Version 3.5 Part No.
Copyright © 2000 Nortel Networks All rights reserved. December 2000. The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks NA Inc.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy.
Règlement sur le brouillage radioélectrique du ministère des Communications Cet appareil numérique (Contivity Extranet Switch) respecte les limites de bruits radioélectriques visant les appareils numériques de classe A prescrites dans le Règlement sur le brouillage radioélectrique du ministère des Communications du Canada. Nortel Networks NA Inc.
that cannot be reproduced with the latest Software release. These warranties do not apply to the Software if it has been (i) altered, except by Nortel Networks or in accordance with its instructions; (ii) used in conjunction with another vendor’s product, resulting in the defect; or (iii) damaged by improper environment, abuse, misuse, accident, or negligence.
LICENSEE ACKNOWLEDGES THAT LICENSEE HAS READ THIS AGREEMENT, UNDERSTANDS IT, AND AGREES TO BE BOUND BY ITS TERMS AND CONDITIONS. LICENSEE FURTHER AGREES THAT THIS AGREEMENT IS THE ENTIRE AND EXCLUSIVE AGREEMENT BETWEEN NORTEL NETWORKS AND LICENSEE, WHICH SUPERSEDES ALL PRIOR ORAL AND WRITTEN AGREEMENTS AND COMMUNICATIONS BETWEEN THE PARTIES PERTAINING TO THE SUBJECT MATTER OF THIS AGREEMENT.
Contents 7 Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Next command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Related commands . .
Contents 9 Next command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Related commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 console mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Syntax . . . . . .
Contents enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 11 Command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Next command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Related commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Example . . . . . . . . . . .
Contents Next command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Related commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 ldap . . . . . . . .
Contents 13 Next command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Related commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 logging history . . .
Contents Related commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 15 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Next command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Prerequisites . . . . .
Contents 17 Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Next command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Related commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Example . . . . . . . . . . .
Contents Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Next command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Related commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 show ip access-list . . .
Contents 19 Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Next command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Related commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 show ip ospf neighbor . .
Contents Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Next command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Related commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 show ip route . . . . . .
Contents 21 Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Next command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 show ldap-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Syntax . . . . .
Contents Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Command mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Response . .
Contents 23 Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Related commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 show sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Syntax . . .
Contents Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Related commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 snmp-server name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 Syntax . . . .
Contents 25 Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Related commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Chapter 3 Bulk Load Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Load command . . .
Contents Required fields for user and branch records . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 Group name syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 Certificate Distinguished Name order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preface This book is intended for Nortel NetworksTM ContivityTM VPN Switch managers and administrators. It provides reference information for each of the Web browser configuration screens. Conventions This guide refers to the Contivity VPN Switch as the switch.. This guide assumes that you are familiar with Web browsers and their general operation. Documentation This document uses the following conventions to distinguish among notes of varying importance. Note: Take notice.
Preface Related publications The following list shows the associated documentation that you will need to configure and manage the switch and describes the document’s objectives. • • • Contivity VPN Switch Release Notes provide the latest information, including known problems, workarounds, and special considerations. Configuring the Contivity VPN Switch (included on the CD) provides complete details to configure, monitor, and troubleshoot the switch.
Preface 29 brackets ([ ]) Indicate optional elements in syntax descriptions. Do not type the brackets when entering the command. Example: If the command syntax is show ip interface [-alerts], you can enter either show ip interface or show ip interface -alerts. ellipsis points (. . . ) Indicate that you repeat the last element of the command as needed. Example: If the command syntax is ethernet/2/1 [ ]... , you enter ethernet/2/1 and as many parameter-value pairs as needed.
Preface Acronyms This guide uses the following acronyms: AUI attachment unit interface BootP Bootstrap Protocol BRI basic rate interface CSMA/CD carrier sense multiple access/collision detection DLCMI Data Link Control Management Interface HDLC High-level Data Link Control IP Internet Protocol ISDN Integrated Services Digital Network ISO International Organization for Standardization ITU-T International Telecommunication Union-Telecommunication Standardization Sector (formerly CCITT)
Preface 31 Hard-copy technical manuals You can print selected technical manuals and release notes free, directly from the Internet. Go to the www25.nortelnetworks.com/library/tpubs/ URL. Find the product for which you need documentation. Then locate the specific category and model or version for your hardware or software product. Use Adobe Acrobat Reader to open the manuals and release notes, search for the sections you need, and print them on most standard printers. Go to Adobe Systems at the www.adobe.
Preface Nortel Networks Customer Service If you purchased a service contract for your Nortel Networks product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance.
Chapter 1 Introduction This chapter provides an introduction to the Contivity VPN Switch Command Line Interface (CLI). Accessing the CLI Access from a Telnet session You access the CLI by starting a Telnet session to the switch’s Management IP Address, for example: telnet 10.0.16.247 You then log into the switch using an account with administrator privileges, for example: Login: admin Password: ******* %% Upon login, the CLI prompt appears (%%), indicating that you are in the CLI User Exec Mode.
Chapter 1 Introduction Access from the serial port menu You can access the CLI through the Serial Port menu if you have a serial port connection to the switch. Select L from the Serial Port menu, shown below, to access the CLI. Figure 1 Serial Port Menu Command modes The switch CLI has three command modes.
Chapter 1 Introduction 35 Table 1 CLI Modes, Prompts and Access Mode Prompt Access User Exec Mode CES> Login via Telnet with administrator name and password. Privileged Exec Mode CES# Enter the command enable at the User Exec Mode prompt. Global Config Mode CES(config)# Enter the command configure terminal at the Privileged Exec Mode prompt. User Exec Mode This is the initial command mode when the administrator first establishes a Telnet connection to the switch. It is also called Exec mode.
Chapter 1 Introduction Table 2 User Exec Mode Commands Command Description show ip access-list Display IP access lists show ip ospf Display IP OSPF routing details show ip ospf database Display IP OSPF database summary show ip ospf interface Display IP OSPF interfaces show ip ospf neighbor Display IP OSPF neighbor list show ip rip Display IP RIP details show ip rip database Display info about routes owned and imported by RIP show ip rip interface Display info about interfaces configured
Chapter 1 Introduction 37 Privileged Exec Mode This command mode is entered from User Exec mode with the enable command. The administrator can exit from this mode with the disable command, they will be returned to User Exec mode. This is a full display and configuration mode; it enables additional commands to those in User Exec mode. Exec commands are typically one-time commands, for example, show commands and clear commands.
Chapter 1 Introduction Table 3 Privileged Exec Mode commands Command Description show logging events Show event log contents show logging history Show the logging history setting show logging security Show security log contents show logging syslog Show system log contents Global Configuration Mode This mode allows the administrator to make changes to the switch running configuration. These changes are saved across reboots.
Chapter 1 Introduction 39 Table 4 Global Configuration Mode commands Command Description exit Exit from configure mode help Display message about using help ip http server Enable/disable HTTP management ldap Control LDAP server (Mini-CLI) load Bulk load configuration commands (Mini-CLI) logging history Control system logging level logout Exit the Telnet session (Mini-CLI) reset Set switch system boot mode (Mini-CLI) restore flash Restore factory default switch flash settings restore syst
Chapter 1 Introduction Table 5 NNCLI key bindings Keys Function control-D delete 1 character control-E end of line control-F forward 1 character control-H & delete character left of cursor control-I & command/parameter completion control-K delete all characters after cursor control-L & control-R re-display line control-N or down arrow next history command control-P or up arrow previous history command control-Q escape sequence for unprintables control-T transpose characters control-
Chapter 2 CLI Command Summary This chapter provides a summary of all CLI commands. The Commands are listed in alphabetical order. arp This command modifies the contents of the Address Resolution Protocol (ARP) cache. On the Contivity VPN Switch, only the no form of the de facto command is supported. There is no command to add a permanent entry to the ARP cache. Syntax no arp ip-address Parameters ip-address The IP address to be removed from the ARP cache.
Chapter 2 CLI Command Summary Next command mode Global Configuration Related commands show arp clear arp-cache 311645-A Rev 00
Chapter 2 CLI Command Summary 43 audible alarm This command enables and disables the audible alarm on the switch that is sounded under certain error conditions. Syntax audible alarm no audible alarm Parameters None Default Audible alarm is enabled. Command mode Global Configuration Next command mode Global Configuration Related commands show health Example CES(config)#no audible alarm This example shows the audible alarm being switched off for the switch.
Chapter 2 CLI Command Summary clear arp-cache This command deletes all dynamic entries from the ARP cache, to clear the fast-switching cache, and to clear the IP route cache Syntax This command has no arguments or keywords.
Chapter 2 CLI Command Summary 45 clear ip route This command removes a route from the route table. Note that Static Routes are not removed from the switch browser interface by this command. This command is intended as a troubleshooting tool for use when routing problems are being caused by the presence of a wrong route. Syntax clear ip route address [mask] Parameters address The address of the network to remove from route table. mask The mask associated with the address to remove.
Chapter 2 CLI Command Summary Related commands show ip route Example CES>clear ip route 10.11.0.
Chapter 2 CLI Command Summary 47 clear logging events This command is used to clear the contents of the system events log. Syntax clear logging events Parameters None Default None Command mode Privileged Exec Next command mode Privileged Exec Related commands show logging events Example CES>clear logging events The example shows the command in use. This command does not give any feedback to the user.
Chapter 2 CLI Command Summary configure This command puts the CLI into global configuration mode. This allows the administrator to access global configuration mode commands. To exit this mode, the user can enter [control]-Z, the exit command, or the end command. All global configuration commands are entered from the terminal.
Chapter 2 CLI Command Summary 49 console mode Note: You must have a control tunnel established before you can set this command. This is a mini-CLI command that allows emulation of CLI commands available in earlier versions of the Contivity VPN Switch software. This command controls which menu items are visible on the serial port console for the switch, and what CLI commands can be used.
Chapter 2 CLI Command Summary Parameters restricted1 The system reset and reload commands to change the IP interface address and mask are enabled. restricted2 Only the system reload commands are enabled. The reload command in the CLI only supports the boot-safe and boot-normal parameters. show Display the current console mode setting. Default The system boots in unrestricted mode, where all commands are enabled.
Chapter 2 CLI Command Summary 51 CES(config)#console mode restricted1 CONSOLE MODE has been set to RESTRICTED1. CES#? Exec commands: disable Turn off privileged commands. enable Turn on privileged commands. exit Exit the Telnet session. reload Stop and perform a cold restart. These examples show the default console mode setting, and how setting the console mode to restricted forces the user back to Privileged Exec mode and limits the available CLI commands.
Chapter 2 CLI Command Summary control This command allows emulation of CLI commands available in earlier versions of the switch software. This command allows the administrator to create or delete control tunnels and to display the currently existing control tunnels. Control tunnels provide a secure means to manage the switch. Syntax control [help] {create|delete|show} Parameters help If present, the control command is not Executed, but some Help about the command is displayed..
Chapter 2 CLI Command Summary 53 Examples CES(config)#control Help delete CES(config)#control create CES(config)#control show Reference for the Contivity VPN Switch Command Line Interface
Chapter 2 CLI Command Summary disable This command makes the CLI parser exit from Privileged Exec mode and return to user Exec mode.
Chapter 2 CLI Command Summary 55 Related commands configure enable end Example CES#disable CES> Reference for the Contivity VPN Switch Command Line Interface
Chapter 2 CLI Command Summary enable This command puts the CLI parser into Privileged Exec mode, allowing the administrator to use additional CLI commands. The administrator is prompted for a case-sensitive password before they can enter privileged Exec mode. This password is created when the administrator user account is set up using the Web management pages. The user gets three attempts to enter the password.
Chapter 2 CLI Command Summary 57 Related commands configure disable enable password Example CES>enable Password: fred (The password does not display.
Chapter 2 CLI Command Summary enable password This command allows the user to change the password used by the enable command to get into privileged Exec mode. This is the same password as set on the Profiles->Users Web page for the administator (user admin) account. If the new password is not different from the existing password, a warning message is generated. Syntax enable password password Parameters password The password is defined that the administrator types to enter enable mode.
Chapter 2 CLI Command Summary 59 Related commands configure disable enable Examples CES(config)#enable password fred CES(config)#exit CES#disable CES>enable Password: fred CES#configure CES(config)#enable password jane CES(config)#exit CES#disable CES>enable Password: fred Password: joan Password: charles % Bad secrets CES>enable Password: jane CES#configure CES(config)#enable password jane The enable password you have chosen is the same as your current password. This is not recommended.
Chapter 2 CLI Command Summary exception backup This command allows the administrator to define backup FTP servers for the Contivity VPN Switch. A backup FTP server receives a copy of the LDAP database, configuration file, and other system files that have changed since the last backup. A switch supports up to three backup FTP servers.
Chapter 2 CLI Command Summary 61 Command mode Global configuration Next command mode Global configuration Related commands show exception backup Example CES(config)#exception backup 1 12.0.44.
Chapter 2 CLI Command Summary exit This command allows the administrator to exit any configuration mode or to close an active Telnet session if they use the command when in User Exec mode.
Chapter 2 CLI Command Summary 63 Related commands end Example CES(config)#exit CES#exit CES> This example shows a user starting in Global configuration mode and using the exit command twice to end in User Exec mode.
Chapter 2 CLI Command Summary help This command displays a message about how to use the Help system. Syntax help Parameters None Command mode Available in all command modes Related commands None Example CES#help Help may be requested at any point in a command by entering a question mark (?). If nothing matches, the Help list is empty and you must back up until entering a question mark (?) shows the available options.
Chapter 2 CLI Command Summary 65 host address This command establishes the IP address, port, bind DN, and bind password settings for the external master and slave LDAP servers. The master server is the primary server to process queries. If the master server becomes unavailable, the switch attempts to use the slave LDAP servers. The switch reattempts connection to the master server every 15 minutes or upon a configuration change. The switch has read/write access to the master LDAP server.
Chapter 2 CLI Command Summary bind_dn_value The bind distinguished name (DN) used to connect to the LDAP server. This is the equivalent of a user ID for an LDAP server. It can be omitted for an LDAP server that allows anonymous access. bind-password A password must be used during connection to the FTP server. Default Defaults to a non-SSL connection made to port 389. If ssl-port is specified without providing a port number value, the SSL connection attempt is made to port 636.
Chapter 2 CLI Command Summary 67 hostname This command allows the administrator to specify the DNS host name for the switch. This name should correspond to the name in the DNS server to identify the management address of the switch that is located on the private network. Syntax hostname string Parameters string The DNS name to assign to the switch. This name can have up to 64 characters.
Chapter 2 CLI Command Summary Related commands no hostname ip domain-name ip name-server interface management Example CES(config)#hostname MarketingCES This example assigns the name MarketingCES to the switch.
Chapter 2 CLI Command Summary 69 interface management This command is used to specify the IP address that is used to connect to systemfor the services such as HTTP, FTP, SNMP, and Telnet. The IP address cannot be used for any other purpose.
Chapter 2 CLI Command Summary Related commands ip http server Example CES(config)#interface management Router(config-if)#ip address 10.0.3.33 Router(config-if)#exit This command assigns the IP address 10.0.3.33 to the switch for HTTP, FTP, Telnet, and SNMP connections.
Chapter 2 CLI Command Summary 71 ip http server This command allows the administrator to enable or disable management of the switch using a Web browser. If HTTP management is disabled, the switch can still be managed using the Nortel Networks CLI. Syntax ip http server no ip http server Parameters None Default This feature is enabled by default on the switch.
Chapter 2 CLI Command Summary Related commands interface loopback Example CES(config)#no ip http server This command disables management of the switch using a Web browser. The switch can still be configured using the CLI.
Chapter 2 CLI Command Summary 73 kill This command terminates an identified Telnet session. The Telnet session ID can be obtained using the who command. Any in-progress session commands are completed and the session is then terminated without any warning or message to the Telnet user. If the session ID given by the administrator is not valid, or is not for a Telnet session, the command displays an error message and does nothing.
Chapter 2 CLI Command Summary Related commands who show sessions Example CES# who 121: 213: 217: CES# From From From kill 116.102.4.45 116.102.12.23 116.102.12.23 213 CES# who 121: From 116.102.4.45 217: From 116.102.12.23 This example shows a series of Telnet sessions active on the switch. One is terminated using kill and the results are shown in the subsequent who command.
Chapter 2 CLI Command Summary 75 ldap This is a mini-CLI command to allow emulation of CLI commands available in versions of the switch software earlier than Release 3.0.
Chapter 2 CLI Command Summary stop Stop the LDAP server running. This command cannot be Executed unless the LDAP server is actually running. Default None Command mode Global configuration Next command mode Global configuration Warnings LDAP server is currently running. LDAP server is already running. LDAP server is already stopped. Invalid LDIF file name. LDIF file does not exist.
Chapter 2 CLI Command Summary 77 ldap-server This command is used to configure the settings for the LDAP server used by the switch to store the configuration settings that are not specific to an individual switch. The LDAP server can be internal to the switch being administered, or can be an external server that is shared by one or more Contivities. Syntax ldap-server {internal|external} Parameters internal Enter LDAP server configuration mode for the internal LDAP server.
Chapter 2 CLI Command Summary Related commands ldap-server source show ldap-server Example CES(config)#ldap-server source internal CES(config)#ldap-server internal Router(config-ldap)#server stop Router(config-ldap)#server backup bk0901 Router(config-ldap)#server start Router(config-ldap)#exit This example sets the switch to use the internal LDAP server, stops the server, and backs up the current server database to an LDIF file named /ide0/system/slapd/ ldif/bk0901.
Chapter 2 CLI Command Summary 79 ldap-server source This command sets the source of the LDAP server used by the switch to either the internal LDAP server on the switch itself, or an external LDAP server that can be shared by one or more Contivities. Syntax ldap-server source {internal|external} Parameters internal Use the internal LDAP server for switch configuration data. external Use the external LDAP server for switch configuration data.
Chapter 2 CLI Command Summary Warnings External LDAP server not configured. Cannot reach external LDAP server. Related commands ldap-server show ldap-server Example See the example for the ldap-server command.
Chapter 2 CLI Command Summary 81 load This is a mini-CLI command to allow emulation of CLI commands available in earlier versions of the switch software. This command allows the administrator to use the Bulk Load facility to Execute a command file that has been previously copied to the switch using FTP. The commands in the file can configure various settings on the switch. This facility is used to bulk configure the switch.
Chapter 2 CLI Command Summary Prerequisites The LDAP server must be running. Related commands ldap Example CES(config)#load /ide0/system/test.
Chapter 2 CLI Command Summary 83 logging history This command determines what types of messages are stored in the system logs. Once the message type level has been established, future messages stored in the system logs must be at or above this level for them to be saved. This is different from the IOS implementation, where this command only affects syslog messages.
Chapter 2 CLI Command Summary Command mode Global configuration Next command mode Global configuration Warnings Does not agree with syslog forwarding settings. Related commands show logging history logging facility syslog show logging syslog Example CES(config)#logging history errors This command sets the system logging on the switch to store emergency, alert, critical, and error condition messages in the system log.
Chapter 2 CLI Command Summary 85 logout This is a mini-CLI command to allow emulation of CLI commands available in earlier versions of the switch software. This command logs the administrator off the switch and terminates the Telnet session. It is equivalent to using the exit command in User Exec mode. Syntax logout Parameters None Command mode Global configuration Next command mode Global configuration Related commands exit Example CES(config)#logout This example disconnects the session.
Chapter 2 CLI Command Summary more This command displays a readable file on the switch. The file is displayed on Telnet screen at a time. The user can use the pagination keys to see the next screen or line in the file, or to quit from the display. It differs from the de facto standard in that it cannot be used to display a file on a remote file system. It also does not support the /ebcdic output switch that causes the file to be printed in EBCDIC mode.
Chapter 2 CLI Command Summary 87 Printable characters are characters whose character codes are in the range decimal 32 (space) to decimal 126 (~) inclusive, plus the characters \t (decimal 9), \n (decimal 10), and \r (decimal 13). Non-printable characters are represented by a period (.) in the ASCII part if the binary output format. Command mode Privileged Exec Next command mode Privileged Exec Warnings File not found. Cannot display a file that is larger that 10KB.
Chapter 2 CLI Command Summary Example CES#more disk0:system/config/CFG01022.DAT +AccessLst[abc] AccessLst[abc].Name=abc +AccessLst[abc].Rule[11.4.1.6:1.1.1.1:DENY] AccessLst[abc].Rule[11.4.1.6:1.1.1.1:DENY].Key=11.4.1.6:1.1.1.1:DENY AccessLst[abc].Rule[11.4.1.6:1.1.1.1:DENY].Protocol=IP AccessLst[abc].Rule[11.4.1.6:1.1.1.1:DENY].SourceAddr=11.4.1.6 AccessLst[abc].Rule[11.4.1.6:1.1.1.1:DENY].SourceWildcard=1.1.1.1 +AccessLst[abc].Rule[abdguiwfeh:255.255.0.0:Permit] AccessLst[abc].Rule[abdguiwfeh:255.255.
Chapter 2 CLI Command Summary 89 ping The ping (packet internet groper function) command provides a basic ping facility. It sends three 100-byte ping packets. The ping command does not recognize DNS names with hyphens.
Chapter 2 CLI Command Summary Warnings If the system cannot map an address for a host name, it returns a "%Unknown Host" error message. Related commands trace ip {host | address} Examples CES>ping 122.104.11.112 PING 122.104.11.112: 56 data bytes 64 bytes from 122.104.11.112: icmp_seq=0. time= 16 ms 64 bytes from 122.104.11.112: icmp_seq=1. time=<16 ms 64 bytes from 122.104.11.112: icmp_seq=2. time=<16 ms ----122.104.11.
Chapter 2 CLI Command Summary 91 reload This command forces the switch to reboot immediately. Options can be specified to determine whether the switch turns off or reboots, which configuration to use after a reboot, and other settings. The user is prompted to confirm that they want to continue with the reload. If they say yes and if the reload command is valid, the system reload commences in approximately 10 seconds. The Safe and Normal boot modes are used for secure management of the switch.
Chapter 2 CLI Command Summary latest The switch should be rebooted with the latest configuration file. factory The switch should be rebooted with the reset configuration file. This file sets the switch to basic defaults. The contents of the LDAP database and other settings are still maintained. config-name Name of previously saved configuration to use on reboot. disable-logins No more logins should be permitted before the reboot occurs.
Chapter 2 CLI Command Summary 93 Next command mode Privileged Exec Prerequisites A named configuration file can only be used after it has been created. Warnings Any warnings cause the command to fail. The user must reenter the command after correcting the parameters in error. Configuration file does not exist.
Chapter 2 CLI Command Summary Example CES#reload restart boot-drive ide0 config-file factory disable-after-restart Upgrade software Reload Scheduled Shutdown Reload Explanation: Upgrade software After Shutdown: Restart Disable New Logins: No Disable Logins after Restart: Yes Boot Mode: Normal Config File: Reset Config File Boot Drive: /ide0/ Proceed with reload? [confirm]y This reboots the switch from ide0, using the factory installed defaults and disabling logins after the reboot to allow for system m
Chapter 2 CLI Command Summary 95 reload at This command sets a time in the future at which the switch will reboot. Options can be specified to determine whether the switch turns off or reboots, which configuration to use after a reboot, and other settings. The user is prompted to confirm that they want to continue with the reload. If they say yes and if the reload command is valid, the system reload will start at the specified time.
Chapter 2 CLI Command Summary factory The switch should be rebooted with the reset configuration file. This file sets the switch to basic defaults, the contents of the LDAP database and other settings are still maintained. config-name Name of previously saved configuration to use on reboot. disable-logins No more logins should be permitted before the reboot occurs. disable-after-restart Logins should not be permitted after the reboot.
Chapter 2 CLI Command Summary 97 Prerequisites A named configuration file can only be used after it has been created. Warnings Any warnings cause the command to fail. The user must reenter the command after correcting the parameters in error. Configuration file does not exist.
Chapter 2 CLI Command Summary Example CES#reload at 22:00 restart boot-drive ide0 disable-after-restart Backup LDAP database Reload Scheduled Shutdown at 22:00:00 Reload Explanation: Backup LDAP database After Shutdown: Restart Disable New Logins: No Disable Logins after Restart: Yes Boot Mode: Normal Config File: latest Boot Drive: /ide0/ Proceed with reload? [confirm]y This reboots the switch from ide0, using the latest configuration and disabling logins after the reboot to allow for system maintenan
Chapter 2 CLI Command Summary 99 reload cancel This command cancels any pending reload command. There can only be one pending reload at any given time. When a reload has been canceled the details for the pending reload are displayed. Syntax reload cancel Parameters None Default None Command mode Privileged Exec Response The command will output a message giving details about the type of reload command that was canceled.
Chapter 2 CLI Command Summary Next command mode Privileged ExecPrerequisites A reload must already have been scheduled. Warnings No currently scheduled reload operation.
Chapter 2 CLI Command Summary 101 Example CES#reload at 22:00 restart boot-drive ide0 disable-after-restart Backup LDAP database CES#reload cancel Reload Scheduled Shutdown at 22:00:00 has been canceled Reload Explanation: Backup LDAP database After Shutdown: Restart Disable New Logins: No Disable Logins after Restart: Yes Boot Mode: Normal Config File: latest Boot Drive: /ide0/ This example schedules a reload command that would reboot the switch from ide0, using the latest configuration and disabling logi
Chapter 2 CLI Command Summary reload in This command sets a timer that causes the switch to reboot after a certain time has passed. Options can be specified to determine whether the switch turns off or reboots, which configuration to use after a reboot, and other settings. The user is prompted to confirm that they want to continue with the reload. If they say yes and if the reload command is valid, the system reload will start at the specified time.
Chapter 2 CLI Command Summary 103 factory The switch should be rebooted with the reset configuration file. This file sets the switch to basic defaults; the contents of the LDAP database and other settings are still maintained. config-name Name of the previously saved configuration to use on reboot. disable-logins No more logins should be permitted before the reboot occurs. disable-after-restart Logins should not be permitted after the reboot.
Chapter 2 CLI Command Summary Prerequisites A named configuration file can only be used after it has been created. Warnings Any warnings cause the command to fail. The user must reenter the command after correcting the parameters in error. Configuration file does not exist.
Chapter 2 CLI Command Summary 105 Example CES#reload in 8:00 restart boot-drive ide1 power-off disable-logins Reload Scheduled Shutdown in 480 minutes Reload Explanation: Scheduled Shutdown in 480 minutes After Shutdown: Powerdown Disable New Logins: Yes Disable Logins after Restart: No Boot Mode: Normal Config File: latest Boot Drive: /ide1/ Proceed with reload? [confirm]y This example command powers down the switch in eight hours time. When the switch is powered up again it will reboot from ide1.
Chapter 2 CLI Command Summary reload no-sessions This command causes the switch to reboot after there are no further logins. The reboot will start after all tunnels into the box, and all management sessions (Telnet, Web, etc.) have been closed. Options can be specified to determine whether the switch turns off or reboots, which configuration to use after a reboot and other settings. The user is prompted to confirm that they want to continue with the reload.
Chapter 2 CLI Command Summary 107 factory The switch should be rebooted with the reset configuration file. This file sets the switch to basic defaults; the contents of the LDAP database and other settings are still maintained. config-name Name of previously saved configuration to use on reboot. disable-logins No more logins should be permitted before the reboot occurs. disable-after-restartLogins should not be permitted after the reboot.
Chapter 2 CLI Command Summary Prerequisites A named configuration file can only be used after it has been created. Warnings Any warnings cause the command to fail. The user must reenter the command after correcting the parameters in error. Configuration file does not exist.
Chapter 2 CLI Command Summary 109 Example CES#reload no-sessions restart disable-logins Reload Shutdown after all users log off Reload Explanation: Shutdown after all users log off After Shutdown: Restart Disable New Logins: Yes Disable Logins after Restart: No Boot Mode: Normal Config File: latest Boot Drive: /ide0/ Proceed with reload? [confirm]y This example reboots the switch from ide0, using the latest configuration when there are no sessions connected to the switch.
Chapter 2 CLI Command Summary server backup This command copies the current contents of the internal switch LDAP database into an LDIF file. The LDIF file can be saved off the switch for backup purposes. The internal LDAP server must be stopped before a backup command can be performed. Syntax server backup filename Parameters filename The filename to which the LDAP database will be backed up. The filename can have a maximum of 8 characters.
Chapter 2 CLI Command Summary 111 Next command mode LDAP server configuration Prerequisites The internal LDAP server must be stopped before a backup command can be performed. Warnings LDIF File xxxxxxxx already exists. The LDAP server must be stopped before performing a backup. Cannot backup LDAP server, backup in progress. Cannot backup LDAP server, restore in progress.
Chapter 2 CLI Command Summary Example CES(config)#ldap-server internal Router(config-ldap)#server stop Router(config-ldap)#server backup jan102000 Server backup started to file /ide0/system/slapd/ldif/jan102000 Server backup completed Router(config-ldap)#server start Router(config-ldap)#exit This example shows the internal LDAP server being stopped and the contents being backed up to a file called jan102000. After the backup has completed, the LDAP server is started again.
Chapter 2 CLI Command Summary 113 server restore This command replaces the current contents of the internal LDAP database with an LDIF file, possibly created by a server backup operation, or some script. The internal LDAP server must be stopped before a restore command can be performed. The previous contents of the LDAP database is lost. Syntax server restore filename Parameters filename The name of the LDIF file that should be restored into the LDAP database.
Chapter 2 CLI Command Summary Next command mode LDAP server configuration Prerequisites The internal LDAP server must be stopped before a restore command can be performed. Warnings LDIF file “filename” not found. The LDAP server must be stopped before performing a restore. Cannot restore LDAP server, backup in progress. Cannot restore LDAP server, restore in progress.
Chapter 2 CLI Command Summary 115 Example CES(config)#ldap-server internal Router(config-ldap)#server stop Router(config-ldap)#server restore jan031999 Server restore started from file /ide0/system/slapd/ldif/ jan031999 Server restore completed Router(config-ldap)#server start Router(config-ldap)#exit This example shows the internal LDAP server being stopped and the contents being restored from the LDIF file called jan031999. After the restore has completed, the LDAP server is started again.
Chapter 2 CLI Command Summary server start This command starts the internal switch LDAP server after it has been stopped. Syntax server start Parameters None Default None Command mode LDAP server configuration Response The switch outputs a confirmation message once the LDAP server has been restarted. Next command mode LDAP server configuration Prerequisites The internal LDAP server must have been previously stopped.
Chapter 2 CLI Command Summary 117 Warnings The LDAP server is already started. Cannot start LDAP server, backup in progress. Cannot start LDAP server, restore in progress. Related commands ldap-server internal server backup server restore server stop Example CES(config)#ldap-server internal Router(config-ldap)#server start The LDAP server has started Router(config-ldap)#exit This example shows the internal LDAP server being started.
Chapter 2 CLI Command Summary Syntax server stop Parameters None Default None Command mode LDAP server configuration Response The switch outputs a confirmation message when the LDAP server has stopped. Next command mode LDAP server configuration Prerequisites The internal LDAP server must be running. Warnings The LDAP server is already stopped.
Chapter 2 CLI Command Summary 119 Related commands ldap-server internal server backup server restore server start Example CES(config)#ldap-server internal Router(config-ldap)#server stop The LDAP server has stopped Router(config-ldap)#exit This example shows the internal LDAP server being stopped. Comments Once the internal LDAP server has been stopped, the switch will not allow further login attempts to the switch because it cannot validate the user credentials.
Chapter 2 CLI Command Summary show arp This command displays the entries in the ARP table.
Chapter 2 CLI Command Summary 121 show exception backup This command shows the current backup FTP servers that are defined for the switch. Syntax show exception backup Parameters None Default None Command mode Global configuration Response This command outputs details of the current backup FTP servers that have been defined for the switch, if any.
Chapter 2 CLI Command Summary Next command mode Global configuration Warnings No backup FTP servers defined Related commands exception backup 311645-A Rev 00
Chapter 2 CLI Command Summary 123 Example CES(config)#show exception backup Backup FTP Server 1. Server Address: 12.230.111.10 Backup Filepath: /dev1/CES/Backup Backup Interval: 12 hours Server Username: ContivityAdmin Backup FTP Server 3. Server Address: backupCES.internal.com Backup Interval: 168 hours Server Username: ContivityMainAdmin CES(config)#no exception backup 3 CES(config)#show exception backup Backup FTP Server 1. Server Address: 12.230.111.
Chapter 2 CLI Command Summary show file systems This command shows the available file systems on the switch, including device size, and details of available space remaining.
Chapter 2 CLI Command Summary 125 show flash: contents This command shows the current settings that are in flash for the switch. This is equivalent to the Flash Contents button display on the Status->Statistics Web management page.
Chapter 2 CLI Command Summary Command mode User Exec Next command mode User Exec Related commands show version 311645-A Rev 00
Chapter 2 CLI Command Summary 127 xample CES>show file: contents Flash Header - copyright: Nortel Networks, Copyright 1999, 2000 tag: NOC version: 1 length: 711 count: 15 Flash Data model number: Contivity1510D MAC address: 00-E0-7B-00-0D-30 serial number: 12192 feature keys: Maximum Ethernet ports: 2 Maximum T-1 ports: 1 Maximum T-3 ports: 0 Allow PPTP tunnels: True Allow L2F tunnels: True Allow L2TP tunnels: True Allow IPsec tunnels: True Allow QoS internal: True Allow QoS admission: True Allow RSVP: Tru
Chapter 2 CLI Command Summary system IP address: 10.211.4.42 system IP netmask: 255.255.0.0 system default gateway: 10.0.0.10 checksum: 56091 This example shows the flash settings for a Contivity VPN Switch1510D. The output differs depending on the type of switch being using. show health This command displays information about the overall health of the switch. It allows the administrator to check on areas that may cause problems in the future, as well as see where problems have been detected already.
Chapter 2 CLI Command Summary 129 Default If a warning level is not given, then only alert and warning problems are shown, equivalent to: show health warnings Command mode Privileged Exec Response See the example for output from this command. Next command mode Privileged Exec Related commands audible alarm Example CES#show health warnings Alert: Alert: Alert: Alert: Warning: Warning: LAN on slot 2 Interface 1. Device fei1 down Auto backup servers. Can't backup to 12.33.44.123 Voltage 2.5 VA.
Chapter 2 CLI Command Summary show ip access-list This command displays the contents of all current IP access lists. The CLI accepts names up to 50 characters long. The maximum length of the CLI name is 50 characters, not 64 as it is in the browser-based GUI. Syntax show ip access-list Parameters access-list The access-list. name Optional parameter. Default None Command mode User Exec Response See the example for output from this command.
Chapter 2 CLI Command Summary 131 Next command mode User Exec Example CES>show ip access-list name Standard IP access list TEST permit 2.2.0.0, wildcard bits 255.255.0.0, exact Standard IP access list TEST1 deny 3.3.0.0, wildcard bits 255.255.0.0, exact This example shows the lists of all access lists created and the contents of it.
Chapter 2 CLI Command Summary show ip ospf This command displays general information about OSPF routing and the state of OSPF routing processes. Syntax show ip ospf Parameters None Default None Command mode User Exec Response See the example for output from this command.
Chapter 2 CLI Command Summary 133 Example CES>show ip ospf Router id is 10.254.1.36 Router State is Up Supports TOS 0 route SPF schedule delay 3 secs, Hold time between two SPFs 3 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs Number of external LSA = 0 Link State Update Interval is 00H:30M (Same for all areas) Link State Age Interval is 01H:00M (Same for all areas) Number of Areas in this router is 3. 3 Normal 0 Stub 0 nssa Area 0.0.0.
Chapter 2 CLI Command Summary show ip ospf database This command displays information related to the OSPF database for the switch. It also delivers information about OSPF link state advertisements. Syntax show ip ospf database Parameters None Default None Command mode User Exec Response See the example for output from this command.
Chapter 2 CLI Command Summary 135 Example CES>show ip ospf database CES>show ip ospf database Displaying Router Link States (Area 0.0.0.0) Link State ID --------------15.62.250.250 10.254.1.36 Adv Router --------------15.62.250.250 10.254.1.36 Age ----1041 1001 Seq Nbr ---------0x80000011 0x8000001d CheckSum -------0xecf5 0xf39a Links ----3 6 Displaying Summary Link States (Area 0.0.0.0) Link State ID Adv Router Age Seq Nbr CheckSum --------------- --------------- ----- ---------- -------15.62.0.
Chapter 2 CLI Command Summary show ip ospf interface This command displays information about interfaces that are configured for OSPF routing. Syntax show ip ospf interface Parameters None Default None Command mode User Exec Response See the example for output from this command.
Chapter 2 CLI Command Summary 137 Related commands show ip ospf show ip ospf database show ip ospf neighbor Example CES>show ip ospf interface IP Address-CId Area ID Type State 15.60.150.150-17 0.0.0.0 BCAST 15.63.150.150-74 0.0.0.0 PTPT Cost Priority Router DR 1 Other 100 1 10.254.1.36 1 0.0.0.0 This example displays OSPF related interface information.
Chapter 2 CLI Command Summary show ip ospf neighbor This command displays information about OSPF neighbors on a per interface basis. Syntax show ip ospf neighbor Parameters None Default None Command mode User Exec Response See the example for output from this command.
Chapter 2 CLI Command Summary 139 Example CES>show ip ospf neighbor OSPF Dynamic Neighbors RouterID Pri State Dead Time Address Interface -------------- --- ------------- ------------- -------------- ----------- 10.0.62.182 1 FULL/DR 00:00:20 10.0.62.182 10.0.4.41 10.0.16.36 1 2WAY 00:00:34 10.0.16.36 10.0.4.41 10.0.7.184 1 FULL/BDR 00:00:37 10.0.60.182 10.0.4.41 10.0.7.182 1 2WAY 00:00:40 10.0.61.182 10.0.4.
Chapter 2 CLI Command Summary show ip rip This command displays general information about RIP routing and the state of RIP routing process and status. Syntax show ip rip Parameters None Default None Command mode User Exec Response See the example for output from this command.
Chapter 2 CLI Command Summary 141 Next command mode User Exec Related commands Example CES>show ip rip Global Rip Status: Enabled Trusted Neighbor: Disabled, Rip Domain: 0 Triggered Update: Off, RouteChange: 0x0, Query: 0x0 Local [Net: 0x00000000, Mask: 0x00000000, ClassMask: 0x00000000] LocalCircuit: 1 Node Wide Stats: rn_rtid: 0x00000000 rn_tics: 0, rn_num_circ: 0, rn_routes: 0 rn_udpInDatagrams: 0, rn_udpOutDatagrams: 1 rn_udpInErrors: 0, rn_udpNoPorts: 0 This example shows the state of RIP and the as
Chapter 2 CLI Command Summary show ip rip database This command provides information related to the RIP database for the switch. It also delivers information about routes owned and imported by RIP. Syntax show ip rip database Parameters None Default None Command mode User Exec Response See the example for output from this command.
Chapter 2 CLI Command Summary 143 Next command mode User Exec Related commands show ip rip show ip rip interface show ip rip database Example CES>show ip rip database Table 6 Circuit Address Mask Owner Cost Metric GW 1 1 192.32.0.0 255.255.0.0 RIP 5 5 10.0.234.230 192.168.0.0 255.255.0.0 RIP 5 5 10.0.234.230 1 9.1.10.18 255.255.255.255 RIP 5 5 10.0.234.230 This example shows routes owned by an RIP database.
Chapter 2 CLI Command Summary show ip rip interface This command displays information about interfaces that are configured for RIP routing Syntax show ip rip interface Parameters None Default None Command mode User Exec Response See the example for output from this command.
Chapter 2 CLI Command Summary 145 Example CES>show ip rip interface Ip: 10.0.15.146 Subnet: 255.255.0.0 RipEnabled: Yes IntfState: UP Auth: None Type: ETH Cid: 1 RxMode: V2 TxMode: V2 PoisonRev: Enabled ImpDRoute: Disabled ExpTSMetric: 1 ExpSMetric: 1 ExpDMetric: 0 ExpOspfMetric: 0 This example shows the state of the configured interface.
Chapter 2 CLI Command Summary show ip route This command displays the current contents of the RTM routing table. Each line of the output has the following format: P TT a.a.a.a/n [ad/rm] via nh.nh.nh.nh, d hh:mm:ss, CircId nFormat CodeUsage P Authoring protocol TT Type a.a.a.a Address n Number of bits in the network mask ad Administrative distance (route preference) rm Route metric nh.nh.nh.
Chapter 2 CLI Command Summary 147 The meaning of the authoring protocol codes shown for each line of the output is shown below. Table 7 Code Meaning BBGP Derived D Direct OOSPF Derived RRIP Derived S Static IAOSPF inter area route E1OSPF external type 1 route E2OSPF external type 2 route Syntax show ip route [address [mask]] Parameters If no parameters are specified all of the current contents are displayed. address Display a specific host a.a.a.
Chapter 2 CLI Command Summary Response See the example for output from this command. Next command mode User Exec Related commands clear ip route Example CES>show ip route S D D D D D 0.0.0.0/0 [6/10] via 10.0.0.10, 0 00:58:36, CircId 1 10.0.0.0/16 [0/0] via 10.0.4.41, 0 00:58:36, CircId 1 10.0.3.41/32 [0/0] via 127.0.0.1, 0 00:58:36, CircId 1 10.0.4.41/32 [0/0] via 127.0.0.1, 0 00:58:36, CircId 1 11.0.0.0/16 [0/0] via 11.0.4.41, 0 00:58:36, CircId 9 11.0.4.41/32 [0/0] via 127.0.0.
Chapter 2 CLI Command Summary 149 show ip route-policies This command displays the contents of route policies in the routing protocol. Syntax show ip route-policies Parameters None Default None Command mode User Exec Response See the example for output from this command.
Chapter 2 CLI Command Summary Next command mode User Exec Related commands show ip route Example CES>show ip route-policies ospf, 0, interface 10.0.3.41, distribute list in TEST This example shows the accept route policy in OSPF on the interface where TEST stands for the name of the access list.
Chapter 2 CLI Command Summary 151 show ip traffic This command displays statistics about IP traffic including packets sent and received, and various errors. Syntax show ip traffic Parameters None Default None Command mode User Exec Response See the example for output from this command.
Chapter 2 CLI Command Summary Example CES>show ip traffic IP statistics: total 282511 badsum 0 tooshort 0 toosmall 0 badhlen 0 badlen 0 infragments 0 fragdropped 0 fragtimeout 0 forward 0 cantforward 3 redirectsent 0 unknownprotocol 6 nobuffers 18 reassembled 0 outfragments 0 noroute 125 badoptions 0 badversion 0 zero src addr 3 src=dst addr 0 src addr error 0 dest addr error 0 mgmt filterdrops 6127 intf filterdrops 0 route filterdrops 0 qosdrops 0 ICMP: 27 calls to icmp_error 0 error not generated bec
Chapter 2 CLI Command Summary 153 49825 total packets 49807 input packets 18 output packets 0 incomplete header 0 bad data length field 0 bad checksum 22277 broadcasts received with no ports 0 full socket 59 pcb cache lookups failed 27 pcb hash lookups failed TCP: 16085 packets sent 15226 data packets (2336894 bytes) 0 data packet (0 byte) retransmitted 778 ack-only packets (504 delayed) 0 URG only packet 0 window probe packet 3 window update packets 78 control packets 15898 packets received 11943 acks (for
Chapter 2 CLI Command Summary show ip vrrp This command displays information about VRRP status. Syntax show ip vrrp [interface] Parameters interface Displays information about VRRP status of the specified interface. Default None Command mode User Exec Response See the example for output from this command.
Chapter 2 CLI Command Summary 155 Example CES>show ip vrrp Slot Intf VRID Prio State Address 0 1 1 255 Master 10.0.20.186 0 1 2 100 Backup 10.0.21.186 CES>show ip vrrp interface Slot 0 Interface 1 Virtual router 1 Current state is Master, priority 255, may not preempt Advertisement interval 1 IP Address 10.0.20.
Chapter 2 CLI Command Summary show ldap-server This command displays the configuration settings and state for the internal and external LDAP servers. Syntax show ldap-server [all|external|internal] Parameters all Displays configuration and state for the internal and the external LDAP servers. external Displays configuration and state for the external LDAP servers. internal Displays configuration and state for the internal LDAP server.
Chapter 2 CLI Command Summary 157 Warnings No external LDAP servers configured. Related commands ldap-server ldap-server source Example CES(config)#show ldap-server Current LDAP server is Internal LDAP server is started Internal LDAP Server settings Suffix-remove: Yes External LDAP Server settings Suffix-remove: No Master Host Address: 11.122.12.
Chapter 2 CLI Command Summary show logging config This command displays the contents of the configuration log. This log tracks all changes to the configuration of the switch. Syntax show logging config [date {day month [year]|month day [year]}] [normal|urgent|detailed|all] Parameters date The date for which the configuration log is to be displayed. day The day of the month for which the configuration log is to be displayed. month The month for which the configuration log is to be displayed.
Chapter 2 CLI Command Summary 159 Default The date value defaults to today. If the year portion of the date is omitted it defaults to the current year. The display level defaults to normal. Command mode Privileged Exec Response See the example for output from this command.
Chapter 2 CLI Command Summary Example CES#show logging config level urgent Config Log contents for Friday, July 30, 2000 *09:54:15 tRootTask 0 : Error in cfg file setting 'IpxIntfOmCls.IpxPrivateLANS[256].$ *09:54:15 tRootTask 0 : Error in cfg file setting 'IpxIntfOmCls.IPXPublicAddress=N/A$ CES# CES#show logging config Config Log contents for Friday, July 30, 2000 09:52:31 tHttpdTask 0 : Shutdown.
Chapter 2 CLI Command Summary 161 show logging events This command displays the contents of the event log. The event log is a detailed recording of all events that take place on the system. The event log is maintained in switch memory with significant events being saved in the system log and written to disk. The event log retains approximately 2000 entries and discards old entries when it is refreshed.
Chapter 2 CLI Command Summary Default Dropped IP and IPX packets are not tracked. Command mode Privileged Exec Response See the example for output from this command. Next command mode Privileged Exec Warnings If the user chooses to track dropped IP or IPX packets, a confirmation is requested due to the performance impact.
Chapter 2 CLI Command Summary 163 Example CES#show logging events 09/02/1999 11:57:12 0 PaceJob{0} [00] Calling 0x00ca012c, passing 011b7e88, 00000000$ 09/02/1999 12:01:52 0 FTP Backup [13] Redundant Disk is not available 09/02/1999 12:01:52 0 FTP Backup [13] Update completed 09/02/1999 12:02:00 0 DCLog [00] DCManager flushing data to stat file '19990902.
Chapter 2 CLI Command Summary 09/02/1999 12:04:00 0 Security [13] Management: Forcing admin to re-supply userid 09/02/1999 12:04:03 0 Security [11] Session: LOCAL[admin] attempting login 09/02/1999 12:04:03 0 Security [01] Session: LOCAL[admin] has no active sessions 09/02/1999 12:04:03 0 Security [01] Session: LOCAL[admin] admin has no active accoun$ 09/02/1999 12:04:03 0 Security [12] Session: LOCAL[admin]:2877 master admin authenti$ 09/02/1999 12:04:03 0 Security [11] Session: LOCAL[admin]:2877 serve
Chapter 2 CLI Command Summary 165 09/02/1999 12:26:22 0 IPvfy.03739424{Prv} [00] Pkt(21-40) 00 89 00 89 00 3a 80 78 d7$ 09/02/1999 12:26:23 0 IPvfy.03739424{Prv} [00] Mgmt filter drop, src 0x841c090a dst $ 09/02/1999 12:26:23 0 IPvfy.03739424{Prv} [00] Pkt(01-20) 45 00 00 4e b4 66 00 00 05$ 09/02/1999 12:26:23 0 IPvfy.
Chapter 2 CLI Command Summary Command mode Privileged Exec Response See the example for output from this command. Next command mode Privileged Exec Related commands logging history Example CES#show logging history Logging history level is errors This example shows the output for a switch where the logging history is still the default value. show logging security This command displays the contents of the security log.
Chapter 2 CLI Command Summary 167 Parameters date Specify the date for which the security log is to be displayed. day The day of the month for which the security log is to be displayed. month The month for which the security log is to be displayed. year The year for which the security log is to be displayed. A four-digit value. normal Display normal events, including user and system interactions, that indicate switch activity.
Chapter 2 CLI Command Summary Response See the example below for output from this command. Next command mode Privileged Exec Related commands show logging config show logging events show logging syslog Example CES#show logging security *09:54:26 tEvtLgMgr 0 : Security [13] Management: Request for manager.
Chapter 2 CLI Command Summary 169 This example shows the security log output for normal messages. The urgent messages are marked with an asterisk (*) character. Comments The amount of output from this command can be substantial. It is automatically paginated on display so that the user can see one page of output at a time. The user can go through the output one screen at a time, or quit and abandon the remainder of the output. show logging syslog This command displays the contents of the system log.
Chapter 2 CLI Command Summary urgent Display events that an administrator should be aware of immediately. In the output, these events are marked with an asterisk. Could indicate potential security or access problems. Also display normal events. detailed Display events for use of Nortel Networks support personnel. Also display normal and urgent events. all Display events for use of Nortel Networks support personnel used for troubleshooting the switch. Includes every event that the switch generates.
Chapter 2 CLI Command Summary 171 Related commands logging history logging facility syslog show logging config show logging events show logging security Example CES#show logging syslog *14:01:52 tEvtLgMgr 0 : FTP Backup [13] Update completed *15:01:52 tEvtLgMgr 0 : FTP Backup [13] Redundant Disk is not available *15:01:52 tEvtLgMgr 0 : FTP Backup [13] Update completed *15:09:09 tEvtLgMgr 0 : Security [13] Management: Forced Admin User Off Due to Timeo$ 15:09:09 tEvtLgMgr 0 : Security [12] Session: LOCAL[a
Chapter 2 CLI Command Summary Comments The amount of output from this command can be substantial. It is automatically paginated on display so that the user can see one page of output at a time. The user can go through the output one screen at a time, or quit and abandon the remainder of the output. show reload This command displays information about any pending shutdowns that are scheduled on the switch.
Chapter 2 CLI Command Summary 173 Next command mode User Exec Warnings No reload currently scheduled. Related commands reload cancel reload reload at reload in reload no-sessions Example CES>show reload Reload scheduled Explanation: After shutdown: Current logins: Reboot logins: Boot drive: Config file: in 1 hour 45 minutes Load latest software patches Restart Enabled Disabled /ide0 latest This example shows details about the currently scheduled reload.
Chapter 2 CLI Command Summary Syntax show [branch-office] [ipsec] [pptp] [l2tp] [l2f] [admin] [all] sessions [detail] Parameters admin Show information for administrator connections. all Show information for all connection types. branch-office Show information for branch office connections. details Show detailed information for the connections. ipsec Show information for IPSec connections. l2f Show information for L2F connections. l2tp Show information for L2TP connections.
Chapter 2 CLI Command Summary 175 Response See the example for output from this command. Next command mode User Exec Related commands who kill Example CES>show sessions This command shows the administrator connections currently made to the switch. Details include the number of current sessions as well as who is currently logged in to each session.
Chapter 2 CLI Command Summary Default None Command mode User Exec Next command mode User Exec Related commands show flash: contents Example CES>show version Contivity VPN Client Software Software Version: V01_00.00 Software Build Date: Nov 18 2000, 11:31:50 System Serial Number: 12012 MAC Address: 00-E0-7B-00-00-C0 BIOS: 1.00.02.DI0 11/05/9612:40:54 bftarget uptime: 016 days, 01 hours, 14 minutes Current Configuration File: /ide0/system/config/CFG01022.
Chapter 2 CLI Command Summary 177 snmp-server contact This command sets, or clears, the SysContact field in the MIB-II MIB. This field contains the name and contact information of the contact person for this switch.
Chapter 2 CLI Command Summary Warnings Contact string too long (must be 255 characters or less). Related commands snmp-server location text snmp-server name text Example CES(config)#snmp-server contact Dial John Connolly at 1-800-555-1212, x 123 This example sets the contact string to dial John Connolly at 1-800-555-1212, x 123.
Chapter 2 CLI Command Summary 179 snmp-server location This command sets, or clears, the SysLocation field in the MIB-II MIB. This field contains the physical location for this switch. Syntax snmp-server location text no snmp-server location Parameters text String containing the physical location of the switch Default None Command mode Global configuration Next command mode Global configuration Warnings Location string too long (must be 255 characters or less).
Chapter 2 CLI Command Summary Related commands snmp-server contact text snmp-server name text Example CS(config)#snmp-server location Building 400,4th Floor Closet A122 This example sets the location string to Building 400, 4th Floor Closet A122.
Chapter 2 CLI Command Summary 181 snmp-server name This command sets, or clears, the SysName field in the MIB-II MIB. This field contains an administratively assigned name for this switch.
Chapter 2 CLI Command Summary Next command mode Global configuration Warnings Name string too long (must be 255 characters or less). Related commands snmp-server contact text snmp-server location text Example CES(config)#snmp-server name Contivity Chester, Group 1 This example sets the name string to Contivity Chester, Group 1.
Chapter 2 CLI Command Summary 183 suffix remove This command is used when configuring the LDAP server for the switch. It allows the administrator to remove the domain name suffix from the user ID before sending the user ID to the LDAP server for authentication.
Chapter 2 CLI Command Summary Example CES(config)#ldap-server internal Router(config-ldap)#no suffix remove Router(config-ldap)#domain-delimiter # suffix Router(config-ldap)#exit In this example the delimiter between the user ID and the domain name is set to the # character and the suffix is not removed before sending the user ID value to the LDAP server for authentication.
Chapter 2 CLI Command Summary 185 trace The trace command allows the administrator to determine the route that packets use when traveling to their destination. It is commonly used as a diagnostic command (traceroute on most systems). The trace command does not recognize DNS names with hyphens. Syntax trace ip {host | address} [hops number] [wait timeout] Parameters host The trace packets to the system identified by this host name.
Chapter 2 CLI Command Summary Warnings If the system cannot map an address for a host name, it returns an "%Unknown Host" error message. Related commands ping {host|address} Example CES>trace 208.216.182.15 Tracing the route to amazon.com (208.216.182.15) 1 2 3 4 6 router-a.fred.corp.com (195.120.1.6) 1000 msec 8 msec 4 msec filter-1.jane.fred.com (195.120.16.2) 8 msec 8 msec 8 msec core2.seattle.cw.net (204.70.9.120) 8 msec 4 msec 4 msec internap.seattle.cw.net (204.70.233.
Chapter 2 CLI Command Summary 187 who This command shows the active Telnet administration sessions on the switch with the IP address from which they are connected. The sessions are listed by session ID. The session ID values are fixed for the life of a session. Syntax who [ip_address] Parameters ip_address A dotted IP address. If present, limits the output to Telnet sessions that are connected from the specified IP address, if any.
Chapter 2 CLI Command Summary Illegal IP address.
Chapter 3 Bulk Load Command The bulk load command allows an administrator to send a list of commands and parameters to a Contivity VPN Switch and have them executed in series. This command allows an administrator with many switches to configure them in bulk from a list of settings instead of having to configure each switch manually through the browser interface.
Chapter 3 Bulk Load Command Components The bulk loading feature has two main components: the command file and the LOAD command. Load command The Load command is available only through the Telnet interface. Once executed, the command will load the specified command file, and execute the instructions it contains. When completed, the command file will be deleted.
Chapter 3 Bulk Load Command 191 File format The FILE_FORMAT command defines what versions of the bulk load commands are contained in the command file. In this release, bulk loading file formats 1.0, 2.0, and 3.0 are supported. The FILE_FORMAT command is useful if a bulk load script is to be used on several switches with different releases installed. For example, the following command file may be executed on a switch installed with versions 2.50, 2.60, and 3.00: FILE_FORMAT: 1.0 COMMAND: ONE [...
Chapter 3 Bulk Load Command User commands User commands allow an administrator to add or delete user records. They also allow an administrator to add or delete user groups.
Chapter 3 Bulk Load Command 193 Add User ADD_USER adds a user or user group. A user record must contain authentication credentials (such as UID and Password, DN, and so forth.) before the user is added to the database.
Chapter 3 Bulk Load Command Delete User The DELETE_USER command is used to delete a specified user record from the database. You must include a user name, and if you do not specify a group, then the /Base group is assumed. COMMAND: DELETE_USER GROUP: [Group name] NAME: [User name - Required] END Add Group The ADD_GROUP command is used to add a group to the switch database.
Chapter 3 Bulk Load Command 195 COMMAND: MODIFY_GROUP GROUP: [Group name - Required] // Connectivity Attributes FILT_NAME: [Name of existing filter] CALL_PRI: [Call admission priority {Low/Medium/High/Highest}] FORWARD_PRI: [Forwarding priority {Low/Medium/High/Highest}] NUM_LOGINS: [Number of logins] STATIC_ADDR: [Static addresses {Enable/Disable}] IDLE_TO: [Idle timeout period (hh:mm:ss format)] FORCED_LO_TIME: [Forced logout timeout (hh:mm:ss format)] SPLIT_TUN: [Split tunneling {Enable/Disable}] SPLIT_
Chapter 3 Bulk Load Command ESP_3MD5: [ESP - Triple DES with MD5 Integrity {Enable/Disable}] ESP_56SHA1: [ESP - 56-bit DES with SHA1 Integrity {Enable/Disable}] ESP_56MD5: [ESP - 56-bit DES with MD5 Integrity {Enable/Disable}] ESP_40SHA1: [ESP - 40-bit DES with SHA1 Integrity {Enable/Disable}] ESP_40MD5: [ESP - 40-bit DES with MD5 Integrity {Enable/Disable}] ESP_NULLSHA1: [ESP - NULL (Authentication Only) with SHA1 Integrity {Enable/Disable}] ESP_NULLMD5: [ESP - NULL (Authentication Only) with MD5 Integ
Chapter 3 Bulk Load Command 197 REKEY_DATACNT: [Rekey datacount (in KB)] DOMAIN: [Domain name] PRI_DNS: [Primary DNS address] PRI_WINS: [Primary WINS address] SEC_DNS: [Secondary DNS address] SEC_WINS: [Secondary WINS address] END Purge Group The PURGE_GROUP command is used to delete all users in a specified group. If you do not specify a group, the command purges all users in the /Base group.
Chapter 3 Bulk Load Command Delete All The DELETE_ALL command deletes all users in the database. Caution: This command should only be executed by the switch administrator because all other accounts are removed. COMMAND: DELETE_ALL END Branch office commands Branch office commands allow an administrator to add or delete branch office connections, including control tunnel connections. These commands also allow administrators to add and delete branch office groups.
Chapter 3 Bulk Load Command 199 Add branch office connection The ADD_CONNECTION command defines a branch office control connection with specific attributes. The connection must contain authentication information before it is created. Once a connection is created with the required attributes, it is automatically enabled. This command has been modified for the Contivity VPN Switch Version 3.
Chapter 3 Bulk Load Command MASK: [Remote Accessible Net Subnet mask - Required for Static Routing] REM_NET_COST: [Remote network cost - Default:10] REM_NET_STATE: [Remote network state - {Enable/Disable} Default: Enable] // Dynamic Routing OSPF_STATE: [OSPF state {Enable/Disable} (Dynamic Routing) Default:Disable] AREA_ID: [Area ID (Dynamic Routing) - Default:0.0.0.
Chapter 3 Bulk Load Command 201 LOCAL_UID: [Tunnel authentication - local user ID - (PPTP & L2TP tunnel types) - Required for PPTP/L2TP] PEER_UID: [Tunnel authentication - peer user ID - (PPTP & L2TP tunnel types) - Required for PPTP/L2TP] PEER_PSW: [Tunnel authentication - peer password - (PPTP & L2TP tunnel types)] COMPRESSION: [PPTP & L2TP compression {Enable/Disable} (PPTP & L2TP tunnel types)] ENC_STATE_MODE: [PPTP & L2TP Compression/Encryption stateless mode {Enable/Disable} - (PPTP & L2TP tunnel type
Chapter 3 Bulk Load Command Modify branch office connection The MODIFY_CONNECTION command is used to add a new remote accessible network entry to an existing branch office connection.
Chapter 3 Bulk Load Command 203 Add branch office group The ADD_BRANCHGROUP command creates a branch office group as specified. A group name is required. COMMAND: ADD_BRANCHGROUP GROUP: [Group name - Required] END Modify branch office group The MODIFY_BRANCHGROUP command is used to modify existing branch office groups. All values that are not specified will inherit values from its parent group.
Chapter 3 Bulk Load Command NOTE: COMMAND: MODIFY_BRANCHGROUP GROUP: [Name of existing Branch Office group to modify -Required] //Connectivity Attributes CALL_PRI: [Call admission priority {Low/Medium/High/Highest}] FORWARD_PRI: [Forwarding priority {Low/Medium/High/Highest}] IDLE_TO: [Idle timeout period (hh:mm:ss format)] // Bandwidth Policy BW_COMMIT_RATE: [Committed Bandwidth Rate (bps)] BW_EXCESS_RATE: [EXCESS Bandwidth Rate (bps)] BW_EXCESS_ACTION: [EXCESS Rate Action {Drop/Mark}] // IPSEC Attrib
Chapter 3 Bulk Load Command 205 PFS: [Perfect forward security {Enable/Disable}] COMPRESSION: [Compression {Enable/Disable}] REKEY_TO: [Rekey timeout (hh:mm:ss format)] REKEY_DATACNT: [Rekey datacount (in KB)] // RIP Attributes RIP_TRANSMIT: [Rip Transmit {OFF,V1,V2}] RIP_RECEIVE: [Rip Receive {OFF,V1,V2}] IMPORT_DEF_ROUTE: [Import Default Route {Enable/Disable}] EXPORT_DEF_ROUTE: [Export default routes metric {Enable/Disable}] EXPORT_STATIC_ROUTE: [Export static routes metric {Enable/Disable}] EXPORT_BO_ST
Chapter 3 Bulk Load Command OSPF_REXMIT_INT: [OSPF retransmit interval] OSPF_XMIT_DELAY: [OSPF transmission delay] OSPF_AUTH: [OSPF Authentication {None/Simple/MD5}] // NOTE: The following values do not accept the "INHERITED" // keyword. The OSPF_AUTH value will control the // inheritance of these values.
Chapter 3 Bulk Load Command 207 The CREATE_NETWORK command is used to add a new network definition. COMMAND: CREATE_NETWORK NET_NAME: [Name of new network definition - Required] SUBNET: [New IP address - Required] MASK: [New subnet mask - Required] END The DELETE_NETWORK command is used to delete an existing network definition. COMMAND: DELETE_NETWORK NET_NAME: [Name of existing network to delete - Required] END The MODIFY_NETWORK command is used to add new subnets to an existing network definition.
Chapter 3 Bulk Load Command The CREATE_NAT command is used to create a new NAT set. COMMAND: CREATE_NAT NAT_NAME: [Name of new NAT set - Required] NAT_TYPE: [Translation Type {Static/Pooled/Port} - Required] IN_START_IP: [Internal starting IP address - Required] IN_END_IP: [Internal ending IP address - Required] EX_START_IP: [External starting IP address - Required] EX_END_IP: [External ending IP address - Required for Pooled NAT type] END The DELETE_NAT command is used to delete an existing NAT set.
Chapter 3 Bulk Load Command 209 The MODIFY_NAT command is used to add a new rule to an existing NAT set.
Chapter 3 Bulk Load Command The DELETE_POOL command is used to delete an existing address pool.
Chapter 3 Bulk Load Command 211 The CREATE_FILTER command allows for the creation of a new named filter. The filter may be created to allow or disallow certain management traffic. These fields are not required.
Chapter 3 Bulk Load Command The ADD_RULE command allows an existing rule to be added to an existing filter. COMMAND: ADD_RULE FILT_NAME: [Filter name - Required] RULE_NAME: [Rule name - Required] END The CREATE_RULE command allows for the creation of a new rule definition.
Chapter 3 Bulk Load Command 213 The CREATE_ADDRESS command creates a new address definition to be used by a filter rule. COMMAND: CREATE_ADDRESS ADDR_NAME: [Address Name - Required] IP_ADDR: [IP Address - Required] MASK: [Address mask - Required] END The CREATE_PORT command creates a new port definition to be used by a filter rule.
Chapter 3 Bulk Load Command The ADD_FTPSERVER command is used to configure a new automatic backup server.
Chapter 3 Bulk Load Command 215 The ADD_SYSLOG command is used to setup a system log forwarding server.
Chapter 3 Bulk Load Command SNMP_COMMUNITY: [SNMP Community name] SNMP_ENABLE: [Enable SNMP Host - Default:Enable] END The DELETE_SNMPHOST command is used to remove an existing SNMP-Get or Trap host.
Chapter 3 Bulk Load Command 217 The CONFIG_TRAP command is used to configure which conditions will cause traps.
Chapter 3 Bulk Load Command CACHE_SIZE: [DHCP cache size] IMMEDIATE_ADDR_REL: [Immediate address release {Enable/ Disable}] END The DELETE_DHCP command is used to remote an existing DHCP server. COMMAND: DELETE_DHCP DHCP_SERVER: [Existing DHCP server to remove {Primary/ Secondary/Tertiary} - Required] END Licensing commands Licensing of certain features will be supported in bulkload version 3.0.
Chapter 3 Bulk Load Command 219 PAID_KEY: [Licensing key for the feature to be disabled] END Usage notes Deletion of groups The DELETE_GROUP and DELETE_BRANCHGROUP commands can cause the LDAP server in use by the switch to become unreachable while the group is being deleted. This can happen if the group being deleted has a large number of users or Branch Office connections defined (for example, more than 50).
Chapter 3 Bulk Load Command Group name syntax For many of the User and Branch Office commands, you must specify the name of the group that you are manipulating. The syntax of the group name is very important. Group names are specified in Relative Distinguished Name (RDN) format, leaving out the '/Base' specifier.
Index 221 Index I interface management 69 ip http server 71 A acronyms 30 K administrator privileges 33 kill 71 arp 41 L C ldap 75 clear arp-cache 44 ldap-server 77 clear ip route 45 ldap-server source 79 clear logging events 47 load 81 configure 48 logging history 83 console mode 49 logout 85 control 52 conventions 28 M conventions, text 28 Management IP Address 33 customer support 32 more 86 D P DHCP 217 ping 89 disable 54 product support 32 documentation map 28 publicatio
Index server restore 113 server start 116 server stop 117 show arp 120 show exception backup 121 show file systems 124 show flash contents 125 show health 128 show ip access-list 130 show ip ospf 132 show ip ospf database 134 show ip ospf interface 136 show ip ospf neighbor 138 show ip rip 140 show ip rip database 142 show ip rip interface 144 show ip route 146 show ip route-policies 149 show ip traffic 151 show ip vrrp 154 show ldap-server 156 show logging config 158 show logging events 161 show loggin
