Specifications
Table Of Contents
- Cisco SCE 2000 and SCE 1000 CLI Command Reference
- Contents
- About this Guide
- Introduction
- Audience
- Document Revision History
- Organization
- Related Publications
- Conventions
- Obtaining Documentation and Submitting a Service Request
- Introduction
- Authorization and Command Levels (Hierarchy)
- CLI Help Features
- Navigational and Shortcut Features
- Managing Command Output
- Creating a CLI Script
- Introduction
- ?
- aaa accounting commands
- aaa authentication attempts
- aaa authentication enable default
- aaa authentication login default
- accelerate-packet-drops
- access-class
- access-list
- active-port
- application slot replace force completion
- asymmetric-L2-support
- attack-detector default
- attack-detector
- attack-detector
- attack-detector TCP-port-list|UDP-port-list
- attack-filter
- attack-filter dont-filter | force-filter
- attack-filter subscriber-notification ports
- auto-fail-over
- auto-negotiate
- bandwidth
- blink
- boot system
- calendar set
- cd
- clear arp-cache
- clear interface linecard counters
- clear interface linecard flow-filter
- clear interface linecard mac-resolver arp-cache
- clear interface linecard mpls vpn
- clear interface linecard subscriber
- clear interface linecard subscriber db counters
- clear interface linecard TpReportCounters
- clear interface linecard traffic-counter
- clear interface linecard vas-traffic-forwarding vas counters health-check
- clear interface linecard vpn
- clear interface linecard vpn name upstream-mpls all
- clear interface range
- clear logger
- clear management-agent notifications counters
- clear rdr-formatter
- clear scmp name counters
- clock read-calendar
- clock set
- clock summertime
- clock timezone
- clock update-calendar
- configure
- connection-mode (SCE 1000 platform)
- connection-mode (SCE 2000 platform)
- copy
- copy ftp://
- copy-passive
- copy running-config-application startup-config-application
- copy running-config-party-db startup-config-party-db
- copy running-config startup-config
- copy source-file ftp://
- copy source-file startup-config
- copy startup-config destination-file
- copy startup-config-party-db backupfile
- cpa-client destination
- cpa-client retries
- default subscriber template all
- delete
- dir
- disable
- do
- duplex
- enable
- enable password
- end
- erase startup-config-all
- exit
- failure-recovery operation-mode
- flow-capture
- flow-capture controllers
- force failure-condition (SCE 2000 only)
- help
- history
- history size
- hostname
- interface gigabitethernet
- interface linecard
- interface mng
- interface range gigabitethernet
- ip access-class
- ip address
- ip advertising
- ip default-gateway
- ip domain-lookup
- ip domain-name
- ip filter fragment
- ip filter monitor
- ip ftp password
- ip ftp username
- ip host
- ip name-server
- ip radius-client retry limit
- ip route
- ip rpc-adapter
- ip rpc-adapter port
- ip rpc-adaptor security-level
- ip ssh
- ip ssh access-class
- ip ssh key
- ip-tunnel IPinIP DSCP-marking-skip
- ip-tunnel IPinIP skip
- ip-tunnel l2tp skip
- l2tp identify-by
- line vty
- link failure-reflection
- link mode
- link port-enhanced-recovery
- logger add-user-message
- logger device
- logger device user-file-log max-file-size
- logger get support-file
- logger get user-log file-name
- logging facility
- logging host
- logging message-counter
- logging on
- logging rate-limit
- logging trap
- logout
- mac-resolver arp
- management-agent sce-api ignore-cascade-violation
- management-agent sce-api logging
- management-agent sce-api timeout
- management-agent system
- mkdir
- more
- more running-config-all
- more running-config-application
- more running-config-party-db
- more startup-config-all
- more startup-config-application
- more startup-config-party-db
- more user-log
- mpls
- mpls vpn pe-id
- no mpls vpn pe-database
- no subscriber
- no subscriber mappings included-in
- party mapping ip-address name
- party mapping ip-range
- party name
- party template index
- periodic-records aggregate-by-cpu
- ping
- pqi install file
- pqi rollback file
- pqi uninstall file
- pqi upgrade file
- pwd
- queue
- rdr-formatter category number buffer-size
- rdr-formatter category number name
- rdr-formatter destination
- rdr-formatter destination protocol NetflowV9 template data timeout
- rdr-formatter forwarding-mode
- rdr-formatter history-size
- rdr-formatter protocol
- rdr-formatter protocol NetflowV9 dscp
- rdr-formatter rdr-mapping
- reload
- reload shutdown
- rename
- rmdir
- salt
- sce-url-database add-entry
- sce-url-database import
- sce-url-database protection
- sce-url-database remove-all
- scmp
- scmp keepalive-interval
- scmp loss-of-sync-timeout
- scmp name
- scmp reconnect-interval
- scmp subscriber force-single-sce
- scmp subscriber id append-to-guid
- scmp subscriber send-session-start
- script capture
- script print
- script run
- script stop
- service-bandwidth-prioritization-mode
- service password-encryption
- service rdr-formatter
- service telnetd
- service timestamps
- setup
- show access-lists
- show applications slot tunable
- show blink
- show calendar
- show clock
- show failure-recovery operation-mode
- show hostname
- show hosts
- show interface gigabitethernet
- show interface linecard
- show interface linecard accelerate-packet-drops
- show interface linecard application
- show interface linecard asymmetric-L2-support
- show interface linecard asymmetric-routing-topology
- show interface linecard attack-detector
- show interface linecard attack-filter
- show interface linecard cascade connection-status
- show interface linecard cascade peer-sce-information
- show interface linecard cascade redundancy-status
- show interface linecard connection-mode
- show interface linecard counters
- show interface linecard cpa-client
- show interface linecard duplicate-packets-mode
- show interface linecard flow-capture
- show interface linecard flow-open-mode
- show interface linecard ip-tunnel
- show interface linecard ip-tunnel IPinIP
- show interface linecard l2tp
- show interface linecard link mode
- show interface linecard link-to-port-mappings
- show interface linecard mac-mapping
- show interface linecard mac-resolver arp
- show interface linecard mpls
- show interface linecard mpls vpn
- show interface linecard periodic-records aggregation
- show interface linecard physically-connected-links (SCE 2000 only)
- show interface linecard sce-url-database
- show interface linecard sce-url-database protection
- show interface linecard service-bandwidth-prioritization-mode
- show interface linecard shutdown
- show interface linecard silent
- show interface linecard subscriber
- show interface linecard subscriber aging
- show interface linecard subscriber anonymous
- show interface linecard subscriber anonymous-group
- show interface linecard subscriber db counters
- show interface linecard subscriber mapping
- show interface linecard subscriber name
- show interface linecard subscriber name breach-state
- show interface linecard subscriber name bucket-state
- show interface linecard subscriber name bucket-state id
- show interface linecard subscriber properties
- show interface linecard subscriber sm-connection-failure
- show interface linecard subscriber templates
- show interface linecard subscriber tp-mappings statistics
- show interface linecard subscriber tp-ip-range
- show interface linecard subscriber mapping included-in tp-ip-range
- show interface linecard subscriber max-subscribers
- show interface linecard tos-marking
- show interface linecard TpReportCounters
- show interface linecard traffic-counter
- show interface linecard traffic-rule
- show interface linecard vas-traffic-forwarding
- show interface linecard virtual-links
- show interface linecard vlan
- show interface linecard vlan translation
- show interface linecard vpn
- show interface linecard wap
- show interface mng
- show inventory
- show ip access-class
- show ip advertising
- show ip default-gateway
- show ip filter
- show ip radius-client
- show ip route
- show ip rpc-adapter
- show ip ssh
- show line vty
- show log
- show logger device
- show management-agent
- show management-agent sce-api quota
- show party name
- show pqi file
- show pqi last-installed
- show rdr-formatter
- show rdr-formatter connection-status
- show rdr-formatter counters
- show rdr-formatter destination
- show rdr-formatter enabled
- show rdr-formatter forwarding-mode
- show rdr-formatter history-size
- show rdr-formatter protocol NetflowV9 dscp
- show rdr-formatter rdr-mapping
- show rdr-formatter statistics
- show running-config
- show running-config-all
- show running-config-application
- show running-config-party-db
- show scmp
- show snmp
- show snmp community
- show snmp contact
- show snmp enabled
- show snmp host
- show snmp location
- show snmp mib
- show snmp traps
- show sntp
- show startup-config
- show startup-config-all
- show startup-config-application
- show startup-config-party-db
- show system operation-status
- show system-uptime
- show tacacs
- show telnet sessions
- show telnet status
- show timezone
- show users
- show version
- show version all
- show version software
- silent
- snmp-server
- snmp-server community
- snmp-server contact
- snmp-server enable traps
- snmp-server host
- snmp-server interface
- snmp-server location
- sntp broadcast client
- sntp server
- sntp update-interval
- speed
- subscriber aging
- subscriber anonymous-group export csv-file
- subscriber anonymous-group import csv-file
- subscriber anonymous-group name ip-range
- subscriber capacity-options
- subscriber downstream-split-flow-pull
- subscriber export csv-file
- subscriber import csv-file
- subscriber ip-linger-stats
- subscriber ip-linger-time
- subscriber max-subscribers
- subscriber name property
- subscriber sm-connection-failure
- subscriber template export csv-file
- subscriber template import csv-file
- subscriber tp-mappings
- subscriber tp-ip-range name ip-range target-tp
- subscriber tp-ip-range {import | export} csv-file
- tacacs-server host
- tacacs-server key
- tacacs-server timeout
- telnet
- timeout
- tracert
- traffic-counter
- traffic-rule
- tunable value
- unzip
- username
- username privilege
- vas-traffic-forwarding
- vas-traffic-forwarding traffic-link
- vas-traffic-forwarding traffic-link auto-select
- vas-traffic-forwarding vas health-check
- vas-traffic-forwarding vas server-id health-check
- vas-traffic-forwarding vas server-id vlan
- vas-traffic-forwarding vas server-group
- vas-traffic-forwarding vas server-group failure
- vas-traffic-forwarding vas server-id
- virtual-links index direction
- vlan
- vlan translation
- wap
2-29
Cisco SCE 2000 and SCE 1000 CLI Command Reference
OL-26797-03
Chapter 2 CLI Command Reference
attack-filter
attack-filter
Enables specific attack detection for a specified protocol and attack direction. Use the no form of the
command to disable attack detection.
attack-filter protocol (((TCP|UDP) [dest-port destination port ])|ICMP|other|all)
attack-direction attack-direction
no attack-filter protocol (((TCP|UDP) [dest-port destination port ])|ICMP|other|all)
attack-direction attack-direction
Syntax Description
Command Default By default, attack-filter is enabled.
Default protocols = all protocols (no protocol specified)
Default attack direction = all directions
Default destination port = both port-based and port-less
Command Modes LineCard Interface Configuration
Command History This table includes the following release-specific history entries:
Usage Guidelines Specific attack filtering is configured in two steps:
• Enabling specific IP filtering for the particular attack type (using this command).
• Configuring an attack detector for the relevant attack type (using the attack-detector <number>,
page 2-24command). Each attack detector specifies the thresholds that define an attack and the
action to be taken when an attack is detected.
In addition, the user can manually override the configured attack detectors to either force or prevent
attack filtering in a particular situation (using the attack filter force filter | don't-filter command).
By default, specific-IP detection is enabled for all attack types. You can configure specific IP detection
to be enabled or disabled for a specific, defined situation only, depending on the following options:
• For a selected protocol only.
• For TCP and UDP protocols, for only port-based or only port-less detections.
protocol TCP, UDP, IMCP, other
destination port {TCP and UDP protocols only): Defines whether the default attack detector
applies to specific (port-based) or not specific (port-less) detections.
specific, not-specific, both
attack-direction single-side-destination, single-side-both, dual-sided, all
Release Modification
2.5.7 This command was introduced.