Home
/
Allied Telesis
/
AR2050V
/
Command Reference Manual

Allied Telesis AR2050V, Command Reference Manual, Page: 2775 / 2824

Share

Page: 2775 / 2824

Allied Telesis AR2050V Command Reference Manual Download Page 2775

C613-50186-01 Rev B

Command Reference for AR2050V

2775

AlliedWare Plus™ Operating System - Version 5.4.7-1.x

O

PEN

VPN C

OMMANDS

TUNNEL

OPENVPN

AUTHENTICATION

tunnel openvpn authentication

Overview

Use this command to configure the data channel authentication digest for an
OpenVPN tunnel.

Use the

no

variant of this command to set the data channel authentication digest

for an OpenVPN tunnel to its default value of SHA1.

Syntax

tunnel openvpn authentication {sha1|sha256}

no tunnel openvpn authentication

Default

SHA1

Mode

Interface configuration

Usage

You need to configure the client to use the same setting as the server. To do this,
include one of the following lines in your client’s OpenVPN configuration (.ovpn)
file:

Example

To configure tunnel 5, which is an OpenVPN tunnel, to use SHA256 data channel
authentication, use the commands:

awplus#

configure terminal

awplus(config)#

interface tunnel5

awplus(config-if)#

tunnel openvpn authentication SHA256

Related

Commands

tunnel openvpn cipher

Command

changes

Version 5.4.7-0.1: command added

Parameter

Description

aes128

Use Secure Hash Standard with 160-bit digest size as the data
channel authentication digest.

aes256

Use Secure Hash Standard with 256-bit digest size as the data
channel authentication digest.

Setting

Line

SHA1

auth SHA1

SHA256

auth SHA256

«
...
2773
2774
2775
2776
2777
...
»

Summary of Contents for AR2050V

Page 1: ...C613 50186 01 Rev B AR2050V SECURE VPN ROUTER Command Reference for AlliedWare Plus Version 5 4 7 1 x...

Page 2: ...uction and shipping costs and a CD with the GPL code will be mailed to you GPL Code Request Allied Telesis Labs Ltd PO Box 8011 Christchurch New Zealand Allied Telesis AlliedWare Plus Allied Telesis M...

Page 3: ...vileged Exec mode 100 end 102 exit 103 help 104 logout 105 show history 106 Chapter 2 File and Configuration Management Commands 107 Introduction 107 autoboot enable 110 boot config file 111 boot conf...

Page 4: ...n 161 clear line console 163 clear line vty 164 enable password 165 enable secret 168 exec timeout 171 flowcontrol hardware asyn console 173 length asyn 175 line 176 privilege level 178 security passw...

Page 5: ...ogin system 215 banner motd 217 clock set 219 clock summer time date 220 clock summer time recurring 222 clock timezone 224 hostname 225 max fib routes 227 max static routes 229 no debug all 230 reboo...

Page 6: ...g monitor 284 default log permanent 285 log buffered 286 log buffered filter 287 log buffered exclude 290 log buffered size 293 log console 294 log console filter 295 log console exclude 298 log date...

Page 7: ...cription interface 369 interface to configure 370 ip tcp adjust mss 372 ipv6 tcp adjust mss 374 mru jumbo 376 mtu 377 show interface 379 show interface brief 383 show interface memory 384 show interfa...

Page 8: ...flowcontrol interface 433 show interface err disabled 434 show interface switchport 435 show mac address table 436 show platform 438 show platform port 439 show storm control 444 speed 445 storm cont...

Page 9: ...statistics instance interface 508 show spanning tree statistics interface 510 show spanning tree vlan range index 512 spanning tree autoedge RSTP and MSTP 513 spanning tree cisco interoperability MST...

Page 10: ...ail 563 show etherchannel summary 564 show lacp sys id 565 show lacp counter 566 show port etherchannel 567 show static channel group 568 static channel group 569 undebug lacp 571 Chapter 18 802 1Q En...

Page 11: ...poe ac 636 show pppoe ac config check 637 show pppoe ac connections 639 show pppoe ac statistics 641 show running config pppoe ac 644 PART 3 Routing 645 Chapter 21 IP Addressing and Protocol Commands...

Page 12: ...dns forwarding 713 ip dns forwarding cache 714 ip dns forwarding dead time 715 ip dns forwarding domain list 716 ip dns forwarding retry 717 ip dns forwarding source interface 718 ip dns forwarding ti...

Page 13: ...6 nd reachable time 775 ipv6 nd retransmission time 777 ipv6 nd suppress ra 779 ipv6 neighbor 780 ipv6 opportunistic nd 781 ipv6 route 782 ipv6 unreachables 783 ping ipv6 784 show ipv6 forwarding 785...

Page 14: ...work RIP 849 passive interface RIP 851 recv buffer size RIP 852 redistribute RIP 853 restart rip graceful 855 rip restart grace period 856 route RIP 857 router rip 858 send lifetime 859 show debugging...

Page 15: ...0 auto cost reference bandwidth 913 bandwidth 915 capability opaque 916 capability restart 917 clear ip ospf process 918 compatible rfc1583 919 debug ospf events 920 debug ospf ifsm 921 debug ospf lsa...

Page 16: ...pf database network 979 show ip ospf database nssa external 980 show ip ospf database opaque area 982 show ip ospf database opaque as 983 show ip ospf database opaque link 984 show ip ospf database ro...

Page 17: ...6 ospf priority 1052 ipv6 ospf retransmit interval 1053 ipv6 ospf transmit delay 1054 ipv6 router ospf area 1055 max concurrent dd IPv6 OSPF 1057 passive interface IPv6 OSPF 1058 redistribute IPv6 OSP...

Page 18: ...ening 1128 bgp damp peer oscillation BGP only 1130 bgp default ipv4 unicast 1131 bgp default local preference BGP only 1132 bgp deterministic med 1133 bgp enforce first as 1135 bgp fast external failo...

Page 19: ...eighbor as origination interval 1202 neighbor attribute unchanged 1204 neighbor capability graceful restart 1207 neighbor capability orf prefix list 1210 neighbor capability route refresh 1213 neighbo...

Page 20: ...show bgp ipv6 prefix list BGP4 only 1329 show bgp ipv6 quote regexp BGP4 only 1330 show bgp ipv6 regexp BGP4 only 1331 show bgp ipv6 route map BGP4 only 1332 show bgp ipv6 summary BGP4 only 1333 show...

Page 21: ...6 Prefix List 1376 show route map 1377 synchronization 1378 timers BGP 1379 undebug bgp BGP only 1380 Chapter 30 Route Map Commands 1381 Introduction 1381 match as path 1383 match community 1384 match...

Page 22: ...to key pubkey chain knownhosts 1452 default metric RIP 1454 description VRF 1455 distance RIP 1456 distribute list RIP 1457 export map 1458 fullupdate RIP 1459 import map 1460 ip route static inter vr...

Page 23: ...interface 1534 show running config vrf 1535 ssh 1536 tcpdump 1538 telnet 1539 timers RIP 1540 traceroute 1542 version RIP 1543 PART 4 Multicast Applications 1545 Chapter 33 IGMP and IGMP Snooping Com...

Page 24: ...6 clear ipv6 mld 1598 clear ipv6 mld group 1599 clear ipv6 mld interface 1600 debug mld 1601 ipv6 mld 1602 ipv6 mld last member query count 1603 ipv6 mld last member query interval 1604 ipv6 mld queri...

Page 25: ...mode 1661 debug pim sparse mode timer 1662 ip pim anycast rp 1664 ip pim bsr border 1665 ip pim bsr candidate 1666 ip pim cisco register checksum 1667 ip pim crp cisco prefix 1668 ip pim dr priority...

Page 26: ...pim dr priority 1722 ipv6 pim exclude genid 1724 ipv6 pim ext srcs directly connected 1725 ipv6 pim hello holdtime 1726 ipv6 pim hello interval 1727 ipv6 pim ignore rp set priority 1728 ipv6 pim jp t...

Page 27: ...1785 show traffic control counters 1787 show traffic control interface 1789 show traffic control policy 1791 show traffic control red curve 1793 show traffic control rule config check 1795 show traff...

Page 28: ...rver ping poll enable 1861 auth web server ping poll failcount 1862 auth web server ping poll interval 1863 auth web server ping poll reauth timer refresh 1864 auth web server ping poll timeout 1865 a...

Page 29: ...secure proxy aaa 1922 server radsecproxy aaa 1923 server mutual authentication 1925 server name check 1926 server trustpoint 1927 show aaa local user locked 1929 show aaa server group 1930 show debugg...

Page 30: ...s deleted 1988 show crypto pki certificates user deleted 1989 show crypto pki trustpoints deleted 1990 show radius local server group 1991 show radius local server nas 1992 show radius local server st...

Page 31: ...n 2042 advertisement interval 2044 alternate checksum mode 2046 circuit failover 2047 debug vrrp 2049 debug vrrp events 2050 debug vrrp packet 2051 disable VRRP 2052 enable VRRP 2053 preempt mode 2054...

Page 32: ...synchronize 2117 atmf cleanup 2118 atmf container 2119 atmf container login 2120 atmf controller 2121 atmf distribute firmware 2122 atmf domain vlan 2124 atmf enable 2127 atmf group membership 2128 at...

Page 33: ...f area guests detail 2206 show atmf area nodes 2208 show atmf area nodes detail 2210 show atmf area summary 2212 show atmf authorization 2213 show atmf backup 2216 show atmf backup area 2220 show atmf...

Page 34: ...dhcp bootp ignore 2308 ip dhcp leasequery enable 2309 ip dhcp option 2310 ip dhcp pool 2312 ip dhcp client default route distance 2313 ip dhcp relay agent option 2315 ip dhcp relay agent option checki...

Page 35: ...hcp server 2388 ipv6 local pool 2389 ipv6 nd prefix DHCPv6 2391 link address 2393 option DHCPv6 2395 prefix delegation pool 2397 show counter ipv6 dhcp client 2399 show counter ipv6 dhcp server 2401 s...

Page 36: ...2464 snmp server legacy ifadminstatus 2466 snmp server location 2467 snmp server source interface 2468 snmp server startup trap delay 2469 snmp server user 2470 snmp server view 2473 undebug snmp 247...

Page 37: ...ver resolve host 2528 ssh server scp 2529 ssh server sftp 2530 undebug ssh client 2531 undebug ssh server 2532 Chapter 54 Trigger Commands 2533 Introduction 2533 active trigger 2535 day 2536 debug tri...

Page 38: ...nections 2596 connection limit Firewall 2597 connection log events 2598 firewall 2599 debug firewall 2600 ip tcp timeout established 2601 move rule Firewall 2602 protect Firewall 2603 rule Firewall 26...

Page 39: ...RT 9 Advanced Network Protection 2669 Chapter 59 IPS Commands 2670 Introduction 2670 category action IPS 2671 ips 2672 protect IPS 2673 show ips 2674 show ips categories 2675 show running config ips 2...

Page 40: ...Profile 2724 transform ISAKMP Profile 2725 tunnel destination IPsec 2727 tunnel local name IPsec 2729 tunnel local selector 2730 tunnel mode IPsec 2732 tunnel protection ipsec IPsec 2733 tunnel remot...

Page 41: ...ng 2783 Chapter 64 L2TP Commands 2784 Introduction 2784 crypto isakmp key 2786 debug l2tp 2788 destination 2789 encapsulation ppp 2790 ip version 2792 l2tp tunnel 2793 l2tp unmanaged port 2795 l2tp pr...

Page 42: ...aaa authentication login 1905 aaa authentication openvpn 1907 aaa authorization commands 1908 aaa authorization commands 2028 aaa authorization config commands 1910 aaa authorization config commands...

Page 43: ...pi 1009 area authentication 903 area default cost IPv6 OSPF 1011 area default cost 902 area encryption ipsec spi esp 1012 area filter list 904 area nssa 905 area range IPv6 OSPF 1015 area range 907 ar...

Page 44: ...ackup guests delete 2107 atmf backup guests enable 2108 atmf backup guests now 2109 atmf backup guests synchronize 2110 atmf backup now 2111 atmf backup redundancy enable 2113 atmf backup server 2114...

Page 45: ...2160 atmf recover 2157 atmf remote login 2161 atmf restricted login 2163 atmf secure mode certificate expire 2167 atmf secure mode certificate expiry 2168 atmf secure mode certificate renew 2169 atmf...

Page 46: ...th web server dhcp ipaddress 1848 auth web server dhcp lease 1849 auth web server dhcp wpad option 1850 auth web server host name 1851 auth web server intercept port 1852 auth web server ipaddress 185...

Page 47: ...gin system 215 banner motd 217 bgp aggregate nexthop check 1111 bgp always compare med 1112 bgp bestpath as path ignore 1113 bgp bestpath compare confed aspath 1114 bgp bestpath compare routerid 1115...

Page 48: ...1146 bgp rfc1771 strict BGP only 1147 bgp router id 1148 bgp scan time BGP only 1149 bgp update delay 1150 blacklist 2680 boot config file backup 112 boot config file 111 boot system backup 114 boot s...

Page 49: ...r bgp ipv6 peer group BGP4 only 1170 clear bgp peer group 1156 clear counter ipv6 dhcp client 2369 clear counter ipv6 dhcp server 2370 clear exception log 271 clear firewall connections 2596 clear ip...

Page 50: ...im 1706 clear ipv6 mroute statistics 1631 clear ipv6 mroute 1630 clear ipv6 neighbors 754 clear ipv6 ospf process 1028 clear ipv6 pim sparse mode bsr rp set 1708 clear ipv6 rip route 876 clear isakmp...

Page 51: ...onnection limit Firewall 2597 connection log events 2598 connection log events 276 copy filename 116 copy buffered log 277 copy current software 118 copy debug 119 copy fdb radius users to file 1967 c...

Page 52: ...enroll local deleted 1971 crypto pki enroll local local radius all users deleted 1972 crypto pki enroll local user deleted 1973 crypto pki enroll user 2004 crypto pki enroll 2003 crypto pki export loc...

Page 53: ...v6 pim sparse mode packet 1711 debug ipv6 pim sparse mode timer 1712 debug ipv6 pim sparse mode 1709 debug ipv6 rip 877 debug isakmp 2700 debug l2tp 2788 debug lacp 554 debug mail 2476 debug mld 1601...

Page 54: ...og email 281 default log external 282 default log host 283 default log monitor 284 default log permanent 285 default information originate IPv6 RIPng 878 default information originate RIP 823 default...

Page 55: ...very 2189 distance BGP and BGP4 1172 distance IPv6 OSPF 1037 distance OSPF 929 distance RIP 1456 distance RIP 825 distribute list IPv6 RIPng 880 distribute list RIP 1457 distribute list RIP 826 dns se...

Page 56: ...int configuration mode 2013 erase factory default 130 erase factory default 2192 erase proxy autoconfig file 1875 erase startup config 131 erase web auth https file 1876 exec timeout 171 exit 103 exit...

Page 57: ...5 ip address IP Addressing and Protocol 661 ip address dhcp 2306 ip address negotiated 583 ip community list expanded 1177 ip community list standard 1179 ip community list 1175 ip ddns update method...

Page 58: ...atuitous arp link 667 ip helper address 669 ip igmp flood specific query 1553 ip igmp last member query count 1554 ip igmp last member query interval 1555 ip igmp maximum groups 1556 ip igmp mroute pr...

Page 59: ...mit 1638 ip multicast wrong vif suppression 1639 ip multicast routing 1640 ip name server 723 ip ospf authentication 933 ip ospf authentication key 934 ip ospf cost 936 ip ospf database filter 937 ip...

Page 60: ...ppression 1679 ip pim rp address 1680 ip pim rp candidate 1681 ip pim rp register kat 1682 ip pim sparse mode passive 1684 ip pim sparse mode 1683 ip pim spt threshold 1685 ip pim ssm 1686 ip policy r...

Page 61: ...unreachables 678 ip vrf forwarding 1466 ip vrf 1465 ips 2672 ipv6 address DHCPv6 PD 2377 ipv6 address Entity 2634 ipv6 address GRE 2749 ipv6 address autoconfig 757 ipv6 address dhcp 2380 ipv6 address...

Page 62: ...63 ipv6 multicast route 1643 ipv6 multicast route limit 1645 ipv6 multicast routing 1646 ipv6 nd accept ra pinfo 764 ipv6 nd current hoplimit 765 ipv6 nd managed config flag 767 ipv6 nd minimum ra int...

Page 63: ...ectly connected 1725 ipv6 pim hello holdtime 1726 ipv6 pim hello interval 1727 ipv6 pim ignore rp set priority 1728 ipv6 pim jp timer 1729 ipv6 pim neighbor filter 1730 ipv6 pim register rate limit 17...

Page 64: ...eachables 783 ip version 2792 keepalive PPP 591 key chain 845 key 844 key string 846 l2tp peer address dns lookup 623 l2tp peer address radius lookup group 625 l2tp peer address static 626 l2tp profil...

Page 65: ...log console exclude 298 log console 294 log date format 301 log email filter 303 log email exclude 306 log email time 309 log email 302 log event host 204 log event host 2195 log external filter 313 l...

Page 66: ...table static 430 mac filter 455 mac filter group 456 mac learning 457 mail 2478 match as path 1189 match as path 1383 match community 1190 match community 1384 match interface 1386 match ip address 1...

Page 67: ...lticast 1647 nas 1982 nat 2659 neighbor IPv6 RIPng 886 neighbor OSPF 952 neighbor RIP 848 neighbor activate 1193 neighbor advertisement interval 1196 neighbor allowas in 1199 neighbor as origination i...

Page 68: ...p create a peer group 1257 neighbor port 1258 neighbor prefix list 1260 neighbor remote as 1263 neighbor remote as 1473 neighbor remove private AS BGP only 1266 neighbor restart time 1268 neighbor rou...

Page 69: ...ntp broadcastdelay 2415 ntp discard 2416 ntp master 2417 ntp peer 2418 ntp restrict 2420 ntp server 2422 ntp source 2424 ntp trusted key deprecated 2426 optimistic nd 681 option DHCPv6 2395 option 23...

Page 70: ...ion refuse 600 ppp authentication 598 ppp hostname 602 ppp ipcp dns suffix list 606 ppp ipcp dns suffix list 729 ppp ipcp dns 604 ppp ipcp dns 727 ppp ipcp ip override 608 ppp password 609 ppp service...

Page 71: ...adius server deadtime 1939 radius server host 1940 radius server key 1943 radius server local 1984 radius server retransmit 1944 radius server timeout 1946 range 2338 rd route distinguisher 1485 reboo...

Page 72: ...te RIP 1492 route RIP 857 route 2339 route map 1311 route map 1397 router bgp 1310 router ipv6 ospf 1062 router ipv6 rip 891 router ipv6 vrrp interface 2058 router ospf 1495 router ospf 966 router rip...

Page 73: ...roup 1948 server auth port 1985 server enable 1986 server mutual authentication 1925 server name check 1926 server trustpoint 1927 service advanced vty 187 service dhcp relay 2340 service dhcp server...

Page 74: ...area guests 2204 show atmf area guests detail 2206 show atmf area nodes 2208 show atmf area nodes detail 2210 show atmf area summary 2212 show atmf area 2201 show atmf authorization 2213 show atmf bac...

Page 75: ...auth statistics interface 1883 show auth supplicant interface 1887 show auth supplicant 1884 show auth 1877 show auth web server page 1889 show auth web server 1888 show autoboot 139 show banner logi...

Page 76: ...ounter ipv6 dhcp client 2399 show counter ipv6 dhcp server 2401 show counter log 354 show counter mail 2479 show counter ntp deprecated 2427 show counter ping poll 2582 show counter snmp server 2438 s...

Page 77: ...debugging ipv6 pim sparse mode 1745 show debugging ipv6 rip 892 show debugging isakmp 2710 show debugging l2tp 2806 show debugging lacp 560 show debugging mld 1621 show debugging mstp 489 show debugg...

Page 78: ...nterface PPP 614 show interface brief 383 show interface err disabled 434 show interface memory 242 show interface memory 384 show interface status 386 show interface switchport 435 show interface tun...

Page 79: ...keepalive interval BGP only 1356 show ip bgp neighbors notification BGP only 1357 show ip bgp neighbors open BGP only 1358 show ip bgp neighbors rcvd msgs BGP only 1359 show ip bgp neighbors sent msgs...

Page 80: ...ow ip igmp snooping source timeout 1592 show ip igmp snooping statistics 1593 show ip interface vrf 1520 show ip interface vrf 691 show ip interface 690 show ip mroute 1648 show ip mvif 1650 show ip n...

Page 81: ...e nexthop 1698 show ip pim sparse mode packet statistics 1699 show ip pim sparse mode rp mapping 1701 show ip pim sparse mode rp hash 1700 show ip prefix list IPv4 Prefix List 1374 show ip protocols b...

Page 82: ...86 show ipv6 mif 1655 show ipv6 mld groups 1622 show ipv6 mld interface 1623 show ipv6 mld snooping mrouter 1624 show ipv6 mld snooping statistics 1625 show ipv6 mroute 1652 show ipv6 multicast forwar...

Page 83: ...6 pim sparse mode nexthop 1757 show ipv6 pim sparse mode rp mapping 1759 show ipv6 pim sparse mode rp nexthop 1760 show ipv6 pim sparse mode rp hash 1758 show ipv6 prefix list IPv6 Prefix List 1376 sh...

Page 84: ...nterface 406 show mirror 405 show nat rule config check 2667 show nat rule 2665 show nat 2664 show ntp associations 2428 show ntp counters associations 2432 show ntp counters 2430 show ntp status 2434...

Page 85: ...s 2677 show running config l2tp profile 2817 show running config l2tp tunnel 2818 show running config log 362 show running config nat 2668 show running config pppoe ac 644 show running config router i...

Page 86: ...terface 508 show spanning tree statistics instance 507 show spanning tree statistics interface 510 show spanning tree statistics 505 show spanning tree vlan range index 512 show spanning tree 490 show...

Page 87: ...show vrrp session 2071 show vrrp counters 2067 show vrrp ipv6 2070 show vrrp 2065 shutdown 388 snmp trap link status suppress 2451 snmp trap link status 2449 snmp server community 2455 snmp server co...

Page 88: ...ning tree max hops MSTP 526 spanning tree mode 527 spanning tree mst configuration 528 spanning tree mst instance path cost 530 spanning tree mst instance priority 532 spanning tree mst instance restr...

Page 89: ...bject name trustpoint configuration 2023 subnet mask 2362 sub sub class htb 1804 sub sub class priority 1806 sub sub class wrr 1808 summary address IPv6 OSPF 1089 summary address 996 suppress ipv4 upd...

Page 90: ...1 timeout ping polling 2590 timers BGP 1379 timers IPv6 RIPng 897 timers RIP 1540 timers RIP 868 timers spf IPv6 OSPF deprecated 1091 timers spf exp IPv6 OSPF 1092 timers spf exp 997 traceroute ipv6 7...

Page 91: ...pn cipher 2776 tunnel openvpn expiry bytes 2780 tunnel openvpn expiry seconds 2781 tunnel openvpn port 2782 tunnel openvpn tagging 2783 tunnel protection ipsec GRE 2761 tunnel protection ipsec IPsec 2...

Page 92: ...ospf ifsm 1094 undebug ipv6 ospf lsa 1095 undebug ipv6 ospf nfsm 1096 undebug ipv6 ospf packet 1097 undebug ipv6 ospf route 1098 undebug ipv6 pim sparse mode 1763 undebug ipv6 rip 898 undebug isakmp 2...

Page 93: ...ate webgui now 210 update interval DDNS 746 update url DDNS 747 url filter reload custom lists 2685 url filter 2686 usb mode switch 400 use ipv4 for ipv6 updates DDNS 750 user RADIUS server 1996 usern...

Page 94: ...C613 50186 01 Rev B Command Reference for AR2050V 94 AlliedWare Plus Operating System Version 5 4 7 1 x zone 2650...

Page 95: ...C613 50186 01 Rev B Command Reference for AR2050V 95 AlliedWare Plus Operating System Version 5 4 7 1 x Part 1 Setup and Troubleshooting...

Page 96: ...e for the commands used to navigate between different modes This chapter also provides a reference for the help and show commands used to help navigate within the CLI Command List configure terminal o...

Page 97: ...ION COMMANDS CONFIGURE TERMINAL configure terminal Overview This command enters the Global Configuration command mode Syntax configure terminal Mode Privileged Exec Example To enter the Global Configu...

Page 98: ...D EXEC MODE disable Privileged Exec mode Overview This command exits the Privileged Exec mode returning the prompt to the User Exec mode To end a session use the exit command Syntax disable Mode Privi...

Page 99: ...COMMANDS DO do Overview This command lets you to run User Exec and Privileged Exec mode commands when you are in any configuration mode Syntax do command Mode Any configuration mode Example awplus co...

Page 100: ...privilege levels with the enable Privileged Exec mode command If the privilege level specified is higher than the users configured privilege level specified by the username command then the user is pr...

Page 101: ...COMMANDS ENABLE PRIVILEGED EXEC MODE Privilege Exec mode Use the enable password command or the enable secret commands to set the password to enable access to Privileged Exec mode awplus enable 7 awpl...

Page 102: ...her advanced command mode Syntax end Mode All advanced command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of the end command to...

Page 103: ...sed in User Exec mode the exit command terminates the session Syntax exit Mode All command modes including Global Configuration and Interface Configuration modes Example The following example shows th...

Page 104: ...isplay a description on how to use the system help use the command awplus help Output Figure 1 1 Example output from the help command When you need help at the command line press If nothing matches th...

Page 105: ...erating System Version 5 4 7 1 x CLI NAVIGATION COMMANDS LOGOUT logout Overview This command exits the User Exec or Privileged Exec modes and ends the session Syntax logout Mode User Exec and Privileg...

Page 106: ...sts all command line entries including commands that returned an error For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configur...

Page 107: ...ame To specify a file in the configs directory in Flash flash configs example cfg Copyingtoorfrom a USB storage device usb directory filename To specify a file in the top level directory of the USB st...

Page 108: ...s Use hyphens or underscores instead Syntax for directory listings A leading slash indicates the root of the current filesystem location In commands where you need to specify the local filesystem s Fl...

Page 109: ...page 125 dir on page 126 edit on page 128 edit filename on page 129 erase factory default on page 130 erase startup config on page 131 ip tftp source interface on page 132 ipv6 tftp source interface o...

Page 110: ...se file and or configuration file from the external media An example of a valid autoboot txt file is shown in the following figure Figure 2 1 Example autoboot txt file Use the no variant of this comma...

Page 111: ...or message is displayed For an explanation of the configuration fallback order see the File Management Feature Overview and Configuration Guide Examples To run the configuration file branch cfg stored...

Page 112: ...gement Feature Overview and Configuration Guide Examples To set the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awplus config...

Page 113: ...se file is on a USB storage device if there is a backup release file already specified in Flash If you attempt to set the release file on a USB storage device and a backup release file is not specifie...

Page 114: ...iguration Examples To specify the file AR2050V 5 4 7 0 1 rel as the backup to the main release file use the commands awplus configure terminal awplus config boot system backup flash AR2050V 5 4 7 0 1...

Page 115: ...N MANAGEMENT COMMANDS CD cd Overview This command changes the current working directory Syntax cd directory name Mode Privileged Exec Example To change to the directory called images use the command a...

Page 116: ...d awplus copy sftp 10 0 1 2 new cfg bob key To use SCP with the username beth to copy the file old cfg into the directory config_files on a remote server that is listening on TCP port 2000 use the com...

Page 117: ...the file config cfg into the current directory from a remote file server and rename it to configtest cfg use the command awplus copy fserver config cfg configtest cfg On an AMF managed network to dis...

Page 118: ...e Mode Privileged Exec Example To copy the current software as installed in the working directory with the file name my release rel use the command awplus copy current software my release rel Related...

Page 119: ...ode Privileged Exec Example To copy debug output to a USB storage device with a filename my debug use the following command awplus copy debug usb my debug Output Figure 2 2 CLI prompt after entering t...

Page 120: ...the running config as current cfg to the remote server listening on TCP port 2000 use the command awplus copy running config scp user server 2000 config_files current cfg Related Commands copy startu...

Page 121: ...tory use the command awplus copy startup config oldconfig cfg Related Commands copy running config Parameter Description source name The filename and path of a configuration file This must be a valid...

Page 122: ...icom ZMODEM works over a serial connection and does not need any interfaces configured to do a file transfer Syntax copy source name zmodem copy zmodem Mode Privileged Exec Example To copy the local f...

Page 123: ...and values that are expected in this file are correct After the file is created the create autoboot command will copy the current release and configuration files across to the external media The exte...

Page 124: ...ent directory use the command awplus delete force one cfg To delete the directory old_configs which is not empty use the command awplus delete recursive old_configs To delete the directory new_configs...

Page 125: ...d debug output file Syntax delete debug source name Mode Privileged Exec Example To delete debug output use the following command awplus delete debug Output Figure 2 3 CLI prompt after entering the de...

Page 126: ...us dir flash To list all the files in the root of the Flash filesystem use the command awplus dir all flash To list recursively the files in the Flash filesystem use the command awplus dir recursive f...

Page 127: ...size smallest to largest use the command awplus dir sort reverse size To sort the files by modification time oldest to newest use the command awplus dir sort reverse time Output Figure 2 4 Example out...

Page 128: ...or make sure your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal For more informat...

Page 129: ...your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal Syntax edit filename Mode Priv...

Page 130: ...backup release file license files The device is then rebooted and returned to its factory default condition The device can then be used for AMF automatic node recovery Syntax erase factory default Mod...

Page 131: ...hen it boots up At the next restart the device loads the default configuration file default cfg If default cfg no longer exists then the device loads with the factory default configuration This provid...

Page 132: ...needs to traverse point to point links or subnets within your network and you do not want to propagate those point to point links through your routing tables In those circumstances the TFTP server can...

Page 133: ...o point links or subnets within your network and you do not want to propagate those point to point links through your routing tables In those circumstances the TFTP server cannot dynamically determine...

Page 134: ...name Mode Privileged Exec Usage You cannot name a directory or subdirectory flash nvs usb card tftp scp sftp or http These keywords are reserved for tab completion when using various file commands Ex...

Page 135: ...fg to startup cfg use the command awplus move temp cfg startup cfg To move the file temp cfg from the root of the Flash filesystem to the directory myconfigs use the command awplus move temp cfg mycon...

Page 136: ...nation name debug nvs flash usb Mode Privileged Exec Example To movedebug output onto a USB storagedevicewith a filename my debug use the following command awplus move debug usb my debug Output Figure...

Page 137: ...Operating System Version 5 4 7 1 x FILE AND CONFIGURATION MANAGEMENT COMMANDS PWD pwd Overview This command prints the current working directory Syntax pwd Mode Privileged Exec Example To print the cu...

Page 138: ...ory device See the Introduction on page 107 for syntax details Examples To remove the directory images from the top level of the Flash filesystem use the command awplus rmdir flash images To create a...

Page 139: ...2 6 Example output from the show autoboot command Figure 2 7 Example output from the show autoboot command when an external media source is not present Related Commands autoboot enable create autoboo...

Page 140: ...oot image flash AR2050V 5 4 7 0 1 rel Default boot config flash default cfg Current boot config usb my cfg file exists Backup boot config flash backup cfg file not found Autoboot status enabled Table...

Page 141: ...ed Commands autoboot enable boot config file backup boot system backup show autoboot Backup boot config The configuration file to use during the next boot cycle if the main configuration file cannot b...

Page 142: ...splays the contents of a specified file Syntax show file filename Mode Privileged Exec Example To display the contents of the file oldconfig cfg which is in the current directory use the command awplu...

Page 143: ...28 5M flash rw flash static local Y system rw system virtual local 10 0M 9 8M debug rw debug static local Y 499 0K 431 0K nvs rw nvs static local Y tftp rw tftp network scp rw scp network sftp ro sftp...

Page 144: ...show file Prefixes The prefixes used when entering commands to access the filesystems one of flash system tftp scp sftp http S V D The memory type static virtual dynamic Lcl Ntwk Whether the memory is...

Page 145: ...full Display the running config for all features This is the default setting so it is the same as entering show running config feature Display only the configuration for a single feature The features...

Page 146: ...oute IPv6 static route configuration isakmp Internet Security Association Key Management Protocol ISAKMP configuration key chain Authentication key management configuration l2tp profile L2TP tunnel pr...

Page 147: ...uration web control Web Control configuration Parameter Description awplus show running config service password encryption no banner motd username manager privilege 15 password 8 1 bJoVec4D JwOJGPr7Yq...

Page 148: ...ION MANAGEMENT COMMANDS SHOW RUNNING CONFIG Related Commands copy running config show running config interface interface eth2 ip address 192 168 0 20 16 interface ppp0 ipv6 address 2001 db9 a3 64 ipv6...

Page 149: ...rated list of the above e g vlan2 vlan20 30 Do not mix interface types in a list The specified interfaces must exist lacp Displays running configuration for LACP Link Aggregation Control Protocol for...

Page 150: ...display the current running configuration of a device for VLANs 1 and 3 5 use the command awplus show running config interface vlan1 vlan3 vlan5 To display the current OSPF configuration of your devi...

Page 151: ...lus Feature Overview and Configuration Guide Syntax show startup config Mode Privileged Exec Example To display the contents of the current start up configuration file use the command awplus show star...

Page 152: ...5 2010 Red Hat Inc Command Line Option Parsing Library Copyright c 1998 2002 Red Hat Software Inc Corosync Cluster Engine Copyright c 2002 2004 MontaVista Software Inc All rights reserved Copyright c...

Page 153: ...e University of California All rights reserved DNS Resolver from BIND 4 9 5 Copyright c 1993 by Digital Equipment Corporation Sun RPC Support Copyright c 2010 Oracle America Inc Mach Operating System...

Page 154: ...pyright c 1995 1996 1997 1998 and 1999 WIDE Project All rights reserved Copyright c 2000 Wasabi Systems Inc All rights reserved Copyright c 2004 2006 Emmanuel Dreyfus All rights reserved Copyright c 2...

Page 155: ...hts reserved Copyright c 2007 2012 Google Inc All rights reserved ProL2TP Copyright Katalix Systems Ltd 2010 2011 All rights reserved protobuf Protocol Buffers Copyright 2008 Google Inc Protocol Buffe...

Page 156: ...pyright c 2000 The NetBSD Foundation Inc All rights reserved Copyright c 1996 by Internet Software Consortium Copyright C 1995 2012 Jean loup Gailly and Mark Adler System Call Trace Copyright c 1991 1...

Page 157: ...corruption This is especially important if files may be automatically written to the storage device such as external log files or AMF backup files Syntax unmount usb Mode Privileged Exec Example To un...

Page 158: ...opies the running config into the file that is set as the current startup config file This command is a synonym of the write memory and copy running config startup config commands Syntax write file Mo...

Page 159: ...copies the running config into the file that is set as the current startup config file This command is a synonym of the write file and copy running config startup config commands Syntax write memory...

Page 160: ...NDS WRITE TERMINAL write terminal Overview This command displays the current configuration of the device This command is a synonym of the show running config command Syntax write terminal Mode Privile...

Page 161: ...n page 171 flowcontrol hardware asyn console on page 173 length asyn on page 175 line on page 176 privilege level on page 178 security password history on page 179 security password forced change on p...

Page 162: ...USER ACCESS COMMANDS show privilege on page 190 show security password configuration on page 191 show security password user on page 192 show telnet on page 193 show users on page 194 telnet on page 1...

Page 163: ...nal session exists on the line then the terminal session is terminated If console line settings have changed then the new settings are applied Syntax clear line console 0 Mode Privileged Exec Example...

Page 164: ...E VTY clear line vty Overview This command resets a VTY line If a session exists on the line then it is closed Syntax clear line vty 0 32 Mode Privileged Exec Example To reset the first VTY line use t...

Page 165: ...o set a password for entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that t...

Page 166: ...irst use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The adv...

Page 167: ...ypted string and not the text string awplus configure terminal awplus config enable password 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privile...

Page 168: ...ering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that the configuration is diff...

Page 169: ...e the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The advantage...

Page 170: ...string and not the text string awplus configure terminal awplus config enable secret 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privileged Exec...

Page 171: ...it times out An exec timeout 0 0 setting will cause the telnet session to wait indefinitely The command exec timeout 0 0 is useful while configuring a device but reduces device security If no input i...

Page 172: ...C613 50186 01 Rev B Command Reference for AR2050V 172 AlliedWare Plus Operating System Version 5 4 7 1 x USER ACCESS COMMANDS EXEC TIMEOUT Related Commands line service telnet...

Page 173: ...ssage is sent to the sending device to suspend the transmission until the data in the buffers has been processed Hardware flow control can be configured on terminal console lines e g asyn0 For Reverse...

Page 174: ...ntrol on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line flowcontrol hardware To disable hardware flow control on terminal consol...

Page 175: ...than the length of the line the output will be paused and the More prompt allows you to move to the next screen full of data A length of 0 will turn off pausing and data will be displayed to the conso...

Page 176: ...change the console asyn port speed use this line command to enter Line Configuration mode before using the speed asyn command Set the console speed Baud rate to match the transmission rate of the dev...

Page 177: ...enter Line Configuration mode to configure the console asyn 0 port terminal line use the commands awplus configure terminal awplus config line console 0 awplus config line Related Commands accounting...

Page 178: ...and all User Exec commands However intermediate CLI security will not show configuration commands in Privileged Exec Examples To set the console connection to have the maximum privilege level use the...

Page 179: ...mand awplus configure terminal awplus config security password history 3 To allow the reuse of recent passwords use the command awplus configure terminal awplus config no security password history Rel...

Page 180: ...ired pwd feature must be disabled with the security password reject expired pwd command The no variant of the command disables this feature Syntax security password forced change no security password...

Page 181: ...time is 0 which will disable the lifetime functionality Mode Global Configuration Example To configure the password lifetime to 10 days use the command awplus configure terminal awplus config security...

Page 182: ...rom re using old passwords For example if you do not allow people to re use any of their last 5 passwords a person can bypass that restriction by changing their password 5 times in quick succession an...

Page 183: ...align with the lifetime selected i e the fewer categories specified the shorter the lifetime specified Syntax security password minimum categories 1 4 Default The default number of categories that th...

Page 184: ...m password length is 1 Mode Global Configuration Example To configure the required minimum password length as 8 use the command awplus configure terminal awplus config security password minimum length...

Page 185: ...nfig file Note that when the reject expired pwd functionality is disabled and a user logs on with an expired password if the forced change feature is enabled with security password forced change comma...

Page 186: ...Mode Global Configuration Example To configure a warning period of three days use the command awplus configure terminal awplus config security password warning 3 Related Commands security password for...

Page 187: ...displays the possible options The no service advanced vty command disables the advanced vty help feature Syntax service advanced vty no service advanced vty Default The advanced vty help feature is e...

Page 188: ...ice displays passwords in the running config in encrypted form instead of in plain text Use the no service password encryption command to stop the device from displaying newly entered passwords in enc...

Page 189: ...telnet sessions will still be active Syntax service telnet ip ipv6 no service telnet ip ipv6 Default The IPv4 and IPv6 telnet servers are enabled by default The configured telnet port is TCP port 23...

Page 190: ...gives full user access to all Privileged Exec commands Syntax show privilege Mode User Exec and Privileged Exec Usage A user can have an intermediate CLI security level set with this command for priv...

Page 191: ...t Figure 3 2 Example output from the show security password configuration command Related Commands security password forced change security password history security password lifetime security passwor...

Page 192: ...security password user Output Figure 3 3 Example output from the show security password user command Related Commands security password forced change security password history security password lifeti...

Page 193: ...ows the Telnet server settings Syntax show telnet Mode User Exec and Privileged Exec Example To show the Telnet server settings use the command awplus show telnet Output Figure 3 4 Example output from...

Page 194: ...ommand Line User Host s Idle Location Priv Idletime Timeout con 0 manager idle 00 00 00 ttyS0 15 10 N A vty 0 bob idle 00 00 03 172 16 11 3 1 0 5 Table 1 Parameters in the output of the show users com...

Page 195: ...100 use the command awplus telnet host example 100 Example VRF lite To open a telnet session to a remote host 192 168 0 1 associated with VRF instance red use the command awplus telnet vrf red ip 192...

Page 196: ...nabled then it will be restarted on the new port Changing the port number does not affect the port used by existing sessions Syntax telnet server 1 65535 default Mode Global Configuration Example To e...

Page 197: ...cified by this command The default length will apply unless you have changed the length for some or all lines by using the length asyn command Syntax terminal length length terminal no length length M...

Page 198: ...on the user s terminal Syntax terminal resize Mode User Exec and Privileged Exec Usage When the user s terminal size is changed then a remote session via SSH or TELNET adjusts the terminal size automa...

Page 199: ...e levels if an enable password has been configured for the level the user tries to access and the user enters that password A user at privilege level 1 can access the majority of show commands A user...

Page 200: ...o create the user bob with a privilege level of 15 for all show commands including show running configuration and show startup configuration and to access configuration commands in Privileged Exec com...

Page 201: ...ides an alphabetical reference of commands used to configure the GUI For more information see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List atmf topolo...

Page 202: ...bled by default on Controllers Mode Global Configuration mode Usage To use Vista Manager EX you must also enable the HTTP service on all AMF nodes including all AMF masters and controllers The HTTP se...

Page 203: ...GUI Mode Global Configuration Usage Note that any device on which a non default secure port is set will have limited capabilities when accessed via Vista Manager Additionally all external API request...

Page 204: ...sends the messages out as they come NOTE There is a difference between log event and log host messages Log event messages are sent out as they come by syslog Log host messages are set to wait for a n...

Page 205: ...support Vista Manager EX and the Firewall GUI Use the no variant of this command to disable the HTTP feature Syntax service http no service http Default Disabled Mode Global Configuration Example To e...

Page 206: ...erver settings Syntax show http Mode User Exec and Privileged Exec Example To show the HTTP server settings use the command awplus show http Output Figure 4 1 Example output from the show http command...

Page 207: ...tax update webgui now Mode Privileged Exec Usage This command applies since software version 5 4 6 1 1 Prior to 5 4 6 1 1 users used the copy command to copy GUI files onto the AR series firewall inst...

Page 208: ...sion 5 4 7 1 x Update Manager Commands Introduction This chapter provides an alphabetical reference of commands used to update a resource For more information see the Update Manager Feature Overview a...

Page 209: ...example output are explained in the following table Related Commands update webgui now Parameter Description resource_name Specific resource to show Table 5 1 awplus show resource Resource Name Statu...

Page 210: ...e Syntax update webgui now Mode Privileged Exec Usage This command applies since software version 5 4 6 1 1 Prior to 5 4 6 1 1 users used the copy command to copy GUI files onto the AR series firewall...

Page 211: ...anner login system on page 215 banner motd on page 217 clock set on page 219 clock summer time date on page 220 clock summer time recurring on page 222 clock timezone on page 224 hostname on page 225...

Page 212: ...on page 250 show process on page 251 show reboot history on page 253 show router id on page 254 show system on page 255 show system environment on page 256 show system interrupts on page 257 show sys...

Page 213: ...re Plus version and build date is displayed at console login such as Mode Global Configuration Examples To configure a User Exec mode banner after login in this example to tell people to use the enabl...

Page 214: ...SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER EXEC To remove the User Exec mode banner after login enter the following commands Related Commands banner login system banner motd awplus configure...

Page 215: ...login banner Syntax banner login no banner login Default By default no login banner is displayed at console login Mode Global Configuration Examples To configure a login banner of Authorised users onl...

Page 216: ...50186 01 Rev B Command Reference for AR2050V 216 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER LOGIN SYSTEM Related Commands banner exec banner...

Page 217: ...banner motd motd text no banner motd Default By default the device displays the AlliedWare Plus OS version and build date when you login Mode Global Configuration Examples To configure a MotD banner o...

Page 218: ...N AND MONITORING COMMANDS BANNER MOTD Related Commands banner exec banner login system awplus enable awplus configure terminal Enter configuration commands one per line End with CNTL Z awplus config n...

Page 219: ...et to the local time NOTE If Network Time Protocol NTP is enabled then you cannot change the time or date using this command NTP maintains the clock automatically using an external time source If you...

Page 220: ...ard time and NZDT UTC 13 00 assummertime with thesummertimesetto begin on the 25th of September 2016 and end on the 2nd of April 2017 awplus config clock summer time NZDT date 25 sep 2 00 2016 2 apr 2...

Page 221: ...v B Command Reference for AR2050V 221 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS CLOCK SUMMER TIME DATE Related Commands clock summer time recurrin...

Page 222: ...ry year from now on start week Week of the month when summertime starts in the range 1 5 The value 5 indicates the last week that has the specified day in it for the specified month For example to sta...

Page 223: ...ion for New Zealand using NZST UTC 12 00 as the standard time and NZDT UTC 13 00 as summertime with summertime set to start on the last Sunday in September and end on the 1st Sunday in April use the c...

Page 224: ...to the local time Examples To set the timezone to New Zealand Standard Time with an offset from UTC of 12 hours use the command awplus config clock timezone NZST plus 12 To set the timezone to Indian...

Page 225: ...ation Usage Within an AMF network any device without a user defined hostname will automatically be assigned a name based on its MAC address To efficiently manage your network using AMF we strongly adv...

Page 226: ...ng System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS HOSTNAME NOTE When AMF is configured running the no hostname command will apply a hostname that is based on the MAC address of...

Page 227: ...67294 Mode Global Configuration Examples To set the maximum number of dynamic routes to 2000 and warning threshold of 75 use the following commands awplus config terminal awplus config max fib routes...

Page 228: ...C613 50186 01 Rev B Command Reference for AR2050V 228 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS MAX FIB ROUTES Related Commands max fib routes VRF...

Page 229: ...to set the maximum number of static routes to the default of 1024 static routes Syntax max static routes 1 1024 no max static routes Default The default number of static routes is the maximum number o...

Page 230: ...debugging use the command awplus no debug all ipv6 To disable all NSM debugging use the command awplus no debug all nsm To disable all OSPF debugging use the command awplus no debug all ospf To disabl...

Page 231: ...tem Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS NO DEBUG ALL To disable all VRRP debugging use the command awplus no debug all vrrp Related Commands undebug all Command changes Vers...

Page 232: ...MANDS REBOOT reboot Overview This command halts the device and performs a cold restart also known as reload It displays a confirmation request before restarting Syntax reboot reload Mode Privileged Ex...

Page 233: ...B Command Reference for AR2050V 233 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS RELOAD reload Overview This command performs the same function as t...

Page 234: ...2016 01 56 06 0000 Timezone NZST Timezone Offset 12 00 Summer time zone NZDT Summer time starts Last Sunday in September at 02 00 00 Summer time ends First Sunday in April at 02 00 00 Summer time off...

Page 235: ...Reference for AR2050V 235 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CLOCK Related Commands clock set clock summer time date clock summer tim...

Page 236: ...nfiguration Guide Syntax show cpu sort thrds pri sleep runtime Mode User Exec and Privileged Exec Examples To show the CPU utilization of current processes sorting them by the number of threads the pr...

Page 237: ...s daemon 1 0 0 20 sleep 0 2 532 automount 1 0 0 20 sleep 0 453 571 appmond 1 0 0 20 sleep 0 41 587 crond 1 0 0 20 sleep 0 17 589 openhpid 9 0 0 20 sleep 0 284 609 inetd 1 0 0 20 sleep 0 2 761 nsm 1 0...

Page 238: ...averages The average number of processes waiting for CPU time for the periods stated Current CPU load Current CPU utilization specified by load types pid Identifier number of the process name A shorte...

Page 239: ...onfiguration Guide Syntax show cpu history Mode User Exec and Privileged Exec Usage This command s output displays three graphs of the percentage CPU utilization per second for the last minute then pe...

Page 240: ...Related Commands show memory show memory allocations show memory pools show process Per minute CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per minute last 60 minutes averag...

Page 241: ...l debugging information use the command awplus show debugging Output Figure 6 4 Example output from the show debugging command awplus show debugging AAA debugging status Authentication debugging is of...

Page 242: ...mory used by port1 0 1 and port1 0 5 to port1 0 6 use the command awplus show interface port1 0 1 port1 0 5 1 0 6 memory Output Figure 6 5 Example output from the show interface memory command Paramet...

Page 243: ...ure 6 6 Example output from show interface port list memory for a list of interfaces Related Commands show interface brief show interface status show interface switchport awplus show interface port1 0...

Page 244: ...ify this then the list is sorted by percentage memory utilization size Sort by the amount of memory the process is currently using peak Sort by the amount of memory the process is currently using stk...

Page 245: ...the output of the show memory command Parameter Description RAM total Total amount of RAM memory free free Available memory size buffers Memory allocated kernel buffers pid Identifier number for the p...

Page 246: ...he memory allocations used by all processes on your device use the command awplus show memory allocations Output Figure 6 8 Example output from the show memory allocations command Parameter Descriptio...

Page 247: ...or AR2050V 247 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW MEMORY ALLOCATIONS Related Commands show memory show memory history show memory pool...

Page 248: ...c and Privileged Exec Usage This command s output displays three graphs of the percentage memory utilization per second for the last minute then per minute for the last hour then per 30 minutes for th...

Page 249: ...memory pools used by processes use the command awplus show memory pools Output Figure 6 10 Example output from the show memory pools command Related Commands show memory allocations show memory histo...

Page 250: ...e Plus Feature Overview and Configuration Guide Syntax show memory shared Mode User Exec and Privileged Exec Example To display information about the shared memory allocation used on the device use th...

Page 251: ...memory history Example To display a summary of the current running processes use the command awplus show process Output Figure 6 12 Example output from the show process command Parameter Description...

Page 252: ...processes waiting for CPU time for the periods stated Current CPU load Current CPU utilization specified by load types RAM total Total memory size free Available memory buffers Memory allocated to ke...

Page 253: ...ory command Related Commands show tech support awplus show reboot history date time type description 2016 10 10 01 42 04 Expected User Request 2016 10 10 01 35 31 Expected User Request 2016 10 10 01 1...

Page 254: ...ER ID show router id Overview Use this command to show the Router ID of the current system Syntax show router id Mode User Exec and Privileged Exec Example To display the Router ID of the current syst...

Page 255: ...yntax show system Mode User Exec and Privileged Exec Example To display configuration information use the command awplus show system Output Figure 6 15 Example output from show system Related Commands...

Page 256: ...ntax show system environment Mode User Exec and Privileged Exec Example To display the system s environmental status use the command awplus show system environment Output Figure 6 16 Example output fr...

Page 257: ...upts Mode User Exec and Privileged Exec Example To display information about the number of interrupts for each IRQ in your device use the command awplus show system interrupts Output Figure 6 17 Examp...

Page 258: ...system mac Overview This command displays the physical MAC address of the device Syntax show system mac Mode User Exec and Privileged Exec Example To display the physical MAC address enter the follow...

Page 259: ...OW SYSTEM PCI DEVICE show system pci device Overview Use this command to display the PCI devices on your device Syntax show system pci device Mode User Exec and Privileged Exec Example To display info...

Page 260: ...NDS SHOW SYSTEM PCI TREE show system pci tree Overview Use this command to display the PCI tree on your device Syntax show system pci tree Mode User Exec and Privileged Exec Example To display informa...

Page 261: ...n for the device For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show system serialnumber Mode User...

Page 262: ...sn epsr firewall igmp ip ipv6 mld openflow ospf ospf6 pim rip ripng stack stp system tacacs update outfile filename Parameter Description all Display full information atmf Display ATMF specific inform...

Page 263: ...lready exists a newfilenameis generated withthe current timestamp If the output filename does not end with gz then gz is appended to the filename Since output files may be too large for Flash on the d...

Page 264: ...uration Usage This command is used to change the console asyn port speed Set the console speed to matchthetransmissionrateofthe device connectedto theconsole asyn port on your device Example To set th...

Page 265: ...and Reference for AR2050V 265 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SPEED ASYN Related Commands clear line console line show running config sh...

Page 266: ...nal or use the timeout option to stop displaying debugging output on the terminal after a set time Syntax terminal monitor 1 60 terminal no monitor Default Disabled Mode User Exec and Privileged Exec...

Page 267: ...nd Reference for AR2050V 267 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS UNDEBUG ALL undebug all Overview This command applies the functionality of...

Page 268: ...clear exception log on page 271 clear log on page 272 clear log buffered on page 273 clear log external on page 274 clear log permanent on page 275 connection log events on page 276 copy buffered log...

Page 269: ...og external size on page 321 log facility on page 322 log host on page 324 log host filter on page 326 log host exclude on page 329 log host source on page 332 log host time on page 333 log monitor fi...

Page 270: ...C613 50186 01 Rev B Command Reference for AR2050V 270 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS show running config log on page 362 unmount on page 363...

Page 271: ...ng System Version 5 4 7 1 x LOGGING COMMANDS CLEAR EXCEPTION LOG clear exception log Overview This command resets the contents of the exception log but does not remove the associated core files Syntax...

Page 272: ...NG COMMANDS CLEAR LOG clear log Overview This command removes the contents of the buffered and permanent logs Syntax clear log Mode Privileged Exec Example To delete the contents of the buffered and p...

Page 273: ...fered Overview This command removes the contents of the buffered log Syntax clear log buffered Mode Privileged Exec Example To delete the contents of the buffered log use the following commands awplus...

Page 274: ...he external log is rotating between multiple files this command deletes all those files not just the most recent one Syntax clear log external Mode Privileged Exec Example To delete the external log f...

Page 275: ...rview This command removes the contents of the permanent log Syntax clear log permanent Mode Privileged Exec Example To delete the contents of the permanent log use the following commands awplus clear...

Page 276: ...two types of messages you can log new connections and connections that ended You can control the amount of messages you log by choosing to log either type of message or all of the message types Messag...

Page 277: ...copy buffered log destination name Mode Privileged Exec Example To copy the buffered log file onto a USB storage device and name the file buffered log log use the command awplus copy buffered log usb...

Page 278: ...ermanent log destination name Mode Privileged Exec Example To copy the permanent log file onto a USB storage device and name the file permanent log log use the command awplus copy permanent log usb pe...

Page 279: ...e buffered log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log buffered Default The buffered log is enabled by default Mode Global Configuration Examp...

Page 280: ...es sent to the terminal when a log console command is issued By default all messages are sent to the console when a log console command is issued Syntax default log console Mode Global Configuration E...

Page 281: ...be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log email email address Mode Global Configuration Example To restore the default settin...

Page 282: ...essages with a severity level of notices and above Note that this command does not clear the configured filename for the external log Syntax default log external Mode Global Configuration Example To r...

Page 283: ...will be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log host ip addr Mode Global Configuration Example To restore the default settings...

Page 284: ...nt to the terminal when a terminal monitor command is used Syntax default log monitor Default All messages are sent to the terminal when a terminal monitor command is used Mode Global Configuration Ex...

Page 285: ...ent log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log permanent Default The permanent log is enabled by default Mode Global Configuration Example To...

Page 286: ...to make way for new ones Syntax log buffered no log buffered Default The buffered log is configured by default Mode Global Configuration Examples To configured the device to store log messages in RAM...

Page 287: ...of message to send to the buffered log The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is un...

Page 288: ...rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Filter messages to t...

Page 289: ...ve a filter that sends all messages containing the text Bridging initialization to the buffered log use the following commands awplus configure terminal awplus config no log buffered msgtext Bridging...

Page 290: ...ssages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest...

Page 291: ...ol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a syslog facility facility Sp...

Page 292: ...for AR2050V 292 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG BUFFERED EXCLUDE Related Commands clear log buffered default log buffered log buffered log buffered filter log b...

Page 293: ...filled old messages will be deleted to make room for new messages Syntax log buffered size 50 250 Mode Global Configuration Example To allow the buffered log to use up to 100 kB of RAM use the follow...

Page 294: ...e no variant of this command to configure the device not to send log messages to consoles Syntax log console no log console Mode Global Configuration Examples To configure the device to send log messa...

Page 295: ...es where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 wa...

Page 296: ...y level messages to the console use the following commands awplus configure terminal awplus config no log console level critical rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Prot...

Page 297: ...Rev B Command Reference for AR2050V 297 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG CONSOLE FILTER Related Commands default log console log console log console exclude sho...

Page 298: ...Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is t...

Page 299: ...panning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a syslog f...

Page 300: ...Rev B Command Reference for AR2050V 300 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG CONSOLE EXCLUDE Related Commands default log console log console log console filter sho...

Page 301: ...8 55 43 13 00 user notice Gateway IMISH 1983 manager ttyS0 show run This is a log message with the default date format 2016 Sep 29 08 55 43 user notice Gateway IMISH 1983 manager ttyS0 show run Thedat...

Page 302: ...Default By default no filters are defined for email log targets Filters must be defined before messages will be sent Mode Global Configuration Example To have log messages emailed to the email address...

Page 303: ...address to send logging messages to level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names whe...

Page 304: ...ree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Filter messages by syslog facility facili...

Page 305: ...om level informational To stop the device emailing log messages emailed to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config no log email adm...

Page 306: ...xt string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names whe...

Page 307: ...nning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a syslog fac...

Page 308: ...v B Command Reference for AR2050V 308 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG EMAIL EXCLUDE Related Commands default log email log email log email filter log email time...

Page 309: ...se the offset option if the email recipient is in a different time zone to this device Specify the time offset of the email recipient in hours Messages will display the time they were generated on thi...

Page 310: ...formation converted to the time zone of the email recipient which is 3 hours ahead of the device s local time zone use the following commands awplus configure terminal awplus config log email admin ba...

Page 311: ...e systems have a lower risk of file corruption occurring if the switch or firewall loses power You should also unmount the storage device before removing it from the switch or firewall to avoid corrup...

Page 312: ...50186 01 Rev B Command Reference for AR2050V 312 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG EXTERNAL show log external unmount Command changes Version 5 4 7 1 1 command a...

Page 313: ...ription level Filter messages to the external log by severity level level The minimum severity of message to send to the external log The level can be specified as one of the following numbers or leve...

Page 314: ...ning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Filter messages to the external log...

Page 315: ...al awplus config log external msgtext Bridging initialization To remove a filter that sends all messages containing the text Bridging initialization to the external log use the following commands awpl...

Page 316: ...ssages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest...

Page 317: ...anning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a syslog fa...

Page 318: ...re Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG EXTERNAL EXCLUDE default log external log external log external filter log external rotate log external size show log config show log ex...

Page 319: ...ting rotate to 2 makes the device rotate through 3 files Note that if you set rotate to 0 and the external log file becomes full then the device deletes the full log file and creates a new empty file...

Page 320: ...System Version 5 4 7 1 x LOGGING COMMANDS LOG EXTERNAL ROTATE Related Commands clear log external default log external log external log external filter log external exclude log external size show log...

Page 321: ...al rotate 1 each file will have a maximum size of 25 kBytes by default Use the no variant of this command to return to the default size Syntax log external size 50 4194304 no log external size Default...

Page 322: ...onfiguration Usage Specifying different facilities for log messages generated on different devices can allow messages from multiple devices sent to a common server to be distinguished from each other...

Page 323: ...y local6 Related Commands show log config ftp FTP daemon local 0 7 The facility labels above have specific meanings while the local facility labels are intended to be put to local use In AlliedWare Pl...

Page 324: ...e for any of the trustpoints that are associated with the application The remote server may also request that a certificate is transmitted from the local device In this situation the first trustpoint...

Page 325: ...50186 01 Rev B Command Reference for AR2050V 325 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG HOST log host exclude log host source log host time log trustpoint show log co...

Page 326: ...emote syslog server level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highe...

Page 327: ...tiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Filter messages by syslog facility facility Specify one of the foll...

Page 328: ...t sends all messages containing the text Bridging initialization to a remote syslog server with IP address 10 32 16 21 use the following commands awplus configure terminal awplus config no log host 10...

Page 329: ...ameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the h...

Page 330: ...ning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a syslog faci...

Page 331: ...mmand Reference for AR2050V 331 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG HOST EXCLUDE Related Commands default log host log host log host filter log host source log host...

Page 332: ...variant of this command to stop specifying a source interface or address Syntax log host source interface name ipv4 addr ipv6 addr no log host source Default None no source is configured Mode Global C...

Page 333: ...mote syslog server in hours Messages will display the time they were generated on this device but converted to the time zone of the remote syslog server Examples To send messages to the remote syslog...

Page 334: ...zone use the following commands awplus configure terminal awplus config log host 10 32 16 12 time local offset plus 3 To send messages to the remote syslog server with the IP address 10 32 16 02 with...

Page 335: ...mbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Err...

Page 336: ...terminal awplus config no log monitor level debugging stp Spanning Tree Protocol STP rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interfac...

Page 337: ...ev B Command Reference for AR2050V 337 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG MONITOR FILTER Related Commands default log monitor log monitor exclude show log config t...

Page 338: ...ng Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is...

Page 339: ...apid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a sy...

Page 340: ...ev B Command Reference for AR2050V 340 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG MONITOR EXCLUDE Related Commands default log monitor log monitor filter show log config t...

Page 341: ...for new messages The no variant of this command configures the device not to send any messages to the permanent log Log messages will not be retained over a restart Syntax log permanent no log perman...

Page 342: ...nimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusabl...

Page 343: ...tocol LACP stp Spanning Tree Protocol STP rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface...

Page 344: ...6 01 Rev B Command Reference for AR2050V 344 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG PERMANENT FILTER log permanent exclude log permanent size show log config show log...

Page 345: ...xclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is t...

Page 346: ...Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a syslog...

Page 347: ...Reference for AR2050V 347 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG PERMANENT EXCLUDE default log permanent log permanent log permanent filter log permanent size show lo...

Page 348: ...messages will be deleted to make room for new messages Syntax log permanent size 50 250 Mode Global Configuration Example To allow the permanent log to use up to 100 kB of NVS use the following comma...

Page 349: ...log rate limiting feature constrains the rate that log messages are generated by the device Notethatif withinthe giventimeinterval thenumberoflogmessages exceeds the limit then any excess log message...

Page 350: ...edWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG RATE LIMIT NSM To return the device the default setting to generate up to 200 log messages per second use the following commands awp...

Page 351: ...certificate received from the remote server must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints...

Page 352: ...ing of HTTP and HTTPS URL requests passing through the firewall Syntax log url requests no log url requests Default Disabled by default Mode URL Filter Configuration Usage When enabled additional log...

Page 353: ...wall as configured by the connection log events command Syntax show connection log events Mode User Exec Example To show the logging configuration state for the connections passing through the firewal...

Page 354: ...ved P4 32 Total Received P5 312 Total Received P6 1602 Total Received P7 372 Table 8 Parameters in output of the show counter log command Parameter Description Total Received Total number of messages...

Page 355: ...ption log Mode User Exec and Privileged Exec Example To display the exception log use the command awplus show exception log Output Figure 7 3 Example output from the show exception log command on a de...

Page 356: ...n Usage If the optional tail parameter is specified only the latest 10 messages in the buffered log are displayed A numerical value can be specified after the tail parameter to select how many of the...

Page 357: ...notice awplus kernel Linux version 2 6 32 12 at1 mak er awpmaker03 dl gcc version 4 3 3 Gentoo 4 3 3 r3 p1 2 pie 10 1 5 1 Wed Dec 8 11 53 40 NZDT 2010 2011 Aug 29 07 55 22 kern warning awplus kernel N...

Page 358: ...Example To display the logging configuration use the command awplus show log config Output Figure 7 5 Example output from show log config Facility default PKI trustpoints example_trustpoint Buffered l...

Page 359: ...ot be set at the same time If console logging is enabled then the terminal logging is turned off Related Commands show counter log show log show log permanent Host 10 32 16 21 Time offset 2 00 Offset...

Page 360: ...atest 10 messages in the permanent log are displayed A numerical value can be specified after the tail parameter to change how many of the latest messages should be displayed Example To display the la...

Page 361: ...Figure 7 6 Example output from show log permanent Related Commands clear log permanent copy permanent log default log permanent log permanent log permanent filter log permanent exclude log permanent...

Page 362: ...LOG show running config log Overview This command displays the current running configuration of the Log utility Syntax show running config log Mode Privileged Exec and Global Configuration Example To...

Page 363: ...is is especially important if files may be automatically written to the storage device such as external log files or AMF backup files Syntax unmount usb Mode Privileged Exec Example To unmount a USB s...

Page 364: ...nce for AR2050V 364 AlliedWare Plus Operating System Version 5 4 7 1 x Scripting Commands Introduction Overview This chapter provides commands used for command scripts Command List activate on page 36...

Page 365: ...lename extension of either sh or scp only for the AlliedWare Plus CLI to activate the script file The sh filename extension indicates the file is an ASH script and the scp filename extension indicates...

Page 366: ...the terminal followed by a blank line Syntax echo line Mode User Exec and Privileged Exec Usage This command may be useful in CLI scripts to make the script print user visible comments Example To echo...

Page 367: ...he command line Usage Use this command to pause script execution in an scp AlliedWare Plus script or an sh ASH script file executed by the activate command The script must contain an enable command be...

Page 368: ...rence of commands used to configure and display interfaces Command List description interface on page 369 interface to configure on page 370 ip tcp adjust mss on page 372 ipv6 tcp adjust mss on page 3...

Page 369: ...ion Mode Interface Configuration Example The following example uses this command to describe the device that a switch port is connected to awplus configure terminal awplus config interface port1 0 2 a...

Page 370: ...oopback interfaces can add flexibility and simplify management information gathering and filtering One example of this increased reliability is for OSPF to advertise a local loopback interface as an i...

Page 371: ...le shows how to enter Interface mode to configure PPP interface PPP0 awplus configure terminal awplus config interface ppp0 awplus config if The following example shows how to enter Interface mode to...

Page 372: ...n a host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmis...

Page 373: ...1 x INTERFACE COMMANDS IP TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no i...

Page 374: ...a host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmiss...

Page 375: ...x INTERFACE COMMANDS IPV6 TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no...

Page 376: ...onal components Source and Destination addresses EtherType field Priority and VLAN tag fields FCS These additional components increase the frame size internally to 1522 bytes in the default case Synta...

Page 377: ...fragmentation needed and DF set 4 code back to the source For IPv6 packets bigger than the MTU size of the transmitting VLAN interface an ICMP packet too big ICMP type 2 code 0 message is sent to the...

Page 378: ...perating System Version 5 4 7 1 x INTERFACE COMMANDS MTU To restore the MTU size to the default MTU size of 1500 bytes on vlan2 to vlan4 use the commands awplus configure terminal awplus config interf...

Page 379: ...or switch ports Example To display configuration and status information for all interfaces use the command awplus show interface Parameter Description interface list The interfaces or ports to configu...

Page 380: ...re is Ethernet address is 0000 cd24 daeb index 5001 metric 1 mru 1500 UP BROADCAST RUNNING MULTICAST current duplex full current speed 1000 configured duplex auto configured speed auto configured pola...

Page 381: ...ut packets 299172 bytes 67379392 multicast packets 0 broadcast packets 0 Time since last state change 0 days 14 22 39 Interface vlan2 Scope both Link is DOWN administrative state is UP Hardware is VLA...

Page 382: ...ow interface brief awplus show interface eth1 Interface eth1 Link is DOWN administrative state is UP Hardware is Ethernet address is 0200 0034 5682 index 9 metric 1 mtu 1500 configured duplex auto con...

Page 383: ...le output from show interface brief Related Commands show interface show interface memory awplus show interface brief Interface Status Protocol port1 0 1 admin up down port1 0 2 admin up down port1 0...

Page 384: ...port1 0 1 and port1 0 5 to port1 0 6 use the command awplus show interface port1 0 1 port1 0 5 1 0 6 memory Output Figure 9 6 Example output from the show interface memory command Parameter Descriptio...

Page 385: ...le output from show interface port list memory for a list of interfaces Related Commands show interface brief show interface status show interface switchport awplus show interface port1 0 1 port1 0 5...

Page 386: ...nge of ports separated by a hyphen e g port1 0 1 1 0 6 or sa1 2 or po1 2 a comma separated list of ports and port ranges e g port1 0 1 port1 0 4 1 0 6 Do not mix switch ports static channel groups and...

Page 387: ...promiscuous it displays the primary VLAN ID if it has one and promiscuous if it does not have a VLAN ID When the VLAN mode is private host it displays the primary and secondary VLAN IDs When the port...

Page 388: ...ator and its component ports as admin down While the aggregator is down the device accepts shutdown and no shutdown commands on component ports but these have no effect on port status Ports will not c...

Page 389: ...ew This chapter provides an alphabetical reference of commands used to configure USB Cellular Modems For more information see the USB Cellular Modem Feature Overview and Configuration Guide Command Li...

Page 390: ...be specified in this case any APN can be used Examples To set the APN to www example com for a cellular interface use the commands awplus configure terminal awplus config int cellular0 awplus config i...

Page 391: ...C613 50186 01 Rev B Command Reference for AR2050V 391 AlliedWare Plus Operating System Version 5 4 7 1 x USB CELLULAR MODEM COMMANDS APN show cellular show system usb usb mode switch...

Page 392: ...he chat script file must have the file extension chat The chat script consists of a sequence of expect send pairs of strings The send strings are AT Hayes commands Any occurrence of the string APN in...

Page 393: ...g interface eth1 1 or a cellular interface e g interface cellular0 L2TP Tunnel Configuration mode for an L2TP tunnel e g l2tp tunnel tunnel0 Examples To configure a PPP interface with index 0 for Ethe...

Page 394: ...B CELLULAR MODEM COMMANDS ENCAPSULATION PPP To remove the PPP interface with index 1 from L2TP tunnel tunnel1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config...

Page 395: ...obtained from the cellular modem For information that is common to most cellular modems unknown will be displayed if the information was not obtained successfully Examples To show status information...

Page 396: ...ce Type Autobauding Enabled Service Data circuit asynchronous UDI or 3 1 kHz modem Connection Element Non transparent Automatic time and time zone update via NITS Not enabled PPP support between TE an...

Page 397: ...itch Signal Strength RSSI dBm 64 ECIO dBm 5 RSCP dBm 69 ICCID 984610411061462785F5 Software Version E1762 11 126 10 00 74 CD25TCPV Ver B HSUPA status Enabled HSDPA status Enabled Card Mode USIM Device...

Page 398: ...ater detail of information about USB devices connected to your AR Series Firewall use the command awplus show system usb detail Output Figure 10 5 Example output from show system usb detail Parameter...

Page 399: ...AWEI Technology iProduct 2 HUAWEI Mobile iSerial 0 bNumConfigurations 1 Configuration Descriptor bLength 9 bDescriptorType 2 wTotalLength 85 bNumInterfaces 3 bConfigurationValue 1 iConfiguration 1 Hua...

Page 400: ...ng the device s vendor ID product id Specify the USB device s product ID product id 4 digit hexadecimal value representing the device s product ID manufacturer Specify the USB product descriptor manuf...

Page 401: ...seful if there are multiple devices that have the same product and vendor IDs but differ in the other parameters The mode switch configuration files must have the extension conf Examples To add a mode...

Page 402: ...Mirroring Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure Port Mirroring For more information see the Mirroring Feature Overview and Config...

Page 403: ...A mirror port cannot be associated with a VLAN If a switch port is configured to be a mirror port it is automatically removed from any VLAN it was associated with This command can only be applied to...

Page 404: ...4 7 1 x PORT MIRRORING COMMANDS MIRROR INTERFACE Example To mirror traffic received and transmitted on port1 0 4 and port1 0 5 to destination port1 0 3 use the commands awplus configure terminal awplu...

Page 405: ...1 Example output from the show mirror command Mirror Test Port Name port1 0 1 Mirror option Enabled Mirror direction both Monitored Port Name port1 0 2 Mirror Test Port Name port1 0 3 Mirror option E...

Page 406: ...ser Exec Privileged Exec and Interface Configuration Example To display port mirroring configuration for the port1 0 4 use the following commands awplus configure terminal awplus config interface port...

Page 407: ...s Operating System Version 5 4 7 1 x Interface Testing Commands Introduction Overview This chapter provides an alphabetical reference of commands used for testing interfaces Command List clear test in...

Page 408: ...clear test interface port list all Mode Privileged Exec Examples To clear the counters for port1 0 1 use the command awplus clear test interface port1 0 1 To clear the counters for all interfaces use...

Page 409: ...entering this command enter Interface Configuration mode for the desired interfaces and enter the command test interface Do not test interfaces on a device that is part of a live network disconnect t...

Page 410: ...100 NOTE Do not run test interface on live networks because this will degrade network performance Syntax test interface port list all time 1 60 cont no test interface port list all Mode Privileged Ex...

Page 411: ...nter the following commands awplus config service test awplus config no spanning tree rstp enable bridge forward awplus config interface vlan1 awplus config if shutdown awplus config if end awplus tes...

Page 412: ...C613 50186 01 Rev B Command Reference for AR2050V 412 AlliedWare Plus Operating System Version 5 4 7 1 x Part 2 Interfaces and Layer 2...

Page 413: ...able dynamic on page 417 clear mac address table static on page 419 clear port counter on page 420 debug platform packet on page 421 duplex on page 423 flowcontrol switch port on page 425 linkflap act...

Page 414: ...e for AR2050V 414 AlliedWare Plus Operating System Version 5 4 7 1 x SWITCHING COMMANDS show platform port on page 439 show storm control on page 444 speed on page 445 storm control level on page 447...

Page 415: ...x mode The flow control applied by the flowcontrol switch port command operates only on full duplex links whereas back pressure operates only on half duplex links If a port has insufficient capacity t...

Page 416: ...5 4 7 1 x SWITCHING COMMANDS BACKPRESSURE Todisablebackpressureflowcontroloninterfaceport1 0 2enterthefollowing commands awplus configure terminal awplus config interface port1 0 2 awplus config if b...

Page 417: ...address table static command Note that an MSTP instance cannot be specified with the command clear mac address table static Examples This example shows how to clear all dynamically learned filtering...

Page 418: ...DDRESS TABLE DYNAMIC This example shows how to clear all dynamically learned filtering database entries whenlearnedthroughdeviceoperationforagivenMSTP instance1 on switchport interface port1 0 2 awplu...

Page 419: ...ll filtering database entries for a specific interface configured through the CLI awplus clear mac address table static interface port1 0 3 This example shows how to clear filtering database entries c...

Page 420: ...COUNTER clear port counter Overview Use this command to clear the packet counters of the port Syntax clear port counter port Mode Privileged Exec Example To clear the packet counter for port1 0 1 use...

Page 421: ...If a timeout is not specified then a default 5 minute timeout will be applied If a timeout of 0 is specified packet debug will be generated until the no variant of this command is used or another tim...

Page 422: ...ING COMMANDS DEBUG PLATFORM PACKET To enable VLAN packet debug for VLAN 2 with a timeout duration of 3 minutes enter awplus debug platform packet vlan 2 timeout 150 To disable receive packet debug ent...

Page 423: ...CP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the duplex mode of all the switch ports in the channel...

Page 424: ...C613 50186 01 Rev B Command Reference for AR2050V 424 AlliedWare Plus Operating System Version 5 4 7 1 x SWITCHING COMMANDS DUPLEX Related Commands backpressure polarity speed show interface...

Page 425: ...c it notifies the other port to stop sending until the condition clears When the local device detects congestion at its end it notifies the remote device by sending a pause frame On receiving a pause...

Page 426: ...rface port1 0 2 awplus config if flowcontrol receive on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send on awplus configure terminal awplus config interfa...

Page 427: ...shut down Use the no variant of this command to disable flapping detection at this rate Syntax linkflap action shutdown no linkflap action Default Linkflap action is disabled by default Mode Global Co...

Page 428: ...s table acquire Overview Use this command to enable MAC address learning on the device Use the no variant of this command to disable learning Syntax mac address table acquire no mac address table acqu...

Page 429: ...lt of 300 seconds 5 minutes Syntax mac address table ageing time ageing timer none no mac address table ageing time Default The default ageing time is 300 seconds Mode Global Configuration Examples Th...

Page 430: ...traffic within a single VLAN Do not apply the mac address table static command to Layer 3 switched traffic passing from one VLAN to another VLAN Frames will not be discarded across VLANs because pack...

Page 431: ...applies to copper 10BASE T 100BASE T and 1000BASE T switch ports it does not apply to fiber ports See the MDI MDIX Connection Modes section in the Switching Feature Overview and Configuration Guide fo...

Page 432: ...w debugging platform packet Overview This command shows platform to CPU level packet debugging information Syntax show debugging platform packet Mode User Exec and Privileged Exec Example To display t...

Page 433: ...wcontrol interface port Mode User Exec and Privileged Exec Example To display the flow control for the port1 0 5 use the command awplus show flowcontrol interface port1 0 5 Output Figure 13 1 Example...

Page 434: ...ich have been dynamically shut down by protocols running on the device and the protocols responsible for the shutdown Syntax show interface interface range err disabled Mode User Exec and Privileged E...

Page 435: ...leged Exec Example To display VLAN information about each switch port enter the command awplus show interface switchport Output Figure 13 2 Example output from the show interface switchport command Re...

Page 436: ...le output captured when packets were switched and mac addresses were learned Note the new mac addresses learned for port1 0 4 and port1 0 6 added as dynamic entries Note the first column of the output...

Page 437: ...r mac address table static mac address table static awplus config mac address table static 0000 1111 2222 for int port1 0 3 vlan 2 awplus config end awplus awplus show mac address table VLAN Port MAC...

Page 438: ...r changes in some of these settings to take effect the device must be rebooted with the new settings in the startup config Example To check the settings configured with platform commands on the device...

Page 439: ...s To display port registers for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 To display platform counters for port1 0 1 and port1 0 2 use the followi...

Page 440: ...007 0e 0000 0f 3000 10 0020 11 0000 12 0000 13 0000 14 0000 15 0000 16 0000 17 0000 18 7277 19 1000 1a 0000 1b ffff 1c 6cc7 1d 0000 1e 0000 1f 0000 Port configuration for lport 0x08000000 Phy Driver 5...

Page 441: ...ed and transmitted 4096 9216 Number of 4096 9216 octet packets received and transmitted General Counters Receive Counters for traffic received Octets Number of octets received Pkts Number of packets r...

Page 442: ...umber of oversize packets transmitted FrameWDeferrdTx Transmit Single Deferral Frame counter FrmWExcesDefer Transmit Multiple Deferral Frame counter SingleCollsnFrm Transmit Single Collision Frame cou...

Page 443: ...rating System Version 5 4 7 1 x SWITCHING COMMANDS SHOW PLATFORM PORT ifOutDiscards Outbound interface Discarded Packets counter MTUExcdDiscard Receive MTU Check Error Frame Counter Table 2 Parameters...

Page 444: ...Exec and Privileged Exec Example To display storm control information for port1 0 2 use the following command awplus show storm control port1 0 2 Output Figure 13 5 Example output from the show storm...

Page 445: ...s autonegotiate speed Usage Switch ports in a static or dynamic LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group...

Page 446: ...s and 1000Mbps enter the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if speed auto 100 1000 To set the port to auto negotiate its speed at 1000Mbps onl...

Page 447: ...Interface Configuration Usage Flooding techniques are used to block the forwarding of unnecessary flooded traffic A packet storm occurs when a large number of broadcast packets are received on a port...

Page 448: ...ference for AR2050V 448 AlliedWare Plus Operating System Version 5 4 7 1 x SWITCHING COMMANDS UNDEBUG PLATFORM PACKET undebug platform packet Overview This command applies the functionality of the no...

Page 449: ...ridging For more information see the Bridging Commands Feature Overview and Configuration Guide Command List ageing time on page 450 bridge on page 451 bridge group on page 452 clear mac filter on pag...

Page 450: ...Configuration Examples To change the ageing time on br2 to 60 seconds 1 minute use the following commands awplus configure terminal awplus config interface br2 awplus config if ageing time 60 To rese...

Page 451: ...bridge then the bridge cannot be removed For example if interface eth1 exists on bridge 2 then the no bridge 2 command will give you the following message failed to remove interface br2 there are stil...

Page 452: ...added to a bridge will lose their Layer 3 properties The bridge will act as the Layer 3 interface The bridge will provide Layer 2 connectivity between interfaces that are a part of the bridge You can...

Page 453: ...r bridge bridge id Default None Mode Privileged Exec Examples To clear the mac filter counters on bridge 1 use the following commands awplus clear mac filter counter bridge 1 Output Figure 14 1 Exampl...

Page 454: ...bridged traffic on a bridge interface Syntax l3 filtering enable no l3 filtering enable Default Traffic control is disabled by default for bridged traffic Mode Interface mode for a bridge interface Ex...

Page 455: ...ilter name Default None Mode Interface Configuration Usage You can only create one MAC filter at one time Examples To create a mac filter with the name of ATL router1 use the following commands awplus...

Page 456: ...ac filter with the name of ATL router1 on bridge interface br1 use the following commands awplus configure terminal awplus config interface br1 awplus config if mac filter group ATL router1 To remove...

Page 457: ...stance to ensure the traffic reaches its destination Usethe novariant of this command to disable or enable FDB MAC address learning on a bridge Syntax mac learning no mac learning Default Learning is...

Page 458: ...group called ATL router1 use the following commands awplus configure terminal awplus config mac filter ATL router1 awplus config macfilter rule PC1 permit dmac any smac 00c4 6d20 c0f4 proto any To res...

Page 459: ...ystem Version 5 4 7 1 x BRIDGING COMMANDS RULE MAC FILTER Output Figure 14 3 Example output from the rule command displaying information about all rules Related Commands clear mac filter mac filter ma...

Page 460: ...llowing command awplus show bridge br2 To display information about bridge in the range 1 to 3 use the following command awplus show bridge br1 3 To display information about bridges 1 and from 3 to 5...

Page 461: ...Version 5 4 7 1 x BRIDGING COMMANDS SHOW BRIDGE Figure 14 5 Example output from the show bridge command displaying information about bridge 2 Related Commands ageing time bridge bridge group show brid...

Page 462: ...and displaying information about bridge 2 Related Commands ageing time bridge bridge group show bridge Parameter Description bridge list The bridge interfaces to display the information about The brid...

Page 463: ...ter To display mac filter bridge counters for bridge 2 use the following commands awplus show mac filter bridge 2 Output Figure 14 7 Example output from the show mac filter bridge command displaying i...

Page 464: ...ference of commands used to configure VLANs For more information see the VLAN Feature Overview and Configuration Guide Command List show vlan on page 465 switchport access vlan on page 466 switchport...

Page 465: ...awplus show vlan 2 Output Figure 15 1 Example output from the show vlan command Related Commands vlan Parameter Description 1 4094 Display information about the VLAN specified by the VLAN ID all Displ...

Page 466: ...chports using the negated form of this command Mode Interface Configuration Usage Any untagged frame received on this port will be associated with the specified VLAN Examples To change the port based...

Page 467: ...ess ingress filter enable disable Default By default ports are in access mode with ingress filtering on Usage Use access mode to send untagged frames only Mode Interface Configuration Example awplus c...

Page 468: ...e default VLAN vlan1 and have ingress filtering on Mode Interface Configuration Usage Aportin trunkmodecan be a tagged member ofmultipleVLANs and anuntagged member of one native VLAN To configure whic...

Page 469: ...nd receive through the port add Add a VLAN to the list of VLANs that are allowed to transmit and receive through the port Only use this parameter if a list of VLANs is already configured on a port rem...

Page 470: ...onfiguration is currently switchport trunk allowed vlan all then you should remove VLAN3 5 by entering the except parameter instead of using the remove parameter This means using the following command...

Page 471: ...lus config interface port1 0 2 awplus config if switchport trunk allowed vlan add 2 The following shows adding a range of VLANs to the port s member set awplus configure terminal awplus config interfa...

Page 472: ...lowing commands show configuration of VLAN 2 as the native VLAN for port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk native vlan 2 The following...

Page 473: ...tu Default By default VLANs are enabled when they are created Mode VLAN Configuration Examples To enable vlan 45 use the commands awplus configure terminal awplus config vlan database awplus config vl...

Page 474: ...the VLAN Configuration mode Syntax vlan database Mode Global Configuration Usage Use this command to enter the VLAN configuration mode You can then add or delete a VLAN or modify its values Example I...

Page 475: ...MSTP on page 478 debug mstp RSTP and STP on page 479 instance priority MSTP on page 483 instance vlan MSTP on page 485 region MSTP on page 487 revision MSTP on page 488 show debugging mstp on page 48...

Page 476: ...g tree guard root on page 522 spanning tree hello time on page 523 spanning tree link type on page 524 spanning tree max age on page 525 spanning tree max hops MSTP on page 526 spanning tree mode on p...

Page 477: ...Use this command with the instance parameter in MSTP mode Specifying this command with the interface parameter only not the instance parameter will work in STP and RSTP mode Examples awplus clear spa...

Page 478: ...Use this command to clear the detected protocols for a specific port or all ports Use this command in RSTP or MSTP mode only Syntax clear spanning tree detected protocols interface port Mode Privilege...

Page 479: ...Use the debug mstp topology change interface command to generate debugging messageswhen the device receives an indicationof a topology change in a BPDU from another device The debugging can be activat...

Page 480: ...command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the likely volume of output these debug messages are best viewed using the te...

Page 481: ...int pathcost 0 17 23 42 awplus MSTP 1417 CIST bridge id 0000 0000cd1000fe 17 23 42 awplus MSTP 1417 CIST hops remaining 20 17 23 42 awplus MSTP 1417 MSTI flags Agree Forward Learn role Desig 17 23 42...

Page 482: ...gging mstp terminal monitor undebug mstp awplus terminal monitor awplus debug mstp packet rx decode interface port1 0 4 awplus 17 30 17 awplus MSTP 1417 port1 0 4 xSTP BPDU rx start 17 30 17 awplus MS...

Page 483: ...stance MSTP selects the device with the lowest MAC address to be the root bridge Give the device a higher priority for becoming the root bridge for a particular instance by assigning it a lower priori...

Page 484: ...R2050V 484 AlliedWare Plus Operating System Version 5 4 7 1 x SPANNING TREE COMMANDS INSTANCE PRIORITY MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree mst i...

Page 485: ...T Configuration Usage The VLANs must be created before being associated with an MST instance MSTI If the VLAN range is not specified the MSTI will not be created This command removes the specified VLA...

Page 486: ...d Reference for AR2050V 486 AlliedWare Plus Operating System Version 5 4 7 1 x SPANNING TREE COMMANDS INSTANCE VLAN MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanni...

Page 487: ...o the default Syntax region region name no region Default By default the region name is My Name Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI conf...

Page 488: ...evision number Default The default of revision number is 0 Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on a...

Page 489: ...on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mstp Mode User Exec and Privileged Exec mode Example...

Page 490: ...r has been included for RSTP and MSTP You can see the topology change counter for RSTP by using the show spanning tree command You can see the topology change counter for MSTP by using the show spanni...

Page 491: ...er 0 topo change timer 0 port1 0 1 forward transitions 0 port1 0 1 Version Rapid Spanning Tree Protocol Received None Send STP port1 0 1 No portfast configured Current portfast off port1 0 1 portfast...

Page 492: ...0 3 Designated Path Cost 0 port1 0 3 Configured Path Cost 200000 Add type Explicit ref count 1 port1 0 3 Designated Port Id 839f Priority 128 port1 0 3 Root 80000000cd20f093 port1 0 3 Designated Bridg...

Page 493: ...topology change counter for MSTP by using the show spanning tree mst instance command Example To display a summary of spanning tree status information use the command awplus show spanning tree brief...

Page 494: ...Configuration Example To display bridge level information about the CIST and VLAN to MSTI mappings enter the command awplus show spanning tree mst Output Figure 16 5 Example output from show spanning...

Page 495: ...e The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example To display MSTP conf...

Page 496: ...d 1 CIST Reg Root Id 80000000cd24ff2d 1 CIST Bridge Id 80000000cd24ff2d 1 portfast bpdu filter disabled 1 portfast bpdu guard disabled 1 portfast errdisable timeout disabled 1 portfast errdisable time...

Page 497: ...onal Root 80000000cd24ff2d port1 0 3 Designated Bridge 80000000cd24ff2d port1 0 3 Message Age 0 Max Age 20 port1 0 3 CIST Hello Time 2 Forward Delay 15 port1 0 3 CIST Forward Timer 0 Msg Age Timer 0 H...

Page 498: ...e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward De...

Page 499: ...oint Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 838a...

Page 500: ...c Privileged Exec and Interface Configuration Example To display detailed information for instance 2 and all switch ports associated with that instance use the command awplus show spanning tree mst in...

Page 501: ...mst instance 2 interface port1 0 2 Output Figure 16 10 Example output from show spanning tree mst instance Parameter Description instance id Specify an MSTP instance in the range 1 5 port The port to...

Page 502: ...stance and all interfaces associated with them for port1 0 4 use the command awplus show spanning tree mst interface port1 0 4 Output Figure 16 11 Example output from show spanning tree mst interface...

Page 503: ...e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward De...

Page 504: ...oint Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 838a...

Page 505: ...Exec Usage To display BPDU statistics for all spanning tree instances and all switch ports associated with all spanning tree instances use the command awplus show spanning tree statistics Output Figu...

Page 506: ...timer INACTIVE Hello Time Value 0 Forward Delay Timer INACTIVE Forward Delay Timer Value 0 Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer Va...

Page 507: ...nning tree statistics instance instance id Mode Privileged Exec Example To display BPDU statistics information for MST instance 2 and all switch ports associated with that MST instance use the command...

Page 508: ...mation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics instance instance id interface...

Page 509: ...or Instance 1 INST_PORT port1 0 2 Information Statistics Config Bpdu s xmitted port inst 0 0 Config Bpdu s received port inst 0 0 TCN Bpdu s xmitted port inst 0 0 TCN Bpdu s received port inst 0 0 Mes...

Page 510: ...ut each MST instance for port1 0 2 use the command awplus show spanning tree statistics interface port1 0 2 Output Figure 16 16 Example output from show spanning tree statistics interface Parameter De...

Page 511: ...Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer Value 0 Hold Timer INACTIVE Hold Timer Value 0 Other Port Specific Info Max Age Transitions 1...

Page 512: ...em including the VLAN range index value for the device Syntax show spanning tree vlan range index Mode Privileged Exec Example To display information about MST instances and the VLANs associated with...

Page 513: ...edge port If it does not receive any BPDUs in the first three seconds after linkup enabling or entering RSTP or MSTP mode it sets itself to be an edgeport and enters the forwarding state Use this com...

Page 514: ...e switched LAN running the AlliedWare Plus Operating System must have Cisco interoperability enabled When the AlliedWare Plus Operating System is interoperating with Cisco the only criteria used to cl...

Page 515: ...ut of some show commands Use the no variant of this command to set a port to its default state not an edge port Syntax spanning tree edgeport no spanning tree edgeport Default Not an edge port Mode In...

Page 516: ...e spanning tree mode is set to RSTP To change the mode see spanning tree mode command Examples To enable STP in Global Configuration mode enter the below commands awplus configure terminal awplus conf...

Page 517: ...re Plus Operating System Version 5 4 7 1 x SPANNING TREE COMMANDS SPANNING TREE ENABLE To disable RSTP in Global Configuration mode enter the below commands awplus configure terminal awplus config no...

Page 518: ...ee errdisable timeout enable no spanning tree errdisable timeout enable Default By default the errdisable timeout is disabled Mode Global Configuration Usage The BPDU guard feature shuts down the port...

Page 519: ...the BPDU guard feature Use this command for RSTP or MSTP Syntax spanning tree errdisable timeout interval 10 1000000 no spanning tree errdisable timeout interval Default By default the port is re enab...

Page 520: ...e Interface Configuration mode for a switch port interface only Examples Set the value to enforce the spanning tree protocol STP awplus configure terminal awplus config interface port1 0 2 awplus conf...

Page 521: ...to learning and from learning to forwarding This value is used only when the device is acting as the root bridge Devices not acting asthe RootBridgeuse adynamic valuefor the forwarddelayset by theroo...

Page 522: ...this command for RSTP STP or MSTP Use the no variant of this command to disable the root guard feature for the port Syntax spanning tree guard root no spanning tree guard root Mode Interface Configur...

Page 523: ...estore the default of the hello time Syntax spanning tree hello time hello time no spanning tree hello time Default Default is 2 seconds Mode Global Configuration and Interface Configuration for switc...

Page 524: ...iant of this command to return the port to the default link type Syntax spanning tree link type point to point shared no spanning tree link type Default The default link type is point to point Mode In...

Page 525: ...ult of spanning tree max age is 20 seconds Mode Global Configuration Usage Max age is the maximum time in seconds for which a message is considered valid Configure this value sufficiently high so that...

Page 526: ...spanning tree max hops hop count no spanning tree max hops hop count Default The default max hops in a MST region is 20 Mode Global Configuration Usage Specifying the max hops for a BPDU prevents the...

Page 527: ...ning tree protocol mode on the device is RSTP Mode Global Configuration Usage With no configuration the device will have spanning tree enabled and the spanning tree mode will be set to RSTP Use this c...

Page 528: ...guration Overview Use this command to enter the MST Configuration mode to configure the Multiple Spanning Tree Protocol Syntax spanning tree mst configuration Mode Global Configuration Examples Thefol...

Page 529: ...on mode for a switch port or channel group Usage You can disable automatic configuration of member ports of a VLAN to an associated MSTI by using a no spanning tree mst instance command to remove the...

Page 530: ...the IEEE 802 1q 2003 standard Mode Interface Configuration mode for a switch port interface only Usage Before you can use this command to set a path cost in a VLAN configuration you must explicitly a...

Page 531: ...rn the path cost to its default value on instance 3 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree mst instance 3 path cost Related Comm...

Page 532: ...I The port with the lowest value has the highest priority so it will be chosen as root port over a port that is equivalent in all other aspects but with a higher priority value Examples To set the pri...

Page 533: ...instance id restricted role Default The restricted role for an MSTI instance on a switch port is disabled by default Mode Interface Configuration mode for a switch port interface only Usage The root...

Page 534: ...ting System Version 5 4 7 1 x SPANNING TREE COMMANDS SPANNING TREE MST INSTANCE RESTRICTED ROLE Related Commands instance vlan MSTP spanning tree priority port priority spanning tree mst instance span...

Page 535: ...nstance id restricted tcn no spanning tree mst instance instance id restricted tcn Default Disabled By default switch ports propagate TCNs Mode Interface Configuration mode for a switch port interface...

Page 536: ...the port s path cost for the CIST Syntax spanning tree path cost pathcost no spanning tree path cost Default The default path cost values and the range of recommended path cost values depend on the po...

Page 537: ...spanning tree portfast no spanning tree portfast Default Not an edge port Mode Interface Configuration mode for a switch port interface only Usage Portfast makes a port move from a blocking state to a...

Page 538: ...x SPANNING TREE COMMANDS SPANNING TREE PORTFAST STP Example awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast Related Commands spanning tree edgeport...

Page 539: ...Default BPDU Filter is not enabled on any ports by default Mode Global Configuration and Interface Configuration Usage This command filters the BPDUs and passes only data to continue to act as an edg...

Page 540: ...ST BPDU FILTER To enable STP BPDU filtering in Interface Configuration mode enter the commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast bpdu...

Page 541: ...u guard default disable enable no spanning tree portfast bpdu guard Default BPDU Guard is not enabled on any ports by default Mode Global Configuration or Interface Configuration Usage This command bl...

Page 542: ...DU Guard feature It shows both the administratively configured and currently running values of bpdu guard Example To enable STP BPDU guard in Global Configuration mode enter the below commands awplus...

Page 543: ...STP mode is configured this will apply to the CIST Use the no variant of this command to reset it to the default Syntax spanning tree priority priority no spanning tree priority Default The default pr...

Page 544: ...the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 128 Mode Interface Configuration mode for a switch port interface only Usage To force a po...

Page 545: ...a switch port interface only to restrict the port from becoming a root port Use the no variant of this command to disable the restricted role functionality Syntax spanning tree restricted role no spa...

Page 546: ...e Protocol Data Units from being sent on a port If this command is enabled after a topology change a bridge is prevented from sending a TCN to its designated bridge Use the no variant of this command...

Page 547: ...rview Use this command to set the maximum number of BPDU transmissions that are held back Use the no variant of this command to restore the default transmit hold count value Syntax spanning tree trans...

Page 548: ...mmand Reference for AR2050V 548 AlliedWare Plus Operating System Version 5 4 7 1 x SPANNING TREE COMMANDS UNDEBUG MSTP undebug mstp Overview This command applies the functionality of the no debug mstp...

Page 549: ...orithm is designed to ensure that any given data flow always goes down the same link It also aims to spread data flows across the links as evenly as possible For example for a 2 Gbps LAG that is a com...

Page 550: ...REGATION COMMANDS show etherchannel on page 562 show etherchannel detail on page 563 show etherchannel summary on page 564 show lacp sys id on page 565 show lacp counter on page 566 show port ethercha...

Page 551: ...full duplex mode Once the LACP channel group has been created it is treated as a device port and can be referred to in most other commands that apply to device ports To refer to an LACP channel group...

Page 552: ...e port1 0 6 awplus config if channel group 2 mode active To remove device port1 0 6 from any created LACP channel groups use the command below awplus configure terminal awplus config interface port1 0...

Page 553: ...GATION COMMANDS CLEAR LACP COUNTERS clear lacp counters Overview Use this command to clear all counters of all present LACP aggregators channel groups or a given LACP aggregator Syntax clear lacp 1 32...

Page 554: ...acp all Related Commands show debugging lacp undebug lacp Parameter Description all Turn on all debugging for LACP cli Specifies debugging for CLI messages Echoes commands to the console event Specifi...

Page 555: ...lobal Configuration Usage Do not mix LACP configurations manual and dynamic When LACP global passive mode is turned on by using the lacp global passive mode enable command we do not recommend using a...

Page 556: ...regation based on their priority with the higher priority numerically lower ports selected first Use the no variant of this command to reset the priority of port to the default Syntax lacp port priori...

Page 557: ...g the system responsible for resolving conflicts in the choice of aggregation groups Use the no variant of this command to reset the system priority of the local system to the default Syntax lacp syst...

Page 558: ...on if no updates are seen for 3 seconds i e 3 consecutive updates are lost The device indicates its preference by means of the Timeout field in the Actor section of its LACPDUs If the Timeout field is...

Page 559: ...edWare Plus Operating System Version 5 4 7 1 x LINK AGGREGATION COMMANDS LACP TIMEOUT The following commands set the LACP short timeout for 1 second on port1 0 2 awplus configure terminal awplus confi...

Page 560: ...and output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging lacp Mode User Exec and Privileged Exec Example awplus show debugging lacp Output...

Page 561: ...e Syntax show diagnostic channel group Mode User Exec and Privileged Exec Example awplus show diagnostic channel group Output Figure 17 2 Example output from the show diagnostic channel group command...

Page 562: ...rivileged Exec Example awplus show etherchannel Output Figure 17 3 Example output from show etherchannel Example awplus show etherchannel 1 Output Figure 17 4 Example output from show etherchannel for...

Page 563: ...ec and Privileged Exec Example awplus show etherchannel detail Output Example output from show etherchannel detail awplus show etherchannel detail Aggregator po1 IfIndex 4601 Mac address 00 00 cd 37 0...

Page 564: ...e Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show etherchannel summary Mode User Exec and Privileged Ex...

Page 565: ...system ID and priority For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website a...

Page 566: ...tion on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show lac...

Page 567: ...herchannel Parameter Description port Name of the device port to display LACP information about awplus show port etherchannel port1 0 2 LACP link info port1 0 2 7007 Link port1 0 2 IfIndex 7007 Aggreg...

Page 568: ...ggregator For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesi...

Page 569: ...e removed the static channel group is deleted All the ports in a channel group must have the same VLAN configuration they must belong to the same VLANs and have the same tagging status and can only be...

Page 570: ...us Operating System Version 5 4 7 1 x LINK AGGREGATION COMMANDS STATIC CHANNEL GROUP To reference static channel group 2 as an interface use the commands awplus configure terminal awplus config interf...

Page 571: ...B Command Reference for AR2050V 571 AlliedWare Plus Operating System Version 5 4 7 1 x LINK AGGREGATION COMMANDS UNDEBUG LACP undebug lacp Overview This command applies the functionality of the no de...

Page 572: ...n 5 4 7 1 x 802 1Q Encapsulation Commands Introduction This chapter provides an alphabetical reference of commands used to configure 802 1Q Encapsulation For more information see the AAA and Port Auth...

Page 573: ...Then you can use the VID to configure the subinterface associated with the Ethernet interface or tunnel interface Subinterfaces are logical interfaces The subinterface index must be the same as the V...

Page 574: ...use the commands awplus configure terminal awuplus config interface eth2 awplus config if encapsulation dot1q 1 awplus config if encapsulation dot1q 2 awplus config if encapsulation dot1q 3 To disabl...

Page 575: ...ommand List debug ppp on page 577 encapsulation ppp on page 580 interface PPP on page 582 ip address negotiated on page 583 ip tcp adjust mss on page 585 ip unnumbered on page 587 ipv6 tcp adjust mss...

Page 576: ...eference for AR2050V 576 AlliedWare Plus Operating System Version 5 4 7 1 x PPP COMMANDS ppp timeout idle on page 611 ppp username on page 612 show debugging ppp on page 613 show interface PPP on page...

Page 577: ...wed in log output filtered in permanent or buffered logs and viewed on the terminal using the terminal monitor command See the status of PPP debugging with the show debugging ppp command Note that deb...

Page 578: ...92 168 1 1 05 35 46 awplus pppd 24767 ppp0 05 35 46 919 rcvd IPCP ConfNak id 0x1 addr 192 168 1 2 ms dns1 1 1 1 1 ms dns2 2 2 2 2 05 35 46 awplus pppd 24767 ppp0 05 35 46 920 sent IPCP ConfReq id 0x2...

Page 579: ...es use the below command awplus no debug ppp Related Commands terminal monitor encapsulation ppp no debug all ppp authentication show debugging ppp show interface PPP undebug all awplus terminal monit...

Page 580: ...face eth1 1 or a cellular interface e g interface cellular0 L2TP Tunnel Configuration mode for an L2TP tunnel e g l2tp tunnel tunnel0 Examples To configure a PPP interface with index 0 for Ethernet in...

Page 581: ...7 1 x PPP COMMANDS ENCAPSULATION PPP To remove the PPP interface with index 1 from L2TP tunnel tunnel1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2tp t...

Page 582: ...ation Example The following example shows how to enter Interface mode to configure a PPP interface awplus configure terminal awplus config interface ppp0 awplus config if Related Commands ip address I...

Page 583: ...this IP address When the peer does not send an IP address via IPCP negotiation the specified default IP address will be used Examples To configure the PPP interface ppp0 to use IPCP to negotiate an IP...

Page 584: ...negotiation is configured on PPP interface ppp0 use the following command awplus show running config interface ppp0 Figure 19 3 Example output from a show running config interface ppp0 to verify IPCP...

Page 585: ...host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmissio...

Page 586: ...7 1 x PPP COMMANDS IP TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no ip t...

Page 587: ...nterface types from which the IP address can be borrowed from are VLAN ethernet loopback and bridge Examples To borrow an IP address on unnumbered PPP from the vlan2 interface use the following comman...

Page 588: ...dex 16778240 metric 1 mtu 1492 UP POINT TO POINT RUNNING NOARP MULTICAST PPP is running over interface eth2 LCP Opened IPCP Opened MRU bytes Local config 1492 Local negotiated 1492 Peer negotiated 149...

Page 589: ...host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmission...

Page 590: ...7 1 x PPP COMMANDS IPV6 TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no ip...

Page 591: ...hen the default attempt limit is configured to 3 attempts Mode Interface Configuration for a PPP interface Example To enable the device to send LCP Echo keepalive messages on the PPP interface ppp0wit...

Page 592: ...rsion 5 4 7 1 x PPP COMMANDS KEEPALIVE PPP To disable the device from sending LCP Echo keepalive messages on the PPP interface ppp0 enter the below commands awplus configure terminal awplus config int...

Page 593: ...t fragment bit set then the switch will send an ICMP destination unreachable 3 packet type and a fragmentation needed and DF set 4 code back to the source See the ip tcp adjust mss command to set the...

Page 594: ...s To configure the PPP interface ppp0 to assign the IP address of 192 168 0 1 to its peer upon request use the below commands awplus configure terminal awplus config interface ppp0 awplus config if pe...

Page 595: ...P address 192 168 0 1 is configured on PPP interface ppp0 use the following command awplus show running config interface ppp0 Output Related Commands ip address negotiated show running config interfac...

Page 596: ...e show ip route command to validate the route behavior after issuing this command Mode Interface Configuration for a PPP interface Examples To re enable the default behavior for the PPP interface ppp1...

Page 597: ...y connected ppp1 C 4 1 1 2 32 is directly connected ppp1 C 192 168 10 0 24 is directly connected vlan1 awplus configure terminal Enter configuration commands one per line End with CNTL Z awplus config...

Page 598: ...defined or configured to a PPP interface by default Mode Interface Configuration for a PPP interface Examples To enable PPP PAP authentication on the PPP interface ppp0 enter the commands awplus confi...

Page 599: ...us config if ppp authentication eap chap To attempt PPP CHAP authentication then fall back to PPP PAP authentication if the attempt to enable PPP CHAP authentication fails on the PPP interface ppp0 en...

Page 600: ...ticate using EAP CHAP or PAP are refused Examples To refuse the use of PAP authentication if a peer requests PAP authentication enter the commands awplus configure terminal awplus config interface ppp...

Page 601: ...ts EAP authentication enter the commands awplus configure terminal awplus config interface ppp0 awplus config if ppp authentication refuse eap To allow the use of EAP CHAP or PAP authentication if a p...

Page 602: ...another hostname instead of the system hostname configured from the hostname command using this command Syntax ppp hostname hostname no ppp hostname hostname Default The default PPP hostname is the s...

Page 603: ...rsion 5 4 7 1 x PPP COMMANDS PPP HOSTNAME To disable the use of the alternate hostname remote_router for PPP authentication enter the commands awplus configure terminal awplus config interface ppp0 aw...

Page 604: ...CP DNS options for accepting rejecting or requesting DNS addresses from the peer Use the optional primary and secondary or primary only DNS server address placeholders to specify DNS server addresses...

Page 605: ...terminal awplus config interface ppp0 awplus config if ppp ipcp dns reject To configure the PPP interface ppp0 to supply primary and secondary DNS server addresses to the peer enter the below command...

Page 606: ...d as a suffix list to the PPP connection So when the PPP connection is completed with the head office users at the branch office that browse to intranet example lc will have the DNS request forwarded...

Page 607: ...613 50186 01 Rev B Command Reference for AR2050V 607 AlliedWare Plus Operating System Version 5 4 7 1 x PPP COMMANDS PPP IPCP DNS SUFFIX LIST Related Commands ip dns forwarding domain list ppp ipcp dn...

Page 608: ...y address negotiated with the peer via IPCP on a given PPP interface Syntax ppp ipcp ip override no ppp ipcp ip override Default By default the address is negotiated with the peer via IPCP Mode Interf...

Page 609: ...interface by default Mode Interface Configuration for a PPP interface Examples To enable the use of the PPP secret password bobs_secret for PPP authentication enter the commands awplus configure term...

Page 610: ...ion to the default service specified by the access concentrator Mode Interface Configuration for a PPP interface Usage You can only apply a single service name to each PPPoE interface Examples To conn...

Page 611: ...ct a PPP connection after a specified time The timer is reset upon either ingress or regress user traffic Non user traffic such as Link Control Protocol LCP keepalives and Network Control Protocol NCP...

Page 612: ...me bob for the PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if ppp username bob To remove the PPP username bob for the PPP interface ppp0 us...

Page 613: ...hrough ppp2 awplus show debugging ppp interface ppp0 ppp2 The following example shows how to display PPP debug information for PPP interface ppp0 and ppp2 awplus show debugging ppp interface ppp0 ppp2...

Page 614: ...ions including those for DNS addresses are shown in console output Local DNS addresses as displayed in console output are provided from the peer Peer DNS addresses as displayed in console output are p...

Page 615: ...ink is UP administrative state is UP Hardware is PPP IPv4 address 10 1 0 2 32 IPv6 address fe80 200 cdff fe28 8a1 10 index 16778440 metric 1 UP POINTOPOINT RUNNING NOARP MULTICAST VRF Binding Not boun...

Page 616: ...INT RUNNING NOARP MULTICAST VRF Binding Not bound PPP is running over interface tunnel1 LCP Opened IPCP Opened IPV6CP Opened MRU bytes Local config 1460 Local negotiated 1460 Peer negotiated 1460 Magi...

Page 617: ...28 89f 10 index 16778241 metric 1 mtu 1460 UP POINTOPOINT RUNNING NOARP MULTICAST VRF Binding Not bound PPP is running over interface tunnel1 LCP Opened IPCP Opened IPV6CP Opened MRU bytes Local confi...

Page 618: ...ted form of the debug ppp command Examples To disable PPP debugging for all PPP interfaces enter the below command awplus undebug ppp To disable PPP debugging for PPP interfaces ppp0 enter the below c...

Page 619: ...de Command List clear pppoe ac statistics on page 620 debug pppoe ac on page 621 destination l2tp on page 622 l2tp peer address dns lookup on page 623 l2tp peer address radius lookup group on page 625...

Page 620: ...zero all the PPPoE Access Concentrator statistics counters and restart the counters incrementing from zero To see the affected counter values use the command show pppoe ac statistics Syntax clear ppp...

Page 621: ...the no variant of this command to disable debugging of the PPPoE Access Concentrator Syntax debug pppoe ac no debug pppoe ac Default PPPoE Access Concentrator debugging is disabled by default Mode Pr...

Page 622: ...PPoE Access Concentrator Configuration Example To sets the destination to forward all PPPoE packets for the service ISP service to the peer over L2TP use the commands awplus configure terminal awplus...

Page 623: ...lookup for the PPPoE AC service ISP service use the commands awplus configure terminal awplus config pppoe ac ISP service awplus config pppoe ac l2tp peer address dns lookup To set the LNS address to...

Page 624: ...50186 01 Rev B Command Reference for AR2050V 624 AlliedWare Plus Operating System Version 5 4 7 1 x PPP OVER ETHERNET PPPOE COMMANDS L2TP PEER ADDRESS DNS LOOKUP service name show running config pppo...

Page 625: ...Mode PPPoE Access Concentrator Configuration Example To findpeer address via RADIUS lookup from Radius server group called GROUP1 use the commands awplus configure terminal awplus config pppoe ac ISP...

Page 626: ...the LNS located at IP address 192 168 11 2 use the commands awplus configure terminal awplus config pppoe ac ISP service awplus cinfig pppoe ac l2tp peer address static 192 168 11 2 To configure L2TP...

Page 627: ...B Command Reference for AR2050V 627 AlliedWare Plus Operating System Version 5 4 7 1 x PPP OVER ETHERNET PPPOE COMMANDS L2TP PEER ADDRESS STATIC l2tp profile ppp auth protocol service name show runnin...

Page 628: ...le name used in this command is created by the l2tp profile command Example To allow AC service ISP service to use the L2TP profile called PUBLIC use the commands awplus configure terminal awplus conf...

Page 629: ...C613 50186 01 Rev B Command Reference for AR2050V 629 AlliedWare Plus Operating System Version 5 4 7 1 x PPP OVER ETHERNET PPPOE COMMANDS L2TP PROFILE show running config pppoe ac...

Page 630: ...ervice ISP service to use PAP use the commands awplus configure terminal awplus config pppoe ac ISP service awplus config pppoe ac ppp auth protocol pap To set PPP authentication to use the default CH...

Page 631: ...ult No PPPoE AC services are configured by default Mode Global Configuration Example To configure a PPPoE AC called ISP service use the commands awplus configure terminal awplus config pppoe ac ISP se...

Page 632: ...no pppoe ac service label Default No PPPoE AC service is attached to an interface by default Mode Interface Configuration Usage The label of the PPPoE AC service specified in this command is created...

Page 633: ...auth no proxy auth Default Proxy authentication is enabled by default Mode PPPoE Access Concentrator Configuration Example To enable proxy authentication for the PPPoE AC service ISP service use the c...

Page 634: ...e commands awplus configure terminal awplus config pppoe ac ISP service awplus config pppoe ac service name any To offer a private unadvertised PPPoE service internet and an advertised PPPoE service r...

Page 635: ...e office so they are no longer offered to a client use the commands awplus configure terminal awplus config pppoe ac ISP service awplus config pppoe ac no service name internet awplus config pppoe ac...

Page 636: ...o display the status of the PPPoE AC debugging Syntax show debugging pppoe ac Mode Privileged Exec Usage Enable PPPoE AC debugging with the debug pppoe ac command Example To display the status of PPPo...

Page 637: ...use the command awplus show pppoe ac ac1 config check Output Figure 20 2 Example output from show pppoe ac config check Parameter Description label The label for the PPPoE AC service awplus sh pppoe a...

Page 638: ...PPOE AC CONFIG CHECK Related Commands pppoe ac show running config pppoe ac Complete configuration There is sufficient configuration of this PPPoE AC service to be valid Required Parameters that still...

Page 639: ...out connected routes for the PPPoE AC service pppoeservice only use the command awplus show pppoe ac pppoeservice connections Output Figure 20 3 Example output from show pppoe ac connections Parameter...

Page 640: ...on Information about the source of the PPPoE route Interface The incoming interface name Session ID The PPPoE session ID Service Name The service name that this PPPoE AC is offering This is the servic...

Page 641: ...from show pppoe ac statistics awplus sh pppoe ac statistics PPPoE Access Concentrator Statistics Name Value lnsLookupSuccessfulRequests 0 lnsLookupFailedRequests 0 lnsLookupDnsFailures 0 lnsLookupRadi...

Page 642: ...mber of L2TP sessions closed l2tpDnsFailures The number of L2TP DNS lookup failures pppoePadiReceived The number of PADI packets received pppoeInvalidPadi The number of invalid PADI packets received p...

Page 643: ...ds clear pppoe ac statistics pppoe ac routesDestCloseFail The number of destination close failures routesSourceCloseFail The number of source close failures routesClosedByDest The number of routes clo...

Page 644: ...nning configuration for the PPPoE AC use the command awplus running config pppoe ac Output Figure 20 5 Example output from show running config pppoe ac Related Commands destination l2tp l2tp peer addr...

Page 645: ...C613 50186 01 Rev B Command Reference for AR2050V 645 AlliedWare Plus Operating System Version 5 4 7 1 x Part 3 Routing...

Page 646: ...Command List arp aging timeout on page 648 arp IP address MAC on page 649 arp log on page 651 arp opportunistic nd on page 654 arp reply bc dmac on page 656 clear arp cache on page 657 debug ip packe...

Page 647: ...78 local proxy arp on page 680 optimistic nd on page 681 ping on page 682 show arp on page 684 show debugging ip packet on page 687 show ip forwarding on page 689 show ip interface on page 690 show ip...

Page 648: ...not fill with entries for hosts that are no longer active Static ARP entries are not aged or automatically deleted By default the time limit for dynamic ARP entries is 300 seconds on all interfaces T...

Page 649: ...ress port number alias no arp ip addr Syntax VRF lite arp vrf vrf name ip addr mac address port number alias no arp vrf vrf name ip addr Mode Global Configuration Examples To add the IP address 10 10...

Page 650: ...L COMMANDS ARP IP ADDRESS MAC Example VRF lite To apply the above example within a VRF instance called red use the following commands awplus configure terminal awplus config arp vrf red 10 10 10 9 001...

Page 651: ...the option to change how the MAC address is displayed in the ARP log message The output can either use the notation HHHH HHHH HHHH or HH HH HH HH HH HH Enter arp log to use HHHH HHHH HHHH notation Ent...

Page 652: ...us configure terminal awplus config arp log awplus config exit awplus show log include ARP_LOG 2016 Oct 6 06 21 01 user notice awplus HSL 1007 ARP_LOG port1 0 1 vlan1 add 0013 4078 3b98 192 168 2 4 20...

Page 653: ...og include ARP_LOG Parameter Description ARP_LOG Indicates that ARP log entry information follows port number Indicates device port number for the ARP log entry vid Indicates the VLAN ID for the ARP l...

Page 654: ...is enabled the device will reply to any received unsolicited ARP packets but not gratuitous ARP packets The source MAC address for the unsolicited ARP packet is added to the ARP cache so the device fo...

Page 655: ...eighbor discovery for the VRF instance blue enter awplus configure terminal awplus config arp opportunistic nd vrf blue To disable opportunistic neighbor discovery for the VRF instance blue enter awpl...

Page 656: ...contain a broadcast destination MAC Use the no variant of this command to turn off processing of ARP replies that arrive with a broadcast destination MAC Syntax arp reply bc dmac no arp reply bc dmac...

Page 657: ...l ip address Mode Privileged Exec Usage To display the entries in the ARP cache use the show arp command To remove static ARP entries use the no variant of the arp IP address MAC command Example To cl...

Page 658: ...perating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS CLEAR ARP CACHE When running VRF lite to clear the dynamic ARP entries from the global VRF lite and all VRF instances use the comm...

Page 659: ...ce to show debugging for either all interfaces or a single interface all Specify all Layer 3 interfaces on the device ip address Specify an IPv4 address If this keyword is specified then only packets...

Page 660: ...the command awplus debug ip packet interface all To turn on TCP packet debugging on vlan1 and IP address 192 168 2 4 use the command awplus debug ip packet interface vlan1 address 192 168 2 4 tcp To...

Page 661: ...must configure a primary address on the interface before configuring a secondary address NOTE Use show running config interface not show ip interface brief when you need to view a secondary address co...

Page 662: ...cal loopback interface lo use the following commands awplus configure terminal awplus config interface lo awplus config if ip address 10 10 11 50 24 To add the IP address 10 10 11 50 24 to the PPP int...

Page 663: ...ace if received on another subnet An IP directed broadcast is an IP packet whose destination address is a broadcast address for some IP subnet but originates from a node that is not itself part of tha...

Page 664: ...G AND PROTOCOL COMMANDS IP DIRECTED BROADCAST To disable the flooding of broadcast packets via PPP interface ppp0 use the following commands awplus configure terminal awplus config interface ppp0 awpl...

Page 665: ...ard protocol udp port Default The ip forward protocol udp command is not enabled by default Mode Global Configuration Usage Combined with the ip helper address command in interface mode the ip forward...

Page 666: ...ommand Reference for AR2050V 666 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS IP FORWARD PROTOCOL UDP Related Commands ip helper address ip directed broadcast...

Page 667: ...ault The default Gratuitous ARP time limit for all switchports is 8 seconds Mode Global Configuration Usage Every switchport will send a sequence of 3 Gratuitous ARP packets to each VLAN that the swit...

Page 668: ...System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS IP GRATUITOUS ARP LINK To restrict the sending of Gratuitous ARP packets to one every 20 seconds use the commands awplus configure terminal...

Page 669: ...res the destination address es The destination address can be a unicast address or a subnet broadcast address The UDP destination port is configured separately with the ip forward protocol udp command...

Page 670: ...PER ADDRESS The following example removes IPv4 address 192 168 1 100 as an IP Helper destination address to which to forward UDP broadcasts received on ppp0 awplus configure terminal awplus config int...

Page 671: ...s disabled by default Mode Interface Configuration Usage Limited local proxy ARP supports Static NAT configurations in which the NAT configuration s public address is different to the ethernet interfa...

Page 672: ...the HTTP server with address 172 22 0 3 zone public network eth1 ip subnet 0 0 0 0 0 interface eth1 host http_server ip address 172 22 0 3 Create a NAT rule to map from the public to the private zone...

Page 673: ...oes not generate or forward any ICMP Redirect messages on that interface This command does not enable proxy ARP on the interface see the ip proxy arp command for more information on enabling proxy ARP...

Page 674: ...e that the ARP request arrived from It ignores all other ARP requests See the ip local proxy arp command about enabling your device to respond to other ARP messages The no variant of this command disa...

Page 675: ...bal Configuration Usage ICMP redirect messages are used to notify hosts that a better route is available to a destination ICMP redirects are used when a packet is routed into the device on the same in...

Page 676: ...of 5 retries Syntax ip tcp synack retries 0 255 no ip tcp synack retries Default 5 retries Mode Global Configuration Usage The following table shows the approximate correlation between the number of...

Page 677: ...me situations it may be beneficial to time out unused established TCP sessions earlier For example in a busy environment where there is an excessive number of sessions being established the firewall c...

Page 678: ...these messages to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ip unreachables command secures your network against this type of probi...

Page 679: ...estination unreachable messages use the commands awplus configure terminal awplus config no ip unreachables To enable destination unreachable messages use the commands awplus configure terminal awplus...

Page 680: ...RP Syntax local proxy arp ip add mask no local proxy arp ip add mask Default No subnets are specified for use with limited local proxy ARP Mode Global Configuration Example To specify limited local pr...

Page 681: ...ale neighbors are deleted from the hardware L3 switching table The optimistic neighbor discovery feature enables the device to sustain L3 traffic switching to a neighbor without interruption Without t...

Page 682: ...s df bit Enable or disable the do not fragment bit in the IP header interval 0 128 Specify the time interval in seconds between sending ping packets The default is 1 You can use decimal places to spec...

Page 683: ...mple VRF lite To ping the IP address 10 10 0 5 from VRF instance red use the following command awplus ping vrf red 10 10 0 5 NOTE Unless across domainstatic orleakedrouteexiststothedestinationIPaddres...

Page 684: ...onal parameters will display all entries in the ARP routing and forwarding table With VRF lite configured and no additional parameters entered the command output displays all entries listed by their V...

Page 685: ...2a42 vlan2 port1 0 6 static awplus show arp global IP Address MAC Address Interface Port Type 192 168 10 2 0015 77ad fad8 vlan1 port1 0 1 dynamic 192 168 20 2 0015 77ad fa48 vlan2 port1 0 2 dynamic 1...

Page 686: ...eference for AR2050V 686 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW ARP Related Commands arp IP address MAC clear arp cache Command changes Version 5 4...

Page 687: ...theIP interface debugging statuswhen theterminal monitoroff use the command awplus terminal no monitor awplus show debug ip packet Output Figure 21 6 Example output from the show debugging ip packet...

Page 688: ...Rev B Command Reference for AR2050V 688 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW DEBUGGING IP PACKET Related Commands debug ip packet interface term...

Page 689: ...command to display the IP forwarding status For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip...

Page 690: ...port1 0 2 use the command awplus show ip interface port1 0 2 brief To show the IP addresses assigned to vlan2 and vlan3 use the command awplus show ip interface vlan2 3 brief To show the IP addresses...

Page 691: ...n Guide Syntax show ip interface vrf vrf name global Mode User Exec and Privileged Exec Examples To display all interfaces and IP addresses associated with a VRF instance red use the command awplus sh...

Page 692: ...nterface with VRF lite configured Command changes Version 5 4 6 2 1 VRF lite support added Interface IP Address Status Protocol eth0 unassigned admin up down lo unassigned admin up running vlan1 192 1...

Page 693: ...o verify that the socket being used is opening correctly If there is a local and remote endpoint a connection is established with the ports indicated Note that this command does not display sockets th...

Page 694: ...column are tcp IP Protocol 6 udp IP Protocol 17 raw Indicates that socket is for a non port orientated protocol i e a protocol other than TCP or UDP where all packets of a specified IP protocol type...

Page 695: ...ket any source port will be accepted This is indicated by For active TCP sessions the IP address will display the remote address and port the session was established with For raw sockets the entry in...

Page 696: ...Privileged Exec Example To display IP traffic statistics use the command awplus show ip traffic Output Figure 21 13 Example output from the show ip traffic command IP 261998 packets received 261998 de...

Page 697: ...97 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW IP TRAFFIC 155 delayed acks sent 21187 headers predicted 736 pure ACKs 80497 pure ACKs predicted UDP 1394...

Page 698: ...s tcpdump ip Example VRF lite To start a tcpdump on interface vlan2 associated with a VRF instance red enter the command awplus tcpdump vrf red vlan2 Output Figure 21 14 Example output from the tcpdum...

Page 699: ...me Syntax VRF lite traceroute vrf vrf name ip addr hostname Mode User Exec and Privileged Exec Example awplus traceroute 10 10 0 5 Example VRF lite awplus traceroute vrf red 192 168 0 1 Command change...

Page 700: ...2050V 700 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS UNDEBUG IP PACKET INTERFACE undebug ip packet interface Overview This command applies the functionality...

Page 701: ...DDNS for AR Series Firewalls see the Domain Name System DNS for AlliedWare Plus AR Series Firewalls Feature Overview and Configuration Guide Command List clear ip dns forwarding cache on page 703 ddns...

Page 702: ...page 726 ppp ipcp dns on page 727 ppp ipcp dns suffix list on page 729 retry interval DDNS on page 731 show ddns update method status on page 732 show debugging ip dns forwarding on page 733 show host...

Page 703: ...forwarding cache Mode Privileged Exec Examples To clear all cached data use the command awplus clear ip dns forwarding cache Example VRF lite To clear the cached data for VRF instance red use the comm...

Page 704: ...variant of this command to disable DDNS updates Syntax ddns enable no ddns enable Default Disabled Mode Global Configuration Example To globally enable DDNS updates use the commands awplus configure t...

Page 705: ...d name Default None Mode Global Configuration Example To create a method named dyndns use the commands awplus configure terminal awplus config ddns update method dyndns awplus config ddns update metho...

Page 706: ...ivileged Exec Usage When no method name is entered all DDNS update methods are updated If a method name is specified then only that method will update Example To manually update all DDNS update method...

Page 707: ...NS process Use the no variant of this command to disable debugging for the DDNS process Syntax debug ddns no debug ddns Default Disabled Mode Privileged Exec Example To enable debugging for the DDNS p...

Page 708: ...Use the no variant of this command to disable DNS Relay debugging Syntax debug ip dns forwarding no debug ip dns forwarding Default DNS Relay debugging is disabled by default Mode Privileged Exec Exam...

Page 709: ...helpful to write a short description of what the list is to be used for Examples To add a description to a domain list use the commands awplus configure terminal awplus config ip dns forwarding domai...

Page 710: ...omain list Examples To add the domain acme solutions com to a domain list use the commands awplus configure terminal awplus config ip dns forwarding domain list acme corporation awplus config domain l...

Page 711: ...DNS Update Method Configuration Example To add the host name test dyndns org for the DDNS update method dyndns use the commands awplus configure terminal awplus config ddns update method dyndns awplus...

Page 712: ...on Usage A DDNS update method cannot be attached to multiple interfaces however multiple DDNS update methods can be assigned to the same interface Example To enable IPv4 DDNS updates for a DDNS update...

Page 713: ...enabled by default but if it has been disabled you can re enable it by using the command ip domain lookup See the ip dns forwarding dead time command used with this command NOTE When running VRF lite...

Page 714: ...d when the time out period of the DNS reply from the DNS server is bigger than the time out period configured on the device Syntax ip dns forwarding cache size 0 1000 timeout 60 3600 no ip dns forward...

Page 715: ...ip dns forwarding dead time 60 43200 no ip dns forwarding retry Default The default time to stop sending DNS requests to an unresponsive server is 3600 seconds Mode Global Configuration Usage See the...

Page 716: ...ike a prefix list For example the domain list can be used as a suffix list on an DNS name server The DNS server can be either statically configured or learned over a PPP connection Note that this comm...

Page 717: ...ding retry Default The default number of retries is 2 DNS requests to an unresponsive server Mode Global Configuration Usage See the ip dns forwarding dead time command used with this command Examples...

Page 718: ...rwarding source interface interface name no ip dns forwarding source interface Default The default is that no interface is set and the device selects the appropriate source IP address automatically Mo...

Page 719: ...it for a DNS response to the default of 3 seconds Syntax ip dns forwarding timeout 0 3600 no ip dns forwarding timeout Default The default timeout value is 3 seconds Mode Global Configuration Examples...

Page 720: ...eletes a domain from the list Syntax ip domain list domain name no ip domain list domain name Mode Global Configuration Usage If there are no domains in the DNS list then your device uses the domain s...

Page 721: ...pt to resolve domain names You must use IP addresses to specify hosts in commands Syntax ip domain lookup no ip domain lookup Mode Global Configuration Usage The client is enabled by default However i...

Page 722: ...Mode Global Configuration Usage If there are no domains in the DNS list created using the ip domain list command then your device uses the domain specified with this command If any domain exists in t...

Page 723: ...erver ip addr suffix list Syntax VRF lite ip name server vrf name ip addr no ip name server vrf name ip addr Mode Global Configuration Usage To allow the device to operate as a DNS proxy your device m...

Page 724: ...nternal corporate name server use the commands awplus configure terminal awplus config ip dns forwarding domain list corporatedomains awplus config domain list description Our internal network domains...

Page 725: ...A DDNS update method cannot be attached to multiple interfaces however multiple DDNS update methods can be assigned to the same interface Example To enable IPv6 DDNS updates for a DDNS update method...

Page 726: ...Method Configuration Example To configure the password test for the method dyndns use the following commands awplus configure terminal awplus config ddns update method dyndns awplus config ddns updat...

Page 727: ...ure PPP IPCP DNS options for accepting rejecting or requesting DNS addresses from the peer Use the optional primary and secondary or primary only DNS server address placeholders to specify DNS server...

Page 728: ...configure terminal awplus config interface ppp0 awplus config if ppp ipcp dns reject To configure the PPP interface ppp0 to supply primary and secondary DNS server addresses to the peer enter the bel...

Page 729: ...associated as a suffix list to the PPP connection So when the PPP connection is completed with the head office users at the branch office that browse to intranet example lc will have the DNS request...

Page 730: ...01 Rev B Command Reference for AR2050V 730 AlliedWare Plus Operating System Version 5 4 7 1 x DOMAIN NAME SERVICE DNS COMMANDS PPP IPCP DNS SUFFIX LIST Related Commands ip dns forwarding domain list p...

Page 731: ...ult Disabled Mode DDNS Update Method Configuration Usage If an update is triggered by another source such as an IP address change or a manual update then the retry counter will start again from the be...

Page 732: ...your device use the command awplus show ddns update method status Output Figure 22 1 Example output from show ddns update method status Related Commands ddns update method Command changes Version 5 4...

Page 733: ...mmand For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ip dns forwarding Mode User Exe...

Page 734: ...output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show hosts Mode User Exec and Privileged Exec Example To display the default domain use the command...

Page 735: ...y the DNS Relay status Syntax show ip dns forwarding Mode User Exec and Privileged Exec Examples To display the DNS Relay status use the command awplus show ip dns forwarding Output Figure 22 4 Exampl...

Page 736: ...p dns forwarding cache Output Figure 22 5 Example output from the show ip dns forwarding cache command Example VRF lite To display the DNS Relay name resolver cache with output for VRF instance RED us...

Page 737: ...ED Related Commands ip dns forwarding cache ip name server Command changes Version 5 4 6 2 1 VRF lite support added awplus show ip dns vrf RED forwarding cache Host Address Expires Flags www example c...

Page 738: ...rom the show ip dns forwarding server command Example VRF lite To display the status of DNS Relay name servers for VRF lite instance red use the command awplus show ip dns vrf red forwarding server Ou...

Page 739: ...2050V 739 AlliedWare Plus Operating System Version 5 4 7 1 x DOMAIN NAME SERVICE DNS COMMANDS SHOW IP DNS FORWARDING SERVER Related Commands ip dns forwarding ip dns forwarding dead time Command chang...

Page 740: ...hen sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip do...

Page 741: ...mplete hostnames when sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide...

Page 742: ...will send DNS requests to for either the global VRF instance or a selected VRF instance For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Over...

Page 743: ...tput from the show ip name server command for the VRF instance red Related Commands ip domain lookup ip name server Command changes Version 5 4 6 2 1 VRF lite support added awplus show ip name server...

Page 744: ...Configuration Usage This command is used in conjunction with the use ipv4 for ipv6 updates command IPv4 DDNS updates are suppressed so that only IPv6 updates are sent NOTE The IPv4 DNS entry may be up...

Page 745: ...DS UNDEBUG DDNS undebug DDNS Overview Use this command to disable debugging for the DDNS process Syntax undebug ddns Default Disabled Mode Privileged Exec Example To disable debugging for the DDNS pro...

Page 746: ...dns use the commands awplus configure terminal awplus config ddns update method dyndns awplus config ddns update method update interval 1440 To enable periodic DDNS updates every 28 days for the metho...

Page 747: ...pdate URL using the following placeholder tokens for the user name enter USERNAME for the password enter PASSWORD for the host name enter HOST NAME for the IP address enter IPADDRESS For example for D...

Page 748: ...c update SYSTEM dyndns hostname HOST NAME myip IPADDRESS To use members dyndns org v3 update as the update URL for the provider DynDNS with the method called dyndns that uses HTTP use the following co...

Page 749: ...SERVICE DNS COMMANDS UPDATE URL DDNS To remove the update URL from the method called dyndns use the following commands awplus configure terminal awplus config ddns update method dyndns awplus config...

Page 750: ...vider supports IPv6 but does not support sending updates in IPv6 then this command is used so IPv6 updates can be sent using IPv4 instead The suppress ipv4 updates command is used in conjunction with...

Page 751: ...hod Configuration Example To configure the username atlnz for the method dyndns use the following commands awplus configure terminal awplus config ddns update method dyndns awplus config ddns update m...

Page 752: ...dress autoconfig on page 757 ipv6 enable on page 759 ipv6 eui64 linklocal on page 761 ipv6 forwarding on page 762 ipv6 multicast forward slow path packet on page 763 ipv6 nd accept ra pinfo on page 76...

Page 753: ...OMMANDS ipv6 opportunistic nd on page 781 ipv6 route on page 782 ipv6 unreachables on page 783 ping ipv6 on page 784 show ipv6 forwarding on page 785 show ipv6 interface brief on page 786 show ipv6 ne...

Page 754: ...iedWare Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS CLEAR IPV6 NEIGHBORS clear ipv6 neighbors Overview Use this command to clear all dynamic IPv6 neighbor entries Syntax clear ipv6 neighbors...

Page 755: ...ace Usage Note that link local addresses are retained in the system until they are negated by using the no variant of the command that established them See the ipv6 enable command for more information...

Page 756: ...onfig interface ppp0 awplus config fr subif ipv6 address 2001 0db8 a2 64 To remove the IPv6 address 2001 0db8 a2 64 from the PPP interface ppp0 use the following commands awplus configure terminal awp...

Page 757: ...g configuration parameters for IPv6 hosts The SLAAC process derives the interface identifier of the IPv6 address from the MAC address of the interface When applying SLAAC to an interface note that the...

Page 758: ...6 COMMANDS IPV6 ADDRESS AUTOCONFIG To disable SLAAC on the PPP interface ppp0 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 address autoco...

Page 759: ...connection Routing does not forward packets with link local addresses IPv6 requires that a link local address is assigned to each interface that has the IPv6 protocol enabled and when addresses are as...

Page 760: ...terminal awplus config interface ppp0 awplus config if ipv6 enable To disable IPv6 with only a link local IPv6 address on the PPP interface ppp0 use the following commands awplus configure terminal a...

Page 761: ...al address on an IPv6 enabled interface Syntax ipv6 eui64 linklocal no ipv6 eui64 linklocal Default The command ipv6 eui64 linklocal is enabled by default on any IPv6 enabled interface Mode Interface...

Page 762: ...lobally for all interface on your device with this command Use the no variant of this command to disable IPv6 unicast forwarding globally for all interfaces on your device IPv6 unicast forwarding allo...

Page 763: ...smallest MTU among the outgoing interfaces for the multicast group It will also ensure that a received packet that is larger than the MTU value will result in the generation of an ICMP Too Big message...

Page 764: ...d on an interface SLAAC is also enabled SLAAC addressing along with the EUI 64 process uses the prefix information included in a received RA to generate an automatic link local address on the IPv6 int...

Page 765: ...commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 nd current hoplimit 2 To reset the advertised current hop limit to the default 0 on the VLAN interface vlan2 use...

Page 766: ...1 Rev B Command Reference for AR2050V 766 AlliedWare Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS IPV6 ND CURRENT HOPLIMIT Related Commands ipv6 nd managed config flag ipv6 nd prefix ipv6 nd...

Page 767: ...this command to reset this command to its default of flag unset Syntax ipv6 nd managed config flag no ipv6 nd managed config flag Default Unset Mode Interface Configuration for a VLAN interface or a P...

Page 768: ...the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 nd minimum ra interval 60 To remove the minimum RA interval for the VL...

Page 769: ...mmand Reference for AR2050V 769 AlliedWare Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS IPV6 ND MINIMUM RA INTERVAL Related Commands ipv6 nd ra interval ipv6 nd suppress ra ipv6 nd prefix ipv...

Page 770: ...nd other config flag no ipv6 nd other config flag Default Unset Mode Interface Configuration for a VLAN interface or a PPP interface Usage Advertisement flags will not be transmitted unless you have...

Page 771: ...x to be advertised by the router advertisement message The IPv6 address prefix uses the format X X prefix length The prefix length is usually set between 0 and 64 The default is X X 64 valid lifetime...

Page 772: ...ddress prefix of 2001 0db8 64 with a valid lifetime of 10 days and a preferred lifetime of 5 days awplus configure terminal awplus config interface vlan4 awplus config if ipv6 nd prefix 2001 0db8 64 8...

Page 773: ...ion for a VLAN interface or a PPP interface Usage Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command as shown in the example below Example To set the a...

Page 774: ...lifetime of the current router to be announced in IPv6 Router Advertisements Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command This instruction is in...

Page 775: ...time in router advertisements on the VLAN interface vlan4 to be 1800000 milliseconds enter the following commands awplus configure terminal awplus config interface vlan4 awplus config if ipv6 nd reac...

Page 776: ...C613 50186 01 Rev B Command Reference for AR2050V 776 AlliedWare Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS IPV6 ND REACHABLE TIME Related Commands ipv6 nd suppress ra ipv6 nd prefix...

Page 777: ...terminal awplus config interface vlan2 awplus config if ipv6 nd retransmission time 800000 To reset the retransmission time of Neighbor Solicitation on the VLAN interface vlan2 to the default 1000 mil...

Page 778: ...C613 50186 01 Rev B Command Reference for AR2050V 778 AlliedWare Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS IPV6 ND RETRANSMISSION TIME Related Commands ipv6 nd suppress ra ipv6 nd prefix...

Page 779: ...pv6 nd suppress ra Default Router Advertisement RA transmission is suppressed by default Mode Interface Configuration for a VLAN interface or a PPP interface Example To enable the transmission of rout...

Page 780: ...specific IPv6 neighbor entry To clear all dynamic address entries use the clear ipv6 neighbors command Example To create a static neighbor entry for IPv6 address 2001 0db8 a2 on vlan 4 MAC address 00...

Page 781: ...guration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ICMPv6 ND packets The source MAC address for the unsolicited ICMPv6 ND packet is added...

Page 782: ...way ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awplus c...

Page 783: ...to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ipv6 unreachables command secures your network against this type of probing NOTE Disa...

Page 784: ...e number of data bytes to send excluding the 8 byte ICMP header The default is 56 64 ICMP data bytes interface interface list The interface or range of configured IP interfaces to use as the source in...

Page 785: ...V6 COMMANDS SHOW IPV6 FORWARDING show ipv6 forwarding Overview Use this command to display IPv6 forwarding status Syntax show ipv6 forwarding Mode User Exec and Privileged Exec Example awplus show ipv...

Page 786: ...ed with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 interface brief Mode User Exec and Privileged Exec Examples awplus show ipv6 interface brief Output Figure 23 2 Exampl...

Page 787: ...COMMANDS SHOW IPV6 NEIGHBORS show ipv6 neighbors Overview Use this command to display all IPv6 neighbors For information on filtering and saving command output see the Getting Started with AlliedWare...

Page 788: ...s turned on use the following command awplus show ipv6 route Parameter Description connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing informat...

Page 789: ...6 Routing Table Codes C connected S static R RIP O OSPF B BGP S 0 1 0 via 2001 a 0 0 c0a8 a6 vlan10 C 2001 db8 a 0 0 0 0 64 via vlan10 C 2001 db8 14 0 0 0 0 64 via vlan20 C 2001 db8 0 0 0 0 64 via vla...

Page 790: ...e the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the follow...

Page 791: ...te to the specified IPv6 host Syntax traceroute ipv6 ipv6 addr hostname Mode User Exec and Privileged Exec Example To run a traceroute for the IPv6 address 2001 0db8 a2 use the following command awplu...

Page 792: ...common across the routing IP protocols For more information see the Route Selection Feature Overview and Configuration Guide Command List ip route on page 793 ipv6 route on page 796 max fib routes on...

Page 793: ...Syntax VRF lite ip route vrf vrf name subnet mask gateway ip interface distance no ip route vrf vrf name subnet mask gateway ip interface distance Parameter Description subnet mask The IPv4 address o...

Page 794: ...as a static route available through the device at 10 10 0 2 with the default administrative distance use the commands awplus configure terminal awplus config no ip route 192 168 3 0 255 255 255 0 10 1...

Page 795: ...configuration awplus configure terminal awplus config no ip route vrf red 192 168 50 0 24 192 168 20 6 To create a static route from source VRF red to the subnet 192 168 50 0 24 with a next hop of 192...

Page 796: ...teway ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awplus...

Page 797: ...bal Configuration Examples To set the maximum number of dynamic routes to 2000 and warning threshold of 75 use the following commands awplus config terminal awplus config max fib routes 2000 75 Parame...

Page 798: ...C613 50186 01 Rev B Command Reference for AR2050V 798 AlliedWare Plus Operating System Version 5 4 7 1 x ROUTING COMMANDS MAX FIB ROUTES Related Commands max fib routes VRF...

Page 799: ...imum number of static routes to the default of 1024 static routes Syntax max static routes 1 1024 no max static routes Default The default number of static routes is the maximum number of static route...

Page 800: ...MP path calculations are flow based This means that packets from the same flow will always be sent on the same path Syntax maximum paths 1 8 no maximum paths Default By default the maximum number of p...

Page 801: ...x length Syntax VRF lite show ip route vrf vrf name global bgp connected ospf rip static Mode User Exec and Privileged Exec Example To display the static routes in the FIB use the command awplus show...

Page 802: ...s added Figure 24 1 Example output from the show ip route command Connected Route The connected route entry consists of This route entry denotes Route entries for network 10 10 31 0 24 are derived fro...

Page 803: ...next hop 10 10 31 16 The outgoing local interface for this route is vlan2 This route was added 20 minutes and 54 seconds ago OSPF External Route The OSPF external route entry consists of This route en...

Page 804: ...le use the output redirection token Syntax show ip route database bgp connected ospf rip static Syntax VRF lite show ip route vrf vrf name global database bgp connected ospf rip static Mode User Exec...

Page 805: ...y connected vlan2 00 28 20 C 10 10 31 0 24 is directly connected vlan2 S 10 10 34 0 24 1 0 via 10 10 31 16 vlan2 O 10 10 34 0 24 110 31 via 10 10 31 16 vlan2 00 21 19 O 10 10 37 0 24 110 11 via 10 10...

Page 806: ...is static route has a lower administrative distance than the OSPF route 110 the static route 1 is selected and installed in the FIB If the static route becomes unavailable then the device automaticall...

Page 807: ...f vrf name global Mode User Exec and Privileged Exec Example To display a summary of the current RIB entries use the command awplus show ip route summary Output Figure 24 4 Example output from the sho...

Page 808: ...xample output from the show ip route summary vrf red command Related Commands show ip route show ip route database Command changes Version 5 4 6 2 1 VRF lite support added IP routing table name is Def...

Page 809: ...ers turned on use the following command awplus show ipv6 route Parameter Description connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing inform...

Page 810: ...Pv6 Routing Table Codes C connected S static R RIP O OSPF B BGP S 0 1 0 via 2001 a 0 0 c0a8 a6 vlan10 C 2001 db8 a 0 0 0 0 64 via vlan10 C 2001 db8 14 0 0 0 0 64 via vlan20 C 2001 db8 0 0 0 0 64 via v...

Page 811: ...ee the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the follo...

Page 812: ...amily ipv4 RIP on page 816 alliedware behavior on page 817 cisco metric behavior RIP on page 819 clear ip rip route on page 820 debug rip on page 822 default information originate RIP on page 823 defa...

Page 813: ...sive interface RIP on page 851 recv buffer size RIP on page 852 redistribute RIP on page 853 restart rip graceful on page 855 rip restart grace period on page 856 route RIP on page 857 router rip on p...

Page 814: ...onfigure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 Sep 3 2016 04 04 02 Oct 6 2016 Parameter Description start date Speci...

Page 815: ...ystem Version 5 4 7 1 x RIP COMMANDS ACCEPT LIFETIME or awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 3 Sep...

Page 816: ...Address Family mode and return to Router Configuration mode use the exit address family command Example In this example the address family green is entered and then exited by using the exit address fa...

Page 817: ...P being advertised does not match the subnetting used on the outgoing RIPv1 interface it will be filtered The alliedware behavior command returns your router s RIPv1 behavior to the AlliedWare format...

Page 818: ...ce to AlliedWare Plus like behavior when sending and receiving RIPv1 update messages enter the commands awplus configure terminal awplus config router rip awplus config router no alliedware behavior r...

Page 819: ...avior enable disable no cisco metric behavior Default By default the Cisco metric behavior is disabled Mode Router Configuration Examples To enable the routing metric update to behave as per the Cisco...

Page 820: ...routes use the following command awplus clear ip rip vrf red route ospf To clear the route 10 0 0 0 8 from the RIP routing table for the VRF instance red use the following command awplus clear ip rip...

Page 821: ...C613 50186 01 Rev B Command Reference for AR2050V 821 AlliedWare Plus Operating System Version 5 4 7 1 x RIP COMMANDS CLEAR IP RIP ROUTE Command changes Version 5 4 6 2 1 VRF lite support added...

Page 822: ...de Privileged Exec and Global Configuration Example The following example displays information about the RIP packets that are received and sent out from the device awplus debug rip packet Related Comm...

Page 823: ...being redistributed the RIP protocol will advertise this default route irrespective of whether the default information originate command has been configured or not However if the router has not redis...

Page 824: ...utes regardless of the original protocol that the route has been redistributed from Examples This example assigns the cost of 10 to the routes that are redistributed into RIP awplus configure terminal...

Page 825: ...y Configuration for a VRF instance Examples To set the administrative distance to 8 for the RIP routes within the 10 0 0 0 8 network use the commands awplus configure terminal awplus config router rip...

Page 826: ...he interface the filter will be applied to all interfaces Examples In this example the following commands are used to apply a prefix list called myfilter to filter incoming routing updates in vlan2 aw...

Page 827: ...f larger update messages Use the no variant of this command to disable this feature Syntax fullupdate no fullupdate Default By default this feature is disabled Mode RIP Router Configuration or RIP Rou...

Page 828: ...authentication Use the ip rip authentication key chain command for multiple keys authentication See the RIP Feature Overview and Configuration Guide for illustrated RIP configuration examples For mult...

Page 829: ...keychain key send lifetime 10 00 00 Oct 08 2016 duration 43200 awplus config keychain key exit awplus config keychain exit awplus config interface vlan2 awplus config if ip rip authentication key chai...

Page 830: ...and for single key authentication Use the ip rip authentication key chain command for multiple keys authentication See the RIP Feature Overview and Configuration Guide for illustrated RIP configuratio...

Page 831: ...for the given interface text or MD5 using the following commands awplus config if ip rip authentication mode md5 text Example 1 In the following example of a configuration for multiple keys authentica...

Page 832: ...his interface awplus configure terminal awplus config interface ppp0 awplus config if ip rip authentication mode md5 Example 3 The following example specifies mykey as the authentication string with M...

Page 833: ...see the RIP Feature Overview and Configuration Guide Use the following steps to configure a route to enable RIPv2 authentication using a single key or password 1 Define the authentication string or pa...

Page 834: ...xample the VLAN interface vlan2 is configured to have an authentication string as guest Any received RIP packet in that interface should have the same string as password awplus configure terminal awpl...

Page 835: ...ive packet no ip rip receive packet Default Receive packet is enabled Mode Interface Configuration for a VLAN interface or a PPP interface Example This example shows packet receiving being turned on f...

Page 836: ...be run in version 1 or version 2 mode Version 2 has more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP version is set RIP packets of t...

Page 837: ...nd packet no ip rip send packet Default Send packet is enabled Mode Interface Configuration for a VLAN interface or a PPP interface Example This example shows packet sending being turned on for the VL...

Page 838: ...2 has more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP version is set RIP packets of that version will be received and sent on all t...

Page 839: ...nfig interface vlan4 awplus config if ip rip send version 2 In the following example the VLAN interface vlan3 is configured to use the RIP version specified by the version RIP command awplus configure...

Page 840: ...end RIP version 2 packets only awplus configure terminal awplus config interface ppp0 awplus config if ip rip send version 2 In the following example the PPP interface ppp2 is configured to use the RI...

Page 841: ...ed by the version RIP command RIP can be run in version 1 compatible mode Version 2 has more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the...

Page 842: ...mpatible packets so it broadcasts both RIP version 1 and 2 packets awplus configure terminal awplus config interface ppp1 awplus config if ip rip send version 1 compatible In the following example the...

Page 843: ...oid including routes in updates sent to the same gateway from which they were learned Without the poisoned parameter using this command causes routes learned from a neighbor to be omitted from updates...

Page 844: ...key keyid Mode Keychain Configuration Usage This command allows you to enter the keychain key mode where a password can be set for the key Example The following example configures a key number 1 and s...

Page 845: ...Syntax key chain key chain name no key chain key chain name Mode Global Configuration Usage This command allows you to enter the keychain mode from which you can specify keys on this key chain Exampl...

Page 846: ...les In the following example the password for key1 in the key chain named mychain is set to password prime awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awplus...

Page 847: ...iting of the number of RIP routes stored in the routing table Syntax maximum prefix maxprefix threshold no maximum prefix Mode Router Configuration Example To configure the maximum number of RIP route...

Page 848: ...d to exchange nonbroadcast routing information It can be used multiple times for additional neighbors The passive interface RIP command disables sending routing updates on an interface Use the neighbo...

Page 849: ...ill be sent and received within the specified network or VLAN When running VRF lite this command can be applied to a VRF instance Example Use the following commands to activate RIP routing updates on...

Page 850: ...Reference for AR2050V 850 AlliedWare Plus Operating System Version 5 4 7 1 x RIP COMMANDS NETWORK RIP Related Commands show ip rip show running config clear ip rip route Command changes Version 5 4 6...

Page 851: ...ress Family Configuration for a VRF instance Example Use the following commands to block RIP broadcasts on vlan20 awplus configure terminal awplus config router rip awplus config router passive interf...

Page 852: ...r size to the system default 196608 bits Syntax recv buffer size 8192 2147483647 no recv buffer size 8192 2147483647 Default 196608 bits is the system default when reset using the no variant of this c...

Page 853: ...ode RIP Router Configuration or RIP Router Address Family Configuration for a VRF instance Example To apply the metric value 15 to static routes being redistributed into RIP use the commands awplus co...

Page 854: ...value 15 to static routes in address family ipv4 VRF instance blue being redistributed into RIP use the following commands awplus configure terminal awplus config router rip awplus config router addr...

Page 855: ...s executed the RIP process immediately shuts down It notifies the system that RIP has performed a graceful shutdown Routes that have been installed into the route table by RIP are preserved until the...

Page 856: ...restart Use the no variant of this command to disable this function Syntax rip restart grace period 1 65535 no rip restart grace period 1 65535 Mode Global Configuration Default The default RIP grace...

Page 857: ...r adding the RIP route the route can be checked in the RIP routing table Example To create a static RIP route to IP subnet 192 168 1 0 24 use the following commands awplus configure terminal awplus co...

Page 858: ...Use the no variant of this command to disable the RIP routing process Syntax router rip no router rip Mode Global Configuration Example This command is used to begin the RIP routing process awplus co...

Page 859: ...fig keychain key send lifetime 03 03 01 Jan 3 2016 04 04 02 Dec 6 2016 Parameter Description start date Specifies the start time and date in the format hh mm ss day month year or hh mm ss month day ye...

Page 860: ...C613 50186 01 Rev B Command Reference for AR2050V 860 AlliedWare Plus Operating System Version 5 4 7 1 x RIP COMMANDS SEND LIFETIME Related Commands key key string key chain accept lifetime...

Page 861: ...ing status for these debugging options nsmdebugging RIP eventdebugging RIP packet debugging and RIP nsm debugging For information on filtering and saving command output see the Getting Started with Al...

Page 862: ...show ip protocols rip Output Figure 25 1 Example output from the show ip protocols rip command Routing Protocol is rip Sending updates every 30 seconds with 50 next due in 12 seconds Timeout after 180...

Page 863: ...ntax show ip rip Mode User Exec and Privileged Exec Example awplus show ip rip Output Figure 25 2 Example output from the show ip rip command Related Commands route RIP network RIP clear ip rip route...

Page 864: ...the RIP database For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip rip database full Mode Use...

Page 865: ...Overview Use this command to display information about the RIP interfaces You can specify an interface name to display information about a specific interface Syntax show ip rip interface interface Mod...

Page 866: ...de Syntax show ip rip vrf vrf name global database full Mode User Exec and Privileged Exec Example To display information about the RIP database associated with a VRF instance blue use the command awp...

Page 867: ...ce blue use the command awplus show ip rip vrf blue interface Output Figure 25 4 Example output from show ip rip vrf blue interface vlan3 NOTE The Time parameter operates as follows RIP updates occur...

Page 868: ...as been dropped When the time specified by the garbage parameter expires the metric 16 route is finally removed from the routing table Until the garbage time expires the route is included in all updat...

Page 869: ...timer to 30 the routing information timeout timer to 180 and the routing garbage collection timer to 120 with VRF use the following command awplus configure terminal awplus config router rip awplus c...

Page 870: ...nsm packet Mode Privileged Exec Example To disable the options set for debugging RIP information events use the following command awplus undebug rip packet Related Commands debug rip Parameter Descri...

Page 871: ...ed and sent on all the RIP enabled interfaces Setting the version command has no impact on receiving updates only on sending them The ip rip send version command overrides the value set by the version...

Page 872: ...C613 50186 01 Rev B Command Reference for AR2050V 872 AlliedWare Plus Operating System Version 5 4 7 1 x RIP COMMANDS VERSION RIP Command changes Version 5 4 6 2 1 VRF lite support added...

Page 873: ...res the encoding of the next hop for a set of routes For more information see the RIPng Feature Overview and Configuration Guide Command List aggregate address IPv6 RIPng on page 875 clear ipv6 rip ro...

Page 874: ...g System Version 5 4 7 1 x RIPNG FOR IPV6 COMMANDS show debugging ipv6 rip on page 892 show ipv6 protocols rip on page 893 show ipv6 rip on page 894 show ipv6 rip database on page 895 show ipv6 rip in...

Page 875: ...ge covered by the aggregate route are retained in the RIPng database but are marked as suppressed routes The aggregate route will be advertised in RIPng updates and the component route will no longer...

Page 876: ...clear ipv6 rip route 2001 db8 32 Parameter Description ipv6 addr prefix length Specify the IPv6 Address in format X X X X Prefix Length The prefix length is a decimal integer between 1 and 128 Remove...

Page 877: ...detail send detail Default RIPng debugging is disabled by default Mode Privileged Exec and Global Configuration Example awplus debug ipv6 rip events awplus debug ipv6 rip packet send detail awplus deb...

Page 878: ...ormation originate IPv6 RIPng Overview Use this command to generate a default route into RIPng Use the no variant of this command to disable this feature Syntax default information originate no defaul...

Page 879: ...metric value for all redistributed RIPng routes regardless of the original protocol that the route has been redistributed from Note this metric is not applied to routes that are brought into RIPng by...

Page 880: ...ter Configuration Usage Filter out incoming or outgoing route updates using the prefix list If you do not specify the name of the interface the filter is applied to all the interfaces Example To filte...

Page 881: ...f the route in the routing table Note this command only increments the metric for incoming routes on a specified interface Increasing the metric value for a VLAN interface increases the metric value o...

Page 882: ...to the default value enter the below commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 rip metric offset 1 To increment the metric offset on the PPP interface...

Page 883: ...ed parameter with this command includes such routes in updates but sets their metrics to infinity Thus advertising that these routes are not reachable Examples To perform split horizon with poisoned r...

Page 884: ...System Version 5 4 7 1 x RIPNG FOR IPV6 COMMANDS IPV6 RIP SPLIT HORIZON To disable split horizon on the PPP interface ppp0 enter the below commands awplus configure terminal awplus config interface p...

Page 885: ...on the VLAN interface vlan2 enter the below commands awplus configure terminal awplus config router ipv6 rip awplus config router exit awplus config interface vlan2 awplus config if ipv6 router rip To...

Page 886: ...itional neighbors The passive interface IPv6 RIPng command disables sending routing updates on an interface Use the neighbor command in conjunction with the passive interface IPv6 RIPng command to sen...

Page 887: ...his command to disable this function Syntax passive interface interface no passive interface interface Default Disabled Mode Router Configuration Examples To enable suppression of routing updates use...

Page 888: ...et it back to the system default of 196608 bits Syntax recv buffer size 8192 2147483647 no recv buffer size 8192 2147483647 Default The RIPng UDP receive buffer size is 196608 bits by default and is r...

Page 889: ...g metric value is set to 1 Mode Router Configuration Example To redistribute information from other routing protocols into RIPng use the following commands awplus configure terminal awplus config rout...

Page 890: ...x length Mode Router Configuration Usage Use this command to add a static RIPng route After adding the RIPng route the route can be checked in the RIPng routing table Example To configure static RIPng...

Page 891: ...this global command to enter Router Configuration mode to enable a RIPng routing process Use the no variant of this command to disable the RIPng routing process Syntax router ipv6 rip no router ipv6 r...

Page 892: ...ptions of nsm debugging RIPng eventdebugging RIPng packetdebugging and RIPng nsm debugging For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature O...

Page 893: ...x show ipv6 protocols rip Mode User Exec and Privileged Exec Example To display RIPng process parameters and statistics use the following command awplus show ipv6 protocols rip Output awplus show ipv6...

Page 894: ...tion Guide Syntax show ipv6 rip Mode User Exec and Privileged Exec Example To display RIPng routes use the following command awplus show ipv6 rip Output Related Commands show ipv6 rip database Codes R...

Page 895: ...ode User Exec and Privileged Exec Example To display information about the RIPng database use the following command awplus show ipv6 rip database Output Related Commands show ipv6 rip Parameter Descri...

Page 896: ...e Syntax show ipv6 rip interface interface Mode User Exec and Privileged Exec Example To display RIPng interface information use the following command awplus show ipv6 rip interface Output Parameter D...

Page 897: ...r is 120 seconds The no variant of this command restores the default RIPng routing timers Mode Router Configuration Example To adjust the RIPng routing network timers use the following commands awplus...

Page 898: ...gging options use the following command awplus undebug ipv6 rip events awplus undebug ipv6 rip all awplus undebug ipv6 rip packet send awplus undebug ipv6 rip packet recv detail Related Commands debug...

Page 899: ...t on page 902 area authentication on page 903 area filter list on page 904 area nssa on page 905 area range on page 907 area stub on page 909 area virtual link on page 910 auto cost reference bandwidt...

Page 900: ...f hello interval on page 940 ip ospf message digest key on page 941 ip ospf mtu on page 943 ip ospf mtu ignore on page 944 ip ospf network on page 945 ip ospf priority on page 946 ip ospf resync timeo...

Page 901: ...ospf database opaque area on page 982 show ip ospf database opaque as on page 983 show ip ospf database opaque link on page 984 show ip ospf database router on page 985 show ip ospf database summary...

Page 902: ...A or stub area Refer to the RFC 3101 for information on NSSA Example To set the default cost to 10 in area 1 for the OSPF instance 100 use the commands awplus configure terminal awplus config router o...

Page 903: ...e correct password may join the routing domain Give all routers that are to communicate with each other through OSPF the same authentication password Use the ip ospf authentication key command to spec...

Page 904: ...prefix prefix list in out no area area id filter list prefix prefix list in out Mode Router Configuration Parameter Description area id The OSPF area that you are configuring the filter for Use one of...

Page 905: ...NSSA not both The no variant of this command removes this designation Syntax area area id nssa default information originate metric no redistribution no summary translator role role no area area id n...

Page 906: ...router area 0 0 0 51 nssa awplus config router area 3 nssa translator role candidate no redistribution default information originate metric 34 metric type 2 Related Commands area default cost role The...

Page 907: ...function and restores default behavior Syntax area area id range ip addr prefix length advertise not advertise no area area id range ip addr prefix length Default The area range is not configured by d...

Page 908: ...ion 5 4 7 1 x OSPF COMMANDS AREA RANGE Ensure OSPF IPv4 routes exist in the area range for advertisement before using this command Example awplus configure terminal awplus config router ospf 100 awplu...

Page 909: ...he area default cost command The no variant of this command removes this definition Syntax area area id stub no summary no area area id stub no summary Mode Router Configuration Example awplus configu...

Page 910: ...etransmit interval 1 3600 transmit delay 1 3600 no area area id virtual link ip addr authentication dead interval hello interval retransmit interval transmit delay Parameter Description area id The ar...

Page 911: ...smissions The transmit delay is the time taken to transmit a link state update packet on the interface Before transmission the link state advertisements in the update packet are incremented by this am...

Page 912: ...186 01 Rev B Command Reference for AR2050V 912 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS AREA VIRTUAL LINK Related Commands area authentication show ip ospf show ip ospf virtual...

Page 913: ...rence bandwidth value to differentiate the costs on those links Cost is calculated by dividing the reference bandwidth Mbps by the layer 3 interface Switched Virtual Interface SVI Loopback or Ethernet...

Page 914: ...r 1 Interface cost is 1 The auto cost reference bandwidth value should be consistent across all OSPF routers in the OSPF process Note that using the ip ospf cost command on a layer 3 interface will ov...

Page 915: ...eed within that VLAN Syntax bandwidth bandwidth setting no bandwidth Mode Interface Configuration for a VLAN interface Example To set the bandwidth on VLAN2 to be 1 Mbps use the following commands awp...

Page 916: ...sopaque LSAs Opaque LSAs are Type9 10and11LSAs that deliver information used by external applications Use the no variant of this command to disable opaque LSAs Syntax capability opaque no capability o...

Page 917: ...t this is enabled Use the no variant of this command to disable OSPF Graceful Restart and restart signaling features Syntax capability restart graceful signaling no capability restart Default Graceful...

Page 918: ...cess Overview This command clears and restarts the OSPF routing process Specify the Process ID to clear one particular OSPF process When no Process ID is specified this command clears all running OSPF...

Page 919: ...tric of the component paths available RFC 2328 specifies a method for calculating metrics based on maximum cost It is possible that some ABRs in an area might conform to RFC 1583 and others support RF...

Page 920: ...ommand disable OSPF debugging Use this command without parameters to disable all the options Syntax debug ospf events abr asbr lsa nssa os router vlink no debug ospf events abr asbr lsa nssa os router...

Page 921: ...nd undebug variant of this command disable OSPF IFSM debugging Use this command without parameters to disable all the options Syntax debug ospf ifsm status events timers no debug ospf ifsm status even...

Page 922: ...efresh Mode Privileged Exec and Global Configuration Examples awplus undebug ospf lsa refresh Output Figure 27 1 Example output from the debug ospf lsa command Related Commands terminal monitor undebu...

Page 923: ...debug variantof this commanddisableOSPF NFSMdebugging Use this command without parameters to disable all the options Syntax debug ospf nfsm events status timers no debug ospf nfsm events status timers...

Page 924: ...ndebug variant of this command disable OSPF NSM debugging Use this command without parameters to disable both options Syntax debug ospf nsm interface redistribute no debug ospf nsm interface redistrib...

Page 925: ...t ls update recv send Mode Privileged Exec and Global Configuration Examples awplus debug ospf packet detail awplus debug ospf packet dd send detail awplus no debug ospf packet ls request recv detail...

Page 926: ...ute debugging Use this command without parameters to disable all options Syntax debug ospf route ase ia install spf no debug ospf route ase ia install spf Mode Privileged Exec and Global Configuration...

Page 927: ...ither Type 1 or 2 The default is Type 2 The no variant of this command disables this feature Syntax default information originate always metric metric metric type 1 2 route map route map no default in...

Page 928: ...acilitates redistributing routes even with incompatible metrics If the metrics do not convert the default metric provides an alternative and enables the redistribution to continue The effect of this c...

Page 929: ...spf 1 255 Default The default OSPF administrative distance is 110 The default Administrative Distance for each type of route intra inter or external is 110 Mode Router Configuration Usage The administ...

Page 930: ...r intra area routes 40 for external routes use the commands awplus config router ospf 100 awplus config router distance ospf inter area 20 intra area 10 external 40 To set the administrative distance...

Page 931: ...nabled the database exchange process is optimized by removing the LSA from the database summary list for the neighbor if the LSA instance in the database summary list is the same as or less recent tha...

Page 932: ...ip address area area id cost 0 65535 no host ip address area area id cost 0 65535 Default By default no host entry is configured Mode Router Configuration Example awplus configure terminal awplus con...

Page 933: ...a Simple Text password Use the ip ospf message digest key command to specify MD5 password Example In this example VLAN interface vlan2 is configured to have no authentication This will override any te...

Page 934: ...Allneighboringrouters on the same network with the same password exchange OSPF routing data The key can be used only when authentication is enabled for an area Use the area authentication command to e...

Page 935: ...d on PPP interface ppp0 in area 0 Note that first authentication is enabled for area 0 awplus configure terminal awplus config router ospf 100 awplus config router network 10 10 10 0 24 area 0 awplus...

Page 936: ...terface cost indicates the overhead required to send packets across a certain VLAN interface This cost is stated in the Router LSA s link Typically the cost is inversely proportional to the bandwidth...

Page 937: ...PP interface Usage OSPF floods new LSAs over all interfaces in an area except the interface on which the LSA arrives This redundancy ensures robust flooding However too much redundancy can waste bandw...

Page 938: ...mmand specifying the IP address of the interface and want to remove the configuration specify the IP address no ip ospf ip address dead interval Syntax ip ospf ip address dead interval 1 65535 no ip o...

Page 939: ...mmand and disables the processing of packets on the specific interface Use the no variant of this command to restore OSPF packet processing on a selected interface Syntax ip ospf disable all no ip osp...

Page 940: ...address hello interval 1 65535 no ip ospf ip address hello interval Default The default interval is 10 seconds Mode Interface Configuration for a VLAN interface or a PPP interface Example The followin...

Page 941: ...tted in duplicate one copy of the packet will be transmitted for each of the current keys This is helpful for administrators who want to change the OSPF password without disrupting communication The s...

Page 942: ...entication on the PPP interface ppp0 when IP address has not been specified awplus configure terminal awplus config interface ppp0 awplus config if ip ospf authentication message digest awplus config...

Page 943: ...yntax ip ospf mtu 576 65535 no ip ospf mtu Default By default OSPF uses interface MTU derived from the VLAN interface Mode Interface Configuration for a VLAN interface or a PPP interface Usage This co...

Page 944: ...ration for a VLAN interface or a PPP interface Usage By default during the DD exchange process OSPF checks the MTU size described in the DD packets received from the neighbor If the MTU size does not...

Page 945: ...age This command forces the interface network type to the specified type Depending on the network type OSPF changes the behavior of the packet transmission and the link description in LSAs Example The...

Page 946: ...router with the higher router priority becomes the DR If the router priority is the same for two routers the router with the higher router ID takes precedence Only routers with nonzero router priorit...

Page 947: ...ip ospf ip address resync timeout Mode Interface Configuration for a VLAN interface or a PPP interface Example The following exampleshows setting the OSPF resynchronization timeout value to 65 second...

Page 948: ...ntil it receives an acknowledgment In case the router does not receive an acknowledgment during the set time the retransmit interval value it retransmits the LSA Set the retransmission interval value...

Page 949: ...time to the age field of an update If the delay is not added the time in which the LSA transmits over the link is not considered This command is especially useful for low speed links Add transmission...

Page 950: ...nt dd 1 65535 no max concurrent dd Mode Router Configuration Usage This command is useful when a router s performance is affected from simultaneously bringing up several OSPF adjacencies This command...

Page 951: ...maximum number of OSPF areas is 4294967294 Mode Router Configuration Usage Use this command in router OSPF mode to specify the maximum number of OSPF areas Examples The following example sets the max...

Page 952: ...he reduced rate at which routers continue to send hello packets when a neighboring router has become inactive Setthe poll interval to be much larger than hello interval Examples This example shows a n...

Page 953: ...bits and consecutive 1 s as host bits Examples The following commands show the use of the network area command with OSPF multiple instance support disabled awplus configure terminal awplus config rou...

Page 954: ...iedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS NETWORK AREA The following commands disable OSPF routing with Area ID 3 on all interfaces awplus configure terminal awplus config router o...

Page 955: ...Type By this definition a router is considered an ABR if it has more than one area actively attached and one of them is the backbone area IBM ABR Type By this definition a router is considered an ABR...

Page 956: ...the OSPF Graceful Restart feature and set the restart grace period Changes from the default restart grace period are displayed in the running config The restart grace period is not displayed in the r...

Page 957: ...e OSPF restart helper while the no ospf restart helper max grace period command resets the max grace period rather than the helper policy itself Example awplus configure terminal awplus config ospf re...

Page 958: ...13 50186 01 Rev B Command Reference for AR2050V 958 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS OSPF RESTART HELPER Related Commands ospf restart grace period restart ospf gracefu...

Page 959: ...ss no ospf router id Mode Router Configuration Usage Configure each router with a unique router id In an OSPF router process that has active neighbors a new router id takes effect at the next reload o...

Page 960: ...with this command if a shutdown is required if the number of LSAs exceeds the specified number Use soft with this command if a shutdown is not required but a warning message is required if the number...

Page 961: ...s a router can receive once it is in the wait state It takes the number of seconds specified as the recover time to recover from this state Example The following example shows setting the maximum numb...

Page 962: ...dress no passive interface interface ip address Mode Router Configuration Usage Configure an interface to be passive if you wish its connected route to be treated as an OSPF route rather than an AS ex...

Page 963: ...e OSPF domain to generate AS external LSAs If a route map is configured by this command then that route map is used to control which routes are redistributed and can set metric and tag values on parti...

Page 964: ...nal awplus config route map rmap2 permit 3 awplus config route map match interface vlan1 awplus config route map set metric type 1 awplus config route map exit awplus config router ospf 100 awplus con...

Page 965: ...his command is executed the OSPF process immediately shuts down It notifies the system that OSPF has performed a graceful shutdown Routes installed by OSPF are preserved until the grace period expires...

Page 966: ...yntax VRF lite router ospf process id vrf instance no router ospf process id Default No routing process is defined by default Mode Global Configuration Usage The process ID of OSPF is an optional para...

Page 967: ...OSPF COMMANDS ROUTER OSPF Example VRF lite To enter Router Configuration mode to configure an existing OSPF routing process 100 for VRF instance red use the commands awplus configure terminal awplus...

Page 968: ...ter id ip address no router id Mode Router Configuration Usage Configure each router with a unique router id In an OSPF router process that has active neighbors a new router id is used at the next rel...

Page 969: ...currently enabled For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ospf Mode User Exe...

Page 970: ...ip ospf 100 Parameter Description process id 0 65535 The ID of the router process for which information will be displayed If this parameter is included only the information for the specified routing p...

Page 971: ...algorithm executed 0 times Number of LSA 0 Checksum 0x000000 Table 1 Example output from the show ip ospf command cont Table 2 Example output from the show ip ospf process id command Routing Process...

Page 972: ...nce Route Limit The maximum number of OSPF routes which may be used for forwarding Allocate d The current total number of OSPF routes allocated in the OSPF module Visible The current number of OSPF ro...

Page 973: ...nd output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip ospf border routers show ip ospf process id border routers Mode User Exec and Privileged...

Page 974: ...awplus show ip ospf 721 border routers Output Figure 27 4 Example output from the show ip ospf database command Parameter Description process id 0 65535 The ID of the router process for which informa...

Page 975: ...put from the show ip ospf database self originate command OSPF Router process 100 with ID 10 10 11 50 Router Link States Area 0 0 0 1 NSSA Link ID ADV Router Age Seq CkSum Link count 10 10 11 50 10 10...

Page 976: ...d with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip ospf database asbr summary ip addr self originate advrouter Mode User Exec and Privileged Exec Examples awplus show ip os...

Page 977: ...ip ospf database external 1 2 3 4 adv router 2 3 4 5 Output Figure 27 6 Example output from the show ip ospf database external self originate command Parameter Description adv router Displays all the...

Page 978: ...base external adv router command awplus show ip ospf database external adv router 1 1 1 1 AS External Link States LS age 273 Options 0x2 E LS Type AS external LSA Link State ID 172 16 0 0 External Net...

Page 979: ...riginate awplus show ip ospf database network 1 2 3 4 adv router 2 3 4 5 Output Figure 27 8 Example output from the show ip ospf database network command Parameter Description adv router id The router...

Page 980: ...atabase nssa external self originate awplus show ip ospf database nssa external 1 2 3 4 adv router 2 3 4 5 Output Figure 27 9 Example output from the show ip ospf database nssa external adv router com...

Page 981: ...ink States Area 0 0 0 0 NSSA external Link States Area 0 0 0 1 NSSA LS age 78 Options 0x0 LS Type AS NSSA LSA Link State ID 0 0 0 0 External Network Number For NSSA Advertising Router 10 10 11 50 LS S...

Page 982: ...Privileged Exec Examples awplus show ip ospf database opaque area 1 2 3 4 self originate awplus show ip ospf database opaque area self originate awplus show ip ospf database opaque area 1 2 3 4 adv r...

Page 983: ...and Privileged Exec Examples awplus show ip ospf database opaque as 1 2 3 4 self originate awplus show ip ospf database opaque as self originate awplus show ip ospf database opaque as 1 2 3 4 adv rou...

Page 984: ...show ip ospf database opaque link 1 2 3 4 self originate awplus show ip ospf database opaque link self originate awplus show ip ospf database opaque link 1 2 3 4 adv router 2 3 4 5 Output Figure 27 12...

Page 985: ...e awplus show ip ospf database router 1 2 3 4 adv router 2 3 4 5 Output Figure 27 13 Example output from the show ip ospf database router command Parameter Description adv router Displays all the LSAs...

Page 986: ...k States Area 0 0 0 1 LS age 877 Options 0x2 E Flags 0x3 ABR ASBR LS Type router LSA Link State ID 10 10 11 50 Advertising Router 10 10 11 50 LS Seq Number 80000003 Checksum 0xee93 Length 36 Number of...

Page 987: ...1 2 3 4 self originate awplus show ip ospf database summary self originate awplus show ip ospf database summary 1 2 3 4 adv router 2 3 4 5 Output Figure 27 14 Example output from the show ip ospf dat...

Page 988: ...rk Number Advertising Router 10 10 11 50 LS Seq Number 80000001 Checksum 0x36ac Length 28 Network Mask 24 TOS 0 Metric 10 Summary Link States Area 0 0 0 1 LS age 1061 Options 0x2 E LS Type summary LSA...

Page 989: ...11 50 Summary Link States Area 0 0 0 0 LS age 989 Options 0x2 E LS Type summary LSA Link State ID 10 10 11 0 summary Network Number Advertising Router 10 10 11 50 LS Seq Number 80000001 Checksum 0x36...

Page 990: ...Example output from the show ip ospf interface command Parameter Description interface name The VLAN name for example vlan3 vlan2 is up line protocol is up Internet Address 1 1 1 1 24 Area 0 0 0 0 MT...

Page 991: ...0 10 50 detail all Output Note that before a device enters OSPF Graceful Restart it first informs its OSPF neighbors In the show output the symbol beside the Dead Time parameter indicates that the dev...

Page 992: ...00 00 38 Neighbor is up for 00 53 07 Database Summary List 0 Link State Request List 0 Link State Retransmission List 0 Crypt Sequence Number is 0 Thread Inactivity Timer on Thread Database Descriptio...

Page 993: ...ospf route Output Figure 27 21 Example output from the show ip ospf route command for a specific process Parameter Description ospf id 0 65535 The ID of the router process for which information will b...

Page 994: ...c Examples To display virtual link information use the command awplus show ip ospf virtual links Output Figure 27 22 Example output from the show ip ospf virtual links command Virtual Link VLINK0 to r...

Page 995: ...e User Exec and Privileged Exec Examples To display OSPF process parameters and statistics use the command awplus show ip protocols ospf Output Figure 27 23 Example output from the show ip protocols o...

Page 996: ...route individually in an external LSA Use the summary address command to advertise one summary route for all redistributed routes covered by a specified network address and mask This helps decrease t...

Page 997: ...e calculation of the Shortest Path First SPF Examples To set the minimum delay time to 5 milliseconds and maximum delay time to 10 milliseconds use the commands awplus configure terminal awplus config...

Page 998: ...ommand Reference for AR2050V 998 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF EVENTS undebug ospf events Overview This command applies the functionality of the no debu...

Page 999: ...B Command Reference for AR2050V 999 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF IFSM undebug ospf ifsm Overview This command applies the functionality of the no debug...

Page 1000: ...B Command Reference for AR2050V 1000 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF LSA undebug ospf lsa Overview This command applies the functionality of the no debug...

Page 1001: ...Command Reference for AR2050V 1001 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF NFSM undebug ospf nfsm Overview This command applies the functionality of the no debug...

Page 1002: ...B Command Reference for AR2050V 1002 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF NSM undebug ospf nsm Overview This command applies the functionality of the no debug...

Page 1003: ...mmand Reference for AR2050V 1003 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF PACKET undebug ospf packet Overview This command applies the functionality of the no debu...

Page 1004: ...Command Reference for AR2050V 1004 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF ROUTE undebug ospf route Overview This command applies the functionality of the no debu...

Page 1005: ...n page 1011 area encryption ipsec spi esp on page 1012 area range IPv6 OSPF on page 1015 area stub IPv6 OSPF on page 1017 area virtual link IPv6 OSPF on page 1018 area virtual link authentication ipse...

Page 1006: ...5 max concurrent dd IPv6 OSPF on page 1057 passive interface IPv6 OSPF on page 1058 redistribute IPv6 OSPF on page 1059 restart ipv6 ospf graceful on page 1061 router ipv6 ospf on page 1062 router id...

Page 1007: ...ry address IPv6 OSPF on page 1089 timers spf IPv6 OSPF deprecated on page 1091 timers spf exp IPv6 OSPF on page 1092 undebug ipv6 ospf events on page 1093 undebug ipv6 ospf ifsm on page 1094 undebug i...

Page 1008: ...r is considered an ABR if it has more than one area actively attached and one of them is the backbone area IBM ABR Type By this definition a router is considered an ABR if it has more than one area ac...

Page 1009: ...ink interfaces Use the sha1 keyword to choose SHA 1 authentication instead of entering the md5 keyword to use MD5 authentication The SHA 1 algorithm is more secure than the MD5 algorithm SHA 1 uses a...

Page 1010: ...rtofarea authentication not being authenticated So neighbors time out Example To enable MD5 authentication with a 32 hexadecimal character key for OPSPF area 1 use the commands awplus configure termin...

Page 1011: ...rea border router that is attached to the stub area Example To set the default cost to 10 in area 1 for the OSPF process P2 use the commands awplus configure terminal awplus config router ipv6 ospf P2...

Page 1012: ...ecimal format Use one of the following formats ip addr OSPF area ID expressed in IPv4 address format A B C D 0 4294967295 OSPF area ID expressed as a decimal number within the range shown For example...

Page 1013: ...uthentication See the OSPFv3 Feature Overview and Configuration Guide for more information and examples NOTE You can configure an encryption security policy SPI on an OSPFv3 area with this command or...

Page 1014: ...ESP encryption with a 32 hexadecimal character AES CBC key and a 40 hexadecimal character SHA 1 authentication key for OPSPF area 1 use the commands awplus configure terminal awplus config router ipv6...

Page 1015: ...tores default behavior Syntax area area id range ipv6address prefix length advertise not advertise no area area id range ipv6address prefix length Default The area range is not configured by default T...

Page 1016: ...ing System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS AREA RANGE IPV6 OSPF Ensure OSPFv3 IPv6 routes exist in the area range for advertisement before using this command Example awplus configure termin...

Page 1017: ...ll routers attached to the stub area configure the area by using the area stub command For an area border router ABR attached to the stub area also use the area default cost command Example awplus con...

Page 1018: ...al retransmit interval transmit delay Parameter Description area id The area ID of the transit area that the virtual link passes through This can be entered in either dotted decimal format or normal d...

Page 1019: ...detectingtopologicalchanges faster but also an increase in the routing traffic The retransmit interval is the expected round trip delay between any two routersin anetwork Setthevaluetobegreaterthanthe...

Page 1020: ...r Description area id The OSPF area that you are specifying the summary route default cost for This can be entered in either dotted decimal format or normal decimal format Use one of the following for...

Page 1021: ...PFv3 Feature Overview and Configuration Guide for more information and examples Example To enable MD5 authentication with a 32 hexadecimal character key for virtual links in OPSPF area 1 use the comma...

Page 1022: ...mat or normal decimal format Use one of the following formats ip addr OSPF area ID expressed in IPv4 address format A B C D 0 4294967295 OSPF area ID expressed as a decimal number within the range sho...

Page 1023: ...iguration If an interface configuration is removed then an area configuration is applied to an interface instead Use the sha1 keyword to choose SHA 1 authentication instead of entering the md5 keyword...

Page 1024: ...ter ipv6 ospf awplus config router area 1 virtual link 10 0 0 1 encryption ipsec spi 1000 esp aes cbc 1234567890ABCDEF1234567890ABCDEF sha1 1234567890ABCDEF1234567890ABCDEF12345678 To enable ESP encry...

Page 1025: ...a larger reference bandwidth value to differentiate the costs on those links Cost is calculated by dividing the reference bandwidth Mbps by the layer 3 interface Switched Virtual Interface SVI Loopba...

Page 1026: ...integer 1 Interface cost is 1 The auto cost reference bandwidth value should be consistent across all OSPF routers in the OSPF process Note that using the ipv6 ospf cost command on a layer 3 interfac...

Page 1027: ...ort speed within that VLAN Syntax bandwidth bandwidth setting no bandwidth Mode Interface Configuration for a VLAN interface Example To set the bandwidth on VLAN2 to be 1 Mbps use the following comman...

Page 1028: ...process Overview This command clears and restarts the IPv6 OSPF routing process Specify the Process ID to clear one particular OSPF process When no Process ID is specified this command clears all runn...

Page 1029: ...variants of this command disable OSPF debugging Using this command with no parameters entered will disable debugging for all parameter options Syntax debug ipv6 ospf events abr asbr os router vlink no...

Page 1030: ...s of this command disable IPv6 OSPF IFSM debugging Use these commands without parameters to disable all the options Syntax debug ipv6 ospf ifsm events status timers no debug ipv6 ospf ifsm events stat...

Page 1031: ...nts of this command disable IPv6 OSPF LSA debugging Use this command without parameters to disable all the options Syntax debug ipv6 ospf lsa flooding generate install maxage refresh no debug ipv6 osp...

Page 1032: ...iants of this command disable IPv6 OSPF NFSM debugging Use this command without parameters to disable all the options Syntax debug ipv6 ospf nfsm events status timers no debug ipv6 ospf nfsm events st...

Page 1033: ...ospf packet dd detail hello ls ack ls request ls update recv send Mode Privileged Exec and Global Configuration Examples To enable debugging for hello packets use the following command awplus debug i...

Page 1034: ...parameters to disable all options Syntax debug ipv6 ospf route ase ia install spf no debug ipv6 ospf route ase ia install spf Mode Privileged Exec and Global Configuration Examples To enable IPv6 rou...

Page 1035: ...d be either Type 1 or 2 The default is Type 2 The no variant of this command disables this feature Syntax default information originate always metric metric metric type 1 2 route map route map no defa...

Page 1036: ...e A default metric facilitates redistributing routes even with incompatible metrics If the metrics do not convert the default metric provides an alternative and enables theredistributionto continue Th...

Page 1037: ...ea 1 254 no distance ospfv3 1 254 Default The default OSPFv3 administrative distance is 110 The default Administrative Distance for each type of route intra inter or external is 110 Mode Router Config...

Page 1038: ...routes 10 for intra area routes 40 for external routes use the commands awplus config router ipv6 ospf 100 awplus config router distance ospfv3 inter area 20 intra area 10 external 40 To set the admi...

Page 1039: ...d to choose SHA 1 authentication instead of entering the md5 keyword to use MD5 authentication The SHA 1 algorithm is more secure than the MD5 algorithm SHA 1 uses a 40 hexadecimal character key inste...

Page 1040: ...area ThisisduetoOSPFv3hellomessagesingressingVLANinterfaces whicharepartofarea authentication not being authenticated So neighbors time out Example To enable MD5 authentication with a 32 hexadecimal...

Page 1041: ...rface Using this command overrides the cost value calculated automatically with the auto cost reference bandwidth IPv6 OSPF feature The link state metric cost is stated in the Router LSA s link Typica...

Page 1042: ...Command Reference for AR2050V 1042 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS IPV6 OSPF COST Related Commands show ipv6 ospf interface auto cost reference bandwidth I...

Page 1043: ...iant of this command returns the interval to the default of 40 seconds Syntax ipv6 ospf dead interval 1 65535 inst id no ipv6 ospf dead interval Mode Interface Configuration for a VLAN interface or In...

Page 1044: ...ne Overview Use this command to change the result of the show ipv6 route command to display each route entry on a single line Syntax ipv6 ospf display route single line no ipv6 ospf display route sing...

Page 1045: ...alue on all interfaces that connect to the same link SPI values are used by link interfaces Use a different SPI value for a different link interface when using OSPFv3 with link interfaces Parameter De...

Page 1046: ...re an encryption security policy SPI on a VLAN interface with this command or an OSPFv3 area with the area encryption ipsec spi esp command When you configure encryption for an area the security polic...

Page 1047: ...imal character key and SHA 1 authentication with a 40 hexadecimal character key for interface VLAN 2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 ospf...

Page 1048: ...seconds Syntax ipv6 ospf hello interval 1 65535 no ipv6 ospf hello interval Default The default interval is 10 seconds Mode Interface Configuration for a VLAN interface or Interface Configuration for...

Page 1049: ...neighbor s primary IPv6 address on the interface where that neighbor connects to the NBMA network The poll interval is the reduced rate at which routers continue to send hello packets when a neighbori...

Page 1050: ...IGHBOR Examples This example shows a neighbor configured with a priority value poll interval time and cost awplus configure terminal awplus config interface eth1 awplus config if ipv6 ospf neighbor fe...

Page 1051: ...for a PPP interface Usage This command forces the interface network type to the specified type Depending on the network type OSPF changes the behavior of the packet transmission and the link descripti...

Page 1052: ...the DR the router with the higher router priority becomes the DR If the router priority is the same for two routers the router with the higher router ID takes precedence Routers with zero router prio...

Page 1053: ...ighbor the router keeps the LSA until it receives an acknowledgment In case the router does not receive an acknowledgment during the set time the retransmit interval value it retransmits the LSA Set t...

Page 1054: ...lay value adds a specified time to the age field of an update If the delay is not added the time in which the LSA transmits over the link is not considered This command is especially useful for low sp...

Page 1055: ...al See the OSPFv3 Feature Overview and Configuration Guide for more information and examples Examples The following commands enable IPv6 OSPF on VLAN interface vlan2 OSPF area 1 tag PT2 and instance 2...

Page 1056: ...lus config interface vlan2 awplus config if no ipv6 router ospf area 1 The following commands enable IPv6 OSPF on PPP interface ppp0 OSPF area 1 tag PT2 and instance 2 awplus configure terminal awplus...

Page 1057: ...number of LSAs Syntax max concurrent dd max neighbors no max concurrent dd Mode Router Configuration Usage This command is useful where bringing up several adjacencies on a router is affecting perform...

Page 1058: ...ration Usage Configure an interface to be passive if you wish its connected route to be treated as an OSPF route rather than an AS external route but do not wish to actually exchange any OSPF packets...

Page 1059: ...which routes are redistributed and can set metric and tag values on particular routes The metric metric type and tag values specified on this command are applied to any redistributed routes that are n...

Page 1060: ...FV3 FOR IPV6 COMMANDS REDISTRIBUTE IPV6 OSPF Example The following example shows the redistribution of RIP routes into the IPv6 OSPF routing table with a metric of 10 and a metric type of 1 awplus con...

Page 1061: ...grace period is 120 seconds Mode Privileged Exec Usage After this command is executed the OSPFv3 process immediately shuts down It notifies the system that OSPF has performed a graceful shutdown Route...

Page 1062: ...d LSAs issued from each process will appear as if coming from a separate physical router To a large extent the requirement for multiple processes has been replaced by the ability within IPv6 OSPF of r...

Page 1063: ...r id router id no router id Mode Router Configuration Usage Configure each router with a unique router id In an IPv6 OSPF router process that has active neighbors a new router id takes effect at the n...

Page 1064: ...mmand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ipv6 ospf Mode User Exec and Privileged Exec Example awplus show debugging ipv6...

Page 1065: ...For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 ospf show ipv6 ospf process id Mode User...

Page 1066: ...ernal 0 Route Licence Breach Current 0 Watermark 0 Process uptime is 6 minutes Current grace period is 120 secs default SPF schedule delay min 0 500 secs SPF schedule delay max 50 0 secs Minimum LSA i...

Page 1067: ...er adv router id Mode User Exec and Privileged Exec Example To display the database summary for IPv6 OSPF information on process P10 use the command awplus show ipv6 ospf P10 database Output Figure 28...

Page 1068: ...1 2 979 0x800000d8 0xad2b 1 0 0 0 0 0 0 1 3 1005 0x800000cf 0xefed 1 Network LSA Area 0 0 0 0 Link State ID ADV Router Age Seq CkSum 0 0 0 202 0 0 1 2 1764 0x800000c2 0x94c3 0 0 0 203 0 0 1 3 1010 0x8...

Page 1069: ...formation about the external LSAs use the following command awplus show ipv6 ospf database external adv router 10 10 10 1 Output Figure 28 4 Example output from the show ipv6 ospf database external co...

Page 1070: ...ormation about the grace LSAs use the following command awplus show ipv6 ospf database grace adv router 10 10 10 1 Output Figure 28 5 Example output from the show ipv6 ospf database grace command Para...

Page 1071: ...y information about the inter prefix LSAs use the following command awplus show ipv6 ospf database external adv router 10 10 10 1 Output Figure 28 6 Example output from the show ipv6 ospf database int...

Page 1072: ...information about the inter router LSAs use the following command awplus show ipv6 ospf database inter router adv router 10 10 10 1 Output Figure 28 7 Example output from the show ipv6 ospf database i...

Page 1073: ...information about the intra prefix LSAs use the following command awplus show ipv6 ospf database intra prefix adv router 10 10 10 1 Output Figure 28 8 Example output from the show ipv6 ospf database i...

Page 1074: ...rmation about the link LSAs use the following command awplus show ipv6 ospf database link adv router 10 10 10 1 Output Figure 28 9 Example output from the show ipv6 ospf database link command Paramete...

Page 1075: ...xec and Privileged Exec Examples To display information about the OSPFv3 network LSAs use the following command awplus show ipv6 ospf database network Output Figure 28 10 Example output from the show...

Page 1076: ...tem Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS SHOW IPV6 OSPF DATABASE NETWORK LS age 1144 LS Type Network LSA Link State ID 0 0 0 203 Advertising Router 0 0 1 3 LS Seq Number 0x800000C4 Checksum 0x8A...

Page 1077: ...router id Mode User Exec and Privileged Exec Examples To display information about the OSPFv3 router LSAs use the following command awplus show ipv6 ospf database router Output Figure 28 11 Example ou...

Page 1078: ...Type Router LSA Link State ID 0 0 0 0 Advertising Router 0 0 1 2 LS Seq Number 0x800000D5 Checksum 0xB328 Length 40 Flags 0x00 Options 0x000013 R E V6 Link connected to a Transit Network Metric 1 Int...

Page 1079: ...0 1 1 LS Seq Number 0x80000009 Checksum 0xD696 Length 52 Metric Type 2 Larger than any link state path Metric 20 Prefix 2011 2222 64 Prefix Options 0 Forwarding Address 2003 1111 1 LS age 1384 LS Type...

Page 1080: ...0 1 1 LS Seq Number 0x8000000C Checksum 0xD295 Length 52 Metric Type 2 Larger than any link state path Metric 20 Prefix 2012 2222 64 Prefix Options 0 Forwarding Address 2003 1111 1 LS age 1087 LS Type...

Page 1081: ...3 FOR IPV6 COMMANDS SHOW IPV6 OSPF DATABASE ROUTER LS age 1087 LS Type AS External LSA Link State ID 0 0 0 18 Advertising Router 0 0 1 1 LS Seq Number 0x8000000C Checksum 0xD889 Length 52 Metric Type...

Page 1082: ...m the show ipv6 ospf interface command showing OSPFv3 Authentication configuration information highlighted in bold Parameter Description interface name An alphanumeric string that is the interface nam...

Page 1083: ...pf interface vlan3 vlan3 is up line protocol is up Interface ID 203 IPv6 Prefixes fe80 200 cdff fe24 daae 64 Link Local Address 2003 1111 2 64 OSPFv3 Process P1 Area 0 0 0 0 Instance ID 0 Router ID 0...

Page 1084: ...iguration Guide Syntax show ipv6 ospf process id neighbor neighbor id show ipv6 ospf process id neighbor detail show ipv6 ospf process id neighbor interface detail Mode User Exec and Privileged Exec E...

Page 1085: ...show ipv6 ospf neighbor detail awplus show ipv6 ospf neighbor detail Neighbor 0 0 1 2 interface address fe80 215 77ff fec9 7472 In the area 0 0 0 0 via interface vlan2 Neighbor priority is 1 State is...

Page 1086: ...the OSPF routing table for specified processes For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show...

Page 1087: ...E2 OSPF external type 2 Destination Metric Next hop O 2002 1111 64 2 via fe80 200 cdff fe24 daae vlan3 Area 0 0 0 0 C 2003 1111 64 1 directly connected vlan3 Area 0 0 0 0 O 2004 1111 64 3 via fe80 200...

Page 1088: ...erview and Configuration Guide for more information and examples Examples To display virtual link information use the command awplus show ipv6 ospf virtual links Output Figure 28 17 Example output fro...

Page 1089: ...requires the router to advertise each route individually in an external LSA Use this command to advertise one summary route for all redistributed routes covered by a specified prefix to decrease the s...

Page 1090: ...hat match the IPv6 prefix 2001 0db8 32 and assigns a tag value of 3 awplus configure terminal awplus config router ipv6 ospf awplus config router summary address 2001 0db8 32 tag 3 The following examp...

Page 1091: ...5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS TIMERS SPF IPV6 OSPF DEPRECATED timers spf IPv6 OSPF deprecated Overview This command has been deprecated because SPF timers have been replaced by exponential SPF ti...

Page 1092: ...and triggers a new SPF run before the last SPF holdtimer has finished The time between runs may increase up to the max holdtime value This increase in holdtime prevents too many SPF runs from occurrin...

Page 1093: ...ce for AR2050V 1093 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF EVENTS undebug ipv6 ospf events Overview This command applies the functionality of the...

Page 1094: ...rence for AR2050V 1094 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF IFSM undebug ipv6 ospf ifsm Overview This command applies the functionality of the...

Page 1095: ...ference for AR2050V 1095 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF LSA undebug ipv6 ospf lsa Overview This command applies the functionality of the...

Page 1096: ...rence for AR2050V 1096 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF NFSM undebug ipv6 ospf nfsm Overview This command applies the functionality of the...

Page 1097: ...ce for AR2050V 1097 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF PACKET undebug ipv6 ospf packet Overview This command applies the functionality of the...

Page 1098: ...ence for AR2050V 1098 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF ROUTE undebug ipv6 ospf route Overview This command applies the functionality of the...

Page 1099: ...e address on page 1107 auto summary BGP only on page 1110 bgp aggregate nexthop check on page 1111 bgp always compare med on page 1112 bgp bestpath as path ignore on page 1113 bgp bestpath compare con...

Page 1100: ...BGP only on page 1147 bgp router id on page 1148 bgp scan time BGP only on page 1149 bgp update delay on page 1150 clear bgp on page 1151 clear bgp IPv4 or IPv6 address on page 1152 clear bgp ASN on...

Page 1101: ...r advertisement interval on page 1196 neighbor allowas in on page 1199 neighbor as origination interval on page 1202 neighbor attribute unchanged on page 1204 neighbor capability graceful restart on p...

Page 1102: ...neighbor soft reconfiguration inbound on page 1282 neighbor timers on page 1285 neighbor transparent as on page 1288 neighbor transparent nexthop on page 1290 neighbor unsuppress map on page 1292 nei...

Page 1103: ...ge 1340 show ip bgp community BGP only on page 1341 show ip bgp community info BGP only on page 1343 show ip bgp community list BGP only on page 1344 show ip bgp dampening BGP only on page 1345 show i...

Page 1104: ...ow ip bgp scan BGP only on page 1369 show ip bgp summary BGP only on page 1370 show ip community list on page 1372 show ip extcommunity list on page 1373 show ip prefix list IPv4 Prefix List on page 1...

Page 1105: ...nicast Mode BGP Router Configuration Mode BGP4 Router Configuration Usage To leave the IPv4 or IPv6 Address Family Configuration mode and return to the Router Configuration mode use the exit address f...

Page 1106: ...nfigure terminal awplus config router bgp 100 awplus config router neighbor 2001 0db8 010d 1 remote as 100 awplus config router address family ipv6 awplus config router af neighbor 2001 0db8 010d 1 ac...

Page 1107: ...addr prefix length summary only as set no aggregate address ipv6 addr prefix length summary only as set Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 IPv6 Address Famil...

Page 1108: ...with the aggregate Usage BGP4 If the summary only parameter is specified then only the aggregate address mask will be advertised and none of the component addresses that fall within the range of the a...

Page 1109: ...terminal awplus config router bgp 100 awplus config router address family ipv6 awplus config router af aggregate address 2001 0db8 64 as set summary only awplus configure terminal awplus config router...

Page 1110: ...withdrawn from all connected peers If certain routes have already been advertised disabling auto summary results in summarized routes being withdrawn and only non summarized routes are advertised Non...

Page 1111: ...summary only option will only suppress the component routes if those component routes all have the same next hop If the routes have different next hops then they will continue to be advertised to pee...

Page 1112: ...ed 300 Route2 as path 200 med 200 Route3 as path 400 med 250 Route1 is compared to Route2 Route2 is best of the two lower MED Next Route2 is compared to Route3 and Route2 is chosen best path again low...

Page 1113: ...ng as path as a factor in the algorithm for choosing a route The no variant of this command allows the router to consider as path in choosing a route Syntax bgp bestpath as path ignore no bgp bestpath...

Page 1114: ...efault if BGP receives routes with identical eBGP paths from eBGP peers BGP does not continue to consider any AS confederation path length attributes that may be associated with the routes The no vari...

Page 1115: ...to include router ID in the selection process similar routes are compared and the route with the lowest router ID is selected The no variant of this command disables this feature and returns the devic...

Page 1116: ...MED value is not compared with Path3 since it is not in the confederation MED is compared for Path1 and Path2 only Path1 32000 32004 med 4 Path2 32001 32004 med 2 Path3 32003 1 med 1 The effect of th...

Page 1117: ...B Command Reference for AR2050V 1117 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS BGP BESTPATH MED Related Commands bgp always compare med bgp bestpath as path ignore bgp...

Page 1118: ...end MED attributes in the update messages to its peers unless specified not to by the bgp bestpath med remove send med command Use the no variant of this command to disable this feature Syntax bgp bes...

Page 1119: ...received from other peers during the decision and route selection process unless specified not to by the bgp bestpath med remove recv med command Use the no variant of this command to disable this fea...

Page 1120: ...he route reflector is not required use the no variant of this command to disable the client to client route reflection When a router is configured as a route reflector client to client reflection is e...

Page 1121: ...e cluster ID Syntax bgp cluster id ip address cluster id no bgp cluster id Mode Router Configuration Usage The following configuration creates cluster id 5 including two route reflector clients awplus...

Page 1122: ...DS BGP CLUSTER ID To remove a bgp cluster id apply the example commands as shown below awplus configure terminal awplus config router bgp 100 awplus config router no bgp cluster id 10 10 1 1 Related C...

Page 1123: ...s all BGP confederation identifiers Syntax bgp confederation identifier 1 4294967295 no bgp confederation identifier Mode Router Configuration Examples awplus configure terminal awplus config router b...

Page 1124: ...rs 1 4294967295 Mode Router Configuration Usage In the following configuration of Router 1 the neighbor 172 210 30 2 and 172 210 20 1 have iBGP connection within AS 100 The neighbor 173 213 30 1 has a...

Page 1125: ...AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS BGP CONFEDERATION PEERS Example awplus configure terminal awplus config router bgp 100 awplus config router bgp confederation p...

Page 1126: ...he change to take effect When your device reloads it will load with the standard BGP settings commonly used by most vendors Apply the standard type configuration if you have interoperability issues Ex...

Page 1127: ...E To specify the enhanced BGP configuration type enter the following commands awplus configure terminal awplus config bgp config type enhanced To restore the default BGP configuration type enhanced en...

Page 1128: ...pening route map routemap name Mode BGP Router Configuration Parameter Description reachtime 1 45 Specifies the reachability half life time in minutes The time for the penalty to decrease to one half...

Page 1129: ...ment of the route is suppressed This penalty is decayed according to the configured half time value Once the penalty is lower than the reuse limit the route advertisement is un suppressed The dampenin...

Page 1130: ...ixed During this time BGP can quickly cycle through the state machine from Idle through the various Connect states which can result in large numbers of TCP sessions being opened in a short period of t...

Page 1131: ...ion The BGP routing process will no longer exchange IPv4 addressing information with BGP neighbor routers Note that disabling the exchange of IPv4 prefixes will also enable an IPv6 only BGP4 network S...

Page 1132: ...the routes it sends The preference is sent to all routers and access servers in the local autonomous system The no variant of this command reverts to the default local preference value of 100 Syntax b...

Page 1133: ...ordered according to their MED values and the best routes of each group are compared The main benefit of this is that the choice of best route then does not depend on theorder inwhich therouteshappene...

Page 1134: ...S should have BGP deterministic MED disabled with no bgp deterministic med In the example above the MED values were not considered when comparing the winners of the two groups the best routes from the...

Page 1135: ...command to disable this feature Syntax bgp enforce first as no bgp enforce first as Mode Router Configuration Usage This command specifies that any updates received from an external neighbor that do n...

Page 1136: ...rview Use this command to reset a BGP session immediately if the interface used for BGP connection goes down Use the no variant of this command to disable this feature Syntax bgp fast external failove...

Page 1137: ...This restart time value is applied to neighbors unless you explicitly override it by configuring the corresponding value on the neighbor The stalepath time parameter is used to set the maximum time to...

Page 1138: ...seconds use the commands awplus configure terminal awplus config router bgp 10 awplus config router bgp graceful restart restart time 150 To return the restart time to its default of 120 seconds use...

Page 1139: ...The bgp graceful restart command must be enabled before this command is enabled All events that cause BGP peer reset including all session reset commands can trigger graceful restart Example To enable...

Page 1140: ...wever these commands create a significant hit in the logging performance If you need to log neighbor status changes only we recommend turning off all the debug commands and then use this command To se...

Page 1141: ...GP4 COMMANDS BGP LOG NEIGHBOR CHANGES Remote AS changed RR client configuration modification Soft reconfiguration modification Example To enable the logging of BGP status changes without using the deb...

Page 1142: ...processes are allocated the maximum percentage of 100 of the device s available RAM memory by default Note only non default BGP memory allocation values are shown in the running or startup configurati...

Page 1143: ...ount Mode Router Configuration Example Toenablenext hop trackingstatusontheBGPpeerbelongingtotheAutonomous System AS 100 enter the following commands awplus configure terminal awplus config router bgp...

Page 1144: ...seconds Mode Global Configuration Usage This command configures the delay interval between routing table waits for next hop delay tracking The delay interval determines how long BGP waits after it re...

Page 1145: ...ixes directly to the BGP process This improves the overall BGP convergence time by allowing BGP to respond rapidly to next hop changes for routes installed in the RIB If next hop tracking is enabled a...

Page 1146: ...th select BGP only Overview Use this command to set the RFC1771 compatible path selection mechanism Use the no variant of this command to revert this setting Syntax bgp rfc1771 path select no bgp rfc1...

Page 1147: ...P RFC1771 STRICT BGP ONLY bgp rfc1771 strict BGP only Overview Use this command to set the Strict RFC1771 setting Use the no variant of this command to revert this setting Syntax bgp rfc1771 strict no...

Page 1148: ...nt interface will not use that eth interface s IP address as a router ID Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Usage Use the bgp router id c...

Page 1149: ...tax bgp scan time time no bgp scan time time Default The default scanning interval is 60 seconds Mode Router Configuration Usage Use this command to configure scanning intervals of BGP routers This in...

Page 1150: ...e is 120 seconds Mode Router Configuration Usage The update delay value is the maximum time a graceful restart capable router which is restarting will defer route selection and advertisements to all i...

Page 1151: ...those neighbors with which the ORF capability has been negotiated The neighbors will be triggered to resend updates which match the prefix list filter to the local router The local router will then p...

Page 1152: ...e IPv6 address of the neighbor whose connection is to be reset entered in hexadecimal in the format X X X X in Indicates that incoming advertised routes will be cleared prefix filter Specifies that a...

Page 1153: ...awplus clear bgp 2 2 2 2 out Example VRF lite To apply the above example to clear the BGP connection to peer at IP address 192 0 2 11 for the VRF instance blue use the following commands awplus clear...

Page 1154: ...ilter Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has been negotiated The neighbors will be triggered to resend updates which match...

Page 1155: ...RF mechanism to those neighbors with which the ORF capability has been negotiated The neighbors will be triggered to resend updates which match the prefix list filter to the local router The local rou...

Page 1156: ...a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has been negotiated The neighbors will be triggered to resend updates which match the prefix list filte...

Page 1157: ...routes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has been negotiated The neighbors will be triggered...

Page 1158: ...P BGP ONLY Examples To clear all BGP peers use the command awplus clear ip bgp Example VRF lite To clear all BGP peers in VRF instance red use the command awplus clear ip bgp vrf red To clear all outb...

Page 1159: ...r Description ipv4 addr Specifies the IPv4 address of the neighbor whose connection is to be reset entered in the form A B C D in Indicates that incoming advertised routes will be cleared prefix filte...

Page 1160: ...tax clear ip bgp dampening ip address ip address m Mode Privileged Exec Examples awplus clear ip bgp dampening 10 10 0 121 Parameter Description ip address Specifies the IPv4 address for which BGP dam...

Page 1161: ...prefixes Syntax clear ip bgp flap statistics ip address ip address m Mode Privileged Exec Examples awplus clear ip bgp flap statistics 10 10 0 121 Parameter Description ip address Specifies the IPv4 a...

Page 1162: ...in Indicates that incoming advertised routes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has been nego...

Page 1163: ...ng advertised routes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has been negotiated The neighbors wil...

Page 1164: ...peers Configure parameters relating to the BGP exchange of IPv4 prefixes in Indicates that incoming advertised routes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF...

Page 1165: ...ters relating to the BGP4 exchange of IPv6 prefixes in Indicates that incoming advertised routes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF mechanism to those n...

Page 1166: ...pv6 dampening ipv6 addr ipv6 addr prefix length Mode Privileged Exec Examples awplus clear bgp ipv6 dampening 2001 0db8 010d 1 awplus clear bgp ipv6 dampening 2001 0db8 64 Parameter Description ipv6 a...

Page 1167: ...ddr prefix length Mode Privileged Exec Examples awplus clear bgp ipv6 flap statistics 2001 0db8 010d 1 awplus clear bgp ipv6 flap statistics 2001 0db8 64 Parameter Description ipv6 addr Specifies the...

Page 1168: ...ch all routes will be cleared in Indicates that incoming advertised routes will be cleared prefix filte r Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which t...

Page 1169: ...l peers in Indicates that incoming advertised routes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has b...

Page 1170: ...to the BGP4 exchange of IPv6 prefixes in Indicates that incoming advertised routes will be cleared prefix filte r Specifies that a prefix list will be sent by the ORF mechanism to those neighbors wit...

Page 1171: ...e If the command is entered with no parameters then all debug options are enabled Examples awplus debug bgp awplus debug bgp events awplus debug bgp nht awplus debug bgp updates in Related Commands sh...

Page 1172: ...ce bgp ebgp ibgp local no distance 1 255 ip address m no distance bgp ebgp ibgp local Mode BGP Router Configuration Mode BGP4 IPv6 Address Family Configuration Usage You can use this command to set th...

Page 1173: ...awplus config router distance 1 255 ip address m listname If the administrative distance is changed it could create inconsistency in the routing table and obstruct routing Example BGP4 For BGP4 IPv6...

Page 1174: ...us config router address family ipv4 awplus config router af exit address family awplus config router Example VRF lite To enter and then exit IPv4 Address Family Configuration mode for VRF instance re...

Page 1175: ...list defines the communities attributes with regular expressions The standard community list is compiled into binary format and is directly compared with the BGP communities attribute in the BGP updat...

Page 1176: ...Command Reference for AR2050V 1176 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS IP COMMUNITY LIST Related Commands ip community list standard ip community list expanded sho...

Page 1177: ...y list number expanded Specifies an expanded community list expanded listname Expanded community list entry deny Specifies community to reject permit Specifies community to accept line Specifies commu...

Page 1178: ...the community attributes explicitly and not via a regular expression An expanded community list defines the communities attributes with regular expressions The standard community list is compiled int...

Page 1179: ...munity list defines the community attributes as explicit values without regular expressions The expanded community list defines the communities attributes with regular expressions The standard communi...

Page 1180: ...RD that does not match the standard community value is automatically treated as expanded Examples awplus configure terminal awplus config ip community list standard CLIST permit 7675 80 7675 90 no exp...

Page 1181: ...munity list expanded expanded listname Regular expressions listed below are used with the ip extcommunity list expanded command Parameter Description 100 199 Expanded extcommunity list number expanded...

Page 1182: ...ated Commands ip extcommunity list standard show ip extcommunity list Period Used to match a single character white spaces included Asterisk Used to match none or more sequences of a pattern Plus sign...

Page 1183: ...l Configuration Parameter Description 1 99 Standard extcommunity list number standard Specifies a standard extended community list standard listname Standard extended community list entry deny Specifi...

Page 1184: ...onfigure terminal awplus config ip extcommunity list 36 permit rt 5675 50 awplus config ip extcommunity list standard CLIST permit soo 7645 70 awplus configure terminal awplus config ip extcommunity l...

Page 1185: ...ed in a sequence of 5 The parameters ge and le specify the range of the prefix lengths to be matched When setting these parameters set the levalueto be less than 32 and the gevalue to be less than or...

Page 1186: ...t command denies the IP network 76 2 2 0 awplus config router bgp 100 awplus config router network 172 1 1 0 awplus config router network 172 1 2 0 awplus config router neighbor 10 6 5 3 remote as 300...

Page 1187: ...5 The parameters ge and le specify the range of the prefix lengths to be matched The parameters ge and le are only used if an ip prefix is stated When setting these parameters set the le value to be...

Page 1188: ...xample To check the first 32 bits of the prefix 2001 db8 and the subnet mask must be greater than or equal to 34 and less than or equal to 40 enter the following commands awplus configure terminal awp...

Page 1189: ...ify an action of deny or permit The action in the AS path access list determines whether the route map checks update messages for a given AS path value The route map action and its set clauses determi...

Page 1190: ...n action of deny or permit Theactioninthecommunitylistdetermines whethertheroutemapchecks update messages for a given community value The route map action and its set clauses determine what the route...

Page 1191: ...ry 3 to the route map called myroute which will process update messages if they contain the community values that are included in mylist use the commands awplus configure terminal awplus config route...

Page 1192: ...he forwarding path Use the no variant of this command to disable this feature Syntax max paths ebgp ibgp 2 64 no max paths ebgp 2 64 no max paths ibgp 2 64 Mode Global Configuration Usage This command...

Page 1193: ...up This command only enables the exchange of information You can establish peering without this command but no prefixes and other information is sent until you apply this command to the neighbor This...

Page 1194: ...bgp 10 awplus config router address family ipv4 awplus config router af neighbor 10 10 10 1 activate To disable an exchange of routes in Address Family Configuration mode with a neighboring router wit...

Page 1195: ...ter address family ipv6 awplus config router af no neighbor 2001 0db8 010d 1 activate To enable an exchange of routes with a neighboring router with the peer group named group1 enter the commands as s...

Page 1196: ...pping of routes to the internet set a minimum advertisement interval so iBGP or eBGP routing updates are sent per interval seconds BGP dampening can also be used to control the effects of flapping rou...

Page 1197: ...fixes not in the same AS and updates not in a local AS Examples BGP awplus configure terminal awplus config router bgp 10 awplus config router neighbor 10 10 0 3 advertisement interval 45 awplus confi...

Page 1198: ...rminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 awplus config router address family ipv6 awplus config ro...

Page 1199: ...and to configure PE Provider Edge routers to allow re advertisement of all prefixes containing duplicate Autonomous System Numbers ASNs In a hub and spoke configuration a PE router re advertises all p...

Page 1200: ...awplus config router bgp 10 awplus config router no neighbor 10 10 0 1 allowas in awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4 awplus config router af...

Page 1201: ...pv6 awplus config router af no neighbor 2001 0db8 010d 1 allowas in awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor...

Page 1202: ...eers which include a prefix that originates from the local AS is 15 seconds by default Mode Router Configuration Usage This command is used to change the minimum interval between sending AS originatio...

Page 1203: ...r advertisement interval command for iBGP peers with prefixes in the same AS for updates only within a local AS Examples BGP awplus configure terminal awplus config router bgp 100 awplus config router...

Page 1204: ...l as path parameter has the same effect as invoking the neighbor transparent as command Note this specifying this command with the optional next hop parameter has the same effect as invoking the neigh...

Page 1205: ...fig router address family ipv4 awplus config router af neighbor 10 10 0 75 attribute unchanged as path med awplus configure terminal awplus config router bgp 10 awplus config router address family ipv...

Page 1206: ...1 0db8 010d 1 attribute unchanged as path med awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1 remot...

Page 1207: ...capability graceful restart command to advertise to the BGP or BGP4 neighbor routers the capability of graceful restart First specify the BGP or BGP4 neighbor s remote as identification number as assi...

Page 1208: ...lus config router address family ipv4 awplus config router af neighbor 10 10 10 50 capability graceful restart awplus configure terminal awplus config router bgp 10 awplus config router address family...

Page 1209: ...ghbor 2001 0db8 010d 1 capability graceful restart awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1...

Page 1210: ...ged between neighbors By filtering updates this option minimizes generating and processing of updates The local router advertises the ORF capability in send mode and the remote router receives the ORF...

Page 1211: ...bgp 10 awplus config router no neighbor 10 10 0 5 capability orf prefix list both awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4 awplus config router ne...

Page 1212: ...ghbor 2001 0db8 010d 1 capability orf prefix list both awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010...

Page 1213: ...d to advertise to peer about route refresh capability support If route refresh capability is supported then router can dynamically request that the peer readvertises its Adj RIB Out Parameter Descript...

Page 1214: ...ute refresh awplus configure terminal awplus config router bgp 10 awplus config router no neighbor group1 capability route refresh Examples BGP4 awplus configure terminal awplus config router bgp 10 a...

Page 1215: ...v B Command Reference for AR2050V 1215 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR CAPABILITY ROUTE REFRESH Related Commands neighbor peer group add a neighbor ne...

Page 1216: ...sage This command must be used only when specially required It is not required in most network deployments The associated functionality of including an established neighbor into TCP connection collisi...

Page 1217: ...minal awplus config router bgp 10 awplus config router no neighbor group1 collide established Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus config router neighbor 2001 0db...

Page 1218: ...tion Parameter Description neighborid ip address ipv6 addr peer group ip address Specify the address of an IPv4 BGP neighbor in dotted decimal notation A B C D ipv6 addr Specify the address of an IPv6...

Page 1219: ...onfig address family ipv4 awplus config router af neighbor 10 10 10 1 default originate route map myroute awplus configure terminal awplus config router bgp 10 awplus config address family ipv4 awplus...

Page 1220: ...er af no neighbor 2001 0db8 010d 1 default originate route map myroute awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighb...

Page 1221: ...ption no neighbor neighborid description description Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Parameter Description neighborid ip address ipv6...

Page 1222: ...lus configure terminal awplus config router bgp 10 awplus config router neighbor group1 description Backup router for sales Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus c...

Page 1223: ...01 Rev B Command Reference for AR2050V 1223 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR DESCRIPTION Related Commands neighbor peer group add a neighbor neighbor...

Page 1224: ...econds from the peer during exchange of open messages or the user during configuration The no variant of this command allows the BGP speaker to accept 0 holdtime from the peer or during configuration...

Page 1225: ...ress of 2001 0db8 010d 1 enter the commands awplus configure terminal awplus config router bgp 10 awplus config router neighbor disallow infinite holdtime2001 0db8 010d 1 To disable the disallow infin...

Page 1226: ...o enable capability negotiation Syntax neighbor neighborid dont capability negotiate no neighbor neighborid dont capability negotiate Mode Router Configuration Parameter Description neighborid ip addr...

Page 1227: ...ity negotiate awplus configure terminal awplus config router bgp 10 awplus config router no neighbor group1 dont capability negotiate Examples BGP4 awplus configure terminal awplus config router bgp 1...

Page 1228: ...B Command Reference for AR2050V 1228 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR DONT CAPABILITY NEGOTIATE Related Commands neighbor peer group add a neighbor ne...

Page 1229: ...p multihop count no neighbor neighborid ebgp multihop count Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Parameter Description neighborid ip addres...

Page 1230: ...ebgp multihop 5 awplus configure terminal awplus config router bgp 10 awplus config router no neighbor group1 ebgp multihop 5 Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus...

Page 1231: ...mmand Reference for AR2050V 1231 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR EBGP MULTIHOP Related Commands neighbor ebgp multihop neighbor peer group add a neigh...

Page 1232: ...multihop Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Parameter Description neighborid ip address ipv6 addr peer group ip address The address of an...

Page 1233: ...force multihop awplus configure terminal awplus config router bgp 10 awplus config router no neighbor group1 enforce multihop Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus...

Page 1234: ...1 Rev B Command Reference for AR2050V 1234 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR ENFORCE MULTIHOP Related Commands neighbor peer group add a neighbor neighb...

Page 1235: ...iguration Usage This command specifies a filter for updates based on a BGP AS Autonomous System path list Parameter Description neighborid Specify the identification method for the BGP or BGP4 peer Us...

Page 1236: ...s config router address family ipv4 awplus config router af neighbor 10 10 0 34 filter list list1 out awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4 awp...

Page 1237: ...config router af no neighbor 2001 0db8 010d 1 filter list list1 out awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor...

Page 1238: ...mples BGP4 awplus configure terminal awplus config router bgp 10 awplus config router neighbor 10 10 0 72 interface vlan2 awplus configure terminal awplus config router bgp 10 awplus config router no...

Page 1239: ...e configured to act as eBGP connections instead of only iBGP Usage BGP4 When BGP4 is configured this command prepends the ASN as defined by the router bgp command and adds the ASN as defined by the ne...

Page 1240: ...rminal awplus config router bgp 10 awplus config router no neighbor group1 local as 1 Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus config router neighbor 2001 0db8 010d 1...

Page 1241: ...cified number of prefixes that a BGP or a BGP4 router is allowed to receive from a neighbor When the warning only option is not used if any extra prefixes are received the router ends the peering A te...

Page 1242: ...awplus config router bgp 10 awplus config router no neighbor 10 10 0 72 maximum prefix 1244 warning only awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer...

Page 1243: ...s family ipv6 awplus config router af no neighbor 2001 0db8 010d 1 maximum prefix 1244 warning only awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer grou...

Page 1244: ...P or BGP4 router to change the next hop information that is sent to the iBGP peer The next hop information is set to the IP address of the interface used to communicate with the neighbor This command...

Page 1245: ...bgp 10 awplus config router address family ipv4 awplus config router neighbor 10 10 0 72 next hop self awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4 aw...

Page 1246: ...6 awplus config router af no neighbor 2001 0db8 010d 1 next hop self awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor...

Page 1247: ...re terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 10 10 10 72 remote as 10 awplus config router neighbor 10 10 10 72 peer group grou...

Page 1248: ...2001 0db8 010d 1 override capability awplus configure terminal awplus config router bgp 12 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 a...

Page 1249: ...isable this function Syntax neighbor neighborid passive no neighbor neighborid passive Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Parameter Descr...

Page 1250: ...ure terminal awplus config router bgp 10 awplus config router no neighbor group1 passive Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus config router neighbor 2001 0db8 010...

Page 1251: ...BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Usage When using the peer group name parameter with this command to apply this command to all peers in the...

Page 1252: ...eighbor group1 password manager This example removes the password set for the neighbor peer group named group1 awplus configure terminal awplus config router bgp 10 awplus config router no neighbor gr...

Page 1253: ...outer bgp 10 awplus config router neighbor password manager 2001 0db8 010d 1 This example removes the password set for the neighbor 2001 0db8 010d 1 awplus configure terminal awplus config router bgp...

Page 1254: ...613 50186 01 Rev B Command Reference for AR2050V 1254 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR PASSWORD Command changes Version 5 4 6 2 1 VRF lite support adde...

Page 1255: ...ilitates the updates of various policies such as distribute and filter lists The peer group is then configured easily with many of the neighbor commands Any changes made to the peer group affect all m...

Page 1256: ...roup group1 and the addition of a neighbor 2001 0db8 010d 1 to the group awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router addr...

Page 1257: ...e same update policies are grouped into peer groups This facilitates the updates of various policies such as distribute and filter lists The peer group is then configured easily with many of the neigh...

Page 1258: ...rt portnum Default TCP port 179 is the default port used to connect BGP and BGP4 peers Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Parameter Descr...

Page 1259: ...re terminal awplus config router bgp 12 awplus config router no neighbor group1 port 643 Examples BGP4 awplus configure terminal awplus config router bgp 12 awplus config router neighbor port 6432001...

Page 1260: ...at the top of the prefix list with the sequence number 1 Once a match or deny occurs the router does not need to go through the rest of the prefix list For efficiency the most common matches or denie...

Page 1261: ...s config router bgp 10 awplus config router address family ipv4 awplus config router af neighbor 10 10 10 1 prefix list list1 in awplus configure terminal awplus config router bgp 10 awplus config rou...

Page 1262: ...af no neighbor 2001 0db8 prefix list list1 in awplus configure terminal awplus config ip prefix list list1 deny 2001 0db8 010d 1 128 awplus config router bgp 10 awplus config router neighbor group1 pe...

Page 1263: ...roup support of this command is configured only after creating a specific peer group Use the no variant of this command to remove a previously configured BGP peering relationship Parameter Description...

Page 1264: ...us config router bgp 10 awplus config router no neighbor 10 10 0 73 remote as 10 To configure a BGP peering relationship from the neighbor with the peer group named group1 with another router awplus c...

Page 1265: ...up1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 awplus config router address family ipv6 awplus config router af neighbor 2001 0db8 010d 1 peer group group1 awplus config ro...

Page 1266: ...n Router Configuration mode This command is not supported for BGP4 in IPv6 Address Family Configuration mode This command removes a private AS number and makes an update packet with a public AS number...

Page 1267: ...OMMANDS NEIGHBOR REMOVE PRIVATE AS BGP ONLY Examples awplus configure terminal awplus config router bgp 10 awplus config router neighbor 10 10 0 63 remove private AS awplus configure terminal awplus c...

Page 1268: ...me value specified using the bgp graceful restart command The restart time value is the maximum time that a graceful restart neighbor waits to come back up after a restart The default is 120 seconds M...

Page 1269: ...us config router bgp 10 awplus config router no neighbor group1 restart time 45 Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus config router neighbor 2001 0db8 010d 1 resta...

Page 1270: ...e map is applied to inbound or outbound updates Only the routes that pass the route map are sent or accepted in updates Parameter Description neighborid ip address ipv6 addr peer group ip address Spec...

Page 1271: ...mode awplus configure terminal awplus config router bgp 10 awplus config router no neighbor 10 10 10 1 route map rmap2 in The following example shows the configuration of the route map name rmap2 and...

Page 1272: ...he peer group named group1 in the Router Configuration mode awplus configure terminal awplus config router bgp 10 awplus config router no neighbor group1 route map rmap2 in Examples BGP4 The following...

Page 1273: ...g route map exit awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 awplus config router address family ipv6 awplus...

Page 1274: ...client command to configure the local router as the route reflector and specify neighbors as its client An AS can have more than one route reflector One route reflector treats the other route reflect...

Page 1275: ...P AND BGP4 COMMANDS NEIGHBOR ROUTE REFLECTOR CLIENT BGP ONLY Examples awplus configure terminal awplus config router bgp 10 awplus config router neighbor 10 10 0 72 route reflector client awplus confi...

Page 1276: ...awplus configure terminal awplus config router bgp 10 awplus config router neighbor 10 10 0 72 route server client awplus configure terminal awplus config router bgp 10 awplus config router no neighb...

Page 1277: ...community attributes the router reannounces them to the neighbor Only when the no Parameter Description neighborid ip address ipv6 addr peer group ip address Specify the address of an IPv4 BGP neighb...

Page 1278: ...10 awplus config router no neighbor 10 10 0 72 send community extended awplus configure terminal awplus config bgp config type standard awplus config router bgp 10 awplus config router address family...

Page 1279: ...send community extended awplus configure terminal awplus config bgp config type standard awplus config router bgp 10 awplus config router address family ipv6 awplus config router af no neighbor 2001...

Page 1280: ...us config router neighbor 10 10 0 72 shutdown awplus configure terminal awplus config router bgp 10 awplus config router no neighbor 10 10 0 72 shutdown awplus configure terminal awplus config router...

Page 1281: ...router neighbor 2001 0db8 010d 1 shutdown awplus configure terminal awplus config router bgp 10 awplus config router no neighbor 2001 0db8 010d 1 shutdown awplus configure terminal awplus config route...

Page 1282: ...ter Configuration or IPv4 Address Family Configuration Mode BGP4 IPv6 Address Family Configuration Usage Use this command to store updates for inbound soft reconfiguration Soft reconfiguration may be...

Page 1283: ...plus config router address family ipv4 awplus config router af neighbor 10 10 10 10 soft reconfiguration inbound awplus configure terminal awplus config router bgp 12 awplus config router address fami...

Page 1284: ...s config router af no neighbor 2001 0db8 010d 1 soft reconfiguration inbound awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router...

Page 1285: ...d of time between each keepalive message sent by the router The holdtime interval is the time the router waits to receive a keepalive message and if it does not receive Parameter Description neighbori...

Page 1286: ...bor 10 10 10 1 peer group group1 awplus config router neighbor group1 timers 60 120 awplus configure terminal awplus config router bgp 10 awplus config router no neighbor group1 timers Examples BGP4 a...

Page 1287: ...iedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR TIMERS Related Commands neighbor peer group add a neighbor neighbor route map show ip bgp neighbors hold time BGP only sh...

Page 1288: ...awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 10 10 10 1 remote as 10 awplus config router neighbor 10 10 10 1 pee...

Page 1289: ...awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 awplus config router address family i...

Page 1290: ...xthop awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 10 10 10 1 remote as 10 awplus config router neighbor 10 10 10...

Page 1291: ...xthop awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 awplus config router address fam...

Page 1292: ...address command is used with the summary only option the more specific routes of the aggregate are suppressed to all neighbors Use this command instead to selectively leak more specific routes to a p...

Page 1293: ...re terminal awplus config router bgp 10 awplus config router no neighbor 10 10 0 73 unsuppress map mymap awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4...

Page 1294: ...s config router af no neighbor 2001 0db8 010d 1 unsuppress map mymap awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor...

Page 1295: ...fault Use of this command sets a default value of 2 for the maximum hop count Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Usage Use this command i...

Page 1296: ...local address enter the commands listed below awplus config router bgp 100 awplus config router no neighbor 10 10 0 72 update source To source BGP connections for neighbor group1 with the IP address...

Page 1297: ...r bgp 100 awplus config router no neighbor 2001 0db8 010d 1 update source To source BGP connections for neighbor group1 with the IPv6 address of the local loopback address instead of the best local ad...

Page 1298: ...t the system uses BGP version 4 and on request dynamically negotiates down to version 2 Using this command disables the router s version negotiation capability and forces the router to use only a spec...

Page 1299: ...fig router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 10 10 10 1 remote as 10 awplus config router neighbor 10 10 10 1 peer group group1 awplus config router...

Page 1300: ...e when there are other routes on the network Unlike the local preference attribute the weight attribute is relevant only to the local router The weights assigned using the set weight command overrides...

Page 1301: ...bgp 10 awplus config router address family ipv4 awplus config router af neighbor 10 10 10 1 weight 60 awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4 awp...

Page 1302: ...ipv6 awplus config router af no neighbor 2001 0db8 010d 1 weight awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 20...

Page 1303: ...x length ip network addr mask network mask route map route map name backdoor Syntax BGP4 network ipv6 prefix length ipv6 network addr route map route map name no network ipv6 prefix length ipv6 networ...

Page 1304: ...0 0 0 Example BGP The following example illustrates a network address which does not fall into its natural class boundary and hence is perceived as a host route that is 192 0 2 224 27 awplus config ro...

Page 1305: ...Ware Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NETWORK BGP AND BGP4 Output BGP4 Figure 29 3 Example output from the show running config command after entering network 2001 db8 32 a...

Page 1306: ...BGP4 IPv6 Address Family ipv6 unicast Configuration Examples BGP The following example enables IGP synchronization of BGP static network routes in the Router Configuration mode awplus configure termi...

Page 1307: ...to make sure that only routes to be advertised reach the internet not everything This command allows redistribution by injecting prefixes from one routing protocol into another routing protocol Examp...

Page 1308: ...hich is then applied using the redistribute route map command awplus configure terminal awplus config route map rmap2 permit 3 awplus config route map match interface vlan1 awplus config route map set...

Page 1309: ...t capability bgp graceful restart graceful reset command The neighbor devices also need to have BGP graceful restart capabilities enabled bgp graceful restart command This command stops the whole BGP...

Page 1310: ...ng the 32 bit AS number Syntax router bgp asn no router bgp asn Mode Global Configuration Usage The router bgp command enables a BGP routing process Examples awplus configure terminal awplus config ro...

Page 1311: ...map mapname deny permit seq no route map mapname no route map mapname deny permit seq Mode Global Configuration Usage Route maps allow you to control and modify routing information by filtering route...

Page 1312: ...and set clause to it use the commands awplus configure terminal awplus config route map route1 permit 1 awplus config route map match as path 60 awplus config route map set weight 70 To enter route m...

Page 1313: ...C613 50186 01 Rev B Command Reference for AR2050V 1313 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS ROUTE MAP For RIP redistribute RIP...

Page 1314: ...e the set clause Syntax set as path prepend 1 65535 1 65535 no set as path prepend 1 65535 1 65535 Mode Route map mode Usage Use the set as path command to specify an autonomous system path By specify...

Page 1315: ...et local AS no advertise no export additive set community none no set community none Parameter Description 1 65535 The AS number of the community as an integer not in AA NN format AA NN The Autonomous...

Page 1316: ...rminal awplus config route map rmap1 permit 3 awplus config route map set community 10 01 23 34 12 14 no export To use entry 3 of the route map called rmap1 to put matching routes into a single AS com...

Page 1317: ...r a specified IPv6 address For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show bgp ipv6 ipv6 addr M...

Page 1318: ...4497 64499 exact match awplus show bgp ipv6 community 64497 64499 64500 64501 exact match awplus show bgp ipv6 community 64497 64499 64500 64501 64510 64511no advertise awplus show bgp ipv6 community...

Page 1319: ...50186 01 Rev B Command Reference for AR2050V 1319 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS SHOW BGP IPV6 COMMUNITY BGP4 ONLY Related Commands show ip bgp community BGP...

Page 1320: ...ist BGP only command within an IPv4 environment For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show...

Page 1321: ...output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show bgp ipv6 dampening dampened paths flap statistics parameters Mode User Exec and Privileged Exe...

Page 1322: ...ow ip bgp filter list BGP only command to display routes conforming to the filter list within an IPv4 environment For information on filtering and saving command output see the Getting Started with Al...

Page 1323: ...S Paths within an IPv6 environment Use the show ip bgp inconsistent as BGP only command to display routes with inconsistent AS paths within an IPv4 environment For information on filtering and saving...

Page 1324: ...r mask than the one specified For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show bgp ipv6 ipv6 add...

Page 1325: ...neighbors ipv6 addr advertised routes received prefix filter received routes routes Mode User Exec and Privileged Exec Examples BGP4 awplus show bgp ipv6 neighbors 2001 0db8 010d 1 advertised routes a...

Page 1326: ...Route refresh request received 0 sent 0 Minimum time between advertisement runs is 30 seconds Update source is lo For address family IPv4 Unicast BGP table version 1 neighbor version 1 Index 2 Offset...

Page 1327: ...or capabilities for the BGP session Number of messages transmitted and received IPv6 unicast address family information BGP4 table version IPv6 Address Family dependent capabilities IPv6 Communities I...

Page 1328: ...path information within an IPv6 environment Use the show ip bgp paths BGP only command to display BGP path information within an IPv4 environment For information on filtering and saving command outpu...

Page 1329: ...e the show ip bgp prefix list BGP only command to display routes matching the prefix list within an IPv4 environment For information on filtering and saving command output see the Getting Started with...

Page 1330: ...dWare Plus Feature Overview and Configuration Guide Syntax show bgp ipv6 quote regexp expression Mode User Exec and Privileged Exec Example awplus show bgp ipv6 quote regexp myexpression Related Comma...

Page 1331: ...sion Mode User Exec and Privileged Exec Example awplus show bgp ipv6 regexp myexpression Related Commands show ip bgp regexp BGP only Symbol Character Meaning Caret Used to match the beginning of the...

Page 1332: ...command to display BGP routes that match the specified route map within an IPv4 environment For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature...

Page 1333: ...output from the show ip bgp summary command The Up Down column in this output is a timer that shows never if the peer session has never been established The up time if the peer session is currently up...

Page 1334: ...allocated to BGP processes For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show bgp memory maxalloca...

Page 1335: ...GP ONLY show bgp nexthop tracking BGP only Overview Use this command to display BGP next hop tracking status Syntax show bgp nexthop tracking Mode User Exec and Privileged Exec Example To display BGP...

Page 1336: ...TREE DETAILS BGP ONLY show bgp nexthop tree details BGP only Overview Use this command to display BGP next hop tree details Syntax show bgp nexthop tree details Mode User Exec and Privileged Exec Exam...

Page 1337: ...formation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging bgp Mode User Exec and Privileged Exec Exam...

Page 1338: ...8 Example output from the show ip bgp command Related Commands neighbor remove private AS BGP only Parameter Description ip addr ip addr m Specifies the IPv4 address and the optional prefix mask leng...

Page 1339: ...rnal attribute hash information For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp attribut...

Page 1340: ...ged Exec Example awplus show ip bgp cidr only awplus show ip bgp vrf red cidr only Output Figure 29 10 Example output from the show ip bgp cidr only command Command changes Version 5 4 6 2 1 VRF lite...

Page 1341: ...ype placeholder Syntax show ip bgp community type exact match Syntax VRF show ip bgp global vrf vrf name community type exact match Mode User Exec and Privileged Exec Parameter Description global When...

Page 1342: ...501 64510 64511no advertise awplus show ip bgp community no advertise no advertiseno advertise exact match awplus show ip bgp community no export 64510 64511 no advertise local AS no export awplus sho...

Page 1343: ...ONLY show ip bgp community info BGP only Overview Use this command to list all BGP community information For information on filtering and saving command output see the Getting Started with AlliedWare...

Page 1344: ...ity list listname exact match Syntax VRF show ip bgp global vrf vrf name community list listname exact match Mode User Exec and Privileged Exec Example awplus show ip bgp community list mylist exact m...

Page 1345: ...information in memory Examples awplus show ip bgp dampening dampened paths awplus show ip bgp vrf red dampening dampened paths awplus show ip bgp global dampening flap statistics Output Figure 29 11...

Page 1346: ...only Command changes Version 5 4 6 2 1 VRF lite support added awplus show ip bgp dampening flap statistics BGP table version is 1 local router ID is 30 30 30 77 Status codes s suppressed d damped h h...

Page 1347: ...Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp filter list listname Syntax VRF show ip bgp global vrf vrf name filter list listname Mode User Exec and...

Page 1348: ...ring and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp inconsistent as Syntax VRF show ip bgp global vrf vrf name incon...

Page 1349: ...onfiguration Guide Syntax show ip bgp ip address m longer prefixes Syntax VRF show ip bgp global vrf vrf name ip address m longer prefixes Mode User Exec and Privileged Exec Example awplus show ip bgp...

Page 1350: ...rf name neighbors ipv4 addr routes Mode BGP User Exec and Privileged Exec Examples BGP awplus show ip bgp neighbors 10 10 10 72 advertised routes awplus show ip bgp neighbors 10 10 10 72 received pref...

Page 1351: ...prefixes Connection information Connection counters Graceful restart timer Hop count to the peer Next hop information Local and external port numbers awplus show ip bgp neighbors 10 10 10 72 BGP neig...

Page 1352: ...ence for AR2050V 1352 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS SHOW IP BGP NEIGHBORS BGP ONLY Related Commands show bgp ipv6 neighbors BGP4 only Command changes Version...

Page 1353: ...retrytime value of the peer at the session establishment time with the neighbor For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview an...

Page 1354: ...n filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp neighbors ipv4 addr hold time Default The holdtime timer...

Page 1355: ...or from the peer throughout the session For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp...

Page 1356: ...rmation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp neighbors ipv4 addr keepalive interval Default T...

Page 1357: ...ication messages sent to the neighbor from the peer throughout the session For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Conf...

Page 1358: ...pen messages sent to the neighbor from the peer throughout the session For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configur...

Page 1359: ...messages received by the neighbor from the peer throughout the session For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configur...

Page 1360: ...f messages sent to the neighbor from the peer throughout the session For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configurat...

Page 1361: ...date messages sent to the neighbor from the peer throughout the session For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configu...

Page 1362: ...h information within an IPv4 environment Use the show bgp ipv6 paths BGP4 only command to display BGP4 path information within an IPv4 environment For information on filtering and saving command outpu...

Page 1363: ...he Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp prefix list list Syntax VRF show ip bgp global vrf vrf name prefix list list Mode User Exec and Priv...

Page 1364: ...lobal vrf vrf name quote regexp expression Mode User Exec and Privileged Exec Symbol Character Meaning Caret Used to match the beginning of the input string When used at the beginning of a string of c...

Page 1365: ...ersion 5 4 7 1 x BGP AND BGP4 COMMANDS SHOW IP BGP QUOTE REGEXP BGP ONLY Examples awplus show ip bgp quote regexp myexpression awplus show ip bgp global quote regexp 65550 65555 Related Commands show...

Page 1366: ...c and Privileged Exec Symbol Character Meaning Caret Used to match the beginning of the input string When used at the beginning of a string of characters it negates a pattern match Dollar sign Used to...

Page 1367: ...ing System Version 5 4 7 1 x BGP AND BGP4 COMMANDS SHOW IP BGP REGEXP BGP ONLY Examples awplus show ip bgp regexp myexpression awplus show ip bgp vrf red regexp 65550 65555 Related Commands show bgp i...

Page 1368: ...Guide Syntax show ip bgp route map route map Syntax VRF show ip bgp global vrf vrf name route map route map Mode User Exec and Privileged Exec Examples To show routes that match the route map myRoute...

Page 1369: ...rmation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp scan Mode User Exec and Privileged Exec Example...

Page 1370: ...put Figure 29 16 Example output from the show ip bgp summary command The Up Down column in this output is a timer that shows never if the peer session has never been established The up time if the pee...

Page 1371: ...1 x BGP AND BGP4 COMMANDS SHOW IP BGP SUMMARY BGP ONLY In the example above the session with 192 168 11 2 has been down for 4 seconds and the session with 192 168 4 2 has never been established Relat...

Page 1372: ...dWare Plus Feature Overview and Configuration Guide Syntax show ip community list listnumber listname Mode User Exec and Privileged Exec Examples awplus show ip community list mylist awplus show ip co...

Page 1373: ...information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip extcommunity list 1 199 extcommunity listname Mo...

Page 1374: ...d BGP routing protocols only Syntax show ip prefix list name detail summary Mode User Exec and Privileged Exec Example awplus show ip prefix list awplus show ip prefix list 10 10 0 98 8 awplus show ip...

Page 1375: ...eature Overview and Configuration Guide Syntax show ip protocols bgp Mode User Exec and Privileged Exec Example To display BGP process parameters and statistics use the command awplus show ip protocol...

Page 1376: ...GP4 routing protocols only Syntax show ipv6 prefix list name detail summary Mode User Exec and Privileged Exec Example awplus show ipv6 prefix list awplus show ipv6 prefix list 10 10 0 98 8 awplus sho...

Page 1377: ...c and Privileged Exec Example To display information about the route map named example map use the command awplus show route map example map Output Figure 29 18 Example output from the show route map...

Page 1378: ...ly or via an IGP Synchronizationmaybeenabled whenallthe routersinanautonomous systemdo not speak BGP and the autonomous system is a transit for other autonomous systems Use the no synchronization comm...

Page 1379: ...0 120 awplus configure terminal awplus config router bgp 10 awplus config router no timers bgp 30 90 awplus configure terminal awplus config router bgp 10 awplus config router no timers bgp Related Co...

Page 1380: ...nfiguration Example awplus undebug bgp events awplus undebug bgp nht awplus undebug bgp updates Related Commands debug bgp BGP only Parameter Description all Disable all debugging for BGP dampening Di...

Page 1381: ...ntry and to put you into route map mode match commands used to determine which routes the route map applies to set commands used to modify matching routes Command List match as path on page 1383 match...

Page 1382: ...1404 set dampening on page 1406 set extcommunity on page 1408 set ip next hop route map on page 1410 set ipv6 next hop on page 1411 set local preference on page 1412 set metric on page 1413 set metric...

Page 1383: ...fy an action of deny or permit The action in the AS path access list determines whether the route map checks update messages for a given AS path value The route map action and its set clauses determin...

Page 1384: ...action of deny or permit Theactioninthecommunitylistdetermines whethertheroutemapchecks update messages for a given community value The route map action and its set clauses determine what the route m...

Page 1385: ...3 to the route map called myroute which will process update messages if they contain the community values that are included in mylist use the commands awplus configure terminal awplus config route ma...

Page 1386: ...he route map entry Use the no variant of this command without a specified interface to remove all interfaces Syntax match interface interface no match interface interface Mode Route map Configuration...

Page 1387: ...e map can have at most one prefix list based IP address match clause If the route map entry already has one match clause entering this command replaces that match clause with the new clause Note that...

Page 1388: ...pective of permit or deny specifications This command is valid for OSPF routes routes in BGP update messages RIP routes Examples To add entry 3 to the route map called rmap1 which will process routes...

Page 1389: ...route map checks update messages and routes for a given next hop value The route map action and its set clauses determine what the route map does with update messages and routes that contain that next...

Page 1390: ...ies of prefix lists to be matched If there is a match for the specified prefix list entries and permit is specified the route is redistributed or controlled as specified by the set action If the match...

Page 1391: ...specifies the next hop address to be matched If there is a match for the specified next hop address and permit is specified the route is redistributed or controlled as specified by the set action If...

Page 1392: ...e route map entry already has a metric match clause entering this command replaces that match clause with the new clause Use the no variant of this command to remove the metric match clause from the r...

Page 1393: ...ndicated as an i in the routing table and it indicates the origin of the path information is interior to the originating AS The incomplete parameter is indicated as a in the routing table and indicate...

Page 1394: ...C613 50186 01 Rev B Command Reference for AR2050V 1394 AlliedWare Plus Operating System Version 5 4 7 1 x ROUTE MAP COMMANDS MATCH ORIGIN Related Commands route map set origin show route map...

Page 1395: ...type match clause from the route map entry Syntax match route type external type 1 type 2 no match route type external type 1 type 2 Mode Route map Configuration Usage Use the match route type externa...

Page 1396: ...use If the route map entry already has a tag match clause entering this command replaces that match clause with the new clause Use the no variant of this command to remove the tag match clause from th...

Page 1397: ...map mapname deny permit seq no route map mapname no route map mapname deny permit seq Mode Global Configuration Usage Route maps allow you to control and modify routing information by filtering routes...

Page 1398: ...nd set clause to it use the commands awplus configure terminal awplus config route map route1 permit 1 awplus config route map match as path 60 awplus config route map set weight 70 To enter route map...

Page 1399: ...C613 50186 01 Rev B Command Reference for AR2050V 1399 AlliedWare Plus Operating System Version 5 4 7 1 x ROUTE MAP COMMANDS ROUTE MAP For RIP redistribute RIP...

Page 1400: ...n administration sharing a common routing strategy It is subdivided by areas and is assigned a unique 16 bit number Use the set aggregator command to assign an AS number for the aggregator This comman...

Page 1401: ...the set clause Syntax set as path prepend 1 65535 1 65535 no set as path prepend 1 65535 1 65535 Mode Route map mode Usage Use the set as path command to specify an autonomous system path By specifyin...

Page 1402: ...tomic aggregate attribute to the update Use the no variant of this command to remove the set clause Syntax set atomic aggregate no set atomic aggregate Mode Route map Configuration Usage This command...

Page 1403: ...date s community attribute Use the no variant of this command to stop deleting the communities Syntax set comm list 1 199 100 199 word delete no set comm list 1 199 100 199 word delete Mode Route map...

Page 1404: ...t local AS no advertise no export additive set community none no set community none Parameter Description 1 65535 The AS number of the community as an integer not in AA NN format AA NN The Autonomous...

Page 1405: ...inal awplus config route map rmap1 permit 3 awplus config route map set community 10 01 23 34 12 14 no export To use entry 3 of the route map called rmap1 to put matching routes into a single AS commu...

Page 1406: ...pening no set dampening reachtime no set dampening reachtime reuse suppress maxsuppress unreachtime Parameter Description reachtime 1 45 The time it takes in minutes for the route s instability penalt...

Page 1407: ...awplus config route map R1 permit 24 awplus config route map set dampening 20 333 534 30 Related Commands bgp dampening route map show route map maxsuppress 1 255 A number that is multiplied by reacht...

Page 1408: ...e map called rmap1 to set the route target extended community attribute to 06 01 use the commands awplus configure terminal awplus config route map rmap1 permit 3 awplus config route map set extcommun...

Page 1409: ...SET EXTCOMMUNITY To instead specify the extended community number in dotted decimal notation use the command awplus configure terminal awplus config route map rmap1 permit 3 awplus config route map s...

Page 1410: ...clause Syntax set ip next hop ip address no set ip next hop ip address Mode Route map Configuration Usage Use this command to set the next hop IP address to the routes This command is valid for OSPF r...

Page 1411: ...addr Mode Route map Configuration Usage Use this command to set the next hop IPv6 address to the routes This command is valid only for BGP Examples awplus configure terminal awplus config route map rm...

Page 1412: ...ss servers in the local autonomous system The no variant of this command reverts to the default setting Syntax set local preference pref value no set local preference pref value Mode Route map Configu...

Page 1413: ...metric value for routes redistributed into OSPF and OSPFv3 is 20 Mode Route map Configuration Usage For BGP if you want the device to compare MED values in update messages from peers in different ASes...

Page 1414: ...outes a metric of 600 use the commands awplus configure terminal awplus config route map rmap1 permit 3 awplus config route map set metric 600 To use entry 3 of the route map called rmap1 to increase...

Page 1415: ...no set metric type type 1 type 2 Mode Route map Configuration Usage This command is valid for OSPF routes only Example To use entry 3 of the route map called rmap1 to redistribute matching routes into...

Page 1416: ...et origin egp igp incomplete no set origin egp igp incomplete Mode Route map Configuration Usage This command is valid for BGP update messages only Example To use entry 3 of the route map called rmap1...

Page 1417: ...ce sets its originator ID attribute to the specified value Use the no variant of this command to remove the set clause Syntax set originator id ip address no set originator id ip address Mode Route ma...

Page 1418: ...command to remove the set clause Syntax set tag tag value no set tag tag value Mode Route map Configuration Usage This command is valid only when redistributing routes into OSPF Example To use entry...

Page 1419: ...e uses the route with the highest weight value When a route matches the route map entry the device sets its weight to the specified value Use the no variant of this command to remove the set clause Sy...

Page 1420: ...and Privileged Exec Example To display information about the route map named example map use the command awplus show route map example map Output Figure 30 1 Example output from the show route map co...

Page 1421: ...nds used to configure policy based routing For more information see the Policy based Routing PBR Feature Overview and Configuration Guide Command List debug policy based routing on page 1422 ip policy...

Page 1422: ...at the debugging level Use the no variant of this command to disable policy based routing debugging Syntax debug policy based routing no debug policy based routing Default Policy based routing debuggi...

Page 1423: ...the application come from the source entity and are destined for the destination entity Parameter Description 1 128 The policy route ID number If you do not specify an ID number the device assigns th...

Page 1424: ...config policy based routing awplus config pbr policy based routing enable awplus config pbr ip policy route 10 match voice from inside to outside nexthop 10 37 236 65 To delete the policy route creat...

Page 1425: ...cation come from the source entity and are destined for the destination entity Parameter Description 1 128 The policy route ID number If you do not specify an ID number the device assigns the new poli...

Page 1426: ...nfig policy based routing awplus config pbr policy based routing enable awplus config pbr ipv6 policy route 10 match voice from inside to outside nexthop 2001 100 1 To delete the policy route created...

Page 1427: ...f this command to remove the whole policy based routing configuration Syntax policy based routing no policy based routing Mode Global configuration Usage Once you have entered policy based routing mod...

Page 1428: ...of this command to disable policy based routing Syntax policy based routing enable no policy based routing enable Default Policy based routing is disabled by default Mode Policy based routing Example...

Page 1429: ...listing the ordinary static and dynamic routes in the route table called main Then it lists the routes for each policy route For each route the output lists the route s next hop IP address and or the...

Page 1430: ...HOW IP PBR ROUTE Output Figure 31 2 Example output from show ip pbr route for a specified policy route For each route the output lists the route s next hop IP address and or the next hop interface Rel...

Page 1431: ...6 pbr route If you do not specify a policy routeID the output starts by listing the ordinary static and dynamic routes in the route table called main Then it lists the routes for each policy route For...

Page 1432: ...IPV6 PBR ROUTE Output Figure 31 4 Example output from show ipv6 pbr route for a specified policy route For each route the output lists the route s next hop IPv6 address and or the next hop interface R...

Page 1433: ...1 1 Parameters in the output from show pbr rules Parameter Description Rule The policy route ID number Policy routes are checked in order of ID number starting with the lowest ID number The device app...

Page 1434: ...show ipv6 pbr route Valid Whether the application and entities are valid Nexthop The IPv4 or IPv6 address of the next hop or the egress interface You can list up to 8 next hop addresses or up to 8 in...

Page 1435: ...family on page 1438 address family ipv4 RIP on page 1440 arp IP address MAC on page 1441 arp opportunistic nd on page 1443 clear arp cache on page 1445 clear ip bgp BGP only on page 1447 clear ip bgp...

Page 1436: ...on page 1495 router id VRF on page 1497 show arp on page 1498 show crypto key pubkey chain knownhosts on page 1501 show ip bgp cidr only BGP only on page 1503 show ip bgp community BGP only on page 15...

Page 1437: ...w ip route database on page 1527 show ip route summary on page 1530 show ip vrf on page 1532 show ip vrf detail on page 1533 show ip vrf interface on page 1534 show running config vrf on page 1535 ssh...

Page 1438: ...cast Mode BGP Router Configuration Mode BGP4 Router Configuration Usage To leave the IPv4 or IPv6 Address Family Configuration mode and return to the Router Configuration mode use the exit address fam...

Page 1439: ...igure terminal awplus config router bgp 100 awplus config router neighbor 2001 0db8 010d 1 remote as 100 awplus config router address family ipv6 awplus config router af neighbor 2001 0db8 010d 1 acti...

Page 1440: ...ve Address Family mode and return to Router Configuration mode use the exit address family command Example In this example the address family green is entered and then exited by using the exit address...

Page 1441: ...t number alias no arp ip addr Syntax VRF lite arp vrf vrf name ip addr mac address port number alias no arp vrf vrf name ip addr Mode Global Configuration Examples To add the IP address 10 10 10 9 wit...

Page 1442: ...DS ARP IP ADDRESS MAC Example VRF lite To apply the above example within a VRF instance called red use the following commands awplus configure terminal awplus config arp vrf red 10 10 10 9 0010 2355 4...

Page 1443: ...d the device will reply to any received unsolicited ARP packets but not gratuitous ARP packets The source MAC address for the unsolicited ARP packet is added to the ARP cache so the device forwards th...

Page 1444: ...discovery for the VRF instance blue enter awplus configure terminal awplus config arp opportunistic nd vrf blue To disable opportunistic neighbor discovery for the VRF instance blue enter awplus confi...

Page 1445: ...ress Mode Privileged Exec Usage To display the entries in the ARP cache use the show arp command To remove static ARP entries use the no variant of the arp IP address MAC command Example To clear all...

Page 1446: ...re Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS CLEAR ARP CACHE When running VRF lite to clear the dynamic ARP entries from the global VRF lite and all VRF instances use the command awplu...

Page 1447: ...utes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has been negotiated The neighbors will be triggered t...

Page 1448: ...BGP ONLY Examples To clear all BGP peers use the command awplus clear ip bgp Example VRF lite To clear all BGP peers in VRF instance red use the command awplus clear ip bgp vrf red To clear all outbou...

Page 1449: ...Description ipv4 addr Specifies the IPv4 address of the neighbor whose connection is to be reset entered in the form A B C D in Indicates that incoming advertised routes will be cleared prefix filter...

Page 1450: ...PF routes use the following command awplus clear ip rip vrf red route ospf To clear the route 10 0 0 0 8 from the RIP routing table for the VRF instance red use the following command awplus clear ip r...

Page 1451: ...C613 50186 01 Rev B Command Reference for AR2050V 1451 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS CLEAR IP RIP ROUTE Command changes Version 5 4 6 2 1 VRF lite support added...

Page 1452: ...in knownhosts ip ipv6 hostname rsa dsa rsa1 no crypto key pubkey chain knownhosts 1 65535 Syntax VRF lite crypto key pubkey chain knownhosts vrf vrf name ip ipv6 hostname rsa dsa rsa1 no crypto key pu...

Page 1453: ...e public key of the server is altered or unknown Examples To add the RSA host key of the remote SSH host IPv4 address 192 0 2 11 to the known host database use the command awplus crypto key pubkey cha...

Page 1454: ...routes regardless of the original protocol that the route has been redistributed from Examples This example assigns the cost of 10 to the routes that are redistributed into RIP awplus configure termi...

Page 1455: ...oves the description of the selected VRF instance Syntax description descriptive text no description Mode VRF Configuration Example To add the description for a VRF instance named blue use the followi...

Page 1456: ...mily Configuration for a VRF instance Examples To set the administrative distance to 8 for the RIP routes within the 10 0 0 0 8 network use the commands awplus configure terminal awplus config router...

Page 1457: ...f the interface the filter will be applied to all interfaces Examples In this example the following commands are used to apply a prefix list called myfilter to filter incoming routing updates in vlan2...

Page 1458: ...rt in the VRF configuration The no variant of this command disables the capability to export route map entries for a specified VRF instance Syntax export map route map no export map Mode VRF Configura...

Page 1459: ...e of larger update messages Use the no variant of this command to disable this feature Syntax fullupdate no fullupdate Default By default this feature is disabled Mode RIP Router Configuration or RIP...

Page 1460: ...e route target command The novariant of this commanddisables the capability toimportroutemap entries for a specified VRF instance Syntax import map route map no import map Mode VRF Configuration Usage...

Page 1461: ...re you can use the ip route command to create a static inter VRF route The no variant of this command disables static inter VRF routing Syntax ip route static inter vrf no ip route static inter vrf Mo...

Page 1462: ...e Syntax VRF lite ip route vrf vrf name subnet mask gateway ip interface distance no ip route vrf vrf name subnet mask gateway ip interface distance Parameter Description subnet mask The IPv4 address...

Page 1463: ...as a static route available through the device at 10 10 0 2 with the default administrative distance use the commands awplus configure terminal awplus config no ip route 192 168 3 0 255 255 255 0 10...

Page 1464: ...configuration awplus configure terminal awplus config no ip route vrf red 192 168 50 0 24 192 168 20 6 To create a static route from source VRF red to the subnet 192 168 50 0 24 with a next hop of 19...

Page 1465: ...F instance All interfaces previously belonging to the removed instance are then returned to the global routing and forwarding environment Syntax ip vrf vrf name vrf inst id no ip vrf vrf name vrf inst...

Page 1466: ...warding vrf name no ip vrf vrf name Mode Interface Configuration Default The default for an interface is the global routing table Examples For LAN interfaces to associate the VRF instance named blue w...

Page 1467: ...67294 and no warning threshold Examples To set the maximum number of dynamic routes to 2000 and warning threshold of 75 on VRF instance blue use the commands awplus config terminal awplus config ip vr...

Page 1468: ...mand Reference for AR2050V 1468 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS MAX FIB ROUTES VRF Related Commands max fib routes show ip route Command changes Version 5 4 6 2 1...

Page 1469: ...x static routescommand For FIB routes use the max fib routes command for the Global VRF instance and the max fib routes VRF command for a user defined VRF instance Use the no variant of this command t...

Page 1470: ...or BGP4 router to change the next hop information that is sent to the iBGP peer The next hop information is set to the IP address of the interface used to communicate with the neighbor This command ca...

Page 1471: ...p 10 awplus config router address family ipv4 awplus config router neighbor 10 10 0 72 next hop self awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4 awpl...

Page 1472: ...awplus config router af no neighbor 2001 0db8 010d 1 next hop self awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2...

Page 1473: ...up support of this command is configured only after creating a specific peer group Use the no variant of this command to remove a previously configured BGP peering relationship Parameter Description n...

Page 1474: ...config router bgp 10 awplus config router no neighbor 10 10 0 73 remote as 10 To configure a BGP peering relationship from the neighbor with the peer group named group1 with another router awplus con...

Page 1475: ...1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 awplus config router address family ipv6 awplus config router af neighbor 2001 0db8 010d 1 peer group group1 awplus config rout...

Page 1476: ...P Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Usage When using the peer group name parameter with this command to apply this command to all peers in the gr...

Page 1477: ...ghbor group1 password manager This example removes the password set for the neighbor peer group named group1 awplus configure terminal awplus config router bgp 10 awplus config router no neighbor grou...

Page 1478: ...ter bgp 10 awplus config router neighbor password manager 2001 0db8 010d 1 This example removes the password set for the neighbor 2001 0db8 010d 1 awplus configure terminal awplus config router bgp 10...

Page 1479: ...C613 50186 01 Rev B Command Reference for AR2050V 1479 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS NEIGHBOR PASSWORD Command changes Version 5 4 6 2 1 VRF lite support added...

Page 1480: ...s will be sent and received within the specified network or VLAN When running VRF lite this command can be applied to a VRF instance Example Use the following commands to activate RIP routing updates...

Page 1481: ...ference for AR2050V 1481 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS NETWORK RIP Related Commands show ip rip show running config clear ip rip route Command changes Version 5...

Page 1482: ...Address Family Configuration for a VRF instance Example Use the following commands to block RIP broadcasts on vlan20 awplus configure terminal awplus config router rip awplus config router passive int...

Page 1483: ...Enable or disable the do not fragment bit in the IP header interval 0 128 Specify the time interval in seconds between sending ping packets The default is 1 You can use decimal places to specify frac...

Page 1484: ...lite To ping the IP address 10 10 0 5 from VRF instance red use the following command awplus ping vrf red 10 10 0 5 NOTE Unless across domainstatic orleakedrouteexiststothedestinationIPaddress you mu...

Page 1485: ...uration Usage For the implementation of VRF lite installed on your switch this command has little practical functionality However the switch does check certain components of the RD that you enter For...

Page 1486: ...o make sure that only routes to be advertised reach the internet not everything This command allows redistribution by injecting prefixes from one routing protocol into another routing protocol Example...

Page 1487: ...ch is then applied using the redistribute route map command awplus configure terminal awplus config route map rmap2 permit 3 awplus config route map match interface vlan1 awplus config route map set m...

Page 1488: ...the OSPF domain to generate AS external LSAs If a route map is configured by this command then that route map is used to control which routes are redistributed and can set metric and tag values on pa...

Page 1489: ...minal awplus config route map rmap2 permit 3 awplus config route map match interface vlan1 awplus config route map set metric type 1 awplus config route map exit awplus config router ospf 100 awplus c...

Page 1490: ...1 Mode RIP Router Configuration or RIP Router Address Family Configuration for a VRF instance Example To apply the metric value 15 to static routes being redistributed into RIP use the commands awplus...

Page 1491: ...ric value 15 to static routes in address family ipv4 VRF instance blue being redistributed into RIP use the following commands awplus configure terminal awplus config router rip awplus config router a...

Page 1492: ...fter adding the RIP route the route can be checked in the RIP routing table Example To create a static RIP route to IP subnet 192 168 1 0 24 use the following commands awplus configure terminal awplus...

Page 1493: ...rget RT and the Route Distinguisher RD values For VRF lite however this relationship is only implicit in that they share the same format structure Example Use the following commands to create a route...

Page 1494: ...C613 50186 01 Rev B Command Reference for AR2050V 1494 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS ROUTE TARGET Related Commands ip vrf show ip vrf...

Page 1495: ...Syntax VRF lite router ospf process id vrf instance no router ospf process id Default No routing process is defined by default Mode Global Configuration Usage The process ID of OSPF is an optional pa...

Page 1496: ...RF LITE COMMANDS ROUTER OSPF Example VRF lite To enter Router Configuration mode to configure an existing OSPF routing process 100 for VRF instance red use the commands awplus configure terminal awplu...

Page 1497: ...OSPF router id behavior Syntax router id ip address no router id Mode Router Configuration Usage Configure each router with a unique router id In an OSPF router process that has active neighbors a new...

Page 1498: ...meters will display all entries in the ARP routing and forwarding table With VRF lite configured and no additional parameters entered the command output displays all entries listed by their VRF instan...

Page 1499: ...an2 port1 0 6 static awplus show arp global IP Address MAC Address Interface Port Type 192 168 10 2 0015 77ad fad8 vlan1 port1 0 1 dynamic 192 168 20 2 0015 77ad fa48 vlan2 port1 0 2 dynamic 192 168 1...

Page 1500: ...ommand Reference for AR2050V 1500 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS SHOW ARP Related Commands arp IP address MAC clear arp cache Command changes Version 5 4 6 2 1 VR...

Page 1501: ...pecified this command displays the known host database from the global routing environment If neither vrf nor global is specified this command displays the known host database from the global routing...

Page 1502: ...lite support added No Hostname Type Fingerprint 1 172 16 23 1 rsa c8 33 b1 fe 6f d3 8c 81 4e f7 2a aa a5 be df 18 2 172 16 23 10 rsa c4 79 86 65 ee a0 1d a5 6a e8 fd 1d d3 4e 37 bd 3 5ffe 1053 ac21 f...

Page 1503: ...ed Exec Example awplus show ip bgp cidr only awplus show ip bgp vrf red cidr only Output Figure 32 5 Example output from the show ip bgp cidr only command Command changes Version 5 4 6 2 1 VRF lite su...

Page 1504: ...e placeholder Syntax show ip bgp community type exact match Syntax VRF show ip bgp global vrf vrf name community type exact match Mode User Exec and Privileged Exec Parameter Description global When V...

Page 1505: ...1 64510 64511no advertise awplus show ip bgp community no advertise no advertiseno advertise exact match awplus show ip bgp community no export 64510 64511 no advertise local AS no export awplus show...

Page 1506: ...y list listname exact match Syntax VRF show ip bgp global vrf vrf name community list listname exact match Mode User Exec and Privileged Exec Example awplus show ip bgp community list mylist exact mat...

Page 1507: ...nformation in memory Examples awplus show ip bgp dampening dampened paths awplus show ip bgp vrf red dampening dampened paths awplus show ip bgp global dampening flap statistics Output Figure 32 6 Exa...

Page 1508: ...ly Command changes Version 5 4 6 2 1 VRF lite support added awplus show ip bgp dampening flap statistics BGP table version is 1 local router ID is 30 30 30 77 Status codes s suppressed d damped h hist...

Page 1509: ...tting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp filter list listname Syntax VRF show ip bgp global vrf vrf name filter list listname Mode User Exec and P...

Page 1510: ...ng and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp inconsistent as Syntax VRF show ip bgp global vrf vrf name inconsi...

Page 1511: ...figuration Guide Syntax show ip bgp ip address m longer prefixes Syntax VRF show ip bgp global vrf vrf name ip address m longer prefixes Mode User Exec and Privileged Exec Example awplus show ip bgp 1...

Page 1512: ...Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp prefix list list Syntax VRF show ip bgp global vrf vrf name prefix list list Mode User Exec and Privil...

Page 1513: ...bal vrf vrf name quote regexp expression Mode User Exec and Privileged Exec Symbol Character Meaning Caret Used to match the beginning of the input string When used at the beginning of a string of cha...

Page 1514: ...Version 5 4 7 1 x VRF LITE COMMANDS SHOW IP BGP QUOTE REGEXP BGP ONLY Examples awplus show ip bgp quote regexp myexpression awplus show ip bgp global quote regexp 65550 65555 Related Commands show bg...

Page 1515: ...and Privileged Exec Symbol Character Meaning Caret Used to match the beginning of the input string When used at the beginning of a string of characters it negates a pattern match Dollar sign Used to m...

Page 1516: ...ating System Version 5 4 7 1 x VRF LITE COMMANDS SHOW IP BGP REGEXP BGP ONLY Examples awplus show ip bgp regexp myexpression awplus show ip bgp vrf red regexp 65550 65555 Related Commands show bgp ipv...

Page 1517: ...uide Syntax show ip bgp route map route map Syntax VRF show ip bgp global vrf vrf name route map route map Mode User Exec and Privileged Exec Examples To show routes that match the route map myRouteMa...

Page 1518: ...t Figure 32 9 Example output from the show ip bgp summary command The Up Down column in this output is a timer that shows never if the peer session has never been established The up time if the peer s...

Page 1519: ...7 1 x VRF LITE COMMANDS SHOW IP BGP SUMMARY BGP ONLY In the example above the session with 192 168 11 2 has been down for 4 seconds and the session with 192 168 4 2 has never been established Related...

Page 1520: ...yntax show ip interface vrf vrf name global Mode User Exec and Privileged Exec Examples To display all interfaces and IP addresses associated with a VRF instance red use the command awplus show ip int...

Page 1521: ...with VRF lite configured Command changes Version 5 4 6 2 1 VRF lite support added Interface IP Address Status Protocol eth0 unassigned admin up down lo unassigned admin up running vlan1 192 168 1 1 24...

Page 1522: ...uide Syntax show ip rip vrf vrf name global database full Mode User Exec and Privileged Exec Example To display information about the RIP database associated with a VRF instance blue use the command a...

Page 1523: ...ance blue use the command awplus show ip rip vrf blue interface Output Figure 32 13 Example output from show ip rip vrf blue interface vlan3 NOTE The Time parameter operates as follows RIP updates occ...

Page 1524: ...ix length Syntax VRF lite show ip route vrf vrf name global bgp connected ospf rip static Mode User Exec and Privileged Exec Example To display the static routes in the FIB use the command awplus show...

Page 1525: ...as added Figure 32 14 Example output from the show ip route command Connected Route The connected route entry consists of This route entry denotes Route entries for network 10 10 31 0 24 are derived f...

Page 1526: ...next hop 10 10 31 16 The outgoing local interface for this route is vlan2 This route was added 20 minutes and 54 seconds ago OSPF External Route The OSPF external route entry consists of This route e...

Page 1527: ...ile use the output redirection token Syntax show ip route database bgp connected ospf rip static Syntax VRF lite show ip route vrf vrf name global database bgp connected ospf rip static Mode User Exec...

Page 1528: ...tly connected vlan2 00 28 20 C 10 10 31 0 24 is directly connected vlan2 S 10 10 34 0 24 1 0 via 10 10 31 16 vlan2 O 10 10 34 0 24 110 31 via 10 10 31 16 vlan2 00 21 19 O 10 10 37 0 24 110 11 via 10 1...

Page 1529: ...his static route has a lower administrative distance than the OSPF route 110 the static route 1 is selected and installed in the FIB If the static route becomes unavailable then the device automatical...

Page 1530: ...f vrf name global Mode User Exec and Privileged Exec Example To display a summary of the current RIB entries use the command awplus show ip route summary Output Figure 32 17 Example output from the sh...

Page 1531: ...Example output from the show ip route summary vrf red command Related Commands show ip route show ip route database Command changes Version 5 4 6 2 1 VRF lite support added IP routing table name is De...

Page 1532: ...tax show ip vrf vrf name Mode User Exec and Privileged Exec Example To display brief information for the VRF instance red use the command awplus show ip vrf red Output Figure 32 19 Example output from...

Page 1533: ...from the show ip detail command for all VRF instances Related Commands show ip vrf Command changes Version 5 4 6 2 1 VRF lite support added Parameter Description vrf name The name of the VRF instance...

Page 1534: ...ure 32 21 Example output from the show ip vrf interface command Example To display all interfaces and IP addresses associated with the VRF instance red use the command awplus show ip vrf interface red...

Page 1535: ...system VRF related configurations for all VRF instances Syntax show running config vrf Mode Privileged Exec Example To display the running system VRF related configurations use the command awplus show...

Page 1536: ...lite ssh vrf vrf name ip ipv6 user username port 1 65535 version 1 2 hostname line Parameter Description vrf Apply the command to the specified VRF instance vrf name The name of the VRF instance ip Sp...

Page 1537: ...cmd command on the remote SSH server at 192 0 2 5 use the command awplus ssh ip 192 0 2 5 cmd Example VRF lite To login to the remote SSH server at 192 168 1 1 on VRF red use the command awplus ssh vr...

Page 1538: ...p ip Example VRF lite To start a tcpdump on interface vlan2 associated with a VRF instance red enter the command awplus tcpdump vrf red vlan2 Output Figure 32 24 Example output from the tcpdump comman...

Page 1539: ...00 use the command awplus telnet host example 100 Example VRF lite To open a telnet session to a remote host 192 168 0 1 associated with VRF instance red use the command awplus telnet vrf red ip 192 1...

Page 1540: ...e has been dropped When the time specified by the garbage parameter expires the metric 16 route is finally removed from the routing table Until the garbage time expires the route is included in all up...

Page 1541: ...ate timer to 30 the routing information timeout timer to 180 and the routing garbage collection timer to 120 with VRF use the following command awplus configure terminal awplus config router rip awplu...

Page 1542: ...x VRF lite traceroute vrf vrf name ip addr hostname Mode User Exec and Privileged Exec Example awplus traceroute 10 10 0 5 Example VRF lite awplus traceroute vrf red 192 168 0 1 Command changes Versio...

Page 1543: ...eived and sent on all the RIP enabled interfaces Setting the version command has no impact on receiving updates only on sending them The ip rip send version command overrides the value set by the vers...

Page 1544: ...C613 50186 01 Rev B Command Reference for AR2050V 1544 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS VERSION RIP Command changes Version 5 4 6 2 1 VRF lite support added...

Page 1545: ...C613 50186 01 Rev B Command Reference for AR2050V 1545 AlliedWare Plus Operating System Version 5 4 7 1 x Part 4 Multicast Applications...

Page 1546: ...hapter describes the commands to configure IGMP Querier behaviour and selection IGMP Snooping and IGMP Proxy Command List clear ip igmp on page 1548 clear ip igmp group on page 1549 clear ip igmp inte...

Page 1547: ...igmp snooping source timeout on page 1576 ip igmp snooping tcn query solicit on page 1577 ip igmp source address check on page 1579 ip igmp startup query count on page 1580 ip igmp startup query inter...

Page 1548: ...GMP SNOOPING COMMANDS CLEAR IP IGMP clear ip igmp Overview Use this command to clear all IGMP group membership records on all VLAN interfaces Syntax clear ip igmp Mode Privileged Exec Example awplus c...

Page 1549: ...rface can be specified Specifying this will mean that only entries with the group learned on the interface will be deleted Examples To delete all group records use the command awplus clear ip igmp gro...

Page 1550: ...rticular interface Syntax clear ip igmp interface interface Mode Privileged Exec Usage This command applies to interfaces configured for IGMP or IGMP Snooping Example To delete records for vlan1 use t...

Page 1551: ...ponent of IGMP Syntax debug igmp all decode encode events fsm tib no debug igmp all decode encode events fsm tib Modes Privileged Exec and Global Configuration Example awplus configure terminal awplus...

Page 1552: ...his command to return all IGMP related configuration to the default on this interface Syntax ip igmp no ip igmp Default Disabled Mode Interface Configuration for a VLAN or Eth interface Usage An IP ad...

Page 1553: ...2 switched network running IGMP it is considered more robust to flood all specific queries In most cases the benefit of flooding specific queries to all VLAN member ports outweighs the disadvantages H...

Page 1554: ...ast member query count Default The default last member query count value is 2 Mode Interface Configuration for a VLAN or Eth interface Usage This command applies to Eth interfaces configured for IGMP...

Page 1555: ...val Default 1000 milliseconds Mode Interface Configuration for a VLAN or Eth interface Usage This command applies to Eth interfaces configured for IGMP and VLAN interfaces configured for IGMP or IGMP...

Page 1556: ...t Usage We recommend using this command with IGMP snooping fast leave on the relevant VLANs To enable fast leave use the command awplus config if ip igmp snooping fast leave Thedevicekeepscountofthe n...

Page 1557: ...s to 10 groups on port 1 0 1 which is in vlan1 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if ip igmp maximum groups 10 awplus config if exit awplus conf...

Page 1558: ...configured for IGMP Proxy You must also enable the IGMP proxy service on the upstream interface using the ip igmp proxy service command You can associate one or more downstream mroute proxy interfaces...

Page 1559: ...xyinterfaces on this device using the command ip igmp mroute proxy IGMP Proxy does not work with other multicast routing protocols such as PIM SM or PIM DM From version 5 4 7 1 1 onwards IGMP mroute p...

Page 1560: ...ult timeout interval is 255 seconds Mode Interface Configuration for a VLAN or Eth interface Usage This command applies to Eth and VLAN interfaces configured for IGMP The timeout value should not be l...

Page 1561: ...k if a stream of Query Solicitation QS packets are sent to the IGMP Querier eliciting a rapid stream of IGMP Queries This command applies to interfaces on which the device is acting as an IGMP Querier...

Page 1562: ...or AR2050V 1562 AlliedWare Plus Operating System Version 5 4 7 1 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP QUERY HOLDTIME Related Commands ip igmp query interval ip igmp snooping tcn query solicit sho...

Page 1563: ...ed for IGMP Note that the IGMP query interval is automatically set to a greater value than the IGMP query max response time For example if you set the IGMP query max response time to 2 seconds using t...

Page 1564: ...set the period between sending IGMP host query messages to the default 125 seconds for vlan10 use the following commands awplus configure terminal awplus config interface vlan10 awplus config if no ip...

Page 1565: ...mple if you set the IGMP query interval to 3 seconds using the ip igmp query interval command and the current IGMP query interval is less than 3 seconds then the IGMP query maximum response time will...

Page 1566: ...d Reference for AR2050V 1566 AlliedWare Plus Operating System Version 5 4 7 1 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP QUERY MAX RESPONSE TIME Related Commands ip igmp query interval show ip igmp int...

Page 1567: ...s are ignored Use the no variant of this command to disable strict RA option validation Syntax ip igmp ra option no ip igmp ra option Default The default state of RA validation is unset Mode Interface...

Page 1568: ...tax ip igmp robustness variable 1 7 no ip igmp robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a VLAN or Eth interface Usage This command applie...

Page 1569: ...abled globally Syntax ip igmp snooping no ip igmp snooping Default By default IGMP Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a VLAN i...

Page 1570: ...message is received without sending out a group specific query Use the no variant of this command to disable fast leave processing Syntax ip igmp snooping fast leave no ip igmp snooping fast leave Def...

Page 1571: ...remove the static configuration of the port as a multicast router port Syntax ip igmp snooping mrouter interface port no ip igmp snooping mrouter interface port Mode Interface Configuration for a VLA...

Page 1572: ...address because it only masquerades as a proxy IGMP querier for faster network convergence It does not start or automatically cease the IGMP Querier operation if it detects query message s from a mul...

Page 1573: ...already downstream ports for this group on this interface Use the no variant of this command to disable report suppression Syntax ip igmp snooping report suppression no ip igmp snooping report suppres...

Page 1574: ...ration Parameter Description all All reserved multicast addresses 224 0 0 x Packets from all possible addresses in range 224 0 0 x are treated as coming from routers default Default set of reserved mu...

Page 1575: ...MODE Examples To set ip igmp snooping routermode for all default reserved addresses enter awplus config ip igmp snooping routermode default To remove the multicast address 224 0 0 5 from the custom li...

Page 1576: ...ke normal entries Interface IGMP Snooping source timeout is disabled by default and unregistered multicast will be timed out like normal entries Mode Interface Global Configuration Usage The timeout d...

Page 1577: ...nabled by default and cannot be disabled using the Global Configuration mode command However Query Solicitation can be disabled for specified interfaces using the no variant of this command from the I...

Page 1578: ...nfigure terminal awplus config no ip igmp snooping tcn query solicit To enable Query Solicitation for vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ip...

Page 1579: ...on for a VLAN or Eth interface Usage This is a security feature and should be enabled unless IGMP Reports from outside the local subnet are expected for example if Multicast VLAN Registration is activ...

Page 1580: ...t of this command to return an interface s configured IGMP startup query count to the default Syntax ip igmp startup query count startup query count no ip igmp startup query count Default The default...

Page 1581: ...tartup query interval no ip igmp startup query interval Default The default IGMP startup query interval is one quarter of the IGMP query interval value NOTE The IGMP startup query interval must be one...

Page 1582: ...witch ports or aggregators Usage Because all ports are trusted by default use this command in its no variant to stop IGMP processing packets on ports you do not trust For example you can use this comm...

Page 1583: ...Use the no variant of this command to return to the default version Syntax ip igmp version 1 3 no ip igmp version Default The default IGMP version is 3 Mode Interface Configuration for a VLAN or Eth i...

Page 1584: ...Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging igmp Mode User Exec and Privileged Exec Example To display the IGMP debugging options set enter the...

Page 1585: ...C D interface Interface name for which to display local information IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224 0 1 1 port1 0 1 00 00 09 00 04 17 10 10 0...

Page 1586: ...sion 5 4 7 1 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP GROUPS Expires Time in hours minutes and seconds until the entry expires Last Reporter Last host to report being a member of the multicast g...

Page 1587: ...face If you specify a switch port number the output displays the number of groups the port belongs to and the port s group membership limit if a limit has been set with the command ip igmp maximum gro...

Page 1588: ...is 500 milliseconds IGMP querier timeout is 255 seconds IGMP max query response time is 10 seconds Last member query response interval is 1000 milliseconds Group Membership interval is 260 seconds St...

Page 1589: ...p igmp proxy groups vlan multicast group detail Mode User Exec and Privileged Exec Example To display the state of IGMP Proxy services for all interfaces enter the command awplus show ip igmp proxy To...

Page 1590: ...e User Exec and Privileged Exec Example To show all multicast router interfaces use the command awplus show ip igmp snooping mrouter To show the multicast router interfaces in vlan1 use the command aw...

Page 1591: ...saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip igmp snooping routermode Mode User Exec and Privileged Exec Example To show t...

Page 1592: ...e configured IGMP snooping source timeouts for all VLANs use the command awplus show ip igmp snooping source timeout Output Figure 33 6 Example output from show ip igmp snooping source timeout Related...

Page 1593: ...lan1 vlan2 Output Figure 33 7 Example output from the show ip igmp snooping statistics command for VLANs Parameter Description ip address Optionally specify the address of the multicast group entered...

Page 1594: ...7 1 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP SNOOPING STATISTICS Figure 33 8 Example output from the show ip igmp snooping statistics command for a switch port awplus show ip igmp interface port...

Page 1595: ...Command Reference for AR2050V 1595 AlliedWare Plus Operating System Version 5 4 7 1 x IGMP AND IGMP SNOOPING COMMANDS UNDEBUG IGMP undebug igmp Overview This command applies the functionality of the n...

Page 1596: ...cast routing The IPv6 Multicast addresses shown can be derived from IPv6 unicast prefixes as per RFC 3306 The IPv6 unicast prefix reserved for documentation is 2001 0db8 32 as per RFC 3849 Using the b...

Page 1597: ...erval on page 1606 ipv6 mld query max response time on page 1607 ipv6 mld robustness variable on page 1608 ipv6 mld snooping on page 1609 ipv6 mld snooping fast leave on page 1611 ipv6 mld snooping mr...

Page 1598: ...LD clear ipv6 mld Overview Use this command to clear all MLD local memberships on all interfaces Syntax clear ipv6 mld Mode Privileged Exec Usage This command applies to interfaces configured for MLD...

Page 1599: ...ss Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Example awplus clear ipv6 mld group Related Commands clear i...

Page 1600: ...ar MLD interface entries Syntax clear ipv6 mld interface interface Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snoop...

Page 1601: ...ts fsm tib Mode Privileged Exec and Global Configuration Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Examples awplus configure t...

Page 1602: ...ace or a range of VLAN interfaces Usage MLD requires memory for storing data structures as well as the hardware tables to implement hardware routing As the number of ports VLANs static and dynamic gro...

Page 1603: ...lt on an interface Syntax ipv6 mld last member query count value no ipv6 mld last member query count Default The default last member query count value is 2 Mode Interface Configuration for a specified...

Page 1604: ...e default Syntax ipv6 mld last member query interval milliseconds no ipv6 mld last member query interval Default 1000 milliseconds Mode Interface Configuration for a specified VLAN interface or a rang...

Page 1605: ...ified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example configures the router to wait 1...

Page 1606: ...ace Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example cha...

Page 1607: ...ax response time Default 10 seconds Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multic...

Page 1608: ...ault on an interface Syntax ipv6 mld robustness variable value no ipv6 mld robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a specified VLAN inte...

Page 1609: ...enabled both globally by using this command in Global Configuration mode and on individual VLAN interfaces by using this command in Interface Configuration mode both are enabled by default MLD require...

Page 1610: ...MLD SNOOPING COMMANDS IPV6 MLD SNOOPING To configure MLD Snooping globally for the device enter the following commands awplus configure terminal awplus config ipv6 mld snooping To disable MLD Snooping...

Page 1611: ...le fast leave processing Syntax ipv6 mld snooping fast leave no ipv6 mld snooping fast leave Default MLD Snooping fast leave processing is disabled Mode Interface Configuration for a specified VLAN in...

Page 1612: ...interface Note that if static IPv6 multicast routing is being used with EPSR and the destination VLAN is an EPSR data VLAN then multicast router mrouter ports must be statically configured This minim...

Page 1613: ...ulticast router for VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld snooping mrouter interface port1 0 5 This example shows how to specify the ne...

Page 1614: ...Configuration for a specified VLAN interface Usage This command can only be configured on a single VLAN interface not on multiple VLANs The MLD Snooping querier uses the 0 0 0 0 Source IP address beca...

Page 1615: ...maybe configured to suppress reports from hosts When a querier sends a query only the first report for particular set of group s from a host will be forwarded to the querier by the MLD Snooping devic...

Page 1616: ...5 4 7 1 x MLD AND MLD SNOOPING COMMANDS IPV6 MLD SNOOPING REPORT SUPPRESSION This example shows how to disable report suppression for MLD reports on VLAN interfaces vlan2 vlan4 awplus configure termin...

Page 1617: ...ast SSM mapping feature on the device Use the no variant of this command to disable the SSM mapping feature on the device Syntax ipv6 mld ssm map enable no ipv6 mld ssm map enable Mode Global Configur...

Page 1618: ...add a static group record use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 To add a static group and source record use...

Page 1619: ...ystem Version 5 4 7 1 x MLD AND MLD SNOOPING COMMANDS IPV6 MLD STATIC GROUP To add a static group record on a specific port on vlan2 use the following commands awplus configure terminal awplus config...

Page 1620: ...uration for a VLAN interface Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and MLD Snooping Note this command is intended for use where there is another queri...

Page 1621: ...g mld command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mld Mode Privileged Exe...

Page 1622: ...rface detail Mode User Exec and Privileged Exec Examples The following command displays local membership information for all interfaces awplus show ipv6 mld groups Output Figure 34 2 Example output fo...

Page 1623: ...terfaces enabled for MLD awplus show ipv6 mld interface Output Parameter Description interface Interface name awplus show ipv6 mld interface Interface vlan1 Index 301 MLD Enabled Active Querier Versio...

Page 1624: ...xec and Privileged Exec Examples The following command displays the multicast router interfaces in vlan2 awplus show ipv6 mld snooping mrouter vlan2 Output The following command displays the multicast...

Page 1625: ...oping statistics interface interface Mode User Exec and Privileged Exec Example The following command displays MLDv2 statistical information for vlan1 awplus show ipv6 mld snooping statistics interfac...

Page 1626: ...lticast routing command Static IPv6 multicast routes take priority over dynamic IPv6 multicast routes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 mu...

Page 1627: ...9 clear ipv6 mroute on page 1630 clear ipv6 mroute statistics on page 1631 debug nsm mcast on page 1632 debug nsm mcast6 on page 1633 ip mroute on page 1634 ip multicast route on page 1636 ip multicas...

Page 1628: ...its IPv4 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear multicast route...

Page 1629: ...ies from the IP multicast routing table Syntax clear ip mroute statistics ipv4 group addr ipv4 source addr Mode Privileged Exec Example awplus clear ip mroute statistics 225 1 1 2 192 168 4 4 awplus c...

Page 1630: ...vant IPv6 multicast route entries in its IPv6 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protoc...

Page 1631: ...the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clear ipv6 mroute statistics...

Page 1632: ...ter stats vif Mode Privileged Exec and Global Configuration Examples To enable debugging of all multicast route events use the commands awplus configure terminal awplus config debug nsm mcast all To e...

Page 1633: ...ter stats vif no debug nsm mcast6 all fib msg mrt register stats vif Mode Privileged Exec and Global Configuration Examples To enable debugging of all multicast route events use the commands awplus co...

Page 1634: ...mmand enables the user to statically configure the device with multicast routes back to given sources When performing the RPF check on a stream from a given IPv4 source the multicast routing protocol...

Page 1635: ...ersed in order to arrive at the current router Examples The following example creates a static multicast IPv4 route back to the sources in the 10 10 3 0 24 subnet The multicast route is via the host 1...

Page 1636: ...configured PIM will not be able to update this multicast route in any way If a dynamic multicast route exists you cannot create a static multicast route with same source IPv4 address group IPv4 addre...

Page 1637: ...e route for the multicast source IPv4 address 2 2 2 2 and group IPv4 address 224 9 10 11 specifying the upstream VLAN interface as vlan10 use the following commands To create an IPv4 static multicast...

Page 1638: ...figuration Usage This command limits the number of multicast IPv4 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is s...

Page 1639: ...vif suppression no ip multicast wrong vif suppression Default By default this feature is disabled Mode Global Configuration Usage Use this command if there is excessive CPU load and multicast traffic...

Page 1640: ...routing no ip multicast routing Default By default IPv4 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB...

Page 1641: ...different paths to those used for unicast In this case the interface via which a multicast stream from a given source enters a router may not be the same as the interface that connects to the best un...

Page 1642: ...urrent router will forward multicast instead it refers to the route the multicast will have traversed in order to arrive at the current router Examples The following example creates a static multicast...

Page 1643: ...vlan id downstream vlan id Default By default no static routes exist Mode Global Configuration Usage Only one multicast route entry per IPv6 address and multicast group can be specified Therefore if...

Page 1644: ...ss 2001 1 and group IPv6 address ff08 1 specifying the upstream VLAN interface as vlan10 and the downstream VLAN interface as vlan20 use the following commands awplus configure terminal awplus config...

Page 1645: ...onfiguration Usage This command limits the number of multicast IPv6 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is...

Page 1646: ...ast routing Default By default IPv6 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multicast...

Page 1647: ...ports in the same VLANs as the receiving port will still receive the multicast packets CAUTION We do not recommend disabling multicast routing in a live network Some non multicast protocols use multi...

Page 1648: ...and source IPv4 address Figure 35 1 Example output from the show ip mroute command Parameter Description ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 sourc...

Page 1649: ...uptime 00 03 24 stat expires 00 01 28 Owner PIM SM Flags TF Incoming interface vlan2 Outgoing interface list vlan3 1 awplus show ip mroute count IP Multicast Statistics Total 1 routes using 132 bytes...

Page 1650: ...put Figure 35 5 Example output from the show ip mvif command Figure 35 6 Example output from the show ip mvif command with the interface parameter vlan2 specified Parameter Description interface The i...

Page 1651: ...show ip rpf Overview Use this command to display Reverse Path Forwarding RPF information for the specified IPv4 source address Syntax show ip rpf source addr Mode User Exec and Privileged Exec Exampl...

Page 1652: ...le output of this command displaying the IPv6 multicast routing table for a single static IPv6 Multicast route Figure 35 7 Example output from the show ipv6 mroute command Parameter Description ipv6 g...

Page 1653: ...tics Total 1 routes using 152 bytes memory Route limit Route threshold 1024 1024 Total NOCACHE WRONGmif WHOLEPKT recv from fwd 6 0 0 Total NOCACHE WRONGmif WHOLEPKT sent to clients 6 0 0 Immediate Tim...

Page 1654: ...tus of multicast forwarding slow path packet setting Syntax show ipv6 multicast forwarding Mode User Exec Example To show the status of the multicast forwarding slow path packet setting use the follow...

Page 1655: ...ipv6 mif awplus show ipv6 mif vlan2 Output Figure 35 11 Example output from the show ipv6 mif command Figure 35 12 Example output from the show ipv6 mif command with the interface parameter vlan2 spe...

Page 1656: ...arse mode on page 1660 debug pim sparse mode on page 1661 debug pim sparse mode timer on page 1662 ip pim anycast rp on page 1664 ip pim bsr border on page 1665 ip pim bsr candidate on page 1666 ip pi...

Page 1657: ...1686 show debugging pim sparse mode on page 1687 show ip pim sparse mode bsr router on page 1688 show ip pim sparse mode interface on page 1689 show ip pim sparse mode interface detail on page 1691 sh...

Page 1658: ...ulticast clients note that one router will be automatically or statically designated as the RP and all routers must explicitly join through the RP A Designated Router DR sends periodic Join Prune mess...

Page 1659: ...owing command clears the current packet receive counts for PIM sparse mode awplus configure terminal awplus config clear ip pim sparse mode statistics Output Figure 36 1 Example output from clear ip p...

Page 1660: ...address and optionally a specified multicast source address Syntax clear ip mroute Group IP address pim sparse mode clear ip mroute Group IP address Source IP address pim sparse mode Mode Privileged...

Page 1661: ...ion Example awplus configure terminal awplus config debug pim sparse mode all Related Commands show debugging pim sparse mode Parameter Description all Activates deactivates all PIM SM debugging event...

Page 1662: ...rst Parameter Description assert Enable or disable debugging for the Assert timers at Enable or disable debugging for the Assert Timer bsr Enable or disable debugging for the specified Bootstrap Rout...

Page 1663: ...he command awplus config debug pim sparse mode timer hello ht To enable debugging for the PIM SM Joinprune expiry timer use the command awplus debug pim sparse mode timer joinprune et To disable debug...

Page 1664: ...imultaneously advertise the same destination IP address range from many sources resulting in packets address to destination addresses in this range being routed to thenearest source announcing the giv...

Page 1665: ...etween the two PIM domains BSR messages should not be exchanged between different domains because devices in one domain may elect Rendezvous Points RPs in the other domain resulting in loss of isolati...

Page 1666: ...elow awplus configure terminal awplus config ip pim bsr candidate vlan2 20 30 To withdraw the address of vlan2 from being offered as a BSR candidate enter awplus configure terminal awplus config no ip...

Page 1667: ...Register checksum over the whole packet This command is used to inter operate with older Cisco IOS versions Use the no variant of this command to disable this option Syntax ip pim cisco register check...

Page 1668: ...e default IPv4 multicast group range 224 4 are sent with a prefix of 1 Use the no variant of this command to revert to the default settings Syntax ip pim crp cisco prefix no ip pim crp cisco prefix Mo...

Page 1669: ...inal awplus config interface vlan2 awplus config if ip pim dr priority 11234 To disable the Designated Router priority value for the VLAN interface vlan2 apply the commands as shown below awplus confi...

Page 1670: ...used to inter operate with older Cisco IOS versions Use the no variant of this command to revert to default settings Syntax ip pim exclude genid no ip pim exclude genid Default By default this command...

Page 1671: ...PIM to treat all sources as directly connected for VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ip pim ext srcs directly con...

Page 1672: ...lt hello holdtime is restored using the negated form of this command Mode Interface Configuration for a VLAN interface or a PPP interface Usage Each time the hello interval is updated the hello holdti...

Page 1673: ...form of this command Mode Interface Configuration for a VLAN interface or a PPP interface Usage When the hello interval is configured and the hello holdtime is not configured or when the configured h...

Page 1674: ...s command to ignore the RP SET priority value and use only the hashing mechanism for RP selection This command is used to inter operate with older Cisco IOS versions Use the no variant of this command...

Page 1675: ...PIM SM join prune timer to its default value of 60 seconds which corresponds to a join prune packet holdtime of 210 seconds Syntax ip pim jp timer 1 65535 no ip pim jp timer 1 65535 Default The defaul...

Page 1676: ...ure the rate of register packets sent by this DR in units of packets per second Use the no variant of this command to remove the limit Syntax ip pim register rate limit 1 65535 no ip pim register rate...

Page 1677: ...ability check for PIM Register processing at the DR The default setting is no checking for RP reachability Use the no variant of this command to disable this processing Syntax ip pim register rp reach...

Page 1678: ...the source host Syntax ip pim register source source_address interface no ip pim register source Usage The configured address must be a reachable address to be used by the RP to send corresponding Reg...

Page 1679: ...efault of 60 seconds Configuring this value modifies register suppression time at the DR Configuring this value at the RP modifies the RP keepalive period value if the ip pim rp register kat command i...

Page 1680: ...configure the RP address for multicast groups You need to understand the following information before using this command If the RP address that is configured by the BSR and the RP address that is con...

Page 1681: ...the priority parameter Mode Global Configuration Usage Note that issuing the commandippimrp candidate interface withoutoptional priority interval or grouplist parameters will configure the candidate...

Page 1682: ...of this command to return the PIM SM KAT timer to its default value of 210 seconds Syntax ip pim rp register kat 1 65535 no ip pim rp register kat Mode Global Configuration Default The default PIM SM...

Page 1683: ...Syntax ip pim sparse mode no ip pim sparse mode Mode Interface Configuration for a VLAN interface or a PPP interface Examples awplus configure terminal awplus config interface vlan2 awplus config if...

Page 1684: ...interface Usage Passive mode essentially stops PIM transactions on the interface allowing only IGMP mechanism to be active To turn off passive mode use the no ip pim sparse mode passive or the ip pim...

Page 1685: ...hop PIM router to switch to SPT NOTE The switching to SPT happens either at the receiving of the first data packet or not at all it is not rate based Syntax ip pim spt threshold no ip pim spt threshol...

Page 1686: ...default no ip pim ssm Default By default the command is disabled Mode Global Configuration Usage When an SSM range of IP multicast addresses is defined by the ip pim ssm command the no G or S G rpt st...

Page 1687: ...ature Overview and Configuration Guide Syntax show debugging pim sparse mode Mode User Exec and Privileged Exec Example To display PIM SM debugging settings use the command awplus show debugging pim s...

Page 1688: ...mmand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode bsr router Mode User Exec and Privileged Exec Output Figure 36 3 Outpu...

Page 1689: ...face Total configured interfaces 16 Maximum allowed 31 Total active interfaces 12 Address Interface VIFindex Ver Nbr DR DR Mode Count Prior 192 168 1 53 vlan2 0 v2 S 2 2 192 168 1 53 192 168 10 53 vla...

Page 1690: ...IP PIM SPARSE MODE INTERFACE Related Commands ip pim sparse mode show ip pim sparse mode rp mapping show ip pim sparse mode neighbor DR Priority Designated Router priority DR The IP address of the Des...

Page 1691: ...Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode interface detail Mode User Exec and Privileged Exec Output Figure 36 5 Example output from the show...

Page 1692: ...Exec and Privileged Exec Example To show detailed PIM SM information for all PIM SM configured VLAN interfaces use the command awplus show ip pim sparse mode local members Output Figure 36 6 Example...

Page 1693: ...xec Usage Note that when a feature license is enabled the output for the show ip pim sparse mode mroute command will only show 32 interfaces because of the terminal display width limit Use the show ip...

Page 1694: ...sparse mode mroute Related Commands show ip pim sparse mode mroute detail awplus show ip pim sparse mode mroute IP Multicast Routing Table RP Entries 0 G Entries 1 S G Entries 0 S G rpt Entries 0 FCR...

Page 1695: ...dress detail show ip pim sparse mode mroute group address source address detail show ip pim sparse mode mroute source address group address detail Usage Based on the group and source address the outpu...

Page 1696: ...ommand IP Multicast Routing Table RP Entries 0 G Entries 4 S G Entries 0 S G rpt Entries 0 FCR Entries 0 224 0 1 24 Uptime 00 06 42 RP 0 0 0 0 RPF nbr None RPF idx None Upstream State JOINED SPT Switc...

Page 1697: ...output from the show ip pim sparse mode neighbor command Figure 36 11 Example output from the show ip pim sparse mode neighbor interface detail command Parameter Description interface Interface name...

Page 1698: ...Nexthop Nexthop Nexthop Metric Pref Refcnt Num Addr Ifindex Name ____________________________________________________________________________ 10 10 0 9 RS 1 0 0 0 0 4 0 0 1 Table 2 Parameters in outpu...

Page 1699: ...lowing command displays the current packet receive counts for PIM sparse mode awplus configure terminal awplus config show ip pim sparse mode statistics Output Figure 36 13 Example output from show ip...

Page 1700: ...ing command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode rp hash group addr Mode User Exec and Privileged Exec Example aw...

Page 1701: ...filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode rp mapping Mode Privileged Exec Example awplus...

Page 1702: ...Version 5 4 7 1 x PIM SM COMMANDS UNDEBUG ALL PIM SPARSE MODE undebug all pim sparse mode Overview Use this command to disable all PIM SM debugging Syntax undebug all pim sparse mode Mode Privileged...

Page 1703: ...Multicast addresses showncanbederivedfromIPv6unicastprefixes as per RFC 3306 The IPv6 unicast prefix reserved for documentation is 2001 0db8 32 as per RFC 3849 Using the base 32 prefix the IPv6 multic...

Page 1704: ...pv6 pim neighbor filter on page 1730 ipv6 pim register rate limit on page 1731 ipv6 pim register rp reachability on page 1732 ipv6 pim register source on page 1733 ipv6 pim register suppression on pag...

Page 1705: ...w ipv6 pim sparse mode neighbor on page 1756 show ipv6 pim sparse mode nexthop on page 1757 show ipv6 pim sparse mode rp hash on page 1758 show ipv6 pim sparse mode rp mapping on page 1759 show ipv6 p...

Page 1706: ...dynamicIPv6multicastroutes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Synt...

Page 1707: ...IPv6multicastroutes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clea...

Page 1708: ...over from previous static IPv6 multicast routes Syntax clear ipv6 pim sparse mode bsr rp set Mode Privileged Exec Usage For multicast clients note that one router will be automatically or statically...

Page 1709: ...configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode all awplus configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode events...

Page 1710: ...e packet awplus show debugging ipv6 pim sparse mode PIM SMv6 debugging status PIM event debugging is on PIM MFC debugging is off PIM state debugging is on PIM packet debugging is on PIM Hello HT timer...

Page 1711: ...igure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode packet in awplus configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode packe...

Page 1712: ...m ipv6 sparse mode timer register rst Parameter Description assert Enable or disable debugging for the Assert timers at Enable or disable debugging for the Assert Timer bsr Enable or disable debugging...

Page 1713: ...ommand awplus config debug ipv6 pim sparse mode timer hello ht To enable debugging for the PIM SMv6 Joinprune expiry timer use the command awplus debug ipv6 pim sparse mode timer joinprune et To disab...

Page 1714: ...which only one receiver endpoint is chosen Anycast is often implemented using BGP to simultaneously advertise the same destination IPv6 address range from many sources resulting in packets addressed t...

Page 1715: ...x PIM SMV6 COMMANDS IPV6 PIM ANYCAST RP The following example shows how to remove the Anycast RP in the RP set specifying only the anycast RP address with no ipv6 pim anycast rp but not specifying th...

Page 1716: ...ace Configure an interface bordering another PIM SMv6 domain with this command to avoid BSR messages from being exchanged between the two PIM SMv6 domains BSR messages should not be exchanged between...

Page 1717: ...to be the PIM SMv6 domain border awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface ppp0 awplus config if ipv6 enable awplus config if...

Page 1718: ...lus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 pim bsr candidate vlan2 20 30 To withdraw the address of vlan2 from being offered as a BSR...

Page 1719: ...0V 1719 AlliedWare Plus Operating System Version 5 4 7 1 x PIM SMV6 COMMANDS IPV6 PIM BSR CANDIDATE To withdraw the address of ppp0 from being offered as a BSR candidate enter awplus configure termina...

Page 1720: ...perate with older Cisco IOS versions Use the no variant of this command to disable this option Syntax ipv6 pim cisco register checksum no ipv6 pim cisco register checksum Default This command is disab...

Page 1721: ...riant of this command to revert to the default settings Syntax ipv6 pim crp cisco prefix no ipv6 pim crp cisco prefix Mode Global Configuration Usage Cisco s BSR code does not conform to the latest BS...

Page 1722: ...configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 pim dr priority 11234 To disable...

Page 1723: ...7 1 x PIM SMV6 COMMANDS IPV6 PIM DR PRIORITY To disable the Designated Router priority value for the PPP interface ppp0 apply the commands as shown below awplus configure terminal awplus config inter...

Page 1724: ...id no ipv6 pim exclude genid Default By default this command is disabled the GenID option is included Mode Interface Configuration for a VLAN interface or a PPP interface Examples awplus configure ter...

Page 1725: ...commands awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 pim ext srcs dire...

Page 1726: ...me the hello interval is updated the hello holdtime is also updated according to the following rules If the hello holdtime is not configured or if the hello holdtime is configured and less than the cu...

Page 1727: ...d the hello holdtime is not configured or when the configured hello holdtime value is less than the new hello interval value the holdtime value is modified to the 3 5 hello interval Otherwise the hell...

Page 1728: ...hanism for RP selection Use the no variant of this command to disable this setting Syntax ipv6 pim ignore rp set priority no ipv6 pim ignore rp set priority Mode Global Configuration Usage This comman...

Page 1729: ...eighbors Use the no variant of this command to return the PIM SMv6 join prune timer to its default value of 210 seconds Syntax ipv6 pim jp timer 1 65535 no ipv6 pim jp timer 1 65535 Default The defaul...

Page 1730: ...if denied by the filtering IPv6 access list Use the no variant of this command to disable this function Syntax ipv6 pim neighbor filter IPv6 accesslist no ipv6 pim neighbor filter IPv6 accesslist Def...

Page 1731: ...command to remove the limit and reset to the default rate limit Syntax ipv6 pim register rate limit 1 65535 no ipv6 pim register rate limit Mode Global Configuration Default The default is 0 as reset...

Page 1732: ...is no checking for RP reachability Use the no variant of this command to disable this processing Syntax ipv6 pim register rp reachability no ipv6 pim register rp reachability Default This command is...

Page 1733: ...y the RP to send corresponding Register Stop messages in response It is normally the local loopback IPv6 interface address but can also be a physical IPv6 address This IPv6 addressmustbeadvertised byu...

Page 1734: ...suppression Mode Global Configuration Default The default PIM SMv6 register suppression time is 60 seconds and is restored with the no variant of this command Usage Configuring this value modifies reg...

Page 1735: ...red statically are both available for a group range then the RP address configured through BSR is chosen over the statically configured RP address If multiple static RPs are available for a group rang...

Page 1736: ...50186 01 Rev B Command Reference for AR2050V 1736 AlliedWare Plus Operating System Version 5 4 7 1 x PIM SMV6 COMMANDS IPV6 PIM RP ADDRESS Related commands ipv6 pim rp candidate ipv6 pim rp register...

Page 1737: ...mand ipv6 pim rp candidate interface without optional priority interval or grouplist parameters will configure the candidate RP with a priority value of 192 Examples To specify a priority of 3 use the...

Page 1738: ...is enabled by default use the no variant of this command to disable the default Syntax ipv6 pim rp embedded no ipv6 pim rp embedded Mode Global Configuration Default Embedded RP is enabled by default...

Page 1739: ...v6 KAT timer to its default value of 210 seconds Syntax ipv6 pim rp register kat 1 65535 no ipv6 pim rp register kat Mode Global Configuration Default The default PIM SMv6 KAT timer value is 210 secon...

Page 1740: ...n for a VLAN interface or a PPP interface Examples awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enab...

Page 1741: ...interface or a PPP interface Usage Passive mode essentially stops PIM SMv6 transactions on the interface allowing only the MLD mechanism to be active Examples awplus configure terminal awplus config i...

Page 1742: ...NOTE The switching to SPT happens either at the receiving of the first data packet or not at all it is not rate based Syntax ipv6 pim spt threshold no ipv6 pim spt threshold Mode Global Configuration...

Page 1743: ...to disable the SSM range Syntax ipv6 pim ssm default no ipv6 pim ssm Default By default the command is disabled Mode Global Configuration Usage Any G or S G rpt joins received for multicast groups ad...

Page 1744: ...ce Configuration for a VLAN interface Default Unicast BSM is disabled by default on an interface Usage This command provides backward compatibility with older versions of the Boot Strap Router BSR spe...

Page 1745: ...sparse mode Figure 37 2 Example output from the show debugging ipv6 pim sparse mode command Related commands debug ipv6 pim sparse mode undebug ipv6 pim sparse mode awplus show debugging ipv6 pim spar...

Page 1746: ...sparse mode bsr router Mode User Exec and Privileged Exec Example To display the BSR IPv6 address use the command awplus show ipv6 pim sparse mode bsr router Output Figure 37 3 Example output from the...

Page 1747: ...de User Exec and Privileged Exec Examples To display information about all PIM SMv6 interfaces use the command awplus show ipv6 pim sparse mode interface awplus show ipv6 pim sparse mode interface Int...

Page 1748: ...ce for AR2050V 1748 AlliedWare Plus Operating System Version 5 4 7 1 x PIM SMV6 COMMANDS SHOW IPV6 PIM SPARSE MODE INTERFACE Related commands ipv6 pim sparse mode show ipv6 pim sparse mode rp mapping...

Page 1749: ...ample To show detailed PIM SMv6 information for all PIM SMv6 configured interfaces use the command awplus show ipv6 pim sparse mode interface detail Output Figure 37 4 Example output from the show ipv...

Page 1750: ...erview and Configuration Guide Syntax show ipv6 pim sparse mode local members interface Mode User Exec and Privileged Exec Example To show detailed PIM SMv6 information for all PIM SMv6 configured VLA...

Page 1751: ...ersion 5 4 7 1 x PIM SMV6 COMMANDS SHOW IPV6 PIM SPARSE MODE LOCAL MEMBERS Output Figure 37 6 Example output from the show ipv6 pim sparse mode local members vlan1 command awplus show ipv6 pim sparse...

Page 1752: ...ipv6 pim sparse mode mroute source IPv6 address group IPv6 address Mode User Exec and Privileged Exec Usage Note that when a feature license is enabled the output for the show ipv6 pim sparse mode mro...

Page 1753: ...Entries 0 G Entries 2 S G Entries 0 S G rpt Entries 0 FCR Entries 2 ff0x db8 0 0 96 RP 3ffe 10 10 5 153 RPF nbr fe80 202 b3ff fed4 69fe RPF idx wm0 Upstream State JOINED Local l Joined Asserted FCR So...

Page 1754: ...tput see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 pim sparse mode mroute source IPv6 address detail Usage Based on the group and source IPv6 a...

Page 1755: ...Pv6 Multicast Routing Table RP Entries 0 G Entries 1 S G Entries 0 S G rpt Entries 0 FCR Entries 0 ff13 10 Uptime 00 00 09 RP RPF nbr None RPF idx None Upstream State JOINED SPT Switch Enabled JT off...

Page 1756: ...t from the show ipv6 pim sparse mode neighbor command Figure 37 10 Example output from the show ipv6 pim sparse mode neighbor interface detail command Parameter Description interface Interface name e...

Page 1757: ...Nexthop Nexthop Nexthop Nexthop Metric Pref Refcnt Num Addr Ifindex Name _____________________________________________________________________________________ 3ffe 10 10 5 153 RS 1 fe80 20e cff fe01 f...

Page 1758: ...etting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 pim sparse mode rp hash IPv6 group addr Mode User Exec and Privileged Exec Example awplus show ipv6 pim sp...

Page 1759: ...and output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 pim sparse mode rp mapping Mode User Exec and Privileged Exec Example awplus show ipv6...

Page 1760: ...display next hop RP information entered in the form X X X X awplus show ipv6 pim sparse mode rp nexthop 3ffe 10 10 5 153 Flags N New R RP S Source U Unreachable Destination Type Nexthop Nexthop Nextho...

Page 1761: ...IM SMV6 COMMANDS SHOW IPV6 PIM SPARSE MODE RP NEXTHOP Metric The metric of the route towards the destination Preference The preference of the route towards destination Refcnt Only used for debugging T...

Page 1762: ...1 x PIM SMV6 COMMANDS UNDEBUG ALL IPV6 PIM SPARSE MODE undebug all ipv6 pim sparse mode Overview Use this command to disable all PIM SMv6 debugging Syntax undebug all ipv6 pim sparse mode Mode Privil...

Page 1763: ...g ipv6 pim sparse mode all awplus configure terminal awplus config terminal monitor awplus config undebug ipv6 pim sparse mode events awplus configure terminal awplus config terminal monitor awplus co...

Page 1764: ...arse mode PIM SMv6 debugging status PIM event debugging is off PIM MFC debugging is off PIM state debugging is off PIM packet debugging is off PIM Hello HT timer debugging is off PIM Hello NLT timer d...

Page 1765: ...C613 50186 01 Rev B Command Reference for AR2050V 1765 AlliedWare Plus Operating System Version 5 4 7 1 x Part 5 Access and Security...

Page 1766: ...ug traffic control on page 1774 interface traffic control on page 1775 l3 filtering enable on page 1776 move rule traffic control on page 1777 policy traffic control on page 1778 red curve on page 178...

Page 1767: ...rsion 5 4 7 1 x TRAFFIC CONTROL COMMANDS sub class htb on page 1798 sub class priority on page 1800 sub class wrr on page 1802 sub sub class htb on page 1804 sub sub class priority on page 1806 sub su...

Page 1768: ...of the class cir committed rate Set the Committed Information Rate CIR for the queue This parameter is compulsory when creating a new class When editing an existing class this parameter is optional pi...

Page 1769: ...To configure a class with a sub sub class as the leaf class use the commands awplus configure terminal awplus config traffic control awplus config tc policy p01 htb awplus config tc policy class c01...

Page 1770: ...policy is specified this command uses the Traffic Control Class mode to apply it Parameter Description class name Name of the class priority level 0 15 Set the priority level 15 is the highest This pa...

Page 1771: ...c policy class c01 priority level 5 sub class policy priority awplus config tc class sub class s01 priority level 7 sub sub class policy priority awplus config tc subclass sub sub class ss01 priority...

Page 1772: ...with the specified name the command will replace the configuration of the existing class if it does not have any sub classes If a sub class policy is specified this command uses the Traffic Control C...

Page 1773: ...1 wrr awplus config tc policy class c01 weight 50 sub class policy wrr awplus config tc class sub class s01 weight 30 sub sub class policy wrr awplus config tc subclass sub sub class ss01 weight 5 que...

Page 1774: ...nformation to be logged and available using the show debugging traffic control Use the no variant of this command to disable traffic control debugging Syntax debug traffic control no debug traffic con...

Page 1775: ...terminal awplus config traffic control awplus config tc interface eth1 overhead ethernet virtual bandwidth 10mbit system bandwidth 1 Related Commands show running config traffic control show traffic c...

Page 1776: ...for bridged traffic on a bridge interface Syntax l3 filtering enable no l3 filtering enable Default Traffic control is disabled by default for bridged traffic Mode Interface mode for a bridge interfac...

Page 1777: ...x move rule 1 65535 to 1 65535 Default None Mode Traffic Control Example To change rule ID 10 to rule ID 25 use the commands awplus cofigure terminal awplus config traffic control awplus config tc mov...

Page 1778: ...level queueing discipline which determines the type of classes that can be configured under the policy This command uses the Traffic Control Policy mode Examples To configure a policy use the command...

Page 1779: ...mand Reference for AR2050V 1779 AlliedWare Plus Operating System Version 5 4 7 1 x TRAFFIC CONTROL COMMANDS POLICY TRAFFIC CONTROL sub class priority sub class wrr sub sub class htb sub sub class prio...

Page 1780: ...rminal awplus config traffic control awplus config tc red curve red ecn ecn Parameter Description red curve name The RED curve name limit 4 127 The hard queue length limit in packets for the RED curve...

Page 1781: ...commands awplus configure terminal awplus config traffic control awplus config tc red curve aggressive min 5 max 50 probability 70 Related Commands class htb class priority class wrr show traffic con...

Page 1782: ...le order by using the move rule traffic control command Parameter Description 1 65535 The rule ID is an integer in the range from 1 to 65535 If you do not designate a rule ID one will be automatically...

Page 1783: ...c is high priority traffic that is allocated a fixed amount of bandwidth on an interface Use the interface traffic control command to configure system bandwidth on an interface Examples To configure a...

Page 1784: ...lay the status of traffic control debugging Syntax show debugging traffic control Default None Mode Privileged Exec Example To show if traffic control debugging is on or off run the command awplus sho...

Page 1785: ...trol policy A wrr class B5001 weight 30 class B5002 weight 60 policy P priority class P10 priority level 10 max 5mbit class P3 priority level 3 max 8mbit sub class policy htb sub class H cir 3mbit bc...

Page 1786: ...C613 50186 01 Rev B Command Reference for AR2050V 1786 AlliedWare Plus Operating System Version 5 4 7 1 x TRAFFIC CONTROL COMMANDS SHOW RUNNING CONFIG TRAFFIC CONTROL traffic control...

Page 1787: ...ll interfaces with traffic control policies applied is displayed Syntax show traffic countrol counters interface name Default None Mode Privileged Exec Examples To show the traffic control counters fo...

Page 1788: ...config traffic control Interface eth2 Class Counter Bytes Packets A Sent 58681224 232862 Currently Queued 0 383 Dropped 1039845 A B5001 Sent 10671444 42347 Currently Queued 32004 128 Dropped 164954 A...

Page 1789: ...to traffic control Syntax show traffic control interface interface name Default None Mode Privileged Exec Examples To show traffic control information for all interfaces use the command awplus show t...

Page 1790: ...control show running config traffic control vlan10 Policy Default policy Virtual bandwidth Not set optional Packet overhead 0 Bytes vlan3 Policy Default policy Virtual bandwidth Not set optional Pack...

Page 1791: ...olicies are displayed Syntax show traffic control policy policy name Default None Mode Privileged Exec Examples To show all traffic control policies use the command awplus show traffic control policy...

Page 1792: ...ucket Type htb Applied interfaces None Classes Class A Committed rate CIR 5000kbit Peak rate PIR 6000kbit Preference 2 Class B Committed rate CIR 2000kbit Peak rate PIR 4000kbit Burst Bc 100000B Exces...

Page 1793: ...awplus show traffic control red curve To show a specified red curve called TCP_session_1 use the command awplus show traffic control red curve TCP_session_1 Output Figure 38 6 Example output from show...

Page 1794: ...rom show traffic control red curve TCP_session_1 Related Commands red curve show running config show running config traffic control show traffic control policy awplus show traffic control red curve TC...

Page 1795: ...id the show traffic control rule config check command will print the reasonswhy therule is invalid Information is onlyshown forinvalidrules If allrules are valid a message will be printed showing all...

Page 1796: ...ng traffic will be sent to Examples To show a list of all traffic control rules configured use the command awplus show traffic control rule To show traffic control rule 10 configured use the command a...

Page 1797: ...e This command shows if traffic control is enabled how many rules are configured and how many interfaces have a virtual bandwidth applied Example To show an overview of the status of the traffic contr...

Page 1798: ...n class name Name of the class cir committed rate Set the Committed Information Rate CIR for the queue Specified in kbit mbit gbit per second 1kbit 100gbit This parameter is compulsory when creating a...

Page 1799: ...l awplus config tc policy p01 htb awplus config tc policy class c01 cir 100mbit pir 150mbit sub class policy htb wplus config tc class sub class s02 cir 20mbit queue length 200 red curve s02 red To en...

Page 1800: ...ll replace the configuration of the existing sub class if it does not have any sub sub classes If a sub sub class policy is specified this command uses the Traffic Control Class mode to apply it Param...

Page 1801: ...50mbit queue length 200 red curve ss01 red To enter Traffic Control Class mode for an existing sub class use the commands awplus configure terminal awplus config traffic control awplus config tc poli...

Page 1802: ...name the command will replace the configuration of the existing class if it does not have any sub classes If a sub class policy is specified this command uses the Traffic Control Class mode to apply i...

Page 1803: ...ht 40 queue length 200 red curve s02 red To enter Traffic Control Class mode for an existing sub class use the commands awplus configure terminal awplus config traffic control awplus config tc policy...

Page 1804: ...s command will replace the configuration of the existing sub sub class Parameter Description class name Name of the sub sub class cir committed rate Set the Committed Information Rate CIR for the queu...

Page 1805: ...mands awplus configure terminal awplus config traffic control awplus config tc policy p01 htb awplus config tc policy class c01 cir 100mbit pir 150mbit sub class policy htb awplus config tc class sub...

Page 1806: ...will replace the configuration of the existing sub sub class Examples To configure a sub sub class use the commands awplus configure terminal awplus config traffic control awplus config tc policy p01...

Page 1807: ...vel 5 sub class policy priority awplus config tc class sub class s01 priority level 7 sub sub class policy priority awplus config tc subclass sub sub class ss01 priority level 3 max 5mbit queue length...

Page 1808: ...e existing sub sub class Examples To configure a sub sub class as a leaf class use the commands awplus configure terminal awplus config traffic control awplus config tc policy p01 wrr awplus config tc...

Page 1809: ...ht 50 sub class policy wrr awplus config tc class sub class s01 weight 30 sub sub class policy wrr awplus config tc subclass sub sub class ss01 weight 5 queue length 200 red curve ss01 red To delete a...

Page 1810: ...affic control is enabled and no rules are added a default queueing discipline is applied to all interfaces that support traffic control You can use the policy command to configure traffic control poli...

Page 1811: ...ode you can enable or disable traffic control create and delete traffic control policies create move and delete rules for traffic control set and unset packet overhead system bandwidth and virtual ban...

Page 1812: ...RAFFIC CONTROL show running config traffic control show traffic control show traffic control counters show traffic control interface show traffic control policy show traffic control rule show traffic...

Page 1813: ...e 1819 auth max supplicant on page 1821 auth profile Global Configuration on page 1823 auth profile Interface Configuration on page 1824 auth reauthentication on page 1825 auth supplicant ip on page 1...

Page 1814: ...ge 1859 auth web server page welcome message on page 1860 auth web server ping poll enable on page 1861 auth web server ping poll failcount on page 1862 auth web server ping poll interval on page 1863...

Page 1815: ...ystem Version 5 4 7 1 x AUTHENTICATION COMMANDS show auth statistics interface on page 1883 show auth supplicant on page 1884 show auth supplicant interface on page 1887 show auth web server on page 1...

Page 1816: ...ode Examples To enable the critical port feature on interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if auth critical To disable the criti...

Page 1817: ...awplus configure terminal awplus config interface eth1 awplus config if auth host mode multi supplicant Parameter Description single host Single host mode In this mode only one host may be authorized...

Page 1818: ...f no auth host mode To set the host mode to multi supplicant on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile...

Page 1819: ...to interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if auth log auth web failure To configure the logging of web authentication failures t...

Page 1820: ...sable the logging of all types of authentication log messages to the log file for supplicants client devices connected to authentication profile student use the commands awplus configure terminal awpl...

Page 1821: ...ples To set the maximum number of supplicants to 10 on interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if auth max supplicant 10 To reset...

Page 1822: ...01 Rev B Command Reference for AR2050V 1822 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH MAX SUPPLICANT Related Commands auth profile Global Configuration show runn...

Page 1823: ...port authentication profiles are created by default Mode Global Configuration Usage A port authentication profile is a configuration object that aggregates multiple port authentication commands These...

Page 1824: ...ge This command attaches a authentication profile created using the auth profile Global Configuration command to an Ethernet port You can only attach one profile to an interface at a time use the no v...

Page 1825: ...uthentication on interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if auth reauthentication To disable reauthentication on interface eth1 u...

Page 1826: ...ntry in A B C D P format max reauth req The number of reauthentication attempts before becoming unauthorized 1 10 Count of reauthentication attempts default 2 port control Port control commands auto A...

Page 1827: ...interface eth1 use the commands awplus configure terminal awplus config interface eth1 awplus config if no auth supplicant ip 192 168 10 0 24 To disable reauthentication for the supplicant s IP addres...

Page 1828: ...The mask comprises a string of three period separated bytes where each byte comprises four hexadecimal characters that will generally be either 1or 0 When the mask is applied to a specific MAC addres...

Page 1829: ...andthen toforceauthorizedportcontrol for interface eth1 use the commands awplus configure terminal awplus config interface eth1 awplus config if auth supplicant mac 0000 5E00 0000 mask ffff ff00 0000...

Page 1830: ...0000 5E00 5343 port control force authorized To delete the supplicant MAC address 0000 5E00 5343 for authentication profile student use the commands awplus configure terminal awplus config auth profi...

Page 1831: ...ect timeout period to 3600 seconds for interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if auth timeout connect timeout 3600 To reset the...

Page 1832: ...nds for interface eth1 use the commands awplus configure terminal awplus config interface eth1 awplus config if auth timeout quiet period 10 To reset the quiet period to the default 60 seconds for int...

Page 1833: ...Authentication Profile mode Examples To set the reauthentication period to 1 day for interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if...

Page 1834: ...nd Reference for AR2050V 1834 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH TIMEOUT REAUTH PERIOD Related Commands auth profile Global Configuration auth reauthentica...

Page 1835: ...commands awplus configure terminal awplus config interface eth1 awplus config if auth timeout server timeout 120 To set the server timeout to the default 30 seconds for interface eth1 use the followin...

Page 1836: ...list name no auth web accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list example_acct on the eth1 interface use the co...

Page 1837: ...th web authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list example_auth on the eth1 interface use the commands awpl...

Page 1838: ...mmand are both configured you need to configure a firewall rule to allow Auth web traffic to pass through thefirewall Web authuses TCP ports8081 8082 8083 and 8084 You can create a firewall rule like...

Page 1839: ...ION COMMANDS AUTH WEB ENABLE To disable Web authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no...

Page 1840: ...o auth web forward ip address ip address prefix length dns tcp 1 65535 udp 1 65535 Or no auth web forward arp dhcp dns tcp 1 65535 udp 1 65535 Default Packet forwarding for port authentication is enab...

Page 1841: ...37 on interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if no auth web forward tcp 137 To delete the all of TCP forwarding on interface eth...

Page 1842: ...tudent use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth web forward tcp 137 To delete all tcp forwarding on authentication profile stude...

Page 1843: ...Syntax auth web idle timeout enable no auth web idle timeout enable Default The idle timeout is disabled by default Mode Interface Mode and Auth Profile Example To enable the idle timeout on an interf...

Page 1844: ...efault setting 3600 seconds Syntax auth web idle timeout timeout 420 86400 no auth web idle timeout timeout Default The timeout is 3600 seconds by default Mode Interface Mode and Auth Profile Example...

Page 1845: ...n Ethernet port or Authentication Profile mode Examples To set the lock count to 5 on interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if...

Page 1846: ...r AR2050V 1846 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH WEB MAX AUTH FAIL Related Commands auth profile Global Configuration auth timeout quiet period show auth...

Page 1847: ...e Example To set the Web Authentication method to eap md5 on interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if auth web method eap md5 T...

Page 1848: ...tion Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together You canno...

Page 1849: ...e the AAA and Port Authentication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancemen...

Page 1850: ...to use WPAD the supplicant s web browser will use TCP port 80 as usual Therefore the packet can be intercepted by Web Authentication as normal and the Web Authentication Login page can be sent However...

Page 1851: ...S protocol the web browser will validate the certificate If the certificate is invalid the web page gives a warning message before displaying server content However the web page will not give warning...

Page 1852: ...rt number In this case Web Authentication cannot intercept the connection To overcome this limitation you can use this command to tell the switch which additional port it should intercept and then sen...

Page 1853: ...eb server ipaddress ip address no auth web server ipaddress Default The Web Authentication server address on the system is not set by default Mode Global Configuration Examples To set the IP address 1...

Page 1854: ...glish by default Mode Global Configuration Examples To set Japanese as the presentation language of Web authentication pages use the following commands awplus configure terminal awplus config auth web...

Page 1855: ...figuration Guide for details Use the no variant of this command to delete the URL Syntax auth web server login url URL no auth web server login url Default The built in login page is set by default Mo...

Page 1856: ...Port Authentication Feature Overview and Configuration Guide Syntax auth web server page logo auto default hidden no auth web server page logo Default Logo type is auto by default Mode Global Configu...

Page 1857: ...Overview and Configuration Guide Syntax auth web server page sub title hidden text sub title no auth web server page sub title Default Allied Telesis is displayed by default Mode Global Configuration...

Page 1858: ...Port Authentication Feature Overview and Configuration Guide Syntax auth web server page success message text success message no auth web server page success message Default No success message is set...

Page 1859: ...yntax auth web server page title hidden text title no auth web server page title Default Web Access Authentication Gateway is displayed by default Mode Global Configuration Examples To set the custom...

Page 1860: ...nd Port Authentication Feature Overview and Configuration Guide Syntax auth web server page welcome message text welcome message no auth web server page welcome message Default No welcome message is s...

Page 1861: ...icated by Web Authentication Syntax auth web server ping poll enable no auth web server ping poll enable Default The ping polling feature for Web Authentication is disabled by default Mode Global Conf...

Page 1862: ...the no variant of this command to resets the fail count for the ping polling feature to the default 5 pings Syntax auth web server ping poll failcount 1 100 no auth web server ping poll failcount Def...

Page 1863: ...polling 30 seconds Syntax auth web server ping poll interval 1 65535 no auth web server ping poll interval Default The interval for ping polling is 30 seconds by default Mode Global Configuration Exa...

Page 1864: ...variant of this command to reset the reauth timer refresh parameter to the default setting disabled Syntax auth web server ping poll reauth timer refresh no auth web server ping poll reauth timer ref...

Page 1865: ...set the timeout of ping polling to the default 1 second Syntax auth web server ping poll timeout 1 30 no auth web server ping poll timeout Default The default timeout for ping polling is 1 second Mode...

Page 1866: ...thentication server HTTP port number is set to 80 by default Mode Global Configuration Examples To set the HTTP port number 8080 for the Web Authentication server use the following commands awplus con...

Page 1867: ...b server redirect delay time Default The default redirect delay time is 5 seconds Mode Global Configuration Examples To set the delay time to 60 seconds for the Web Authentication server use the follo...

Page 1868: ...x auth web server redirect url url no auth web server redirect url Default The redirect URL for the Web Authentication server feature is not set by default null Mode Global Configuration Examples To e...

Page 1869: ...disabled by default Mode Global Configuration Usage This function doesn t ensure to keep session information in all cases Authenticated supplicant may be redirected to unexpected page when session ke...

Page 1870: ...ax auth web server ssl no auth web server ssl Default HTTPS functionality for the Web Authentication server feature is disabled by default Mode Global Configuration Examples To enable HTTPS functional...

Page 1871: ...iant of this command to delete registered port number Syntax auth web server ssl intercept port 1 65535 no auth web server ssl intercept port 1 65535 Default 443 TCP is registered by default Mode Glob...

Page 1872: ...configuration PAC file to your switch The Web Authentication supplicant can get the downloaded file from the system web server Syntax copy filename proxy autoconfig file Mode Privileged Exec Example T...

Page 1873: ...in PEM Privacy Enhanced Mail format and contain the private key and the server certificate Syntax copy filename web auth https file Mode Privileged Exec Example To download the server certificate fil...

Page 1874: ...t No description configured by default Mode Authentication Profile Example To add a description to the authentication profile student use the following commands awplus configure terminal awplus config...

Page 1875: ...UTOCONFIG FILE erase proxy autoconfig file Overview Use this command to remove the proxy auto configuration file Syntax erase proxy autoconfig file Mode Privileged Exec Example To remove the proxy aut...

Page 1876: ...h https file Overview Use this command to remove the SSL server certificate for web based authentication Syntax erase web auth https file Mode Privileged Exec Example To remove the SSL server certific...

Page 1877: ...namic or LACP channel group or a switch port awplus show auth all 802 1X Port Based Authentication Enabled MAC based Port Authentication Disabled WEB based Port Authentication Enabled RADIUS server ad...

Page 1878: ...rameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g eth1 a continuous range of interfaces e g eth1 2 a com...

Page 1879: ...ified interface Syntax show auth interface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Example To display the Port based authentication status for eth...

Page 1880: ...ns in KT keyTxEnabled false critical disabled guestVlan disabled authFailVlan disabled dynamicVlanCreation disabled hostMode single host dot1x enabled protocolVersion 1 authMac disabled authWeb enable...

Page 1881: ...the command awplus show auth statistics interface eth1 To display the Port Authenticated supplicant on interface eth1 enter the command awplus show auth interface eth1 supplicant Related Commands show...

Page 1882: ...r the command awplus show auth sessionstatistics interface eth1 Output Figure 39 3 Example output from the show auth sessionstatistics command Parameter Description interface Specify ports to show int...

Page 1883: ...cified interface Syntax show auth statistics interface interface list Mode Privileged Exec Example To display Port Authentication statistics for eth1 enter the command awplus show auth statistics inte...

Page 1884: ...To display authenticated supplicant information for device with MAC address 0000 5E00 5301 enter the command awplus show auth supplicant 0000 5E00 5301 Output Figure 39 4 Example output from show auth...

Page 1885: ...start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 0 CD adminControlledDirections i...

Page 1886: ...01 Rev B Command Reference for AR2050V 1886 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS SHOW AUTH SUPPLICANT Related Commands aaa accounting auth web aaa authentication...

Page 1887: ...plicant interface interface list brief Mode Privileged Exec Examples To display the authenticated supplicant on the interface eth1 enter the command awplus show auth supplicant interface eth1 To displ...

Page 1888: ...Example output from the show auth web server command Related Commands auth web server ipaddress auth web server port auth web server redirect delay time auth web server redirect url auth web server s...

Page 1889: ...the web authentication page information use the command awplus show auth web server page Figure 39 8 Example output from the show auth web server page command Related Commands auth web forward auth w...

Page 1890: ...yntax show proxy autoconfig file Mode Privileged Exec Example To display the contents of the proxy auto configuration PAC file enter the command awplus show auth proxy autoconfig file Output Figure 39...

Page 1891: ...1897 aaa authentication auth web on page 1900 aaa authentication enable default group tacacs on page 1902 aaa authentication enable default local on page 1904 aaa authentication login on page 1905 aa...

Page 1892: ...dius secure proxy aaa on page 1922 server radsecproxy aaa on page 1923 server mutual authentication on page 1925 server name check on page 1926 server trustpoint on page 1927 show aaa local user locke...

Page 1893: ...none group group name radius no aaa accounting auth web default list name Default RADIUS accounting for Web based authentication is disabled by default Mode Global Configuration Usage This command can...

Page 1894: ...use the commands awplus configure terminal awplus config aaa accounting auth web default start stop group radius To disable the default RADIUS accounting method for Web based authentication use the c...

Page 1895: ...by default Mode Global Configuration Usage This command only supports a default method list this means that it is applied to every console and VTY line The stop only parameter indicates that the comm...

Page 1896: ...vilege levels 1 7 and 15 use the following commands awplus configure terminal awplus config aaa accounting commands 1 default stop only group tacacs awplus config aaa accounting commands 7 default sto...

Page 1897: ...ounting method list for login shell sessions configured by an aaa accounting login command If the method list being deleted is already applied to a console or VTY line accounting on that line will bed...

Page 1898: ...ame use the specified RADIUS server group configured with the aaa group server command There is one way to define servers where TACACS accounting messages are sent group tacacs use all TACACS servers...

Page 1899: ...AR2050V 1899 AlliedWare Plus Operating System Version 5 4 7 1 x AAA COMMANDS AAA ACCOUNTING LOGIN Related Commands aaa accounting commands aaa authentication login aaa accounting login accounting log...

Page 1900: ...default list name Default Web based authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a name...

Page 1901: ...entication use the commands awplus configure terminal awplus config no aaa authentication auth web default To enable Web based authentication for named list example_auth with RADIUS server group rad_g...

Page 1902: ...ed privilege level is equal to or less than the users maximum privilege level then they are granted access to that level If the user attempts to access a privilege level that is higher than their maxi...

Page 1903: ...Examples To enable a privilege level authentication method that will not allow the user to access Privileged Exec mode if the TACACS server goes offline or is not reachable during enable password auth...

Page 1904: ...n Usage The privilege level configured for a particular user in the local user database is the privilege threshold above which the user is prompted for an enable Privileged Exec mode command Examples...

Page 1905: ...efault method list This will return the default method list to its default state local is the default Syntax aaa authentication login default list name local group radius tacacs group name no aaa auth...

Page 1906: ...r user login to first use all available RADIUS servers for user login authentication and then use the local user database use the following commands awplus configure terminal awplus config aaa authent...

Page 1907: ...dius containing all RADIUS servers configured by the radius server host command Note that if the default authentication method is used all OpenVPN tunnels will use the group radius containing all RADI...

Page 1908: ...t to the first available configured TACACS server the first server configured for authorization Parameter Description privilege level The privilege level of the set of commands the method list will be...

Page 1909: ...llback is not configured and all servers become unreachable then all commands except logout exit and quit will be denied The default method list is defined with a local fallback unless configured diff...

Page 1910: ...Usage If authorization of configuration mode commands is not enabled then all configuration commands are accepted by default including command authorization commands NOTE Authorization of configurati...

Page 1911: ...RADIUS servers and to enter Server Group Configurationmode inwhich you canadd servers to thegroup Use a server groupto specify a subset of RADIUS servers in AAA commands Each RADIUS server must be co...

Page 1912: ...ration Default The default for the lockout time is 300 seconds 5 minutes Usage While locked out all attempts to login with the locked account will fail The lockout can be manually cleared by another p...

Page 1913: ...login counter reaches the limit configured by this command that user account is locked out for a specified duration configured by the aaa local authentication attempts lockout time command When a succ...

Page 1914: ...console SSH and Telnet Use the novariantof this commandtoresetthe minimumtimeperiod to itsdefault value Syntax aaa login fail delay 1 10 no aaa login fail delay 1 10 Default 1 second Mode Global conf...

Page 1915: ...ogin default login accounting is applied after issuing the no accounting login command Accounting is disabled with default Syntax accounting login default list name no accounting login Default By defa...

Page 1916: ...list with privilege level 15 to VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line authorization commands 15 TAC15 To reset the command...

Page 1917: ...ommand Reference for AR2050V 1917 AlliedWare Plus Operating System Version 5 4 7 1 x AAA COMMANDS AUTHORIZATION COMMANDS aaa authorization config commands tacacs server host Command changes Version 5...

Page 1918: ...aaa local user lockout username username all Mode Privileged Exec Examples To unlock the user account bob use the following command awplus clear aaa local user lockout username bob To unlock all user...

Page 1919: ...ounting all authentication authorization Default AAA debugging is disabled by default Mode Privileged Exec Examples To enable authentication debugging for AAA use the command awplus debug aaa authenti...

Page 1920: ...Default The default login authentication method list as specified by the aaa authentication login command is used to authenticate user login If this has not been specified the default is to use the l...

Page 1921: ...roxy port Default The default port is 1645 Mode RadSecProxy AAA Configuration Mode Usage It is not necessary to change the value from the default unless UDP port 1645 is required for another purpose R...

Page 1922: ...uration mode This application allows local RADIUS based clients on system to communicate with remote RadSec servers via a secure TLS proxy Syntax radius secure proxy aaa Mode Global Configuration Mode...

Page 1923: ...value for RADIUS servers will be used The global timeout may be changed using the radius server timeout command The default global timeout is 5 seconds Each server may be configured to use certificate...

Page 1924: ...ER RADSECPROXY AAA Example To add a server which waits 3 seconds before receiving replies use the commands awplus configure terminal awplus config radius secure proxy aaa awplus config radsecproxy aaa...

Page 1925: ...g the RadSecProxy AAA application to not transmit a certificate to the server NOTE Ifmutualauthenticationisdisabledontheclient AAA applicationbutenabled on the server a connection will not be establis...

Page 1926: ...ject field of the client s X 509 certificate must match the domain name or IP address specified in the server radsecproxy aaa command Use the no variant of this command to set the global behavior for...

Page 1927: ...ver must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustp...

Page 1928: ...C613 50186 01 Rev B Command Reference for AR2050V 1928 AlliedWare Plus Operating System Version 5 4 7 1 x AAA COMMANDS SERVER TRUSTPOINT server radsecproxy aaa server name check...

Page 1929: ...ed account successfully logs into the system after waiting for the lockout time this command will display nothing for that particular account Syntax show aaa local user locked Mode User Exec and Privi...

Page 1930: ...ation on a device use the command awplus aaa server group Output Figure 40 2 Example output from aaa server group Related Commands aaa accounting auth web aaa authentication auth web awplus show aaa s...

Page 1931: ...plays the current debugging status for AAA Authentication Authorization Accounting Syntax show debugging aaa Mode User Exec and Privileged Exec Example To display the current debugging status of AAA u...

Page 1932: ...groups use the command awplus show radius server group To display a information for a RADIUS server group named rad_group_list1 use the command awplus show radius server group rad_group_list1 Output F...

Page 1933: ...S SERVER GROUP Figure 40 5 Example output from show radius server group rad_group_list1 Related Commands aaa group server awplus show radius server group rad_group_list1 RADIUS Group Configuration Gro...

Page 1934: ...6 01 Rev B Command Reference for AR2050V 1934 AlliedWare Plus Operating System Version 5 4 7 1 x AAA COMMANDS UNDEBUG AAA undebug aaa Overview This command applies the functionality of the no debug aa...

Page 1935: ...tion see the RADIUS Feature Overview and Configuration Guide Command List deadtime RADIUS server group on page 1936 debug radius on page 1937 ip radius source interface on page 1938 radius server dead...

Page 1936: ...IUS server is set to 0 minutes by default Syntax deadtime 0 1440 no deadtime Default The deadtime is set to 0 minutes by default Mode Server Group Configuration Usage If the RADIUS server does not res...

Page 1937: ...l Default RADIUS debugging is disabled by default Mode Privileged Exec Examples To enable debugging for RADIUS packets use the command awplus debug radius packet To enable debugging for RADIUS events...

Page 1938: ...ius source interface interface ip address no ip radius source interface Default Source IP address of outgoing RADIUS packets depends on the interface the packets leave Mode Global Configuration Exampl...

Page 1939: ...lt RADIUS deadtime configured on the system is 0 seconds Mode Global Configuration Usage The RADIUS client considers a RADIUS server to be dead if it fails to respond to a request after it has been re...

Page 1940: ...5535 auth port 0 65535 key key string retransmit 0 100 timeout 1 1000 no radius server host host name ip address acct port 0 65535 auth port 0 65535 Parameter Description host name Server host name Th...

Page 1941: ...time interval in seconds to wait for the RADIUS server to reply before retransmitting a request or considering the server dead This setting overrides the global value set by the radius server timeout...

Page 1942: ...DIUS server 10 0 0 20 use the following commands awplus configure terminal awplus config no radius server host 10 0 0 20 To configure rad1 company com for authentication only use the following command...

Page 1943: ...al secret key shared between this client and its RADIUS servers If no secret key is specified for a particular RADIUS server using the radius server host c ommand this global key is used After enablin...

Page 1944: ...t RADIUS retransmit count on the device is 3 Mode Global Configuration Examples To set the RADIUS retransmit count to 1 use the following commands awplus configure terminal awplus config radius server...

Page 1945: ...3 50186 01 Rev B Command Reference for AR2050V 1945 AlliedWare Plus Operating System Version 5 4 7 1 x RADIUS COMMANDS RADIUS SERVER RETRANSMIT Related Commands radius server deadtime radius server ho...

Page 1946: ...5 seconds Mode Global Configuration Examples To globally set the device to wait 20 seconds before retransmitting a RADIUS request to unresponsive RADIUS servers use the following commands awplus confi...

Page 1947: ...n 5 4 7 1 x RADIUS COMMANDS RADIUS SERVER TIMEOUT To reset the global timeout period for RADIUS servers to the default use the following command awplus configure terminal awplus config no radius serve...

Page 1948: ...port for accounting requests to the server To disable accounting for the server set acct port to 0 If the accounting port is missing the default port number is 1812 Use the no variant of this command...

Page 1949: ...hentication use the following commands awplus configure terminal awplus config aaa group server radius RAD_AUTH1 awplus config sg server 192 168 1 1 acct port 0 awplus config sg server 192 168 2 1 aut...

Page 1950: ...plays the current debugging status for the RADIUS servers Syntax show debugging radius Mode User Exec and Privileged Exec Example To display the current debugging status of RADIUS servers use the comm...

Page 1951: ...show radius command showing RADIUS servers Example See the sample output below showing RADIUS client status and RADIUS configuration awplus show radius RADIUS Global Configuration Source Interface not...

Page 1952: ...nterface The interface name or IP address to be used for the source address of all outgoing RADIUS packets Secret Key A shared secret key to a radius server Timeout A time interval in seconds Retransm...

Page 1953: ...been dead for Alive The server is alive Error The server is not responding Dead The server is detected as dead and it will not be used for deadtime period The time displayed in the output shows the se...

Page 1954: ...ev B Command Reference for AR2050V 1954 AlliedWare Plus Operating System Version 5 4 7 1 x RADIUS COMMANDS UNDEBUG RADIUS undebug radius Overview This command applies the functionality of the no debug...

Page 1955: ...uthentication on page 1963 client name check on page 1964 client trustpoint on page 1965 clear radius local server statistics on page 1966 copy fdb radius users to file on page 1967 copy local radius...

Page 1956: ...e 1985 server enable on page 1986 show crypto pki certificates deleted on page 1987 show crypto pki certificates local radius all users deleted on page 1988 show crypto pki certificates user deleted o...

Page 1957: ...roup If the specified attribute is already defined then it is replaced with the new value Use the no variant of this command to delete an attribute from the local RADIUS server user group Syntax attri...

Page 1958: ...use the following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute help A list of Vendor specific Attributes...

Page 1959: ...ollowing commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute Service Type 6 To delete the attribute Service Type...

Page 1960: ...abled by default Mode RADIUS Server Configuration Examples The following commands enable EAP MD5 authentication methods on the local RADIUS server awplus configure terminal awplus config radius server...

Page 1961: ...global behavior defined by client name check or no client name check will be used If name checking is enabled the Common Name portion of the subject field of the client s X 509 certificate must match...

Page 1962: ...50186 01 Rev B Command Reference for AR2050V 1962 AlliedWare Plus Operating System Version 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS CLIENT RADSECPROXY SRV client trustpoint radius secure proxy local se...

Page 1963: ...l certificate validation The local server application will still transmit the local server certificate to the client but will not expect or validate a certificate from the client Syntax client mutual...

Page 1964: ...of the subject field of the client s X 509 certificate must match the domain name or IP address specified in the client radsecproxy aaa command Use the no variant of this command to set the global be...

Page 1965: ...th the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustpoint list will be unchanged If no client trustpo...

Page 1966: ...rs the number of successful and failed logins for each local RADIUS server user Examples To clear the NAS Network Access Server statistics stored on the device use the command awplus clear radius loca...

Page 1967: ...radius user db Copy the local RADIUS server users created to the local RADIUS server nvs Copy the local RADIUS server users created to NVS memory flash Copy the local RADIUS server users created to F...

Page 1968: ...US server users from the local FDB directly to the local RADIUS server use the command awplus copy fdb radius users local radius user db To register the local RADIUS server users from the interface po...

Page 1969: ...RADIUS server user database before copying the contents of specified file Syntax copy source url local radius user db add replace Default When no copy method is specified with this command the replac...

Page 1970: ...Syntax copy local radius user db nvs flash card usb tftp scp destination url Mode Privileged Exec Example Copy the current local RADIUS server user data to http datahost user csv awplus copy local rad...

Page 1971: ...ADIUS SERVER COMMANDS CRYPTO PKI ENROLL LOCAL DELETED crypto pki enroll local deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpoint...

Page 1972: ...ROLL LOCAL LOCAL RADIUS ALL USERS DELETED crypto pki enroll local local radius all users deleted Overview This command is no longer available Please use the following command instead crypto pki enroll...

Page 1973: ...COMMANDS CRYPTO PKI ENROLL LOCAL USER DELETED crypto pki enroll local user deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpoint u...

Page 1974: ...DS CRYPTO PKI EXPORT LOCAL PEM DELETED crypto pki export local pem deleted Overview This command is no longer available Please use the crypto pki export pem command instead crypto pki export trustpoin...

Page 1975: ...KI EXPORT LOCAL PKCS12 DELETED crypto pki export local pkcs12 deleted Overview This command is no longer available Please use the crypto pki export pkcs12 command instead crypto pki export trustpoint...

Page 1976: ...SERVER COMMANDS CRYPTO PKI TRUSTPOINT LOCAL DELETED crypto pki trustpoint local deleted Overview This command is no longer available Please use the following command instead crypto pki trustpoint trus...

Page 1977: ...ev B Command Reference for AR2050V 1977 AlliedWare Plus Operating System Version 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS DEBUG CRYPTO PKI DELETED debug crypto pki deleted Overview This command is no lo...

Page 1978: ...tion Usage When both domain styles are enabled the first domain style configured has the highest priority A username login string is matched against the first domain style enabled Then if the username...

Page 1979: ...ntifier 200 with tagged frames use the commands awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awplus config radsrv group egress vlan id 200 tagged...

Page 1980: ...rmalUsers with the VLAN name vlan2 and all frames on this VLAN tagged use the commands awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awplus config...

Page 1981: ...p Syntax group user group name no group user group name Mode RADIUS Server Configuration Examples The following command creates the user group NormalUsers awplus configure terminal awplus config radiu...

Page 1982: ...ddress key nas keystring no nas ip address Mode RADIUS Server Configuration Examples The following commands add the NAS with an IP address of 192 168 1 2 to the list of clients that may send authentic...

Page 1983: ...mode This application allows remote RadSec clients to communicate with the local RADIUS server process via a secure TLS proxy Syntax radius secure proxy local server Mode Global Configuration Mode Ex...

Page 1984: ...n Example Local RADIUS Server commands are available from config radsrv configuration mode To change mode from User Exec mode to the Local RADIUS Server mode config radsrv use the commands awplus conf...

Page 1985: ...Default The default local RADIUS server UDP authentication port number is 1812 Mode RADIUS Server Configuration Examples The following commands set the RADIUS server authentication port to 10000 awpl...

Page 1986: ...local RADIUS server stops operating Syntax server enable no server enable Default The local RADIUS server is disabled by default and must be enabled for use with this command Mode RADIUS Server Config...

Page 1987: ...ion 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES DELETED show crypto pki certificates deleted Overview This command is no longer available Please use the following command inste...

Page 1988: ...4 7 1 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES LOCAL RADIUS ALL USERS DELETED show crypto pki certificates local radius all users deleted Overview This command is no longeravailabl...

Page 1989: ...g System Version 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES USER DELETED show crypto pki certificates user deleted Overview This command is no longeravailablebecause usercerti...

Page 1990: ...rsion 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI TRUSTPOINTS DELETED show crypto pki trustpoints deleted Overview This command is no longer available Please use the following command inste...

Page 1991: ...uration Guide Syntax show radius local server group user group name Mode User Exec and Privileged Exec Example The following command displays Local RADIUS server user group information awplus show rad...

Page 1992: ...ure Overview and Configuration Guide Syntax show radius local server nas ip address Mode User Exec and Privileged Exec Example The following command displays NAS information awplus show radius local s...

Page 1993: ...mmand displays Local RADIUS server statistics awplus show radius local server statistics Output Related Commands clear radius local server statistics radius server local server enable server auth port...

Page 1994: ...server user information for user Tom awplus show radius local server user Tom The following command displays all Local RADIUS server information for all users awplus show radius local server user The...

Page 1995: ...ADIUS SERVER COMMANDS SHOW RADIUS LOCAL SERVER USER Related Commands group user RADIUS server Table 8 Parameters in the output from the show radius local server user command Parameter Description User...

Page 1996: ...icant MAC address to configure the user name and user password parameters to use local RADIUS server for MAC Authentication See the AAA and Port_Authentication Feature Overview and Configuration_Guide...

Page 1997: ...igure terminal awplus config radius server local awplus config radsrv user Tom password QwerSD group NormalUsers The following commands remove user Tom from the local RADIUS server awplus configure te...

Page 1998: ...yntax vlan vid vlan name no vlan Default VLAN information is not set by default Mode RADIUS Server Group Configuration Examples The following commands set VLAN ID 200 to the group named NormalUsers aw...

Page 1999: ...01 crypto pki authenticate on page 2002 crypto pki enroll on page 2003 crypto pki enroll user on page 2004 crypto pki export pem on page 2006 crypto pki export pkcs12 on page 2007 crypto pki import pe...

Page 2000: ...t lengths are more secure but require more computation time The specified key must not already exist Example To create a key with the label example server key and a bit length of 2048 use the commands...

Page 2001: ...h zeros The specified key must exist but must not be in use for any existing server certificates A key may not be deleted if it is associated with the server certificate or server certificate signing...

Page 2002: ...ment setting is terminal then this command prompts the user to paste a certificate Privacy Enhanced Mail PEM file at the CLI terminal If the certificate is a valid selfsigned CA certificate then it wi...

Page 2003: ...command results in the direct generation of the server certificate signed by the root CA for the trustpoint If the trustpoint represents an external certificate authority then this command results in...

Page 2004: ...S server The specified trustpoint must represent a locally self signed certificate authority The private key and certificate are packaged into a PKCS 12 formatted file suitable for export using the cr...

Page 2005: ...on 5 4 7 1 x PUBLIC KEY INFRASTRUCTURE COMMANDS CRYPTO PKI ENROLL USER To enroll all local RADIUS users with the trustpoint example use the following commands awplus enable awplus crypto pki enroll ex...

Page 2006: ...Exec Usage The specified trustpoint must already exist and it must already be authenticated Example To display the PEM file for the trustpoint example to the terminal use the following commands awplu...

Page 2007: ...erver certificate and thecorrespondingprivatekey iftheserverhasbeen enrolledtothetrustpoint The command prompts for a passphrase to encrypt the private key If a RADIUS username is specified this comma...

Page 2008: ...E COMMANDS CRYPTO PKI EXPORT PKCS12 Example To export the PKCS 12 file example pk12 for the trustpoint example to the URL tftp backup use the following commands awplus enable awplus crypto pki export...

Page 2009: ...e they are proper CA certificates and that the issuer chain ends in a root CA certificate already installed for the trustpoint If there is no root CA certificate for the trustpoint i e if the trustpoi...

Page 2010: ...EY INFRASTRUCTURE COMMANDS CRYPTO PKI IMPORT PEM To import the PEM file for the trustpoint example from the URL tftp server_a use the following commands awplus enable awplus crypto pki import example...

Page 2011: ...re N is a non negative integer This operation is only valid if the server certificate does not already exist for the trustpoint i e if the server is not enrolled to the trustpoint PKCS 12 files for RA...

Page 2012: ...te the trustpoint as a local self signed certificate authority The no variant of this command destroys the trustpoint by removing all CA and server certificates associated with the trustpoint as well...

Page 2013: ...e root CA certificate Privacy Enhanced Mail PEM file at the terminal when the crypto pki authenticate command is issued It will create a Certificate Signing Request CSR file for the local server when...

Page 2014: ...any pre accepted value then the user will be prompted to verify the certificate contents and fingerprint visually This command is useful when certificates from an external certificate authority are b...

Page 2015: ...13 50186 01 Rev B Command Reference for AR2050V 2015 AlliedWare Plus Operating System Version 5 4 7 1 x PUBLIC KEY INFRASTRUCTURE COMMANDS FINGERPRINT TRUSTPOINT CONFIGURATION MODE crypto pki import p...

Page 2016: ...by the specified certificate the command will be rejected If the specified certificate is the root CA certificate and the trustpoint represents a locally selfsigned CA then the corresponding private...

Page 2017: ...uest The optional numeric parameter defines the bit length for the key and is only applicable for keys that are implicitly created during enrollment This command does not affect server certificates or...

Page 2018: ...print a hash of the key contents to help uniquely identify a key and a list of trustpoints in which the server certificate is using the key The specified keys must exist Example To show all keys use t...

Page 2019: ...ith the server certificate and then displays its issuer and continues up the issuer chain until the root CA certificate is reached For each certificate the command displays the certificate type the su...

Page 2020: ...local loc lc Issuer C NZ CN local_Signing_CA Valid From Nov 11 15 35 21 2015 GMT Valid To Aug 31 15 35 21 2018 GMT Fingerprint 5A81D34C 759CC4DA CFCA9F65 0303AD83 410B03AF Intermediate CA certificate...

Page 2021: ...stpoints using the crypto pki export pkcs12 command Syntax crypto pki enrollment user username Mode Privileged Exec Example To show the list of trustpoints to which user exampleuser1 is enrolled use t...

Page 2022: ...igured to use the trustpoint and the trustpoint parameters that were configured from trustpoint configuration mode The specified trustpoints must already exist Example To show the details of the trust...

Page 2023: ...n Usage The subject name is specified as a variable number of fields where each field begins with a forward slash character Each field is of the form XX value where XX is the abbreviation of the node...

Page 2024: ...186 01 Rev B Command Reference for AR2050V 2024 AlliedWare Plus Operating System Version 5 4 7 1 x PUBLIC KEY INFRASTRUCTURE COMMANDS SUBJECT NAME TRUSTPOINT CONFIGURATION Related Commands crypto pki...

Page 2025: ...e the device to use TACACS servers For more information about TACACS see the TACACS Feature Overview and Configuration Guide Command List authorization commands on page 2026 aaa authorization commands...

Page 2026: ...d list with privilege level 15 to VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line authorization commands 15 TAC15 To reset the comma...

Page 2027: ...mand Reference for AR2050V 2027 AlliedWare Plus Operating System Version 5 4 7 1 x TACACS COMMANDS AUTHORIZATION COMMANDS aaa authorization config commands tacacs server host Command changes Version 5...

Page 2028: ...nt to the first available configured TACACS server the first server configured for authorization Parameter Description privilege level The privilege level of the set of commands the method list will b...

Page 2029: ...fallback is not configured and all servers become unreachable then all commands except logout exit and quit will be denied The default method list is defined with a local fallback unless configured di...

Page 2030: ...on Usage If authorization of configuration mode commands is not enabled then all configuration commands are accepted by default including command authorization commands NOTE Authorization of configura...

Page 2031: ...es that all TACACS packets sent from the device will have the same source IP address Once configured this affects all TACACS packets namely accounting authentication and authorization If the specified...

Page 2032: ...ed Timeout 5 sec Server Host Server IP Address Status 192 168 1 10 Alive 192 168 1 11 Unknown Table 1 Parameters in the output of the show tacacs command Output Parameter Meaning Source Interface IP a...

Page 2033: ...C613 50186 01 Rev B Command Reference for AR2050V 2033 AlliedWare Plus Operating System Version 5 4 7 1 x TACACS COMMANDS SHOW TACACS Command changes Version 5 4 6 2 1 Source Interface parameter added...

Page 2034: ...figured is regarded as the primary server and if the primary server fails then the backup servers are consulted in turn A backup server is consulted if the primary server fails not if a login authenti...

Page 2035: ...wing commands awplus configure terminal awplus config tacacs server host tac1 company com To set the secret key to secret on the TACACS server 192 168 1 1 use the following commands awplus configure t...

Page 2036: ...client and its TACACS servers If no secret key is specified for a particular TACACS server using the tacacs server host command this global key is used Examples To set the global secret key to secret...

Page 2037: ...no variant of this command resets the transmit timeout to the default 5 seconds Syntax tacacs server timeout seconds no tacacs server timeout Default The default timeout value is 5 seconds Mode Globa...

Page 2038: ...C613 50186 01 Rev B Command Reference for AR2050V 2038 AlliedWare Plus Operating System Version 5 4 7 1 x Part 6 High Availability...

Page 2039: ...Version 5 4 7 1 x High Availability Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure high availability For more information see the High Av...

Page 2040: ...session is in backup or initial state then the associated wan bypass ports will be activated If no wan bypass ports are specified then it puts the VRRP session in HA mode and the wan bypass ports wil...

Page 2041: ...us Operating System Version 5 4 7 1 x HIGH AVAILABILITY COMMANDS HA ASSOCIATE To change a VRRP session out of HA mode use the following commands awplus configure terminal awplus config router vrrp 1 v...

Page 2042: ...re Plus Feature Overview and Configuration Guide Command List advertisement interval on page 2044 alternate checksum mode on page 2046 circuit failover on page 2047 debug vrrp on page 2049 debug vrrp...

Page 2043: ...perating System Version 5 4 7 1 x VRRP COMMANDS show vrrp session on page 2071 transition mode on page 2073 undebug vrrp on page 2075 undebug vrrp events on page 2076 undebug vrrp packet on page 2077...

Page 2044: ...lt advertisement interval of 1 second Syntax advertisement interval 1 255 csec 1 4095 no advertisement interval Default The default advertisement interval is 1 second Mode Router Configuration Usage S...

Page 2045: ...n with VR ID 5 on interface vlan2 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router no advertisement interval The example below shows you how to configure the advertisem...

Page 2046: ...sent by AlliedWare Plus devices Use the no variant of this command to disable the alternate checksum mode Syntax alternate checksum mode no alternate checksum mode Default Disabled Mode Router Configu...

Page 2047: ...VRRP is configured to monitor VLAN2 and VLAN3 with the commands awplus configure terminal awplus config interface vlan1 awplus config if ip address 192 168 1 1 24 awplus config if exit awplus config r...

Page 2048: ...ove zero if all the interfaces go down Examples To configure circuit failover on an IPv4 VRRP instance so that if interface VLAN3 goes down then the priority of VRRP instance 1 is reduced by 30 use th...

Page 2049: ...function Syntax debug vrrp all no debug vrrp all Mode Privileged Exec and Global Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 debugging d...

Page 2050: ...xec and Global Configuration Usage The debug vrrp events command enables the display of debug information related to VRRP internal events See the VRRP Feature Overview and Configuration Guide for more...

Page 2051: ...rmation about VRRPv3 debugging details Examples The example belowshows youhow to enablereceived and sentpacket debugging for VRRP awplus configure terminal awplus config debug vrrp packet The example...

Page 2052: ...or a VRRPv3 IPv6 session on the router Syntax disable Mode Router Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 and IPv6 configurati...

Page 2053: ...P session using the virtual ip or virtual ipv6 and the router vrrp interface or router ipv6 vrrp interface commands before using this command See the VRRP Feature Overview and Configuration Guide for...

Page 2054: ...router to relieve a lower priority backup router By default a preemptive scheme is enabled whereby a higher priority backup virtual router that becomes available take over for the backup virtual rout...

Page 2055: ...reempt mode false The example below shows you how to configure preempt mode as true for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router pr...

Page 2056: ...then this VRRP router functions as the master virtual router Priority also determines whether a VRRP router functions as a backup virtual router and the order of ascendancy to becoming a master virtu...

Page 2057: ...the priority for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router priority 101 The example below shows you how to remove the configured pr...

Page 2058: ...master state NOTE Tunnels and PPP interfaces are not supported NOTE Configuring a high number of instances may adversely affect the device s performance depending on the device CPU the other protocols...

Page 2059: ...13 50186 01 Rev B Command Reference for AR2050V 2059 AlliedWare Plus Operating System Version 5 4 7 1 x VRRP COMMANDS ROUTER IPV6 VRRP INTERFACE Related Commands advertisement interval circuit failove...

Page 2060: ...e virtual router when in master state NOTE Tunnels and PPP interfaces are not supported NOTE Configuring a high number of instances may adversely affect the device s performance depending on the devic...

Page 2061: ...1 Rev B Command Reference for AR2050V 2061 AlliedWare Plus Operating System Version 5 4 7 1 x VRRP COMMANDS ROUTER VRRP INTERFACE Related Commands advertisement interval circuit failover disable VRRP...

Page 2062: ...se debug output is in the log file For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide See the VRRP Feature Ove...

Page 2063: ...ide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv6 configuration details Syntax show running config router vrrp Mode Privileged Exec Global Configuration...

Page 2064: ...iew and Configuration Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Syntax show running config router vrrp Mode Privileged Ex...

Page 2065: ...output about VRRP IPv4 sessions enter the command awplus show vrrp brief Output Figure 46 3 Example output from the show vrrp command Figure 46 4 Example output from the show vrrp brief command Parame...

Page 2066: ...C613 50186 01 Rev B Command Reference for AR2050V 2066 AlliedWare Plus Operating System Version 5 4 7 1 x VRRP COMMANDS SHOW VRRP Related Commands enable VRRP disable VRRP...

Page 2067: ...e counters below the sample output as per RFC2787 NOTE Note that the counters displayed with this commands are the same counters as described in RFC 2787 Copyright C The Internet Society 2000 All Righ...

Page 2068: ...h descriptions for the show vrrp counters command Counter Description Master Transitions The total number of times that this virtual router s state has transitioned to MASTER Received Advertisements T...

Page 2069: ...f packets received with a packet length less than the length of the VRRP header Monitored Circuit Up The total number of times the monitored circuit has generated the UP event Monitored Circuit Down T...

Page 2070: ...formation about VRRPv3 IPv6 configuration details Syntax show vrrp ipv6 interface Mode User Exec and Privileged Exec Example To display information about all VRRPv3 IPv6 sessions enter the command awp...

Page 2071: ...n 1 configured on vlan2 Output shows that a Virtual IP address has been set awplus show vrrp 1 vlan2 See the below sample output from the show vrrp command displaying information about VRRP session 1...

Page 2072: ...rface vlan2 awplus show vrrp 5 vlan2 awplus show vrrp 1 vlan3 Address family IPv4 VrId 1 Interface is vlan3 State is Initialize Virtual IP address is unset Priority is 100 Advertisement interval is 1...

Page 2073: ...n using transition mode VRRPv2 can only use advertisements in whole second intervals Syntax transition mode true false Default The default is false Mode Router Configuration Usage See the VRRP Feature...

Page 2074: ...ersion 5 4 7 1 x VRRP COMMANDS TRANSITION MODE The example below shows you how to configure IPv4 transition mode as false for VRRP VR ID 5 on vlan2 awplus configure terminal awplus config router vrrp...

Page 2075: ...tem Version 5 4 7 1 x VRRP COMMANDS UNDEBUG VRRP undebug vrrp Overview Use this command to disable all VRRP debugging Syntax undebug vrrp all Mode Privileged Exec Example The example below shows you h...

Page 2076: ...MANDS UNDEBUG VRRP EVENTS undebug vrrp events Overview Use this command to disable debugging options for VRRP event troubleshooting Syntax undebug vrrp events Mode Privileged Exec Example The example...

Page 2077: ...d Exec Examples The example below shows you how to disable VRRP sent packet debugging awplus undebug vrrp packet send The example below shows you how to disable VRRP received packet debugging awplus u...

Page 2078: ...RP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Examples The example below shows you how to set the virtual IP address for VRRP VR ID 5 and the...

Page 2079: ...ID 5 and the router as owner of the virtual IPv4 address awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router virtual ip 192 0 2 30 owner The example below shows you how to...

Page 2080: ...nk local addresses are used by IPv6 ND Neighbor Discovery A host s default route to a router points to the IPv6 link local address not a specific global IPv6 address for the router For the host s traf...

Page 2081: ...wplus config router virtual ipv6 fe80 1 master The example below shows you how to set the virtual IPv6 address for VRRPv3 VR ID 3 and the router as the VRRPv3 backup awplus configure terminal awplus c...

Page 2082: ...for any ARP responses associated with the virtual IP address or any gratuitous ARPs sent on behalf of the virtual IP address All VRRP advertisements are sent using this virtual MAC address as the sour...

Page 2083: ...C613 50186 01 Rev B Command Reference for AR2050V 2083 AlliedWare Plus Operating System Version 5 4 7 1 x Part 7 Network Management...

Page 2084: ...ly link to one other AMF node They cannot form cross links or virtual links AMF naming convention When AMF is enabled on a device it will automatically be assigned a host name If a host name has alrea...

Page 2085: ...ckup guests synchronize on page 2110 atmf backup now on page 2111 atmf backup redundancy enable on page 2113 atmf backup server on page 2114 atmf backup stop on page 2116 atmf backup synchronize on pa...

Page 2086: ...5 atmf secure mode certificate expire on page 2167 atmf secure mode certificate expiry on page 2168 atmf secure mode certificate renew on page 2169 atmf secure mode enable all on page 2170 atmf select...

Page 2087: ...2231 show atmf guests on page 2233 show atmf guests detail on page 2235 show atmf links on page 2238 show atmf links detail on page 2240 show atmf links guest on page 2249 show atmf links guest detail...

Page 2088: ...ESIS MANAGEMENT FRAMEWORK AMF COMMANDS switchport atmf agentlink on page 2284 switchport atmf arealink remote area on page 2285 switchport atmf crosslink on page 2287 switchport atmf guestlink on page...

Page 2089: ...AMF Container Configuration Usage The AMF area link connects the AMF controller on a VAA host to the AMF container Once a container has been created with the atmf container command and an area link c...

Page 2090: ...IS MANAGEMENT FRAMEWORK AMF COMMANDS AREA LINK To remove an area link from container vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf cont...

Page 2091: ...r of areas supported on a controller depends on the license installed on that controller You must give each area in an AMF network a unique name and ID number Only one local area can be configured on...

Page 2092: ...V 2092 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA Related Commands atmf area password show atmf area show atmf area summary show atmf...

Page 2093: ...ly on both of the area that locally contains the controller and the remote AMF area masters The command show running config atmf will display the encrypted version of this password The encryption keys...

Page 2094: ...V 2094 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA PASSWORD Related Commands atmf area show atmf area show atmf area summary show atmf...

Page 2095: ...ers must be authorized by the controller and the AMF remote area masters will also need to authorized access from the AMF controller Example To authorize all AMF nodes in the pending authorization que...

Page 2096: ...R2050V 2096 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AUTHORIZE show atmf secure mode certificates show atmf secure mode statistics Comma...

Page 2097: ...authorize provision mac mac address no atmf authorize provision all Default The default timeout is 60 minutes Mode Privileged Exec Example To provisionally authorize all non secure AMF nodes use the c...

Page 2098: ...VISION To authorize a node with a MAC address of 0000 cd28 0880 for 2 hours use the command awplus authorize provision timeout 120 mac 0000 cd28 0880 To remove all provisional authorization on an AMF...

Page 2099: ...chedule backup requests to begin at 11 am and execute twice per day 11 am and 11 pm use the following command node_1 configure terminal node_1 config atmf backup 11 00 frequency 2 CAUTION File names t...

Page 2100: ...ote that this command can only be run on an AMF controller Syntax atmf backup area masters delete area area name node node name Mode Privileged Exec Example To delete the backup of the remote area mas...

Page 2101: ...Remote area backups are disabled by default Usage Use the following commands to configure the remote area master backups atmf backup to configure when the backups begin and how often they run atmf ba...

Page 2102: ...ed Exec Example To back up all local master nodes in all areas controlled by controller 1 use the command controller 1 atmf backup area masters now To back up all local masters in the AMF area named W...

Page 2103: ...the active remote file server and the backup remote file server Files are copied from the active server to the remote server Note that this command is only valid on AMF controllers Syntax atmf backup...

Page 2104: ...e maximum configurable speed of 1000 kBps In effect zero means unlimited Use the no variant of this command to reset to its default value of zero the maximum bandwidth in kilobytes per second kBps ava...

Page 2105: ...kup file from the external media of a specified AMF node Note that this command can only be run from an AMF master node Syntax atmf backup delete node name Mode Privileged Exec Example To delete the b...

Page 2106: ...enable Default Automatic AMF backup functionality is enabled on the AMF master when it is configured and external media i e an SD card or a USB storage device or remote server is detected Mode Global...

Page 2107: ...ntax atmf backup guests delete node name guest port Mode User Exec Privileged Exec Example On a parent node named node1 which in this case the user has a direct console connection to usethefollowing c...

Page 2108: ...able the ability of the guest nodes to be backed up Syntax atmf backup guests enable no atmf backup guests enable Default Guest node backups are enabled by default Mode Global Config Usage We recommen...

Page 2109: ...ow node name guest port Default N A Mode Privileged Exec Example Use the following command to manually trigger the backup of all guests in the AMF network awplus atmf backup guests now Example To manu...

Page 2110: ...ancy backup media such as USB storage devices This facility ensures that each device contains the same backup image files Note that this backup synchronization process will occur as part of the regula...

Page 2111: ...backups on both masters you can apply the backup now command to the master working set This is shown in Example 4 below Example 1 In this example an AMF member has not been assigned a host name The f...

Page 2112: ...x and store the configuration on both masters use the following process From the AMF_master_1 set the working set to comprise only of the automatic group master nodes AMF_Master_1 atmf working set gro...

Page 2113: ...supports any removable media SD card USB it uses the removable media as the redundant backup for the AMF data backup This feature is valid only if remote file servers are configured on the AMF Master...

Page 2114: ...ands AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 1 192 168 1 1 username backup1 Parameter Description id Remote server backup server identifier 1 2 The backup server iden...

Page 2115: ...with a hostname and username use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 To configure server 2 with a hostname and user...

Page 2116: ...command separately on each master node or add both masters to a working set and issue this command to the working set Note that this command can only be run on a master node Syntax atmf backup stop M...

Page 2117: ...its backup remote file server Note that this process happens automatically each time the network is backed up Note that this command can only be run from a master node Syntax atmf backup synchronize M...

Page 2118: ...the backup release file license files It then reboots to put the device in a clean state ready to be used as a replacement node on a provisioned port Syntax atmf cleanup Mode Privileged Exec Usage Th...

Page 2119: ...iguration Guide for more information on running multiple tenants on a single VAA host Use the no variant of this command to remove an AMF container Syntax atmf container container name no atmf contain...

Page 2120: ...ion Guide for more information on running multiple tenants on a single VAA host Syntax atmf container login container name Mode Privileged Exec Usage If you try to login to a AMF container that has no...

Page 2121: ...alid AMF controller license is not available on the device the device will accept this command but will not act as a controller until you install a valid license The following message will warn you of...

Page 2122: ...meisupdatedusingthe bootsystemcommand Theoldrelease will become the backup release file If a release file exists in a remote device such as TFTP or HTTP for example then the URL should specify the exa...

Page 2123: ...File Status Team1 x510 5 4 7 1 1 rel Release ready Team2 x930 5 4 7 1 1 rel Release ready Team3 x930 5 4 7 1 1 rel Release ready Continue the rolling reboot y n y Copying Release x510 5 4 7 1 1 rel to...

Page 2124: ...VLANs each having the same VID and each being applied to a horizontal slice domain of the AMF It follows therefore thatthedomain VLANsare only applied to ports that form cross links and not to ports...

Page 2125: ...xecute the command in parallel leave the AMF network and attempt to rejoin through the new VLAN 4 Create the working set again using the commands master config exit master atmf working set group all 5...

Page 2126: ...ANDS ATMF DOMAIN VLAN To reset the AMF domain VLAN to its default of 4091in an existing AMF network use the following commands master atmf working set group all test 10 configure terminal test config...

Page 2127: ...onfigured the AMF feature starts automatically when the device starts up Mode Global Configuration Usage The device does not auto negotiate AMF domain specific settings such as the Network Name You sh...

Page 2128: ...re automatically assigned to the master group Use the no variant of this command to remove the membership Syntax atmf group group list no atmf group group list Mode Global Configuration Usage You can...

Page 2129: ...sales first add the nodes to the working set master_node atmf working set member_node_1 member_node_2 This command returns the following output confirming that the nodes member_node_1 and member_node_...

Page 2130: ...de discovery method model type http enable setting guest port user name and password The no variant of this command removes the guest class Note that you cannot remove a guest class that is assigned t...

Page 2131: ...50186 01 Rev B Command Reference for AR2050V 2131 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF GUEST CLASS show atmf links guest show atmf g...

Page 2132: ...nd to reset to the default Syntax atmf log verbose 1 3 no atmf log verbose Default The default log display is 3 Usage This command is intended for use in large networks where verbose output can make t...

Page 2133: ...devices the same setting so they can all rejoin the AMF network Use the no variant of this command to remove the assigned subnet Syntax atmf management subnet a b 0 0 no atmf management subnet Defaul...

Page 2134: ...0 nodes test 10 3 Enter the new subnet address using the commands test 10 configure terminal test config 10 atmf management subnet a b 0 0 The nodes will execute the command in parallel leave the AMF...

Page 2135: ...GEMENT SUBNET To reset the AMF management subnet address to its default of 172 31 0 0 in an existing AMF network use the following commands master atmf working set group all test 10 configure terminal...

Page 2136: ...try to rejoin it The AMF network will not be complete until you have given all devices the same setting so they can all rejoin the AMF network Use the no variant of this command to restore the VID to...

Page 2137: ...ging into their consoles directly NOTE The management VLAN will automatically be assigned an IP subnet address based on the value configured by the command atmf management subnet The default VLAN ID l...

Page 2138: ...nodes may exist in a network and they must be connected by an AMF crosslink NOTE Master nodes are an essential component of an AMF network In order to run AMF an AMF License is required for each maste...

Page 2139: ...Global Configuration Usage The default value of 1300 will work for all AMF networks including those that involve virtual links over IPsec tunnels If there are virtual links over IPsec tunnels anywher...

Page 2140: ...ng an AMF master node see the command atmf master Use the no variant of this command to remove the AMF network name Syntax atmf network name name no atmf network name Mode Global Configuration Usage T...

Page 2141: ...ion nodename no atmf provision Default No AMF provisioning Mode Interface Configuration for a switchport a static aggregator or a dynamic channel group Usage The port should be configured as an AMF li...

Page 2142: ...delete it before using the atmf provision node clone command When using this command it is important to be aware of the following A copy of media atmf atmf_name nodes source_node flash will be made f...

Page 2143: ...new provisioned node device3 Figure 47 2 Sample output from the show atmf backup command device1 atmf provision node device3 clone device2 Copying Successful operation device1 show atmf backup Schedu...

Page 2144: ...this command to set a backup configuration file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remote b...

Page 2145: ...sage When using this command to set a backup release file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF...

Page 2146: ...vision node clone must be executed before you can use other atmf provision node commands with the specified node name If a backup or provisioned node already exists for the specified node name then yo...

Page 2147: ...F Feature Overview and Configuration Guide Related commands atmf provision node clone device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 201...

Page 2148: ...ant to use the atmf provision node delete command to delete a provisioned node that was created in error or that is no longer needed This command cannot be used to delete backups created by the AMF ba...

Page 2149: ...rovision node create device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 2016 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446 0M...

Page 2150: ...py of the certificate file is deleted from AMF backup media Use the no variant of this command to set it back to the default This command can only be run on AMF master nodes Syntax atmf provision node...

Page 2151: ...provision nodes command Related commands show atmf provision nodes device1 show atmf provision nodes ATMF Provisioned Node Information Backup Media SD Total 3827 0MB Free 3481 1MB Node Name device2 D...

Page 2152: ...the command has already been set up Otherwise an error message is shown when the command is run NOTE We advise that after running this command you return to a known working directory typically flash E...

Page 2153: ...boot the next node in the sequence This command can take a significant amount of time to complete Syntax atmf reboot rolling force url Mode Privileged Exec Usage You can load the software from a varie...

Page 2154: ...ify the exact release filename without using wild card characters On bootup the software release is verified Should an upgrade fail the upgrading unit will revert back to its previous software version...

Page 2155: ...Working set join ATMF_NETWORK 3 atmf reboot rolling ATMF Rolling Reboot Nodes Timeout Node Name Minutes SW_Team1 14 SW_Team2 8 SW_Team3 8 Continue the rolling reboot y n y ATMF Rolling Reboot Rebooti...

Page 2156: ...ing Reboot Nodes Timeout Node Name Minutes New Release File Status SW_Team1 8 x510 5 4 6 0 1 rel Release Ready SW_Team2 10 x510 5 4 6 0 1 rel Release Ready SW_Team3 8 Not Supported HW_Team1 6 Incompat...

Page 2157: ...e will poll all known AMF masters and controllers and execute an election process based on the last successful backup and its timestamp to determine which to use If no valid backup master or controlle...

Page 2158: ...on 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RECOVER Example To recover the AMF node named Node_10 from the AMF master node named Master_2 use the following command Master_2 atmf...

Page 2159: ...t by reloading its backup file set that is located within the AMF backup system Note that this command must be run on the edge node device that connects to the guest node Syntax atmf recover guest gue...

Page 2160: ...tion to their normal operational mode and in doing so assists with resolving the recovery problem You can repeat this process until the recovery failure has been resolved For more information see the...

Page 2161: ...account that does not exist on the second node provided that atmf restricted login is disabled and the user account on the first node has privilege level 15 Moreover it is possible to use a RADIUS or...

Page 2162: ...ion on Node20 and return to Node10 s command line use the following command Node20 exit Node10 In this example user User1 is a valid user of node5 They can remotely login from node5 to node3 by using...

Page 2163: ...This allows access to the atmf working set command from any node in the AMF network Syntax atmf restricted login no atmf restricted login Mode Privileged Exec Default Master nodes operate with atmf r...

Page 2164: ...d Reference for AR2050V 2164 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RESTRICTED LOGIN Command changes Version 5 4 6 2 1 changes to AMF...

Page 2165: ...etwork Use the no variant of this command to disable AMF secure mode on an AMF node Syntax atmf secure mode no atmf secure mode Default Secure mode is disabled by default Mode Global Configuration Usa...

Page 2166: ...S MANAGEMENT FRAMEWORK AMF COMMANDS ATMF SECURE MODE clear atmf secure mode certificates clear atmf secure mode statistics show atmf show atmf authorization show atmf secure mode show atmf secure mode...

Page 2167: ...eged Exec Example To remove an AMF node named node3 from an AMF network use the following command on the AMF master awplus atmf secure mode certificate expire node3 To remove an AMF node named node2 i...

Page 2168: ...l Configuration Example To set AMF secure mode certificate expiry to 7 days use the commands awplus configure terminal awplus config atmf secure mode certificate expiry 7 To set AMF secure mode certif...

Page 2169: ...twork Secure mode certificates renew automatically but this command could be used to renew a certificate in a situation where the automatic renewal may happen while the device is not attached to the A...

Page 2170: ...of this command to disable AMF secure mode on an entire network Syntax atmf secure mode enable all no atmf secure mode enable all Default Secure mode is disabled by default Mode Privileged Exec Usage...

Page 2171: ...t ticks every 10 seconds for a maximum of 10 times and checks if all the secure mode capable nodes rejoin the AMF network NOTE Enabling or disabling secure mode on the network saves the running config...

Page 2172: ...rivileged Exec Usage After running this command use the atmf working set command to select the set of nodes you want to access in the remote area Example To access nodes in the area Canterbury use the...

Page 2173: ...d member nodes Enabled by default on Controllers Mode Global Configuration mode Usage To use Vista Manager EX you must also enable the HTTP service on all AMF nodes including all AMF masters and contr...

Page 2174: ...ommand allows a virtual tunnel to be created between two remote sites over a layer 3 link The tunnel encapsulates AMF packets and allows them to be sent transparently across a Wide Area Network WAN su...

Page 2175: ...irtual crosslink id 10 ip 192 168 200 1 remote id 5 remote ip 192 168 100 1 To remove this virtual crosslink run the following commands on the local site siteA configure terminal siteA config no atmf...

Page 2176: ...f the tunnel is configured to connect a head office and branch office over the Internet typically this would involve using some type of managed WAN service such as a site to site VPN Tunnels are only...

Page 2177: ...168 1 1 remote id 2 remote ip 192 168 2 1 Node_20 config atmf virtual link id 2 ip 192 168 2 1 remote id 1 remote ip 192 168 1 1 Example 2 To set up an area virtual link to a remote site assuming IP c...

Page 2178: ...hing other than the local device the prompt will change to the AMF network name followed by the size of the working set shown in square brackets This command has to be run at privilege level 15 In add...

Page 2179: ...set use the command node1 atmf working set group all NOTE This command adds the implicit group all to the working set where all comprises all nodes in the AMF This command displays an output screen s...

Page 2180: ...no variant of this command to remove a bridge group from an AMF container Syntax bridge group bridge id no bridge group Mode AMF Container Configuration Usage Each container has two virtual interface...

Page 2181: ...ANDS CLEAR ATMF LINKS STATISTICS clear atmf links statistics Overview This command resets the values of all AMF link port and global statistics to zero Syntax clear atmf links statistics Mode Privileg...

Page 2182: ...mf secure mode certificates If this is the only master on the network you will see the following warning On an AMF member you will see the following message Related Commands atmf authorize atmf secure...

Page 2183: ...atmf secure mode statistics Overview Use this command to reset all secure mode statistics to 0 Syntax clear atmf secure mode statistics Mode Privileged Exec Example To reset the AMF secure mode stati...

Page 2184: ...slink arealink database neighbor error all Default All debugging facilities are disabled Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command output...

Page 2185: ...C613 50186 01 Rev B Command Reference for AR2050V 2185 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS DEBUG ATMF Related Commands no debug all...

Page 2186: ...f 60 seconds with no filters applied NOTE An alias to the no variant of this command undebug atmf can be found elsewhere in this chapter Mode User Exec and Global Configuration Usage If no additional...

Page 2187: ...dump packets from an interface portx x x on the local node ifname Interface port or virtual link pkt type Sets the filter on packets with a particular AMF packet type 1 Crosslink Hello BPDU packet wit...

Page 2188: ...tem Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS DEBUG ATMF PACKET This example applies the debug atmf packet command and combines many of its options node_1 debug atmf packet di...

Page 2189: ...al switch port to each of the guest nodes The MAC addresses of each of the guests of that class can then be learned from ARP or Neighbor discovery tables If you are using the static discovery method y...

Page 2190: ...COMMANDS DISCOVERY Example 2 To return the discovery method for the guest class TQ4600 1 to its default of dynamic use the following commands Node1 conf t Node1 config atmf guest class TQ4600 1 Node1...

Page 2191: ...host See the AMF Feature Overview and Configuration Guide for more information on running multiple tenants on a single VAA host Use the no variant of this command to remove the description from an AM...

Page 2192: ...he backup release file license files The device is then rebooted and returned to its factory default condition The device can then be used for AMF automatic node recovery Syntax erase factory default...

Page 2193: ...rt number no http enable Default http enable is off If http enable is selected without a port parameter the port number will default to 80 Mode ATMF Guest Configuration Mode Example 1 To enable HTTP a...

Page 2194: ...rence for AR2050V 2194 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS HTTP ENABLE Related Commands atmf guest class switchport atmf guestlink show...

Page 2195: ...s are set so syslog sends the messages out as they come NOTE There is a difference between log event and log host messages Log event messages are sent out as they come by syslog Log host messages are...

Page 2196: ...tq to the guest class called tq_device use the following commands node1 conf t node1 config atmf guest class tq_device node1 config atmf guest modeltype tq node1 config atmf guest end Example 2 To re...

Page 2197: ...rted with AlliedWare Plus Feature Overview and Configuration Guide Example 1 To show summary information on AMF node_1 use the following command node_1 show atmf summary Example 2 To show information...

Page 2198: ...de_1 show atmf tech Table 2 Output from the show atmf session command node_1 show atmf session CLI Session Neighbors Session ID 73518 Node Name node_1 PID 7982 Link type Broadcast cli MAC Address 0000...

Page 2199: ...C 0014 2299 137d Parent Domain Parent Domain Controller Parent Domain Controller MAC 0000 0000 0000 Number of Domain Events 0 Crosslink Ports Blocking 0 Uplink Ports Waiting on Sync 0 Crosslink Sequen...

Page 2200: ...he VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet Network prefix for the subnet Manag...

Page 2201: ...ller 1 show atmf area The following figure shows example output from running this command on a controller The following figure shows example output from running this command on a remote master Paramet...

Page 2202: ...has not been established This could meanthat a port or vlan is down or that inconsistent VLANs have been configured using the switchport atmf arealink remote area command N A for the area of the contr...

Page 2203: ...tmf area summary show atmf area nodes show atmf area nodes detail Table 8 Output from the show atmf area detail command controller 1 show atmf area detail ATMF Area Detail Information Controller dista...

Page 2204: ...e area name for guest information node name The name of the node that connects to the guests main building Area Guest Node Information Device MAC IP IPv6 Type Address Parent Port Address 0008 5d10 763...

Page 2205: ...AR2050V 2205 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF AREA GUESTS Related Commands show atmf area show atmf area nodes show atmf b...

Page 2206: ...il northern node1 Output Figure 47 9 Example output from the show atmf guest detail command Parameter Description area name The name assigned to the AMF area An area is an AMF network that is under th...

Page 2207: ...number on the parent node Guest Description A brief description of the guest node as manually entered into the description interface command for the guest node port on the parent node Device Type The...

Page 2208: ...mple To show summarized information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes The following figure shows partial example output from running this...

Page 2209: ...detail ATMF Master Whether the node is an AMF master node for its area Y if it is and N if it is not SC The device configuration one of C Chassis SBx8100 series S Stackable VCS or N Standalone Parent...

Page 2210: ...ample To show information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes detail The following figure shows partial example output from running this co...

Page 2211: ...m the show atmf area nodes detail command Parameter Definition Node name The name assigned to a particular node Parent node name The node to which the current node has an active uplink Domain id Board...

Page 2212: ...rea summary The following figure shows example output from running this command Related Commands show atmf area show atmf area nodes show atmf area nodes detail Parameter Description area name Display...

Page 2213: ...MF nodes which are requesting authorization on an AMF controller or AMF master use the command awplus show atmf authorization pending To display AMF nodes which have provisional authorization use the...

Page 2214: ...thorization Authorization expiry time is set using atmf secure mode certificate expiry Pending Authorizations NZ Requests Node Name Product Parent Node Interface area_1_node_3 x230 18GP master_1 port1...

Page 2215: ...show atmf secure mode show atmf secure mode certificates Command changes Version 5 4 7 0 3 command added Table 47 3 Parameters in the output from show atmf authorization provisional Parameter Descript...

Page 2216: ...ogs Displays detailed log information server status Displays connectivity diagnostics information for each configured remote file server synchronize Display the file server synchronization status logs...

Page 2217: ...logs Backup Redundancy Enabled Local media SD Total 3788 0MB Free 1792 8MB State Inactive Remote file server is not available Log File Location card atmf ATMF logs rsync_ node name log Node Name Log D...

Page 2218: ...forming This will be a combination of either Idle Starting Doing Stopping or manual scheduled Started The date and time that the currently executing task was initiated in the format DD MMM YYYY HH MM...

Page 2219: ...es note that the backup may still be deemed successful depending on the errors Stopped meaning that the backup attempt was manually aborted Good meaning that the backup was completed successfully In P...

Page 2220: ...aster nodes in one or more areas Note that this command is only available on AMF controllers Syntax show atmf backup area area name node name logs Mode Privileged Exec Example To show information abou...

Page 2221: ...e 15 Oct 2016 04 30 Backup Bandwidth Unlimited Backup Media FILE SERVER 1 Total 128886 5MB Free 26234 2MB Server Config 1 Configured Mounted Active Host 10 37 74 1 Username root Path tftpboot backups_...

Page 2222: ...status use the command x930 master show atmf backup guest Output Figure 47 13 Example output from show atmf backup guest Parameter Description node name The name of parent guest node guest port The po...

Page 2223: ...1 46 Good USB 19 Jan 2016 22 21 46 Good Table 47 1 Parameters in the output from show atmf backup guest Parameter Description Guest Backup The status of the guest node backup process Scheduled Backup...

Page 2224: ...single VAA host See the AMF Feature Overview and_Configuration Guide for more information on running multiple tenants on a single VAA host Syntax show atmf container detail container name Mode Privile...

Page 2225: ...command Memory The amount of memory the container is using on the VAA host CPU The percentage of CPU time the container is using on the VAA at the time the show command is run awplus show atmf contain...

Page 2226: ...F management IP address CPU use The CPU usage of the container since it was enabled Memory use Container memory usage Link Each container has two links 1 An AMF area link this connects the container t...

Page 2227: ...screen from this command is shown below Parameter Description detail Displays output in greater depth atmf 1 show atmf detail ATMF Detail Information Network Name Test_network Network Mtu 1300 Node Na...

Page 2228: ...F root node Domain State The state of Node in a Domain in AMF network as Controller Backup Recovery State The AMF node recovery status Indicates whether a node recovery is in progress on this device A...

Page 2229: ...these groups Syntax show atmf group user defined automatic Default All groups are displayed Mode Privileged Exec Example 1 To display group membership of node2 use the following command node2 show at...

Page 2230: ...master poe x8100 node1 node2 node3 node4 node5 node6 ATMF group information sysadmin x8100 AMF_NETWORK 6 Table 49 Sample output from the show atmf group command for a working set AMF_NETWORK 6 show a...

Page 2231: ...based on their own criteria which can be used to select groups of nodes Syntax show atmf group members user defined automatic Mode Privileged Exec Example To display group membership of all nodes in...

Page 2232: ...52 Parameter definitions from the show atmf group members command Parameter Definition Automatic Groups Lists the Automatic Groups and their nodal composition The sample output shows AMF nodes based o...

Page 2233: ...ommand awplus show atmf guests Output Figure 47 17 Example output from the show atmf guests command master show atmf guests Guest Information Device Device Parent Guest IP IPv6 Name Type Node Port Add...

Page 2234: ...guestlink show atmf backup guest show atmf links guest Parent Node The name of the AMF node that directly connects to the guest node Guest Port The port on the parent node that directly connects to t...

Page 2235: ...d specify the node name or show atmf links guest detail which shows information about the guest nodes and also about their link to their parent node Note that the parameters that are displayed depend...

Page 2236: ...s discovered from the device or failing that auto assigned by AMF The auto assigned name consists of parent node name attached port number You can change this by configuring a description on the port...

Page 2237: ...erence for AR2050V 2237 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF GUESTS DETAIL Related Commands atmf guest class switchport atmf gu...

Page 2238: ...links brief Figure 47 19 Example output from show atmf links brief Parameter Description brief A brief summary of AMF links their configuration and status Example core show atmf links ATMF Link Brief...

Page 2239: ...to ensure link is stable Incompatible Neighbor rejected the link because of inconsistency in AMF configurations OneWay Link is up and has waited the hold down period and now attempting to link to anot...

Page 2240: ...ail The output from this command will display all the internal data held for AMF links The following example gives details of the links that are summarized in the example in show atmf links Parameter...

Page 2241: ...0 Example core 4610 Transaction ID 2 2 MAC Address eccd 6dd1 64d0 0000 cd37 054b Link State Full Full Domain Nodes Tree Node Building A Links on Node 1 Link 0 Building A 4630 Example core 4630 Forward...

Page 2242: ...Depth 0 Transaction ID 6 Flags 32 Domain Controller Domain Controller MAC 0000 0000 0000 Downlink Domain Information Domain Dept A s domain Domain Controller Dept A Domain Controller MAC eccd 6d20 c1d...

Page 2243: ...Domain Dorm D s domain Node Building A Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Building B Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Example core Ifindex...

Page 2244: ...t MAC eccd 6ddf 6cdf Adjacent Domain Controller Dorm D Adjacent Domain Controller MAC 0000 cd37 082c Port Forwarding State Forwarding Port BPDU Receive Count 95 Port Sequence Number 11 Port Adjacent S...

Page 2245: ...Link has been shut down by user configuration Port BPDU Receive Count The number of AMF protocol PDU s received Adjacent Node Name The name of the adjacent node connected to this node Adjacent Ifindex...

Page 2246: ...for the neighbor in crosslink Flags Used in domain messages to exchange the state ATMF_DOMAIN_FLAG_DOWN 0 ATMF_DOMAIN_FLAG_UP 1 ATMF_DOMAIN_FLAG_BLOCK 2 ATMF_DOMAIN_FLAG_NOT_PRESENT 4 ATMF_DOMAIN_FLA...

Page 2247: ...tual router id for the local port Port Status Shows status of the local port on the Node as UP DOWN Port State AMF state of the local port Adjacent Node nodename of the adjacent node Adjacent Internal...

Page 2248: ...mand Reference for AR2050V 2248 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF LINKS DETAIL Related Commands no debug all clear atmf link...

Page 2249: ...on about AMF guests that are connectible from node1 use the command node1 show atmf links guest Output Figure 47 20 Example output from show atmf links guest Parameter Description interface interface...

Page 2250: ...ort atmf guestlink show atmf backup guest Model Type The model type of the guest node as entered by the modeltype command Can be one of the following alliedware aw tq other DC The discovery method as...

Page 2251: ...isplay details for all ports with guest nodes connected Mode User Exec Privileged Exec Usage Use this command to display the guest nodes connected to a single parent node If you want to see a list of...

Page 2252: ...node1 1 0 17 Firmware Version 3 2 1 A02 Table 47 2 Parameters in the output from show atmf links guest detail Parameter Description Interface The port on the parent node that connects to the guest Lin...

Page 2253: ...s in the process of retrieving any other available information from the guest firmware version etc The information available depends on what device the guest node is Full The AMF device has retrieved...

Page 2254: ...uest Serial Number The serial number of the guest node Firmware Name The name of the firmware operating on the guest node Firmware Version The version of the firmware operating on the guest node HTTP...

Page 2255: ...ce1 show atmf links statistics Parameter Description interface Specifies that the command applies to a specific interface port or range of ports Where both the interface and port number are unspecifie...

Page 2256: ...cksum or type Type7 0 Incarnation is not possible with the data received Type8 0 Discard crosslink hello received not correct state Type9 0 Discard crosslink domain hello received on non crosslink Typ...

Page 2257: ...debug all clear atmf links statistics show atmf device1 show atmf links statistics interface port1 0 5 ATMF Port Statistics Transmit Receive port1 0 5 Crosslink Hello 231 232 port1 0 5 Crosslink Hello...

Page 2258: ...other improvements Syntax show atmf nodes guest all Mode Privileged Exec Usage You can use this command to display one of three sets of nodes all nodes except guest nodes by specifying show atmf nodes...

Page 2259: ...e at the end node1 show atmf nodes all Node and Guest Information Local device SC Switch Configuration C Chassis S Stackable N Standalone G Guest Node Guest Device ATMF Parent Node Name Type Master SC...

Page 2260: ...is run Example To show the details of all the provisioned nodes in the backup use the command NodeName show atmf provision nodes Figure 47 24 Sample output from the show atmf provision nodes command R...

Page 2261: ...cure mode Output Figure 47 25 Example output from show atmf secure mode on an AMF master Figure 47 26 Example output from show atmf secure mode on an AMF node ATMF Secure Mode Secure Mode Status Enabl...

Page 2262: ...te Expiry Certificate expiry time Set with atmf secure mode certificate expiry Certificates Total Total number of certificates Certificates Revoked Certificates that have been revoked by the AMF maste...

Page 2263: ...ing The default username and password is enabled Good SNMP V1 or V2 is disabled Warning Telnet server is enabled Good ATMF is enabled Secure Mode is on Good ATMF Topology GUI is disabled No trustpoint...

Page 2264: ...secure mode link audits for a node use the command awplus show atmf secure mode audit link Output Figure 47 28 Example output from show atmf secure mode audit link Related Commands show atmf show atmf...

Page 2265: ...secure mode certificates for a node named area_2_node_1 in an area named area 2 use the command awplus show atmf secure mode certificates detail area area 2 node area_2_node_1 Output Figure 47 29 Exa...

Page 2266: ...F commands Valid statuses are Active Revoked and Rejected Certificates Detail area_2_node_1 area area 2 MAC Address 0000 cd37 0003 Status Active Serial Number A24SC8001 Product x510 28GTX Key Fingerpr...

Page 2267: ...IED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF SECURE MODE CERTIFICATES Related Commands atmf authorize atmf secure mode atmf secure mode certificate expire atmf secure mode certificate renew...

Page 2268: ...er or member node use the command awplus show atmf secure mode sa detail neighbor Output Figure 47 31 Example output from show atmf secure mode sa Parameter Description detail Display detailed securit...

Page 2269: ...cd 6d82 6c16 Flags 000003c0 Id 83 40000053 Type Neighbor Gateway State Complete Remote MAC Address 001a eb54 e53b Flags 000003c0 Id 175 400000af Type Neighbor Gateway State Complete Remote MAC Address...

Page 2270: ...r master neighbor relationship Broadcast SA for working set broadcast requests State Current state of the Security Association The state must be Complete before a member node is trusted and can be acc...

Page 2271: ...To display AMF secure mode statistics on a master or member node use the command awplus show atmf secure mode statistics Output Figure 47 33 Example output from show atmf secure mode statistics on an...

Page 2272: ...mode atmf secure mode certificate renew clear atmf secure mode statistics show atmf secure mode Command changes Version 5 4 7 0 3 command added ATMF Secure Mode Statistics Local Certificates Valid 3 I...

Page 2273: ...atmf tech Table 48 Sample output from the show atmf tech command node1 show atmf tech ATMF Summary Information ATMF Status Enabled Network Name ATMF_NET Node Name node1 Role Master Current ATMF Nodes...

Page 2274: ...ed to the node within the AMF network Role The role configured on the device within the AMF either master or member Current ATMF Nodes A count of the AMF nodes in the AMF network Node Address The iden...

Page 2275: ...address used for this traffic Domain IP Address the IP address allocated for this traffic Domain Mask the Netmask used to create a subnet for this traffic 255 255 128 0 prefix 17 Device Type Shows the...

Page 2276: ...cts to a virtual link The first link has the IP address 192 168 1 1 and has a Local ID of 1 The second has the IP address 192 168 2 1 and has the Local ID of 2 Example 2 To display AMF virtual links M...

Page 2277: ...ed vlink1 equivalent to an L2TP tunnel Local ID The local ID of the virtual link This matches the vlink number State The operational state of the vlink either Up or Down This state is always displayed...

Page 2278: ...displays the nodes that form the current AMF working set Syntax show atmf working set Mode Privileged Exec Example To show current members of the working set use the command ATMF_NETWORK 6 show atmf w...

Page 2279: ...ode User Exec and Global Configuration Example To display the AMF debugging status use the command node_1 show debugging atmf Figure 47 35 Sample output from the show debugging atmf command Related Co...

Page 2280: ...he AMF packet debugging status use the command node_1 show debug atmf packet Figure 47 36 Sample output from the show debugging atmf packet command Related Commands debug atmf debug atmf packet Table...

Page 2281: ...ays the running system information that is specific to AMF Syntax show running config atmf Mode User Exec and Global Configuration Example To display the current configuration of AMF use the following...

Page 2282: ...disabled Mode AMF Container Configuration Usage The first time the state enable command is executed on a container it assigns the container to an area and configures it as an AMF master This is achie...

Page 2283: ...vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf container state enable To stop the AMF container vac wlg 1 use the commands awplus confi...

Page 2284: ...re not visible to AMF networks Mode Interface mode for a switch port Note that the link between the x600 and the AMF network must be a single link not an aggregated link Usage The x600 Series switch p...

Page 2285: ...up Usage Run this command on the port or aggregator at both ends of the link Each area must have the area name configured and the same area password must exist on both ends of the link Running this co...

Page 2286: ...e for AR2050V 2286 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SWITCHPORT ATMF AREALINK REMOTE AREA Related Commands atmf area atmf area passwor...

Page 2287: ...for the selected port or aggregated link Syntax switchport atmf crosslink no switchport atmf crosslink Mode Interface Configuration for a switchport a static aggregator or a dynamic channel group Usag...

Page 2288: ...e terminal Node_1 config interface sa1 Node_1 config if switchport atmf crosslink Node_1 config if switchport trunk allowed vlan add 2 Node_1 config if switchport trunk native vlan none In this exampl...

Page 2289: ...nfigure switch port 1 0 44 to be a guest link that will connect to a guest node having a guest class of camera and an IPv4 address of 192 168 3 3 use the following commands node1 configure terminal no...

Page 2290: ...nk node1 config if end Example 4 To configure switch ports 1 0 52 to 1 0 54 to be guest links for the guest class camera use the following commands node1 configure terminal node1 config int port1 0 41...

Page 2291: ...erconnected AMF domains This tree must be loop free Therefore you must configure your links so that no rings are formed only from up down links and or virtual links Within each domain cross links betw...

Page 2292: ...eave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns the...

Page 2293: ...eturns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exit Y...

Page 2294: ...C613 50186 01 Rev B Command Reference for AR2050V 2294 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS TYPE ATMF NODE Related Commands show trigger...

Page 2295: ...ference for AR2050V 2295 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS UNDEBUG ATMF undebug atmf Overview This command is an alias for the no vari...

Page 2296: ...the guest class of phone1 use the following commands node1 conf t node1 config amf guest class phone1 node1 config atmf guest username reception password secret node1 config atmf guest end Example 2...

Page 2297: ...613 50186 01 Rev B Command Reference for AR2050V 2297 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS USERNAME show atmf links guest show atmf nodes...

Page 2298: ...nd saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide This guide is available at the above link on alliedtelesis com Command List bootfile on p...

Page 2299: ...page 2331 option on page 2332 probe enable on page 2334 probe packets on page 2335 probe timeout on page 2336 probe type on page 2337 range on page 2338 route on page 2339 service dhcp relay on page 2...

Page 2300: ...f the boot file that the client should use in its bootstrap process It may need to include a path The no variant of this command removes the boot filename from a DHCP server pool Syntax bootfile filen...

Page 2301: ...r range are specified and one or more static DHCP bindings exist within those addresses any dynamic entries within those addresses are cleared but any static entries are not cleared Examples To clear...

Page 2302: ...ult router or all default routers from the DHCP pool Syntax default router ip address no default router ip address Mode DHCP Configuration Examples To add a router with an IP address 192 168 1 2 to th...

Page 2303: ...pool Syntax dns server ip address no dns server ip address Mode DHCP Configuration Examples To add the DNS server with the assigned IP address 192 168 1 1 to the DHCP pool named P1 use the following...

Page 2304: ...no variant of this command removes the domain name from the address pool Syntax domain name domain name no domain name Mode DHCP Configuration Examples To add the domain name Nerv_Office to DHCP pool...

Page 2305: ...t be configured using a network command before issuing a host command Also note that a host address must match a network to add a static host address Examples To add the host at 192 168 1 5 with the M...

Page 2306: ...ip name server command Option 15 a domain name used to resolve host names This option replaces the domain name set with the ip domain name command Your device ignores this domain name if it has a doma...

Page 2307: ...FIGURATION PROTOCOL DHCP COMMANDS IP ADDRESS DHCP To stop the interface vlan10 from using DHCP to obtain its IP address use the commands awplus configure terminal awplus config interface vlan10 awplus...

Page 2308: ...by default The no variant of this command configures the DHCP server to accept BOOTP requests This is the default setting Syntax ip dhcp bootp ignore no ip dhcp bootp ignore Mode Global Configuration...

Page 2309: ...s Use the no variant of this command to disable the support of DHCPLEASEQUERY packets For more information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp leasequery enable no ip...

Page 2310: ...1 254 The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name used to identify the option You cann...

Page 2311: ...fined IP address option as option 175 with the name special address use the commands awplus configure terminal awplus config ip dhcp option 175 name special address ip To remove the specific user defi...

Page 2312: ...iple interfaces This allows the device to act as a DHCP server on multiple interfaces to distribute different information to clients on the different networks The no variant of this command deletes th...

Page 2313: ...is operating via an interface that is only intended to be used for back up interface redundancy purposes such as a VLAN containing a single switchport or a 4G cellular interface on an AR Series Firewa...

Page 2314: ...V 2314 AlliedWare Plus Operating System Version 5 4 7 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS IP DHCP CLIENT DEFAULT ROUTE DISTANCE Related Commands show ip route show ip route database...

Page 2315: ...the server For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide NOTE The DHCP relay service mightalter the content of the...

Page 2316: ...field use the commands awplus configure terminal awplus config interface ppp0 awplus config if ip dhcp relay agent option To stop the relay agent from appending the DHCP Relay Agent Option 82 field on...

Page 2317: ...ing no ip dhcp relay agent option checking Mode Interface Configuration for a VLAN interface or a PPP interface Examples To make the DHCP Relay Agent listening on vlan10 check the DHCP Relay Agent Inf...

Page 2318: ...are Plus Operating System Version 5 4 7 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS IP DHCP RELAY AGENT OPTION CHECKING Related Commands ip dhcp relay agent option ip dhcp relay agent option...

Page 2319: ...option remote id remote id no ip dhcp relay agent option remote id Default The Remote ID is set to the device s MAC address by default Mode Interface Configuration for a VLAN interface or a PPP interf...

Page 2320: ...P interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 timeslots all awplus config if ip dhcp relay agent option remote id myid To remove the Remote ID specified for...

Page 2321: ...y Agent Option 82 field with its own DHCP Relay Agent field This is equivalent to the functionality of the replace parameter The no variant of this command returns the policy to the default behavior i...

Page 2322: ...ntain DHCP Relay Agent Option 82 information use the commands awplus configure terminal awplus config interface vlan15 awplus config if ip dhcp relay information policy drop To reset the DHCP relay in...

Page 2323: ...of this command to reset the hop count to the default For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp...

Page 2324: ...erface Usage When a DHCP Relay Agent that has DHCP Relay Agent Option 82 insertion enabled receives a request packet from a DHCP client it will append the DHCP Relay Agent Option 82 component data and...

Page 2325: ...ON PROTOCOL DHCP COMMANDS IP DHCP RELAY MAX MESSAGE LENGTH To reset the maximum DHCP message length to the default of 1400 bytes for packets arriving in interface vlan7 use the commands awplus configu...

Page 2326: ...relay server address ipv4 address ipv6 address server interface no ip dhcp relay Mode Interface Configuration for a VLAN interface or a PPP interface Usage For a DHCP server with an IPv6 address you...

Page 2327: ...2 awplus config if no ip dhcp relay server address 192 0 2 200 To enable the DHCP Relay Agent on your device to relay DHCP packets on interface vlan10 to the DHCP server with the IPv6 address 2001 0db...

Page 2328: ...t the lease expiry time to infinite leases never expire Use the no variant of this command to return the lease expiration time back to the default of one day Syntax lease days hours minutes seconds le...

Page 2329: ...us config ip dhcp pool Nerv_Office awplus dhcp config lease 1 5 30 To set the lease expiration time for the address pool P3 to 20 seconds use the commands awplus configure terminal awplus config ip dh...

Page 2330: ...e pool You must remove all ranges in the pool before issuing a no network command to remove a network from the pool Examples To configure a network for the address pool P2 where the subnet is 192 0 2...

Page 2331: ...server that the client should use in its bootstrap process The no variant of this command removes the next server address from the DHCP address pool Syntax next server ip address no next server Mode D...

Page 2332: ...es the specified user defined option from the DHCP pool or all user defined options from the DHCP pool Syntax option 1 254 option name option value no option 1 254 option value Mode DHCP Configuration...

Page 2333: ...ption tcpip node type 08af To add multiple IP addresses for the ip type option 175 use the command awplus dhcp config option 175 192 0 2 6 awplus dhcp config option 175 192 0 2 12 awplus dhcp config o...

Page 2334: ...sed by another host The no variant of this command disables probing for a DHCP pool Syntax probe enable no probe enable Default Probing is enabled by default Mode DHCP Pool Configuration Examples To e...

Page 2335: ...of probe packets sent to the default of 5 Syntax probe packets 0 10 no probe packets Default The default is 5 Mode DHCP Pool Configuration Examples To set the number of probe packets to 2 for pool P2...

Page 2336: ...ng 200 milliseconds Syntax probe timeout 50 5000 no probe timeout Default The default timeout interval is 200 milliseconds Mode DHCP Pool Configuration Examples To set the probe timeout value to 500 m...

Page 2337: ...l send an ICMP Echo Request ping The no variant of this command sets the probe type to the default setting ping Syntax probe type arp ping no probe type Default The default probe type is ping Mode DHC...

Page 2338: ...address ranges from the DHCP pool Syntax range ip address ip address no range ip address ip address no range all Mode DHCP Configuration Examples To add an address range of 192 0 2 5 to 192 0 2 16 to...

Page 2339: ...DHCP Configuration Examples To distribute static routes for route 0 0 0 0 0 whose next hop is 192 16 1 1 to clients using both opt249 and rfc3442 use the command awplus configure terminal awplus conf...

Page 2340: ...relay no service dhcp relay Mode Global Configuration Usage A maximum number of 400 DHCP Relay Agents one per interface can be configured on the device Once this limit has been reached any further at...

Page 2341: ...your device The server then listens for DHCP requests on all IP interfaces It will not run if there are no IP interfaces configured The no variant of this command disables the DHCP server Syntax servi...

Page 2342: ...tput from the show counter dhcp client command Related Commands ip address dhcp show counter dhcp client DHCPDISCOVER out 10 DHCPREQUEST out 34 DHCPDECLINE out 4 DHCPRELEASE out 0 DHCPOFFER in 22 DHCP...

Page 2343: ...ers for the DHCP Relay Agent on your device use the following command awplus show counter dhcp relay Output Figure 48 2 Example output from the show counter dhcp relay command Parameter Description vr...

Page 2344: ...elayed to servers Relayed To Client The number of DHCP Reply messages relayed to clients Out To Server Failed The number of failures when attempting to send request messages to servers This is an inte...

Page 2345: ...t ID The number of incoming DHCP Reply messages dropped due to a missing circuit ID Note that Agent Option counters only increment on errors occurring if the ip dhcp relay agent option command is conf...

Page 2346: ...another DHCP Relay Agent This policy is set with the ip dhcp relay information policy command there is a packet error that stops the DHCP Relay Agent from being able to append the packet with its DHC...

Page 2347: ...rom the show counter dhcp server command DHCP server counters DHCPDISCOVER in 20 DHCPREQUEST in 12 DHCPDECLINE in 1 DHCPRELEASE in 0 DHCPINFORM in 0 DHCPOFFER out 8 DHCPACK out 4 DHCPNAK out 0 BOOTREQ...

Page 2348: ...ages sent by the DHCP server The server sends these after receiving a request that it cannot fulfil because either there are no available IP addresses in the related address pool or the request has co...

Page 2349: ...evice For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Syntax show dhcp l...

Page 2350: ...9 Renew 13 Mar 2017 18 37 06 Rebind 13 Mar 2017 19 49 29 Server Options subnet mask 255 255 255 0 routers 19 18 2 100 12 16 2 17 dhcp lease time 3600 dhcp message type 5 domain name servers 192 168 10...

Page 2351: ...us show ip dhcp binding 172 16 2 16 To display the leases from the address pool MyPool use the command awplus show ip dhcp binding MyPool Output Figure 48 6 Example output from the show ip dhcp bindin...

Page 2352: ...or AR2050V 2352 AlliedWare Plus Operating System Version 5 4 7 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS SHOW IP DHCP BINDING Related Commands clear ip dhcp binding ip dhcp pool lease rang...

Page 2353: ...pool Mode User Exec and Privileged Exec Example awplus show ip dhcp pool Output Figure 48 7 Example output from the show ip dhcp pool command Parameter Description address pool Name of a specific add...

Page 2354: ...esses Total 8 Leased 2 Utilization 25 0 Static host addresses Total 1 Leased 1 Table 3 Parameters in the output of the show ip dhcp pool command Parameter Description Pool Name of the pool network Sub...

Page 2355: ...sent In the range 50 to 5000 dns servers The DNS server addresses sent to by the pool to clients default router s The default router addresses sent by the pool to clients user defined options The lis...

Page 2356: ...0V 2356 AlliedWare Plus Operating System Version 5 4 7 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS SHOW IP DHCP POOL Related Commands ip dhcp pool probe enable probe packets probe timeout pr...

Page 2357: ...ample To display the DHCP Relay Agent s configuration on the interface vlan100 use the command awplus show ip dhcp relay interface vlan100 Output Figure 48 9 Example output from the show ip dhcp relay...

Page 2358: ...agent option checking ip dhcp relay information policy ip dhcp relay maxhops ip dhcp relay server address Command changes Version 5 4 6 2 1 VRF lite support added DHCP Relay Service is enabled VRF re...

Page 2359: ...eged Exec Example To display the server statistics use the command awplus show ip dhcp server statistics Output Figure 48 11 Example output from the show ip dhcp server statistics command DHCP server...

Page 2360: ...request that it cannot fulfil because either there are no available IP addresses in the related address pool or the request has come from a client that doesn t fit the network setting for an address p...

Page 2361: ...currently configured This show command does not include any configuration details of the address pools You can display these using the show ip dhcp pool command For information on filtering and savin...

Page 2362: ...the pool s network mask specified using the next server command is applied The no variant of this command removes a subnet mask option from a DHCP pool The pool reverts to using the pool s network ma...

Page 2363: ...prefixes DHCPv6 Prefix Delegation provides automatic configuration of IPv6 addresses and IPv6 prefixes Note that DHCPv6 client does not support tunnel interface For information on filtering and savin...

Page 2364: ...384 ipv6 dhcp pool on page 2386 ipv6 dhcp server on page 2388 ipv6 local pool on page 2389 ipv6 nd prefix DHCPv6 on page 2391 link address on page 2393 option DHCPv6 on page 2395 prefix delegation poo...

Page 2365: ...e available allocated by the IPv6 prefix randomly generating the suffix of the IPv6 address with the specified preferred and valid lifetime leases Leased IPv6 address are found in the Parameter Descri...

Page 2366: ...nt from deprecated addresses or prefixes are delivered as expected An IPv6 address or prefix becomes invalid and is not available to an interface when the valid lifetime timer expires Invalid addresse...

Page 2367: ...A deprecated address or prefix should not be used as a source address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected Parameter Description first ipv6 addres...

Page 2368: ...o add the IPv6 address range 2001 0db8 1 1 to 2001 0db8 1fff 1 for DHCPv6 server pool configuration use the following commands awplus configure terminal awplus config ipv6 dhcp pool pool1 awplus confi...

Page 2369: ...NTER IPV6 DHCP CLIENT clear counter ipv6 dhcp client Overview Use this command in Privileged Exec mode to clear DHCPv6 client counters Syntax clear counter ipv6 dhcp client Mode Privileged Exec Exampl...

Page 2370: ...NTER IPV6 DHCP SERVER clear counter ipv6 dhcp server Overview Use this command in Privileged Exec mode to clear DHCPv6 server counters Syntax clear counter ipv6 dhcp server Mode Privileged Exec Exampl...

Page 2371: ...are cleared but any static entries are not cleared The clear ipv6 dhcp binding command is used as a server function A binding table entry on the DHCPv6 server is automatically Created whenever a pref...

Page 2372: ...HCPV6 COMMANDS CLEAR IPV6 DHCP BINDING Example To clear all dynamic DHCPv6 server binding entries use the command awplus clear ipv6 dhcp binding all Output Figure 49 1 Example output from the clear ip...

Page 2373: ...Use this command in Privileged Exec mode to restart a DHCPv6 client on an interface Syntax clear ipv6 dhcp client interface Mode Privileged Exec Example To restart a DHCPv6 client on interface vlan1...

Page 2374: ...dd the DNS server with the assigned IPv6 address 2001 0db8 3000 3000 32 to the DHCPv6 server pool named P2 use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus d...

Page 2375: ...01 Rev B Command Reference for AR2050V 2375 AlliedWare Plus Operating System Version 5 4 7 1 x DHCP FOR IPV6 DHCPV6 COMMANDS DNS SERVER DHCPV6 Related Commands ipv6 dhcp pool option DHCPv6 show ipv6...

Page 2376: ...he pre defined option 15 Note that if you add a user defined option 15 using the option DHCPv6 command then you will override any settings created with this command Examples To add the domain name Eng...

Page 2377: ...the MAC address of the device For more information about EUI64 see the IPv6 Feature Overview and Configuration Guide Examples To configure a PD prefix named prefix1 on interface vlan1 and then add an...

Page 2378: ...he following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 address 2001 0db8 a2 48 To remove the IPv6 address 2001 0db8 a2 48 from the VLAN interface vlan2 use...

Page 2379: ...b8 32 from VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config interface vlan2 awplus config if no ipv6 address 2001 0db8 64 eui64 Val...

Page 2380: ...ist appends the DNS servers set on your device with the dns server DHCPv6 command Option 15 a domain name used to resolve host names This option replaces any domain name that you have set with the dom...

Page 2381: ...ress use the commands awplus configure terminal awplus config interface ppp0 awplus config if ipv6 address dhcp To stop the PPP interface ppp0 from using DHCPv6 to obtain its IPv6 address use the comm...

Page 2382: ...n interface Usage Entering the ipv6 dhcp client pd command starts the DHCPv6 client process if not already running and enables requests for prefix delegation through the interface on which the command...

Page 2383: ...DHCP CLIENT PD To disable prefix delegation on the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 dhcp client pd Rela...

Page 2384: ...The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name used to identify the option You cannot use...

Page 2385: ...ipv6 dhcp option 46 name tcpip node type hex To define a user defined IP address option as option 175 with the name special address use the following commands awplus configure terminal awplus config...

Page 2386: ...to delete the specific DHCPv6 pool Syntax ipv6 dhcp pool DHCPv6 poolname no ipv6 dhcp pool DHCPv6 poolname Mode Global Configuration Usage All DHCPv6 prefix pool names must be unique IPv6 prefix pool...

Page 2387: ...rence for AR2050V 2387 AlliedWare Plus Operating System Version 5 4 7 1 x DHCP FOR IPV6 DHCPV6 COMMANDS IPV6 DHCP POOL Related Commands ipv6 local pool option DHCPv6 prefix delegation pool show ipv6 d...

Page 2388: ...ation and configuration through the specified interface Note that DHCPv6 client DHCPv6 server and DHCPv6 relay are mutually exclusive on an interface When one of the DHCPv6 functions is enabled on an...

Page 2389: ...esses an IPv6 address prefix areassignedandnotsingleIPv6addresses IPv6prefixpoolsarenotallowed to overlap Parameter Description DHCPv6 poolname Description used to identify this DHCPv6 server pool Val...

Page 2390: ...xpool All IPv6prefixesalready allocated are also freed Examples To create alocalDHCPv6 local pool named P2 withtheIPv6 prefixand prefixlength 2001 0db8 32 with an assigned length of 64 use the followi...

Page 2391: ...usually set between 0 and 64 valid lifetime The the period during which the specified IPv6 address prefix is valid This can be set to a value between 5 and 315360000 seconds Note that this period shou...

Page 2392: ...nvalid addresses or prefixes should not appear as the source or destination for a packet Examples The following example configures the device to issue RAs Router Advertisements on the VLAN interface v...

Page 2393: ...eived via an intermediate relay to a configured delegation pool When an address on the incoming interface of the DHCPv6 server or a link address set in the incoming delegation request packet from the...

Page 2394: ...b8 1 48 as the link address for pool P2 use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 address prefix 2001 0db8 2 48 awplus config dhcp6 link...

Page 2395: ...ress format so if the option already exists in the pool then the new IP address is added to the list of existing IPv6 prefixes Also note options with the same number as one of the pre defined options...

Page 2396: ...08af use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 option tcpip node type 08af To add multiple IP addresses for the ip type option 175 use t...

Page 2397: ...n unassignedprefixes fromthe pool After the client releases the previously assigned prefixes the server returns the prefixes to the pool for reassignment Preferred IPv6 addresses or prefixes are avail...

Page 2398: ...nvalid and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet Example This example adds DH...

Page 2399: ...information use the command awplus show counter ipv6 dhcp client Output Figure 49 2 Example output from the show counter ipv6 dhcp client command awplus show counter ipv6 dhcp client SOLICIT out 20 A...

Page 2400: ...sent by the DHCPv6 client REPLY in Displays the count of REPLY messages received by the DHCPv6 client RELEASE out Displays the count of RELEASE messages sent by the DHCPv6 client DECLINE out Displays...

Page 2401: ...information use the command awplus show counter ipv6 dhcp server Output Figure 49 3 Example output from the show counter ipv6 dhcp server command awplus show counter ipv6 dhcp server SOLICIT in 20 ADV...

Page 2402: ...ved by the DHCPv6 server REPLY out Displays the count of REPLY messages sent by the DHCPv6 server RELEASE in Displays the count of RELEASE messages received by the DHCPv6 server DECLINE in Displays th...

Page 2403: ...e The DUID is based on the link layer address for both DHCPv6 client and DHCPv6 server identifiers The device uses the MAC address from the lowest interface number for the DUID The DUID is used by a D...

Page 2404: ...nd Privileged Exec Example 1 To display the total DHCPv6 leasing address entries for all pools use the command awplus show ipv6 dhcp binding summary Output Figure 49 5 Example output from the show ipv...

Page 2405: ...DHCPv6 unique identifier DUID see RFC 3315 Each DHCPv6 client has as DUID DHCPv6 servers use DUIDs to identify clients for the association of IAs Identity Associations with DHCPv6 clients DHCPv6 clie...

Page 2406: ...OMMANDS SHOW IPV6 DHCP BINDING Related Commands clear ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp pool starts at The date and time at which the valid lifetime expires expires at The date and time...

Page 2407: ...interface Output Figure 49 7 Example output from the show ipv6 dhcp interface command Example 2 To display DHCPv6 information for interface vlan2 use the command awplus show ipv6 dhcp interface vlan2...

Page 2408: ...escription interface is in server client Prefix Delegation mode Displays whether the specified interface is in server or client mode and whether prefix delegation is applied to an interface Address Di...

Page 2409: ...show ipv6 dhcp pool Output Figure 49 9 Example output from the show ipv6 dhcp pool command Parameter Description DHCPv6 address pool name Name of a specific DHCPv6 address pool This displays the conf...

Page 2410: ...ecated address or prefix should not be used as a source address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected An IPv6 address or prefix becomes invalid and...

Page 2411: ...CPv6 Configuration Examples The following example adds an SNTP Server IPv6 address of 2001 0db8 32 to the DHCPv6 pool named P2 awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config d...

Page 2412: ...erver For information on filtering and saving command output see the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Command List ntp authenticate on page 2413 ntp authen...

Page 2413: ...authenticate the associations with other systems for security purposes The no variant of this command disables NTP authentication Syntax ntp authenticate no ntp authenticate Mode Global Configuration...

Page 2414: ...MD5 authentication key number 134343 and a key value mystring use the commands awplus configure terminal awplus config ntp authentication key 134343 md5 mystring To disable the authentication key num...

Page 2415: ...adcastdelay delay no ntp broadcastdelay Default 0 microsecond offset which can only be applied with the no variant of this command Mode Global Configuration Examples To set the estimated round trip de...

Page 2416: ...92 168 1 0 16 subnet if they arrive more frequently than every 5 seconds and also send kiss of death messages use the commands awplus configure terminal awplus config ntp discard minimum 5 awplus conf...

Page 2417: ...tance from the reference clock and exist to prevent cycles in the hierarchy Stratum 1 is used to indicate time servers which are more accurate than Stratum 2 servers For more information on the Networ...

Page 2418: ...0 2 23 awplus configure terminal awplus config ntp peer 192 0 2 23 awplus config ntp peer 192 0 2 23 prefer awplus config ntp peer 192 0 2 23 prefer version 4 awplus config ntp peer 192 0 2 23 prefer...

Page 2419: ...s config ntp peer 2001 0db8 010d 1 prefer awplus config ntp peer 2001 0db8 010d 1 prefer version 4 awplus config ntp peer 2001 0db8 010d 1 prefer version 4 key 1234 awplus config ntp peer 2001 0db8 01...

Page 2420: ...dress Apply this restriction to the specified IPv4 or IPv6 host Enter an IPv4 address in the format A B C D Enter an IPv6 address in the format X X X X host subnet Apply this restriction to the specif...

Page 2421: ...2 1 and the subnet 192 168 1 0 16 to authenticate NTP sessions with this device use the commands awplus configure terminal awplus config ntp restrict 192 0 2 1 notrust awplus config ntp restrict 192...

Page 2422: ...config ntp server 192 0 1 23 awplus config ntp server 192 0 1 23 prefer awplus config ntp server 192 0 1 23 prefer version 4 awplus config ntp server 192 0 1 23 prefer version 4 key 1234 awplus config...

Page 2423: ...wplus config ntp server 2001 0db8 010e 2 prefer awplus config ntp server 2001 0db8 010e 2 prefer version 4 awplus config ntp server 2001 0db8 010e 2 prefer version 4 key 1234 awplus config ntp server...

Page 2424: ...sing this command is matched to the interface When selecting a source IP address to use for NTP messages to the peer if the configured NTP client source IP address is unavailable then default behavior...

Page 2425: ...figure the NTP source interface with the IPv6 address 2001 0db8 010e 2 enter the commands awplus configure terminal awplus config ntp source 2001 0db8 010e 2 To remove a configured address for the NTP...

Page 2426: ...are Plus Operating System Version 5 4 7 1 x NTP COMMANDS NTP TRUSTED KEY DEPRECATED ntp trusted key deprecated Overview This command has been deprecated in Software Version 5 4 6 1 1 Please use the tr...

Page 2427: ...or AR2050V 2427 AlliedWare Plus Operating System Version 5 4 7 1 x NTP COMMANDS SHOW COUNTER NTP DEPRECATED show counter ntp deprecated Overview From version 5 4 6 1 x onwards this command has been re...

Page 2428: ...256 377 27 144 0 775 0 193 system peer backup candidate outlier x false ticker Table 2 Parameters in the output from the show ntp associations command Parameter Description system peer The peer that N...

Page 2429: ...hen When last polled seconds ago h hours ago or d days ago poll Time between NTP requests from the device to the server reach An indication of whether or not the NTP server is responding to requests 0...

Page 2430: ...icted 0 rate limited 0 KoD responses 0 processed for time 306 Table 50 1 Parameters in the output from show ntp counters Parameter Description uptime How long NTP has been running since it was last re...

Page 2431: ...h any restrict statements in the NTP restrictions NTP drops these packets See the command ntp restrict for more information rate limited The number of packets dropped because the packet rate exceeded...

Page 2432: ...icate 0 bad header 0 kod received 0 Table 50 2 Parameters in the output from show ntp counters associations Parameter Description Peer An NTP peer or server that the device is associated with sent The...

Page 2433: ...The number of packets where one or more header fields are invalid kod received The number of Kiss of Death packets received from the peer KoD packets indicate that this device is sending NTP packets m...

Page 2434: ...w ntp status For information about the output displayed by this command see ntp org Figure 50 3 Example output from the show ntp status command awplus show ntp status associd 0 status 061b leap_none s...

Page 2435: ...and output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug snmp on page 2437 show counter snmp server on page 2438 show debugging snmp on page...

Page 2436: ...D local reset on page 2461 snmp server group on page 2462 snmp server host on page 2464 snmp server legacy ifadminstatus on page 2466 snmp server location on page 2467 snmp server source interface on...

Page 2437: ...detail To start SNMP debugging showing all SNMP debugging information use the command awplus debug snmp all Related Commands show debugging snmp terminal monitor undebug snmp Parameter Description al...

Page 2438: ...e output from the show counter snmp server command SNMP SERVER counters inPkts 11 inBadVersions 0 inBadCommunityNames 0 inBadCommunityUses 0 inASNParseErrs 0 inTooBigs 0 inNoSuchNames 0 inBadValues 0...

Page 2439: ...SNMP Messages inTooBigs The number of SNMP PDUs received by the SNMP agent where the value of the error status field is tooBig This is sent by an SNMP manager to indicate that an exception occurred w...

Page 2440: ...NMP agent has sent outTooBigs The number of SNMP PDUs that the SNMP agent has generated with the value tooBig in the error status field This is sent to the SNMP manager to indicate that an exception o...

Page 2441: ...agent s window UnknownUserNames The number of received packets that the SNMP agent has dropped because they referenced an unknown user UnknownEngineIDs The number of received packets that the SNMP age...

Page 2442: ...This command displays whether SNMP debugging is enabled or disabled Syntax show debugging snmp Mode User Exec and Privileged Exec Example To display the status of SNMP debugging use the command awplu...

Page 2443: ...ed Exec Example To display the current configuration of SNMP on your device use the command awplus show running config snmp Output Figure 51 3 Example output from the show running config snmp command...

Page 2444: ...how snmp server Mode Privileged Exec Example To display the status of the SNMP server use the command awplus show snmp server Output Figure 51 4 Example output from the show snmp server command Relate...

Page 2445: ...configured on the device SNMP communities are specific to v1 and v2c Syntax show snmp server community Mode Privileged Exec Example To display the SNMP server communities use the command awplus show...

Page 2446: ...how snmp server group Mode Privileged Exec Example To display the SNMP groups configured on the device use the command awplus show snmp server group Output Figure 51 6 Example output from the show snm...

Page 2447: ...SNMP server users and is used with SNMP version 3 only Syntax show snmp server user Mode Privileged Exec Example To display the SNMP server users configured on the device use the command awplus show s...

Page 2448: ...SNMP server views and is used with SNMP version 3 only Syntax show snmp server view Mode Privileged Exec Example To display the SNMP server views configured on the device use the command awplus show...

Page 2449: ...interface types switch port e g port 1 0 1 VLAN e g vlan2 Ethernet e g eth1 static and dynamic link aggregation e g sa2 po2 To specify where notifications are sent use the snmp server host command To...

Page 2450: ...SNMP TRAP LINK STATUS To disable the sending of link status notifications for port 1 0 2 use following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no snmp tr...

Page 2451: ...started when the first link status notification of a particular type linkUp or linkDown is sent for an interface If the threshold number of notifications of this type is sent before the timerreachesth...

Page 2452: ...x SNMP COMMANDS SNMP TRAP LINK STATUS SUPPRESS To disable the suppression link status notifications for port 1 0 2 use following commands awplus configure terminal awplus config interface port1 0 2 a...

Page 2453: ...v6 no snmp server ip ipv6 Default By default the SNMP agent is enabled for both IPv4 and IPv6 If neither the ip parameter nor the ipv6 parameter is specified for this command then SNMP is enabled or d...

Page 2454: ...rsion 5 4 7 1 x SNMP COMMANDS SNMP SERVER Related Commands show snmp server show snmp server community show snmp server user snmp server community snmp server contact snmp server enable trap snmp serv...

Page 2455: ...view name ro rw no snmp server community community name view view name Mode Global Configuration Example The following command creates an SNMP community called public with read only access to all MIB...

Page 2456: ...command removes the contact information from the system Syntax snmp server contact contact info no snmp server contact Mode Global Configuration Example To set the system contact information to suppo...

Page 2457: ...e below Default By default no notifications are generated Mode Global Configuration Usage This command cannot be used to enable link status notifications globally To enable link status notifications f...

Page 2458: ...configure terminal awplus config snmp server enable trap thrash limit To disable the device from sending MAC address Thrash Limiting traps use the following commands awplus configure terminal awplus...

Page 2459: ...current engine ID is also system generated Syntax snmp server engineID local engine id default no snmp server engineID local Mode Global Configuration Usage All devices must have a unique engine ID w...

Page 2460: ...ig snmp server engineid local asdgdfh231234d awplus config exit awplus show snmp server SNMP Server Enabled IP Protocol IPv4 SNMPv3 Engine ID configured name asdgdfh231234d SNMPv3 Engine ID actual 0x8...

Page 2461: ...engine ID by resetting the SNMPv3 engine If the current engine ID is user defined usethe snmp server engineID local command to set SNMPv3 engineID to a system generated value Syntax snmp server engin...

Page 2462: ...server group groupname auth noauth priv Mode Global Configuration Examples To add SNMP group for ordinary users user the following commands awplus configure terminal awplus config snmp server group us...

Page 2463: ...Rev B Command Reference for AR2050V 2463 AlliedWare Plus Operating System Version 5 4 7 1 x SNMP COMMANDS SNMP SERVER GROUP Related Commands snmp server show snmp server show snmp server group show sn...

Page 2464: ...P v2c or the authentication encryption parameters and user name SNMP v3 Syntax snmp server host ipv4 address ipv6 address traps version 1 community name snmp server host ipv4 address ipv6 address info...

Page 2465: ...aps to the IPv6 host destination 2001 db8 8a2e 7334 with the SNMPv2c community name private use the following command awplus configure terminal awplus config snmp server host version 2c private2001 db...

Page 2466: ...the administrative state of the interface Syntax snmp server legacy ifadminstatus no snmp server legacy ifadminstatus Default Legacy ifAdminStatus is turned off by default so by default the SNMP ifAd...

Page 2467: ...ariant of this command removes the configured location from the system Syntax snmp server location location name no snmp server location Mode Global Configuration Example To set the location to server...

Page 2468: ...f the traps and informs messages Mode Global Configuration Usage An SNMP trap or inform message that is sent from an SNMP server carries the notification IP address of its originating interface Use th...

Page 2469: ...lay time no snmp server startup trap delay Default The SNMP server trap delay time is 30 seconds The no variant restores the default Mode Global Configuration Example To delay the device sending SNMP...

Page 2470: ...ds must be the same for both entities Use the encrypted parameter when you want to enter already encrypted passwords in encrypted form as displayed in the running and startup configs stored on the dev...

Page 2471: ...mmand To enter existing SNMP user authuser with existing passwords as a member of group newusergroup with authentication protocol md5 plus the encrypted authentication password 0x1c74b9c22118291b0ce0c...

Page 2472: ...C613 50186 01 Rev B Command Reference for AR2050V 2472 AlliedWare Plus Operating System Version 5 4 7 1 x SNMP COMMANDS SNMP SERVER USER Related Commands show snmp server user snmp server view...

Page 2473: ...moves the specified view on the device The view must already exist Syntax snmp server view view name mib name included excluded no snmp server view view name Mode Global Configuration Examples The fol...

Page 2474: ...01 Rev B Command Reference for AR2050V 2474 AlliedWare Plus Operating System Version 5 4 7 1 x SNMP COMMANDS UNDEBUG SNMP undebug snmp Overview This command applies the functionality of the no debug s...

Page 2475: ...s an alphabetical reference for commands used to configure SMTP For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration G...

Page 2476: ...ng for sending emails The no variant of this command turns off debugging for sending emails Syntax debug mail no debug mail Mode Privileged Exec Examples To turn on debugging for sending emails use th...

Page 2477: ...ec Examples To delete a unique mail item 20060912142356 1234 from the queue use the command awplus delete mail 20060912142356 1234 To delete all mail from the queue use the command awplus delete mail...

Page 2478: ...ct subject file filename Mode Privileged Exec Example To send an email to rei nerv comwith the subject dummy plug configuration and with the message body inserted from the file plug conf use the comma...

Page 2479: ...put from the show counter mail command Example To show the emails in the queue use the command awplus show counter mail Related Commands debug mail delete mail mail show mail Mail Client SMTP counters...

Page 2480: ...System Version 5 4 7 1 x SMTP COMMANDS SHOW MAIL show mail Overview This command displays the emails in the queue Syntax show mail Mode Privileged Exec Example To display the emails in the queue use...

Page 2481: ...01 Rev B Command Reference for AR2050V 2481 AlliedWare Plus Operating System Version 5 4 7 1 x SMTP COMMANDS UNDEBUG MAIL undebug mail Overview This command applies the functionality of the no debug m...

Page 2482: ...stkey on page 2486 crypto key destroy userkey on page 2487 crypto key generate hostkey on page 2488 crypto key generate userkey on page 2490 crypto key pubkey chain knownhosts on page 2491 crypto key...

Page 2483: ...ssh server deny users on page 2514 ssh on page 2515 ssh client on page 2517 ssh server on page 2519 ssh server allow users on page 2521 ssh server authentication on page 2523 ssh server deny users on...

Page 2484: ...of your message to save the text and re enter the normal command line mode The banner message is preserved if the device restarts The no variant of this command deletes the login banner from the devic...

Page 2485: ...delete an SSH session if you are a system manager or the user who initiated the session If all is specified then all active SSH sessions are deleted Syntax clear ssh 1 65535 all Mode Privileged Exec E...

Page 2486: ...y generate hostkey command to generate that key before you enable the SSH server Syntax crypto key destroy hostkey dsa ecdsa rsa rsa1 Mode Global Configuration Example To destroy the RSA host key used...

Page 2487: ...ser key for the SSH user remoteuser use the commands awplus configure terminal awplus config crypto key destroy userkey remoteuser rsa Related Commands crypto key generate hostkey show ssh show crypto...

Page 2488: ...generate hostkey dsa 768 1024 crypto key generate hostkey rsa rsa1 768 32768 crypto key generate hostkey ecdsa 256 384 Default The default key length for RSA and DSA is 1024 bits The default key size...

Page 2489: ...4 7 1 x SECURE SHELL SSH COMMANDS CRYPTO KEY GENERATE HOSTKEY To generate an ECDSA host key with an elliptic curve size of 384 bits use the commands awplus configure terminal awplus config crypto key...

Page 2490: ...ns for the user bob use the commands awplus configure terminal awplus config crypto key generate userkey bob rsa 2048 To generate a DSA user key for the user lapo use the commands awplus configure ter...

Page 2491: ...chain knownhosts ip ipv6 hostname rsa dsa rsa1 no crypto key pubkey chain knownhosts 1 65535 Syntax VRF lite crypto key pubkey chain knownhosts vrf vrf name ip ipv6 hostname rsa dsa rsa1 no crypto ke...

Page 2492: ...t the public key of the server is altered or unknown Examples To add the RSA host key of the remote SSH host IPv4 address 192 0 2 11 to the known host database use the command awplus crypto key pubkey...

Page 2493: ...text into the terminal To add a key as text into the terminal first enter the command crypto key pubkey chain userkey username and hit Enter Enter the key as text Note that the key you enter as text m...

Page 2494: ...n userkey joeType CNTL D to finish AAAAB3NzaC1yc2EAAAABIwAAAIEAr1s7SokW5aW2fcOw1TStpb9J20b WluhnUC768EoWhyPW6FZ2t5360O5M29EpKBmGqlkQaz5V0mU9IQe66 5YyD4Ux OKSDtTI 7jtjDcoGWHb2u4sFwRpXwJZcgYrXW16 6NvNbk...

Page 2495: ...he SSH client from generating diagnostic debugging message Syntax debug ssh client brief full no debug ssh client Default SSH client debugging is disabled by default Mode Privileged Exec and Global Co...

Page 2496: ...bugging facility This stops the SSH server from generating diagnostic debugging messages Syntax debug ssh server brief full no debug ssh server Default SSH server debugging is disabled by default Mode...

Page 2497: ...ions use the clear ssh command Syntax service ssh ip ipv6 no service ssh ip ipv6 Default The Secure Shell server is disabled by default Both IPv4 and IPv6 Secure Shell server are enabled when you issu...

Page 2498: ...for AR2050V 2498 AlliedWare Plus Operating System Version 5 4 7 1 x SECURE SHELL SSH COMMANDS SERVICE SSH Related Commands crypto key generate hostkey show running config ssh show ssh server ssh serv...

Page 2499: ...nd displays the banner message configured on the device The banner message is displayed to the remote user before user authentication starts Syntax show banner login Mode User Exec Privileged Exec Glo...

Page 2500: ...hostkey dsa ecdsa rsa rsa1 Mode User Exec Privileged Exec and Global Configuration Examples To show the public keys generated on the device for SSH server use the command awplus show crypto key hostke...

Page 2501: ...L SSH COMMANDS SHOW CRYPTO KEY HOSTKEY Related Commands crypto key destroy hostkey crypto key generate hostkey Table 1 Parameters in output of the show crypto key hostkey command Parameter Description...

Page 2502: ...is specified this command displays the known host database from the global routing environment If neither vrf nor global is specified this command displays the known host database from the global rout...

Page 2503: ...VRF lite support added No Hostname Type Fingerprint 1 172 16 23 1 rsa c8 33 b1 fe 6f d3 8c 81 4e f7 2a aa a5 be df 18 2 172 16 23 10 rsa c4 79 86 65 ee a0 1d a5 6a e8 fd 1d d3 4e 37 bd 3 5ffe 1053 ac...

Page 2504: ...are registered with the SSH server use the command awplus show crypto key pubkey chain userkey manager Output Figure 53 3 Example output from the show crypto key public chain userkey command Related C...

Page 2505: ...ub Output Figure 53 4 Example output from the show crypto key userkey command Related Commands crypto key generate userkey Parameter Description username User name of the local SSH user whose keys you...

Page 2506: ...168 1 ssh server allow users john ssh server deny user john a company com ssh server Table 5 Parameters in the output of the show running config ssh command Parameter Description ssh server SSH serve...

Page 2507: ...SHELL SSH COMMANDS SHOW RUNNING CONFIG SSH Related Commands service ssh show ssh server ssh server allow users Add the user and hostname to the allow list ssh server deny users Add the user and hostna...

Page 2508: ...command Secure Shell Sessions ID Type Mode Peer Host Username State Filename 414 ssh server 172 16 23 1 root open 456 ssh client 172 16 23 10 manager user auth 459 scp client 172 16 23 12 root downloa...

Page 2509: ...has accepted a new session host auth host to host authentication is in progress user auth User authentication is in progress authenticated User authentication is complete open The session is in progre...

Page 2510: ...t Output Figure 53 7 Example output from the show ssh client command Related Commands show ssh server Secure Shell Client Configuration Port 22 Version 2 1 Connect Timeout 30 seconds Session Timeout 0...

Page 2511: ...hell Server Configuration SSH Server Enabled Port 22 Version 2 Services scp sftp User Authentication publickey password Resolve Hosts Disabled Session Timeout 0 Off Login Timeout 60 seconds Maximum Au...

Page 2512: ...onds that the SSH server will wait to receive data from the SSH client The server disconnects if this timer limit is reached If set at 0 the idle timer remains off Maximum Startups The maximum number...

Page 2513: ...use the command awplus show ssh server allow users Output Figure 53 9 Example output from the show ssh server allow users command Related Commands ssh server allow users ssh server deny users Username...

Page 2514: ...al Configuration Example To display the user entries in the deny list of the SSH server use the command awplus show ssh server deny users Output Figure 53 10 Example output from the show ssh server de...

Page 2515: ...VRF lite ssh vrf vrf name ip ipv6 user username port 1 65535 version 1 2 hostname line Parameter Description vrf Apply the command to the specified VRF instance vrf name The name of the VRF instance i...

Page 2516: ...the cmd command on the remote SSH server at 192 0 2 5 use the command awplus ssh ip 192 0 2 5 cmd Example VRF lite To login to the remote SSH server at 192 168 1 1 on VRF red use the command awplus ss...

Page 2517: ...sion timeout 0 3600 connect timeout 1 600 no ssh client port version session timeout connect timeout Parameter Description port The default TCP port of the remote SSH server If an SSH client specifies...

Page 2518: ...timeout 600 To configure the connect timeout of SSH client to 10 seconds use the command awplus ssh client connect timeout 10 To restore the connect timeout to its default use the command awplus no s...

Page 2519: ...ts both SSHv2 and SSHv1client connections Default v1v2 v2only Supports SSHv2 client connections only 1 65535 The TCP port number that the server listens to for incoming SSH sessions Default 22 session...

Page 2520: ...ions waiting authentication from SSH server to 3 use the commands awplus configure terminal awplus config ssh server max startups To set max startups parameters of SSH server to the default configurat...

Page 2521: ...sting entry Syntax ssh server allow users username pattern hostname pattern no ssh server allow users username pattern hostname pattern Mode Global Configuration Examples To allow the user john to cre...

Page 2522: ...SECURE SHELL SSH COMMANDS SSH SERVER ALLOW USERS To delete the existing user entry john 192 168 1 in the allow list use the commands awplus configure terminal awplus config no ssh server allow users...

Page 2523: ...r authentication password publickey no ssh server authentication password publickey Default Both RSA public key authentication and password authentication are enabled by default Mode Global Configurat...

Page 2524: ...hentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication password To disable publickey authentication for users connecting thr...

Page 2525: ...r deny users username pattern hostname pattern Mode Global Configuration Examples To deny the user john to access SSH login from any host use the commands awplus configure terminal awplus config ssh s...

Page 2526: ...x SECURE SHELL SSH COMMANDS SSH SERVER DENY USERS To delete the existing user entry john 192 168 2 in the deny list use the commands awplus configure terminal awplus config no ssh server deny users jo...

Page 2527: ...ts default value of 6 Syntax ssh server max auth tries 1 32 no ssh server max auth tries Default 6 attempts Mode Global Configuration Usage By default users must wait one second after a failed login a...

Page 2528: ...ntax ssh server resolve hosts no ssh server resolve hosts Default This feature is disabled by default Mode Global Configuration Usage Your device has a DNS Client that is enabled automatically when yo...

Page 2529: ...evice accepts SCP connections The SCP service is enabled by default as soon as the SSH server is enabled The no variant of this command disables the SCP service on the SSH server Once disabled SCP req...

Page 2530: ...The SFTP service is enabled by default as soon as the SSH server is enabled If the SSH server is disabled SFTP service is unavailable The no variant of this command disables SFTP service on the SSH se...

Page 2531: ...d Reference for AR2050V 2531 AlliedWare Plus Operating System Version 5 4 7 1 x SECURE SHELL SSH COMMANDS UNDEBUG SSH CLIENT undebug ssh client Overview This command applies the functionality of the n...

Page 2532: ...d Reference for AR2050V 2532 AlliedWare Plus Operating System Version 5 4 7 1 x SECURE SHELL SSH COMMANDS UNDEBUG SSH SERVER undebug ssh server Overview This command applies the functionality of the n...

Page 2533: ...put see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active trigger on page 2535 day on page 2536 debug trigger on page 2538 description trigger on pa...

Page 2534: ...for AR2050V 2534 AlliedWare Plus Operating System Version 5 4 7 1 x TRIGGER COMMANDS type periodic on page 2562 type ping poll on page 2563 type reboot on page 2564 type time on page 2565 type usb on...

Page 2535: ...ctive Mode Trigger Configuration Usage Configure a trigger first before you use this command to activate it Forinformationaboutconfiguringatrigger seethe TriggersFeatureOverviewand Configuration Guide...

Page 2536: ...rt LEDs in the Triggers Feature Overview and Configuration Guide Examples To permit trigger 55 to activate on the 1 October 2016 use the commands awplus configure terminal awplus config trigger 55 awp...

Page 2537: ...ting System Version 5 4 7 1 x TRIGGER COMMANDS DAY To permit trigger 12 to activate on a Mondays Wednesdays and Fridays use the commands awplus configure terminal awplus config trigger 12 awplus confi...

Page 2538: ...essages about how your device is processing the trigger commands and activating the triggers The no variant of this command disables trigger debugging Syntax debug trigger no debug trigger Mode Privil...

Page 2539: ...this trigger Syntax description description no description Mode Trigger Configuration Examples To give trigger 240 the description daily status report use the commands awplus configure terminal awplus...

Page 2540: ...ited number of times To reset a trigger to this default specify either yes or forever Syntax repeat forever no once yes 1 4294967294 Mode Trigger Configuration Examples To allow trigger 21 to activate...

Page 2541: ...position in the script list The all parameter removes all scripts from the trigger Syntax script 1 5 filename no script 1 5 filename all Mode Trigger Configuration Examples To configure trigger 71 to...

Page 2542: ...cpu_trig sh from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script flash cpu_trig sh To remove all the scripts from trigger 7...

Page 2543: ...ff from the debug trigger command Syntax show debugging trigger Mode User Exec and Privileged Exec Example To display the current configuration of trigger debugging use the command awplus show debuggi...

Page 2544: ...displays the current running configuration of the trigger utility Syntax show running config trigger Mode Privileged Exec Example To display the current configuration of the trigger utility use the co...

Page 2545: ...about all triggers full Displays detailed information about all triggers Table 1 Example output from the show trigger command awplus show trigger TR Type Details Name Ac Te Tr Repeat Scr Days Date 00...

Page 2546: ...umber of times a trigger has activated use the show trigger 1 250 command Scr Number of scripts associated with the trigger Days Date Days or date when the trigger may be activated For the days option...

Page 2547: ...ion not activated Number of scripts 0 1 not configured 2 not configured 3 not configured 4 not configured 5 not configured Trigger 2 Description no description Type and details USB out Days smtwtfs Af...

Page 2548: ...inuous or for a set number of times When the trigger can repeat only a set number of times then the number of times the trigger has been activated is displayed in brackets Modified The date and time o...

Page 2549: ...as been activated Time triggers activated today Number of times a time trigger has been activated today Periodic triggers activated today Number of times a periodic trigger has been activated today In...

Page 2550: ...tivates the scripts associated with the trigger will be run as normal Syntax test no test Mode Trigger Configuration Usage Configure a trigger first before you use this command to diagnose it For info...

Page 2551: ...idnight during which the trigger may activate By default the value of this parameter is 23 59 59 that is the trigger may activate at any time If the value specified for before is later than the value...

Page 2552: ...ger 63 to activate between midnight and 10 30am use the commands awplus configure terminal awplus config trigger 63 awplus config trigger time before 10 30 00 To allow trigger 64 to activate between 3...

Page 2553: ...MIB objects are supported the SNMP Feature Overview and Configuration_Guide the SNMP Commands chapter Since SNMP traps are enabled by default for all defined triggers a common usage will be for the n...

Page 2554: ...l parameters can be specified At a minimum the trigger type information must be specified before the trigger can become active The no variant of this command removes a specified trigger and all config...

Page 2555: ...his command manually activates a trigger without the normal trigger conditions being met The trigger is activated even if it is configured as inactive The scripts associated with the trigger will be e...

Page 2556: ...fig trigger 5 node1 config trigger type atmf node leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1...

Page 2557: ...This command returns the following display Display the triggers configured on each of the nodes in the AMF Network AMF Net 3 show running config trigger This command returns the following display node...

Page 2558: ...7 1 x TRIGGER COMMANDS TYPE ATMF NODE Related Commands show trigger Node1 trigger 1 type periodic 2 script 1 atmf scp trigger 5 type atmf node leave description E mail on ATMF Exit script 1 email_me s...

Page 2559: ...ctivity in the Triggers Feature Overview and Configuration Guide Examples To configure trigger 28 to be a CPU trigger that activates when CPU usage exceeds 80 use the following commands awplus configu...

Page 2560: ...of these events occurs by using the any option Syntax type interface interface up down any Mode Trigger Configuration Example To configure trigger 19 to be an interface trigger that activates when po...

Page 2561: ...ory trigger that activates when memory usage exceeds 50 use the following commands awplus configure terminal awplus config trigger 12 awplus config trigger type memory 50 up To configure trigger 40 to...

Page 2562: ...figured If you attempt to add more than 10 triggers the following error message is displayed For an example trigger configuration that uses the type periodic command see See Daily Statistics in the Tr...

Page 2563: ...r unreachable Syntax type ping poll 1 100 up down Mode Trigger Configuration Example To configure trigger 106 to activate when ping poll 12 detects that its target device is now unreachable use the fo...

Page 2564: ...erview This command configures a trigger that activates when your device is rebooted Syntax type reboot Mode Trigger Configuration Example To configure trigger 32 to activate when your device reboots...

Page 2565: ...imit of 10 triggers of the type time and type periodic can be configured If you attempt to add more than 10 triggers the following error message is displayed Example To configure trigger 86 to activat...

Page 2566: ...Mode Trigger Configuration Usage USB triggers cannot execute script files from a USB storage device Examples To configure trigger 1 to activate on the insertion of a USB storage device use the comman...

Page 2567: ...B Command Reference for AR2050V 2567 AlliedWare Plus Operating System Version 5 4 7 1 x TRIGGER COMMANDS UNDEBUG TRIGGER undebug trigger Overview This command applies the functionality of the no debu...

Page 2568: ...mand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active ping polling on page 2570 clear ping poll on page 2571 critical interval on page 2...

Page 2569: ...on page 2574 fail count on page 2575 ip ping polling on page 2576 length ping poll data on page 2577 normal interval on page 2578 ping poll on page 2579 sample size on page 2580 show counter ping pol...

Page 2570: ...ing is unreachable The no variant of this command disables a ping poll instance The polling instance no longer sends ICMP echo requests to the polled device This also resets all counters for this poll...

Page 2571: ...nd The device status changes to reachable once the device responses have reached the up count Syntax clear ping poll 1 100 all Mode Privileged Exec Examples To reset the ping poll instance 12 use the...

Page 2572: ...one second Syntax critical interval 1 65536 no critical interval Default The default is 1 second Mode Ping Polling Configuration Examples To set the critical interval to 2 seconds for the ping polling...

Page 2573: ...the specified ping poll Syntax debug ping poll 1 100 no debug ping poll 1 100 all Mode Privileged Exec Examples To enable debugging for ping poll instance 88 use the command awplus debug ping poll 88...

Page 2574: ...e the description set Syntax description description no description Mode Ping Polling Configuration Examples To add the text Primary Gateway to describe the ping poll instance 45 use the commands awpl...

Page 2575: ...he no variant of this command resets the fail count to the default Syntax fail count 1 100 no fail count Default The default is 5 Mode Ping Polling Configuration Examples To specify the number of ping...

Page 2576: ...to poll the device with the IP address 192 168 0 1 use the commands awplus configure terminal awplus config ping poll 5 awplus config ping poll ip 192 168 0 1 To set ping poll instance 10 to poll the...

Page 2577: ...opping packets of the size you are interested in The no variant of this command resets the data bytes to the default of 32 bytes Syntax length 4 1500 no length Default The default is 32 Mode Ping Poll...

Page 2578: ...Configuration Examples To specify a time period of 60 seconds between pings when the device is reachable for ping poll instance 45 use the commands awplus configure terminal awplus config ping poll 45...

Page 2579: ...the polling instance to poll It is not necessary to specify any further commands unless you want to change a command s default The no variant of this command deletes the specified ping poll Syntax pin...

Page 2580: ...does not always reply to pings may be declared unreachable You cannot set this command s value lower than the fail count value The polling instance uses the number of pings specified by the up count...

Page 2581: ...Reference for AR2050V 2581 AlliedWare Plus Operating System Version 5 4 7 1 x PING POLLING COMMANDS SAMPLE SIZE Related Commands critical interval fail count normal interval ping poll show ping poll t...

Page 2582: ...plays the counters for the specified ping poll only If you do not specify a ping poll then this command displays counters for all ping polls Ping polling counters Ping poll 1 PingsSent 15 PingsFailedU...

Page 2583: ...e the target device is in the Up state This is a cumulative counter for multiple occurrences of the Up state PingsFailedDownState Number of unanswered pings while the target device is in the Down stat...

Page 2584: ...Displays polling instances based on whether the device they are polling is currently reachable or unreachable up Displays polling instance where the device state is reachable down Displays polling ins...

Page 2585: ...polled device may be going down Critical Down The device is unreachable but the polling instance received a reply to the last ping packet so the polled device may be coming back up Destinatio n The I...

Page 2586: ...is reachable Down The device is unreachable Critic a l Up The device is reachable but recently the polling instance has not received some ping replies so the polled device may be going down Critic a l...

Page 2587: ...pings that must be unanswered within the total number of pings specified by the sample size command for the polling instance to consider the device unreachable This is set using the fail count command...

Page 2588: ...dress no source ip Mode Ping Polling Configuration Examples To configure the ping polling instance 43 to use the source IP address 192 168 0 1 in ping packets use the commands awplus configure termina...

Page 2589: ...ommand Reference for AR2050V 2589 AlliedWare Plus Operating System Version 5 4 7 1 x PING POLLING COMMANDS SOURCE IP Related Commands description ping polling ip ping polling length ping poll data pin...

Page 2590: ...eout 1 30 no timeout Default The default is 1 second Mode Ping Polling Configuration Examples To specify the timeout as 5 seconds for ping poll instance 43 use the commands awplus configure terminal a...

Page 2591: ...ing Polling Configuration Examples To set the upcount to 5 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll...

Page 2592: ...mand Reference for AR2050V 2592 AlliedWare Plus Operating System Version 5 4 7 1 x PING POLLING COMMANDS UNDEBUG PING POLL undebug ping poll Overview This command applies the functionality of the no d...

Page 2593: ...C613 50186 01 Rev B Command Reference for AR2050V 2593 AlliedWare Plus Operating System Version 5 4 7 1 x Part 8 Firewall and Network Address Translation NAT...

Page 2594: ...The table below lists the firewall commands and their applicable modes Figure 56 1 Firewall commands and applicable modes Command List clear firewall connections on page 2596 connection limit Firewall...

Page 2595: ...page 2602 protect Firewall on page 2603 rule Firewall on page 2604 show connection log events on page 2606 show firewall on page 2607 show firewall connections on page 2608 show firewall connections...

Page 2596: ...continued to be translated The continued translation after associated NAT rule is removed will only stop when You use the clear firewall connections command to manually stop translations immediately w...

Page 2597: ...pplied to an entity with multiple addresses will apply the limit to individual hosts not the total connections for the entity The limit applies to both IPv4 and IPv6 If a connection limit rule is remo...

Page 2598: ...two types of messages you can log new connections and connections that ended You can control the amount of messages you log by choosing to log either type of message or all of the message types Messa...

Page 2599: ...on mode The command prompt for this mode is awplus config firewall In the Firewall Configuration mode you can Enable or disable firewall protection see the protect Firewall command Create move or dele...

Page 2600: ...s Use the no variant of this command to disable firewall debugging and NAT debugging For more information about NAT see the Firewall_and Network Address Translation NAT Feature Overview and Configurat...

Page 2601: ...tions it may be beneficial to time out unused established TCP sessions earlier For example in a busy environment where there is an excessive number of sessions being established the firewall connectio...

Page 2602: ...note that a change to the rule order may change the rule results Syntax move rule 1 65535 to 1 65535 Mode Firewall Configuration Examples To change the rule ID from 20 to 10 use the commands awplus co...

Page 2603: ...guration Usage Firewall protection is disabled by default and all traffic can pass through the firewall When the firewall is enabled and no rules are added all traffic will be blocked by default You c...

Page 2604: ...h this command deny Drop connections that match the application source entity and destination entity specified with this command No error message is sent back to the source host reject Reject connecti...

Page 2605: ...tween public and private use the command awplus config firewall rule 10 permit ping from public to private To create a rule for denying application http between public wan and private lan use the comm...

Page 2606: ...wall as configured by the connection log events command Syntax show connection log events Mode User Exec Example To show the logging configuration state for the connections passing through the firewal...

Page 2607: ...the number of active connections being handled by the firewall You can use the protect Firewall command to enable firewall protection Syntax show firewall Mode Privileged Exec Examples To show the sta...

Page 2608: ...s clear firewall connections awplus show firewall connections tcp ESTABLISHED src 192 168 1 2 dst 172 16 1 2 sport 58616 dport 23 packets 16 bytes 867 src 172 16 1 2 dst 172 16 1 1 sport 23 dport 5861...

Page 2609: ...nection limits for a given entity Syntax show firewall connections limits Mode Privileged Exec Examples To show the information about all the firewall connection limits use the command awplus show fir...

Page 2610: ...it also checks if the entity zone has a valid subnet Examples To check configuration validity of connection limit rules use the command awplus show firewall connections limits config check Output Fig...

Page 2611: ...t from the show firewall rule command To show information about a specific firewall rule use the command awplus show firewall rule 10 Output Figure 56 9 Example output from the show firewall rule comm...

Page 2612: ...RULE Related commands rule Firewall Output Parameter Description Indicates the rule is not valid and cannot be hit see the show firewall rule config check command Action The rule action set by the ru...

Page 2613: ...destination entity the rule applies to is not configured properly To configure applications and entities see Application and Entity Commands Examples To check configuration validity of firewall rules...

Page 2614: ...ewall command to enable firewall and NAT debugging For more information about NAT see the Firewall_and Network Address Translation NAT Feature Overview and Configuration_Guide Syntax show debugging fi...

Page 2615: ...n commands that have been used to configure the firewall Syntax show running config firewall Mode Privileged Exec Examples To show the configuration commands that have been used to configure the firew...

Page 2616: ...NAT Feature Overview and Configuration_Guide The table below lists the application commands and their applicable modes Figure 57 1 Application commands and applicable modes The table below lists the...

Page 2617: ...p code on page 2626 icmp type on page 2628 ip address Entity on page 2630 ip subnet on page 2632 ipv6 address Entity on page 2634 ipv6 subnet on page 2636 network Entity on page 2638 protocol on page...

Page 2618: ...and ICMP type for the application Application is invalid if its protocol source or destination are not properly configured for example application has no protocol configured or source and destination...

Page 2619: ...System Version 5 4 7 1 x APPLICATION AND ENTITY COMMANDS APPLICATION To delete custom application openVPN use the commands awplus configure terminal awplus config no application openVPN Validation com...

Page 2620: ...t range Syntax dport destination port any start range to end range no dport destination port any start range to end range Mode Application Mode Usage You can create more than one destination port numb...

Page 2621: ...l awplus config application openVPN awplus config application dport any To remove destination port 15 from application openVPN use the commands awplus configure terminal awplus config application open...

Page 2622: ...ues in the range 0 63 Use spaces to separate values af11 be One or more DSCP values specified according to the Assured Forwarding group as defined in RFC 2597 and RFC 3260 See the table below for valu...

Page 2623: ...nfig application voice awplus config application dscp ef To specify DSCPs of 12 and 13 for the application named test use the commands awplus configure terminal awplus config application test awplus c...

Page 2624: ...workName HostName This commands allows you to enter the Host Mode with the prompt awplus config host The Host Mode enables you to configure IPv4 address and IPv6 address for the host For more informat...

Page 2625: ...d Reference for AR2050V 2625 AlliedWare Plus Operating System Version 5 4 7 1 x APPLICATION AND ENTITY COMMANDS HOST ENTITY Validation commands show entity Related commands ip address Entity ipv6 addr...

Page 2626: ...ICMP code only for applications that use protocol ICMP To configure the application protocol see the protocol command You can specify only one ICMP message code for an application The newly specified...

Page 2627: ...C613 50186 01 Rev B Command Reference for AR2050V 2627 AlliedWare Plus Operating System Version 5 4 7 1 x APPLICATION AND ENTITY COMMANDS ICMP CODE Related commands application icmp type protocol...

Page 2628: ...at use protocol ICMP To configure the application protocol see the protocol command You can specify only one ICMP message type for an application The newly specified type will replace the previous one...

Page 2629: ...Command Reference for AR2050V 2629 AlliedWare Plus Operating System Version 5 4 7 1 x APPLICATION AND ENTITY COMMANDS ICMP TYPE Validation commands show application Related commands application icmp...

Page 2630: ...that contains the host s IP address Firewall policy rules will not apply to an IP address that is not in at least one of the network s subnets Examples To add an IP address to host ftp use the comman...

Page 2631: ...N AND ENTITY COMMANDS IP ADDRESS ENTITY To remove an IP address from host ftp use the commands awplus configure terminal awplus config zone dmz awplus config zone network servers awplus config network...

Page 2632: ...onfig network ip subnet 192 168 2 0 24 To add a subnet and an interface to network servers use the commands awplus configure terminal awplus config zone dmz awplus config zone network servers awplus c...

Page 2633: ...awplus config zone dmz awplus config zone network servers awplus config network ip subnet 192 168 2 0 24 interface eth1 awplus config network ip subnet 10 1 0 0 16 interface eth1 To remove a subnet fr...

Page 2634: ...v6 address Firewall policy rules will not apply to an IPv6 address that is not in at least one of the network s subnets Examples To add an IPv6 address to host web server use the commands awplus confi...

Page 2635: ...COMMANDS IPV6 ADDRESS ENTITY To remove an IPv6 address from host web server use the commands awplus configure terminal awplus config zone dmz awplus config zone network servers awplus config network h...

Page 2636: ...vers awplus config network ipv6 subnet 2001 db8 32 To add a subnet and an interface to network servers use the commands awplus configure terminal awplus config zone dmz awplus config zone network serv...

Page 2637: ...wplus config zone dmz awplus config zone network servers awplus config network ipv6 subnet 2001 db8 7 32 interface eth1 awplus config network ipv6 subnet 2001 db8 8 32 interface eth1 To remove a subne...

Page 2638: ...dot notation for example ZoneName NetworkName This commands allows you to enter the Network Mode with the prompt awplus config network In the Network Mode you can Configure subnets and interfaces for...

Page 2639: ...on 5 4 7 1 x APPLICATION AND ENTITY COMMANDS NETWORK ENTITY To destroy a network entity named servers use the commands awplus configure terminal awplus config zone dmz awplus config zone no network se...

Page 2640: ...tion The newly specified protocol will replace the previous one Examples To specify protocol tcp for application openVPN use the commands awplus configure terminal awplus config application openVPN aw...

Page 2641: ...IPv6 for application openVPN use the commands awplus configure terminal awplus config application openVPN awplus config application protocol 41 To unset the protocol in application openVPN use the com...

Page 2642: ...mation of the applications Syntax show application Mode Privileged Exec Examples To show all applications currently configured use the command awplus show application Output Figure 57 3 Example output...

Page 2643: ...about custom and predefined applications currently configured The protocol destination port source port ICMP code ICMP type DSCP and the name of the applications will be displayed Syntax show applicat...

Page 2644: ...ldap TCP sport 1024 65535 dport 389 lisa TCP sport 1024 65535 dport 7741 msn TCP sport 1024 65535 dport 1863 mysql TCP sport 1024 65535 dport 3306 news TCP sport 1024 65535 dport 119 nfs tcp TCP sport...

Page 2645: ...tem Version 5 4 7 1 x APPLICATION AND ENTITY COMMANDS SHOW APPLICATION DETAIL Output Figure 57 5 Example output from show application detail for a particular application Related Commands show applicat...

Page 2646: ...ork host Syntax show entity entity Mode Privileged Exec Examples To show the information about all entities use the command awplus show entity Output Figure 57 6 Example output from the show entity co...

Page 2647: ...ormation associated with the host entity zone1 network1 host1 use the command awplus show entity zone1 network1 host1 Output Figure 57 8 Example output from the show entity command awplus show entity...

Page 2648: ...n existing port range Syntax sport source port any start range to end range no sport source port any start range to end range Mode Application Mode Usage You can create more than one source port numbe...

Page 2649: ...l awplus config application openVPN awplus config application sport any To remove source port 15 from application openVPN use the commands awplus configure terminal awplus config application openVPN a...

Page 2650: ...e the no variant of this command to destroy a zone entity Syntax zone zone name no zone zone name Mode Global Configuration Usage This command allows you to enter the Zone Mode with the prompt awplus...

Page 2651: ...C613 50186 01 Rev B Command Reference for AR2050V 2651 AlliedWare Plus Operating System Version 5 4 7 1 x APPLICATION AND ENTITY COMMANDS ZONE Validation commands show entity...

Page 2652: ...work Address Translation NAT Feature Overview and Configuration_Guide The following figure lists the NAT commands and their applicable modes Figure 58 1 NAT commands and applicable modes Command List...

Page 2653: ...mmand Reference for AR2050V 2653 AlliedWare Plus Operating System Version 5 4 7 1 x NAT COMMANDS show nat on page 2664 show nat rule on page 2665 show nat rule config check on page 2667 show running c...

Page 2654: ...mmand to disable NAT without losing existing NAT configuration Syntax enable no enable Default NAT is disabled by default Mode NAT Configuration Examples To enable NAT use the commands awplus configur...

Page 2655: ...by default Mode Interface Configuration Usage Limited local proxy ARP supports Static NAT configurations in which the NAT configuration s public address is different to the ethernet interface s addres...

Page 2656: ...rver with address 172 22 0 3 zone public network eth1 ip subnet 0 0 0 0 0 interface eth1 host http_server ip address 172 22 0 3 Create a NAT rule to map from the public to the private zone nat rule 10...

Page 2657: ...ocal proxy arp ip add mask no local proxy arp ip add mask Default No subnets are specified for use with limited local proxy ARP Mode Global Configuration Example To specify limited local proxy ARP for...

Page 2658: ...on Examples To change the ID of a rule from 10 to 30 use the commands awplus configure terminal awplus config nat awplus config nat move rule 10 to 30 Validation commands show nat rule show running co...

Page 2659: ...you to enter the NAT Configuration mode The command prompt for this mode is awplus config nat In the NAT Configuration mode you can Enable NAT see the enable NAT command Create NAT rules or change th...

Page 2660: ...u do not designate a rule ID a rule ID will be automatically generated and it will be greater than the current highest rule ID masq The type of NAT rule NAT with IP Masquerade is a case where all or a...

Page 2661: ...e zone command network network Entity command or host host Entity command source host entity In a masq rule the specific source host address that the traffic will masquerade as The source host entity...

Page 2662: ...interfaces Removing a NAT rule for an actively translated flow does not stop it translating immediately This means subsequent packets in the flow continue to be translated The continued translation a...

Page 2663: ...ic use the commands awplus configure terminal awplus config nat awplus config nat rule 20 masq http from private to public To use subnet based NAT to translate the source address of all traffic from p...

Page 2664: ...SHOW NAT show nat Overview Use this command to show the configuration state of NAT Syntax show nat Mode Privileged Exec Examples To show the configuration state of NAT use the commands awplus show nat...

Page 2665: ...about a specific NAT rule use the command awplus show nat rule 10 Output Figure 58 4 Example output from the show nat rule command Parameter Description 1 65535 Rule ID awplus show nat rule Rule is no...

Page 2666: ...lliedWare Plus Operating System Version 5 4 7 1 x NAT COMMANDS SHOW NAT RULE Related commands rule NAT show nat rule config check with Target entity name To Destination entity Hits The number of times...

Page 2667: ...plication source entity or destination entity the rule applies to is not configured properly To configure applications and entities see Application and Entity Commands Examples To check configuration...

Page 2668: ...at have been used to configure NAT Syntax show running config nat Mode Privileged Exec Examples To show the configuration commands that have been used to configure NAT use the commands awplus show run...

Page 2669: ...C613 50186 01 Rev B Command Reference for AR2050V 2669 AlliedWare Plus Operating System Version 5 4 7 1 x Part 9 Advanced Network Protection...

Page 2670: ...eature Overview and Configuration_Guide The table below lists the IPS commands and their applicable modes Figure 59 1 IPS Commands and Applicable Modes Command List category action IPS on page 2671 ip...

Page 2671: ...deny To set the default action for category checksum use the commands awplus configure terminal awplus config ips awplus config ips no category checksum action Validation Commands show ips categories...

Page 2672: ...ion Usage This command allows you to enter the IPS mode The command prompt for this mode is awplus config ips In the IPS mode you can Enable or disable IPS protection see the protect IPS command Confi...

Page 2673: ...tion is enabled traffic will be categorized according to the available IPS categories See the show ips categories command for the list of available IPS categories Default IPS is disabled by default Mo...

Page 2674: ...e IPS configuration state and event count for the Intrusion Prevention System IPS Syntax show ips Mode Privileged Exec Examples To display information about IPS use the command awplus show ips Output...

Page 2675: ...events alert http events alert icmp decoder events alert ip decoder events alert ppp decoder events alert smtp events alert stream events alert udp decoder events alert Parameter Description checksum...

Page 2676: ...o large IPv4 in IPv6 invalid protocol IPv6 in IPv6 packet too short ppp decoder events PPP anomalies e g PPP packet too small PPP IPv6 too small PPP wrong type PPPoE wrong code PPPoE malformed tags sm...

Page 2677: ...w Use this command to show the configuration commands that have been used to configure IPS Syntax show running config dpi Mode Privileged Exec Examples To show the commands that have been used to conf...

Page 2678: ...tom whitelists to allow access to URLs For more information see the URL Filtering Feature Overview_and Configuration Guide The following table lists the URL filtering commands and their applicable mod...

Page 2679: ...01 Rev B Command Reference for AR2050V 2679 AlliedWare Plus Operating System Version 5 4 7 1 x URL FILTERING COMMANDS url filter reload custom lists on page 2685 url filter on page 2686 whitelist on...

Page 2680: ...ide You can use the whitelist command to add a whitelist that will override any corresponding blacklist entries Examples To add a blacklist that uses a custom file that is stored on USB for example an...

Page 2681: ...ogging of HTTP and HTTPS URL requests passing through the firewall Syntax log url requests no log url requests Default Disabled by default Mode URL Filter Configuration Usage When enabled additional l...

Page 2682: ...ter configuration Syntax protect no protect Default URL filter protection is disabled by default and all HTTP and HTTPS traffic is allowed Mode URL Filter Configuration Examples To enable URL filter p...

Page 2683: ...S SHOW RUNNING CONFIG URL FILTER show running config url filter Overview Use this command to show the running configuration information for URL filtering Syntax show running config url filter Mode Pri...

Page 2684: ...ing Syntax show url filter Mode Privileged Exec Examples To show information about the configuration state of URL filtering use the command awplus show url filter Output Figure 60 2 Example output fro...

Page 2685: ...TS url filter reload custom lists Overview Use this command to reload all custom blacklists and whitelists after editing one or more of them Syntax url filter reload custom lists Mode Privileged Exec...

Page 2686: ...iguration mode and changes the command prompt to awplus config url filter The URL Filter Configuration mode enables you to Enable URL filtering protection see the protect URL filtering command Configu...

Page 2687: ...tted For information about whitelist rule format see the URL Filtering Feature Overview and_Configuration Guide Examples To add a whitelist that uses a custom file that is stored on USB for example an...

Page 2688: ...C613 50186 01 Rev B Command Reference for AR2050V 2688 AlliedWare Plus Operating System Version 5 4 7 1 x Part 10 Virtual Private Networks VPNs...

Page 2689: ...Feature Overview and_Configuration Guide Command List clear isakmp sa on page 2691 crypto ipsec profile on page 2692 crypto isakmp key on page 2694 crypto isakmp peer on page 2696 crypto isakmp profi...

Page 2690: ...ow isakmp profile on page 2721 show isakmp sa on page 2723 transform IPsec Profile on page 2724 transform ISAKMP Profile on page 2725 tunnel destination IPsec on page 2727 tunnel local name IPsec on p...

Page 2691: ...ed Exec Examples To delete the ISAKMP security associations at the peer for an IPv6 address use the command awplus clear isakmp sa peer 2001 0db8 1 To delete the ISAKMP security associations at the pe...

Page 2692: ...f 8 hours applies to the default IPsec profile Mode Global Configuration Examples To configure a custom IPsec profile for establishing IPSec SAs with a remote peer use the following commands awplus co...

Page 2693: ...mmand Reference for AR2050V 2693 AlliedWare Plus Operating System Version 5 4 7 1 x IPSEC COMMANDS CRYPTO IPSEC PROFILE Related Commands lifetime IPsec Profile transform IPsec Profile Validation Comma...

Page 2694: ...ess ipv4 addr ipv6 addr no crypto isakmp key 8 key hostname hostname address ipv4 addr ipv6 addr Default ISAKMP keys do not exist Mode Global Configuration Examples To configure a pre shared authentic...

Page 2695: ...plus config crypto isakmp key friend address 192 168 1 1 To configure a pre shared encrypted authentication key at a peer with IPv4 address use the commands below awplus configure terminal awplus conf...

Page 2696: ...es To configure a profile for a peer with a dynamic IP address use the following commands awplus configure terminal awplus config crypto isakmp peer dynamic profile peer_profile To configure a profile...

Page 2697: ...e following commands awplus config crypto isakmp peer hostname user domain com profile peer_profile awplus configure terminal To set the profile for the peer back to the default use the following comm...

Page 2698: ...u cannot delete or edit the default profile Expiry time of 24 hours applies to the default profile Mode Global Configuration Parameter Description profile_name Profile name Profile names are case inse...

Page 2699: ...llowing commands awplus configure terminal awplus config crypto isakmp profile my_profile awplus config isakmp profile transform 2 integrity sha1 encryption 3des group 5 To delete a custom profile use...

Page 2700: ...akmp or undebug isakmp Syntax debug crypto isakmp info trace all Mode Privileged Exec Parameter Description debug Debugging function crypto Security specific command isakmp Internet Security Associati...

Page 2701: ...v2 c 758 ikev2_initiate creating new ike_sa 21 04 13 awplus iked DEBUG ike_sa c 431 ikev2_allocate_sa ikev2_create_sa nil 10 1 0 10 500 10 2 0 10 500 0x810b678 21 04 13 awplus iked DEBUG ike_sa c 434...

Page 2702: ...D acknowledgment message Use the no variant to set the interval to its default 30 seconds Syntax dpd interval 10 86400 no dpd interval Default If you do not specify an interval the default interval of...

Page 2703: ...smission timeout applies as every exchange is used to detect dead peers Use the no variant to set the timeout to its default 150 seconds Syntax dpd timeout 10 86400 no dpd timeout Default If you do no...

Page 2704: ...unnel interface to configure in Global Configuration mode This command is also used to enter Interface Configuration mode for existing tunnel interfaces Usage Note that you need to designate a tunnel...

Page 2705: ...800 seconds Syntax lifetime seconds 300 31449600 no lifetime seconds Default If you do not specify a lifetime the default lifetime of 28800 seconds 8 hours applies Mode IPsec Profile Configuration Exa...

Page 2706: ...ant to set the lifetime to default 86400 seconds Syntax lifetime 600 31449600 no lifetime Default If you do not specify a lifetime the default lifetime of 86400 seconds 8 hours applies Mode ISAKMP Pro...

Page 2707: ...ax no crypto isakmp info trace all Mode Privileged Exec Related Commands debug isakmp undebug isakmp Parameter Description no Disable debugging function crypto Security specific isakmp Internet Securi...

Page 2708: ...IKEv2 is used for ISAKMP SA negotiation With IKEv2 if there is a PFS group mismatch an IPsec SA will be established and the tunnel will come up because PFS is not required for the initial child SA neg...

Page 2709: ...C613 50186 01 Rev B Command Reference for AR2050V 2709 AlliedWare Plus Operating System Version 5 4 7 1 x IPSEC COMMANDS PFS Validation Commands show ipsec profile...

Page 2710: ...ow if debugging ISAKMP is enabled enter the command below awplus show debugging isakmp Output Figure 61 2 Example output from the show debugging isakmp command Parameter Description debugging Debuggin...

Page 2711: ...ven tunnel identified by the tunnel index parameter tunnel index Specify a tunnel index in the range from 0 through 255 awplus show interface tunnel1 Interface tunnel1 Link is UP administrative state...

Page 2712: ...n crypto Security specific command ipsec Internet Protocol Security defines the protection of IP packets using encryption and authentication counters Show IPSec transformation statistic awplus show ip...

Page 2713: ...d peer Remote endpoint hostname Destination hostname ipv4 addr Destination IPv4 address The IPv4 address uses the format A B C D ipv6 addr Destination IPv6 address The IPv6 address uses the format X X...

Page 2714: ...xamples To show IPSec policies enter the command below awplus show ipsec policy Output Figure 61 6 Example output from the show ipsec policy command Parameter Description crypto Security specific comm...

Page 2715: ...cluding the default profile use the following command awplus show ipsec profile Output Figure 61 7 Example output from the show ipsec profile command Parameter Description crypto Security specific ips...

Page 2716: ...ow IPsec profile my_profile use the command awplus show ipsec profile my_profile Output Figure 61 8 Example output from the show ipsec profile command Related Commands crypto ipsec profile awplus show...

Page 2717: ...on Guide Syntax show crypto ipsec sa Mode Privileged Exec Examples To view the settings used by current security associations enter the command below awplus show ipsec sa Output Figure 61 9 Example ou...

Page 2718: ...mp counters command Parameter Description crypto Security specific command isakmp Internet Security Association Key Management Protocol provides a common framework for key management implementations c...

Page 2719: ...ed keys are not viewable and stored encrypted in the running configuration Syntax show crypto isakmp key Mode Privileged Exec Examples To show ISAKMP pre shared key enter the command below awplus show...

Page 2720: ...KMP peers use the following command awplus show isakmp peer Output Figure 61 12 Example output from the show isakmp peer command Related Commands crypto isakmp peer Command changes Version 5 4 7 0 1 P...

Page 2721: ...e command Examples To show ISAKMP profile my_profile use the command awplus show isakmp profile my_profile Parameter Description profile_name Custom profile name awplus show isakmp profile ISAKMP Prof...

Page 2722: ...ANDS SHOW ISAKMP PROFILE Output Figure 61 14 Example output from the show isakmp profile command Related Commands crypto isakmp profile awplus show isakmp profile my_profile ISAKMP Profile my_profile...

Page 2723: ...ut from the show isakmp sa command Parameter Description crypto Security specific command isakmp Internet Security Association Key Management Protocol provides a common framework for key management im...

Page 2724: ...ile my_profile awplus config ipsec profile transform 2 protocol esp integrity sha1 encryption 3des To delete a created transform use the following command awplus config ipsec profile no transform 2 Re...

Page 2725: ...profile transform use the following commands awplus config crypto isakmp profile my_profile awplus config isakmp profile transform 2 integrity sha1 encryption 3des group 5 Parameter Description 1 255...

Page 2726: ...AR2050V 2726 AlliedWare Plus Operating System Version 5 4 7 1 x IPSEC COMMANDS TRANSFORM ISAKMP PROFILE To delete a created transform use the following command awplus config isakmp profile no transfor...

Page 2727: ...tunnel mode ipsec ipv4 awplus config if tunnel destination 192 0 3 1 To configure a destination IPv6 address for IPsec tunnel145 use the commands below awplus configure terminal awplus config interfac...

Page 2728: ...tination use the commands below awplus configure terminal awplus config interface tunnel145 awplus config if tunnel mode ipsec ipv4 awplus config if tunnel destination dynamic To remove the destinatio...

Page 2729: ...Sec tunnel hostname Syntax tunnel local name local name no tunnel local name Default The default tunnel local name is the IP address of tunnel source Mode Interface Configuration Examples To configure...

Page 2730: ...rmit traffic through a tunnel if the traffic matches a specified pair of local and remote subnets When the local selector is specified but the remote selector is not the selector pair implicitly match...

Page 2731: ...c ipv6 awplus config if tunnel local selector 2001 db8 1 64 awplus config if tunnel remote selector 2001 db8 2 64 To configure an additional source and destination traffic selector pair for the traffi...

Page 2732: ...ec in IPv4 tunnel mode use the commands awplus configure terminal awplus config interface tunnel6 awplus config if tunnel mode ipsec ipv4 To remove configured IPSec tunnels for tunnel6 use the command...

Page 2733: ...s command for them to work GRE IPv6 and L2TPv3 IPv6 tunnel have IPsec protection as an option Examples To enable IPsec protection by using default profile use the following commands awplus configure t...

Page 2734: ...nel remote name Syntax tunnel remote name remote name no tunnel local name Default The default tunnel remote name is the IP address of tunnel destination Mode Interface Configuration Examples To confi...

Page 2735: ...pair is an agreement between IKE peers to permit trafic through a tunnel if the traffic matches a specified pair of local and remote subnets When the remote selector is specified but the local select...

Page 2736: ...us config if tunnel destination 2001 db8 10 1 awplus config if tunnel local name office awplus config if tunnel mode ipsec ipv6 awplus config if tunnel local selector 2001 db8 1 64 awplus config if tu...

Page 2737: ...ource interface name ipv4 address ipv6 address no tunnel source interface name ipv4 address ipv6 address Mode Interface Configuration Examples To configure a source IPv4 address for IPsec tunnel145 us...

Page 2738: ...System Version 5 4 7 1 x IPSEC COMMANDS TUNNEL SOURCE IPSEC To remove the source address of IPsec tunnel145 use the commands below awplus configure terminal awplus config interface tunnel145 awplus c...

Page 2739: ...crypto isakmp info trace all Mode Privileged Exec Related Commands debug isakmp no debug isakmp Parameter Description undebug Disable debugging function crypto Security specific command isakmp Interne...

Page 2740: ...re isakmp profile my_profile awplus config isakmp profile version 1 mode main To set the version to its default use the following command awplus no version Related Commands crypto isakmp profile Valid...

Page 2741: ...Guide Command List crypto isakmp key on page 2742 interface tunnel on page 2744 ip address GRE on page 2745 ip tcp adjust mss on page 2747 ipv6 address GRE on page 2749 ipv6 tcp adjust mss on page 27...

Page 2742: ...address ipv4 addr ipv6 addr no crypto isakmp key 8 key hostname host name address ipv4 addr ipv6 addr Default ISAKMP keys do not exist Mode Global Configuration Examples To configure a pre shared auth...

Page 2743: ...us configure terminal awplus config crypto isakmp key friend address 192 168 1 1 To configure a pre shared encrypted authentication key at a peer with IPv4 address use the commands below awplus config...

Page 2744: ...0 255 no interface tunnel tunnel index Default Tunnel interfaces do not exist Mode Global Configuration Usage This command creates a new tunnel interface to configure in Global Configuration mode This...

Page 2745: ...dress from the tunnel interface You cannot remove the primary address when a secondary address is present Syntax ip address ip addr prefix length secondary label label no ip address ip addr prefix len...

Page 2746: ...Rev B Command Reference for AR2050V 2746 AlliedWare Plus Operating System Version 5 4 7 1 x GRE TUNNELING COMMANDS IP ADDRESS GRE Related Commands interface tunnel show ip interface show running conf...

Page 2747: ...When a host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Trans...

Page 2748: ...x GRE TUNNELING COMMANDS IP TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no...

Page 2749: ...ig for a detailed command description and examples to enable and disable SLAAC Note that link local addresses are retained in the system until they are negated by using the no variant of the command t...

Page 2750: ...64 To assign the eui64 derived address in the prefix 2001 db8 48 to tunnel interface tunnel2 use the commands awplus configure terminal awplus config interface tunnel2 awplus config if ipv6 address 2...

Page 2751: ...en a host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmi...

Page 2752: ...GRE TUNNELING COMMANDS IPV6 TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if n...

Page 2753: ...to display tunnel status information of a given tunnel identified by the 0 255 parameter 0 255 Specify a tunnel index in the range from 0 through 255 awplus show interface tunnel20 Interface tunnel20...

Page 2754: ...ared keys are not viewable and stored encrypted in the running configuration Syntax show crypto isakmp key Mode Privileged Exec Examples To show ISAKMP pre shared key enter the command below awplus sh...

Page 2755: ...o detect packet corruption Use the no variant of this command to disable checksum insertion and checking Syntax tunnel checksum no tunnel checksum Default Checksum insertion and checking is disabled M...

Page 2756: ...SCP field value is inherited from the inner header to the outer header Mode Interface Configuration Examples To configure the DSCP value to 10 for tunnel2 use the commands awplus configure terminal aw...

Page 2757: ...config if tunnel mode gre awplus config if tunnel destination 2 2 2 2 To configure a GRE tunnel destination by using a destination network name use the commands awplus configure terminal awplus confi...

Page 2758: ...01 Rev B Command Reference for AR2050V 2758 AlliedWare Plus Operating System Version 5 4 7 1 x GRE TUNNELING COMMANDS TUNNEL DESTINATION GRE Related commands interface tunnel tunnel mode GRE tunnel s...

Page 2759: ...IPSec tunnel hostname Syntax tunnel local name local name no tunnel local name Default The default tunnel local name is the IP address of tunnel source Mode Interface Configuration Examples To configu...

Page 2760: ...GRE as the encapsulation mode use the commands awplus configure terminal awplus config interface tunnel2 awplus config if tunnel mode gre To remove a configured GRE tunnel for tunnel2 use the commands...

Page 2761: ...ts encapsulated by tunnel is disabled Mode Interface Configuration Usage You also need to configure a pre shared key in conjunction with this command See the crypto isakmp key command for more informa...

Page 2762: ...unnel remote name Syntax tunnel remote name remote name no tunnel local name Default The default tunnel remote name is the IP address of tunnel destination Mode Interface Configuration Examples To con...

Page 2763: ...nfig if tunnel mode gre awplus config if tunnel source 1 1 1 1 To use an interface name as the tunnel source use the commands awplus configure terminal awplus config interface tunnel2 awplus config if...

Page 2764: ...01 Rev B Command Reference for AR2050V 2764 AlliedWare Plus Operating System Version 5 4 7 1 x GRE TUNNELING COMMANDS TUNNEL SOURCE GRE Related commands interface tunnel tunnel destination GRE tunnel...

Page 2765: ...ue to its default Syntax tunnel ttl 1 255 no tunnel ttl Default The default TTL value is inherited from the encapsulated packet Mode Interface Configuration Example To set the TTL value of the packet...

Page 2766: ...e The table below lists the OpenVPN commands and their applicable modes Figure 63 1 OpenVPN commands and applicable modes Command List ip tcp adjust mss on page 2768 ipv6 tcp adjust mss on page 2770 s...

Page 2767: ...ating System Version 5 4 7 1 x OPENVPN COMMANDS tunnel mode openvpn tap on page 2778 tunnel mode openvpn tun on page 2779 tunnel openvpn expiry bytes on page 2780 tunnel openvpn expiry seconds on page...

Page 2768: ...n a host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmis...

Page 2769: ...1 x OPENVPN COMMANDS IP TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no ip...

Page 2770: ...a host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmissi...

Page 2771: ...1 x OPENVPN COMMANDS IPV6 TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no i...

Page 2772: ...mation of a given tunnel identified by the 0 255 parameter tunnel index Specify a tunnel index in the range from 0 through 255 awplus show interface tunnel0 Interface tunnel0 Link is UP administrative...

Page 2773: ...openvpn connections Mode Privileged Exec Examples To show information about connected OpenVPN users use the command awplus show openvpn connections Output Figure 63 3 Example output from the show ope...

Page 2774: ...r Syntax show openvpn connections detail Mode Privileged Exec Examples To show detailed information about connected OpenVPN users use the command awplus show openvpn connections detail Output Figure 6...

Page 2775: ...ou need to configure the client to use the same setting as the server To do this include one of the following lines in your client s OpenVPN configuration ovpn file Example To configure tunnel 5 which...

Page 2776: ...he same setting as the server To do this include one of the following lines in your client s OpenVPN configuration ovpn file For example consider a client file tun ovpn that has the following settings...

Page 2777: ...L OPENVPN CIPHER Example To configure tunnel 5 which is an OpenVPN tunnel to use AES 256 data channel encryption use the commands awplus configure terminal awplus config interface tunnel5 awplus confi...

Page 2778: ...ant to transport any network protocol such as IPv4 IPv6 IPX Note that TAP will cause broadcast overhead on the VPN tunnel and add the overhead of Ethernet headers on all packets transported over the V...

Page 2779: ...You want to transport traffic that is destined for the VPN client You want to transport only layer 3 packets You want to support VPN on mobile devices Note that TUN cannot be used in bridges and broa...

Page 2780: ...mode for a tunnel Example To configure tunnel2 to rekey after 1Gbyte of traffic use the following commands awplus configure terminal awplus config interface tunnel2 awplus config if tunnel openvpn exp...

Page 2781: ...a tunnel Example To configure tunnel2 to rekey every 30 minutes use the following commands awplus configure terminal awplus config interface tunnel2 awplus config if tunnel openvpn expiry seconds 180...

Page 2782: ...ination port number 1194 You can use the show application detail command to see the application details If you specify a UDP number that is different to the default port number you need to create an a...

Page 2783: ...n is received from the RADIUS server the value specified in this command is used Use the no variant of this command to remove the VID over the tunnel Note that you can add an 802 1Q tag in the TAP mod...

Page 2784: ...roductory information about tunneling of PPP over L2TPv2 in AlliedWare Plus including overview and configuration information see the L2TPv2 Feature Overview and Configuration Guide Command List crypto...

Page 2785: ...ow isakmp key L2TPv3 on page 2808 show l2tp session on page 2809 show l2tp tunnel on page 2811 show l2tp tunnel config check on page 2815 show running config l2tp profile on page 2817 show running con...

Page 2786: ...ipv4 address ipv6 address no crypto isakmp key 8 key hostname host name address ipv4 address ipv6 address Default ISAKMP keys do not exist Mode Global Configuration Examples To configure a pre shared...

Page 2787: ...configure terminal awplus config crypto isakmp key friend address 192 168 1 1 To configure a pre shared encrypted authentication key at a peer with IPv4 address use the commands awplus configure term...

Page 2788: ...ebugging of L2TPv2 tunnels Syntax debug l2tp no debug l2tp undebug l2tp Default Debugging of L2TPv2 tunnels is disabled by default Mode Privileged Exec Example To enable debugging for L2TPv2 tunnels u...

Page 2789: ...tunnel1 to 10 1 1 1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2tp tunnel destination 10 1 1 1 To remove the destination IP address from tunnel1 use th...

Page 2790: ...rface eth1 1 or a cellular interface e g interface cellular0 L2TP Tunnel Configuration mode for an L2TP tunnel e g l2tp tunnel tunnel0 Examples To configure a PPP interface with index 0 for Ethernet i...

Page 2791: ...7 1 x L2TP COMMANDS ENCAPSULATION PPP To remove the PPP interface with index 1 from L2TP tunnel tunnel1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2tp...

Page 2792: ...default Mode L2TP Tunnel Configuration Example To set the IP version for tunnel1 to IPv6 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2tp tunnel ip verso...

Page 2793: ...default Mode Global Configuration Example To create and begin configuring a new L2TP tunnel named tunnel1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2...

Page 2794: ...50186 01 Rev B Command Reference for AR2050V 2794 AlliedWare Plus Operating System Version 5 4 7 1 x L2TP COMMANDS L2TP TUNNEL show l2tp tunnel config check show running config l2tp tunnel source ver...

Page 2795: ...Configuration Usage The default UDP port for both unmanaged and managed L2TP tunnels is 1701 If both kinds of tunnel will be configured the UDP port for the unmanaged tunnel must be changed to a diffe...

Page 2796: ...ame Default No L2TP profile is configured by default This command is not configured by default Mode Global Configuration Example To create a L2TP profile named public use the commands awplus configure...

Page 2797: ...age If a local sub address is set this is checked against incoming the sub address AVP as a requirement for tunnel establishment The received sub address AVP content must match the configured local su...

Page 2798: ...ection is disabled by default Mode L2TP Tunnel Configuration Example To protect tunnel1 with IPsec use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2tp tunne...

Page 2799: ...used If a local name is configured with this command the crypto isakmp key command is required to configure a preshared authentication key using this local name as the hostname Example To set the IPs...

Page 2800: ...C613 50186 01 Rev B Command Reference for AR2050V 2800 AlliedWare Plus Operating System Version 5 4 7 1 x L2TP COMMANDS PROTECTION LOCAL NAME show running config l2tp tunnel...

Page 2801: ...et up tunnel1 with IPsec protection using IPsec profile profile1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2tp tunnel protection ipsec awplus config l...

Page 2802: ...remote name with this command protection remote name and set the key for this by using the crypto isakmp key command with this remote name as the hostname Example To set the IPsec remote name for tun...

Page 2803: ...C613 50186 01 Rev B Command Reference for AR2050V 2803 AlliedWare Plus Operating System Version 5 4 7 1 x L2TP COMMANDS PROTECTION REMOTE NAME show running config l2tp tunnel...

Page 2804: ...ub address configured at the other end of the tunnel If a remote sub address is configured for the tunnel this value is placed in the outgoing sub address AVP The other tunnel end point can check this...

Page 2805: ...wplus config l2tp profile public awplus config l2tp profile shared secret my_password To set tunnel secret to my_password for tunnel tunnelone use the commands awplus configure terminal awplus config...

Page 2806: ...e this command to display whether debugging of L2TP tunnels is on or off Syntax show debugging l2tp Mode Privileged Exec Example To display whether debugging of L2TP tunnels is on or off use the comma...

Page 2807: ...ble 64 1 awplus show interface tunnel20 Interface tunnel20 Link is UP administrative state is UP Hardware is Tunnel IPv4 address 192 168 10 1 24 broadcast 192 168 10 255 IPv6 address 2001 db8 10 1 64...

Page 2808: ...are not viewable and stored encrypted in the running configuration Syntax show crypto isakmp key Mode Privileged Exec Examples To show ISAKMP pre share key use the command awplus show isakmp key Outp...

Page 2809: ...TPv2 sessions use the command awplus show l2tp session Output Figure 64 4 Example output from show l2tp session Parameter Description detail Displays more detailed information about L2TP sessions awpl...

Page 2810: ...ssful connection retry Retrying connection Type The type of the L2TP session LAIC LAC incoming call LAOC LAC outgoing call LNIC LNS incoming call LNOC LNS outgoing call UNSPEC unspecified call type Cr...

Page 2811: ...g idle LAC tunnel is also displayed Example To display information about all L2TPv2 tunnels use the command awplus show l2tp tunnel Output Figure 64 5 Example output from show l2tp tunnel Parameter De...

Page 2812: ...ndow size 10 max retries 5 use udp checksums ON do pmtu discovery OFF mtu 1460 tos inherit framing capability SYNC ASYNC bearer capability DIGITAL ANALOG use tiebreaker ON tiebreaker f6 5e 50 9c 02 99...

Page 2813: ...rived from a domain name set by that command State The current state of the tunnel idle Idle wait ctl reply Await control reply wait ctl conn Await connect reply established Successful connection clos...

Page 2814: ...sages in seconds Retry Timeout The delay in seconds before sending the first retry of unacknowledged control frames Idle Timeout The time in seconds that a tunnel will remain after its last session ha...

Page 2815: ...el commands For details of the configuration in the system use the show running config l2tp tunnel command Example To check for missing L2TP tunnel configuration for the tunnel tunnel1 use the command...

Page 2816: ...he tunnel has a complete and valid configuration Incomplete configuration There is configuration still required or invalid for this tunnel as specified Examples of possible messages indicating missing...

Page 2817: ...nning configuration for L2Tp profiles Syntax show running config l2tp profile Mode Privileged Exec Example To display the running configuration of L2TP profiles use the command awplus show running con...

Page 2818: ...configuration use the command awplus show running config l2tp tunnel Output Figure 64 9 Example output from show running config l2tp tunnel Related Commands destination encapsulation ppp ip version l...

Page 2819: ...l Configuration Example To configure IP address 10 1 1 2 as the source address for the tunnel named tunnel1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l...

Page 2820: ...t must be specified as the tunnel remote ID on the other endpoint The local session ID defaults to the tunnel local ID and the local session ID is not configurable A session provides the data channel...

Page 2821: ...mode use the commands awplus configure terminal awplus config interface tunnel20 awplus config if tunnel mode l2tp v3 To remove the established tunnel use the commands awplus configure terminal awplus...

Page 2822: ...ackets encapsulated by tunnel is disabled Mode Interface Configuration Usage You also need to configure a pre shared key in conjunction with this command See the crypto isakmpkey command for more info...

Page 2823: ...int must be specified as the tunnel local ID on the other endpoint The remote session ID defaults to the tunnel remote ID and the remote session ID is not configurable A session provides the data chan...

Page 2824: ...el Configuration Example To use L2TPv2 for L2TP tunnel profile public use the commands awplus configure terminal awplus config l2tp profile public awplus config l2tp profile version 2 To use L2TPv2 fo...

Reviews:

No comments