SROS Command Line Interface Reference Guide Software Version J.02.
© Copyright 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of Hewlett-Packard.
SROS Command Line Interface Reference Guide Table of Contents Basic Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Enable Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Global Configuration Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 DHCP Pool Command Set . . . . . . . . . . . . . . . . . . .
Command Reference Guide CLI Introduction REFERENCE GUIDE INTRODUCTION This manual provides information about the commands that are available with all of the ProCurve Secure routers. If you are new to the Operating System’s Command Line Interface (CLI), take a few moments to review the information provided in the section which follows (CLI Introduction).
Command Reference Guide Understanding Configuration Modes Level Access by... Prompt Enable entering enable while in the # Basic command security level as follows: • • • >enable Note With this level you can... manage the startup and running configurations use the debug commands enter any of the configuration modes To prevent unauthorized users from accessing the configuration functions of your product, immediately install an Enable-level password.
Command Reference Guide Using CLI Shortcuts Mode Access by... Sample Prompt With this mode you can... Router entering router rip router or router ospf while at the Global Configuration Mode prompt. For example: (config-rip)# • • • >enable #config term (config)#router rip Interface specifying an interface (T1, Ethernet, Frame Relay, ppp, etc.) while in the Global Configuration Mode.
Command Reference Guide Performing Common CLI Functions Shortcut Description + A Jump to the beginning of the displayed command line. This shortcut is helpful when using the no form of commands (when available). For example, pressing at the following prompt will place the cursor directly after the #: (config-eth 0/1)#ip address 192.33.55.6 + E Jump to the end of the displayed command line.
Command Reference Guide Understanding CLI Error Messages Command Description debug Use the debug command to troubleshoot problems you may be experiencing on your network. These commands provide additional information to help you better interpret possible problems. For information on specific debug commands, refer to the section Enable Mode Command Set on page 20. undebug all To turn off any active debug commands, enter this command.
Command Reference Guide Command Descriptions COMMAND DESCRIPTIONS This portion of the guide provides a detailed listing of all available commands for the CLI (organized by command set). Each command listing contains pertinent information including the default value, a description of all sub-command parameters, functional notes for using the command, and a brief technology review. To search for a particular command alphabetically, use the Index.
SROS Command Line Interface Reference Guide Basic Mode Command Set BASIC MODE COMMAND SET To activate the Basic Mode, simply log in to the unit. After connecting the unit to a VT100 terminal (or terminal emulator) and activating a terminal session, the following prompt displays: Router> The following command is common to multiple command sets and is covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide Basic Mode Command Set enable Use the enable command (at the Basic Command Mode prompt) to enter the Enable Command Mode. Use the disable command to exit the Enable Command Mode. See the section enable on page 11 for more information. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Basic Mode Command Set logout Use the logout command to terminate the current session and return to the login screen. Syntax Description No subcommands. Default Values No defaults necessary for this command. Command Modes > or # Basic or Enable Command Mode Usage Examples The following example shows the logout command being executed in the Basic Mode: >logout Session now available Press RETURN to get started.
SROS Command Line Interface Reference Guide Basic Mode Command Set ping
Use the ping command (at the Basic Command Mode prompt) to verify IP network connectivity. Syntax Description Optional. Specifies the IP address of the system to ping. Entering the ping command with no specified address prompts the user with parameters for a more detailed ping configuration. See Functional Notes (below) for more information. Default Values No default value necessary for this command.SROS Command Line Interface Reference Guide Basic Mode Command Set Size (in bytes) of the ping packet (valid range: 1 to 1448). Timeout in Seconds: If a ping response is not received within the timeout period, the ping is considered unsuccessful (valid range: 1 to 5 seconds). Extended Commands: Specifies whether additional commands are desired for more ping configuration parameters. Source Address (or interface): Specifies the IP address to use as the source address in the ECHO_REQ packets.
SROS Command Line Interface Reference Guide Basic Mode Command Set show clock Use the show clock command to display the system time and date entered using the clock set command. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Basic Mode Command Set show snmp Use the show snmp command to display the system Simple Network Management Protocol (SNMP) parameters and current status of SNMP communications. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Basic Mode Command Set show version Use the show version command to display the current Secure Router OS version information. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes > or # Basic or Enable Command Mode Usage Examples The following is a sample show version output: >show version ProCurve Secure Router 7203dl SROS Version: J02.01.
SROS Command Line Interface Reference Guide Basic Mode Command Set telnet
Use the telnet command to open a Telnet session (through the Secure Router OS) to another system on the network. Syntax Description Specifies the IP address of the remote system. Default Values No default value necessary for this command. Command Modes > or # Basic or Enable Command Mode Usage Examples The following example opens a Telnet session with a remote system (10.200.4.15): >telnet 10.200.4.SROS Command Line Interface Reference Guide Basic Mode Command Set traceroute
Use the traceroute command to display the IP routes a packet takes to reach the specified destination. Syntax Description Specifies the IP address of the remote system to trace the routes to Default Values No default value necessary for this command. Command Modes > or # Basic or Enable Command Mode Usage Examples The following example performs a traceroute on the IP address 192.168.0.1: #traceroute 192.SROS Command Line Interface Reference Guide Enable Mode Command Set ENABLE MODE COMMAND SET To activate the Enable Mode, enter the enable command at the Basic Mode prompt. (If an enable password has been configured, a password prompt will display.) For example: Router>enable Password: XXXXXXX Router# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide Enable Mode Command Set terminal length on page 195 traceroute on page 196 undebug all on page 197 wall on page 198 write [erase | memory | network | terminal] on page 199 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear access-list Use the clear access-list command to clear all counters associated with all access lists (or a specified access list). Syntax Description Optional. Specifies the name (label) of an access list Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear arp-cache Use the clear arp-cache command to remove all dynamic entries from the Address Resolution Protocol (ARP) cache table. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear arp-entry
Use the clear arp-entry command to remove a single entry from the Address Resolution Protocol (ARP) cache. Syntax Description Specifies the IP address of the entry to remove Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following example removes the entry for 10.200.4.56 from the ARP cache: >enable #clear arp-entry 10.200.4.SROS Command Line Interface Reference Guide Enable Mode Command Set clear bridge Use the clear bridge command to clear all counters associated with bridging (or for a specified bridge-group). Syntax Description Optional. Specifies a single bridge group (1-255). Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear buffers max-used Use the clear buffers max-used command to clear the maximum-used statistics for buffers displayed in the show memory heap command. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples >enable #clear buffers max-used 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear counters Use the clear counters command to clear all interface counters (or the counters for a specified interface). Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following example clears all counters associated with the Ethernet 0/1 interface: >enable #clear counters ethernet 0/1 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear crypto ike sa Use the clear crypto ike sa command to clear existing IKE security associations (SAs), including active ones. Syntax Description Optional. Clear out all existing IKE SAs associated with the designated policy priority. This number is assigned using the crypto ike policy command. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear crypto ipsec sa Use the clear crypto ipsec sa command to clear existing IPSec security associations (SAs), including active ones.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear dump-core The clear dump-core command clears diagnostic information appended to the output of the show version command. This information results from an unexpected unit reboot. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear event-history Use the clear event-history command to clear all messages logged to the local event-history. Warning Messages cleared from the local event-history (using the clear event-history command) are no longer accessible. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear ip bgp [* | | ] [in | out | soft] Use the clear ip bgp command to clear BGP neighbors as specified. Syntax Description * Clears all BGP neighbors. Clears all BGP neighbors with the specified AS number. Range is 1 to 65,535. Clears the BGP neighbor with the specified IP address. in Causes a “soft” reset inbound with a neighbor, reprocessing routes advertised by that neighbor.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear ip igmp group [ | ] Use the clear ip igmp group command to clear entries from the Internet Group Management Protocol (IGMP) tables. If no address or interface is specified, all non-static IGMP groups are cleared with this command. Syntax Description Optional. Specifies the multicast IP address of the multicast group. Optional.
SROS Command Line Interface Reference Guide Enable Mode Command Set 00:02:46 172.23.23.1 #clear ip igmp group #show ip igmp groups IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter This version of the command clears all dynamic groups that have the specified output interface (Ethernet 0/1): #clear ip igmp group ethernet 0/1 This version of the command clears the specified group on all interfaces where it is dynamically registered: #clear ip igmp group 172.1.1.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear ip policy-sessions Use the clear ip policy-sessions command to clear policy class sessions. You may clear all the sessions or a specific session. Refer to the show ip policy-sessions for a current session listing.
SROS Command Line Interface Reference Guide Enable Mode Command Set Usage Examples The following example clears the Telnet association (TCP port 23) for policy class "pclass1" with source IP address 192.22.71.50 and destination 192.22.71.130: >enable #clear ip policy-sessions pclass1 tcp 192.22.71.50 23 192.22.71.130 23 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear ip policy-stats entry Use the clear ip policy-stats command to clear statistical counters for policy classes Syntax Description Optional. Specifies the policy class to clear. If no policy class is specified, statistics are cleared for all policies. entry Optional. Use this optional keyword to clear statistics of a specific policy class entry Optional.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear ip prefix-list Use the clear ip prefix-list command to clear the IP prefix list hit count shown in the show ip prefix-list detail output. Syntax Description Specifies of the IP prefix list to clear. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear ip route Use the clear ip route command to remove all learned routes from the IP route table. Static and connected routes are not cleared by this command. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear lldp counters Use the clear lldp counters command to reset all LLDP packet counters to 0 on all interfaces. Syntax Description No subcommands. Default Values There are no default settings for this command. Command Modes # Enable Command Mode Usage Examples The following example resets all LLDP counters: >enable #clear lldp counters 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear lldp counters interface Use the clear lldp counters interface command to reset all LLDP packet counters to 0 for a specified interface. Syntax Description Clears the information for the specified interface. Type clear lldp counters interface ? for a complete list of applicable interfaces. Default Values No default values are necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear lldp neighbors Use the clear lldp neighbors command to remove all neighbors from this unit’s database. As new LLDP packets are received, the database will contain information about neighbors included in those frames. Syntax Description No subcommands. Default Values There are no default settings for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear pppoe Use the clear pppoe command to terminate the current PPPoE client session and cause the Secure Router OS to try and re-establish the session. Syntax Description PPP interface number. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear process cpu max Use the clear process cpu max command to clear the maximum CPU usage statistic which is visible in the show process cpu command. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear qos map Use the clear qos map command to clear the statistics for all defined QoS maps or to view detailed information for maps meeting user-configured specifications. Variations of this command include the following: clear qos map
SROS Command Line Interface Reference Guide Enable Mode Command Set clear spanning-tree counters [interface ] The clear spanning-tree counters command clears the following counts: BPDU transmit, BPDU receive, and number of transitions to forwarding state. Syntax Description interface Optional. Specifies a single interface. Enter clear spanning-tree counters ? for a complete list of interfaces. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clear spanning-tree detected-protocols [interface ethernet ] Use the clear spanning-tree detected-protocols command to restart the protocol migration process. Syntax Description interface Optional. Choose the ethernet interface. Optional. Enter a valid interface ID (e.g., 0/1 for Ethernet 0/1). Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set clock auto-correct-dst The clock auto-correct-dst command allows the automatic one-hour correction for Daylight Saving Time (DST). Use the clock no-auto-correct-dst command to disable this feature. Syntax Description No subcommands. Default Values By default this command is enabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set clock no-auto-correct-dst The clock no-auto-correct-dst command allows you to override the automatic one-hour correction for Daylight Saving Time (DST). Syntax Description No subcommands. Default Values No default value is necessary for this command. Command Modes # Enable mode Functional Notes Many time zones include an automatic one-hour correction for daylight saving time at the appropriate time.
SROS Command Line Interface Reference Guide Enable Mode Command Set clock set
SROS Command Line Interface Reference Guide Enable Mode Command Set clock timezone The clock timezone command sets the unit’s internal clock to the timezone of your choice. This setting is based on the difference in time (in hours) between Greenwich Mean Time (GMT) or Central Standard Time (CST) and the timezone for which you are setting up the unit. Use the no form of this command to disable this feature.
SROS Command Line Interface Reference Guide Enable Mode Command Set Functional Notes The following list shows sample cities and their timezone codes.
SROS Command Line Interface Reference Guide Enable Mode Command Set configure Use the configure command to enter the Global Configuration Mode or to configure the system from memory. See Global Configuration Mode Command Set on page 200 for more information. Syntax Description terminal Enter the Global Configuration Mode. memory Configure the active system with the commands located in the default configuration file stored in NVRAM. network Configure the system from a TFTP network host.
SROS Command Line Interface Reference Guide Enable Mode Command Set copy Use the copy command to copy any file from a specified source to a specified destination. Syntax Description Specifies the current location of the file. Valid sources include: running-config (current running configuration file), startup-config (configuration file located in NVRAM), or a filename (located in FLASH memory). Specifies the destination of the copied file.
SROS Command Line Interface Reference Guide Enable Mode Command Set copy console Use the copy console command to copy the console’s input to a text file. To end copying to the text file, type . The file will be saved in the SROS root directory. Syntax Description Specify destination file for console input. Default Values No default is necessary for this command. Command Modes # Enable Command Mode Functional Notes The copy console command works much like a line editor.
SROS Command Line Interface Reference Guide Enable Mode Command Set copy flash Use the copy flash command to copy a file located in flash memory to a specified destination. Syntax Description Specifies the destination of the copied file. Valid destinations include tftp and xmodem. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set copy interface Use the copy interface command to copy a file to a specified interface. Syntax Description Specify file name of source file. Specify interface to be upgraded. Specify slot and port number of interface Default Values No default is necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set copy tftp Use the copy tftp command to copy a file located on a network Trivial File Transfer Protocol (TFTP) server to a specified destination. Syntax Description Specifies the destination of the file copied from the TFTP server. Valid destinations include: flash (FLASH memory), startup-config (the configuration file stored in NVRAM), or running-config (the current running configuration file).
SROS Command Line Interface Reference Guide Enable Mode Command Set copy xmodem Use the copy xmodem command to copy a file (using the XMODEM protocol) to a specified destination. XMODEM capability is provided in terminal emulation software such as HyperTerminal™. Syntax Description Specifies the destination of the copied file.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug aaa Use the debug aaa command to activate debug messages associated with authentication from the AAA subsystem. Debug messages are displayed (real-time) on the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands. Default Values By default, all debug messages in the SROS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug access-list Use the debug access-list command to activate debug messages (for a specified list) associated with access list operation. Debug messages are displayed (real-time) on the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description Specifies a configured access list Default Values By default, all debug messages in the SROS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug atm events Use the debug atm events command to display events on all ATM ports and all virtual circuits. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable debug messages. Syntax Description No subcommands. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug atm oam loopback [end-to-end | segment] Use the debug atm oam command to display Operation, Administration, and Maintenance (OAM) packets for a ATM virtual circuit descriptor (VCD). Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable debug messages.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug atm packet [interface atm | vc] < ATM port | VPI/VCI> vcd Use the debug atm packet command to activate debug messages associated with packets on ATM ports and virtual circuits. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Variations of this command include the following: debug atm packet .
SROS Command Line Interface Reference Guide Enable Mode Command Set debug bridge Use the debug bridge command to display messages associated with bridge events. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable debug messages. Syntax Description No subcommands. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug crypto [ike | ike negotiation | ike client authentication | ike client configuration | ipsec | pki] Use the debug crypto command to activate debug messages associated with IKE and IPSec functions. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description ike Displays all IKE debug messages.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug backup Use the debug backup command to activate debug messages associated with backup operation. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug dialup-interfaces Use the debug dialup-interfaces command to generate debug messages used to aid in troubleshooting problems with all dialup interfaces such as the modem or the BRI cards. Use the no version of this command to disable it. Syntax Description No subcommands. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug dynamic-dns [verbose] Use the debug dynamic-dns command to display debug messages associated with dynamic DNS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description verbose Turns on verbose messaging. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug firewall Use the debug firewall command to activate debug messages associated with the Secure Router OS firewall operation. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug frame-relay [events | llc2 | lmi] Use the debug frame-relay command to activate debug messages associated with the Frame Relay operation. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug frame-relay multilink Use the debug frame-relay multilink command to activate debug messages associated with Frame Relay multilink operation. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description Optional. Activates debug messages for the specified interface.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug hdlc [errors | verbose] Use the debug hdlc command to activate debug messages associated with the HDLC interface. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description errors verbose Enables protocol error and statistic messages. Enables detailed debug messages.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug interface < interface > Use the debug interface command to activate debug messages associated with the specified interface. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description < interface > Activates debug messages for the specified interface. Type debug interface ? for a complete list of applicable interfaces.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug interface adsl events Use the debug interface adsl events command to activate debug messages associated with ADSL events. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ip bgp [events | in | out | keepalives | updates] Use the debug ip bgp command to activate debug messages associated with IP BGP. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description events Displays significant BGP events such as a neighbor state change.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ip dhcp-client Use the debug ip dhcp-client command to activate debug messages associated with DHCP client operation in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ip dhcp-server Use the debug ip dhcp-server command to activate debug messages associated with DHCP server operation in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ip dns-client Use the debug ip dns-client command to activate debug messages associated with DNS (domain naming system) client operation in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ip dns-proxy Use the debug ip dns-proxy command to activate debug messages associated with DNS (domain naming system) proxy operation in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ip icmp [send | recv] Use the debug ip icmp command to show all ICMP messages as they come into the router or are originated by the router. If an optional keyword (send or recv) is not used, all results are displayed. Use the no form of this command to disable the debug messages. Syntax Description send Optional keyword which allows you to only display ICMP messages sent by the router.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ip igmp Use the debug ip igmp command to enable debug messages for IGMP transactions (including helper activity). Syntax Description Optional. IP address of a multicast group. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following example enables IGMP debug messages for the specified multicast group: >enable #debug ip igmp 224.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ip ospf Use the debug ip ospf command to activate debug messages associated with OSPF routing operations. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ip rip [events] Use the debug ip rip command to activate debug messages associated with Routing Information Protocol (RIP) operation in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description events Optional. Use this optional keyword to display only RIP protocol events.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ip tcp events Use the debug ip tcp events command to activate debug messages associated with significant TCP events such as state changes, retransmissions, session aborts, etc., in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Note These debug events are logged for packets that are sent or received from the router.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ip tcp md5 Use the debug ip tcp md5 command to activate debug messages that detail the results of each incoming TCP packet’s MD5 authentication with an internal route in the Secure Router OS. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this command to disable debug messages. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ip udp Use the debug ip udp command to activate debug messages associated with UDP send and receive events in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Note These debug events are logged for packets that are sent or received from the router. Forwarded UDP packets are not included.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug isdn events Use the debug isdn events command to activate debug messages associated with ISDN events in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug lldp [rx | tx] verbose Use the debug lldp command to display debug output for all LLDP receive and transmit packets. Syntax Description rx Shows information about received packets. tx Shows information about transmitted packets. verbose Shows detailed debugging information. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug port-auth [general | packet [both | rx | tx] | supp-sm] Use the debug port-auth command to generate debug messages used to aid in troubleshooting problems during the port authentication process. Use the no version of this command to disable the messages. Syntax Description general Optional. Displays configuration changes to the port authentication system. packet Optional.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug ppp [authentication | errors | negotiation | verbose] Use the debug ppp command to activate debug messages associated with point-to-point protocol (PPP) operation in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug pppoe client Use the debug pppoe client command to activate debug messages associated with point-to-point protocol over Ethernet (PPPoE) operation in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug radius Use the debug radius command to enable debug messages from the RADIUS subsystem. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug sntp Use the debug sntp command to enable debug messages associated with the Simple Network Time Protocol (SNTP). All SNTP Packet Exchanges and time decisions are displayed with these debugging events enabled. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug spanning-tree [config | events | general | root] Use the debug spanning-tree command to enable the display of spanning-tree debug messages. Syntax Description config Enables the display of spanning-tree debug messages when configuration changes occur. events Enables the display of debug messages when spanning-tree protocol events occur. general Enables the display of general spanning-tree debug messages.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug spanning-tree bpdu [receive | transmit | all] Use the debug spanning-tree bpdu command to display BPDU (bridge protocol data unit) debug messages. When enabled, a debug message is displayed for each BPDU packet that is transmitted or received by the unit. Syntax Description receive Displays debug messages for BPDU packets received by the unit. transmit Displays debug messages for BPDU packets transmitted by the unit.
SROS Command Line Interface Reference Guide Enable Mode Command Set debug system Use the debug system command to enable debug messages associated with system events (i.e., login, logouts, etc.). Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Syntax Description No subcommands. Default Values By default, all debug messages in the Secure Router OS are disabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set dir Use the dir command to display a directory list of files on the system. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following is sample output from the dir command: >enable #dir 4206603 HP7203A-08-00-23b-HP1-E.biz 3818 startup-config 3850 startup-config.bak 284007 HP7203B-boot-08-01-01-HP.biz 4234845 HP7203A-08-01-01-HP-E.
SROS Command Line Interface Reference Guide Enable Mode Command Set disable Use the disable command to exit the Enable Command Mode and enter the Basic Command Mode. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following example exits the Enable Command Mode and enters the Basic Command Mode: #disable > 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set erase [ | startup-config] Use the erase command to erase the specified file. Syntax Description Specifies the name of the file (located in FLASH memory) to erase. startup-config Erases the startup configuration file stored in NVRAM. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set events Use the events command to enable event reporting to the current CLI session. Use the no form of this command to disable all event reporting to the current CLI session. Syntax Description No subcommands. Default Values By default, this command is enabled.
SROS Command Line Interface Reference Guide Enable Mode Command Set logout Use the logout command to terminate the current session and return to the login screen. Syntax Description No subcommands. Default Values No defaults necessary for this command. Command Modes > or # Basic or Enable Command Mode Usage Examples The following example shows the logout command being executed in Enable Mode: #logout Session now available Press RETURN to get started.
SROS Command Line Interface Reference Guide Enable Mode Command Set reload [cancel | in ] Use the reload command to preform a manual reload of the Secure Router OS. Caution Performing a reload disrupts data traffic. Syntax Description cancel Optional. Use the cancel keyword to deactivate a pending reload command. in Optional. Use the in keyword to specify a delay period the Secure Router OS will wait before reloading.
SROS Command Line Interface Reference Guide Enable Mode Command Set show access-lists Use the show access-lists command to display all configured access lists in the system (or a specific list). Syntax Description Optional. Specify a particular access list to display. Default Values No default value necessary for this command. Command Modes # Enable Mode Functional Notes The show access-lists command displays all configured access-lists in the system.
SROS Command Line Interface Reference Guide Enable Mode Command Set show arp Use the show arp command to display the Address Resolution Protocol (ARP) table. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following is a sample output of the show arp command: >enable #show arp ADDRESS TTL (min) MAC ADDRESS INTERFACE 10.15.225.
SROS Command Line Interface Reference Guide Enable Mode Command Set show atm [pvc | traffic] interface atm Use the show atm command to display information specific to the ATM interface. Variations of this command include the following: show atm pvc show atm [pvc | traffic] interfaces atm Syntax Description pvc traffic Shows ATM PVC information. Shows ATM traffic information.
SROS Command Line Interface Reference Guide Enable Mode Command Set show bridge [ethernet | frame-relay | ppp | vlan] Use the show bridge command to display a list of all configured bridge groups (including individual members of each group). Enter an interface or a bridge number to display the corresponding list. Syntax Description ethernet Optional. Display all bridge groups associated with the Ethernet interface. frame-relay Optional.
SROS Command Line Interface Reference Guide Enable Mode Command Set show buffers Use the show buffers command to display the statistics for the buffer pools on the network server. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes > or # Basic or Enable Command Mode Usage Examples The following is a sample output from the show buffers command: #show buffers Buffer handles: 119 of 2000 used. Pool Size Total Used Available Max.
SROS Command Line Interface Reference Guide Enable Mode Command Set show buffers users Use the show buffers users command to display a list of the top users of packet buffers. Typically, this command will only be used as a debug tool. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show cflash Use the show cflash command to display a list of all files currently stored in CompactFlash® memory. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following is a sample show flash output: >enable #show cflash (dir) 0 SystemDefaultPrompts (dir) 0 VoiceMail (dir) 0 UserPrompts 4043024 J01_01_03.
SROS Command Line Interface Reference Guide Enable Mode Command Set show clock [detail] Use the show clock command to display the system time and date entered using the clock set command. See clock set
SROS Command Line Interface Reference Guide Enable Mode Command Set show configuration Use the show configuration command to display a text printout of the startup configuration file stored in NVRAM. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set shutdown ! interface dds 1/1 shutdown ! interface bri 1/2 shutdown ! ! ip access-list standard Outbound permit host 10.3.50.6 permit 10.200.5.0 0.0.0.255 ! ! ip access-list extended UnTrusted deny icmp 10.5.60.0 0.0.0.
SROS Command Line Interface Reference Guide Enable Mode Command Set show connections Use the show connections command to display information (including TDM group assignments) for all active connections. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following is sample output from the show connections command: >enable #show connections Displaying all connections....
SROS Command Line Interface Reference Guide Enable Mode Command Set show crypto ca [certificates | crls | profiles] Use the show crypto ca command to display information regarding certificates and profiles. Syntax Description certificates Displays information on all certificates. crls Displays a summary of all certificate revocation lists (CRLs) for each CA. profiles Displays information on all configured CA profiles. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show crypto ike Use the show crypto ike command to display information regarding the IKE configuration.
SROS Command Line Interface Reference Guide Enable Mode Command Set Usage Examples The following is a sample from the show crypto ike policy command: >enable #show crypto ike policy Crypto IKE Policy 100 Main mode Using System Local ID Address Peers: 63.105.15.129 initiate main respond anymode Attributes: 10 Encryption: 3DES Hash: SHA Authentication: Pre-share Group: 1 Lifetime: 900 seconds 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set show crypto ipsec Use the show crypto ipsec command to display information regarding the IPSec configuration. Variations of this command include the following: show crypto ipsec sa show crypto ipsec sa address show crypto ipsec sa map show crypto ipsec transform-set show crypto ipsec transform-set Syntax Description sa Displays all IPSec security associations.
SROS Command Line Interface Reference Guide Enable Mode Command Set show crypto map Use the show crypto map command to display information regarding crypto map settings.
SROS Command Line Interface Reference Guide Enable Mode Command Set show debugging Use the show debugging command to display a list of all activated debug message categories. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show backup interfaces Use the show backup interfaces command to display all configured backup interfaces and the associated parameters for each. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show dialin interfaces Use the show dialin interfaces command to display information regarding remote console dialin. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following is sample output from the show dialin interfaces command: >enable #show dialin interfaces Dialin interfaces...
SROS Command Line Interface Reference Guide Enable Mode Command Set show dynamic-dns Use the show dynamic-dns command to show information related to the dynamic DNS configuration. Syntax Description No subcommands. Default Values No default is necessary for this command. Command Modes # Enable Command Mode Usage Examples The following is sample output from this command: #show dynamic-dns eth 0/1: Hostname: host Is Updated: no Last Registered IP: 10.15.221.
SROS Command Line Interface Reference Guide Enable Mode Command Set show event-history Use the show event-history command to display all entries in the current local event-history log. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The event history provides useful information regarding the status of the system and individual port states.
SROS Command Line Interface Reference Guide Enable Mode Command Set show flash Use the show flash command to display a list of all files currently stored in FLASH memory. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following is a sample show flash output: >enable #show flash Files: 245669 010100boot.biz 1141553 new.biz 821 startup-config 1638 startup-config.old 1175679 020016.
SROS Command Line Interface Reference Guide Enable Mode Command Set show frame-relay Use the show frame-relay command to display configuration and status parameters for configured virtual Frame Relay interfaces.
SROS Command Line Interface Reference Guide Enable Mode Command Set Usage Examples local Active Inactive Deleted Static 2 0 0 2 DLCI = 16 DLCI USAGE = LOCAL PVC STATUS = ACTIVE INTERFACE = FR 1.16 MTU: 1500 input pkts: 355 output pkts: 529 in bytes: 23013 out bytes: 115399 dropped pkts: 13 in FECN pkts: 0 in BECN pkts: 0 in DE pkts: 0 out DE pkts: 0 pvc create time: 00:00:00:12 last time pvc status changed: 00:00:13:18 DLCI = 20 DLCI USAGE = LOCAL PVC STATUS = ACTIVE INTERFACE = FR 1.
SROS Command Line Interface Reference Guide Enable Mode Command Set show frame-relay fragment [frame-relay ] Use the show frame-relay fragment command to display FRF.12 statistics for Frame Relay sublinks enabling FRF.12 fragmentation. Syntax Description frame-relay Displays detailed FRF.12 statistics for the specified frame-relay sublink (if FRF.12 is enabled on that sublink). Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set Usage Examples >enable #show frame-relay fragment frame-relay 1.1 DLCI = 17 FRAGMENT SIZE = 100 rx frag. pkts 46 rx frag. bytes 4598 rx non-frag. pkts tx frag. pkts tx frag. bytes 4724 18 tx non-frag. pkts rx non-frag. bytes 1228 rx assembled pkts 23 rx assembled bytes 5478 dropped reassembling pkts tx non-frag.
SROS Command Line Interface Reference Guide Enable Mode Command Set show frame-relay multilink detailed Use the show frame-relay multilink command to display information associated with the Frame Relay multilink interface. Syntax Description detailed Optional. Specifies the display of information for a specific interface. Enter the show frame-relay multilink ? command for a complete list of interfaces. Optional. Use this optional keyword to display more detailed information.
SROS Command Line Interface Reference Guide Enable Mode Command Set show hosts Use the show hosts command to display information such as the domain name, name lookup service, a list of name server hosts, and the cached list of host names and addresses on the network to which you can connect. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show interfaces Use the show interfaces command to display configuration parameters and current statistics for all interfaces (or a specified interface). Syntax Description Optional. Specific interface to display. Type show interfaces ? for a complete list of valid interfaces. performance-statistics Optional. Displays the current 15-minute interval, the current 24-hour totals, and all 96 stored intervals.
SROS Command Line Interface Reference Guide Enable Mode Command Set T1 coding is B8ZS framing is ESF Clock source is line FDL type is ANSI Line build-out is 0dB No remote loopbacks No network loopbacks DS0 Status: 123456789012345678901234 NNNNNNNNNNNNNNNNNNNNNNNN Line Status: -- No Alarms -Current Performance Statistics: 0 Errored Seconds 0 Bursty Errored Seconds 0 Severely Errored Seconds 0 Severely Errored Frame Seconds 0 Unavailable Seconds 0 Path Code Violations 0 Line Code Violations 0 Controlled Sli
SROS Command Line Interface Reference Guide Enable Mode Command Set 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 frame 0 abort 0 ignored 0 overruns 81 packets output 11496 bytes 0 underruns 0 input clock glitches 0 output clock glitches 0 carrier lost 0 cts lost #show interfaces fr 1 TDM group 10 line protocol is UP Encapsulation FRAME-RELAY (fr 1) 463 packets input 25488 bytes 0 no buffer 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 frame 0 abort 0 ignored 0 overruns 864 packets output 2399
SROS Command Line Interface Reference Guide Enable Mode Command Set show interfaces adsl information [atuc | atur | bit-allocation] Use the show interfaces adsl command to display information related to the ADSL port. Syntax Description Enter interface slot and port number. atuc Show ADSL interface remote information. atur Show ADSL local information. bit-allocation Show ADSL DMT bit-allocation table. Default Values No default is necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show interfaces shdsl Use the show interfaces shdsl command to display configuration parameters and current statistics for the SHDSL interfaces (or a specified interface).
SROS Command Line Interface Reference Guide Enable Mode Command Set Functional Notes The following is a list of output messages from the show interfaces shdsl command: Equipment Type Shows whether the unit is operating in CPE (NT) mode or CO (LT) mode. Line Rate Shows the current line rate. The line rate is the data rate + 8 kbps. Therefore, a rate of 2056 kbps implies an actual data rate of 2048 kbps. Alarms Shows the current alarm conditions.
SROS Command Line Interface Reference Guide Enable Mode Command Set Functional Notes Loop Attenuation Shows the current, minimum, and maximum loop attenuation of the line. These may be cleared using the clear counters shdsl command. Performance Stats Shows current interval line statistics. These statistics may be cleared through the use of the clear counters shdsl command, but the number of elapsed seconds will continue running and accumulating time.
SROS Command Line Interface Reference Guide Enable Mode Command Set Technology Review A network loopback loops data toward the network (away from the unit). A customer loopback loops data toward the router. The router does not instigate customer-side loopbacks, only network loopbacks (remote or local). The reason for this is that the customer interface is internal to the router. There is little use for looping back router data on itself.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip access-lists Use the show ip access-lists command to display all configured IP access lists in the system. Syntax Description Optional. Specify a particular access list to display. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Functional Notes The show ip access-lists command displays all configured IP access-lists in the system.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip arp Use the show ip arp command to display the Address Resolution Protocol (ARP) table. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following is a sample output of the show ip arp command: >enable #show ip arp ADDRESS TTL (min) MAC ADDRESS INTERFACE 10.15.225.162.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip bgp Use the show ip bgp command to display a summary of the BGP table. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Functional Notes Entries that are not filtered by prefix lists are marked with an asterisk (*) to show they are valid. Entries that are deemed the best path to advertised route are marked with a caret (>).
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip bgp [ | ] Use the show ip bgp command to display details about the specified route, including the advertising router IP address, router ID, and the list of neighbors to which this route is being advertised. Syntax Description Shows only routes for the specified network. Optional. Shows only routes for the specified network matching the prefix length (e.g.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip bgp neighbors Use the show ip bgp neighbors command to display information for the specified neighbor. Variations of this command include the following: show ip bgp neighbors show ip bgp neighbors show ip bgp neighbors [advertised-routes | received-routes | routes] Syntax Description Displays information for the specified neighbor.
SROS Command Line Interface Reference Guide Enable Mode Command Set Usage Examples The following are output variations of the show ip bgp neighbors command: #show ip bgp neighbors BGP neighbor is 10.15.43.17, remote AS 100, external link Configured hold time is 180, keepalive interval is 60 seconds Default minimum time between advertisement runs is 30 seconds Connections established 6; dropped 5 Last reset: Interface went down Connection ID: 15 BGP version 4, remote router ID 8.1.1.
SROS Command Line Interface Reference Guide *> 1.0.0.0/8 *> 2.0.0.0/9 10.15.43.17 10.15.43.17 Enable Mode Command Set 1 100 i 1 100 i #show ip bgp neighbors 10.15.43.17 routes BGP local router ID is 10.0.0.1, local AS is 101. Status codes: * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 1.0.0.0/8 *> 2.0.0.0/9 5991-2114 NextHop 10.15.43.17 10.15.43.17 Metric Path 1 100 i 1 100 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip dhcp-client lease Use the show ip dhcp-client lease command to display all Dynamic Host Client Protocol (DHCP) lease information for interfaces that have dynamically assigned IP addresses. Syntax Description Optional. Displays the information for the specified interface. Type show ip dhcp-client lease ? for a complete list of applicable interfaces.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip dhcp-server binding Use the show ip dhcp-server binding command to display the Dynamic Host Client Protocol (DHCP) server client table with associated information. Syntax Description Optional. Specify a particular client IP address. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip igmp groups Use the show ip igmp groups command to display the multicast groups that have been registered by directly connected receivers using IGMP. If no group-address is specified, all groups are shown with this command. Syntax Description Optional. IP address of a multicast group. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip igmp interface Use the show ip igmp interface command to display multicast-related information per-interface. If no interface is specified, this command shows information for all interfaces. Syntax Description Optional. Designates the display of information for a specific interface (in the format type slot/port). Enter the show ip igmp interface ? command for a complete list of interfaces.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip interfaces [ | brief] Use the show ip interfaces command to display the status information for all IP interfaces (or a specific interface). Syntax Description Optional. Enter a specific interface to view its status information. If no interface is entered, status information for all interfaces is displayed. Type show ip interfaces ? for a complete list of applicable interfaces.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip mroute [ | ] [summary] Use the show ip mroute command to display IP multicasting routing table information. Syntax Description Optional. IP address of a multicast group. Optional. Designates the display of parameters for a specific interface (in the format type slot/port). For example: eth 0/1. summary Optional.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip ospf Use the show ip ospf command to display general information regarding OSPF processes. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following is a sample output from the show ip ospf command: >enable #show ip ospf Summary of OSPF Process with ID: 192.2.72.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip ospf database Use the show ip ospf database command to display information from the OSPF database regarding a specific router. There are several variations of this command which you can use to obtain information about different OSPF link state advertisements.
SROS Command Line Interface Reference Guide Enable Mode Command Set Functional Notes The link-state-id differs depending on whether the link state advertisement in question describes a network or a router. If describing a network, this ID is one of the following: • The network’s IP address. This is true for type 3 summary link advertisements and in autonomous system external link advertisements. • An address obtained from the link state ID.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip ospf interface Use the show ip ospf interface command to display OSPF information for a specific interface. Syntax Description Optional. Enter the interface type. Type show ip ospf interface ? for a complete list of applicable interfaces. Optional. Enter the interface number. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip ospf neighbor [detail] Use the show ip ospf neighbor command to display OSPF neighbor information for a specific interface. Syntax Description Optional. Enter the interface type (i.e., eth, ppp, etc.). Optional. Enter the interface number. Optional. Enter a specific neighbor’s router ID. detail Optional.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip ospf summary-address Use the show ip ospf summary-address command to display a list of all summary address redistribution information for the system. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples >enable #show ip ospf summary-address 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip policy-class Use the show ip policy-class command to display a list of currently configured access policies. See ip policy-class max-sessions on page 293 for information on configuring access policies. Syntax Description Optional. Enter a specific policy class name to display information for a single policy. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip policy-sessions Use the show ip policy-sessions command to display a list of current policy class associations. See ip policy-class max-sessions on page 293 for information on configuring access policies. Syntax Description Optional. Enter a specific policy class name to display information for a single policy. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip policy-stats Use the show ip policy-stats command to display a list of current policy class statistics. See ip policy-class max-sessions on page 293 for information on configuring access policies. Syntax Description Optional. Enter a specific policy class name to display information for a single policy. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip prefix-list [detail | summary] Use the show ip prefix-list command to display BGP prefix list information. Syntax Description detail Shows a listing of the prefix list rules and their hit counts. summary Shows information about the entire prefix list. Specifies to display information for a particular prefix list. Default Values No default values are necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip protocols Use the show ip protocols command to display IP routing protocol parameters and statistics. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip route [connected | ospf | rip | static | table | bgp | ] Use the show ip route command to display the contents of the IP route table. Syntax Description connected ospf rip static table bgp Optional. Displays only the IP routes for directly connected networks. Optional. Displays only the IP routes associated with OSPF. Optional.
SROS Command Line Interface Reference Guide Enable Mode Command Set Gateway of last resort is 10.15.43.17 to network 0.0.0.0 B B B B B B B 1.0.0.0/8 [30/0] via 10.15.43.17, fr 1.17 2.0.0.0/9 [30/0] via 10.15.43.17, fr 1.17 2.128.0.0/10 [30/0] via 10.15.43.17, fr 1.17 2.192.0.0/11 [30/0] via 10.15.43.17, fr 1.17 2.224.0.0/12 [30/0] via 10.15.43.17, fr 1.17 2.240.0.0/13 [30/0] via 10.15.43.17, fr 1.17 2.248.0.0/14 [30/0] via 10.15.43.17, fr 1.
SROS Command Line Interface Reference Guide Enable Mode Command Set show ip traffic Use the show ip traffic command to display all IP traffic statistics. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show lldp Use the show lldp command to display LLDP timer configuration. Syntax Description No subcommands. Default Values No default values are necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show lldp device Use the show lldp device command to display specific neighbor information about a given neighbor. Syntax Description Specifies the system name of the neighbor to display. Default Values No default values are necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show lldp interface Use the show lldp interface command to display LLDP configuration and statistics for interfaces on this device. Syntax Description Displays the information for the specified interface. Type show lldp interface ? for a complete list of applicable interfaces. Default Values No default values are necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show lldp neighbors interface detail Use the show lldp neighbors interface command to display information about neighbors of this device learned about via LLDP. Syntax Description Displays the information for the specified interface. Type show lldp neighbors interface ? for a complete list of applicable interfaces. detail Shows detailed information about all neighbors to this device.
SROS Command Line Interface Reference Guide Enable Mode Command Set Usage Examples The following example shows detailed information about a device’s neighbors: #show lldp neighbors interface eth 0/2 detail Chassis ID: 00:A0:C8:02:DD:2A (MAC Address) System Name: Router Device Port: eth 0/1 (Locally Assigned) Holdtime: 38 Platform: 3305 Software: Version: 08.00.22.sw1.
SROS Command Line Interface Reference Guide Enable Mode Command Set show lldp neighbors statistics Use the show lldp neighbors statistics command to display statistics about LLDP neighbor table actions. Syntax Description No subcommands. Default Values There are no default values necessary for this command. Command Modes # Enable Command Mode Functional Notes This command shows information about the changes in this device’s neighbor table.
SROS Command Line Interface Reference Guide Enable Mode Command Set show memory [heap] Use the show memory heap command to display statistics regarding memory including memory allocation and buffer use statistics. Shows how memory is in use (broken down by memory size) and how much memory is free. Syntax Description heap Shows how much memory is in use (broken down by memory block size) and how much memory is free. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide 12 65520 3 0 30 13 131056 0 0 0 5991-2114 Enable Mode Command Set © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set show output-startup Use the show output-startup command to display startup configuration output line-by-line. This output can be copied into a text file and then used as a configuration editing tool. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show port-auth supplicant [interface | summary] Use the show port-auth command to display supplicant information pertaining to port authentication. The supplicant is the port that will receive services from the port authenticator. Syntax Description interface Optional. Shows port authorization supplicant information related to a specific interface.
SROS Command Line Interface Reference Guide Enable Mode Command Set show pppoe Use the show pppoe command to display all pppoe settings and associated parameters. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show processes cpu Use the show processes cpu command to display information regarding any processes that are currently active. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following is a sample output from the show processes cpu command: >enable #show processes cpu processes cpu System load: 7.07% Min: 0.00% Max 85.
SROS Command Line Interface Reference Guide Enable Mode Command Set show qos map The show qos map command outputs information about the QoS map. This information differs based on how a particular map entry is defined. Variations of this command include the following: show qos map show qos map interface show qos map
SROS Command Line Interface Reference Guide Enable Mode Command Set packets matched by map: 4326 map entry 60 match IP packets with a dscp value of 2 set dscp value to 6 packets matched by map: 0 map entry 70 match NetBEUI frames being bridged by the router priority bandwidth: 150 (kilobits/sec) burst: default packets matched by map: 0 qos map tcp_map map entry 10 match ACL tcp priority bandwidth: 10 (kilobits/sec) burst: default set precedence value to 5 packets matched by map: 0 map entry 20 match IP pa
SROS Command Line Interface Reference Guide Enable Mode Command Set priority bandwidth: 150 (kilobits/sec) burst: default packets matched by map: 0 The following example shows a particular qos map entry (in this case map entry 10): #show qos map priority 10 qos map priority map entry 10 match IP packets with a precedence value of 6 priority bandwidth: 400 (kilobits/sec) burst: default packets matched by map: 125520 The following examples show qos map interface stats associated with the map defined for an
SROS Command Line Interface Reference Guide Enable Mode Command Set show queue [atm | frame-relay | ppp ] Use the show queue command to display conversation information associated with an interface queue. This command shows summary and per-conversation information. Syntax Description Specifies the numerical virtual Frame Relay interface or PPP identifying label. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show queuing [fair] Use the show queuing command to display information associated with configured queuing methods. Syntax Description fair Optional keyword used to display only information on the weighted fair queuing configuration. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show radius statistics Use the show radius statistics command to display various statistics from the RADIUS subsystem. These statistics include number of packets sent, number of invalid responses, number of timeouts, average packet delay, and maximum packet delay. Statistics are shown for both authentication and accounting packets. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show snmp Use the show snmp command to display the system Simple Network Management Protocol (SNMP) parameters and current status of SNMP communications. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show sntp Use the show sntp command to display the system Simple Network Time Protocol (SNTP) parameters and current status of SNTP communications. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes > or # Basic or Enable Command Mode Usage Examples > show sntp 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set show spanning-tree Use the show spanning-tree command to display the status of the spanning-tree protocol. Syntax Description Optional. Display spanning-tree for a specific bridge group. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show startup-config Use the show startup-config command to display a text printout of the startup configuration file stored in NVRAM. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set shutdown ! interface dds 1/1 shutdown ! interface bri 1/2 shutdown ! ! ip access-list standard MatchAll permit host 10.3.50.6 permit 10.200.5.0 0.0.0.255 ! ! ip access-list extended UnTrusted deny icmp 10.5.60.0 0.0.0.255 any source-quench deny tcp any any ! no ip snmp agent ! ! ! 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set show startup-config checksum Use the show startup-config checksum command to display the MD5 checksum of the unit’s startup configuration. Syntax Description No subcommands. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set show tcp info Use the show tcp info command to display TCP control block information in the Secure Router OS. This information is for troubleshooting and debug purposes only. For more detailed information, you can optionally specify a particular TCP control block.
SROS Command Line Interface Reference Guide Enable Mode Command Set show users Use the show users command to display the name (if any) and state of users authenticated by the system. Displayed information includes: • • • • • Connection location (for remote connections this includes TCP information) Username of authenticated user Current state of the login (in process or logged in) Current enabled state Time the user has been idle on the connection Syntax Description No subcommands.
SROS Command Line Interface Reference Guide Enable Mode Command Set show version Use the show version command to display the current Secure Router OS version information. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes > or # Basic or Enable Command Mode Usage Examples The following is a sample show version output: >enable #show version ProCurve Secure Router 7203dl SROS Version: 08.01.04.HP.
SROS Command Line Interface Reference Guide Enable Mode Command Set telnet
Use the telnet command to open a Telnet session (through the Secure Router OS) to another system on the network. Syntax Description Specifies the IP address of the remote system. Default Values No default value necessary for this command. Command Modes > or # Basic or Enable Command Mode Usage Examples The following example opens a Telnet session with a remote system (10.200.4.15): >enable #telnet 10.200.4.SROS Command Line Interface Reference Guide Enable Mode Command Set terminal length The terminal length command sets the number of rows (lines) for a terminal session. Use the no form of this command to disable this feature. This command is only valid for the current session and returns to the default (24 rows) when the session closes. Syntax Description No subcommands. Default Values The default setting for this command is 24 rows.
SROS Command Line Interface Reference Guide Enable Mode Command Set traceroute
Use the traceroute command to display the IP routes a packet takes to reach the specified destination. Syntax Description Optional. Specifies the IP address of the remote system to trace the routes to. Default Values No default value necessary for this command. Command Modes > or # Basic or Enable Command Mode Usage Examples The following is a sample traceroute output: >enable #traceroute 192.168.0.SROS Command Line Interface Reference Guide Enable Mode Command Set undebug all Use the undebug all command to disable all activated debug messages. Syntax Description No subcommands. Default Values No default value necessary for this command. Command Modes # Enable Command Mode Usage Examples The following example disabled all activated debug messages: >enable #undebug all 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Enable Mode Command Set wall Use the wall command to send messages to all users currently logged in to the Secure Router OS unit. Syntax Description No subcommands. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide Enable Mode Command Set write [erase | memory | network | terminal] Use the write command to save the running configuration to the unit’s NVRAM or a TFTP server. Also use the write command to clear NVRAM or to display the running configuration on the terminal screen. Entering the write command with no other arguments copies your configuration changes to the unit’s nonvolatile random access memory (NVRAM).
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set GLOBAL CONFIGURATION MODE COMMAND SET To activate the Global Configuration Mode, enter the configuration command at the Enable security mode prompt. For example: Router> enable Router#configure terminal Router(config)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging commands begin on page 312 qos commands begin on page 326 radius-server on page 328 radius-server host on page 330 router ospf on page 331 router rip on page 332 snmp-server commands begin on page 334 sntp server
version <1-3> on page 345 username password on page 354 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.SROS Command Line Interface Reference Guide Global Configuration Mode Command Set aaa authentication [banner | fail-message | password-prompt | username-prompt] Use the aaa authentication command to control various features of the AAA subsystem authentication process. For more detailed information on AAA functionality, refer to the Technology Review section of the command aaa on on page 206. Syntax Description banner Sets the banner shown before user authentication is attempted.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set aaa authentication enable default [none | line | enable | groupname] Use the aaa authentication enable default command to create (or change) the list of methods used for privileged mode access authentication. For more detailed information on AAA functionality, refer to the Technology Review section of the command aaa on on page 206. Syntax Description none Access automatically granted. line Use the line password.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set aaa authentication login [none | line | enable | local | group] Use the aaa authentication login to create (or change) a list of methods for user authentication. For more detailed information on AAA functionality, refer to the Technology Review section of the command aaa on on page 206. Syntax Description Enter the name of the list. none Access automatically granted.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set aaa group server radius Use the aaa group server radius command to group pre-defined RADIUS servers into named lists. For more detailed information on AAA functionality, refer to the Technology Review section of the command aaa on on page 206. Syntax Description Enter the name of the list. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set aaa on Use the aaa on command to activate the AAA subsystem. Use the no form of this command to deactivate AAA. Syntax Description No subcommands. Default Values By default, AAA is not activated. Command Modes (config)# Global Configuration Mode Functional Notes By default, the AAA subsystem is turned off and authentication follows the line technique (local, line, etc.).
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Technology Review (Continued) AAA stands for authentication, authorization, and accounting. The Secure Router OS AAA subsystem currently supports authentication. Authentication is the means by which a user is granted access to the device (router). For instance, a username/password is authenticated before the user can use the CLI. VPN clients can also verify username/password before getting access through the device.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set If the AAA process falls through the list completely, system behavior is based on portal: • • CONSOLE access is granted if the process falls completely through (this prevents a lock-out condition). TELNET and FTP are denied access. 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set aaa processes Use the aaa processes command to set the number of threads available to the AAA subsystem. Use the no form of this command to return to the default setting. For more detailed information on AAA functionality, refer to the Technology Review section of the command aaa on on page 206. Syntax Description Enter the number of threads available to the AAA subsystem. Range: 1-64.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set banner [exec | login | motd] Use the banner command to specify messages to be displayed in certain situations. Use the no form of this command to delete a previously configured banner. Syntax Description exec This command creates a message to be displayed when any exec-level process takes place.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set bridge protocol ieee The bridge protocol ieee command configures a bridge group for the IEEE Spanning Tree Protocol. Use the no form of this command (with the appropriate arguments) to delete this setting. Syntax Description Bridge group number (1 to 255) specified using the bridge command ieee IEEE 802.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set boot config [cflash | flash] [cflash | flash] Use the boot config command to modify system boot parameters. Syntax Description cflash Specifies primary/backup configuration file located in CompactFlash memory. flash Specifies primary/backup configuration file located in flash memory. Specifies the filename of the configuration file (filenames are case-sensitive).
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set boot system [cflash | flash] [cflash | flash] [no-backup | ] Use the boot config command to specify the system image loaded at startup. Syntax Description cflash Specifies primary/backup file located in CompactFlash memory. flash Specifies primary/backup file located in flash memory. Specifies the filename of the image (filenames are case-sensitive) - image files should have a .
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set crypto ca authenticate Use the crypto ca authenticate command to initiate CA authentication procedures. Syntax Description Alphanumeric string up to 32 characters used to specify a CA profile. Default Values No defaults necessary for this command. Command Modes (config)# Global Configuration Mode Functional Notes The type of authentication procedure is based on the enrollment command and its settings.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set vdDOi3GR2RcyNVdGrhYXWY1I5XuB5+NWij8VUQOgfXsJgbEMvPemECeYwQ4ASdhD vw0E8NI2AEkJXsCAvYfXWzujIzAhMAsGA1UdDwQEAwIBhjASBgNVHRMBAf8ECDAG AQH/AgEyMAsGByqGSM44BAMFAAMvADAsAhRa0ao0FbRQeWCc2oC24OZ1YZi8egIU IZhxKAclhXksZHvOj+yIld5x0ec= -----END X509 CERTIFICATE----quit Hash: 4e904504dc4e5b95e08129430e2a0b97ceef0ad1394f905b42df2dfb8f751be0244a711bb0 6eddaa2f07dd640c187f14c16fa0bed28e038b28b6741a880539d6ed06a68b7e324bfdde6f3d0b17 83d94e58
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set crypto ca certificate chain Use the crypto ca certificate chain command to enter the Certificate Configuration for the specified CA. See Certificate Configuration Command Set on page 429 for more information. Syntax Description Alphanumeric string (up to 32 characters) used to specify a CA profile. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set crypto ca enroll Use the crypto ca enroll command to begin CA enrollment procedures. Syntax Description Alphanumeric string (up to 32 characters) used to specify a CA profile. Default Values No defaults necessary for this command. Command Modes (config)# Global Configuration Mode Functional Notes The type of enrollment procedure is based on the enrollment command and its settings.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Usage Examples The following example shows a typical enrollment dialog: (config)#crypto ca enroll MyProfile **** Press CTRL+C to exit enrollment request dialog. **** * Enter signature algorithm (RSA or DSS) [rsa]:rsa * Enter the modulus length to use [512]:1024 * Enter the subject name as an X.500 (LDAP) DN:CN=Router,C=US,L=Huntsville,S=AL --The subject name in the certificate will be CN=CN=Router,C=US,L=Huntsville,S=AL.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set crypto ca import certificate Use the crypto ca import certificate command to import a certificate manually via the console terminal. Syntax Description Alphanumeric string (up to 32 characters) used to specify a CA profile. Default Values No defaults necessary for this command. Command Modes (config)# Global Configuration Mode Functional Notes Puts CLI in mode where the certificate can be entered manually.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Ly90c3JvdXRlci9DZXJ0RW5yb2xsL3Rzcm91dGVyX3Rzcm91dGVyLmNydDA+Bggr BgEFBQcwAoYyZmlsZTovL1xcdHNyb3V0ZXJcQ2VydEVucm9sbFx0c3JvdXRlcl90 c3JvdXRlci5jcnQwDQYJKoZIhvcNAQEFBQADQQBSGD4JbGJGk53qvyy0xXVoMQvy U8xNjUdvWqjgFOI+2m8ZYJcfhnt11rbP2f3Wm9TpjLe1WuBNxmpNjC9A2ab0 -----END CERTIFICATE----Success! 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set crypto ca import crl Use the crypto ca import crl command to import a CRL manually via the console terminal. Syntax Description Alphanumeric string (up to 32 characters) used to specify a CA profile. Default Values No defaults necessary for this command. Command Modes (config)# Global Configuration Mode Functional Notes Puts CLI in a mode where the CRL can be entered manually.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set crypto ca profile Use the crypto ca profile command to define a CA and to enter the CA Profile Configuration. See CA Profile Configuration Command Set on page 418 for more information. Syntax Description Alphanumeric string (up to 32 characters) used to create a CA profile.’ Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set crypto ike Use the crypto ike command to define the system-level local ID for IKE negotiations and to enter the IKE Client or IKE Policy command sets.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set This example assumes that the Secure Router OS product has been configured with a WAN IP Address of 63.97.45.57 on interface ppp 1 and a LAN IP Address of 10.10.10.254 on interface ethernet 0/1. The Peer Private IP Subnet is 10.10.20.0. For more detailed information on VPN configuration, refer to the VPN Configuration Guide located on the Secure Router OS Documentation CD provided with your unit.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set (config)#crypto ike policy 10 (config-ike)#no local-id (config-ike)#peer 63.105.15.129 (config-ike)#initiate aggressive (config-ike)#respond anymode (config-ike)#attribute 10 (config-ike-attribute)#encryption 3des (config-ike-attribute)#hash sha (config-ike-attribute)#authentication pre-share (config-ike-attribute)#group 1 (config-ike-attribute)#lifetime 86400 Step 5: Define the remote-id settings.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set sets will be used to encrypt and/or authenticate the traffic on that VPN tunnel. It also specifies the lifetime of all created IPSec Security Associations. (config)#crypto map corporate_vpn 1 ipsec-ike (config-crypto-map)#match address corporate_traffic (config-crypto-map)#set peer 63.105.15.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set crypto ike remote-id Use the crypto ike remote-id command to specify the remote ID and to associate a pre-shared key with the remote ID. Note For VPN configuration example scripts, refer to the technical support note VPN Configuration Guide located on the ProCurve SROS Documentation CD provided with your unit. Syntax Description address Specifies a remote ID of IPv4 type.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Functional Notes The fqdn and user-fqdn line can include wildcard characters. The wildcard characters are "*” for a 0 or more character match and "?" for a single character match. Currently, the "?" cannot be set up using the CLI, but it can be transferred to the unit via the startup-config. Example for user-fqdn: john*@domain.com will match: johndoe@domain.com johnjohn@myemail.com john@myemail.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Example for typical asn1-dn format with wildcards used to match a portion of a field: crypto ike remote-id asn1-dn "CN=My*, C=US, S=CA, L=Roseville, O=HP, OU=TechSupport" (matches remote ID strings with all fields exactly the same, but with any CN field beginning with "My") Usage Examples The following example assigns a remote ID of 63.97.45.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set crypto ipsec transform-set Use the crypto ipsec transform-set command to define the transform configuration for securing data (e.g., esp-3des, esp-sha-hmac, etc.). The transform-set is then assigned to a crypto map using the map’s set transform-set command. See set transform-set on page 404.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Usage Examples The following example first creates a transform-set (Set1) consisting of two security algorithms (up to three may be defined), and then assigns the transform-set to a crypto map (Map1): (config)#crypto ipsec transform-set Set1 esp-3des esp-sha-hmac (cfg-crypto-trans)#exit (config)#crypto map Map1 1 ipsec-ike (config-crypto-map)#set transform-set Set1 5991-2114 © Copyright 2005 Hewlett-Packard Development Com
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set crypto map Use the crypto map command to define crypto map names and numbers and to enter the associated (either Crypto Map IKE or Crypto Map Manual).
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set When you apply a crypto map to an interface (using the crypto map command within the interface’s), you are applying all crypto maps with the given map name. This allows you to apply multiple crypto maps if you have created maps which share the same name but have different map index numbers.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set enable password [md5] Use the enable password command to define a password (with optional encryption) for accessing the Enable Mode. Use the no enable password command to remove a configured password. Note To prevent unauthorized users from accessing the configuration functions of your device, immediately install an Enable-level password. Syntax Description md5 Optional.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set event-history on Use the event-history on command to enable event logging for the Secure Router OS system. Event log messages will not be recorded unless this command has been issued (regardless of the event-history priority configured). The event log may be displayed using the show event-history command. Use the no form of this command to disable the event log. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set event-history priority [error | fatal | info | notice | warning] Use the event-history priority command to set the threshold for events stored in the event history. All events with the specified priority or higher will be kept for viewing in the local event log. The event log may be displayed using the show event-history command. Use the no form of this command to keep specified priorities from being logged.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set 2002.07.12 15:34:02 T1.t1 1/1 No Alarms 2002.07.12 15:34:02 INTERFACE_STATUS.t1 1/1 changed state to up. 2002.07.12 15:34:03 INTERFACE_STATUS.eth 0/1 changed state to up. 2002.07.12 15:34:10 OPERATING_SYSTEM Warm Start 2002.07.12 15:34:12 PPP.NEGOTIATION LCP up 2002.07.12 15:34:12 PPP.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ftp authentication Use the ftp authentication command to attach AAA login authentication lists to the FTP server (see aaa authentication login [none | line | enable | local | group] on page 204 for more information). This list is only used if the AAA subsystem has been activated with the aaa on command.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set hostname Creates a name used to identify the unit. This alphanumeric string should be used as a unique description for the unit. This string will be displayed in all prompts.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set interface Activates the Interface Configuration Mode for the listed physical interface. Syntax Description Identifies the physical port type of the installed Interface Module, Backup Module or Ethernet port. Type interface ? for a complete list of valid interfaces. Specifies an interface based on its physical location (slot and port).
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set interface frame-relay
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set (config-fr 7)#interface fr 7.22 (config-fr 7.22)#frame-relay interface-dlci 30 (config-fr 7.22)#ip address 193.44.69.1 255.255.255.252 Step 3: (VALID ONLY FOR T1 INTERFACES) Specify the group of DS0s used for signaling on the T1 interface by creating a tdm-group. Group any number of aggregate DS0s together to create a data pipe for layer 2 signaling.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set interface hdlc
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Step 4: Make the association between the layer 2 endpoint and the physical interface using the bind command. Supported layer 2 protocols include Frame Relay, point-to-point protocol (PPP), and HDLC. For example, the following creates a bind (labeled 5) to make an association between the HDLC virtual interface (hdlc 7) and the tdm-group configured on interface t1 1/1 (tdm-group 9).
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set interface loopback
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set interface ppp
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Step 4: Make the association between the layer 2 endpoint and the physical interface using the bind command. Supported layer 2 protocols include Frame Relay and point-to-point protocol (PPP). For example, the following creates a bind (labeled 5) to make an association between the PPP virtual interface (ppp 7) and the tdm-group configured on interface t1 1/1 (tdm-group 9).
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set interface tunnel Use the interface tunnel command to create a virtual tunnel interface and enters the Tunnel Configuration command set. See Tunnel Configuration Command Set on page 778 for details. Use the no form of this command to delete a configured virtual tunnel interface. Syntax Description Specifies the numerical tunnel interface identifying label (valid range: 1 to 1024).
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Usage Examples The following example creates a tunnel interface (labeled 1) and enters the Tunnel Configuration mode: (config)#interface tunnel 1 (config-tunnel 1)# 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip access-list extended Use the ip access-list extended command to create an empty access list and enter the extended access-list. Use the no form of this command to delete an access list and all the entries contained in it.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Syntax Description (Continued) Optional.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Syntax Description (Continued) netbios-dgm (Port 138) time (Port 37) netbios-ns (Port 137) who (Port 513) netbios-ss (Port 139) xdmcp (Port 177) The following is the list of TCP port numbers that may be identified using the text name (in bold): bgp (Port 179) lpd (Port 515) chargen (Port 19) nntp (Port 119) cmd (Port 514) pim-auto-rp (Port 496) daytime (Port 13) pop2 (Port 109) discard (Port 9) pop3 (Port 110)
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Syntax Description (Continued) Optional. Only valid when is tcp or udp (See previously listed for more details) Optional. Filter packets using ICMP defined (and numbered) messages carried in IP datagrams (used to send error and control information). Valid range is 0 to 255. Optional.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Functional Notes Access control lists (ACLs) are used as packet selectors by other Secure Router OS systems; by themselves they do nothing. ACLs are composed of an ordered list of entries with an implicit deny all at the end of each list. An ACL entry contains two parts: an action (permit or deny) and a packet pattern. A permit ACL is used to allow packets (meeting the specified pattern) to enter the router system.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set 2. Using the host to specify a single host address. For example, entering permit 196.173.22.253 will allow all traffic from the host with an IP address of 196.173.22.253. 3. Using the format to match all IP addresses in a “range”. Wildcard masks work in reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a “don’t care”. For example, entering deny 192.168.0.0 0.0.0.
SROS Command Line Interface Reference Guide Caution Global Configuration Mode Command Set Before applying an access control policy to an interface, verify your Telnet connection will not be affected by the policy. If a policy is applied to the interface you are connecting through and it does not allow Telnet traffic, your connection will be lost. Step 4: Apply the created access control policy to an interface.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip access-list standard Use the ip access-list standard command to create an empty access list and enter the standard access-list. Use the no form of this command to delete an access list and all the entries contained in it.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ACLs are performed in order from the top of the list down. Generally the most specific entries should be at the top and the most general at the bottom. The following commands are contained in the access-list standard: remark Use the remark command to associate a descriptive tag (up to 80 alphanumeric characters encased in quotation marks) to the access-list.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Usage Examples The following example creates an access list UnTrusted to deny all packets from the 190.72.22.248/30 network: (config)#ip access-list standard UnTrusted (config-std-nacl)#deny 190.72.22.248 0.0.0.3 For more details, refer to the ProCurve SROS Documentation CD for technical support notes regarding access-list configuration.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set discard list policy All packets passed by the access list(s) entered and destined for the interface using the access policy listed will be blocked from the router system. This allows for configurations to deny packets on a specified interface.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip classless Use the ip classless command to forward classless packets to the best supernet route available. A classless packet is a packet addressed for delivery to a subnet of a network with no default network route. Syntax Description No subcommands. Default Values By default, this command is enabled.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip crypto Use the ip crypto command to enable Secure Router OS VPN functionality and allow crypto maps to be added to interfaces. Use the no form of this command to disable the VPN functionality. Note Disabling the Secure Router OS security features (using the no ip crypto command) does not affect VPN configuration settings (with the exception of the removal of all crypto maps from the interfaces).
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip default-gateway Use the ip default-gateway command to specify a default gateway if (and only if) IP routing is NOT enabled on the unit. Use the ip route command to add a default route to the route table when using IP routing functionality. See ip route on page 302 for more information.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip dhcp-server excluded-address Use the ip dhcp-server excluded-address command to specify IP addresses that cannot be assigned to DHCP clients. Use the no form of this command to remove a configured IP address restriction. Syntax Description Specifies the lowest IP address (using dotted decimal notation) in the range OR a single IP address to be excluded. Optional.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip dhcp-server ping packets <#packets> Use the ip dhcp-server ping packets command to specify the number of ping packets the DHCP server will transmit before assigning an IP address to a requesting DHCP client. Transmitting ping packets verifies that no other hosts on the network are currently configured with the specified IP address.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip dhcp-server ping timeout Use the ip dhcp-server ping timeout command to specify the interval (in milliseconds) the DHCP server will wait for a response to a transmitted DHCP ping packet. The DHCP server transmits ping packets before assigning an IP address to a requesting DHCP client.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip dhcp-server pool Use the ip dhcp-server pool command to create a DHCP address pool and enter the DHCP pool. Use the no form of this command to remove a configured DHCP address pool. See the section DHCP Pool Command Set on page 355 for more information.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip domain-lookup Use the ip domain-lookup command to enable the IP DNS (domain naming system), allowing DNS-based host translation (name-to-address). Use the no form of this command to disable DNS. Syntax Description No subcommands. Default Values By default, this command is enabled.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip domain-name Use the ip domain-name command to define a default IP domain name to be used by the Secure Router OS to resolve host names. Use the no form of this command to disable this function. Syntax Description Default IP domain name used to resolve unqualified host names. Do not include the initial period that separates the unresolved name from the default domain name.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip domain-proxy Use the ip domain-proxy command to enable DNS proxy for the router. This enables the router to act as a proxy for other units on the network. Syntax Description No subcommands. Default Values By default, this command is disabled. Command Modes (config)# Global Configuration Mode required Functional Notes When this command is enabled, incoming DNS requests will be handled by the router.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip firewall Use the ip firewall command to enable Secure Router OS security features including access control policies and lists, Network Address Translation (NAT), and the stateful inspection firewall. Use the no form of this command to disable the security functionality. Note Disabling the Secure Router OS security features (using the no ip firewall command) does not affect security configuration.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Functional Notes (Continued) This command enables firewall processing for all interfaces with a configured policy class. Firewall processing consists of the following functions: Attack Protection: Detects and discards traffic that matches profiles of known networking exploits or attacks.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Technology Review Concepts: Access control using the Secure Router OS firewall has two fundamental parts: Access Control Lists (ACLs) and Access Policy Classes (ACPs). ACLs are used as packet selectors by other Secure Router OS systems; by themselves they do nothing. ACPs consist of a selector (ACL) and an action (allow, discard, NAT). ACPs integrate both allow and discard policies with NAT.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Case 4: Packets from interfaces without a configured policy class to other interfaces without a configured policy class This traffic is routed normally. The ip firewall command has no effect on this traffic. Attack Protection: When the ip firewall command is enabled, firewall attack protection is enabled. The Secure Router OS blocks traffic (matching patterns of known networking exploits) from traveling through the device.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Invalid Traffic Pattern Manually OS Firewall Response Enabled? Common Attacks Attacks that send TCP URG packets Yes Any TCP packets that have the URG flag set are discarded by the firewall. Winnuke, TCP XMAS Scan Falsified IP Header Attacks No The firewall verifies that the packet’s actual length matches the length indicated in the IP header. If it does not, the packet is dropped.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Application Specific Processing: The following applications and protocols require special processing to operate concurrently with NAT/firewall functionality. The Secure Router OS firewall includes ALGs for handling these applications and protocols: AOL Instant Messenger (AIM®) VPN ALGS: ESP and IKE FTP H.323: H.245 Q.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip firewall alg [ftp | pptp | sip] Use the ip firewall alg command to enable the application level gateway (ALG) for a particular application. Use the no form of this command to disable ALG for the application. Syntax Description ftp Enables the FTP ALG. pptp Enables the PPTP ALG. sip Enables the SIP ALG. Default Values By default, the ALG for FTP, PPTP, and SIP are enabled.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip firewall check reflexive-traffic Use the ip firewall check reflexive-traffic command to enable the Secure Router OS stateful inspection firewall to process traffic from a primary subnet to a secondary subnet on the same interface through the firewall. Use the no form of this command to disable this feature.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip firewall attack-log threshold Use the ip firewall attack-log threshold command to specify the number of attack mounting attempts the Secure Router OS will identify before generating a log message. Use the no form of this command to return to the default threshold. Note The Secure Router OS security features must be enabled (using the ip firewall command) for the stateful inspection firewall to be activated.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip firewall check syn-flood Use the ip firewall check syn-flood command to enable the Secure Router OS stateful inspection firewall to filter out phony TCP service requests and allow only legitimate requests to pass through. Use the no form of this command to disable this feature.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip firewall check winnuke Use the ip firewall check winnuke command to enable the Secure Router OS stateful inspection firewall to discard all Out of Band (OOB) data (to protect against WinNuke attacks). Use the no form of this command to disable this feature. Note The Secure Router OS security features must be enabled (using the ip firewall command) for the stateful inspection firewall to be activated.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip firewall policy-log threshold Use the ip firewall policy-log threshold command to specify the number of connections required by an access control policy before the Secure Router OS will generate a log message. Use the no form of this command to return to the default threshold.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip forward-protocol udp Use the ip forward-protocol udp command to specify the protocols and ports the Secure Router OS allows when forwarding broadcast packets. Use the no form of this command to disable a specified protocol or port from being forwarded.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Functional Notes (Continued) Use this command to configure the Secure Router OS to forward UDP packets across the WAN link to allow remote devices to connect to a UDP service on the other side of the WAN link. Usage Examples The following example forwards all Domain Name Server broadcast traffic to the DNS server with IP address 192.33.5.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip ftp access-class in Use the ip ftp access-class in command to assign an access policy to all self-bound File Transfer Protocol (FTP) sessions. Syntax Description Specifies the configured access policy (ACP) to apply to inbound FTP traffic Default Values By default, all ftp access is allowed.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip ftp agent Use the ip ftp agent command to enable the file transfer protocol (FTP) agent. Syntax Description No subcommands. Default Values By default, the FTP agent is enabled. Command Modes (config)# Global Configuration Mode required Usage Examples The following example enables the IP FTP agent: (config)#ip ftp agent 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip ftp source-interface Use the ip ftp source-interface command to use the specified interface’s IP address as the source IP address for FTP traffic transmitted by the unit. Use the no form of this command if you do not wish to override the normal source IP address. Syntax Description Enter the interface to be used as the source IP address for FTP traffic.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip host Use the ip host command to define an IP host name. This allows you to statically map host names and addresses in the host cache. Use the no form of this command to remove defined maps. Syntax Description Name of the host. IP address associated with this IP host. Default Values By default, the host table is empty.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip igmp join Use the ip igmp join command to instruct the router stack to join a specific group. The stack may join multiple groups. Syntax Description IP address of a multicast group. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip mcast-stub helper-address Use the ip mcast-stub helper-address command to specify an IP address toward which IGMP host reports and leave messages are forwarded. This command is used in IP multicast stub applications in conjunction with the ip mcast-stub downstream and ip mcast-stub upstream commands. Use the no form of this command to return to default.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip multicast-routing Use the ip multicast routing command to enable the multicast router process. The command does not affect other multicast-related configuration. Use the no form of this command to disable. Disabling this command prevents multicast forwarding but does not remove other multicast commands and processes. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip name-server [server-address2....server-address6] Use the ip name-server command to designate one or more name servers to use for name-to-address resolution. Use the no form of this command to remove any addresses previously specified. Syntax Description Enter up to six name-server addresses. Default Values By default, no name servers are specified.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip policy-class max-sessions Use the ip policy-class command to create an access control policy and enter the access control policy. Use the no form of this command to delete an access policy and all the entries contained in it.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Functional Notes Secure Router OS access control policies are used to allow, discard, or manipulate (using NAT) data for each physical interface. Each ACP consists of a selector (access list) and an action (allow, discard, NAT). When packets are received on an interface, the configured ACPs are applied to determine whether the data will be processed or discarded.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Technology Review Creating access policies and lists to regulate traffic through the routed network is a four-step process: Step 1: Enable the security features of the Secure Router OS using the ip firewall command. Step 2: Create an access list to permit or deny specified traffic. Standard access lists provide pattern matching for source IP addresses only. (Use extended access lists for more flexible pattern matching.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip policy-timeout Use multiple ip policy-timeout commands to customize timeout intervals for protocols (TCP UDP ICMP) or specific services (by listing the particular port number). Use the no form of this command to return to the default timeout values. Syntax Description Specifies the data protocol such as ICMP, TCP, or UDP. Optional.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Syntax Description (Continued) *Optional finger (Port 79) tacacs (Port 49) ftp (Port 21) talk (Port 517) ftp-data (Port 20) telnet (Port 23) gopher (Port 70) time (Port 37) hostname (Port 101) uucp (Port 540) ident (Port 113) whois (Port 43) irc (Port 194) www (Port 80) klogin (Port 543) kshell (Port 544) Wait interval (in seconds) before an active session is closed (valid range: 0 to 429496
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Usage Examples The following example creates customized policy timeouts for the following: internet traffic (TCP Port 80) timeout 24 hours (86400 seconds) telnet (TCP Port 23) timeout 20 minutes (1200 seconds) FTP (21) timeout 5 minutes (300 seconds) All other TCP services timeout 8 minutes (480 seconds) (config)#ip policy-timeout tcp www 86400 (config)#ip policy-timeout tcp telnet 1200 (config)#ip policy-timeout tcp ftp 300
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip prefix-list description <“text”> Use the ip prefix-list description command to create and name prefix lists. Syntax Description Specifies a particular prefix list. description Assigns text (set apart by quotation marks) used as a description for the prefix list. Maximum length is 80 characters. Default Values No default values are necessary for this command.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip prefix-list seq [permit | deny] [le | ge ] Use the ip prefix-list seq command to specify a prefix to be matched or a range of mask lengths. Syntax Description Specifies a particular prefix list. Specifies the entry's unique sequence number which determines the processing order. Lower-numbered entries are processed first.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip radius source-interface Use the ip radius source-interface command to specify the NAS (network-attached storage) IP address attribute passed with the RADIUS authentication request packet. Syntax Description Specifies the source interface (in the format type slot/port). Type ip radius source-interface ? for a complete list of interfaces. Default Values By default, no source interface is defined.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip route Use the ip route command to add a static route to the route table. This command can be used to add a default route by entering ip route 0.0.0.0 0.0.0.0 and specifying the interface or IP address. Use the no form of this command to remove a configured static route.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip routing Use the ip routing command to enable the Secure Router OS IP routing functionality. Use the no form of this command to disable IP routing. Syntax Description No subcommands. Default Values By default, IP routing is enabled.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip snmp agent Use the ip snmp agent command to enable the Simple Network Management Protocol (SNMP) agent. Syntax Description No subcommands. Default Values By default, the SNMP agent is disabled. Command Modes (config)# Global Configuration Mode required Functional Notes Allows a MIB browser to access standard MIBs within the product. This also allows the product to send traps to a trap management station.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip sntp source-interface The ip sntp source-interface command to use the specified interface’s IP address as the source IP address for SNTP traffic transmitted by the unit. Use the no form of this command if you do not wish to override the normal source IP address. Syntax Description Enter the interface to be used as the source IP address for SNTP traffic.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip subnet-zero The ip subnet-zero command is the default operation and cannot be disabled. This command signifies the router’s ability to route to subnet-zero subnets. Syntax Description No subcommands. Default Values By default, this command is enabled.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set ip tftp source-interface Use the ip tftp source-interface command to use the specified interface’s IP address as the source IP address for TFTP traffic transmitted by the unit. Use the no form of this command if you do not wish to override the normal source IP address. Syntax Description Enter the interface to be used as the source IP address for TFTP traffic.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set line [console | telnet] Use the line command to enter the line configuration for the specified console or telnet session. See the sections Line (Console) Interface Config Command Set on page 876 and Line (Telnet) Interface Config Command Set on page 887 for information on the subcommands. Syntax Description console Specifies the DB-9 (female) CONSOLE port located on the rear panel of the unit.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Usage Examples The following example begins the configuration for the CONSOLE port located on the rear of the unit: (config)#line console 0 (config-con0)# The following example begins the configuration for all available Telnet sessions: (config)#line telnet 0 4 (config-telnet0-4)# 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set lldp [minimum-transmit-interval l reinitialization-delay l transmit-interval l ttl-multiplier] Use the lldp command to configure global settings that control the way LLDP functions. Syntax Description minimum-transmit-interval Defines the minimum amount of time between transmission of LLDP frames (in seconds).
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Usage Examples The following example sets the LLDP minimum-transmit-interval to 10 seconds: (config)#lldp minimum-transmit-interval 10 The following example sets the LLDP reinitialization-delay to 5 seconds: (config)#lldp reinitialization-delay 5 The following example sets the LLDP transmit-interval to 15 seconds: (config)#lldp transmit-interval 15 The following example sets the LLDP ttl-multiplier to 2 and the time-to-live
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging console Use the logging console command to enable the Secure Router OS to log events to all consoles. Use the no form of this command to disable console logging. Syntax Description No subcommands. Default Values By default, logging console is disabled.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging email address-list ; Use the logging email command to specify one or more email addresses that will receive notification when an event matching the criteria configured using the logging email priority-level command is logged by the Secure Router OS. See logging email priority-level [error | fatal | info | notice | warning] on page 315 for more information.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging email on Use the logging email on command to enable the Secure Router OS email event notification feature. Use the logging email address-list command to specify email address(es) that will receive notification when an event matching the criteria configured using the logging email priority-level command is logged by the Secure Router OS.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging email priority-level [error | fatal | info | notice | warning] Use the logging email priority-level command to set the threshold for events sent to the addresses specified using the logging email address-list command. All events with the specified priority or higher will be sent to all addresses in the list. The logging email on command must be enabled.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging email receiver-ip Use the logging email receiver-ip command to specify the IP address of the email server to use when sending notification that an event matched the criteria configured using the logging email priority-level command. See logging email priority-level [error | fatal | info | notice | warning] on page 315 for related information.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging email sender Use the logging email sender command to specify the sender in an outgoing email message. This name will appear in the From field of the receiver’s inbox. Use the no form of this command to disable this feature. Syntax Description No subcommands. Default Values No default value is necessary for this command.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging email source-interface Use the logging email source-interface command to use the specified interface’s IP address as the source IP address for email messages transmitted by the unit. Use the no form of this command if you do not wish to override the normal source IP address. Syntax Description Enter the interface to be used as the source IP address for email messages.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging facility Use the logging facility command to specify a syslog facility type for the syslog server. Error messages meeting specified criteria are sent to the syslog server. For this service to be active, you must enable log forwarding. See logging forwarding on on page 320 for related information. Facility types are described under Functional Notes below.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging forwarding on Use the logging forwarding on command to enable the Secure Router OS syslog event feature. Use the logging forwarding priority-level command to specify the event matching the criteria used by the Secure Router OS to determine whether a message should be forwarded to the syslog server. See logging forwarding priority-level [error | fatal | info | notice | warning] on page 321 for related information.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging forwarding priority-level [error | fatal | info | notice | warning] Use the logging forwarding priority-level command to set the threshold for events sent to the configured syslog server specified using the logging forwarding receiver-ip command. All events with the specified priority or higher will be sent to all configured syslog servers.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging forwarding receiver-ip Use this logging forwarding receiver-ip command to specify the IP address of the syslog server to use when logging events that match the criteria configured using the logging forwarding priority-level command. Enter multiple logging forwarding receiver-ip commands to develop a list of syslog servers to use.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set logging forwarding source-interface Use the logging forwarding source-interface command to configure the specified interface’s IP address as the source IP address for the syslog server to use when logging events. Use the no form of this command if you do not wish to override the normal source IP address. Syntax Description Enter the interface to be used as the source IP address for event log traffic.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set mac address-table aging-time Use the mac address-table aging-time command to set the length of time dynamic MAC addresses remain in the switch or bridge forwarding table. Use the no form of this command to reset this length to its default. Syntax Description Set an aging time (in seconds) from 10-1000000. Set to 0 to disable the timeout. Default Values By default, the aging time is 300 seconds.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set mac address-table static vlan interface [ethernet | atm] Use the mac address-table static command to insert a static MAC address entry into the MAC address table. Use the no form of this command to remove an entry from the table. Syntax Description Enter a valid 48-bit MAC address. Enter a valid VLAN interface ID (1-4094).
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set qos map Use the qos map command to activate the QoS Map Command Set (which allows you to create and/or edit a QoS map). For details on specific commands, refer to the section Quality of Service (QoS) Map Commands on page 917. Use the no form of this command to delete a map entry. Syntax Description Enter the QoS map name.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Usage Examples The following example demonstrates basic settings for a QoS map and assigns a map to the frame-relay interface: >enable #config terminal (config)#qos map VOICEMAP 10 (config-qos-map)#match precedence 5 (config-qos-map)#priority 512 (config-qos-map)#exit (config)#interface fr 1 (config-fr 1)#qos-policy out VOICEMAP 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set radius-server Use the radius-server command to configure several global RADIUS parameters. Most of these global defaults can be overridden on a per-server basis.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set Functional Notes RADIUS servers (as defined with the radius-server command) may have many optional parameters. However, they are uniquely identified by their addresses and ports. Port values default to 1812 and 1813 for authorization and accounting, respectively. If a server is added to a named group but is not defined by a radius-server command, the server is simply ignored when accessed. Empty server lists are not allowed.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set radius-server host Use the radius-server host to specify the parameters for a remote RADIUS server. At a minimum, the address (IP or DNS name) of the server must be given. The other parameters are also allowed and (if not specified) will take default values or fall back on the global RADIUS server’s default settings. Syntax Description acct-port Sends accounting requests to this remote port.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set router ospf Use the router ospf command to activate OSPF in the router and to enter the OSPF Configuration Mode. See the section Router (OSPF) Configuration Command Set on page 903 for more information. Use the no form of this command to disable OSPF routing. Syntax Description No subcommands. Default Values By default, OSPF is disabled.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set router rip Use the router rip command to enter the RIP Configuration Mode. See the section Router (RIP) Configuration Command Set on page 894 for more information. Syntax Description No subcommands. Default Values No default values necessary for this command.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set route is not received for 180 seconds, the route is marked for deletion. At that point, a 120-second garbage collection (GC) timer is started. During the GC timer, expiration updates are sent with the metric for the timed out route set to 16. If an attached interface goes down, the associated route is immediately (within the same random five-second interval) triggered. The next regular update excludes the failed interface.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set snmp-server chassis-id Use the snmp-server chassis-id command to specify an identifier for the Simple Network Management Protocol (SNMP) server. Use the no form of this command to return to the default value. Syntax Description Alphanumeric string (up to 32 characters in length) used to identify the product.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set snmp-server community view [ro | rw] Use the snmp-server community command to specify a community string to control access to Simple Network Management Protocol (SNMP) information. Use the no form of this command to remove a specified community. Syntax Description Specifies the community string (a password to grant SNMP access). view Optional.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set snmp-server contact Use the snmp-server contact command to specify the SNMP sysContact string. Use the no form of this command to remove a configured contact. Syntax Description “” Alphanumeric string encased in quotes (up to 32 characters in length) used to populate the sysContact string.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set snmp-server enable traps Use the snmp-server enable traps command to enable all Simple Network Management Protocol (SNMP) traps available on your system or specified using the option. Use multiple snmp-server enable traps to enable multiple trap types. Use the no form of this command to disable traps (or the specified traps). Syntax Description Optional.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set snmp-server host
traps Use the snmp-server host traps command to specify traps sent to an identified host. Use multiple snmp-server host traps commands to specify all desired hosts. Use the no form of this command to return to the default value. Syntax Description Specifies the IP address of the SNMP host that receives the traps.SROS Command Line Interface Reference Guide Global Configuration Mode Command Set snmp-server host
traps version Use the snmp-server host traps version command to specify traps sent to an identified host. Use multiple snmp-server host traps version commands to specify all desired hosts. Use the no form of this command to return to the default value. Syntax Description Specifies the IP address of the SNMP host that receives the traps.SROS Command Line Interface Reference Guide Global Configuration Mode Command Set snmp-server location Use the snmp-server location command to specify the Simple Network Management Protocol (SNMP) system location string. Use the no form of this command to return to the default value. Syntax Description “” Alphanumeric string encased in quotation marks (up to 32 characters in length) used to populate the system location string.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set snmp-server management-url Use the snmp-server management-url command to specify the URL for the device’s management software. Use the no form of this command to remove the management URL. Syntax Description Specifies the URL for the management software. Default Values No default is necessary for this command.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set snmp-server management-url-label
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set snmp-server source-interface Use the snmp-server source-interface command to tell the Secure Router OS where to expect SNMP traps to originate from (interface type). All SNMP originated packets (including traps and get/set requests) will use the designated interface’s IP address. Use the no form of this command to remove specified interfaces.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set snmp-server view [excluded | included] Use the snmp-server view command to create or modify a Simple Network Management Protocol (SNMP) view entry. Use the no form of this command to remove an entry. Syntax Description Label for the view record being created. The name is a record reference. Specifies the object identifier (oid) to include or exclude from the view.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set sntp server
version <1-3> Use the sntp server command to set the hostname of the SNTP server as well as the version of SNTP to use. The Simple Network Time Protocol (SNTP) is an abbreviated version of the Network Time Protocol (NTP). SNTP is used to set the time of the Secure Router OS product over a network. The SNTP server usually serves the time to many devices within a network.SROS Command Line Interface Reference Guide Global Configuration Mode Command Set spanning-tree bpduguard default Use the spanning-tree bpduguard default command to enable the bpduguard on all ports by default. Use the no form of this command to disable the setting. Syntax Description No subcommands. Default Values Disabled by default. Command Modes (config)# Global Configuration Mode required Functional Notes The bpduguard blocks any BPDUs from being received on an interface.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set spanning-tree edgeport bpdufilter default Use the spanning-tree edgeport bpdufilter default command to enable the bpdufilter on all ports by default. Use the no form of this command to disable the setting. Syntax Description No subcommands. Default Values Disabled by default.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set spanning-tree forward-time Use the spanning-tree forward-time command to specify the delay interval (in seconds) when forwarding spanning-tree packets. Use the no form of this command to return to the default interval. Syntax Description Forward delay interval in seconds (Range: 4 to 30).
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set spanning-tree hello-time Use the spanning-tree hello-time command to specify the delay interval (in seconds) between hello bridge protocol data units (BPDUs). To return to the default interval, use the no form of this command. Syntax Description Delay interval (in seconds) between hello BPDUs. Range: 0 to 1000000.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set spanning-tree max-age Use the spanning-tree max-age command to specify the interval (in seconds) the spanning-tree will wait to receive Bridge Protocol Data Units (BPDUs) from the root bridge before assuming the network has changed (thus re-evaluating the spanning-tree topology). Use the no form of this command to return to the default interval.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set spanning-tree mode [rstp | stp] Use the spanning-tree mode command to choose a spanning-tree mode of operation. Syntax Description rstp Enables rapid spanning-tree protocol. stp Enables spanning-tree protocol. Default Values By default, this is set to rstp.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set spanning-tree pathcost method [short | long] Use the spanning-tree pathcost command to select a short or long pathcost method used by the spanning-tree protocol. Syntax Description short Choose a short pathcost method. long Choose a long pathcost method. Default Values By default, this is set to short.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set spanning-tree priority Use the spanning-tree priority command to set the priority for spanning-tree interfaces. The lower the priority value, the higher the likelihood the configured spanning-tree interface will be the root for the bridge group. To return to the default bridge priority value, use the no version of this command. Syntax Description Priority value for the bridge interface.
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set username password Use this command to configure the username and password to use for all protocols requiring a username-based authentication system including FTP server authentication, line (login local-user list), and HTTP access.
SROS Command Line Interface Reference Guide DHCP Pool Command Set DHCP POOL COMMAND SET To activate the DHCP Pool , enter the ip dhcp-server pool command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#ip dhcp-server pool MyPool Router(config-dhcp)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide DHCP Pool Command Set client-identifier Use the client-identifier command to specify a unique identifier (in dotted hexadecimal notation) for a Dynamic Host Configuration Protocol (DHCP) client. Use the no form of this command to remove a configured client-identifier.
SROS Command Line Interface Reference Guide DHCP Pool Command Set The Q.922 ADDRESS field is populated using the following: 8 7 6 5 4 3 DLCI (high order) DLCI (lower) FECN BECN 2 1 C/R EA DE EA Where the FECN, BECN, C/R, DE, and high order EA bits are assumed to be 0, and the lower order extended address (EA) bit is set to 1. The following list provides a few example DLCIs and associated Q.922 addresses: DLCI (decimal) / Q.
SROS Command Line Interface Reference Guide DHCP Pool Command Set client-name Use the client-name command to specify the name of a Dynamic Host Configuration Protocol (DHCP) client. Use the no form of this command to remove the configured client name. Syntax Description Note Alphanumeric string (up to 32 characters in length) used to identify the DHCP client (example is client1). The specified client name should not contain the domain name.
SROS Command Line Interface Reference Guide DHCP Pool Command Set default-router
Use the default-router command to specify the default primary and secondary routers to use for the Dynamic Host Configuration Protocol (DHCP) client. Use the no form of this command to remove the configured router. Syntax Description Specifies the address (in dotted decimal notation) of the preferred router on the client’s subnet (example: 192.22.4.254). Optional.SROS Command Line Interface Reference Guide DHCP Pool Command Set dns-server
Use the dns-server command to specify the default primary and secondary Domain Name System (DNS) servers to use for the Dynamic Host Configuration Protocol (DHCP) client. Use the no form of this command to remove the configured DNS server. Syntax Description Specifies the address (in dotted decimal notation) of the preferred DNS server on the network (example: 192.72.4.254).SROS Command Line Interface Reference Guide DHCP Pool Command Set domain-name Use the domain-name command to specify the domain name for the Dynamic Host Configuration Protocol (DHCP) client. Use the no form of this command to remove the configured domain name. Syntax Description Alphanumeric string (up to 32 characters in length) used to identify the DHCP client. Default Values By default, there are no specified domain-names.
SROS Command Line Interface Reference Guide DHCP Pool Command Set hardware-address Use the hardware-address command to specify the name of a Dynamic Host Configuration Protocol (DHCP) client. Use the no form of this command to remove the configured client name. Syntax Description Specifies the hardware address (in hexadecimal notation with colon delimiters) of the preferred router on the client’s subnet (example d2:17:04:91:11:50). Optional.
SROS Command Line Interface Reference Guide DHCP Pool Command Set Usage Examples The following example specifies an Ethernet client with a MAC address of ae:11:54:60:99:10: (config)#ip dhcp-server pool MyPool (config-dhcp)#hardware-address ae:11:54:60:99:10 Ethernet 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide DHCP Pool Command Set host
[ or ] Use the host command to specify the IP address and subnet mask for a manual binding to a Dynamic Host Configuration Protocol (DHCP) client. Use the no form of this command to remove the configured client address. Syntax Description Specifies the IP address (in dotted decimal notation) for a manual binding to a DHCP client. Optional.SROS Command Line Interface Reference Guide DHCP Pool Command Set lease Use the lease command to specify the duration of the lease for an IP address assigned to a Dynamic Host Configuration Protocol (DHCP) client. Use the no form of this command to return to the default lease value. Syntax Description Specifies the duration of the IP address lease in days. Optional. Specifies the number of hours in a lease.
SROS Command Line Interface Reference Guide DHCP Pool Command Set netbios-name-server
Use the netbios-name-server command to specify the primary and secondary NetBIOS Windows Internet Naming Service (WINS) name servers available for use by the Dynamic Host Configuration Protocol (DHCP) clients. Use the no form of this command to remove a configured NetBIOS name server.SROS Command Line Interface Reference Guide DHCP Pool Command Set netbios-node-type Use the netbios-node-type command to specify the type of NetBIOS node used with Dynamic Host Configuration Protocol (DHCP) clients. Use the no form of this command to remove a configured NetBIOS node type. Syntax Description Specifies the NetBIOS node type used with DHCP clients.
SROS Command Line Interface Reference Guide DHCP Pool Command Set network
[ or ] Use the network command to specify the subnet number and mask for an Secure Router OS Dynamic Host Configuration Protocol (DHCP) server address pool. Use the no form of this command to remove a configured subnet. Syntax Description Specifies the IP address (in dotted decimal notation) of the DHCP address pool. Optional.SROS Command Line Interface Reference Guide DHCP Pool Command Set ntp-server Use the ntp-server command to specify the name of the Network Time Protocol (NTP) server published to the client. Syntax Description Specifies the IP address of the NTP server. Default Values By default, no NTP server is defined.
SROS Command Line Interface Reference Guide DHCP Pool Command Set option
SROS Command Line Interface Reference Guide DHCP Pool Command Set tftp-server Use the tftp-server command to specify the IP address or DNS name of the TFTP server published to the client. Syntax Description Specifies the DNS name or dotted notation IP address of the server. Default Values By default, no tftp server is defined.
SROS Command Line Interface Reference Guide DHCP Pool Command Set timezone-offset Use the timezone-offset command to specify the timezone adjustment (in hours) published to the client. Syntax Description Specifies the timezone adjustment (in hours) published to the client. Use an integer from -12 to 12. Default Values No default value necessary for this command.
SROS Command Line Interface Reference Guide IKE Policy Command Set IKE POLICY COMMAND SET To activate the IKE Policy , enter the crypto ike policy command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#crypto ike policy 1 Router(config-ike)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide IKE Policy Command Set attribute Use the attribute command to define attributes for the associated IKE policy. Multiple attributes can be created for a single IKE policy. Once you enter this command, you are in the IKE Policy Attribute . Refer to IKE Policy Attributes Command Set on page 386 for more information. Syntax Description Assign a number (range: 1-65535) to the attribute policy.
SROS Command Line Interface Reference Guide IKE Policy Command Set client authentication host Use the client authentication host command to enable the unit to act as an Xauth host when this IKE policy is negotiated with a peer.
SROS Command Line Interface Reference Guide IKE Policy Command Set client authentication host xauth-type [generic | otp | radius] Use the client authentication host xauth-type command to allow the user to specify the Xauth authentication type if a type other than generic is desired. Syntax Description generic Generic authentication type otp OTP authentication type radius RADIUS authentication type Default Values By default, this is set to generic.
SROS Command Line Interface Reference Guide IKE Policy Command Set client authentication server list Use the client authentication server list command to enable the unit to act as an Xauth server (edge device). Syntax Description Specifies the named list created with the aaa authentication login command. Default Values By default, the router does not act as an Xauth server and extended authentication is not performed.
SROS Command Line Interface Reference Guide IKE Policy Command Set client configuration pool Use the client configuration pool command to configure the Secure Router OS to perform as mode-config server (edge device) when an IKE policy is negotiated.
SROS Command Line Interface Reference Guide IKE Policy Command Set initiate [main | aggressive] Use the initiate command to allow the IKE policy to initiate negotiation (in main mode or aggressive mode) with peers. Use the no form of this command to allow the policy to respond only. Syntax Description main Specify to initiate using main mode. Main mode requires that each end of the VPN tunnel has a static WAN IP address.
SROS Command Line Interface Reference Guide IKE Policy Command Set local-id [address | asn1-dn | fqdn | user-fqdn] Use the local-id command to set the local ID for the IKE policy. This setting overrides the system local ID setting (set in the Global using the crypto ike local-id address command). Syntax Description address Specifies a remote ID of IPv4 type.
SROS Command Line Interface Reference Guide IKE Policy Command Set Usage Examples The following example sets the local ID of this IKE policy to the IPv4 address 63.97.45.57: (config-ike)#local-id address 63.97.45.57 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide IKE Policy Command Set nat-traversal [allow | disable | force] Use the nat-traversal command to allow, force, or disable NAT traversal version 1 and 2 on a specific Ike policy. Syntax Description Enter v1 or v2 to select the NAT traversal version. allow Sets the Ike policy to allow the specified NAT traversal version. disable Sets the Ike policy to disable the specified NAT traversal version.
SROS Command Line Interface Reference Guide IKE Policy Command Set peer [ | any] Use the peer command to enter the IP address of the peer device. Repeat this command for multiple peers. Use the any keyword if you want to set up a policy that will initiate or respond to any peer. Syntax Description Enter a peer IP address. any Allow any peer to connect to this IKE policy. Default Values There are no default settings for this command.
SROS Command Line Interface Reference Guide IKE Policy Command Set Technology Review IKE policies must have a peer address associated with them to allow certain peers to negotiate with the product. This is a problem when you have "roaming" users (those who obtain their IP address using DHCP or some other dynamic means). To allow for "roaming" users, the IKE policy can be set up with peer any to allow any peer to negotiate with the product.
SROS Command Line Interface Reference Guide IKE Policy Command Set respond [main | aggressive | anymode] Use the respond command to allow the IKE policy to respond to negotiations by a peer. Use the no form of this command to allow the policy to only initiate negotiations. Syntax Description main Specify to respond to only main mode. aggressive Specify to respond to only aggressive mode. anymode Specify to respond to any mode. Default Values By default, respond to any mode is enabled.
SROS Command Line Interface Reference Guide IKE Policy Attributes Command Set IKE POLICY ATTRIBUTES COMMAND SET To activate the IKE Policy Attributes , enter the attribute command at the IKE Policy prompt. For example: Router>enable Router#configure terminal Router(config)#crypto ike policy 1 Router(config-ike)#attribute 10 Router(config-ike-attribute)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide IKE Policy Attributes Command Set authentication [dss-sig | pre-share | rsa-sig] Use the authentication command to configure this IKE policy’s use of pre-shared secrets and signed certificates during IKE negotiation. Syntax Description dss-sig pre-share rsa-sig Specify to use DSS-signed certificates during IKE negotiation to validate the peer. Specify the use of pre-shared secrets during IKE negotiation to validate the peer.
SROS Command Line Interface Reference Guide IKE Policy Attributes Command Set encryption [aes-xxx-cbc | des | 3des] Use the encryption command to specify which encryption algorithm this IKE policy will use to transmit data over the IKE-generated SA. Syntax Description aes-128-cbc aes-192-cbc aes-256-cbc des 3des Choose the aes-128-cbc encryption algorithm. Choose the aes-192-cbc encryption algorithm. Choose the aes-256-cbc encryption algorithm. Choose the des encryption algorithm.
SROS Command Line Interface Reference Guide IKE Policy Attributes Command Set group [1 | 2] Use the group command to specify the Diffie-Hellman group (1 or 2) to be used by this IKE policy to generate the keys (which are then used to create the IPSec SA). Syntax Description 1 2 768-bit mod P 1024-bit mod P Default Values By default, group is set to 1.
SROS Command Line Interface Reference Guide IKE Policy Attributes Command Set hash [md5| sha] Use the hash command to specify the hash algorithm to be used to authenticate the data transmitted over the IKE SA. Syntax Description md5 sha Choose the md5 hash algorithm. Choose the sha hash algorithm. Default Values By default, hash is set to sha.
SROS Command Line Interface Reference Guide IKE Policy Attributes Command Set lifetime Use the lifetime command to specify how long an IKE SA is valid before expiring. Syntax Description Specify how many seconds an IKE SA will last before expiring. Default Values By default, lifetime is set to 28,800 seconds.
SROS Command Line Interface Reference Guide IKE Client Command Set IKE CLIENT COMMAND SET To activate the IKE Client , enter the crypto ike client command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#crypto ike client configuration pool ConfigPool1 Router(config-ike-client-pool)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide IKE Client Command Set dns-server Use the dns-server command to specify the DNS server address(es) to assign to a client. Syntax Description The first DNS server address to assign. Optional. The second DNS server address to assign. Default Values By default, no DNS server address is defined.
SROS Command Line Interface Reference Guide IKE Client Command Set ip-range Use the ip-range command to specify the range of addresses from which the router draws when assigning an IP address to a client. Syntax Description The first IP address in the range for this pool. The last IP address in the range for this pool. Default Values By default, no IP address range is defined.
SROS Command Line Interface Reference Guide IKE Client Command Set netbios-name-server Use the netbios-name-server command to specify the NetBIOS Windows Internet Naming Service (WINS) name servers to assign to a client. Syntax Description The first WINs server address to assign. The second WINs server address to assign. Default Values By default, no WINs server address is defined.
SROS Command Line Interface Reference Guide Crypto Map IKE Command Set CRYPTO MAP IKE COMMAND SET To activate the Crypto Map IKE , enter a valid version of the crypto map ipsec-ike command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#crypto map Map-Name 10 ipsec-ike Router(config-crypto-map)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide Crypto Map IKE Command Set antireplay Use the antireplay command to enable antireplay sequence number checking for all security associations created on this crypto map. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is enabled.
SROS Command Line Interface Reference Guide Crypto Map IKE Command Set ike-policy Use the ike-policy command to ensure that only a specified IKE policy is used to establish the IPSec Tunnel. This prevents any mobile VPN policies from using IPSec policies that are configured for static VPN peer policies. Syntax Description Enter the policy number of the policy to assign to this crypto map. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide Crypto Map IKE Command Set match address Use the match address command to assign an IP access-list to a crypto map definition. The access-list designates the IP packets to be encrypted by this crypto map. See ip access-list extended on page 250 for more information on creating access-lists. Syntax Description Enter the name of the access-list you wish to assign to this crypto map.
SROS Command Line Interface Reference Guide Crypto Map IKE Command Set Technology Review A crypto map entry is a single policy that describes how certain traffic is to be secured. There are two types of crypto map entries: ipsec-manual and ipsec-ike. Each entry is given an index, which is used to sort the ordered list. When a non-secured packet arrives on an interface, the crypto map set associated with that interface is processed in order.
SROS Command Line Interface Reference Guide Crypto Map IKE Command Set set peer
Use the set peer command to set the IP address of the peer device. This must be set for multiple remote peers. Syntax Description Enter the IP address of the peer device. If this is not configured, it implies responder only to any peer. Default Values There are no default settings for this command.SROS Command Line Interface Reference Guide Crypto Map IKE Command Set set pfs [group1 | group2] Use the set pfs command to choose the type of perfect forward secrecy (if any) that will be required during IPSec negotiation of security associations for this crypto map. Use the no form of this command to require no PFS. Syntax Description group1 IPSec is required to use Diffie-Hellman Group 1 (768-bit modulus) exchange during IPSec SA key generation.
SROS Command Line Interface Reference Guide Crypto Map IKE Command Set set security-association lifetime [kilobytes | seconds] Use the set security-association lifetime command to define the lifetime (in kilobytes and/or seconds) of the IPSec SAs created by this crypto map. Syntax Description kilobytes seconds SA lifetime limit in kilobytes. SA lifetime limit in seconds.
SROS Command Line Interface Reference Guide Crypto Map IKE Command Set set transform-set Use the set transform-set command to assign up to six transform-sets to a crypto map. Syntax Description Assign up to six transform-sets to this crypto map by listing the set names, separated by a space. Default Values By default, there is no transform-set assigned to the crypto map.
SROS Command Line Interface Reference Guide Crypto Map Manual Command Set CRYPTO MAP MANUAL COMMAND SET To activate the Crypto Map Manual , enter a valid version of the crypto map ipsec-manual command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#crypto map Map-Name 10 ipsec-manual Router(config-crypto-map)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide Crypto Map Manual Command Set antireplay Use the antireplay command to enable antireplay sequence number checking for all security associations created on this crypto map. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is enabled.
SROS Command Line Interface Reference Guide Crypto Map Manual Command Set ike-policy Use the ike-policy command to ensure that only a specified IKE policy is used to establish the IPSec Tunnel. This prevents any mobile VPN policies from using IPSec policies that are configured for static VPN peer policies. Syntax Description Enter the policy number of the policy to assign to this crypto map. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide Crypto Map Manual Command Set match address Use the match address command to assign an IP access-list to a crypto map definition. The access-list designates the IP packets to be encrypted by this crypto map. See ip access-list extended on page 250 for more information on creating access-lists. Syntax Description Enter the name of the access-list you wish to assign to this crypto map.
SROS Command Line Interface Reference Guide Crypto Map Manual Command Set Technology Review A crypto map entry is a single policy that describes how certain traffic is to be secured. There are two types of crypto map entries: ipsec-manual and ipsec-ike. Each entry is given an index, which is used to sort the ordered list. When a non-secured packet arrives on an interface, the crypto map set associated with that interface is processed in order.
SROS Command Line Interface Reference Guide Crypto Map Manual Command Set set peer
Use the set peer command to set the IP address of the peer device. Syntax Description Enter the IP address of the peer device. Default Values There are no default settings for this command. Command Modes (config-crypto-map)# Crypto Map Configuration Mode (IKE or Manual) Functional Notes If no peer IP address is configured, the manual crypto map is not valid and not complete.SROS Command Line Interface Reference Guide Crypto Map Manual Command Set set session-key [inbound | outbound] Use the set session-key command to define the encryption and authentication keys for this crypto map.
SROS Command Line Interface Reference Guide Crypto Map Manual Command Set Functional Notes (Continued) AES-192-CBC 192-bits in length; 24 hexadecimal bytes AES-256-CBC 256-bits in length; 32 hexadecimal bytes md5 128-bits in length; 16 hexadecimal bytes sha1 160-bits in length; 20 hexadecimal bytes Technology Review The following example configures an Secure Router OS product for VPN using IPSec manual keys.
SROS Command Line Interface Reference Guide Crypto Map Manual Command Set Step 5: Create crypto map and define manual keys. A Crypto Map is used to define a set of encryption schemes to be used for a given interface. A crypto map entry has a unique index within the crypto map set. The crypto map entry will specify whether IKE is used to generate encryption keys or if manually specified keys will be used.
SROS Command Line Interface Reference Guide Crypto Map Manual Command Set gateway. (config)#interface ethernet 0/1 (config-eth 0/1)#ip address 10.10.10.254 255.255.255.0 (config-eth 0/1)#no shutdown (config-eth 0/1)#exit 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Crypto Map Manual Command Set set transform-set Use the set transform-set command to assign a transform-set to a crypto map. Syntax Description Assign a transform-set to this crypto map by entering the set name. Default Values By default, no transform-set is assigned to the crypto map.
SROS Command Line Interface Reference Guide Radius Group Command Set RADIUS GROUP COMMAND SET To activate the Radius Group , enter the aaa group server command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#aaa group server radius myServer Router(config-sg-radius)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide Radius Group Command Set server [acct-port | auth-port ] Use the server command to add a pre-defined RADIUS server to the current named list of servers. See radius-server on page 328 for more information. Syntax Description acct-port auth-port Define the accounting port value. Define the authorization port value. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide CA Profile Configuration Command Set CA PROFILE CONFIGURATION COMMAND SET To activate the Certificate Authority (CA) Profile Configuration , enter the crypto ca profile command at the Global Configuration Mode prompt.
SROS Command Line Interface Reference Guide CA Profile Configuration Command Set crl optional Use the crl optional command to make CRL verification optional. Syntax Description No subcommands. Default Values By default, crl optional is enabled. Command Modes (ca-profile)# CA Profile Configuration Functional Notes If enabled, the Secure Router OS is able to accept certificates even if no CRL is loaded into the configuration.
SROS Command Line Interface Reference Guide CA Profile Configuration Command Set email address Use the email address command to specify that an email address should be included in the certificate request. Syntax Description Specifies the complete email address to use when sending certificate requests. This field allows up to 51 characters. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide CA Profile Configuration Command Set enrollment retry [count | period] Use the enrollment retry command to determine how the Secure Router OS handles certificate requests. Syntax Description count Specifies the number of times the Secure Router OS re-sends a certificate request when it does not receive a response from the previous request. Range: 1-100. period Specifies the time period between certificate request retries.
SROS Command Line Interface Reference Guide CA Profile Configuration Command Set enrollment terminal Use the enrollment terminal command to specify manual (i.e., cut-and-paste) certificate enrollment. Syntax Description No subcommands. Default Values By default, this command is enabled.
SROS Command Line Interface Reference Guide CA Profile Configuration Command Set enrollment url Use the enrollment url command to specify the URL of the CA where the Secure Router OS should send certificate requests. Syntax Description Enter the certificate authority’s URL (e.g., http://10.10.10.1:400/abcdefg/pkiclient.exe). Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide CA Profile Configuration Command Set fqdn Use the fqdn command to specify a fully-qualified domain name (FQDN) to be included in the certificate requests. Syntax Description Specifies the FQDN (e.g., company.com) to be included in requests. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide CA Profile Configuration Command Set ip-address
Use the ip-address command to specify an IP address to be included in the certificate requests. Syntax Description Defines the IP address in dotted decimal notation (e.g., 192.22.73.101). Default Values No defaults necessary for this command.SROS Command Line Interface Reference Guide CA Profile Configuration Command Set password Use the password command to specify the challenge password for SCEP (simple certificate exchange protocol). Use the no form of this command to allow CA requests to be sent automatically (using SCEP) without requiring a password. Syntax Description Enter the SCEP password (up to 80 characters). Default Values By default, no password is required.
SROS Command Line Interface Reference Guide CA Profile Configuration Command Set serial-number Use the serial-number command to specify that a serial number will be included in the certificate request. Syntax Description No subcommands. Default Values By default, this command is disabled. Command Modes (ca-profile)# CA Profile Configuration Functional Notes By default, this command is set to no serial-number, which means that the serial number is not included in the certificate requests.
SROS Command Line Interface Reference Guide CA Profile Configuration Command Set subject-name Use the subject-name command to specify the subject name used in the certificate request. Syntax Description Enter a subject name string (up to 256 characters entered in X.500 LDAP format). Default Values By default, there is no subject name configured.
SROS Command Line Interface Reference Guide Certificate Configuration Command Set CERTIFICATE CONFIGURATION COMMAND SET To activate the Certificate Configuration , enter the crypto ca certificate chain command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#crypto ca certificate chain MyProfile Router(config-cert-chain)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide Certificate Configuration Command Set certificate Use the certificate command to restore a certificate. Use the no form of this command to remove a specific certificate from the certificate chain. Syntax Description Enter the certificate’s serial number (up to 51 characters). This value can be found for existing certificates by using the show run command. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide Certificate Configuration Command Set certificate ca Use the certificate ca command to restore a CA certificate. Use the no form of this command to remove a specific certificate from the certificate chain for a CA. Syntax Description Enter the certificate’s serial number (up to 51 characters). This value can be found for existing certificates by using the show run command. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide Certificate Configuration Command Set crl Use the crl command to restore a CRL. Use the no form of this command to remove the CRL for the specific CA. Syntax Description No subcommands. Default Values No defaults necessary for this command. Command Modes (config-cert-chain)# Certificate Configuration Functional Notes The user typically does not enter this command. It is primarily used to restore CRLs from startup-config when the product is powered up.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ETHERNET INTERFACE CONFIGURATION COMMAND SET There are several types of Ethernet interfaces associated with the Secure Router OS: • • • Basic Ethernet interfaces (e.g., eth 0/1) Ethernet sub-interfaces associated with a VLAN (e.g., eth 0/1.1) Ethernet switch (e.g., eth 0/1, 0/2) To activate the basic Ethernet Interface Configuration, enter the interface ethernet command at the Global Configuration Mode prompt.
SROS Command Line Interface Reference Guide Note Ethernet Interface Configuration Command Set Not all Ethernet commands apply to all Ethernet types. Use the ? command to display a list of valid commands.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set full-duplex on page 448 half-duplex on page 449 ip commands begin on page 450 lldp receive on page 471 lldp send [management-address l port-description l system-capabilities l system-description l system-name l and-receive] on page 472 mac-address
on page 473 mtu on page 474 snmp trap on page 476 snmp trap link-status on page 477 spanning-tree commands begin on page 478 speed [10 | 100 | auto] on pageSROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set access-policy Use the access-policy command to assign a specified access policy to an interface. Use the no form of this command to remove an access policy association.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set Associate the access policy with the Ethernet 0/1 interface: (config)#interface ethernet 0/1 (config-eth 0/1) access-policy UnTrusted Technology Review Creating access policies and lists to regulate traffic through the routed network is a four-step process: Step 1: Enable the security features of the Secure Router OS using the ip firewall command. Step 2: Create an access list to permit or deny specified traffic.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set nat source list address overload All packets passed by the access list(s) entered will be modified to replace the source IP address with the entered IP address. The overload keyword allows multiple source IP addresses to be replaced with the single IP address entered. This hides private IP addresses from outside the local network.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set arp arpa Use the arp arpa command to enable address resolution protocol on the Ethernet interface. Syntax Description arpa Keyword used to set standard address resolution protocol for this interface. Default Values The default for this command is arpa.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set bandwidth Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. This value is used in cost calculations. Use the no form of this command to restore the default values. Syntax Description Enter bandwidth in kbps. Default Values To view default values use the show interfaces command.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set bridge-group Use the bridge-group command to assign an interface to the specified bridge group. This command is supported on all Ethernet interfaces, PPP virtual interfaces, Frame Relay virtual sub-interfaces, and atm sub-interfaces. Use the no form of this command to remove the interface from the bridge group.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set crypto map Use the crypto map command to associate crypto maps with the interface. Note When you apply a map to an interface, you are applying all crypto maps with the given map name. This allows you to apply multiple crypto maps if you have created maps which share the same name but have different map index numbers.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set Functional Notes When configuring a system to use both the stateful inspection firewall and IKE negotiation for VPN, keep the following notes in mind. When defining the policy-class and associated access-control lists (ACLs) that describe the behavior of the firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set Usage Examples The following example applies all crypto maps with the name MyMap to the Ethernet interface: (config-eth 0/1)#crypto map MyMap 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set dynamic-dns [dyndns | dyndns-custom | dyndns-static] Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network Services, Inc. (www.dyndns.org). Syntax Description See Functional Notes below for argument descriptions. Default Values No default is necessary for this command.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set If your IP address doesn't change often or at all, but you still want an easy name to remember it by (without having to purchase your own domain name) Static DNS service is ideal for you. If you would like to use your own domain name (such as yourname.com) you need Custom DNS service which also provides full dynamic and static IP address support.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set encapsulation 802.1q Use the encapsulation 802.1q command to put the interface into 802.1q (VLAN) mode. Syntax Description No subcommands. Default Values No default value is necessary for this command. Command Modes Ethernet Interface Configuration Modes Functional Notes When operating on a circuit that is providing timing, setting the clock source to line can avoid errors such as Clock Slip Seconds (CSS).
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set full-duplex Use the full-duplex command to configure the Ethernet interface for full-duplex operation. This allows the interface to send and receive simultaneously. Use the no form of this to return to the default half-duplex operation. Syntax Description No subcommands. Default Values By default, all Ethernet interfaces are configured for half-duplex operation.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set half-duplex Use the half-duplex command to configure the Ethernet interface for half-duplex operation. This setting allows the Ethernet interface to either send or receive at any given moment, but not simultaneously. Use the no form of this command to disable half-duplex operation. Syntax Description No subcommands. Default Values By default, all Ethernet interfaces are configured for half-duplex operation.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip access-group [in | out] Use the ip access-group command to create an access list to be used for packets transmitted on or received from the specified interface. Use the no form of this command to disable this type of control. Syntax Description listname Assigned IP access list name. in Enables access control on packets received on the specified interface.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip address dhcp Use the ip address dhcp command to use Dynamic Host Configuration Protocol (DHCP) to obtain an address on the Ethernet interface. Use the no form of this command to remove a configured IP address (using DHCP) and disable DHCP operation on the interface. ip address dhcp {client-id [ | ] hostname “” } Syntax Description client-id Optional.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set hexadecimal bytes. (For units with a single Ethernet interface, the MAC ADDRESS assigned to Ethernet 0/1 is used in this field). INTERFACE SPECIFIC INFO is only used for Frame Relay interfaces and can be determined using the following: FR_PORT# : Q.922 ADDRESS Where the FR_PORT# specifies the label assigned to the virtual Frame Relay interface using four hexadecimal bytes.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set Command Modes Ethernet Interface Configuration Modes Functional Notes Dynamic Host Configuration Protocol (DHCP) allows interfaces to acquire a dynamically assigned IP address from a configured DHCP server on the network. Many Internet Service Providers (ISPs) require the use of DHCP when connecting to their services. Using DHCP reduces the number of dedicated IP addresses the ISP must obtain.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip address
secondary Use the ip address command to define an IP address on the specified interface (only one primary address is allowed). Use the optional secondary keyword to define a secondary IP address. Use the no form of this command to remove a configured IP address. Syntax Description Defines the IP address for the interface in dotted decimal notation (for example: 192.22.73.101).SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip dhcp release Use the ip dhcp release command to transmit a message to the DHCP server requesting termination of the IP address lease on that interface.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip dhcp renew Use the ip dhcp renew command to transmit a message to the DHCP server requesting renewal of the IP address lease on that interface. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip helper-address
Use the ip helper-address command to configure the Secure Router OS to forward User Datagram Protocol (UDP) broadcast packets received on the interface. Use the no form of this command to disable forwarding packets. Note The ip helper command must be used in conjunction with the ip forward-protocol command to configure the Secure Router OS to forward UDP broadcast packets.SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set Usage Examples The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: (config)#ip forward-protocol udp domain (config)#interface eth 0/1 (config-eth 0/1)#ip helper-address 192.33.5.99 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip igmp Use the ip igmp command to configure multicasting-related functions for the interface. Syntax Description helper-enable Tells this downstream interface to use the global helper address.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set Usage Examples The following example sets the query message interval on the interface to 200 milliseconds: (config-eth 0/1)#ip igmp last-member-query-interval 200 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip mcast-stub downstream Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on an interface and place it in multicast stub downstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip mcast-stub upstream Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in multicast stub upstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip ospf Use the ip ospf command to customize OSPF settings (if needed). Syntax Description authentication-key Assign a simple-text authentication password to be used by other routers using the OSPF simple password authentication. cost Specify the OSPF cost of sending a packet on the interface. This value overrides any computed cost value. Range: 1-65535.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip ospf authentication [message-digest | null] Use the ip ospf authentication command to authenticate an interface that is performing OSPF authentication. Syntax Description message-digest Optional. Select message-digest authentication type. null Optional. Select for no authentication to be used. Default Values By default, this is set to null (meaning no authentication is used).
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip ospf network [broadcast | point-to-point] Use the ip ospf network command to specify the type of network on this interface. Syntax Description broadcast Set the network type for broadcast. point-to-point Set the network type for point-to-point. Default Values By default, Ethernet defaults to broadcast. PPP and Frame Relay default to point-to-point.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip proxy-arp Use the ip proxy-arp to enable proxy Address Resolution Protocol (ARP) on the interface. Use the no form of this command to disable this feature. Syntax Description
Defines the IP address for the interface in dotted decimal notation (for example: 192.22.73.101) Specifies the subnet mask that corresponds to the listed IP address Default Values By default, proxy arp is enabled.SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip rip receive version Use the ip rip receive version command to configure the RIP version the unit accepts in all RIP packets received on the interface. Syntax Description Specifies the RIP version. 1 Only accept received RIP version 1 packets on the interface. 2 Only accept received RIP version 2 packets on the interface.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip rip send version Use the ip rip send version command to configure the RIP version the unit sends in all RIP packets transmitted on the interface.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip route-cache Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this command to disable fast-cache switching and return to process switching mode. Note Using Network Address Translation (NAT) or the Secure Router OS firewall capabilities on an interface requires process switching mode (using the no ip route-cache command). Syntax Description No subcommands.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set ip unnumbered Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP processing on the active interface. Use the no form of this command to remove the unnumbered configuration.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set lldp receive Use the lldp receive command to allow LLDP packets to be received on this interface. Syntax Description No subcommands. Default Values By default, all interfaces are configured to send and receive LLDP packets.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set lldp send [management-address l port-description l system-capabilities l system-description l system-name l and-receive] Use the lldp send command to configure this interface to transmit LLDP packets or to control the types of information contained in the LLDP packets transmitted by this interface. Syntax Description management-address Enables transmission of management adress information on this interface.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set mac-address
Use the mac-address command to specify the Media Access Control (MAC) address of the unit. Only the last three values of the MAC address can be modified. The first three values contain the reserved number (00:0A:C8) by default. Use the no form of this command to return to the default MAC address.SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set mtu Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use the no form of this command to return to the default value. Syntax Description Configures the window size for transmitted packets. The valid ranges for the various interfaces are listed below: Ethernet (eth 0/1) 64 to 1500 virtual Frame Relay sub-interfaces (fr 1.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set port-auth supplicant enable [username | password ] Use the port-auth supplicant enable command to enable supplicant functionality and to specify the username and password used for IEEE 802.1x port authentication. The supplicant is the port that will receive services from the port authenticator. Syntax Description enable Enables supplicant functionality.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set snmp trap Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) traps on the interface. Syntax Description No subcommands. Default Values By default, all interfaces (except virtual Frame Relay interfaces and sub-interfaces) have SNMP traps enabled.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set snmp trap link-status Use the snmp trap link-status to control the SNMP variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps when there is an interface status change. Use the no form of this command to disable this trap. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set spanning-tree bpdufilter [enable | disable] Use the spanning-tree bpdufilter command to enable or disable the bpdufilter on a specific interface. This setting overrides the related global setting. Use the no version of the command to return to the default setting. Syntax Description enable Enable bpdufilter for this interface. disable Disable bpdufilter for this interface.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set spanning-tree bpduguard [enable | disable] Use the spanning-tree bpduguard command to enable or disable the bpduguard on a specific interface. This setting overrides the related global setting (see spanning-tree forward-time on page 348). Use the no version of the command to return to the default setting. Syntax Description enable Enable bpduguard for this interface.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set spanning-tree cost Use the spanning-tree cost command to assign a cost to the interface. The cost value is used when computing the spanning-tree root path. Use the no version of the command to return to the default setting.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set spanning-tree edgeport Use the spanning-tree edgeport command to configure the interface to be an edgeport. This command overrides the related Global setting. Use the no version of the command to return to the default setting. Syntax Description No subcommands. Default Values By default, this setting is disabled.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set spanning-tree link-type [auto | point-to-point | shared] Use the spanning-tree link-type command to configure the spanning tree protocol link type for each interface. Use the no version of the command to return to the default setting. Syntax Description auto Link type is determined by the port’s duplex settings. point-to-point Link type is manually set to point-to-point, regardless of duplex settings.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set spanning-tree port-priority Use the spanning-tree port-priority command to select the priority level of this interface. To return to the default setting, use the no version of this command. Syntax Description Set to a value from 0-255. Default Values By default, this set to 128.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set speed [10 | 100 | auto] Use the speed command to configure the speed of an Ethernet interface. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set vlan-id [native] Use the vlan-id command to set a VLAN ID for the Ethernet subinterface. Use the no form of this command to remove an entry. Syntax Description Enter a valid VLAN interface ID number (1-4095). native Optional. Specifies that data for that VLAN ID goes out untagged. If native is not specified, data for that VLAN ID goes out tagged. Default Values By default, no VLAN ID is set.
SROS Command Line Interface Reference Guide DDS Interface Configuration Command Set DDS INTERFACE CONFIGURATION COMMAND SET To activate the DDS Interface Configuration , enter the interface dds command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface dds 1/1 Router(config-dds 1/1)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide DDS Interface Configuration Command Set clock rate Use the clock rate command to configure the data rate used as the operating speed for the interface. This rate should match the rate required by the DDS service provider. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide DDS Interface Configuration Command Set clock source
SROS Command Line Interface Reference Guide DDS Interface Configuration Command Set data-coding scrambled Use the data-coding scrambled command to enable the DDS OS scrambler to combine user data with pattern data to ensure user data does not mirror standard DDS loop codes. The scrambler may only be used on 64 kbps circuits without Frame Relay signaling (clear channel). Syntax Description No subcommands. Default Values By default, the scrambler is disabled.
SROS Command Line Interface Reference Guide DDS Interface Configuration Command Set loopback [dte | line | remote] Use the loopback command to initiate a specified loopback on the interface. Use the no form of this command to deactivate the loop. Syntax Description dte Initiates a loop to connect the transmit and receive path through the unit. line Initiates a loop of the DDS circuit towards the network by connecting the transmit path to the receive path.
SROS Command Line Interface Reference Guide DDS Interface Configuration Command Set remote-loopback Use the remote-loopback command to configure the interface to respond to loopbacks initiated by a remote unit (or the service provider). Use the no form of this command to disable this feature. Syntax Description No subcommands. Default Values By default, all interfaces respond to remote loopbacks.
SROS Command Line Interface Reference Guide DDS Interface Configuration Command Set snmp trap Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) traps on the interface. Syntax Description No subcommands. Default Values By default, all interfaces (except virtual Frame Relay interfaces and sub-interfaces) have SNMP traps enabled.
SROS Command Line Interface Reference Guide DDS Interface Configuration Command Set snmp trap link-status Use the snmp trap link-status command to control the SNMP variable that enables (or disables) the interface to send SNMP traps when there is an interface status change (ifLinkUpDownTrapEnable of RFC 2863). Use the no form of this command to disable this trap. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide Serial Interface Configuration Command Set SERIAL INTERFACE CONFIGURATION COMMAND SET To activate the Serial Interface Configuration command set, enter the interface serial command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface serial 1/1 Router(config-ser 1/1)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide Serial Interface Configuration Command Set et-clock-source Use the et-clock-source command to configure the clock source used when creating the external transmit (reference clock). Use the no form of this command to return to the default value. Syntax Description Specifies the signal source to use when creating the External Transmit reference clock (et-clock). rxclock Use the clock recovered from the receive signal to generate et-clock.
SROS Command Line Interface Reference Guide Serial Interface Configuration Command Set ignore dcd Use the ignore dcd command to specify the behavior of the serial interface when the Data Carrier Detect (DCD) signal is lost. Use the no form of this command to return to the default value. Syntax Description No subcommands. Default Values By default, the serial interface does not ignore a change in status of the DCD signal.
SROS Command Line Interface Reference Guide Serial Interface Configuration Command Set invert etclock Use the invert etclock command to configure the serial interface to invert the External Transmit (reference clock) in the data stream before transmitting. Use the no form of this command to return to the default value. Syntax Description No subcommands. Default Values By default, the serial interface does not invert etclock.
SROS Command Line Interface Reference Guide Serial Interface Configuration Command Set invert rxclock Use the invert rxclock command to configure the serial interface to expect an inverted Receive Clock (found in the received data stream). Use the no form of this command to return to the default value. Syntax Description No subcommands. Default Values By default, the serial interface does not expect an inverted receive clock (rxclock).
SROS Command Line Interface Reference Guide Serial Interface Configuration Command Set invert txclock Use the invert txclock command to configure the serial interface to invert the Transmit Clock (found in the transmitted data stream) before sending the signal. Use the no form of this command to return to the default value. Syntax Description No subcommands. Default Values By default, the serial interface does not invert txclock.
SROS Command Line Interface Reference Guide Serial Interface Configuration Command Set serial-mode Use the serial-mode command to specify the electrical mode for the interface. Use the no form of this command to return to the default value. Syntax Description Specifies the electrical specifications for the interface V35 Configures the interface for use with the V.35 adapter cable (P/N 1200873L1) X21 Configures the interface for use with the X.
SROS Command Line Interface Reference Guide Serial Interface Configuration Command Set shutdown Use the shutdown command to disable the serial interface. Use the no form of this command to activate the serial interface. Syntax Description No subcommands. Default Values By default, the serial interface is shutdown. Command Modes (config-ser 1/1)# Serial Interface Configuration Mode Functional Notes While in shutdown, all data transmission ceases and all DTE leads become inactive.
SROS Command Line Interface Reference Guide Serial Interface Configuration Command Set snmp trap Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) traps on the interface. Syntax Description No subcommands. Default Values By default, all interfaces (except virtual Frame Relay interfaces and sub-interfaces) have SNMP traps enabled.
SROS Command Line Interface Reference Guide Serial Interface Configuration Command Set snmp trap link-status Use the snmp trap link-status command to control the SNMP variable to enable (or disable) the interface to send SNMP traps when there is an interface status change (ifLinkUpDownTrapEnable per RFC 2863). Use the no form of this command to disable this trap. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set T1 INTERFACE CONFIGURATION COMMAND SET To activate the T1 Interface Configuration , enter the interface t1 command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface t1 1/1 Router(config-t1 1/1)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set clock source [internal | line | through | through t1 ] Use the clock source command to configure the source timing used for the interface. The clock specified using the clock source command is also the system master clock. Use the no form of this command to return to the default value. Syntax Description internal Configures the unit to provide clocking using the internal oscillator.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set coding [ami | b8zs] Use the coding command to configure the line coding for a T1 or DSX-1 physical interface. This setting must match the line coding supplied on the circuit by the provider. Syntax Description ami Configures the line coding for alternate mark inversion. b8zs Configures the line coding for bipolar eight zero substitution. Default Values By default, all T1 interfaces are configured with B8ZS line coding.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set fdl [ansi | att | none] Use the fdl command to configure the format for the facility data link channel on the T1 circuit. FDL channels are only available on point-to-point circuits. Use the no form of this command to return to the default value. Syntax Description ansi Configures the FDL for ANSI T1.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set framing [d4 | esf] Use the framing command to configure the framing format for the T1 or DSX-1 interface. This parameter should match the framing format supplied by your network provider. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set lbo long Use the lbo long command to set the line build out (in dB) for T1 interfaces with cable length greater than 655 ft. Use the no form of this command to return to the default value Syntax Description Configures the line build out for the T1 interface Valid options include: 0, -7.5, -15, and -22.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set lbo short Use the lbo short command to set the line build out (in feet) for T1 interfaces with cable length less than 655 ft. Use the no form of this command to return to the default value Syntax Description Configures the line build out for the T1 interface. Enter the estimated cable length between the two units.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set loopback network [line | payload] Use the loopback network command to initiate a loopback on the interface toward the network. Use the no form of this command to deactivate the loopback. Syntax Description line Initiates a metallic loopback of the physical T1 network interface. payload Initiates a loopback of the T1 framer (CSU portion) of the T1 network interface. Default Values No default necessary for this command.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set loopback remote line [fdl | inband] Use the loopback remote line command to send a loopback code to the remote unit to initiate a line loopback. Use the no form of this command to send a loopdown code to the remote unit to deactivate the loopback. Syntax Description fdl Uses the facility data link (FDL) to initiate a full 1.544 Mbps loopback of the signal received by the remote unit from the network.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set loopback remote payload Use the loopback remote payload command to send a loopback code to the remote unit to initiate a payload loopback. A payload loopback is a 1.536 Mbps loopback of the payload data received from the network maintaining bit-sequence integrity for the information bits by synchronizing (regenerating) the timing.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set remote-alarm [rai] The remote-alarm command enables transmission of a remote alarm. Use the no form of this command to disable all transmitted alarms. Syntax Description rai Choose to send a remote alarm indication (RAI) in response to a loss of frame. This also disables a received RAI from causing a change in interface operational status. Default Values The default for this command is rai.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set remote-loopback Use the remote-loopback command to configure the interface to respond to loopbacks initiated by a remote unit (or the service provider). Use the no form of this command to disable this feature. Syntax Description No subcommands. Default Values By default, all interfaces respond to remote loopbacks.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set show test-pattern Use the show test-pattern command to display results from test patterns inserted using the test-pattern command (see test-pattern [ones | zeros | clear | insert | p215 | p220 | p511 | qrss] on page 519 for more information). Syntax Description No subcommands. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set snmp trap link-status Use the snmp trap link-status to control the SNMP variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps when there is an interface status change. Use the no form of this command to disable this trap. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set tdm-group timeslots <1-24> speed [56 | 64] Use the tdm-group command to create a group of contiguous DS0s on this interface to be used during the bind process. See crypto map on page 731 for related information. Caution Changing tdm-group settings could potentially result in service interruption.
SROS Command Line Interface Reference Guide T1 Interface Configuration Command Set test-pattern [ones | zeros | clear | insert | p215 | p220 | p511 | qrss] Use the test-pattern command to activate the built-in pattern generator and begin sending the specified test pattern. This pattern generation can be used to verify a data path when used in conjunction with an active loopback. Use the no form of this command to cease pattern generation. Syntax Description ones Generates continous ones.
SROS Command Line Interface Reference Guide DSX-1 Interface Configuration Command Set DSX-1 INTERFACE CONFIGURATION COMMAND SET To activate the DSX-1 Interface Configuration , enter the interface t1 command (and specify the DSX-1 port) at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface t1 1/2 Router(config-t1 1/2)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide DSX-1 Interface Configuration Command Set coding [ami | b8zs] Use the coding command to configure the line coding for a T1 or DSX-1 physical interface. This setting must match the line coding supplied on the circuit by the PBX. Syntax Description ami Configures the line coding for alternate mark inversion. b8zs Configures the line coding for bipolar eight zero substitution. Default Values By default, all T1 interfaces are configured with B8ZS line coding.
SROS Command Line Interface Reference Guide DSX-1 Interface Configuration Command Set framing [d4 | esf] Use the framing command to configure the framing format for the DSX-1 interface. This parameter should match the framing format set on the external device. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide DSX-1 Interface Configuration Command Set line-length Use the line-length command to set the line build out (in feet or dB) for the DSX-1 interface. Use the no form of this command to return to the default value. Syntax Description Configures the line build out for the DSX-1 interface Valid options include: -7.
SROS Command Line Interface Reference Guide DSX-1 Interface Configuration Command Set loopback network [line | payload] Use the loopback network command to initiate a loopback on the interface toward the network. Use the no form of this command to deactivate the loopback. Syntax Description line Initiates a metallic loopback of the physical T1 network interface payload Initiates a loopback of the T1 framer (CSU portion) of the T1 network interface Default Values No default necessary for this command.
SROS Command Line Interface Reference Guide DSX-1 Interface Configuration Command Set loopback remote line inband Use the loopback remote line inband command to send a loopback code to the remote unit to initiate a line loopback. Use the no form of this command to send a loopdown code to the remote unit to deactivate the loopback. Syntax Description inband Uses the inband channel to initiate a full 1.544 Mbps physical loopback (metallic loopback) of the signal received from the network.
SROS Command Line Interface Reference Guide DSX-1 Interface Configuration Command Set remote-loopback Use the remote-loopback command to configure the interface to respond to loopbacks initiated by a remote unit (or the service provider). Use the no form of this command to disable this feature. Syntax Description No subcommands. Default Values By default, all interfaces respond to remote loopbacks.
SROS Command Line Interface Reference Guide DSX-1 Interface Configuration Command Set signaling-mode [message-oriented | none | robbed-bit] Use the signaling-mode command to configure the signaling type (robbed-bit for voice or clear channel for data) for the DS0s mapped to the DSX-1 port. Syntax Description message-oriented Clear channel signaling on Channel 24 only. Use this signaling type with QSIG installations. none Clear channel signaling on all 24 DS0s.
SROS Command Line Interface Reference Guide DSX-1 Interface Configuration Command Set snmp trap link-status Use the snmp trap link-status to control the SNMP variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps when there is an interface status change. Use the no form of this command to disable this trap. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide DSX-1 Interface Configuration Command Set test-pattern [ones | zeros] Use the test-pattern command to activate the built-in pattern generator and begin sending the specified test pattern. This pattern generation can be used to verify a data path when used in conjunction with an active loopback. Use the no form of this command to cease pattern generation.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set E1 INTERFACE CONFIGURATION COMMAND SET To activate the E1 Interface Configuration , enter the interface e1 command (and specify the E1 port) at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface e1 1/1 Router(config-e1 1/1)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set clock source [internal | line | through] Use the clock source command to configure the source timing used for the interface. The clock specified using the clock source command is also the system master clock. Use the no form of this command to return to the default value. Syntax Description internal Configures the unit to provide clocking using the internal oscillator.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set coding [ami | hdb3] Use the coding command to configure the line coding for the E1 or G.703 physical interface. This setting must match the line coding supplied on the circuit by the PBX or circuit provider. Syntax Description ami Configures the line coding for alternate mark inversion. hdb3 Configures the line coding for high-density bipolar 3 (HDB3).
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set framing [crc4] Use the framing command to configure the framing format for the E1 interface. This parameter should match the framing format set on the external device. Use the no form of this command to return to the default value. Syntax Description crc4 Enables CRC4 bits to be transmitted in the outgoing data stream. Also, the received signal is checked for CRC4 errors. Default Values By default, crc4 is enabled.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set loop-alarm-detect The loop-alarm-detect command enables detection of a Loop Alarm on the E1 interface. Use the no form of this command to disable this feature. Syntax Description No subcommands. Default Values By default, this command is enabled. Command Modes (config-e1 1/1)# Interface configuration mode. Functional Notes This command enables the detection of a loopback alarm.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set loopback network [line] Use the loopback network command to initiate a loopback on the interface toward the network. Use the no form of this command to deactivate the loopback. Syntax Description line Initiates a metallic loopback of the physical E1 network interface. Default Values No default necessary for this command. Command Modes (config-e1 1/1)# (config-e1 1/2)# E1 or G.703 Interface Configuration Mode required.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set loopback remote v54 The loopback remote v54 command transmits an E1 remote loopback to the far end. Use the no form of this command to disable this feature. Syntax Description No subcommands. Default Values No default value is necessary for this command. Command Modes (config-e1 1/1)# E1 interface configuration mode. Functional Notes This command causes a V.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set remote-alarm [rai | ais] The remote-alarm command enables transmission of a remote alarm. Use the no form of this command to disable all transmitted alarms. Syntax Description rai Choose to send a remote alarm indication (RAI) in bit position 3 (Sa3). ais Choose to send an alarm indication signal (AIS) as an unframed all-ones signal. Default Values The default for this command is rai.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set remote-loopback Use the remote-loopback command to configure the interface to accept loopback requests from a remote unit (or the service provider). Use the no form of this command to disable this feature. Syntax Description No subcommands. Default Values No default value is necessary for this command. Command Modes (config-interface)# Interface configuration mode.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set sa4tx-bit [0 | 1] The sa4tx-bit command selects the Tx value of Sa4 in this E1 interface. Use the no form of this command to return to the default value of 1. Syntax Description No subcommands. Default Values The default value for this command is 1. Command Modes (config-e1 1/1)# E1 Interface configuration mode. Functional Notes This command assigns a value to the Tx spare bit in position 4.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set show test-pattern Use the show test-pattern command to display results from test patterns inserted using the test-pattern command (see test-pattern [ones | zeros | clear | insert | p215 | p220 | p511] on page 543 for more information). Syntax Description No subcommands. Default Values No defaults necessary for this command.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set snmp trap link-status Use the snmp trap link-status to control the SNMP variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps when there is an interface status change. Use the no form of this command to disable this trap. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set tdm-group timeslots <1-31> speed [56 | 64] Use the tdm-group command to create a group of contiguous DS0s on this interface to be used during the bind process. See crypto map on page 731 for related information. Caution Changing tdm-group settings could potentially result in service interruption.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set test-pattern [ones | zeros | clear | insert | p215 | p220 | p511] Use the test-pattern command to activate the built-in pattern generator and begin sending the specified test pattern. This pattern generation can be used to verify a data path when used in conjunction with an active loopback. Use the no form of this command to cease pattern generation. Syntax Description ones Generates continous ones.
SROS Command Line Interface Reference Guide E1 Interface Configuration Command Set ts16 Use the ts16 command to enable timeslot 16 multiframe to be checked on the receive signal. Use the no form of this command to disable ts16. Syntax Description No subcommands. Default Values No defaults necessary for this command. Command Modes (config-e1 1/1)# (config-e1 1/2)# E1 or G.703 Interface Configuration Mode required.
SROS Command Line Interface Reference Guide G.703 Interface Configuration Command set G.703 INTERFACE CONFIGURATION COMMAND SET To activate the G.703 Interface Configuration , enter the interface e1 command (and specify the G.703 port) at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface e1 1/2 Router(config-e1 1/2)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide G.703 Interface Configuration Command set coding [ami | hdb3] Use the coding command to configure the line coding for the E1 or G.703 physical interface. This setting must match the line coding supplied on the circuit by the PBX. Syntax Description ami Configures the line coding for alternate mark inversion. hdb3 Configures the line coding for high-density bipolar 3. Default Values By default, all E1 interfaces are configured with HDB3 line coding.
SROS Command Line Interface Reference Guide G.703 Interface Configuration Command set framing [crc4] Use the framing command to configure the framing format for the G.703 interface. This parameter should match the framing format set on the external device. Use the no form of this command to return to the default value. Syntax Description crc4 Enables CRC4 bits to be transmitted in the outgoing data stream. Also, the received signal is checked for CRC4 errors. Default Values By default, CRC4 is enabled.
SROS Command Line Interface Reference Guide G.703 Interface Configuration Command set loopback network [line | payload] Use the loopback network command to initiate a loopback on the interface toward the network. Use the no form of this command to deactivate the loopback. Syntax Description line Initiates a metallic loopback of the physical E1 network interface. payload Initiates a loopback of the E1 framer (CSU portion) of the E1 network interface.
SROS Command Line Interface Reference Guide G.703 Interface Configuration Command set snmp trap link-status Use the snmp trap link-status to control the SNMP variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps when there is an interface status change. Use the no form of this command to disable this trap. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide G.703 Interface Configuration Command set test-pattern [511 l clear l insert l ones | qrss l show 511 l show qrss l zeros] Use the test-pattern command to activate the built-in pattern generator and begin sending the specified test pattern. This pattern generation can be used to verify a data path when used in conjunction with an active loopback. Use the no form of this command to cease pattern generation.
SROS Command Line Interface Reference Guide G.703 Interface Configuration Command set ts16 Use the ts16 command to enable timeslot 16 multiframe to be checked on the receive signal. Use the no form of this command to disable ts16. Syntax Description No subcommands. Default Values No defaults necessary for this command. Command Modes (config-e1 1/1)# (config-e1 1/2)# E1 or G.703 Interface Configuration Mode required.
SROS Command Line Interface Reference Guide Modem Interface Configuration Command Set MODEM INTERFACE CONFIGURATION COMMAND SET To activate the Modem Interface Configuration , enter the interface modem command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface modem 1/2 Router(config-modem 1/2)# Note The modem interface number in the example above is shown as modem 1/2.
SROS Command Line Interface Reference Guide Modem Interface Configuration Command Set caller-id override [always | if-no-cid ] Use the caller-id override command to configure the unit to replace caller ID information with a user-specified number. Use the no form of this command to disable any caller ID overrides. Syntax Description always Always forces replacement of the incoming caller ID number with the number given.
SROS Command Line Interface Reference Guide Modem Interface Configuration Command Set dialin Use the dialin command to enable the modem for remote console dialin, disabling the use of the modem for backup. Syntax Description No subcommands. Default Values By default, dialin is disabled.
SROS Command Line Interface Reference Guide Modem Interface Configuration Command Set modem countrycode Use the modem countrycode command to configure the modem to operate in a specified country. Syntax Description Specifies the country where the modem will operate. Default Values By default, the modem countrycode is set to USA/CANADA.
SROS Command Line Interface Reference Guide BRI Interface Configuration Command set BRI INTERFACE CONFIGURATION COMMAND SET To activate the BRI Interface Configuration , enter the interface bri command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface bri 1/2 Router(config-bri 1/2)# Note The BRI interface number in the example above is shown as bri 1/2.
SROS Command Line Interface Reference Guide BRI Interface Configuration Command set bonding txadd-timer Use the bonding txadd-timer command to specify the value (in seconds) for the aggregate call connect timeout. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide BRI Interface Configuration Command set bonding txcid-timer Use the bonding txcid-timer command to specify the value (in seconds) for the bearer channel (B-channel) negotiation timeout. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide BRI Interface Configuration Command set bonding txdeq-timer Use the bonding txdeq-timer command to specify the value (in seconds) for the network delay equalization timeout. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide BRI Interface Configuration Command set bonding txfa-timer Use the bonding txfa-timer command to specify the value (in seconds) for the frame pattern detection timeout. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide BRI Interface Configuration Command set bonding txinit-timer Use the bonding txinit-timer command to specify the value (in seconds) for the originating endpoint negotiation timeout. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide BRI Interface Configuration Command set bonding txnull-timer Use the bonding txnull-timer command to specify the value (in seconds) for the answering endpoint negotiation timeout. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide BRI Interface Configuration Command set caller-id override [always | if-no-cid ] Use the caller-id override command to configure the unit to replace caller ID information with a user-specified number. Use the no form of this command to disable any caller ID overrides. Syntax Description always Always forces replacement of the incoming caller ID number with the number given.
SROS Command Line Interface Reference Guide BRI Interface Configuration Command set isdn spid1 Use the isdn spid1 command to specify the Service Profile Identifiers (SPIDs). Use the no form of this command to remove a configured SPID. Note The BRI Module requires all incoming calls to be directed to the Local Directory Number (LDN) associated with the SPID programmed using the isdn spid1 command. All calls to the LDN associated with SPID 2 will be rejected (unless part of a BONDing call).
SROS Command Line Interface Reference Guide BRI Interface Configuration Command set isdn spid2 Use the isdn spid2 command to specify the Service Profile Identifiers (SPIDs). Use the no form of this command to remove a configured SPID. Note The BRI Module requires all incoming calls to be directed to the Local Directory Number (LDN) associated with the SPID programmed using the isdn spid1 command. All calls to the LDN associated with SPID 2 will be rejected (unless part of a BONDing call).
SROS Command Line Interface Reference Guide BRI Interface Configuration Command set isdn switch-type Use the isdn switch-type command to specify the ISDN signaling type configured on the Basic Rate ISDN (BRI) interface. The type of ISDN signaling implemented on the BRI interface does not always match the manufacturer of the Central Office Switch. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set FRAME RELAY INTERFACE CONFIG COMMAND SET To activate the Frame Relay Interface Configuration , enter the interface frame-relay command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface frame-relay 1 Router(config-fr 1)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set bandwidth Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. This value is used in cost calculations. Use the no form of this command to restore the default values. Syntax Description Enter bandwidth in kbps. Default Values No default value is necessary for this command.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set encapsulation frame-relay ietf Use the encapsulation frame-relay ietf command to configure the encapsulation on a virtual Frame Relay interface as IETF (RFC 1490). Currently, this is the only encapsulation setting. Settings for this option must match the far-end router’s settings in order for the Frame Relay interface to become active. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set fair-queue Use the fair-queue command to enable weighted fair queuing (WFQ) on an interface. Use the no form of this command to disable WFQ and enable FIFO (first-in-first-out) queueing for an interface. WFQ is enabled by default for WAN interfaces. Syntax Description Optional value that specifies the maximum number of packets that can be present in each conversation sub-queue.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set frame-relay intf-type Use the frame-relay intf-type command to define the Frame Relay signaling role needed for the endpoint. Use the no form of this command to return to the default value. Syntax Description Specifies the Frame Relay interface types as DTE, DCE, or NNI dce DCE or Network signaling role. Use this interface type when you need the unit to emulate the frame switch.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set frame-relay lmi-n391dce Use the frame-relay lmi-n391dce command to set the n391 full status polling counter for the DCE endpoint. Typical applications should leave the default value for this timer. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set frame-relay lmi-n391dte Use the frame-relay lmi-n391dte command to set the n391 full status polling counter for the DTE endpoint. Typical applications should leave the default value for this timer. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set frame-relay lmi-n392dce Use the frame-relay lmi-n392dce command to set the N392 error threshold for the DCE endpoint. Typical applications should leave the default value for this setting. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set frame-relay lmi-n392dte Use the frame-relay lmi-n392dte command to set the N392 error threshold for the DTE endpoint. Typical applications should leave the default value for this setting. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set frame-relay lmi-n393dce Use the frame-relay lmi-n393dce to set the N393 LMI monitored event counter for the DCE endpoint. Typical applications should leave the default value for this counter. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set frame-relay lmi-n393dte Use the frame-relay lmi-n393dte command to set the N393 LMI monitored event counter for the DTE endpoint. Typical applications should leave the default value for this counter. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set frame-relay lmi-t391dte Use the frame-relay lmi-t391dte command to set the T391 signal polling timer for the DTE endpoint. Typical applications should leave the default value for this timer. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set frame-relay lmi-t392dce Use the frame-relay lmi-t392dce command to set the T392 polling verification timer for the DCE endpoint. Typical applications should leave the default value for this timer. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set frame-relay lmi-type Use the frame-relay lmi-type command to define the Frame Relay signaling (LMI) type. Use the no form of the command to return to the default value.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set frame-relay multilink [ack | bandwidth-class | hello | retry ] Use the frame-relay multilink command to enable the Frame Relay multilink interface. When the no form of this command is issued, all configuration options associated with this command and cross-connects made to this interface are removed. Syntax Description ack Optional.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set Usage Examples The following example enables the Frame Relay multilink interface and sets the time between hello messages to 45 seconds: (config)#interface frame-relay 1 (config-fr 1)#frame-relay multilink hello 45 The following example specifies Class B operation: (config)#interface frame-relay 1 (config-fr 1)#frame-relay multilink bandwidth-class b The following example specifies Class C operation with a threshold of 5:
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set hold-queue out Use the hold-queue command to change the overall size of an interface's WAN output queue. Syntax Description The total number of packets the output queue can contain before packets are dropped. Range: 16-1000. Default Values The default queue size for WFQ is 400. The default queue size for PPP FIFO and Frame Relay round-robin is 200.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set qos-policy out Use the qos-policy out command to apply a previously-configured QoS map to an interface. Use the no form of this command to remove the map from the interface. The out keyword specifies that this policy will be applied to outgoing packets. Syntax Description
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set snmp trap Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) traps on the interface. Syntax Description No subcommands. Default Values By default, all interfaces (except virtual Frame Relay interfaces and sub-interfaces) have SNMP traps enabled.
SROS Command Line Interface Reference Guide Frame Relay Interface Config Command Set snmp trap link-status Use the snmp trap link-status command to control the SNMP variable ifLinkUpDownTrapEnable (RFC 2863), which enables (or disables) the interface to send SNMP traps when there is an interface status change. Use the no form of this command to disable this trap. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set FRAME RELAY SUB-INTERFACE CONFIG COMMAND SET To activate the Frame Relay Interface Configuration , enter the interface frame-relay command (and specify a sub-interface) at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface frame-relay 1.16 Router(config-fr 1.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set access-policy Use the access-policy command to assign a specified access policy for the inbound traffic on an interface. Use the no form of this command to remove an access policy association. Note Configured access policies will only be active if the ip firewall command has been entered at the Global Configuration Mode prompt to enable the Secure Router OS security features.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set Usage Examples The following example associates the access policy UnTrusted (to allow inbound traffic to the Web server) to the Frame Relay sub-interface labeled 1.16: Enable the Secure Router OS security features: (config)#ip firewall Create the access list (this is the packet selector): (config)#ip access-list extended InWeb (config-ext-nacl)#permit tcp any host 63.12.5.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set allow list All packets passed by the access list(s) entered will be allowed to enter the router system. discard list All packets passed by the access list(s) entered will be dropped from the router system.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set backup auto-backup Use the backup auto-backup command to configure the sub-interface to automatically attempt a backup upon failure. Syntax Description No subcommands. Default Values By default, all backup endpoints will automatically attempt backup upon a failure. Command Modes (config-fr 1.16)# (config-atm 1.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set backup auto-restore Use the backup auto-restore command to configure the sub-interface to automatically discontinue backup when all network conditions are operational. Use the no form of this command to disable the auto-restore feature. Syntax Description No subcommands. Default Values By default, all backup endpoints will automatically restore the primary connection when the failure condition clears.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set backup backup-delay Use the backup backup-delay command to configure the amount of time the router will wait after the failure condition is recognized before attempting to backup the link. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set backup call-mode Use the backup call-mode command to combine user data with pattern data to ensure data does not mirror standard DDS loop codes (use only on 64 kbps circuits without Frame Relay signaling). Use the no form of this command to return to the default value. Syntax Description Selects the role the router will take in backup of this sub-interface.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set clock source line tdm-group 1 timeslots 1-24 no shutdown ! interface fr 1 point-to-point frame-relay lmi-type ansi no shutdown bind 1 t1 1/1 1 fr 1 ! interface fr 1.16 point-to-point frame-relay interface-dlci 16 ip address 10.1.1.2 255.255.255.252 backup call-mode originate backup number 5551111 analog backup number 5552222 analog ! ip route 0.0.0.0 0.0.0.0 10.1.1.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set no shutdown bind 1 t1 1/1 1 fr 1 ! interface fr 1.100 point-to-point frame-relay interface-dlci 100 ip address 10.1.1.1 255.255.255.252 backup call-mode answer backup number 555-8888 analog ! line telnet 0 4 password password Usage Examples The following configures the Secure Router OS to answer backup calls on this endpoint but never generate calls: (config)#interface atm 1.1 (config-atm 1.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set backup connect-timeout Use the backup connect-timeout command to specify the number of seconds to wait for a connection after a call is attempted before trying to call again or dialing a different number. It is recommended this number be greater than 60.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set backup force Use the backup force command to manually override the automatic backup feature. This can be used to force a link into backup to allow maintenance to be performed on the primary link without disrupting data. Use the no form of this command to return to the normal backup operation state. Syntax Description Selects the forced backup state of the sub-link.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set bandwidth Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. This value is used in cost calculations. Use the no form of this command to restore the default values. Syntax Description Enter bandwidth in kbps. Default Values To view default values use the show interfaces command.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set bridge-group Use the bridge-group command to assign an interface to the specified bridge group. This command is supported on all Ethernet interfaces, PPP virtual interfaces, and Frame Relay virtual sub-interfaces. Use the no form of this command to remove the interface from the bridge group.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set crypto map Use the crypto map command to associate crypto maps with the interface. Note When you apply a map to an interface, you are applying all crypto maps with the given map name. This allows you to apply multiple crypto maps if you have created maps which share the same name but have different map index numbers.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set Interfaces (Ethernet, Frame Relay, PPP, local) Static Filter (in) Static Filter (out) IPSec Decrypt/Discard IPSec Encrypt NAT/ACP/ Firewall Router As shown in the diagram above, data coming into the product is first processed by the static filter associated with the interface on which the data is received.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set backup auto-backup Use the backup auto-backup command to configure the sub-interface to automatically attempt a backup upon failure. Syntax Description No subcommands. Default Values By default, all backup endpoints will automatically attempt backup upon a failure. Command Modes (config-fr 1.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set backup auto-restore Use the backup auto-restore command to configure the sub-interface to automatically discontinue backup when all network conditions are operational. Use the no form of this command to disable the auto-restore feature. Syntax Description No subcommands. Default Values By default, all backup endpoints will automatically restore the primary connection when the failure condition clears.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set backup backup-delay Use the backup backup-delay command to configure the amount of time the router will wait after the failure condition is recognized before attempting to backup the link. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set backup call-mode Use the backup call-mode command to combine user data with pattern data to ensure data does not mirror standard DDS loop codes (use only on 64 kbps circuits without Frame Relay signaling). Use the no form of this command to return to the default value. Syntax Description Selects the role the router will take in backup of this sub-interface.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set tdm-group 1 timeslots 1-24 no shutdown ! interface fr 1 point-to-point frame-relay lmi-type ansi no shutdown bind 1 t1 1/1 1 fr 1 ! interface fr 1.16 point-to-point frame-relay interface-dlci 16 ip address 10.1.1.2 255.255.255.252 backup call-mode originate backup number 5551111 analog backup number 5552222 analog ! ip route 0.0.0.0 0.0.0.0 10.1.1.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set bind 1 t1 1/1 1 fr 1 ! interface fr 1.100 point-to-point frame-relay interface-dlci 100 ip address 10.1.1.1 255.255.255.252 backup call-mode answer backup number 555-8888 analog ! line telnet 0 4 password password Usage Examples The following configures the Secure Router OS to answer backup calls on this endpoint but never generate calls: (config)#interface frame-relay 1.16 (config-fr 1.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set backup connect-timeout Use the backup connect-timeout command to specify the number of seconds to wait for a connection after a call is attempted before trying to call again or dialing a different number. It is recommended this number be greater than 60.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set backup force Use the backup force command to manually override the automatic backup feature. This can be used to force a link into backup to allow maintenance to be performed on the primary link without disrupting data. Use the no form of this command to return to the normal backup operation state. Syntax Description Selects the forced backup state of the sub-link.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set dynamic-dns [dyndns | dyndns-custom | dyndns-static] Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network Services, Inc. (www.dyndns.org). Syntax Description See Functional Notes below for argument descriptions. Default Values No default is necessary for this command.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set If your IP address doesn't change often or at all, but you still want an easy name to remember it by (without having to purchase your own domain name) Static DNS service is ideal for you. If you would like to use your own domain name (such as yourname.com) you need Custom DNS service which also provides full dynamic and static IP address support.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set frame-relay bc Use the frame-relay bc command to set the bc (committed burst) value for a Frame Relay sublink. The value is in bits. Use the no form of this command to return to default. Syntax Description Enter the committed burst value (in bits) for the sublink. Default Values The default is 0 (no limit). Command Modes (config-fr 1.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set frame-relay be Use the frame-relay be command to set the be (excessive burst) value for a Frame Relay sublink. The value is in bits. Use the no form of this command to return to default. Syntax Description Enter the excessive burst value (in bits) for the sublink. Default Values The default is 0 (no limit). Command Modes (config-fr 1.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set frame-relay fragment Use the frame-relay fragment command to set the FRF.12 fragmentation threshold. Use the no form of this command to erase the configured threshold. Syntax Description Valid fragmentation thresholds are greater than or equal to 64 and less than or equal to 1600. Default Values No default value is necessary for this command. Command Modes (config-fr 1.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set frame-relay interface-dlci Use the frame-relay interface-dlci command to configure the Data Link Connection Identifier (DLCI) for the Frame Relay sub-interface. This setting should match the DLCI supplied by your Frame Relay service provider. Use the no form of this command to remove the configured DLCI.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip access-group [in | out] Use the ip access-group command to create an access list to be used for packets transmitted on or received from the specified interface. Use the no form of this command to disable this type of control. Syntax Description Assigned IP access list name. in Enables access control on packets received on the specified interface.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip address dhcp Use the ip address dhcp command to use Dynamic Host Configuration Protocol (DHCP) to obtain an address on the interface. Use the no form of this command to remove a configured IP address (using DHCP) and disable DHCP operation on the interface. ip address dhcp {client-id [ | ] hostname “” } Syntax Description client-id Optional.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set Default Values client-id Optional.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set Default Values (Continued) hostname Optional. By default, the hostname is the name configured using the Global Configuration hostname command. “” By default, the hostname is the name configured using the Global Configuration hostname command. Command Modes (config-interface)# Interface Configuration Mode required.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip address
secondary Use the ip address command to define an IP address on the specified interface. Use the optional secondary keyword to define a secondary IP address. Use the no form of this command to remove a configured IP address. Syntax Description Defines the IP address for the interface in dotted decimal notation (for example: 192.22.73.101).SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip dhcp [release | renew] Use the ip dhcp command to release or renew the DHCP IP address. This command is only applicable when using DHCP for IP address assignment. Syntax Description release Use this keyword to release DHCP IP address. renew Use this keyword to renew DHCP IP address. Default Values No default values required for this command.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip helper-address
Use the ip helper-address command to configure the Secure Router OS to forward User Datagram Protocol (UDP) broadcast packets received on the interface. Use the no form of this command to disable forwarding packets. Note The ip helper command must be used in conjunction with the ip forward-protocol command to configure the Secure Router OS to forward UDP broadcast packets.SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set Usage Examples The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: (config)#ip forward-protocol udp domain (config)#interface frame-relay 1.16 (config-fr 1.16)#ip helper-address 192.33.5.99 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip igmp Use the ip igmp command to configure multicasting-related functions for the interface. Syntax Description helper-enable Tells this downstream interface to use the global helper address.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set Usage Examples The following example sets the query message interval on the interface to 200 milliseconds: (config-fr 1.16)#ip igmp last-member-query-interval 200 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip mcast-stub downstream Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on an interface and place it in multicast stub downstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip mcast-stub upstream Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in multicast stub upstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip ospf Use the ip ospf command to customize OSPF settings (if needed). Syntax Description authentication-key Assign a simple-text authentication password to be used by other routers using the OSPF simple password authentication. cost Specify the OSPF cost of sending a packet on the interface. This value overrides any computed cost value. Range: 1-65535.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip ospf authentication [message-digest | null] Use the ip ospf authentication command to authenticate an interface that is performing OSPF authentication. Syntax Description message-digest null Optional. Select message-digest authentication type. Optional. Select for no authentication to be used. Default Values By default, this is set to null (meaning no authentication is used).
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip ospf network [broadcast | point-to-point] Use the ip ospf network command to specify the type of network on this interface. Syntax Description broadcast Set the network type for broadcast. point-to-point Set the network type for point-to-point. Default Values By default, Ethernet defaults to broadcast. PPP and Frame Relay default to point-to-point.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip proxy-arp Use the ip proxy-arp to enable proxy Address Resolution Protocol (ARP) on the interface. Use the no form of this command to disable this feature. Syntax Description
Defines the IP address for the interface in dotted decimal notation (for example: 192.22.73.101) Specifies the subnet mask that corresponds to the listed IP address Default Values By default, proxy arp is enabled.SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip rip receive version Use the ip rip receive version command to configure the RIP version the unit accepts in all RIP packets received on the interface. Use the no form of this command to restore the default value.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip rip send version Use the ip rip send version command to configure the RIP version the unit sends in all RIP packets transmitted on the interface. Use the no form of this command to restore the default value.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip route-cache
Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this command to disable fast-cache switching and return to process switching mode. Note Using Network Address Translation (NAT) or the Secure Router OS firewall capabilities on an interface requires process switching mode (using the no ip route-cache command). Syntax Description No subcommands.SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set ip unnumbered Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP processing on the active interface. Use the no form of this command to remove the unnumbered configuration.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set mtu Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use the no form of this command to return to the default value. Syntax Description Configures the window size for transmitted packets. The valid ranges for the various interfaces are listed below: Ethernet (eth 0/1) 64 to 1500 virtual Frame Relay sub-interfaces (fr 1.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set spanning-tree bpdufilter [enable | disable] Use the spanning-tree bpdufilter command to block BPDUs from being transmitted and received on this interface. To return to the default value, use the no form of this command. Syntax Description enable Enable the BPDU filter. disable Disable the BPDU filter. Default Values By default, this command is set to disable.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set spanning-tree bpduguard [enable | disable] Use the spanning-tree bpduguard command to block BPDUs from being received on this interface. To return to the default value, use the no form of this command. Syntax Description enable Enable the BPDU block. disable Disable the BPDU block. Default Values By default, this command is set to disable.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set spanning-tree edgeport [disable] Use the spanning-tree edgeport command to set this interface to be an edgeport. This configures the interface to go to a forwarding state when the link goes up. To return to the default value, use the no form of this command. Syntax Description disable Optional. Configure the interface to not be the edgeport by default.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set spanning-tree link-type [auto | point-to-point | shared] Use the spanning-tree link-type command to configure the spanning-tree protocol link type for an interface. To return to the default value, use the no form of this command. Syntax Description auto Link type is determined by the port’s duplex settings. point-to-point Link type is manually set to point-to-point, regardless of duplex settings.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set spanning-tree path-cost Use the bridge-group path-cost command to assign a cost to a bridge group that is used when computing the spanning-tree root path. To return to the default path-cost value, use the no form of this command.
SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set spanning-tree priority Use the spanning-tree priority command to select the priority level of a port associated with a bridge. To return to the default bridge-group priority value, use the no version of this command.
SROS Command Line Interface Reference Guide ATM Interface Config Command Set ATM INTERFACE CONFIG COMMAND SET To activate the ATM Interface Configuration , enter the interface atm command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface atm 1 Router(config-atm 1)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide ATM Interface Config Command Set snmp trap Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) traps on the interface. Syntax Description No subcommands. Default Values By default, all interfaces (except virtual Frame Relay interfaces and sub-interfaces) have SNMP traps enabled.
SROS Command Line Interface Reference Guide ATM Interface Config Command Set snmp trap link-status Use the snmp trap link-status command to control the SNMP variable ifLinkUpDownTrapEnable (RFC 2863), which enables (or disables) the interface to send SNMP traps when there is an interface status change. Use the no form of this command to disable this trap. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ATM SUB-INTERFACE CONFIG COMMAND SET To activate the ATM Interface Configuration , enter the interface atm command (and specify a sub-interface) at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface atm 1.1 Router(config-atm 1.1)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set access-policy Use the access-policy command to assign a specified access policy for the inbound traffic on an interface. Use the no form of this command to remove an access policy association. Note Configured access policies will only be active if the ip firewall command has been entered at the Global Configuration Mode prompt to enable the Secure Router OS security features.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set atm routed-bridged [ip] Use the atm routed-bridged ip command to enable routed bridge encapsulation (RBE) on an interface. Use the no form of this command to disable RBE operation. Syntax Description> ip Use ip protocol to be route bridged. Default Values By default, routed bridge encapsulation is disabled. Command Modes (config-atm 1.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set Usage Examples The following example associates the access policy UnTrusted (to allow inbound traffic to the Web server) to the ATM sub-interface labeled 1.1: Enable the Secure Router OS security features: (config)#ip firewall Create the access list (this is the packet selector): (config)#ip access-list extended InWeb (config-ext-nacl)#permit tcp any host 63.12.5.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set allow list All packets passed by the access list(s) entered will be allowed to enter the router system. discard list All packets passed by the access list(s) entered will be dropped from the router system.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set backup auto-backup Use the backup auto-backup command to configure the sub-interface to automatically attempt a backup upon failure. Syntax Description No subcommands. Default Values By default, all backup endpoints will automatically attempt backup upon a failure. Command Modes (config-fr 1.16)# (config-atm 1.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set backup auto-restore Use the backup auto-restore command to configure the sub-interface to automatically discontinue backup when all network conditions are operational. Use the no form of this command to disable the auto-restore feature. Syntax Description No subcommands. Default Values By default, all backup endpoints will automatically restore the primary connection when the failure condition clears.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set backup backup-delay Use the backup backup-delay command to configure the amount of time the router will wait after the failure condition is recognized before attempting to backup the link. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set backup call-mode Use the backup call-mode command to combine user data with pattern data to ensure data does not mirror standard DDS loop codes (use only on 64 kbps circuits without Frame Relay signaling). Use the no form of this command to return to the default value. Syntax Description Selects the role the router will take in backup of this sub-interface.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set clock source line tdm-group 1 timeslots 1-24 no shutdown ! interface fr 1 point-to-point frame-relay lmi-type ansi no shutdown bind 1 t1 1/1 1 fr 1 ! interface fr 1.16 point-to-point frame-relay interface-dlci 16 ip address 10.1.1.2 255.255.255.252 backup call-mode originate backup number 5551111 analog backup number 5552222 analog ! ip route 0.0.0.0 0.0.0.0 10.1.1.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set no shutdown bind 1 t1 1/1 1 fr 1 ! interface fr 1.100 point-to-point frame-relay interface-dlci 100 ip address 10.1.1.1 255.255.255.252 backup call-mode answer backup number 555-8888 analog ! line telnet 0 4 password password Usage Examples The following configures the Secure Router OS to answer backup calls on this endpoint but never generate calls: (config)#interface atm 1.1 (config-atm 1.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set backup connect-timeout Use the backup connect-timeout command to specify the number of seconds to wait for a connection after a call is attempted before trying to call again or dialing a different number. It is recommended this number be greater than 60.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set backup force Use the backup force command to manually override the automatic backup feature. This can be used to force a link into backup to allow maintenance to be performed on the primary link without disrupting data. Use the no form of this command to return to the normal backup operation state. Syntax Description Selects the forced backup state of the sub-link.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set bandwidth Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. This value is used in cost calculations. Use the no form of this command to restore the default values. Syntax Description Enter bandwidth in kbps. Default Values To view default values use the show interfaces command.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set bridge-group Use the bridge-group command to assign an interface to the specified bridge group. Use the no form of this command to remove the interface from the bridge group. Syntax Description Bridge group number (1 to 255) specified using the bridge-group command Default Values By default, there are no configured bridge groups.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set crypto map Use the crypto map command to associate crypto maps with the interface. Note When you apply a map to an interface, you are applying all crypto maps with the given map name. This allows you to apply multiple crypto maps if you have created maps which share the same name but have different map index numbers.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set Interfaces (Ethernet, Frame Relay, PPP, local) Static Filter (in) Static Filter (out) IPSec Decrypt/Discard IPSec Encrypt NAT/ACP/ Firewall Router As shown in the diagram above, data coming into the product is first processed by the static filter associated with the interface on which the data is received.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set dynamic-dns [dyndns | dyndns-custom | dyndns-static] Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network Services, Inc. (www.dyndns.org). Syntax Description See Functional Notes, below, for argument descriptions. Default Values No default is necessary for this command. Command Modes (config-atm 1.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set If you would like to use your own domain name (such as yourname.com) you need Custom DNS service which also provides full dynamic and static IP address support. Usage Examples The following example sets the dynamic-dns to dyndns-custom with hostname host, username user, and password pass: (config-atm 1.1)#dynamic-dns dyndns-custom host user pass 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set encapsulation [aal5mux | aal5snap] Use the encapsulation command to configure the encapsulation type for the ATM adaption Layer (AAL) of the ATM Protocol Reference Model. Variations of this command include the following: encapsulation aal5mux [ip | ppp] encapsulation aal5snap Syntax Description aal5mux Encapsulation type for multiplexed virtual circuits. A protocol must be specified.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set fair-queue Use the fair-queue command to enable weighted fair queuing (WFQ) on an interface. Use the no form of this command to disable WFQ and enable FIFO (first-in-first-out) queueing for an interface. WFQ is enabled by default for WAN interfaces. Syntax Description Optional value that specifies the maximum number of packets that can be presentin each conversation sub-queue.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set hold-queue out Use the hold-queue command to change the overall size of an interface's WAN output queue. Syntax Description The total number of packets the output queue can contain before packets are dropped. Range: 16-1000. Default Values The default queue size for WFQ is 400. The default queue size for PPP FIFO and Frame Relay round-robin is 200.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip access-group [in | out] Use the ip access-group command to create an access list to be used for packets transmitted on or received from the specified interface. Use the no form of this command to disable this type of control. Syntax Description listname in Assigned IP access list name. Enables access control on packets received on the specified interface.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip address dhcp Use the ip address dhcp command to use Dynamic Host Configuration Protocol (DHCP) to obtain an address on the interface. Use the no form of this command to remove a configured IP address (using DHCP) and disable DHCP operation on the interface.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set Default Values client-id By default, the client identifier is populated using the following formula: TYPE: INTERFACE SPECIFIC INFO : MAC ADDRESS Where TYPE specifies the media type in the form of one hexadecimal byte (refer to hardware-address on page 283 for a detailed listing of media types), and the MAC ADDRESS is the Media Access Control (MAC) address assigned to the first Ethernet interface in
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set Command Modes (config-interface)# Interface Configuration Mode required. Valid interfaces include: ATM sub-interface, Ethernet, virtual PPP interfaces virtual Frame Relay sub-interfaces, and VLAN interfaces. Functional Notes DHCP allows interfaces to acquire a dynamically assigned IP address from a configured DHCP server on the network.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip address
secondary Use the ip address command to define an IP address on the specified interface. Use the optional secondary keyword to define a secondary IP address. Use the no form of this command to remove a configured IP address. Syntax Description Defines the IP address for the interface in dotted decimal notation (for example: 192.22.73.101).SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip dhcp [release | renew] Use the ip dhcp command to release or renew the DHCP IP address. This command is only applicable when using DHCP for IP address assignment. Syntax Description release Use this keyword to release DHCP IP address. renew Use this keyword to renew DHCP IP address. Default Values No default values required for this command.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip helper-address
Use the ip helper-address command to configure the Secure Router OS to forward User Datagram Protocol (UDP) broadcast packets received on the interface. Use the no form of this command to disable forwarding packets. Note The ip helper command must be used in conjunction with the ip forward-protocol command to configure the Secure Router OS to forward UDP broadcast packets.SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set Usage Examples The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: (config)#ip forward-protocol udp domain (config)#interface atm 1.1 (config-atm 1.1)#ip helper-address 192.33.5.99 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip igmp Use the ip igmp command to configure multicasting-related functions for the interface. Syntax Description helper-enable Tells this downstream interface to use the global helper address.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set Usage Examples The following example sets the query message interval on the interface to 200 milliseconds: (config-atm 1.1)#ip igmp last-member-query-interval 200 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip mcast-stub downstream Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on an interface and place it in multicast stub downstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip mcast-stub helper-enable Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the IGMP-Proxy. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled. Command Modes (config-atm 1.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip mcast-stub upstream Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in multicast stub upstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip ospf Use the ip ospf command to customize OSPF settings (if needed). Syntax Description authentication-key Assign a simple-text authentication password to be used by other routers using the OSPF simple password authentication. cost Specify the OSPF cost of sending a packet on the interface. This value overrides any computed cost value. Range: 1-65535.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip ospf authentication [message-digest | null] Use the ip ospf authentication command to authenticate an interface that is performing OSPF authentication. Syntax Description message-digest Select message-digest authentication type. null Select for no authentication to be used. Default Values By default, this is set to null (meaning no authentication is used).
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip ospf network [broadcast | point-to-point] Use the ip ospf network command to specify the type of network on this interface. Syntax Description broadcast Set the network type for broadcast. point-to-point Set the network type for point-to-point. Default Values By default, Ethernet defaults to broadcast. PPP and Frame Relay default to point-to-point.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip proxy-arp Use the ip proxy-arp to enable proxy Address Resolution Protocol (ARP) on the interface. Use the no form of this command to disable this feature. Syntax Description
Defines the IP address for the interface in dotted decimal notation (for example: 192.22.73.101) Specifies the subnet mask that corresponds to the listed IP address Default Values By default, proxy arp is enabled.SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip rip receive version Use the ip rip receive version command to configure the RIP version the unit accepts in all RIP packets received on the interface. Use the no form of this command to restore the default value.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip rip send version Use the ip rip send version command to configure the RIP version the unit sends in all RIP packets transmitted on the interface. Use the no form of this command to restore the default value.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip route-cache
Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this command to disable fast-cache switching and return to process switching mode. Note Using Network Address Translation (NAT) or the Secure Router OS firewall capabilities on an interface requires process switching mode (using the no ip route-cache command). Syntax Description No subcommands.SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set ip unnumbered Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP processing on the active interface. Use the no form of this command to remove the unnumbered configuration. Syntax Description Specifies the interface (in the format type slot/port) that contains the IP address to use as the source address for all packets transmitted on this interface.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set mtu Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use the no form of this command to return to the default value. Syntax Description Configures the window size for transmitted packets. The valid ranges for the various interfaces are listed below: Ethernet (eth 0/1) 64 to 1500 virtual Frame Relay sub-interfaces (fr 1.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set oam-pvc managed Use the oam rety command to enable end-to-end F5 Operation, Administration, and Maintenance (OAM) loopback cell generation and OAM management for an ATM interface. Use the no form of this command to disable generation of OAM loopback cells. Syntax Description> Time delay between transmitting OAM loopback cells. The range is from 0 to 600 seconds.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set oam retry Use the oam rety command to configure parameters related to Operation, Administration, and Maintenance (OAM) management for an ATM interface. Use the no form of this command to disable OAM management parameters.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set pvc Use the pvc command to select the ATM virtual link for this sub-interface. Use the no form of this command to remove the link. Syntax Description> Specifies the ATM network virtual path identifier (VPI) for this PVC and the ATM network virtual path identifier (VPI) for this PVC. The VPI value is in the range of 0 to 255, and the VCI value is in the range of 32 to 65535.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set qos-policy out Use the qos-policy out command to apply a previously-configured QoS map to an interface. Use the no form of this command to remove the map from the interface. The out keyword specifies that this policy will be applied to outgoing packets. Syntax Description
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set spanning-tree bpdufilter [enable | disable] Use the spanning-tree bpdufilter command to block BPDUs from being transmitted and received on this interface. To return to the default value, use the no form of this command. Syntax Description enable Enable the BPDU filter. disable Disable the BPDU filter. Default Values By default, this command is set to disable.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set spanning-tree bpduguard [enable | disable] Use the spanning-tree bpduguard command to block BPDUs from being received on this interface. To return to the default value, use the no form of this command. Syntax Description enable Enable the BPDU block. disable Disable the BPDU block. Default Values By default, this command is set to disable.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set spanning-tree edgeport [disable] Use the spanning-tree edgeport command to set this interface to be an edgeport. This configures the interface to go to a forwarding state when the link goes up. To return to the default value, use the no form of this command. Syntax Description disable Optional. Configure the interface to not be the edgeport by default.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set spanning-tree link-type [auto | point-to-point | shared] Use the spanning-tree link-type command to configure the spanning-tree protocol link type for an interface. To return to the default value, use the no form of this command. Syntax Description auto Link type is determined by the port’s duplex settings. point-to-point Link type is manually set to point-to-point, regardless of duplex settings.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set spanning-tree path-cost Use the bridge-group path-cost command to assign a cost to a bridge group that is used when computing the spanning-tree root path. To return to the default path-cost value, use the no form of this command.
SROS Command Line Interface Reference Guide ATM Sub-Interface Config Command Set spanning-tree port-priority Use the spanning-tree port-priority command to select the priority level of a port associated with a bridge. To return to the default bridge-group priority value, use the no version of this command.
SROS Command Line Interface Reference Guide ADSL Interface Config Command Set ADSL INTERFACE CONFIG COMMAND SET To activate the ADSL Interface Configuration , enter the interface adsl command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface adsl 0/1 Router(config-adsl 0/1)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide ADSL Interface Config Command Set retrain Use the retrain command to force the modem to retrain. Syntax Description No subcommands. Default Values No default is necessary for this command. Command Modes (config-adsl 0/1)# Configure ADSL Interface Usage Examples The following example forces a modem retrain: (config-adsl 0/1)#retrain 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide ADSL Interface Config Command Set snr-margin [showtime monitor | training monitor] Use the snr-margin command to enable monitoring and set the minimum signal-to-noise (SNR) ratio during training and showtime. Use the no form of this command to disable monitoring. Syntax Description showtime monitor Enables margin monitoring to retrain the ADSL interface if the specified minimum margin is violated during showtime.
SROS Command Line Interface Reference Guide ADSL Interface Config Command Set training-mode [G.DMT | G.LITE | Multi-Mode | T1.413] Use the snr-margin command to configure the ADSL training mode. Syntax Description G.DMT Specifies ANSI full rate mode. G.LITE Specifies ANSI splitterless mode. Multi-Mode Specifies auto detect mode. T1.413 Specifies ANSI T1.413 mode. Default Values By default, the training mode is set to Multi-Mode.
SROS Command Line Interface Reference Guide BGP Configuration Command Set BGP CONFIGURATION COMMAND SET To activate the BGP Configuration, enter the bgp command at the Global Configuration Mode prompt. For example: Switch>enable Switch#configure terminal Switch(config)#bgp Switch(config-bgp)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide BGP Configuration Command Set bgp fast-external-fallover Use the bgp fast-external-fallover command to enable the fast-external-fallover feature. Syntax Description No subcommands. Default Values By default, this command is enabled. Command Modes (config-bgp)# BGP Configuration Mode Functional Notes When enabled, if the link interface over which the router is communicating with a BGP peer goes down, the BGP session with that peer is immediately cleared.
SROS Command Line Interface Reference Guide BGP Configuration Command Set bgp log-neighbor-changes Use the bgp log-neighbor-changes command to control the logging of neighbor state changes. Use the no form of this command to return to the default setting. Syntax Description No subcommands. Default Values By default, neighbor changes are not logged. Command Modes (config-bgp)# BGP Configuration Mode Functional Notes This command controls logging of BGP neighbor state changes (up/down) and resets.
SROS Command Line Interface Reference Guide BGP Configuration Command Set bgp router-id Use the bgp router-id command to specify the IP address that the router should use as its BGP router ID. Use the no form of this command to return to the default setting. Syntax Description Designates the IP address this router should use as its BGP router ID. Default Values By default, no router ID is configured. The default action is detailed in Functional Notes, below.
SROS Command Line Interface Reference Guide BGP Configuration Command Set distance bgp Use the distance bgp command to set the administrative distance for BGP routes. Use the no form of this command to return to the default setting. Syntax Description Sets the administrative distance for BGP routes learned via eBGP sessions. A value of 255 means the route is not installed. Range: 1 to 254.
SROS Command Line Interface Reference Guide BGP Configuration Command Set hold-timer Use the hold-timer command to set the default hold time for all neighbors in the BGP process. Syntax Description Specifies a time interval (in seconds) within which a keepalive must be received from a peer before it is declared dead peer. Range: 0 to 65535 Default Values By default, the hold time is 90 seconds.
SROS Command Line Interface Reference Guide BGP Neighbor Configuration Command Set BGP NEIGHBOR CONFIGURATION COMMAND SET To activate the BGP Neighbor Configuration, enter the bgp-neighbor command at the Global Configuration Mode prompt. For example: Switch>enable Switch#configure terminal Switch(config)#bgp-neighbor Switch(config-bgp-neighbor)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide BGP Neighbor Configuration Command Set advertisement-interval Use the advertisement-interval command to configure the Secure Router OS to specify how long the BGP process waits before sending updates to the neighbor. Syntax Description Specifies the advertisement interval in seconds. Range: 0 to 600. Default Values By default, the advertisement interval is 30 seconds for external neighbors and 5 seconds for internal neighbors.
SROS Command Line Interface Reference Guide BGP Neighbor Configuration Command Set ebgp-multihop Use the ebgp-multihop command to configure the maximum hop count of BGP messages to a neighbor. Use the no form of this command to return to the default setting. Syntax Description Specifies the maximum hop count of BGP messages to a neighbor. Range: 1 to 254. Default Values By default, ebgp-multihop is set to 1.
SROS Command Line Interface Reference Guide BGP Neighbor Configuration Command Set hold-timer Use the hold-timer command to set the default hold time for all neighbors in the BGP process. Syntax Description Specifies a time interval (in seconds) within which a keepalive must be received from a peer before it is declared dead peer. Range: 0 to 65535 Default Values By default, the hold time is 90 seconds.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set PPP INTERFACE CONFIGURATION COMMAND SET To activate the PPP Interface Configuration , enter the interface ppp command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface ppp 1 Router(config-ppp 1)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set mtu on page 764 peer default ip address on page 765 ppp commands begin on page 766 pppoe ac-name on page 774 pppoe service-name on page 775 qos-policy out on page 776 snmp trap link-status on page 777 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set access-policy Use the access-policy command to assign a specified access policy to an interface. Use the no form of this command to remove an access policy association. Syntax Description Note Alphanumeric descriptor for identifying the configured access policy. All access policy descriptors are case-sensitive.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set Step 1: Enable the security features of the Secure Router OS using the ip firewall command. Step 2: Create an access list to permit or deny specified traffic. Standard access lists provide pattern matching for source IP addresses only. (Use extended access lists for more flexible pattern matching.) 2. Using the host to specify a single host address. For example, entering permit host 196.173.22.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set nat source list address overload All packets passed by the access list(s) entered will be modified to replace the source IP address with the entered IP address. The overload keyword allows multiple source IP addresses to be replaced with the single IP address entered. This hides private IP addresses from outside the local network. This function is also known as “many-to-one NAT”.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set alias link<“text”> Each configured PPP interface (when referenced using SNMP) contains a link (physical port) and a bundle (group of links). RFC 1471 (for Link Connection Protocol) provides an interface table to manage lists of bundles and associated links. The alias link command provides the management station an identifying description for each link (PPP physical).
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set bandwidth Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. This value is used in cost calculations. Use the no form of this command to restore the default values. Syntax Description Enter bandwidth in kbps. Default Values To view default values, use the show interfaces command.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set bind <#> Use the bind command to create a bind map from a created tdm-group on an interface to a virtual interface. Caution Changing bind settings could potentially result in service interruption.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set Usage Examples The following example creates a Frame Relay endpoint and connects it to the t1 1/1 physical interface: 1. Create the Frame Relay virtual endpoint and set the signaling method: (config)#interface frame-relay 1 (config-fr 1)#frame-relay lmi-type cisco 2. Create the sub-interface and configure the PVC parameters (including DLCI and IP address): (config-fr 1)#interface fr 1.1 (config-fr 1.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set Technology Review Creating an endpoint that uses a layer 2 protocol (such as Frame Relay) is generally a four-step process: Step 1: Create the Frame Relay virtual endpoint (using the interface frame-relay command) and set the signaling method (using the frame-relay lmi-type command). Also included in the Frame Relay virtual endpoint are all the applicable Frame Relay timers logging thresholds, encapsulation types, etc.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set bridge-group Use the bridge-group command to assign an interface to the specified bridge group. This command is supported on all Ethernet interfaces, PPP virtual interfaces, and Frame Relay virtual sub-interfaces. Syntax Description Bridge group number (1 to 255) specified using the bridge-group command Default Values By default, there are no configured bridge groups.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set bridge-group bpdufilter [enable | disable] Use the bridge-group bpdufilter command to block BPDUs from being transmitted and received on this interface. To return to the default value, use the no form of this command. Syntax Description Bridge group number (1 to 255) specified using the bridge-group command. enable Enable the BPDU filter. disable Disable the BPDU filter.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set bridge-group bpduguard [enable | disable] Use the bridge-group bpduguard command to block BPDUs from being received on this interface. To return to the default value, use the no form of this command. Syntax Description Bridge group number (1 to 255) specified using the bridge-group command. enable Enable the BPDU block. disable Disable the BPDU block.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set bridge-group edgeport [disable] Use the bridge-group edgeport command to set this interface to be an edgeport. This configures the interface to go to a forwarding state when the link goes up. To return to the default value, use the no form of this command. Syntax Description Bridge group number (1 to 255) specified using the bridge-group command. disable Optional.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set bridge-group link-type [auto | point-to-point | shared] Use the bridge-group link-type command to configure the spanning-tree protocol link type for an interface. To return to the default value, use the no form of this command. Syntax Description Bridge group number (1 to 255) specified using the bridge-group command. auto Link type is determined by the port’s duplex settings.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set bridge-group spanning-disabled Use the bridge-group spanning-disabled command to transparently bridge two interfaces on a network (that have no parallel or redundant paths) without the overhead of spanning-tree protocol calculations. To enable the spanning-tree protocol on an interface, use the no form of this command.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set crypto map Use the crypto map command to associate crypto maps with the interface. Note When you apply a map to an interface, you are applying all crypto maps with the given map name. This allows you to apply multiple crypto maps if you have created maps which share the same name but have different map index numbers.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set Interfaces (Ethernet, Frame Relay, PPP, local) Static Filter (in) Static Filter (out) IPSec Decrypt/Discard IPSec Encrypt NAT/ACP/ Firewall Router As shown in the diagram above, data coming into the product is first processed by the static filter associated with the interface on which the data is received.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set backup auto-backup Use the backup auto-backup command to configure the PPP interface to automatically attempt a backup upon failure. For more detailed information on PPP backup functionality, refer to the Functional Notes and Technology Review sections of the command. Syntax Description No subcommands. Default Values By default, all backup endpoints will automatically attempt backup upon a failure.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set backup auto-restore Use the backup auto-restore command to configure the interface to automatically discontinue backup when all network conditions are operational. Use the no form of this command to disable the auto-restore feature. For more detailed information on PPP backup functionality, refer to the Functional Notes and Technology Review sections of the command. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set backup backup-delay Use the backup backup-delay command to configure the amount of time the router will wait after the failure condition is recognized before attempting to backup the link. Use the no form of this command to return to the default value. For more detailed information on PPP backup functionality, refer to the Functional Notes and Technology Review sections of the command.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set backup call-mode Use the backup call-mode command to combine user data with pattern data to ensure data does not mirror standard DDS loop codes (use only on 64 kbps circuits without Frame Relay signaling). Use the no form of this command to return to the default value. Syntax Description Selects the role the router will take in backup of this interface. answer Answer and backup primary link on failure.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set no shutdown ! interface ppp 1 ip address 10.1.1.2 255.255.255.252 backup call-mode originate backup number 5551111 analog ppp 2 bind 1 t1 1/1 1 ppp 1 ! interface ppp 2 description connected to corp for backup ip address 10.10.10.2 255.255.255.252 ppp authentication pap ppp pap sent-username joe password pswrd ! ip route 0.0.0.0 0.0.0.0 10.1.1.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set backup number 555-8888 analog ppp 2 ! interface ppp 2 description connection for remote 7203dl dialin for backup ip address 10.10.10.1 255.255.255.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set Technology Review This technology review provides information regarding specific backup router behavior (i.e., when the router will perform backup, where in the configuration the Secure Router OS accesses specific routing information, etc.): Dialing Out 1. The Secure Router OS determines to place an outbound call when either the Layer 1 or Layer 2 has a failure. 2.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set backup connect-timeout Use the backup connect-timeout command to specify the number of seconds to wait for a connection after a call is attempted before trying to call again or dialing a different number. It is recommended this number be greater than 60. For more detailed information on PPP backup functionality, refer to the Functional Notes and Technology Review sections of the command.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set backup force Use the backup force command to manually override the automatic backup feature. This can be used to force a link into backup to allow maintenance to be performed on the primary link without disrupting data. Use the no form of this command to return to the normal backup operation state.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set dynamic-dns [dyndns | dyndns-custom | dyndns-static] Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network Services, Inc. (www.dyndns.org). Syntax Description See Functional Notes, below, for argument descriptions. Default Values No default is necessary for this command.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set If your IP address doesn't change often or at all, but you still want an easy name to remember it by (without having to purchase your own domain name) Static DNS service is ideal for you. If you would like to use your own domain name (such as yourname.com) you need Custom DNS service which also provides full dynamic and static IP address support.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set fair-queue Use the fair-queue command to enable weighted fair queuing (WFQ) on an interface. Use the no form of this command to disable WFQ and enable FIFO queueing for an interface. WFQ is enabled by default for WAN interfaces. Syntax Description Optional value that specifies the maximum number of packets that can be present in each conversation sub-queue.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set hold-queue out Use the hold-queue command to change the overall size of an interface's WAN output queue. Syntax Description The total number of packets the output queue can contain before packets are dropped. Range 16-1000. Default Values The default queue size for WFQ is 400. The default queue size for PPP FIFO and Frame Relay round-robin is 200.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip access-group [in | out] Use the ip access-group command to create an access list to be used for packets transmitted on or received from the specified interface. Use the no form of this command to disable this type of control. Syntax Description listname Assigned IP access list name. in Enables access control on packets received on the specified interface.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip address negotiated Use the ip address negotiated command to allow the interface to negotiate (i.e., be assigned) an IP address from the far end PPP connection. Use the no form of this command to disable the negotiation for an IP address Syntax Description No subcommands. Default Values By default, the interface is assigned an address with the ip address
command.SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip address
secondary Use the ip address command to define an IP address on the specified interface. Use the optional secondary keyword to define a secondary IP address. Use the no form of this command to remove a configured IP address. Syntax Description Defines the IP address for the interface in dotted decimal notation (for example: 192.22.73.101).SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip helper-address
Use the ip helper-address command to configure the Secure Router OS to forward User Datagram Protocol (UDP) broadcast packets received on the interface. Use the no form of this command to disable forwarding packets. Note The ip helper command must be used in conjunction with the ip forward-protocol command to configure the Secure Router OS forward UDP broadcast packets.SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set Usage Examples The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: (config)#ip forward-protocol udp domain (config)#interface ppp 1 (config-ppp 1)#ip helper-address 192.33.5.99 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip igmp Use the ip igmp command to configure multicasting-related functions for the interface. Syntax Description helper-enable Tells this downstream interface to use the global helper address.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set Usage Examples The following example sets the query message interval on the interface to 200 milliseconds: (config-ppp 1)#ip igmp last-member-query-interval 200 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip mcast-stub downstream Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on an interface and place it in multicast stub downstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip mcast-stub upstream Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in multicast stub upstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip ospf Use the ip ospf command to customize OSPF settings (if needed). Syntax Description authentication-key Assign a simple-text authentication password to be used by other routers using the OSPF simple password authentication. cost Specify the OSPF cost of sending a packet on the interface. This value overrides any computed cost value. Range: 1-65535.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip ospf authentication [message-digest | null] Use the ip ospf authentication command to authenticate an interface that is performing OSPF authentication. Syntax Description message-digest Optional. Select message-digest authentication type. null Optional. Select for no authentication to be used. Default Values By default, this is set to null (meaning no authentication is used).
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip ospf network [broadcast | point-to-point] Use the ip ospf network command to specify the type of network on this interface. Syntax Description broadcast Set the network type for broadcast. point-to-point Set the network type for point-to-point. Default Values By default, Ethernet defaults to broadcast. PPP and Frame Relay default to point-to-point.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip proxy-arp Use the ip proxy-arp to enable proxy Address Resolution Protocol (ARP) on the interface. Use the no form of this command to disable this feature. Syntax Description
Defines the IP address for the interface in dotted decimal notation (for example: 192.22.73.101) Specifies the subnet mask that corresponds to the listed IP address Default Values By default, proxy-arp is enabled.SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip rip receive version Use the ip rip receive version command to configure the RIP version the unit accepts in all RIP packets received on the interface. Use the no form of this command to restore the default value.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip rip send version Use the ip rip send version command to configure the RIP version the unit sends in all RIP packets transmitted on the interface. Use the no form of this command to restore the default value.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip route-cache Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this command to disable fast-cache switching and return to process switching mode. Note Using Network Address Translation (NAT) or the Secure Router OS firewall capabilities on an interface requires process switching mode (using the no ip route-cache command). Syntax Description No subcommands.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ip unnumbered Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP processing on the active interface. Use the no form of this command to remove the unnumbered configuration. Syntax Description Specifies the interface (in the format type slot/port) that contains the IP address to use as the source address for all packets transmitted on this interface.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set keepalive Use the keepalive command to enable the transmission of keepalive packets on the interface and specify the time interval in seconds between transmitted packets.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set mtu Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use the no form of this command to return to the default value. Syntax Description Configures the window size for transmitted packets. The valid ranges for the various interfaces are listed below: Ethernet (eth 0/1) 64 to 1500 virtual Frame Relay sub-interfaces (fr 1.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set peer default ip address
Use the peer default ip address command to specify the default IP address of the remote end of this interface. Syntax Description Specifies the default IP address for the remote end (A.B.C.D). Default Values By default, there is no assigned peer default IP address.SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ppp authentication Use the ppp authentication command to specify the authentication protocol on the PPP virtual interface that the peer should use to authenticate itself.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set Several example scenarios are given below for clarity. Configuring PAP Example 1: Only the local router requires the peer to authenticate itself.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set Configuring CHAP Example 1: Only the local router requires the peer to authenticate itself. On the local router (hostname Local): Local(config-ppp 1)#ppp authentication chap Local(config-ppp 1)#username Peer password same On the peer (hostname Peer): Peer(config-ppp 1)#username Local password same The first line of this configuration sets the authentication mode to CHAP.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set Peer(config-ppp 1)#ppp chap password different Here the local router challenges with hostname "Local". The peer verifies the name in the username database, but instead of sending the password "same" in the response, it uses the one in the ppp chap password command. The local router then verifies that user "Peer" with password "different" is valid and sends a "success".
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ppp chap hostname Use the ppp chap hostname command to configure an alternate hostname for CHAP PPP authentication. Use the no form of this command to remove a configured hostname. For more information on PAP and CHAP functionality, see the Technology Review section for the command ppp authentication on page 766.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ppp chap password Use the ppp chap password command to configure an alternate password when the peer requires CHAP PPP authentication. Use the no form of this command to remove a configured password. For more information on PAP and CHAP functionality, see the Technology Review section for the command ppp authentication on page 766.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ppp multilink Use the ppp multilink command to enable multilink PPP (MPPP) operation. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, MPPP is disabled. Command Modes (config-ppp 1)# PPP Interface Configuration Mode Functional Notes When enabled, this interface is capable of the following: • Combining multiple physical links into one logical link.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set ppp pap sent-username password Use the ppp pap sent-username/password command to configure a username and password when the peer requires PAP PPP authentication. Use the no form of this command to remove a configured password. For more information on PAP and CHAP functionality, see the Technology Review section for the command ppp authentication on page 766.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set pppoe ac-name Use the pppoe ac-name command to identify the Access Concentrator (AC) with which the Secure Router OS expects to establish a PPPoE session. Use the no form of this command to return to the default setting. Syntax Description Enter a text string (up to 255 characters) corresponding to the AC-Name Tag under RFC 2516. If this field is not specified, any access concentrator is acceptable.
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set pppoe service-name Use the pppoe service-name command to use this tag value to filter PPPoE session offers from PPPoE servers. Use the no form of this command to return to the default setting. Syntax Description Enter a text string (up to 255 characters) corresponding to the Service-Name Tags under RFC 2516. This string indicates an ISP name (or a class or quality of service).
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set qos-policy out Use the qos-policy out command to apply a previously-configured QoS map to an interface. Use the no form of this command to remove the map from the interface. The out keyword specifies that this policy will be applied to outgoing packets. Syntax Description
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set snmp trap link-status Use the snmp trap link-status command to control the SNMP variable that enables (or disables) the interface to send SNMP traps when there is an interface status change (ifLinkUpDownTrapEnable of RFC 2863). Use the no form of this command to disable this trap. Syntax Description No subcommands.
Command Reference Guide Tunnel Configuration Command Set TUNNEL CONFIGURATION COMMAND SET To activate the Tunnel Configuration mode, enter the interface tunnel command at the Global Configuration mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface tunnel 1 Router(config-tunnel 1)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
Command Reference Guide Tunnel Configuration Command Set access-policy Use the access-policy command to assign a specified access policy for the inbound traffic on an interface. Use the no form of this command to remove an access policy association. Note Configured access policies will only be active if the ip firewall command has been entered at the Global Configuration mode prompt to enable the SROS security features.
Command Reference Guide Tunnel Configuration Command Set (config)#ip policy-class UnTrusted (config-policy-class)#allow list InWeb Associate the access policy with the tunnel 1 interface: (config)#interface tunnel 1 (config-tunnel 1) access-policy UnTrusted Technology Review Creating access policies and lists to regulate traffic through the routed network is a four-step process: Step 1: Enable the security features of the Secure Router OS using the ip firewall command.
Command Reference Guide Tunnel Configuration Command Set discard list policy All packets passed by the access list(s) entered and destined for the interface using the access policy listed will be blocked from the router system. This allows for configurations to deny packets on a specified interface.
Command Reference Guide Tunnel Configuration Command Set bandwidth Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. This value is used in cost calculations. Use the no form of this command to restore the default values. Syntax Description Specifies bandwidth in kbps. Default Values To view default values, use the show interfaces command.
Command Reference Guide Tunnel Configuration Command Set dynamic-dns [dyndns | dyndns-custom | dyndns-static] Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network Services, Inc. (www.dyndns.org). Syntax Description Refer to Functional Notes below for argument descriptions. Default Values No default is necessary for this command.
Command Reference Guide Tunnel Configuration Command Set Usage Examples The following example sets the dynamic-dns to dyndns-custom with hostname host, username user, and password pass: (config)#interface tunnel 1 (config-tunnel 1)#dynamic-dns dyndns-custom host user pass 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
Command Reference Guide Tunnel Configuration Command Set ip access-group [in | out] Use the ip access-group command to create an access list to be used for packets transmitted on or received from the specified interface. Use the no form of this command to disable this type of control. Syntax Description in out Assigns an IP access list name. Enables access control on packets received on the specified interface.
Command Reference Guide Tunnel Configuration Command Set ip address
secondary Use the ip address command to define an IP address on the specified interface. Use the no form of this command to remove a configured IP address. Syntax Description Defines the IP address for the interface in dotted decimal notation (for example: 192.22.73.101). Specifies the subnet mask that corresponds to the listed IP address. secondary Optional.Command Reference Guide Tunnel Configuration Command Set ip helper-address
Use the ip helper-address command to configure the Secure Router OS to forward User Datagram Protocol (UDP) broadcast packets received on the interface. Use the no form of this command to disable forwarding packets. Note The ip helper-address command must be used in conjunction with the ip forward-protocol command to configure the SROS to forward UDP broadcast packets.Command Reference Guide Tunnel Configuration Command Set Usage Examples The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: (config)#ip forward-protocol udp domain (config)#interface tunnel 1 (config-tunnel 1)#ip helper-address 192.33.5.99 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
Command Reference Guide Tunnel Configuration Command Set ip igmp Use the ip igmp command to configure multicasting-related functions for the interface. Syntax Description immediate-leave Specifies that if only one host (or IGMP snooping switch) is connected to the interface, when a leave is received, multicast of that group is immediately terminated as opposed to sending a group query and timing out the group if no device responds. Works in conjunction with ip igmp last-member-query-interval.
Command Reference Guide Tunnel Configuration Command Set Usage Examples The following example sets the query message interval on the interface to 200 milliseconds: config)#interface tunnel 1 (config-tunnel 1)#ip igmp last-member-query-interval 200 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
Command Reference Guide Tunnel Configuration Command Set ip mcast-stub downstream Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on an interface and place it in multicast stub downstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
Command Reference Guide Tunnel Configuration Command Set ip mcast-stub downstream Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on an interface, and to place it in multicast stub downstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
Command Reference Guide Tunnel Configuration Command Set ip mcast-stub helper-enable Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the IGMP proxy. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
Command Reference Guide Tunnel Configuration Command Set ip mcast-stub upstream Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in multicast stub upstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
Command Reference Guide Tunnel Configuration Command Set ip ospf Use the ip ospf command to customize OSPF settings (if needed). Syntax Description authentication-key Specifies a simple-text authentication password to be used by other routers using the OSPF simple password authentication. cost Specifies the OSPF cost of sending a packet on the interface. This value overrides any computed cost value. Range: 1 to 65535.
Command Reference Guide Tunnel Configuration Command Set (config)#interface tunnel 1 (config-tunnel 1)#ip ospf dead-interval 25000 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
Command Reference Guide Tunnel Configuration Command Set ip ospf authentication [message-digest | null] Use the ip ospf authentication command to authenticate an interface that is performing OSPF authentication. Syntax Description message-digest null Optional. Selects message-digest authentication type. Optional. Specifies that no authentication is used. Default Values By default, this is set to null (meaning no authentication is used).
Command Reference Guide Tunnel Configuration Command Set ip ospf network [broadcast | point-to-point] Use the ip ospf network command to specify the type of network on this interface. Syntax Description broadcast point-to-point Sets the network type for broadcast. Sets the network type for point-to-point. Default Values By default, Ethernet defaults to broadcast. PPP, Frame Relay, and tunnel default to point-to-point.
Command Reference Guide Tunnel Configuration Command Set ip proxy-arp Use the ip proxy-arp command to enable proxy Address Resolution Protocol (ARP) on the interface. Use the no form of this command to disable this feature. Syntax Description Defines the proxy ARP IP address in dotted decimal notation (for example: 192.22.73.101). Specifies the subnet mask that corresponds to the listed IP address. Default Values By default, proxy-arp is enabled.
Command Reference Guide Tunnel Configuration Command Set ip rip receive version [1 | 2] Use the ip rip receive version command to configure the RIP version the unit accepts in all RIP packets received on the interface. Use the no form of this command to restore the default value. Syntax Description 1 2 Only accept received RIP version 1 packets on the interface. Only accept received RIP version 2 packets on the interface.
Command Reference Guide Tunnel Configuration Command Set ip rip send version [1 | 2] Use the ip rip send version command to configure the RIP version the unit sends in all RIP packets transmitted on the interface. Use the no form of this command to restore the default value. Syntax Description 1 2 Only transmits RIP version 1 packets on the interface. Only transmits RIP version 2 packets on the interface.
Command Reference Guide Tunnel Configuration Command Set ip route-cache Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this command to disable fast-cache switching and return to process switching mode. Note Using Network Address Translation (NAT) or the SROS firewall capabilities on an interface requires process switching mode (using the no ip route-cache command). Syntax Description No subcommands.
Command Reference Guide Tunnel Configuration Command Set keepalive Use the keepalive command to periodically send keepalive packets to verify the integrity of the tunnel from end to end. Use the no form of this command to disable keepalives. Syntax Description Defines the time interval (in seconds) between transmitted keepalive packets (valid range: 1 to 32767 seconds).
Command Reference Guide Tunnel Configuration Command Set tunnel checksum Use the tunnel checksum command to verify the checksum of incoming Generic Routing Encapsulation (GRE) packets and to include a checksum on outgoing packets. Use the no form of this command to disable checksum. Syntax Description No subcommands. Default Values By default, tunnel checksum is disabled.
Command Reference Guide Tunnel Configuration Command Set tunnel destination Use the tunnel destination command to specify the IP address to use as the destination address for all packets transmitted on this interface. Use the no form of this command to clear the tunnel destination address. Syntax Description Specifies the IP address in dotted decimal notation to use as the destination address for all packets transmitted on this interface (for example: 192.22.73.101).
Command Reference Guide Tunnel Configuration Command Set tunnel key Use the tunnel key command to specify a value shared by both endpoints of the tunnel that will provide minimal security and delineate between tunnels with the same source and destination addresses. Use the no form of this command to disable the key. Syntax Description Defines the key value for this tunnel (valid range: 1 to 4294967294). Default Values By default, a key is not configured.
Command Reference Guide Tunnel Configuration Command Set tunnel mode gre Use the tunnel mode gre command to encapsulate traffic destined for the tunnel interface in a Generic Routing Encapsulation (GRE) header. Use the no form of this command to set the tunnel to its default mode. Syntax Description No subcommands. Default Values By default, the tunnel interface will be configured for GRE mode.
Command Reference Guide Tunnel Configuration Command Set tunnel sequence-datagrams Use the tunnel sequence-datagrams command to enable sequence number checking on incoming Generic Routing Encapsulation (GRE) packets, to drop packets arriving out of order, and to include a sequence number in outgoing packets. Use the no form of this command to disable sequence number checking. Syntax Description No subcommands. Default Values By default, this command is disabled.
Command Reference Guide Tunnel Configuration Command Set tunnel source [ | ] Use the tunnel source command to specify the IP address or name of a physical interface to use as the source address for all packets transmitted on this interface. Use the no form of this command to clear the tunnel source address. Syntax Description Specifies the IP address in dotted decimal notation to use as the source address for all packets transmitted on this interface (for example: 192.
Command Reference Guide Tunnel Configuration Command Set Usage Examples The following example sets the tunnel source IP address to 192.22.73.101: (config)#interface tunnel 1 (config-tunnel 1)#tunnel source 192.22.73.101 The following example sets the tunnel source IP address to the address of the Ethernet interface labeled 0/1: (config)#interface tunnel 1 (config-tunnel 1)#tunnel source eth 0/1 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide HDLC Command Set HDLC COMMAND SET To activate the HDLC mode, enter the interface hdcl command at the Global Configuration mode prompt. For example: >enable #configure terminal (config)#interface hdlc 1 (config-hdlc 1)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide HDLC Command Set mtu on page 844 qos-policy out on page 845 snmp trap link-status on page 846 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide HDLC Command Set access-policy Use the access-policy command to assign a specified access policy for the inbound traffic on an interface. Use the no form of this command to remove an access policy association. Configured access policies will only be active if the ip firewall command has been entered at the Global Configuration Mode prompt to enable the SROS security features.
SROS Command Line Interface Reference Guide HDLC Command Set (config-policy-class)#permit list InWeb Associate the access list with the interface: (config)#interface hdlc 1 (config-hdlc 1)#access-policy UnTrusted Technology Review Creating access policies and lists to regulate traffic through the routed network is a four-step process: Step 1: Enable the security features of the SROS using the ip firewall command. Step 2: Create an access list to permit or deny specified traffic.
SROS Command Line Interface Reference Guide HDLC Command Set nat source list address overload All packets passed by the access list(s) entered will be modified to replace the source IP address with the entered IP address. The overload keyword allows multiple source IP addresses to be replaced with the single IP address entered. This hides private IP addresses from outside the local network.
SROS Command Line Interface Reference Guide HDLC Command Set bandwidth Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. This value is used in cost calculations. Use the no form of this command to restore the default values. Syntax Description Enter bandwidth in kbps. Default Values To view default values use the show interfaces command.
SROS Command Line Interface Reference Guide HDLC Command Set bridge-group Use the bridge-group command to assign an interface to the specified bridge group. Use the no form of this command to remove the interface from the bridge group. Syntax Description Specifies bridge group number (1 to 255) specified using the bridge-group command Default Values By default, there are no configured bridge groups.
SROS Command Line Interface Reference Guide HDLC Command Set crypto map Use the crypto map command to associate crypto maps with the interface. When you apply a map to an interface, you are applying all crypto maps with the given map name. This allows you to apply multiple crypto maps if you have created maps which share the same name but have different map index numbers.
SROS Command Line Interface Reference Guide HDLC Command Set Interfaces (Ethernet, Frame Relay, PPP, local) Static Filter (in) Static Filter (out) IPSec Decrypt/Discard IPSec Encrypt NAT/ACP/ Firewall Router As shown in the diagram above, data coming into the product is first processed by the static filter associated with the interface on which the data is received. This access-group is a true static filter and is available for use regardless of whether the firewall is enabled or disabled.
SROS Command Line Interface Reference Guide HDLC Command Set dynamic-dns [dyndns | dyndns-custom | dyndns-static] Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network Services, Inc. (www.dyndns.org). Syntax Description See Functional Notes below for syntax descriptions. Default Values No default is necessary for this command.
SROS Command Line Interface Reference Guide HDLC Command Set Usage Examples The following example sets the dynamic-dns to dyndns-custom with hostname host, username user, and password pass: (config)#interface hdlc 1 (config-hdlc 1)#dynamic-dns dyndns-custom host user pass 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide HDLC Command Set fair-queue Use the fair-queue command to enable weighted fair queuing (WFQ) on an interface. Use the no form of this command to disable WFQ and enable FIFO (first-in-first-out) queueing for an interface. WFQ is enabled by default for WAN interfaces. Syntax Description Optional. Value that specifies the maximum number of packets that can be present in each conversation sub-queue.
SROS Command Line Interface Reference Guide HDLC Command Set hold-queue out Use the hold-queue command to change the overall size of an interface's WAN output queue. Syntax Description The total number of packets the output queue can contain before packets are dropped. Range: 16-1000. Default Values The default queue size for WFQ is 400. The default queue size for PPP FIFO and Frame Relay round-robin is 200.
SROS Command Line Interface Reference Guide HDLC Command Set ip access-group [in | out] Use the ip access-group command to create an access list to be used for packets transmitted on or received from the specified interface. Use the no form of this command to disable this type of control. Syntax Description in Assigned IP access list name. Enables access control on packets received on the specified interface.
SROS Command Line Interface Reference Guide HDLC Command Set ip address
secondary Use the ip address command to define an IP address on the specified interface. Use the optional secondary keyword to define a secondary IP address. Use the no form of this command to remove a configured IP address. Syntax Description Defines the IP address for the interface in dotted decimal notation (for example: 192.22.73.101).SROS Command Line Interface Reference Guide HDLC Command Set ip helper-address
Use the ip helper-address command to configure the SROS to forward User Datagram Protocol (UDP) broadcast packets received on the interface. Use the no form of this command to disable forwarding packets. The ip helper command must be used in conjunction with the ip forward-protocol command to configure the SROS to forward UDP broadcast packets.SROS Command Line Interface Reference Guide HDLC Command Set Usage Examples The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: (config)#ip forward-protocol udp domain (config)#interface hdlc 1 (config-hdlc 1)#ip helper-address 192.33.5.99 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide HDLC Command Set ip igmp Use the ip igmp command to configure multicasting-related functions for the interface. Syntax Description immediate-leave If only one host (or IGMP snooping switch) is connected to the interface, when a leave is received, multicast of that group is immediately terminated as opposed to sending a group query and timing out the group if no device responds. Works in conjunction with ip igmp last-member-query-interval.
SROS Command Line Interface Reference Guide HDLC Command Set Usage Examples The following example sets the query message interval on the interface to 200 milliseconds: (config)#interface hdlc 1 (config-hdlc 1)#ip igmp last-member-query-interval 200 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide HDLC Command Set ip mcast-stub downstream Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on an interface and place it in multicast stub downstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide HDLC Command Set ip mcast-stub helper-enable Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the IGMP proxy. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide HDLC Command Set ip mcast-stub upstream Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in multicast stub upstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide HDLC Command Set ip ospf Use the ip ospf command to customize OSPF settings (if needed). Syntax Description authentication-key Specifies a simple-text authentication password to be used by other routers using the OSPF simple password authentication. cost Specifies the OSPF cost of sending a packet on the interface. This value overrides any computed cost value. Range: 1 to 65535.
SROS Command Line Interface Reference Guide HDLC Command Set ip ospf authentication [message-digest | null] Use the ip ospf authentication command to authenticate an interface that is performing OSPF authentication. Syntax Description message-digest Optional. Select message-digest authentication type. null Optional. Select for no authentication to be used. Default Values By default, this is set to null (meaning no authentication is used).
SROS Command Line Interface Reference Guide HDLC Command Set ip ospf network [broadcast | point-to-point] Use the ip ospf network command to specify the type of network on this interface. Syntax Description broadcast Set the network type for broadcast. point-to-point Set the network type for point-to-point. Default Values By default, Ethernet defaults to broadcast. PPP and Frame Relay default to point-to-point.
SROS Command Line Interface Reference Guide HDLC Command Set ip proxy-arp Use the ip proxy-arp command to enable proxy Address Resolution Protocol (ARP) on the interface. Use the no form of this command to disable this feature. Syntax Description Defines the proxy ARP IP address in dotted decimal notation (for example: 192.22.73.101). Specifies the subnet mask that corresponds to the listed IP address.
SROS Command Line Interface Reference Guide HDLC Command Set ip rip receive version [1 | 2] Use the ip rip receive version command to configure the RIP version the unit accepts in all RIP packets received on the interface. Use the no form of this command to restore the default value. Syntax Description 1 2 Only accept received RIP version 1 packets on the interface. Only accept received RIP version 2 packets on the interface.
SROS Command Line Interface Reference Guide HDLC Command Set ip rip send version [1 | 2] Use the ip rip send version command to configure the RIP version the unit sends in all RIP packets transmitted on the interface. Use the no form of this command to restore the default value. Syntax Description 1 2 Only transmits RIP version 1 packets on the interface. Only transmits RIP version 2 packets on the interface.
SROS Command Line Interface Reference Guide HDLC Command Set ip route-cache Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this command to disable fast-cache switching and return to process switching mode. Using Network Address Translation (NAT) or the SROS firewall capabilities on an interface requires process switching mode (using the no ip route-cache command). Syntax Description No subcommands.
SROS Command Line Interface Reference Guide HDLC Command Set ip unnumbered Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP processing on the active interface. Use the no form of this command to remove the unnumbered configuration. Syntax Description Specifies the interface (in the format type slot/port) that contains the IP address to use as the source address for all packets transmitted on this interface.
SROS Command Line Interface Reference Guide HDLC Command Set keepalive Use the keepalive command to enable the transmission of keepalive packets on the interface and specify the time interval in seconds between transmitted packets. Syntax Description Defines the time interval (in seconds) between transmitted keepalive packets (valid range: 0 to 32,767 seconds). Default Values By default, the time interval between transmitted keepalive packets is 10 seconds.
SROS Command Line Interface Reference Guide HDLC Command Set lldp receive Use the lldp receive command to allow LLDP packets to be received on this interface. Syntax Description No subcommands. Default Values By default, all interfaces are configured to send and receive LLDP packets. Command Modes (config-interface)# Interface Configuration Mode Valid interfaces include: Ethernet (eth 0/1), virtual PPP interfaces (ppp 1), virtual HDLC interfaces (hdlc 1), virtual Frame Relay sub-interfaces (fr 1.
SROS Command Line Interface Reference Guide HDLC Command Set lldp send [management-address l port-description l system-capabilities l system-description l system-name l and-receive] Use the lldp send command to configure this interface to transmit LLDP packets or to control the types of information contained in the LLDP packets transmitted by this interface. Syntax Description management-address Enables transmission of management address information on this interface.
SROS Command Line Interface Reference Guide HDLC Command Set mtu Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use the no form of this command to return to the default value. Syntax Description Configures the window size for transmitted packets.
SROS Command Line Interface Reference Guide HDLC Command Set qos-policy out Use the qos-policy out command to apply a previously-configured QoS map to an interface. Use the no form of this command to remove the map from the interface. The out keyword specifies that this policy will be applied to outgoing packets. Syntax Description
SROS Command Line Interface Reference Guide HDLC Command Set snmp trap link-status Use the snmp trap link-status command to control the SNMP variable ifLinkUpDownTrapEnable (RFC2863), which enables (or disables) the interface to send SNMP traps when there is an interface status change. Use the no form of this command to disable this trap. Syntax Description No subcommands. Default Values By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set LOOPBACK INTERFACE CONFIGURATION COMMAND SET To activate the Loopback Interface Configuration , enter the interface loopback command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#interface loopback 1 Router(config-loop 1)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set access-policy Use the access-policy command to assign a specified access policy to an interface. Use the no form of this command to remove an access policy association. Syntax Description Alphanumeric descriptor for identifying the configured access policy (all access policy descriptors are case-sensitive).
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set Associate the access policy with the loopback interface: (config)#interface loopback 1 (config-loop 1) access-policy UnTrusted Technology Review Creating access policies and lists to regulate traffic through the routed network is a four-step process: Step 1: Enable the security features of the Secure Router OS using the ip firewall command. Step 2: Create an access list to permit or deny specified traffic.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set nat source list address overload All packets passed by the access list(s) entered will be modified to replace the source IP address with the entered IP address. The overload keyword allows multiple source IP addresses to be replaced with the single IP address entered. This hides private IP addresses from outside the local network.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set bandwidth Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. This value is used in cost calculations. Use the no form of this command to restore the default values. Syntax Description Enter bandwidth in kbps.’ Default Values To view default values, use the show interfaces command.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set crypto map Use the crypto map command to associate crypto maps with the interface. Note When you apply a map to an interface, you are applying all crypto maps with the given map name. This allows you to apply multiple crypto maps if you have created maps which share the same name but have different map index numbers.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set Functional Notes When configuring a system to use both the stateful inspection firewall and IKE negotiation for VPN, keep the following information in mind: When defining the policy-class and associated access-control lists (ACLs) that describe the behavior of the firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set Usage Examples The following example applies all crypto maps with the name MyMap to the loopback interface: (config-loop 1)#crypto map MyMap 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set dynamic-dns [dyndns | dyndns-custom | dyndns-static] Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network Services, Inc. (www.dyndns.org). Syntax Description See Functional Notes, below, for argument descriptions. Default Values No default is necessary for this command.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set If your IP address doesn't change often or at all, but you still want an easy name to remember it by (without having to purchase your own domain name) Static DNS service is ideal for you. If you would like to use your own domain name (such as yourname.com) you need Custom DNS service which also provides full dynamic and static IP address support.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip access-group [in | out] Use the ip access-group command to create an access list to be used for packets transmitted on or received from the specified interface. Use the no form of this command to disable this type of control. Syntax Description listname Assigned IP access list name. in Enables access control on packets received on the specified interface.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip address
secondary Use the ip address command to define an IP address on the specified interface. Use the optional secondary keyword to define a secondary IP address. Use the no form of this command to remove a configured IP address. Syntax Description Defines the IP address for the interface in dotted decimal notation (for example: 192.22.73.101).SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip helper-address
Use the ip helper-address command to configure the Secure Router OS to forward User Datagram Protocol (UDP) broadcast packets received on the interface. Use the no form of this command to disable forwarding packets. Note The ip helper command must be used in conjunction with the ip forward-protocol command to configure the Secure Router OS to forward UDP broadcast packets.SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set Usage Examples The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: (config)#ip forward-protocol udp domain (config)#interface loopback 1 (config-loop 1)#ip helper-address 192.33.5.99 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip igmp Use the ip igmp command to configure multicasting-related functions for the interface. Syntax Description helper-enable Tells this downstream interface to use the global helper address.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set Usage Examples The following example sets the query message interval on the interface to 200 milliseconds: (config-loop 1)#ip igmp last-member-query-interval 200 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip mcast-stub downstream Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on an interface and place it in multicast stub downstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip mcast-stub upstream Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in multicast stub upstream mode. Use the no form of this command to disable. Syntax Description No subcommands. Default Values By default, this command is disabled.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip ospf Use the ip ospf command to customize OSPF settings (if needed). Syntax Description authentication-key Assign a simple-text authentication password to be used by other routers using the OSPF simple password authentication. cost Specify the OSPF cost of sending a packet on the interface. This value overrides any computed cost value. Range: 1-65535.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip ospf authentication [message-digest | null] Use the ip ospf authentication command to authenticate an interface that is performing OSPF authentication. Syntax Description message-digest Optional. Select message-digest authentication type. null Optional. Select for no authentication to be used. Default Values By default, this is set to null (meaning no authentication is used).
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip ospf network [broadcast | point-to-point] Use the ip ospf network command to specify the type of network on this interface. Syntax Description broadcast Set the network type for broadcast. point-to-point Set the network type for point-to-point. Default Values By default, Ethernet defaults to broadcast. PPP and Frame Relay default to point-to-point.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip proxy-arp Use the ip proxy-arp to enable proxy Address Resolution Protocol (ARP) on the interface. Use the no form of this command to disable this feature. Syntax Description
Defines the IP address for the interface in dotted decimal notation (for example: 192.22.73.101). Specifies the subnet mask that corresponds to the listed IP address. Default Values By default, proxy arp is enabled.SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip rip receive version Use the ip rip receive version command to configure the RIP version the unit accepts in all RIP packets received on the interface. Syntax Description Specifies the RIP version. 1 Only accept received RIP version 1 packets on the interface. 2 Only accept received RIP version 2 packets on the interface.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip rip send version Use the ip rip send version command to configure the RIP version the unit sends in all RIP packets transmitted on the interface. Syntax Description Specifies the RIP version. 1 Only transmits RIP version 1 packets on the interface. 2 Only transmits RIP version 2 packets on the interface.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip route-cache Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this command to disable fast-cache switching and return to process switching mode. Note Using Network Address Translation (NAT) or the Secure Router OS firewall capabilities on an interface requires process switching mode (using the no ip route-cache command). Syntax Description No subcommands.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set ip unnumbered Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP processing on the active interface. Use the no form of this command to remove the unnumbered configuration. Syntax Description Specifies the interface in the format type slot/port (e.g.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set mtu Use the mtu command to configure the maximum transmit unit size for the active interface. Use the no form of this command to return to the default value. Syntax Description Configures the window size for transmitted packets. The valid ranges for the various interfaces are listed below: Ethernet (eth 0/1) 64 to 1500 virtual Frame Relay sub-interfaces (fr 1.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set snmp trap Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) traps on the interface. Syntax Description No subcommands. Default Values By default, all interfaces (except virtual Frame Relay interfaces and sub-interfaces) have SNMP traps enabled.
SROS Command Line Interface Reference Guide Loopback Interface Configuration Command Set snmp trap link-status Use the snmp trap link-status to control the SNMP variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps when there is an interface status change. Use the no form of this command to disable this trap. Syntax Description No subcommands.
SROS Command Line Interface Reference Guide Line (Console) Interface Config Command Set LINE (CONSOLE) INTERFACE CONFIG COMMAND SET To activate the Line (Console) Interface Configuration , enter the line console 0 command at the Global Configuration Mode prompt. For example: Router> enable Router#configure terminal Router(config)#line console 0 Router(config-con 0)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
SROS Command Line Interface Reference Guide Line (Console) Interface Config Command Set databits
SROS Command Line Interface Reference Guide Line (Console) Interface Config Command Set flowcontrol [none | software in] Use the flowcontrol command to set flow control for the line console. Syntax Description none Set no flow control. software in Configure the Secure Router OS to derive flow control from the attached device. Default Values By default, flow control is set to none.
SROS Command Line Interface Reference Guide Line (Console) Interface Config Command Set line-timeout Use the line-timeout command to specify the number of minutes a line session may remain inactive before the Secure Router OS terminates the session. Use the no form of this command to return to the default value.
SROS Command Line Interface Reference Guide Line (Console) Interface Config Command Set login Use the login command to enable security login on the line session requiring the password configured using the password command. Use the no form of this command to disable the login feature. Syntax Description No subcommands. Default Values By default, there is no login password set for access to the unit.
SROS Command Line Interface Reference Guide Line (Console) Interface Config Command Set login authentication Use the login authentication command to specify the named AAA login list to use for authenticating users connecting on this line. Syntax Description Specify the AAA login list to use for authentication. Default Values The default value is the default AAA list.
SROS Command Line Interface Reference Guide Line (Console) Interface Config Command Set login local-userlist Use the login local-userlist command to enable security login for the terminal session requiring the usernames and passwords configured using the username/password Global Configuration command. Use the no form of this command to disable the login local-userlist feature. Note All user properties assigned using the username/password command are valid when using the login local-userlist command.
SROS Command Line Interface Reference Guide Line (Console) Interface Config Command Set parity
SROS Command Line Interface Reference Guide Line (Console) Interface Config Command Set password [md5] Use the password command to configure the password (with optional encryption) required on the line session when security login is enabled (using the login command). Use the no form of this command to remove a configured password. Syntax Description md5 Optional. Specifies Message Digest 5 (md5) as the encryption protocol to use when displaying the enable password during show commands.
SROS Command Line Interface Reference Guide Line (Console) Interface Config Command Set speed Use the speed command to specify the data rate for the CONSOLE port. This setting must match your VT100 terminal emulator or emulator software. Use the no form of this command to restore the default value. Syntax Description Rate of data transfer on the interface (2400, 4800, 9600, 19200, 38400, 57600, or 115200 bps).
SROS Command Line Interface Reference Guide Line (Console) Interface Config Command Set stopbits
Line (Telnet) Interface Config Command Set LINE (TELNET) INTERFACE CONFIG COMMAND SET To activate the Line (Telnet) Interface Configuration , enter the line telnet command specifying a Telnet session(s) at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#line telnet 0 4 Router(config-telnet0-4)# You can select a single line by entering the line telnet command followed by the line number (0-4).
Line (Telnet) Interface Config Command Set access-class in Use the access-class in command to restrict Telnet access using a configured access list. Received packets passed by the access list will be allowed. Use the access list configuration to deny hosts or entire networks or to permit specified IP addresses. Syntax Description Alphanumeric descriptor for identifying the configured access list (all access list descriptors are case-sensitive).
Line (Telnet) Interface Config Command Set line-timeout Use the line-timeout command to specify the number of minutes a line session may remain inactive before the Secure Router OS terminates the session. Use the no form of this command to return to the default value. Syntax Description Specifies the number of minutes a line session may remain inactive before the Secure Router OS terminates the session. Entering a line-timeout value of 0 disables the feature.
Line (Telnet) Interface Config Command Set login Use the login command to enable security login on the line session requiring the password configured using the password command. Use the no form of this command to disable the login feature. Syntax Description No subcommands. Default Values By default, there is no login password set for access to the unit.
Line (Telnet) Interface Config Command Set login authentication Use the login authentication command to specify the named AAA login list to use for authenticating users connecting on this line. Syntax Description Specify the AAA login list to use for authentication. Default Values The default value is the default AAA list.
Line (Telnet) Interface Config Command Set login local-userlist Use the login local-userlist command to enable security login for the terminal session requiring the usernames and passwords configured using the username/password Global Configuration command. Use the no form of this command to disable the login local-userlist feature. Note All user properties assigned using the username/password command are valid when using the login local-userlist command. Syntax Description No subcommands.
Line (Telnet) Interface Config Command Set password [md5] Use the password command to configure the password (with optional encryption) required on the line session when security login is enabled (using the login command). Use the no form of this command to remove a configured password. Syntax Description md5 Optional. Specifies Message Digest 5 (md5) as the encryption protocol to use when displaying the enable password during show commands.
Router (RIP) Configuration Command Set ROUTER (RIP) CONFIGURATION COMMAND SET To activate the Router (RIP) Configuration , enter the router rip command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#router rip Router(config-rip)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
Router (RIP) Configuration Command Set auto-summary Use the auto-summary command to have RIP version 2 summarize subnets to the classful boundaries. Use the no form of this command to disable this summarization. Syntax Description No subcommands. Default Values By default, auto-summary is disabled.
Router (RIP) Configuration Command Set default-metric Use the default-metric command to set the default metric value for the RIP routing protocol. Use the no form of this command to return to the default settings. Syntax Description Set the default metric value (range: 1-4294967295 Mbps). Default Values By default, this value is set at 0.
Router (RIP) Configuration Command Set network
Use the network command to enable RIP on the specified network. The Secure Router OS will only allow processing (sending and receiving) RIP messages on interfaces with IP addresses that are contained in the networks listed using this command. All RIP messages received on interfaces not listed using this command will be discarded.Router (RIP) Configuration Command Set passive-interface Use the passive-interface command to disable the transmission of routing updates on the specified interface. All routing updates received on that interface will still be processed (and advertised to other interfaces), but no updates will be transmitted to the network connected to the specified interface. Multiple passive-interface commands may be used to create a customized list of interfaces.
Router (RIP) Configuration Command Set redistribute connected [metric ] Use the redistribute connected command to pass routes from one network to another, regardless of the routing protocol implemented on the routing domain. Using the connected keyword allows the propagation of routes connected to other interfaces using the RIP routing protocol. Use the no form of this command to disable the propagation of the specified route type.
Router (RIP) Configuration Command Set redistribute ospf [metric ] Use the redistribute ospf command to advertise routes from one protocol to another, regardless of the routing protocol implemented on the routing domain. Using the ospf keyword allows the propagation of OSPF routes into RIP. Use the no form of this command to disable the propagation of the specified route type. Syntax Description ospf Optional keyword that specifies the Secure Router OS to import OSPF routes into RIP.
Router (RIP) Configuration Command Set redistribute static [metric ] Use the redistribute static command to pass routes from one network to another, regardless of the routing protocol implemented on the routing domain. Using the static keyword allows the propagation of static routes to other interfaces using the RIP routing protocol. Use the no form of this command to disable the propagation of the specified route type.
Router (RIP) Configuration Command Set version Use the version command to specify (globally) the Routing Information Protocol (RIP) version used on all IP interfaces. This global configuration is overridden using the configuration commands ip rip send version and ip rip receive version. Use the no form of this command to return to the default value.
Router (OSPF) Configuration Command Set ROUTER (OSPF) CONFIGURATION COMMAND SET To activate the Router (OSPF) Configuration, enter the router ospf command at the Global Configuration Mode prompt. For example: Router>enable Router#configure terminal Router(config)#router ospf Router(config-ospf)# The following commands are common to multiple command sets and are covered in a centralized section of this guide.
Router (OSPF) Configuration Command Set area default-cost Use this command to assign a cost of the default summary route sent into a stub area or not-so-stubby-area (NSSA). Use the no form of this command to delete the assigned cost. Syntax Description Identifier for this area. Enter as an integer (range: 0-4294967295) or an IP address . Default summary route cost. Range: 0-166777214. Default Values No default.
Router (OSPF) Configuration Command Set area range [advertise | not-advertise] Use this command to configure area route summarizations and to determine whether an address range is advertised to the networks. Syntax Description Identifier for this area. Enter as an integer (range: 0-4294967295) or an IP address . The IP address of the advertised summary route. The mask of the advertised summary route.
Router (OSPF) Configuration Command Set area stub [no-summary] Use this command to configure an area as a stub area. Use the no form of this command to disable stub-designation for areas defined as stubs using this command. Syntax Description Identifier for this stub area. Enter as an integer (range: 0-4294967295) or an IP address . no-summary Optional. Use this optional keyword to designate the area as a total stub area.
Router (OSPF) Configuration Command Set auto-cost reference-bandwidth Use the auto-cost reference-bandwidth command to assign a different interface cost to an interface. It may be necessary to assign a higher number to high-bandwidth links. This value is used in OSPF metric calculations. Syntax Description Set the default reference-bandwidth rate (range: 1-4294967 Mbps). Default Values By default, the rate is set to 100.
Router (OSPF) Configuration Command Set default-information-originate [always] [metric value] [metric-type type] Use the default-information-originate command to cause an ASBR to generate a default route. It must have its own default route before it generates one unless the always keyword is used. Syntax Description always Always advertise default route. metric Configure metric value (range is 0-16777214). metric type Configure metric type (1 or 2).
Router (OSPF) Configuration Command Set default-metric Use the default-metric command to set a metric value for redistributed routes. Syntax Description Set the default metric value (range: 0-4294967295). Default Values By default, this value is set at 20. Command Modes (config-ospf)# Router (OSPF or RIP) Configuration Mode required Functional Notes The metric value defined using the redistribute command overrides the default-metric command’s metric setting.
Router (OSPF) Configuration Command Set network area Use the network area command to enable routing on an IP stack and to define area IDs for the interfaces on which OSPF will run. Use the no form of this command to disable OSPF routing for interfaces defined using this command. Syntax Description Network address . The wildcard mask is in an IP-address-type format and includes “don’t care” bits. Identifier for this area.
Router (OSPF) Configuration Command Set redistribute connected Use the redistribute connected command to advertise routes from one protocol to another. Using the connected keyword allows the advertisement of connected routes into the OSPF routing protocol. This will advertise all connected routes on OSPF-enabled interfaces. It does not enable OSPF on all interfaces. Use the no form of this command to disable the propagation of the specified route type.
Router (OSPF) Configuration Command Set redistribute rip Use the redistribute rip command to advertise routes from one protocol to another, regardless of the routing protocol implemented on the routing domain. Using the rip keyword allows the propagation of RIP routes into OSPF. Use the no form of this command to disable the propagation of the specified route type. Syntax Description rip Optional keyword that specifies the Secure Router OS to import RIP routes into OSPF.
Router (OSPF) Configuration Command Set redistribute static Use the redistribute static command to advertise routes from one protocol to another. Using the static keyword allows the advertisement of static routes into the OSPF routing protocol. This will advertise all static routes on OSPF-enabled interfaces. It does not enable OSPF on all interfaces. Use the no form of this command to disable the propagation of the specified route type.
Router (OSPF) Configuration Command Set summary-address
not-advertise Use this command to control address summarization of routes that are redistributed into OSPF from other sources (e.g., RIP-to-OSPF, static-to-OSPF, etc.). The not-advertise option causes suppression of routes that match the specified mask/prefix mask pair. Syntax Description IP address or Prefix A.B.C.D.Router (OSPF) Configuration Command Set timers lsa-group-pacing Use the timers lsa-group-pacing command to change the link state advertisement (LSA) refresh interval. Syntax Description Set the LSA refresh interval in seconds (range: 10-1,800). Default Values By default, this value is set at 240 seconds.
Router (OSPF) Configuration Command Set timers spf Use the timers spf command to configure the shortest path first (SPF) calculation and hold intervals. Syntax Description Time in seconds between OSPF’s receipt of topology changes and the beginning of SPF calculations. Time in seconds between consecutive SPF calculations. Range: 10-1800 seconds.
Quality of Service (QoS) Map Commands QUALITY OF SERVICE (QOS) MAP COMMANDS A QoS policy is defined using a QoS map in the CLI. The QoS map is a named list with sequenced entries. An entry contains a single match reference and one or more actions (priority, set, or both). To activate the QoS Command Set (which allows you to create and/or edit a map), enter a valid version of the QoS command at the Global Configuration Mode prompt.
Quality of Service (QoS) Map Commands match Use the match command to specify which traffic should be processed by this QoS map.
Quality of Service (QoS) Map Commands priority The priority command provides a high-priority queue, prioritizing this traffic above all others. If no traffic is present in any other queue, priority traffic is allowed to burst up to the interface rate; otherwise, priority traffic above the specified bandwidth is dropped . Use the no form of this command to disable this feature.
Quality of Service (QoS) Map Commands set dscp <0-63> The set dscp command is an optional command for a QoS map that can be used to modify the DSCP field (on matching packets) to the specified value. Syntax Description <0-63> Enter the decimal DSCP value. Default Values No default value is necessary for this command. Command Modes (config-qos-map)# QoS Map Configuration Mode required.
Quality of Service (QoS) Map Commands set precedence <0-7> The set precedence command is an optional command for a QoS map that can be used to modify the IP precedence value (on matching packets) to the specified value. Syntax Description <0-7> Enter the decimal IP precedence value. Default Values No default value is necessary for this command. Command Modes (config-qos-map)# QoS Map Configuration Mode required.
Common Commands COMMON COMMANDS The following section contains descriptions of commands which are common across multiple command sets. These commands are listed in alphabetical order.
Common Commands alias <“text”> Use the alias command to populate the ifAlias OID (Interface Table MIB of RFC 2863) for all physical interfaces and Frame Relay virtual interfaces when using SNMP management stations. Syntax Description Alphanumeric character string (no more than 64 characters) describing the interface (for SNMP) — must be encased in quotation marks Default Values No defaults required for this command.
Common Commands bind <#> Use the bind command to create a bind map from a created tdm-group on an interface to a virtual interface. Caution Changing bind settings could potentially result in service interruption. Syntax Description <#> Number descriptor or label for identifying the bind (useful in systems that allow multiple binds) Specifies the interface (physical of virtual) on one end of the bind.
Common Commands Usage Examples The following example creates a Frame Relay endpoint and binds it to the t1 1/1 physical interface: 1. Create the Frame Relay virtual endpoint and set the signaling method: (config)#interface frame-relay 1 (config-fr 1)#frame-relay lmi-type cisco 2. Create the sub-interface and configure the PVC parameters (including DLCI and IP address): (config-fr 1)#interface fr 1.1 (config-fr 1.1)#frame-relay interface-dlci 17 (config-fr 1.1)#ip address 168.125.33.252 255.255.255.252 3.
Common Commands (config-fr 7)#interface fr 7.22 (config-fr 7.22)#frame-relay interface-dlci 30 (config-fr 7.22)#ip address 193.44.69.253 255.255.255.252 Step 3: Specify the group of DS0s used for signaling on the T1 interface by creating a tdm-group. Group any number of contiguous DS0s together to create a data pipe for layer 2 signaling. Also use the tdm-group command to specify the per-DS0 signaling rate on the interface.
Common Commands description Use the description command as a comment line to enter an identifier for the specified interface (for example, circuit ID, contact information, etc.). Syntax Description Limited to 80 alphanumeric characters. Default Values No defaults required for this command. Command Modes Any Configuration Mode.
Common Commands do Use the do command to execute any command, regardless of the active configuration mode. Syntax Description No subcommands. Default Values No defaults required for this command. Command Modes Any Configuration Mode. Functional Notes Use the do command to view configurations or interface states after configuration changes are made without exiting to the Enable mode.
Common Commands end Use the end command to exit the current Configuration Mode and enter the Enable Security Mode. Note When exiting the Global Configuration Mode, remember to perform a copy running-config startup-config to save all configuration changes. Syntax Description No subcommands. Default Values No defaults necessary for this command. Command Modes This command is valid for all command modes except the Enable Security Mode.
Common Commands exit Use the exit command to exit the current Configuration Mode and enter the previous one. For example, using the exit command in the Interface Configuration Mode will activate the Global Configuration Mode. When using the exit command in the Basic Mode, the current session will be terminated. Note When exiting the Global Configuration Mode, remember to perform a copy running-config startup-config to save all configuration changes. Syntax Description No subcommands.
Common Commands ping
Use the ping command (at the Enable Command Mode prompt) to verify IP network connectivity. Syntax Description Optional. Specifies the IP address of the system to ping. Entering the ping command with no specified address prompts the user with parameters for a more detailed ping configuration. See Functional Notes (below) for more information. Default Values No default value necessary for this command.Common Commands Source Address Specifies the IP address to use as the source address in the ECHO_REQ (or interface) packets. Data Pattern: Specifies an alphanumerical string to use (the ASCII equivalent) as the data pattern in the ECHO_REQ packets. Sweep Range of Sizes: Varies the sizes of the ECHO_REQ packets transmitted. Sweep Min Size: Specifies the minimum size of the ECHO_REQ packet (valid range: 0 to 1488).
Common Commands show running-config Use the show running-config command to display a text print of all the non-default parameters contained in the current running configuration file. Use the verbose keyword to display a text print of the entire configuration (including parameters in their default state). Specific portions of the running-config may be displayed, based on the command entered.
Common Commands Usage Examples The following is a sample output from the show running-config command: >enable #show running-config Building configuration... ! no enable password ! ip subnet-zero ip classless ip routing ! event-history on no logging forwarding logging forwarding priority-level info no logging email ! ip policy-timeout tcp all-ports 600 ip policy-timeout udp all-ports 60 ip policy-timeout icmp 60 ! interface eth 0/1........ 5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.
Common Commands shutdown Use the shutdown command to administratively disable the interface (no data will be passed through). Use the no form of this command to activate the interface. Syntax Description No subcommands. Default Values By default, all interfaces are disabled.
SROS Command Line Interface Reference Guide Index A aaa authentication 202 aaa authentication enable default 203 aaa group server 416 aaa group server radius 205 aaa on 206 aaa processes 209 able 11 access-class in 888 access-policy 436, 588, 648, 717, 779, 813, 848 advertisement-interval 712 alias 923 alias link 720 antireplay 397, 406 area default-cost 904 area range 905 area stub 906 arp arpa 439 attribute 374, 386 authentication pre-share 387 auto cost reference-bandwidth 907 B bandwidth 440, 568, 59
SROS Command Line Interface Reference Guide error messages 8 shortcuts 6 command security levels basic 4 enable 4 common CLI functions 7 common commands 922 configuration 200 configuration modes global 5 interface 5 line 5 router 5 configure 53 connected 899, 911 console port configuring 4 receiving files 59 copy 54 copy console 55 copy interface 57 copy tftp 58 copy xmodem 59 crl 432 crl optional 419 crypto ca authenticate 214 crypto ca certificate chain 216 crypto ca enroll 217 crypto ca import certi
SROS Command Line Interface Reference Guide enable password 234 enable, basic mode 11 enable, enable mode 20 enable, understanding 4 encapsulation 666 encapsulation 802.
SROS Command Line Interface Reference Guide ip domain-lookup 268 ip domain-name 269 ip domain-proxy 270 ip firewall 271 ip firewall attack-log threshold 279 ip firewall check syn-flood 278, 280 ip firewall check winnuke 281 ip firewall policy-log threshold 282 ip forward-protocol udp 283 ip ftp access-class 285 ip ftp agent 286 ip ftp source-interface 287 ip helper-address 457, 623, 675, 749, 787, 826, 859 ip host 288 ip igmp 459, 625, 677, 751, 789, 828, 861 ip igmp join 289 ip mcast-stub downstream 461,
SROS Command Line Interface Reference Guide netbios-node-type 367 network 368, 897 network area 910 no enable password 234 ntp-server 369 O option 370 P parity 883 passive-interface 898 password 426, 884, 893 peer 383 peer default ip address 765 ping 13, 931 point-to-point 241 port-auth auth-mode 475 ppoe ac-name 774 ppp authentication 766 ppp chap hostname 770 ppp chap password 771 ppp chap sent-username/password 773 PPP Interface Configuration command set 715 ppp multilink 772 pppoe service-name 775 pr
SROS Command Line Interface Reference Guide show ip prefix-list 162 show ip protocols 163 show ip route 164 show ip traffic 166 show lldp 167 show lldp device 168 show lldp interface 169 show lldp neighbors interface 170 show lldp neighbors statistics 172 show memory 173 show output-startup 175 show port-auth 176 show processes cpu 178 show qos map 179 show queue 182 show queuing 183 show radius statistics 184 show running-config 933 show snmp 16, 185 show sntp 186 show spanning-tree, status 187 show start
