Specifications
Table Of Contents
- Cisco SCE 2000 and SCE 1000 CLI Command Reference
- Contents
- About this Guide
- Introduction
- Audience
- Document Revision History
- Organization
- Related Publications
- Conventions
- Obtaining Documentation and Submitting a Service Request
- Introduction
- Authorization and Command Levels (Hierarchy)
- CLI Help Features
- Navigational and Shortcut Features
- Managing Command Output
- Creating a CLI Script
- Introduction
- ?
- aaa accounting commands
- aaa authentication attempts
- aaa authentication enable default
- aaa authentication login default
- accelerate-packet-drops
- access-class
- access-list
- active-port
- application slot replace force completion
- asymmetric-L2-support
- attack-detector default
- attack-detector
- attack-detector
- attack-detector TCP-port-list|UDP-port-list
- attack-filter
- attack-filter dont-filter | force-filter
- attack-filter subscriber-notification ports
- auto-fail-over
- auto-negotiate
- bandwidth
- blink
- boot system
- calendar set
- cd
- clear arp-cache
- clear interface linecard counters
- clear interface linecard flow-filter
- clear interface linecard mac-resolver arp-cache
- clear interface linecard mpls vpn
- clear interface linecard subscriber
- clear interface linecard subscriber db counters
- clear interface linecard TpReportCounters
- clear interface linecard traffic-counter
- clear interface linecard vas-traffic-forwarding vas counters health-check
- clear interface linecard vpn
- clear interface linecard vpn name upstream-mpls all
- clear interface range
- clear logger
- clear management-agent notifications counters
- clear rdr-formatter
- clear scmp name counters
- clock read-calendar
- clock set
- clock summertime
- clock timezone
- clock update-calendar
- configure
- connection-mode (SCE 1000 platform)
- connection-mode (SCE 2000 platform)
- copy
- copy ftp://
- copy-passive
- copy running-config-application startup-config-application
- copy running-config-party-db startup-config-party-db
- copy running-config startup-config
- copy source-file ftp://
- copy source-file startup-config
- copy startup-config destination-file
- copy startup-config-party-db backupfile
- cpa-client destination
- cpa-client retries
- default subscriber template all
- delete
- dir
- disable
- do
- duplex
- enable
- enable password
- end
- erase startup-config-all
- exit
- failure-recovery operation-mode
- flow-capture
- flow-capture controllers
- force failure-condition (SCE 2000 only)
- help
- history
- history size
- hostname
- interface gigabitethernet
- interface linecard
- interface mng
- interface range gigabitethernet
- ip access-class
- ip address
- ip advertising
- ip default-gateway
- ip domain-lookup
- ip domain-name
- ip filter fragment
- ip filter monitor
- ip ftp password
- ip ftp username
- ip host
- ip name-server
- ip radius-client retry limit
- ip route
- ip rpc-adapter
- ip rpc-adapter port
- ip rpc-adaptor security-level
- ip ssh
- ip ssh access-class
- ip ssh key
- ip-tunnel IPinIP DSCP-marking-skip
- ip-tunnel IPinIP skip
- ip-tunnel l2tp skip
- l2tp identify-by
- line vty
- link failure-reflection
- link mode
- link port-enhanced-recovery
- logger add-user-message
- logger device
- logger device user-file-log max-file-size
- logger get support-file
- logger get user-log file-name
- logging facility
- logging host
- logging message-counter
- logging on
- logging rate-limit
- logging trap
- logout
- mac-resolver arp
- management-agent sce-api ignore-cascade-violation
- management-agent sce-api logging
- management-agent sce-api timeout
- management-agent system
- mkdir
- more
- more running-config-all
- more running-config-application
- more running-config-party-db
- more startup-config-all
- more startup-config-application
- more startup-config-party-db
- more user-log
- mpls
- mpls vpn pe-id
- no mpls vpn pe-database
- no subscriber
- no subscriber mappings included-in
- party mapping ip-address name
- party mapping ip-range
- party name
- party template index
- periodic-records aggregate-by-cpu
- ping
- pqi install file
- pqi rollback file
- pqi uninstall file
- pqi upgrade file
- pwd
- queue
- rdr-formatter category number buffer-size
- rdr-formatter category number name
- rdr-formatter destination
- rdr-formatter destination protocol NetflowV9 template data timeout
- rdr-formatter forwarding-mode
- rdr-formatter history-size
- rdr-formatter protocol
- rdr-formatter protocol NetflowV9 dscp
- rdr-formatter rdr-mapping
- reload
- reload shutdown
- rename
- rmdir
- salt
- sce-url-database add-entry
- sce-url-database import
- sce-url-database protection
- sce-url-database remove-all
- scmp
- scmp keepalive-interval
- scmp loss-of-sync-timeout
- scmp name
- scmp reconnect-interval
- scmp subscriber force-single-sce
- scmp subscriber id append-to-guid
- scmp subscriber send-session-start
- script capture
- script print
- script run
- script stop
- service-bandwidth-prioritization-mode
- service password-encryption
- service rdr-formatter
- service telnetd
- service timestamps
- setup
- show access-lists
- show applications slot tunable
- show blink
- show calendar
- show clock
- show failure-recovery operation-mode
- show hostname
- show hosts
- show interface gigabitethernet
- show interface linecard
- show interface linecard accelerate-packet-drops
- show interface linecard application
- show interface linecard asymmetric-L2-support
- show interface linecard asymmetric-routing-topology
- show interface linecard attack-detector
- show interface linecard attack-filter
- show interface linecard cascade connection-status
- show interface linecard cascade peer-sce-information
- show interface linecard cascade redundancy-status
- show interface linecard connection-mode
- show interface linecard counters
- show interface linecard cpa-client
- show interface linecard duplicate-packets-mode
- show interface linecard flow-capture
- show interface linecard flow-open-mode
- show interface linecard ip-tunnel
- show interface linecard ip-tunnel IPinIP
- show interface linecard l2tp
- show interface linecard link mode
- show interface linecard link-to-port-mappings
- show interface linecard mac-mapping
- show interface linecard mac-resolver arp
- show interface linecard mpls
- show interface linecard mpls vpn
- show interface linecard periodic-records aggregation
- show interface linecard physically-connected-links (SCE 2000 only)
- show interface linecard sce-url-database
- show interface linecard sce-url-database protection
- show interface linecard service-bandwidth-prioritization-mode
- show interface linecard shutdown
- show interface linecard silent
- show interface linecard subscriber
- show interface linecard subscriber aging
- show interface linecard subscriber anonymous
- show interface linecard subscriber anonymous-group
- show interface linecard subscriber db counters
- show interface linecard subscriber mapping
- show interface linecard subscriber name
- show interface linecard subscriber name breach-state
- show interface linecard subscriber name bucket-state
- show interface linecard subscriber name bucket-state id
- show interface linecard subscriber properties
- show interface linecard subscriber sm-connection-failure
- show interface linecard subscriber templates
- show interface linecard subscriber tp-mappings statistics
- show interface linecard subscriber tp-ip-range
- show interface linecard subscriber mapping included-in tp-ip-range
- show interface linecard subscriber max-subscribers
- show interface linecard tos-marking
- show interface linecard TpReportCounters
- show interface linecard traffic-counter
- show interface linecard traffic-rule
- show interface linecard vas-traffic-forwarding
- show interface linecard virtual-links
- show interface linecard vlan
- show interface linecard vlan translation
- show interface linecard vpn
- show interface linecard wap
- show interface mng
- show inventory
- show ip access-class
- show ip advertising
- show ip default-gateway
- show ip filter
- show ip radius-client
- show ip route
- show ip rpc-adapter
- show ip ssh
- show line vty
- show log
- show logger device
- show management-agent
- show management-agent sce-api quota
- show party name
- show pqi file
- show pqi last-installed
- show rdr-formatter
- show rdr-formatter connection-status
- show rdr-formatter counters
- show rdr-formatter destination
- show rdr-formatter enabled
- show rdr-formatter forwarding-mode
- show rdr-formatter history-size
- show rdr-formatter protocol NetflowV9 dscp
- show rdr-formatter rdr-mapping
- show rdr-formatter statistics
- show running-config
- show running-config-all
- show running-config-application
- show running-config-party-db
- show scmp
- show snmp
- show snmp community
- show snmp contact
- show snmp enabled
- show snmp host
- show snmp location
- show snmp mib
- show snmp traps
- show sntp
- show startup-config
- show startup-config-all
- show startup-config-application
- show startup-config-party-db
- show system operation-status
- show system-uptime
- show tacacs
- show telnet sessions
- show telnet status
- show timezone
- show users
- show version
- show version all
- show version software
- silent
- snmp-server
- snmp-server community
- snmp-server contact
- snmp-server enable traps
- snmp-server host
- snmp-server interface
- snmp-server location
- sntp broadcast client
- sntp server
- sntp update-interval
- speed
- subscriber aging
- subscriber anonymous-group export csv-file
- subscriber anonymous-group import csv-file
- subscriber anonymous-group name ip-range
- subscriber capacity-options
- subscriber downstream-split-flow-pull
- subscriber export csv-file
- subscriber import csv-file
- subscriber ip-linger-stats
- subscriber ip-linger-time
- subscriber max-subscribers
- subscriber name property
- subscriber sm-connection-failure
- subscriber template export csv-file
- subscriber template import csv-file
- subscriber tp-mappings
- subscriber tp-ip-range name ip-range target-tp
- subscriber tp-ip-range {import | export} csv-file
- tacacs-server host
- tacacs-server key
- tacacs-server timeout
- telnet
- timeout
- tracert
- traffic-counter
- traffic-rule
- tunable value
- unzip
- username
- username privilege
- vas-traffic-forwarding
- vas-traffic-forwarding traffic-link
- vas-traffic-forwarding traffic-link auto-select
- vas-traffic-forwarding vas health-check
- vas-traffic-forwarding vas server-id health-check
- vas-traffic-forwarding vas server-id vlan
- vas-traffic-forwarding vas server-group
- vas-traffic-forwarding vas server-group failure
- vas-traffic-forwarding vas server-id
- virtual-links index direction
- vlan
- vlan translation
- wap
2-140
Cisco SCE 2000 and SCE 1000 CLI Command Reference
OL-26797-03
Chapter 2 CLI Command Reference
ip filter monitor
ip filter monitor
Configures the limits for permitted and not-permitted IP address transmission rates.
ip filter monitor [permitted | ip_not_permitted] low_rate low_rate high_rate high_rate burst
burst size
Syntax Description
Command Default low rate = 20 Mbps
high rate = 20 Mbps
burst size = 10 seconds
Command Modes Global configuration
Command History This table includes the following release-specific history entries:
Usage Guidelines Management security is defined as the capability of the SCE platform to cope with malicious
management conditions that might lead to global service failure.
There are two parallel security mechanisms:
• Automatic security mechanism — monitors the TCP/IP stack rate at 200 msec intervals and throttles
the rate from the device if necessary.
• User-configurable security mechanism — accomplished via two IP filters at user-configurable
intervals:
–
IP fragment filter: Drops all IP fragment packets
Use the ip filter fragment command to enable the IP fragment filter.
–
IP filter monitor: Measures the rate of accepted and dropped packets for both permitted and
not-permitted IP addresses.
This command configures the IP filter monitor.
Use the ip permitted keyword to apply configured limits to permitted IP addresses.
Use the ip not-permitted keyword to apply configured limits to not-permitted IP addresses.
low_rate Lower threshold; the rate in Mbps that indicates the attack is no longer
present
high_rate Upper threshold; the rate in Mbps that indicates the presence of an attack
burst size Duration of the interval in seconds that the high and low rates must be
detected in order for the threshold rate to be considered to have been
reached
Release Modification
3.0.0 This command was introduced.