Specifications
Table Of Contents
- Cisco SCE 2000 and SCE 1000 CLI Command Reference
- Contents
- About this Guide
- Introduction
- Audience
- Document Revision History
- Organization
- Related Publications
- Conventions
- Obtaining Documentation and Submitting a Service Request
- Introduction
- Authorization and Command Levels (Hierarchy)
- CLI Help Features
- Navigational and Shortcut Features
- Managing Command Output
- Creating a CLI Script
- Introduction
- ?
- aaa accounting commands
- aaa authentication attempts
- aaa authentication enable default
- aaa authentication login default
- accelerate-packet-drops
- access-class
- access-list
- active-port
- application slot replace force completion
- asymmetric-L2-support
- attack-detector default
- attack-detector
- attack-detector
- attack-detector TCP-port-list|UDP-port-list
- attack-filter
- attack-filter dont-filter | force-filter
- attack-filter subscriber-notification ports
- auto-fail-over
- auto-negotiate
- bandwidth
- blink
- boot system
- calendar set
- cd
- clear arp-cache
- clear interface linecard counters
- clear interface linecard flow-filter
- clear interface linecard mac-resolver arp-cache
- clear interface linecard mpls vpn
- clear interface linecard subscriber
- clear interface linecard subscriber db counters
- clear interface linecard TpReportCounters
- clear interface linecard traffic-counter
- clear interface linecard vas-traffic-forwarding vas counters health-check
- clear interface linecard vpn
- clear interface linecard vpn name upstream-mpls all
- clear interface range
- clear logger
- clear management-agent notifications counters
- clear rdr-formatter
- clear scmp name counters
- clock read-calendar
- clock set
- clock summertime
- clock timezone
- clock update-calendar
- configure
- connection-mode (SCE 1000 platform)
- connection-mode (SCE 2000 platform)
- copy
- copy ftp://
- copy-passive
- copy running-config-application startup-config-application
- copy running-config-party-db startup-config-party-db
- copy running-config startup-config
- copy source-file ftp://
- copy source-file startup-config
- copy startup-config destination-file
- copy startup-config-party-db backupfile
- cpa-client destination
- cpa-client retries
- default subscriber template all
- delete
- dir
- disable
- do
- duplex
- enable
- enable password
- end
- erase startup-config-all
- exit
- failure-recovery operation-mode
- flow-capture
- flow-capture controllers
- force failure-condition (SCE 2000 only)
- help
- history
- history size
- hostname
- interface gigabitethernet
- interface linecard
- interface mng
- interface range gigabitethernet
- ip access-class
- ip address
- ip advertising
- ip default-gateway
- ip domain-lookup
- ip domain-name
- ip filter fragment
- ip filter monitor
- ip ftp password
- ip ftp username
- ip host
- ip name-server
- ip radius-client retry limit
- ip route
- ip rpc-adapter
- ip rpc-adapter port
- ip rpc-adaptor security-level
- ip ssh
- ip ssh access-class
- ip ssh key
- ip-tunnel IPinIP DSCP-marking-skip
- ip-tunnel IPinIP skip
- ip-tunnel l2tp skip
- l2tp identify-by
- line vty
- link failure-reflection
- link mode
- link port-enhanced-recovery
- logger add-user-message
- logger device
- logger device user-file-log max-file-size
- logger get support-file
- logger get user-log file-name
- logging facility
- logging host
- logging message-counter
- logging on
- logging rate-limit
- logging trap
- logout
- mac-resolver arp
- management-agent sce-api ignore-cascade-violation
- management-agent sce-api logging
- management-agent sce-api timeout
- management-agent system
- mkdir
- more
- more running-config-all
- more running-config-application
- more running-config-party-db
- more startup-config-all
- more startup-config-application
- more startup-config-party-db
- more user-log
- mpls
- mpls vpn pe-id
- no mpls vpn pe-database
- no subscriber
- no subscriber mappings included-in
- party mapping ip-address name
- party mapping ip-range
- party name
- party template index
- periodic-records aggregate-by-cpu
- ping
- pqi install file
- pqi rollback file
- pqi uninstall file
- pqi upgrade file
- pwd
- queue
- rdr-formatter category number buffer-size
- rdr-formatter category number name
- rdr-formatter destination
- rdr-formatter destination protocol NetflowV9 template data timeout
- rdr-formatter forwarding-mode
- rdr-formatter history-size
- rdr-formatter protocol
- rdr-formatter protocol NetflowV9 dscp
- rdr-formatter rdr-mapping
- reload
- reload shutdown
- rename
- rmdir
- salt
- sce-url-database add-entry
- sce-url-database import
- sce-url-database protection
- sce-url-database remove-all
- scmp
- scmp keepalive-interval
- scmp loss-of-sync-timeout
- scmp name
- scmp reconnect-interval
- scmp subscriber force-single-sce
- scmp subscriber id append-to-guid
- scmp subscriber send-session-start
- script capture
- script print
- script run
- script stop
- service-bandwidth-prioritization-mode
- service password-encryption
- service rdr-formatter
- service telnetd
- service timestamps
- setup
- show access-lists
- show applications slot tunable
- show blink
- show calendar
- show clock
- show failure-recovery operation-mode
- show hostname
- show hosts
- show interface gigabitethernet
- show interface linecard
- show interface linecard accelerate-packet-drops
- show interface linecard application
- show interface linecard asymmetric-L2-support
- show interface linecard asymmetric-routing-topology
- show interface linecard attack-detector
- show interface linecard attack-filter
- show interface linecard cascade connection-status
- show interface linecard cascade peer-sce-information
- show interface linecard cascade redundancy-status
- show interface linecard connection-mode
- show interface linecard counters
- show interface linecard cpa-client
- show interface linecard duplicate-packets-mode
- show interface linecard flow-capture
- show interface linecard flow-open-mode
- show interface linecard ip-tunnel
- show interface linecard ip-tunnel IPinIP
- show interface linecard l2tp
- show interface linecard link mode
- show interface linecard link-to-port-mappings
- show interface linecard mac-mapping
- show interface linecard mac-resolver arp
- show interface linecard mpls
- show interface linecard mpls vpn
- show interface linecard periodic-records aggregation
- show interface linecard physically-connected-links (SCE 2000 only)
- show interface linecard sce-url-database
- show interface linecard sce-url-database protection
- show interface linecard service-bandwidth-prioritization-mode
- show interface linecard shutdown
- show interface linecard silent
- show interface linecard subscriber
- show interface linecard subscriber aging
- show interface linecard subscriber anonymous
- show interface linecard subscriber anonymous-group
- show interface linecard subscriber db counters
- show interface linecard subscriber mapping
- show interface linecard subscriber name
- show interface linecard subscriber name breach-state
- show interface linecard subscriber name bucket-state
- show interface linecard subscriber name bucket-state id
- show interface linecard subscriber properties
- show interface linecard subscriber sm-connection-failure
- show interface linecard subscriber templates
- show interface linecard subscriber tp-mappings statistics
- show interface linecard subscriber tp-ip-range
- show interface linecard subscriber mapping included-in tp-ip-range
- show interface linecard subscriber max-subscribers
- show interface linecard tos-marking
- show interface linecard TpReportCounters
- show interface linecard traffic-counter
- show interface linecard traffic-rule
- show interface linecard vas-traffic-forwarding
- show interface linecard virtual-links
- show interface linecard vlan
- show interface linecard vlan translation
- show interface linecard vpn
- show interface linecard wap
- show interface mng
- show inventory
- show ip access-class
- show ip advertising
- show ip default-gateway
- show ip filter
- show ip radius-client
- show ip route
- show ip rpc-adapter
- show ip ssh
- show line vty
- show log
- show logger device
- show management-agent
- show management-agent sce-api quota
- show party name
- show pqi file
- show pqi last-installed
- show rdr-formatter
- show rdr-formatter connection-status
- show rdr-formatter counters
- show rdr-formatter destination
- show rdr-formatter enabled
- show rdr-formatter forwarding-mode
- show rdr-formatter history-size
- show rdr-formatter protocol NetflowV9 dscp
- show rdr-formatter rdr-mapping
- show rdr-formatter statistics
- show running-config
- show running-config-all
- show running-config-application
- show running-config-party-db
- show scmp
- show snmp
- show snmp community
- show snmp contact
- show snmp enabled
- show snmp host
- show snmp location
- show snmp mib
- show snmp traps
- show sntp
- show startup-config
- show startup-config-all
- show startup-config-application
- show startup-config-party-db
- show system operation-status
- show system-uptime
- show tacacs
- show telnet sessions
- show telnet status
- show timezone
- show users
- show version
- show version all
- show version software
- silent
- snmp-server
- snmp-server community
- snmp-server contact
- snmp-server enable traps
- snmp-server host
- snmp-server interface
- snmp-server location
- sntp broadcast client
- sntp server
- sntp update-interval
- speed
- subscriber aging
- subscriber anonymous-group export csv-file
- subscriber anonymous-group import csv-file
- subscriber anonymous-group name ip-range
- subscriber capacity-options
- subscriber downstream-split-flow-pull
- subscriber export csv-file
- subscriber import csv-file
- subscriber ip-linger-stats
- subscriber ip-linger-time
- subscriber max-subscribers
- subscriber name property
- subscriber sm-connection-failure
- subscriber template export csv-file
- subscriber template import csv-file
- subscriber tp-mappings
- subscriber tp-ip-range name ip-range target-tp
- subscriber tp-ip-range {import | export} csv-file
- tacacs-server host
- tacacs-server key
- tacacs-server timeout
- telnet
- timeout
- tracert
- traffic-counter
- traffic-rule
- tunable value
- unzip
- username
- username privilege
- vas-traffic-forwarding
- vas-traffic-forwarding traffic-link
- vas-traffic-forwarding traffic-link auto-select
- vas-traffic-forwarding vas health-check
- vas-traffic-forwarding vas server-id health-check
- vas-traffic-forwarding vas server-id vlan
- vas-traffic-forwarding vas server-group
- vas-traffic-forwarding vas server-group failure
- vas-traffic-forwarding vas server-id
- virtual-links index direction
- vlan
- vlan translation
- wap
2-268
Cisco SCE 2000 and SCE 1000 CLI Command Reference
OL-26797-03
Chapter 2 CLI Command Reference
sce-url-database protection
Command History This table includes the following release-specific history entries:
Usage Guidelines When the protected URL database is protected, one user is designated as the owner of the database and
only that user can execute the protection CLI commands on the database; the database manipulation
commands then being restricted according to the owner configuration. This requires defining the AAA
authorization method (either based on local users or based on a TACACS+ server, etc.) and defining at
least one user who should be assigned to be the owner of the database.
If the database is defined to be protected, none of the database information (including the owner, the
database entries, and the authorization information itself) is accessible to any users, including the
relevant saved configuration in the log files and in the relevant SCA BB reports. The database-owner
user may change the authorizations using the CLI; however, when any of the protections are relaxed (or
all of the protections are relaxed by removing the protections entirely) the database is reset.
In order to ensure the secrecy of the database information, the database entries may be imported to the
SCE (using the CLI) in an encrypted form using 128-, 192-, or 256-bit key length AES. The key may be
set or updated using the appropriate CLI command; typically, this command should be run over a secure
Telnet session.
User Authorization Guidelines:
• The default user cannot be the owner.
• When there is no designated owner, the sce-url-database is unprotected and the contents can be read
and modified by any user.
• Only the owner can configure the protection settings. If there is no owner, the database is
unprotected and any user has read and write permissions. A user may be configured to be the owner
of the database only while no owner user is designated for the database.
• When any protection setting is relaxed, the database is reset. Protection is relaxed in the following
cases:
–
Protection is removed completely using the no sce-url-database protection command.
–
Write permission is changed from owner-only to all-users.
–
Lookup permission is changed from no-user to owner-only.
• The sce-url-database configuration information is not accessible as part of the running config and
startup config files.
–
Protected information is not displayed when a show or more command is executed on the config
files.
–
Protected information is included when a copy command is executed on the config files.
Authorization: admin
Examples The following example shows how to configure protected URL database protection.
SCE>enable 10
Password:<cisco>
SCE#>configure
SCE(config)#interface linecard 0
SCE(config if)#
sce-url-database protection owner myself
Release Modification
3.5.0 This command was introduced.