background image

When executing the 

undo rsa peer-public-key

 command to delete a specified public 

key, the system will prompt the following information in case the specified key does 

not exist. 

 

% Public key not found. 

For related commands, see 

public-key-code begin

, and 

public-key-code end

.

 

Example

 

Access the public key view.

 

[3Com]

 rsa peer-public-key 3Com002

 

[3Com-rsa-public-key]  

3.15  ssh server authentication-retries 

Syntax

 

ssh server authentication-retries

 

times

 

undo ssh server authentication-retries

 

View

 

System view

 

Parameter

 

times

: The number of authentication retries, which is in the range of 1 to 5 and 

defaults to 3.

 

Description

 

Using the 

ssh server authentication-retries

 command, you can set the number of 

SSH connection authentication retries that are allowed. Using the 

undo ssh server 

authentication-retries

 command, you can restore the default maximum number of 

SSH connection authentication retries that are allowed..

 

This command is to prevent the illegal activities such as malicious decipherment by 

limiting the number of SSH connection authentication retries. The configuration will 

take effect the next time when the use logs in the router.

 

For related command, see 

display ssh server

.

 

Example

 

Set the allowed number of login authentication retries to 4.

 

[3Com]

 ssh server authentication-retries 4

 

3Com Router Command Reference Guide Addendum for V1.2

62

Summary of Contents for Router 3012

Page 1: ...3ComRouter Command Reference Guide Addendum for V1 20 http www 3com com Part No 10014302 Published January 2004...

Page 2: ...upport 3com com infodeli tools routers R3000Install pdf Download the Router 5000 Installation Guide from http support 3com com infodeli tools routers 5000Install pdf Download the 3Com Router Command R...

Page 3: ...are configurable The sum of the bandwidths assigned to the assured forwarding and expedited forwarding classes of the same policy must be smaller than the available bandwidth of the interface applied...

Page 4: ...the CIR action Action conducted to a packet including discard Drop the packet remark dscp pass new dscp Set new dscp and transmit the packet It ranges from 0 to 63 remark prec pass new precedence Set...

Page 5: ...ugging qos Syntax debugging qos cbq af be ef class cq pq wfq interface type number undo debugging qos cbq af be ef class cq pq wfq interface type number View All views Parameter cbq af Enable the debu...

Page 6: ...type number View All views Parameter interface type Interface type number Interface number Description Using the display qos cbq interface command you can browse the class based queue configuration i...

Page 7: ...the class information concerning router configuration Example 3Com display qos class QoS Class Configuration Information Class 3COM Operator Logical AND Rules If match ip precedence 5 Class database...

Page 8: ...e 3Com display qos policy QoS Policy Configuration Information Policy test Class default class Behavior s none Class AF Behavior s Committed Access Rate CIR 8000 Bps CBS 15000 Bit EBS 0 Bit Conform Ac...

Page 9: ...iews Parameter interface type Interface type number Interface number Description Using the display qos policy interface command you can view configuration information and operating status of the polic...

Page 10: ...ded 0 0 Packets Bytes Class AF Matched 0 0 Packets Bytes Operator Logical AND Rule s If match ACL 131 If match ACL 101 If match inbound interface Ethernet0 Behavior s Traffic Police CIR 8000 bps CBS 1...

Page 11: ...Packets Bytes Rule s If match any Behavior s none Class AF Matched 0 0 Packets Bytes Operator Logical AND Rule s If match ACL 13 If match ACL 101 If match inbound interface Ethernet0 Behavior s Commit...

Page 12: ...e the configuration The command can not be used together with queue af queue length and wred in class view This command is unavailable for default class For the related command see qos policy qos clas...

Page 13: ...ed qos gts command ineffective If this command is frequently configured on classes of the same policy the last configuration will overwrite the previous ones For the related command see qos policy qos...

Page 14: ...a class to match ACL101 3Com qos class class1 3Com qosclass class1 if match acl 101 1 11 if match any Syntax if match logic not any undo if match logic not any View Class view Parameter logic not Do...

Page 15: ...match rule for a QoS class Using the undo if match class command you can delete the match rule for the QoS class This configuration method is the only one to match the traffic with both the match all...

Page 16: ...match logic not criteria undo if match logic not criteria View Class view Parameter criteria Match rule of a class which can be acl any class map destination mac inbound interface ip precedence dscp...

Page 17: ...input interface match rule of a class When defining a match rule the specified interface must be existent Supported interface types Ethernet interface serial interface Tunnel interface virtual templat...

Page 18: ...be deleted Up to 8 DSCP values can be configured by a command If several DSCPs are configured with the same value they will considered as one by default The relation between different DSCP values is O...

Page 19: ...ts with the precedence value as 1 or 6 3Com qos class class1 3Com qosclass class1 if match ip precedence 1 6 1 17 if match mac address Syntax if match logic not destination mac source mac mac address...

Page 20: ...ource MAC address as 0050 ba27 bed2 3Com qos class class2 3Com qosclass class2 if match source mac 00 50 ba 27 be d2 1 18 if match protocol Syntax if match logic not protocol ip undo if match logic no...

Page 21: ...delete the port match rule of RTP This command is used to match RTP packets in the specified RTP port range that is match the packets of even UDP port numbers between starting port number and end port...

Page 22: ...ic control mechanism for the lower layer queue and the number of packets sent to the lower layer interface queue can be controlled according to the number of tokens In normal conditions it is suggeste...

Page 23: ...e available bandwidth on the interface af ef wfq and gts cannot be configured for inbound policies The application rule of QoS policy in interface view is as follows On a common physical interface or...

Page 24: ...mmand you can define a QoS policy and enter class view Using the undo qos class command you can delete a class By default the relation is logic and class name cannot be set to default class For the re...

Page 25: ...nd is usually configured on these interface Note When the actual available bandwidth the maximum bandwidth multiplied by the percentage of reserved bandwidth of an interface is smaller than the sum of...

Page 26: ...pct percent undo qos reserved bandwidth View Interface view Parameter pct percent Percentage of reserved bandwidth in available bandwidth ranging from 1 to 100 By default it is 75 Description Using q...

Page 27: ...me and can be set to default class Description Using qos class command you can configure a class in QoS policy Using undo qos class command you can delete the specified class For the related command s...

Page 28: ...th command the latter will be deleted at the same time After configuring queue length if you enable random drop with the wred command the former will be canceled By default tail drop is configured For...

Page 29: ...alue as 6 3Com qos policy 3Com 3Com qospolicy 3Com qos class database 3Com qospolicy c 3Com database remark ip dscp 6 1 29 remark ip precedence Syntax remark ip precedence value undo remark ip precede...

Page 30: ...Description Using wfq command you can configure the default class to use WFQ Using undo wfq command you can delete the configuration This command is available for default class only In addition it ca...

Page 31: ...nnot be configured at a time When canceling this configuration the WRED related configuration will be deleted When a policy configured with wred is applied on an interface the previous WRED configurat...

Page 32: ...of WRED Using undo wred ip dscp command you can delete the configuration This command can be used only after the wred command is used to enable the WRED drop mode based on DSCP The configuration of wr...

Page 33: ...drop proportion denominator of WRED Using undo wred ip precedence command you can remove the configuration This command can be used only after the wred command has been used to enable WRED drop mode...

Page 34: ...this command you must have configured the af command and have used the wred command to enable the WRED discarding mode When removing the wred configuration the configuration of wred weighting constan...

Page 35: ...nable AAA accounting debugging and display the AAA accounting debugging information packet Enable AAA packets debugging and print the details of AAA packets user user name User name which is a printab...

Page 36: ...lay hwtacacs accounting Syntax display hwtacacs accounting verbose View All views Parameter verbose Display the detailed accounting information of AAA users If this argument has been configured the in...

Page 37: ...ing Statistics Accounting Packet Wait Queue Length 0 Accounting type Login Starts 2 Stops 0 realtimes 0 Active 0 Drops 0 Accounting type Network Starts 0 Stops 0 realtimes 0 Active 0 Drops 0 Accountin...

Page 38: ...quests Outbound Provide all the outbound connection information Telnet rlogin PAD generated by the NAS Command Display the statistics of all the commands at the specified level System Display the stat...

Page 39: ...ics Example Display the information interacted between the current host and the TACACS server Router display hwtacacs server verbose Queue length Current Queue length Authentication 250 1 Authorizatio...

Page 40: ...domain has been executed the whole character string entered by a user will be sent to the TACACS server configured in the scheme as the user name For example if a user enters username 3com com the rou...

Page 41: ...ify the server configured currently as the primary accounting server Description Using host command you can add a TACACS server into a TACACS server group by specifying its IP address as well as speci...

Page 42: ...ing The Server is a author primary Server Warning The Server is a account primary Server If configuring undo host with the parameter authen primary or author primary or account primary you will only d...

Page 43: ...server group has been created With this command a maximum of 11 TACACS server groups can be configured with each containing up to 5 TACACS servers If the template configured currently exceeds the uppe...

Page 44: ...see display hwtacacs accounting Example Clear all accounting statistics for the AAA users Router reset hwtacacs accounting statistics 2 8 reset hwtacacs server statistics Syntax reset hwtacacs server...

Page 45: ...er to carry out AAA negotiation Using undo shared key command you can delete the shared key used for the AAA negotiation with the TACACS server By default no key is set The entered key must match the...

Page 46: ...dress is specified for transmitting TACACS packets If the same source IP address is specified for all the TACACS packets the TACACS server will only need to contact the router using that IP address in...

Page 47: ...nd enter the hwtacacs view before configuring this command This switchover interval can become valid only if you have specified a AAA primary server with the arguments authen primary author primary or...

Page 48: ...f the RSA algorithm to the info center in the form of debugging information Using the undo debugging rsa command you can disable debugging By default debugging is disabled For related commands see rsa...

Page 49: ...entication retries ssh server rekey interval and ssh server timeout Example Print the debugging information when running SSH 3Com debugging ssh server vty 4 SSH The packet received on VTY 4 SSH SSH_CM...

Page 50: ...xample 3Com display rsa local key pair public Time of Key pair created 14 20 8 2000 12 13 Key name 3Com_Host Key type RSA encryption Key Key code 3047 0240 D5797459 00089D88 A3CB8FE2 58B81738 56E915CF...

Page 51: ...to be displayed which is a string of 1 to 64 consecutive characters Description Using the display rsa peer public key command you can display information of a specified RSA public key If no key has be...

Page 52: ...he SSH server session Display the session information of the SSH server Description Using the display ssh server command you can display the SSH state or session information For related commands see s...

Page 53: ...key names associated with the users and the authentication types of the user If the parameter username has been specified only information of the specified user will be displayed For related commands...

Page 54: ...discard all the public key data configured by the user due to the presence of illegal characters and will return to the public key view from the current view In this case you can access the public ke...

Page 55: ...userid Closes the SSH process specified by the task ID by force Description Using the kill ssh command you can close an SSH process by force A system administrator can disconnect the connections of a...

Page 56: ...dress It is in the range of 0 to 99 with 0 indicating that no ACL is used Description Using the protocol inbound command you can specify the protocol and the maximum number of the protocol specific co...

Page 57: ...lic key public key code end and hex Example Access the public key edit view and input the key data 3Com rsa peer public key 3Com003 3Com rsa public key public key code begin 3Com rsa key code hex 3081...

Page 58: ...gain using the public key code begin command and input new public key data using the hex command If you do not want to input the key data again you can exit to the system view by executing the public...

Page 59: ...ir create Syntax rsa local key pair create View System view Parameter None Description Using the rsa local key pair create command you can generate RSA host key pair and server key pair If there has b...

Page 60: ...st already exist Confirm to replace them yes no y The range of public key size is 512 2048 NOTES If the key modulus is greater than 512 It will take a few minutes Input the bits in the modulus default...

Page 61: ...ublic key Syntax rsa peer public key key name undo rsa peer public key key name View System view Parameter key name Name of the key to be configured destroyed which is a character string of 1 to 64 by...

Page 62: ...ge of 1 to 5 and defaults to 3 Description Using the ssh server authentication retries command you can set the number of SSH connection authentication retries that are allowed Using the undo ssh serve...

Page 63: ...l for updating the SSH server key Using the undo ssh server rekey interval command you can disable updating the SSH server key By default no updating operation is performed on the key For related comm...

Page 64: ...18 ssh user username assign rsa key Syntax ssh user username assign rsa key keyname undo ssh user username assign rsa key View System view Parameter username A valid SSH username defined by the AAA m...

Page 65: ...s in the router For related command see display ssh user information Example Assign the public key key1 to the user smith 3Com ssh user smith assign rsa key key1 3 19 ssh user authentication type Synt...

Page 66: ...u must specify an authentication mode for a new user otherwise the user will be unable to log into to the system The authentication mode set for the new user will take effect the next time when the us...

Page 67: ...ty all View User view Parameter access NTP access control debugging adjustment NTP clock adjustment debugging all All NTP debugging authentication NTP authentication debugging event NTP event debuggin...

Page 68: ...ssions command you can display the state information of all the sessions maintained by the NTP service of the local device By default the state information of all the sessions maintained by the NTP se...

Page 69: ...8 ms peer disper 5 98 ms The following table gives the explanation to the displayed information Table 4 1 Description of the state information of the NTP server Item Description synchronized The local...

Page 70: ...ce trace along the time synchronization NTP server link back to the reference clock source and display the brief information of all the NTP servers along the link Example Display the brief information...

Page 71: ...rights By default there is no access restriction This command can be used to control the access to the NTP services of the local device It just provides a minimum security protection however To obtai...

Page 72: ...le command you can disable authentication By default authentication is disabled Example Enable NTP authentication 3Com ntp service authentication enable 4 7 ntp service authentication keyid Syntax ntp...

Page 73: ...e view Parameter None Description Using the ntp service broadcast client command you can configure the NTP broadcast client mode Using the undo ntp service broadcast client command you can disable the...

Page 74: ...of 1 to 4294967295 version Defines the NTP version number number NTP version number in the range of 1 to 3 Description Using the ntp service broadcast server command you can enable the NTP broadcast...

Page 75: ...ice max dynamic sessions command you can set the number of sessions allowed at the local Using the undo ntp service max dynamic sessions command you can restore the default number of sessions allowed...

Page 76: ...erver mode to exchange the message with the remote server for the purpose of estimating the network delay and then it switches to the broadcast client mode to assume the work of detecting the incoming...

Page 77: ...version number is 3 With this command you can specify an interface on the local device for sending NTP multicast messages while the local device is running in multicast server mode to periodically sen...

Page 78: ...works as the NTP master clock by default With this command you can specify the stratum level where the NTP master clock operates Example Set the local device to be the NTP master clock at stratum 3 wh...

Page 79: ...erface View System view Parameter interface name Interface name The IP address of the interface will be used as the source IP address of the messages interface type Interface type which identifies an...

Page 80: ...ion Using the ntp service source interface disable command you can disable an interface to receive NTP messages Using the undo ntp service source interface disable command you can enable the interface...

Page 81: ...r interface number Interface number which identifies an interface along with interface type priority Specifies the server to be the preferred server Description Using the ntp service unicast peer comm...

Page 82: ...Parameter X X X X IP address of the remote server version Defines NTP version number NTP version number in the range of 1 to 3 authentication keyid Defines authentication key ID keyed The key ID shoul...

Page 83: ...pecified by X X X X X X X X represents a host address which must not be a broadcast or multicast address or the IP address of the reference clock Configured with this command the local device is worki...

Page 84: ...Enables the X2T event debugging packet Enables the X2T packet debugging Description Using the debugging x25 x2t command you can enable X2T debugging Example Enable the X2T event debugging Router debu...

Page 85: ...itch table Syntax display x25 x2t switch table View All views Parameter None Description Using the display x25 x2t switch table command you can display the X2T dynamic route switching table Example Di...

Page 86: ...d IP address and port of the router the router will translate the IP packets into X 25 packets upon the receipt and forward them to the X 121 address on the X 25 network Example Configure an X2T forwa...

Page 87: ...ver receiving the X 25 packets destined to a specified X 121 address the router will convert these X 25 packets into IP packets and forward them to the specified IP address in the IP network Example C...

Page 88: ...hat is interoperating with an exchange sends SETUP ACK messages even if the received SETUP messages do not carry the called number information The switches of some vendors neither carry the called num...

Page 89: ...is initiated Using the undo isdn ignore hlc command you can enable the high level compatibility information unit in the SETUP message By default the SETUP message carries high level compatible inform...

Page 90: ...essage By default the SETUP message carries low level compatible information unit when the ISDN originates data calls When connecting to a European ISDN network it is necessary to configure this comma...

Page 91: ...before it can be ACTIVE Some exchanges will send CONNECT ACK messages but some will not Example Configure the router to become ACTIVE to start data exchange before receiving CONNECT ACK messages 3Com...

Page 92: ...face B1 channel It can be a static configuration or the result of a dynamic negotiation all depending on the specified SPID Type SPID Num SPID value of the BRI interface It can be a static configurati...

Page 93: ...to the default Note When a router interoperates with an ISDN switch its configuration should be consistent with that of the switch If there is a call on the ISDN interface you cannot configure this c...

Page 94: ...will set the type of signaling for the active ISDN interface However if there are calls on the interface configuring this command will not take effect Note You are allowed to configure DSS1 ISDN on BR...

Page 95: ...931 signaling timers Different timers have different default values Refer to the following table for a description in detail Table 6 2 Description of Q931 timers timer name Timer Value range in second...

Page 96: ...ls or just for the purpose of testing By default a BRI interface does not originate a SPID negotiation request unless triggered by a call This command applies only on the BRI interface running the NI...

Page 97: ...iew ISDN BRI Interface view Parameter seconds Duration of the SPID timer which is in the range of 1 to 255 seconds and defaults to 30 seconds Description Using the isdn spid timer command you can set...

Page 98: ...ault number of INFORMATION message retransmission attempts on the interface On a BRI interface compliant with the ISDN protocol in North America calls can be placed only after the SPID negotiation or...

Page 99: ...ere are three types of services You can select any one or none None means all services are supported By default SPID supports data and voice service simultaneously For BRI interfaces using National IS...

Page 100: ...ca calls can be placed only after the SPID negotiation or initialization is finished SPID information can be obtained via static configuration or dynamic negotiation Only after SPID information is con...

Page 101: ...ca calls can be placed only after the SPID negotiation or initialization is finished SPID information can be obtained via static configuration or dynamic negotiation Only after SPID information is con...

Reviews: