rmon show cli-filters command to see the RMON CLI filters that have been defined on the SSR.
rmon apply cli-filters To see a list of CLI RMON filters: ssr> rmon show cli-filters RMON CLI Filters Id Filter ------1 (inpkts >= 0) 2 (inpkts >= 0 and outoctets >= 0) 3 srcmac 222222222222 and (outoctets >= 0) You have selected a filter: (inpkts >= 0) 686 SSR Command Line Interface Reference Manual
rmon capture rmon capture Purpose Configures the RMON 1 Packet Capture group. Format rmon capture index channel-index [full-action lock|wrap] [slice-size ] [download-slice-size ] [download-offset ] [max-octets ] [owner ] [status enable|disable] Mode Configure Description The Packet Capture group allows packets to be captured after they have flowed through a channel.
rmon capture slice-size Is a number between 0 and 2147483647 that is the maximum number of octets that will be saved in this capture buffer. The default is 100. download-slice-size Is a number between 0 and 2147483647 that is the maximum number of octets that will be returned in an SNMP retrieval. The default is 100. download-offset Is a number between 0 and 2147483647 that is the offset of the first octet of each packet that will be returned in an SNMP retrieval.
rmon channel rmon channel Purpose Configures the RMON 1 Filter Channel group. Format rmon channel index port [accept-type matched|failed] [datacontrol on|off] [turn-on-event-index ] [turn-off-event-index ] [event-index ] [channel-status ready|always-ready] [description ] [owner ] [status enable|disable] Mode Configure Description The Filter Channel group must be configured in order to configure the Filter group.
rmon channel failed Packets will be accepted only if they fail either the packet data match or the packet status match of each of the associated filters. data-control on|off Specifies the flow control of the data: on Implies data, status, and events flow through this channel. off Implies data, status, and events will not flow through this channel. turn-on-event-index Is a number between 0 and 65535 that identifies the event configured to turn the associated data control from off to on.
rmon channel Example To create an entry in the Filter Channel table: ssr(config)# rmon channel index 25 port et.1.
rmon clear cli-filter rmon clear cli-filter Purpose Clear the currently-selected CLI RMON filter. Format rmon clear cli-filter Mode Enable Description The rmon clear cli-filter command clears the CLI RMON filter that was applied with the rmon apply cli-filters command. Parameters None. Restrictions None.
rmon enable rmon enable Purpose Enables RMON. Format rmon enable Mode Configure Description When the SSR is booted, RMON is off by default. The rmon enable command turns RMON on. At least one of the Lite, Standard, or Professional RMON groups must be configured first before you can turn on RMON. Use the rmon set command to configure the Lite, Standard, or Professional RMON groups. To disable RMON, the rmon enable command must be negated.
rmon etherstats rmon etherstats Purpose Configures the RMON 1 Ethernet Statistics (Etherstats) group. Format rmon etherstats index port [owner ] [status enable|disable] Mode Configure Description The Etherstats group contains statistics for SSR ports. The rmon etherstats command sets various parameters of the RMON 1 Etherstats control table. If default tables were turned on for the Lite group, a entry is created in the Etherstats control table for each available port.
rmon etherstats Restrictions None. Example To create an entry in the Etherstats control table: ssr(config)# rmon etherstats index 10 port et.1.
rmon event rmon event Purpose Configures the RMON 1 Event group. Format rmon event index type none|log|trap|both [community ] [description ] [owner ] [status enable|disable] Mode Configure Description The Event group controls the generation and notification of events. The rmon event command sets various parameters of the RMON 1 Event control table. Use the rmon show event command to display the event data.
rmon event type none|log|trap|both Specifies what action to be taken when the event occurs. The action can be one of the following: none Causes no notification to be sent for the event. log Causes an entry for the event to be made in the log table for each event. trap Causes an SNMP trap to be sent to one or more management stations for the event. both Causes both an entry to be made in the log table and an SNMP trap to be sent to one or more management stations. Restrictions None.
rmon filter rmon filter Purpose Configures the RMON 1 Filter group. Format rmon filter index channel-index [data-offset ] [data ] [data-mask ] [data-not-mask ] [pkt-status ] [statusmask ] [status-not-mask ] [owner ] [status enable|disable] Mode Configure Description The Filter group allows packets to be matched on certain criteria. The rmon filter command sets various parameters of the RMON 1 Filter table.
rmon filter data-mask Is a string of up to 512 characters that is the mask that is applied to the match process. data-not-mask Is a string of up to 512 characters that is the inversion mask that is applied to the match process. pkt-status Is a number between 0 and 2147483647 that is the status that is to be matched with the input packet. status-mask Is a number between 0 and 2147483647 that is the mask that is applied to the status match process.
rmon history rmon history Purpose Configures the RMON 1 History group. Format rmon history index port [interval ] [owner ] [samples ] [status enable|disable] Mode Configure Description The RMON History group periodically records samples of variables and stores them for later retrieval. You use the rmon history command to specify the SSR port to collect data from, the number of samples, the sampling interval, and the owner.
rmon history samples Specifies the number of samples to be collected before wrapping counters. This value must be between 1 and 65535, inclusive. The default value is 50. status enable|disable Enables or disables this history control row. Restrictions None. Example To specify that port et.3.1 collect 60 samples at an interval of 30 seconds: ssr(config)# rmon history index 10 port et.3.
rmon hl-host rmon hl-host Purpose Configures the RMON 2 Application Layer and Network Layer Host groups. Format rmon hl-host index port nl-max-entries al-max-entries [owner ] [status enable|disable] Mode Configure Description The rmon hl-host command sets various parameters of the RMON 2 Application Layer and Network Layer Host groups.
rmon hl-host nl-max-entries Specifies the maximum number of network layer entries. The default is 1. al-max-entries Specifies the maximum number of application layer entries. The default is 1. owner Specifies the owner of the event; for example, an IP address, machine name or person’s name. status enable|disable Enables or disables this matrix. The default is enable. Restrictions None.
rmon hl-matrix rmon hl-matrix Purpose Configures the RMON 2 Application Layer Matrix and Network Layer Matrix groups. Format rmon hl-matrix index port nl-max-entries al-maxentries [owner ] [status enable|disable] Mode Configure Description The rmon hl-matrix command sets various parameters of the RMON 2 Application Layer Matrix and Network Layer Matrix groups.
rmon hl-matrix nl-max-entries Specifies the maximum number of network layer entries. The default is 1. al-max-entries Specifies the maximum number of application layer entries. The default is 1. owner Specifies the owner of the event; for example, an IP address, machine name or person’s name. status enable|disable Enables or disables this matrix. The default is enable. Restrictions None.
rmon host rmon host Purpose Configures the RMON 1 Host group. Format rmon host index port [owner ] [status enable|disable] Mode Configure Description The RMON 1 Host group captures L2 information from hosts coming in on a particular port. The rmon host command sets various parameters of the Host group. If default tables were turned on for the standard group, an entry is created in the Host control table for each available port.
rmon host Restrictions None. Example To create an entry in the Host control table: ssr(config)# rmon hosts index 20 port et.1.
rmon host-top-n rmon host-top-n Purpose Configures the RMON 1 HostTopN group. Format rmon host-top-n index host-index [base ] [duration
rmon host-top-n Specifies the type of statistic from which to collect data. Specify one of the following keywords: in-packets Gather top statistics according to In-Packets. out-packets Gather top statistics according to Out-Packets. in-octets Gather top statistics according to In-Octets. out-octets Gather top statistics according to Out-Octets. out-errors Gather top statistics according to Out-Errors. out-broadcastPkts Gather top statistics according to Out-BroadcastPkts.
rmon matrix rmon matrix Purpose Configures the RMON 1 Matrix group. Format rmon matrix index [port ] [owner ] [status enable|disable] Mode Configure Description The Matrix group captures L2 traffic on a particular port between two hosts (a source MAC and destination MAC address). The rmon matrix command sets various parameters of the RMON 1 Matrix control table.
rmon matrix Restrictions None. Example To create an entry in the Matrix control table: ssr(config)# rmon matrix index 25 port et.1.
rmon nl-matrix-top-n rmon nl-matrix-top-n Purpose Gathers the top n Network Layer Matrix entries. Format rmon nl-matrix-top-n index matrix-index ratebase terminalpackets|terminal-octets|all-packets|all-octets duration size [owner ] [status enable|disable] Mode Configure Description The rmon nl-matrix-top-n command gathers the top n Network Layer Matrix entries.
rmon nl-matrix-top-n all-octets Sort by all octets. duration Specifies the duration, in seconds, between reports. The default is 0. size Specifies the maximum number of matrix entries to include in the report. The default is 150. owner Specifies the owner of the event; for example, an IP address, machine name or person’s name. status enable|disable Enables or disables this matrix. The default is enable. Restrictions None.
rmon protocol-distribution rmon protocol-distribution Purpose Configures the RMON 2 Protocol Distribution group. Format rmon protocol-distribution index port [owner ] [status enable|disable] Mode Configure Description The Protocol Distribution group displays the packets and octets on a protocol and port basis. The rmon protocol-distribution command sets various parameters of the RMON 2 Protocol Distribution control table.
rmon protocol-distribution Restrictions None. Example To create an entry in the Protocol Distribution control table: ssr(config)# rmon protocol-distribution index 25 port et.1.
rmon set rmon set Purpose Configures the Lite, Standard, or Professional RMON groups. Format rmon set lite|standard|professional default-tables yes|no Mode Configure Description You can enable various levels of support (Lite, Standard, or Professional) for RMON groups on a specified set of ports.
rmon set • Address Map • Network Layer Host • Network Layer Matrix • Application Layer Host • Application Layer Matrix • User History • Probe Configuration A group can consist of a control table and a data table. A control table specifies the statistics to be collected. Each row in the control table specifies the entities for which data is collected, for example, physical ports. The data tables contain the statistics that are collected based on the control table information.
rmon set Example To configure the RMON Lite groups and create default control tables: ssr(config)# rmon set lite default-tables yes 718 SSR Command Line Interface Reference Manual
rmon set cli-filter rmon set cli-filter Purpose Defines filters that can be applied to certain RMON groups during a CLI session. Format rmon set cli-filter Mode Configure Description You can define filters that CLI users can apply to certain RMON groups. The filters you define are visible to all users that have a Telnet or Console session on the SSR. Each user has the choice of whether or not to apply a particular filter using the rmon apply clifilters command.
rmon set cli-filter Specifies the parameter on which the filter is set: src-mac Source MAC Address dst-mac Destination MAC Address inpkts In Packets inoctets In Octets outpkts out packets outoctets out Octets multicast Multicast packets broadcast Broadcast packets errors Errors The following operands can also be used: and AND or Or = Equal to < Less than <= Less than or equal to > Greater than >= Greater than or equal to != Not equal to ( Left bracket ) Right
rmon set cli-filter Example To configure an RMON CLI filter on a source MAC address of 123456:123456 and on input packets greater than 1000 and error packets greater than 10 or out packets less than 10000, use the following command: ssr(config)# rmon set cli-filter 3 src-mac 123456:123456 and ((inpkts > 1000 and errors > 10) or (outpkts < 10000)) SSR Command Line Interface Reference Manual 721
rmon set memory rmon set memory Purpose Increases the amount of memory allocated to RMON. Format rmon set memory Mode Enable Description RMON allocates memory depending on the number of ports enabled for RMON, the groups that have been configured (Lite, Standard, or Professional) and whether or not default tables have been turned on or off. You can dynamically allocate additional memory to RMON, if needed.
rmon set memory Example To show the amount of memory allocated to RMON: ssr# rmon show status To increase the amount of memory allocated to RMON: ssr# rmon set memory 32 SSR Command Line Interface Reference Manual 723
rmon set ports rmon set ports Purpose Enables RMON on one or more ports. Format rmon set ports |allports Mode Configure Description Since RMON uses many system resources, RMON can be enabled on a set of ports. Ports can be dynamically added and removed from the port list. For example, if default tables are turned on for the Lite group and port et.2.1 is then added to the port list, an entry for port et.2.1 is automatically created in the Etherstats and History control tables.
rmon set protocol-directory rmon set protocol-directory Purpose Specifies the protocol encapsulations that are managed with the Protocol Directory group. Format rmon set protocol-directory |all-protocols [address-map on|off|na] [host on|off|na] [matrix on|off|na] Mode Configure Description The rmon set protocol-directory command defines the protocols that are managed with RMON on the SSR.
rmon set protocol-directory Restrictions The Protocol Directory group is part of the RMON Professional group. To use the rmon set protocol-directory command you must enable the RMON Professional group with the rmon set professional command.
rmon show address-map rmon show address-map Purpose Displays MAC address to network address bindings for each protocol. Format rmon show address-map-logs |all-ports Mode Enable Description The rmon show address-map-logs command displays entries in the RMON 2 Address Map table. Entries in this table are created automatically when default tables are turned on for the Professional group. You can show address bindings for specific ports or for all ports.
rmon show address-map Example To display the address map log table for all ports: ssr# rmon show address-map-logs all-ports RMON II Address Map Control Table 1 2 Port ---et.5.1 et.5.1 et.5.1 et.5.1 et.5.5 et.5.5 et.5.5 et.5.5 et.5.1 et.5.1 macAdd -----00001D:CBA3FD 00001D:CBA3FD 00001D:CBA3FD 00001D:CBA3FD 00001D:CBA3FD 00001D:CBA3FD 080020:835CAA 080020:835CAA 0080C8:C172A6 0080C8:C172A6 3 4 nlAdd ----192.100.81.1 192.100.81.1 10.60.89.88 10.60.89.88 192.100.81.3 192.100.81.3 10.60.89.88 10.60.89.
rmon show al-host rmon show al-host Purpose Shows application layer traffic. Format rmon show al-host |all-ports [summary] Mode Enable Description The rmon show al-host command shows entries in the RMON 2 Application Layer Host table for one or more ports. Entries in this table are created automatically when default tables are turned on for the Professional group. If CLI filters have been applied, they will take effect when the Application Layer Host table is displayed.
rmon show al-host Restrictions This command is only available if you have configured the Professional group and control table entries exist for the specified port. Example To show Application Layer Host tables on all ports: ssr# rmon show al-host all-ports RMON II Application Layer Host Table Index: 500, Port: et.5.1, 2 Inserts: 9, 3 Address ------10.60.89.88 10.60.89.88 10.60.89.88 192.100.81.1 192.100.81.1 192.100.81.3 192.100.81.3 192.100.81.3 192.100.81.
rmon show al-host 5. Number of packets transmitted without errors from the network address for the protocol. 6. Number of octets transmitted without errors from the network address for the protocol. 7. The protocol, as specified in the RMON Protocol Directory for the SSR. Note that this shows the destination socket, as well as application/protocol information.
rmon show al-matrix rmon show al-matrix Purpose Shows application layer traffic between source and destination addresses. Format rmon show al-matrix |all-ports [order-by srcdst|dstsrc] [summary] Mode Enable Description The rmon show al-matrix command shows entries in the RMON 2 Application Layer Matrix table for one or more ports. Entries in this table are created automatically when default tables are turned on for the Professional group.
rmon show al-matrix Restrictions This command is only available if you have configured the Professional group and control table entries exist for the specified port. Example To show the Application Layer Matrix table for all ports:. ssr# rmon show al-matrix all-ports RMON II Application Layer Host Table Index: 500, Port: et.5.1, 2 Inserts: 10, 3 SrcAddr ------10.60.89.88 10.60.89.88 10.60.89.88 192.100.81.1 192.100.81.1 192.100.81.3 192.100.81.3 192.100.81.3 192.100.81.3 192.100.81.
rmon show al-matrix 734 4. Number of link layer packets transmitted from the source to the destination without errors for the protocol. 5. Number of octets transmitted from the source to the destination without errors for the protocol. 6. The protocol, as specified in the RMON Protocol Directory for the SSR.
rmon show al-matrix-top-n rmon show al-matrix-top-n Purpose Reports the top n Application Layer Matrix entries, sorted by a specific metric. Format rmon show al-matrix-top-n Mode Enable Description The rmon show al-matrix-top-n command shows entries in the RMON 2 Application Layer Matrix Top N table. Parameters None. Restrictions This command is only available if you have enabled the Professional RMON group and entries exist in the Application Layer Matrix Top N table.
rmon show al-matrix-top-n To show the top n entries in the Application Layer Matrix table, as specified by the previous command: ssr# rmon show al-matrix-top-n RMON II Al Matrix Table 1 2 3 4 Index M-Index RateBase 1 500 All-Packets 10 11 SrcAddr ------192.100.81.3 192.100.81.3 192.100.81.3 192.100.81.1 192.100.81.3 5 6 7 8 9 TimeRem Duration Size StartTime Reports Owner 14 20 5 00D 00H 50M 25S 1 Usama 12 13 DstAddr PktRate ------------10.60.89.88 21 10.60.89.88 21 10.60.89.88 21 192.100.81.
rmon show alarm rmon show alarm Purpose Displays configured alarms. Format rmon show alarm Mode Enable Description The rmon show alarm command displays the RMON Alarm table. Parameters None. Restrictions This command is only available if you have configured the Lite group.
rmon show channels rmon show channels Purpose Shows the contents of the Filter Channel table. Format rmon show channels Mode Enable Description The rmon show channels command displays the contents of the Filter Channel table. Parameters None. Restrictions This command is only available if you have configured the Standard group.
rmon show cli-filters rmon show cli-filters Purpose Displays previously-configured RMON CLI filters. Format rmon show cli-filters Mode User and Enable. Description The rmon show cli-filters command displays the RMON CLI filters that have been defined for use on the SSR. Use the rmon apply cli-filters command to apply a filter to your current Telnet or Console session. Parameters None. Restrictions None.
rmon show cli-filters Example To show RMON CLI filters that are defined on the SSR: ssr> rmon show cli-filters RMON CLI Filters 1 2 Id Filter ------1 (inpkts >= 0) 2 (inpkts >= 0 and outoctets >= 0) 3 srcmac 222222222222 and (outoctets >= 0) You have selected a filter: (inpkts >= 0) 3 Legend: 740 1. The filter ID. You use this value to apply a filter with the rmon apply cli-filters command. 2. The filter parameters that were specified with the rmon set cli-filter command. 3.
rmon show etherstats rmon show etherstats Purpose Displays Ethernet statistics for one or more ports. Format rmon show etherstats |all-ports Mode Enable Description The rmon show etherstats command displays entries in the Ethernet table for one or more ports. Entries in this table are created automatically when default tables are turned on for the Lite group. Parameters |all-ports The port(s) for which you want Ethernet statistics displayed.
rmon show etherstats Example To display Ethernet statistics on a specified port: ssr# rmon show etherstats et.5.1 RMON I Ethernet Statistics Table Index: 502, Port: et.5.1, Owner: monitor ----RMON EtherStats Total ------------------Octets 83616016 2 Unicast Frames 86185 3 Broadcast Frames 0 4 Multicast Frames 0 5 Collisions 0 6 64 Byte Frames 292 7 65-127 Byte Frames 16625 128-255 Byte Frames 6145 256-511 Byte Frames 4520 512-1023 Byte Frames 7992 1024-1518 Byte Frames 50611 1 Legend: 1.
rmon show events rmon show events Purpose Displays configured events and logs of triggered events. Format rmon show events Mode Enable Description The rmon show events command displays configured events and the logs, if any, of triggered events. Parameters None. Restrictions This command is only available if you have configured the Lite group.
rmon show events Example To show RMON events and logs: ssr# rmon show events RMON I Event table 1 2 3 Index Type Community 1 log public No event logs found Index Type Community 2 both private No event logs found 4 5 Description Log Only Owner Usama Description Log & Trap Owner Usama 6 Legend: 744 1. Index number that identifies this entry in the Event table. 2. Type of event: log, trap, or both log and trap. 3. Community string used for this event. 4.
rmon show filters rmon show filters Purpose Shows the contents of the Filters table. Format rmon show filters Mode Enable Description The rmon show filters command show the contents of the Filter table. Parameters None. Restrictions This command is only available if you have configured the Standard group.
rmon show history rmon show history Purpose Shows statistics over a period of time. Format rmon show history |all-ports Mode Enable Description The rmon show history command displays statistical samples that are stored in the RMON History group. Entries in this table are created automatically when default tables are turned on for the Lite group. Parameters |all-ports The port(s) for which the history is to be displayed.
rmon show history Example To display history information for a specific port: ssr# rmon show history et.5.1 RMON I History Table 1 2 3 Index Port 502 et.5.
rmon show host-top-n rmon show host-top-n Purpose Displays the top n hosts. Format rmon show host-top-n Mode Enable Description The rmon show host-top-n command displays a report of the top hosts for a specified statistic. Note that the Host Top N report runs once. To run the reports again via the CLI, the control row must be disabled and then enabled. If the report has already been run, the Time Remaining field is set to zero.
rmon show host-top-n To display the Host Top N report, as specified by the previous command: ssr# rmon show host-top-n RMON I HostTopN Table 1 2 3 4 Index HostIndex RateBase 1 500 Out-Octets 9 5 6 7 8 TimeRem Duration Buckets StartTime 0 20 5/5 00D 00H 39M 29S Owner Usama 10 Address ------0080C8:C172A6 00001D:CBA3FD Rate ---19911 0 Legend: 1. Index number that identifies this entry in the Host Top N control table. 2. Index number that identifies the Host control table entry. 3.
rmon show hosts rmon show hosts Purpose Shows statistics about the hosts discovered on the network. Format rmon show hosts |all-ports [summary] Mode Enable Description The rmon show hosts command displays entries in the Hosts table for one or more ports. Entries in this table are created automatically when default tables are turned on for the Standard group. If CLI filters have been applied, they will take effect when the Host table is displayed.
rmon show hosts Example To show host information for a specific port: ssr# rmon show hosts et.5.1 RMON I Host Table Index: 502, Port: et.5.1, Owner: monitor 2 3 Address ------00001D:CBA3FD 0080C8:C172A6 InPkts -----88917 62132 4 1 5 InOctets -------88436760 5095029 6 OutPkts ------62132 88920 7 OutOctets --------5 095029 88437062 8 Bcst ---0 0 Mcst ---0 0 Legend: 1. Host control table information for this port: Index: number that identifies the entry for this port in the table.
rmon show hosts To show a summary of host information: ssr# rmon show all-ports summary RMON I Host Table Summary 1 2 Index Data Rows ----- --------500 1 501 1 502 0 503 17 504 0 505 0 506 0 507 0 3 Port ---et.5.1 et.5.2 et.5.3 et.5.4 et.5.5 et.5.6 et.5.7 et.5.8 4 5 6 Status -----Up Up Down Up Down Down Down Down Mode ---Address Address Flow Flow Flow Flow Flow Flow Owner ----monitor monitor monitor monitor monitor monitor monitor monitor Legend: 752 1.
rmon show matrix rmon show matrix Purpose Shows statistics for source-destination address pairs. Format rmon show matrix |all-ports [summary] [order-by srcdst|dstsrc] Mode Enable Description The rmon show matrix command displays entries in the Matrix table. Entries in this table are automatically created when default tables are turned on for the Standard group. If CLI filters have been applied, they will take effect when the Matrix table is displayed.
rmon show matrix Example To show statistics for source-destination address pairs: ssr# rmon show matrix all-ports RMON I Matrix Table Port: et.5.1, Index: 500, 2 Owner: monitor 3 SrcAddr ------00001D:CBA3FD 0080C8:C172A6 1 4 5 DstAddr ------0080C8:C172A6 00001D:CBA3FD Port: et.5.5, Index: 504, Owner: monitor SrcAddr DstAddr ------------00001D:CBA3FD 080020:835CAA 080020:835CAA 00001D:CBA3FD Packets ------3 4 Packets ------3 2 Octets -----264 346 Octets -----246 164 Legend: 1.
rmon show matrix To show control row summary statistics: ssr# rmon show matrix all-ports summary RMON I Matrix Table Summary Index Data Rows Port Status Mode ------------- -----------500 0 et.1.1 Up Address 501 0 et.1.2 Down Address 502 0 et.1.3 Down Address 503 0 et.1.4 Up Address 504 0 et.1.5 Down Address 505 0 et.1.6 Down Address 506 0 et.1.7 Down Address 507 0 et.1.8 Up Address 508 0 gi.4.1 Up Address 509 0 gi.4.2 Up Address 510 0 et.7.1 Up Address 511 0 et.7.2 Down Address 512 0 et.7.
rmon show nl-host rmon show nl-host Purpose Shows the amount of traffic to and from each network address. Format rmon show nl-host |all-ports [summary] Mode Enable Description The rmon show nl-host command shows entries in the RMON 2 Network Layer Host table for one or more ports. Entries in this table are created automatically when default tables are turned on for the Professional group. If CLI filters have been applied, they will take effect when the Network Layer host table is displayed.
rmon show nl-host Example To display the network layer host table for all ports: ssr# rmon show nl-host all-ports RMON II Network Layer Host Table Index: 500, Port: et.5.1, 2 3 Address ------10.60.89.88 192.100.81.1 192.100.81.3 Inserts: 3, 4 InPkts -----1159 1 3 Deletes: 0, 5 InOctets -------952300 100 264 Index: 504, Port: et.5.5, Inserts: 2, Address InPkts InOctets ------------------10.60.89.88 3 246 192.100.81.
rmon show nl-matrix rmon show nl-matrix Purpose Shows information about the traffic between network address pairs. Format rmon show nl-matrix |all-ports [order-by srcdst|dstsrc] [summary] Mode Enable Description The rmon show nl-matrix command shows entries in the Network Layer Matrix table for one or more ports. Entries in this table are created automatically when default tables are turned on for the Professional group.
rmon show nl-matrix Restrictions This command is only available if you have configured the Professional group and control table entries exist for the specified port. Example To show the Network Layer Matrix table for all ports: ssr# rmon show nl-matrix all-ports RMON II Network Layer Matrix Table Index: 500, Port: et.5.1, 2 Inserts: 4, 3 SrcAddr ------10.60.89.88 192.100.81.1 192.100.81.3 192.100.81.3 DstAddr ------192.100.81.3 192.100.81.3 10.60.89.88 192.100.81.
rmon show nl-matrix-top-n rmon show nl-matrix-top-n Purpose Reports the top n Network Layer Matrix entries, sorted by a specific metric. Format rmon show nl-matrix-top-n Mode Enable Description The rmon show nl-matrix-top-n command shows entries in the RMON 2 Network Layer Matrix Top N table. Parameters None. Restrictions This command is only available if you have configured the Professional group and entries exist in the Network Layer Matrix Top N table.
rmon show nl-matrix-top-n To show the top n entries in the Network Layer Matrix table, as specified by the previous command: ssr# rmon show nl-matrix-top-n RMON II Nl Matrix Table 1 2 3 4 Index M-Index RateBase 1 500 Octets 10 5 11 SrcAddr ------192.100.81.3 192.100.81.1 192.100.81.3 10.60.89.88 6 7 8 9 TimeRem Duration Size StartTime Reports Owner 20 20 5 00D 00H 51M 37S 1 Usama DstAddr ------10.60.89.88 192.100.81.3 192.100.81.1 192.100.81.
rmon show packet-capture rmon show packet-capture Purpose Shows packets captured after flowing through a channel. Format rmon show packet-capture Mode Enable Description The rmon show packet-capture command shows the buffer table for captured packets. Before you use this command, first configure the Filter Channel group using the rmon channel index command.
rmon show probe-config rmon show probe-config Purpose Shows the configuration of the SSR for interaction with other RMON devices. Format probe-config [basic] [net-config] [trap-dest] Mode Enable Description The rmon show probe-config command shows entries in the RMON 2 Probe Configuration table. Parameters basic Shows basic probe configuration information. net-config Shows network configuration table. trap-dest Shows trap destination table.
rmon show protocol-directory rmon show protocol-directory Purpose Displays the protocols that the SSR can monitor with RMON. Format rmon show protocol-directory |all-protocols Mode Enable Description The rmon show protocol-directory command displays the protocol encapsulations that are defined in the RMON 2 Protocol Directory group for the SSR. Parameters |all-protocols The specific protocol encapsulation that is managed with the RMON 2 Protocol Directory group.
rmon show protocol-directory ssr# rmon show protocol-directory all-protocols RMON II Protocol Directory Table Last Change: 00D 00H 00M 00S Index AddrMap Host Matrix Status 1 Off Off Off Active 2 NA Off Off Active 3 NA Off Off Active 4 NA Off Off Active 5 NA Off Off Active 6 NA Off Off Active 7 NA Off Off Active 8 NA Off Off Active 9 NA Off Off Active 10 NA Off Off Active 11 NA Off Off Active 12 NA Off Off Active 13 NA Off Off Active 14 NA Off Off Active 15 NA Off Off Active Protocol ether2 idp ip-v4 chaos
rmon show protocol-distribution rmon show protocol-distribution Purpose Shows the octets and packets detected for different protocols on a network segment. Format rmon show protocol-distribution |all-ports Mode Enable Description The rmon show protocol-distribution command displays the RMON 2 Protocol Distribution table. This table contains a list of protocols, defined in the RMON 2 Protocol Directory, that are discovered by the SSR.
rmon show protocol-distribution : ssr(config)# rmon show protocol-distribution all-ports RMON II Protocol Distribution Table Index: 508, Pkts Octets ---- -----3312 304550 3312 304550 2459 234564 853 69986 853 69986 Port: gi.4.
rmon show status rmon show status Purpose Displays RMON status, groups, enabled ports, and memory utilization. Format rmon show status Mode Enable Description The rmon show status command shows whether RMON is enabled, the RMON groups that are configured, the ports on which RMON is enabled, and the memory allocated and used by RMON. Parameters None.
rmon show status Example To show RMON status: ssr# rmon show status RMON Status ----------* RMON is ENABLED 1 * RMON initialization successful. +--------------------------+ | RMON Group Status | +-------+--------+---------+ | Group | Status | Default | +-------+--------+---------+ | Lite | On | Yes | +-------+--------+---------+ | Std | On | Yes | +-------+--------+---------+ | Pro | On | Yes | +-------+--------+---------+ RMON is enabled on: et.5.1, 2 et.5.2, et.5.
rmon show user-history rmon show user-history Purpose Shows user-defined collection of historical information from MIB objects on the SSR. Format rmon show user-history Mode Enable Description The rmon show user-history command shows the User History table. Parameters None. Restrictions This command is only available if you have configured the Professional group.
rmon user-history-apply rmon user-history-apply Purpose Applies a specified group to the User History control table. Format rmon user-history-apply to Mode Configure Description The rmon user-history-apply command applies all objects in the group created with the rmon user-history-objects command to the row in the User History control table. If the number of objects specified in the control row is greater than those in the group, the remaining OIDs are set to 0.0.
rmon user-history-control rmon user-history-control Purpose Monitors a group of objects (OIDs) over a period of time. Format rmon user-history-control index objects samples interval [owner ] [status enable|disable] Mode Configure Description The rmon user-history-control command monitors the group of objects that are defined with the rmon user-history-objects command. This command creates an entry in the User History control table.
rmon user-history-control status enable|disable Enables or disables this matrix. The default is enable. Restrictions None.
rmon user-history-objects rmon user-history-objects Purpose Defines a group of objects (OIDs). Format rmon user-history-objects variable type absolute|delta [status enable|disable] Mode Configure Description The rmon user-history-objects command defines the group of objects that can be monitored with the rmon user-history-control command. This command creates a group with a single OID as a member of the group.
rmon user-history-objects Restrictions None.
rmon user-history-objects 776 SSR Command Line Interface Reference Manual
Chapter 49 save Command The save command saves the configuration changes you have entered during the current CLI session. You can save the configuration commands in the scratchpad to the active configuration, thus activating changes. You then can save the active changes to the Startup configuration. Format save active|startup Mode Configure Note: If you are in Enable mode, you still can save the active configuration changes to the Startup configuration file by entering the copy active to startup command.
Parameters active | startup Specifies the destination for the configuration commands you are saving. Restrictions None.
Chapter 50 sfs Commands The sfs commands set and display the following parameters: • Cabletron Discovery Protocol (CDP) parameters Command Summary Table 36 lists the port commands. The sections following the table describe the command syntax. Table 36.
sfs enable cdp-hello sfs enable cdp-hello Purpose Enabled the sending of CDP Hello packets. Format sfs enable cdp-hello |all-ports Mode Configure Description The sfs enable cdp-hello command enables the sending of CDP (Cabletron Discovery Protocol) Hello packets. These are special packets sent out periodically by the router to announce itself to other Cabletron devices or applications. CDP Hello packets can be enabled to be sent out to all available ports or selected ports only.
sfs enable cdp-hello To send CDP Hello packets on all ports: ssr(config)# sfs enable cdp-hello all-ports SSR Command Line Interface Reference Manual 781
sfs set cdp-hello transmit-frequency sfs set cdp-hello transmit-frequency Purpose Specify how often CDP Hello packets should be sent. Format sfs set cdp-hello transmit-frequency Mode Configure Description The sfs set cdp-hello transmit-frequency command specifies how often CDP Hello packets should be sent. The interval is specified in seconds. The default transmit frequency is one packet every 5 seconds.
sfs show cdp-hello port-status sfs show cdp-hello port-status Purpose Display CDP Hello status of a port. Format sfs show cdp-hello port-status |all-ports Mode Enable Description The sfs show cdp-hello port-status command displays CDP Hello information of SSR ports. Parameters |all-ports Specifies the ports for which you want to display information. The all-ports keyword displays the selected information for all the SSR ports. Restrictions None.
sfs show cdp-hello transmit-frequency sfs show cdp-hello transmit-frequency Purpose Display the transmit frequency of CDP Hello packets. Format sfs show cdp-hello transmit-frequency Mode Enable Description The sfs show cdp-hello transmit-frequency command display the transmit frequency of CDP Hello packets on the SSR. Parameters None. Restrictions None.
Chapter 51 show Command Purpose The show command displays the configuration of your running system. Format show Mode Configure Description The show command displays the configuration of your running system as well as any non-committed changes in the scratchpad. Each CLI command is preceded with a number. This number can be used with the negate command to negate one or more commands.
• If a particular command has been applied such that it can be expanded on additional interfaces/modules, then it is annotated with a “P”. For example, if you enable STP on all ports in the current system, but the SSR contains only one module, then that particular command will be extended to all modules when they have been added to the SSR. A command like stp enable et.*.* would be displayed as follows: P: stp enable et.*.* indicating that it is only partially applied.
have been displayed earlier when the command was first committed to the running system. This is the time when the error was first detected. ssr(config)# show ! ! Last modified from Console ! 1 : vlan create IP1 ip 2 : vlan create IP2 ip 3 : vlan create IP3 ip ! 4 : interface create ip ssr0 5 : interface create ip ssr1 6 : interface create ip ssr2 7E: interface create ip ssr3 on Fri Jan 15 10:33:30 1999 address-netmask address-netmask address-netmask address-netmask 10.1.13.1/24 vlan IP1 10.1.11.
Suppose you now hotswap module 1 out of the system meaning that neither of the ports you configured for this command line exist in the SSR. You will see an “error” indicator/annotation in the command line display as follows: E: vlan add ports et.1.1, et.2.1 to x Certain commands are always shown with a “partial” annotation in their configuration file command lines, as they are always able to be expanded.
Chapter 52 smarttrunk Commands The smarttrunk commands let you display and set parameters for SmartTRUNK ports. SmartTRUNK ports are groups of ports that have been logically combined to increase throughput and provide link redundancy. Command Summary Table 37 lists the smarttrunk commands. The sections following the table describe the command syntax. Table 37.
smarttrunk add ports smarttrunk add ports Purpose Adds physical ports to a SmartTRUNK. Format smarttrunk add ports to Mode Configure Description The smarttrunk add ports command allows you to add the ports specified in to a SmartTRUNK. The SmartTRUNK must already have been created with the smarttrunk create command. The ports in the SmartTRUNK must be set to full duplex. Parameters Is one or more ports to be added to an existing SmartTRUNK.
smarttrunk add ports Example To add ports et.1.1, et.1.2, and et.1.3 to SmartTRUNK st.1: ssr(config)# smarttrunk add ports et.1.(1-3) to st.
smarttrunk clear load-distribution smarttrunk clear load-distribution Purpose Clears load distribution statistics for ports in a SmartTRUNK. Format smarttrunk clear load-distribution | all-smarttrunks Mode Enable Description The smarttrunk clear load-distribution command is used in conjunction with the smarttrunk show distribution command, which gathers statistics for the transmitted bytes per second flowing through the SmartTRUNK and each port in it.
smarttrunk create smarttrunk create Purpose Creates a SmartTRUNK and specifies a control protocol for it. Format smarttrunk create protocol no-protocol|huntgroup Mode Configure Description The smarttrunk create command allows you to create a SmartTRUNK logical port. Once you have created a SmartTRUNK port, you add physical ports to it with the smarttrunk add ports command. SmartTRUNKs on the SSR are compatible with the DEC Hunt Groups control protocol.
smarttrunk create Hunt Group control protocol (that is, a device from a vendor other than Cabletron or DIGITAL). huntgroup Specifies that the DEC Hunt Group control protocol be used. Use this keyword if you are connecting the SmartTRUNK to another SSR, Cabletron switch, or Digital GIGAswitch/Router. Restrictions None. Example The following command creates a SmartTRUNK named st.1, using the DEC Hunt Group control protocol. ssr(config)# smarttrunk create st.
smarttrunk set load-policy smarttrunk set load-policy Purpose Specifies how traffic is distributed across the ports in a SmartTRUNK. Format smarttrunk set load-policy on |all-smarttrunks round-robin|link-utilization Mode Configure Description The smarttrunk set load-policy command lets you specify how a SmartTRUNK distributes traffic among its ports. There are two options: round-robin (the default) and link-utilization.
smarttrunk set load-policy Example To specify that SmartTRUNK st.1 distribute flows sequentially among its component ports: ssr(config)# smarttrunk set load-policy on st.
smarttrunk show smarttrunk show Purpose Displays information about SmartTRUNKs on the SSR Format smarttrunk show trunks smarttrunk show distribution|protocol-state|connections |allsmarttrunks Mode Enable Description The smarttrunk show command shows statistics about SmartTRUNKs on the SSR. Parameters trunks Shows information about all SmartTRUNKs, including active and inactive ports, and the control protocol used.
smarttrunk show Restrictions None. Examples To display information about all SmartTRUNKs on the SSR: ssr# smarttrunk show trunks Flags: D - Disabled I - Inactive SmartTRUNK Active Ports ---------- -----------st.1 Inactive Ports -------------et.3.(7-8) Primary Port -----------None Protocol -------None Load-Policy ----------RR Flags ----- To show how traffic is distributed across the ports on SmartTRUNK st.1: ssr# smarttrunk show distribution st.1 SmartTRUNK ---------st.1 st.1 st.
Chapter 53 snmp Commands The SNMP commands let you set and show SNMP parameters including SNMP community names and IP host targets for SNMP traps. Command Summary Table 38 lists the snmp commands. The sections following the table describe the command syntax. Table 38.
snmp disable trap snmp disable trap Purpose Disable specific SNMP trap types. Format snmp disable trap authentication|link-up-down Mode Configure Description The snmp disable trap command controls the types of traps the SSR emits based trap type. You can disable the following trap types: • Authentication – use the authentication keyword to prevent the SSR from sending a trap each time it receives an invalid community string or invalid Telnet password.
snmp set chassis-id snmp set chassis-id Purpose Set the SSR’s chassis ID using SNMP. Format snmp set chassis-id Mode Configure Description The snmp set chassis-id command lets you set a string to give the SSR an SNMP identity. Parameters Is a string describing the SSR. Restrictions None.
snmp set community snmp set community Purpose Set an SNMP community string and specify the access privileges for that string. Format snmp set community privilege read|read-write Mode Configure Description The snmp set community command sets a community string for SNMP access to the SSR. SNMP management stations that want to access the SSR must supply a community string that is set on the switch. This command also sets the level of access to the SSR to read-only or read-write.
snmp set community Example To set the SNMP community string to “public,” which has read-only access: ssr(config)# snmp set community public privilege read SSR Command Line Interface Reference Manual 803
snmp set target snmp set target Purpose Sets the target IP address and community string for SNMP traps. Format snmp set target community [status enable|disable] Mode Configure Description The snmp set target command specifies the IP address of the target server to which you want the SSR to send SNMP traps. Trap targets ar enabled by default but you can use the status argument to disable or re-enable a target.
snmp set target Restrictions None.
snmp show snmp show Purpose Shows SNMP information. Format snmp show access|all|chassis-id|community|statistics|trap Mode Enable Description The snmp show command shows the following SNMP information: • Community strings set on the SSR • SNMP Statistics • IP address of SNMP trap target server Parameters 806 access Displays the last five SNMP clients to access the SSR. all Displays all SNMP information (equivalent to specifying all the other keywords).
snmp show Restrictions None. Examples The following command displays a log of SNMP access to the SSR. The host that accessed the SSR and the SSR system time when the access occurred are listed. ssr(confg)# snmp show access SNMP Last 5 Clients: 10.15.1.2 Wed Feb 10.15.1.2 Wed Feb 10.15.1.2 Wed Feb 10.15.1.2 Wed Feb 10.15.1.
snmp stop snmp stop Purpose Stop SNMP access to the device. Format snmp stop Mode Configure Description The snmp stop command stops SNMP access to the SSR. The SSR will still finish all active requests but will then disregard future requests. When you issue this command, UDP port 161 is closed. Parameters None. Restrictions None.
Chapter 54 statistics Commands The statistics commands let you display statistics for various SSR features. You also can clear some statistics. Command Summary Table 39 lists the statistics commands. The sections following the table describe the command syntax. Table 39. statistics commands statistics clear port-errors | port-stats | rmon statistics show [] Note: Not all statistic types accept a port list.
statistics clear statistics clear Purpose Clear statistics. Format statistics clear Mode Enable Description The statistics clear command clears port statistics, error statistics, or RMON statistics. When you clear statistics, the SSR sets the counters for the cleared statistics to 0, then begins accumulating the statistics again. Parameters Type of statistics you want to clear.
statistics show statistics show Purpose Display statistics. Format statistics show Mode Enable Parameters The type of statistics you want to display. Specify one of the following. Some statistics options apply system-wide, while others apply only to the Control Module. System-wide statistics: port-errors Shows error statistics for ports. port-stats Shows normal (non-error) port statistics. rmon Shows RMON statistics.
statistics show input If specified following one of the three options listed above, displays only input statistics for that option. Both input and output statistics are displayed by default. output If specified following one of the three options listed above, displays only output statistics for that option. verbose Displays all statistics. Control-Module statistics: icmp Shows ICMP statistics. ip Shows IP statistics. ip-routing Shows IP unicast routing statistics. ipx Shows IPX statistics.
Chapter 55 stp Commands The stp commands let you display and change settings for the default Spanning Tree. Command Summary Table 40 lists the stp commands. The sections following the table describe the command syntax. Table 40.
stp enable port stp enable port Purpose Enable STP on one or more ports. Format stp enable port Mode Configure Description The stp enable port command enables STP on the specified ports. Parameters The ports on which you are enabling STP. You can specify a single port or a comma-separated list of ports. Example: et.1.3,et.(1-3).(4,6-8).
stp set bridging stp set bridging Purpose Set STP bridging parameters. Format stp set bridging [forward-delay ] [hello-time ] [max-age ] [priority ] Mode Configure Description The stp set bridging command lets you configure the following STP parameters: • Bridging priority • Hello time • Maximum age • Forward delay Parameters forward-delay Sets the STP forward delay for the SSR. The forward delay is measured in seconds. Specify a number from 4– 30. The default is 15.
stp set bridging Restrictions None.
stp set port stp set port Purpose Set STP port priority and port cost for ports. Format stp set port priority port-cost Mode Configure Description The stp set port command sets the STP priority and port cost for individual ports. Parameters port The port(s) for which you are setting STP parameters. You can specify a single port or a comma-separated list of ports. Example: et.1.3,et.(1-3).(4,6-8). priority The priority you are assigning to the port(s).
stp show bridging-info stp show bridging-info Purpose Display STP bridging information. Format stp show bridging-info Mode Enable Description The stp show bridging-info command displays STP bridging information for the SSR. Parameters None. Restrictions None.
Chapter 56 system Commands The system commands let you display and change system parameters. Command Summary Table 41 lists the system commands. The sections following the table describe the command syntax. Table 41.
Command Summary Table 41.
system hotswap system hotswap Purpose Activates or deactivates a line card. Format system hotswap out|in slot Mode Enable Description The system hotswap out command deactivates a line card in a specified slot on the SSR, causing it to go offline. The command performs the same function as if you had pressed the Hot Swap button on the line card. The system hotswap in command causes a line card that was deactivated with the system hotswap out command to go online again.
system hotswap Restrictions None.
system image add system image add Purpose Copy a system software image to the SSR. Format system image add [primary-cm] [backup-cm] Mode Enable Description The system image add command copies a system software image from a TFTP server into the PCMCIA flash card on the Control Module. By default, if the SSR has two Control Modules, the system software image is copied to both Control Modules.
system image add Example To download the software image file named img.tar.gz from the TFTP server 10.1.2.3: ssr# system image add tftp://10.1.2.3/images/img.tar.
system image choose system image choose Purpose Select a system software image file. Format system image choose Mode Enable Description The system image choose command specifies the system software image file on the PCMCIA flash card that you want the SSR to use the next time you reboot the system. Parameters The name of the system software image file. Restrictions None.
system image delete system image delete Purpose Deletes a system software image file from the PCMCIA flash card. Format system image delete Mode Enable Description The system image delete command deletes a system software image file from the PCMCIA flash card on the Control Module. Parameters The name of the system software image file you want to delete. Restrictions None.
system image list system image list Purpose Lists the system software image files on the PCMCIA flash card. Format system image list Mode Enable Description The system image list command lists the system software image files contained on the PCMCIA flash card on the Control Module. Parameters None. Restrictions None.
system kill telnet-session system kill telnet-session Purpose Kills a specified Telnet session. Format system kill telnet-session Mode Enable Description The system kill telnet-session command kills the Telnet session specified by the session ID. Use the system show users command to display the list of current Telnet users and session IDs. Parameters The Telnet connection slot number, which can be 0, 1, 2, or 3.
system kill telnet-session Example To show the active Telnet sessions. ssr# system show Current Terminal # Login ID - -------0 2 3 users User List: Mode ---enabled enabled login-prompt login-prompt From ---console 10.9.0.1 10.9.0.1 10.9.0.1 Login Timestamp --------------Thu Feb 25 13:07:411999 Thu Feb 25 13:07:591999 Then, to kill Telnet session 2: ssr# system kill telnet-session 2 Telnet session 2 (from 10.9.0.
system promimage upgrade system promimage upgrade Purpose Upgrades the boot PROM software on the Control Module. Format system promimage upgrade Mode Enable Description The system promimage upgrade command copies and installs a boot PROM software image from a TFTP server onto the internal memory on the Control Module. The boot PROM software image is loaded when you power on the SSR and in turn loads the system software image file.
system promimage upgrade Example The command in the following example downloads a boot PROM image file from the TFTP server 10.50.89.88. ssr# system promimage upgrade tftp://10.50.89.88/qa/prom-upgrade Downloading image ‘qa/prom-upgrade’ from host ‘10.50.89.88’ tftp complete checksum valid. Ready to program. flash found at 0xbfc00000 erasing... programming... verifying... programming successful. Programming complete.
system set bootprom system set bootprom Purpose Sets parameters for the boot PROM. Format system set bootprom netaddr netmask tftp-server [tftp-gateway ] Mode Configure Description The system set bootprom command sets parameters to aid in booting the SSR’s system software image remotely over the network. You can use this command to set the SSR’s IP address, subnet mask, TFTP boot server address, and gateway address.
system set bootprom Example The command in the following example configures the SSR to use IP address 10.50.88.2 to boot over the network from TFTP boot server 10.50.89.88. ssr(config)# system set bootprom netaddr 10.50.88.2 netmask 255.255.0.0 tftp-server 10.50.89.
system set contact system set contact Purpose Set the contact name and information for this SSR. Format system set contact Mode Configure Description The system set contact command sets the name and contact information for the network administrator responsible for this SSR. Parameters A string listing the name and contact information for the network administrator responsible for this SSR.
system set date system set date Purpose Set the system time and date. Format system set date year month day hour min second Mode Enable Description The system set date command sets the system time and date for the SSR. The SSR keeps the time in a battery-backed realtime clock. To display the time and date, enter the system show date command. Parameters year Four-digit number for the year. (Example: 1998) month Name of the month.
system set date Restrictions None.
system set daylight-saving system set daylight-saving Purpose Enable daylight saving for the local time zone. Format system set daylight-saving Mode Configure Description If daylight savings time is in effect in the local time zone, use the system set daylightsaving command to enable it on the SSR. When daylight savings time is in effect, an additional hour is subtracted from your UCT offset. This command may be required if you use NTP (Network Time Protocol) to synchronize the system’s real time clock.
system set daylight-saving When daylight savings time ends in the local time zone, disable it on the SSR with the following command: ssr(config)# no system set daylight-saving 838 SSR Command Line Interface Reference Manual
system set dns system set dns Purpose Configure the SSR to reach up to three DNS servers. Format system set dns server [“] [] [][“] domain Mode Configure Description The system set dns command configures the SSR to reach up to three DNS servers. You also can specify the domain name to use for each DNS query by SSR. Parameters [“] [] [][“] IP address of the DNS server. Specify the address in dotted-decimal notation.
system set dns Examples To configure a single DNS server and configure the SSR’s DNS domain name to “mrb.com”: ssr(config)# system set dns server 10.1.2.3 domain mrb.com To configure three DNS servers and configure the SSR’s DNS domain name to “mrb.com”: ssr(config)# system set dns server “10.1.2.3 10.2.10.12 10.3.4.5” domain mrb.
system set location system set location Purpose Set the system location. Format system set location Mode Configure Description The system set location command adds a string describing the location of the SSR. The system name and location can be accessed by SNMP managers. Parameters A string describing the location of the SSR. If the string contains blanks or commas, you must use quotation marks around the string. (Example: “Bldg C, network control room”.) Restrictions None.
system set login-banner system set login-banner Purpose Set the system login banner. Format system set login-banner |none Mode Configure Description The system set login-banner command configures the initial login banner that one sees when logging into the SSR. The banner may span multiple lines by adding line-feed characters in the string, “\n”. Parameters Is the text of the login banner for the SSR.
system set login-banner The next person to log into the SSR would see the following: Server network SSR Unauthorized Access Prohibited Press RETURN to activate console...
system set name system set name Purpose Set the system name. Format system set name Mode Configure Description The system set name command configures the name of the SSR. The SSR name will use the name as part of the command prompt. Parameters The hostname of the SSR. If the string contains blanks or commas, you must use quotation marks around the string. (Example: “Mega-Corp SSR #27”.) Restrictions None.
system set password system set password Purpose Set passwords for various CLI access modes. Format system set password |none Mode Configure Description The system set password command sets or changes the passwords for the Login and Enable access modes. Note: If a password is configured for the Enable mode, the SSR prompts for the password when you enter the enable command. Otherwise, the SSR displays a message advising you to configure an Enable password, then enters the Enable mode.
system set password Restrictions The SSR stores passwords in the Startup configuration file. If you copy a configuration file from one SSR to another, the passwords in the file also are copied and will be required on the new SSR.
system set poweron-selftest system set poweron-selftest Purpose Specify the type of Power-On-Self-Test (POST) to perform during system bootup. Format system set poweron-selftest [on|quick] Mode Configure Description The system set poweron-selftest command configures the type of Power-On-Self-Test (POST) the SSR should perform during the next system bootup. By default, no POST is performed during system bootup.
system set show-config system set show-config Purpose Specify how configuration commands should be displayed. Format system set show-config alphabetical Mode Configure Description The show and system show active-config commands normally display the configuration commands in the order that they are executed. The system set show-config command changes the way the configuration commands are shown. Parameters alphabetical Shows the configuration commands in alphabetical order. Restrictions None.
system set syslog system set syslog Purpose Identify a Syslog server to which the SSR can send Syslog messages Format system set syslog [server ] [level ] [facility ] [source ] [buffer-size ] Mode Configure Description The system set syslog command identifies the Syslog server to which the SSR should send system messages. You can control the type of messages to send as well as the facility under which the message is sent.
system set syslog error Logs fatal messages and error messages. warning Logs fatal messages, error messages, and warning messages. This is the default. info Logs all messages, including informational messages. Type of facility under which you want messages to be sent. By default, unless specified otherwise, messages are sent under facility local7.
system set syslog Example To log only fatal and error level messages to the syslog server on 10.1.43.77: ssr(config)# system set syslog server 10.1.43.
system set terminal system set terminal Purpose Sets global terminal parameters. Format system set terminal baud |columns |rows Mode Configure Description The system set terminal command globally sets parameters for a serial console’s baud rate, output columns, and output rows. Parameters baud Sets the baud rate.
system set terminal rows Sets the number of rows displayed at one time. Restrictions None. Example The command in the following example sets the baud rate, number of columns, and number of rows for the management terminal connected to the System Control module.
system set timezone system set timezone Purpose Sets time zone information or time offset. Format system set timezone | Mode Configure Description The system set timezone command sets the local time zone for the SSR. You can use one of the time zone keywords to specify the local time zone or specify the time offset in minutes. You must configure the time zone in order to use NTP (Network Time Protocol) to synchronize the SSR’s real time clock.
system set timezone uct-6 Central Standard Time (UCT -06:00) uct-5 Eastern Standard Time (UCT -05:00) uct-4 Caracas, La Paz (UCT -04:00) uct-3 Buenos Aires, Georgetown (UCT -03:00) uct-2 Mid-Atlantic (UCT -02:00) uct-1 Azores, Cape Verde Island (UCT -01:00) uct Greenwich, London, Dublin (UCT) uct+1 Berlin, Madrid, Paris (UCT +01:00) uct+2 Athens, Helsinki, Istanbul, Cairo (UCT +02:00) uct+3 Moscow, Nairobi, Riyadh (UCT +03:00) uct+4 Abu Dhabi, Kabul(UCT +05:00) uct+5 Pakistan (UCT +0
system show system show Purpose Show system information.
system show • Current Telnet sessions on the SSR • CPU and other resource usage Parameters System parameter you want to display. Specify one of the following: active-config Shows the active configuration of the system. bootlog Shows the contents of the boot log file, which contains all the system messages generated during bootup. bootprom Shows boot PROM parameters for TFTP downloading of the system image.
system show poweron-selftest-mode Shows the type of Power-On Self Test (POST) that should be performed, if any. scratchpad Shows the configuration changes in the scratchpad. These changes have not yet been activated. startup-config Shows the contents of the Startup configuration file. switching-fabric Shows the status of the switching fabric module. This command is valid only for the SSR 8600. syslog Shows the IP address of the SYSLOG server and the level of messages the SSR sends to the server.
Chapter 57 tacacs Commands The tacacs commands let you secure access to the SSR using the Terminal Access Controller Access Control System (TACACS) protocol. When TACACS authentication is activated on the SSR, the user is prompted for a password when he or she tries to access Enable mode. The SSR queries a TACACS server to see if the password is valid. If the password is valid, the user is granted access to Enable mode. Command Summary Table 42 lists the tacacs commands.
tacacs enable tacacs enable Purpose Enables TACACS authentication on the SSR. TACACS authentication is disabled by default on the SSR. Format tacacs enable Mode Configure Description The tacacs enable command starts TACACS authentication on the SSR. When you issue this command, the TACACS-related parameters set with tacacs set commands become active. Parameters None. Restrictions None. Example The following commands set TACACS-related parameters on the SSR.
tacacs set tacacs set Purpose Sets parameters for authenticating the SSR through a TACACS server. Format tacacs set host tacacs set [timeout ] [last-resort password|succeed] Mode Configure Description The tacacs set command allows you to set TACACS-related parameters on the SSR, including the IP addresses of up to five TACACS servers, how long to wait for the TACACS server to authenticate the user, and what to do if the TACACS server does not reply by a given time.
tacacs set Restrictions None. Example The following commands specify that hosts 137.72.5.9 and 137.72.5.41 are TACACS servers, and the SSR should wait no more than 30 seconds for a response from one of these servers. If a response from a TACACS server doesn’t arrive in 30 seconds, the user is prompted for the password that was set with the SSR system set password command. tacacs tacacs tacacs tacacs 862 set set set set host 137.72.5.9 host 137.72.5.
tacacs show tacacs show Purpose Displays information about TACACS configuration on the SSR. Format tacacs show stats|all Mode Enable Description The tacacs show command displays statistics and configuration parameters related to TACACS configuration on the SSR. The statistics displayed include: accepts Number of times each server responded and validated the user successfully.
tacacs show Example To display configuration parameters and TACACS server statistics: tacacs show all 864 SSR Command Line Interface Reference Manual
Chapter 58 tacacs-plus Commands The tacacs-plus commands let you secure access to the SSR using the TACACS Plus protocol. When a user logs in to the SSR or tries to access Enable mode, he or she is prompted for a password. If TACACS Plus authentication is enabled on the SSR, it will contact a TACACS Plus server to verify the user. If the user is verified, he or she is granted access to the SSR.
Command Summary Table 43.
tacacs-plus accounting command level tacacs-plus accounting command level Purpose Causes the specified types of commands to be logged to the TACACS Plus server. Format tacacs-plus accounting command level Mode Configure Description The tacacs-plus accounting command level command allows you specify the types of commands that are logged to the TACACS Plus server. The user ID and timestamp are also logged.
tacacs-plus accounting command level Example To cause Configure, Enable, and User mode commands to be logged on the TACACS Plus server: ssr(config)# tacacs-plus accounting command level 15 868 SSR Command Line Interface Reference Manual
tacacs-plus accounting shell tacacs-plus accounting shell Purpose Causes an entry to be logged on the TACACS Plus server when a shell is stopped or started on the SSR. Format tacacs-plus accounting shell start|stop|all Mode Configure Description The tacacs-plus accounting shell command allows you to track shell usage on the SSR. It causes an entry to be logged on the TACACS Plus server when a shell is started or stopped.
tacacs-plus accounting shell Example To cause an entry to be logged on the TACACS Plus server when a shell is either started or stopped on the SSR: ssr(config)# tacacs-plus accounting shell all 870 SSR Command Line Interface Reference Manual
tacacs-plus accounting snmp tacacs-plus accounting snmp Purpose Logs to the TACACS Plus server any changes made to the startup or active configuration via SNMP. Format tacacs-plus accounting snmp active|startup Mode Configure Description The tacacs-plus accounting snmp command allows you to track changes made to the active or startup configuration through SNMP. It causes an entry to be logged on the TACACS Plus server whenever a change is made to the ACL configuration.
tacacs-plus accounting system tacacs-plus accounting system Purpose Specifies the type(s) of messages to be logged on the TACACS Plus server. Format tacacs-plus accounting system fatal|error|warning|info Mode Configure Description The tacacs-plus accounting system command allows you to specify the types of messages that are logged on the TACACS Plus server. Parameters fatal Logs only fatal messages. error Logs fatal messages and error messages.
tacacs-plus accounting system Example To log only fatal and error messages on the TACACS Plus server: ssr(config)# tacacs-plus accounting system error SSR Command Line Interface Reference Manual 873
tacacs-plus authentication tacacs-plus authentication Purpose Causes TACACS Plus authentication to be performed at either the SSR login prompt or when the user tries to access Enable mode. Format tacacs-plus authentication login|enable Mode Configure Description The tacacs-plus authentication command allows you to specify when TACACS Plus authentication is performed: either when a user logs in to the SSR, or tries to access Enable mode. Parameters login Authenticates users at the SSR login prompt.
tacacs-plus enable tacacs-plus enable Purpose Enables TACACS Plus authentication on the SSR. TACACS Plus authentication is disabled by default on the SSR. Format tacacs-plus enable Mode Configure Description The tacacs-plus enable command causes TACACS Plus authentication to be activated on the SSR.
tacacs-plus enable Example The following commands set TACACS Plus-related parameters on the SSR. The commands are then activated with the tacacs-plus enable command: ssr(config)# ssr(config)# ssr(config)# ssr(config)# ssr(config)# 876 tacacs-plus tacacs-plus tacacs-plus tacacs-plus tacacs-plus set server 207.135.89.
tacacs-plus set tacacs-plus set Purpose Sets parameters for authenticating the SSR through a TACACS Plus server.
tacacs-plus set Restrictions None. Example The following commands specify that hosts 137.72.5.9 and 137.72.5.41 are TACACS Plus servers, and the SSR should wait no more than 30 seconds for a response from one of these servers. If a response from a TACACS Plus server doesn’t arrive in 30 seconds, the user is prompted for the password that was set with the SSR system set password command.
tacacs-plus show tacacs-plus show Purpose Displays information about TACACS Plus configuration on the SSR. Format tacacs-plus show stats|all Mode Enable Description The tacacs-plus show command displays statistics and configuration parameters related to TACACS Plus configuration on the SSR. The statistics displayed include: accepts Number of times each server responded and validated the user successfully.
tacacs-plus show Example To display configuration parameters and TACACS Plus server statistics: ssr# tacacs-plus show all 880 SSR Command Line Interface Reference Manual
Chapter 59 telnet Command The telnet command opens a Telnet session to the specified host. Format telnet [socket ] Mode User or Enable Description The telnet command allows you to open a Telnet session to the specified host. Parameters The host name or IP address of the remote computer that you want to access. socket The TCP port through which the Telnet session will be opened.
Restrictions None.
Chapter 60 traceroute Command The traceroute command traces the path a packet takes to reach a remote host. Format traceroute [max-ttl ] [probes ] [size ] [source ] [tos ] [wait-time ] [verbose] [noroute] Mode User Description The traceroute command traces the route taken by a packet to reach a remote IP host. The traceroute command examines the route taken by a packet traveling from a source to a destination. By default, the source of the packet is the SSR.
Parameters Hostname or IP address of the destination max-ttl Maximum number of gateways (“hops”) to trace probes Number of probes to send size Packet size of each probe source Hostname or IP address of the source tos Type of Service value in the probe packet wait-time Maximum time to wait for a response verbose Displays results in verbose mode noroute Ignores the routing table and sends a probe to a host on a directly attached network.
Chapter 61 vlan Commands The vlan commands let you perform the following tasks: • Create VLANs • List VLANs • Add ports to VLANs • Change the port membership of VLANs • Make a VLAN port either a trunk port or an access port Command Summary Table 44 lists the vlan commands. The sections following the table describe the command syntax. Table 44.
vlan add ports vlan add ports Purpose Adds ports to a VLAN. Format vlan add ports to Mode Configure Description The vlan add ports command adds ports to an existing VLAN. You do not need to specify the VLAN type when you add ports. You specify the VLAN type when you create the VLAN (using the vlan create command). Parameters The ports you are adding to the VLAN. You can specify a single port or a commaseparated list of ports. Example: et.1.3,et.(1-3).(4,6-8).
vlan create vlan create Purpose Creates a VLAN based on ports or protocol. Format vlan create id Mode Configure Description The vlan create command creates a VLAN definition. You can create a port-based VLAN or a protocol-based VLAN. Parameters Name of the VLAN. The VLAN name is a string up to 32 characters long. Note: The VLAN name cannot begin with an underscore ( _ ) or the word “SYS_”.
vlan create sna Create this VLAN for SNA traffic ipv6 Create this VLAN for IPv6 traffic bridged-protocols Create this VLAN for extended VLAN types (DEC, SNA, Appletalk, IPv6), and non-IP and non-IPX protocols Note: You can specify a combination of ip, ipx, appletalk, dec, sna, ipv6, and bridgedprotocols. If you specify any of the extended VLAN types (sna, dec, appletalk, ipv6) with the bridged-protocols option, then all the other extended VLAN types are removed from the VLAN.
vlan create • default • blackhole • reserved • learning • names starting with an underscore (_) or “sys_” Examples The following command creates a VLAN ‘blue’ for IP, SNA, non-IPX, non-DECnet, nonAppletalk, non-IPv6 protocols.
vlan make vlan make Purpose Configures the specified ports into either trunk or access ports. Format vlan make Mode Configure Description The vlan make command turns a port into a VLAN trunk or VLAN access port. A VLAN trunk port can forward traffic for multiple VLANs. Use trunk ports when you want to connect SSR switches together and send traffic for multiple VLANs on a single network segment connecting the switches. Parameters The port type.
vlan show vlan show Purpose Displays a list of all VLANs active on the SSR. Format vlan show Mode User or Enable Description The vlan show command lists all the VLANs that have been configured on the SSR. Parameters None. Restrictions None.
vlan show 892 SSR Command Line Interface Reference Manual
Chapter 62 web-cache Commands The web-cache commands allow you to transparently redirect HTTP request to a group of local cache servers. This feature can provide faster user responses and reduce demands for WAN bandwidth. Command Summary Table 45 lists the web-cache commands. The sections following the table describe the command syntax. Table 45.
web-cache apply interface web-cache apply interface Purpose Applies a caching policy to an interface. Format web-cache apply interface Mode Configure Description The web-cache apply command lets you apply a configured cache policy to an outbound interface to start the redirection. The interface to which the cache policy is applied is typically the interface that connects to the Internet. This command redirects outbound HTTP traffic to the cache servers.
web-cache apply interface Example To apply the caching policy ‘websrv1’ to the interface ‘inet2’: ssr(config)# web-cache websrv1 apply interface inet2 SSR Command Line Interface Reference Manual 895
web-cache clear web-cache clear Purpose Clears statistics for the specified caching policy. Format web-cache clear all|cache-name Mode Enable Description The web-cache clear command lets you clear statistics for all caching policies or for specified policies. Parameters all Clears statistics for all caching policies. cache-name Clears statistics for the specified caching policy. Restrictions None.
web-cache create bypass-list web-cache create bypass-list Purpose Defines the destination sites for which HTTP requests are not redirected to the cache servers, but sent direct. Format web-cache create bypass-list range |list |acl Mode Configure Description Certain web sites require authentication of source IP addresses for user access. Requests to these sites cannot be sent to the cache servers.
web-cache create bypass-list Restrictions None. Examples To specify the hosts 176.89.10.10 and 176.89.10.11 for the bypass list for the caching policy ‘websrv1’: ssr(config)# web-cache websrv1 create bypass-list list “176.89.10.10 176.89.10.
web-cache create server-list web-cache create server-list Purpose Defines the list of servers to be used for caching. Format web-cache create server-list range |list Mode Configure Description The web-cache create server-list command allows you to create a group of servers that are used for the specified caching policy. If there are multiple cache servers, load balancing is done based on the destination IP address.
web-cache create server-list Restrictions None. Examples To specify the server list ‘servers1’ for the caching policy ‘websrv1’: ssr(config)# web-cache websrv1 create server-list servers1 range “10.10.10.10 10.10.10.
web-cache permit|deny hosts web-cache permit|deny hosts Purpose Specifies the hosts whose HTTP requests are redirected to the cache servers.
web-cache permit|deny hosts Restrictions None. Examples To allow the HTTP requests of certain hosts to be redirected to the cache servers: ssr(config)# web-cache websrv1 permit hosts range “10.10.20.10 10.10.20.50” To specify that the HTTP requests of certain hosts not be redirected to the cache servers: ssr(config)# web-cache websrv1 deny hosts list “10.10.20.61 10.10.20.
web-cache set http-port web-cache set http-port Purpose Specifies the HTTP port used by a proxy server. Format web-cache set http-port Mode Configure Description Some networks use proxy servers that listen for HTTP requests on a non-standard port number. The SSR can be configured to redirect HTTP requests on a non-standard HTTP port. The web-cache set http-port command lets you specify the port number that is used by the proxy server for HTTP requests. The default is port 80.
web-cache set http-port Example To set the port number for HTTP requests: ssr(config)# web-cache websvr1 set http-port 100 904 SSR Command Line Interface Reference Manual
web-cache set round-robin web-cache set round-robin Purpose Specifies a list of destination IP addresses to be distributed across cache servers. Format web-cache set round-robin range |list Mode Configure Description The SSR determines the cache server to redirect an HTTP request, based on the destination IP address of the request.
web-cache set round-robin Example To specify destination IP addresses to be distributed across the caching policy ‘websvr1’ servers: ssr(config)# web-cache set round-robin list “176.20.20.10 176.20.50.
web-cache show web-cache show Purpose Displays information about caching policies. Format web-cache show [all] [cache-name |all] [servers cache |all] Mode Enable Description The web-cache show command allows you to display web caching information for specific caching policies or server lists. Parameters all Displays all web cache information for all caching policies and all server lists. cache-name |all Displays web cache information for the specified caching policy.
web-cache show Examples To display web cache information for a specific caching policy: ssr# web-cache show cache-name cache1 Cache Name : cache1 1 Applied Interfaces : ip1 2 Bypass list : none 3 HTTP Port : 80 4 5 6 ACL --deny207 12 13 Server ---- -s1 Access -----Permit Deny 7 Source IP/Mask -------------172.89.1.1/32 Dest. IP/Mask ------------207.135.0.0/16 8 9 10 11 SrcPort DstPort TOS Port --------- --------- --- ---any http 0 IP 14 Max con IP address ------- ---------2000 176.89.10.
web-cache show 13. The maximum number of connections that can be handled by each server in the server list. 14. The list or range of IP addresses of the servers in the server list. 15. The hosts (users) whose HTTP requests are redirected to the cache servers and the hosts whose HTTP requests are not redirected to the cache servers. If no permit command is specified, all HTTP requests are redirected to the cache servers.
web-cache show 910 SSR Command Line Interface Reference Manual
Appendix A RMON 2 Protocol Directory This appendix lists the protocol encapsulations that can be managed with the RMON 2 Protocol Directory group on the SSR. You can specify protocol encapsulations with the rmon set protocol-directory or rmon show protocol-directory commands. For example, ether2.ipx specifies IPX over Ethernet II, while *ether2.ipx specifies IPX over any link layer protocol. The protocol object IDs are defined in RFC 2074.
Protocol Encapsulation Protocol Identifier (Object ID) ether2.vecho 8.0.0.0.1.0.0.11.175.2.0.0 ether2.netbios-3com 8.0.0.0.1.0.0.60.0.2.0.0 ether2.dec 8.0.0.0.1.0.0.96.0.2.0.0 ether2.mop 8.0.0.0.1.0.0.96.1.2.0.0 ether2.mop2 8.0.0.0.1.0.0.96.2.2.0.0 ether2.drp 8.0.0.0.1.0.0.96.3.2.0.0 ether2.lat 8.0.0.0.1.0.0.96.4.2.0.0 ether2.dec-diag 8.0.0.0.1.0.0.96.5.2.0.0 ether2.lavc 8.0.0.0.1.0.0.96.7.2.0.0 ether2.rarp 8.0.0.0.1.0.0.128.53.2.0.0 ether2.atalk 8.0.0.0.1.0.0.128.155.2.0.0 ether2.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.igp 12.1.0.0.1.0.0.8.0.0.0.0.9.3.0.1.0 *ether2.ip-v4.bbn-rcc-mon 12.1.0.0.1.0.0.8.0.0.0.0.10.3.0.1.0 *ether2.ip-v4.nvp2 12.1.0.0.1.0.0.8.0.0.0.0.11.3.0.1.0 *ether2.ip-v4.pup 12.1.0.0.1.0.0.8.0.0.0.0.12.3.0.1.0 *ether2.ip-v4.argus 12.1.0.0.1.0.0.8.0.0.0.0.13.3.0.1.0 *ether2.ip-v4.emcon 12.1.0.0.1.0.0.8.0.0.0.0.14.3.0.1.0 *ether2.ip-v4.xnet 12.1.0.0.1.0.0.8.0.0.0.0.15.3.0.1.0 *ether2.ip-v4.chaos 12.1.0.0.1.0.0.8.0.0.0.0.16.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.tp-plus-plus 12.1.0.0.1.0.0.8.0.0.0.0.39.3.0.1.0 *ether2.ip-v4.il 12.1.0.0.1.0.0.8.0.0.0.0.40.3.0.1.0 *ether2.ip-v4.sip 12.1.0.0.1.0.0.8.0.0.0.0.41.3.0.1.0 *ether2.ip-v4.sdrp 12.1.0.0.1.0.0.8.0.0.0.0.42.3.0.1.0 *ether2.ip-v4.sip-sr 12.1.0.0.1.0.0.8.0.0.0.0.43.3.0.1.0 *ether2.ip-v4.sip-frag 12.1.0.0.1.0.0.8.0.0.0.0.44.3.0.1.0 *ether2.ip-v4.idrp 12.1.0.0.1.0.0.8.0.0.0.0.45.3.0.1.0 *ether2.ip-v4.rsvp 12.1.0.0.1.0.0.8.0.0.0.0.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.pvp 12.1.0.0.1.0.0.8.0.0.0.0.75.3.0.1.0 *ether2.ip-v4.br-sat-mon 12.1.0.0.1.0.0.8.0.0.0.0.76.3.0.1.0 *ether2.ip-v4.sun-nd 12.1.0.0.1.0.0.8.0.0.0.0.77.3.0.1.0 *ether2.ip-v4.wb-mon 12.1.0.0.1.0.0.8.0.0.0.0.78.3.0.1.0 *ether2.ip-v4.wb-expak 12.1.0.0.1.0.0.8.0.0.0.0.79.3.0.1.0 *ether2.ip-v4.iso-ip 12.1.0.0.1.0.0.8.0.0.0.0.80.3.0.1.0 *ether2.ip-v4.vmtp 12.1.0.0.1.0.0.8.0.0.0.0.81.3.0.1.0 *ether2.ip-v4.secure-mvtp 12.1.0.0.1.0.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ipx.nov-pep.nov-rip 16.1.0.0.1.0.0.129.55.0.0.0.0.0.0.4.83.4.0.0.0.0 *ether2.ipx.nov-pep.novnetbios 16.1.0.0.1.0.0.129.55.0.0.0.0.0.0.4.85.4.0.0.0.0 *ether2.ipx.nov-pep.nov-diag 16.1.0.0.1.0.0.129.55.0.0.0.0.0.0.4.86.4.0.0.0.0 *ether2.ipx.nov-pep.nov-sec 16.1.0.0.1.0.0.129.55.0.0.0.0.0.0.4.87.4.0.0.0.0 *ether2.ipx.nov-pep.smb 16.1.0.0.1.0.0.129.55.0.0.0.0.0.0.5.80.4.0.0.0.0 *ether2.ipx.nov-pep.smb2 16.1.0.0.1.0.0.129.55.0.0.0.0.0.0.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.tcp.systat 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.11.4.0.1.0.0 *ether2.ip-v4.tcp.daytime 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.13.4.0.1.0.0 *ether2.ip-v4.tcp.qotd 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.17.4.0.1.0.0 *ether2.ip-v4.tcp.msp 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.18.4.0.1.0.0 *ether2.ip-v4.tcp.chargen 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.19.4.0.1.0.0 *ether2.ip-v4.tcp.ftp-data 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.20.4.0.1.0.0 *ether2.ip-v4.tcp.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.tcp.priv-term 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.57.4.0.1.0.0 *ether2.ip-v4.tcp.xns-mail 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.58.4.0.1.0.0 *ether2.ip-v4.tcp.priv-file 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.59.4.0.1.0.0 *ether2.ip-v4.tcp.ni-mail 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.61.4.0.1.0.0 *ether2.ip-v4.tcp.acas 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.62.4.0.1.0.0 *ether2.ip-v4.tcp.covia 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.64.4.0.1.0.0 *ether2.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.tcp.mit-dov 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.91.4.0.1.0.0 *ether2.ip-v4.tcp.npp 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.92.4.0.1.0.0 *ether2.ip-v4.tcp.dcp 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.93.4.0.1.0.0 *ether2.ip-v4.tcp.objcall 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.94.4.0.1.0.0 *ether2.ip-v4.tcp.supdup 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.95.4.0.1.0.0 *ether2.ip-v4.tcp.dixie 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.96.4.0.1.0.0 *ether2.ip-v4.tcp.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.tcp.smakynet 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.122.4.0.1.0.0 *ether2.ip-v4.tcp.ansatrader 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.124.4.0.1.0.0 *ether2.ip-v4.tcp.locus-map 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.125.4.0.1.0.0 *ether2.ip-v4.tcp.unitary 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.126.4.0.1.0.0 *ether2.ip-v4.tcp.locus-con 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.127.4.0.1.0.0 *ether2.ip-v4.tcp.gss-xlicen 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.128.4.0.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.tcp.netsc-prod 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.154.4.0.1.0.0 *ether2.ip-v4.tcp.netsc-dev 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.155.4.0.1.0.0 *ether2.ip-v4.tcp.sqlsrv 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.156.4.0.1.0.0 *ether2.ip-v4.tcp.knet-cmp 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.157.4.0.1.0.0 *ether2.ip-v4.tcp.pcmail-srv 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.158.4.0.1.0.0 *ether2.ip-v4.tcp.nss-routing 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.159.4.0.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.tcp.kis 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.186.4.0.1.0.0 *ether2.ip-v4.tcp.aci 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.187.4.0.1.0.0 *ether2.ip-v4.tcp.mumps 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.188.4.0.1.0.0 *ether2.ip-v4.tcp.qft 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.189.4.0.1.0.0 *ether2.ip-v4.tcp.gacp 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.190.4.0.1.0.0 *ether2.ip-v4.tcp.prospero 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.191.4.0.1.0.0 *ether2.ip-v4.tcp.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.tcp.dbase 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.217.4.0.1.0.0 *ether2.ip-v4.tcp.mpp 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.218.4.0.1.0.0 *ether2.ip-v4.tcp.uarps 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.219.4.0.1.0.0 *ether2.ip-v4.tcp.imap3 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.220.4.0.1.0.0 *ether2.ip-v4.tcp.fln-spx 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.221.4.0.1.0.0 *ether2.ip-v4.tcp.rsh-spx 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.0.222.4.0.1.0.0 *ether2.ip-v4.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.tcp.oracl-vp2 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.7.16.4.0.1.0.0 *ether2.ip-v4.tcp.oracl-vp1 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.7.17.4.0.1.0.0 *ether2.ip-v4.tcp.ccmail 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.12.192.4.0.1.0.0 *ether2.ip-v4.tcp.xwin 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.23.112.4.0.1.0.0 *ether2.ip-v4.tcp.quake 16.1.0.0.1.0.0.8.0.0.0.0.6.0.0.101.144.4.0.1.0.0 UDP Applications *ether2.ip-v4.udp.echo 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.7.4.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.udp.xns-auth 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.56.4.0.1.0.0 *ether2.ip-v4.udp.priv-term 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.57.4.0.1.0.0 *ether2.ip-v4.udp.xns-mail 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.58.4.0.1.0.0 *ether2.ip-v4.udp.priv-file 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.59.4.0.1.0.0 *ether2.ip-v4.udp.ni-mail 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.61.4.0.1.0.0 *ether2.ip-v4.udp.bootps 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.67.4.0.1.0.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.udp.audionews 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.114.4.0.1.0.0 *ether2.ip-v4.udp.ansanotify 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.116.4.0.1.0.0 *ether2.ip-v4.udp.sqlserv 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.118.4.0.1.0.0 *ether2.ip-v4.udp.cfdptkt 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.120.4.0.1.0.0 *ether2.ip-v4.udp.erpc 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.121.4.0.1.0.0 *ether2.ip-v4.udp.smakynet 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.122.4.0.1.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.udp.netsc-prod 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.154.4.0.1.0.0 *ether2.ip-v4.udp.netsc-dev 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.155.4.0.1.0.0 *ether2.ip-v4.udp.nss-routing 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.159.4.0.1.0.0 *ether2.ip-v4.udp.sgmp-traps 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.160.4.0.1.0.0 *ether2.ip-v4.udp.snmp 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.161.4.0.1.0.0 *ether2.ip-v4.udp.snmptrap 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.162.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.udp.mumps 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.188.4.0.1.0.0 *ether2.ip-v4.udp.osu-nms 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.192.4.0.1.0.0 *ether2.ip-v4.udp.srmp 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.193.4.0.1.0.0 *ether2.ip-v4.udp.irc 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.194.4.0.1.0.0 *ether2.ip-v4.udp.dls 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.197.4.0.1.0.0 *ether2.ip-v4.udp.dls-mon 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.0.198.4.0.1.0.0 *ether2.
Protocol Encapsulation Protocol Identifier (Object ID) *ether2.ip-v4.udp.ldap 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.1.133.4.0.1.0.0 *ether2.ip-v4.udp.biff 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.2.0.4.0.1.0.0 *ether2.ip-v4.udp.who 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.2.1.4.0.1.0.0 *ether2.ip-v4.udp.syslog 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.2.2.4.0.1.0.0 *ether2.ip-v4.udp.ip-xns-rip 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.2.8.4.0.1.0.0 *ether2.ip-v4.udp.banyan-vip 16.1.0.0.1.0.0.8.0.0.0.0.17.0.0.2.61.4.0.1.0.0 *ether2.
SSR Command Line Interface Reference Manual
