SCE 1000 2xGBE Release 2.0.10 User Guide OL-7117-02 Corporate Headquarters C isco Sys te ms , Inc . 1 70 W es t Tas ma n D r i ve Sa n Jose , C A 9 513 4-1 706 USA h t t p : / /w w w .c i s c o .
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
CONTENTS Preface xi Audience xi Purpose xi Document Content xii Document Conventions xiii Related Publications xiii Obtaining Technical Assistance xiii Cisco TAC Website xiv Opening a TAC Case xiv TAC Case Priority Definitions xiv Regulatory Compliance and Safety Information xvii Regulatory Compliance xvii Industry EMC, Safety, and Environmental Standards xviii EC Declaration of Conformity xviii Federal Communications Commission (FCC) Compliance Notice: xix CSA NRTL (Canada) xix ULC (Canada) xix Regulatory
Contents Protective Earth Warning xxii Ground Conductor Warning xxii FCC Warning xxiii Restricted Area Warning (DC platform only) xxiii Wrist Strap Warning xxiii Power Disconnection Warning xxiii Power Supply Warning xxiii Power Supply Disconnection Warning xxiii Chassis Power Connection Warning (DC platform only) xxiv SELV Circuit Warning xxiv WAN Port Static Shock Warning xxiv Class 1/I Laser Product Warning xxiv Battery Handling Warning xxiv Fan Tray Removal Warning xxv Overview 1-1 The Cisco Service Co
Contents Topology 2-1 Issues to Be Considered 2-1 SCE Platform Configuration 2-2 Failure Detection Mechanism 2-2 Bypass Mechanism 2-2 Functionality 2-3 Physical Installation 2-3 Bump-in-the-Wire (Inline) Topology 2-4 External Splitting (Receive-only) Topology 2-4 Redundancy 2-5 Two Platforms on Parallel Links in Bump-in-the-Wire Topology 2-5 Failure and Recovery 2-6 Physical Installation 2-7 Redundancy 2-7 Maintaining the Network Links vs Maintaining SCE 1000 Platform Functionality 27 Topology-Related Para
Contents Tab Completion 3-14 FTP User Name and Password 3-14 CLI Scripts 3-15 Installation and Startup 4-1 Pre-Installation Requirements 4-1 Step 1: Unpacking 4-1 Step 2: Checking Shipping Contents 4-2 Step 3: Preparing to Install 4-2 Installation 4-6 Installation Precautions 4-7 Installing the SCE 1000 on a Workbench or Tabletop 4-7 Mounting the SCE 1000 in a Rack 4-8 Connecting to the Power Supply 4-13 Back Panel 4-14 Attaching a Chassis Ground Connection 4-15 Connecting the AC Power Supply Cable 4-17 Co
Contents Connecting the FE Management Port 4-46 Connecting the line ports to the network 4-48 Bump-in-the-Wire (Inline) Topology 4-49 External Optical Splitter (Receive-only) Topology 4-49 Configuring the GBE Interface Parameters 4-50 Testing Connectivity: Examining Link LEDs and Counters 4-53 Loading and Activating a Service Control Application 4-55 Final Tests 4-55 Verifying Operational Status 4-55 Viewing the User Log 4-56 Configuration and Management 5-1 Setup Utility 5-1 Multiple entry parameters (Lis
Contents Telnet Interface 6-5 SNMP Interface 6-6 IP Configuration 6-7 IP Routing Table 6-7 IP Advertising 6-9 Time Clocks and Time Zone 6-11 Showing System Time 6-11 Showing Calendar Time 6-11 Setting the Clock 6-12 Setting the Calendar 6-12 Setting the Time Zone 6-13 Removing Current Time Zone Setting 6-13 SNTP 6-13 Enabling SNTP multicast client 6-14 Disabling SNTP multicast client 6-14 Enabling SNTP unicast client 6-14 Disabling SNTP unicast client 6-15 Defining the SNTP unicast update interval 6-15 Dis
Contents SNMP Configuration and Management 6-31 SNMP Protocol 6-31 Configuration via SNMP 6-32 Security Considerations 6-32 SNMP Community Strings 6-33 Traps 6-34 CLI 6-38 MIBs 6-39 MIB-II 6-39 Cisco Enterprise MIB 6-40 Failure Recovery Mode 6-41 Entering FastEthernet (Management) Interface Configuration Mode 6-42 Management Interface Configuration Mode 6-43 Configuring the Management Interface Speed and Duplex Parameters 6-43 Entering LineCard Interface Configuration Mode 6-44 Configuring Applications 6-4
Contents Line Gigabit Ethernet Interfaces 7-15 Entering GigabitEthernet Line Interface Configuration Mode 7-16 Configuring GigabitEthernet Auto-Negotiation 7-16 Managing Subscribers 8-1 Subscriber Overview 8-1 Subscriber Modes in Service Control Solutions 8-3 Aging Subscribers 8-4 Anonymous Groups and Subscriber Templates 8-5 Subscriber Files 8-5 Importing/Exporting Subscriber Information 8-6 Importing/Exporting Subscribers 8-7 Importing/Exporting Anonymous Groups 8-7 Importing/Exporting Subscriber Templat
Contents Managing Attack Filtering 9-12 Preventing Attack Filtering 9-13 Forcing Attack Filtering 9-13 Monitoring Attack Filtering 9-14 Troubleshooting 10-1 Document Conventions 10-1 Front Panel LEDs 10-2 Management Link 10-5 RDR Reports 10-6 GBE Interfaces Connectivity 10-10 Software Package Installation 10-12 User Log 10-14 Maintenance 11-1 Replacing the Battery 11-1 Replacing the Fan Module 11-2 Replacing the Power Module 11-3 CLI Command Reference A-1 Proprietary MIB Reference B-1 Glossary of Terms 1 I
Preface This guide contains instructions on how to install and run the SCE 1000 Platform. This guide assumes a basic familiarity with telecommunications equipment and installation procedures. Throughout the book, the procedures shown are examples of how to perform typical SCE platform management functions. Because of the large number of functions available, not every possible procedure is documented in the instructional chapters.
Preface Document Content Document Content This manual covers the following topics: Regulatory Compliance and Safety Information contains a list of the warnings and regulations applicable to the SCE Platform. Chapter 1: Overview provides a general overview of the Service Control Solution and the SCE 1000 Platform. Chapter 2: Topology describes the possible deployment topologies of the SCE 1000 and explains how various aspects of the topology determine the configuration of the system.
Preface Document Conventions Document Conventions The following typographic conventions are used in this guide: Typeface or Symbol Meaning Italics References, new terms, field names, and placeholders. Bold Names of menus, options, and command buttons. Courier System output shown on the computer screen in the Telnet session. Courier Bold CLI code typed in by the user in examples. Courier Italic Required parameters for CLI code. [italic in brackets] Optional parameters for CLI code. Note.
Preface Obtaining Technical Assistance Cisco TAC Website The Cisco TAC website (http://www.cisco.com/tac (http://www.cisco.com/tac)) provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year. Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password.
Preface Obtaining Technical Assistance • Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations. SCE 1000 2xGBE Release 2.0.
Regulatory Compliance and Safety Information This chapter provides international agency compliance, safety, and statutory information concerning the SCE 1000. It also summarizes and highlights all of the safety warnings associated with handling, installing and operating the SCE 1000.
Regulatory Compliance and Safety Information Industry EMC, Safety, and Environmental Standards [1] CE = Committee European [2] CSA = Canadian Standards Association [3] EN = European Norm [4] IEC = International Electrotechnical Commission [5] EMC = electromagnetic compatibility [6] FCC = Federal Communications Commission [7] ICES = Interference-Causing Equipment Standard Industry EMC, Safety, and Environmental Standards The SCE 1000 conforms to the following list of industry EMC, safety, and environmental
Regulatory Compliance and Safety Information Federal Communications Commission (FCC) Compliance Notice: Federal Communications Commission (FCC) Compliance Notice: This equipment complies with the limits for digital devices, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy.
Regulatory Compliance and Safety Information Warning Definition Statement Symbol Icon Instructions and warning Description Warning sign and/or intent to alert the user to the presence of important operating and maintenance (servicing) instructions in the product documentation. Warning Definition Statement Warning: This warning symbol means danger. You are in a situation that could cause bodily injury.
Regulatory Compliance and Safety Information Warning Definition Statement • Fan Tray Removal Warning (on page xxv) Installation Warnings Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Warning: Read the installation instructions before you connect the system to its power source. Product Disposal Warning Warning: Ultimate disposal of this product should be handled according to all national laws and regulations.
Regulatory Compliance and Safety Information Warning Definition Statement The colors of the cores in the main leads may not correspond with the colored markings identifying the terminals in the plug if power supply cord rewiring is required. Following are the colors of the main leads of this equipment: • The green and yellow colored core must be connected to the terminal in the plug, which is marked with the letter E or by the earth symbol, or colored green and yellow.
Regulatory Compliance and Safety Information Warning Definition Statement FCC Warning Note: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
Regulatory Compliance and Safety Information Warning Definition Statement Warning: This unit may have more than one power supply cord. Disconnect all power supply cords before servicing to avoid electric shock. Chassis Power Connection Warning (DC platform only) Warning: Before connecting or disconnecting ground or power wires to the chassis, ensure that power is removed from the DC circuit.
Regulatory Compliance and Safety Information Warning Definition Statement Fan Tray Removal Warning Warning: When removing the fan drawer, keep hands and fingers away from the spinning fan blades. Let the fan blades stop completely before removing the fan drawer. SCE 1000 2xGBE Release 2.0.
CHAPTER 1 Overview This chapter provides a general overview of the Cisco Service Control solution. It introduces the Cisco Service Control concept and the Service Control capabilities. It also briefly describes the hardware capabilities of the SCE Platform, as well as the Cisco specific applications that together compose the total Cisco Service Control solution.
Chapter 1 Overview The Cisco Service Control Concept Service Control for Wireless Service Providers Wireless Service Providers are successfully rolling out 2.5G and 3G-based data services to their subscribers. These services are expected to significantly increase much needed Average Revenue Per User (ARPU) for sustained business models and rapid rollout of new services. These data services require new ways of service offering and new ways of billing these services to the subscribers.
Chapter 1 Overview Service Control Capabilities Service Control Capabilities At the core of the Cisco Service Control Platform stands the purpose-built network hardware device: the Service Control Engine (SCE). Implementing a complete Service Control solution requires that the Service Control Engine provide certain functionalities and capabilities.
Chapter 1 Overview The SCE Platform The SCE Platform The Service Control Engine family of programmable network devices is capable of performing stateful flow inspection of IP traffic, and controlling that traffic based on configurable rules. The Service Control Engine is a purpose-built network device making use of ASIC components and RISC processors to go beyond packet counting and delve deeper into the contents of network traffic.
Chapter 1 Overview Management and Collection Management and Collection The Service Control solution includes a complete management infrastructure that provides the following management components to manage all aspects of the Service Control solutions: • Network management • Subscriber management • Service Control Management These management interfaces are designed to comply with common management standards and to easily integrate with existing OSS infrastructure.
Chapter 1 Overview Cisco Service Control Specific Solutions Subscriber Management The smartSUB Manager (SM) is a middleware software component used for bridging between the OSS and the SCE Platform(s). Subscriber information is stored in the SM database and can then be distributed between multiple devices according to actual subscriber placement. The SM provides subscriber awareness, mapping network IDs to subscriber IDs.
Chapter 1 Overview Cisco Service Control Specific Solutions Service Control Application Suite for Broadband The Service Control Application Suite for Broadband allows service providers to detect complex and evasive network application protocols (such as P2P), and to control them as per their business and service delivery requirements. It also enables the creation of differentiated tiered services that the service provider uses to boost revenues and provide competitive services to end customers.
CHAPTER 2 Topology This chapter describes the possible deployment topologies of the SCE 1000. The Cisco SCE solution offers a number of basic topology options that permit the user to tailor the SCE Platform to fit the needs of a particular installation. An understanding of the various issues and options is crucial to designing, deploying, and configuring the topology that best meets the requirements of the individual system.
Chapter 2 Topology Issues to Be Considered SCE Platform Configuration There are four topology-related parameters: • Connection mode: Can be Inline or Receive-only, depending on the physical installation of the SCE 1000: May be configured via either the setup command or the connection-mode command. • Bypass mode when the SCE 1000 is not operational (on-failure): This parameter determines whether the system cuts the traffic or bypasses it when the SCE 1000 has failed.
Chapter 2 Topology Functionality • Forwarding: This is the normal operational mode, in which the SCE 1000 processes the traffic for monitoring and control purposes. • Sniffing: The bypass mechanism preserves the network link, while in parallel allowing the SCE 1000 to process the traffic for monitoring only. • Cutoff: There is no forwarding of traffic, and the physical link is forced down (cutoff functionality at layer 1).
Chapter 2 Topology Physical Installation Bump-in-the-Wire (Inline) Topology Typically, the SCE 1000 is connected on a full duplex line between two devices (Router, BRAS, etc.). When the SCE 1000 is installed as a bump-in-the-wire, it physically resides on the data link between the subscriber side and the network side, and can both receive and transmit traffic. Figure 2-1: Bump-in-the-Wire Installation A bump-in-the-wire installation is referred to as inline connection mode.
Chapter 2 Topology Redundancy An external splitting installation is referred to as receive-only connection mode. Note that in an external splitting installation, the SCE 1000 has only traffic monitoring capabilities. Note Receive-only topologies can also be implemented using a switch. Such a switch must support SPAN functionality that includes separation between ingress and egress traffic and multiple SPAN-ports destinations.
Chapter 2 Topology Failure and Recovery The above figure represents the SCE 1000 redundant topology. It is applicable as an overlay to a customer’s redundant topology, on condition that the entire traffic of a specific subscriber (end station, subnet or VLAN) is flowing through one link only. Both links may be active, providing that the subscriber traffic is mutually exclusive. This redundancy solution addresses any failure in the SCE 1000 Platform itself.
Chapter 2 Topology Topology-Related Parameters • Relative importance of maintaining connectivity vs. the continuity of the value-added services that the SCE 1000 enables. Physical Installation In a link connection via an external optical splitter, SCE 1000 failure does not affect traffic flow, which continues through the external optical splitter.
Chapter 2 Topology Topology-Related Parameters Connection Mode Parameter The connection mode parameter refers directly to the physical topology in which the SCE 1000 is installed. Installation is possible in either of the two following modes: Note • Inline: The SCE 1000 resides on the data link between the subscriber side and the network side, thus both receiving and transmitting packets. • Receive-only: The SCE 1000 does not reside physically on the data link.
Chapter 2 Topology Topology-Related Parameters Link Failure Reflection Parameter The link failure reflection refers to the behavior of the SCE 1000 when one of the data links fails. Some network redundant topologies require a layer 1 cutoff in order for the network element to recognize the link failure and translate it into action (switch to redundant link). In this case, if one of the ports fails, it must be reflected to the other port as well.
Chapter 2 Topology Topology-Related Parameters Table 2-1 Topology Configuration Summary Table Description Connection mode On-failure link bypass mode Admin status after abnormal boot Link connection via external switch with port-mirroring Receive-only Bypass Operational Bump-in-the-wire, monitor and control, not redundant Inline Bypass Operational Bump-in-the-wire, monitor only, not redundant Inline Bypass Operational Bump-in-the-wire, monitor and control, redundant Inline Cutoff Ope
CHAPTER 3 Command Line Interface This chapter describes how to use the SCE 1000 Command Line Interface (CLI), its hierarchical structure, authorization levels and its help features. The Command Line Interface (CLI) is one of the SCE 1000 Platform management interfaces. The remainder of this manual describes how to manage the SCE 1000 Platform using the Command Line Interface (CLI). The CLI is accessed through a Telnet session or directly via the console port on the front panel of the SCE 1000.
Chapter 3 Command Line Interface Authorization and Command Levels (Hierarchy) • Command Hierarchy Level: Provides you with a context for initiating commands. Commands are broken down into categories and you can only execute each command within the context of its category. For example, in order to configure parameters related to the Line Card, you need to be within the LineCard Interface Configuration Mode. See CLI Command Hierarchy.
Chapter 3 Command Line Interface Authorization and Command Levels (Hierarchy) Table 3-1 Authorization Levels Level Description Value Prompt User Password required. This level enables basic operational functionality. 0 > Admin Password required. For use by general administrators, the Admin authorization level enables configuration and management of the SCE 1000. 10 # Root Password required.
Chapter 3 Command Line Interface Authorization and Command Levels (Hierarchy) CLI Command Hierarchy The set of all CLI commands is grouped in hierarchical order, according to the type of the commands. The first two levels in the hierarchy are the User Exec and the Privileged Exec modes. These are non-configuration modes in which the set of available commands enables the monitoring of the SCE 1000, file system operations, and other operations that cannot alter the configuration of the SCE 1000.
Chapter 3 Command Line Interface Authorization and Command Levels (Hierarchy) When you login to the system, you have the User authorization level and enter User Exec mode. Changing the authorization level to Admin automatically moves you to Privileged Exec mode. In order to move to any of the configuration modes, you need to enter commands specific to that mode. The list of available commands in each mode can be viewed using the question mark ‘?’ at the end of the prompt.
Chapter 3 Command Line Interface Authorization and Command Levels (Hierarchy) To move from one interface configuration mode to another you must exit the current interface configuration mode (as illustrated in the above figure). Note Although the system supports up to five concurrent Telnet connections, you cannot configure them separately. This means that any number you enter in the line vty command (0, 1, 2, 3 or 4) will act as a 0 and configure all five connections together.
Chapter 3 Command Line Interface Authorization and Command Levels (Hierarchy) The LineCard interface configures the main functionality of viewing and handling traffic on the line. • Fast Ethernet Management: Interface FastEthernet 0/0 The FastEthernet Management Interface configures the settings for the interface to other network elements within the system. This interface should be connected to the internal Ethernet within the operator’s site.
Chapter 3 Command Line Interface Authorization and Command Levels (Hierarchy) To return to the Global Configuration mode: Step 1 Type exit. Entering LineCard Interface Configuration Mode The following procedure is for entering Line Card Interface Configuration mode. The procedures for entering the other interfaces are the same except for the interface command as described above and in CLI Command Reference (on page A-1).
Chapter 3 Command Line Interface Authorization and Command Levels (Hierarchy) EXAMPLE: The following example shows how to enter Configuration Mode for the GigabitEthernet Interface number 2. SCE 1000(config)#interface GigabitEthernet 0/2 SCE 1000(config if)# Navigating between the Interface Configuration Modes To navigate from one Interface Configuration Mode to another: Step 1 Type exit. You are returned to the Global Configuration Mode.
Chapter 3 Command Line Interface Authorization and Command Levels (Hierarchy) Exiting from any configuration mode and revert to the previous mode is done in the same manner, as in the following procedure. To exit from the Global Configuration Mode: Step 1 At the SCE 1000(config)# prompt, type exit, and press Enter. The appropriate prompt for the previous level appears. EXAMPLE: The following example shows the system response when you exit the Interface Configuration mode.
Chapter 3 Command Line Interface CLI Help Features Command hierarchy levels are indicated as follows: This command hierarchy... Is indicated as...
Chapter 3 Command Line Interface CLI Help Features EXAMPLE: The following example illustrates how to get a list of all arguments or keywords expected after the command snmp-server. SCE 1000(config)#snmp-server ? Community Define community string Contact Set system contact Enable Enable the SNMP agent Host Set traps destination Location Set system location SCE 1000(config)# When asking for help on particular parameter, the system informs you of the type of data that is an accepted legal value.
Chapter 3 Command Line Interface Navigational and Shortcut Features Navigational and Shortcut Features Command History CLI maintains a history buffer of the most recent commands you used in the current CLI session for quick retrieval. Using the keyboard, you can navigate through your last commands, one by one, or all commands that start with a given prefix. By default, the system saves the last 30 commands you typed. You can change the number of commands remembered using the history size command.
Chapter 3 Command Line Interface Navigational and Shortcut Features Shortcut Key Description CTRL-X Deletes all characters from the cursor to the beginning of the line. (Same functionality as CTRL-U.) CTRL-W Delete the word to the left of the cursor. CTRL-Y Recall the last item deleted. Completes the word when there is only one possible completion. CTRL-I Completes the word when there is only one possible completion. (Same functionality as CTRL-I.
Chapter 3 Command Line Interface CLI Scripts CLI Scripts The CLI scripts feature allows you to record several CLI commands together as a script and play it back. This is useful for saving repeatable sequence of commands , such as software upgrade. For example, if you are configuring a group of SCE 1000s and you want to run the same configuration commands on each SCE 1000, you could create a script on one SCE 1000 and run it on all the other SCE 1000s.
CHAPTER 4 Installation and Startup This chapter guides you through the process of installing and starting the SCE 1000. The installation process should be performed in the order described in this chapter.
Chapter 4 Installation and Startup Pre-Installation Requirements Step 2: Checking Shipping Contents After opening the SCE 1000, verify that all the parts on the packing list are included.
Chapter 4 Installation and Startup Pre-Installation Requirements SCE 1000 Dimensions The dimensions of the SCE 1000 are displayed in the following figure. The following table, SCE 1000 Dimensions, contains the SCE 1000 dimension measurements. Figure 4-1: SCE 1000 Dimensions Table 4-1 SCE 1000 Dimensions Dimension Measurement Height 3.47 inches (9.5 cm) Width 17.4 inches (4.43 cm) Depth 18 inches (4.
Chapter 4 Installation and Startup Pre-Installation Requirements The environmental monitoring functionality in the SCE 1000 protects the system and components from potential damage from over-voltage and over-temperature conditions. To ensure normal operation and to avoid unnecessary maintenance, plan your site configuration and prepare your site before installation.
Chapter 4 Installation and Startup Pre-Installation Requirements Fans The fan module provides cooling for the internal components. The fan drawer is a fieldreplaceable unit containing five fans, and is installed at the right rear of the SCE 1000. Figure 4-3: SE2000 Fan Module When you install the SCE 1000, ensure adequate airflow for the inlet and exhaust vents. Note Remember to leave a two inch (5 cm) clearance on both sides of the SCE 1000 and five inches (12.
Chapter 4 Installation and Startup Installation Table 4-3 SCE 1000 DC Power Supply Power Specification DC power input -36 to -72 V DC Power consumption up to 200W Circuit breaker One Fast 10A for each power supplier Table 4-4 SCE 1000 Environmental Requirements Environmental Factor Requirement Temperature - 23°F to 131°F (-5°C to +55°C) Relative humidity 5% to 95% (non-condensing) Table 4-5 SCE 1000 Approvals Specifications Approval Specification EMC • USA - According to standard C
Chapter 4 Installation and Startup Installation If you are not rack-mounting your SCE 1000, place it on a sturdy tabletop or workbench. A rubber feet kit is included for tabletop installations. Installation Precautions When installing the SCE 1000 on a workbench or tabletop or in a rack, ensure that the surface is clean and in a safe location.
Chapter 4 Installation and Startup Installation To install the SCE 1000 on a workbench or tabletop: Step 1 Follow the installation precautions in Installation Precautions (on page 4-7). Step 2 View the bottom panel by lifting the SCE 1000, placing your hands around the SCE 1000 sides and lifting the SCE 1000 from underneath. To prevent injury, avoid sudden twists or moves. There are four marked locations, indicating where to affix the rubber feet (see figure above).
Chapter 4 Installation and Startup Installation Step 1: Attaching the Brackets to the SCE 1000 Before installing the SCE 1000 in the rack, you must first install a rack-mount bracket on each side of the front of the SCE 1000, as illustrated in the following figure. See Tools and Parts Required (on page 4-2) for a listing of the parts and tools required for installing the rack–mount.
Chapter 4 Installation and Startup Installation Step 2: Attaching the Crossrail Supports to the Rack When mounting in a rack with four posts (front and back) the two crossrail supports are mounted one on each side of the rack. The SCE 1000 then slides into these crossrails, which support the weight of the unit. Note Cisco recommends that you allow at least 1 or 2 inches (2.54 or 5.08 cm) of vertical clearance between the SCE 1000 and any equipment directly above and below it.
Chapter 4 Installation and Startup Installation Step 4 Insert and tighten two screws to the Back posts of the rack. Figure 4-7: Attaching the Crossrails to the Rack Step 5 Repeat steps 2 through 4 on the other side of the rack, keeping the brackets flush against the posts and parallel to the supporting bracket on first side of the rack. This completes the steps for attaching the rack-mount supporting brackets to the rack. You are now ready to mount the SCE 1000 to the rack.
Chapter 4 Installation and Startup Installation A rack with both front and back posts will have the crossrail supports installed. Slide the SCE 1000 onto these crossrails and push it all the way back. Figure 4-8: Sliding the SCE 1000 into the Rack SCE 1000 2xGBE Release 2.0.
Chapter 4 Installation and Startup Connecting to the Power Supply Step 4 While keeping the brackets flush against the posts or mounting strips, align the holes in the brackets with the holes on the rack or mounting strip. Figure 4-9: Securing the SCE 1000 to a the Rack Step 5 For each bracket, insert and tighten two appropriate screws to the rack.
Chapter 4 Installation and Startup Connecting to the Power Supply Back Panel The SCE 1000 back-panel consists of the field-replaceable power supply units with ON/OFF switches, field-replaceable fan drawer, and ground connections, as shown in the following pair of figures. Figure 4-10: SCE 1000 Back Panel: AC Power Figure 4-11: SCE 1000 Back Panel DC power SCE 1000 2xGBE Release 2.0.
Chapter 4 Installation and Startup Connecting to the Power Supply Attaching a Chassis Ground Connection Before you connect the power or turn on the power to the SCE 1000, Cisco strongly recommends that you provide an adequate chassis Ground (protective earth) connection for the SCE 1000 chassis. A Chassis Grounding cable kit is provided with each SCE 1000. Use the Ground wire kit to properly ground the SCE 1000 chassis (see Packing List ("Packing List Parts" on page 4-2) for details).
Chapter 4 Installation and Startup Connecting to the Power Supply Figure 4-13: Grounding the Unit (DC) SCE 1000 2xGBE Release 2.0.
Chapter 4 Installation and Startup Connecting to the Power Supply Connecting the AC Power Supply Cable To connect the AC Power supply cable: Step 1 Plug the AC power supply cable into the (AC) electrical inlet, located on the rear panel of the SCE 1000. Figure 4-14: Connecting the AC Power Step 2 Plug the SCE 1000 AC power supply cable (attached on the SCE 1000 rear panel) into an (AC) electrical outlet. Step 3 Repeat the above steps for the second power cable. You are now ready to turn the power on.
Chapter 4 Installation and Startup Connecting to the Power Supply Connecting the DC Power Supply To connect the DC power supply cables: Step 1 Loosen the screws for the –48V and the –48V RTN connections, and attach the appropriate cables (hex or loop connectors). Figure 4-15: Connecting the DC Power For specific instructions regarding grounding the unit, see Attaching a Chassis Ground Connection (on page 4-15). Step 2 Refasten the screws.
Chapter 4 Installation and Startup Front Panel Front Panel The SCE 1000 Front Panel consists of ports and LEDs as shown in the following figure and the following two tables SCE 1000 Platform Posts and SCE 1000 LED Groups. Figure 4-16: SCE 1000 Front Panel SCE 1000 2xGBE Release 2.0.
Chapter 4 Installation and Startup Front Panel Table 4-6 SCE 1000 Ports Port Quantity Description Connect This Port To… Mng1/ Mng2 2 10/100/1000 Ethernet RJ-45 ports for management of the SCE 1000. A LAN using an FE cable with an RJ-45 connector Mng 2 is currently not operational. CLI designation: 0/0. Console 1 RS-232 RJ-45 port for use by technicians AUX 1 RS-232 RJ-45 port used by technicians GBE ports 1 &2 2 GigabitEthernet SC ports for connecting to the link.
Chapter 4 Installation and Startup Front Panel LED Groups Description Bypass • Continuous green: indicates that the traffic bypasses the SCE 1000 through an internal electrical bypass module. Single SCE 1000 topology: The SCE 1000 is either in bypass or sniffing mode Cascaded topology: Either the SCE 1000 is forwarding traffic to the other SCE 1000, where it is being processed, or is simply in bypass mode, so traffic through it is not being processed.
Chapter 4 Installation and Startup Front Panel The following table presents the fiber specifications. The SCE 1000 may be ordered with either Multimode or Single Mode transceivers. The transceiver type is indicated on the front panel under the ports. Note that both transceivers on any individual SCE 1000 are the same, either 850nm Multimode OR 1310 Single Mode. Table 4-8 Fiber Specifications SCE Model Transceiver Transmit Power Receive Power Typical (Max.
Chapter 4 Installation and Startup Powering up State Description Status LED Failure System is in Failure state after Boot due to one of the following conditions: Red • Power on test failure. • Three abnormal reboots in less than 20 minutes • Platform configured to enter Failure mode consequent to failure-induced reboot (this is configurable using CLI command). Note: Depending on the cause of failure, the management interface and the platform configuration may or may not be active/available.
Chapter 4 Installation and Startup Connecting the Local Console Connecting the Local Console Even if you will be managing the SCE 1000 from a remote location, you must first connect the unit to a local console and configure the initial settings for the SCE 1000 to support remote management. When the initial connection is established, the setup utility will run automatically, prompting you to perform the initial system configuration.
Chapter 4 Installation and Startup Connecting the Local Console The above SCE 1000 port parameters are fixed and are not configurable. To set up the local console: Step 1 Plug the enclosed RS-232 serial cable into the CON port on the front panel of the SCE 1000. Make sure that you push on the RJ-45 connector (attached to the RS-232 serial cable) until you hear a “click”, which indicates that the connector is fully inserted and secured in the receptacle.
Chapter 4 Installation and Startup System Configuration System Configuration Upon initial connection to the local terminal, as described above, the system configuration wizard automatically runs to guide the user through the entire setup process. The wizard prompts for all necessary parameters, displaying default values, where applicable. You may accept the default values or define other values.
Chapter 4 Installation and Startup System Configuration Parameter Definition unicast query interval Interval in seconds between unicast requests for update (64 – 1024) unicast server IP address IP address of the SNTP unicast server. DNS Configuration DNS lookup status Enable or disable IP DNS-based hostname translation. default domain name Default domain name to be used for completing unqualified host names IP address IP address of domain name server.
Chapter 4 Installation and Startup System Configuration Parameter Definition redundant SCE 1000 platform? Is there a redundant SCE 1000 installed as a backup? link bypass mode on non-operational status When the SCE 1000 is not operational, should it bypass traffic or cut it off? Refer, in setup, to the table Setup Command Parameters.
Chapter 4 Installation and Startup System Configuration All values are Internet addresses of the form ‘X.X.X.X’, where each letter corresponds to a decimal number between 0 and 255. To configure the initial settings: Step 1 The current IP address is displayed. • To accept the displayed value, press Enter. • To change the value, type the desired value in the format “x.x.x.x” and press Enter. Step 2 The current subnet mask is displayed. • To accept the displayed value, press Enter.
Chapter 4 Installation and Startup System Configuration Step 3: Setting the Passwords Configure the passwords as follows: Note • Set the password for each authorization level (User, Admin, Root). • Enable/disable password encryption. When password encryption is enabled, it encrypts the previously entered passwords. Passwords are needed for all authorization levels in order to prevent unauthorized users from accessing the SCE 1000. Admin level should be used by the network administrator.
Chapter 4 Installation and Startup System Configuration • To enable password encryption, type y and press Enter. EXAMPLE: Following is an example of changing all passwords. Password encryption is not enabled (default). Enter a User password [cisco]: userin Enter an Admin password [cisco]: mng123 Enter a Root password [cisco]: cistech Enable passwords encryption? [no]: Step 4: Configuring Time Settings The time settings menu configures all time and date related parameters in the system.
Chapter 4 Installation and Startup System Configuration If the time and date are not correct, answer yes to the above question, and press Enter. Would you like to set a new time and date? [no]: y Confirm your response and type the new time and date. This change will take effect immediately both on the system clock and the calendar; it will also set the time zone you entered. Are you sure? [yes/no]: y Enter new local time and date: 14:00:01 1 July 2002 Time zone was successfully set.
Chapter 4 Installation and Startup System Configuration EXAMPLE: Following is a sample time setting dialog. In addition to setting the time zone, time and date are changed, and SNTP unicast updates are configured.
Chapter 4 Installation and Startup System Configuration Step 5 You may configure up to three domain servers. Would you like to add another Name Server? [no]: • To exit the DNS settings dialog, press Enter. • To add another domain server, type y and press Enter. You are asked to enter the IP address of the next domain name server. Enter Secondary DNS IP address: Step 6 When IP addresses for all servers have been entered, exit the dialog by pressing Enter.
Chapter 4 Installation and Startup System Configuration EXAMPLE: Following is a sample RDR-formatter configuration dialog, assigning the IP address and TCP port number. Would you like to enter the RDR-formatter configuration menu? [no]: y Enter RDR-formatter destination’s IP address: 10.1.1.
Chapter 4 Installation and Startup System Configuration Table 4-11 IP address/Wildcard bit examples Initial IP address Wildcard bits Range 10.1.1.0 0.0.0.255 10.1.1.0–10.1.1.255 10.1.1.0 0.0.0.63 10.1.1.0–10.1.1.63 10.1.1.0 0.0.0.0 10.1.1.0 (individual entry) Order of Entries The order of the entries in the list is important. The entries in the list are tested sequentially, and the action is determined by the first entry that matches the connecting IP address.
Chapter 4 Installation and Startup System Configuration Step 4 Begin adding entries to the selected list. Indicate whether this entry is permitted access or denied access. • To permit access press Enter. • To deny access type n and press Enter. Does this entry permit access? [yes]: Step 5 Type the IP address to be added to this list, and press Enter. Type “any” and press Enter to include any IP address in the ACL. Note that there is no default for this parameter.
Chapter 4 Installation and Startup System Configuration EXAMPLE: This example illustrates a common access control scenario. Let us assume the following: • We want to permit every station to access the SCE on the management port (e.g. ping, SNMP polling etc.). • We want to restrict Telnet access to only a few permitted stations. We therefore need to create two access control lists: • For general IP access: permit access to all IP addresses.
Chapter 4 Installation and Startup System Configuration • Community strings (where an SNMP community string is a text string that acts like a password to permit access to the SNMP agent on the SCE 1000). To configure SNMP parameters: Step 1 Enter the SNMP configuration menu. Would you like to enter the SNMP configuration menu? [no]: y Type y and press Enter. The SNMP configuration dialog begins. Step 2 Enable SNMP management. Type y and press Enter.
Chapter 4 Installation and Startup System Configuration Enter Access list number allowing access with this community string, use ‘0’ to allow all: Step 8 The maximum number of SET communities is 20. • To add more entries, type y and press Enter Would you like to add another SNMP SET community? [no]:y Enter up to 20 SNMP SET communities as described in step 6 and step 7.
Chapter 4 Installation and Startup System Configuration Enter system administrator contact name []: EXAMPLE: Following is a sample SNMP configuration, configuring one trap manager, one GET community, and one SET community, and enabling the authentication failure trap, as well as all enterprise traps.
Chapter 4 Installation and Startup System Configuration The procedure described below is a hypothetical presentation of all the questions in the topology configuration. In actual practice, it is impossible for all questions to be presented in any one configuration, as this part of the dialog is not linear like the other sections, but branches depending on the parameter values entered. Study the examples that follow to understand the procedure for various topologies.
Chapter 4 Installation and Startup System Configuration Would you like to enter the Topology configuration menu? [no]: y Enter Connection mode: 1- inline 2- receive-only Enter your choice [1]: 2 EXAMPLE #2: Following is a sample topology configuration for a non-redundant bump-in-the-wire (inline) topology. All values are the system default values, so it is not necessary to type in the response. Simply press enter at each line.
Chapter 4 Installation and Startup System Configuration Step 10: Completing and Saving the Configuration When you have completed the entire configuration, the system checks for errors. If errors are found, a warning message appears. When the configuration is error-free, you may apply and save it. To complete and save the configuration: Step 1 The system informs you that data collection is complete. It is recommended that you view the entire new configuration before it is applied.
Chapter 4 Installation and Startup System Configuration The system will ask for FTP path: Enter a full FTP path of the remote destination: Step 6 The system informs you that the configuration is complete. Committing configuration... Configuration completed successfully. Saving configuration... Writing general configuration file to temporary location... Backing-up general configuration file... Copy temporary file to final location...
Chapter 4 Installation and Startup Connecting the FE Management Port EXAMPLE #2: Following is an example of a configuration that was applied and saved to the startup configuration as well as to an FTP site. Although not demonstrated in this example, it is recommended that you always view the configuration before applying it. Data collection for the system configuration is completed.
Chapter 4 Installation and Startup Connecting the FE Management Port To cable the management port: Step 1 Take the Ethernet LAN cable (with attached RJ-45 connector) and plug it into the Mng port on the front panel of the SCE 1000, as shown in the figure below. Figure 4-18: Cabling the Management Port Step 2 Connect the other end of the Ethernet LAN cable into your management network.
Chapter 4 Installation and Startup Connecting the line ports to the network Note Please note that only step 4, above, is performed from the remote management host (Mng port connection). This verifies that an “active” connection exists between the specified station and the management port. This way you can see that the ping is received and can check that the Active LED is flashing green. The ping program sends an echo request packet to an IP address and then awaits a reply.
Chapter 4 Installation and Startup Connecting the line ports to the network Bump-in-the-Wire (Inline) Topology Figure 4-19: Bump-in-the-Wire Installation In bump-in-the-wire topology (see the above figure), the SCE 1000 resides physically on the data link between the subscriber side, usually either a BRAS (in DSL access), a PDSN (in wireless access), a CMTS (in the Cable access), or a switch or router aggregator (in other topologies), and the network side, usually a router or layer 3 switch network eleme
Chapter 4 Installation and Startup Connecting the line ports to the network Figure 4-20: External Splitting Topology Configuring the GBE Interface Parameters Configuring Auto-Negotiation By default, the SCE 1000 line interface ports are configured with auto-negotiation enabled. However, when using an external splitter, the auto-negotiation must be disabled.
Chapter 4 Installation and Startup Connecting the line ports to the network The SCE 1000(config if)# prompt appears. Step 3 Type auto-negotiate and press Enter. The SCE 1000(config if)# prompt appears. Step 4 To return to Global Configuration Mode, type exit and press Enter. The SCE 1000(config)# prompt appears.
Chapter 4 Installation and Startup Connecting the line ports to the network Connecting Subscriber Side Interface to the SCE 1000 Figure 4-21: Connecting the Subscriber Side Cable (via Port 1) To connect the subscriber side cable to the SCE 1000: Step 1 Take the fiber optic cable that is connected toward the subscriber line, and plug it into Gigabit Ethernet Subscriber port on the front panel of the SCE 1000.
Chapter 4 Installation and Startup Connecting the line ports to the network Connecting the Network Side Interface to the SCE 1000 To connect the network side cable to the SCE 1000: Step 1 Take the fiber optic cable that is connected toward the network, and plug it into Gigabit Ethernet Network port on the front panel of the SCE 1000. Make sure to push on the connector until you hear a click, which indicates that the connector is fully inserted and secured in the receptacle.
Chapter 4 Installation and Startup Connecting the line ports to the network Viewing the Counters to See that the Network Traffic is Reaching the Device In bump-in-the-wire topology, you can monitor traffic via the platform counters for both the Rx and Tx connections. The counters increase, together with the increased number of packets that flow through the SCE 1000 for both Rx and Tx.
Chapter 4 Installation and Startup Loading and Activating a Service Control Application EXAMPLE: The following example shows the counters of the first Gigabit Ethernet interface: SCE 1000#show interface Gigabit Ethernet 0/1 counters In total octets: 100 In good unicast packets: 90 In good multicast packets: 0 In good broadcast packets: 10 In packets discarded: 0 In packets with CRC/Alignment error: 0 In undersized packets: 0 In oversized packets: 0 Out total octets: 93*2^32+1022342538 Out unicast packets:
Chapter 4 Installation and Startup Final Tests A message displaying the operation status of the system appears. If the system is operating in order, the following message appears: System Operation status is Operational. EXAMPLE: The following example displays a sample output where the LEDs appear red/orange: SCE 1000#show system operation-status System Operation status is Operational Viewing the User Log View the user log for errors that occurred during the installation process.
CHAPTER 5 Configuration and Management This chapter describes available user interfaces and provides general guidelines for configuring and managing the SCE 1000 by means of the Command Line Interface (CLI). It also describes general administrative tasks.
Chapter 5 Configuration and Management Setup Utility Multiple entry parameters (Lists) Several parameters, such as the Access Control Lists, are actually lists containing a number of entries. If these lists are empty (initial configuration) or contain only one entry, they act the same as any scalar parameter, except that you are giving the option of adding additional entries to the list.
Chapter 5 Configuration and Management File-system Operations File-system Operations The CLI commands include a complete range of file management commands. These commands allow you to create, delete, copy, and display both files and directories. Note Regarding disk capacity: While performing disk operations, the user should take care that the addition of new files that are stored on the SCE disk do not cause the disk to exceed 70% utilization.
Chapter 5 Configuration and Management File-system Operations Use this command to remove an empty directory. To delete an empty directory: Step 1 From the SCE 1000# prompt, type rmdir directory-name and press Enter. The specified directory is deleted and the SCE 1000# prompt appears. Changing Directories To change the path of the current working directory: Step 1 From the SCE 1000# prompt, type cd new path and press Enter.
Chapter 5 Configuration and Management File-system Operations To list all the applications in the current directory: Step 1 From the SCE 1000# prompt, type dir applications and press Enter. A listing of all application files in the working directory is displayed and the SCE 1000# prompt appears. To include files in all sub-directories in the listing of the current directory: Step 1 From the SCE 1000# prompt, type dir -r and press Enter.
Chapter 5 Configuration and Management File-system Operations The specified file is deleted and the SCE 1000# prompt appears. Copying a File You can copy a file from the current directory to a different directory. You can also copy a file (upload/download) to or from an FTP site. In this case, either the source or destination filename must begin with ftp://. To copy a file using passive FTP, use the copypassive command.
Chapter 5 Configuration and Management Viewing Configuration and Status EXAMPLE: The following example uploads the analysis.sli file located on the local flash file system to the host 10.1.1.105, specifying Passive FTP. SCE 1000#copy-passive /appli/analysis.sli ftp://myname:mypw@10.1.1.105/p:/appli/analysis.sli SCE 1000# Displaying File Contents To display the contents of a file: Step 1 From the SCE 1000# prompt, type more file-name and press Enter.
Chapter 5 Configuration and Management Viewing Configuration and Status The following commands are provided for viewing configuration information: • show running-config • more running-config • show startup-config • more startup-config • show access-lists • show blink slot • show calendar • show clock • show failure-recovery operation-mode • show hostname • show hosts • show interface FastEthernet • show interface LineCard • show ip route • show ip rpc-management • show ip r
Chapter 5 Configuration and Management Viewing Configuration and Status EXAMPLE: The following example illustrates how typing a ‘?’ after the word show while you are in the Privileged Exec mode will display all the show commands supported.
Chapter 5 Configuration and Management Viewing Configuration and Status SCE 1000#show running-config #This is a general configuration file (running-config). #Created on 15:50:56 CET MON February 11 2002 #cli-type 1 #version 1 clock timezone CET 1 snmp-server community “public” ro snmp-server host 10.1.1.253 traps version 1 “public” interface LineCard 0 connection-mode active no silent no shutdown flow-aging default-timeout UDP 60 interface FastEthernet 0/0 ip address 10.1.5.109 255.255.0.
Chapter 5 Configuration and Management Viewing Configuration and Status SCE 1000#show version System version: Version 2.5.2 Build 240 Build time: Jan 11 2005, 07:34:47 Software version is: Version 2.5.2 Build 240 Hardware information is: rx : 0x0075 dp : 0x1808 tx : 0x1708 ff : 0x0077 cls : 0x1721 cpld : 0x0025 Lic : 0x0176 rev : G001 Bootrom : 2.1.0 L2 cache : Samsung 0.
Chapter 5 Configuration and Management Saving the Configuration Settings Saving the Configuration Settings When you make changes to the current running-config and you want those changes to continue to be valid when the system restarts, you must save the changes before leaving the management session, that is, you must save the running configuration to the startup configuration file. As mentioned before, SCE 1000 provides multiple interfaces for the purpose of configuration and management.
Chapter 5 Configuration and Management Saving the Configuration Settings EXAMPLE: The following example shows the running configuration file. SCE 1000#show running-config #This is a general configuration file (running-config). #Created on 15:50:56 CET MON February 11 2002 #cli-type 1 #version 1 clock timezone CET 1 snmp-server community “public” ro snmp-server host 10.1.1.
Chapter 5 Configuration and Management Recovering a Previous Configuration Recovering a Previous Configuration When you save a new configuration, the system automatically backs up the old configuration in the directory tffs0:system/prevconf/. Up to nine versions of the startup configuration file are saved, namely config.tx1-config.tx9, where config.tx1 is the most recently saved file. You can view the old startup configuration files using the CLI command more.
Chapter 5 Configuration and Management Entering and Exiting Global Configuration Mode EXAMPLE: The following example displays a saved configuration file and then restores the file to overwrite the current configuration. SCE 1000#more tffs0:system/prevconf/config.tx1 #This is a general configuration file (running-config). #Created on 19:36:07 UTC THU February 14 2002 #cli-type 1 #version 1 interface LineCard 0 no silent no shutdown interface FastEthernet 0/0 ip address 10.1.5.109 255.255.0.
Chapter 5 Configuration and Management Entering and Exiting Global Configuration Mode Passwords Cisco CLI passwords are an access-level authorization setting, not individual user passwords. All Admin users, for example, log in with the same password. This means that the system does not identify you as an individual, but as a user with certain privileges. Passwords are needed for all authorization levels in order to prevent unauthorized users from accessing the SCE 1000.
Chapter 5 Configuration and Management Entering and Exiting Global Configuration Mode Step 3 To enter the Global Configuration Mode, type configure and press Enter. The SCE 1000(config)# prompt appears. Step 4 Type enable password level 0 , and press Enter. A password is now required for all telnet access. The Network Administrator should record passwords in a secure location.
Chapter 5 Configuration and Management Entering and Exiting Global Configuration Mode Step 6 At this point, the Network Administrator should record passwords in a secure location. To verify that you configured your passwords correctly: Step 1 Initiate a new telnet connection, while maintaining the one you used to set the password. This is needed so that if the verification fails, you would still have admin level authorization in order to re-enter the password.
Chapter 5 Configuration and Management Entering and Exiting Global Configuration Mode To disable password encryption: Step 1 From the SCE 1000(config)# prompt, type no service password encryption. This does not remove the encryption from the configuration file. You must save to the startup configuration file if you want the password to be stored un-encrypted on the startup configuration file. Note Once the system is secured, you cannot recover a lost or forgotten password.
Chapter 5 Configuration and Management The User Log Backing–up configuration file… Writing configuration file… Extracting new system image… Extracted OK. SCE 1000# Step 5 Type reload to reboot the system. The SCE 1000 prompts you for confirmation by asking Are you sure? Step 6 Type Y and press Enter. The system sends the following message and reboots. the system is about to reboot, this will end your CLI session EXAMPLE: The following example shows the full procedure for performing a software update.
Chapter 5 Configuration and Management The User Log The commands relevant to the user log are: • clear logger device User-File-Log • clear logger device device-name nv-counters • clear logger nv-counters • clear logger device User-File-Log counters • logger add-user-message • logger device User-File-Log disabled • logger device User-File-Log enabled • logger device User-File-Log max-file-size • logger get user-log file-name • show logger nv-counters • show logger device device-name nv
Chapter 5 Configuration and Management The User Log Copying the User Log You can view the log file by copying it to an external source or to disk. This command copies both log files to the local SCE 1000 disk or any external host running a FTP server. To copy the user log to an external source: Step 1 From the SCE 1000# prompt, type logger get user-log file-name ftp://username:password@ipaddress/path and press Enter. The SCE 1000# prompt appears.
Chapter 5 Configuration and Management The User Log To view the non-volatile counter for the user-file-log: Step 1 From the SCE 1000# prompt, type show logger device user-file-log nv-counters and press Enter. The user-file-log non-volatile log counter information appears, followed by the SCE 1000# prompt. To view the non-volatile counter for the debug-file-log: Step 1 From the SCE 1000# prompt, type show logger device debug-file-log nv-counters and press Enter.
Chapter 5 Configuration and Management The User Log To clear the non-volatile counter for the user-file-log: Step 1 From the SCE 1000# prompt, type clear logger device user-file-log nv-counters and press Enter. The system asks “Are you sure?” Step 2 Type Y and press Enter. The SCE 1000# prompt appears. To clear the non-volatile counter for the debug-file-log: Step 1 From the SCE 1000# prompt, type clear logger device debug-file-log nv-counters and press Enter.
Chapter 5 Configuration and Management Rebooting and Shutting Down the SCE Platform Clearing the User Log You can clear the contents of the user log at any time. The user log contains important information regarding the functioning of the system. It is recommended that a copy be made before the log is cleared. To clear the user log: Step 1 From the SCE 1000# prompt, type clear logger device user-file-log and press Enter. Step 2 The system asks Are you sure? Step 3 Type Y and press Enter.
Chapter 5 Configuration and Management Rebooting and Shutting Down the SCE Platform To reboot your SCE 1000: Step 1 At the SCE 1000# prompt, type reload and press Enter. A confirmation message appears. Step 2 Type Y to confirm the reboot request and press Enter. EXAMPLE: The following example shows the commands for system reboot.
Chapter 5 Configuration and Management Rebooting and Shutting Down the SCE Platform EXAMPLE: The following example shows the commands for system shutdown. SCE 1000#reload shutdown You are about to shut down the system. The only way to resume system operation after this is to cycle the power off, and then back on. Continue? y IT IS NOW SAFE TO TURN THE POWER OFF.
CHAPTER 6 Control Configuration This chapter discusses the configuration of the SCE 1000 management ports and interfaces.
Chapter 6 Control Configuration SCE Platform Management Interfaces To exit the Global Configuration Mode: Step 1 At the SCE 1000(config)# prompt, type exit and press Enter. The SCE 1000# prompt appears. SCE Platform Management Interfaces You can manage the SCE 1000 through either of its management interfaces, CLI or SNMP. Both these interfaces supply API to the same database of the SCE 1000; any configuration changes made through one interface are also reflected through the other interface.
Chapter 6 Control Configuration Configuring the Available Interfaces Creating an access list is done entry by entry, from the first to the last. When the system checks for an IP address on an access list, the system checks each line in the access list for the IP address, starting at the first entry and moving towards the last entry.
Chapter 6 Control Configuration Configuring the Available Interfaces Step 2 The SCE 1000(config)# prompt appears. Step 3 To configure one IP address type: access-list number permit x.x.x.x and press Enter where x.x.x.x is the IP address. Step 4 To configure more than one IP address type: access-list number permit x.x.x.x y.y.y.y and press Enter. This command configures a range of addresses in the format x.x.x.x y.y.y.y where x.x.x.
Chapter 6 Control Configuration Configuring the Available Interfaces Telnet Interface This section discusses the Telnet interface of the SCE 1000. A Telnet session is the most common way to connect to the SCE 1000 CLI interface. You can set the following parameters for the Telnet interface: • Enable/disable the interface • Associate an access list to permit or deny incoming connections.
Chapter 6 Control Configuration Configuring the Available Interfaces SCE 1000#configure SCE 1000 (config)#line vty 0 SCE 1000(config-line)#access-class 1 in Step 3 Type exit and press Enter. This returns you to Global Configuration Mode. Telnet Timeout The SCE 1000 supports timeout of inactive Telnet sessions. The default timeout is 30 minutes.
Chapter 6 Control Configuration IP Configuration Step 2 Type snmp-server community community-string, where the community string is a security string that identifies a community of managers that are able to access the SNMP server. You must define at least one community string in order to allow SNMP access. For complete information on community strings see Configuring SNMP Community Strings (on page 6-33).
Chapter 6 Control Configuration IP Configuration Default Gateway To configure the default gateway: Step 1 From the SCE 1000(config)# prompt, type ip default-gateway
, and press Enter. The default gateway for the SCE 1000 is set. EXAMPLE: The following example shows how to set the default gateway IP of the SCE 1000 to 10.1.1.1. SCE 1000(config)#ip default-gateway 10.1.1.Chapter 6 Control Configuration IP Configuration EXAMPLE: SCE 1000#show ip route gateway of last resort is 10.1.1.1 | prefix | mask | next hop | |-----------------|------------------|-----------------| | 10.2.0.0 | 255.255.0.0 | 10.1.1.250 | | 10.3.0.0 | 255.255.0.0 | 10.1.1.253 | | 198.0.0.0 | 255.0.0.0 | 10.1.1.251 | | 10.1.60.0 | 255.255.255.0 | 10.1.1.
Chapter 6 Control Configuration IP Configuration Configuring IP Advertising In order to configure IP advertising, you must first enable IP advertising. You may then specify a destination address to which the ping request is to be sent and/or the frequency of the ping requests (interval). If no destination or interval is explicitly configured, the default values are assumed. To enable IP advertising: Step 1 From the SCE 1000(config)# prompt, type ip advertising, and press Enter.
Chapter 6 Control Configuration Time Clocks and Time Zone Time Clocks and Time Zone The SCE 1000 has three types of time settings, which can be configured: the clock, the calendar, and the time zone. It is important to synchronize the clock and calendar to the local time, and to set the time zone properly. The SCE 1000 does not track Daylight Saving Time automatically, so you must update the time zone when the time changes bi-annually.
Chapter 6 Control Configuration Time Clocks and Time Zone EXAMPLE: The following example shows the current system calendar. SCE 1000#show calendar 12:50:03 UTC MON November 13 2001 Setting the Clock To set the clock: Step 1 From the SCE 1000# prompt, type clock set , where is the time and date you want to set, and press Enter. The time is set.
Chapter 6 Control Configuration SNTP Setting the Time Zone To set the current time zone: Step 1 From the SCE 1000(config)# prompt, type clock timezone , where is the name of the time zone and is the offset from GMT. EXAMPLE: The following example shows how to set the time zone to Pacific Standard Time with an offset of 10 hours behind GMT.
Chapter 6 Control Configuration SNTP • Note Unicast SNTP client: Sends a periodic request to a configured SNTP server, and updates the system clock according to the server response. It is recommended that an IP access control list be configured in order to prevent access from unauthorized SNTP or NTP multicast servers.
Chapter 6 Control Configuration SNTP EXAMPLE: The following example shows how to enable an SNTP server at IP address 128.182.58.100. SCE 1000(config)# sntp server 128.182.58.100 Disabling SNTP unicast client To disable the SNTP unicast client and remove all servers from the client list: Step 1 From the SCE 1000(config)# prompt, type no sntp server all, and press Enter. All SNTP unicast servers are removed, preventing unicast SNTP query.
Chapter 6 Control Configuration Domain Name (DNS) Settings Display SNTP information To get information about SNTP servers and updates: Step 1 From the SCE 1000(config)# prompt, type show sntp, and press Enter. The configuration of both the SNTP unicast client and the SNTP multicast client is displayed. EXAMPLE: SNTP broadcast client: disabled last update time: not available SNTP unicast client: enabled SNTP unicast server: 128.182.58.
Chapter 6 Control Configuration Domain Name (DNS) Settings To enable DNS lookup: Step 1 From the SCE 1000(config)# prompt, type ip domain-lookup. To disable DNS lookup: Step 1 From the SCE 1000(config)# prompt, type no ip domain-lookup. Name Servers To specify the address of one or more name servers to use for name and address resolution: Step 1 From the SCE 1000(config)# prompt, type ip name-server [ []], and press Enter.
Chapter 6 Control Configuration Domain Name (DNS) Settings To clear the name server table all addresses : Step 1 From the SCE 1000(config)# prompt, type no ip name-server, and press Enter. Domain Name To define a default domain name: Step 1 From the SCE 1000(config)# prompt, type ip domain-name domain-name, and press Enter. The default domain name is defined. The default domain name is used to complete unqualified host names.
Chapter 6 Control Configuration The RDR Formatter show hosts To display current DNS settings: Step 1 From the SCE 1000# prompt, type show hosts. EXAMPLE: The following example shows how to display current DNS information. SCE 1000#show hosts Default domain is Cisco.com Name/address lookup uses domain service Name servers are 10.1.1.60, 10.1.1.61 Host Address ---------PC85 10.1.1.
Chapter 6 Control Configuration The RDR Formatter RDR Formatter Destinations The SCE 1000 can be configured with a maximum of four RDR destinations, three destinations per category. Each destination is defined by its IP address and TCP port number, and is assigned a priority for each category to which it is assigned. The following figure illustrates the simplest RDR formatter topology, with only one category and one destination.
Chapter 6 Control Configuration The RDR Formatter Categories In certain installations, RDRs must be sent to different collector servers according to their type. For instance, in the pre-paid environment, some RDRs must be sent to the pre-paid collector to get a new quota, while others should be sent to the mediation system. In this case, the RDRs are divided into two groups, and each group, or category, is assigned to a particular destination or destinations.
Chapter 6 Control Configuration The RDR Formatter Protocol Version The RDR protocol is used to export the application reports from the SCE 1000 to an external destination. Currently, Cisco supports two versions o the RDR protocol: RDR protocol version 1 (RDRv1) protocol and RDR protocol version 2 (RDRv2). The SCE 1000 can support the formatting of RDRs based on either of these protocols. The selection of the configured protocol should be based on the destination capabilities.
Chapter 6 Control Configuration The RDR Formatter If all connections should fail, the contents of the history buffer will be sent when the first connection is re-established. The history buffer contains the last RDRs passed to the TCP stack. If a connection fails, these RDRs are resent to another destination, depending on the forwarding mode in effect. The history buffer is intended to overcome the loss of RDRs in an event of an abnormally TCP disconnection.
Chapter 6 Control Configuration The RDR Formatter To specify the size of the RDR Formatter history buffer (bytes): Step 1 From the SCE 1000(config)# prompt, type RDR-Formatter history-size (0-65536), and press Enter. The history buffer is set to the specified size. To configure the RDR Formatter protocol: Step 1 Disable the RDR Formatter: From the SCE 1000(config)# prompt, type no service RDR-Formatter, and press Enter.
Chapter 6 Control Configuration The RDR Formatter Configuring the RDR Formatter Destinations In order for the RDRs from the SCE 1000 to arrive at the correct location, the IP address of the destination and its TCP port number must be configured. A priority value must be assigned. Priority is important in the redundancy forwarding mode, but not crucial in simple-load-balancing mode or multicast mode.
Chapter 6 Control Configuration The RDR Formatter Configuring the destinations with the proper priorities for each category, as well as configuring all the other RDR formatter parameters, may be approached in several different ways, and may take some planning. Refer to the examples below for illustrations of some of the issues involved in configuring categories.
Chapter 6 Control Configuration The RDR Formatter EXAMPLE 1: The following example defines a name for one category, and then configures two RDR Formatter destinations, assigning each to a different category (see diagram). The RDRs of category 1 are to go to the first destination, so a high priority was assigned to that category in the first destination, and no priority in the second.
Chapter 6 Control Configuration The RDR Formatter SCE 1000(config)# RDR-Formatter category-number 2 name prepaid SCE 1000(config)# RDR-Formatter destination 10.1.1.205 port 33000 category name prepaid priority 90 category number 1 priority 25 SCE 1000(config)# RDR-Formatter destination 10.1.1.
Chapter 6 Control Configuration The RDR Formatter The forwarding mode is defined for the entire RDR formatter, not just one category. However, the load balancing takes place within each category. Since the category “prepaid” goes to only one destination, the forwarding mode is irrelevant. It is relevant, however to the “billing” category, since it goes to two different destinations.
Chapter 6 Control Configuration The RDR Formatter EXAMPLE: The following example shows how to display the current RDR formatter configuration. SCE 1000#show RDR-formatter Status: enabled Connection is: up Forwarding mode: redundancy Connection table: ---------------------------------------------------------Collector | Port | Status | Priority per Category: | IP Addres / | | |--------------------------| Host-Name | | | Category1 | Category2 | ---------------------------------------------------------10.1.
Chapter 6 Control Configuration SNMP Configuration and Management SNMP Configuration and Management The SCE 1000 operating system includes a Simple Network Management Protocol (SNMP) agent that supports the RFC 1213 standard (MIB-II) and Cisco’s enterprise MIBs. This section explains how to configure the SNMP agent parameters. It also describes the SNMP traps and the Cisco proprietary MIB, and explains the order in which the MIB must be loaded.
Chapter 6 Control Configuration SNMP Configuration and Management Table 6-1 Request Types Request Type Description Remarks Set Request Writes new data to one or more of the objects managed by an agent. Set operations immediately affect the SCE 1000 running-config but do not affect the startup config. Get Request Requests the value of one or more of the objects managed by an agent. Get Next Request Requests the Object Identifier(s) and value(s) of the next object(s) managed by an agent.
Chapter 6 Control Configuration SNMP Configuration and Management SNMP Community Strings An SNMP community string is a text string that acts like a password to permit access to the agent on the SCE 1000. The community string is used to authenticate messages that are sent between the management station (the SNMP manager) and the device (the SNMP agent). The community string is included in every message transmitted between the SNMP manager and the SNMP agent.
Chapter 6 Control Configuration SNMP Configuration and Management EXAMPLE: The following example shows how to configure a community string called “mycommunity” with read-only rights and access list number “1”. SCE 1000(config)#snmp-server community mycommunity 1 Note ACL-number is an index to an access list.
Chapter 6 Control Configuration SNMP Configuration and Management Configuring Traps By default, the SCE 1000 is not configured to send any SNMP traps. You must define the Network Management System to which the SCE 1000 should send traps. (See the table below, Configurable Traps, for a list of configurable traps). Whenever one of the events that trigger traps occurs in the SCE 1000, an SNMP trap is sent from the SCE 1000 to the list of IP addresses that you define.
Chapter 6 Control Configuration SNMP Configuration and Management Traps Description Trap Names link-bypass A link-bypass trap is sent when the SCE 1000 recognizes that the linkbypass mode has changed (bypass, no bypass, cutoff). linkModeBypassTrap logger A logger trap is sent when the SCE 1000 recognizes that the User log is full. The SCE 1000 rolls over to the next log file.
Chapter 6 Control Configuration SNMP Configuration and Management EXAMPLE: The following example shows how to configure the SCE 1000 to send SNMPv1 traps to a host with the IP Address: 192.168.0.83 and community string named mycommunity. SCE 1000(config)#snmp-server host 192.168.0.83 mycommunity To enable the SNMP server to send AuthenticationFailure traps: Step 1 At the SCE 1000(config)# prompt, type snmp-server enable traps snmp authentication, and press Enter.
Chapter 6 Control Configuration SNMP Configuration and Management To restore all traps to the default status: Step 1 At the SCE 1000(config)# prompt, type default snmp-server enable traps, and press Enter. All traps supported by the SCE 1000 are reset to their default status. EXAMPLE: The following example shows how to restore all SNMP traps to their default status.
Chapter 6 Control Configuration SNMP Configuration and Management Global Configuration Mode Commands The following SNMP commands are available in Global Configuration Mode: • snmp-server enable • no snmp-server • snmp-server community • no snmp-server community all • [no | default] snmp-server enable traps • [no] snmp-server host • no snmp-server host all • [no] snmp-server contact • [no] snmp-server location MIBs MIBs (Management Information Bases) are databases of objects that can be m
Chapter 6 Control Configuration SNMP Configuration and Management Cisco Enterprise MIB The SCE proprietary MIB enables external management systems to retrieve general information regarding the SCE 1000 operating status and resources utilization, extract real time measurements of bandwidth utilization and network statistics, and receive notifications of critical events and alarms. Note The following object identifier represents the Cisco Enterprise MIB: 1.3.6.1.4.1.5655, or iso.org.dod.internet.private.
Chapter 6 Control Configuration Failure Recovery Mode The figure below, illustrates the Cisco Enterprise MIB structure. Figure 6-3: Service Control MIB Structure Loading the MIB Files The SCE proprietary MIB uses definitions that are defined in other MIBs, such as Pcube MIB (pcube.mib), and the SNMPv2-SMI. Therefore, the order in which the MIBs are loaded is important. To avoid errors, the MIBs must be loaded in the proper order. To load the MIBs: Step 1 Load the SNMPv2-SMI. Step 2 Load the SNMPv2-TC.
Chapter 6 Control Configuration Entering FastEthernet (Management) Interface Configuration Mode To edit the failure recovery operational mode: Step 1 From the SCE 1000(config)# prompt, type failure-recovery operation- mode operational|non-operational and press Enter. Enter either the value operational or non-operational.
Chapter 6 Control Configuration Management Interface Configuration Mode Management Interface Configuration Mode This interface has a transmission rate of 100 Mbps and is used for management operations and for transmitting RDRs, which are the output of traffic analysis and management operations. The parameters that can be configured for this interface include: • IP address of the interface, see Setting the IP Address and Subnet Mask of the FastEthernet Management Interface.
Chapter 6 Control Configuration Entering LineCard Interface Configuration Mode The default of this command is set to auto. Changing this configuration takes effect only if the duplex mode is not configured to auto. EXAMPLE: The following example shows how to use this command to configure the FastEthernet Management port to 100 Mbps speed.
Chapter 6 Control Configuration Entering LineCard Interface Configuration Mode Configuring Applications The SCE 1000 platform can be configured to run with different Service Control applications by installing the appropriate file. All SCE 1000 application files are pqi files, that is, the filename must end with the pqi extension. Once a specific Service Control application is installed it can be configured by applying a configuration file.
Chapter 6 Control Configuration Entering LineCard Interface Configuration Mode To install an application: Step 1 From the SCE 1000(config if)# prompt, type pqi install file filename [options] and press Enter. The specified pqi file is installed using the installation options specified (if any) and the SCE 1000(config if)# prompt appears. Note that this may take up to 5 minutes. Note Always run the pqi uninstall command before installing a new pqi file.
Chapter 6 Control Configuration Entering LineCard Interface Configuration Mode To undo an upgrade of an application: Step 1 From the SCE 1000(config if)# prompt, type pqi rollback file filename and press Enter. The upgrade of the specified pqi file is undone and the SCE 1000(config if)# prompt appears. Note that this may take up to 5 minutes. To display the last pqi file that was installed: Step 1 From the SCE 1000# prompt, type show pqi last-installed and press Enter.
Chapter 6 Control Configuration Entering LineCard Interface Configuration Mode The specified configuration file is applied and the SCE 1000(config if)# prompt appears. To display the last configuration file that was applied: Step 1 From the SCE 1000# prompt, type show scm last-applied and press Enter. The name of the last configuration file that was applied is displayed and the SCE 1000# prompt appears. SCE 1000 2xGBE Release 2.0.
CHAPTER 7 Line Configuration This chapter discusses the interface configuration of the SCE 1000. The relevant configuration modes are: • LineCard: Interface LineCard 0 The LineCard interface configures the main functionality of viewing and handling traffic on the line. • GigabitEthernet: Interface GigabitEthernet 0/1 or 0/2) The GigabitEthernet Interface mode configures the settings for the GigabitEthernet interface to the Internet traffic on the wire. Each of the two ports can be set individually.
Chapter 7 Line Configuration Entering LineCard Interface Configuration Mode Entering LineCard Interface Configuration Mode The following procedure is for entering Line Card Interface Configuration mode. The procedures for entering the other interfaces are the same except for the interface command as described above and in CLI Command Reference (on page A-1).
Chapter 7 Line Configuration Configuring Tunneling Protocols • Skip MPLS headers. The MPLS environment is assumed to be Traffic-Engineering. • No IP-tunnel support – L2TP tunnels will not be skipped and therefore all flows within a single L2TP tunnel will be classified as the same flow. Selecting the Tunneling Mode Use these commands to configure tunneling: • ip tunnel • vlan • mpls • L2PT identify-by Configuring IP Tunnels By default, IP tunnel recognition is disabled.
Chapter 7 Line Configuration Configuring Tunneling Protocols Setting the mode to classify means that subscriber and flow classification will use the VLAN tag. Using VLAN classification is mutually exclusive with any IP tunnels. Note that using The a-symmetric skip value incurs a performance penalty. To configure the VLAN environment Step 1 From the SCE 1000(config if)# prompt, type: vlan [symmetric {classify|skip}] [a-symmetric skip]and press Enter.
Chapter 7 Line Configuration Configuring Traffic Rules and Counters Displaying Tunneling Configuration You can display the tunnel configuration. To display the tunneling configuration: Step 1 From the SCE 1000# prompt, type: show interface lineCard 0 [MPLS|VLAN|L2TP|IP-tunnel] and press Enter. Configuring Traffic Rules and Counters Traffic rules and counters may be configured by the user.
Chapter 7 Line Configuration Configuring Traffic Rules and Counters Traffic Rules A traffic rule specifies that a defined action should be taken on packets processed by the SCE Platform that meet certain criteria. The maximum number of rules is 128. Each rule is given a name when it is defined, which is then used when referring to the rule.
Chapter 7 Line Configuration Configuring Traffic Rules and Counters • Count bytes: the counter is incremented by the number of bytes in the packet for each packet it counts. Configuring Traffic Counters A traffic counter must be created before it can be referenced in a traffic rule. Use the following commands to create and delete traffic counters.
Chapter 7 Line Configuration Configuring Traffic Rules and Counters all|([all-but] (|)) • is a single IP address in dotted-decimal notation, such as 10.1.2.3 • is an IP subnet range, in the dotted-decimal notation followed by the number of significant bits, such as 10.1.2.0/24.
Chapter 7 Line Configuration Configuring Traffic Rules and Counters EXAMPLE 1 This example creates the following traffic rule: Name = rule1 IP addresses: subscriber side = all IP addresses, network side = 10.10.10.10 only Protocol = other Direction = all Traffic counter = counter1 Since it is not TCP/UDP, port and flags are not applicable. The only action performed will be counting SCE 1000 (config if)# traffic-rule rule1 IP-addresses subscriber-side all network-side 10.10.10.
Chapter 7 Line Configuration Configuring Traffic Rules and Counters Action = ignore (required since traffic-counter = none) Since it is not TCP/UDP, port and flags are not applicable. The only action performed will be Ignore.
Chapter 7 Line Configuration Configuring Traffic Rules and Counters To view a specified traffic counter: Step 1 From the SCE 1000# prompt, type show interface linecard 0 traffic- counter name EXAMPLE The following example displays information for the traffic counter “cnt”. SCE 1000# show interface linecard 0 traffic-counter name cnt Counter 'cnt' value: 0 packets. Rules using it: None.
Chapter 7 Line Configuration Configuring TOS Marking Configuring TOS Marking The SCE 1000 TOS marking feature enables marking the TOS field in the IP header of each packet according to two applicative attributes of the packet: its Class (class of service) and its Color (reflects the packet’s level of compliance to its relevant bandwidth limitations, where applicable). The actual TOS value set in the IP header is determined according to the configurable TOS table, based on the Class and Color.
Chapter 7 Line Configuration Editing the Connection Mode Modifying the TOS Table To modify the TOS table: Step 1 From the SCE 1000(config if)# prompt, type tos-marking set-table- entry class class color color value value and press Enter. class is the applicative class of the packet (BE, AF1, AF2, AF3, AF4, EF),, color is the applicative color (green, red or any) and value is the value to be assigned to the packet (value set to the IP TOS field).
Chapter 7 Line Configuration Enforcing the Link Mode To edit the connection mode: Step 1 From the SCE 1000(config if)# prompt, type connection-mode inline|receive-only on-failure [bypass|cutoff] and press Enter. EXAMPLE: The following example sets the connection mode to inline and the on-failure mode to cutoff. SCE 1000 (config if)# connection-mode inline on-failure cutoff Enforcing the Link Mode The SCE 1000 has an internal bypass mechanism used to maintain the link even when the SCE 1000 fails.
Chapter 7 Line Configuration Enabling and Disabling Link Failure Reflection To set the link mode: Step 1 From the SCE 1000 (config if)# prompt, type link-mode [forwarding|bypass|sniffing|cutoff] and press Enter. To view the current link mode: Step 1 From the SCE 1000# prompt, type show interface linecard 0 link mode and press Enter.
Chapter 7 Line Configuration Line Gigabit Ethernet Interfaces Entering GigabitEthernet Line Interface Configuration Mode To enter GigabitEthernet Interface Configuration Mode: Step 1 To enter Global Configuration Mode, type configure and press Enter. The SCE 1000(config)# prompt appears. Step 2 Type interface GigaBitEthernet [0/1|0/2] and press Enter.
Chapter 7 Line Configuration Line Gigabit Ethernet Interfaces EXAMPLE: The following example shows how to configure the GigabitEthernet Interface to disable autonegotiation process. That is, it forces the link up with 1000 Mbps no matter what the partner port setting is. SCE 1000(config if)# no auto-negotiate SCE 1000 2xGBE Release 2.0.
CHAPTER 8 Managing Subscribers The SCE 1000 Platform is subscriber aware, that is, it can relate traffic and usage to specific customers.
Chapter 8 Managing Subscribers Subscriber Overview Table 8-1 Subscriber Examples The Subscriber DSL residential subscriber Subscriber Characteristics Managed Entity Subscriber (Entity) Identified By DSL residential user IP address The list of IP addresses is allocated by a Radius server Cable residential subscriber Cable residential user IP address The list of IP addresses of the CPEs is allocated dynamically by a DHCP server Owner of a 3G-phone that is subscribed to data services 3G-phone ow
Chapter 8 Managing Subscribers Subscriber Overview These parameters are sometimes referred to as Network-ID. In order to perform the mapping between the Network-ID and Subscriber-ID, the SCE Platform must be configured with this mapping information. In some cases the subscriber’s Network-ID is static and changes only rarely and at long intervals.
Chapter 8 Managing Subscribers Subscriber Overview Note that not all the solutions support all modes. The most basic mode is Subscriber-less mode. In this mode, there is no notion of subscriber in the system, and the entire link where the SCE Platform is deployed is treated as a single subscriber. Global Application level analysis (such as total p2p, browsing) can be conducted, as well as global control (such as limiting total p2p to a specified percentage).
Chapter 8 Managing Subscribers Subscriber Overview Anonymous Groups and Subscriber Templates An anonymous group is a specified IP range, possibly assigned a subscriber template. When an anonymous group is configured, the SCE Platform generates anonymous subscribers for that group when it detects traffic with an IP address that is in the specified IP range. If a subscriber template has been assigned to the group, the anonymous subscribers generated have properties as defined by that template.
Chapter 8 Managing Subscribers Importing/Exporting Subscriber Information Note Currently only VLAN IDs are supported. • Tunnel ID range: A range of tunnel Ids. Example: 4-8 • IP address: in dotted decimal notation. Example: 10.3.4.5 • IP address range: dotted decimal, followed by the amount of significant bits. Note that the non-significant bits (As determined by the mask) must be set to zero. Example: 10.3.0.0/16. Example for a bad range: 10.1.1.1/24 (Should have been 10.1.1.0/24).
Chapter 8 Managing Subscribers Importing/Exporting Subscriber Information • subscriber template import csv-file • subscriber template export csv-file These subscriber management commands are LineCard interface commands. Make sure that you are in LineCard Interface command mode, (see Entering LineCard Interface Configuration Mode "Entering LineCard Interface Configuration Mode" on page 3-8)).
Chapter 8 Managing Subscribers Removing Subscribers and Templates To export anonymous groups to a csv file: Step 1 From the SCE 1000(config if)# prompt, type subscriber anonymous- group export csv-file filename and press Enter. The anonymous groups are exported to the specified file and the SCE 1000(config if)# prompt appears.
Chapter 8 Managing Subscribers Removing Subscribers and Templates • no subscriber anonymous-group name These subscriber management commands are LineCard interface commands. Make sure that you are in LineCard Interface command mode, (see “Entering LineCard Interface Mode,” page and that the SCE 1000(config if)# prompt appears in the command line. To remove a specific subscriber: Step 1 From the SCE 1000(config if)# prompt, type no subscriber name subscriber-name and press Enter.
Chapter 8 Managing Subscribers Monitoring Subscribers To remove all anonymous subscribers: Step 1 From the SCE 1000# prompt, type clear interface linecard 0 subscriber anonymous all and press Enter. All anonymous subscribers are removed from the system, and the SCE 1000(config)# prompt appears. Note The clear subscriber anonymous command is a Privileged Exec command.
Chapter 8 Managing Subscribers Monitoring Subscribers Monitoring the Subscriber Database Use the following commands to display statistics about the subscriber database, and to clear the “total” and “maximum” counters. • show interface linecard 0 subscriber db counters • clear interface linecard 0 subscriber db counters To display statistics about the subscriber database: Step 1 From the SCE 1000# prompt, type show interface linecard 0 subscriber db counters and press Enter.
Chapter 8 Managing Subscribers Monitoring Subscribers Displaying Subscribers You can display specific subscriber name(s) that meet various criteria: • A subscriber property is equal to, larger than, or smaller than a specified value • Subscriber name matches a specific prefix or suffix • Mapped to a specified IP address range • Mapped to a specified VLAN ID Use the following commands to display subscribers: • show interface linecard 0 subscriber [amount] • [prefix ‘prefix’] [property ‘property
Chapter 8 Managing Subscribers Monitoring Subscribers To display subscribers that match a specified prefix: Step 1 From the SCE 1000# prompt, type show interface linecard 0 subscriber prefix ‘prefix’ and press Enter. To display subscribers that match a specified suffix: Step 1 From the SCE 1000# prompt, type show interface linecard 0 subscriber suffix ‘suffix’ and press Enter.
Chapter 8 Managing Subscribers Monitoring Subscribers Displaying Subscribers: By IP Address or VLAN ID You can display the subscribers who are mapped to any of the following: • A specified IP address, or range of IP addresses • IP addresses intersecting a given IP address or IP range • A specified VLAN ID • no mapping You can also display just the number of subscribers are mapped to IP addresses that intersect a given IP address or IP range.
Chapter 8 Managing Subscribers Monitoring Subscribers To display the number of subscribers that are mapped to IP addresses that intersect a given IP address or IP range: Step 1 From the SCE 1000# prompt, type show interface linecard 0 subscriber amount mapping intersecting IP ‘iprange’ and press Enter. To display the number of subscribers with no mapping: Step 1 From the SCE 1000# prompt, type show interface linecard 0 subscriber amount mapping none and press Enter.
Chapter 8 Managing Subscribers Monitoring Subscribers To display complete information for a specified subscriber - all values of subscriber properties and mappings: Step 1 From the SCE 1000# prompt, type show interface linecard 0 subscriber name ‘name’ and press Enter. To display values of subscriber properties for a specified subscriber: Step 1 From the SCE 1000# prompt, type show interface linecard 0 subscriber name ‘name’ properties and press Enter.
Chapter 8 Managing Subscribers Monitoring Subscribers • show interface linecard 0 subscriber amount anonymous [name ‘groupname’] • show interface linecard 0 subscriber anonymous [name ‘groupname’] To display the currently configured anonymous groups: Step 1 From the SCE 1000# prompt, type show interface linecard 0 subscriber anonymous-group all and press Enter.
Chapter 8 Managing Subscribers Subscriber Aging To display the total number of subscribers in anonymous groups: Step 1 From the SCE 1000# prompt, type show interface linecard 0 subscriber amount anonymous and press Enter. Subscriber Aging As explained previously, aging is the automatic removal of a subscriber when no traffic sessions assigned to it have been detected for a certain amount of time. Aging may be enabled or disabled, and the aging timeout period (in minutes) can be specified.
Chapter 8 Managing Subscribers Subscriber Aging To disable aging for introduced subscribers: Step 1 From the SCE 1000(config if)# prompt, no subscriber aging introduced and press Enter. To set the aging timeout period (in minutes) for anonymous group subscribers: Step 1 From the SCE 1000(config if)# prompt, subscriber aging anonymous timeout ‘aging-time’ and press Enter.
CHAPTER 9 Identifying And Preventing Distributed-Denial-OfService Attacks This chapter describes the ability of the SCE 1000 to identify and prevent DoS and DDoS attacks, and the various procedures for configuring and monitoring the Attack Filter Module.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Attack Detection The above two metrics are maintained for each IP address, and the system tracks the values against pre- defined (and user- configurable) thresholds (an attack is defined when the threshold is breached for a certain IP address). Note that the system makes a distinction between an Attack- Source & Attack-Destination.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Attack Detection Thresholds Attack detection and handling are user-configurable. The remainder of this chapter explains how to configure and monitor attack detection. Attack Detection Thresholds There are two counters that are used for attack detection. These counters are maintained by the SCE Platform for each IP address, protocol, interface and attack-direction.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Attack Handling • • Attack end: Reported when both the number of concurrent open-flows and the number of DDoS-suspected flows are below the threshold value for at least 3 seconds Configuring subscriber-notification: • Enabled: If the subscriber IP address is detected to be attacked or attacking, the subscriber is notified about the attack. • Disabled: The subscriber is not notified about the attack.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Configuring Attack Detectors Configuring Attack Detectors The Cisco attack detection mechanism is controlled by defining and configuring special entities called Attack Detectors. There is one attack detector called ‘default’, which is always enabled, and 99 attack detectors (numbered 1-99), which are disabled by default.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Configuring Attack Detectors To let the SCE Platform treat such special cases differently, the user can configure non-default attack detectors in the range of 1-99. Like the default attack detector, non-default attack detectors can be configured with different sets of values of action and thresholds for every combination of Protocol, attack direction and side.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Configuring Attack Detectors Note • [no] attack-filter subscriber-notification ports • no attack-detector All the above CLI commands are line interface configuration commands. You must enter line interface configuration mode and see the SCE 1000(config if)# prompt displayed. Enabling Specific-IP Detection By default, specific-IP detection is disabled, however the user may enable it.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Configuring Attack Detectors To define action and optionally the default thresholds: Step 1 From the SCE 1000(config if)# prompt, type attack-detector default protocol (TCP|UDP|ICMP|other) attack-direction (attacksource|attack-destination|both) side (subscriber|network|both) action (report|block) [open-flows ddos-suspected-flows ] and press Enter.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Configuring Attack Detectors Use these commands to define thresholds, actions, and subscriber notification setting for a specific attack detector for a particular situation (protocol/attack direction/side). To enable a specific attack detector and assign and it an ACL: Step 1 From the SCE 1000(config if)# prompt, type attack-detector access-list comment and press Enter.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Configuring Attack Detectors Use the following command to set the subscriber notification setting for a given attack detector and a given combination of protocol, direction and side.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Configuring Subscriber Notifications SCE 1000(config if)# exit (Define the ACL) SCE 1000(config)# access-list 3 permit 10.1.1.10 SCE 1000(config)# access-list 3 permit 10.1.1.13 Configuring Subscriber Notifications Subscriber notification is a capability used- for notifying a subscriber in real-time about current attacks involving IP addresses mapped to that subscriber.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Managing Attack Filtering Managing Attack Filtering After configuring the attack detectors, the SCE Platform automatically detects attacks and handles them according to the configuration. However, there are scenarios in which a manual intervention is desired, either for debug purposes, or because it is not trivial to reconfigure the SCE attackdetectors properly.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Managing Attack Filtering Preventing Attack Filtering Attack filtering can be prevented for a specified IP address/protocol by executing a dontfilter CLI command. If filtering is already in process, it will be stopped. When attack filtering has been stopped, it remains stopped until explicitly restored by another CLI command (either force-filter or no dont-filter).
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Monitoring Attack Filtering To undo forced attack filtering for the specified situation: Step 1 From the SCE 1000# prompt, type no attack-filter slot 0 force- filter ip protocol (TCP|UDP|ICMP|other) attackdirection (attack-source|attack-destination|both) side (subscriber|network|both) and press Enter.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Monitoring Attack Filtering To display the default attack detector configuration: Step 1 From the SCE 1000# prompt, type show interface linecard 0 attack- detector default and press Enter. To display all attack detector configurations: Step 1 From the SCE 1000# prompt, type show interface linecard 0 attack- detector all and press Enter.
Chapter 9 Identifying And Preventing Distributed-Denial-Of-Service Attacks Monitoring Attack Filtering To display all existing stopped attack filters Step 1 From the SCE 1000# prompt, type show interface linecard 0 attack- filter dont-filter and press Enter. To display the list of ports selected for subscriber notification Step 1 From the SCE 1000# prompt, type show interface linecard 0 attack- filter subscriber-notification ports and press Enter. SCE 1000 2xGBE Release 2.0.
CHAPTER 10 Troubleshooting This chapter discusses common problems and solutions when configuring the SCE 1000 or one of its components. Whenever there is a problem or a suspected problem, search the user log for warnings and/or errors that might indicate the reason for the problem. The following instructions will help you troubleshoot the SCE 1000 platform. However, it is advisable to first review the chapter that discusses the related features before trying to resolve the problem.
Chapter 10 Troubleshooting Front Panel LEDs • Resolution column: Assists in resolving the problem, and refers to the relevant chapter for further instructions. In most cases, you will need to refer to these chapters for detailed information. Front Panel LEDs The front panel LEDS are the most immediate problem-detection mechanism of the platform. This section explains the different problems that might be indicated by the LED and their immediate resolution.
Chapter 10 Troubleshooting Front Panel LEDs Symptom How to look for the specific cause Possible Cause Resolution Management port link LED is unlit CLI commands: Management port link is down. Check the management interface port by performing a ping command to the SCE 1000 platform. If connection is functional contact customer support show interface GigabitEthernet 0/# If the management link is down, you might need to use the Console port. For possible causes, see below.
Chapter 10 Troubleshooting Front Panel LEDs Symptom How to look for the specific cause Possible Cause Status LED is red CLI commands: Platform is in Failure status. show system operationstatus Resolution System Operation status is Failure Platform reload fails Warning message in the user log file Power-on self tests failed Reload the SCE Platform. (use CLI reload command) If problem is not solved, reopen the software package. See Software Package Installation (on page 10-12).
Chapter 10 Troubleshooting Management Link Management Link There are several cases that might cause a management link problem. When a Telnet connection cannot be established, you need to use the SCE 1000 serial Console port in order to open the CLI session. This enables you to solve the problem and reconnect through the management port.
Chapter 10 Troubleshooting RDR Reports Symptom How to look for the specific cause Possible Cause Resolution CLI Commands: Too many Telnet connections (up to 5 concurrent sessions are supported) Close one or more of the open Telnet sessions Default gateway is incorrect (when the host used as client is not in the same network as the SCE Platform) Check / reconfigure default gateway.
Chapter 10 Troubleshooting RDR Reports Table 10-3 RDR Reports Symptom How to look for the specific cause Resolution • Configuration problems No RDR reports No RDR reports are sent from the SCE Platform Possible Cause CLI commands: • show RDRformatter connection-status (Connection is down) • RDR connection is not • Check / configure RDR configured or configured to destination. a host which is non• Refer to The RDR functional Formatter (on page 619).
Chapter 10 Troubleshooting RDR Reports Symptom How to look for the specific cause Possible Cause Resolution • System operation-status problem No RDR reports System status is not Operational Front panel LEDs indications. CLI commands: • Boot time failure • Run time failure • Link problems show system operation-status Check the system status, front panel LEDs and user log file for problem indications. Handle the problem according to the warning / error in the user log.
Chapter 10 Troubleshooting RDR Reports Symptom How to look for the specific cause Resolution • Traffic configuration or connection problems No RDR reports RDR reports are not generated due to traffic problems Possible Cause If all previous options were correctly functioning / configured , check if traffic reaches the SCE 1000. Traffic connection may be • Check GBE interface cutoff at the SCE Platform or link LEDs.
Chapter 10 Troubleshooting GBE Interfaces Connectivity GBE Interfaces Connectivity In general, the case where no traffic is coming out of the SCE 1000 is often caused by link problems or GBE interface configuration. Note that in some cases, the problem which seems as a transmit problem could be in the Rx (no traffic is being received by the SCE 1000 or there is actually no traffic on the line, which could be a normal situation).
Chapter 10 Troubleshooting GBE Interfaces Connectivity Symptom How to look for the specific cause Possible Cause Resolution Peer does not receive traffic from SCE Platform • GBE interface link LED is continuous green • GBE interfaces autonegotiation is disabled at the SCE Platform but enabled at peer • Check autonegotiation in SCE Platform and in peer GBE link is up and Tx LED is flashing correctly • GBE interface Tx LED is flashing CLI commands: • show interface GigaBitEthernet 0/# counters Chec
Chapter 10 Troubleshooting Software Package Installation Software Package Installation When encountering problems during the installation of a new software package on the SCE 1000, check the following options.
Chapter 10 Troubleshooting Software Package Installation Symptom How to look for the specific cause Possible Cause Resolution Package installation failure CLI commands: • /tffs0/ device is full • Delete old and unnecessary files and try the package extraction again • Boot system filename Returned error is: • Error—There are only X free bytes on device , but Y bytes are needed for the extraction (where X and Y are stated in bytes) SCE 1000 2xGBE Release 2.0.
Chapter 10 Troubleshooting User Log User Log The following table describes the possible causes of user log problems. Table 10-6 User Log Symptom How to look for the specific cause Possible Cause Resolution User log files are empty CLI commands: Check logger device User-File-Log configuration. • Verify that the device is enabled • more user-log The presented log is empty.
Chapter 10 Troubleshooting User Log Symptom Message time stamps in the log file are not as expected How to look for the specific cause Possible Cause Resolution • Clock or timezone configuration is incorrect (wrong time or time zone) • Configure clock time and time zone Refer to Time Clocks and Time Zone (on page 611). SCE 1000 2xGBE Release 2.0.
CHAPTER 11 Maintenance The SCE 1000 has redundant, field replaceable power supplies and fan module. This chapter explains how to replace the power supplies and fan module. This chapter contains the following sections: • Replacing the Battery 11-1 • Replacing the Fan Module 11-2 • Replacing the Power Module 11-3 Replacing the Battery The SCE 1000 has a lithium battery on its main circuit board. When the battery loses its charge, call Cisco Technical Support to replace the battery.
Chapter 11 Maintenance Replacing the Fan Module Replacing the Fan Module TheSCE 1000 has a removable fan unit with five fans. This unit is accessed from the rear of the device. When a fan malfunctions, the fan module should be replaced as promptly as possible. Although it is possible for the unit to function for some time with one non-functioning fan, this is not optimal or recommended. Warning When removing the fan drawer, keep hands and fingers away from the spinning fan blades.
Chapter 11 Maintenance Replacing the Power Module Replacing the Power Module Both AC and DC power modules are field replaceable; if one of the power supplies fails, you can simply replace it using the following procedure. The AC power supply and DC power supplies are different and cannot be interchanged. The power supply units are asymmetrical, with screws in only two diagonal corners of the unit.
Chapter 11 Maintenance Replacing the Power Module To replace a power module: Step 1 Turn the module OFF. Step 2 Make sure that the module power distribution is turned off Step 3 Disconnect all power cables from the module. Step 4 Unscrew the module and slide it out of the chassis. Step 5 Fit the groove in the side of the new power supply module into the guide in the chassis and gently, but firmly, slide the module into place. Refer to the two following illustrations.
Chapter 11 Maintenance Replacing the Power Module Step 6 Fasten the module into place using the module screw. Step 7 Rewire the new module with the power cables the same way as the old power supply had been wired. Step 8 Turn on the module power distribution . Step 9 Turn the module ON. SCE 1000 2xGBE Release 2.0.
APPENDIX A CLI Command Reference This appendix contains all the CLI commands available on the SCE 1000 platform. This reference is divided into sections according to the mode in which the commands can be invoked, as shown in the following diagram and described in Command Line Interface (on page 3-1). Figure A-1: CLI Command Hierarchy SCE 1000 2xGBE Release 2.0.
Appendix A Functional Information The following commands are used to enter the different configure interface modes and the Line Configuration Mode: E1 interface LineCard 0 E2 interface FastEthernet 0/0 E3 interface GigabitEthernet 0/1 or 0/2 E4 line vty 0 or 1 or 2 or 3 or 4 Each command is broken down into the following sub-sections: Command syntax The general format of the command. Description Description of what the command does. Default If relevant, the default setting for the command.
Appendix A Syntax and Conventions Login and User Levels To log in to the SCE 1000, start a Telnet session from your computer to connect to the Command Line Interface (CLI). When you initially connect to the SCE 1000, you are automatically in the User authorization level, which is the most basic mode with minimum functionality. In order to perform administrative functions on the SCE 1000, you must enter the passwordprotected Admin or Root authorization levels.
Appendix A All Modes All Modes exit Exits the current mode and reverts to the mode used prior to the current mode. Default 0 Authorization Mode admin all USAGE GUIDELINES • Use this command each time you want to exit a mode. The system prompt changes to reflect the lower-level mode. EXAMPLE: The following example exits from the Configure Interface Mode to Global Configuration Mode and then to Privileged Exec Mode. SCE 1000(config if)#exit SCE 1000(config)#exit SCE 1000# SCE 1000 2xGBE Release 2.0.
Appendix A All Modes ? Lists all commands available for the current command mode. You can also use the ? command to get specific information on a keyword or parameter. To obtain a list of commands that begin with a particular character string, enter the abbreviated command entry immediately followed by a question mark (?).
Appendix A Exec Mode Commands Exec Mode Commands disable [level] Moves the user from a higher level of authorization to a lower user level. Authorization Mode user Exec PARAMETERS level User authorization level (0, 10, 15) as specified in Login and User Levels (on page A-3), in table Authorization Levels. USAGE GUIDELINES • Use this command with the level option to lower the user privilege level. If a level is not specified, it defaults to User mode.
Appendix A Exec Mode Commands help Prints a list of keyboard bindings (shortcut commands). Authorization Mode user Exec EXAMPLE: The following example shows the partial output of the help bindings command. SCE 1000>help bindings Line Cursor Movements --------------------Ctrl-F /-> Moves cursor Ctrl-B /<- Moves cursor Esc-F Moves cursor Esc-B Moves cursor Ctrl-A Moves Ctrl-E Moves Esc F Moves Esc B Moves cursor Editing ------Ctrl-D Esc-D Backspace Ctrl-H “ Ctrl-K Ctrl-U line.
Appendix A Global Configuration Mode Commands Global Configuration Mode Commands access-list number permission address Adds an entry to the bottom of the specified access list. Authorization Mode admin Global Configuration PARAMETERS number An access-list number (1–99). permission Indicates whether the IP address should be allowed or denied access permission according to the list. deny Deny access to list member. permit Permit access to list member. address Addresses to be matched by this entry.
Appendix A Global Configuration Mode Commands no access-list number Removes an entire access list (together with all its entries). Authorization Mode admin Global Configuration PARAMETERS number An access-list number (1–99). EXAMPLE: The following example removes access list 1. SCE 1000(config)#no access-list 1 SCE 1000(config)# [no] boot system ftp://username[:password]@server-address[ :port]/path/source-file destination-file Specifies a new package file to install.
Appendix A Global Configuration Mode Commands [no] clock timezone zone hours [minutes] Sets the time zone. Use the [no] version of this command to remove current time zone setting. The purpose of setting the time zone is that the system can correctly interpret time stamps data coming from systems located in other time zones. Default GMT (hours=0) Authorization Mode admin Global Configuration PARAMETERS zone The name of the time zone to be displayed. hours The hours offset from GMT (UTC).
Appendix A Global Configuration Mode Commands enable password [level level] [encryption-type] password Configures a password for the specified authorization level, thus preventing unauthorized users from accessing the SCE 1000. Authorization Mode admin Global Configuration Default pcube PARAMETERS level User authorization level (0, 10, 15) as specified in Login and User Levels (on page A-3), in table Authorization Levels. If no level is specified, the default is Admin (10).
Appendix A Global Configuration Mode Commands no enable password [level level] Resets the password for the specified authorization level to the default value. For the user level, this means that no password is required. For the admin and root levels, the password is restored to the default value ‘pcube’. Authorization Mode admin Global Configuration Default pcube PARAMETERS level User authorization level (0, 10, 15) as specified in in Login and User Levels (on page A-3), in table Authorization Levels.
Appendix A Global Configuration Mode Commands hostname host-name Modifies the name of the SCE 1000. The host name is part of the displayed prompt. Default SCE 1000 Authorization Mode admin Global Configuration PARAMETERS host-name The new host name. EXAMPLE: The following example changes the host name to MyHost. SCE 1000(config)#>hostname MyHost MyHost(config)#>psnn interface FastEthernet slot-number/interface-number Enters FastEthernet Interface Configuration mode.
Appendix A Global Configuration Mode Commands interface LineCard slot-number Enters LineCard Interface Configuration Mode. Authorization Mode admin Global Configuration PARAMETERS slot-number The number of the identified slot. Enter a value of 0. USAGE GUIDELINES • The system prompt changes to reflect the Line Card Configuration mode. To return to Global Configuration Mode, type exit. EXAMPLE: The following example enters LineCard Interface Configuration Mode.
Appendix A Global Configuration Mode Commands [no] ip advertising [destination destination] [interval interval] Enables IP advertising. If the destination and/or interval is not configured, the default values are assumed. Use the [no] version of the command to disable IP advertising. Default disabled Authorization Mode admin Global Configuration PARAMETERS destination The IP address of the destination for the ping requests Default: 127.0.0.
Appendix A Global Configuration Mode Commands [no] ip default-gateway x.x.x.x Configures the default gateway for the SCE 1000. Use the [no] form of this command to unset the SCE 1000 default gateway. Authorization Mode admin Global Configuration PARAMETERS x.x.x.x The IP address of the default gateway for the SCE 1000. EXAMPLE: The following example sets the default gateway IP of the SCE 1000 to 10.1.1.1. SCE 1000(config)#ip default-gateway 10.1.1.
Appendix A Global Configuration Mode Commands The following example removes the configured domain name. SCE 1000(config)#no ip domain-name SCE 1000(config)# ip host hostname ip-address Adds a host name and address to the host table. Authorization Mode admin Global Configuration PARAMETERS hostname The host name to be added. ip-address The host IP address in x.x.x.x format. EXAMPLE: The following example adds a host to the host table. SCE 1000(config)#ip host PC85 10.1.1.
Appendix A Global Configuration Mode Commands [no] ip name-server server-address1 [server-address2] [server-address3] Specifies the address of 1–3 servers to use for name and address resolution. The system maintains a list of up to 3 name servers. If the current list is not empty, this command adds the specified servers to the list. The [no] form of this command removes specified servers from the current list.
Appendix A Global Configuration Mode Commands default ip rmi-adapter port Resets the RMI adapter port assignment to the default port (1099). Authorization Mode admin Global Configuration EXAMPLE: The following example shows how reset the RMI adapter port. SCE 1000(config)# default ip rmi-adapter port ip route prefix mask next-hop Adds an IP routing entry to the routing table. Authorization Mode admin Global Configuration PARAMETERS prefix The new entry’s prefix. mask The new entry’s subnet mask.
Appendix A Global Configuration Mode Commands no ip route prefix mask Removes an IP routing entry from the routing table. Authorization Mode admin Global Configuration PARAMETERS prefix The new entry’s prefix. mask The new entry’s subnet mask. USAGE GUIDELINES • All addresses must be in dotted notation. EXAMPLE: The following example removes the entry added in the previous example SCE 1000(config)#no ip route 244.50.4.0 255.255.255.
Appendix A Global Configuration Mode Commands ip rpc-adapter port port-number Defines the RPC adapter port. Authorization Mode admin Global Configuration PARAMETERS port-number The number of the port assigned to the RPC adapter. EXAMPLE: The following example shows how to configure the RPC interface, specifying 1444 as the RPC adapter port.
Appendix A Global Configuration Mode Commands logger device User-File-Log status Disables or enables the logger device. Authorization Mode admin Global Configuration Default enabled PARAMETERS status enabled or disabled, indicating whether to turn on or off logging. EXAMPLE: The following example disables the User-File-Log device. SCE 1000(config)#logger device User-File-Log disabled SCE 1000(config)# logger device User-File-Log max-file-size size Sets the maximum log file size.
Appendix A Global Configuration Mode Commands [no] management-agent system package-file-name Specifies a new package file to install for the management agent. The SCE 1000 extracts the actual image file(s) from the specified package file only during the copy running-config startup-config command. When using the [no] version of this command, you do not have to specify the package-file-name.
Appendix A Global Configuration Mode Commands RDR-formatter history-size Configures the size of the history buffer Note The size of the history buffer in RDRv1 must be zero bytes, even though the system will accept a command specifying a larger size. Authorization Mode admin Global Configuration Default 0 PARAMETERS size Size of the history buffer in bytes. Range: 0-64,000 bytes EXAMPLE: The following example configures the size of the history buffer to 16000 bytes.
Appendix A Global Configuration Mode Commands RDR-formatter protocol protocol [force-reset] Defines the protocol (RDR formatter version) of the RDR formatter. The protocol can be changed only if the RDR formatter is disabled. Therefore, you must do one of the following: • Explicitly disable the RDR formatter before using the command, and then enable it again afterwards (see the first example).
Appendix A Global Configuration Mode Commands RDR-formatter destination ip-address port port-number [category {name category name }| {number [1-4]}] [priority priority-value] Configures an RDR destination entry. Up to four entries can be configured. Each entry must have a different priority. The entry with the highest priority is used by the RDR formatter, provided that a connection with this destination can be established.
Appendix A Global Configuration Mode Commands no RDR-formatter destination all Removes all of the configured RDR-formatter peer connection for the list of possible destinations. Authorization Mode admin Global Configuration EXAMPLE: The following example removes all RDR formatter destinations.
Appendix A Global Configuration Mode Commands [no] service RDR-formatter Enables/disables the RDR-formatter. The RDR-formatter is the element that formats the reports of events produced by the LineCard and sends them to an external data collector. Use the [no] form of this command to disable the RDR-formatter. Default Enabled Authorization Mode admin Global Configuration EXAMPLE: The following example enables the RDR-formatter.
Appendix A Global Configuration Mode Commands [no] service telnetd Enables/disables Telnet daemon. Use the [no] form of this command to disable the daemon preventing new users from accessing the SCE 1000 via Telnet. Default enabled Authorization Mode admin Global Configuration EXAMPLE: The following example enables the Telnet daemon. SCE 1000(config)#service telnetd SCE 1000(config)# no snmp-server Disables the SNMP agent from responding to SNMP managers.
Appendix A Global Configuration Mode Commands [no] snmp-server community community-string [read-option] [acl-number] Sets a community string. The optional acl-number parameter states the access list number to restrict the managers that can use this community. Default no SNMP access Authorization Mode admin Global Configuration PARAMETERS community-string The SNMPv1 and SNMPv2c security string that identifies a community of managers that can access the SNMP server.
Appendix A Global Configuration Mode Commands [no | default] snmp-server enable traps [snmp [snmp trap name]] [enterprise [enterprise trap name]] Enables/disables SNMP traps (only authentication-failure traps and enterprise traps can be controlled using this command). Use the [default] form of this command to reset SNMP traps to the default status.
Appendix A Global Configuration Mode Commands [no] snmp-server host address [traps] [version version] community-string Sets destination hosts for SNMP traps. Default No hosts Authorization Mode admin Global Configuration PARAMETERS address The IP address of the SNMP server host. traps Optional switch, does not influence command functionality. version Version of the SCE 1000 software running in the system. Can be set to 1 or 2c.
Appendix A Global Configuration Mode Commands [no] sntp broadcast client Enables the SNTP multicast client to accept SNTP broadcasts from any SNTP server. Use the [no] form of this command to disable the SNTP multicast client. Default disabled Authorization Mode admin Global Configuration EXAMPLE: The following example enables the SNTP multicast client.
Appendix A Global Configuration Mode Commands sntp update-interval interval Defines the interval (in seconds) between SNTP uni-cast update queries. Default 900 Authorization Mode admin Global Configuration PARAMETERS interval The interval between queries in seconds. EXAMPLE: The following example sets the SNTP update interval for 100 seconds. SCE 1000(config)# sntp update-interval 100 SCE 1000(config)# SCE 1000 2xGBE Release 2.0.
Appendix A LineCard Interface Configuration Mode Commands LineCard Interface Configuration Mode Commands [no] attack-detector default Defines default thresholds and attack handling action. If a specific attack detector is defined for a particular situation (protocol/attack direction/side), it will override these defaults. Use the [no] version of this command to delete the user-defined defaults. The system defaults will then be used.
Appendix A LineCard Interface Configuration Mode Commands [no] attack-detector Configures a specific attack detector for a particular situation (protocol/attack direction/side) with the assigned number. Use the [no] version of this command to delete the specified attack detector.
Appendix A LineCard Interface Configuration Mode Commands attack-detector access-list Enables the specified attack detector and assigns an access control list (ACL) to it. Authorization Mode admin LineCard Interface Configuration PARAMETERS access-list The number of the ACL containing the IP addresses selected by this detector comment For documentation purposes EXAMPLE: The following example enables attack detector number "2", and assigns ACL "8".
Appendix A LineCard Interface Configuration Mode Commands L2TP identify-by Configures the port number that the LNS and LAC use for L2TP tunnels. The default port number is 1701. default 1701 Authorization Mode admin LineCard Interface Configuration EXAMPLE: The following example identifies the L2TP port as being port# 1000. SCE 1000(config if)#L2TP identify-by port-number <1000> connection-mode Sets the connection mode to either inline (on the wire) or receive-only (using beam splitter or switch).
Appendix A LineCard Interface Configuration Mode Commands [no] link failure-reflection [on-all-ports] Enables/disables the link failure reflection. Default Disabled Authorization Mode admin LineCard Interface Configuration USAGE GUIDELINES • Use the on-all-ports keyword to enable reflection of a link failure to all ports • Use the [no] form of this command to disable failure reflection (the on-all-ports keyword is not used in the [no] form of the command).
Appendix A LineCard Interface Configuration Mode Commands MPLS Configures the MPLS environment. default Traffic-Engineering Authorization Mode admin LineCard Interface Configuration USAGE GUIDELINES • Use the VPN keyword when the labels are mandatory in the traffic, otherwise use the Traffic-Engineering keyword. EXAMPLE: The following example selects the VPN MPLS tunnel environment.
Appendix A LineCard Interface Configuration Mode Commands pqi uninstall file filename Uninstalls the specified pqi file. This may take up to 5 minutes Authorization Mode admin LineCard Interface Configuration PARAMETERS filename The filename of the pqi application file to be uninstalled. It must be the pqi file that was installed last. USAGE GUIDELINES • Always specify the last pqi file that was installed.
Appendix A LineCard Interface Configuration Mode Commands [no] silent Disables the LineCard from reporting events. Use the [no] form of this command if you want the LineCard to send reports. Default No silent Authorization Mode admin LineCard Interface Configuration EXAMPLE: The following example changes the LineCard state to silent.
Appendix A LineCard Interface Configuration Mode Commands scm apply file file-name Applies an scm configuration file. Authorization Mode admin LineCard Interface Configuration USAGE GUIDELINES • scm configuration files are specific to the current application installed. Refer to the relevant application documentation for the definition of file format and content. EXAMPLE: The following example applies a scm configuration file that disables TOS marking.
Appendix A LineCard Interface Configuration Mode Commands subscriber export csv-file filename Exports subscribers to the specified csv file. Subscriber csv files are application-specific. Refer to the relevant application documentation for the definition of the file format. Authorization Mode admin LineCard Interface Configuration PARAMETERS filename Name of the csv file to which the subscriber information is to be exported. EXAMPLE: The following example exports subscribers to the specified file.
Appendix A LineCard Interface Configuration Mode Commands subscriber anonymous-group export csv-file filename Exports anonymous groups to the specified csv file. Authorization Mode admin LineCard Interface Configuration PARAMETERS filename Name of the csv file to which the anonymous groups information is to be exported. EXAMPLE: The following example exports anonymous groups information to the specified file SCE 1000(config if)# subscriber anonymous-group export csv-file s_g_0507.
Appendix A LineCard Interface Configuration Mode Commands no subscriber [name subscriber-name] [all] Removes a specified subscriber from the system. Use the ‘all’ form to remove all introduced subscribers. Authorization Mode admin LineCard Interface Configuration EXAMPLE: The following example removes all subscriber. SCE 1000(config if)# no subscriber all SCE 1000(config if)# no subscriber anonymous-group [name group-name] [all] Removes a specified anonymous subscriber group from the system.
Appendix A LineCard Interface Configuration Mode Commands tos-marking mode mode Enables TOS marking. The SCE 1000 can mark the IP ToS field of transmitted packets, according to the Diffserv scheme standard code points. The platform supports the association of services to the following Diffserv classes: BE (Best effort), EF (Expedited forwarding), AF1, AF2, AF3 and AF4 (Assured forwarding 1-4, respectively).
Appendix A LineCard Interface Configuration Mode Commands tos-marking set-table-entry class class color color value value The SCE 1000 supports configuration via CLI of the mapping between the class and coloring and the exposed DSCP (Diffserv Code Points) values. The default of this table is direct mapping of the Diffserv standard code points. The TOS table reads the class and color of the packet being transmitted, and assigns the value set in the table according to the color and class.
Appendix A LineCard Interface Configuration Mode Commands [no] traffic-counter Defines a new traffic counter. Use the no form of the command to delete an existing traffic counter. Authorization Mode admin LineCard Interface Configuration PARAMETERS name name to be assigned to this traffic counter. USAGE GUIDELINES • Use the count-bytes keyword to enable counting the bytes in each packet. The counter will increment by the number of bytes in each packet.
Appendix A LineCard Interface Configuration Mode Commands ports subscriber-side and network-side flags TCP direction upstream/downstream/all traffic-counter action name of traffic counter/none block/ignore USAGE GUIDELINES IP specification: all|([all-but] (|)) • is a single IP address in dotted-decimal notation, such as 10.1.2.
Appendix A LineCard Interface Configuration Mode Commands Flags = RST flag when value = 1 and all ACK flag values Direction = downstream Traffic counter = counter2 Action = Block The actions performed will be counting and blocking SCE 1000 (config if)# traffic-rule rule2 IP-addresses subscriber-side all network-side all-but 10.10.10.
Appendix A LineCard Interface Configuration Mode Commands VLAN Configures the VLAN environment. There are three options: • symmetric classify • symmetric skip (default) • a-symmetric skip default symmetric skip Authorization Mode admin LineCard Interface Configuration EXAMPLE: The following example enables recognition of L2TP tunnels. SCE 1000(config if)#vlan symmetric skip SCE 1000 2xGBE Release 2.0.
Appendix A FastEthernet Interface Configuration Mode Commands FastEthernet Interface Configuration Mode Commands [no] duplex mode Configures the duplex operation of the FastEthernet Interface to either half duplex, or full duplex. auto means auto-negotiation (do not force duplex on the link). Default Auto Authorization Mode admin FastEthernet Interface Configuration PARAMETERS mode Set to auto, full or half to indicate the duplex mode.
Appendix A FastEthernet Interface Configuration Mode Commands [no] speed speed Configures the speed of the FastEthernet Interface to either 10 Mbps or 100 Mbps. auto means auto-negotiation (do not force speed on the link). Default auto Authorization Mode admin FastEthernet Interface Configuration PARAMETERS speed The speed in Mbps or auto-negotiation. Can be set to 10, 100 or auto. USAGE GUIDELINES • Changing this configuration takes effect only if the duplex mode is not configured to auto.
Appendix A GigaBitEthernet Interface Configuration Mode Commands GigaBitEthernet Interface Configuration Mode Commands [no|default] auto-negotiate Configures the GigaBitEthernet Interface auto-negotiation mode. Use this command to either enable or disable auto-negotiation. When set to no auto-negotiation, auto-negotiation is always disabled, regardless of the connection mode.
Appendix A GigaBitEthernet Interface Configuration Mode Commands queue queue-number bandwidth bandwidth burst-size burstsize Sets the queue shaping. Default Bandwidth=100000K (100 Mega bps), burst size=8000 (8 K bytes) Authorization Mode admin GigabitEthernet Interface Configuration PARAMETERS queue-number Queue-number from 1–4, where 4 is the highest priority (fastest). 1=BE, 2, 3=AF, and 4=EF. BE is the best effort queue, that is the lowest priority.
Appendix A Line Configuration Mode Commands Line Configuration Mode Commands [no] access-class number in Restricts Telnet server access to those addresses listed in the specified access list. Use the [no] form of this command to set the Telnet server to accept access from any address. Default No access list Authorization Mode admin Line Configuration Mode PARAMETERS number An access-list number (1–99). EXAMPLES: The following example configures an access class for all Telnet lines.
Appendix A Line Configuration Mode Commands no timeout Configures the Telnet server to work with no timeout. No matter how long there is no activity on the Telnet session, the system does not automatically disconnect the Telnet session. Authorization Mode admin Line Configuration Mode EXAMPLE: The following example disables the timeout. SCE 1000(config-line)#no timeout SCE 1000(config-line)# SCE 1000 2xGBE Release 2.0.
Appendix A Privileged Exec Mode Commands Privileged Exec Mode Commands [no] attack-filter slot-number dont-filter Prevents attack filtering for a specified IP address/protocol. If filtering is already in process, it will be stopped. When attack filtering has been stopped, it remains stopped until explicitly restored by another CLI command (either specific or general). Use the [no] form of this command to restore attack filtering.
Appendix A Privileged Exec Mode Commands [no] attack-filter slot-number force-filter Forces attack filtering for a specified IP address/protocol. When attack filtering has been forced, it continues until explicitly stopped by another CLI command (either specific or general). Use the [no] form of this command to stop attack filtering. Authorization Mode admin Privileged EXEC PARAMETERS slot-number The number of the identified slot. Enter a value of 0.
Appendix A Privileged Exec Mode Commands [no] blink slot slot-number Blinks a slot LED for visual identification. Use the [no]form of this command to stop the slot blinking. Default Not blinking Authorization Mode admin Privileged EXEC PARAMETERS slot-number The number of the identified slot. Enter a value of 0. EXAMPLE: The following example configures the SCE 1000 to stop blinking. SCE 1000#no blink slot 0 SCE 1000# calendar set hh:mm:ss day month year Sets the system calendar.
Appendix A Privileged Exec Mode Commands cd new-path Changes the path of the current working directory. Authorization Mode admin Privileged EXEC PARAMETERS new-path The path name of the new directory. This can be either a full path or a relative path. USAGE GUIDELINES • The new path should already have been created in the local flash file system. EXAMPLE: The following example shows the current directory and then changes the directory to the log directory located under the root directory.
Appendix A Privileged Exec Mode Commands clear interface LineCard slot-number counters Clears the LineCard Interface counters. Authorization Mode admin Privileged EXEC PARAMETERS slot number The number of the identified slot. Enter a value of 0. EXAMPLE: The following example clears the Line-Card 0 counters. SCE 1000#clear interface LineCard 0 counters SCE 1000# clear interface LineCard slot-number MAC-mapping Clear all dynamic entries from the MAC mapping table.
Appendix A Privileged Exec Mode Commands clear interface LineCard slot-number subscriber db counters Clears the “total” and “maximum” subscribers database counters. Authorization Mode admin Privileged EXEC PARAMETERS slot number The number of the identified slot. Enter a value of 0. EXAMPLE: The following example clears all anonymous subscribers. SCE 1000#clear interface LineCard 0 subscriber db counters clear interface linecard slot-number traffic-counter Clears the specified traffic counter.
Appendix A Privileged Exec Mode Commands clear logger device User-File-Log counters Clears the counters of the logger SCE 1000 (user log files). The counters keep track of the number of info, warning, error and fatal messages. Authorization Mode admin Privileged EXEC EXAMPLE: The following example clears the user log file SCE 1000 counters.
Appendix A Privileged Exec Mode Commands clock read-calendar Synchronizes clocks by setting the system clock from the calendar. Authorization Mode admin Privileged EXEC EXAMPLE: The following example updates the system clock from the calendar. SCE 1000#clock read-calendar SCE 1000# clock set hh:mm:ss day month year Manually sets the system clock. Authorization Mode admin Privileged EXEC PARAMETERS hh:mm:ss Current local time in hours in 24-hour format, minutes and seconds (HH:MM:SS).
Appendix A Privileged Exec Mode Commands configure Enables the user to move from Privileged Exec Mode to Configuration Mode. Authorization Mode admin Privileged EXEC USAGE GUIDELINES • After the user enters the configure command, the system prompt changes from # to (config)#, indicating that the system is in Global Configuration Mode. To leave Global Configuration Mode and return to the Privileged Exec Mode prompt, type exit.
Appendix A Privileged Exec Mode Commands copy running-config startup-config Builds a configuration file with general configuration commands called config.txt, which is used in successive boots. Authorization Mode admin Privileged EXEC USAGE GUIDELINES • This command must be entered to save newly configured parameters, so that they will be effective after a reboot. You can view the running configuration before saving it using the more running-config command.
Appendix A Privileged Exec Mode Commands copy source-file ftp://username[:password]@server-address[:port]/path/destination-file Uploads a file to a remote station, using FTP. Authorization Mode admin Privileged EXEC PARAMETERS source-file The name of the source file located in the local flash file system. username The username known by the FTP server. password The password of the given username. server-address The dotted decimal IP address. port Optional port number on the FTP server.
Appendix A Privileged Exec Mode Commands copy-passive source-file ftp://username[:password]@server-address[:port]/path/destination-file [overwrite] Uploads or downloads a file using passive FTP. Authorization Mode admin Privileged EXEC PARAMETERS source-file The name of the source file located in the local flash file system. username The username known by the FTP server. password The password of the given username. server-address The dotted decimal IP address.
Appendix A Privileged Exec Mode Commands delete file-name [/recursive] Deletes a file from the local flash file system. Use the recursive switch to delete a complete directory and its contents. When used with the recursive switch, the filename argument specifies a directory rather than a file. Authorization Mode admin Privileged EXEC PARAMETERS file-name The name of the file or directory to be deleted. EXAMPLE 1: The following example deletes the oldlog.txt file. SCE 1000#delete oldlog.
Appendix A Privileged Exec Mode Commands logger get support-file filename Generates a log file for technical support. Note that this operation may take some time. Authorization Mode admin Privileged EXEC PARAMETERS filename Name of the generated log file. EXAMPLE: The following example generates a log file named tech_sup for technical support. SCE 1000# logger get support-file tech_sup SCE 1000# [no] history Enables the history feature, that is, a record of the last command lines that executed.
Appendix A Privileged Exec Mode Commands ip ftp password password Specifies the password to be used for FTP connections for the current session. The system will use this password if no password is given in the copy FTP command. Default admin Authorization Mode admin Privileged EXEC PARAMETERS password The password for FTP connections. EXAMPLE: The following example sets the password to be used in the FTP connection to mypw.
Appendix A Privileged Exec Mode Commands logger get user-log file-name target-file Outputs the current user log to a target file. The output file name can be a local path, full path, or full ftp path file name. Authorization Mode admin Privileged EXEC PARAMETERS target-file The log file name where the system will write the log file information. EXAMPLE: The following example retrieves the current user log files. SCE 1000#logger get user-log file-name ftp://myname:mypw@10.1.1.205/d:/log.
Appendix A Privileged Exec Mode Commands more file-name Displays the contents of a file. Authorization Mode admin Privileged EXEC PARAMETERS file-name The name of the file to be displayed. USAGE GUIDELINES • The running-config option (see [more | show] running-config [all-data] (on page A-76)) displays the running configuration file. • The startup-config option (see [more | show] startup-config (on page A-77)) displays the startup configuration file.
Appendix A Privileged Exec Mode Commands [more | show] running-config [all-data] Shows the current configuration. Authorization Mode admin Privileged EXEC PARAMETERS all-data Displays defaults as well as non-default settings. USAGE GUIDELINES • The all-data switch may to see sample usage for many CLI configuration commands. EXAMPLE: The following partial example shows the output of the more running-config command.
Appendix A Privileged Exec Mode Commands [more | show] startup-config Shows the startup configuration file. Use this command to review the configuration used by the SCE 1000 at boot time in comparison with the current configuration to make sure that you approve of all the differences before saving the configuration by using copy running-config startup-config command. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows a sample output.
Appendix A Privileged Exec Mode Commands ping host Pings the given host to test for connectivity. The ping program sends a test message (packet) to an address and then awaits a reply. Ping output can help you evaluate path-to-host reliability, delays over the path, and whether the host can be reached or is functioning. Authorization Mode admin Privileged EXEC PARAMETERS host The host name or IP address of a remote station to ping. EXAMPLE: The following example pings the host 10.1.1.201.
Appendix A Privileged Exec Mode Commands reload shutdown Shuts down the SCE 1000 system, preparing it for being turned off. Authorization Mode admin Privileged EXEC USAGE GUIDELINES • Use this command to shut down the SCE 1000 system in an orderly manner, before turning it off. After issuing this command, the only way to revive the SCE 1000 from its power-down state is to turn it off, then back on. • This command can only be issued from the serial CLI console port.
Appendix A Privileged Exec Mode Commands rmdir directory-name Removes an empty directory. To remove a directory that is not empty, use the delete command with the recursive switch. Authorization Mode admin Privileged EXEC PARAMETERS directory-name The name of the directory to be deleted. USAGE GUIDELINES • You can only remove an empty directory. EXAMPLE: The following example deletes the code directory. SCE 1000#rmdir code SCE 1000# script capture script-file-name Begins the recording of a script.
Appendix A Privileged Exec Mode Commands script print script-file-name Displays a script file. Authorization Mode admin Privileged EXEC PARAMETERS script-file-name The name of the file containing the script. EXAMPLE: The following example prints the commands captured in script1.txt. SCE 1000#script print script1.txt cd log cd .. pwd script stop SCE 1000# script run script-file-name [halt] Runs a script. The halt parameter causes the command to break script on errors.
Appendix A Privileged Exec Mode Commands script stop Stops script capture. Used in conjunction with script capture, marks the end of a script being recorded. Authorization Mode admin Privileged EXEC EXAMPLE: The following example stops the capturing of a script. SCE SCE SCE SCE SCE SCE 1000#script capture script1.txt 1000#cd log 1000#cd ..
Appendix A Privileged Exec Mode Commands • redundancy • link-bypass mode when not operational • administrative status after abnormal reboot For a complete description of the command, see System Configuration (on page 4-26). Authorization Mode admin Privileged EXEC PARAMETERS The setup command does not include parameters in the usual sense of the word. However, the setup utility questions prompt for many global configuration parameters.
Appendix A Privileged Exec Mode Commands Table A-2 Setup Command Parameters Parameter Definition IP address IP address of the SCE 1000. subnet mask Subnet mask of the SCE 1000. default gateway Default gateway. hostname Character string used to identify the SCE 1000 admin password Admin level password. Character string from 4-100 characters beginning with an alpha character. root password Root level password. Character string from 4-100 characters beginning with an alpha character.
Appendix A Privileged Exec Mode Commands Parameter Definition Access Control Lists Access Control List number How many ACLs will be necessary? What IP addresses will be permitted/denied access for each management interface? You may want ACLs for the following : • Any IP access • Telnet access • SNMP GET access • SNMP SET access list entries (maximum 20 per list) IP address, and whether permitted or denied access. IP access ACL ID number of the ACL controlling IP access.
Appendix A Privileged Exec Mode Commands show access-lists [number] Shows all access-lists or a specific access list. Authorization Mode admin Privileged EXEC PARAMETERS number Number of the access list to show EXAMPLE: The following example displays the configuration of access-list 1. SCE 1000#show access-lists 1 Standard IP access list 1 Permit 10.1.1.0, wildcard bits 0.0.0.255 deny any SCE 1000# show blink slot slot-number Displays the blinking status of a slot.
Appendix A Privileged Exec Mode Commands show clock Displays the time maintained by the system clock. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the current system clock. SCE 1000#show clock 12:50:03 UTC MON November 13 2001 SCE 1000# show failure-recovery operation-mode Displays the operation mode to apply after boot resulted from failure.
Appendix A Privileged Exec Mode Commands show hosts Displays the default domain name, the address of the name server, and the content of the host table. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the domain and hosts configured. SCE 1000#show hosts Default domain is cisco.com Name/address lookup uses domain service Name servers are 10.1.1.60, 10.1.1.61 Host Address ---------PC85 10.1.1.
Appendix A Privileged Exec Mode Commands show interface FastEthernet slot-number/interface-number ip address Displays the currently configured IP address and subnet mask of the Management FastEthernet Interface. Authorization Mode admin Privileged EXEC PARAMETERS slot-number The number of the identified slot. Enter a value of 0. interface-number Enter a value of 0. EXAMPLE: The following example shows the configured IP address. SCE 1000#show interface FastEthernet 0/0 ip address Ip address: 10.1.5.
Appendix A Privileged Exec Mode Commands show interface FastEthernet slot/interface duplex Displays the configured duplex mode and the actual status of it. Authorization Mode admin Privileged EXEC PARAMETERS slot-number The number of the identified slot. Enter a value of 0. interface-number FastEthernet interface number 0, 1 or 2. EXAMPLE: The following example shows the FastEthernet interface duplex mode configuration and status.
Appendix A Privileged Exec Mode Commands show interface FastEthernet slot/interface duplex Displays the configured duplex mode and the actual status of it. Authorization Mode admin Privileged EXEC PARAMETERS slot-number The number of the identified slot. Enter a value of 0. interface-number FastEthernet interface number 0, 1 or 2. EXAMPLE: The following example shows the FastEthernet interface duplex mode configuration and status.
Appendix A Privileged Exec Mode Commands show interface LineCard slot-number Displays information for a specific LineCard Interface. Authorization Mode user Privileged EXEC PARAMETERS slot-number The number of the identified slot. Enter a value of 0. EXAMPLE: The following example shows that the LineCard Interface does not currently have an application assigned to it.
Appendix A Privileged Exec Mode Commands show interface LineCard attack-detector Displays the configuration of the specified attack detector. Authorization Mode admin Privileged EXEC PARAMETERS slot-number The number of the identified slot. Enter a value of 0. USAGE GUIDELINES • Use the "all" keyword to display the configuration of all existing attack detectors. • Use the "default" keyword to display default attack detector configuration.
Appendix A Privileged Exec Mode Commands EXAMPLE 1: The following example displays the configuration of the attack detector for a specified IP address. SCE 1000#show interface LineCard 0 attack-filter query IP address 10.10.10.10 configured EXAMPLE 2: The following example displays all existing forced attack filters. SCE 1000#show interface LineCard 0 attack-filter force-filter EXAMPLE 3: The following example displays the subscriber notification ports.
Appendix A Privileged Exec Mode Commands show interface LineCard slot-number counters Displays the LineCard Interface hardware counters. Authorization Mode admin Privileged EXEC PARAMETERS slot-number The number of the identified slot. Enter a value of 0. EXAMPLE: The following example shows the hardware counters for the LineCard Interface.
Appendix A Privileged Exec Mode Commands show interface LineCard slot-number link-bypass Displays the current LineCard link-bypass mode, as well as the configured modes for boot- time, normal operation, and failure. Authorization Mode admin Privileged EXEC PARAMETERS slot-number The number of the identified slot. Enter a value of 0. EXAMPLE: The following example shows the current and configured bypass modes.
Appendix A Privileged Exec Mode Commands show interface LineCard slot-number subscriber anonymous [amount] [name group-name] Displays the subscribers in a specified anonymous subscriber group. Use the “amount” form to display the number of subscribers in the group rather than a complete listing of members. If no group-name is specified, all anonymous subscribers in all groups are displayed. Authorization Mode admin Privileged EXEC PARAMETERS slot-number The number of the identified slot.
Appendix A Privileged Exec Mode Commands show interface LineCard slot-number subscriber [amount] [prefix prefix] [suffix suffix] [property propertyname equals|greater-than|less-than property-val] Displays subscribers meeting one of the following specified criteria: • Having a value of a subscriber property that is equal to, larger than, or smaller than a specified value • Having a subscriber name that matches a specific prefix • Having a subscriber name that matches a specific suffix Use the “amount”
Appendix A Privileged Exec Mode Commands show interface LineCard slot-number subscriber mapping [amount] [IP iprange] [intersecting IP iprange] [VLANid vlanid] [none] Displays subscribers whose mapping meets one of the following specified criteria: • Is within a specified range of IP addresses • Intersects a specified IP range • Matches a specified VLAN tag • Has no mapping Use the “amount” form to display the number of subscribers meeting the mapping criteria rather than listing actual subscriber
Appendix A Privileged Exec Mode Commands show interface LineCard slot-number subscriber name name [mappings] [counters] [properties] Displays information about a specified subscriber. The following information can be displayed: • Mappings • OS counters (bandwidth and current number of flows) • All values of subscriber properties • All of the above If no category is specified, a complete listing of property values, mappings and counters is displayed.
Appendix A Privileged Exec Mode Commands show interface LineCard slot-number subscriber db counters Displays following subscriber database counters: • Current number of subscribers • Current number of introduced subscribers • Current number of anonymous subscribers • Current number of active subscribers (with active traffic sessions) • Current number of subscribers with mappings • Current number of IP mappings • Current number of vlan mappings • Max number of subscribers that can be introduc
Appendix A Privileged Exec Mode Commands show interface LineCard slot-number subscriber [amount] mapping included-in TP-IP-range name | IP Displays the existing subscriber mappings for a specified TIR or IP range. Authorization Mode admin Privileged EXEC PARAMETERS slot-number The number of the identified slot. Enter a value of 0. TP-IP-range name Name of the TIR for which mappings should be displayed. IP IP range for which mappings should be displayed.
Appendix A Privileged Exec Mode Commands show interface LineCard slot-number tos-marking table Displays the current LineCard TOS marking table. Authorization Mode admin Privileged EXEC PARAMETERS slot-number The number of the identified slot. Enter a value of 0.
Appendix A Privileged Exec Mode Commands show interface linecard slot-number traffic-rule Displays the specified traffic rule configuration. Authorization Mode admin Privileged EXEC PARAMETERS slot number name The number of the identified slot. Enter a value of 0. Name of the traffic rule to be displayed. Usage Guidelines: • Use the all keyword to display all traffic counter rules. EXAMPLE: The following example displays information for the Rule1 traffic rule.
Appendix A Privileged Exec Mode Commands show ip advertising [destination|interval] Shows the status of IP advertising, the configured destination and the configured interval. Use the [destination] and [interval] versions of the command to display only the configured destination or interval, respectively. Authorization Mode admin Privileged EXEC USAGE GUIDELINES • Use the form show ip advertising destination to display the IP advertising destination.
Appendix A Privileged Exec Mode Commands show ip rpc-adapter Displays the status of the RPC adapter (enabled or disabled) and the configured port. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the configuration of the RPC adapter. SCE 1000#show ip rpc-adapter RPC Server is OFFLINE RPC Server port is 14374 show ip route Shows the entire routing table and the destination of last resort (default-gateway).
Appendix A Privileged Exec Mode Commands show ip route prefix mask Shows the routing entries from the subnet specified by the prefix and mask pair. Authorization Mode admin Privileged EXEC PARAMETERS prefix The prefix of the routing entries to be included. mask Used to limit the search of routing entries. EXAMPLE: The following example shows retrieval of the ip route. SCE 1000#show ip route 10.1.60.0 255.255.255.
Appendix A Privileged Exec Mode Commands show management-agent notifications Displays the status of notifications sent to the Management agent. Authorization Mode admin Privileged EXEC EXAMPLE: The following example displays the default status for management agent notification.
Appendix A Privileged Exec Mode Commands show logger device User-File-Log Displays the logger SCE 1000 configuration status and maximum file size. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the logger User-File-Log SCE 1000 status and configuration. SCE SCE SCE SCE 1000#show logger SCE 1000 User-File-Log 1000 User-File-Log status: Enabled 1000 User-File-Log file size: 64000 1000# show logger device User-File-Log counters Displays the logger SCE 1000’s counters.
Appendix A Privileged Exec Mode Commands show logger device User-File-Log max-file-size Displays the logger SCE 1000’s maximum file size. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the logger User-File-Log SCE 1000 max file size configuration. SCE 1000#show logger SCE 1000 User-File-Log max-file-size SCE 1000 User-File-Log file size: 64000 SCE 1000# show logger device User-File-Log status Displays the logger SCE 1000 configuration status.
Appendix A Privileged Exec Mode Commands show pqi last-installed Displays the name of the last pqi file that was installed. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows how to display application file information. SCE 1000# show pqi last-installed package name: pack1 package date: Tue Jun 10 17:27:55 GMT+00:00 2003 operation: Upgrade show RDR-formatter Displays the RDR formatter configuration.
Appendix A Privileged Exec Mode Commands show RDR-formatter connection-status Shows the current RDR formatter connection table and status (main connection status: up\down, forwarding mode, and connection/activity information for each destination). Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the RDR-formatter connection status.
Appendix A Privileged Exec Mode Commands show RDR-formatter destination Shows the RDR-formatter destinations. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the RDR-formatter configured destinations. SCE 1000#show RDR-formatter destination Destination: 10.1.1.205 Port: 33000 Destination: 10.1.1.206 Port: 33000 Destination: 10.10.12.10 Port: 33000 SCE 1000# show RDR-formatter enabled Shows the RDR-formatter status (enabled/disabled).
Appendix A Privileged Exec Mode Commands show RDR-formatter history-size Shows the configured size of the RDR formatter history buffer. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the size of the RDR formatter history buffer. SCE 1000#show RDR-formatter history-size History buffer size: 16000 bytes SCE 1000# show RDR-formatter protocol Shows the RDR protocol version of the RDR formatter.
Appendix A Privileged Exec Mode Commands show RDR-formatter statistics Shows the current RDR formatter statistics. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the current RDR statistics. SCE 1000#show RDR-formatter statistics Total: sent: 0 in-queue: 0 thrown: 0 rate: 0 RDRs per second max rate: 0 RDRs per second Destination: 10.1.1.
Appendix A Privileged Exec Mode Commands show snmp Displays the SNMP configuration and counters. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the SNMP server configuration and status. SCE 1000#show snmp SNMP server status: Enabled Location: London_Office Contact: Brenda Authentication Trap Status: Enabled Communities: -----------Community: public, Access Authorization: RO, Access List Index: 1 Trap managers: -----------Trap host: 10.1.1.
Appendix A Privileged Exec Mode Commands show snmp contact Displays the configured MIB-2 variable sysContact. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the system contact. SCE 1000#show snmp contact Contact: Brenda@mycompany.com SCE 1000# show snmp enabled Displays the SNMP agent status (enabled/disabled). Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the SNMP server enabled status.
Appendix A Privileged Exec Mode Commands show snmp MIB mib variables Displays MIB variables. Authorization Mode admin Privileged EXEC PARAMETERS mib Name of MIB to display. Only a value of MIB-II is supported. variables Name of group to display. Use one of the following values: AT, ICMP, interfaces, IP, SNMP, system, TCP or UDP. EXAMPLE: The following example shows the MIB-2 system group. SCE 1000# show snmp MIB MIB-II system sysDescr.
Appendix A Privileged Exec Mode Commands show sntp Displays the SNTP configuration and update statistics. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows statistics from the SNTP clients. SCE 1000#show sntp SNTP broadcast client: disabled last update time: not available SNTP uni-cast client: enabled there is one server: 1: 128.182.58.
Appendix A Privileged Exec Mode Commands show telnet status Displays the status of the telnet server daemon. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows that the telnet daemon is currently enabled. SCE 1000#show telnet status Telnet deamon is enabled. SCE 1000# show timezone Displays the current time zone and daylight saving time configuration as configured by the user.
Appendix A Privileged Exec Mode Commands show version Displays the configuration information for the system including the hardware version, the software version, the application used, and other configuration information. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the current version information of the SCE 1000. SCE 1000#show version System version: Version 2.5.2 Build 240 Build time: Jan 11 2005, 07:34:47 Software version is: Version 2.5.
Appendix A Privileged Exec Mode Commands show version all Displays the complete version information as well as the running configuration for all components. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows version and configuration information for all the system components.
Appendix A Privileged Exec Mode Commands #Created on 10:14:59 . . UTC TUE January 11 2005 interface LineCard 0 connection-mode active no silent . . Software package file: Not available Unified management package file: /tffs0/images/um13012.pkg SCE 1000# show version software Displays version information for the current software. Authorization Mode admin Privileged EXEC EXAMPLE: The following example shows the current software version. SCE 1000#show version software Software version is: Version 2.
Appendix A Privileged Exec Mode Commands unzip filename Extracts a zip file to the current directory. Authorization Mode admin Privileged EXEC PARAMETERS filename Zip file to be extracted. EXAMPLE: SCE 1000#unzip zipfile.zip Unzipping '/tffs0/zipfile.zip'... Zip file has 3 entries: 1.sli, 13429 bytes extracted preflut.sli, 12558 bytes extracted temp/SLI/x/IpraeLut.sli, 12929 bytes extracted Finished, Extracted 3 files. SCE 1000# SCE 1000 2xGBE Release 2.0.
APPENDIX B Proprietary MIB Reference This appendix describes the SCE proprietary MIB support by the SCE 1000 platform. A MIB (Management Information Base) is a database of objects that can be monitored by a network management system (NMS). The Service Control Platform supports both the standard MIB-II and a proprietary Service Control Enterprise MIB.
Appendix B pcubeMgmt: pcubeConfigCopyMIB The figure below, illustrates the Service Control Enterprise MIB structure. Figure B-1: Service Control MIB Structure Currently, the proprietary pcube MIB consists of two main sub-trees: • The pcubeMgmt sub-tree: the pcubeConfigCopyMib enables saving the running configuration of Cisco products. • The pcubeWorkgroup sub-tree: the pcubeSeMib provides a wide variety of configuration and runtime statistics.
Appendix B pcubeMgmt: pcubeConfigCopyMIB Config-Copy MIB Objects Following is a list of the Config-Copy MIB objects. PcubeCopyIndex {pcubeCopyEntry 1} PcubeCopyEntryRowStatus {pcubeCopyEntry 2} pcubeCopySourceFileType {pcubeCopyEntry 3} pcubeCopyDestFileType {pcubeCopyEntry 4} pcubeCopyIndex (pcubeCopyEntry 1) Table index for multi asynchronous copy commands. As the MIB does not support multiple commands in this release, the value of this index must be “1”.
Appendix B pcubeWorkgroup: pcubeSeMIB pcubeWorkgroup: pcubeSeMIB The pcubeSeMIB is the main MIB for the Cisco OS products such as SCE 1000 and SCE 10000. This MIB provides configuration and runtime status for chassis, control modules, and line modules on the Cisco OS systems. pcubeSeMIB is defined in a file called Pcube-Se-mib.mib.
Appendix B pcubeSEObjs (pcubeWorkgroup 1) pcubeSeEventGenericString1 {cubeSeEvents 23} pcubeSeEventGenericString2 {pcubeSeEvents 24} moduleAttackFilterActivatedTrap {pcubeSeEvents 25} moduleAttackFilterDeactivatedTrap {pcubeSeEvents 26} moduleEmAgentGenericTrap {pcubeSeEvents 27} linkModeSniffingTrap {pcubeSeEvents 28} moduleRedundancyReadyTrap {pcubeSeEvents 29} moduleRedundantConfigurationMismatchTrap {pcubeSeEvents 30} moduleLostRedundancyTrap {pcubeSeEvents 31} moduleSmConnectionDownT
Appendix B pcubeSEObjs (pcubeWorkgroup 1) SCE-MIB Structure Following is a summary of the structure of the SE-MIB. Note the table structure for objects that may have multiple entries, such as the RDR destination, or traffic processors.
Appendix B pcubeSEObjs (pcubeWorkgroup 1) moduleAdminStatus moduleOperStatus linkGrp linkTable linkEntry linkModuleIndex linkIndex linkAdminModeOnActive linkAdminModeOnFailure linkOperMode linkStatusReflectionEnable linkSubscriberSidePortIndex linkNetworkSidePortIndex diskGrp diskNumUsedBytes diskNumFreeBytes rdrFormatterGrp rdrFormatterEnable rdrFormatterDestTable rdrFormatterDestEntry rdrFormatterDestIPAddr rdrFormatterDestPort rdrFormatterDestPriority rdrFormatterDestStatus rdrFormatterDestConnectionSta
Appendix B pcubeSEObjs (pcubeWorkgroup 1) rdrFormatterReportRatePeak rdrFormatterReportRatePeakTime rdrFormatterProtocol rdrFormatterForwardingMode rdrFormatterCategoryTable rdrFormatterCategoryEntry rdrFormatterCategoryIndex rdrFormatterCategoryName rdrFormatterCategoryNumReportsSent rdrFormatterCategoryNumReportsDiscarded rdrFormatterCategoryReportRate rdrFormatterCategoryReportRatePeak rdrFormatterCategoryReportRatePeakTime rdrFormatterCategoryDestTable rdrFormatterCategoryDestEntry rdrFormatterCategory
Appendix B pcubeSEObjs (pcubeWorkgroup 1) subscribersNumVlanMappingsFree subscribersNumActive subscribersNumActivePeak subscribersNumActivePeakTime subscribersNumUpdates subscribersCountersClearTime subscribersPropertiesTable subscribersPropertiesEntry spIndex spName spType subscribersPropertiesValueTable subscribersPropertiesValueEntry spvIndex spvSubName spvPropertyName spvRowStatus spvPropertyStringValue spvPropertyUintValue spvPropertyCounter trafficProcessorGrp tpInfoTable tpInfoEntry tpModuleIndex tp
Appendix B pcubeSEObjs (pcubeWorkgroup 1) tpNumUdpActiveFlowsPeak tpNumUdpActiveFlowsPeakTime tpNumNonTcpUdpActiveFlows tpNumNonTcpUdpActiveFlowsPeak tpNumNonTcpUdpActiveFlowsPeakTime tpTotalNumBlockedPackets tpTotalNumBlockedFlows tpTotalNumDiscardedPacketsDueToBwLimit tpTotalNumWredDiscardedPackets tpTotalNumFragments tpTotalNumNonIpPackets tpTotalNumIpCrcErrPackets tpTotalNumIpLengthErrPackets tpTotalNumIpBroadcastPackets tpTotalNumTtlErrPackets tpTotalNumTcpUdpCrcErrPackets tpClearCountersTime tpHandle
Appendix B pcubeSEObjs (pcubeWorkgroup 1) portType portNumTxQueues portIfIndex portAdminSpeed portAdminDuplex portOperDuplex portLinkIndex portOperStatus txQueuesGrp txQueuesTable txQueuesEntry txQueuesModuleIndex txQueuesPortIndex txQueuesQueueIndex txQueuesDescription txQueuesBandwidth txQueuesUtilization txQueuesUtilizationPeak txQueuesUtilizationPeakTime txQueuesClearCountersTime globalControllersGrp globalControllersTable globalControllersEntry globalControllersModuleIndex globalControllersPortIndex g
Appendix B SCE Events: pcubeSeEvents appInfoEntry appName appDescription appVersion appPropertiesTable appPropertiesEntry apIndex apName apType appPropertiesValueTable appPropertiesValueEntry apvIndex apvPropertyName apvRowStatus apvPropertyStringValue apvPropertyUintValue apvPropertyCounter trafficCountersGrp trafficCountersTable trafficCountersEntry trafficCounterIndex trafficCounterValue trafficCounterName trafficCounterType SCE Events: pcubeSeEvents operationalStatusOperationalTrap (pcubeSeEvents 1) T
Appendix B SCE Events: pcubeSeEvents systemResetTrap (pcubeSeEvents 4) The agent entity is about to reset itself either per user request or due to a fatal event. chassisTempAlarmOnTrap (pcubeSeEvents 5) The chassisTempAlarm object in this MIB has transitioned to the On (3) state, indicating that the temperature is too high. chassisTempAlarmOffTrap (pcubeSeEvents 6) The chassisTempAlarm object in this MIB has transitioned to the Off (2) state, indicating that the temperature level is back to normal.
Appendix B SCE Events: pcubeSeEvents telnetSessionEndedTrap (pcubeSeEvents 15) The agent entity has detected end of a telnet session. telnetSessionDeniedAccessTrap (pcubeSeEvents 16) The agent entity has refused a telnet access from an unauthorized source. telnetSessionBadLoginTrap (pcubeSeEvents 17) The agent entity has detected an attempt to login with a wrong password. loggerUserLogIsFullTrap (pcubeSeEvents 18) The User log file is full. The agent entity then rolls to the next file.
Appendix B SCE Events: pcubeSeEvents • Source of the attack is detected (at the subscriber side, IP address = 10.1.4.134, attacking the network side using UDP., number of open flows = 10000, configured action is ‘report’): Attack detected: Attack from IP address 10.1.4.134, from subscriber side, protocol UDP. 10000 concurrent open flows detected, 57 concurrent Ddos-suspected flows detected. Action is: Report. • Target of the attack is detected (at the network side, IP address = 10.1.4.
Appendix B SCE Events: pcubeSeEvents Attack filter: Forced to end report to IP address 10.1.1.1, from network side, protocol Other. Attack end forced using a 'no force-filter' or a 'dont-filter' command. Duration 13 seconds, attack comprised of 1 flows. moduleEmAgentGenericTrap (pcubeSeEvents 27) A generic trap used by the Cisco EM agent.
Appendix B System Group: systemGrp (pcubeSEObjs 1) chassisLineFeedAlarmOnTrap (pcubeSeEvents 36) The agent entity has detected that the chassisLineFeed object in this MIB has changed to the on(3) state. System Group: systemGrp (pcubeSEObjs 1) The System group provides data on the system-wide functionality of the SCE Platform. sysOperationalStatus (systemGrp 1) Indicates the operational status of the system.
Appendix B Chassis Group: chassisGrp (pcubeSEObjs 2) Chassis Group: chassisGrp (pcubeSEObjs 2) The Chassis group defines and identifies the chassis, as well as environmental alarms related to the chassis. ChassisSysType (chassisGrp 1) The chassis system type. Access RO SYNTAX INTEGER { 1 (other): none of the following 2 (SE1000): SE1000 platform 3 (SE100): SE100 platform 4 (SE2000): SE2000 platform } chassisPowerSupplyAlarm (chassisGrp 2) Indicates whether the power supply to the chassis is normal.
Appendix B Chassis Group: chassisGrp (pcubeSEObjs 2) chassisFansAlarm (chassisGrp 3) Indicates whether all the fans on the chassis are functional. Access RO SYNTAX INTEGER { 1 (other): none of the following 2 (off): all fans are functional 3 (on): one or more fans is not functional. } chassisTempAlarm (chassisGrp 4) Indicates the chassis temperature alarm status. Access RO SYNTAX INTEGER { 1 (other): none of the following 2 (off): temperature is within acceptable range 3 (on): temperature is too high.
Appendix B Chassis Group: chassisGrp (pcubeSEObjs 2) chassisNumSlots (chassisGrp 6) Indicates the number of slots in the chassis available for plug-in modules, including both currently occupied and empty slots. Access RO SYNTAX INTEGER (0..255) chassisSlotConfig (chassisGrp 7) An indication of which slots in the chassis are occupied. This is an integer value with bits set to indicate configured modules.
Appendix B Module Group: moduleGrp (pcubeSEObjs 3) chassisLineFeedAlarm (chassisGrp 9) Indicates whether the line feed to the chassis is connected and whether it is supplying power to the power supply unit. Access RO SYNTAX INTEGER { 1 (other): none of the following 2 (OFF): The line feed to the chassis is connected and has power 3 (ON): The line feed to the chassis is not normal. One or both of the line feeds may not be connected properly or have no power.
Appendix B Module Group: moduleGrp (pcubeSEObjs 3) moduleEntry (moduleTable 1) Entry containing a number of parameters defining the physical characteristics of one module in the chassis.
Appendix B Module Group: moduleGrp (pcubeSEObjs 3) moduleType (moduleEntry 2) The type of module.
Appendix B Module Group: moduleGrp (pcubeSEObjs 3) moduleHwVersion (moduleEntry 5) The hardware version of the module. Access RO SYNTAX DisplayString moduleNumPorts (moduleEntry 6) The number of ports supported by the module. Access RO SYNTAX INTEGER (0..255) moduleNumLinks (moduleEntry 7) The number of links carrying inband traffic that are supported by the module. The link is uniquely defined by the two ports that are at its endpoints. Access RO SYNTAX INTEGER (0..
Appendix B Module Group: moduleGrp (pcubeSEObjs 3) moduleSerialNumber (moduleEntry 9) The serial number of the module. Access RO SYNTAX DisplayString moduleUpStreamAttackFilteringTime (moduleEntry 10) The accumulated time (in hundredths of a second) during which attack up-stream traffic was filtered. Access RO SYNTAX TimeTicks moduleUpStreamLastAttackFilteringTime (moduleEntry 11) The time (in hundredths of a second) since the previous attack filtered in the up-stream traffic.
Appendix B Module Group: moduleGrp (pcubeSEObjs 3) moduleAttackObjectsClearTime (moduleEntry 14) The time (in hundredths of a second) since the attack objects were cleared. Writing a 0 to this object causes the counters to be cleared. Access RO SYNTAX TimeTicks moduleAdminStatus (moduleEntry 15) Indicates whether the module is configured to handle traffic on startup or reboot (active), to be the hot standby.
Appendix B Link Group: linkGrp (pcubeSEObjs 4) Link Group: linkGrp (pcubeSEObjs 4) The Link group defines and identifies the link. It provides information regarding the mode of operation of the link defined for each status of the platform. linkTable (linkGrp 1) A list of link entries containing information regarding the configuration and status of the links that pass through the SCE and carry in-band traffic.
Appendix B Link Group: linkGrp (pcubeSEObjs 4) linkModuleIndex (linkEntry 1) An index value (moduleIndex) that uniquely identifies the module where this link is located. Access RO SYNTAX INTEGER (1..255) linkIndex (linkEntry 2) An index value that uniquely identifies the link within the specified module. Valid entries are 1 to the value of moduleNumLinks for this module. Access RO SYNTAX INTEGER (1..
Appendix B Link Group: linkGrp (pcubeSEObjs 4) linkOperMode (linkEntry 5) The current operational mode of the link. Possible values (LinkModeType): • Bypass: the traffic is forwarded from one port to the other using an internal splitter with no processing taking place. • Forwarding: the traffic is forwarded by the internal hardware and software modules of the SCE.
Appendix B Disk Group: diskGrp (pcubeSEObjs 5) Disk Group: diskGrp (pcubeSEObjs 5) The Disk group provides data regarding the space utilization on the disk. diskNumUsedBytes (diskGrp 1) The number of used bytes on the disk. Access RO SYNTAX Unsigned32 (0...4294967295) diskNumFreeBytes (diskGrp 2) The number of free bytes on the disk. Access RO SYNTAX Unsigned32 (0...
Appendix B RDR Formatter Group: rdrFormatterGrp (pcubeSEObjs 6) rdrFormatterDestTable (rdrFormatterGrp 2) This table lists the addresses of Collection Managers. If the RDR-formatter is enabled, the destination with the highest priority to which a TCP connection can be established is designated as the active connection, and would receive the reports generated by the traffic processors. The table may contain a maximum of three entries.
Appendix B RDR Formatter Group: rdrFormatterGrp (pcubeSEObjs 6) rdrFormatterDestPort (rdrFormatterDestEntry 2) The TCP port on which the Collection Manager listens and the to which the RDR-Formatter should connect. Access RO SYNTAX INTEGER (1...65535) rdrFormatterDestPriority (rdrFormatterDestEntry 3) The priority given to the Collection Manager. The active Collection Manager is the Collection Manager with the highest priority whose TCP connection is up. Access RO SYNTAX INTEGER (1...
Appendix B RDR Formatter Group: rdrFormatterGrp (pcubeSEObjs 6) rdrFormatterDestNumReportsSent (rdrFormatterDestEntry 6) The number of reports sent by the RDR-formatter to this destination. Access RO SYNTAX Unsigned32 (0...4294967295) rdrFormatterDestNumReportsDiscarded (rdrFormatterDestEntry 7) The number of reports dropped by the RDR-formatter at this destination. Access RO SYNTAX Unsigned32 (0...
Appendix B RDR Formatter Group: rdrFormatterGrp (pcubeSEObjs 6) rdrFormatterNumReportsDiscarded (rdrFormatterGrp 4) The number of reports dropped by the RDR-formatter. Access RO SYNTAX Unsigned32 (0...4294967295) rdrFormatterClearCountersTime (rdrFormatterGrp 5) The time (in hundredths of a second) since the RDR-formatter counters were last cleared. Writing a 0 to this object causes the RDR-formatter counters to be cleared.
Appendix B RDR Formatter Group: rdrFormatterGrp (pcubeSEObjs 6) rdrFormatterProtocol (rdrFormatterGrp 9) The RDR protocol currently in use. Access RO SYNTAX INTEGER { 1 (other): none of the following 2 (RDRv1): RDR protocol version 1 3 (RDRv2): RDR protocol version 2 } rdrFormatterForwardingMode (rdrFormatterGrp 10) The manner in which the RDR formatter sends the reports to the destinations.
Appendix B RDR Formatter Group: rdrFormatterGrp (pcubeSEObjs 6) rdrFormatterCategoryEntry (rdrFormatterCategoryTable 1) Entry containing information about the RDR formatter categories.
Appendix B RDR Formatter Group: rdrFormatterGrp (pcubeSEObjs 6) rdrFormatterCategoryNumReportsDiscarded (rdrFormatterCategoryEntry 4) The number of reports dropped by the RDR formatter for this category. Access RO SYNTAX Unsigned32 (0...4294967295) rdrFormatterCategoryReportRate (rdrFormatterCategoryEntry 5) The rate of the reports (in reports per second) currently sent to this category. Access RO SYNTAX Unsigned32 (0...
Appendix B RDR Formatter Group: rdrFormatterGrp (pcubeSEObjs 6) rdrFormatterCategoryDestEntry (rdrFormatterCategoryDestTable 1) A destination table entry. Access not-accessible INDEX {rdrFormatterCategoryIndex, rdrFormatterDestIPAddr, rdrFormatterDestPort} SYNTAX SEQUENCE { rdrFormatterCategoryDestPriority rdrFormatterCategoryDestStatus } rdrFormatterCategoryDestPriority (rdrFormatterCategoryDestEntry 1) The priority assigned to the Collection Manager for this category.
Appendix B Logger Group: loggerGrp (pcubeSEObjs 7) Logger Group: loggerGrp (pcubeSEObjs 7) The Logger group is responsible for logging the system synchronous and asynchronous events. loggerUserLogEnable (loggerGrp 1) Indicates whether the logging of user information is enabled or disabled.
Appendix B Logger Group: loggerGrp (pcubeSEObjs 7) loggerUserLogNumFatal (loggerGrp 5) The number of Fatal messages logged into the user log file since last reboot or last time the counter was cleared Access RO SYNTAX Unsigned32 (0...4294967295) loggerUserLogClearCountersTime (loggerGrp 6) The time (in hundredths of a second) since user log counters were last cleared. Writing a 0 to this object causes the user log counters to be cleared. Access RW SYNTAX TimeTicks SCE 1000 2xGBE Release 2.0.
Appendix B Subscribers Group: subscribersGrp (pcubeSEObjs 8) Subscribers Group: subscribersGrp (pcubeSEObjs 8) The Subscribers group provides statistics concerning the number of subscribers and subscriber mappings. It also provides data on the subscriber properties and the value of those properties for a specified subscriber. subscribersInfoTable (subscribersGrp 2) Data regarding subscriber management operations performed.
Appendix B Subscribers Group: subscribersGrp (pcubeSEObjs 8) subscribersNumIntroduced (subscribersInfoEntry 1) The current number of subscribers introduced to the SCE. These subscribers may or may not have IP address or VLAN mappings. Subscribers who do not have mappings of any kind cannot be associated with traffic, and will be served by the SCE according to the default settings. Access RO SYNTAX Unsigned32 (0...
Appendix B Subscribers Group: subscribersGrp (pcubeSEObjs 8) subscribersNumIpRangeMappingsFree (subscribersInfoEntry 6) The number of free IP range to subscriber mappings that are available for defining new mappings. Access RO SYNTAX Unsigned32 (0...4294967295) subscribersNumVlanMappings (subscribersInfoEntry 7) The current number of VLAN to subscriber mappings Access RO SYNTAX Unsigned32 (0...
Appendix B Subscribers Group: subscribersGrp (pcubeSEObjs 8) subscribersNumUpdates (subscribersInfoEntry 12) The accumulated number of subscribers database updates received by the SCE. Access RO SYNTAX Unsigned32 (0...4294967295) subscribersCountersClearTime (subscribersInfoEntry 13) The time (in hundredths of a second) since the subscribers counters were cleared. Writing a 0 to this object causes the counters to be cleared.
Appendix B Subscribers Group: subscribersGrp (pcubeSEObjs 8) spIndex (subscribersPropertiesEntry 1) An index value that uniquely identifies the subscriber property. Access RO SYNTAX INTEGER (1..255) spName (subscribersPropertiesEntry 2) Name of the subscriber property. Access RO SYNTAX DisplayString spType (subscribersPropertiesEntry 3) Property type in respect to: variable type (integer, boolean, string etc), number of elements (scalar or array), and restrictions, if any.
Appendix B Subscribers Group: subscribersGrp (pcubeSEObjs 8) subscriberPropertiesValueEntry (subscriberPropertiesValueTable 1) Entry providing information on the value of one of the specified subscriber properties. Access not-accessible INDEX {moduleIndex, spvIndex} SYNTAX SEQUENCE { SpvIndex spvSubName spvPropertyName spvRowStatus spvPropertyStringValue spvPropertyUintValue spvPropertyCounter64Value } spvIndex (subscriberPropertiesValueEntry 1) An index value that uniquely identifies the entry.
Appendix B Subscribers Group: subscribersGrp (pcubeSEObjs 8) spvRowStatus (subscriberPropertiesValueEntry 4) Controls creation of a table entry. Only setting CreateAndGo (4) and Destroy (6) will change the status of the entry. Access RC SYNTAX RowStatus spvPropertyStringValue (subscriberPropertiesValueEntry 5) The value of the subscriber property in display string format. Access RO SYNTAX DisplayString (SIZE 0...
Appendix B Traffic Processor Group: trafficProcessorGrp (pcubeSEObjs 9) Traffic Processor Group: trafficProcessorGrp (pcubeSEObjs 9) The Traffic Processor group provides statistics regarding the traffic flow handled by each traffic processor. tpInfoTable (trafficProcessorGrp 1) The Traffic Processor Info table consists of data regarding traffic handled by the traffic processors, classified by packets and flows.
Appendix B Traffic Processor Group: trafficProcessorGrp (pcubeSEObjs 9) tpTotalNumBlockedPackets tpTotalNumBlockedFlows tpTotalNumDiscardedPacketsDueToBwLimit tpTotalNumWredDiscardedPackets tpTotalNumFragments tpTotalNumNonIpPackets tpTotalNumIpCrcErrPackets tpTotalNumIpLengthErrPackets tpTotalNumIpBroadcastPackets tpTotalNumTtlErrPackets tpTotalNumTcpUdpCrcErrPackets tpClearCountersTime tpHandledPacketsRate tpHandledPacketsRatePeak tpHandledPacketsRatePeakTime tpHandledFlowsRate tpHandledFlowsRatePeak tpH
Appendix B Traffic Processor Group: trafficProcessorGrp (pcubeSEObjs 9) tpIndex (tpInfoEntry 2) An index value that uniquely identifies the traffic processor within the specified module. The value is determined by the location of the traffic processor on the module. Valid entries are 1 to the value of moduleNumTrafficProcessors for the specified module. Access RO SYNTAX INTEGER (1...
Appendix B Traffic Processor Group: trafficProcessorGrp (pcubeSEObjs 9) tpNumActiveFlowsPeakTime (tpInfoEntry 7) The time (in hundredths of a second) since the tpNumActiveFlowsPeak value occurred. Access RO SYNTAX TimeTicks tpNumTcpActiveFlows (tpInfoEntry 8) The number of TCP flows currently being handled by this traffic processor Access RO SYNTAX Unsigned32 (0...
Appendix B Traffic Processor Group: trafficProcessorGrp (pcubeSEObjs 9) tpNumUdpActiveFlowsPeakTime (tpInfoEntry 13) The time (in hundredths of a second) since the tpNumUdpActiveFlowsPeak value occurred. Access RO SYNTAX TimeTicks tpNumNonTcpUdpActiveFlows (tpInfoEntry 14) The number of non TCP/UDP flows currently being handled by the traffic processor. Access RO SYNTAX Unsigned32 (0...
Appendix B Traffic Processor Group: trafficProcessorGrp (pcubeSEObjs 9) tpTotalNumBlockedFlows (tpInfoEntry 18) The accumulated number of flows discarded by the traffic processor according to application blocking rules. Access RO SYNTAX Unsigned32 (0...4294967295) tpTotalNumDiscardedPacketsDueToBwLimit (tpInfoEntry 19) The accumulated number of packets discarded by the traffic processor due to subscriber bandwidth limitations. Access RO SYNTAX Unsigned32 (0...
Appendix B Traffic Processor Group: trafficProcessorGrp (pcubeSEObjs 9) tpTotalNumIpCrcErrPackets (tpInfoEntry 23) The accumulated number of packets with IP CRC error handled by the traffic processor. Access RO SYNTAX Unsigned32 (0...4294967295) tpTotalNumIpLengthErrPackets (tpInfoEntry 24) The accumulated number of packets with IP length error handled by the traffic processor. Access RO SYNTAX Unsigned32 (0...
Appendix B Traffic Processor Group: trafficProcessorGrp (pcubeSEObjs 9) tpHandledPacketsRate (tpInfoEntry 29) The rate in packets per second of the packets handled by this traffic processor.. Access RO SYNTAX Unsigned32 (0... 4294967295) tpHandledPacketsRatePeak (tpInfoEntry 30) The peak value of tpHandledPacketsRate since the last time it was cleared or the system started. Access RO SYNTAX Unsigned32 (0...
Appendix B Traffic Processor Group: trafficProcessorGrp (pcubeSEObjs 9) tpCpuUtilization (tpInfoEntry 35) The current percentage of CPU utilization Access RO SYNTAX INTEGER (1..100) tpCpuUtilizationPeak (tpInfoEntry 36) The peak value of tpCpuUtilization since the last time it was cleared or the system started. Access RO SYNTAX INTEGER (1..100) tpCpuUtilizationPeakTime (tpInfoEntry 37) The time (in hundredths of a second) since the pCpuUtilizationPeak value occurred.
Appendix B Traffic Processor Group: trafficProcessorGrp (pcubeSEObjs 9) tpFlowsCapacityUtilizationPeakTime (tpInfoEntry 40) The time (in hundredths of a second) since the tpFlowsCapacityUtilizationPeak value occurred. Access RO SYNTAX TimeTicks SCE 1000 2xGBE Release 2.0.
Appendix B Port Group: portGrp (pcubeSEObjs 10) Port Group: portGrp (pcubeSEObjs 10) The Port group provides data regarding the port, such as its type and speed. portTable (portGrp 1) A list of port entries. The number of entries is determined by the number of modules in the chassis and the number of ports on each module. Access not-accessible SYNTAX Sequence of portEntry portEntry (portTable 1) Entry containing information for a specified port on a module.
Appendix B Port Group: portGrp (pcubeSEObjs 10) portModuleIndex (portEntry 1) An index value (moduleIndex) that uniquely identifies the module where the port is located. Access RO SYNTAX INTEGER (1..255) portIndex (portEntry 2) An index value that uniquely identifies the port within the specified module. The value is determined by the location of the port on the module. Valid entries are 1 to the value of moduleNumPorts for this module. Access RO SYNTAX INTEGER (1..
Appendix B Port Group: portGrp (pcubeSEObjs 10) portAdminSpeed (portEntry 6) The desired speed of the port. The current operational speed of the port can be determined from ifSpeed. Access RO SYNTAX INTEGER { 1 (autoNegotiation): 10000000 (s10000000): 10 Mbps 100000000 (s100000000): 100 Mbps 1000000000 (s1000000000): 1 Gbps } portAdminDuplex (portEntry 7) The desired duplex of the port.
Appendix B Port Group: portGrp (pcubeSEObjs 10) portLinkIndex (portEntry 9) The linkIndex of the link to which this port belongs. Value of 0 indicates that this port is not associated with any link. Value of -1 indicates that this port is associated with multiple links. Access RO SYNTAX INTEGER (-1..255) portOperStatus (portEntry 10) The status of the port. If the port is down, the reason is indicated.
Appendix B Transmit Queues Group: txQueuesGrp (pcubeSEObjs 11) Transmit Queues Group: txQueuesGrp (pcubeSEObjs 11) The Transmit Queues group provides data regarding the transmit queue counters. txQueuesTable (txQueuesGrp 1) A list of information for each SCE transmit queue. Access not-accessible SYNTAX Sequence of txQueuesEntry txQueuesEntry (txQueuesTable 1) Entry containing information for a specified SCE transmit queue.
Appendix B Transmit Queues Group: txQueuesGrp (pcubeSEObjs 11) txQueuesPortIndex (txQueuesEntry 2) An index value that uniquely identifies the port on which the queue is located. Access RO SYNTAX INTEGER (1..255) txQueuesQueueIndex (txQueuesEntry 3) An index value that uniquely identifies the queue within the specified port. The value is determined by the location of the queue on the port. Valid entries are 1 to the value of portNumTxQueues for the specified port. Access RO SYNTAX INTEGER (1..
Appendix B Transmit Queues Group: txQueuesGrp (pcubeSEObjs 11) txQueuesUtilizationPeak (txQueuesEntry 7) The peak value of txQueuesUtilization since the last time it was cleared or the system started. Access RO SYNTAX INTEGER (0...100) txQueuesUtilizationPeakTime (txQueuesEntry 8) The time (in hundredths of a second) since the txQueuesUtilizationPeak value occurred.
Appendix B Global Controllers Group: globalControllersGrp (pcubeSEObjs 12) Global Controllers Group: globalControllersGrp (pcubeSEObjs 12) The Global Controllers group provides data regarding the Global Controllers configuration and counters. globalControllersTable (globalControllersGrp 1) A list of information for each global controller.
Appendix B Global Controllers Group: globalControllersGrp (pcubeSEObjs 12) globalControllersPortIndex (globalControllersEntry 2) An index value that uniquely identifies the port on which the Global Controller is located. Access RO SYNTAX INTEGER (1..255) globalControllersIndex (globalControllersEntry 3) An index value that uniquely identifies this Global Controller within the specified port. Access RO SYNTAX INTEGER (1..
Appendix B Global Controllers Group: globalControllersGrp (pcubeSEObjs 12) globalControllersUtilizationPeakTime (globalControllersEntry 8) The time (in hundredths of a second) since the globalControllersUtilizationPeak value occurred. Access RO SYNTAX TimeTicks globalControllersClearCountersTime (globalControllersEntry 9) The time (in hundredths of a second) since the Global Controller statistics counters were last cleared. Writing a 0 to this object causes the Global Controller counters to be cleared.
Appendix B Application Group: applicationGrp (pcubeSEObjs 13) Application Group: applicationGrp (pcubeSEObjs 13) The Application group indicates which application is installed in the SCE Platform, and what the properties of the application and values of those properties are. appInfoTable (applicationGrp 1) Information identifying the application that is currently installed in the SCE Platform.
Appendix B Application Group: applicationGrp (pcubeSEObjs 13) appVersion (appInfoEntry 3) Version information for the application currently installed in the SCE Platform. Access RO SYNTAX DisplayString appPropertiesTable (applicationGrp 2) List of all properties available for the application. The table is cleared when the application is unloaded.
Appendix B Application Group: applicationGrp (pcubeSEObjs 13) apName (appPropertiesEntry 2) Name of the property. Access RO SYNTAX DisplayString apType (appPropertiesEntry 3) Property type in respect to: variable type (integer, boolean, string etc), number of elements (scalar or array), and restrictions, if any. Access RO SYNTAX DisplayString appPropertiesValuesTable (applicationGrp 3) The applications properties value table is used to provide specific values for the applications properties.
Appendix B Application Group: applicationGrp (pcubeSEObjs 13) appPropertiesValueEntry (appPropertiesValueTable 1) Entry providing information on the value of one of the specified application properties. Access not-accessible INDEX {moduleIndex, apvIndex} SYNTAX SEQUENCE { apvIndex apvPropertyName apvRowStatus apvPropertyStringValue apvPropertyUintValue apvPropertyCounter64Value } apvIndex (appPropertiesValueEntry 1) An index value that uniquely identifies the property. Access RO SYNTAX INTEGER (1..
Appendix B Application Group: applicationGrp (pcubeSEObjs 13) apvPropertyStringValue (appPropertiesValueEntry 4) The value of the application property in display string format. Access RO SYNTAX DisplayString (SIZE 0...128) apvPropertyUintValue (appPropertiesValueEntry 5) The value of the application property in Uint format. If the property cannot be cast to Uint format, getting this object returns zero. Access RO SYNTAX Unsigned32 (0...
Appendix B Traffic Counters Group: trafficCountersGrp (pcubeSEObjs 14) Traffic Counters Group: trafficCountersGrp (pcubeSEObjs 14) The Traffic Counters group provides information regarding the value of different the traffic counters. trafficCountersTable (trafficCountersGrp 1) A list of information for each traffic counter. Access not-accessible SYNTAX Sequence of trafficCountersEntry trafficCountersEntry (trafficCountersTable 1) Entry containing information for a specified traffic counter.
Appendix B Traffic Counters Group: trafficCountersGrp (pcubeSEObjs 14) trafficCounterName (trafficCountersEntry 3) The name of the counter. Access RO SYNTAX DisplayString trafficCounterType (trafficCountersEntry 4) Defines whether the traffic counters counts by packets (3) or by bytes (2). Access RO SYNTAX INTEGER { 1 (other): none of the following 2 (bytes): counts by bytes 3 (packets): counts by packets } SCE 1000 2xGBE Release 2.0.
Appendix B Supported Standards Supported Standards SCE 1000 supports the SNMP related standards listed in the following table. Table B-1 Supported SNMP Standards Document Name Description RFC 1155: Structure and Identification of Management Information for TCP/IP-based Internets K. McCloghrie and M. T. Rose, (May 1990). Contains MIB object definitions. (Obsoletes RFC 1065) RFC 1157: A Simple Network Management Protocol J. D. Case, M. Fedor, M. L. Schoffstall, and C. Davin, (May 1990). Defines SNMP.
Glossary of Terms A Command Line Interface (CLI) Access Control List (ACL) One of the management interfaces to the SCE Platform. It is accessed through a Telnet session or directly via the console port on the front panel of the SCE Platform. Permits or denies incoming connections on any of the management interfaces. It is an ordered list of entries, each consisting of an IP address and an optional wildcard “mask” defining an IP address range, and a permit/deny field.
Glossary of Terms In addition, a subscriber associated with the attack may be notified about the attack. The SCE 1000 maintains a list of the most active IP addresses flowing through it, with a measure of the activity of each IP address. (Activity is measured by number of flows opened to/from that address). If there are IP addresses in the table whose number of flows is above the configured threshold, these IP addresses are assumed to be attacking, or being attacked.
Glossary of Terms • cutoff S O SCE Platform optical splitter topology In this topology, the SCE 1000 does not reside physically on the data link. Data is forwarded to the SCE 1000 via an optical splitter, which splits the traffic on the link, sending all information to the SCE 1000 in parallel with its transmission through the optical splitter.
Glossary of Terms Service Control The basic Cisco concept for enabling service providers to differentiate subscribers, detect real-time events, create premium services, actively control applications, and leverage their existing infrastructure. Service Control Application An SML program that determines how the SCE Platform operates. T Tunneling Protocols A tunneling protocol adds headers to the basic protocol stack in order to route the packet across the network.
Index ? ? • A-3 [ [more | show] running-config [all-data] • A70 [more | show] startup-config • A-72 [no | default] failure-recovery operationmode mode • A-10 [no | default] snmp-server enable traps [snmp [snmp trap name]] [enterprise [enterprise trap name]] • A-29 [no] access-class number in • A-52 [no] attack-detector • A-33 [no] attack-detector default • A-32 [no] attack-filter • A-34 [no] attack-filter slot-number dont-filter • A54 [no] attack-filter slot-number force-filter • A-55 [no] attack-
Index Aging Subscribers • 8-4 Airflow • 4-4 All Modes • A-3 Anonymous Groups and Subscriber Templates • 8-5 apIndex (appPropertiesEntry 1) • B-69 apName (appPropertiesEntry 2) • B-69 appDescription (appInfoEntry 2) • B-68 appInfoEntry (appInfoTable 1) • B-67 appInfoTable (applicationGrp 1) • B-67 Application configuring • 6-44 installing • 6-44 loading and testing • 4-55 upgrading • 6-44 Application Group applicationGrp (pcubeSEObjs 13) • B-67 appName (appInfoEntry 1) • B-68 appPropertiesEntry (appProperti
Index chassisLineFeedAlarm (chassisGrp 9) • B21 chassisLineFeedAlarmOnTrap (pcubeSeEvents 36) • B-17 chassisNumSlots (chassisGrp 6) • B-20 chassisPowerSupplyAlarm (chassisGrp 2) • B-18 chassisPowerSupplyAlarmOnTrap (pcubeSeEvents 9) • B-13 chassisPsuType (chassisGrp 8) • B-20 chassisSlotConfig (chassisGrp 7) • B-20 ChassisSysType (chassisGrp 1) • B-18 chassisTempAlarm (chassisGrp 4) • B-19 chassisTempAlarmOffTrap (pcubeSeEvents 6) • B-13 chassisTempAlarmOnTrap (pcubeSeEvents 5) • B-13 chassisVoltageAlarm (
Index Configuring the Duplex Operation of the FastEthernet Interface • 6-42 Configuring the GBE Interface Parameters • 4-50 Configuring the GigabitEthernet Autonegotiation Mode • 7-16 Configuring the L2TP Environment • 7-4 Configuring the Management Interface Speed and Duplex Parameters • 6-42 Configuring the MPLS Environment • 7-4 Configuring the Physical Network Interface Parameters • 3-7 Configuring the RDR Formatter • 6-22 Configuring the RDR Formatter Categories • 6-25 Configuring the RDR Formatter De
Index External Splitting (Receive-only) Topology • 2-4 Displaying File Contents • 5-7 Displaying RDR Formatter Configuration and Statistics • 6-28 Displaying Subscriber Information • 8-15 Displaying Subscribers • 8-11 By IP Address or VLAN ID • 8-13 By Subscriber Property or Prefix • 8-12 Displaying Tunneling Configuration • 7-5 Displaying Working Directory • 5-4 Document content • xxviii conventions • xxix Document Content • xxviii Document Conventions • xxix, 10-1 Domain Name • 6-17 Domain Name (DNS) Se
Index globalControllersGrp (pcubeSEObjs 12) • B-64 globalControllersBandwidth (globalControllersEntry 5) • B-66 globalControllersClearCountersTime (globalControllersEntry 9) • B-67 globalControllersDescription (globalControllersEntry 4) • B-66 globalControllersEntry (globalControllersTable 1) • B-65 globalControllersIndex (globalControllersEntry 3) • B-66 globalControllersModuleIndex (globalControllersEntry 1) • B-65 globalControllersPortIndex (globalControllersEntry 2) • B-65 globalControllersTable (globa
Index Line Gigabit Ethernet Interfaces • 7-15 line vty start-number [end-number] • A-19 LineCard Interface Configuration Mode Commands • A-32 Link failure reflection parameter • 2-9 Link failure reflection • 2-9 Link Failure Reflection Parameter • 2-9 Link Group linkGrp (pcubeSEObjs 4) • B-26 link mode • A-36 Link mode • 2 linkAdminModeOnActive (linkEntry 3) • B28 linkAdminModeOnFailure (linkEntry 4) • B28 linkEntry (linkTable 1) • B-27 linkIndex (linkEntry 2) • B-28 linkModeBypassTrap (pcubeSeEvents 20) •
Index moduleAttackFilterDeactivatedTrap (pcubeSeEvents 26) • B-15 moduleAttackObjectsClearTime (moduleEntry 14) • B-26 moduleConnectionMode (moduleEntry 8) • B-24 moduleDownStreamAttackFilteringTime (moduleEntry 12) • B-25 moduleDownStreamLastAttackFilteringTim e (moduleEntry 13) • B-25 moduleEmAgentGenericTrap (pcubeSeEvents 27) • B-16 moduleEntry (moduleTable 1) • B-22 moduleHwVersion (moduleEntry 5) • B-24 moduleIndex (moduleEntry 1) • B-22 moduleLostRedundancyTrap (pcubeSeEvents 31) • B-16 moduleNumLin
Index and tools • 4-2 Parts list • 4-2 Passwords • 4-30, 5-16 pcubeCopyDestFileType (pcubeCopyEntry 4) • B-3 pcubeCopyEntryRowStatus (pcubeCopyEntry 2) • B-3 pcubeCopyIndex (pcubeCopyEntry 1) • B-3 pcubeCopySourceFileType (pcubeCopyEntry 3) • B-3 pcubeMgmt pcubeConfigCopyMIB • B-2 pcubeSeEventGenericString1 (pcubeSeEvents 23) • B-14 pcubeSeEventGenericString2 (pcubeSeEvents 24) • B-14 pcubeSeEvents (pcubeWorkgroup 0) • B-4 pcubeSEObjs (pcubeWorkgroup 1) • B-5 pcubeWorkgroup pcubeSeMIB • B-4 Physical Instal
Index RDR-formatter protocol protocol [forcereset] • A-22 RDR-formatter protocol RDRv2 connectiontimeout time • A-23 rdrFormatterCategoryDestEntry (rdrFormatterCategoryDestTable 1) • B-38 rdrFormatterCategoryDestPriority (rdrFormatterCategoryDestEntry 1) • B-38 rdrFormatterCategoryDestStatus (rFormatterCategoryDestEntry 2) • B-38 rdrFormatterCategoryDestTable (rdrFormatterGrp 12) • B-37 rdrFormatterCategoryEntry (rdrFormatterCategoryTable 1) • B-36 rdrFormatterCategoryIndex (rdrFormatterCategoryEntry 1) •
Index pre-installation • 4-1 site • 4-3, 4-5 Requiring Passwords • 5-16 Restricted Area Warning (DC platform only) • xxxix rmdir directory-name • A-75 S Sample Attack Detector Configuration • 910 Saving the Configuration Settings • 5-12 SCE 1000 Dimensions • 4-3 SCE Events • B-4 pcubeSeEvents • B-12 SCE Platform • 3 back panel • 4-14 front panel • 4-19 overview • 1-4 SCE Platform Configuration • 2-2 SCE Platform Management Interfaces • 6-2 SCE-MIB Structure • B-6 scm apply file file-name • A-39 script cap
Index show interface LineCard slot-number subscriber [amount] mapping included-in TP-IP-range name | IP • A-94 show interface LineCard slot-number subscriber aging anonymous|introduced • A-90 show interface LineCard slot-number subscriber anonymous [amount] [name group-name] • A-91 show interface LineCard slot-number subscriber anonymous-group [name group-name] [all] • A-91 show interface LineCard slot-number subscriber db counters • A-93 show interface LineCard slot-number subscriber mapping [amount] [IP
Index SNMP (Simple Network Management Protocol) • 4-39, 6-30 CLI • 6-37 community strings • 6-31 traps • 6-33 SNMP Community Strings • 6-31 SNMP Configuration and Management • 6-v30 SNMP Interface • 6-6 SNMP Protocol • 6-30 SNTP • 4-31, 6-13 sntp update-interval interval • A-32 sntpClockDriftWarnTrap (pcubeSeEvents 19) • B-14 Software Package Installation • 10-12 Specific Attack Detectors • 9-8 spIndex (subscribersPropertiesEntry 1) • B44 spName (subscribersPropertiesEntry 2) • B45 spType (subscribersPrope
Index subscriberPropertiesValuesTable (subscribersGrp 3) • B-45 Subscribers aging • 8-18 anonymous groups • 8-5, 8-7, 8-16 csv files • 8-5, 8-6 importing/exporting • 8-6 managing via SCE CLI • 8-1 monitoring • 8-10 removing • 8-8 templates • 8-5, 8-8 Subscribers Group subscribersGrp (pcubeSEObjs 8) • B-40 subscribersCountersClearTime (subscribersInfoEntry 13) • B-44 subscribersInfoEntry (subscribersInfoTable 1) • B-41 subscribersInfoTable (subscribersGrp 2) • B-40 subscribersNumActive (subscribersInfoEntry
Index tpCpuUtilization (tpInfoEntry 35) • B-56 tpCpuUtilizationPeak (tpInfoEntry 36) • B-56 tpCpuUtilizationPeakTime (tpInfoEntry 37) • B-57 tpFlowsCapacityUtilization (tpInfoEntry 38) • B-57 tpFlowsCapacityUtilizationPeak (tpInfoEntry 39) • B-57 tpFlowsCapacityUtilizationPeakTime (tpInfoEntry 40) • B-57 tpHandledFlowsRate (tpInfoEntry 32) • B56 tpHandledFlowsRatePeak (tpInfoEntry 33) • B-56 tpHandledFlowsRatePeakTime (tpInfoEntry 34) • B-56 tpHandledPacketsRate (tpInfoEntry 29) • B-55 tpHandledPacketsRate
Index Tunneling Protocols • 4 Tunneling, configuring • 7-2 Two Platforms on Parallel Links in Bumpin-the-Wire Topology • 2-5 txQueuesBandwidth (txQueuesEntry 5) • B63 txQueuesClearCountersTime (txQueuesEntry 9) • B-64 txQueuesDescription (txQueuesEntry 4) • B-63 txQueuesEntry (txQueuesTable 1) • B-62 txQueuesModuleIndex (txQueuesEntry 1) • B-62 txQueuesPortIndex (txQueuesEntry 2) • B-62 txQueuesQueueIndex (txQueuesEntry 3) • B-63 txQueuesTable (txQueuesGrp 1) • B-61 txQueuesUtilization (txQueuesEntry 6) •
