Specifications
Table Of Contents
- Cisco SCE 2000 and SCE 1000 CLI Command Reference
- Contents
- About this Guide
- Introduction
- Audience
- Document Revision History
- Organization
- Related Publications
- Conventions
- Obtaining Documentation and Submitting a Service Request
- Introduction
- Authorization and Command Levels (Hierarchy)
- CLI Help Features
- Navigational and Shortcut Features
- Managing Command Output
- Creating a CLI Script
- Introduction
- ?
- aaa accounting commands
- aaa authentication attempts
- aaa authentication enable default
- aaa authentication login default
- accelerate-packet-drops
- access-class
- access-list
- active-port
- application slot replace force completion
- asymmetric-L2-support
- attack-detector default
- attack-detector
- attack-detector
- attack-detector TCP-port-list|UDP-port-list
- attack-filter
- attack-filter dont-filter | force-filter
- attack-filter subscriber-notification ports
- auto-fail-over
- auto-negotiate
- bandwidth
- blink
- boot system
- calendar set
- cd
- clear arp-cache
- clear interface linecard counters
- clear interface linecard flow-filter
- clear interface linecard mac-resolver arp-cache
- clear interface linecard mpls vpn
- clear interface linecard subscriber
- clear interface linecard subscriber db counters
- clear interface linecard TpReportCounters
- clear interface linecard traffic-counter
- clear interface linecard vas-traffic-forwarding vas counters health-check
- clear interface linecard vpn
- clear interface linecard vpn name upstream-mpls all
- clear interface range
- clear logger
- clear management-agent notifications counters
- clear rdr-formatter
- clear scmp name counters
- clock read-calendar
- clock set
- clock summertime
- clock timezone
- clock update-calendar
- configure
- connection-mode (SCE 1000 platform)
- connection-mode (SCE 2000 platform)
- copy
- copy ftp://
- copy-passive
- copy running-config-application startup-config-application
- copy running-config-party-db startup-config-party-db
- copy running-config startup-config
- copy source-file ftp://
- copy source-file startup-config
- copy startup-config destination-file
- copy startup-config-party-db backupfile
- cpa-client destination
- cpa-client retries
- default subscriber template all
- delete
- dir
- disable
- do
- duplex
- enable
- enable password
- end
- erase startup-config-all
- exit
- failure-recovery operation-mode
- flow-capture
- flow-capture controllers
- force failure-condition (SCE 2000 only)
- help
- history
- history size
- hostname
- interface gigabitethernet
- interface linecard
- interface mng
- interface range gigabitethernet
- ip access-class
- ip address
- ip advertising
- ip default-gateway
- ip domain-lookup
- ip domain-name
- ip filter fragment
- ip filter monitor
- ip ftp password
- ip ftp username
- ip host
- ip name-server
- ip radius-client retry limit
- ip route
- ip rpc-adapter
- ip rpc-adapter port
- ip rpc-adaptor security-level
- ip ssh
- ip ssh access-class
- ip ssh key
- ip-tunnel IPinIP DSCP-marking-skip
- ip-tunnel IPinIP skip
- ip-tunnel l2tp skip
- l2tp identify-by
- line vty
- link failure-reflection
- link mode
- link port-enhanced-recovery
- logger add-user-message
- logger device
- logger device user-file-log max-file-size
- logger get support-file
- logger get user-log file-name
- logging facility
- logging host
- logging message-counter
- logging on
- logging rate-limit
- logging trap
- logout
- mac-resolver arp
- management-agent sce-api ignore-cascade-violation
- management-agent sce-api logging
- management-agent sce-api timeout
- management-agent system
- mkdir
- more
- more running-config-all
- more running-config-application
- more running-config-party-db
- more startup-config-all
- more startup-config-application
- more startup-config-party-db
- more user-log
- mpls
- mpls vpn pe-id
- no mpls vpn pe-database
- no subscriber
- no subscriber mappings included-in
- party mapping ip-address name
- party mapping ip-range
- party name
- party template index
- periodic-records aggregate-by-cpu
- ping
- pqi install file
- pqi rollback file
- pqi uninstall file
- pqi upgrade file
- pwd
- queue
- rdr-formatter category number buffer-size
- rdr-formatter category number name
- rdr-formatter destination
- rdr-formatter destination protocol NetflowV9 template data timeout
- rdr-formatter forwarding-mode
- rdr-formatter history-size
- rdr-formatter protocol
- rdr-formatter protocol NetflowV9 dscp
- rdr-formatter rdr-mapping
- reload
- reload shutdown
- rename
- rmdir
- salt
- sce-url-database add-entry
- sce-url-database import
- sce-url-database protection
- sce-url-database remove-all
- scmp
- scmp keepalive-interval
- scmp loss-of-sync-timeout
- scmp name
- scmp reconnect-interval
- scmp subscriber force-single-sce
- scmp subscriber id append-to-guid
- scmp subscriber send-session-start
- script capture
- script print
- script run
- script stop
- service-bandwidth-prioritization-mode
- service password-encryption
- service rdr-formatter
- service telnetd
- service timestamps
- setup
- show access-lists
- show applications slot tunable
- show blink
- show calendar
- show clock
- show failure-recovery operation-mode
- show hostname
- show hosts
- show interface gigabitethernet
- show interface linecard
- show interface linecard accelerate-packet-drops
- show interface linecard application
- show interface linecard asymmetric-L2-support
- show interface linecard asymmetric-routing-topology
- show interface linecard attack-detector
- show interface linecard attack-filter
- show interface linecard cascade connection-status
- show interface linecard cascade peer-sce-information
- show interface linecard cascade redundancy-status
- show interface linecard connection-mode
- show interface linecard counters
- show interface linecard cpa-client
- show interface linecard duplicate-packets-mode
- show interface linecard flow-capture
- show interface linecard flow-open-mode
- show interface linecard ip-tunnel
- show interface linecard ip-tunnel IPinIP
- show interface linecard l2tp
- show interface linecard link mode
- show interface linecard link-to-port-mappings
- show interface linecard mac-mapping
- show interface linecard mac-resolver arp
- show interface linecard mpls
- show interface linecard mpls vpn
- show interface linecard periodic-records aggregation
- show interface linecard physically-connected-links (SCE 2000 only)
- show interface linecard sce-url-database
- show interface linecard sce-url-database protection
- show interface linecard service-bandwidth-prioritization-mode
- show interface linecard shutdown
- show interface linecard silent
- show interface linecard subscriber
- show interface linecard subscriber aging
- show interface linecard subscriber anonymous
- show interface linecard subscriber anonymous-group
- show interface linecard subscriber db counters
- show interface linecard subscriber mapping
- show interface linecard subscriber name
- show interface linecard subscriber name breach-state
- show interface linecard subscriber name bucket-state
- show interface linecard subscriber name bucket-state id
- show interface linecard subscriber properties
- show interface linecard subscriber sm-connection-failure
- show interface linecard subscriber templates
- show interface linecard subscriber tp-mappings statistics
- show interface linecard subscriber tp-ip-range
- show interface linecard subscriber mapping included-in tp-ip-range
- show interface linecard subscriber max-subscribers
- show interface linecard tos-marking
- show interface linecard TpReportCounters
- show interface linecard traffic-counter
- show interface linecard traffic-rule
- show interface linecard vas-traffic-forwarding
- show interface linecard virtual-links
- show interface linecard vlan
- show interface linecard vlan translation
- show interface linecard vpn
- show interface linecard wap
- show interface mng
- show inventory
- show ip access-class
- show ip advertising
- show ip default-gateway
- show ip filter
- show ip radius-client
- show ip route
- show ip rpc-adapter
- show ip ssh
- show line vty
- show log
- show logger device
- show management-agent
- show management-agent sce-api quota
- show party name
- show pqi file
- show pqi last-installed
- show rdr-formatter
- show rdr-formatter connection-status
- show rdr-formatter counters
- show rdr-formatter destination
- show rdr-formatter enabled
- show rdr-formatter forwarding-mode
- show rdr-formatter history-size
- show rdr-formatter protocol NetflowV9 dscp
- show rdr-formatter rdr-mapping
- show rdr-formatter statistics
- show running-config
- show running-config-all
- show running-config-application
- show running-config-party-db
- show scmp
- show snmp
- show snmp community
- show snmp contact
- show snmp enabled
- show snmp host
- show snmp location
- show snmp mib
- show snmp traps
- show sntp
- show startup-config
- show startup-config-all
- show startup-config-application
- show startup-config-party-db
- show system operation-status
- show system-uptime
- show tacacs
- show telnet sessions
- show telnet status
- show timezone
- show users
- show version
- show version all
- show version software
- silent
- snmp-server
- snmp-server community
- snmp-server contact
- snmp-server enable traps
- snmp-server host
- snmp-server interface
- snmp-server location
- sntp broadcast client
- sntp server
- sntp update-interval
- speed
- subscriber aging
- subscriber anonymous-group export csv-file
- subscriber anonymous-group import csv-file
- subscriber anonymous-group name ip-range
- subscriber capacity-options
- subscriber downstream-split-flow-pull
- subscriber export csv-file
- subscriber import csv-file
- subscriber ip-linger-stats
- subscriber ip-linger-time
- subscriber max-subscribers
- subscriber name property
- subscriber sm-connection-failure
- subscriber template export csv-file
- subscriber template import csv-file
- subscriber tp-mappings
- subscriber tp-ip-range name ip-range target-tp
- subscriber tp-ip-range {import | export} csv-file
- tacacs-server host
- tacacs-server key
- tacacs-server timeout
- telnet
- timeout
- tracert
- traffic-counter
- traffic-rule
- tunable value
- unzip
- username
- username privilege
- vas-traffic-forwarding
- vas-traffic-forwarding traffic-link
- vas-traffic-forwarding traffic-link auto-select
- vas-traffic-forwarding vas health-check
- vas-traffic-forwarding vas server-id health-check
- vas-traffic-forwarding vas server-id vlan
- vas-traffic-forwarding vas server-group
- vas-traffic-forwarding vas server-group failure
- vas-traffic-forwarding vas server-id
- virtual-links index direction
- vlan
- vlan translation
- wap
2-30
Cisco SCE 2000 and SCE 1000 CLI Command Reference
OL-26797-03
Chapter 2 CLI Command Reference
attack-filter
• For a selected attack direction, either for all protocols or for a selected protocol.
If the selected protocol is either TCP or UDP, specify whether the destination port is specific
(port-based), not specific (port-less), or both. If the destination port or ports are specific, the specific
destination ports are configured using the attack-detector TCP-port-list|UDP-port-list,
page 2-27command.
Authorization: admin
Examples The following examples illustrate the use of this command.
EXAMPLE 1
The following example shows how to enable specific, dual-sided attack detection for TCP protocol only.
SCE>enable 10
Password:<cisco>
SCE#config
SCE(config)#interface LineCard 0
SCE(config if)#attack-filter protocol TCP dest-port specific attack-direction dual-sided
SCE(config if)#
EXAMPLE 2
The following example shows how to enable single-sided attack detection for ICMP protocol only.
SCE>enable 10
Password:<cisco>
SCE#config
SCE(config)#interface LineCard 0
SCE(config if)# attack-filter protocol ICMP attack-direction single-side-source
SCE(config if)#
EXAMPLE 3
The following example disables attack detection for all non TCP, UDP, or ICMP protocols.
SCE>enable 10
Password:<cisco>
SCE#config
SCE(config)#interface LineCard 0
SCE(config if)#no attack-filter protocol other attack-direction all
SCE(config if)#
Related Commands Command Description
attack-detector
TCP-port-list|UDP-port-list
Defines the list of destination ports for specific port detections
for TCP or UDP protocols.
attack-detector <number> Configures a specific attack detector for a particular attack type
(protocol/attack direction/side) with the assigned number.
show interface LineCard
attack-filter
Displays the attack filtering configuration.