background image

Chapter 7: WAN Interface Commands

Efficient Networks

® 

Router family

Command Line Interface Guide

Page 7-12

Efficient Networks

®

dmt mode

Sets DMT operational mode. The dmt mode command can request one of three 
modes: ANSI, no_Trellis_ANSI, and UAWG.

NOTE:

UAWG mode is becoming obsolete.

No Trellis encoding for T1.413 ANSI ADSL is only needed where auto-negotiation is 
not supported for Trellis.

Mgmt Class

Network (R/W)

Input Format

dmt mode ansi | no_trellis_ansi | uawg

Parameters

Response

Command prompt.

ansi | no_trellis_ansi

Selects the DMT mode used.

Summary of Contents for   Router family Command line interface

Page 1: ...Part No 107 0001 000 IILFLHQW 1HWZRUNV 5RXWHU DPLO RPPDQG LQH QWHUIDFH XLGH...

Page 2: ...Efficient Networks...

Page 3: ...eement and Limited Warranty 4 Upgrades Covered This License covers the Software originally provided to you with the Hardware and any additional software that you may receive from EFFICIENT whether del...

Page 4: ...lease contact EFFICIENT at the numbers provided above to determine out of warranty repair rate End users seeking out of warranty repair should contact EFFICIENT as described above to obtain an RMA and...

Page 5: ...Efficient Networks Router family Command Line Interface Guide Revision History Revision Effective Date Description Of Change 001 12 Feb 2002 Initial Release Information provided to support software ke...

Page 6: ...Sessions 1 3 Terminal Session under Windows HyperTerminal 1 4 Terminal Session for Macintosh or UNIX 1 6 Telnet Session for Remote Access 1 7 Command Line via the Web Management Interface 1 8 Status...

Page 7: ...erver 2 25 sntp request 2 26 sntp server 2 27 tcp stats 2 28 time 2 29 traceroute 2 30 vers 2 32 File System Commands 3 1 copy 3 2 delete 3 3 dir 3 4 execute 3 5 format disk 3 6 msfs 3 7 rename 3 8 sy...

Page 8: ...3 system backup retry 4 24 system backup stability 4 25 system backup successrate 4 25 system blocknetbiosdefault 4 26 system community 4 27 system default modem 4 28 system delbootpserver 4 28 system...

Page 9: ...system securitytimer 4 50 system selnat addpolicy 4 51 system selnat delpolicy 4 52 system selnat list 4 52 system snmpport 4 53 system sshport 4 55 system supporttrace 4 55 system syslogport 4 65 sys...

Page 10: ...ndroute 5 31 eth ip vrid 5 32 eth ipx addr 5 33 eth ipx disable 5 33 eth ipx enable 5 34 eth ipx frame 5 35 eth list 5 35 eth mtu 5 37 eth start 5 38 eth stop 5 39 eth vrrp add 5 40 eth vrrp clear pas...

Page 11: ...ryption 6 18 remote delhostmapping 6 19 remote deliproute 6 19 remote delipxroute 6 20 remote delipxsap 6 21 remote delourpasswd 6 22 remote deloursysname 6 22 remote delphone 6 23 remote delserver 6...

Page 12: ...anslate 6 49 remote setipxaddr 6 49 remote setipxoptions 6 50 remote setmaxline 6 51 remote setmgmtipaddr 6 51 remote setminline 6 53 remote setmtu 6 54 remote setourpasswd 6 55 remote setoursysname 6...

Page 13: ...d 7 7 remote setatmtraffic 7 8 DMT Commands 7 10 dmt 7 10 dmt link 7 11 dmt mode 7 12 Dual Ethernet Router ETH Commands 7 13 eth br enable 7 14 eth br disable 7 14 eth br options 7 15 Frame Commands 7...

Page 14: ...dsl terminal 7 35 SHDSL Commands 7 36 shdsl 7 37 shdsl annex 7 37 shdsl list 7 38 shdsl margin 7 39 shdsl ratemode 7 39 shdsl restart 7 40 shdsl save 7 41 shdsl speed 7 41 shdsl stats 7 43 shdsl termi...

Page 15: ...p set lease 8 20 dhcp set mask 8 21 dhcp set otherserver 8 22 dhcp set valueoption 8 23 L2TP Commands 9 1 l2tp 9 3 l2tp add 9 3 l2tp call 9 4 l2tp close 9 4 l2tp del 9 5 l2tp forward 9 6 l2tp list 9 7...

Page 16: ...E IPsec Commands 12 1 ike ipsec 12 5 ike commit 12 6 ike flush 12 6 ike ipsec policies add 12 7 ike ipsec policies delete 12 7 ike ipsec policies disable 12 8 ike ipsec policies enable 12 9 ike ipsec...

Page 17: ...sec proposals set lifetime 12 29 ike peers add 12 30 ike peers delete 12 31 ike peers list 12 31 ike peers set address 12 32 ike peers set localid 12 33 ike peers set localidtype 12 34 ike peers set m...

Page 18: ...tion 12 53 ipsec set gateway 12 54 ipsec set ident 12 54 ipsec set mode 12 55 ipsec set service 12 56 Voice Commands 13 1 dsp voice 13 2 dsp ecode 13 3 dsp jitter 13 4 dsp provision 13 5 dsp save 13 6...

Page 19: ...ete user 15 8 user disable 15 9 user enable 15 10 user list1 15 10 user list lookup 15 12 user list template 15 12 user set lookup 15 14 user set password 15 15 Key Commands 16 1 key 16 2 key add 16 3...

Page 20: ...er all 18 7 firewall delete 18 7 firewall delete all 18 8 firewall deny 18 9 firewall list 18 11 firewall modify 18 12 firewall set 18 14 firewall setdroppktthreshold 18 14 firewall seticmpfloodthresh...

Page 21: ...S Commands 20 1 qos 20 2 qos append 20 2 qos del 20 3 qos diffserv 20 4 qos disable 20 4 qos enable 20 5 qos insert 20 6 qos list 20 6 qos move 20 8 qos movetoend 20 8 qos off 20 9 qos on 20 10 qos sa...

Page 22: ...Efficient Networks Router family Command Line Interface Guide Efficient Networks This page intentionally left blank...

Page 23: ...al Reference Guide has also been supplied that provides essential information on the application configuration and management of these features Configuration of network connections bridging routing an...

Page 24: ...ameters that allow Parameters enclosed in and are placeholders representing specific information that you supply or a list of defined parameters of which one must be entered Parameters may include mor...

Page 25: ...st change your password from the default value Step 8 Enter a new password at the prompt Enter New Password Step 9 Re enter the new password at the prompt Enter New Password Again The password change...

Page 26: ...indows operating system Step 1 Click Start on the Windows taskbar then select The HyperTerminal window will appear in the background and you will be prompted for configuration information Step 2 In th...

Page 27: ...age 1 5 Step 4 In the Com 1 or 2 Properties page enter the following port settings and select OK Task Complete Bits per second Data bits Parity Stop bits Flow control 9600a 8 None 1 Hardware a To use...

Page 28: ...n a Macintosh or UNIX environment a VT100 terminal emulation program is required Step 1 Start your VT100 terminal emulator Step 2 Configure the emulator with the following settings Task Complete Bits...

Page 29: ...5 15 Step 1 Make sure that your PC and router addresses are in the same subnetwork For example the router address could be 192 168 254 254 and the PC address could be 192 168 254 253 Step 2 Start a T...

Page 30: ...nd Line via the Web Management Interface The Web Management interface provides a web gateway to the command line interface allowing command line syntax the be entered through a browser based connectio...

Page 31: ...a remote router to test the line list IP routes IPX routes and SAPs and root bridge save the new configuration image reboot the system The status commands found in this section include Table 2 1 Statu...

Page 32: ...istrative security mem Reports the amount of RAM memory installed in the router and its current allocation mlp summary Lists the status of the protocols negotiated for an active remote connection pass...

Page 33: ...a description of their function sntp server Displays or changes the SNTP server list tcp stats Displays the TCP statistics and open connections time Displays or changes the current time on the rout e...

Page 34: ...ample arp delete 128 1 2 0 Response Command prompt arp list Lists Address Resolution Protocol ARP table entries in an IP routing environment ARP is a tool used to find the appropriate MAC addresses of...

Page 35: ...e R Input Format bi Parameters None Response ipaddr a a Dotted decimal notation IP address associated with a MAC address for a device on the local interface interfacename b b HEX notation MAC address...

Page 36: ...onds elapsed since the last packet was received by the MAC address followed by flags Possible flags include Mgmt Class Voice R Input Format bi list Parameters None Response P Permanent This entry is n...

Page 37: ...d can be used to test the ISDN link or L2TP secession and the configuration settings for the remote router Mgmt Class Voice R W Input Format call remotename Parameters Response Normal response If an u...

Page 38: ...o see the current date and time on the router clock enter date with no parameters Mgmt Class All R W Input Format date mm dd yy Parameters Response Display when date is entered with no parameters Disp...

Page 39: ...l all Erases the entire router configuration from FLASH memory includ ing settings for the system Ethernet LAN DSL line DHCP and re mote router database atom Erases the ATM configuration settings dhcp...

Page 40: ...deleted from FLASH memory To commit the changes to FLASH memory issue a sync command after an erase command before powering off the router exit Has the same function as logout but will disconnect an a...

Page 41: ...nection ETHERNET 0 10 0mb 0 0 0 0 Ethernet OPENED SHDSL 0 384kb 50 50 50 50 ATM OFF ATM VOICE 1 384kb 45 45 0 0 ATM OFF BACKUP 0 57kb 0 0 0 0 AHDLC PPP OPENED to backup CONSOLE 0 9600 b 0 0 0 0 ATM OF...

Page 42: ...routing table Mgmt Class Network R Input Format ipxroutes Parameters None iproutes IP route Mask Gateway Interface Hops Flags 0 0 0 0 ffffffff 0 0 0 0 none 0 NW PRIV 192 84 210 0 ffffff00 0 0 0 0 ETHE...

Page 43: ...the current services in the IPX SAPs table Mgmt Class Network R Input Format ipxsaps Parameters None Response ipxroutes Network Gateway Interface Hops Ticks Flags 00001001 HQ down 1 4 STATIC FORWARD...

Page 44: ...t Networks Router family Command Line Interface Guide Page 2 14 Efficient Networks logout Logs user out to login prompt to reinstate administrative security Mgmt Class All R Input Format logout Parame...

Page 45: ...current allocation Mgmt Class System R Debug R Input Format mem Parameters None Response mem Small buffers used 18 7 of 256 used Large buffers used 41 16 of 256 used Buffer descriptors used 59 7 of 7...

Page 46: ...rotocols MLP Multilink Procedure IPNCP IP routing Network Protocol CCP Compression Control Protocol BNCP Bridging Network Protocol IPXCP IPX Network Protocol Mgmt Class Network R Input Format mlp summ...

Page 47: ...password Mgmt Class All R W Input Format password old password new password Parameters Response The follwoing example would change the password for user admin101 from 1675309 to lobster old password a...

Page 48: ...can ping your own WAN address To fit the echo message into one ATM cell in routing mode set the length of user data down to 0 bytes s 0 or l 0 NOTE To terminate the ping before it ends press control...

Page 49: ...address 192 168 254 2 Example The following command sends packets with the source IP address 192 168 254 254 to the IP address 192 4 210 122 Default values are used for the other options Example The...

Page 50: ...TTOM CURRENT SIZE 1 IDLE 02 7 1208f0 121008 2032 3 MSFS_SYNC 03 6 1224a0 122ba8 2032 4 SYSTEM LOGGER 03 5 122cd0 1233d8 2032 5 LL_PPP 03 5 126750 126e58 2032 6 NL_IP 03 5 126fe0 1272e0 1000 7 TL_IP_UD...

Page 51: ...ules Other configuration changes become effective following either a reboot or a restart of the Ethernet or remote interface These changes include System settings Ethernet IP address TCP IP routing Re...

Page 52: ...save command before powering off the router This commits the changes to FLASH memory Mgmt Class All R W Input Format save Parameters None Response Command prompt If no option is specified the router...

Page 53: ...the server that last responded to an SNTP request Mgmt Class Admin R W Input Format sntp active Parameters None Response sntp disable Disables SNTP requests Mgmt Class Admin R W Input Format sntp dis...

Page 54: ...ffset is specified in minutes A positive offset is an offset to the east of the Greenwich meridian a negative offset is to the west of the Greenwich meridian Mgmt Class Admin R W Input Format sntp off...

Page 55: ...e server that last responded to an SNTP request use the command sntp active NOTE To make this change permanent a save must be performed before a reboot Mgmt Class Admin R W Input Format sntp prefserve...

Page 56: ...nable Mgmt Class Admin R W Input Format sntp request Parameters None Response When entered while sntp function is currently disabled When entered and no sntp preferred server is defined When entered a...

Page 57: ...removed NOTE To make a change permanent you must save the change before you reboot Mgmt Class Admin R W Input Format sntp server ipaddress default number Parameters Response When entered with the def...

Page 58: ...Network R Input Format tcp stats Parameters None Response Typical response tcp stats TCP Statistics Active Opens 0 Passive Opens 0 Failed Connect Attempts 0 Connections Reset 0 Current Connections 0 S...

Page 59: ...he command sntp server and a UTC offset with the command sntp offset Mgmt Class All R W Input Format time hh mm ss Parameters Response When entered with no parameters When entered with parameters When...

Page 60: ...ng c count i wait s l size I srceaddr n ipaddr domainname Parameters Response The following are application examples of the traceroute command and their responses c count a a Integer 1 2000000000 5 Nu...

Page 61: ...t com 2 172 17 20 1 checkpoint flowpoint com 3 12 39 98 136 csco2 efficient com 4 12 124 40 65 5 12 123 13 166 gbr5 p56 sffca ip att net 6 12 122 5 142 gbr3 p100 sffca ip att net 7 12 122 5 253 gbr2 p...

Page 62: ...ption has a prefix the option is disabled in this router For more information refer to the Technical Reference Guide and see Key Enabled Features on page 4 29 Mgmt Class All R Input Format vers Parame...

Page 63: ...o the DOS commands of the same name The file system commands found in this section include Table 3 1 File System Command Listing Command Function copy Copies a file from the source to the destination...

Page 64: ...er address is not specified the address used is either the one from which the router booted or the one permanently configured in the boot system To force use of a specific source address when copying...

Page 65: ...3 Response Refer to examples for typical responses delete Deletes the specified file from the flash filesystem Mgmt Class Admin R W System R W Input Format delete filename Parameters Response A typica...

Page 66: ...Displays the directory of the file system The size of each file is listed in bytes Mgmt Class Admin R W System R W Input Format dir Parameters None Response A typical response is shown below dir KEYFI...

Page 67: ...lines introduced by the or characters and blank lines There are two kinds of script files A one time script that is executed on startup only once A group of commands that can be executed at any time f...

Page 68: ...f the dir command indicates the file system is corrupted you may wish to reformat the disk reboot the device and recopy the system software Mgmt Class System R W Debug R W Input Format format disk Par...

Page 69: ...ystem R W Debug R W Input Format msfs fix Parameters Response The following is an example of a typical response without the fix parameter fix Optional If fix is specified errors are corrected in the F...

Page 70: ...mat rename oldname newname Parameters Response The following is an example rename command sync Commits the changes made to the file system to FLASH memory Mgmt Class All R W Input Format sync Paramete...

Page 71: ...on password security authentication protocol management security system administration password IP address translation NAT configuration host mapping WAN to WAN forwarding filters Dial Backup configur...

Page 72: ...ystem addudprelay Create a UDP port range for packet forwarding system authen Forces the target router authentication protocol that is used for security negotiation with the remote routers when the lo...

Page 73: ...rence a vir tual routing table or deletes the entire virtual rout ing table system delserver Deletes an server entry system delsnmpfilter Deletes the SNMP client range system delsyslogfilter Renames a...

Page 74: ...the number of concurrent Telnet and SSH sessions the system will allow system securemode set lan Allows discrete control of the secure mode for the LAN interface system securemode set wan Allows discr...

Page 75: ...s at least one address the router disables its own DHCP server and instead forwards all DHCP BootP requests to all servers in the list It forwards every reply received from any of the servers in the l...

Page 76: ...e Page 4 6 Efficient Networks Parameters Response The following is an example of adding a server address then querying a response ipaddr a a Dotted decimal notation IP address of the server system add...

Page 77: ...first public addr number of addresses remapped 1 inclusive Automatic SNTP requests are generated if the system needs to get the time You can specify an SNTP server using the command sntp server and a...

Page 78: ...t the range of allowed clients use the command system list when you are logged in with read and write permission be sure to log in with password To delete addresses from the HTTP filter use the system...

Page 79: ...the source address of a packet is not within the address ranges for any virtual routing table the default routing table is referenced to route the packet For more information see Virtual Routing Tabl...

Page 80: ...guration To learn more see Network Address Translation NAT on page 4 17 of the Technical Reference Guide Multiple system addserver remote addserver and eth ip addserver commands can designate differen...

Page 81: ...ort First or only port as seen by the remote end Port used by the select ed server portid c c Integer 0 65 535 Numerical port value a value of 0 matches any port dns Domain Name Server DNS port ftp Fi...

Page 82: ...immediately NOTE To list the range of allowed clients use the system list command To delete addresses from the SNMP filter use the system delsnmpfilter or snmp delsnmpfilter command For more informat...

Page 83: ...the Syslog server addresses that you specify explicitly For more information on the router as a Syslog client see Syslog Client on page 7 1 of the Technical Reference Guide NOTE This command does not...

Page 84: ...about the router as a Syslog client refer to Syslog Client on page 7 1 of the Technical Reference Guide To see the server addresses use the system list command To remove a Syslog server address from t...

Page 85: ...nce Guide NOTE This command does not require a reboot and is effective immediately NOTE To list the range of allowed clients use the system list command To delete addresses from the Telnet filter use...

Page 86: ...rlap of UDP ports is not allowed Mgmt Class Network R W Input Format system addudprelay ipaddr first port all last port Parameters Response Command prompt ipaddr a a Dotted decimal notation IP address...

Page 87: ...Security R W Input Format system authen none pap chap Parameters Response This following example illustrates setting the authentication level then displaying the current setting When the command is e...

Page 88: ...Mgmt Class Network R W Input Format system backup add ipaddr gw dns group Parameters Examples The following command adds the address 192 168 1 5 to group 0 of the addresses to be pinged The following...

Page 89: ...Network R W Input Format system backup delete ipaddr gw dns all group all Parameters Examples The following command deletes the address 192 168 1 5 from group 0 The following command deletes the gatew...

Page 90: ...NOTE If you do not use the save command to save this change Dial Backup is only temporarily disabled and it is re enabled at the next reboot Temporarily disabling Dial Backup stops Dial Backup but it...

Page 91: ...the Dial Backup switch use the system list command To disable Dial Backup use the system backup disable command For more information see Dial Backup on page 6 7 of the Technical Reference Guide NOTE...

Page 92: ...Number of Samples and Success Rate on page 6 13 of the Technical Reference Guide NOTE If you change the ping interval to 0 the group of addresses is disabled Mgmt Class Network R W Input Format syste...

Page 93: ...page 6 12 of the Technical Reference Guide NOTE If you change the ping samples value to 0 you disable pinging for that group of addresses Mgmt Class Network R W Input Format system backup pingsamples...

Page 94: ...de The default retry period is thirty minutes The minimum retry period is two minutes To see the current retry value use the system list command NOTE When the Dial Backup retry timer expires the modem...

Page 95: ...t Class Network R W Input Format system backup stability minutes Parameters Examples The following command changes the stability period to 5 minutes Response Command prompt system backup successrate C...

Page 96: ...esses in group 0 The following command disables the pinging of addresses in group 1 Response Command prompt system blocknetbiosdefault The router can block all NetBIOS and NetBUI requests from being s...

Page 97: ...to a different value Refer to SNMP on page 7 2 of the Technical Reference Guide for additional information NOTE This command is functionally equivalent to the snmp community command Mgmt Class Securi...

Page 98: ...nformation on the Dial Backup option refer to Dial Backup on page 6 7 of the Technical Reference Guide Mgmt Class Network R W Input Format system defaultmodem Parameters None Response Command prompt s...

Page 99: ...apping on a per system wide basis Mgmt Class Network R W Input Format system delhostmapping first private addr second private addr first public addr Parameters Response Command prompt ipaddr a a Dotte...

Page 100: ...d prompt system deliproutingtable Deletes a range of addresses that reference a virtual routing table or deletes the entire virtual routing table To list the virtual routing tables use the iproutes co...

Page 101: ...d Mgmt Class Network R W Input Format system addServer action protocol first port last port first private port Response Command prompt all Deletes the virtual routing table Both the table definition a...

Page 102: ...ort First or only port as seen by the remote end Port used by the select ed server portid c c Integer 0 65 535 Numerical port value a value of 0 matches any port dns Domain Name Server DNS port ftp Fi...

Page 103: ...and is effective immediately NOTE To list the range of allowed clients use the command system list For more information see Controlling Remote Management on page 5 15 of the Technical Reference Guide...

Page 104: ...m delsyslogfilter firstipaddr last ipaddr lan Parameters Response Command prompt system delsyslogserver Removes an address from the list of Syslog servers To see the server addresses use the command s...

Page 105: ...ctive immediately NOTE To list the range of allowed clients use the command system list Mgmt Class Security R W Input Format system deltelnetfilter first ipaddr last ipaddr lan Parameters Response Com...

Page 106: ...put Format system deludprelay ipaddr first port all last port Parameters Response Command prompt system history Displays the router s most recent console log Mgmt Class Admin R W Input Format system h...

Page 107: ...ng to boot from flash memory loading done Verifying CRC 77D79D92 done Efficient Networks Inc SS5871 P N 120 5871 001 Rev 34 06 S N 747425 Now 2769k free before buffers Interfaces detected LAN Ethernet...

Page 108: ...r more information see Controlling Remote Management on page 5 15 of the Technical Reference Guide Mgmt Class Network R W Input Format system httpport default disabled port Parameters Examples This co...

Page 109: ...ion override none file systems done WAN to WAN Forwarding no file systems done Block NetBIOS Default no file systems done BOOTP DHCP Server address none Telnet Port default 23 file systems done Telnet...

Page 110: ...system log Allows logging of the device s activity in a Telnet session Mgmt Class Admin R W Input Format system log start stop status Parameters Response Command prompt start Initiates monitoring acti...

Page 111: ...Format system modem reset escape init offhook dial answer hangup string Parameters Examples The following command changes the string for the init setting The following command selects pulse dialing R...

Page 112: ...erence Guide Mgmt Class Network R W Input Format system moveiproutingtable first ip addr last ip addr tablename Parameters Examples With this command all packets with source addresses in the range 192...

Page 113: ...system msg message Parameters Response The following is an example response of a message configuration and recall Entering the command with no parameter will display the current mes sage or use the co...

Page 114: ...uter during PAP CHAP Security Authentication Mgmt Class Security R W Input Format system name name Parameters Example The following is an example response of name configuration and recall Response Com...

Page 115: ...ts the PPP Multi Link protocol To do so at system startup time the router examines each remote entry If it finds only one remote enabled it leaves the remote enabled If it finds more than one remote e...

Page 116: ...ty R W Input Format system passwd password Parameters Response Command prompt system riptimer Sets the duration in seconds for Routing Information Protocol RIP information to be exchanged with remote...

Page 117: ...arameters None Response A typical response is shown below system securemode set Enables and disables secure mode When secure mode is enabled management access of the system is allowed only through sec...

Page 118: ...llowed is a system setting and independent of the secure mode state enabled or disabled NOTE If the number of sessions allowed is set to 0 access to the command line interface will be available only t...

Page 119: ...W Input Format system securemode set lan trusted untrusted Parameters Response Typical response system securemode set wan Allows discrete control of the secure mode function on the WAN interface When...

Page 120: ...vileged mode when no typing has occurred for the length of time set for the security timer To see the current security timer value use the system list command To disable the security timer set the min...

Page 121: ...ublic addr system selnat addpolicy remote addr remote addr mask notrans Parameters Examples Response Command prompt remote addr a a Dotted decimal notation Specifies the destination IP address to whic...

Page 122: ...ameters Response Command prompt system selnat list Lists the current selective NAT policies Policies are sorted by subnet mask then listed in ascending order from more specific to general policies Mgm...

Page 123: ...Request the default SNMP port 161 This re enables SNMP after it is disabled Redefine the SNMP port NOTE This command is functionally equivalent to the snmp snmpport command NOTE This command requires...

Page 124: ...the default value 161 and re enables the port disable Disables the existing SNMP port port a a Integer Defines a new SNMP port number Use this option to restrict remote ac cess This command sets the S...

Page 125: ...orates the following commands default Restores the SSH port value to the default value 22 and re enables the port disable Disables the existing SSH port port a a Integer 1 65525 22 Defines a new SNMP...

Page 126: ...built Mon May 7 17 42 01 PDT 2001 Maximum users unlimited Options FRAME RELAY ASYNC SDSL VOICE TOLLBRIDGE RFC1483 IP ROUTING IP FILTERING WEB HW DES IPSEC 3DES L2TP ENCRYPT BRIDGE IPX CMMGMT DIAL BAC...

Page 127: ...1be8 2000 11 BOOTP 03 5 303fd4 3046c0 2032 12 DUM 03 5 302964 303850 4080 13 SDSL 03 5 304d34 3053d8 2032 14 CALLCTRL 03 3 306624 306d18 2032 15 DSP 03 3 306e34 307520 2032 16 SNMPD 03 5 3055a4 3064a8...

Page 128: ...nced 2 fat s reserved 1437184 bytes used by files 14848 bytes by tables 302080 bytes free SYSTEM GENERAL INFORMATION FOR System started on 5 17 2001 at 17 49 Authentication override none WAN to WAN Fo...

Page 129: ...address default VRRP Multicast address default IPX Routing enabled no ETHERNET INFORMATION FOR ETHERNET 0 Hardware MAC address 00 20 6F 09 0C 25 Send IP RIP to the LAN rip 1 compatible Advertise me as...

Page 130: ...0 2 0 0 G711 uLaw Inactive 0 3 0 0 G711 uLaw Inactive 0 4 0 0 G711 uLaw Inactive 0 5 0 0 G711 uLaw Inactive 0 6 0 0 G711 uLaw Inactive 0 7 198 570 G711 uLaw Inactive 0 8 0 0 G711 uLaw Inactive 0 REMOT...

Page 131: ...ction ETHERNET 0 10 0mb 0 0 0 0 Ethernet OPENED FR 0 784kb 0 0 0 0 HDLC FR OPENED FR VOICE 1 784kb 0 0 0 0 CLEAR OPENED CONSOLE 0 57kb 0 0 0 0 TTY OPENED FR VC 2 784kb 0 0 0 0 FR OPENED to configuredF...

Page 132: ...e L2TP TUNNELS IP FILTERS Begin IPFilters for configuredForCMPPlay watching for dropped rejected packets is OFF Begin rules for input list remote ipfilter flush input configuredForCMPPlay remote ipfil...

Page 133: ...input accept c 0 p 50 da 192 168 254 254 IKE Global Filter 0 eth ip filter insert 1 input accept c 0 p 51 da 192 168 254 254 IKE Global Filter 0 eth ip filter insert 2 input accept c 0 p udp sp 500 da...

Page 134: ...d Line Interface Guide Page 4 64 Efficient Networks End IPFilters for ETHERNET 0 IPSEC There are no security associations IKE There are no IKE peers There are no IKE proposals There are no IKE IPSec P...

Page 135: ...syslog port 514 Re enables Syslog after it is disabled Redefine the syslog port NOTE This command requires a save and reboot to take effect To see the current setting use the command system list For...

Page 136: ...command requires a save and reboot to take effect To see the current setting use the system list command Mgmt Class Network R W Input Format system telnetport default disabled port default Restores th...

Page 137: ...Response Command prompt default Restores the port value to the default value 23 and re enables the port disabled Disables the existing Telnet port port a a Integer Defines a new Telnet port number Us...

Page 138: ...any information to the Internet WAN to WAN forwarding should be disabled To see the current setting for WAN to WAN forwarding use the command system list This system wan2wanforwarding command compleme...

Page 139: ...commands require a save and reboot before they take effect However changes made to IP filters and to virtual routing tables take effect immediately the changes are lost though if they are not saved be...

Page 140: ...ast Enables or disables the forwarding of broadcast packets directed to a specific network prefix eth ip disable Disables IP routing across the Ethernet LAN eth ip enable Enables IP routing across the...

Page 141: ...rnet interface eth vrrp add Defines a VRRP attribute record for the VRID vir tual router ID eth vrrp clear password Clears the password in a VRRP attribute record for the VRID eth vrrp delete Deletes...

Page 142: ...Guide Page 5 4 Efficient Networks eth Lists the supported keywords To see the syntax for a command enter the command followed by a Mgmt Class All R Input Format eth Parameters None Response A listing...

Page 143: ...dual port router logical interface 0 cannot be deleted Once defined routes and filters can be created for the new logical interface using the other eth commands in this section To list the currently d...

Page 144: ...he deleted interface reappears after the reboot Once defined routes and filters can be created for the new logical interface using the other eth commands in this section To list the currently defined...

Page 145: ...apping first private addr second private addr first public addr interface Parameters Example Typical usage Response Command prompt first public addr a a Dotted decimal notation First IP address of the...

Page 146: ...IP address and subnet mask for logical interface 1 on Ethernet port 0 Response Command prompt ip addr a a Dotted decimal notation Ethernet LAN IP address ipnetmask a IP network mask interface b c b Th...

Page 147: ...llowing command adds a route to the default routing table for logical interface 1 on Ethernet port 0 Response Command prompt ip addr a a Dotted decimal notation Ethernet LAN IP address ipnetmask a IP...

Page 148: ...rst port last port first private port interface Parameters action One of the following command actions ipaddr a a Dotted decimal notation Selects the host with this IP address as server discard Discar...

Page 149: ...wever the change is lost if it is not saved before the next reboot smtp Simple Mail Transfer Protocol SMTP port snmp Simple Network Management Protocol SNMP port t120 T 120 port telnet Telnet port tft...

Page 150: ...etwork mask hops b b Integer Number of routers through which the packet must go to get to its desti nation gateway a IP address of the IP gateway tablename c c ASCII string IP virtual routing table o...

Page 151: ...the eth ip defgateway command It sends packets for all IP addresses to the specified gateway eth ip addRoute 0 0 0 0 255 255 255 0 gateway 1 Mgmt Class Network R W Input Format eth ip defgateway ipadd...

Page 152: ...nse Command prompt first public addr a a Dotted decimal notation First IP address of the range of IP addresses second public addr a Last IP address of the range of IP addresses first public addr a Def...

Page 153: ...letes the route for IP address 10 9 2 0 255 255 255 0 for the default Ethernet interface 0 0 The following command deletes the route for IP address 10 1 3 0 255 255 255 0 for the Ethernet interface 0...

Page 154: ...erver requests to the local router regardless of the IP address protocol Protocol used by the selected server protocolid b b Integer Numerical protocol ID tcp TCP only udp UDP only all All protocols f...

Page 155: ...mple Mail Transfer Protocol SMTP port snmp Simple Network Management Protocol SN MP port t120 T 120 port telnet Telnet port tftp Trivial File Transfer Protocol TFTP port all All ports last port Option...

Page 156: ...168 254 254 and its mask is 255 255 255 0 its network prefix directed broadcast addresses are 192 168 254 0 and 192 168 254 255 This feature is independent of the IP firewall and IP filtering feature...

Page 157: ...ip disable Parameters None Response Command prompt eth ip enable Enables IP routing across the Ethernet LAN This command acts as a master switch allowing you to re enable all IP routing NOTE This com...

Page 158: ...r types are applied refer to IP Filtering on page 5 23 of the Technical Reference Guide NOTE IP filters take effect immediately upon entry They can even affect the current connection that you are usin...

Page 159: ...this type and interface If no line numbers are specified all filters in the list are deleted If only the first line number is specified all filters from that line to the end are deleted To see the cur...

Page 160: ...servers see Syslog Client on page 7 1 However if the parameter q quiet was specified for a filter no message is printed when that filter matches a packet If the parameter v verbose was specified for a...

Page 161: ...l TCP UDP ICMP The packet must have the specified protocol If no protocol is specified the filter matches every protocol sa first source ip addr last source ip addr The packet must have a source IP ad...

Page 162: ...rt last dest port The packet must have a destination port that matches the specified ICMP type or that is within the specified port range If only one port is specified the packet must have that destin...

Page 163: ...list This command example prevents the forwarding of all IP traffic If you put these filters at the end of the filter lists they will stop all packets that have not matched filters earlier in the list...

Page 164: ...ist the active state This command requires a save and reboot before it takes effect To perform Firewall Filtering IP routing must be enabled For more information see IP Filtering on page 5 23 of the T...

Page 165: ...eth ip addr command NOTE The management address is not effective until after the next save and reboot NOTE To use the management address as the source address for a ping you must specify it using the...

Page 166: ...ast traffic NOTE This command is not effective until after save and reboot commands have been performed Mgmt Class Network R W Input Format eth ip options option on off interface ip addr a a Dotted de...

Page 167: ...RIP 2 packets only rxdef Receive the default route address from the Ethernet LAN The default is on This option is useful if you do not want to configure your router with a default route txrip Transmit...

Page 168: ...ork Address Translation for port 0 The following command disables Network Address Translation for logical interface 0 1 Response Command prompt ip addr a a Dotted decimal notation IP address of the re...

Page 169: ...dr tablename interface Parameters Example The following commands remove Ethernet routes from virtual routing table ROSA The first deleted route is for IP address 10 1 2 0 and the default Ethernet inte...

Page 170: ...logical Ethernet interface as the management interface for the router To create a new logical Ethernet interface use the command eth add and then assign it an IP address with an eth ip addr command N...

Page 171: ...ng you to disable IPX routing for testing or control purposes vrid a a Integer 1 255 Virtual route ID interface b b To specify a logical interface other than 0 0 specify both the port number 0 or 1 an...

Page 172: ...eters Response Command prompt eth ipx enable Enables IPX routing across the Ethernet LAN This acts as a master switch allowing you to enable IPX routing NOTE This command requires a reboot Mgmt Class...

Page 173: ...hernet interfaces including the status of bridging and routing IP protocol controls and IP address and subnet mask Mgmt Class Network R Input Format eth list interface Parameters type 802 2 DEC standa...

Page 174: ...no RIP Multicast address default IPX Routing enabled no ETHERNET INFORMATION FOR ETHERNET 0 Hardware MAC Address 00 20 6F 02 98 04 Send IP RIP to the LAN no Advertise me as default router yes Process...

Page 175: ...read about logical Ethernet interfaces see IP Subnets on page 6 1 of the Technical Reference Guide Certain configuration changes for a logical Ethernet interface become effective only after the logica...

Page 176: ...Ethernet interface use the command eth restart Mgmt Class Network R W Input Format eth start interface Parameters Response Command prompt interface a b a Integer 0 1 or it may be omitted if the router...

Page 177: ...arted again To start a logical Ethernet interface use the command eth start To stop and immediately restart a logical Ethernet interface use the command eth restart Mgmt Class Network R W Input Format...

Page 178: ...interface or reboot the router To see the contents of the VRRP attribute records use the command eth vrrp list You can change the attribute values using other eth vrrp commands see VRRP Configuration...

Page 179: ...VRRP router you must clear the password for every router for that VRID on the LAN For example if VRID 7 is defined in routers A B and C in the LAN and you clear the password for router A you must clea...

Page 180: ...ing a VRRP configuration from a router you would delete both the VRRP attribute record and the extra logical interface To do so use the commands eth vrrp delete and eth delete NOTE This command takes...

Page 181: ...s address is used by all VRRP announcements from this router regardless of VRID or port For more information see VRRP Backup on page 6 16 of the Technical Reference Guide NOTE This command is not usua...

Page 182: ...s its function in the network The preemption option cannot change this However if the router is a backup router for the IP address and it determines that a router with a lower priority is currently fu...

Page 183: ...s sent as clear text on the LAN For more information see VRRP Backup on page 6 16 of the Technical Reference Guide NOTE If you do not specify a password no authentication is performed To see the curre...

Page 184: ...after you restart the interface or reboot the router Mgmt Class Network R W Input Format eth vrrp set password password vrid port Parameters Example This command example specifies the password AbCdEfG...

Page 185: ...router for VRID 7 must have priority 255 while the first backup router for VRID 7 could have the default priority 100 and a second backup router for VRID 7 could have priority 50 NOTE This command ta...

Page 186: ...ther VRRP router during the master down interval the backup assumes the other router is down The master down interval is calculated as follows Thus the default skew time is 256 100 256 or 609375 The d...

Page 187: ...rs Example This command example specifies two seconds as time interval for VRID 7 using default port 0 Response Command prompt seconds a a Integer 0 60 Time interval value in seconds vrid b b Integer...

Page 188: ...de Page 5 50 Efficient Networks eth ip remsrcrouteopt Adds or removes the source routing option Mgmt Class Network R W Input Format eth ip remsrcrouteopt enable disable Parameters Response Command pro...

Page 189: ...nt Bandwidth management Security authentication protocols and passwords WAN IP IPX addresses IP routes IPX routes and SAPS Remote bridging addresses and bridging control Host mapping The remote comman...

Page 190: ...ry from the remote router da tabase remote delatmsnap Deletes an ATM mapping entry remote delbridge Removes the designation of the remote router entry as the default bridging destination remote delenc...

Page 191: ...n for a remote router or if the router name is omitted for all routers in the remote router da tabase remote listipxroutes Lists all network IPX route addresses defined for the LAN connected beyond th...

Page 192: ...s a connection where the link goes up and down remote setmgmtipaddr Assigns to the remote router entry an IP address which is to be used for management purposes only and not for IP address translation...

Page 193: ...to be used when dialing out using the backup V 90 modem connected to the console port remote setsrcipaddr Sets the IP address for the target WAN connection to the remote router remote settimer Sets t...

Page 194: ...model Mgmt Class Network R Input Format remote Parameters None Response A listing of the remote commands and keywords with a brief description of their function remote add Adds a remote router entry i...

Page 195: ...ies in the bridging table use the bi list command NOTE Bridging using the specified remote is effective only after it has been enabled using the remote enabridge command To see the current bridge sett...

Page 196: ...the range is computed automatically from first public addr to first public addr number of addresses remapped 1 inclusive Mgmt Class Network R W Input Format remote addhostmapping first private addr s...

Page 197: ...the local router never connects to the remote router and the remote router supports RIP NOTE Changes to the default routing table require a save and a remote restart or reboot before they take effect...

Page 198: ...command adds the default route when the WAN interface is a point to point interface the sixth command adds the default route when the WAN interface is a broadcast interface Response Command prompt re...

Page 199: ...Setting this address is not required if a target router never connects to the remote router and the remote router supports RIP NOTE A reboot command must be performed on the target router for the add...

Page 200: ...must be performed on the target router for the addition of a SAP to take effect Mgmt Class Network R W Input Format remote addipxsap servicename ipxnet ipxnode socket type hops remotename Parameters...

Page 201: ...22 To delete a server designation use the remote delserver command Mgmt Class Network R W Input Format remote addserver action protocol first port last port first private port remotename Parameters a...

Page 202: ...MTP port sntp Simple Network Management Protocol SNMP port t120 T 120 port telnet Telnet port tftp Trivial File Transfer Protocol TFTP port all All ports last port Optional last port in the range of p...

Page 203: ...e ipaddr ipnetmask hops ipgateway tablename remotename Parameters Example The following command adds a route to virtual routing table FRANCISCO The route is to IP address 10 1 2 0 255 255 255 0 and go...

Page 204: ...Class Security R W Input Format remote blocktetbios on off remotename Parameters Response Command prompt remote del Deletes a remote router entry from the remote router database Input Format remote d...

Page 205: ...d using the remote addbridge command To see the bridge settings for a remote entry use the remote listbridge command To remove a designation as the default bridging destination for a specific MAC addr...

Page 206: ...tion Deletes encryption files associated with a remote router Mgmt Class Security R W Input Format remote delencryption remotename Parameters Response Command prompt All MAC addresses mac_addr a a HEX...

Page 207: ...deliproute Deletes an IP address route for a network or station on the LAN connected beyond the remote router The route is deleted from the default routing table NOTE Changes to the default routing t...

Page 208: ...OTE A reboot command must be performed on the target router for the deletion of a static route to take effect Mgmt Class Network R W Input Format remote delIpxRoute ipxnet remotename Parameters Respon...

Page 209: ...X service on the LAN network connected beyond the remote router NOTE A reboot must be performed on the target router for a deleted service to take effect Mgmt Class Network R W Input Format remote del...

Page 210: ...gmt Class Network R W Input Format remote delourpasswd remotename Parameters Response Command prompt remote deloursysname Removes the unique CHAP or PAP authentication system name entries established...

Page 211: ...erver Deletes a server entry created by the remote addserver command Mgmt Class Network R W Input Format remote delserver action protocol first port last port first private port async Asynchronous con...

Page 212: ...p TCP only udp UDP only all All protocols first port First or only port as seen by the remote end Port used by the se lected server portid c c Integer 0 65 535 Numerical port value a value of 0 matche...

Page 213: ...be used until it is enabled NOTE If the remote is currently active when the remote is disabled the active session is not stopped To stop the active session use the remote stop command Mgmt Class Netwo...

Page 214: ...ridge Disables bridging from the target router to the remote router NOTE This command requires a reboot of the target system for the change to take effect Mgmt Class Security R W Input Format remote d...

Page 215: ...enaAuthen remotename Parameters Response Command prompt remote enable Enables use of an entry in the remote router database Although the command makes it possible to use the remote entry it does not...

Page 216: ...idge Enables bridging from the target router to the remote router NOTE This command requires a reboot of the target system for the change to take effect Mgmt Class Security R W Input Format remote ena...

Page 217: ...nds Unlike other configuration changes you do not need to save and restart or reboot Mgmt Class Security R W Input Format remote ipfilter command type action parameters remotename The following comman...

Page 218: ...nd are deleted To see the current filter list use the remote ipfilter list list command Filters are used in the order they appear in their list remote ipfilter clear remote ipfilter clear first line l...

Page 219: ...for a filter a message is printed whenever that filter matches a packet regardless of the filter action To see the messages Telnet to the router and enter system log The watch does not continue after...

Page 220: ...t have that source IP address If no source IP address is specified the filter matches any address in the range 0 0 0 0 255 255 255 255 sm source ip mask The filter uses the specified mask when compari...

Page 221: ...to every TCP packet that has either the RESET flag or the ACK flag set The following parameter s request additional filter options tcp syn ack noflag rst If the IP packet is a TCP packet the filter ma...

Page 222: ...sult is a complete display of the current configuration settings for the remote router s except for the authentication password secret Mgmt Class Network R Input Format remote list remotename Specify...

Page 223: ...quired PAP Use periodic LCP pings yes Connection Identifier VPI VCI 0 38 IP address translation off IP filters defined no Send Receive Multicast off Block NetBIOS Packets off Compression Negotiation o...

Page 224: ...e parameter Exchange spanning tree with dest no TX Encryption unknown RX Encryption unknown mtu 1500 If entered with no parameters bridge settings for all re mote routers entries are listed remotename...

Page 225: ...ut Format remote listiproutes remotename Parameters Response The following example command response lists routing information for remote router HQ It lists five routes that use HQ the first four are i...

Page 226: ...s Network R Input Format remote listipxroutes remotename Parameters Response Typical response remote listipxsaps Lists all services defined for the LAN connected beyond the remote router Each service...

Page 227: ...t Format remote listphones remotename Parameters Response Typical response remotename a a ASCII string Name of the remote router rem listipxsaps hq IPX SAP INFORMATION FOR HQ 1 Total IPX SAPs SERV312_...

Page 228: ...an Ethernet interface use the eth restart command Mgmt Class Network R W Input Format remote restart remotename Parameters Response Command prompt remote setatmnsap RFC1577 Classical IP over ATM speci...

Page 229: ...ys attempt to negotiate the highest level of security possible CHAP The router will not accept a negotiated security level less than this minimum authentication method The parameter in the remote rout...

Page 230: ...ckup The bandwidth on demand management option can be set to apply to incoming outgoing or both incoming and outgoing traffic The bandwidth threshold set by the remote setbwthresh command applies to t...

Page 231: ...r remote router HQ The following example command configures remote router PPPoEbridge as the remote through which only PPPoE traffic is bridged Response Command prompt option l stp Set this option to...

Page 232: ...he additional channel is available if the maximum links was set to 2 by a remote setmaxline command Both channel are utilized until the bandwidth utilization drops below the threshold The default is 0...

Page 233: ...ession Negotiation line If desired you can follow the negotiation of the Stac LZS compression within CCP using the debug command mlp debug ccp Mgmt Class Network R W Input Format remote setCompression...

Page 234: ...ion file on the router must have a num suffix e g dh96 num Mgmt Class Security R W Input Format remote setEncryption DESE_1_KEY DESE_2_KEY filename remoteName Parameters Response Command prompt rx Rec...

Page 235: ...ierarchical organizations If you are connecting to another company or an Internet Ser vice Provider you may wish to set this option off The default is off rxrip1 Receive and process RIP 1 packets only...

Page 236: ...ever in certain situations where the router is managed by another party as part of a managed service you could set this value to yes to ensure that the central management site always specifies the IP...

Page 237: ...routers local WAN port This command requires that you define a Source WAN IP Address with the remote setsrcipaddr command Mgmt Class Network R W Input Format remote setiptranslate on off remotename Pa...

Page 238: ...les or disables the IPX option RIPSAP for the remote WAN connection Mgmt Class Network R W Input Format remote setIpxOptions ripsap on off remotename Parameters Response Command prompt ipxnet a a Hexa...

Page 239: ...rs Response Command prompt remote setmgmtipaddr Assigns to the remote router entry an IP address which is to be used for management purposes only and not for IP address translation This management IP...

Page 240: ...1 2 192 168 100 100 NOTE To use the management address as the source address for a copy you must specify both the source and destination addresses on the copy command To list the current management ad...

Page 241: ...ged by the hour then having a channel allocated continually would save you the 2 3 second wait time required for each channel re allocation Mgmt Class Network R W Input Format remote setminline minlin...

Page 242: ...the maximum receive unit Other information in the mlp show output includes the maxtu the maximum packet size that can be sent it is based on the peer s MRU size the ourmru the maximum PPP packet size...

Page 243: ...sswd password remotename Parameters Response Command prompt remote setoursysname Sets a unique CHAP or PAP authentication system name for the local router that is used for authentication when the loca...

Page 244: ...tion where the link goes up and down These links include those for ISDN L2TP tunnels IPSec tunnels and dial backup For dial backup the phone number is used when dialing out using the backup V 90 modem...

Page 245: ...on 1 Primary phone number or first ISDN channel 2 Alternative phone number or first ISDN channel phone a a Digits the asterisk and the characters are accepted use a comma to specify a 2 second pause D...

Page 246: ...ed This could be useful if the other PPP system does not completely support IP address negotiation Response Command prompt option Specify one of the following options compression Van Jacobson compress...

Page 247: ...e same time and this could crash the PPP server To solve this problem turn on the PPP retry timer for each remote Then when the link comes back up each router waits a random time before attempting rec...

Page 248: ...hanges the lines presented in the display phone numbers are displayed only for asynchronous See the example below Mgmt Class Network R W Input Format remote setprefer async fr hsd remotename Parameter...

Page 249: ...ur System Name when dialing out gwbush Our Password used when dialing out yes Disconnect timeout in seconds 60 Min max channels 0 1 Interface in use ASYNC Protocol in use PPP Authentication disabled A...

Page 250: ...the Technical Reference manual Mgmt Class Network R W Input Format remote setProtocol PPP PPPLLC RFC1483 RFC1483MER FRF8 RAWIP remotename Parameters Response Command prompt ppp PPP protocol with VC m...

Page 251: ...ponse Command prompt vpi number Virtual Path ID number that identifies the link formed by the virtual path vci number Virtual Circuit ID number that identifies a channel within a vir tual path in a DS...

Page 252: ...support IP address negotiation under PPP i e numbered mode is required and the remote router cannot specify a WAN IP address for use during the negotiation process Mgmt Class Network R W Input Format...

Page 253: ...ormat remote setspeed bitrate default async 1 2 remotename Parameters Examples The following command specifies the primary phone number and its bit rate The following commands specifies the alternativ...

Page 254: ...etwork Another instance is to force numbered mode and to prevent the remote router from changing the target WAN IP address through IPCP address negotiation The target WAN IP address defaults to the Et...

Page 255: ...irable if your service provider charges by the hour However the connection has to wait a few seconds each time a channel is re allocated NOTE The timeout period set by this command is not effective if...

Page 256: ...E A reboot ends the active session to start a session after the reboot you must enter another remote start command To stop an active session for the remote use the remote stop command To stop and imme...

Page 257: ...ASCII string Name of the remote router remote setprefer fr backup remote list backup Current state Currently connected Current output bandwidth 0 bps Current input bandwidth 0 bps Current bandwidth a...

Page 258: ...command before stopping the remote interface NOTE The stop command does not disable the remote entry so another session can be started for the remote To start an active session for the remote use the...

Page 259: ...y However the change is lost if it is not saved before the next remote restart or reboot Mgmt Class Network R W Input Format remote unbindipvirtualroute ipaddr tablename remotename Parameters Example...

Page 260: ...Chapter 6 Remote Commands Efficient Networks Router family Command Line Interface Guide Page 6 72 Efficient Networks This page intentionally left blank...

Page 261: ...e Multi Tone commands see DMT Commands Dual Ethernet commands see Dual Ethernet Router ETH Commands Frame Relay commands see Frame Commands HDSL High speed Digital Subscriber Line commands see HDSL Co...

Page 262: ...ds To see the syntax for a command enter the command followed by a Mgmt Class Network R Input Format adsl Parameters None Response A listing of the ADSL commands and keywords with a brief description...

Page 263: ...LAM Mgmt Class Network R Input Format adsl speed Parameters None adsl restart 12 02 1997 12 47 46 ADSL Idle 12 02 1997 12 47 46 ADSL Startup initiated 12 02 1997 12 47 48 ADSL Startup training in prog...

Page 264: ...rk R W Input Format adsl stats clear Parameters Response Statistical information displayed adsl speed downstream rate 6272 Kb s upstream rate 1088 Kb s When entered with no parameters the current ADSL...

Page 265: ...command enter the command followed by a Mgmt Class Network R Input Format atm Parameters None Response Lists the supported ATM commands and keywords and a brief description of their function inconsist...

Page 266: ...ream speed attained When the command changes the processor clocks only certain discrete values are allowed The speed achieved is the allowed speed value that is equal to or the next lower value to the...

Page 267: ...eam speed is 326 Kb s Generally your Network Service Provider should provide you with your speed value If your service provider states your speed value in cells per second enter the value using the co...

Page 268: ...l Rate PCR ATM traffic shaping should be used to allocate bandwidth whenever more than one remote router is defined Enter a remote setATMTraffic command for each remote For example if you have five re...

Page 269: ...tream data rate of 20 Kbps 47 cells s is desired you would issue the following command If a constant bit rate CBR is required use the following command Response Command prompt scr a a Integer Sustaine...

Page 270: ...y include dmt Lists the supported DMT keywords To see the syntax for a command enter the command followed by a Input Format dmt Mgmt Class Network R Parameters None Response Lists the supported DMT co...

Page 271: ...u do not want the CO and CPE to negotiate the link type but instead want to specify the type of data link required CAUTION This command forces the CPE into the specified mode It is not for normal use...

Page 272: ...de command can request one of three modes ANSI no_Trellis_ANSI and UAWG NOTE UAWG mode is becoming obsolete No Trellis encoding for T1 413 ANSI ADSL is only needed where auto negotiation is not suppor...

Page 273: ...ngle 10Base T connector This Dual Ethernet router may be configured via the Web Browser GUI or from the Command Line Interface CLI To set up any DHCP options and to configure optional features like IP...

Page 274: ...mmand requires a reboot of the router for the change to take effect Mgmt Class Network R W Input Format eth br enable Parameters None Response Command prompt eth br disable Disables bridging in a Dual...

Page 275: ...e Protocol stp setting without approval from your system administrator The PPPoESet option limit this Ethernet port to bridging PPPoE traffic only If the option is set to off then the port can bridge...

Page 276: ...e Page 7 16 Efficient Networks Examples The following command turns off the spanning tree protocol for Ethernet port 0 The following command configures Ethernet port 1 so that only PPPoE traffic is br...

Page 277: ...ollowed by a Mgmt Class Network R Input Format frame Parameters None Response Lists the supported frame relay commands and keywords and a brief description of their function Table 7 5 Frame Relay Comm...

Page 278: ...r is configured using Copper Mountain Plug Play see Chapter 3 of the Technical Reference manual Mgmt Class Network R W Input Format frame cmpplay router bridge Parameters Response Command prompt frame...

Page 279: ...ived as well as LMI events frame stats FR 0 Frame Relay Statistics ANSI LMI Protocol Errors 0 Unknown Msg Recv 0 T391 Timeouts 0 PVC Status Changes 0 StatusEnq Sent 0 Status Recv 0 StatusEnq Recv 0 Un...

Page 280: ...Mgmt Class Voice R Input Format frame voice Parameters None Response Command prompt LMI State UNKNOWN Status State Changes 0 Active to Not Active Changes 0 Not Active to Active Changes 0 Data Packets...

Page 281: ...and enter the command followed by a Mgmt Class Network R Input Format gti Parameters None Response A listing of the gti commands and keywords with a brief description of their function gti speed Displ...

Page 282: ...rmat gti speed Parameters None Response gti stats Shows the operational time for the system and ADSL connection Mgmt Class Network R Input Format gti stats Parameters None Response Statistical informa...

Page 283: ...Chapter 7 WAN Interface Commands Efficient Networks Page 7 23 gti version Displays GTI ADSL version information Mgmt Class Network R Input Format gti speed Parameters None Response GTI ADSL Version in...

Page 284: ...the syntax for a command enter the command followed by a Mgmt Class Network R Input Format hdsl Parameters None Response Lists the supported HDSL commands and keywords and a brief description of thei...

Page 285: ...rameters None Response Command prompt hdsl speed Manages the line speed for the HDSL interface as follows CO end Sets the speed manually on the Central Office CO end only CPE end The router on the Cus...

Page 286: ...gmt Class Network R W Input Format hdsl terminal cpe co Parameters Response Command example displaying current mode When entered with no parameters the current speed is dispaly ed a a Available only i...

Page 287: ...nd Mgmt Class Network R Input Format idsl list Parameters None Response Typical response Table 7 8 IDSL Command Listing Command Function idsl list Lists the current switch type idsl save Saves the IDS...

Page 288: ...rk R W Input Format idsl save Parameters None Response Command prompt idsl set speed Specifies the speed of the IDSL connection The IDSL bandwidth is composed of two 64 Kbps B channels plus one 16 Kbp...

Page 289: ...mote router entry The DLCI Data Link Connection Identifier is an address identifying a logical connection in a Frame Relay environment The DLCI is generally provided by the Network Service Provider Th...

Page 290: ...der should provide which link protocol to use Mgmt Class Network R W Input Format remote setProtocol ppp fr mer remotename Parameters Response Command prompt dlcinumber a a Integer Frame Relay number...

Page 291: ...syntax for a command enter the command followed by a Mgmt Class Network R Input Format sdsl Parameters None Response Lists the supported SDSL commands and keywords and a brief description of their fun...

Page 292: ...of the connection NOTE Remember to enter an sdsl save or save command to save SDSL changes across restarts and reboots For more information on the autobaud feature see Auto baud preactivation Mgmt Cla...

Page 293: ...ompt sdsl speed Manages the speed of the SDSL line At the Central Office CO end the command sets the speed manually only At the Customer Premises Equipment CPE end the command can Display the current...

Page 294: ...tion is no longer in effect the AUTO indicator is not displayed Response See examples above When entered with no parameters the current speed is displayed speed Speed in kbps a a If the auto speed sea...

Page 295: ...ault configured as Customer Premises Equipment CPE Use this command if to configure the router as Central Office equipment CO Mgmt Class Network R W Input Format sdsl terminal cpe co Parameters Respon...

Page 296: ...ex A or annex B of the G shdsl standard shdsl list Lists the current configuration of the G shdsl interface shdsl margin Specifies the acceptable noise margin in decibels shdsl ratemode Selects adapti...

Page 297: ...ion of their function shdsl annex Selects annex A or annex B of the G shdsl standard The annex used depends on the DSLAM the router is to connect to In general annex B is used in Europe and annex A is...

Page 298: ...Lists the current configuration of the G shdsl interface Mgmt Class Network R Input Format shdsl list Parameters None Response The following is a typical response shdsl list G SHDSL INTERFACE CONFIGUR...

Page 299: ...s unstable you may need to increase the margin Mgmt Class Network R W Input Format shdsl margin dB Parameters Response Current margin is displayed shdsl ratemode Selects adaptive or fixed rate mode Mg...

Page 300: ...displayed shdsl restart Restarts the G shdsl WAN interface NOTE Unlike a reboot a restart does not discard unsaved changes Mgmt Class Network R W Input Format shdsl restart Parameters None Response C...

Page 301: ...r Premises Equipment CPE and the line speed desired is the maximum allowed by the central office CO This command can Display the current requested speed and actual speed shdsl speed with no parameter...

Page 302: ...dsl rates This command usage requests a line speed of 1096 Kb s Response See examples above Enter the command with no parameter to display the current speed speed a b a Integer 72 2312 in increments o...

Page 303: ...ed with clear parameter Enter the command with no parameter to display the current speed clear Option used to reset the statistical counters shdsl stats SHDSL 24hr statistics displayed in time period...

Page 304: ...ter is assumed to be CPE Use this command if the router is to be used as CO Mgmt Class Network R W Input Format sdsl terminal cpe co NOTE To determine the current CO CPE setting enter shdsl terminal w...

Page 305: ...Guide Chapter 7 WAN Interface Commands Efficient Networks Page 7 45 shdsl ver Displays the G shdsl version level of the modem firmware Mgmt Class Network R W Input Format shdsl ver Parameters None Res...

Page 306: ...Chapter 7 WAN Interface Commands Efficient Networks Router family Command Line Interface Guide Page 7 46 Efficient Networks This page intentionally left blank...

Page 307: ...ed in this section are included in Table 8 1 DHCP Command Listing To read about DHCP concepts and the DHCP configuration process see DHCP Dynamic Host Configuration Protocol on page 4 2 of the Technic...

Page 308: ...s a subnetwork or a client lease dhcp enable Enables a subnetwork or a client lease dhcp list Lists global subnetwork and client lease informa tion dhcp list definedoptions Lists all available predefi...

Page 309: ...dhcp Parameters None Response List of the supported DHCP commands and keywords and a brief description of their function dhcp add Provides one of three types of DHCP definitions subnetwork client leas...

Page 310: ...er has a minimum of one up to a maximum of four IP addresses and the type is ipaddress Response Command prompt net a a Dotted decimal notation IP address of the subnetwork lease mask a IP network mask...

Page 311: ...uest is issued whenever a device attempts to acquire an IP address It forwards every reply received from any of the servers in the relay list to the appropriate LAN To remove an address from the list...

Page 312: ...w net ipaddr Parameters Response Command prompt dhcp bootp disallow Denies processing of a BootP request for a particular client or subnet Mgmt Class Network R W Input Format dhcp bootp disallow net i...

Page 313: ...TE The TFTP server IP address must be specified when specifying the file using the command dhcp bootp tftpserver Mgmt Class Network R W Input Format dhcp bootp file net ipaddr name Parameters Response...

Page 314: ...r tftpserver ipaddr Parameters Response Command prompt dhcp clear addresses Clears the values from a pool of addresses Mgmt Class Network R W Input Format dhcp clear addresses net Parameters Response...

Page 315: ...s the DHCP DAT file intact If you want to clear the information in the DHCP DAT file as well enter a save command after dhcp clear all records Mgmt Class Network R W Input Format dhcp clear all record...

Page 316: ...twork or with a specific client Mgmt Class Network R W Input Format dhcp clear valueoption net ipaddr code Parameters Response Command prompt ipaddr a a Dotted decimal notation IP address of the subne...

Page 317: ...command to delete the defined subnetwork Example command usage deleting a client lease Example command deleting the user defined option with code 128 Response Command prompt net a a Dotted decimal no...

Page 318: ...and resumes processing DHCP requests and also BootP requests if BootP processing is enabled To add an address to the list use the command dhcp addrelay command For further discussion see Configuring B...

Page 319: ...or a client lease Mgmt Class Network R W Input Format dhcp enable all net ipaddr Parameters Response Command prompt all Disables all subnets net a a Dotted decimal notation IIP address of the subnetwo...

Page 320: ...lobal DHCP in formation net a a Dotted decimal notation IIP address of the subnetwork lease ipaddr a IIP address of the client lease dhcp list bootp server none bootp file DOMAINNAMESERVER 6 192 168 2...

Page 321: ...st 192 168 254 3 Client 192 168 254 3 Enabled lease Default expires 1998 5 16 11 31 33 bootp not allowed bootp server none bootp file HOSTNAME 12 JO CLIENTIDENTIFIER 61 1 2 96 140 76 149 180 dhcp list...

Page 322: ...ed a a Options may be predefined and or user defined code Predefined or user defined number or keyword net b b Dotted decimal notation Character string dhcp list definedoptions code TIMEOFFSET 2 1 occ...

Page 323: ...4 1 occurrence type BINARY code ARPCACHETIMEOUT 35 1 occurrence type LONGINT code ETHERNETENCAP 36 1 occurrence type BINARY code TCPDEFAULTTTL 37 1 occurrence type BYTE code TCPKEEPALIVEINTVL 38 1 occ...

Page 324: ...5 characters type STRING code NISSERVERS 65 1 to 63 occurrences type IPADDRESS code TFTPSERVERNAME 66 4 to 255 characters type STRING code BOOTFILENAME 67 1 to 255 characters type STRING code MOBILEIP...

Page 325: ...st ipaddr Parameters Response Command prompt dhcp set expire Allows manual changing of a client lease expiration time to a certain value NOTE The client information does not get updated it will still...

Page 326: ...decimal notation P address of the client lease hours b b Integer minimum 1 168 Lease time default Lease time that has been specified at the subnetwork or glo bal level infinite No lease time limit th...

Page 327: ...this subnet Response Command prompt dhcp set mask Used to conveniently change the mask of a DHCP subnet without having to delete and recreate the subnet and all its entries Mgmt Class Network R W Inpu...

Page 328: ...detected on the LAN Mgmt Class Network R W Input Format dhcp set otherserver net continue stop Parameters Response Command prompt net a a Dotted decimal notation IP address of the subnetwork lease co...

Page 329: ...thus sets a global value for the domainnameserver option Response Command prompt ipaddr a a Dotted decimal notation Specify the client IP address if the option value applies only to the client lease N...

Page 330: ...Chapter 8 DHCP Commands Efficient Networks Router family Command Line Interface Guide Page 8 24 Efficient Networks This page intentionally left blank...

Page 331: ...resses Management of traffic performance Restrict a tunnel so it can be established only with a specific remote interface l2tp set wanif The L2TP commands found in this section include Table 9 1 L2TP...

Page 332: ...the router to protect some L2TP control information using hidden AVPs l2tp set ouraddress Specifies the source IP address used when the tunnel is originated l2tp set ourpassword Specifies the router s...

Page 333: ...Mgmt Class Security R Input Format l2tp Parameters None Response Lists the supported L2TP commands and keywords and a brief description of their function l2tp add Creates a tunnel entry Mgmt Class Se...

Page 334: ...ut creating a session Mgmt Class Security R W Input Format l2tp call tunnelname Parameters Example Example command adding the tunnel named PacingAtWork Response Command prompt l2tp close Closes an L2T...

Page 335: ...Example command deletes the tunnel named PacingAtWork Response Command prompt L2TP unit number a a Integer IP address of the subnetwork lease n tunnelname b b ASCII string Name of the tunnel c c The t...

Page 336: ...normally used when the router is acting as a LAC or both a LAC and LNS NOTE Only one tunnel entry can have this option set Mgmt Class Security R W Input Format l2tp forward all none tunnelname Parame...

Page 337: ...e l2tp list INFORMATION FOR pacingAtWork type L2TPClient LAC will not dial LNS All Incoming Calls Tunneled here no CHAP challenge issued yes hidden AVPs used yes sequencing pacing window pacing sequen...

Page 338: ...y for this address must be explicitly added Normally this routing entry will be added to remote entry which has the default route NOTE When a remote router tries to create a tunnel the remote router s...

Page 339: ...ded a CHAP secret has been configured Mgmt Class Security R W Input Format l2tp set authen on off tunnelname Parameters Response Command prompt l2tp set chapsecret Creates a CHAP secret This CHAP secr...

Page 340: ...router to protect some L2TP control information such as names and passwords for a PPP session using hidden AVPs This command is often used to turn off hidden AVPs no option in cases where the other en...

Page 341: ...on is not being used all IP addresses on the Ethernet LAN would be visible You could then specify as the source IP address the Ethernet IP address of the router which would be visible instead of the W...

Page 342: ...et oursysname Specifies the router s name for PPP authentication on a per tunnel basis Mgmt Class Security R W Input Format l2tp set oursysname name tunnelname Parameters Response Command prompt passw...

Page 343: ...ame name is used Mgmt Class Security R W Input Format l2tp set ourTunnelName name tunnelname Parameters Response Command prompt l2tp set remotename Creates the host name of the remote tunnel NOTE If t...

Page 344: ...The name is case sensitive Host name of the remote tunnel This is the fully qualified domain name of the remote host tunnelname a b Name of the tunnel all The router is configured to act as both a LAC...

Page 345: ...f remote tunnelname Parameters Examples This command example restricts the tunnel named OfficeTunnel to the remote interface named officertr This command example clears the remote interface restrictio...

Page 346: ...ng Sequence numbers are placed in the L2TP payload packets When a session is created the router specifies a window size Acknowledgments for received packets are issued nosequencing No sequence numbers...

Page 347: ...tunnel calls Use this command if your router acts as an LNS You must also specify PPP authentication and IP routes for this remote Mgmt Class Security R W Input Format remote setl2tpclient tunnelname...

Page 348: ...remote entry through the tunnel named TunnelName if your router is the client NOTE The remote entry must also have appropriate information such as PPP authentication IP routing IPX routing bridging o...

Page 349: ...base and let all other packets pass Allow mode will only pass the packets that match the allow filter database and discard all others Up to 40 deny and 40 allow filters can be activated from the filte...

Page 350: ...d specifies the position within the packet that is checked and the data that must appear in that location in order for the packet to match this filter Mgmt Class Security R W Input Format filter br ad...

Page 351: ...er to be deleted Mgmt Class Security R W Input Format filter br del pos data allow deny Parameters Example This command deletes the filter which denies the forwarding of packets that have the hex valu...

Page 352: ...and Line Interface Guide Page 10 4 Efficient Networks filter br list Lists the bridging filters in the filtering database Mgmt Class Security R W Input Format filter br list Parameters None Response T...

Page 353: ...5 filter br use Sets the mode of filtering to either deny allow or none Mgmt Class Security R W Input Format filter br use none deny allow Parameters Example This command enables allow filtering Resp...

Page 354: ...Chapter 10 Bridge Filtering Commands Efficient Networks Router family Command Line Interface Guide Page 10 6 Efficient Networks This page intentionally left blank...

Page 355: ...oeservice Defines the remote router entry as a PPPoE remote entry It also specifies the service to which PPPoE users connect through this remote entry NOTE Enter this command immediately after the rem...

Page 356: ...E sessions use the command pppoe list Mgmt Class Security R W Input Format pppoe close ifsnumber Parameters Response Command prompt service a a ASCII string Name of the PPPoE service to which this rem...

Page 357: ...t Lists information about the currently active PPPoE sessions Mgmt Class Security R W Input Format pppoe list Parameters None Response Typical response pppoe list PPPoE Client Session DialUpPPP net PP...

Page 358: ...Chapter 11 PPPoE Commands Efficient Networks Router family Command Line Interface Guide Page 11 4 Efficient Networks This page intentionally left blank...

Page 359: ...entry as a PPPoE re mote entry ike flush Closes a currently active PPPoE session ike ipsec policies add Lists information about the currently active PPPoE sessions ike ipsec policies delete Deletes a...

Page 360: ...he IPSec proposals ike ipsec proposals set ah auth Sets the proposal parameter that determines whether AH message authentication is requested and if it is requested the hash algorithm used ike ipsec p...

Page 361: ...ting IKE proposal ike proposals list Lists the IKE proposals ike proposals set dh_group Sets the IKE proposal parameter that specifies the Diffie Hellman DH key generation group used no group or group...

Page 362: ...authen tication SA ipsec set compression Selects either LZ compression or no compression for the IPSec security authentication SA ipsec set enckey Specifies the encryption key for the IPSec security a...

Page 363: ...to list the supported IKE IPSEC and IKE IPSEC keywords To see the syntax for a command enter the command followed by a Mgmt Class Security R Input Format ike ipsec for IKE IPSec sub commands ike for I...

Page 364: ...t makes sure that no IPSec traffic arrives at the router before the router is ready for it Mgmt Class Security R W Input Format ike commit on off help Parameters Response Command prompt ike flush Clea...

Page 365: ...on page 5 61 Mgmt Class Security R W Input Format ike ipsec policies add policyname Parameters Example Response Command prompt ike ipsec policies delete Deletes an existing IPSec policy To define IPSe...

Page 366: ...able command Mgmt Class Security R W Input Format ike ipsec policies disable policyname Parameters Example Response Command prompt policyname a a ASCII string Name of an existing IPsec policy b b To s...

Page 367: ...the policy is complete and the policy is ready to be used The enable command can also be used to re enable a disabled policy For more information see IKE IPSec Policy Commands on page 5 61 Mgmt Class...

Page 368: ...IPSec Policy Commands on page 5 61 Mgmt Class Security R Input Format ike ipsec policies list Parameters None Response Typical response ike ipsec policies list IKE IPSec policies mypolicy enabled Sou...

Page 369: ...policies set destport Defines a destination port filtering parameter value for the policy The destination port parameter requires a specific destination port for the data or allows any destination por...

Page 370: ...icy The port can be specified by one of the listed names or by its number To allow data through for any destination port specify an asterisk telnet http snmp tftp policyname a a ASCII string Name of t...

Page 371: ...specify the remote name as the interface for the policy Otherwise if the policy can be used regardless of the connected interface specify the string none To read about Dial Backup see Dial Backup on p...

Page 372: ...face that must be connected when the policy is used This is usually referenced by a remote name although it could be another interface such as ethernet 0 If no interface restriction is to be set for t...

Page 373: ...icyname Parameters Example Response Command prompt tunnel transport Encapsulation method required for the connection The de fault value is TUNNEL policyname a Name of the IPsec policy to which the enc...

Page 374: ...nection and no Diffie Hellman group is used to encrypt the keys during rekey To read more about PFS see IKE Management on page 5 52 Mgmt Class Security R W Input Format ike ipsec policies set pfs 1 2...

Page 375: ...than one value for the proposal parameter For example two set proposal commands could specify two proposals either of which could be used by the connection see IKE IPSec Policy Commands on page 5 61...

Page 376: ...ike ipsec policies set protocol protocolnumber tcp udp policyname Parameters Examples Response Command prompt protocolnumber Protocol required by the policy The protocol can be specified by number or...

Page 377: ...at sent the packet not the router that routes the packet Mgmt Class Security R W Input Format ike ipsec policies set source ipaddress ipmask policyname Parameters Example Response Command prompt ipadd...

Page 378: ...gmt Class Security R W Input Format ike ipsec policies set sourceport portnumber telnet http smtp tftp policyname Parameters Examples Response Command prompt portnumber Source port whose data is allow...

Page 379: ...dress is not the desired choice for the network address translation you can define a virtual Ethernet interface A virtual Ethernet interface can be created to translate to an arbitrary IP address see...

Page 380: ...the desired NAT address is 10 0 0 1 so you create a virtual interface 0 99 turn off RIP for the interface and assign it the address 10 0 0 1 24 eth add 0 99 eth ip opt txrip off 0 99 eth ip opt rxrip...

Page 381: ...page 5 58 Mgmt Class Security R W Input Format ike ipsec proposals delete proposalname Parameters Example Response Command prompt proposalname a a ASCII string New name for an IPsec proposal b b To se...

Page 382: ...list Lists the IPSec proposals For more information see IKE IPSec Proposal Commands on page 5 58 Mgmt Class Security R W Input Format ike ipsec proposals list Parameters None Response Typical respons...

Page 383: ...ommands on page 5 58 Mgmt Class Security R W Input Format ike ipsec proposals set ahauth md5 sha1 none proposalname Parameters Example Response Command prompt md5 Use AH encapsulation and authenticate...

Page 384: ...sha1 none proposalname Parameters Example Response Command prompt md5 Use ESP encapsulation and authenticate using hash algorithm Message Digest 5 sha1 Use ESP encapsulation and authenticate using ha...

Page 385: ...s Use ESP encapsulation and 56 bit encryption 3des Use ESP encapsulation and 168 bit encryption if 3DES is en abled in the router null No encryption but use ESP encapsulation Headers are inserted as t...

Page 386: ...rameter that specifies the maximum number of kilobytes for the IPSec SA 0 means unlimited After the maximum data is transferred IKE renegotiates the connection By limiting the amount of data that can...

Page 387: ...ue is 86400 24 hours When the time limit expires IKE renegotiates the connection For more information on proposal parameters see IKE IPSec Proposal Commands on page 5 58 Mgmt Class Security R W Input...

Page 388: ...y R W Input Format ike peers add peername Parameters Example Response Command prompt seconds a a Integer Maximum number of seconds before renegotiation 0 means unlimited proposalname b b ASCII string...

Page 389: ...Mgmt Class Security R W Input Format ike peers delete peername Parameters Example Response Command prompt ike peers list Lists the defined IKE peers For more information see IKE Peer Commands on page...

Page 390: ...address If the mode is aggressive mode one end of the connection the gateway has a fixed IP address The other end the client has a changing address When configuring the client set the peer IP address...

Page 391: ...cal ID must match the peer ID on the other end of the connection The local ID can be an IP address domain name or e mail address as specified by the ike peers set localidtype command For more informat...

Page 392: ...type must match the peer ID type on the other end of the connection The possible ID types are IP address domain name or e mail address For more information see IKE Peer Commands on page 5 56 Mgmt Cla...

Page 393: ...rompt Choose one of the following ipaddr The local ID must be an IP address domainname The local ID must be a domain name email The local ID must be an e mail address peername a a ASCII string Name of...

Page 394: ...one end can change as with a typical modem or DSL connection See Main Mode and Aggressive Mode on page 5 54 Mgmt Class Security R W Input Format ike peers set mode main aggressive peername Parameters...

Page 395: ...peerid aggressivemodeid peername Parameters Example Response Command prompt ike peers set peeridtype Sets the type of the peer ID for the IKE peer connection This command is used only when aggressive...

Page 396: ...put Format ike peers set secret secret peername Parameters Choose one of the following ipaddr The peer ID must be an IP address domainname The peer ID must be a domain name email The peer ID must be a...

Page 397: ...on page 5 52 Mgmt Class Security R W Input Format ike proposals add ProposalName Parameters Example Response Command prompt ike proposals delete Deletes an existing IKE proposal For more information...

Page 398: ...mands on page 5 58 Mgmt Class Security R Input Format ike proposals list Parameters None Response Typical response proposalname a a ASCII string Name of the IKE proposal to delete b b To see the peer...

Page 399: ...See IKE Proposal Commands on page 5 58 Mgmt Class Security R W Input Format ike proposals set dh_group none 1 2 proposalname Parameters Example Response Command prompt Choose one of the following non...

Page 400: ...meter that specifies the length of time in seconds before the Phase 1 SA expires the recommended value is 86400 24 hours When the time limit expires IKE renegotiates the connection See IKE Management...

Page 401: ...ion or it can propose authentication using the hash algorithm Message Digest 5 MD5 or Secure Hash Algorithm 1 SHA1 Mgmt Class Security R W Input Format ike proposals set message_auth none md5 sha1 pro...

Page 402: ...name Parameters Example Response Command prompt none No authentication md5 Authentication using the Message Digest 5 algorithm sha1 Authentication using algorithm Secure Hash Algorithm 1 proposalname...

Page 403: ...rity on page 5 50 NOTE If you define a tunnel using IPSec commands the keys will remain static This could pose a security risk and is not recommended Use of IKE for key management is recommended ipsec...

Page 404: ...saname Parameters Example Response Command prompt ipsec disable Disables a defined IPSec security association entry Mgmt Class Security R W Input Format ipsec disable saname Parameters saname a a ASCI...

Page 405: ...able Enables a defined IPSec security association entry indicating it is complete and ready to be used Mgmt Class Security R W Input Format ipsec enable saname Parameters Example Response Command prom...

Page 406: ...lush Clears all IPSec definitions Mgmt Class Debug R W Input Format ipsec flush Parameters None Response Command prompt ipsec list Lists one or all of the IPSec security association SA entries Mgmt Cl...

Page 407: ...ow_rx Gateway 207 135 89 233 Inbound Tunnel Both 3DES key 1111111122222222333333334444444455555555 SHA1 key aaaaaaaabbbbbbbbccccccccdddddddd 20 No compression ID 424242 seq 1 bitmap ffffffff show_tx G...

Page 408: ...ication md5 sha1 saname Parameters Example Response Command prompt ipsec set authkey Specifies the authentication key for the IPSec SA Mgmt Class Security R W Input Format ipsec set authkey key saname...

Page 409: ...Response Command prompt key Hexadecimal authentication key saname a a ASCII string Name of the IPSec SA to which the authentication key is added b b To see the IPSec SA names in use use the ipsec list...

Page 410: ...ion none lzs saname Parameters Example Response Command prompt ipsec set enckey Specifies the encryption key for the IPSec SA Mgmt Class Security R W Input Format ipsec set enckey key saname Choose on...

Page 411: ...ample Response Command prompt key a a 64 bits for DES 192 bits for 3DES Hexadecimal encryption key saname b b ASCII string Name of the IPSec SA to which the authentication key is added c c To see the...

Page 412: ...sec set ident Specifies the identifier SPID for the IPSec tunnel It must match the SPID at the other end of the tunnel that is the tx SPID on this end must match the rx SPID on the other end Mgmt Clas...

Page 413: ...ansport saname Parameters Example Response Command prompt ident a a ASCII string SPID for the IPSec tunnel saname a Name of the IPSec SA b b To see the IPSec SA names in use use the ipsec list command...

Page 414: ...Mgmt Class Security R W Input Format ipsec set service esp ah both saname Parameters Example Response Command prompt Choose one of the following esp ESP encryption ah AH authentication both Use Both E...

Page 415: ...e Lists the top level voice or dsp commands and keywords and a brief description of their function dsp ecode Deletes the IP address of the entry in the Address Resolution Protocol ARP table dsp jitter...

Page 416: ...t Networks dsp voice Two commands are used to list the voice related commands To see the syntax for a command enter the command followed by a Mgmt Class Voice R Input Format dsp voice Parameters None...

Page 417: ...ass Voice R W Input Format dsp ecode alaw ulaw Parameters Example The following command example will set the voice encoding method to alaw Response Typical response when entered with no parameters Whe...

Page 418: ...o changing the jitter buffer size cease any active calls and close all data transfers Mgmt Class Voice R W Input Format dsp jitter milliseconds Parameters Example The following command example will ch...

Page 419: ...onse Typical response when entered with no parameters Typical response when configuration has been changed When entered with no parameter the current configuration is dis played port a a Integer 1 4 o...

Page 420: ...Mgmt Class Voice R W Input Format dsp save Parameters None Response Command prompt dsp vr Displays the current voice rate and encoding type Mgmt Class Voice R Input Format dsp vr port Parameters Resp...

Page 421: ...d is only enabled when configured for operation with a Jetstream voice gateway Mgmt Class Voice R W Input Format voice profile profile Parameters None Response Command prompt voice l2stats Displays L2...

Page 422: ...e profile profile Parameters Example The following command example will change the voice profile to profile 7 Response Example response confirming the configuration change voice l2stats Stats for Sub...

Page 423: ...Mgmt Class Voice R W Input Format voice refreshcas active always Parameters Example The following command example will change the refresh cas mode to always The following command example entered with...

Page 424: ...Chapter 13 Voice Commands Efficient Networks Router family Command Line Interface Guide Page 13 10 Efficient Networks This page intentionally left blank...

Page 425: ...rad Lists the supported radius commands and key words rad deleteserver Deletes a configured radius server entry rad list secret Displays the radius servers shared secret authen tication rad list serve...

Page 426: ...Format rad Parameters None Response A listing of the rad commands and keywords and a brief description of their function rad deleteserver Deletes a configured radius server entry Mgmt Class Security R...

Page 427: ...isplays the radius servers shared secret authentication NOTE The local servers shared secret must match the remote server s shared secret or authentication will not occur Mgmt Class Security R Input F...

Page 428: ...d list server Displays the IP address and port for the primary and secondary radius servers Mgmt Class Security R Input Format rad list server Parameters None Response A typical response is shown belo...

Page 429: ...ommand prompt radius set server Sets the IP address and port values for the primary and or secondary radius server s Mgmt Class Secret R W Input Format radius set server IPAddr port server Parameters...

Page 430: ...arameters Response Command prompt radius set timeout Sets the number of seconds between retry attempts to the radius server Mgmt Class Security R W Input Format rad set timeout integer Parameters Resp...

Page 431: ...ccess control see Chapter 5 System Security in the Technical Reference Guide The user commands found in this section include Table 15 1 User Command Listing Command Function user Lists the supported u...

Page 432: ...on user enable Enables or disables authentication of the remote router during tunnel establishment using the CHAP secret user list Displays the contents of the user account data base user list lookup...

Page 433: ...dmin R W Input Format user add access lan wan console username Parameters Example The following example will add console access or the user VoiceAdmin Response See example above lan Adds user access t...

Page 434: ...min R W Input Format user add class class read write user_name Parameters Response A typical response is shown below class Must be one of the following admin Adds Admin management class for the specif...

Page 435: ...e optional parameters is used Mgmt Class Admin R W Input Format user add user user_name password template enable disable Parameters user_name a a ASCII string 6 32 characters User name and password ar...

Page 436: ...access methods for a user use the command user list Mgmt Class Admin R W Input Format user delete access lan wan console username Parameters Response A typical response is shown below user add user g...

Page 437: ...ad only permission will remove the management class from a user account Deleting a write permission from a user account will render the user account read only for the management class Mgmt Class Admin...

Page 438: ...above user delete user Deletes an existing user account from the management database Deletion of multiple user accounts is supported To view a user account listing use the command user list NOTE The...

Page 439: ...use the command user list NOTE The system must contain at least one enabled user account with privilege read and write access If only one privilege account exists it cannot be deleted or disabled Mgm...

Page 440: ...user enable username Parameters Response A typical response is shown when enabling the user account Admin1 user list Displays the contents of the user account database The username management class pr...

Page 441: ...mt Class read NETWORK SYSTEM ADMIN VOICE SECURITY DEBUG Mgmt Class write NETWORK SYSTEM ADMIN VOICE SECURITY DEBUG Access WAN LAN CONSOLE Status ENABLED Username Admin1 Password Mgmt Class read NETWOR...

Page 442: ...d Mgmt Class Admin R W Input Format user list lookup Parameters None Response A typical response is shown below user list template Displays the pre defined user template information Mgmt Class Admin R...

Page 443: ...AN LAN CONSOLE Status ENABLED Template 2 Username NetworkManager Password Mgmt Class read NETWORK SYSTEM Mgmt Class write NETWORK SYSTEM Access WAN LAN CONSOLE Status ENABLED Template 3 Username Secur...

Page 444: ...t Class Admin R W Input Format user set lookup primary secondary local radius none primary secondary local radius none Parameters NOTE Atleast one location primary or secondary must be set to local Re...

Page 445: ...ser account Mgmt Class Admin R W Input Format user setpassword user_name new_password Parameters Response A typical response is shown below user_name a a ASCII string 6 32 characters The user name and...

Page 446: ...Chapter 15 User Commands Efficient Networks Router family Command Line Interface Guide Page 15 16 Efficient Networks This page intentionally left blank...

Page 447: ...90 modem IP Stack IP Stack Check IP Security and IKE Internet Key Exchange L2TP Tunneling Quality of Service QOS Remote Authentication Service RADIUS client SSH Secure Shell Server Stateful Firewall...

Page 448: ...key commands and a brief description of their function key disable Disables a key enabled feature key enable Enables a feature key that has been previously added to the key enabled feature database k...

Page 449: ...ondition The key state is Manufacturing or Legacy NOTE The key will not be written to flash memory until a save command has been issued Mgmt Class Security R W Input Format key add key_string Paramete...

Page 450: ...ty of service or may otherwise effect system operation NOTE Features with keys that have expired or have been revoked cannot be deleted nor can Legacy or Manufacturing keys be deleted Mgmt Class Secur...

Page 451: ...lt in reduced security or quality of service or may otherwise effect system operation NOTE Disabling a feature does not change or extend the expiration date of the feature key NOTE Legacy or Manufactu...

Page 452: ...Mgmt Class Security R W Input Format key enable featurename Parameters Response A typical response is shown below key list Lists the contents of the key enabled feature database Information provided i...

Page 453: ...ipsec IP Security Not Inst d ipstack IP Stack 1 MFG l2tp L2TP Tunneling Not Inst d radius RADIUS Client Not Inst d sshd SSH Server Not Inst d Feature name Description En Rv Ex Installed Expires 3des 3...

Page 454: ...d added NOTE Manufacturing or Legacy keys cannot be revoked Mgmt Class Security R W Input Format key revoke feature Parameters Response A typical response is shown below key unrevoke Unrevokes a previ...

Page 455: ...W Input Format key update key_string Parameters Response A typical response is shown below key_string a a The key string is case sensitive and must be entered exactly as received and with no spaces U...

Page 456: ...Chapter 16 Key Commands Efficient Networks Router family Command Line Interface Guide Page 16 10 Efficient Networks This page intentionally left blank...

Page 457: ...ter via SNMP Same function as system addsnmpfilter snmp addtrapdest Adds an SNMP Trap manager by IP address snmp community Sets the SNMP community to which the router be longs snmp delsnmpfilter Delet...

Page 458: ...Validates SNMP clients by defining a range of IP addresses that are allowed to access the router via SNMP This validation feature is off by default NOTE This command is functionally equivalent to sys...

Page 459: ...ommand snmp list For additional information on SNMP see SNMP on page 7 2 NOTE This command does not require a reboot and is effective immediately Mgmt Class Network R W Input Format snmp addstrapdest...

Page 460: ...a save to be persistent across reboots Mgmt Class Network R W Input Format snmp community snmp community name Parameters Example The following example sets the SNMP community name to iads Response Exa...

Page 461: ...OTE This command does not require a reboot and is effective immediately NOTE To list the range of allowed clients use the command system list For more information on SNMP see Mgmt Class Network R W In...

Page 462: ...and does not require a reboot and is effective immediately Mgmt Class Network R W Input Format snmp deltrapdest ip addr Parameters Response Command prompt snmp disablesnmpif Disables SNMP access from...

Page 463: ...not require a reboot and is effective immediately Mgmt Class Network R W Input Format snmp enablesnmpif wan lan Parameters Response Command prompt snmp list Displays current SNMP configuration inform...

Page 464: ...n of unsolicited trap event messages to trap destinations To see the current Global Trap Enable setting use the command snmp list NOTE This command does not require a reboot and is effective immediate...

Page 465: ...configuration NOTE This command does not require a reboot and is effective immediately Mgmt Class Network R W Input Format snmp snmppasswd passwd Parameters Response Example response when a password p...

Page 466: ...is command is the functional equivalent of system snmpport NOTE This command requires a save and reboot to take effect To see the current setting use the command snmp list For more information on SNMP...

Page 467: ...irewall allow Creates a firewall rule for inclusion in the allow rules list firewall clearcounter Clears the counter for a specified rule firewall clearcounter all Clears counters for all stateful fir...

Page 468: ...ny subsequent ICMP packets until the ICMP traffic drops below the threshold value firewall setsynflood threshold Sets the threshold value for the number of SYN packets per second which when exceeded w...

Page 469: ...ave the specified protocol a imap telnet bootp nntp rpc tftp smtp dns ftp rexec rsh rlogin syslog winframe rdp http https ntp smb ras realaudio netmeeting aolim quicktime cuseeme netshow pptp nfs nis...

Page 470: ...destination IP address is specified the firewall rule matches any valid IPV4 address sa first source ip addr last source ip addr The packet must have a source IP address within the specified address...

Page 471: ...ollowing example will allow only one machine 192 168 1 34 in the subnet to be able to FTP to the internet The following example will enable ports for one machine 192 168 1 34 in the subnet to use the...

Page 472: ...allow rules list The following example will clear the counter values for firewall rules 4 thorugh 10 of the deny rules list Response Command prompt firstrulenumber a a Integer Specifies a filter rule...

Page 473: ...ll rule or range of firewall rules based on firewall rule numbers NOTE If deleting a rule or rules from the firewall allow rules list the change will only be effective for subsequent sessions current...

Page 474: ...be performed for the changes to become effective Mgmt Class Security R W Input Format firewall delete all allow deny Parameters start rule number a a Integer Specifies the firewall rule or first rule...

Page 475: ...sses However for inbound rules the rules would need to use the router s WAN address Mgmt Class Security R W Input Format firewall deny protocol application parameters Parameters The following paramete...

Page 476: ...that is within the specified destina tion port range If no destination port is specified the firewall rule matches any des tination port in the range 0 65535 da first dest ip addr last dest ip addr Th...

Page 477: ...llow Optional parameter will display only allow rules list deny Optional parameter will display only deny rules list firewall list INFORMATION FOR FIREWALL Status off Watch on SYNFloodThreshold 200 IC...

Page 478: ...ifying a rule to allow what was previously denied the changes will be in effect for current sessions Mgmt Class Security R W Input Format firewall modify allow deny number parameter Parameters The fol...

Page 479: ...rlogin syslog winframe rdp http https ntp smb ras realaudio netmeeting aolim quicktime cuseeme netshow pptp nfs nis traceroute sqlnet ipsec Modifies the firewall rule type sp ICMP type first source po...

Page 480: ...of the firewall status Mgmt Class Security R W Input Format firewall set on off Parameters Response Command prompt firewall setdroppktthreshold Specifies a threshold value for the number of dropped pa...

Page 481: ...hreshold value for the number of ICMP packets per second When the specified threshold is exceeded the firewall will block any subsequent ICMP packets until the ICMP traffic drops below the threshold v...

Page 482: ...he threshold value for the number of SYN packets per second When the specified threshold is exceeded the firewall will block any subsequent SYN packets until the SYN traffic drops below the threshold...

Page 483: ...l will block any subsequent UDP packets until the UDP traffic drops below the threshold value For more information on UDP attacks see Stateful Firewall on page 4 34 Mgmt Class Security R W Input Forma...

Page 484: ...Addr 192 168 1 2 Dest Addr 1 1 1 1 ICMP type 8 ICMP code 0 3 10 17 2001 at 19 01 31 000 Packet matched a Deny Rule Protocol ICMP Src Addr 192 168 1 2 Dest Addr 1 1 1 1 ICMP type 8 ICMP code 0 4 10 17...

Page 485: ...is on a message is printed to the console serial port and any Syslog Servers when a packet is dropped or accepted or as specified in the message logging parameter within the firewall rule Mgmt Class...

Page 486: ...Chapter 18 Stateful Firewall Commands Efficient Networks Router family Command Line Interface Guide Page 18 20 Efficient Networks This page intentionally left blank...

Page 487: ...t SSH configuration with the ex ception of the list of public private key pairs and the configured SSH port ssh load privatekey Loads a precomputed private key from the speci fied TFTP server ssh load...

Page 488: ...onse Lists the supported SSH commands and a brief description of their functions ssh keygen Generates the Private Public key pair for the local server Mgmt Class Security R W Input Format ssh keygen P...

Page 489: ...sponse is shown below ssh load privatekey Loads a precomputed private key from the given TFTP server NOTE This command should be use in conjunction with the ssh load publickey command Mgmt Class Secur...

Page 490: ...ommand Mgmt Class Security R W Input Format ssh load publickey TFTP server addr pub key file Parameters Response A typical response is shown below server addr a a Dotted decimal notation IP address of...

Page 491: ...ty R W Input Format ssh set encryption type NOTE Multiple types are allowed on the command line Parameters Response A typical response is shown below Select from the following encryption types des DES...

Page 492: ...s Security R W Input Format ssh set idletimeout seconds Parameters Response A typical response is shown below ssh set keepalive Enables and disables keepalive messages transmission Keepalive messages...

Page 493: ...R W Input Format ssh set mac md5 sha1 NOTE Multiple types are allowed on the command line Parameters Response A typical response is shown below enablea a Default value Keepalive messages are sent dis...

Page 494: ...s Security R W Input Format ssh set rekeyinterval interval Parameters Response A typical response is shown below ssh set status Enables and disables SSH server connections Mgmt Class Security R W Inpu...

Page 495: ...H connections disable Disallows SSH connections ssh set status enable SSH Enabled Connections now permitted default Restores the SSH port value to the default value 22 and re enables the port disable...

Page 496: ...Chapter 19 SSH Commands Efficient Networks Router family Command Line Interface Guide Page 19 10 Efficient Networks This page intentionally left blank...

Page 497: ...tes a new QoS policy name and appends it to the end QoS policies list qos del Deletes a single or all existing QoS policies qos diffserv Enables and disables marking of the differentiated services fie...

Page 498: ...ates a new QoS policy name and appends it to the end QoS policies list To view the existing QoS policy names use the qos list command NOTE QOS policies are numbered sequentially with the initial polic...

Page 499: ...view the existing QoS policy numbers use the qos list command NOTE A QoS policy that is currently enabled cannot be deleted until it is disabled with the qos disable command Mgmt Class Network R W Inp...

Page 500: ...ces DiffServ field of the IP header Mgmt Class Network R W Input Format qos diffserv on off Parameters Response Command prompt qos disable Disables an existing QoS policy To view the existing QoS poli...

Page 501: ...S policy To view the existing QoS policies and their status use the qos list command Mgmt Class Network R W Input Format qos enable policy name Parameters Response Command prompt policy name a a ASCII...

Page 502: ...and adds the QoS policy mypolicya in the policies list immediately before mypolicy2 Response Command prompt qos list Displays QoS queue parameters and all user configured QoS policies For more informa...

Page 503: ...sitive Optional parameter that will display only the specified policy name qos list mypolicy3 QoS On DiffServ On Queue Priority Code Point Weight 0 HIGH 0x4 10 1 MEDIUM 0x3 10 2 NORMAL 0x2 10 3 LOW 0x...

Page 504: ...oS policy mypolicy3 to the location immediately before mypolicy4 in the QoS policies list Response Command prompt qos movetoend Moves an existing QoS policy to the end of the policies list To display...

Page 505: ...ponse Command prompt qos off Disables the QOS feature To view the current QoS status use the qos list command Mgmt Class Network R W Input Format qos off Parameters None Response Command prompt policy...

Page 506: ...ured To view the current QoS status use the qos list command NOTE QoS policies that are currently disabled will not be active Mgmt Class Network R W Input Format qos on Parameters None Response Comman...

Page 507: ...nge of addresses Off will disable source address checking da destination address a off start address end address Specifies the destination address or range of addresses Off will disable destination ad...

Page 508: ...ified policy becomes active du duration hh mm e Specifies the active time period for the policy r repetition off once mm dd yy everyday mon tue wed thu fri sat sun Specifies the policy as a one time r...

Page 509: ...ffic priority For more information on bandwidth management see the Technical Reference Manual Mgmt Class Network R W Input Format qos setweight high meduim normal low weight Parameters Response Comman...

Page 510: ...Chapter 20 QoS Commands SpeedStream Router family Command Line Interface Guide Page 20 14 Efficient Networks This page intentionally left blank...

Page 511: ...are used for Ethernet switch management and include Table 21 1 Switch Command Listing Command Function switch Lists the supported Switch sub commands switch agetime Specifies the aging time of the sw...

Page 512: ...brief description of their function switch agetime Specifies the aging time of the switch When age time expires the port MAC address entry will be removed from the table containing this information Mg...

Page 513: ...fficient Networks Page 21 3 switch block Disables the specified Ethernet Port The port can be re enabled with the switch unblock command Mgmt Class Network R W Input Format switch block port Parameter...

Page 514: ...nd 4 will be mirrored to the capture port 6 When entered with no parameters the current port mirroring state information is displayed see Response below on Enables port mirroring function If no additi...

Page 515: ...l response when entered with no parameters and port mirroring is currently enabled switch status Displays the current port states for the Ethernet switch Mgmt Class Network R Input Format switch statu...

Page 516: ...status No Connection 10Mb s Half Duplex Enabled Port 2 status No Connection 10Mb s Half Duplex Enabled Port 3 status No Connection 10Mb s Half Duplex Disabled Port 4 status Connected 100Mb s Full Dupl...

Reviews: