manualshive.com logo in svg

Allied Telesis AR2050V, Справочник по командам, Страница: 2708 / 2824

Поделиться
Скачать
Allied Telesis AR2050V Скачать руководство пользователя страница 2708

C613-50186-01 Rev B

Command Reference for AR2050V

2708

AlliedWare Plus™ Operating System - Version 5.4.7-1.x

IP

SEC

 C

OMMANDS

PFS

pfs

Overview

Use this command to enable PFS and set a Diffie-Hellman group for PFS in an IPsec 
profile.

Use the 

no

 variant to disable PFS.

Syntax

pfs {2|5|14|15|16|18} 

no pfs 

Default

PFS is disabled.

Mode

IPsec Profile Configuration

Usage

Perfect Forward Secrecy (PFS) ensures generated keys, for example IPsec SA keys 
are not compromised if any other keys, for example, ISAKMP SA keys are 
compromised.

The specified PFS group must match the PFS group setting on the peer - especially 
when IKEv2 is used for ISAKMP SA negotiation. With IKEv2, if there is a PFS group 
mismatch an IPsec SA will be established and the tunnel will come up because PFS 
is not required for the initial child SA negotiation. However, when the IPsec SA 
rekeys it will fail due to the PFS group mismatch, and upon IPsec SA expiry the 
tunnel will no longer be able to carry traffic.

Examples

To enable PFS and set a Diffie-Hellman group for PFS, use the following 
commands:

awplus(config)# 

crypto ipsec profile my_profile

awplus(config-ipsec-profile)# 

pfs 15

To disable PFS, use the following command:

awplus(config-ipsec-profile)# 

no pfs 

Related 

Commands

crypto ipsec profile

Parameter

Description

2

1024-bit MODP Group

5

1536-bit MODP Group

14

2048-bit MODP Group

15

3072-bit MODP Group

16

4096-bit MODP Group

18

8192-bit MODP Group

Содержание AR2050V

Страница 1: ...C613 50186 01 Rev B AR2050V SECURE VPN ROUTER Command Reference for AlliedWare Plus Version 5 4 7 1 x...

Страница 2: ...uction and shipping costs and a CD with the GPL code will be mailed to you GPL Code Request Allied Telesis Labs Ltd PO Box 8011 Christchurch New Zealand Allied Telesis AlliedWare Plus Allied Telesis M...

Страница 3: ...vileged Exec mode 100 end 102 exit 103 help 104 logout 105 show history 106 Chapter 2 File and Configuration Management Commands 107 Introduction 107 autoboot enable 110 boot config file 111 boot conf...

Страница 4: ...n 161 clear line console 163 clear line vty 164 enable password 165 enable secret 168 exec timeout 171 flowcontrol hardware asyn console 173 length asyn 175 line 176 privilege level 178 security passw...

Страница 5: ...ogin system 215 banner motd 217 clock set 219 clock summer time date 220 clock summer time recurring 222 clock timezone 224 hostname 225 max fib routes 227 max static routes 229 no debug all 230 reboo...

Страница 6: ...g monitor 284 default log permanent 285 log buffered 286 log buffered filter 287 log buffered exclude 290 log buffered size 293 log console 294 log console filter 295 log console exclude 298 log date...

Страница 7: ...cription interface 369 interface to configure 370 ip tcp adjust mss 372 ipv6 tcp adjust mss 374 mru jumbo 376 mtu 377 show interface 379 show interface brief 383 show interface memory 384 show interfa...

Страница 8: ...flowcontrol interface 433 show interface err disabled 434 show interface switchport 435 show mac address table 436 show platform 438 show platform port 439 show storm control 444 speed 445 storm cont...

Страница 9: ...statistics instance interface 508 show spanning tree statistics interface 510 show spanning tree vlan range index 512 spanning tree autoedge RSTP and MSTP 513 spanning tree cisco interoperability MST...

Страница 10: ...ail 563 show etherchannel summary 564 show lacp sys id 565 show lacp counter 566 show port etherchannel 567 show static channel group 568 static channel group 569 undebug lacp 571 Chapter 18 802 1Q En...

Страница 11: ...poe ac 636 show pppoe ac config check 637 show pppoe ac connections 639 show pppoe ac statistics 641 show running config pppoe ac 644 PART 3 Routing 645 Chapter 21 IP Addressing and Protocol Commands...

Страница 12: ...dns forwarding 713 ip dns forwarding cache 714 ip dns forwarding dead time 715 ip dns forwarding domain list 716 ip dns forwarding retry 717 ip dns forwarding source interface 718 ip dns forwarding ti...

Страница 13: ...6 nd reachable time 775 ipv6 nd retransmission time 777 ipv6 nd suppress ra 779 ipv6 neighbor 780 ipv6 opportunistic nd 781 ipv6 route 782 ipv6 unreachables 783 ping ipv6 784 show ipv6 forwarding 785...

Страница 14: ...work RIP 849 passive interface RIP 851 recv buffer size RIP 852 redistribute RIP 853 restart rip graceful 855 rip restart grace period 856 route RIP 857 router rip 858 send lifetime 859 show debugging...

Страница 15: ...0 auto cost reference bandwidth 913 bandwidth 915 capability opaque 916 capability restart 917 clear ip ospf process 918 compatible rfc1583 919 debug ospf events 920 debug ospf ifsm 921 debug ospf lsa...

Страница 16: ...pf database network 979 show ip ospf database nssa external 980 show ip ospf database opaque area 982 show ip ospf database opaque as 983 show ip ospf database opaque link 984 show ip ospf database ro...

Страница 17: ...6 ospf priority 1052 ipv6 ospf retransmit interval 1053 ipv6 ospf transmit delay 1054 ipv6 router ospf area 1055 max concurrent dd IPv6 OSPF 1057 passive interface IPv6 OSPF 1058 redistribute IPv6 OSP...

Страница 18: ...ening 1128 bgp damp peer oscillation BGP only 1130 bgp default ipv4 unicast 1131 bgp default local preference BGP only 1132 bgp deterministic med 1133 bgp enforce first as 1135 bgp fast external failo...

Страница 19: ...eighbor as origination interval 1202 neighbor attribute unchanged 1204 neighbor capability graceful restart 1207 neighbor capability orf prefix list 1210 neighbor capability route refresh 1213 neighbo...

Страница 20: ...show bgp ipv6 prefix list BGP4 only 1329 show bgp ipv6 quote regexp BGP4 only 1330 show bgp ipv6 regexp BGP4 only 1331 show bgp ipv6 route map BGP4 only 1332 show bgp ipv6 summary BGP4 only 1333 show...

Страница 21: ...6 Prefix List 1376 show route map 1377 synchronization 1378 timers BGP 1379 undebug bgp BGP only 1380 Chapter 30 Route Map Commands 1381 Introduction 1381 match as path 1383 match community 1384 match...

Страница 22: ...to key pubkey chain knownhosts 1452 default metric RIP 1454 description VRF 1455 distance RIP 1456 distribute list RIP 1457 export map 1458 fullupdate RIP 1459 import map 1460 ip route static inter vr...

Страница 23: ...interface 1534 show running config vrf 1535 ssh 1536 tcpdump 1538 telnet 1539 timers RIP 1540 traceroute 1542 version RIP 1543 PART 4 Multicast Applications 1545 Chapter 33 IGMP and IGMP Snooping Com...

Страница 24: ...6 clear ipv6 mld 1598 clear ipv6 mld group 1599 clear ipv6 mld interface 1600 debug mld 1601 ipv6 mld 1602 ipv6 mld last member query count 1603 ipv6 mld last member query interval 1604 ipv6 mld queri...

Страница 25: ...mode 1661 debug pim sparse mode timer 1662 ip pim anycast rp 1664 ip pim bsr border 1665 ip pim bsr candidate 1666 ip pim cisco register checksum 1667 ip pim crp cisco prefix 1668 ip pim dr priority...

Страница 26: ...pim dr priority 1722 ipv6 pim exclude genid 1724 ipv6 pim ext srcs directly connected 1725 ipv6 pim hello holdtime 1726 ipv6 pim hello interval 1727 ipv6 pim ignore rp set priority 1728 ipv6 pim jp t...

Страница 27: ...1785 show traffic control counters 1787 show traffic control interface 1789 show traffic control policy 1791 show traffic control red curve 1793 show traffic control rule config check 1795 show traff...

Страница 28: ...rver ping poll enable 1861 auth web server ping poll failcount 1862 auth web server ping poll interval 1863 auth web server ping poll reauth timer refresh 1864 auth web server ping poll timeout 1865 a...

Страница 29: ...secure proxy aaa 1922 server radsecproxy aaa 1923 server mutual authentication 1925 server name check 1926 server trustpoint 1927 show aaa local user locked 1929 show aaa server group 1930 show debugg...

Страница 30: ...s deleted 1988 show crypto pki certificates user deleted 1989 show crypto pki trustpoints deleted 1990 show radius local server group 1991 show radius local server nas 1992 show radius local server st...

Страница 31: ...n 2042 advertisement interval 2044 alternate checksum mode 2046 circuit failover 2047 debug vrrp 2049 debug vrrp events 2050 debug vrrp packet 2051 disable VRRP 2052 enable VRRP 2053 preempt mode 2054...

Страница 32: ...synchronize 2117 atmf cleanup 2118 atmf container 2119 atmf container login 2120 atmf controller 2121 atmf distribute firmware 2122 atmf domain vlan 2124 atmf enable 2127 atmf group membership 2128 at...

Страница 33: ...f area guests detail 2206 show atmf area nodes 2208 show atmf area nodes detail 2210 show atmf area summary 2212 show atmf authorization 2213 show atmf backup 2216 show atmf backup area 2220 show atmf...

Страница 34: ...dhcp bootp ignore 2308 ip dhcp leasequery enable 2309 ip dhcp option 2310 ip dhcp pool 2312 ip dhcp client default route distance 2313 ip dhcp relay agent option 2315 ip dhcp relay agent option checki...

Страница 35: ...hcp server 2388 ipv6 local pool 2389 ipv6 nd prefix DHCPv6 2391 link address 2393 option DHCPv6 2395 prefix delegation pool 2397 show counter ipv6 dhcp client 2399 show counter ipv6 dhcp server 2401 s...

Страница 36: ...2464 snmp server legacy ifadminstatus 2466 snmp server location 2467 snmp server source interface 2468 snmp server startup trap delay 2469 snmp server user 2470 snmp server view 2473 undebug snmp 247...

Страница 37: ...ver resolve host 2528 ssh server scp 2529 ssh server sftp 2530 undebug ssh client 2531 undebug ssh server 2532 Chapter 54 Trigger Commands 2533 Introduction 2533 active trigger 2535 day 2536 debug tri...

Страница 38: ...nections 2596 connection limit Firewall 2597 connection log events 2598 firewall 2599 debug firewall 2600 ip tcp timeout established 2601 move rule Firewall 2602 protect Firewall 2603 rule Firewall 26...

Страница 39: ...RT 9 Advanced Network Protection 2669 Chapter 59 IPS Commands 2670 Introduction 2670 category action IPS 2671 ips 2672 protect IPS 2673 show ips 2674 show ips categories 2675 show running config ips 2...

Страница 40: ...Profile 2724 transform ISAKMP Profile 2725 tunnel destination IPsec 2727 tunnel local name IPsec 2729 tunnel local selector 2730 tunnel mode IPsec 2732 tunnel protection ipsec IPsec 2733 tunnel remot...

Страница 41: ...ng 2783 Chapter 64 L2TP Commands 2784 Introduction 2784 crypto isakmp key 2786 debug l2tp 2788 destination 2789 encapsulation ppp 2790 ip version 2792 l2tp tunnel 2793 l2tp unmanaged port 2795 l2tp pr...

Страница 42: ...aaa authentication login 1905 aaa authentication openvpn 1907 aaa authorization commands 1908 aaa authorization commands 2028 aaa authorization config commands 1910 aaa authorization config commands...

Страница 43: ...pi 1009 area authentication 903 area default cost IPv6 OSPF 1011 area default cost 902 area encryption ipsec spi esp 1012 area filter list 904 area nssa 905 area range IPv6 OSPF 1015 area range 907 ar...

Страница 44: ...ackup guests delete 2107 atmf backup guests enable 2108 atmf backup guests now 2109 atmf backup guests synchronize 2110 atmf backup now 2111 atmf backup redundancy enable 2113 atmf backup server 2114...

Страница 45: ...2160 atmf recover 2157 atmf remote login 2161 atmf restricted login 2163 atmf secure mode certificate expire 2167 atmf secure mode certificate expiry 2168 atmf secure mode certificate renew 2169 atmf...

Страница 46: ...th web server dhcp ipaddress 1848 auth web server dhcp lease 1849 auth web server dhcp wpad option 1850 auth web server host name 1851 auth web server intercept port 1852 auth web server ipaddress 185...

Страница 47: ...gin system 215 banner motd 217 bgp aggregate nexthop check 1111 bgp always compare med 1112 bgp bestpath as path ignore 1113 bgp bestpath compare confed aspath 1114 bgp bestpath compare routerid 1115...

Страница 48: ...1146 bgp rfc1771 strict BGP only 1147 bgp router id 1148 bgp scan time BGP only 1149 bgp update delay 1150 blacklist 2680 boot config file backup 112 boot config file 111 boot system backup 114 boot s...

Страница 49: ...r bgp ipv6 peer group BGP4 only 1170 clear bgp peer group 1156 clear counter ipv6 dhcp client 2369 clear counter ipv6 dhcp server 2370 clear exception log 271 clear firewall connections 2596 clear ip...

Страница 50: ...im 1706 clear ipv6 mroute statistics 1631 clear ipv6 mroute 1630 clear ipv6 neighbors 754 clear ipv6 ospf process 1028 clear ipv6 pim sparse mode bsr rp set 1708 clear ipv6 rip route 876 clear isakmp...

Страница 51: ...onnection limit Firewall 2597 connection log events 2598 connection log events 276 copy filename 116 copy buffered log 277 copy current software 118 copy debug 119 copy fdb radius users to file 1967 c...

Страница 52: ...enroll local deleted 1971 crypto pki enroll local local radius all users deleted 1972 crypto pki enroll local user deleted 1973 crypto pki enroll user 2004 crypto pki enroll 2003 crypto pki export loc...

Страница 53: ...v6 pim sparse mode packet 1711 debug ipv6 pim sparse mode timer 1712 debug ipv6 pim sparse mode 1709 debug ipv6 rip 877 debug isakmp 2700 debug l2tp 2788 debug lacp 554 debug mail 2476 debug mld 1601...

Страница 54: ...og email 281 default log external 282 default log host 283 default log monitor 284 default log permanent 285 default information originate IPv6 RIPng 878 default information originate RIP 823 default...

Страница 55: ...very 2189 distance BGP and BGP4 1172 distance IPv6 OSPF 1037 distance OSPF 929 distance RIP 1456 distance RIP 825 distribute list IPv6 RIPng 880 distribute list RIP 1457 distribute list RIP 826 dns se...

Страница 56: ...int configuration mode 2013 erase factory default 130 erase factory default 2192 erase proxy autoconfig file 1875 erase startup config 131 erase web auth https file 1876 exec timeout 171 exit 103 exit...

Страница 57: ...5 ip address IP Addressing and Protocol 661 ip address dhcp 2306 ip address negotiated 583 ip community list expanded 1177 ip community list standard 1179 ip community list 1175 ip ddns update method...

Страница 58: ...atuitous arp link 667 ip helper address 669 ip igmp flood specific query 1553 ip igmp last member query count 1554 ip igmp last member query interval 1555 ip igmp maximum groups 1556 ip igmp mroute pr...

Страница 59: ...mit 1638 ip multicast wrong vif suppression 1639 ip multicast routing 1640 ip name server 723 ip ospf authentication 933 ip ospf authentication key 934 ip ospf cost 936 ip ospf database filter 937 ip...

Страница 60: ...ppression 1679 ip pim rp address 1680 ip pim rp candidate 1681 ip pim rp register kat 1682 ip pim sparse mode passive 1684 ip pim sparse mode 1683 ip pim spt threshold 1685 ip pim ssm 1686 ip policy r...

Страница 61: ...unreachables 678 ip vrf forwarding 1466 ip vrf 1465 ips 2672 ipv6 address DHCPv6 PD 2377 ipv6 address Entity 2634 ipv6 address GRE 2749 ipv6 address autoconfig 757 ipv6 address dhcp 2380 ipv6 address...

Страница 62: ...63 ipv6 multicast route 1643 ipv6 multicast route limit 1645 ipv6 multicast routing 1646 ipv6 nd accept ra pinfo 764 ipv6 nd current hoplimit 765 ipv6 nd managed config flag 767 ipv6 nd minimum ra int...

Страница 63: ...ectly connected 1725 ipv6 pim hello holdtime 1726 ipv6 pim hello interval 1727 ipv6 pim ignore rp set priority 1728 ipv6 pim jp timer 1729 ipv6 pim neighbor filter 1730 ipv6 pim register rate limit 17...

Страница 64: ...eachables 783 ip version 2792 keepalive PPP 591 key chain 845 key 844 key string 846 l2tp peer address dns lookup 623 l2tp peer address radius lookup group 625 l2tp peer address static 626 l2tp profil...

Страница 65: ...log console exclude 298 log console 294 log date format 301 log email filter 303 log email exclude 306 log email time 309 log email 302 log event host 204 log event host 2195 log external filter 313 l...

Страница 66: ...table static 430 mac filter 455 mac filter group 456 mac learning 457 mail 2478 match as path 1189 match as path 1383 match community 1190 match community 1384 match interface 1386 match ip address 1...

Страница 67: ...lticast 1647 nas 1982 nat 2659 neighbor IPv6 RIPng 886 neighbor OSPF 952 neighbor RIP 848 neighbor activate 1193 neighbor advertisement interval 1196 neighbor allowas in 1199 neighbor as origination i...

Страница 68: ...p create a peer group 1257 neighbor port 1258 neighbor prefix list 1260 neighbor remote as 1263 neighbor remote as 1473 neighbor remove private AS BGP only 1266 neighbor restart time 1268 neighbor rou...

Страница 69: ...ntp broadcastdelay 2415 ntp discard 2416 ntp master 2417 ntp peer 2418 ntp restrict 2420 ntp server 2422 ntp source 2424 ntp trusted key deprecated 2426 optimistic nd 681 option DHCPv6 2395 option 23...

Страница 70: ...ion refuse 600 ppp authentication 598 ppp hostname 602 ppp ipcp dns suffix list 606 ppp ipcp dns suffix list 729 ppp ipcp dns 604 ppp ipcp dns 727 ppp ipcp ip override 608 ppp password 609 ppp service...

Страница 71: ...adius server deadtime 1939 radius server host 1940 radius server key 1943 radius server local 1984 radius server retransmit 1944 radius server timeout 1946 range 2338 rd route distinguisher 1485 reboo...

Страница 72: ...te RIP 1492 route RIP 857 route 2339 route map 1311 route map 1397 router bgp 1310 router ipv6 ospf 1062 router ipv6 rip 891 router ipv6 vrrp interface 2058 router ospf 1495 router ospf 966 router rip...

Страница 73: ...roup 1948 server auth port 1985 server enable 1986 server mutual authentication 1925 server name check 1926 server trustpoint 1927 service advanced vty 187 service dhcp relay 2340 service dhcp server...

Страница 74: ...area guests 2204 show atmf area guests detail 2206 show atmf area nodes 2208 show atmf area nodes detail 2210 show atmf area summary 2212 show atmf area 2201 show atmf authorization 2213 show atmf bac...

Страница 75: ...auth statistics interface 1883 show auth supplicant interface 1887 show auth supplicant 1884 show auth 1877 show auth web server page 1889 show auth web server 1888 show autoboot 139 show banner logi...

Страница 76: ...ounter ipv6 dhcp client 2399 show counter ipv6 dhcp server 2401 show counter log 354 show counter mail 2479 show counter ntp deprecated 2427 show counter ping poll 2582 show counter snmp server 2438 s...

Страница 77: ...debugging ipv6 pim sparse mode 1745 show debugging ipv6 rip 892 show debugging isakmp 2710 show debugging l2tp 2806 show debugging lacp 560 show debugging mld 1621 show debugging mstp 489 show debugg...

Страница 78: ...nterface PPP 614 show interface brief 383 show interface err disabled 434 show interface memory 242 show interface memory 384 show interface status 386 show interface switchport 435 show interface tun...

Страница 79: ...keepalive interval BGP only 1356 show ip bgp neighbors notification BGP only 1357 show ip bgp neighbors open BGP only 1358 show ip bgp neighbors rcvd msgs BGP only 1359 show ip bgp neighbors sent msgs...

Страница 80: ...ow ip igmp snooping source timeout 1592 show ip igmp snooping statistics 1593 show ip interface vrf 1520 show ip interface vrf 691 show ip interface 690 show ip mroute 1648 show ip mvif 1650 show ip n...

Страница 81: ...e nexthop 1698 show ip pim sparse mode packet statistics 1699 show ip pim sparse mode rp mapping 1701 show ip pim sparse mode rp hash 1700 show ip prefix list IPv4 Prefix List 1374 show ip protocols b...

Страница 82: ...86 show ipv6 mif 1655 show ipv6 mld groups 1622 show ipv6 mld interface 1623 show ipv6 mld snooping mrouter 1624 show ipv6 mld snooping statistics 1625 show ipv6 mroute 1652 show ipv6 multicast forwar...

Страница 83: ...6 pim sparse mode nexthop 1757 show ipv6 pim sparse mode rp mapping 1759 show ipv6 pim sparse mode rp nexthop 1760 show ipv6 pim sparse mode rp hash 1758 show ipv6 prefix list IPv6 Prefix List 1376 sh...

Страница 84: ...nterface 406 show mirror 405 show nat rule config check 2667 show nat rule 2665 show nat 2664 show ntp associations 2428 show ntp counters associations 2432 show ntp counters 2430 show ntp status 2434...

Страница 85: ...s 2677 show running config l2tp profile 2817 show running config l2tp tunnel 2818 show running config log 362 show running config nat 2668 show running config pppoe ac 644 show running config router i...

Страница 86: ...terface 508 show spanning tree statistics instance 507 show spanning tree statistics interface 510 show spanning tree statistics 505 show spanning tree vlan range index 512 show spanning tree 490 show...

Страница 87: ...show vrrp session 2071 show vrrp counters 2067 show vrrp ipv6 2070 show vrrp 2065 shutdown 388 snmp trap link status suppress 2451 snmp trap link status 2449 snmp server community 2455 snmp server co...

Страница 88: ...ning tree max hops MSTP 526 spanning tree mode 527 spanning tree mst configuration 528 spanning tree mst instance path cost 530 spanning tree mst instance priority 532 spanning tree mst instance restr...

Страница 89: ...bject name trustpoint configuration 2023 subnet mask 2362 sub sub class htb 1804 sub sub class priority 1806 sub sub class wrr 1808 summary address IPv6 OSPF 1089 summary address 996 suppress ipv4 upd...

Страница 90: ...1 timeout ping polling 2590 timers BGP 1379 timers IPv6 RIPng 897 timers RIP 1540 timers RIP 868 timers spf IPv6 OSPF deprecated 1091 timers spf exp IPv6 OSPF 1092 timers spf exp 997 traceroute ipv6 7...

Страница 91: ...pn cipher 2776 tunnel openvpn expiry bytes 2780 tunnel openvpn expiry seconds 2781 tunnel openvpn port 2782 tunnel openvpn tagging 2783 tunnel protection ipsec GRE 2761 tunnel protection ipsec IPsec 2...

Страница 92: ...ospf ifsm 1094 undebug ipv6 ospf lsa 1095 undebug ipv6 ospf nfsm 1096 undebug ipv6 ospf packet 1097 undebug ipv6 ospf route 1098 undebug ipv6 pim sparse mode 1763 undebug ipv6 rip 898 undebug isakmp 2...

Страница 93: ...ate webgui now 210 update interval DDNS 746 update url DDNS 747 url filter reload custom lists 2685 url filter 2686 usb mode switch 400 use ipv4 for ipv6 updates DDNS 750 user RADIUS server 1996 usern...

Страница 94: ...C613 50186 01 Rev B Command Reference for AR2050V 94 AlliedWare Plus Operating System Version 5 4 7 1 x zone 2650...

Страница 95: ...C613 50186 01 Rev B Command Reference for AR2050V 95 AlliedWare Plus Operating System Version 5 4 7 1 x Part 1 Setup and Troubleshooting...

Страница 96: ...e for the commands used to navigate between different modes This chapter also provides a reference for the help and show commands used to help navigate within the CLI Command List configure terminal o...

Страница 97: ...ION COMMANDS CONFIGURE TERMINAL configure terminal Overview This command enters the Global Configuration command mode Syntax configure terminal Mode Privileged Exec Example To enter the Global Configu...

Страница 98: ...D EXEC MODE disable Privileged Exec mode Overview This command exits the Privileged Exec mode returning the prompt to the User Exec mode To end a session use the exit command Syntax disable Mode Privi...

Страница 99: ...COMMANDS DO do Overview This command lets you to run User Exec and Privileged Exec mode commands when you are in any configuration mode Syntax do command Mode Any configuration mode Example awplus co...

Страница 100: ...privilege levels with the enable Privileged Exec mode command If the privilege level specified is higher than the users configured privilege level specified by the username command then the user is pr...

Страница 101: ...COMMANDS ENABLE PRIVILEGED EXEC MODE Privilege Exec mode Use the enable password command or the enable secret commands to set the password to enable access to Privileged Exec mode awplus enable 7 awpl...

Страница 102: ...her advanced command mode Syntax end Mode All advanced command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of the end command to...

Страница 103: ...sed in User Exec mode the exit command terminates the session Syntax exit Mode All command modes including Global Configuration and Interface Configuration modes Example The following example shows th...

Страница 104: ...isplay a description on how to use the system help use the command awplus help Output Figure 1 1 Example output from the help command When you need help at the command line press If nothing matches th...

Страница 105: ...erating System Version 5 4 7 1 x CLI NAVIGATION COMMANDS LOGOUT logout Overview This command exits the User Exec or Privileged Exec modes and ends the session Syntax logout Mode User Exec and Privileg...

Страница 106: ...sts all command line entries including commands that returned an error For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configur...

Страница 107: ...ame To specify a file in the configs directory in Flash flash configs example cfg Copyingtoorfrom a USB storage device usb directory filename To specify a file in the top level directory of the USB st...

Страница 108: ...s Use hyphens or underscores instead Syntax for directory listings A leading slash indicates the root of the current filesystem location In commands where you need to specify the local filesystem s Fl...

Страница 109: ...page 125 dir on page 126 edit on page 128 edit filename on page 129 erase factory default on page 130 erase startup config on page 131 ip tftp source interface on page 132 ipv6 tftp source interface o...

Страница 110: ...se file and or configuration file from the external media An example of a valid autoboot txt file is shown in the following figure Figure 2 1 Example autoboot txt file Use the no variant of this comma...

Страница 111: ...or message is displayed For an explanation of the configuration fallback order see the File Management Feature Overview and Configuration Guide Examples To run the configuration file branch cfg stored...

Страница 112: ...gement Feature Overview and Configuration Guide Examples To set the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awplus config...

Страница 113: ...se file is on a USB storage device if there is a backup release file already specified in Flash If you attempt to set the release file on a USB storage device and a backup release file is not specifie...

Страница 114: ...iguration Examples To specify the file AR2050V 5 4 7 0 1 rel as the backup to the main release file use the commands awplus configure terminal awplus config boot system backup flash AR2050V 5 4 7 0 1...

Страница 115: ...N MANAGEMENT COMMANDS CD cd Overview This command changes the current working directory Syntax cd directory name Mode Privileged Exec Example To change to the directory called images use the command a...

Страница 116: ...d awplus copy sftp 10 0 1 2 new cfg bob key To use SCP with the username beth to copy the file old cfg into the directory config_files on a remote server that is listening on TCP port 2000 use the com...

Страница 117: ...the file config cfg into the current directory from a remote file server and rename it to configtest cfg use the command awplus copy fserver config cfg configtest cfg On an AMF managed network to dis...

Страница 118: ...e Mode Privileged Exec Example To copy the current software as installed in the working directory with the file name my release rel use the command awplus copy current software my release rel Related...

Страница 119: ...ode Privileged Exec Example To copy debug output to a USB storage device with a filename my debug use the following command awplus copy debug usb my debug Output Figure 2 2 CLI prompt after entering t...

Страница 120: ...the running config as current cfg to the remote server listening on TCP port 2000 use the command awplus copy running config scp user server 2000 config_files current cfg Related Commands copy startu...

Страница 121: ...tory use the command awplus copy startup config oldconfig cfg Related Commands copy running config Parameter Description source name The filename and path of a configuration file This must be a valid...

Страница 122: ...icom ZMODEM works over a serial connection and does not need any interfaces configured to do a file transfer Syntax copy source name zmodem copy zmodem Mode Privileged Exec Example To copy the local f...

Страница 123: ...and values that are expected in this file are correct After the file is created the create autoboot command will copy the current release and configuration files across to the external media The exte...

Страница 124: ...ent directory use the command awplus delete force one cfg To delete the directory old_configs which is not empty use the command awplus delete recursive old_configs To delete the directory new_configs...

Страница 125: ...d debug output file Syntax delete debug source name Mode Privileged Exec Example To delete debug output use the following command awplus delete debug Output Figure 2 3 CLI prompt after entering the de...

Страница 126: ...us dir flash To list all the files in the root of the Flash filesystem use the command awplus dir all flash To list recursively the files in the Flash filesystem use the command awplus dir recursive f...

Страница 127: ...size smallest to largest use the command awplus dir sort reverse size To sort the files by modification time oldest to newest use the command awplus dir sort reverse time Output Figure 2 4 Example out...

Страница 128: ...or make sure your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal For more informat...

Страница 129: ...your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal Syntax edit filename Mode Priv...

Страница 130: ...backup release file license files The device is then rebooted and returned to its factory default condition The device can then be used for AMF automatic node recovery Syntax erase factory default Mod...

Страница 131: ...hen it boots up At the next restart the device loads the default configuration file default cfg If default cfg no longer exists then the device loads with the factory default configuration This provid...

Страница 132: ...needs to traverse point to point links or subnets within your network and you do not want to propagate those point to point links through your routing tables In those circumstances the TFTP server can...

Страница 133: ...o point links or subnets within your network and you do not want to propagate those point to point links through your routing tables In those circumstances the TFTP server cannot dynamically determine...

Страница 134: ...name Mode Privileged Exec Usage You cannot name a directory or subdirectory flash nvs usb card tftp scp sftp or http These keywords are reserved for tab completion when using various file commands Ex...

Страница 135: ...fg to startup cfg use the command awplus move temp cfg startup cfg To move the file temp cfg from the root of the Flash filesystem to the directory myconfigs use the command awplus move temp cfg mycon...

Страница 136: ...nation name debug nvs flash usb Mode Privileged Exec Example To movedebug output onto a USB storagedevicewith a filename my debug use the following command awplus move debug usb my debug Output Figure...

Страница 137: ...Operating System Version 5 4 7 1 x FILE AND CONFIGURATION MANAGEMENT COMMANDS PWD pwd Overview This command prints the current working directory Syntax pwd Mode Privileged Exec Example To print the cu...

Страница 138: ...ory device See the Introduction on page 107 for syntax details Examples To remove the directory images from the top level of the Flash filesystem use the command awplus rmdir flash images To create a...

Страница 139: ...2 6 Example output from the show autoboot command Figure 2 7 Example output from the show autoboot command when an external media source is not present Related Commands autoboot enable create autoboo...

Страница 140: ...oot image flash AR2050V 5 4 7 0 1 rel Default boot config flash default cfg Current boot config usb my cfg file exists Backup boot config flash backup cfg file not found Autoboot status enabled Table...

Страница 141: ...ed Commands autoboot enable boot config file backup boot system backup show autoboot Backup boot config The configuration file to use during the next boot cycle if the main configuration file cannot b...

Страница 142: ...splays the contents of a specified file Syntax show file filename Mode Privileged Exec Example To display the contents of the file oldconfig cfg which is in the current directory use the command awplu...

Страница 143: ...28 5M flash rw flash static local Y system rw system virtual local 10 0M 9 8M debug rw debug static local Y 499 0K 431 0K nvs rw nvs static local Y tftp rw tftp network scp rw scp network sftp ro sftp...

Страница 144: ...show file Prefixes The prefixes used when entering commands to access the filesystems one of flash system tftp scp sftp http S V D The memory type static virtual dynamic Lcl Ntwk Whether the memory is...

Страница 145: ...full Display the running config for all features This is the default setting so it is the same as entering show running config feature Display only the configuration for a single feature The features...

Страница 146: ...oute IPv6 static route configuration isakmp Internet Security Association Key Management Protocol ISAKMP configuration key chain Authentication key management configuration l2tp profile L2TP tunnel pr...

Страница 147: ...uration web control Web Control configuration Parameter Description awplus show running config service password encryption no banner motd username manager privilege 15 password 8 1 bJoVec4D JwOJGPr7Yq...

Страница 148: ...ION MANAGEMENT COMMANDS SHOW RUNNING CONFIG Related Commands copy running config show running config interface interface eth2 ip address 192 168 0 20 16 interface ppp0 ipv6 address 2001 db9 a3 64 ipv6...

Страница 149: ...rated list of the above e g vlan2 vlan20 30 Do not mix interface types in a list The specified interfaces must exist lacp Displays running configuration for LACP Link Aggregation Control Protocol for...

Страница 150: ...display the current running configuration of a device for VLANs 1 and 3 5 use the command awplus show running config interface vlan1 vlan3 vlan5 To display the current OSPF configuration of your devi...

Страница 151: ...lus Feature Overview and Configuration Guide Syntax show startup config Mode Privileged Exec Example To display the contents of the current start up configuration file use the command awplus show star...

Страница 152: ...5 2010 Red Hat Inc Command Line Option Parsing Library Copyright c 1998 2002 Red Hat Software Inc Corosync Cluster Engine Copyright c 2002 2004 MontaVista Software Inc All rights reserved Copyright c...

Страница 153: ...e University of California All rights reserved DNS Resolver from BIND 4 9 5 Copyright c 1993 by Digital Equipment Corporation Sun RPC Support Copyright c 2010 Oracle America Inc Mach Operating System...

Страница 154: ...pyright c 1995 1996 1997 1998 and 1999 WIDE Project All rights reserved Copyright c 2000 Wasabi Systems Inc All rights reserved Copyright c 2004 2006 Emmanuel Dreyfus All rights reserved Copyright c 2...

Страница 155: ...hts reserved Copyright c 2007 2012 Google Inc All rights reserved ProL2TP Copyright Katalix Systems Ltd 2010 2011 All rights reserved protobuf Protocol Buffers Copyright 2008 Google Inc Protocol Buffe...

Страница 156: ...pyright c 2000 The NetBSD Foundation Inc All rights reserved Copyright c 1996 by Internet Software Consortium Copyright C 1995 2012 Jean loup Gailly and Mark Adler System Call Trace Copyright c 1991 1...

Страница 157: ...corruption This is especially important if files may be automatically written to the storage device such as external log files or AMF backup files Syntax unmount usb Mode Privileged Exec Example To un...

Страница 158: ...opies the running config into the file that is set as the current startup config file This command is a synonym of the write memory and copy running config startup config commands Syntax write file Mo...

Страница 159: ...copies the running config into the file that is set as the current startup config file This command is a synonym of the write file and copy running config startup config commands Syntax write memory...

Страница 160: ...NDS WRITE TERMINAL write terminal Overview This command displays the current configuration of the device This command is a synonym of the show running config command Syntax write terminal Mode Privile...

Страница 161: ...n page 171 flowcontrol hardware asyn console on page 173 length asyn on page 175 line on page 176 privilege level on page 178 security password history on page 179 security password forced change on p...

Страница 162: ...USER ACCESS COMMANDS show privilege on page 190 show security password configuration on page 191 show security password user on page 192 show telnet on page 193 show users on page 194 telnet on page 1...

Страница 163: ...nal session exists on the line then the terminal session is terminated If console line settings have changed then the new settings are applied Syntax clear line console 0 Mode Privileged Exec Example...

Страница 164: ...E VTY clear line vty Overview This command resets a VTY line If a session exists on the line then it is closed Syntax clear line vty 0 32 Mode Privileged Exec Example To reset the first VTY line use t...

Страница 165: ...o set a password for entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that t...

Страница 166: ...irst use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The adv...

Страница 167: ...ypted string and not the text string awplus configure terminal awplus config enable password 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privile...

Страница 168: ...ering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that the configuration is diff...

Страница 169: ...e the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The advantage...

Страница 170: ...string and not the text string awplus configure terminal awplus config enable secret 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privileged Exec...

Страница 171: ...it times out An exec timeout 0 0 setting will cause the telnet session to wait indefinitely The command exec timeout 0 0 is useful while configuring a device but reduces device security If no input i...

Страница 172: ...C613 50186 01 Rev B Command Reference for AR2050V 172 AlliedWare Plus Operating System Version 5 4 7 1 x USER ACCESS COMMANDS EXEC TIMEOUT Related Commands line service telnet...

Страница 173: ...ssage is sent to the sending device to suspend the transmission until the data in the buffers has been processed Hardware flow control can be configured on terminal console lines e g asyn0 For Reverse...

Страница 174: ...ntrol on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line flowcontrol hardware To disable hardware flow control on terminal consol...

Страница 175: ...than the length of the line the output will be paused and the More prompt allows you to move to the next screen full of data A length of 0 will turn off pausing and data will be displayed to the conso...

Страница 176: ...change the console asyn port speed use this line command to enter Line Configuration mode before using the speed asyn command Set the console speed Baud rate to match the transmission rate of the dev...

Страница 177: ...enter Line Configuration mode to configure the console asyn 0 port terminal line use the commands awplus configure terminal awplus config line console 0 awplus config line Related Commands accounting...

Страница 178: ...and all User Exec commands However intermediate CLI security will not show configuration commands in Privileged Exec Examples To set the console connection to have the maximum privilege level use the...

Страница 179: ...mand awplus configure terminal awplus config security password history 3 To allow the reuse of recent passwords use the command awplus configure terminal awplus config no security password history Rel...

Страница 180: ...ired pwd feature must be disabled with the security password reject expired pwd command The no variant of the command disables this feature Syntax security password forced change no security password...

Страница 181: ...time is 0 which will disable the lifetime functionality Mode Global Configuration Example To configure the password lifetime to 10 days use the command awplus configure terminal awplus config security...

Страница 182: ...rom re using old passwords For example if you do not allow people to re use any of their last 5 passwords a person can bypass that restriction by changing their password 5 times in quick succession an...

Страница 183: ...align with the lifetime selected i e the fewer categories specified the shorter the lifetime specified Syntax security password minimum categories 1 4 Default The default number of categories that th...

Страница 184: ...m password length is 1 Mode Global Configuration Example To configure the required minimum password length as 8 use the command awplus configure terminal awplus config security password minimum length...

Страница 185: ...nfig file Note that when the reject expired pwd functionality is disabled and a user logs on with an expired password if the forced change feature is enabled with security password forced change comma...

Страница 186: ...Mode Global Configuration Example To configure a warning period of three days use the command awplus configure terminal awplus config security password warning 3 Related Commands security password for...

Страница 187: ...displays the possible options The no service advanced vty command disables the advanced vty help feature Syntax service advanced vty no service advanced vty Default The advanced vty help feature is e...

Страница 188: ...ice displays passwords in the running config in encrypted form instead of in plain text Use the no service password encryption command to stop the device from displaying newly entered passwords in enc...

Страница 189: ...telnet sessions will still be active Syntax service telnet ip ipv6 no service telnet ip ipv6 Default The IPv4 and IPv6 telnet servers are enabled by default The configured telnet port is TCP port 23...

Страница 190: ...gives full user access to all Privileged Exec commands Syntax show privilege Mode User Exec and Privileged Exec Usage A user can have an intermediate CLI security level set with this command for priv...

Страница 191: ...t Figure 3 2 Example output from the show security password configuration command Related Commands security password forced change security password history security password lifetime security passwor...

Страница 192: ...security password user Output Figure 3 3 Example output from the show security password user command Related Commands security password forced change security password history security password lifeti...

Страница 193: ...ows the Telnet server settings Syntax show telnet Mode User Exec and Privileged Exec Example To show the Telnet server settings use the command awplus show telnet Output Figure 3 4 Example output from...

Страница 194: ...ommand Line User Host s Idle Location Priv Idletime Timeout con 0 manager idle 00 00 00 ttyS0 15 10 N A vty 0 bob idle 00 00 03 172 16 11 3 1 0 5 Table 1 Parameters in the output of the show users com...

Страница 195: ...100 use the command awplus telnet host example 100 Example VRF lite To open a telnet session to a remote host 192 168 0 1 associated with VRF instance red use the command awplus telnet vrf red ip 192...

Страница 196: ...nabled then it will be restarted on the new port Changing the port number does not affect the port used by existing sessions Syntax telnet server 1 65535 default Mode Global Configuration Example To e...

Страница 197: ...cified by this command The default length will apply unless you have changed the length for some or all lines by using the length asyn command Syntax terminal length length terminal no length length M...

Страница 198: ...on the user s terminal Syntax terminal resize Mode User Exec and Privileged Exec Usage When the user s terminal size is changed then a remote session via SSH or TELNET adjusts the terminal size automa...

Страница 199: ...e levels if an enable password has been configured for the level the user tries to access and the user enters that password A user at privilege level 1 can access the majority of show commands A user...

Страница 200: ...o create the user bob with a privilege level of 15 for all show commands including show running configuration and show startup configuration and to access configuration commands in Privileged Exec com...

Страница 201: ...ides an alphabetical reference of commands used to configure the GUI For more information see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List atmf topolo...

Страница 202: ...bled by default on Controllers Mode Global Configuration mode Usage To use Vista Manager EX you must also enable the HTTP service on all AMF nodes including all AMF masters and controllers The HTTP se...

Страница 203: ...GUI Mode Global Configuration Usage Note that any device on which a non default secure port is set will have limited capabilities when accessed via Vista Manager Additionally all external API request...

Страница 204: ...sends the messages out as they come NOTE There is a difference between log event and log host messages Log event messages are sent out as they come by syslog Log host messages are set to wait for a n...

Страница 205: ...support Vista Manager EX and the Firewall GUI Use the no variant of this command to disable the HTTP feature Syntax service http no service http Default Disabled Mode Global Configuration Example To e...

Страница 206: ...erver settings Syntax show http Mode User Exec and Privileged Exec Example To show the HTTP server settings use the command awplus show http Output Figure 4 1 Example output from the show http command...

Страница 207: ...tax update webgui now Mode Privileged Exec Usage This command applies since software version 5 4 6 1 1 Prior to 5 4 6 1 1 users used the copy command to copy GUI files onto the AR series firewall inst...

Страница 208: ...sion 5 4 7 1 x Update Manager Commands Introduction This chapter provides an alphabetical reference of commands used to update a resource For more information see the Update Manager Feature Overview a...

Страница 209: ...example output are explained in the following table Related Commands update webgui now Parameter Description resource_name Specific resource to show Table 5 1 awplus show resource Resource Name Statu...

Страница 210: ...e Syntax update webgui now Mode Privileged Exec Usage This command applies since software version 5 4 6 1 1 Prior to 5 4 6 1 1 users used the copy command to copy GUI files onto the AR series firewall...

Страница 211: ...anner login system on page 215 banner motd on page 217 clock set on page 219 clock summer time date on page 220 clock summer time recurring on page 222 clock timezone on page 224 hostname on page 225...

Страница 212: ...on page 250 show process on page 251 show reboot history on page 253 show router id on page 254 show system on page 255 show system environment on page 256 show system interrupts on page 257 show sys...

Страница 213: ...re Plus version and build date is displayed at console login such as Mode Global Configuration Examples To configure a User Exec mode banner after login in this example to tell people to use the enabl...

Страница 214: ...SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER EXEC To remove the User Exec mode banner after login enter the following commands Related Commands banner login system banner motd awplus configure...

Страница 215: ...login banner Syntax banner login no banner login Default By default no login banner is displayed at console login Mode Global Configuration Examples To configure a login banner of Authorised users onl...

Страница 216: ...50186 01 Rev B Command Reference for AR2050V 216 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER LOGIN SYSTEM Related Commands banner exec banner...

Страница 217: ...banner motd motd text no banner motd Default By default the device displays the AlliedWare Plus OS version and build date when you login Mode Global Configuration Examples To configure a MotD banner o...

Страница 218: ...N AND MONITORING COMMANDS BANNER MOTD Related Commands banner exec banner login system awplus enable awplus configure terminal Enter configuration commands one per line End with CNTL Z awplus config n...

Страница 219: ...et to the local time NOTE If Network Time Protocol NTP is enabled then you cannot change the time or date using this command NTP maintains the clock automatically using an external time source If you...

Страница 220: ...ard time and NZDT UTC 13 00 assummertime with thesummertimesetto begin on the 25th of September 2016 and end on the 2nd of April 2017 awplus config clock summer time NZDT date 25 sep 2 00 2016 2 apr 2...

Страница 221: ...v B Command Reference for AR2050V 221 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS CLOCK SUMMER TIME DATE Related Commands clock summer time recurrin...

Страница 222: ...ry year from now on start week Week of the month when summertime starts in the range 1 5 The value 5 indicates the last week that has the specified day in it for the specified month For example to sta...

Страница 223: ...ion for New Zealand using NZST UTC 12 00 as the standard time and NZDT UTC 13 00 as summertime with summertime set to start on the last Sunday in September and end on the 1st Sunday in April use the c...

Страница 224: ...to the local time Examples To set the timezone to New Zealand Standard Time with an offset from UTC of 12 hours use the command awplus config clock timezone NZST plus 12 To set the timezone to Indian...

Страница 225: ...ation Usage Within an AMF network any device without a user defined hostname will automatically be assigned a name based on its MAC address To efficiently manage your network using AMF we strongly adv...

Страница 226: ...ng System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS HOSTNAME NOTE When AMF is configured running the no hostname command will apply a hostname that is based on the MAC address of...

Страница 227: ...67294 Mode Global Configuration Examples To set the maximum number of dynamic routes to 2000 and warning threshold of 75 use the following commands awplus config terminal awplus config max fib routes...

Страница 228: ...C613 50186 01 Rev B Command Reference for AR2050V 228 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS MAX FIB ROUTES Related Commands max fib routes VRF...

Страница 229: ...to set the maximum number of static routes to the default of 1024 static routes Syntax max static routes 1 1024 no max static routes Default The default number of static routes is the maximum number o...

Страница 230: ...debugging use the command awplus no debug all ipv6 To disable all NSM debugging use the command awplus no debug all nsm To disable all OSPF debugging use the command awplus no debug all ospf To disabl...

Страница 231: ...tem Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS NO DEBUG ALL To disable all VRRP debugging use the command awplus no debug all vrrp Related Commands undebug all Command changes Vers...

Страница 232: ...MANDS REBOOT reboot Overview This command halts the device and performs a cold restart also known as reload It displays a confirmation request before restarting Syntax reboot reload Mode Privileged Ex...

Страница 233: ...B Command Reference for AR2050V 233 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS RELOAD reload Overview This command performs the same function as t...

Страница 234: ...2016 01 56 06 0000 Timezone NZST Timezone Offset 12 00 Summer time zone NZDT Summer time starts Last Sunday in September at 02 00 00 Summer time ends First Sunday in April at 02 00 00 Summer time off...

Страница 235: ...Reference for AR2050V 235 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CLOCK Related Commands clock set clock summer time date clock summer tim...

Страница 236: ...nfiguration Guide Syntax show cpu sort thrds pri sleep runtime Mode User Exec and Privileged Exec Examples To show the CPU utilization of current processes sorting them by the number of threads the pr...

Страница 237: ...s daemon 1 0 0 20 sleep 0 2 532 automount 1 0 0 20 sleep 0 453 571 appmond 1 0 0 20 sleep 0 41 587 crond 1 0 0 20 sleep 0 17 589 openhpid 9 0 0 20 sleep 0 284 609 inetd 1 0 0 20 sleep 0 2 761 nsm 1 0...

Страница 238: ...averages The average number of processes waiting for CPU time for the periods stated Current CPU load Current CPU utilization specified by load types pid Identifier number of the process name A shorte...

Страница 239: ...onfiguration Guide Syntax show cpu history Mode User Exec and Privileged Exec Usage This command s output displays three graphs of the percentage CPU utilization per second for the last minute then pe...

Страница 240: ...Related Commands show memory show memory allocations show memory pools show process Per minute CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per minute last 60 minutes averag...

Страница 241: ...l debugging information use the command awplus show debugging Output Figure 6 4 Example output from the show debugging command awplus show debugging AAA debugging status Authentication debugging is of...

Страница 242: ...mory used by port1 0 1 and port1 0 5 to port1 0 6 use the command awplus show interface port1 0 1 port1 0 5 1 0 6 memory Output Figure 6 5 Example output from the show interface memory command Paramet...

Страница 243: ...ure 6 6 Example output from show interface port list memory for a list of interfaces Related Commands show interface brief show interface status show interface switchport awplus show interface port1 0...

Страница 244: ...ify this then the list is sorted by percentage memory utilization size Sort by the amount of memory the process is currently using peak Sort by the amount of memory the process is currently using stk...

Страница 245: ...the output of the show memory command Parameter Description RAM total Total amount of RAM memory free free Available memory size buffers Memory allocated kernel buffers pid Identifier number for the p...

Страница 246: ...he memory allocations used by all processes on your device use the command awplus show memory allocations Output Figure 6 8 Example output from the show memory allocations command Parameter Descriptio...

Страница 247: ...or AR2050V 247 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW MEMORY ALLOCATIONS Related Commands show memory show memory history show memory pool...

Страница 248: ...c and Privileged Exec Usage This command s output displays three graphs of the percentage memory utilization per second for the last minute then per minute for the last hour then per 30 minutes for th...

Страница 249: ...memory pools used by processes use the command awplus show memory pools Output Figure 6 10 Example output from the show memory pools command Related Commands show memory allocations show memory histo...

Страница 250: ...e Plus Feature Overview and Configuration Guide Syntax show memory shared Mode User Exec and Privileged Exec Example To display information about the shared memory allocation used on the device use th...

Страница 251: ...memory history Example To display a summary of the current running processes use the command awplus show process Output Figure 6 12 Example output from the show process command Parameter Description...

Страница 252: ...processes waiting for CPU time for the periods stated Current CPU load Current CPU utilization specified by load types RAM total Total memory size free Available memory buffers Memory allocated to ke...

Страница 253: ...ory command Related Commands show tech support awplus show reboot history date time type description 2016 10 10 01 42 04 Expected User Request 2016 10 10 01 35 31 Expected User Request 2016 10 10 01 1...

Страница 254: ...ER ID show router id Overview Use this command to show the Router ID of the current system Syntax show router id Mode User Exec and Privileged Exec Example To display the Router ID of the current syst...

Страница 255: ...yntax show system Mode User Exec and Privileged Exec Example To display configuration information use the command awplus show system Output Figure 6 15 Example output from show system Related Commands...

Страница 256: ...ntax show system environment Mode User Exec and Privileged Exec Example To display the system s environmental status use the command awplus show system environment Output Figure 6 16 Example output fr...

Страница 257: ...upts Mode User Exec and Privileged Exec Example To display information about the number of interrupts for each IRQ in your device use the command awplus show system interrupts Output Figure 6 17 Examp...

Страница 258: ...system mac Overview This command displays the physical MAC address of the device Syntax show system mac Mode User Exec and Privileged Exec Example To display the physical MAC address enter the follow...

Страница 259: ...OW SYSTEM PCI DEVICE show system pci device Overview Use this command to display the PCI devices on your device Syntax show system pci device Mode User Exec and Privileged Exec Example To display info...

Страница 260: ...NDS SHOW SYSTEM PCI TREE show system pci tree Overview Use this command to display the PCI tree on your device Syntax show system pci tree Mode User Exec and Privileged Exec Example To display informa...

Страница 261: ...n for the device For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show system serialnumber Mode User...

Страница 262: ...sn epsr firewall igmp ip ipv6 mld openflow ospf ospf6 pim rip ripng stack stp system tacacs update outfile filename Parameter Description all Display full information atmf Display ATMF specific inform...

Страница 263: ...lready exists a newfilenameis generated withthe current timestamp If the output filename does not end with gz then gz is appended to the filename Since output files may be too large for Flash on the d...

Страница 264: ...uration Usage This command is used to change the console asyn port speed Set the console speed to matchthetransmissionrateofthe device connectedto theconsole asyn port on your device Example To set th...

Страница 265: ...and Reference for AR2050V 265 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SPEED ASYN Related Commands clear line console line show running config sh...

Страница 266: ...nal or use the timeout option to stop displaying debugging output on the terminal after a set time Syntax terminal monitor 1 60 terminal no monitor Default Disabled Mode User Exec and Privileged Exec...

Страница 267: ...nd Reference for AR2050V 267 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS UNDEBUG ALL undebug all Overview This command applies the functionality of...

Страница 268: ...clear exception log on page 271 clear log on page 272 clear log buffered on page 273 clear log external on page 274 clear log permanent on page 275 connection log events on page 276 copy buffered log...

Страница 269: ...og external size on page 321 log facility on page 322 log host on page 324 log host filter on page 326 log host exclude on page 329 log host source on page 332 log host time on page 333 log monitor fi...

Страница 270: ...C613 50186 01 Rev B Command Reference for AR2050V 270 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS show running config log on page 362 unmount on page 363...

Страница 271: ...ng System Version 5 4 7 1 x LOGGING COMMANDS CLEAR EXCEPTION LOG clear exception log Overview This command resets the contents of the exception log but does not remove the associated core files Syntax...

Страница 272: ...NG COMMANDS CLEAR LOG clear log Overview This command removes the contents of the buffered and permanent logs Syntax clear log Mode Privileged Exec Example To delete the contents of the buffered and p...

Страница 273: ...fered Overview This command removes the contents of the buffered log Syntax clear log buffered Mode Privileged Exec Example To delete the contents of the buffered log use the following commands awplus...

Страница 274: ...he external log is rotating between multiple files this command deletes all those files not just the most recent one Syntax clear log external Mode Privileged Exec Example To delete the external log f...

Страница 275: ...rview This command removes the contents of the permanent log Syntax clear log permanent Mode Privileged Exec Example To delete the contents of the permanent log use the following commands awplus clear...

Страница 276: ...two types of messages you can log new connections and connections that ended You can control the amount of messages you log by choosing to log either type of message or all of the message types Messag...

Страница 277: ...copy buffered log destination name Mode Privileged Exec Example To copy the buffered log file onto a USB storage device and name the file buffered log log use the command awplus copy buffered log usb...

Страница 278: ...ermanent log destination name Mode Privileged Exec Example To copy the permanent log file onto a USB storage device and name the file permanent log log use the command awplus copy permanent log usb pe...

Страница 279: ...e buffered log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log buffered Default The buffered log is enabled by default Mode Global Configuration Examp...

Страница 280: ...es sent to the terminal when a log console command is issued By default all messages are sent to the console when a log console command is issued Syntax default log console Mode Global Configuration E...

Страница 281: ...be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log email email address Mode Global Configuration Example To restore the default settin...

Страница 282: ...essages with a severity level of notices and above Note that this command does not clear the configured filename for the external log Syntax default log external Mode Global Configuration Example To r...

Страница 283: ...will be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log host ip addr Mode Global Configuration Example To restore the default settings...

Страница 284: ...nt to the terminal when a terminal monitor command is used Syntax default log monitor Default All messages are sent to the terminal when a terminal monitor command is used Mode Global Configuration Ex...

Страница 285: ...ent log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log permanent Default The permanent log is enabled by default Mode Global Configuration Example To...

Страница 286: ...to make way for new ones Syntax log buffered no log buffered Default The buffered log is configured by default Mode Global Configuration Examples To configured the device to store log messages in RAM...

Страница 287: ...of message to send to the buffered log The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is un...

Страница 288: ...rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Filter messages to t...

Страница 289: ...ve a filter that sends all messages containing the text Bridging initialization to the buffered log use the following commands awplus configure terminal awplus config no log buffered msgtext Bridging...

Страница 290: ...ssages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest...

Страница 291: ...ol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a syslog facility facility Sp...

Страница 292: ...for AR2050V 292 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG BUFFERED EXCLUDE Related Commands clear log buffered default log buffered log buffered log buffered filter log b...

Страница 293: ...filled old messages will be deleted to make room for new messages Syntax log buffered size 50 250 Mode Global Configuration Example To allow the buffered log to use up to 100 kB of RAM use the follow...

Страница 294: ...e no variant of this command to configure the device not to send log messages to consoles Syntax log console no log console Mode Global Configuration Examples To configure the device to send log messa...

Страница 295: ...es where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 wa...

Страница 296: ...y level messages to the console use the following commands awplus configure terminal awplus config no log console level critical rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Prot...

Страница 297: ...Rev B Command Reference for AR2050V 297 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG CONSOLE FILTER Related Commands default log console log console log console exclude sho...

Страница 298: ...Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is t...

Страница 299: ...panning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a syslog f...

Страница 300: ...Rev B Command Reference for AR2050V 300 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG CONSOLE EXCLUDE Related Commands default log console log console log console filter sho...

Страница 301: ...8 55 43 13 00 user notice Gateway IMISH 1983 manager ttyS0 show run This is a log message with the default date format 2016 Sep 29 08 55 43 user notice Gateway IMISH 1983 manager ttyS0 show run Thedat...

Страница 302: ...Default By default no filters are defined for email log targets Filters must be defined before messages will be sent Mode Global Configuration Example To have log messages emailed to the email address...

Страница 303: ...address to send logging messages to level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names whe...

Страница 304: ...ree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Filter messages by syslog facility facili...

Страница 305: ...om level informational To stop the device emailing log messages emailed to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config no log email adm...

Страница 306: ...xt string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names whe...

Страница 307: ...nning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a syslog fac...

Страница 308: ...v B Command Reference for AR2050V 308 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG EMAIL EXCLUDE Related Commands default log email log email log email filter log email time...

Страница 309: ...se the offset option if the email recipient is in a different time zone to this device Specify the time offset of the email recipient in hours Messages will display the time they were generated on thi...

Страница 310: ...formation converted to the time zone of the email recipient which is 3 hours ahead of the device s local time zone use the following commands awplus configure terminal awplus config log email admin ba...

Страница 311: ...e systems have a lower risk of file corruption occurring if the switch or firewall loses power You should also unmount the storage device before removing it from the switch or firewall to avoid corrup...

Страница 312: ...50186 01 Rev B Command Reference for AR2050V 312 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG EXTERNAL show log external unmount Command changes Version 5 4 7 1 1 command a...

Страница 313: ...ription level Filter messages to the external log by severity level level The minimum severity of message to send to the external log The level can be specified as one of the following numbers or leve...

Страница 314: ...ning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Filter messages to the external log...

Страница 315: ...al awplus config log external msgtext Bridging initialization To remove a filter that sends all messages containing the text Bridging initialization to the external log use the following commands awpl...

Страница 316: ...ssages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest...

Страница 317: ...anning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a syslog fa...

Страница 318: ...re Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG EXTERNAL EXCLUDE default log external log external log external filter log external rotate log external size show log config show log ex...

Страница 319: ...ting rotate to 2 makes the device rotate through 3 files Note that if you set rotate to 0 and the external log file becomes full then the device deletes the full log file and creates a new empty file...

Страница 320: ...System Version 5 4 7 1 x LOGGING COMMANDS LOG EXTERNAL ROTATE Related Commands clear log external default log external log external log external filter log external exclude log external size show log...

Страница 321: ...al rotate 1 each file will have a maximum size of 25 kBytes by default Use the no variant of this command to return to the default size Syntax log external size 50 4194304 no log external size Default...

Страница 322: ...onfiguration Usage Specifying different facilities for log messages generated on different devices can allow messages from multiple devices sent to a common server to be distinguished from each other...

Страница 323: ...y local6 Related Commands show log config ftp FTP daemon local 0 7 The facility labels above have specific meanings while the local facility labels are intended to be put to local use In AlliedWare Pl...

Страница 324: ...e for any of the trustpoints that are associated with the application The remote server may also request that a certificate is transmitted from the local device In this situation the first trustpoint...

Страница 325: ...50186 01 Rev B Command Reference for AR2050V 325 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG HOST log host exclude log host source log host time log trustpoint show log co...

Страница 326: ...emote syslog server level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highe...

Страница 327: ...tiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Filter messages by syslog facility facility Specify one of the foll...

Страница 328: ...t sends all messages containing the text Bridging initialization to a remote syslog server with IP address 10 32 16 21 use the following commands awplus configure terminal awplus config no log host 10...

Страница 329: ...ameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the h...

Страница 330: ...ning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a syslog faci...

Страница 331: ...mmand Reference for AR2050V 331 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG HOST EXCLUDE Related Commands default log host log host log host filter log host source log host...

Страница 332: ...variant of this command to stop specifying a source interface or address Syntax log host source interface name ipv4 addr ipv6 addr no log host source Default None no source is configured Mode Global C...

Страница 333: ...mote syslog server in hours Messages will display the time they were generated on this device but converted to the time zone of the remote syslog server Examples To send messages to the remote syslog...

Страница 334: ...zone use the following commands awplus configure terminal awplus config log host 10 32 16 12 time local offset plus 3 To send messages to the remote syslog server with the IP address 10 32 16 02 with...

Страница 335: ...mbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Err...

Страница 336: ...terminal awplus config no log monitor level debugging stp Spanning Tree Protocol STP rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interfac...

Страница 337: ...ev B Command Reference for AR2050V 337 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG MONITOR FILTER Related Commands default log monitor log monitor exclude show log config t...

Страница 338: ...ng Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is...

Страница 339: ...apid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a sy...

Страница 340: ...ev B Command Reference for AR2050V 340 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG MONITOR EXCLUDE Related Commands default log monitor log monitor filter show log config t...

Страница 341: ...for new messages The no variant of this command configures the device not to send any messages to the permanent log Log messages will not be retained over a restart Syntax log permanent no log perman...

Страница 342: ...nimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusabl...

Страница 343: ...tocol LACP stp Spanning Tree Protocol STP rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface...

Страница 344: ...6 01 Rev B Command Reference for AR2050V 344 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG PERMANENT FILTER log permanent exclude log permanent size show log config show log...

Страница 345: ...xclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is t...

Страница 346: ...Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH facility Exclude messages from a syslog...

Страница 347: ...Reference for AR2050V 347 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG PERMANENT EXCLUDE default log permanent log permanent log permanent filter log permanent size show lo...

Страница 348: ...messages will be deleted to make room for new messages Syntax log permanent size 50 250 Mode Global Configuration Example To allow the permanent log to use up to 100 kB of NVS use the following comma...

Страница 349: ...log rate limiting feature constrains the rate that log messages are generated by the device Notethatif withinthe giventimeinterval thenumberoflogmessages exceeds the limit then any excess log message...

Страница 350: ...edWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG RATE LIMIT NSM To return the device the default setting to generate up to 200 log messages per second use the following commands awp...

Страница 351: ...certificate received from the remote server must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints...

Страница 352: ...ing of HTTP and HTTPS URL requests passing through the firewall Syntax log url requests no log url requests Default Disabled by default Mode URL Filter Configuration Usage When enabled additional log...

Страница 353: ...wall as configured by the connection log events command Syntax show connection log events Mode User Exec Example To show the logging configuration state for the connections passing through the firewal...

Страница 354: ...ved P4 32 Total Received P5 312 Total Received P6 1602 Total Received P7 372 Table 8 Parameters in output of the show counter log command Parameter Description Total Received Total number of messages...

Страница 355: ...ption log Mode User Exec and Privileged Exec Example To display the exception log use the command awplus show exception log Output Figure 7 3 Example output from the show exception log command on a de...

Страница 356: ...n Usage If the optional tail parameter is specified only the latest 10 messages in the buffered log are displayed A numerical value can be specified after the tail parameter to select how many of the...

Страница 357: ...notice awplus kernel Linux version 2 6 32 12 at1 mak er awpmaker03 dl gcc version 4 3 3 Gentoo 4 3 3 r3 p1 2 pie 10 1 5 1 Wed Dec 8 11 53 40 NZDT 2010 2011 Aug 29 07 55 22 kern warning awplus kernel N...

Страница 358: ...Example To display the logging configuration use the command awplus show log config Output Figure 7 5 Example output from show log config Facility default PKI trustpoints example_trustpoint Buffered l...

Страница 359: ...ot be set at the same time If console logging is enabled then the terminal logging is turned off Related Commands show counter log show log show log permanent Host 10 32 16 21 Time offset 2 00 Offset...

Страница 360: ...atest 10 messages in the permanent log are displayed A numerical value can be specified after the tail parameter to change how many of the latest messages should be displayed Example To display the la...

Страница 361: ...Figure 7 6 Example output from show log permanent Related Commands clear log permanent copy permanent log default log permanent log permanent log permanent filter log permanent exclude log permanent...

Страница 362: ...LOG show running config log Overview This command displays the current running configuration of the Log utility Syntax show running config log Mode Privileged Exec and Global Configuration Example To...

Страница 363: ...is is especially important if files may be automatically written to the storage device such as external log files or AMF backup files Syntax unmount usb Mode Privileged Exec Example To unmount a USB s...

Страница 364: ...nce for AR2050V 364 AlliedWare Plus Operating System Version 5 4 7 1 x Scripting Commands Introduction Overview This chapter provides commands used for command scripts Command List activate on page 36...

Страница 365: ...lename extension of either sh or scp only for the AlliedWare Plus CLI to activate the script file The sh filename extension indicates the file is an ASH script and the scp filename extension indicates...

Страница 366: ...the terminal followed by a blank line Syntax echo line Mode User Exec and Privileged Exec Usage This command may be useful in CLI scripts to make the script print user visible comments Example To echo...

Страница 367: ...he command line Usage Use this command to pause script execution in an scp AlliedWare Plus script or an sh ASH script file executed by the activate command The script must contain an enable command be...

Страница 368: ...rence of commands used to configure and display interfaces Command List description interface on page 369 interface to configure on page 370 ip tcp adjust mss on page 372 ipv6 tcp adjust mss on page 3...

Страница 369: ...ion Mode Interface Configuration Example The following example uses this command to describe the device that a switch port is connected to awplus configure terminal awplus config interface port1 0 2 a...

Страница 370: ...oopback interfaces can add flexibility and simplify management information gathering and filtering One example of this increased reliability is for OSPF to advertise a local loopback interface as an i...

Страница 371: ...le shows how to enter Interface mode to configure PPP interface PPP0 awplus configure terminal awplus config interface ppp0 awplus config if The following example shows how to enter Interface mode to...

Страница 372: ...n a host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmis...

Страница 373: ...1 x INTERFACE COMMANDS IP TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no i...

Страница 374: ...a host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmiss...

Страница 375: ...x INTERFACE COMMANDS IPV6 TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no...

Страница 376: ...onal components Source and Destination addresses EtherType field Priority and VLAN tag fields FCS These additional components increase the frame size internally to 1522 bytes in the default case Synta...

Страница 377: ...fragmentation needed and DF set 4 code back to the source For IPv6 packets bigger than the MTU size of the transmitting VLAN interface an ICMP packet too big ICMP type 2 code 0 message is sent to the...

Страница 378: ...perating System Version 5 4 7 1 x INTERFACE COMMANDS MTU To restore the MTU size to the default MTU size of 1500 bytes on vlan2 to vlan4 use the commands awplus configure terminal awplus config interf...

Страница 379: ...or switch ports Example To display configuration and status information for all interfaces use the command awplus show interface Parameter Description interface list The interfaces or ports to configu...

Страница 380: ...re is Ethernet address is 0000 cd24 daeb index 5001 metric 1 mru 1500 UP BROADCAST RUNNING MULTICAST current duplex full current speed 1000 configured duplex auto configured speed auto configured pola...

Страница 381: ...ut packets 299172 bytes 67379392 multicast packets 0 broadcast packets 0 Time since last state change 0 days 14 22 39 Interface vlan2 Scope both Link is DOWN administrative state is UP Hardware is VLA...

Страница 382: ...ow interface brief awplus show interface eth1 Interface eth1 Link is DOWN administrative state is UP Hardware is Ethernet address is 0200 0034 5682 index 9 metric 1 mtu 1500 configured duplex auto con...

Страница 383: ...le output from show interface brief Related Commands show interface show interface memory awplus show interface brief Interface Status Protocol port1 0 1 admin up down port1 0 2 admin up down port1 0...

Страница 384: ...port1 0 1 and port1 0 5 to port1 0 6 use the command awplus show interface port1 0 1 port1 0 5 1 0 6 memory Output Figure 9 6 Example output from the show interface memory command Parameter Descriptio...

Страница 385: ...le output from show interface port list memory for a list of interfaces Related Commands show interface brief show interface status show interface switchport awplus show interface port1 0 1 port1 0 5...

Страница 386: ...nge of ports separated by a hyphen e g port1 0 1 1 0 6 or sa1 2 or po1 2 a comma separated list of ports and port ranges e g port1 0 1 port1 0 4 1 0 6 Do not mix switch ports static channel groups and...

Страница 387: ...promiscuous it displays the primary VLAN ID if it has one and promiscuous if it does not have a VLAN ID When the VLAN mode is private host it displays the primary and secondary VLAN IDs When the port...

Страница 388: ...ator and its component ports as admin down While the aggregator is down the device accepts shutdown and no shutdown commands on component ports but these have no effect on port status Ports will not c...

Страница 389: ...ew This chapter provides an alphabetical reference of commands used to configure USB Cellular Modems For more information see the USB Cellular Modem Feature Overview and Configuration Guide Command Li...

Страница 390: ...be specified in this case any APN can be used Examples To set the APN to www example com for a cellular interface use the commands awplus configure terminal awplus config int cellular0 awplus config i...

Страница 391: ...C613 50186 01 Rev B Command Reference for AR2050V 391 AlliedWare Plus Operating System Version 5 4 7 1 x USB CELLULAR MODEM COMMANDS APN show cellular show system usb usb mode switch...

Страница 392: ...he chat script file must have the file extension chat The chat script consists of a sequence of expect send pairs of strings The send strings are AT Hayes commands Any occurrence of the string APN in...

Страница 393: ...g interface eth1 1 or a cellular interface e g interface cellular0 L2TP Tunnel Configuration mode for an L2TP tunnel e g l2tp tunnel tunnel0 Examples To configure a PPP interface with index 0 for Ethe...

Страница 394: ...B CELLULAR MODEM COMMANDS ENCAPSULATION PPP To remove the PPP interface with index 1 from L2TP tunnel tunnel1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config...

Страница 395: ...obtained from the cellular modem For information that is common to most cellular modems unknown will be displayed if the information was not obtained successfully Examples To show status information...

Страница 396: ...ce Type Autobauding Enabled Service Data circuit asynchronous UDI or 3 1 kHz modem Connection Element Non transparent Automatic time and time zone update via NITS Not enabled PPP support between TE an...

Страница 397: ...itch Signal Strength RSSI dBm 64 ECIO dBm 5 RSCP dBm 69 ICCID 984610411061462785F5 Software Version E1762 11 126 10 00 74 CD25TCPV Ver B HSUPA status Enabled HSDPA status Enabled Card Mode USIM Device...

Страница 398: ...ater detail of information about USB devices connected to your AR Series Firewall use the command awplus show system usb detail Output Figure 10 5 Example output from show system usb detail Parameter...

Страница 399: ...AWEI Technology iProduct 2 HUAWEI Mobile iSerial 0 bNumConfigurations 1 Configuration Descriptor bLength 9 bDescriptorType 2 wTotalLength 85 bNumInterfaces 3 bConfigurationValue 1 iConfiguration 1 Hua...

Страница 400: ...ng the device s vendor ID product id Specify the USB device s product ID product id 4 digit hexadecimal value representing the device s product ID manufacturer Specify the USB product descriptor manuf...

Страница 401: ...seful if there are multiple devices that have the same product and vendor IDs but differ in the other parameters The mode switch configuration files must have the extension conf Examples To add a mode...

Страница 402: ...Mirroring Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure Port Mirroring For more information see the Mirroring Feature Overview and Config...

Страница 403: ...A mirror port cannot be associated with a VLAN If a switch port is configured to be a mirror port it is automatically removed from any VLAN it was associated with This command can only be applied to...

Страница 404: ...4 7 1 x PORT MIRRORING COMMANDS MIRROR INTERFACE Example To mirror traffic received and transmitted on port1 0 4 and port1 0 5 to destination port1 0 3 use the commands awplus configure terminal awplu...

Страница 405: ...1 Example output from the show mirror command Mirror Test Port Name port1 0 1 Mirror option Enabled Mirror direction both Monitored Port Name port1 0 2 Mirror Test Port Name port1 0 3 Mirror option E...

Страница 406: ...ser Exec Privileged Exec and Interface Configuration Example To display port mirroring configuration for the port1 0 4 use the following commands awplus configure terminal awplus config interface port...

Страница 407: ...s Operating System Version 5 4 7 1 x Interface Testing Commands Introduction Overview This chapter provides an alphabetical reference of commands used for testing interfaces Command List clear test in...

Страница 408: ...clear test interface port list all Mode Privileged Exec Examples To clear the counters for port1 0 1 use the command awplus clear test interface port1 0 1 To clear the counters for all interfaces use...

Страница 409: ...entering this command enter Interface Configuration mode for the desired interfaces and enter the command test interface Do not test interfaces on a device that is part of a live network disconnect t...

Страница 410: ...100 NOTE Do not run test interface on live networks because this will degrade network performance Syntax test interface port list all time 1 60 cont no test interface port list all Mode Privileged Ex...

Страница 411: ...nter the following commands awplus config service test awplus config no spanning tree rstp enable bridge forward awplus config interface vlan1 awplus config if shutdown awplus config if end awplus tes...

Страница 412: ...C613 50186 01 Rev B Command Reference for AR2050V 412 AlliedWare Plus Operating System Version 5 4 7 1 x Part 2 Interfaces and Layer 2...

Страница 413: ...able dynamic on page 417 clear mac address table static on page 419 clear port counter on page 420 debug platform packet on page 421 duplex on page 423 flowcontrol switch port on page 425 linkflap act...

Страница 414: ...e for AR2050V 414 AlliedWare Plus Operating System Version 5 4 7 1 x SWITCHING COMMANDS show platform port on page 439 show storm control on page 444 speed on page 445 storm control level on page 447...

Страница 415: ...x mode The flow control applied by the flowcontrol switch port command operates only on full duplex links whereas back pressure operates only on half duplex links If a port has insufficient capacity t...

Страница 416: ...5 4 7 1 x SWITCHING COMMANDS BACKPRESSURE Todisablebackpressureflowcontroloninterfaceport1 0 2enterthefollowing commands awplus configure terminal awplus config interface port1 0 2 awplus config if b...

Страница 417: ...address table static command Note that an MSTP instance cannot be specified with the command clear mac address table static Examples This example shows how to clear all dynamically learned filtering...

Страница 418: ...DDRESS TABLE DYNAMIC This example shows how to clear all dynamically learned filtering database entries whenlearnedthroughdeviceoperationforagivenMSTP instance1 on switchport interface port1 0 2 awplu...

Страница 419: ...ll filtering database entries for a specific interface configured through the CLI awplus clear mac address table static interface port1 0 3 This example shows how to clear filtering database entries c...

Страница 420: ...COUNTER clear port counter Overview Use this command to clear the packet counters of the port Syntax clear port counter port Mode Privileged Exec Example To clear the packet counter for port1 0 1 use...

Страница 421: ...If a timeout is not specified then a default 5 minute timeout will be applied If a timeout of 0 is specified packet debug will be generated until the no variant of this command is used or another tim...

Страница 422: ...ING COMMANDS DEBUG PLATFORM PACKET To enable VLAN packet debug for VLAN 2 with a timeout duration of 3 minutes enter awplus debug platform packet vlan 2 timeout 150 To disable receive packet debug ent...

Страница 423: ...CP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the duplex mode of all the switch ports in the channel...

Страница 424: ...C613 50186 01 Rev B Command Reference for AR2050V 424 AlliedWare Plus Operating System Version 5 4 7 1 x SWITCHING COMMANDS DUPLEX Related Commands backpressure polarity speed show interface...

Страница 425: ...c it notifies the other port to stop sending until the condition clears When the local device detects congestion at its end it notifies the remote device by sending a pause frame On receiving a pause...

Страница 426: ...rface port1 0 2 awplus config if flowcontrol receive on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send on awplus configure terminal awplus config interfa...

Страница 427: ...shut down Use the no variant of this command to disable flapping detection at this rate Syntax linkflap action shutdown no linkflap action Default Linkflap action is disabled by default Mode Global Co...

Страница 428: ...s table acquire Overview Use this command to enable MAC address learning on the device Use the no variant of this command to disable learning Syntax mac address table acquire no mac address table acqu...

Страница 429: ...lt of 300 seconds 5 minutes Syntax mac address table ageing time ageing timer none no mac address table ageing time Default The default ageing time is 300 seconds Mode Global Configuration Examples Th...

Страница 430: ...traffic within a single VLAN Do not apply the mac address table static command to Layer 3 switched traffic passing from one VLAN to another VLAN Frames will not be discarded across VLANs because pack...

Страница 431: ...applies to copper 10BASE T 100BASE T and 1000BASE T switch ports it does not apply to fiber ports See the MDI MDIX Connection Modes section in the Switching Feature Overview and Configuration Guide fo...

Страница 432: ...w debugging platform packet Overview This command shows platform to CPU level packet debugging information Syntax show debugging platform packet Mode User Exec and Privileged Exec Example To display t...

Страница 433: ...wcontrol interface port Mode User Exec and Privileged Exec Example To display the flow control for the port1 0 5 use the command awplus show flowcontrol interface port1 0 5 Output Figure 13 1 Example...

Страница 434: ...ich have been dynamically shut down by protocols running on the device and the protocols responsible for the shutdown Syntax show interface interface range err disabled Mode User Exec and Privileged E...

Страница 435: ...leged Exec Example To display VLAN information about each switch port enter the command awplus show interface switchport Output Figure 13 2 Example output from the show interface switchport command Re...

Страница 436: ...le output captured when packets were switched and mac addresses were learned Note the new mac addresses learned for port1 0 4 and port1 0 6 added as dynamic entries Note the first column of the output...

Страница 437: ...r mac address table static mac address table static awplus config mac address table static 0000 1111 2222 for int port1 0 3 vlan 2 awplus config end awplus awplus show mac address table VLAN Port MAC...

Страница 438: ...r changes in some of these settings to take effect the device must be rebooted with the new settings in the startup config Example To check the settings configured with platform commands on the device...

Страница 439: ...s To display port registers for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 To display platform counters for port1 0 1 and port1 0 2 use the followi...

Страница 440: ...007 0e 0000 0f 3000 10 0020 11 0000 12 0000 13 0000 14 0000 15 0000 16 0000 17 0000 18 7277 19 1000 1a 0000 1b ffff 1c 6cc7 1d 0000 1e 0000 1f 0000 Port configuration for lport 0x08000000 Phy Driver 5...

Страница 441: ...ed and transmitted 4096 9216 Number of 4096 9216 octet packets received and transmitted General Counters Receive Counters for traffic received Octets Number of octets received Pkts Number of packets r...

Страница 442: ...umber of oversize packets transmitted FrameWDeferrdTx Transmit Single Deferral Frame counter FrmWExcesDefer Transmit Multiple Deferral Frame counter SingleCollsnFrm Transmit Single Collision Frame cou...

Страница 443: ...rating System Version 5 4 7 1 x SWITCHING COMMANDS SHOW PLATFORM PORT ifOutDiscards Outbound interface Discarded Packets counter MTUExcdDiscard Receive MTU Check Error Frame Counter Table 2 Parameters...

Страница 444: ...Exec and Privileged Exec Example To display storm control information for port1 0 2 use the following command awplus show storm control port1 0 2 Output Figure 13 5 Example output from the show storm...

Страница 445: ...s autonegotiate speed Usage Switch ports in a static or dynamic LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group...

Страница 446: ...s and 1000Mbps enter the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if speed auto 100 1000 To set the port to auto negotiate its speed at 1000Mbps onl...

Страница 447: ...Interface Configuration Usage Flooding techniques are used to block the forwarding of unnecessary flooded traffic A packet storm occurs when a large number of broadcast packets are received on a port...

Страница 448: ...ference for AR2050V 448 AlliedWare Plus Operating System Version 5 4 7 1 x SWITCHING COMMANDS UNDEBUG PLATFORM PACKET undebug platform packet Overview This command applies the functionality of the no...

Страница 449: ...ridging For more information see the Bridging Commands Feature Overview and Configuration Guide Command List ageing time on page 450 bridge on page 451 bridge group on page 452 clear mac filter on pag...

Страница 450: ...Configuration Examples To change the ageing time on br2 to 60 seconds 1 minute use the following commands awplus configure terminal awplus config interface br2 awplus config if ageing time 60 To rese...

Страница 451: ...bridge then the bridge cannot be removed For example if interface eth1 exists on bridge 2 then the no bridge 2 command will give you the following message failed to remove interface br2 there are stil...

Страница 452: ...added to a bridge will lose their Layer 3 properties The bridge will act as the Layer 3 interface The bridge will provide Layer 2 connectivity between interfaces that are a part of the bridge You can...

Страница 453: ...r bridge bridge id Default None Mode Privileged Exec Examples To clear the mac filter counters on bridge 1 use the following commands awplus clear mac filter counter bridge 1 Output Figure 14 1 Exampl...

Страница 454: ...bridged traffic on a bridge interface Syntax l3 filtering enable no l3 filtering enable Default Traffic control is disabled by default for bridged traffic Mode Interface mode for a bridge interface Ex...

Страница 455: ...ilter name Default None Mode Interface Configuration Usage You can only create one MAC filter at one time Examples To create a mac filter with the name of ATL router1 use the following commands awplus...

Страница 456: ...ac filter with the name of ATL router1 on bridge interface br1 use the following commands awplus configure terminal awplus config interface br1 awplus config if mac filter group ATL router1 To remove...

Страница 457: ...stance to ensure the traffic reaches its destination Usethe novariant of this command to disable or enable FDB MAC address learning on a bridge Syntax mac learning no mac learning Default Learning is...

Страница 458: ...group called ATL router1 use the following commands awplus configure terminal awplus config mac filter ATL router1 awplus config macfilter rule PC1 permit dmac any smac 00c4 6d20 c0f4 proto any To res...

Страница 459: ...ystem Version 5 4 7 1 x BRIDGING COMMANDS RULE MAC FILTER Output Figure 14 3 Example output from the rule command displaying information about all rules Related Commands clear mac filter mac filter ma...

Страница 460: ...llowing command awplus show bridge br2 To display information about bridge in the range 1 to 3 use the following command awplus show bridge br1 3 To display information about bridges 1 and from 3 to 5...

Страница 461: ...Version 5 4 7 1 x BRIDGING COMMANDS SHOW BRIDGE Figure 14 5 Example output from the show bridge command displaying information about bridge 2 Related Commands ageing time bridge bridge group show brid...

Страница 462: ...and displaying information about bridge 2 Related Commands ageing time bridge bridge group show bridge Parameter Description bridge list The bridge interfaces to display the information about The brid...

Страница 463: ...ter To display mac filter bridge counters for bridge 2 use the following commands awplus show mac filter bridge 2 Output Figure 14 7 Example output from the show mac filter bridge command displaying i...

Страница 464: ...ference of commands used to configure VLANs For more information see the VLAN Feature Overview and Configuration Guide Command List show vlan on page 465 switchport access vlan on page 466 switchport...

Страница 465: ...awplus show vlan 2 Output Figure 15 1 Example output from the show vlan command Related Commands vlan Parameter Description 1 4094 Display information about the VLAN specified by the VLAN ID all Displ...

Страница 466: ...chports using the negated form of this command Mode Interface Configuration Usage Any untagged frame received on this port will be associated with the specified VLAN Examples To change the port based...

Страница 467: ...ess ingress filter enable disable Default By default ports are in access mode with ingress filtering on Usage Use access mode to send untagged frames only Mode Interface Configuration Example awplus c...

Страница 468: ...e default VLAN vlan1 and have ingress filtering on Mode Interface Configuration Usage Aportin trunkmodecan be a tagged member ofmultipleVLANs and anuntagged member of one native VLAN To configure whic...

Страница 469: ...nd receive through the port add Add a VLAN to the list of VLANs that are allowed to transmit and receive through the port Only use this parameter if a list of VLANs is already configured on a port rem...

Страница 470: ...onfiguration is currently switchport trunk allowed vlan all then you should remove VLAN3 5 by entering the except parameter instead of using the remove parameter This means using the following command...

Страница 471: ...lus config interface port1 0 2 awplus config if switchport trunk allowed vlan add 2 The following shows adding a range of VLANs to the port s member set awplus configure terminal awplus config interfa...

Страница 472: ...lowing commands show configuration of VLAN 2 as the native VLAN for port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk native vlan 2 The following...

Страница 473: ...tu Default By default VLANs are enabled when they are created Mode VLAN Configuration Examples To enable vlan 45 use the commands awplus configure terminal awplus config vlan database awplus config vl...

Страница 474: ...the VLAN Configuration mode Syntax vlan database Mode Global Configuration Usage Use this command to enter the VLAN configuration mode You can then add or delete a VLAN or modify its values Example I...

Страница 475: ...MSTP on page 478 debug mstp RSTP and STP on page 479 instance priority MSTP on page 483 instance vlan MSTP on page 485 region MSTP on page 487 revision MSTP on page 488 show debugging mstp on page 48...

Страница 476: ...g tree guard root on page 522 spanning tree hello time on page 523 spanning tree link type on page 524 spanning tree max age on page 525 spanning tree max hops MSTP on page 526 spanning tree mode on p...

Страница 477: ...Use this command with the instance parameter in MSTP mode Specifying this command with the interface parameter only not the instance parameter will work in STP and RSTP mode Examples awplus clear spa...

Страница 478: ...Use this command to clear the detected protocols for a specific port or all ports Use this command in RSTP or MSTP mode only Syntax clear spanning tree detected protocols interface port Mode Privilege...

Страница 479: ...Use the debug mstp topology change interface command to generate debugging messageswhen the device receives an indicationof a topology change in a BPDU from another device The debugging can be activat...

Страница 480: ...command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the likely volume of output these debug messages are best viewed using the te...

Страница 481: ...int pathcost 0 17 23 42 awplus MSTP 1417 CIST bridge id 0000 0000cd1000fe 17 23 42 awplus MSTP 1417 CIST hops remaining 20 17 23 42 awplus MSTP 1417 MSTI flags Agree Forward Learn role Desig 17 23 42...

Страница 482: ...gging mstp terminal monitor undebug mstp awplus terminal monitor awplus debug mstp packet rx decode interface port1 0 4 awplus 17 30 17 awplus MSTP 1417 port1 0 4 xSTP BPDU rx start 17 30 17 awplus MS...

Страница 483: ...stance MSTP selects the device with the lowest MAC address to be the root bridge Give the device a higher priority for becoming the root bridge for a particular instance by assigning it a lower priori...

Страница 484: ...R2050V 484 AlliedWare Plus Operating System Version 5 4 7 1 x SPANNING TREE COMMANDS INSTANCE PRIORITY MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree mst i...

Страница 485: ...T Configuration Usage The VLANs must be created before being associated with an MST instance MSTI If the VLAN range is not specified the MSTI will not be created This command removes the specified VLA...

Страница 486: ...d Reference for AR2050V 486 AlliedWare Plus Operating System Version 5 4 7 1 x SPANNING TREE COMMANDS INSTANCE VLAN MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanni...

Страница 487: ...o the default Syntax region region name no region Default By default the region name is My Name Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI conf...

Страница 488: ...evision number Default The default of revision number is 0 Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on a...

Страница 489: ...on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mstp Mode User Exec and Privileged Exec mode Example...

Страница 490: ...r has been included for RSTP and MSTP You can see the topology change counter for RSTP by using the show spanning tree command You can see the topology change counter for MSTP by using the show spanni...

Страница 491: ...er 0 topo change timer 0 port1 0 1 forward transitions 0 port1 0 1 Version Rapid Spanning Tree Protocol Received None Send STP port1 0 1 No portfast configured Current portfast off port1 0 1 portfast...

Страница 492: ...0 3 Designated Path Cost 0 port1 0 3 Configured Path Cost 200000 Add type Explicit ref count 1 port1 0 3 Designated Port Id 839f Priority 128 port1 0 3 Root 80000000cd20f093 port1 0 3 Designated Bridg...

Страница 493: ...topology change counter for MSTP by using the show spanning tree mst instance command Example To display a summary of spanning tree status information use the command awplus show spanning tree brief...

Страница 494: ...Configuration Example To display bridge level information about the CIST and VLAN to MSTI mappings enter the command awplus show spanning tree mst Output Figure 16 5 Example output from show spanning...

Страница 495: ...e The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example To display MSTP conf...

Страница 496: ...d 1 CIST Reg Root Id 80000000cd24ff2d 1 CIST Bridge Id 80000000cd24ff2d 1 portfast bpdu filter disabled 1 portfast bpdu guard disabled 1 portfast errdisable timeout disabled 1 portfast errdisable time...

Страница 497: ...onal Root 80000000cd24ff2d port1 0 3 Designated Bridge 80000000cd24ff2d port1 0 3 Message Age 0 Max Age 20 port1 0 3 CIST Hello Time 2 Forward Delay 15 port1 0 3 CIST Forward Timer 0 Msg Age Timer 0 H...

Страница 498: ...e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward De...

Страница 499: ...oint Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 838a...

Страница 500: ...c Privileged Exec and Interface Configuration Example To display detailed information for instance 2 and all switch ports associated with that instance use the command awplus show spanning tree mst in...

Страница 501: ...mst instance 2 interface port1 0 2 Output Figure 16 10 Example output from show spanning tree mst instance Parameter Description instance id Specify an MSTP instance in the range 1 5 port The port to...

Страница 502: ...stance and all interfaces associated with them for port1 0 4 use the command awplus show spanning tree mst interface port1 0 4 Output Figure 16 11 Example output from show spanning tree mst interface...

Страница 503: ...e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward De...

Страница 504: ...oint Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 838a...

Страница 505: ...Exec Usage To display BPDU statistics for all spanning tree instances and all switch ports associated with all spanning tree instances use the command awplus show spanning tree statistics Output Figu...

Страница 506: ...timer INACTIVE Hello Time Value 0 Forward Delay Timer INACTIVE Forward Delay Timer Value 0 Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer Va...

Страница 507: ...nning tree statistics instance instance id Mode Privileged Exec Example To display BPDU statistics information for MST instance 2 and all switch ports associated with that MST instance use the command...

Страница 508: ...mation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics instance instance id interface...

Страница 509: ...or Instance 1 INST_PORT port1 0 2 Information Statistics Config Bpdu s xmitted port inst 0 0 Config Bpdu s received port inst 0 0 TCN Bpdu s xmitted port inst 0 0 TCN Bpdu s received port inst 0 0 Mes...

Страница 510: ...ut each MST instance for port1 0 2 use the command awplus show spanning tree statistics interface port1 0 2 Output Figure 16 16 Example output from show spanning tree statistics interface Parameter De...

Страница 511: ...Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer Value 0 Hold Timer INACTIVE Hold Timer Value 0 Other Port Specific Info Max Age Transitions 1...

Страница 512: ...em including the VLAN range index value for the device Syntax show spanning tree vlan range index Mode Privileged Exec Example To display information about MST instances and the VLANs associated with...

Страница 513: ...edge port If it does not receive any BPDUs in the first three seconds after linkup enabling or entering RSTP or MSTP mode it sets itself to be an edgeport and enters the forwarding state Use this com...

Страница 514: ...e switched LAN running the AlliedWare Plus Operating System must have Cisco interoperability enabled When the AlliedWare Plus Operating System is interoperating with Cisco the only criteria used to cl...

Страница 515: ...ut of some show commands Use the no variant of this command to set a port to its default state not an edge port Syntax spanning tree edgeport no spanning tree edgeport Default Not an edge port Mode In...

Страница 516: ...e spanning tree mode is set to RSTP To change the mode see spanning tree mode command Examples To enable STP in Global Configuration mode enter the below commands awplus configure terminal awplus conf...

Страница 517: ...re Plus Operating System Version 5 4 7 1 x SPANNING TREE COMMANDS SPANNING TREE ENABLE To disable RSTP in Global Configuration mode enter the below commands awplus configure terminal awplus config no...

Страница 518: ...ee errdisable timeout enable no spanning tree errdisable timeout enable Default By default the errdisable timeout is disabled Mode Global Configuration Usage The BPDU guard feature shuts down the port...

Страница 519: ...the BPDU guard feature Use this command for RSTP or MSTP Syntax spanning tree errdisable timeout interval 10 1000000 no spanning tree errdisable timeout interval Default By default the port is re enab...

Страница 520: ...e Interface Configuration mode for a switch port interface only Examples Set the value to enforce the spanning tree protocol STP awplus configure terminal awplus config interface port1 0 2 awplus conf...

Страница 521: ...to learning and from learning to forwarding This value is used only when the device is acting as the root bridge Devices not acting asthe RootBridgeuse adynamic valuefor the forwarddelayset by theroo...

Страница 522: ...this command for RSTP STP or MSTP Use the no variant of this command to disable the root guard feature for the port Syntax spanning tree guard root no spanning tree guard root Mode Interface Configur...

Страница 523: ...estore the default of the hello time Syntax spanning tree hello time hello time no spanning tree hello time Default Default is 2 seconds Mode Global Configuration and Interface Configuration for switc...

Страница 524: ...iant of this command to return the port to the default link type Syntax spanning tree link type point to point shared no spanning tree link type Default The default link type is point to point Mode In...

Страница 525: ...ult of spanning tree max age is 20 seconds Mode Global Configuration Usage Max age is the maximum time in seconds for which a message is considered valid Configure this value sufficiently high so that...

Страница 526: ...spanning tree max hops hop count no spanning tree max hops hop count Default The default max hops in a MST region is 20 Mode Global Configuration Usage Specifying the max hops for a BPDU prevents the...

Страница 527: ...ning tree protocol mode on the device is RSTP Mode Global Configuration Usage With no configuration the device will have spanning tree enabled and the spanning tree mode will be set to RSTP Use this c...

Страница 528: ...guration Overview Use this command to enter the MST Configuration mode to configure the Multiple Spanning Tree Protocol Syntax spanning tree mst configuration Mode Global Configuration Examples Thefol...

Страница 529: ...on mode for a switch port or channel group Usage You can disable automatic configuration of member ports of a VLAN to an associated MSTI by using a no spanning tree mst instance command to remove the...

Страница 530: ...the IEEE 802 1q 2003 standard Mode Interface Configuration mode for a switch port interface only Usage Before you can use this command to set a path cost in a VLAN configuration you must explicitly a...

Страница 531: ...rn the path cost to its default value on instance 3 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree mst instance 3 path cost Related Comm...

Страница 532: ...I The port with the lowest value has the highest priority so it will be chosen as root port over a port that is equivalent in all other aspects but with a higher priority value Examples To set the pri...

Страница 533: ...instance id restricted role Default The restricted role for an MSTI instance on a switch port is disabled by default Mode Interface Configuration mode for a switch port interface only Usage The root...

Страница 534: ...ting System Version 5 4 7 1 x SPANNING TREE COMMANDS SPANNING TREE MST INSTANCE RESTRICTED ROLE Related Commands instance vlan MSTP spanning tree priority port priority spanning tree mst instance span...

Страница 535: ...nstance id restricted tcn no spanning tree mst instance instance id restricted tcn Default Disabled By default switch ports propagate TCNs Mode Interface Configuration mode for a switch port interface...

Страница 536: ...the port s path cost for the CIST Syntax spanning tree path cost pathcost no spanning tree path cost Default The default path cost values and the range of recommended path cost values depend on the po...

Страница 537: ...spanning tree portfast no spanning tree portfast Default Not an edge port Mode Interface Configuration mode for a switch port interface only Usage Portfast makes a port move from a blocking state to a...

Страница 538: ...x SPANNING TREE COMMANDS SPANNING TREE PORTFAST STP Example awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast Related Commands spanning tree edgeport...

Страница 539: ...Default BPDU Filter is not enabled on any ports by default Mode Global Configuration and Interface Configuration Usage This command filters the BPDUs and passes only data to continue to act as an edg...

Страница 540: ...ST BPDU FILTER To enable STP BPDU filtering in Interface Configuration mode enter the commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast bpdu...

Страница 541: ...u guard default disable enable no spanning tree portfast bpdu guard Default BPDU Guard is not enabled on any ports by default Mode Global Configuration or Interface Configuration Usage This command bl...

Страница 542: ...DU Guard feature It shows both the administratively configured and currently running values of bpdu guard Example To enable STP BPDU guard in Global Configuration mode enter the below commands awplus...

Страница 543: ...STP mode is configured this will apply to the CIST Use the no variant of this command to reset it to the default Syntax spanning tree priority priority no spanning tree priority Default The default pr...

Страница 544: ...the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 128 Mode Interface Configuration mode for a switch port interface only Usage To force a po...

Страница 545: ...a switch port interface only to restrict the port from becoming a root port Use the no variant of this command to disable the restricted role functionality Syntax spanning tree restricted role no spa...

Страница 546: ...e Protocol Data Units from being sent on a port If this command is enabled after a topology change a bridge is prevented from sending a TCN to its designated bridge Use the no variant of this command...

Страница 547: ...rview Use this command to set the maximum number of BPDU transmissions that are held back Use the no variant of this command to restore the default transmit hold count value Syntax spanning tree trans...

Страница 548: ...mmand Reference for AR2050V 548 AlliedWare Plus Operating System Version 5 4 7 1 x SPANNING TREE COMMANDS UNDEBUG MSTP undebug mstp Overview This command applies the functionality of the no debug mstp...

Страница 549: ...orithm is designed to ensure that any given data flow always goes down the same link It also aims to spread data flows across the links as evenly as possible For example for a 2 Gbps LAG that is a com...

Страница 550: ...REGATION COMMANDS show etherchannel on page 562 show etherchannel detail on page 563 show etherchannel summary on page 564 show lacp sys id on page 565 show lacp counter on page 566 show port ethercha...

Страница 551: ...full duplex mode Once the LACP channel group has been created it is treated as a device port and can be referred to in most other commands that apply to device ports To refer to an LACP channel group...

Страница 552: ...e port1 0 6 awplus config if channel group 2 mode active To remove device port1 0 6 from any created LACP channel groups use the command below awplus configure terminal awplus config interface port1 0...

Страница 553: ...GATION COMMANDS CLEAR LACP COUNTERS clear lacp counters Overview Use this command to clear all counters of all present LACP aggregators channel groups or a given LACP aggregator Syntax clear lacp 1 32...

Страница 554: ...acp all Related Commands show debugging lacp undebug lacp Parameter Description all Turn on all debugging for LACP cli Specifies debugging for CLI messages Echoes commands to the console event Specifi...

Страница 555: ...lobal Configuration Usage Do not mix LACP configurations manual and dynamic When LACP global passive mode is turned on by using the lacp global passive mode enable command we do not recommend using a...

Страница 556: ...regation based on their priority with the higher priority numerically lower ports selected first Use the no variant of this command to reset the priority of port to the default Syntax lacp port priori...

Страница 557: ...g the system responsible for resolving conflicts in the choice of aggregation groups Use the no variant of this command to reset the system priority of the local system to the default Syntax lacp syst...

Страница 558: ...on if no updates are seen for 3 seconds i e 3 consecutive updates are lost The device indicates its preference by means of the Timeout field in the Actor section of its LACPDUs If the Timeout field is...

Страница 559: ...edWare Plus Operating System Version 5 4 7 1 x LINK AGGREGATION COMMANDS LACP TIMEOUT The following commands set the LACP short timeout for 1 second on port1 0 2 awplus configure terminal awplus confi...

Страница 560: ...and output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging lacp Mode User Exec and Privileged Exec Example awplus show debugging lacp Output...

Страница 561: ...e Syntax show diagnostic channel group Mode User Exec and Privileged Exec Example awplus show diagnostic channel group Output Figure 17 2 Example output from the show diagnostic channel group command...

Страница 562: ...rivileged Exec Example awplus show etherchannel Output Figure 17 3 Example output from show etherchannel Example awplus show etherchannel 1 Output Figure 17 4 Example output from show etherchannel for...

Страница 563: ...ec and Privileged Exec Example awplus show etherchannel detail Output Example output from show etherchannel detail awplus show etherchannel detail Aggregator po1 IfIndex 4601 Mac address 00 00 cd 37 0...

Страница 564: ...e Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show etherchannel summary Mode User Exec and Privileged Ex...

Страница 565: ...system ID and priority For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website a...

Страница 566: ...tion on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show lac...

Страница 567: ...herchannel Parameter Description port Name of the device port to display LACP information about awplus show port etherchannel port1 0 2 LACP link info port1 0 2 7007 Link port1 0 2 IfIndex 7007 Aggreg...

Страница 568: ...ggregator For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesi...

Страница 569: ...e removed the static channel group is deleted All the ports in a channel group must have the same VLAN configuration they must belong to the same VLANs and have the same tagging status and can only be...

Страница 570: ...us Operating System Version 5 4 7 1 x LINK AGGREGATION COMMANDS STATIC CHANNEL GROUP To reference static channel group 2 as an interface use the commands awplus configure terminal awplus config interf...

Страница 571: ...B Command Reference for AR2050V 571 AlliedWare Plus Operating System Version 5 4 7 1 x LINK AGGREGATION COMMANDS UNDEBUG LACP undebug lacp Overview This command applies the functionality of the no de...

Страница 572: ...n 5 4 7 1 x 802 1Q Encapsulation Commands Introduction This chapter provides an alphabetical reference of commands used to configure 802 1Q Encapsulation For more information see the AAA and Port Auth...

Страница 573: ...Then you can use the VID to configure the subinterface associated with the Ethernet interface or tunnel interface Subinterfaces are logical interfaces The subinterface index must be the same as the V...

Страница 574: ...use the commands awplus configure terminal awuplus config interface eth2 awplus config if encapsulation dot1q 1 awplus config if encapsulation dot1q 2 awplus config if encapsulation dot1q 3 To disabl...

Страница 575: ...ommand List debug ppp on page 577 encapsulation ppp on page 580 interface PPP on page 582 ip address negotiated on page 583 ip tcp adjust mss on page 585 ip unnumbered on page 587 ipv6 tcp adjust mss...

Страница 576: ...eference for AR2050V 576 AlliedWare Plus Operating System Version 5 4 7 1 x PPP COMMANDS ppp timeout idle on page 611 ppp username on page 612 show debugging ppp on page 613 show interface PPP on page...

Страница 577: ...wed in log output filtered in permanent or buffered logs and viewed on the terminal using the terminal monitor command See the status of PPP debugging with the show debugging ppp command Note that deb...

Страница 578: ...92 168 1 1 05 35 46 awplus pppd 24767 ppp0 05 35 46 919 rcvd IPCP ConfNak id 0x1 addr 192 168 1 2 ms dns1 1 1 1 1 ms dns2 2 2 2 2 05 35 46 awplus pppd 24767 ppp0 05 35 46 920 sent IPCP ConfReq id 0x2...

Страница 579: ...es use the below command awplus no debug ppp Related Commands terminal monitor encapsulation ppp no debug all ppp authentication show debugging ppp show interface PPP undebug all awplus terminal monit...

Страница 580: ...face eth1 1 or a cellular interface e g interface cellular0 L2TP Tunnel Configuration mode for an L2TP tunnel e g l2tp tunnel tunnel0 Examples To configure a PPP interface with index 0 for Ethernet in...

Страница 581: ...7 1 x PPP COMMANDS ENCAPSULATION PPP To remove the PPP interface with index 1 from L2TP tunnel tunnel1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2tp t...

Страница 582: ...ation Example The following example shows how to enter Interface mode to configure a PPP interface awplus configure terminal awplus config interface ppp0 awplus config if Related Commands ip address I...

Страница 583: ...this IP address When the peer does not send an IP address via IPCP negotiation the specified default IP address will be used Examples To configure the PPP interface ppp0 to use IPCP to negotiate an IP...

Страница 584: ...negotiation is configured on PPP interface ppp0 use the following command awplus show running config interface ppp0 Figure 19 3 Example output from a show running config interface ppp0 to verify IPCP...

Страница 585: ...host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmissio...

Страница 586: ...7 1 x PPP COMMANDS IP TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no ip t...

Страница 587: ...nterface types from which the IP address can be borrowed from are VLAN ethernet loopback and bridge Examples To borrow an IP address on unnumbered PPP from the vlan2 interface use the following comman...

Страница 588: ...dex 16778240 metric 1 mtu 1492 UP POINT TO POINT RUNNING NOARP MULTICAST PPP is running over interface eth2 LCP Opened IPCP Opened MRU bytes Local config 1492 Local negotiated 1492 Peer negotiated 149...

Страница 589: ...host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmission...

Страница 590: ...7 1 x PPP COMMANDS IPV6 TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no ip...

Страница 591: ...hen the default attempt limit is configured to 3 attempts Mode Interface Configuration for a PPP interface Example To enable the device to send LCP Echo keepalive messages on the PPP interface ppp0wit...

Страница 592: ...rsion 5 4 7 1 x PPP COMMANDS KEEPALIVE PPP To disable the device from sending LCP Echo keepalive messages on the PPP interface ppp0 enter the below commands awplus configure terminal awplus config int...

Страница 593: ...t fragment bit set then the switch will send an ICMP destination unreachable 3 packet type and a fragmentation needed and DF set 4 code back to the source See the ip tcp adjust mss command to set the...

Страница 594: ...s To configure the PPP interface ppp0 to assign the IP address of 192 168 0 1 to its peer upon request use the below commands awplus configure terminal awplus config interface ppp0 awplus config if pe...

Страница 595: ...P address 192 168 0 1 is configured on PPP interface ppp0 use the following command awplus show running config interface ppp0 Output Related Commands ip address negotiated show running config interfac...

Страница 596: ...e show ip route command to validate the route behavior after issuing this command Mode Interface Configuration for a PPP interface Examples To re enable the default behavior for the PPP interface ppp1...

Страница 597: ...y connected ppp1 C 4 1 1 2 32 is directly connected ppp1 C 192 168 10 0 24 is directly connected vlan1 awplus configure terminal Enter configuration commands one per line End with CNTL Z awplus config...

Страница 598: ...defined or configured to a PPP interface by default Mode Interface Configuration for a PPP interface Examples To enable PPP PAP authentication on the PPP interface ppp0 enter the commands awplus confi...

Страница 599: ...us config if ppp authentication eap chap To attempt PPP CHAP authentication then fall back to PPP PAP authentication if the attempt to enable PPP CHAP authentication fails on the PPP interface ppp0 en...

Страница 600: ...ticate using EAP CHAP or PAP are refused Examples To refuse the use of PAP authentication if a peer requests PAP authentication enter the commands awplus configure terminal awplus config interface ppp...

Страница 601: ...ts EAP authentication enter the commands awplus configure terminal awplus config interface ppp0 awplus config if ppp authentication refuse eap To allow the use of EAP CHAP or PAP authentication if a p...

Страница 602: ...another hostname instead of the system hostname configured from the hostname command using this command Syntax ppp hostname hostname no ppp hostname hostname Default The default PPP hostname is the s...

Страница 603: ...rsion 5 4 7 1 x PPP COMMANDS PPP HOSTNAME To disable the use of the alternate hostname remote_router for PPP authentication enter the commands awplus configure terminal awplus config interface ppp0 aw...

Страница 604: ...CP DNS options for accepting rejecting or requesting DNS addresses from the peer Use the optional primary and secondary or primary only DNS server address placeholders to specify DNS server addresses...

Страница 605: ...terminal awplus config interface ppp0 awplus config if ppp ipcp dns reject To configure the PPP interface ppp0 to supply primary and secondary DNS server addresses to the peer enter the below command...

Страница 606: ...d as a suffix list to the PPP connection So when the PPP connection is completed with the head office users at the branch office that browse to intranet example lc will have the DNS request forwarded...

Страница 607: ...613 50186 01 Rev B Command Reference for AR2050V 607 AlliedWare Plus Operating System Version 5 4 7 1 x PPP COMMANDS PPP IPCP DNS SUFFIX LIST Related Commands ip dns forwarding domain list ppp ipcp dn...

Страница 608: ...y address negotiated with the peer via IPCP on a given PPP interface Syntax ppp ipcp ip override no ppp ipcp ip override Default By default the address is negotiated with the peer via IPCP Mode Interf...

Страница 609: ...interface by default Mode Interface Configuration for a PPP interface Examples To enable the use of the PPP secret password bobs_secret for PPP authentication enter the commands awplus configure term...

Страница 610: ...ion to the default service specified by the access concentrator Mode Interface Configuration for a PPP interface Usage You can only apply a single service name to each PPPoE interface Examples To conn...

Страница 611: ...ct a PPP connection after a specified time The timer is reset upon either ingress or regress user traffic Non user traffic such as Link Control Protocol LCP keepalives and Network Control Protocol NCP...

Страница 612: ...me bob for the PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if ppp username bob To remove the PPP username bob for the PPP interface ppp0 us...

Страница 613: ...hrough ppp2 awplus show debugging ppp interface ppp0 ppp2 The following example shows how to display PPP debug information for PPP interface ppp0 and ppp2 awplus show debugging ppp interface ppp0 ppp2...

Страница 614: ...ions including those for DNS addresses are shown in console output Local DNS addresses as displayed in console output are provided from the peer Peer DNS addresses as displayed in console output are p...

Страница 615: ...ink is UP administrative state is UP Hardware is PPP IPv4 address 10 1 0 2 32 IPv6 address fe80 200 cdff fe28 8a1 10 index 16778440 metric 1 UP POINTOPOINT RUNNING NOARP MULTICAST VRF Binding Not boun...

Страница 616: ...INT RUNNING NOARP MULTICAST VRF Binding Not bound PPP is running over interface tunnel1 LCP Opened IPCP Opened IPV6CP Opened MRU bytes Local config 1460 Local negotiated 1460 Peer negotiated 1460 Magi...

Страница 617: ...28 89f 10 index 16778241 metric 1 mtu 1460 UP POINTOPOINT RUNNING NOARP MULTICAST VRF Binding Not bound PPP is running over interface tunnel1 LCP Opened IPCP Opened IPV6CP Opened MRU bytes Local confi...

Страница 618: ...ted form of the debug ppp command Examples To disable PPP debugging for all PPP interfaces enter the below command awplus undebug ppp To disable PPP debugging for PPP interfaces ppp0 enter the below c...

Страница 619: ...de Command List clear pppoe ac statistics on page 620 debug pppoe ac on page 621 destination l2tp on page 622 l2tp peer address dns lookup on page 623 l2tp peer address radius lookup group on page 625...

Страница 620: ...zero all the PPPoE Access Concentrator statistics counters and restart the counters incrementing from zero To see the affected counter values use the command show pppoe ac statistics Syntax clear ppp...

Страница 621: ...the no variant of this command to disable debugging of the PPPoE Access Concentrator Syntax debug pppoe ac no debug pppoe ac Default PPPoE Access Concentrator debugging is disabled by default Mode Pr...

Страница 622: ...PPoE Access Concentrator Configuration Example To sets the destination to forward all PPPoE packets for the service ISP service to the peer over L2TP use the commands awplus configure terminal awplus...

Страница 623: ...lookup for the PPPoE AC service ISP service use the commands awplus configure terminal awplus config pppoe ac ISP service awplus config pppoe ac l2tp peer address dns lookup To set the LNS address to...

Страница 624: ...50186 01 Rev B Command Reference for AR2050V 624 AlliedWare Plus Operating System Version 5 4 7 1 x PPP OVER ETHERNET PPPOE COMMANDS L2TP PEER ADDRESS DNS LOOKUP service name show running config pppo...

Страница 625: ...Mode PPPoE Access Concentrator Configuration Example To findpeer address via RADIUS lookup from Radius server group called GROUP1 use the commands awplus configure terminal awplus config pppoe ac ISP...

Страница 626: ...the LNS located at IP address 192 168 11 2 use the commands awplus configure terminal awplus config pppoe ac ISP service awplus cinfig pppoe ac l2tp peer address static 192 168 11 2 To configure L2TP...

Страница 627: ...B Command Reference for AR2050V 627 AlliedWare Plus Operating System Version 5 4 7 1 x PPP OVER ETHERNET PPPOE COMMANDS L2TP PEER ADDRESS STATIC l2tp profile ppp auth protocol service name show runnin...

Страница 628: ...le name used in this command is created by the l2tp profile command Example To allow AC service ISP service to use the L2TP profile called PUBLIC use the commands awplus configure terminal awplus conf...

Страница 629: ...C613 50186 01 Rev B Command Reference for AR2050V 629 AlliedWare Plus Operating System Version 5 4 7 1 x PPP OVER ETHERNET PPPOE COMMANDS L2TP PROFILE show running config pppoe ac...

Страница 630: ...ervice ISP service to use PAP use the commands awplus configure terminal awplus config pppoe ac ISP service awplus config pppoe ac ppp auth protocol pap To set PPP authentication to use the default CH...

Страница 631: ...ult No PPPoE AC services are configured by default Mode Global Configuration Example To configure a PPPoE AC called ISP service use the commands awplus configure terminal awplus config pppoe ac ISP se...

Страница 632: ...no pppoe ac service label Default No PPPoE AC service is attached to an interface by default Mode Interface Configuration Usage The label of the PPPoE AC service specified in this command is created...

Страница 633: ...auth no proxy auth Default Proxy authentication is enabled by default Mode PPPoE Access Concentrator Configuration Example To enable proxy authentication for the PPPoE AC service ISP service use the c...

Страница 634: ...e commands awplus configure terminal awplus config pppoe ac ISP service awplus config pppoe ac service name any To offer a private unadvertised PPPoE service internet and an advertised PPPoE service r...

Страница 635: ...e office so they are no longer offered to a client use the commands awplus configure terminal awplus config pppoe ac ISP service awplus config pppoe ac no service name internet awplus config pppoe ac...

Страница 636: ...o display the status of the PPPoE AC debugging Syntax show debugging pppoe ac Mode Privileged Exec Usage Enable PPPoE AC debugging with the debug pppoe ac command Example To display the status of PPPo...

Страница 637: ...use the command awplus show pppoe ac ac1 config check Output Figure 20 2 Example output from show pppoe ac config check Parameter Description label The label for the PPPoE AC service awplus sh pppoe a...

Страница 638: ...PPOE AC CONFIG CHECK Related Commands pppoe ac show running config pppoe ac Complete configuration There is sufficient configuration of this PPPoE AC service to be valid Required Parameters that still...

Страница 639: ...out connected routes for the PPPoE AC service pppoeservice only use the command awplus show pppoe ac pppoeservice connections Output Figure 20 3 Example output from show pppoe ac connections Parameter...

Страница 640: ...on Information about the source of the PPPoE route Interface The incoming interface name Session ID The PPPoE session ID Service Name The service name that this PPPoE AC is offering This is the servic...

Страница 641: ...from show pppoe ac statistics awplus sh pppoe ac statistics PPPoE Access Concentrator Statistics Name Value lnsLookupSuccessfulRequests 0 lnsLookupFailedRequests 0 lnsLookupDnsFailures 0 lnsLookupRadi...

Страница 642: ...mber of L2TP sessions closed l2tpDnsFailures The number of L2TP DNS lookup failures pppoePadiReceived The number of PADI packets received pppoeInvalidPadi The number of invalid PADI packets received p...

Страница 643: ...ds clear pppoe ac statistics pppoe ac routesDestCloseFail The number of destination close failures routesSourceCloseFail The number of source close failures routesClosedByDest The number of routes clo...

Страница 644: ...nning configuration for the PPPoE AC use the command awplus running config pppoe ac Output Figure 20 5 Example output from show running config pppoe ac Related Commands destination l2tp l2tp peer addr...

Страница 645: ...C613 50186 01 Rev B Command Reference for AR2050V 645 AlliedWare Plus Operating System Version 5 4 7 1 x Part 3 Routing...

Страница 646: ...Command List arp aging timeout on page 648 arp IP address MAC on page 649 arp log on page 651 arp opportunistic nd on page 654 arp reply bc dmac on page 656 clear arp cache on page 657 debug ip packe...

Страница 647: ...78 local proxy arp on page 680 optimistic nd on page 681 ping on page 682 show arp on page 684 show debugging ip packet on page 687 show ip forwarding on page 689 show ip interface on page 690 show ip...

Страница 648: ...not fill with entries for hosts that are no longer active Static ARP entries are not aged or automatically deleted By default the time limit for dynamic ARP entries is 300 seconds on all interfaces T...

Страница 649: ...ress port number alias no arp ip addr Syntax VRF lite arp vrf vrf name ip addr mac address port number alias no arp vrf vrf name ip addr Mode Global Configuration Examples To add the IP address 10 10...

Страница 650: ...L COMMANDS ARP IP ADDRESS MAC Example VRF lite To apply the above example within a VRF instance called red use the following commands awplus configure terminal awplus config arp vrf red 10 10 10 9 001...

Страница 651: ...the option to change how the MAC address is displayed in the ARP log message The output can either use the notation HHHH HHHH HHHH or HH HH HH HH HH HH Enter arp log to use HHHH HHHH HHHH notation Ent...

Страница 652: ...us configure terminal awplus config arp log awplus config exit awplus show log include ARP_LOG 2016 Oct 6 06 21 01 user notice awplus HSL 1007 ARP_LOG port1 0 1 vlan1 add 0013 4078 3b98 192 168 2 4 20...

Страница 653: ...og include ARP_LOG Parameter Description ARP_LOG Indicates that ARP log entry information follows port number Indicates device port number for the ARP log entry vid Indicates the VLAN ID for the ARP l...

Страница 654: ...is enabled the device will reply to any received unsolicited ARP packets but not gratuitous ARP packets The source MAC address for the unsolicited ARP packet is added to the ARP cache so the device fo...

Страница 655: ...eighbor discovery for the VRF instance blue enter awplus configure terminal awplus config arp opportunistic nd vrf blue To disable opportunistic neighbor discovery for the VRF instance blue enter awpl...

Страница 656: ...contain a broadcast destination MAC Use the no variant of this command to turn off processing of ARP replies that arrive with a broadcast destination MAC Syntax arp reply bc dmac no arp reply bc dmac...

Страница 657: ...l ip address Mode Privileged Exec Usage To display the entries in the ARP cache use the show arp command To remove static ARP entries use the no variant of the arp IP address MAC command Example To cl...

Страница 658: ...perating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS CLEAR ARP CACHE When running VRF lite to clear the dynamic ARP entries from the global VRF lite and all VRF instances use the comm...

Страница 659: ...ce to show debugging for either all interfaces or a single interface all Specify all Layer 3 interfaces on the device ip address Specify an IPv4 address If this keyword is specified then only packets...

Страница 660: ...the command awplus debug ip packet interface all To turn on TCP packet debugging on vlan1 and IP address 192 168 2 4 use the command awplus debug ip packet interface vlan1 address 192 168 2 4 tcp To...

Страница 661: ...must configure a primary address on the interface before configuring a secondary address NOTE Use show running config interface not show ip interface brief when you need to view a secondary address co...

Страница 662: ...cal loopback interface lo use the following commands awplus configure terminal awplus config interface lo awplus config if ip address 10 10 11 50 24 To add the IP address 10 10 11 50 24 to the PPP int...

Страница 663: ...ace if received on another subnet An IP directed broadcast is an IP packet whose destination address is a broadcast address for some IP subnet but originates from a node that is not itself part of tha...

Страница 664: ...G AND PROTOCOL COMMANDS IP DIRECTED BROADCAST To disable the flooding of broadcast packets via PPP interface ppp0 use the following commands awplus configure terminal awplus config interface ppp0 awpl...

Страница 665: ...ard protocol udp port Default The ip forward protocol udp command is not enabled by default Mode Global Configuration Usage Combined with the ip helper address command in interface mode the ip forward...

Страница 666: ...ommand Reference for AR2050V 666 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS IP FORWARD PROTOCOL UDP Related Commands ip helper address ip directed broadcast...

Страница 667: ...ault The default Gratuitous ARP time limit for all switchports is 8 seconds Mode Global Configuration Usage Every switchport will send a sequence of 3 Gratuitous ARP packets to each VLAN that the swit...

Страница 668: ...System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS IP GRATUITOUS ARP LINK To restrict the sending of Gratuitous ARP packets to one every 20 seconds use the commands awplus configure terminal...

Страница 669: ...res the destination address es The destination address can be a unicast address or a subnet broadcast address The UDP destination port is configured separately with the ip forward protocol udp command...

Страница 670: ...PER ADDRESS The following example removes IPv4 address 192 168 1 100 as an IP Helper destination address to which to forward UDP broadcasts received on ppp0 awplus configure terminal awplus config int...

Страница 671: ...s disabled by default Mode Interface Configuration Usage Limited local proxy ARP supports Static NAT configurations in which the NAT configuration s public address is different to the ethernet interfa...

Страница 672: ...the HTTP server with address 172 22 0 3 zone public network eth1 ip subnet 0 0 0 0 0 interface eth1 host http_server ip address 172 22 0 3 Create a NAT rule to map from the public to the private zone...

Страница 673: ...oes not generate or forward any ICMP Redirect messages on that interface This command does not enable proxy ARP on the interface see the ip proxy arp command for more information on enabling proxy ARP...

Страница 674: ...e that the ARP request arrived from It ignores all other ARP requests See the ip local proxy arp command about enabling your device to respond to other ARP messages The no variant of this command disa...

Страница 675: ...bal Configuration Usage ICMP redirect messages are used to notify hosts that a better route is available to a destination ICMP redirects are used when a packet is routed into the device on the same in...

Страница 676: ...of 5 retries Syntax ip tcp synack retries 0 255 no ip tcp synack retries Default 5 retries Mode Global Configuration Usage The following table shows the approximate correlation between the number of...

Страница 677: ...me situations it may be beneficial to time out unused established TCP sessions earlier For example in a busy environment where there is an excessive number of sessions being established the firewall c...

Страница 678: ...these messages to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ip unreachables command secures your network against this type of probi...

Страница 679: ...estination unreachable messages use the commands awplus configure terminal awplus config no ip unreachables To enable destination unreachable messages use the commands awplus configure terminal awplus...

Страница 680: ...RP Syntax local proxy arp ip add mask no local proxy arp ip add mask Default No subnets are specified for use with limited local proxy ARP Mode Global Configuration Example To specify limited local pr...

Страница 681: ...ale neighbors are deleted from the hardware L3 switching table The optimistic neighbor discovery feature enables the device to sustain L3 traffic switching to a neighbor without interruption Without t...

Страница 682: ...s df bit Enable or disable the do not fragment bit in the IP header interval 0 128 Specify the time interval in seconds between sending ping packets The default is 1 You can use decimal places to spec...

Страница 683: ...mple VRF lite To ping the IP address 10 10 0 5 from VRF instance red use the following command awplus ping vrf red 10 10 0 5 NOTE Unless across domainstatic orleakedrouteexiststothedestinationIPaddres...

Страница 684: ...onal parameters will display all entries in the ARP routing and forwarding table With VRF lite configured and no additional parameters entered the command output displays all entries listed by their V...

Страница 685: ...2a42 vlan2 port1 0 6 static awplus show arp global IP Address MAC Address Interface Port Type 192 168 10 2 0015 77ad fad8 vlan1 port1 0 1 dynamic 192 168 20 2 0015 77ad fa48 vlan2 port1 0 2 dynamic 1...

Страница 686: ...eference for AR2050V 686 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW ARP Related Commands arp IP address MAC clear arp cache Command changes Version 5 4...

Страница 687: ...theIP interface debugging statuswhen theterminal monitoroff use the command awplus terminal no monitor awplus show debug ip packet Output Figure 21 6 Example output from the show debugging ip packet...

Страница 688: ...Rev B Command Reference for AR2050V 688 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW DEBUGGING IP PACKET Related Commands debug ip packet interface term...

Страница 689: ...command to display the IP forwarding status For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip...

Страница 690: ...port1 0 2 use the command awplus show ip interface port1 0 2 brief To show the IP addresses assigned to vlan2 and vlan3 use the command awplus show ip interface vlan2 3 brief To show the IP addresses...

Страница 691: ...n Guide Syntax show ip interface vrf vrf name global Mode User Exec and Privileged Exec Examples To display all interfaces and IP addresses associated with a VRF instance red use the command awplus sh...

Страница 692: ...nterface with VRF lite configured Command changes Version 5 4 6 2 1 VRF lite support added Interface IP Address Status Protocol eth0 unassigned admin up down lo unassigned admin up running vlan1 192 1...

Страница 693: ...o verify that the socket being used is opening correctly If there is a local and remote endpoint a connection is established with the ports indicated Note that this command does not display sockets th...

Страница 694: ...column are tcp IP Protocol 6 udp IP Protocol 17 raw Indicates that socket is for a non port orientated protocol i e a protocol other than TCP or UDP where all packets of a specified IP protocol type...

Страница 695: ...ket any source port will be accepted This is indicated by For active TCP sessions the IP address will display the remote address and port the session was established with For raw sockets the entry in...

Страница 696: ...Privileged Exec Example To display IP traffic statistics use the command awplus show ip traffic Output Figure 21 13 Example output from the show ip traffic command IP 261998 packets received 261998 de...

Страница 697: ...97 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW IP TRAFFIC 155 delayed acks sent 21187 headers predicted 736 pure ACKs 80497 pure ACKs predicted UDP 1394...

Страница 698: ...s tcpdump ip Example VRF lite To start a tcpdump on interface vlan2 associated with a VRF instance red enter the command awplus tcpdump vrf red vlan2 Output Figure 21 14 Example output from the tcpdum...

Страница 699: ...me Syntax VRF lite traceroute vrf vrf name ip addr hostname Mode User Exec and Privileged Exec Example awplus traceroute 10 10 0 5 Example VRF lite awplus traceroute vrf red 192 168 0 1 Command change...

Страница 700: ...2050V 700 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS UNDEBUG IP PACKET INTERFACE undebug ip packet interface Overview This command applies the functionality...

Страница 701: ...DDNS for AR Series Firewalls see the Domain Name System DNS for AlliedWare Plus AR Series Firewalls Feature Overview and Configuration Guide Command List clear ip dns forwarding cache on page 703 ddns...

Страница 702: ...page 726 ppp ipcp dns on page 727 ppp ipcp dns suffix list on page 729 retry interval DDNS on page 731 show ddns update method status on page 732 show debugging ip dns forwarding on page 733 show host...

Страница 703: ...forwarding cache Mode Privileged Exec Examples To clear all cached data use the command awplus clear ip dns forwarding cache Example VRF lite To clear the cached data for VRF instance red use the comm...

Страница 704: ...variant of this command to disable DDNS updates Syntax ddns enable no ddns enable Default Disabled Mode Global Configuration Example To globally enable DDNS updates use the commands awplus configure t...

Страница 705: ...d name Default None Mode Global Configuration Example To create a method named dyndns use the commands awplus configure terminal awplus config ddns update method dyndns awplus config ddns update metho...

Страница 706: ...ivileged Exec Usage When no method name is entered all DDNS update methods are updated If a method name is specified then only that method will update Example To manually update all DDNS update method...

Страница 707: ...NS process Use the no variant of this command to disable debugging for the DDNS process Syntax debug ddns no debug ddns Default Disabled Mode Privileged Exec Example To enable debugging for the DDNS p...

Страница 708: ...Use the no variant of this command to disable DNS Relay debugging Syntax debug ip dns forwarding no debug ip dns forwarding Default DNS Relay debugging is disabled by default Mode Privileged Exec Exam...

Страница 709: ...helpful to write a short description of what the list is to be used for Examples To add a description to a domain list use the commands awplus configure terminal awplus config ip dns forwarding domai...

Страница 710: ...omain list Examples To add the domain acme solutions com to a domain list use the commands awplus configure terminal awplus config ip dns forwarding domain list acme corporation awplus config domain l...

Страница 711: ...DNS Update Method Configuration Example To add the host name test dyndns org for the DDNS update method dyndns use the commands awplus configure terminal awplus config ddns update method dyndns awplus...

Страница 712: ...on Usage A DDNS update method cannot be attached to multiple interfaces however multiple DDNS update methods can be assigned to the same interface Example To enable IPv4 DDNS updates for a DDNS update...

Страница 713: ...enabled by default but if it has been disabled you can re enable it by using the command ip domain lookup See the ip dns forwarding dead time command used with this command NOTE When running VRF lite...

Страница 714: ...d when the time out period of the DNS reply from the DNS server is bigger than the time out period configured on the device Syntax ip dns forwarding cache size 0 1000 timeout 60 3600 no ip dns forward...

Страница 715: ...ip dns forwarding dead time 60 43200 no ip dns forwarding retry Default The default time to stop sending DNS requests to an unresponsive server is 3600 seconds Mode Global Configuration Usage See the...

Страница 716: ...ike a prefix list For example the domain list can be used as a suffix list on an DNS name server The DNS server can be either statically configured or learned over a PPP connection Note that this comm...

Страница 717: ...ding retry Default The default number of retries is 2 DNS requests to an unresponsive server Mode Global Configuration Usage See the ip dns forwarding dead time command used with this command Examples...

Страница 718: ...rwarding source interface interface name no ip dns forwarding source interface Default The default is that no interface is set and the device selects the appropriate source IP address automatically Mo...

Страница 719: ...it for a DNS response to the default of 3 seconds Syntax ip dns forwarding timeout 0 3600 no ip dns forwarding timeout Default The default timeout value is 3 seconds Mode Global Configuration Examples...

Страница 720: ...eletes a domain from the list Syntax ip domain list domain name no ip domain list domain name Mode Global Configuration Usage If there are no domains in the DNS list then your device uses the domain s...

Страница 721: ...pt to resolve domain names You must use IP addresses to specify hosts in commands Syntax ip domain lookup no ip domain lookup Mode Global Configuration Usage The client is enabled by default However i...

Страница 722: ...Mode Global Configuration Usage If there are no domains in the DNS list created using the ip domain list command then your device uses the domain specified with this command If any domain exists in t...

Страница 723: ...erver ip addr suffix list Syntax VRF lite ip name server vrf name ip addr no ip name server vrf name ip addr Mode Global Configuration Usage To allow the device to operate as a DNS proxy your device m...

Страница 724: ...nternal corporate name server use the commands awplus configure terminal awplus config ip dns forwarding domain list corporatedomains awplus config domain list description Our internal network domains...

Страница 725: ...A DDNS update method cannot be attached to multiple interfaces however multiple DDNS update methods can be assigned to the same interface Example To enable IPv6 DDNS updates for a DDNS update method...

Страница 726: ...Method Configuration Example To configure the password test for the method dyndns use the following commands awplus configure terminal awplus config ddns update method dyndns awplus config ddns updat...

Страница 727: ...ure PPP IPCP DNS options for accepting rejecting or requesting DNS addresses from the peer Use the optional primary and secondary or primary only DNS server address placeholders to specify DNS server...

Страница 728: ...configure terminal awplus config interface ppp0 awplus config if ppp ipcp dns reject To configure the PPP interface ppp0 to supply primary and secondary DNS server addresses to the peer enter the bel...

Страница 729: ...associated as a suffix list to the PPP connection So when the PPP connection is completed with the head office users at the branch office that browse to intranet example lc will have the DNS request...

Страница 730: ...01 Rev B Command Reference for AR2050V 730 AlliedWare Plus Operating System Version 5 4 7 1 x DOMAIN NAME SERVICE DNS COMMANDS PPP IPCP DNS SUFFIX LIST Related Commands ip dns forwarding domain list p...

Страница 731: ...ult Disabled Mode DDNS Update Method Configuration Usage If an update is triggered by another source such as an IP address change or a manual update then the retry counter will start again from the be...

Страница 732: ...your device use the command awplus show ddns update method status Output Figure 22 1 Example output from show ddns update method status Related Commands ddns update method Command changes Version 5 4...

Страница 733: ...mmand For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ip dns forwarding Mode User Exe...

Страница 734: ...output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show hosts Mode User Exec and Privileged Exec Example To display the default domain use the command...

Страница 735: ...y the DNS Relay status Syntax show ip dns forwarding Mode User Exec and Privileged Exec Examples To display the DNS Relay status use the command awplus show ip dns forwarding Output Figure 22 4 Exampl...

Страница 736: ...p dns forwarding cache Output Figure 22 5 Example output from the show ip dns forwarding cache command Example VRF lite To display the DNS Relay name resolver cache with output for VRF instance RED us...

Страница 737: ...ED Related Commands ip dns forwarding cache ip name server Command changes Version 5 4 6 2 1 VRF lite support added awplus show ip dns vrf RED forwarding cache Host Address Expires Flags www example c...

Страница 738: ...rom the show ip dns forwarding server command Example VRF lite To display the status of DNS Relay name servers for VRF lite instance red use the command awplus show ip dns vrf red forwarding server Ou...

Страница 739: ...2050V 739 AlliedWare Plus Operating System Version 5 4 7 1 x DOMAIN NAME SERVICE DNS COMMANDS SHOW IP DNS FORWARDING SERVER Related Commands ip dns forwarding ip dns forwarding dead time Command chang...

Страница 740: ...hen sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip do...

Страница 741: ...mplete hostnames when sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide...

Страница 742: ...will send DNS requests to for either the global VRF instance or a selected VRF instance For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Over...

Страница 743: ...tput from the show ip name server command for the VRF instance red Related Commands ip domain lookup ip name server Command changes Version 5 4 6 2 1 VRF lite support added awplus show ip name server...

Страница 744: ...Configuration Usage This command is used in conjunction with the use ipv4 for ipv6 updates command IPv4 DDNS updates are suppressed so that only IPv6 updates are sent NOTE The IPv4 DNS entry may be up...

Страница 745: ...DS UNDEBUG DDNS undebug DDNS Overview Use this command to disable debugging for the DDNS process Syntax undebug ddns Default Disabled Mode Privileged Exec Example To disable debugging for the DDNS pro...

Страница 746: ...dns use the commands awplus configure terminal awplus config ddns update method dyndns awplus config ddns update method update interval 1440 To enable periodic DDNS updates every 28 days for the metho...

Страница 747: ...pdate URL using the following placeholder tokens for the user name enter USERNAME for the password enter PASSWORD for the host name enter HOST NAME for the IP address enter IPADDRESS For example for D...

Страница 748: ...c update SYSTEM dyndns hostname HOST NAME myip IPADDRESS To use members dyndns org v3 update as the update URL for the provider DynDNS with the method called dyndns that uses HTTP use the following co...

Страница 749: ...SERVICE DNS COMMANDS UPDATE URL DDNS To remove the update URL from the method called dyndns use the following commands awplus configure terminal awplus config ddns update method dyndns awplus config...

Страница 750: ...vider supports IPv6 but does not support sending updates in IPv6 then this command is used so IPv6 updates can be sent using IPv4 instead The suppress ipv4 updates command is used in conjunction with...

Страница 751: ...hod Configuration Example To configure the username atlnz for the method dyndns use the following commands awplus configure terminal awplus config ddns update method dyndns awplus config ddns update m...

Страница 752: ...dress autoconfig on page 757 ipv6 enable on page 759 ipv6 eui64 linklocal on page 761 ipv6 forwarding on page 762 ipv6 multicast forward slow path packet on page 763 ipv6 nd accept ra pinfo on page 76...

Страница 753: ...OMMANDS ipv6 opportunistic nd on page 781 ipv6 route on page 782 ipv6 unreachables on page 783 ping ipv6 on page 784 show ipv6 forwarding on page 785 show ipv6 interface brief on page 786 show ipv6 ne...

Страница 754: ...iedWare Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS CLEAR IPV6 NEIGHBORS clear ipv6 neighbors Overview Use this command to clear all dynamic IPv6 neighbor entries Syntax clear ipv6 neighbors...

Страница 755: ...ace Usage Note that link local addresses are retained in the system until they are negated by using the no variant of the command that established them See the ipv6 enable command for more information...

Страница 756: ...onfig interface ppp0 awplus config fr subif ipv6 address 2001 0db8 a2 64 To remove the IPv6 address 2001 0db8 a2 64 from the PPP interface ppp0 use the following commands awplus configure terminal awp...

Страница 757: ...g configuration parameters for IPv6 hosts The SLAAC process derives the interface identifier of the IPv6 address from the MAC address of the interface When applying SLAAC to an interface note that the...

Страница 758: ...6 COMMANDS IPV6 ADDRESS AUTOCONFIG To disable SLAAC on the PPP interface ppp0 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 address autoco...

Страница 759: ...connection Routing does not forward packets with link local addresses IPv6 requires that a link local address is assigned to each interface that has the IPv6 protocol enabled and when addresses are as...

Страница 760: ...terminal awplus config interface ppp0 awplus config if ipv6 enable To disable IPv6 with only a link local IPv6 address on the PPP interface ppp0 use the following commands awplus configure terminal a...

Страница 761: ...al address on an IPv6 enabled interface Syntax ipv6 eui64 linklocal no ipv6 eui64 linklocal Default The command ipv6 eui64 linklocal is enabled by default on any IPv6 enabled interface Mode Interface...

Страница 762: ...lobally for all interface on your device with this command Use the no variant of this command to disable IPv6 unicast forwarding globally for all interfaces on your device IPv6 unicast forwarding allo...

Страница 763: ...smallest MTU among the outgoing interfaces for the multicast group It will also ensure that a received packet that is larger than the MTU value will result in the generation of an ICMP Too Big message...

Страница 764: ...d on an interface SLAAC is also enabled SLAAC addressing along with the EUI 64 process uses the prefix information included in a received RA to generate an automatic link local address on the IPv6 int...

Страница 765: ...commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 nd current hoplimit 2 To reset the advertised current hop limit to the default 0 on the VLAN interface vlan2 use...

Страница 766: ...1 Rev B Command Reference for AR2050V 766 AlliedWare Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS IPV6 ND CURRENT HOPLIMIT Related Commands ipv6 nd managed config flag ipv6 nd prefix ipv6 nd...

Страница 767: ...this command to reset this command to its default of flag unset Syntax ipv6 nd managed config flag no ipv6 nd managed config flag Default Unset Mode Interface Configuration for a VLAN interface or a P...

Страница 768: ...the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 nd minimum ra interval 60 To remove the minimum RA interval for the VL...

Страница 769: ...mmand Reference for AR2050V 769 AlliedWare Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS IPV6 ND MINIMUM RA INTERVAL Related Commands ipv6 nd ra interval ipv6 nd suppress ra ipv6 nd prefix ipv...

Страница 770: ...nd other config flag no ipv6 nd other config flag Default Unset Mode Interface Configuration for a VLAN interface or a PPP interface Usage Advertisement flags will not be transmitted unless you have...

Страница 771: ...x to be advertised by the router advertisement message The IPv6 address prefix uses the format X X prefix length The prefix length is usually set between 0 and 64 The default is X X 64 valid lifetime...

Страница 772: ...ddress prefix of 2001 0db8 64 with a valid lifetime of 10 days and a preferred lifetime of 5 days awplus configure terminal awplus config interface vlan4 awplus config if ipv6 nd prefix 2001 0db8 64 8...

Страница 773: ...ion for a VLAN interface or a PPP interface Usage Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command as shown in the example below Example To set the a...

Страница 774: ...lifetime of the current router to be announced in IPv6 Router Advertisements Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command This instruction is in...

Страница 775: ...time in router advertisements on the VLAN interface vlan4 to be 1800000 milliseconds enter the following commands awplus configure terminal awplus config interface vlan4 awplus config if ipv6 nd reac...

Страница 776: ...C613 50186 01 Rev B Command Reference for AR2050V 776 AlliedWare Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS IPV6 ND REACHABLE TIME Related Commands ipv6 nd suppress ra ipv6 nd prefix...

Страница 777: ...terminal awplus config interface vlan2 awplus config if ipv6 nd retransmission time 800000 To reset the retransmission time of Neighbor Solicitation on the VLAN interface vlan2 to the default 1000 mil...

Страница 778: ...C613 50186 01 Rev B Command Reference for AR2050V 778 AlliedWare Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS IPV6 ND RETRANSMISSION TIME Related Commands ipv6 nd suppress ra ipv6 nd prefix...

Страница 779: ...pv6 nd suppress ra Default Router Advertisement RA transmission is suppressed by default Mode Interface Configuration for a VLAN interface or a PPP interface Example To enable the transmission of rout...

Страница 780: ...specific IPv6 neighbor entry To clear all dynamic address entries use the clear ipv6 neighbors command Example To create a static neighbor entry for IPv6 address 2001 0db8 a2 on vlan 4 MAC address 00...

Страница 781: ...guration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ICMPv6 ND packets The source MAC address for the unsolicited ICMPv6 ND packet is added...

Страница 782: ...way ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awplus c...

Страница 783: ...to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ipv6 unreachables command secures your network against this type of probing NOTE Disa...

Страница 784: ...e number of data bytes to send excluding the 8 byte ICMP header The default is 56 64 ICMP data bytes interface interface list The interface or range of configured IP interfaces to use as the source in...

Страница 785: ...V6 COMMANDS SHOW IPV6 FORWARDING show ipv6 forwarding Overview Use this command to display IPv6 forwarding status Syntax show ipv6 forwarding Mode User Exec and Privileged Exec Example awplus show ipv...

Страница 786: ...ed with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 interface brief Mode User Exec and Privileged Exec Examples awplus show ipv6 interface brief Output Figure 23 2 Exampl...

Страница 787: ...COMMANDS SHOW IPV6 NEIGHBORS show ipv6 neighbors Overview Use this command to display all IPv6 neighbors For information on filtering and saving command output see the Getting Started with AlliedWare...

Страница 788: ...s turned on use the following command awplus show ipv6 route Parameter Description connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing informat...

Страница 789: ...6 Routing Table Codes C connected S static R RIP O OSPF B BGP S 0 1 0 via 2001 a 0 0 c0a8 a6 vlan10 C 2001 db8 a 0 0 0 0 64 via vlan10 C 2001 db8 14 0 0 0 0 64 via vlan20 C 2001 db8 0 0 0 0 64 via vla...

Страница 790: ...e the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the follow...

Страница 791: ...te to the specified IPv6 host Syntax traceroute ipv6 ipv6 addr hostname Mode User Exec and Privileged Exec Example To run a traceroute for the IPv6 address 2001 0db8 a2 use the following command awplu...

Страница 792: ...common across the routing IP protocols For more information see the Route Selection Feature Overview and Configuration Guide Command List ip route on page 793 ipv6 route on page 796 max fib routes on...

Страница 793: ...Syntax VRF lite ip route vrf vrf name subnet mask gateway ip interface distance no ip route vrf vrf name subnet mask gateway ip interface distance Parameter Description subnet mask The IPv4 address o...

Страница 794: ...as a static route available through the device at 10 10 0 2 with the default administrative distance use the commands awplus configure terminal awplus config no ip route 192 168 3 0 255 255 255 0 10 1...

Страница 795: ...configuration awplus configure terminal awplus config no ip route vrf red 192 168 50 0 24 192 168 20 6 To create a static route from source VRF red to the subnet 192 168 50 0 24 with a next hop of 192...

Страница 796: ...teway ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awplus...

Страница 797: ...bal Configuration Examples To set the maximum number of dynamic routes to 2000 and warning threshold of 75 use the following commands awplus config terminal awplus config max fib routes 2000 75 Parame...

Страница 798: ...C613 50186 01 Rev B Command Reference for AR2050V 798 AlliedWare Plus Operating System Version 5 4 7 1 x ROUTING COMMANDS MAX FIB ROUTES Related Commands max fib routes VRF...

Страница 799: ...imum number of static routes to the default of 1024 static routes Syntax max static routes 1 1024 no max static routes Default The default number of static routes is the maximum number of static route...

Страница 800: ...MP path calculations are flow based This means that packets from the same flow will always be sent on the same path Syntax maximum paths 1 8 no maximum paths Default By default the maximum number of p...

Страница 801: ...x length Syntax VRF lite show ip route vrf vrf name global bgp connected ospf rip static Mode User Exec and Privileged Exec Example To display the static routes in the FIB use the command awplus show...

Страница 802: ...s added Figure 24 1 Example output from the show ip route command Connected Route The connected route entry consists of This route entry denotes Route entries for network 10 10 31 0 24 are derived fro...

Страница 803: ...next hop 10 10 31 16 The outgoing local interface for this route is vlan2 This route was added 20 minutes and 54 seconds ago OSPF External Route The OSPF external route entry consists of This route en...

Страница 804: ...le use the output redirection token Syntax show ip route database bgp connected ospf rip static Syntax VRF lite show ip route vrf vrf name global database bgp connected ospf rip static Mode User Exec...

Страница 805: ...y connected vlan2 00 28 20 C 10 10 31 0 24 is directly connected vlan2 S 10 10 34 0 24 1 0 via 10 10 31 16 vlan2 O 10 10 34 0 24 110 31 via 10 10 31 16 vlan2 00 21 19 O 10 10 37 0 24 110 11 via 10 10...

Страница 806: ...is static route has a lower administrative distance than the OSPF route 110 the static route 1 is selected and installed in the FIB If the static route becomes unavailable then the device automaticall...

Страница 807: ...f vrf name global Mode User Exec and Privileged Exec Example To display a summary of the current RIB entries use the command awplus show ip route summary Output Figure 24 4 Example output from the sho...

Страница 808: ...xample output from the show ip route summary vrf red command Related Commands show ip route show ip route database Command changes Version 5 4 6 2 1 VRF lite support added IP routing table name is Def...

Страница 809: ...ers turned on use the following command awplus show ipv6 route Parameter Description connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing inform...

Страница 810: ...Pv6 Routing Table Codes C connected S static R RIP O OSPF B BGP S 0 1 0 via 2001 a 0 0 c0a8 a6 vlan10 C 2001 db8 a 0 0 0 0 64 via vlan10 C 2001 db8 14 0 0 0 0 64 via vlan20 C 2001 db8 0 0 0 0 64 via v...

Страница 811: ...ee the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the follo...

Страница 812: ...amily ipv4 RIP on page 816 alliedware behavior on page 817 cisco metric behavior RIP on page 819 clear ip rip route on page 820 debug rip on page 822 default information originate RIP on page 823 defa...

Страница 813: ...sive interface RIP on page 851 recv buffer size RIP on page 852 redistribute RIP on page 853 restart rip graceful on page 855 rip restart grace period on page 856 route RIP on page 857 router rip on p...

Страница 814: ...onfigure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 Sep 3 2016 04 04 02 Oct 6 2016 Parameter Description start date Speci...

Страница 815: ...ystem Version 5 4 7 1 x RIP COMMANDS ACCEPT LIFETIME or awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 3 Sep...

Страница 816: ...Address Family mode and return to Router Configuration mode use the exit address family command Example In this example the address family green is entered and then exited by using the exit address fa...

Страница 817: ...P being advertised does not match the subnetting used on the outgoing RIPv1 interface it will be filtered The alliedware behavior command returns your router s RIPv1 behavior to the AlliedWare format...

Страница 818: ...ce to AlliedWare Plus like behavior when sending and receiving RIPv1 update messages enter the commands awplus configure terminal awplus config router rip awplus config router no alliedware behavior r...

Страница 819: ...avior enable disable no cisco metric behavior Default By default the Cisco metric behavior is disabled Mode Router Configuration Examples To enable the routing metric update to behave as per the Cisco...

Страница 820: ...routes use the following command awplus clear ip rip vrf red route ospf To clear the route 10 0 0 0 8 from the RIP routing table for the VRF instance red use the following command awplus clear ip rip...

Страница 821: ...C613 50186 01 Rev B Command Reference for AR2050V 821 AlliedWare Plus Operating System Version 5 4 7 1 x RIP COMMANDS CLEAR IP RIP ROUTE Command changes Version 5 4 6 2 1 VRF lite support added...

Страница 822: ...de Privileged Exec and Global Configuration Example The following example displays information about the RIP packets that are received and sent out from the device awplus debug rip packet Related Comm...

Страница 823: ...being redistributed the RIP protocol will advertise this default route irrespective of whether the default information originate command has been configured or not However if the router has not redis...

Страница 824: ...utes regardless of the original protocol that the route has been redistributed from Examples This example assigns the cost of 10 to the routes that are redistributed into RIP awplus configure terminal...

Страница 825: ...y Configuration for a VRF instance Examples To set the administrative distance to 8 for the RIP routes within the 10 0 0 0 8 network use the commands awplus configure terminal awplus config router rip...

Страница 826: ...he interface the filter will be applied to all interfaces Examples In this example the following commands are used to apply a prefix list called myfilter to filter incoming routing updates in vlan2 aw...

Страница 827: ...f larger update messages Use the no variant of this command to disable this feature Syntax fullupdate no fullupdate Default By default this feature is disabled Mode RIP Router Configuration or RIP Rou...

Страница 828: ...authentication Use the ip rip authentication key chain command for multiple keys authentication See the RIP Feature Overview and Configuration Guide for illustrated RIP configuration examples For mult...

Страница 829: ...keychain key send lifetime 10 00 00 Oct 08 2016 duration 43200 awplus config keychain key exit awplus config keychain exit awplus config interface vlan2 awplus config if ip rip authentication key chai...

Страница 830: ...and for single key authentication Use the ip rip authentication key chain command for multiple keys authentication See the RIP Feature Overview and Configuration Guide for illustrated RIP configuratio...

Страница 831: ...for the given interface text or MD5 using the following commands awplus config if ip rip authentication mode md5 text Example 1 In the following example of a configuration for multiple keys authentica...

Страница 832: ...his interface awplus configure terminal awplus config interface ppp0 awplus config if ip rip authentication mode md5 Example 3 The following example specifies mykey as the authentication string with M...

Страница 833: ...see the RIP Feature Overview and Configuration Guide Use the following steps to configure a route to enable RIPv2 authentication using a single key or password 1 Define the authentication string or pa...

Страница 834: ...xample the VLAN interface vlan2 is configured to have an authentication string as guest Any received RIP packet in that interface should have the same string as password awplus configure terminal awpl...

Страница 835: ...ive packet no ip rip receive packet Default Receive packet is enabled Mode Interface Configuration for a VLAN interface or a PPP interface Example This example shows packet receiving being turned on f...

Страница 836: ...be run in version 1 or version 2 mode Version 2 has more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP version is set RIP packets of t...

Страница 837: ...nd packet no ip rip send packet Default Send packet is enabled Mode Interface Configuration for a VLAN interface or a PPP interface Example This example shows packet sending being turned on for the VL...

Страница 838: ...2 has more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP version is set RIP packets of that version will be received and sent on all t...

Страница 839: ...nfig interface vlan4 awplus config if ip rip send version 2 In the following example the VLAN interface vlan3 is configured to use the RIP version specified by the version RIP command awplus configure...

Страница 840: ...end RIP version 2 packets only awplus configure terminal awplus config interface ppp0 awplus config if ip rip send version 2 In the following example the PPP interface ppp2 is configured to use the RI...

Страница 841: ...ed by the version RIP command RIP can be run in version 1 compatible mode Version 2 has more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the...

Страница 842: ...mpatible packets so it broadcasts both RIP version 1 and 2 packets awplus configure terminal awplus config interface ppp1 awplus config if ip rip send version 1 compatible In the following example the...

Страница 843: ...oid including routes in updates sent to the same gateway from which they were learned Without the poisoned parameter using this command causes routes learned from a neighbor to be omitted from updates...

Страница 844: ...key keyid Mode Keychain Configuration Usage This command allows you to enter the keychain key mode where a password can be set for the key Example The following example configures a key number 1 and s...

Страница 845: ...Syntax key chain key chain name no key chain key chain name Mode Global Configuration Usage This command allows you to enter the keychain mode from which you can specify keys on this key chain Exampl...

Страница 846: ...les In the following example the password for key1 in the key chain named mychain is set to password prime awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awplus...

Страница 847: ...iting of the number of RIP routes stored in the routing table Syntax maximum prefix maxprefix threshold no maximum prefix Mode Router Configuration Example To configure the maximum number of RIP route...

Страница 848: ...d to exchange nonbroadcast routing information It can be used multiple times for additional neighbors The passive interface RIP command disables sending routing updates on an interface Use the neighbo...

Страница 849: ...ill be sent and received within the specified network or VLAN When running VRF lite this command can be applied to a VRF instance Example Use the following commands to activate RIP routing updates on...

Страница 850: ...Reference for AR2050V 850 AlliedWare Plus Operating System Version 5 4 7 1 x RIP COMMANDS NETWORK RIP Related Commands show ip rip show running config clear ip rip route Command changes Version 5 4 6...

Страница 851: ...ress Family Configuration for a VRF instance Example Use the following commands to block RIP broadcasts on vlan20 awplus configure terminal awplus config router rip awplus config router passive interf...

Страница 852: ...r size to the system default 196608 bits Syntax recv buffer size 8192 2147483647 no recv buffer size 8192 2147483647 Default 196608 bits is the system default when reset using the no variant of this c...

Страница 853: ...ode RIP Router Configuration or RIP Router Address Family Configuration for a VRF instance Example To apply the metric value 15 to static routes being redistributed into RIP use the commands awplus co...

Страница 854: ...value 15 to static routes in address family ipv4 VRF instance blue being redistributed into RIP use the following commands awplus configure terminal awplus config router rip awplus config router addr...

Страница 855: ...s executed the RIP process immediately shuts down It notifies the system that RIP has performed a graceful shutdown Routes that have been installed into the route table by RIP are preserved until the...

Страница 856: ...restart Use the no variant of this command to disable this function Syntax rip restart grace period 1 65535 no rip restart grace period 1 65535 Mode Global Configuration Default The default RIP grace...

Страница 857: ...r adding the RIP route the route can be checked in the RIP routing table Example To create a static RIP route to IP subnet 192 168 1 0 24 use the following commands awplus configure terminal awplus co...

Страница 858: ...Use the no variant of this command to disable the RIP routing process Syntax router rip no router rip Mode Global Configuration Example This command is used to begin the RIP routing process awplus co...

Страница 859: ...fig keychain key send lifetime 03 03 01 Jan 3 2016 04 04 02 Dec 6 2016 Parameter Description start date Specifies the start time and date in the format hh mm ss day month year or hh mm ss month day ye...

Страница 860: ...C613 50186 01 Rev B Command Reference for AR2050V 860 AlliedWare Plus Operating System Version 5 4 7 1 x RIP COMMANDS SEND LIFETIME Related Commands key key string key chain accept lifetime...

Страница 861: ...ing status for these debugging options nsmdebugging RIP eventdebugging RIP packet debugging and RIP nsm debugging For information on filtering and saving command output see the Getting Started with Al...

Страница 862: ...show ip protocols rip Output Figure 25 1 Example output from the show ip protocols rip command Routing Protocol is rip Sending updates every 30 seconds with 50 next due in 12 seconds Timeout after 180...

Страница 863: ...ntax show ip rip Mode User Exec and Privileged Exec Example awplus show ip rip Output Figure 25 2 Example output from the show ip rip command Related Commands route RIP network RIP clear ip rip route...

Страница 864: ...the RIP database For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip rip database full Mode Use...

Страница 865: ...Overview Use this command to display information about the RIP interfaces You can specify an interface name to display information about a specific interface Syntax show ip rip interface interface Mod...

Страница 866: ...de Syntax show ip rip vrf vrf name global database full Mode User Exec and Privileged Exec Example To display information about the RIP database associated with a VRF instance blue use the command awp...

Страница 867: ...ce blue use the command awplus show ip rip vrf blue interface Output Figure 25 4 Example output from show ip rip vrf blue interface vlan3 NOTE The Time parameter operates as follows RIP updates occur...

Страница 868: ...as been dropped When the time specified by the garbage parameter expires the metric 16 route is finally removed from the routing table Until the garbage time expires the route is included in all updat...

Страница 869: ...timer to 30 the routing information timeout timer to 180 and the routing garbage collection timer to 120 with VRF use the following command awplus configure terminal awplus config router rip awplus c...

Страница 870: ...nsm packet Mode Privileged Exec Example To disable the options set for debugging RIP information events use the following command awplus undebug rip packet Related Commands debug rip Parameter Descri...

Страница 871: ...ed and sent on all the RIP enabled interfaces Setting the version command has no impact on receiving updates only on sending them The ip rip send version command overrides the value set by the version...

Страница 872: ...C613 50186 01 Rev B Command Reference for AR2050V 872 AlliedWare Plus Operating System Version 5 4 7 1 x RIP COMMANDS VERSION RIP Command changes Version 5 4 6 2 1 VRF lite support added...

Страница 873: ...res the encoding of the next hop for a set of routes For more information see the RIPng Feature Overview and Configuration Guide Command List aggregate address IPv6 RIPng on page 875 clear ipv6 rip ro...

Страница 874: ...g System Version 5 4 7 1 x RIPNG FOR IPV6 COMMANDS show debugging ipv6 rip on page 892 show ipv6 protocols rip on page 893 show ipv6 rip on page 894 show ipv6 rip database on page 895 show ipv6 rip in...

Страница 875: ...ge covered by the aggregate route are retained in the RIPng database but are marked as suppressed routes The aggregate route will be advertised in RIPng updates and the component route will no longer...

Страница 876: ...clear ipv6 rip route 2001 db8 32 Parameter Description ipv6 addr prefix length Specify the IPv6 Address in format X X X X Prefix Length The prefix length is a decimal integer between 1 and 128 Remove...

Страница 877: ...detail send detail Default RIPng debugging is disabled by default Mode Privileged Exec and Global Configuration Example awplus debug ipv6 rip events awplus debug ipv6 rip packet send detail awplus deb...

Страница 878: ...ormation originate IPv6 RIPng Overview Use this command to generate a default route into RIPng Use the no variant of this command to disable this feature Syntax default information originate no defaul...

Страница 879: ...metric value for all redistributed RIPng routes regardless of the original protocol that the route has been redistributed from Note this metric is not applied to routes that are brought into RIPng by...

Страница 880: ...ter Configuration Usage Filter out incoming or outgoing route updates using the prefix list If you do not specify the name of the interface the filter is applied to all the interfaces Example To filte...

Страница 881: ...f the route in the routing table Note this command only increments the metric for incoming routes on a specified interface Increasing the metric value for a VLAN interface increases the metric value o...

Страница 882: ...to the default value enter the below commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 rip metric offset 1 To increment the metric offset on the PPP interface...

Страница 883: ...ed parameter with this command includes such routes in updates but sets their metrics to infinity Thus advertising that these routes are not reachable Examples To perform split horizon with poisoned r...

Страница 884: ...System Version 5 4 7 1 x RIPNG FOR IPV6 COMMANDS IPV6 RIP SPLIT HORIZON To disable split horizon on the PPP interface ppp0 enter the below commands awplus configure terminal awplus config interface p...

Страница 885: ...on the VLAN interface vlan2 enter the below commands awplus configure terminal awplus config router ipv6 rip awplus config router exit awplus config interface vlan2 awplus config if ipv6 router rip To...

Страница 886: ...itional neighbors The passive interface IPv6 RIPng command disables sending routing updates on an interface Use the neighbor command in conjunction with the passive interface IPv6 RIPng command to sen...

Страница 887: ...his command to disable this function Syntax passive interface interface no passive interface interface Default Disabled Mode Router Configuration Examples To enable suppression of routing updates use...

Страница 888: ...et it back to the system default of 196608 bits Syntax recv buffer size 8192 2147483647 no recv buffer size 8192 2147483647 Default The RIPng UDP receive buffer size is 196608 bits by default and is r...

Страница 889: ...g metric value is set to 1 Mode Router Configuration Example To redistribute information from other routing protocols into RIPng use the following commands awplus configure terminal awplus config rout...

Страница 890: ...x length Mode Router Configuration Usage Use this command to add a static RIPng route After adding the RIPng route the route can be checked in the RIPng routing table Example To configure static RIPng...

Страница 891: ...this global command to enter Router Configuration mode to enable a RIPng routing process Use the no variant of this command to disable the RIPng routing process Syntax router ipv6 rip no router ipv6 r...

Страница 892: ...ptions of nsm debugging RIPng eventdebugging RIPng packetdebugging and RIPng nsm debugging For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature O...

Страница 893: ...x show ipv6 protocols rip Mode User Exec and Privileged Exec Example To display RIPng process parameters and statistics use the following command awplus show ipv6 protocols rip Output awplus show ipv6...

Страница 894: ...tion Guide Syntax show ipv6 rip Mode User Exec and Privileged Exec Example To display RIPng routes use the following command awplus show ipv6 rip Output Related Commands show ipv6 rip database Codes R...

Страница 895: ...ode User Exec and Privileged Exec Example To display information about the RIPng database use the following command awplus show ipv6 rip database Output Related Commands show ipv6 rip Parameter Descri...

Страница 896: ...e Syntax show ipv6 rip interface interface Mode User Exec and Privileged Exec Example To display RIPng interface information use the following command awplus show ipv6 rip interface Output Parameter D...

Страница 897: ...r is 120 seconds The no variant of this command restores the default RIPng routing timers Mode Router Configuration Example To adjust the RIPng routing network timers use the following commands awplus...

Страница 898: ...gging options use the following command awplus undebug ipv6 rip events awplus undebug ipv6 rip all awplus undebug ipv6 rip packet send awplus undebug ipv6 rip packet recv detail Related Commands debug...

Страница 899: ...t on page 902 area authentication on page 903 area filter list on page 904 area nssa on page 905 area range on page 907 area stub on page 909 area virtual link on page 910 auto cost reference bandwidt...

Страница 900: ...f hello interval on page 940 ip ospf message digest key on page 941 ip ospf mtu on page 943 ip ospf mtu ignore on page 944 ip ospf network on page 945 ip ospf priority on page 946 ip ospf resync timeo...

Страница 901: ...ospf database opaque area on page 982 show ip ospf database opaque as on page 983 show ip ospf database opaque link on page 984 show ip ospf database router on page 985 show ip ospf database summary...

Страница 902: ...A or stub area Refer to the RFC 3101 for information on NSSA Example To set the default cost to 10 in area 1 for the OSPF instance 100 use the commands awplus configure terminal awplus config router o...

Страница 903: ...e correct password may join the routing domain Give all routers that are to communicate with each other through OSPF the same authentication password Use the ip ospf authentication key command to spec...

Страница 904: ...prefix prefix list in out no area area id filter list prefix prefix list in out Mode Router Configuration Parameter Description area id The OSPF area that you are configuring the filter for Use one of...

Страница 905: ...NSSA not both The no variant of this command removes this designation Syntax area area id nssa default information originate metric no redistribution no summary translator role role no area area id n...

Страница 906: ...router area 0 0 0 51 nssa awplus config router area 3 nssa translator role candidate no redistribution default information originate metric 34 metric type 2 Related Commands area default cost role The...

Страница 907: ...function and restores default behavior Syntax area area id range ip addr prefix length advertise not advertise no area area id range ip addr prefix length Default The area range is not configured by d...

Страница 908: ...ion 5 4 7 1 x OSPF COMMANDS AREA RANGE Ensure OSPF IPv4 routes exist in the area range for advertisement before using this command Example awplus configure terminal awplus config router ospf 100 awplu...

Страница 909: ...he area default cost command The no variant of this command removes this definition Syntax area area id stub no summary no area area id stub no summary Mode Router Configuration Example awplus configu...

Страница 910: ...etransmit interval 1 3600 transmit delay 1 3600 no area area id virtual link ip addr authentication dead interval hello interval retransmit interval transmit delay Parameter Description area id The ar...

Страница 911: ...smissions The transmit delay is the time taken to transmit a link state update packet on the interface Before transmission the link state advertisements in the update packet are incremented by this am...

Страница 912: ...186 01 Rev B Command Reference for AR2050V 912 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS AREA VIRTUAL LINK Related Commands area authentication show ip ospf show ip ospf virtual...

Страница 913: ...rence bandwidth value to differentiate the costs on those links Cost is calculated by dividing the reference bandwidth Mbps by the layer 3 interface Switched Virtual Interface SVI Loopback or Ethernet...

Страница 914: ...r 1 Interface cost is 1 The auto cost reference bandwidth value should be consistent across all OSPF routers in the OSPF process Note that using the ip ospf cost command on a layer 3 interface will ov...

Страница 915: ...eed within that VLAN Syntax bandwidth bandwidth setting no bandwidth Mode Interface Configuration for a VLAN interface Example To set the bandwidth on VLAN2 to be 1 Mbps use the following commands awp...

Страница 916: ...sopaque LSAs Opaque LSAs are Type9 10and11LSAs that deliver information used by external applications Use the no variant of this command to disable opaque LSAs Syntax capability opaque no capability o...

Страница 917: ...t this is enabled Use the no variant of this command to disable OSPF Graceful Restart and restart signaling features Syntax capability restart graceful signaling no capability restart Default Graceful...

Страница 918: ...cess Overview This command clears and restarts the OSPF routing process Specify the Process ID to clear one particular OSPF process When no Process ID is specified this command clears all running OSPF...

Страница 919: ...tric of the component paths available RFC 2328 specifies a method for calculating metrics based on maximum cost It is possible that some ABRs in an area might conform to RFC 1583 and others support RF...

Страница 920: ...ommand disable OSPF debugging Use this command without parameters to disable all the options Syntax debug ospf events abr asbr lsa nssa os router vlink no debug ospf events abr asbr lsa nssa os router...

Страница 921: ...nd undebug variant of this command disable OSPF IFSM debugging Use this command without parameters to disable all the options Syntax debug ospf ifsm status events timers no debug ospf ifsm status even...

Страница 922: ...efresh Mode Privileged Exec and Global Configuration Examples awplus undebug ospf lsa refresh Output Figure 27 1 Example output from the debug ospf lsa command Related Commands terminal monitor undebu...

Страница 923: ...debug variantof this commanddisableOSPF NFSMdebugging Use this command without parameters to disable all the options Syntax debug ospf nfsm events status timers no debug ospf nfsm events status timers...

Страница 924: ...ndebug variant of this command disable OSPF NSM debugging Use this command without parameters to disable both options Syntax debug ospf nsm interface redistribute no debug ospf nsm interface redistrib...

Страница 925: ...t ls update recv send Mode Privileged Exec and Global Configuration Examples awplus debug ospf packet detail awplus debug ospf packet dd send detail awplus no debug ospf packet ls request recv detail...

Страница 926: ...ute debugging Use this command without parameters to disable all options Syntax debug ospf route ase ia install spf no debug ospf route ase ia install spf Mode Privileged Exec and Global Configuration...

Страница 927: ...ither Type 1 or 2 The default is Type 2 The no variant of this command disables this feature Syntax default information originate always metric metric metric type 1 2 route map route map no default in...

Страница 928: ...acilitates redistributing routes even with incompatible metrics If the metrics do not convert the default metric provides an alternative and enables the redistribution to continue The effect of this c...

Страница 929: ...spf 1 255 Default The default OSPF administrative distance is 110 The default Administrative Distance for each type of route intra inter or external is 110 Mode Router Configuration Usage The administ...

Страница 930: ...r intra area routes 40 for external routes use the commands awplus config router ospf 100 awplus config router distance ospf inter area 20 intra area 10 external 40 To set the administrative distance...

Страница 931: ...nabled the database exchange process is optimized by removing the LSA from the database summary list for the neighbor if the LSA instance in the database summary list is the same as or less recent tha...

Страница 932: ...ip address area area id cost 0 65535 no host ip address area area id cost 0 65535 Default By default no host entry is configured Mode Router Configuration Example awplus configure terminal awplus con...

Страница 933: ...a Simple Text password Use the ip ospf message digest key command to specify MD5 password Example In this example VLAN interface vlan2 is configured to have no authentication This will override any te...

Страница 934: ...Allneighboringrouters on the same network with the same password exchange OSPF routing data The key can be used only when authentication is enabled for an area Use the area authentication command to e...

Страница 935: ...d on PPP interface ppp0 in area 0 Note that first authentication is enabled for area 0 awplus configure terminal awplus config router ospf 100 awplus config router network 10 10 10 0 24 area 0 awplus...

Страница 936: ...terface cost indicates the overhead required to send packets across a certain VLAN interface This cost is stated in the Router LSA s link Typically the cost is inversely proportional to the bandwidth...

Страница 937: ...PP interface Usage OSPF floods new LSAs over all interfaces in an area except the interface on which the LSA arrives This redundancy ensures robust flooding However too much redundancy can waste bandw...

Страница 938: ...mmand specifying the IP address of the interface and want to remove the configuration specify the IP address no ip ospf ip address dead interval Syntax ip ospf ip address dead interval 1 65535 no ip o...

Страница 939: ...mmand and disables the processing of packets on the specific interface Use the no variant of this command to restore OSPF packet processing on a selected interface Syntax ip ospf disable all no ip osp...

Страница 940: ...address hello interval 1 65535 no ip ospf ip address hello interval Default The default interval is 10 seconds Mode Interface Configuration for a VLAN interface or a PPP interface Example The followin...

Страница 941: ...tted in duplicate one copy of the packet will be transmitted for each of the current keys This is helpful for administrators who want to change the OSPF password without disrupting communication The s...

Страница 942: ...entication on the PPP interface ppp0 when IP address has not been specified awplus configure terminal awplus config interface ppp0 awplus config if ip ospf authentication message digest awplus config...

Страница 943: ...yntax ip ospf mtu 576 65535 no ip ospf mtu Default By default OSPF uses interface MTU derived from the VLAN interface Mode Interface Configuration for a VLAN interface or a PPP interface Usage This co...

Страница 944: ...ration for a VLAN interface or a PPP interface Usage By default during the DD exchange process OSPF checks the MTU size described in the DD packets received from the neighbor If the MTU size does not...

Страница 945: ...age This command forces the interface network type to the specified type Depending on the network type OSPF changes the behavior of the packet transmission and the link description in LSAs Example The...

Страница 946: ...router with the higher router priority becomes the DR If the router priority is the same for two routers the router with the higher router ID takes precedence Only routers with nonzero router priorit...

Страница 947: ...ip ospf ip address resync timeout Mode Interface Configuration for a VLAN interface or a PPP interface Example The following exampleshows setting the OSPF resynchronization timeout value to 65 second...

Страница 948: ...ntil it receives an acknowledgment In case the router does not receive an acknowledgment during the set time the retransmit interval value it retransmits the LSA Set the retransmission interval value...

Страница 949: ...time to the age field of an update If the delay is not added the time in which the LSA transmits over the link is not considered This command is especially useful for low speed links Add transmission...

Страница 950: ...nt dd 1 65535 no max concurrent dd Mode Router Configuration Usage This command is useful when a router s performance is affected from simultaneously bringing up several OSPF adjacencies This command...

Страница 951: ...maximum number of OSPF areas is 4294967294 Mode Router Configuration Usage Use this command in router OSPF mode to specify the maximum number of OSPF areas Examples The following example sets the max...

Страница 952: ...he reduced rate at which routers continue to send hello packets when a neighboring router has become inactive Setthe poll interval to be much larger than hello interval Examples This example shows a n...

Страница 953: ...bits and consecutive 1 s as host bits Examples The following commands show the use of the network area command with OSPF multiple instance support disabled awplus configure terminal awplus config rou...

Страница 954: ...iedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS NETWORK AREA The following commands disable OSPF routing with Area ID 3 on all interfaces awplus configure terminal awplus config router o...

Страница 955: ...Type By this definition a router is considered an ABR if it has more than one area actively attached and one of them is the backbone area IBM ABR Type By this definition a router is considered an ABR...

Страница 956: ...the OSPF Graceful Restart feature and set the restart grace period Changes from the default restart grace period are displayed in the running config The restart grace period is not displayed in the r...

Страница 957: ...e OSPF restart helper while the no ospf restart helper max grace period command resets the max grace period rather than the helper policy itself Example awplus configure terminal awplus config ospf re...

Страница 958: ...13 50186 01 Rev B Command Reference for AR2050V 958 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS OSPF RESTART HELPER Related Commands ospf restart grace period restart ospf gracefu...

Страница 959: ...ss no ospf router id Mode Router Configuration Usage Configure each router with a unique router id In an OSPF router process that has active neighbors a new router id takes effect at the next reload o...

Страница 960: ...with this command if a shutdown is required if the number of LSAs exceeds the specified number Use soft with this command if a shutdown is not required but a warning message is required if the number...

Страница 961: ...s a router can receive once it is in the wait state It takes the number of seconds specified as the recover time to recover from this state Example The following example shows setting the maximum numb...

Страница 962: ...dress no passive interface interface ip address Mode Router Configuration Usage Configure an interface to be passive if you wish its connected route to be treated as an OSPF route rather than an AS ex...

Страница 963: ...e OSPF domain to generate AS external LSAs If a route map is configured by this command then that route map is used to control which routes are redistributed and can set metric and tag values on parti...

Страница 964: ...nal awplus config route map rmap2 permit 3 awplus config route map match interface vlan1 awplus config route map set metric type 1 awplus config route map exit awplus config router ospf 100 awplus con...

Страница 965: ...his command is executed the OSPF process immediately shuts down It notifies the system that OSPF has performed a graceful shutdown Routes installed by OSPF are preserved until the grace period expires...

Страница 966: ...yntax VRF lite router ospf process id vrf instance no router ospf process id Default No routing process is defined by default Mode Global Configuration Usage The process ID of OSPF is an optional para...

Страница 967: ...OSPF COMMANDS ROUTER OSPF Example VRF lite To enter Router Configuration mode to configure an existing OSPF routing process 100 for VRF instance red use the commands awplus configure terminal awplus...

Страница 968: ...ter id ip address no router id Mode Router Configuration Usage Configure each router with a unique router id In an OSPF router process that has active neighbors a new router id is used at the next rel...

Страница 969: ...currently enabled For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ospf Mode User Exe...

Страница 970: ...ip ospf 100 Parameter Description process id 0 65535 The ID of the router process for which information will be displayed If this parameter is included only the information for the specified routing p...

Страница 971: ...algorithm executed 0 times Number of LSA 0 Checksum 0x000000 Table 1 Example output from the show ip ospf command cont Table 2 Example output from the show ip ospf process id command Routing Process...

Страница 972: ...nce Route Limit The maximum number of OSPF routes which may be used for forwarding Allocate d The current total number of OSPF routes allocated in the OSPF module Visible The current number of OSPF ro...

Страница 973: ...nd output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip ospf border routers show ip ospf process id border routers Mode User Exec and Privileged...

Страница 974: ...awplus show ip ospf 721 border routers Output Figure 27 4 Example output from the show ip ospf database command Parameter Description process id 0 65535 The ID of the router process for which informa...

Страница 975: ...put from the show ip ospf database self originate command OSPF Router process 100 with ID 10 10 11 50 Router Link States Area 0 0 0 1 NSSA Link ID ADV Router Age Seq CkSum Link count 10 10 11 50 10 10...

Страница 976: ...d with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip ospf database asbr summary ip addr self originate advrouter Mode User Exec and Privileged Exec Examples awplus show ip os...

Страница 977: ...ip ospf database external 1 2 3 4 adv router 2 3 4 5 Output Figure 27 6 Example output from the show ip ospf database external self originate command Parameter Description adv router Displays all the...

Страница 978: ...base external adv router command awplus show ip ospf database external adv router 1 1 1 1 AS External Link States LS age 273 Options 0x2 E LS Type AS external LSA Link State ID 172 16 0 0 External Net...

Страница 979: ...riginate awplus show ip ospf database network 1 2 3 4 adv router 2 3 4 5 Output Figure 27 8 Example output from the show ip ospf database network command Parameter Description adv router id The router...

Страница 980: ...atabase nssa external self originate awplus show ip ospf database nssa external 1 2 3 4 adv router 2 3 4 5 Output Figure 27 9 Example output from the show ip ospf database nssa external adv router com...

Страница 981: ...ink States Area 0 0 0 0 NSSA external Link States Area 0 0 0 1 NSSA LS age 78 Options 0x0 LS Type AS NSSA LSA Link State ID 0 0 0 0 External Network Number For NSSA Advertising Router 10 10 11 50 LS S...

Страница 982: ...Privileged Exec Examples awplus show ip ospf database opaque area 1 2 3 4 self originate awplus show ip ospf database opaque area self originate awplus show ip ospf database opaque area 1 2 3 4 adv r...

Страница 983: ...and Privileged Exec Examples awplus show ip ospf database opaque as 1 2 3 4 self originate awplus show ip ospf database opaque as self originate awplus show ip ospf database opaque as 1 2 3 4 adv rou...

Страница 984: ...show ip ospf database opaque link 1 2 3 4 self originate awplus show ip ospf database opaque link self originate awplus show ip ospf database opaque link 1 2 3 4 adv router 2 3 4 5 Output Figure 27 12...

Страница 985: ...e awplus show ip ospf database router 1 2 3 4 adv router 2 3 4 5 Output Figure 27 13 Example output from the show ip ospf database router command Parameter Description adv router Displays all the LSAs...

Страница 986: ...k States Area 0 0 0 1 LS age 877 Options 0x2 E Flags 0x3 ABR ASBR LS Type router LSA Link State ID 10 10 11 50 Advertising Router 10 10 11 50 LS Seq Number 80000003 Checksum 0xee93 Length 36 Number of...

Страница 987: ...1 2 3 4 self originate awplus show ip ospf database summary self originate awplus show ip ospf database summary 1 2 3 4 adv router 2 3 4 5 Output Figure 27 14 Example output from the show ip ospf dat...

Страница 988: ...rk Number Advertising Router 10 10 11 50 LS Seq Number 80000001 Checksum 0x36ac Length 28 Network Mask 24 TOS 0 Metric 10 Summary Link States Area 0 0 0 1 LS age 1061 Options 0x2 E LS Type summary LSA...

Страница 989: ...11 50 Summary Link States Area 0 0 0 0 LS age 989 Options 0x2 E LS Type summary LSA Link State ID 10 10 11 0 summary Network Number Advertising Router 10 10 11 50 LS Seq Number 80000001 Checksum 0x36...

Страница 990: ...Example output from the show ip ospf interface command Parameter Description interface name The VLAN name for example vlan3 vlan2 is up line protocol is up Internet Address 1 1 1 1 24 Area 0 0 0 0 MT...

Страница 991: ...0 10 50 detail all Output Note that before a device enters OSPF Graceful Restart it first informs its OSPF neighbors In the show output the symbol beside the Dead Time parameter indicates that the dev...

Страница 992: ...00 00 38 Neighbor is up for 00 53 07 Database Summary List 0 Link State Request List 0 Link State Retransmission List 0 Crypt Sequence Number is 0 Thread Inactivity Timer on Thread Database Descriptio...

Страница 993: ...ospf route Output Figure 27 21 Example output from the show ip ospf route command for a specific process Parameter Description ospf id 0 65535 The ID of the router process for which information will b...

Страница 994: ...c Examples To display virtual link information use the command awplus show ip ospf virtual links Output Figure 27 22 Example output from the show ip ospf virtual links command Virtual Link VLINK0 to r...

Страница 995: ...e User Exec and Privileged Exec Examples To display OSPF process parameters and statistics use the command awplus show ip protocols ospf Output Figure 27 23 Example output from the show ip protocols o...

Страница 996: ...route individually in an external LSA Use the summary address command to advertise one summary route for all redistributed routes covered by a specified network address and mask This helps decrease t...

Страница 997: ...e calculation of the Shortest Path First SPF Examples To set the minimum delay time to 5 milliseconds and maximum delay time to 10 milliseconds use the commands awplus configure terminal awplus config...

Страница 998: ...ommand Reference for AR2050V 998 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF EVENTS undebug ospf events Overview This command applies the functionality of the no debu...

Страница 999: ...B Command Reference for AR2050V 999 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF IFSM undebug ospf ifsm Overview This command applies the functionality of the no debug...

Страница 1000: ...B Command Reference for AR2050V 1000 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF LSA undebug ospf lsa Overview This command applies the functionality of the no debug...

Страница 1001: ...Command Reference for AR2050V 1001 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF NFSM undebug ospf nfsm Overview This command applies the functionality of the no debug...

Страница 1002: ...B Command Reference for AR2050V 1002 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF NSM undebug ospf nsm Overview This command applies the functionality of the no debug...

Страница 1003: ...mmand Reference for AR2050V 1003 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF PACKET undebug ospf packet Overview This command applies the functionality of the no debu...

Страница 1004: ...Command Reference for AR2050V 1004 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF ROUTE undebug ospf route Overview This command applies the functionality of the no debu...

Страница 1005: ...n page 1011 area encryption ipsec spi esp on page 1012 area range IPv6 OSPF on page 1015 area stub IPv6 OSPF on page 1017 area virtual link IPv6 OSPF on page 1018 area virtual link authentication ipse...

Страница 1006: ...5 max concurrent dd IPv6 OSPF on page 1057 passive interface IPv6 OSPF on page 1058 redistribute IPv6 OSPF on page 1059 restart ipv6 ospf graceful on page 1061 router ipv6 ospf on page 1062 router id...

Страница 1007: ...ry address IPv6 OSPF on page 1089 timers spf IPv6 OSPF deprecated on page 1091 timers spf exp IPv6 OSPF on page 1092 undebug ipv6 ospf events on page 1093 undebug ipv6 ospf ifsm on page 1094 undebug i...

Страница 1008: ...r is considered an ABR if it has more than one area actively attached and one of them is the backbone area IBM ABR Type By this definition a router is considered an ABR if it has more than one area ac...

Страница 1009: ...ink interfaces Use the sha1 keyword to choose SHA 1 authentication instead of entering the md5 keyword to use MD5 authentication The SHA 1 algorithm is more secure than the MD5 algorithm SHA 1 uses a...

Страница 1010: ...rtofarea authentication not being authenticated So neighbors time out Example To enable MD5 authentication with a 32 hexadecimal character key for OPSPF area 1 use the commands awplus configure termin...

Страница 1011: ...rea border router that is attached to the stub area Example To set the default cost to 10 in area 1 for the OSPF process P2 use the commands awplus configure terminal awplus config router ipv6 ospf P2...

Страница 1012: ...ecimal format Use one of the following formats ip addr OSPF area ID expressed in IPv4 address format A B C D 0 4294967295 OSPF area ID expressed as a decimal number within the range shown For example...

Страница 1013: ...uthentication See the OSPFv3 Feature Overview and Configuration Guide for more information and examples NOTE You can configure an encryption security policy SPI on an OSPFv3 area with this command or...

Страница 1014: ...ESP encryption with a 32 hexadecimal character AES CBC key and a 40 hexadecimal character SHA 1 authentication key for OPSPF area 1 use the commands awplus configure terminal awplus config router ipv6...

Страница 1015: ...tores default behavior Syntax area area id range ipv6address prefix length advertise not advertise no area area id range ipv6address prefix length Default The area range is not configured by default T...

Страница 1016: ...ing System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS AREA RANGE IPV6 OSPF Ensure OSPFv3 IPv6 routes exist in the area range for advertisement before using this command Example awplus configure termin...

Страница 1017: ...ll routers attached to the stub area configure the area by using the area stub command For an area border router ABR attached to the stub area also use the area default cost command Example awplus con...

Страница 1018: ...al retransmit interval transmit delay Parameter Description area id The area ID of the transit area that the virtual link passes through This can be entered in either dotted decimal format or normal d...

Страница 1019: ...detectingtopologicalchanges faster but also an increase in the routing traffic The retransmit interval is the expected round trip delay between any two routersin anetwork Setthevaluetobegreaterthanthe...

Страница 1020: ...r Description area id The OSPF area that you are specifying the summary route default cost for This can be entered in either dotted decimal format or normal decimal format Use one of the following for...

Страница 1021: ...PFv3 Feature Overview and Configuration Guide for more information and examples Example To enable MD5 authentication with a 32 hexadecimal character key for virtual links in OPSPF area 1 use the comma...

Страница 1022: ...mat or normal decimal format Use one of the following formats ip addr OSPF area ID expressed in IPv4 address format A B C D 0 4294967295 OSPF area ID expressed as a decimal number within the range sho...

Страница 1023: ...iguration If an interface configuration is removed then an area configuration is applied to an interface instead Use the sha1 keyword to choose SHA 1 authentication instead of entering the md5 keyword...

Страница 1024: ...ter ipv6 ospf awplus config router area 1 virtual link 10 0 0 1 encryption ipsec spi 1000 esp aes cbc 1234567890ABCDEF1234567890ABCDEF sha1 1234567890ABCDEF1234567890ABCDEF12345678 To enable ESP encry...

Страница 1025: ...a larger reference bandwidth value to differentiate the costs on those links Cost is calculated by dividing the reference bandwidth Mbps by the layer 3 interface Switched Virtual Interface SVI Loopba...

Страница 1026: ...integer 1 Interface cost is 1 The auto cost reference bandwidth value should be consistent across all OSPF routers in the OSPF process Note that using the ipv6 ospf cost command on a layer 3 interfac...

Страница 1027: ...ort speed within that VLAN Syntax bandwidth bandwidth setting no bandwidth Mode Interface Configuration for a VLAN interface Example To set the bandwidth on VLAN2 to be 1 Mbps use the following comman...

Страница 1028: ...process Overview This command clears and restarts the IPv6 OSPF routing process Specify the Process ID to clear one particular OSPF process When no Process ID is specified this command clears all runn...

Страница 1029: ...variants of this command disable OSPF debugging Using this command with no parameters entered will disable debugging for all parameter options Syntax debug ipv6 ospf events abr asbr os router vlink no...

Страница 1030: ...s of this command disable IPv6 OSPF IFSM debugging Use these commands without parameters to disable all the options Syntax debug ipv6 ospf ifsm events status timers no debug ipv6 ospf ifsm events stat...

Страница 1031: ...nts of this command disable IPv6 OSPF LSA debugging Use this command without parameters to disable all the options Syntax debug ipv6 ospf lsa flooding generate install maxage refresh no debug ipv6 osp...

Страница 1032: ...iants of this command disable IPv6 OSPF NFSM debugging Use this command without parameters to disable all the options Syntax debug ipv6 ospf nfsm events status timers no debug ipv6 ospf nfsm events st...

Страница 1033: ...ospf packet dd detail hello ls ack ls request ls update recv send Mode Privileged Exec and Global Configuration Examples To enable debugging for hello packets use the following command awplus debug i...

Страница 1034: ...parameters to disable all options Syntax debug ipv6 ospf route ase ia install spf no debug ipv6 ospf route ase ia install spf Mode Privileged Exec and Global Configuration Examples To enable IPv6 rou...

Страница 1035: ...d be either Type 1 or 2 The default is Type 2 The no variant of this command disables this feature Syntax default information originate always metric metric metric type 1 2 route map route map no defa...

Страница 1036: ...e A default metric facilitates redistributing routes even with incompatible metrics If the metrics do not convert the default metric provides an alternative and enables theredistributionto continue Th...

Страница 1037: ...ea 1 254 no distance ospfv3 1 254 Default The default OSPFv3 administrative distance is 110 The default Administrative Distance for each type of route intra inter or external is 110 Mode Router Config...

Страница 1038: ...routes 10 for intra area routes 40 for external routes use the commands awplus config router ipv6 ospf 100 awplus config router distance ospfv3 inter area 20 intra area 10 external 40 To set the admi...

Страница 1039: ...d to choose SHA 1 authentication instead of entering the md5 keyword to use MD5 authentication The SHA 1 algorithm is more secure than the MD5 algorithm SHA 1 uses a 40 hexadecimal character key inste...

Страница 1040: ...area ThisisduetoOSPFv3hellomessagesingressingVLANinterfaces whicharepartofarea authentication not being authenticated So neighbors time out Example To enable MD5 authentication with a 32 hexadecimal...

Страница 1041: ...rface Using this command overrides the cost value calculated automatically with the auto cost reference bandwidth IPv6 OSPF feature The link state metric cost is stated in the Router LSA s link Typica...

Страница 1042: ...Command Reference for AR2050V 1042 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS IPV6 OSPF COST Related Commands show ipv6 ospf interface auto cost reference bandwidth I...

Страница 1043: ...iant of this command returns the interval to the default of 40 seconds Syntax ipv6 ospf dead interval 1 65535 inst id no ipv6 ospf dead interval Mode Interface Configuration for a VLAN interface or In...

Страница 1044: ...ne Overview Use this command to change the result of the show ipv6 route command to display each route entry on a single line Syntax ipv6 ospf display route single line no ipv6 ospf display route sing...

Страница 1045: ...alue on all interfaces that connect to the same link SPI values are used by link interfaces Use a different SPI value for a different link interface when using OSPFv3 with link interfaces Parameter De...

Страница 1046: ...re an encryption security policy SPI on a VLAN interface with this command or an OSPFv3 area with the area encryption ipsec spi esp command When you configure encryption for an area the security polic...

Страница 1047: ...imal character key and SHA 1 authentication with a 40 hexadecimal character key for interface VLAN 2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 ospf...

Страница 1048: ...seconds Syntax ipv6 ospf hello interval 1 65535 no ipv6 ospf hello interval Default The default interval is 10 seconds Mode Interface Configuration for a VLAN interface or Interface Configuration for...

Страница 1049: ...neighbor s primary IPv6 address on the interface where that neighbor connects to the NBMA network The poll interval is the reduced rate at which routers continue to send hello packets when a neighbori...

Страница 1050: ...IGHBOR Examples This example shows a neighbor configured with a priority value poll interval time and cost awplus configure terminal awplus config interface eth1 awplus config if ipv6 ospf neighbor fe...

Страница 1051: ...for a PPP interface Usage This command forces the interface network type to the specified type Depending on the network type OSPF changes the behavior of the packet transmission and the link descripti...

Страница 1052: ...the DR the router with the higher router priority becomes the DR If the router priority is the same for two routers the router with the higher router ID takes precedence Routers with zero router prio...

Страница 1053: ...ighbor the router keeps the LSA until it receives an acknowledgment In case the router does not receive an acknowledgment during the set time the retransmit interval value it retransmits the LSA Set t...

Страница 1054: ...lay value adds a specified time to the age field of an update If the delay is not added the time in which the LSA transmits over the link is not considered This command is especially useful for low sp...

Страница 1055: ...al See the OSPFv3 Feature Overview and Configuration Guide for more information and examples Examples The following commands enable IPv6 OSPF on VLAN interface vlan2 OSPF area 1 tag PT2 and instance 2...

Страница 1056: ...lus config interface vlan2 awplus config if no ipv6 router ospf area 1 The following commands enable IPv6 OSPF on PPP interface ppp0 OSPF area 1 tag PT2 and instance 2 awplus configure terminal awplus...

Страница 1057: ...number of LSAs Syntax max concurrent dd max neighbors no max concurrent dd Mode Router Configuration Usage This command is useful where bringing up several adjacencies on a router is affecting perform...

Страница 1058: ...ration Usage Configure an interface to be passive if you wish its connected route to be treated as an OSPF route rather than an AS external route but do not wish to actually exchange any OSPF packets...

Страница 1059: ...which routes are redistributed and can set metric and tag values on particular routes The metric metric type and tag values specified on this command are applied to any redistributed routes that are n...

Страница 1060: ...FV3 FOR IPV6 COMMANDS REDISTRIBUTE IPV6 OSPF Example The following example shows the redistribution of RIP routes into the IPv6 OSPF routing table with a metric of 10 and a metric type of 1 awplus con...

Страница 1061: ...grace period is 120 seconds Mode Privileged Exec Usage After this command is executed the OSPFv3 process immediately shuts down It notifies the system that OSPF has performed a graceful shutdown Route...

Страница 1062: ...d LSAs issued from each process will appear as if coming from a separate physical router To a large extent the requirement for multiple processes has been replaced by the ability within IPv6 OSPF of r...

Страница 1063: ...r id router id no router id Mode Router Configuration Usage Configure each router with a unique router id In an IPv6 OSPF router process that has active neighbors a new router id takes effect at the n...

Страница 1064: ...mmand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ipv6 ospf Mode User Exec and Privileged Exec Example awplus show debugging ipv6...

Страница 1065: ...For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 ospf show ipv6 ospf process id Mode User...

Страница 1066: ...ernal 0 Route Licence Breach Current 0 Watermark 0 Process uptime is 6 minutes Current grace period is 120 secs default SPF schedule delay min 0 500 secs SPF schedule delay max 50 0 secs Minimum LSA i...

Страница 1067: ...er adv router id Mode User Exec and Privileged Exec Example To display the database summary for IPv6 OSPF information on process P10 use the command awplus show ipv6 ospf P10 database Output Figure 28...

Страница 1068: ...1 2 979 0x800000d8 0xad2b 1 0 0 0 0 0 0 1 3 1005 0x800000cf 0xefed 1 Network LSA Area 0 0 0 0 Link State ID ADV Router Age Seq CkSum 0 0 0 202 0 0 1 2 1764 0x800000c2 0x94c3 0 0 0 203 0 0 1 3 1010 0x8...

Страница 1069: ...formation about the external LSAs use the following command awplus show ipv6 ospf database external adv router 10 10 10 1 Output Figure 28 4 Example output from the show ipv6 ospf database external co...

Страница 1070: ...ormation about the grace LSAs use the following command awplus show ipv6 ospf database grace adv router 10 10 10 1 Output Figure 28 5 Example output from the show ipv6 ospf database grace command Para...

Страница 1071: ...y information about the inter prefix LSAs use the following command awplus show ipv6 ospf database external adv router 10 10 10 1 Output Figure 28 6 Example output from the show ipv6 ospf database int...

Страница 1072: ...information about the inter router LSAs use the following command awplus show ipv6 ospf database inter router adv router 10 10 10 1 Output Figure 28 7 Example output from the show ipv6 ospf database i...

Страница 1073: ...information about the intra prefix LSAs use the following command awplus show ipv6 ospf database intra prefix adv router 10 10 10 1 Output Figure 28 8 Example output from the show ipv6 ospf database i...

Страница 1074: ...rmation about the link LSAs use the following command awplus show ipv6 ospf database link adv router 10 10 10 1 Output Figure 28 9 Example output from the show ipv6 ospf database link command Paramete...

Страница 1075: ...xec and Privileged Exec Examples To display information about the OSPFv3 network LSAs use the following command awplus show ipv6 ospf database network Output Figure 28 10 Example output from the show...

Страница 1076: ...tem Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS SHOW IPV6 OSPF DATABASE NETWORK LS age 1144 LS Type Network LSA Link State ID 0 0 0 203 Advertising Router 0 0 1 3 LS Seq Number 0x800000C4 Checksum 0x8A...

Страница 1077: ...router id Mode User Exec and Privileged Exec Examples To display information about the OSPFv3 router LSAs use the following command awplus show ipv6 ospf database router Output Figure 28 11 Example ou...

Страница 1078: ...Type Router LSA Link State ID 0 0 0 0 Advertising Router 0 0 1 2 LS Seq Number 0x800000D5 Checksum 0xB328 Length 40 Flags 0x00 Options 0x000013 R E V6 Link connected to a Transit Network Metric 1 Int...

Страница 1079: ...0 1 1 LS Seq Number 0x80000009 Checksum 0xD696 Length 52 Metric Type 2 Larger than any link state path Metric 20 Prefix 2011 2222 64 Prefix Options 0 Forwarding Address 2003 1111 1 LS age 1384 LS Type...

Страница 1080: ...0 1 1 LS Seq Number 0x8000000C Checksum 0xD295 Length 52 Metric Type 2 Larger than any link state path Metric 20 Prefix 2012 2222 64 Prefix Options 0 Forwarding Address 2003 1111 1 LS age 1087 LS Type...

Страница 1081: ...3 FOR IPV6 COMMANDS SHOW IPV6 OSPF DATABASE ROUTER LS age 1087 LS Type AS External LSA Link State ID 0 0 0 18 Advertising Router 0 0 1 1 LS Seq Number 0x8000000C Checksum 0xD889 Length 52 Metric Type...

Страница 1082: ...m the show ipv6 ospf interface command showing OSPFv3 Authentication configuration information highlighted in bold Parameter Description interface name An alphanumeric string that is the interface nam...

Страница 1083: ...pf interface vlan3 vlan3 is up line protocol is up Interface ID 203 IPv6 Prefixes fe80 200 cdff fe24 daae 64 Link Local Address 2003 1111 2 64 OSPFv3 Process P1 Area 0 0 0 0 Instance ID 0 Router ID 0...

Страница 1084: ...iguration Guide Syntax show ipv6 ospf process id neighbor neighbor id show ipv6 ospf process id neighbor detail show ipv6 ospf process id neighbor interface detail Mode User Exec and Privileged Exec E...

Страница 1085: ...show ipv6 ospf neighbor detail awplus show ipv6 ospf neighbor detail Neighbor 0 0 1 2 interface address fe80 215 77ff fec9 7472 In the area 0 0 0 0 via interface vlan2 Neighbor priority is 1 State is...

Страница 1086: ...the OSPF routing table for specified processes For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show...

Страница 1087: ...E2 OSPF external type 2 Destination Metric Next hop O 2002 1111 64 2 via fe80 200 cdff fe24 daae vlan3 Area 0 0 0 0 C 2003 1111 64 1 directly connected vlan3 Area 0 0 0 0 O 2004 1111 64 3 via fe80 200...

Страница 1088: ...erview and Configuration Guide for more information and examples Examples To display virtual link information use the command awplus show ipv6 ospf virtual links Output Figure 28 17 Example output fro...

Страница 1089: ...requires the router to advertise each route individually in an external LSA Use this command to advertise one summary route for all redistributed routes covered by a specified prefix to decrease the s...

Страница 1090: ...hat match the IPv6 prefix 2001 0db8 32 and assigns a tag value of 3 awplus configure terminal awplus config router ipv6 ospf awplus config router summary address 2001 0db8 32 tag 3 The following examp...

Страница 1091: ...5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS TIMERS SPF IPV6 OSPF DEPRECATED timers spf IPv6 OSPF deprecated Overview This command has been deprecated because SPF timers have been replaced by exponential SPF ti...

Страница 1092: ...and triggers a new SPF run before the last SPF holdtimer has finished The time between runs may increase up to the max holdtime value This increase in holdtime prevents too many SPF runs from occurrin...

Страница 1093: ...ce for AR2050V 1093 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF EVENTS undebug ipv6 ospf events Overview This command applies the functionality of the...

Страница 1094: ...rence for AR2050V 1094 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF IFSM undebug ipv6 ospf ifsm Overview This command applies the functionality of the...

Страница 1095: ...ference for AR2050V 1095 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF LSA undebug ipv6 ospf lsa Overview This command applies the functionality of the...

Страница 1096: ...rence for AR2050V 1096 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF NFSM undebug ipv6 ospf nfsm Overview This command applies the functionality of the...

Страница 1097: ...ce for AR2050V 1097 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF PACKET undebug ipv6 ospf packet Overview This command applies the functionality of the...

Страница 1098: ...ence for AR2050V 1098 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF ROUTE undebug ipv6 ospf route Overview This command applies the functionality of the...

Страница 1099: ...e address on page 1107 auto summary BGP only on page 1110 bgp aggregate nexthop check on page 1111 bgp always compare med on page 1112 bgp bestpath as path ignore on page 1113 bgp bestpath compare con...

Страница 1100: ...BGP only on page 1147 bgp router id on page 1148 bgp scan time BGP only on page 1149 bgp update delay on page 1150 clear bgp on page 1151 clear bgp IPv4 or IPv6 address on page 1152 clear bgp ASN on...

Страница 1101: ...r advertisement interval on page 1196 neighbor allowas in on page 1199 neighbor as origination interval on page 1202 neighbor attribute unchanged on page 1204 neighbor capability graceful restart on p...

Страница 1102: ...neighbor soft reconfiguration inbound on page 1282 neighbor timers on page 1285 neighbor transparent as on page 1288 neighbor transparent nexthop on page 1290 neighbor unsuppress map on page 1292 nei...

Страница 1103: ...ge 1340 show ip bgp community BGP only on page 1341 show ip bgp community info BGP only on page 1343 show ip bgp community list BGP only on page 1344 show ip bgp dampening BGP only on page 1345 show i...

Страница 1104: ...ow ip bgp scan BGP only on page 1369 show ip bgp summary BGP only on page 1370 show ip community list on page 1372 show ip extcommunity list on page 1373 show ip prefix list IPv4 Prefix List on page 1...

Страница 1105: ...nicast Mode BGP Router Configuration Mode BGP4 Router Configuration Usage To leave the IPv4 or IPv6 Address Family Configuration mode and return to the Router Configuration mode use the exit address f...

Страница 1106: ...nfigure terminal awplus config router bgp 100 awplus config router neighbor 2001 0db8 010d 1 remote as 100 awplus config router address family ipv6 awplus config router af neighbor 2001 0db8 010d 1 ac...

Страница 1107: ...addr prefix length summary only as set no aggregate address ipv6 addr prefix length summary only as set Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 IPv6 Address Famil...

Страница 1108: ...with the aggregate Usage BGP4 If the summary only parameter is specified then only the aggregate address mask will be advertised and none of the component addresses that fall within the range of the a...

Страница 1109: ...terminal awplus config router bgp 100 awplus config router address family ipv6 awplus config router af aggregate address 2001 0db8 64 as set summary only awplus configure terminal awplus config router...

Страница 1110: ...withdrawn from all connected peers If certain routes have already been advertised disabling auto summary results in summarized routes being withdrawn and only non summarized routes are advertised Non...

Страница 1111: ...summary only option will only suppress the component routes if those component routes all have the same next hop If the routes have different next hops then they will continue to be advertised to pee...

Страница 1112: ...ed 300 Route2 as path 200 med 200 Route3 as path 400 med 250 Route1 is compared to Route2 Route2 is best of the two lower MED Next Route2 is compared to Route3 and Route2 is chosen best path again low...

Страница 1113: ...ng as path as a factor in the algorithm for choosing a route The no variant of this command allows the router to consider as path in choosing a route Syntax bgp bestpath as path ignore no bgp bestpath...

Страница 1114: ...efault if BGP receives routes with identical eBGP paths from eBGP peers BGP does not continue to consider any AS confederation path length attributes that may be associated with the routes The no vari...

Страница 1115: ...to include router ID in the selection process similar routes are compared and the route with the lowest router ID is selected The no variant of this command disables this feature and returns the devic...

Страница 1116: ...MED value is not compared with Path3 since it is not in the confederation MED is compared for Path1 and Path2 only Path1 32000 32004 med 4 Path2 32001 32004 med 2 Path3 32003 1 med 1 The effect of th...

Страница 1117: ...B Command Reference for AR2050V 1117 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS BGP BESTPATH MED Related Commands bgp always compare med bgp bestpath as path ignore bgp...

Страница 1118: ...end MED attributes in the update messages to its peers unless specified not to by the bgp bestpath med remove send med command Use the no variant of this command to disable this feature Syntax bgp bes...

Страница 1119: ...received from other peers during the decision and route selection process unless specified not to by the bgp bestpath med remove recv med command Use the no variant of this command to disable this fea...

Страница 1120: ...he route reflector is not required use the no variant of this command to disable the client to client route reflection When a router is configured as a route reflector client to client reflection is e...

Страница 1121: ...e cluster ID Syntax bgp cluster id ip address cluster id no bgp cluster id Mode Router Configuration Usage The following configuration creates cluster id 5 including two route reflector clients awplus...

Страница 1122: ...DS BGP CLUSTER ID To remove a bgp cluster id apply the example commands as shown below awplus configure terminal awplus config router bgp 100 awplus config router no bgp cluster id 10 10 1 1 Related C...

Страница 1123: ...s all BGP confederation identifiers Syntax bgp confederation identifier 1 4294967295 no bgp confederation identifier Mode Router Configuration Examples awplus configure terminal awplus config router b...

Страница 1124: ...rs 1 4294967295 Mode Router Configuration Usage In the following configuration of Router 1 the neighbor 172 210 30 2 and 172 210 20 1 have iBGP connection within AS 100 The neighbor 173 213 30 1 has a...

Страница 1125: ...AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS BGP CONFEDERATION PEERS Example awplus configure terminal awplus config router bgp 100 awplus config router bgp confederation p...

Страница 1126: ...he change to take effect When your device reloads it will load with the standard BGP settings commonly used by most vendors Apply the standard type configuration if you have interoperability issues Ex...

Страница 1127: ...E To specify the enhanced BGP configuration type enter the following commands awplus configure terminal awplus config bgp config type enhanced To restore the default BGP configuration type enhanced en...

Страница 1128: ...pening route map routemap name Mode BGP Router Configuration Parameter Description reachtime 1 45 Specifies the reachability half life time in minutes The time for the penalty to decrease to one half...

Страница 1129: ...ment of the route is suppressed This penalty is decayed according to the configured half time value Once the penalty is lower than the reuse limit the route advertisement is un suppressed The dampenin...

Страница 1130: ...ixed During this time BGP can quickly cycle through the state machine from Idle through the various Connect states which can result in large numbers of TCP sessions being opened in a short period of t...

Страница 1131: ...ion The BGP routing process will no longer exchange IPv4 addressing information with BGP neighbor routers Note that disabling the exchange of IPv4 prefixes will also enable an IPv6 only BGP4 network S...

Страница 1132: ...the routes it sends The preference is sent to all routers and access servers in the local autonomous system The no variant of this command reverts to the default local preference value of 100 Syntax b...

Страница 1133: ...ordered according to their MED values and the best routes of each group are compared The main benefit of this is that the choice of best route then does not depend on theorder inwhich therouteshappene...

Страница 1134: ...S should have BGP deterministic MED disabled with no bgp deterministic med In the example above the MED values were not considered when comparing the winners of the two groups the best routes from the...

Страница 1135: ...command to disable this feature Syntax bgp enforce first as no bgp enforce first as Mode Router Configuration Usage This command specifies that any updates received from an external neighbor that do n...

Страница 1136: ...rview Use this command to reset a BGP session immediately if the interface used for BGP connection goes down Use the no variant of this command to disable this feature Syntax bgp fast external failove...

Страница 1137: ...This restart time value is applied to neighbors unless you explicitly override it by configuring the corresponding value on the neighbor The stalepath time parameter is used to set the maximum time to...

Страница 1138: ...seconds use the commands awplus configure terminal awplus config router bgp 10 awplus config router bgp graceful restart restart time 150 To return the restart time to its default of 120 seconds use...

Страница 1139: ...The bgp graceful restart command must be enabled before this command is enabled All events that cause BGP peer reset including all session reset commands can trigger graceful restart Example To enable...

Страница 1140: ...wever these commands create a significant hit in the logging performance If you need to log neighbor status changes only we recommend turning off all the debug commands and then use this command To se...

Страница 1141: ...GP4 COMMANDS BGP LOG NEIGHBOR CHANGES Remote AS changed RR client configuration modification Soft reconfiguration modification Example To enable the logging of BGP status changes without using the deb...

Страница 1142: ...processes are allocated the maximum percentage of 100 of the device s available RAM memory by default Note only non default BGP memory allocation values are shown in the running or startup configurati...

Страница 1143: ...ount Mode Router Configuration Example Toenablenext hop trackingstatusontheBGPpeerbelongingtotheAutonomous System AS 100 enter the following commands awplus configure terminal awplus config router bgp...

Страница 1144: ...seconds Mode Global Configuration Usage This command configures the delay interval between routing table waits for next hop delay tracking The delay interval determines how long BGP waits after it re...

Страница 1145: ...ixes directly to the BGP process This improves the overall BGP convergence time by allowing BGP to respond rapidly to next hop changes for routes installed in the RIB If next hop tracking is enabled a...

Страница 1146: ...th select BGP only Overview Use this command to set the RFC1771 compatible path selection mechanism Use the no variant of this command to revert this setting Syntax bgp rfc1771 path select no bgp rfc1...

Страница 1147: ...P RFC1771 STRICT BGP ONLY bgp rfc1771 strict BGP only Overview Use this command to set the Strict RFC1771 setting Use the no variant of this command to revert this setting Syntax bgp rfc1771 strict no...

Страница 1148: ...nt interface will not use that eth interface s IP address as a router ID Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Usage Use the bgp router id c...

Страница 1149: ...tax bgp scan time time no bgp scan time time Default The default scanning interval is 60 seconds Mode Router Configuration Usage Use this command to configure scanning intervals of BGP routers This in...

Страница 1150: ...e is 120 seconds Mode Router Configuration Usage The update delay value is the maximum time a graceful restart capable router which is restarting will defer route selection and advertisements to all i...

Страница 1151: ...those neighbors with which the ORF capability has been negotiated The neighbors will be triggered to resend updates which match the prefix list filter to the local router The local router will then p...

Страница 1152: ...e IPv6 address of the neighbor whose connection is to be reset entered in hexadecimal in the format X X X X in Indicates that incoming advertised routes will be cleared prefix filter Specifies that a...

Страница 1153: ...awplus clear bgp 2 2 2 2 out Example VRF lite To apply the above example to clear the BGP connection to peer at IP address 192 0 2 11 for the VRF instance blue use the following commands awplus clear...

Страница 1154: ...ilter Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has been negotiated The neighbors will be triggered to resend updates which match...

Страница 1155: ...RF mechanism to those neighbors with which the ORF capability has been negotiated The neighbors will be triggered to resend updates which match the prefix list filter to the local router The local rou...

Страница 1156: ...a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has been negotiated The neighbors will be triggered to resend updates which match the prefix list filte...

Страница 1157: ...routes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has been negotiated The neighbors will be triggered...

Страница 1158: ...P BGP ONLY Examples To clear all BGP peers use the command awplus clear ip bgp Example VRF lite To clear all BGP peers in VRF instance red use the command awplus clear ip bgp vrf red To clear all outb...

Страница 1159: ...r Description ipv4 addr Specifies the IPv4 address of the neighbor whose connection is to be reset entered in the form A B C D in Indicates that incoming advertised routes will be cleared prefix filte...

Страница 1160: ...tax clear ip bgp dampening ip address ip address m Mode Privileged Exec Examples awplus clear ip bgp dampening 10 10 0 121 Parameter Description ip address Specifies the IPv4 address for which BGP dam...

Страница 1161: ...prefixes Syntax clear ip bgp flap statistics ip address ip address m Mode Privileged Exec Examples awplus clear ip bgp flap statistics 10 10 0 121 Parameter Description ip address Specifies the IPv4 a...

Страница 1162: ...in Indicates that incoming advertised routes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has been nego...

Страница 1163: ...ng advertised routes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has been negotiated The neighbors wil...

Страница 1164: ...peers Configure parameters relating to the BGP exchange of IPv4 prefixes in Indicates that incoming advertised routes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF...

Страница 1165: ...ters relating to the BGP4 exchange of IPv6 prefixes in Indicates that incoming advertised routes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF mechanism to those n...

Страница 1166: ...pv6 dampening ipv6 addr ipv6 addr prefix length Mode Privileged Exec Examples awplus clear bgp ipv6 dampening 2001 0db8 010d 1 awplus clear bgp ipv6 dampening 2001 0db8 64 Parameter Description ipv6 a...

Страница 1167: ...ddr prefix length Mode Privileged Exec Examples awplus clear bgp ipv6 flap statistics 2001 0db8 010d 1 awplus clear bgp ipv6 flap statistics 2001 0db8 64 Parameter Description ipv6 addr Specifies the...

Страница 1168: ...ch all routes will be cleared in Indicates that incoming advertised routes will be cleared prefix filte r Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which t...

Страница 1169: ...l peers in Indicates that incoming advertised routes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has b...

Страница 1170: ...to the BGP4 exchange of IPv6 prefixes in Indicates that incoming advertised routes will be cleared prefix filte r Specifies that a prefix list will be sent by the ORF mechanism to those neighbors wit...

Страница 1171: ...e If the command is entered with no parameters then all debug options are enabled Examples awplus debug bgp awplus debug bgp events awplus debug bgp nht awplus debug bgp updates in Related Commands sh...

Страница 1172: ...ce bgp ebgp ibgp local no distance 1 255 ip address m no distance bgp ebgp ibgp local Mode BGP Router Configuration Mode BGP4 IPv6 Address Family Configuration Usage You can use this command to set th...

Страница 1173: ...awplus config router distance 1 255 ip address m listname If the administrative distance is changed it could create inconsistency in the routing table and obstruct routing Example BGP4 For BGP4 IPv6...

Страница 1174: ...us config router address family ipv4 awplus config router af exit address family awplus config router Example VRF lite To enter and then exit IPv4 Address Family Configuration mode for VRF instance re...

Страница 1175: ...list defines the communities attributes with regular expressions The standard community list is compiled into binary format and is directly compared with the BGP communities attribute in the BGP updat...

Страница 1176: ...Command Reference for AR2050V 1176 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS IP COMMUNITY LIST Related Commands ip community list standard ip community list expanded sho...

Страница 1177: ...y list number expanded Specifies an expanded community list expanded listname Expanded community list entry deny Specifies community to reject permit Specifies community to accept line Specifies commu...

Страница 1178: ...the community attributes explicitly and not via a regular expression An expanded community list defines the communities attributes with regular expressions The standard community list is compiled int...

Страница 1179: ...munity list defines the community attributes as explicit values without regular expressions The expanded community list defines the communities attributes with regular expressions The standard communi...

Страница 1180: ...RD that does not match the standard community value is automatically treated as expanded Examples awplus configure terminal awplus config ip community list standard CLIST permit 7675 80 7675 90 no exp...

Страница 1181: ...munity list expanded expanded listname Regular expressions listed below are used with the ip extcommunity list expanded command Parameter Description 100 199 Expanded extcommunity list number expanded...

Страница 1182: ...ated Commands ip extcommunity list standard show ip extcommunity list Period Used to match a single character white spaces included Asterisk Used to match none or more sequences of a pattern Plus sign...

Страница 1183: ...l Configuration Parameter Description 1 99 Standard extcommunity list number standard Specifies a standard extended community list standard listname Standard extended community list entry deny Specifi...

Страница 1184: ...onfigure terminal awplus config ip extcommunity list 36 permit rt 5675 50 awplus config ip extcommunity list standard CLIST permit soo 7645 70 awplus configure terminal awplus config ip extcommunity l...

Страница 1185: ...ed in a sequence of 5 The parameters ge and le specify the range of the prefix lengths to be matched When setting these parameters set the levalueto be less than 32 and the gevalue to be less than or...

Страница 1186: ...t command denies the IP network 76 2 2 0 awplus config router bgp 100 awplus config router network 172 1 1 0 awplus config router network 172 1 2 0 awplus config router neighbor 10 6 5 3 remote as 300...

Страница 1187: ...5 The parameters ge and le specify the range of the prefix lengths to be matched The parameters ge and le are only used if an ip prefix is stated When setting these parameters set the le value to be...

Страница 1188: ...xample To check the first 32 bits of the prefix 2001 db8 and the subnet mask must be greater than or equal to 34 and less than or equal to 40 enter the following commands awplus configure terminal awp...

Страница 1189: ...ify an action of deny or permit The action in the AS path access list determines whether the route map checks update messages for a given AS path value The route map action and its set clauses determi...

Страница 1190: ...n action of deny or permit Theactioninthecommunitylistdetermines whethertheroutemapchecks update messages for a given community value The route map action and its set clauses determine what the route...

Страница 1191: ...ry 3 to the route map called myroute which will process update messages if they contain the community values that are included in mylist use the commands awplus configure terminal awplus config route...

Страница 1192: ...he forwarding path Use the no variant of this command to disable this feature Syntax max paths ebgp ibgp 2 64 no max paths ebgp 2 64 no max paths ibgp 2 64 Mode Global Configuration Usage This command...

Страница 1193: ...up This command only enables the exchange of information You can establish peering without this command but no prefixes and other information is sent until you apply this command to the neighbor This...

Страница 1194: ...bgp 10 awplus config router address family ipv4 awplus config router af neighbor 10 10 10 1 activate To disable an exchange of routes in Address Family Configuration mode with a neighboring router wit...

Страница 1195: ...ter address family ipv6 awplus config router af no neighbor 2001 0db8 010d 1 activate To enable an exchange of routes with a neighboring router with the peer group named group1 enter the commands as s...

Страница 1196: ...pping of routes to the internet set a minimum advertisement interval so iBGP or eBGP routing updates are sent per interval seconds BGP dampening can also be used to control the effects of flapping rou...

Страница 1197: ...fixes not in the same AS and updates not in a local AS Examples BGP awplus configure terminal awplus config router bgp 10 awplus config router neighbor 10 10 0 3 advertisement interval 45 awplus confi...

Страница 1198: ...rminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 awplus config router address family ipv6 awplus config ro...

Страница 1199: ...and to configure PE Provider Edge routers to allow re advertisement of all prefixes containing duplicate Autonomous System Numbers ASNs In a hub and spoke configuration a PE router re advertises all p...

Страница 1200: ...awplus config router bgp 10 awplus config router no neighbor 10 10 0 1 allowas in awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4 awplus config router af...

Страница 1201: ...pv6 awplus config router af no neighbor 2001 0db8 010d 1 allowas in awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor...

Страница 1202: ...eers which include a prefix that originates from the local AS is 15 seconds by default Mode Router Configuration Usage This command is used to change the minimum interval between sending AS originatio...

Страница 1203: ...r advertisement interval command for iBGP peers with prefixes in the same AS for updates only within a local AS Examples BGP awplus configure terminal awplus config router bgp 100 awplus config router...

Страница 1204: ...l as path parameter has the same effect as invoking the neighbor transparent as command Note this specifying this command with the optional next hop parameter has the same effect as invoking the neigh...

Страница 1205: ...fig router address family ipv4 awplus config router af neighbor 10 10 0 75 attribute unchanged as path med awplus configure terminal awplus config router bgp 10 awplus config router address family ipv...

Страница 1206: ...1 0db8 010d 1 attribute unchanged as path med awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1 remot...

Страница 1207: ...capability graceful restart command to advertise to the BGP or BGP4 neighbor routers the capability of graceful restart First specify the BGP or BGP4 neighbor s remote as identification number as assi...

Страница 1208: ...lus config router address family ipv4 awplus config router af neighbor 10 10 10 50 capability graceful restart awplus configure terminal awplus config router bgp 10 awplus config router address family...

Страница 1209: ...ghbor 2001 0db8 010d 1 capability graceful restart awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1...

Страница 1210: ...ged between neighbors By filtering updates this option minimizes generating and processing of updates The local router advertises the ORF capability in send mode and the remote router receives the ORF...

Страница 1211: ...bgp 10 awplus config router no neighbor 10 10 0 5 capability orf prefix list both awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4 awplus config router ne...

Страница 1212: ...ghbor 2001 0db8 010d 1 capability orf prefix list both awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010...

Страница 1213: ...d to advertise to peer about route refresh capability support If route refresh capability is supported then router can dynamically request that the peer readvertises its Adj RIB Out Parameter Descript...

Страница 1214: ...ute refresh awplus configure terminal awplus config router bgp 10 awplus config router no neighbor group1 capability route refresh Examples BGP4 awplus configure terminal awplus config router bgp 10 a...

Страница 1215: ...v B Command Reference for AR2050V 1215 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR CAPABILITY ROUTE REFRESH Related Commands neighbor peer group add a neighbor ne...

Страница 1216: ...sage This command must be used only when specially required It is not required in most network deployments The associated functionality of including an established neighbor into TCP connection collisi...

Страница 1217: ...minal awplus config router bgp 10 awplus config router no neighbor group1 collide established Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus config router neighbor 2001 0db...

Страница 1218: ...tion Parameter Description neighborid ip address ipv6 addr peer group ip address Specify the address of an IPv4 BGP neighbor in dotted decimal notation A B C D ipv6 addr Specify the address of an IPv6...

Страница 1219: ...onfig address family ipv4 awplus config router af neighbor 10 10 10 1 default originate route map myroute awplus configure terminal awplus config router bgp 10 awplus config address family ipv4 awplus...

Страница 1220: ...er af no neighbor 2001 0db8 010d 1 default originate route map myroute awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighb...

Страница 1221: ...ption no neighbor neighborid description description Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Parameter Description neighborid ip address ipv6...

Страница 1222: ...lus configure terminal awplus config router bgp 10 awplus config router neighbor group1 description Backup router for sales Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus c...

Страница 1223: ...01 Rev B Command Reference for AR2050V 1223 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR DESCRIPTION Related Commands neighbor peer group add a neighbor neighbor...

Страница 1224: ...econds from the peer during exchange of open messages or the user during configuration The no variant of this command allows the BGP speaker to accept 0 holdtime from the peer or during configuration...

Страница 1225: ...ress of 2001 0db8 010d 1 enter the commands awplus configure terminal awplus config router bgp 10 awplus config router neighbor disallow infinite holdtime2001 0db8 010d 1 To disable the disallow infin...

Страница 1226: ...o enable capability negotiation Syntax neighbor neighborid dont capability negotiate no neighbor neighborid dont capability negotiate Mode Router Configuration Parameter Description neighborid ip addr...

Страница 1227: ...ity negotiate awplus configure terminal awplus config router bgp 10 awplus config router no neighbor group1 dont capability negotiate Examples BGP4 awplus configure terminal awplus config router bgp 1...

Страница 1228: ...B Command Reference for AR2050V 1228 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR DONT CAPABILITY NEGOTIATE Related Commands neighbor peer group add a neighbor ne...

Страница 1229: ...p multihop count no neighbor neighborid ebgp multihop count Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Parameter Description neighborid ip addres...

Страница 1230: ...ebgp multihop 5 awplus configure terminal awplus config router bgp 10 awplus config router no neighbor group1 ebgp multihop 5 Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus...

Страница 1231: ...mmand Reference for AR2050V 1231 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR EBGP MULTIHOP Related Commands neighbor ebgp multihop neighbor peer group add a neigh...

Страница 1232: ...multihop Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Parameter Description neighborid ip address ipv6 addr peer group ip address The address of an...

Страница 1233: ...force multihop awplus configure terminal awplus config router bgp 10 awplus config router no neighbor group1 enforce multihop Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus...

Страница 1234: ...1 Rev B Command Reference for AR2050V 1234 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR ENFORCE MULTIHOP Related Commands neighbor peer group add a neighbor neighb...

Страница 1235: ...iguration Usage This command specifies a filter for updates based on a BGP AS Autonomous System path list Parameter Description neighborid Specify the identification method for the BGP or BGP4 peer Us...

Страница 1236: ...s config router address family ipv4 awplus config router af neighbor 10 10 0 34 filter list list1 out awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4 awp...

Страница 1237: ...config router af no neighbor 2001 0db8 010d 1 filter list list1 out awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor...

Страница 1238: ...mples BGP4 awplus configure terminal awplus config router bgp 10 awplus config router neighbor 10 10 0 72 interface vlan2 awplus configure terminal awplus config router bgp 10 awplus config router no...

Страница 1239: ...e configured to act as eBGP connections instead of only iBGP Usage BGP4 When BGP4 is configured this command prepends the ASN as defined by the router bgp command and adds the ASN as defined by the ne...

Страница 1240: ...rminal awplus config router bgp 10 awplus config router no neighbor group1 local as 1 Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus config router neighbor 2001 0db8 010d 1...

Страница 1241: ...cified number of prefixes that a BGP or a BGP4 router is allowed to receive from a neighbor When the warning only option is not used if any extra prefixes are received the router ends the peering A te...

Страница 1242: ...awplus config router bgp 10 awplus config router no neighbor 10 10 0 72 maximum prefix 1244 warning only awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer...

Страница 1243: ...s family ipv6 awplus config router af no neighbor 2001 0db8 010d 1 maximum prefix 1244 warning only awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer grou...

Страница 1244: ...P or BGP4 router to change the next hop information that is sent to the iBGP peer The next hop information is set to the IP address of the interface used to communicate with the neighbor This command...

Страница 1245: ...bgp 10 awplus config router address family ipv4 awplus config router neighbor 10 10 0 72 next hop self awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4 aw...

Страница 1246: ...6 awplus config router af no neighbor 2001 0db8 010d 1 next hop self awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor...

Страница 1247: ...re terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 10 10 10 72 remote as 10 awplus config router neighbor 10 10 10 72 peer group grou...

Страница 1248: ...2001 0db8 010d 1 override capability awplus configure terminal awplus config router bgp 12 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 a...

Страница 1249: ...isable this function Syntax neighbor neighborid passive no neighbor neighborid passive Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Parameter Descr...

Страница 1250: ...ure terminal awplus config router bgp 10 awplus config router no neighbor group1 passive Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus config router neighbor 2001 0db8 010...

Страница 1251: ...BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Usage When using the peer group name parameter with this command to apply this command to all peers in the...

Страница 1252: ...eighbor group1 password manager This example removes the password set for the neighbor peer group named group1 awplus configure terminal awplus config router bgp 10 awplus config router no neighbor gr...

Страница 1253: ...outer bgp 10 awplus config router neighbor password manager 2001 0db8 010d 1 This example removes the password set for the neighbor 2001 0db8 010d 1 awplus configure terminal awplus config router bgp...

Страница 1254: ...613 50186 01 Rev B Command Reference for AR2050V 1254 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR PASSWORD Command changes Version 5 4 6 2 1 VRF lite support adde...

Страница 1255: ...ilitates the updates of various policies such as distribute and filter lists The peer group is then configured easily with many of the neighbor commands Any changes made to the peer group affect all m...

Страница 1256: ...roup group1 and the addition of a neighbor 2001 0db8 010d 1 to the group awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router addr...

Страница 1257: ...e same update policies are grouped into peer groups This facilitates the updates of various policies such as distribute and filter lists The peer group is then configured easily with many of the neigh...

Страница 1258: ...rt portnum Default TCP port 179 is the default port used to connect BGP and BGP4 peers Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Parameter Descr...

Страница 1259: ...re terminal awplus config router bgp 12 awplus config router no neighbor group1 port 643 Examples BGP4 awplus configure terminal awplus config router bgp 12 awplus config router neighbor port 6432001...

Страница 1260: ...at the top of the prefix list with the sequence number 1 Once a match or deny occurs the router does not need to go through the rest of the prefix list For efficiency the most common matches or denie...

Страница 1261: ...s config router bgp 10 awplus config router address family ipv4 awplus config router af neighbor 10 10 10 1 prefix list list1 in awplus configure terminal awplus config router bgp 10 awplus config rou...

Страница 1262: ...af no neighbor 2001 0db8 prefix list list1 in awplus configure terminal awplus config ip prefix list list1 deny 2001 0db8 010d 1 128 awplus config router bgp 10 awplus config router neighbor group1 pe...

Страница 1263: ...roup support of this command is configured only after creating a specific peer group Use the no variant of this command to remove a previously configured BGP peering relationship Parameter Description...

Страница 1264: ...us config router bgp 10 awplus config router no neighbor 10 10 0 73 remote as 10 To configure a BGP peering relationship from the neighbor with the peer group named group1 with another router awplus c...

Страница 1265: ...up1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 awplus config router address family ipv6 awplus config router af neighbor 2001 0db8 010d 1 peer group group1 awplus config ro...

Страница 1266: ...n Router Configuration mode This command is not supported for BGP4 in IPv6 Address Family Configuration mode This command removes a private AS number and makes an update packet with a public AS number...

Страница 1267: ...OMMANDS NEIGHBOR REMOVE PRIVATE AS BGP ONLY Examples awplus configure terminal awplus config router bgp 10 awplus config router neighbor 10 10 0 63 remove private AS awplus configure terminal awplus c...

Страница 1268: ...me value specified using the bgp graceful restart command The restart time value is the maximum time that a graceful restart neighbor waits to come back up after a restart The default is 120 seconds M...

Страница 1269: ...us config router bgp 10 awplus config router no neighbor group1 restart time 45 Examples BGP4 awplus configure terminal awplus config router bgp 10 awplus config router neighbor 2001 0db8 010d 1 resta...

Страница 1270: ...e map is applied to inbound or outbound updates Only the routes that pass the route map are sent or accepted in updates Parameter Description neighborid ip address ipv6 addr peer group ip address Spec...

Страница 1271: ...mode awplus configure terminal awplus config router bgp 10 awplus config router no neighbor 10 10 10 1 route map rmap2 in The following example shows the configuration of the route map name rmap2 and...

Страница 1272: ...he peer group named group1 in the Router Configuration mode awplus configure terminal awplus config router bgp 10 awplus config router no neighbor group1 route map rmap2 in Examples BGP4 The following...

Страница 1273: ...g route map exit awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 awplus config router address family ipv6 awplus...

Страница 1274: ...client command to configure the local router as the route reflector and specify neighbors as its client An AS can have more than one route reflector One route reflector treats the other route reflect...

Страница 1275: ...P AND BGP4 COMMANDS NEIGHBOR ROUTE REFLECTOR CLIENT BGP ONLY Examples awplus configure terminal awplus config router bgp 10 awplus config router neighbor 10 10 0 72 route reflector client awplus confi...

Страница 1276: ...awplus configure terminal awplus config router bgp 10 awplus config router neighbor 10 10 0 72 route server client awplus configure terminal awplus config router bgp 10 awplus config router no neighb...

Страница 1277: ...community attributes the router reannounces them to the neighbor Only when the no Parameter Description neighborid ip address ipv6 addr peer group ip address Specify the address of an IPv4 BGP neighb...

Страница 1278: ...10 awplus config router no neighbor 10 10 0 72 send community extended awplus configure terminal awplus config bgp config type standard awplus config router bgp 10 awplus config router address family...

Страница 1279: ...send community extended awplus configure terminal awplus config bgp config type standard awplus config router bgp 10 awplus config router address family ipv6 awplus config router af no neighbor 2001...

Страница 1280: ...us config router neighbor 10 10 0 72 shutdown awplus configure terminal awplus config router bgp 10 awplus config router no neighbor 10 10 0 72 shutdown awplus configure terminal awplus config router...

Страница 1281: ...router neighbor 2001 0db8 010d 1 shutdown awplus configure terminal awplus config router bgp 10 awplus config router no neighbor 2001 0db8 010d 1 shutdown awplus configure terminal awplus config route...

Страница 1282: ...ter Configuration or IPv4 Address Family Configuration Mode BGP4 IPv6 Address Family Configuration Usage Use this command to store updates for inbound soft reconfiguration Soft reconfiguration may be...

Страница 1283: ...plus config router address family ipv4 awplus config router af neighbor 10 10 10 10 soft reconfiguration inbound awplus configure terminal awplus config router bgp 12 awplus config router address fami...

Страница 1284: ...s config router af no neighbor 2001 0db8 010d 1 soft reconfiguration inbound awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router...

Страница 1285: ...d of time between each keepalive message sent by the router The holdtime interval is the time the router waits to receive a keepalive message and if it does not receive Parameter Description neighbori...

Страница 1286: ...bor 10 10 10 1 peer group group1 awplus config router neighbor group1 timers 60 120 awplus configure terminal awplus config router bgp 10 awplus config router no neighbor group1 timers Examples BGP4 a...

Страница 1287: ...iedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NEIGHBOR TIMERS Related Commands neighbor peer group add a neighbor neighbor route map show ip bgp neighbors hold time BGP only sh...

Страница 1288: ...awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 10 10 10 1 remote as 10 awplus config router neighbor 10 10 10 1 pee...

Страница 1289: ...awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 awplus config router address family i...

Страница 1290: ...xthop awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 10 10 10 1 remote as 10 awplus config router neighbor 10 10 10...

Страница 1291: ...xthop awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 awplus config router address fam...

Страница 1292: ...address command is used with the summary only option the more specific routes of the aggregate are suppressed to all neighbors Use this command instead to selectively leak more specific routes to a p...

Страница 1293: ...re terminal awplus config router bgp 10 awplus config router no neighbor 10 10 0 73 unsuppress map mymap awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4...

Страница 1294: ...s config router af no neighbor 2001 0db8 010d 1 unsuppress map mymap awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor...

Страница 1295: ...fault Use of this command sets a default value of 2 for the maximum hop count Mode BGP Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Usage Use this command i...

Страница 1296: ...local address enter the commands listed below awplus config router bgp 100 awplus config router no neighbor 10 10 0 72 update source To source BGP connections for neighbor group1 with the IP address...

Страница 1297: ...r bgp 100 awplus config router no neighbor 2001 0db8 010d 1 update source To source BGP connections for neighbor group1 with the IPv6 address of the local loopback address instead of the best local ad...

Страница 1298: ...t the system uses BGP version 4 and on request dynamically negotiates down to version 2 Using this command disables the router s version negotiation capability and forces the router to use only a spec...

Страница 1299: ...fig router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 10 10 10 1 remote as 10 awplus config router neighbor 10 10 10 1 peer group group1 awplus config router...

Страница 1300: ...e when there are other routes on the network Unlike the local preference attribute the weight attribute is relevant only to the local router The weights assigned using the set weight command overrides...

Страница 1301: ...bgp 10 awplus config router address family ipv4 awplus config router af neighbor 10 10 10 1 weight 60 awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4 awp...

Страница 1302: ...ipv6 awplus config router af no neighbor 2001 0db8 010d 1 weight awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 20...

Страница 1303: ...x length ip network addr mask network mask route map route map name backdoor Syntax BGP4 network ipv6 prefix length ipv6 network addr route map route map name no network ipv6 prefix length ipv6 networ...

Страница 1304: ...0 0 0 Example BGP The following example illustrates a network address which does not fall into its natural class boundary and hence is perceived as a host route that is 192 0 2 224 27 awplus config ro...

Страница 1305: ...Ware Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS NETWORK BGP AND BGP4 Output BGP4 Figure 29 3 Example output from the show running config command after entering network 2001 db8 32 a...

Страница 1306: ...BGP4 IPv6 Address Family ipv6 unicast Configuration Examples BGP The following example enables IGP synchronization of BGP static network routes in the Router Configuration mode awplus configure termi...

Страница 1307: ...to make sure that only routes to be advertised reach the internet not everything This command allows redistribution by injecting prefixes from one routing protocol into another routing protocol Examp...

Страница 1308: ...hich is then applied using the redistribute route map command awplus configure terminal awplus config route map rmap2 permit 3 awplus config route map match interface vlan1 awplus config route map set...

Страница 1309: ...t capability bgp graceful restart graceful reset command The neighbor devices also need to have BGP graceful restart capabilities enabled bgp graceful restart command This command stops the whole BGP...

Страница 1310: ...ng the 32 bit AS number Syntax router bgp asn no router bgp asn Mode Global Configuration Usage The router bgp command enables a BGP routing process Examples awplus configure terminal awplus config ro...

Страница 1311: ...map mapname deny permit seq no route map mapname no route map mapname deny permit seq Mode Global Configuration Usage Route maps allow you to control and modify routing information by filtering route...

Страница 1312: ...and set clause to it use the commands awplus configure terminal awplus config route map route1 permit 1 awplus config route map match as path 60 awplus config route map set weight 70 To enter route m...

Страница 1313: ...C613 50186 01 Rev B Command Reference for AR2050V 1313 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS ROUTE MAP For RIP redistribute RIP...

Страница 1314: ...e the set clause Syntax set as path prepend 1 65535 1 65535 no set as path prepend 1 65535 1 65535 Mode Route map mode Usage Use the set as path command to specify an autonomous system path By specify...

Страница 1315: ...et local AS no advertise no export additive set community none no set community none Parameter Description 1 65535 The AS number of the community as an integer not in AA NN format AA NN The Autonomous...

Страница 1316: ...rminal awplus config route map rmap1 permit 3 awplus config route map set community 10 01 23 34 12 14 no export To use entry 3 of the route map called rmap1 to put matching routes into a single AS com...

Страница 1317: ...r a specified IPv6 address For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show bgp ipv6 ipv6 addr M...

Страница 1318: ...4497 64499 exact match awplus show bgp ipv6 community 64497 64499 64500 64501 exact match awplus show bgp ipv6 community 64497 64499 64500 64501 64510 64511no advertise awplus show bgp ipv6 community...

Страница 1319: ...50186 01 Rev B Command Reference for AR2050V 1319 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS SHOW BGP IPV6 COMMUNITY BGP4 ONLY Related Commands show ip bgp community BGP...

Страница 1320: ...ist BGP only command within an IPv4 environment For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show...

Страница 1321: ...output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show bgp ipv6 dampening dampened paths flap statistics parameters Mode User Exec and Privileged Exe...

Страница 1322: ...ow ip bgp filter list BGP only command to display routes conforming to the filter list within an IPv4 environment For information on filtering and saving command output see the Getting Started with Al...

Страница 1323: ...S Paths within an IPv6 environment Use the show ip bgp inconsistent as BGP only command to display routes with inconsistent AS paths within an IPv4 environment For information on filtering and saving...

Страница 1324: ...r mask than the one specified For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show bgp ipv6 ipv6 add...

Страница 1325: ...neighbors ipv6 addr advertised routes received prefix filter received routes routes Mode User Exec and Privileged Exec Examples BGP4 awplus show bgp ipv6 neighbors 2001 0db8 010d 1 advertised routes a...

Страница 1326: ...Route refresh request received 0 sent 0 Minimum time between advertisement runs is 30 seconds Update source is lo For address family IPv4 Unicast BGP table version 1 neighbor version 1 Index 2 Offset...

Страница 1327: ...or capabilities for the BGP session Number of messages transmitted and received IPv6 unicast address family information BGP4 table version IPv6 Address Family dependent capabilities IPv6 Communities I...

Страница 1328: ...path information within an IPv6 environment Use the show ip bgp paths BGP only command to display BGP path information within an IPv4 environment For information on filtering and saving command outpu...

Страница 1329: ...e the show ip bgp prefix list BGP only command to display routes matching the prefix list within an IPv4 environment For information on filtering and saving command output see the Getting Started with...

Страница 1330: ...dWare Plus Feature Overview and Configuration Guide Syntax show bgp ipv6 quote regexp expression Mode User Exec and Privileged Exec Example awplus show bgp ipv6 quote regexp myexpression Related Comma...

Страница 1331: ...sion Mode User Exec and Privileged Exec Example awplus show bgp ipv6 regexp myexpression Related Commands show ip bgp regexp BGP only Symbol Character Meaning Caret Used to match the beginning of the...

Страница 1332: ...command to display BGP routes that match the specified route map within an IPv4 environment For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature...

Страница 1333: ...output from the show ip bgp summary command The Up Down column in this output is a timer that shows never if the peer session has never been established The up time if the peer session is currently up...

Страница 1334: ...allocated to BGP processes For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show bgp memory maxalloca...

Страница 1335: ...GP ONLY show bgp nexthop tracking BGP only Overview Use this command to display BGP next hop tracking status Syntax show bgp nexthop tracking Mode User Exec and Privileged Exec Example To display BGP...

Страница 1336: ...TREE DETAILS BGP ONLY show bgp nexthop tree details BGP only Overview Use this command to display BGP next hop tree details Syntax show bgp nexthop tree details Mode User Exec and Privileged Exec Exam...

Страница 1337: ...formation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging bgp Mode User Exec and Privileged Exec Exam...

Страница 1338: ...8 Example output from the show ip bgp command Related Commands neighbor remove private AS BGP only Parameter Description ip addr ip addr m Specifies the IPv4 address and the optional prefix mask leng...

Страница 1339: ...rnal attribute hash information For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp attribut...

Страница 1340: ...ged Exec Example awplus show ip bgp cidr only awplus show ip bgp vrf red cidr only Output Figure 29 10 Example output from the show ip bgp cidr only command Command changes Version 5 4 6 2 1 VRF lite...

Страница 1341: ...ype placeholder Syntax show ip bgp community type exact match Syntax VRF show ip bgp global vrf vrf name community type exact match Mode User Exec and Privileged Exec Parameter Description global When...

Страница 1342: ...501 64510 64511no advertise awplus show ip bgp community no advertise no advertiseno advertise exact match awplus show ip bgp community no export 64510 64511 no advertise local AS no export awplus sho...

Страница 1343: ...ONLY show ip bgp community info BGP only Overview Use this command to list all BGP community information For information on filtering and saving command output see the Getting Started with AlliedWare...

Страница 1344: ...ity list listname exact match Syntax VRF show ip bgp global vrf vrf name community list listname exact match Mode User Exec and Privileged Exec Example awplus show ip bgp community list mylist exact m...

Страница 1345: ...information in memory Examples awplus show ip bgp dampening dampened paths awplus show ip bgp vrf red dampening dampened paths awplus show ip bgp global dampening flap statistics Output Figure 29 11...

Страница 1346: ...only Command changes Version 5 4 6 2 1 VRF lite support added awplus show ip bgp dampening flap statistics BGP table version is 1 local router ID is 30 30 30 77 Status codes s suppressed d damped h h...

Страница 1347: ...Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp filter list listname Syntax VRF show ip bgp global vrf vrf name filter list listname Mode User Exec and...

Страница 1348: ...ring and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp inconsistent as Syntax VRF show ip bgp global vrf vrf name incon...

Страница 1349: ...onfiguration Guide Syntax show ip bgp ip address m longer prefixes Syntax VRF show ip bgp global vrf vrf name ip address m longer prefixes Mode User Exec and Privileged Exec Example awplus show ip bgp...

Страница 1350: ...rf name neighbors ipv4 addr routes Mode BGP User Exec and Privileged Exec Examples BGP awplus show ip bgp neighbors 10 10 10 72 advertised routes awplus show ip bgp neighbors 10 10 10 72 received pref...

Страница 1351: ...prefixes Connection information Connection counters Graceful restart timer Hop count to the peer Next hop information Local and external port numbers awplus show ip bgp neighbors 10 10 10 72 BGP neig...

Страница 1352: ...ence for AR2050V 1352 AlliedWare Plus Operating System Version 5 4 7 1 x BGP AND BGP4 COMMANDS SHOW IP BGP NEIGHBORS BGP ONLY Related Commands show bgp ipv6 neighbors BGP4 only Command changes Version...

Страница 1353: ...retrytime value of the peer at the session establishment time with the neighbor For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview an...

Страница 1354: ...n filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp neighbors ipv4 addr hold time Default The holdtime timer...

Страница 1355: ...or from the peer throughout the session For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp...

Страница 1356: ...rmation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp neighbors ipv4 addr keepalive interval Default T...

Страница 1357: ...ication messages sent to the neighbor from the peer throughout the session For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Conf...

Страница 1358: ...pen messages sent to the neighbor from the peer throughout the session For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configur...

Страница 1359: ...messages received by the neighbor from the peer throughout the session For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configur...

Страница 1360: ...f messages sent to the neighbor from the peer throughout the session For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configurat...

Страница 1361: ...date messages sent to the neighbor from the peer throughout the session For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configu...

Страница 1362: ...h information within an IPv4 environment Use the show bgp ipv6 paths BGP4 only command to display BGP4 path information within an IPv4 environment For information on filtering and saving command outpu...

Страница 1363: ...he Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp prefix list list Syntax VRF show ip bgp global vrf vrf name prefix list list Mode User Exec and Priv...

Страница 1364: ...lobal vrf vrf name quote regexp expression Mode User Exec and Privileged Exec Symbol Character Meaning Caret Used to match the beginning of the input string When used at the beginning of a string of c...

Страница 1365: ...ersion 5 4 7 1 x BGP AND BGP4 COMMANDS SHOW IP BGP QUOTE REGEXP BGP ONLY Examples awplus show ip bgp quote regexp myexpression awplus show ip bgp global quote regexp 65550 65555 Related Commands show...

Страница 1366: ...c and Privileged Exec Symbol Character Meaning Caret Used to match the beginning of the input string When used at the beginning of a string of characters it negates a pattern match Dollar sign Used to...

Страница 1367: ...ing System Version 5 4 7 1 x BGP AND BGP4 COMMANDS SHOW IP BGP REGEXP BGP ONLY Examples awplus show ip bgp regexp myexpression awplus show ip bgp vrf red regexp 65550 65555 Related Commands show bgp i...

Страница 1368: ...Guide Syntax show ip bgp route map route map Syntax VRF show ip bgp global vrf vrf name route map route map Mode User Exec and Privileged Exec Examples To show routes that match the route map myRoute...

Страница 1369: ...rmation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp scan Mode User Exec and Privileged Exec Example...

Страница 1370: ...put Figure 29 16 Example output from the show ip bgp summary command The Up Down column in this output is a timer that shows never if the peer session has never been established The up time if the pee...

Страница 1371: ...1 x BGP AND BGP4 COMMANDS SHOW IP BGP SUMMARY BGP ONLY In the example above the session with 192 168 11 2 has been down for 4 seconds and the session with 192 168 4 2 has never been established Relat...

Страница 1372: ...dWare Plus Feature Overview and Configuration Guide Syntax show ip community list listnumber listname Mode User Exec and Privileged Exec Examples awplus show ip community list mylist awplus show ip co...

Страница 1373: ...information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip extcommunity list 1 199 extcommunity listname Mo...

Страница 1374: ...d BGP routing protocols only Syntax show ip prefix list name detail summary Mode User Exec and Privileged Exec Example awplus show ip prefix list awplus show ip prefix list 10 10 0 98 8 awplus show ip...

Страница 1375: ...eature Overview and Configuration Guide Syntax show ip protocols bgp Mode User Exec and Privileged Exec Example To display BGP process parameters and statistics use the command awplus show ip protocol...

Страница 1376: ...GP4 routing protocols only Syntax show ipv6 prefix list name detail summary Mode User Exec and Privileged Exec Example awplus show ipv6 prefix list awplus show ipv6 prefix list 10 10 0 98 8 awplus sho...

Страница 1377: ...c and Privileged Exec Example To display information about the route map named example map use the command awplus show route map example map Output Figure 29 18 Example output from the show route map...

Страница 1378: ...ly or via an IGP Synchronizationmaybeenabled whenallthe routersinanautonomous systemdo not speak BGP and the autonomous system is a transit for other autonomous systems Use the no synchronization comm...

Страница 1379: ...0 120 awplus configure terminal awplus config router bgp 10 awplus config router no timers bgp 30 90 awplus configure terminal awplus config router bgp 10 awplus config router no timers bgp Related Co...

Страница 1380: ...nfiguration Example awplus undebug bgp events awplus undebug bgp nht awplus undebug bgp updates Related Commands debug bgp BGP only Parameter Description all Disable all debugging for BGP dampening Di...

Страница 1381: ...ntry and to put you into route map mode match commands used to determine which routes the route map applies to set commands used to modify matching routes Command List match as path on page 1383 match...

Страница 1382: ...1404 set dampening on page 1406 set extcommunity on page 1408 set ip next hop route map on page 1410 set ipv6 next hop on page 1411 set local preference on page 1412 set metric on page 1413 set metric...

Страница 1383: ...fy an action of deny or permit The action in the AS path access list determines whether the route map checks update messages for a given AS path value The route map action and its set clauses determin...

Страница 1384: ...action of deny or permit Theactioninthecommunitylistdetermines whethertheroutemapchecks update messages for a given community value The route map action and its set clauses determine what the route m...

Страница 1385: ...3 to the route map called myroute which will process update messages if they contain the community values that are included in mylist use the commands awplus configure terminal awplus config route ma...

Страница 1386: ...he route map entry Use the no variant of this command without a specified interface to remove all interfaces Syntax match interface interface no match interface interface Mode Route map Configuration...

Страница 1387: ...e map can have at most one prefix list based IP address match clause If the route map entry already has one match clause entering this command replaces that match clause with the new clause Note that...

Страница 1388: ...pective of permit or deny specifications This command is valid for OSPF routes routes in BGP update messages RIP routes Examples To add entry 3 to the route map called rmap1 which will process routes...

Страница 1389: ...route map checks update messages and routes for a given next hop value The route map action and its set clauses determine what the route map does with update messages and routes that contain that next...

Страница 1390: ...ies of prefix lists to be matched If there is a match for the specified prefix list entries and permit is specified the route is redistributed or controlled as specified by the set action If the match...

Страница 1391: ...specifies the next hop address to be matched If there is a match for the specified next hop address and permit is specified the route is redistributed or controlled as specified by the set action If...

Страница 1392: ...e route map entry already has a metric match clause entering this command replaces that match clause with the new clause Use the no variant of this command to remove the metric match clause from the r...

Страница 1393: ...ndicated as an i in the routing table and it indicates the origin of the path information is interior to the originating AS The incomplete parameter is indicated as a in the routing table and indicate...

Страница 1394: ...C613 50186 01 Rev B Command Reference for AR2050V 1394 AlliedWare Plus Operating System Version 5 4 7 1 x ROUTE MAP COMMANDS MATCH ORIGIN Related Commands route map set origin show route map...

Страница 1395: ...type match clause from the route map entry Syntax match route type external type 1 type 2 no match route type external type 1 type 2 Mode Route map Configuration Usage Use the match route type externa...

Страница 1396: ...use If the route map entry already has a tag match clause entering this command replaces that match clause with the new clause Use the no variant of this command to remove the tag match clause from th...

Страница 1397: ...map mapname deny permit seq no route map mapname no route map mapname deny permit seq Mode Global Configuration Usage Route maps allow you to control and modify routing information by filtering routes...

Страница 1398: ...nd set clause to it use the commands awplus configure terminal awplus config route map route1 permit 1 awplus config route map match as path 60 awplus config route map set weight 70 To enter route map...

Страница 1399: ...C613 50186 01 Rev B Command Reference for AR2050V 1399 AlliedWare Plus Operating System Version 5 4 7 1 x ROUTE MAP COMMANDS ROUTE MAP For RIP redistribute RIP...

Страница 1400: ...n administration sharing a common routing strategy It is subdivided by areas and is assigned a unique 16 bit number Use the set aggregator command to assign an AS number for the aggregator This comman...

Страница 1401: ...the set clause Syntax set as path prepend 1 65535 1 65535 no set as path prepend 1 65535 1 65535 Mode Route map mode Usage Use the set as path command to specify an autonomous system path By specifyin...

Страница 1402: ...tomic aggregate attribute to the update Use the no variant of this command to remove the set clause Syntax set atomic aggregate no set atomic aggregate Mode Route map Configuration Usage This command...

Страница 1403: ...date s community attribute Use the no variant of this command to stop deleting the communities Syntax set comm list 1 199 100 199 word delete no set comm list 1 199 100 199 word delete Mode Route map...

Страница 1404: ...t local AS no advertise no export additive set community none no set community none Parameter Description 1 65535 The AS number of the community as an integer not in AA NN format AA NN The Autonomous...

Страница 1405: ...inal awplus config route map rmap1 permit 3 awplus config route map set community 10 01 23 34 12 14 no export To use entry 3 of the route map called rmap1 to put matching routes into a single AS commu...

Страница 1406: ...pening no set dampening reachtime no set dampening reachtime reuse suppress maxsuppress unreachtime Parameter Description reachtime 1 45 The time it takes in minutes for the route s instability penalt...

Страница 1407: ...awplus config route map R1 permit 24 awplus config route map set dampening 20 333 534 30 Related Commands bgp dampening route map show route map maxsuppress 1 255 A number that is multiplied by reacht...

Страница 1408: ...e map called rmap1 to set the route target extended community attribute to 06 01 use the commands awplus configure terminal awplus config route map rmap1 permit 3 awplus config route map set extcommun...

Страница 1409: ...SET EXTCOMMUNITY To instead specify the extended community number in dotted decimal notation use the command awplus configure terminal awplus config route map rmap1 permit 3 awplus config route map s...

Страница 1410: ...clause Syntax set ip next hop ip address no set ip next hop ip address Mode Route map Configuration Usage Use this command to set the next hop IP address to the routes This command is valid for OSPF r...

Страница 1411: ...addr Mode Route map Configuration Usage Use this command to set the next hop IPv6 address to the routes This command is valid only for BGP Examples awplus configure terminal awplus config route map rm...

Страница 1412: ...ss servers in the local autonomous system The no variant of this command reverts to the default setting Syntax set local preference pref value no set local preference pref value Mode Route map Configu...

Страница 1413: ...metric value for routes redistributed into OSPF and OSPFv3 is 20 Mode Route map Configuration Usage For BGP if you want the device to compare MED values in update messages from peers in different ASes...

Страница 1414: ...outes a metric of 600 use the commands awplus configure terminal awplus config route map rmap1 permit 3 awplus config route map set metric 600 To use entry 3 of the route map called rmap1 to increase...

Страница 1415: ...no set metric type type 1 type 2 Mode Route map Configuration Usage This command is valid for OSPF routes only Example To use entry 3 of the route map called rmap1 to redistribute matching routes into...

Страница 1416: ...et origin egp igp incomplete no set origin egp igp incomplete Mode Route map Configuration Usage This command is valid for BGP update messages only Example To use entry 3 of the route map called rmap1...

Страница 1417: ...ce sets its originator ID attribute to the specified value Use the no variant of this command to remove the set clause Syntax set originator id ip address no set originator id ip address Mode Route ma...

Страница 1418: ...command to remove the set clause Syntax set tag tag value no set tag tag value Mode Route map Configuration Usage This command is valid only when redistributing routes into OSPF Example To use entry...

Страница 1419: ...e uses the route with the highest weight value When a route matches the route map entry the device sets its weight to the specified value Use the no variant of this command to remove the set clause Sy...

Страница 1420: ...and Privileged Exec Example To display information about the route map named example map use the command awplus show route map example map Output Figure 30 1 Example output from the show route map co...

Страница 1421: ...nds used to configure policy based routing For more information see the Policy based Routing PBR Feature Overview and Configuration Guide Command List debug policy based routing on page 1422 ip policy...

Страница 1422: ...at the debugging level Use the no variant of this command to disable policy based routing debugging Syntax debug policy based routing no debug policy based routing Default Policy based routing debuggi...

Страница 1423: ...the application come from the source entity and are destined for the destination entity Parameter Description 1 128 The policy route ID number If you do not specify an ID number the device assigns th...

Страница 1424: ...config policy based routing awplus config pbr policy based routing enable awplus config pbr ip policy route 10 match voice from inside to outside nexthop 10 37 236 65 To delete the policy route creat...

Страница 1425: ...cation come from the source entity and are destined for the destination entity Parameter Description 1 128 The policy route ID number If you do not specify an ID number the device assigns the new poli...

Страница 1426: ...nfig policy based routing awplus config pbr policy based routing enable awplus config pbr ipv6 policy route 10 match voice from inside to outside nexthop 2001 100 1 To delete the policy route created...

Страница 1427: ...f this command to remove the whole policy based routing configuration Syntax policy based routing no policy based routing Mode Global configuration Usage Once you have entered policy based routing mod...

Страница 1428: ...of this command to disable policy based routing Syntax policy based routing enable no policy based routing enable Default Policy based routing is disabled by default Mode Policy based routing Example...

Страница 1429: ...listing the ordinary static and dynamic routes in the route table called main Then it lists the routes for each policy route For each route the output lists the route s next hop IP address and or the...

Страница 1430: ...HOW IP PBR ROUTE Output Figure 31 2 Example output from show ip pbr route for a specified policy route For each route the output lists the route s next hop IP address and or the next hop interface Rel...

Страница 1431: ...6 pbr route If you do not specify a policy routeID the output starts by listing the ordinary static and dynamic routes in the route table called main Then it lists the routes for each policy route For...

Страница 1432: ...IPV6 PBR ROUTE Output Figure 31 4 Example output from show ipv6 pbr route for a specified policy route For each route the output lists the route s next hop IPv6 address and or the next hop interface R...

Страница 1433: ...1 1 Parameters in the output from show pbr rules Parameter Description Rule The policy route ID number Policy routes are checked in order of ID number starting with the lowest ID number The device app...

Страница 1434: ...show ipv6 pbr route Valid Whether the application and entities are valid Nexthop The IPv4 or IPv6 address of the next hop or the egress interface You can list up to 8 next hop addresses or up to 8 in...

Страница 1435: ...family on page 1438 address family ipv4 RIP on page 1440 arp IP address MAC on page 1441 arp opportunistic nd on page 1443 clear arp cache on page 1445 clear ip bgp BGP only on page 1447 clear ip bgp...

Страница 1436: ...on page 1495 router id VRF on page 1497 show arp on page 1498 show crypto key pubkey chain knownhosts on page 1501 show ip bgp cidr only BGP only on page 1503 show ip bgp community BGP only on page 15...

Страница 1437: ...w ip route database on page 1527 show ip route summary on page 1530 show ip vrf on page 1532 show ip vrf detail on page 1533 show ip vrf interface on page 1534 show running config vrf on page 1535 ssh...

Страница 1438: ...cast Mode BGP Router Configuration Mode BGP4 Router Configuration Usage To leave the IPv4 or IPv6 Address Family Configuration mode and return to the Router Configuration mode use the exit address fam...

Страница 1439: ...igure terminal awplus config router bgp 100 awplus config router neighbor 2001 0db8 010d 1 remote as 100 awplus config router address family ipv6 awplus config router af neighbor 2001 0db8 010d 1 acti...

Страница 1440: ...ve Address Family mode and return to Router Configuration mode use the exit address family command Example In this example the address family green is entered and then exited by using the exit address...

Страница 1441: ...t number alias no arp ip addr Syntax VRF lite arp vrf vrf name ip addr mac address port number alias no arp vrf vrf name ip addr Mode Global Configuration Examples To add the IP address 10 10 10 9 wit...

Страница 1442: ...DS ARP IP ADDRESS MAC Example VRF lite To apply the above example within a VRF instance called red use the following commands awplus configure terminal awplus config arp vrf red 10 10 10 9 0010 2355 4...

Страница 1443: ...d the device will reply to any received unsolicited ARP packets but not gratuitous ARP packets The source MAC address for the unsolicited ARP packet is added to the ARP cache so the device forwards th...

Страница 1444: ...discovery for the VRF instance blue enter awplus configure terminal awplus config arp opportunistic nd vrf blue To disable opportunistic neighbor discovery for the VRF instance blue enter awplus confi...

Страница 1445: ...ress Mode Privileged Exec Usage To display the entries in the ARP cache use the show arp command To remove static ARP entries use the no variant of the arp IP address MAC command Example To clear all...

Страница 1446: ...re Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS CLEAR ARP CACHE When running VRF lite to clear the dynamic ARP entries from the global VRF lite and all VRF instances use the command awplu...

Страница 1447: ...utes will be cleared prefix filter Specifies that a prefix list will be sent by the ORF mechanism to those neighbors with which the ORF capability has been negotiated The neighbors will be triggered t...

Страница 1448: ...BGP ONLY Examples To clear all BGP peers use the command awplus clear ip bgp Example VRF lite To clear all BGP peers in VRF instance red use the command awplus clear ip bgp vrf red To clear all outbou...

Страница 1449: ...Description ipv4 addr Specifies the IPv4 address of the neighbor whose connection is to be reset entered in the form A B C D in Indicates that incoming advertised routes will be cleared prefix filter...

Страница 1450: ...PF routes use the following command awplus clear ip rip vrf red route ospf To clear the route 10 0 0 0 8 from the RIP routing table for the VRF instance red use the following command awplus clear ip r...

Страница 1451: ...C613 50186 01 Rev B Command Reference for AR2050V 1451 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS CLEAR IP RIP ROUTE Command changes Version 5 4 6 2 1 VRF lite support added...

Страница 1452: ...in knownhosts ip ipv6 hostname rsa dsa rsa1 no crypto key pubkey chain knownhosts 1 65535 Syntax VRF lite crypto key pubkey chain knownhosts vrf vrf name ip ipv6 hostname rsa dsa rsa1 no crypto key pu...

Страница 1453: ...e public key of the server is altered or unknown Examples To add the RSA host key of the remote SSH host IPv4 address 192 0 2 11 to the known host database use the command awplus crypto key pubkey cha...

Страница 1454: ...routes regardless of the original protocol that the route has been redistributed from Examples This example assigns the cost of 10 to the routes that are redistributed into RIP awplus configure termi...

Страница 1455: ...oves the description of the selected VRF instance Syntax description descriptive text no description Mode VRF Configuration Example To add the description for a VRF instance named blue use the followi...

Страница 1456: ...mily Configuration for a VRF instance Examples To set the administrative distance to 8 for the RIP routes within the 10 0 0 0 8 network use the commands awplus configure terminal awplus config router...

Страница 1457: ...f the interface the filter will be applied to all interfaces Examples In this example the following commands are used to apply a prefix list called myfilter to filter incoming routing updates in vlan2...

Страница 1458: ...rt in the VRF configuration The no variant of this command disables the capability to export route map entries for a specified VRF instance Syntax export map route map no export map Mode VRF Configura...

Страница 1459: ...e of larger update messages Use the no variant of this command to disable this feature Syntax fullupdate no fullupdate Default By default this feature is disabled Mode RIP Router Configuration or RIP...

Страница 1460: ...e route target command The novariant of this commanddisables the capability toimportroutemap entries for a specified VRF instance Syntax import map route map no import map Mode VRF Configuration Usage...

Страница 1461: ...re you can use the ip route command to create a static inter VRF route The no variant of this command disables static inter VRF routing Syntax ip route static inter vrf no ip route static inter vrf Mo...

Страница 1462: ...e Syntax VRF lite ip route vrf vrf name subnet mask gateway ip interface distance no ip route vrf vrf name subnet mask gateway ip interface distance Parameter Description subnet mask The IPv4 address...

Страница 1463: ...as a static route available through the device at 10 10 0 2 with the default administrative distance use the commands awplus configure terminal awplus config no ip route 192 168 3 0 255 255 255 0 10...

Страница 1464: ...configuration awplus configure terminal awplus config no ip route vrf red 192 168 50 0 24 192 168 20 6 To create a static route from source VRF red to the subnet 192 168 50 0 24 with a next hop of 19...

Страница 1465: ...F instance All interfaces previously belonging to the removed instance are then returned to the global routing and forwarding environment Syntax ip vrf vrf name vrf inst id no ip vrf vrf name vrf inst...

Страница 1466: ...warding vrf name no ip vrf vrf name Mode Interface Configuration Default The default for an interface is the global routing table Examples For LAN interfaces to associate the VRF instance named blue w...

Страница 1467: ...67294 and no warning threshold Examples To set the maximum number of dynamic routes to 2000 and warning threshold of 75 on VRF instance blue use the commands awplus config terminal awplus config ip vr...

Страница 1468: ...mand Reference for AR2050V 1468 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS MAX FIB ROUTES VRF Related Commands max fib routes show ip route Command changes Version 5 4 6 2 1...

Страница 1469: ...x static routescommand For FIB routes use the max fib routes command for the Global VRF instance and the max fib routes VRF command for a user defined VRF instance Use the no variant of this command t...

Страница 1470: ...or BGP4 router to change the next hop information that is sent to the iBGP peer The next hop information is set to the IP address of the interface used to communicate with the neighbor This command ca...

Страница 1471: ...p 10 awplus config router address family ipv4 awplus config router neighbor 10 10 0 72 next hop self awplus configure terminal awplus config router bgp 10 awplus config router address family ipv4 awpl...

Страница 1472: ...awplus config router af no neighbor 2001 0db8 010d 1 next hop self awplus configure terminal awplus config router bgp 10 awplus config router neighbor group1 peer group awplus config router neighbor 2...

Страница 1473: ...up support of this command is configured only after creating a specific peer group Use the no variant of this command to remove a previously configured BGP peering relationship Parameter Description n...

Страница 1474: ...config router bgp 10 awplus config router no neighbor 10 10 0 73 remote as 10 To configure a BGP peering relationship from the neighbor with the peer group named group1 with another router awplus con...

Страница 1475: ...1 peer group awplus config router neighbor 2001 0db8 010d 1 remote as 10 awplus config router address family ipv6 awplus config router af neighbor 2001 0db8 010d 1 peer group group1 awplus config rout...

Страница 1476: ...P Router Configuration or IPv4 Address Family Configuration Mode BGP4 Router Configuration Usage When using the peer group name parameter with this command to apply this command to all peers in the gr...

Страница 1477: ...ghbor group1 password manager This example removes the password set for the neighbor peer group named group1 awplus configure terminal awplus config router bgp 10 awplus config router no neighbor grou...

Страница 1478: ...ter bgp 10 awplus config router neighbor password manager 2001 0db8 010d 1 This example removes the password set for the neighbor 2001 0db8 010d 1 awplus configure terminal awplus config router bgp 10...

Страница 1479: ...C613 50186 01 Rev B Command Reference for AR2050V 1479 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS NEIGHBOR PASSWORD Command changes Version 5 4 6 2 1 VRF lite support added...

Страница 1480: ...s will be sent and received within the specified network or VLAN When running VRF lite this command can be applied to a VRF instance Example Use the following commands to activate RIP routing updates...

Страница 1481: ...ference for AR2050V 1481 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS NETWORK RIP Related Commands show ip rip show running config clear ip rip route Command changes Version 5...

Страница 1482: ...Address Family Configuration for a VRF instance Example Use the following commands to block RIP broadcasts on vlan20 awplus configure terminal awplus config router rip awplus config router passive int...

Страница 1483: ...Enable or disable the do not fragment bit in the IP header interval 0 128 Specify the time interval in seconds between sending ping packets The default is 1 You can use decimal places to specify frac...

Страница 1484: ...lite To ping the IP address 10 10 0 5 from VRF instance red use the following command awplus ping vrf red 10 10 0 5 NOTE Unless across domainstatic orleakedrouteexiststothedestinationIPaddress you mu...

Страница 1485: ...uration Usage For the implementation of VRF lite installed on your switch this command has little practical functionality However the switch does check certain components of the RD that you enter For...

Страница 1486: ...o make sure that only routes to be advertised reach the internet not everything This command allows redistribution by injecting prefixes from one routing protocol into another routing protocol Example...

Страница 1487: ...ch is then applied using the redistribute route map command awplus configure terminal awplus config route map rmap2 permit 3 awplus config route map match interface vlan1 awplus config route map set m...

Страница 1488: ...the OSPF domain to generate AS external LSAs If a route map is configured by this command then that route map is used to control which routes are redistributed and can set metric and tag values on pa...

Страница 1489: ...minal awplus config route map rmap2 permit 3 awplus config route map match interface vlan1 awplus config route map set metric type 1 awplus config route map exit awplus config router ospf 100 awplus c...

Страница 1490: ...1 Mode RIP Router Configuration or RIP Router Address Family Configuration for a VRF instance Example To apply the metric value 15 to static routes being redistributed into RIP use the commands awplus...

Страница 1491: ...ric value 15 to static routes in address family ipv4 VRF instance blue being redistributed into RIP use the following commands awplus configure terminal awplus config router rip awplus config router a...

Страница 1492: ...fter adding the RIP route the route can be checked in the RIP routing table Example To create a static RIP route to IP subnet 192 168 1 0 24 use the following commands awplus configure terminal awplus...

Страница 1493: ...rget RT and the Route Distinguisher RD values For VRF lite however this relationship is only implicit in that they share the same format structure Example Use the following commands to create a route...

Страница 1494: ...C613 50186 01 Rev B Command Reference for AR2050V 1494 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS ROUTE TARGET Related Commands ip vrf show ip vrf...

Страница 1495: ...Syntax VRF lite router ospf process id vrf instance no router ospf process id Default No routing process is defined by default Mode Global Configuration Usage The process ID of OSPF is an optional pa...

Страница 1496: ...RF LITE COMMANDS ROUTER OSPF Example VRF lite To enter Router Configuration mode to configure an existing OSPF routing process 100 for VRF instance red use the commands awplus configure terminal awplu...

Страница 1497: ...OSPF router id behavior Syntax router id ip address no router id Mode Router Configuration Usage Configure each router with a unique router id In an OSPF router process that has active neighbors a new...

Страница 1498: ...meters will display all entries in the ARP routing and forwarding table With VRF lite configured and no additional parameters entered the command output displays all entries listed by their VRF instan...

Страница 1499: ...an2 port1 0 6 static awplus show arp global IP Address MAC Address Interface Port Type 192 168 10 2 0015 77ad fad8 vlan1 port1 0 1 dynamic 192 168 20 2 0015 77ad fa48 vlan2 port1 0 2 dynamic 192 168 1...

Страница 1500: ...ommand Reference for AR2050V 1500 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS SHOW ARP Related Commands arp IP address MAC clear arp cache Command changes Version 5 4 6 2 1 VR...

Страница 1501: ...pecified this command displays the known host database from the global routing environment If neither vrf nor global is specified this command displays the known host database from the global routing...

Страница 1502: ...lite support added No Hostname Type Fingerprint 1 172 16 23 1 rsa c8 33 b1 fe 6f d3 8c 81 4e f7 2a aa a5 be df 18 2 172 16 23 10 rsa c4 79 86 65 ee a0 1d a5 6a e8 fd 1d d3 4e 37 bd 3 5ffe 1053 ac21 f...

Страница 1503: ...ed Exec Example awplus show ip bgp cidr only awplus show ip bgp vrf red cidr only Output Figure 32 5 Example output from the show ip bgp cidr only command Command changes Version 5 4 6 2 1 VRF lite su...

Страница 1504: ...e placeholder Syntax show ip bgp community type exact match Syntax VRF show ip bgp global vrf vrf name community type exact match Mode User Exec and Privileged Exec Parameter Description global When V...

Страница 1505: ...1 64510 64511no advertise awplus show ip bgp community no advertise no advertiseno advertise exact match awplus show ip bgp community no export 64510 64511 no advertise local AS no export awplus show...

Страница 1506: ...y list listname exact match Syntax VRF show ip bgp global vrf vrf name community list listname exact match Mode User Exec and Privileged Exec Example awplus show ip bgp community list mylist exact mat...

Страница 1507: ...nformation in memory Examples awplus show ip bgp dampening dampened paths awplus show ip bgp vrf red dampening dampened paths awplus show ip bgp global dampening flap statistics Output Figure 32 6 Exa...

Страница 1508: ...ly Command changes Version 5 4 6 2 1 VRF lite support added awplus show ip bgp dampening flap statistics BGP table version is 1 local router ID is 30 30 30 77 Status codes s suppressed d damped h hist...

Страница 1509: ...tting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp filter list listname Syntax VRF show ip bgp global vrf vrf name filter list listname Mode User Exec and P...

Страница 1510: ...ng and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp inconsistent as Syntax VRF show ip bgp global vrf vrf name inconsi...

Страница 1511: ...figuration Guide Syntax show ip bgp ip address m longer prefixes Syntax VRF show ip bgp global vrf vrf name ip address m longer prefixes Mode User Exec and Privileged Exec Example awplus show ip bgp 1...

Страница 1512: ...Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip bgp prefix list list Syntax VRF show ip bgp global vrf vrf name prefix list list Mode User Exec and Privil...

Страница 1513: ...bal vrf vrf name quote regexp expression Mode User Exec and Privileged Exec Symbol Character Meaning Caret Used to match the beginning of the input string When used at the beginning of a string of cha...

Страница 1514: ...Version 5 4 7 1 x VRF LITE COMMANDS SHOW IP BGP QUOTE REGEXP BGP ONLY Examples awplus show ip bgp quote regexp myexpression awplus show ip bgp global quote regexp 65550 65555 Related Commands show bg...

Страница 1515: ...and Privileged Exec Symbol Character Meaning Caret Used to match the beginning of the input string When used at the beginning of a string of characters it negates a pattern match Dollar sign Used to m...

Страница 1516: ...ating System Version 5 4 7 1 x VRF LITE COMMANDS SHOW IP BGP REGEXP BGP ONLY Examples awplus show ip bgp regexp myexpression awplus show ip bgp vrf red regexp 65550 65555 Related Commands show bgp ipv...

Страница 1517: ...uide Syntax show ip bgp route map route map Syntax VRF show ip bgp global vrf vrf name route map route map Mode User Exec and Privileged Exec Examples To show routes that match the route map myRouteMa...

Страница 1518: ...t Figure 32 9 Example output from the show ip bgp summary command The Up Down column in this output is a timer that shows never if the peer session has never been established The up time if the peer s...

Страница 1519: ...7 1 x VRF LITE COMMANDS SHOW IP BGP SUMMARY BGP ONLY In the example above the session with 192 168 11 2 has been down for 4 seconds and the session with 192 168 4 2 has never been established Related...

Страница 1520: ...yntax show ip interface vrf vrf name global Mode User Exec and Privileged Exec Examples To display all interfaces and IP addresses associated with a VRF instance red use the command awplus show ip int...

Страница 1521: ...with VRF lite configured Command changes Version 5 4 6 2 1 VRF lite support added Interface IP Address Status Protocol eth0 unassigned admin up down lo unassigned admin up running vlan1 192 168 1 1 24...

Страница 1522: ...uide Syntax show ip rip vrf vrf name global database full Mode User Exec and Privileged Exec Example To display information about the RIP database associated with a VRF instance blue use the command a...

Страница 1523: ...ance blue use the command awplus show ip rip vrf blue interface Output Figure 32 13 Example output from show ip rip vrf blue interface vlan3 NOTE The Time parameter operates as follows RIP updates occ...

Страница 1524: ...ix length Syntax VRF lite show ip route vrf vrf name global bgp connected ospf rip static Mode User Exec and Privileged Exec Example To display the static routes in the FIB use the command awplus show...

Страница 1525: ...as added Figure 32 14 Example output from the show ip route command Connected Route The connected route entry consists of This route entry denotes Route entries for network 10 10 31 0 24 are derived f...

Страница 1526: ...next hop 10 10 31 16 The outgoing local interface for this route is vlan2 This route was added 20 minutes and 54 seconds ago OSPF External Route The OSPF external route entry consists of This route e...

Страница 1527: ...ile use the output redirection token Syntax show ip route database bgp connected ospf rip static Syntax VRF lite show ip route vrf vrf name global database bgp connected ospf rip static Mode User Exec...

Страница 1528: ...tly connected vlan2 00 28 20 C 10 10 31 0 24 is directly connected vlan2 S 10 10 34 0 24 1 0 via 10 10 31 16 vlan2 O 10 10 34 0 24 110 31 via 10 10 31 16 vlan2 00 21 19 O 10 10 37 0 24 110 11 via 10 1...

Страница 1529: ...his static route has a lower administrative distance than the OSPF route 110 the static route 1 is selected and installed in the FIB If the static route becomes unavailable then the device automatical...

Страница 1530: ...f vrf name global Mode User Exec and Privileged Exec Example To display a summary of the current RIB entries use the command awplus show ip route summary Output Figure 32 17 Example output from the sh...

Страница 1531: ...Example output from the show ip route summary vrf red command Related Commands show ip route show ip route database Command changes Version 5 4 6 2 1 VRF lite support added IP routing table name is De...

Страница 1532: ...tax show ip vrf vrf name Mode User Exec and Privileged Exec Example To display brief information for the VRF instance red use the command awplus show ip vrf red Output Figure 32 19 Example output from...

Страница 1533: ...from the show ip detail command for all VRF instances Related Commands show ip vrf Command changes Version 5 4 6 2 1 VRF lite support added Parameter Description vrf name The name of the VRF instance...

Страница 1534: ...ure 32 21 Example output from the show ip vrf interface command Example To display all interfaces and IP addresses associated with the VRF instance red use the command awplus show ip vrf interface red...

Страница 1535: ...system VRF related configurations for all VRF instances Syntax show running config vrf Mode Privileged Exec Example To display the running system VRF related configurations use the command awplus show...

Страница 1536: ...lite ssh vrf vrf name ip ipv6 user username port 1 65535 version 1 2 hostname line Parameter Description vrf Apply the command to the specified VRF instance vrf name The name of the VRF instance ip Sp...

Страница 1537: ...cmd command on the remote SSH server at 192 0 2 5 use the command awplus ssh ip 192 0 2 5 cmd Example VRF lite To login to the remote SSH server at 192 168 1 1 on VRF red use the command awplus ssh vr...

Страница 1538: ...p ip Example VRF lite To start a tcpdump on interface vlan2 associated with a VRF instance red enter the command awplus tcpdump vrf red vlan2 Output Figure 32 24 Example output from the tcpdump comman...

Страница 1539: ...00 use the command awplus telnet host example 100 Example VRF lite To open a telnet session to a remote host 192 168 0 1 associated with VRF instance red use the command awplus telnet vrf red ip 192 1...

Страница 1540: ...e has been dropped When the time specified by the garbage parameter expires the metric 16 route is finally removed from the routing table Until the garbage time expires the route is included in all up...

Страница 1541: ...ate timer to 30 the routing information timeout timer to 180 and the routing garbage collection timer to 120 with VRF use the following command awplus configure terminal awplus config router rip awplu...

Страница 1542: ...x VRF lite traceroute vrf vrf name ip addr hostname Mode User Exec and Privileged Exec Example awplus traceroute 10 10 0 5 Example VRF lite awplus traceroute vrf red 192 168 0 1 Command changes Versio...

Страница 1543: ...eived and sent on all the RIP enabled interfaces Setting the version command has no impact on receiving updates only on sending them The ip rip send version command overrides the value set by the vers...

Страница 1544: ...C613 50186 01 Rev B Command Reference for AR2050V 1544 AlliedWare Plus Operating System Version 5 4 7 1 x VRF LITE COMMANDS VERSION RIP Command changes Version 5 4 6 2 1 VRF lite support added...

Страница 1545: ...C613 50186 01 Rev B Command Reference for AR2050V 1545 AlliedWare Plus Operating System Version 5 4 7 1 x Part 4 Multicast Applications...

Страница 1546: ...hapter describes the commands to configure IGMP Querier behaviour and selection IGMP Snooping and IGMP Proxy Command List clear ip igmp on page 1548 clear ip igmp group on page 1549 clear ip igmp inte...

Страница 1547: ...igmp snooping source timeout on page 1576 ip igmp snooping tcn query solicit on page 1577 ip igmp source address check on page 1579 ip igmp startup query count on page 1580 ip igmp startup query inter...

Страница 1548: ...GMP SNOOPING COMMANDS CLEAR IP IGMP clear ip igmp Overview Use this command to clear all IGMP group membership records on all VLAN interfaces Syntax clear ip igmp Mode Privileged Exec Example awplus c...

Страница 1549: ...rface can be specified Specifying this will mean that only entries with the group learned on the interface will be deleted Examples To delete all group records use the command awplus clear ip igmp gro...

Страница 1550: ...rticular interface Syntax clear ip igmp interface interface Mode Privileged Exec Usage This command applies to interfaces configured for IGMP or IGMP Snooping Example To delete records for vlan1 use t...

Страница 1551: ...ponent of IGMP Syntax debug igmp all decode encode events fsm tib no debug igmp all decode encode events fsm tib Modes Privileged Exec and Global Configuration Example awplus configure terminal awplus...

Страница 1552: ...his command to return all IGMP related configuration to the default on this interface Syntax ip igmp no ip igmp Default Disabled Mode Interface Configuration for a VLAN or Eth interface Usage An IP ad...

Страница 1553: ...2 switched network running IGMP it is considered more robust to flood all specific queries In most cases the benefit of flooding specific queries to all VLAN member ports outweighs the disadvantages H...

Страница 1554: ...ast member query count Default The default last member query count value is 2 Mode Interface Configuration for a VLAN or Eth interface Usage This command applies to Eth interfaces configured for IGMP...

Страница 1555: ...val Default 1000 milliseconds Mode Interface Configuration for a VLAN or Eth interface Usage This command applies to Eth interfaces configured for IGMP and VLAN interfaces configured for IGMP or IGMP...

Страница 1556: ...t Usage We recommend using this command with IGMP snooping fast leave on the relevant VLANs To enable fast leave use the command awplus config if ip igmp snooping fast leave Thedevicekeepscountofthe n...

Страница 1557: ...s to 10 groups on port 1 0 1 which is in vlan1 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if ip igmp maximum groups 10 awplus config if exit awplus conf...

Страница 1558: ...configured for IGMP Proxy You must also enable the IGMP proxy service on the upstream interface using the ip igmp proxy service command You can associate one or more downstream mroute proxy interfaces...

Страница 1559: ...xyinterfaces on this device using the command ip igmp mroute proxy IGMP Proxy does not work with other multicast routing protocols such as PIM SM or PIM DM From version 5 4 7 1 1 onwards IGMP mroute p...

Страница 1560: ...ult timeout interval is 255 seconds Mode Interface Configuration for a VLAN or Eth interface Usage This command applies to Eth and VLAN interfaces configured for IGMP The timeout value should not be l...

Страница 1561: ...k if a stream of Query Solicitation QS packets are sent to the IGMP Querier eliciting a rapid stream of IGMP Queries This command applies to interfaces on which the device is acting as an IGMP Querier...

Страница 1562: ...or AR2050V 1562 AlliedWare Plus Operating System Version 5 4 7 1 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP QUERY HOLDTIME Related Commands ip igmp query interval ip igmp snooping tcn query solicit sho...

Страница 1563: ...ed for IGMP Note that the IGMP query interval is automatically set to a greater value than the IGMP query max response time For example if you set the IGMP query max response time to 2 seconds using t...

Страница 1564: ...set the period between sending IGMP host query messages to the default 125 seconds for vlan10 use the following commands awplus configure terminal awplus config interface vlan10 awplus config if no ip...

Страница 1565: ...mple if you set the IGMP query interval to 3 seconds using the ip igmp query interval command and the current IGMP query interval is less than 3 seconds then the IGMP query maximum response time will...

Страница 1566: ...d Reference for AR2050V 1566 AlliedWare Plus Operating System Version 5 4 7 1 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP QUERY MAX RESPONSE TIME Related Commands ip igmp query interval show ip igmp int...

Страница 1567: ...s are ignored Use the no variant of this command to disable strict RA option validation Syntax ip igmp ra option no ip igmp ra option Default The default state of RA validation is unset Mode Interface...

Страница 1568: ...tax ip igmp robustness variable 1 7 no ip igmp robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a VLAN or Eth interface Usage This command applie...

Страница 1569: ...abled globally Syntax ip igmp snooping no ip igmp snooping Default By default IGMP Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a VLAN i...

Страница 1570: ...message is received without sending out a group specific query Use the no variant of this command to disable fast leave processing Syntax ip igmp snooping fast leave no ip igmp snooping fast leave Def...

Страница 1571: ...remove the static configuration of the port as a multicast router port Syntax ip igmp snooping mrouter interface port no ip igmp snooping mrouter interface port Mode Interface Configuration for a VLA...

Страница 1572: ...address because it only masquerades as a proxy IGMP querier for faster network convergence It does not start or automatically cease the IGMP Querier operation if it detects query message s from a mul...

Страница 1573: ...already downstream ports for this group on this interface Use the no variant of this command to disable report suppression Syntax ip igmp snooping report suppression no ip igmp snooping report suppres...

Страница 1574: ...ration Parameter Description all All reserved multicast addresses 224 0 0 x Packets from all possible addresses in range 224 0 0 x are treated as coming from routers default Default set of reserved mu...

Страница 1575: ...MODE Examples To set ip igmp snooping routermode for all default reserved addresses enter awplus config ip igmp snooping routermode default To remove the multicast address 224 0 0 5 from the custom li...

Страница 1576: ...ke normal entries Interface IGMP Snooping source timeout is disabled by default and unregistered multicast will be timed out like normal entries Mode Interface Global Configuration Usage The timeout d...

Страница 1577: ...nabled by default and cannot be disabled using the Global Configuration mode command However Query Solicitation can be disabled for specified interfaces using the no variant of this command from the I...

Страница 1578: ...nfigure terminal awplus config no ip igmp snooping tcn query solicit To enable Query Solicitation for vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ip...

Страница 1579: ...on for a VLAN or Eth interface Usage This is a security feature and should be enabled unless IGMP Reports from outside the local subnet are expected for example if Multicast VLAN Registration is activ...

Страница 1580: ...t of this command to return an interface s configured IGMP startup query count to the default Syntax ip igmp startup query count startup query count no ip igmp startup query count Default The default...

Страница 1581: ...tartup query interval no ip igmp startup query interval Default The default IGMP startup query interval is one quarter of the IGMP query interval value NOTE The IGMP startup query interval must be one...

Страница 1582: ...witch ports or aggregators Usage Because all ports are trusted by default use this command in its no variant to stop IGMP processing packets on ports you do not trust For example you can use this comm...

Страница 1583: ...Use the no variant of this command to return to the default version Syntax ip igmp version 1 3 no ip igmp version Default The default IGMP version is 3 Mode Interface Configuration for a VLAN or Eth i...

Страница 1584: ...Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging igmp Mode User Exec and Privileged Exec Example To display the IGMP debugging options set enter the...

Страница 1585: ...C D interface Interface name for which to display local information IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224 0 1 1 port1 0 1 00 00 09 00 04 17 10 10 0...

Страница 1586: ...sion 5 4 7 1 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP GROUPS Expires Time in hours minutes and seconds until the entry expires Last Reporter Last host to report being a member of the multicast g...

Страница 1587: ...face If you specify a switch port number the output displays the number of groups the port belongs to and the port s group membership limit if a limit has been set with the command ip igmp maximum gro...

Страница 1588: ...is 500 milliseconds IGMP querier timeout is 255 seconds IGMP max query response time is 10 seconds Last member query response interval is 1000 milliseconds Group Membership interval is 260 seconds St...

Страница 1589: ...p igmp proxy groups vlan multicast group detail Mode User Exec and Privileged Exec Example To display the state of IGMP Proxy services for all interfaces enter the command awplus show ip igmp proxy To...

Страница 1590: ...e User Exec and Privileged Exec Example To show all multicast router interfaces use the command awplus show ip igmp snooping mrouter To show the multicast router interfaces in vlan1 use the command aw...

Страница 1591: ...saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip igmp snooping routermode Mode User Exec and Privileged Exec Example To show t...

Страница 1592: ...e configured IGMP snooping source timeouts for all VLANs use the command awplus show ip igmp snooping source timeout Output Figure 33 6 Example output from show ip igmp snooping source timeout Related...

Страница 1593: ...lan1 vlan2 Output Figure 33 7 Example output from the show ip igmp snooping statistics command for VLANs Parameter Description ip address Optionally specify the address of the multicast group entered...

Страница 1594: ...7 1 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP SNOOPING STATISTICS Figure 33 8 Example output from the show ip igmp snooping statistics command for a switch port awplus show ip igmp interface port...

Страница 1595: ...Command Reference for AR2050V 1595 AlliedWare Plus Operating System Version 5 4 7 1 x IGMP AND IGMP SNOOPING COMMANDS UNDEBUG IGMP undebug igmp Overview This command applies the functionality of the n...

Страница 1596: ...cast routing The IPv6 Multicast addresses shown can be derived from IPv6 unicast prefixes as per RFC 3306 The IPv6 unicast prefix reserved for documentation is 2001 0db8 32 as per RFC 3849 Using the b...

Страница 1597: ...erval on page 1606 ipv6 mld query max response time on page 1607 ipv6 mld robustness variable on page 1608 ipv6 mld snooping on page 1609 ipv6 mld snooping fast leave on page 1611 ipv6 mld snooping mr...

Страница 1598: ...LD clear ipv6 mld Overview Use this command to clear all MLD local memberships on all interfaces Syntax clear ipv6 mld Mode Privileged Exec Usage This command applies to interfaces configured for MLD...

Страница 1599: ...ss Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Example awplus clear ipv6 mld group Related Commands clear i...

Страница 1600: ...ar MLD interface entries Syntax clear ipv6 mld interface interface Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snoop...

Страница 1601: ...ts fsm tib Mode Privileged Exec and Global Configuration Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Examples awplus configure t...

Страница 1602: ...ace or a range of VLAN interfaces Usage MLD requires memory for storing data structures as well as the hardware tables to implement hardware routing As the number of ports VLANs static and dynamic gro...

Страница 1603: ...lt on an interface Syntax ipv6 mld last member query count value no ipv6 mld last member query count Default The default last member query count value is 2 Mode Interface Configuration for a specified...

Страница 1604: ...e default Syntax ipv6 mld last member query interval milliseconds no ipv6 mld last member query interval Default 1000 milliseconds Mode Interface Configuration for a specified VLAN interface or a rang...

Страница 1605: ...ified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example configures the router to wait 1...

Страница 1606: ...ace Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example cha...

Страница 1607: ...ax response time Default 10 seconds Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multic...

Страница 1608: ...ault on an interface Syntax ipv6 mld robustness variable value no ipv6 mld robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a specified VLAN inte...

Страница 1609: ...enabled both globally by using this command in Global Configuration mode and on individual VLAN interfaces by using this command in Interface Configuration mode both are enabled by default MLD require...

Страница 1610: ...MLD SNOOPING COMMANDS IPV6 MLD SNOOPING To configure MLD Snooping globally for the device enter the following commands awplus configure terminal awplus config ipv6 mld snooping To disable MLD Snooping...

Страница 1611: ...le fast leave processing Syntax ipv6 mld snooping fast leave no ipv6 mld snooping fast leave Default MLD Snooping fast leave processing is disabled Mode Interface Configuration for a specified VLAN in...

Страница 1612: ...interface Note that if static IPv6 multicast routing is being used with EPSR and the destination VLAN is an EPSR data VLAN then multicast router mrouter ports must be statically configured This minim...

Страница 1613: ...ulticast router for VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld snooping mrouter interface port1 0 5 This example shows how to specify the ne...

Страница 1614: ...Configuration for a specified VLAN interface Usage This command can only be configured on a single VLAN interface not on multiple VLANs The MLD Snooping querier uses the 0 0 0 0 Source IP address beca...

Страница 1615: ...maybe configured to suppress reports from hosts When a querier sends a query only the first report for particular set of group s from a host will be forwarded to the querier by the MLD Snooping devic...

Страница 1616: ...5 4 7 1 x MLD AND MLD SNOOPING COMMANDS IPV6 MLD SNOOPING REPORT SUPPRESSION This example shows how to disable report suppression for MLD reports on VLAN interfaces vlan2 vlan4 awplus configure termin...

Страница 1617: ...ast SSM mapping feature on the device Use the no variant of this command to disable the SSM mapping feature on the device Syntax ipv6 mld ssm map enable no ipv6 mld ssm map enable Mode Global Configur...

Страница 1618: ...add a static group record use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 To add a static group and source record use...

Страница 1619: ...ystem Version 5 4 7 1 x MLD AND MLD SNOOPING COMMANDS IPV6 MLD STATIC GROUP To add a static group record on a specific port on vlan2 use the following commands awplus configure terminal awplus config...

Страница 1620: ...uration for a VLAN interface Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and MLD Snooping Note this command is intended for use where there is another queri...

Страница 1621: ...g mld command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mld Mode Privileged Exe...

Страница 1622: ...rface detail Mode User Exec and Privileged Exec Examples The following command displays local membership information for all interfaces awplus show ipv6 mld groups Output Figure 34 2 Example output fo...

Страница 1623: ...terfaces enabled for MLD awplus show ipv6 mld interface Output Parameter Description interface Interface name awplus show ipv6 mld interface Interface vlan1 Index 301 MLD Enabled Active Querier Versio...

Страница 1624: ...xec and Privileged Exec Examples The following command displays the multicast router interfaces in vlan2 awplus show ipv6 mld snooping mrouter vlan2 Output The following command displays the multicast...

Страница 1625: ...oping statistics interface interface Mode User Exec and Privileged Exec Example The following command displays MLDv2 statistical information for vlan1 awplus show ipv6 mld snooping statistics interfac...

Страница 1626: ...lticast routing command Static IPv6 multicast routes take priority over dynamic IPv6 multicast routes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 mu...

Страница 1627: ...9 clear ipv6 mroute on page 1630 clear ipv6 mroute statistics on page 1631 debug nsm mcast on page 1632 debug nsm mcast6 on page 1633 ip mroute on page 1634 ip multicast route on page 1636 ip multicas...

Страница 1628: ...its IPv4 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear multicast route...

Страница 1629: ...ies from the IP multicast routing table Syntax clear ip mroute statistics ipv4 group addr ipv4 source addr Mode Privileged Exec Example awplus clear ip mroute statistics 225 1 1 2 192 168 4 4 awplus c...

Страница 1630: ...vant IPv6 multicast route entries in its IPv6 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protoc...

Страница 1631: ...the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clear ipv6 mroute statistics...

Страница 1632: ...ter stats vif Mode Privileged Exec and Global Configuration Examples To enable debugging of all multicast route events use the commands awplus configure terminal awplus config debug nsm mcast all To e...

Страница 1633: ...ter stats vif no debug nsm mcast6 all fib msg mrt register stats vif Mode Privileged Exec and Global Configuration Examples To enable debugging of all multicast route events use the commands awplus co...

Страница 1634: ...mmand enables the user to statically configure the device with multicast routes back to given sources When performing the RPF check on a stream from a given IPv4 source the multicast routing protocol...

Страница 1635: ...ersed in order to arrive at the current router Examples The following example creates a static multicast IPv4 route back to the sources in the 10 10 3 0 24 subnet The multicast route is via the host 1...

Страница 1636: ...configured PIM will not be able to update this multicast route in any way If a dynamic multicast route exists you cannot create a static multicast route with same source IPv4 address group IPv4 addre...

Страница 1637: ...e route for the multicast source IPv4 address 2 2 2 2 and group IPv4 address 224 9 10 11 specifying the upstream VLAN interface as vlan10 use the following commands To create an IPv4 static multicast...

Страница 1638: ...figuration Usage This command limits the number of multicast IPv4 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is s...

Страница 1639: ...vif suppression no ip multicast wrong vif suppression Default By default this feature is disabled Mode Global Configuration Usage Use this command if there is excessive CPU load and multicast traffic...

Страница 1640: ...routing no ip multicast routing Default By default IPv4 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB...

Страница 1641: ...different paths to those used for unicast In this case the interface via which a multicast stream from a given source enters a router may not be the same as the interface that connects to the best un...

Страница 1642: ...urrent router will forward multicast instead it refers to the route the multicast will have traversed in order to arrive at the current router Examples The following example creates a static multicast...

Страница 1643: ...vlan id downstream vlan id Default By default no static routes exist Mode Global Configuration Usage Only one multicast route entry per IPv6 address and multicast group can be specified Therefore if...

Страница 1644: ...ss 2001 1 and group IPv6 address ff08 1 specifying the upstream VLAN interface as vlan10 and the downstream VLAN interface as vlan20 use the following commands awplus configure terminal awplus config...

Страница 1645: ...onfiguration Usage This command limits the number of multicast IPv6 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is...

Страница 1646: ...ast routing Default By default IPv6 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multicast...

Страница 1647: ...ports in the same VLANs as the receiving port will still receive the multicast packets CAUTION We do not recommend disabling multicast routing in a live network Some non multicast protocols use multi...

Страница 1648: ...and source IPv4 address Figure 35 1 Example output from the show ip mroute command Parameter Description ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 sourc...

Страница 1649: ...uptime 00 03 24 stat expires 00 01 28 Owner PIM SM Flags TF Incoming interface vlan2 Outgoing interface list vlan3 1 awplus show ip mroute count IP Multicast Statistics Total 1 routes using 132 bytes...

Страница 1650: ...put Figure 35 5 Example output from the show ip mvif command Figure 35 6 Example output from the show ip mvif command with the interface parameter vlan2 specified Parameter Description interface The i...

Страница 1651: ...show ip rpf Overview Use this command to display Reverse Path Forwarding RPF information for the specified IPv4 source address Syntax show ip rpf source addr Mode User Exec and Privileged Exec Exampl...

Страница 1652: ...le output of this command displaying the IPv6 multicast routing table for a single static IPv6 Multicast route Figure 35 7 Example output from the show ipv6 mroute command Parameter Description ipv6 g...

Страница 1653: ...tics Total 1 routes using 152 bytes memory Route limit Route threshold 1024 1024 Total NOCACHE WRONGmif WHOLEPKT recv from fwd 6 0 0 Total NOCACHE WRONGmif WHOLEPKT sent to clients 6 0 0 Immediate Tim...

Страница 1654: ...tus of multicast forwarding slow path packet setting Syntax show ipv6 multicast forwarding Mode User Exec Example To show the status of the multicast forwarding slow path packet setting use the follow...

Страница 1655: ...ipv6 mif awplus show ipv6 mif vlan2 Output Figure 35 11 Example output from the show ipv6 mif command Figure 35 12 Example output from the show ipv6 mif command with the interface parameter vlan2 spe...

Страница 1656: ...arse mode on page 1660 debug pim sparse mode on page 1661 debug pim sparse mode timer on page 1662 ip pim anycast rp on page 1664 ip pim bsr border on page 1665 ip pim bsr candidate on page 1666 ip pi...

Страница 1657: ...1686 show debugging pim sparse mode on page 1687 show ip pim sparse mode bsr router on page 1688 show ip pim sparse mode interface on page 1689 show ip pim sparse mode interface detail on page 1691 sh...

Страница 1658: ...ulticast clients note that one router will be automatically or statically designated as the RP and all routers must explicitly join through the RP A Designated Router DR sends periodic Join Prune mess...

Страница 1659: ...owing command clears the current packet receive counts for PIM sparse mode awplus configure terminal awplus config clear ip pim sparse mode statistics Output Figure 36 1 Example output from clear ip p...

Страница 1660: ...address and optionally a specified multicast source address Syntax clear ip mroute Group IP address pim sparse mode clear ip mroute Group IP address Source IP address pim sparse mode Mode Privileged...

Страница 1661: ...ion Example awplus configure terminal awplus config debug pim sparse mode all Related Commands show debugging pim sparse mode Parameter Description all Activates deactivates all PIM SM debugging event...

Страница 1662: ...rst Parameter Description assert Enable or disable debugging for the Assert timers at Enable or disable debugging for the Assert Timer bsr Enable or disable debugging for the specified Bootstrap Rout...

Страница 1663: ...he command awplus config debug pim sparse mode timer hello ht To enable debugging for the PIM SM Joinprune expiry timer use the command awplus debug pim sparse mode timer joinprune et To disable debug...

Страница 1664: ...imultaneously advertise the same destination IP address range from many sources resulting in packets address to destination addresses in this range being routed to thenearest source announcing the giv...

Страница 1665: ...etween the two PIM domains BSR messages should not be exchanged between different domains because devices in one domain may elect Rendezvous Points RPs in the other domain resulting in loss of isolati...

Страница 1666: ...elow awplus configure terminal awplus config ip pim bsr candidate vlan2 20 30 To withdraw the address of vlan2 from being offered as a BSR candidate enter awplus configure terminal awplus config no ip...

Страница 1667: ...Register checksum over the whole packet This command is used to inter operate with older Cisco IOS versions Use the no variant of this command to disable this option Syntax ip pim cisco register check...

Страница 1668: ...e default IPv4 multicast group range 224 4 are sent with a prefix of 1 Use the no variant of this command to revert to the default settings Syntax ip pim crp cisco prefix no ip pim crp cisco prefix Mo...

Страница 1669: ...inal awplus config interface vlan2 awplus config if ip pim dr priority 11234 To disable the Designated Router priority value for the VLAN interface vlan2 apply the commands as shown below awplus confi...

Страница 1670: ...used to inter operate with older Cisco IOS versions Use the no variant of this command to revert to default settings Syntax ip pim exclude genid no ip pim exclude genid Default By default this command...

Страница 1671: ...PIM to treat all sources as directly connected for VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ip pim ext srcs directly con...

Страница 1672: ...lt hello holdtime is restored using the negated form of this command Mode Interface Configuration for a VLAN interface or a PPP interface Usage Each time the hello interval is updated the hello holdti...

Страница 1673: ...form of this command Mode Interface Configuration for a VLAN interface or a PPP interface Usage When the hello interval is configured and the hello holdtime is not configured or when the configured h...

Страница 1674: ...s command to ignore the RP SET priority value and use only the hashing mechanism for RP selection This command is used to inter operate with older Cisco IOS versions Use the no variant of this command...

Страница 1675: ...PIM SM join prune timer to its default value of 60 seconds which corresponds to a join prune packet holdtime of 210 seconds Syntax ip pim jp timer 1 65535 no ip pim jp timer 1 65535 Default The defaul...

Страница 1676: ...ure the rate of register packets sent by this DR in units of packets per second Use the no variant of this command to remove the limit Syntax ip pim register rate limit 1 65535 no ip pim register rate...

Страница 1677: ...ability check for PIM Register processing at the DR The default setting is no checking for RP reachability Use the no variant of this command to disable this processing Syntax ip pim register rp reach...

Страница 1678: ...the source host Syntax ip pim register source source_address interface no ip pim register source Usage The configured address must be a reachable address to be used by the RP to send corresponding Reg...

Страница 1679: ...efault of 60 seconds Configuring this value modifies register suppression time at the DR Configuring this value at the RP modifies the RP keepalive period value if the ip pim rp register kat command i...

Страница 1680: ...configure the RP address for multicast groups You need to understand the following information before using this command If the RP address that is configured by the BSR and the RP address that is con...

Страница 1681: ...the priority parameter Mode Global Configuration Usage Note that issuing the commandippimrp candidate interface withoutoptional priority interval or grouplist parameters will configure the candidate...

Страница 1682: ...of this command to return the PIM SM KAT timer to its default value of 210 seconds Syntax ip pim rp register kat 1 65535 no ip pim rp register kat Mode Global Configuration Default The default PIM SM...

Страница 1683: ...Syntax ip pim sparse mode no ip pim sparse mode Mode Interface Configuration for a VLAN interface or a PPP interface Examples awplus configure terminal awplus config interface vlan2 awplus config if...

Страница 1684: ...interface Usage Passive mode essentially stops PIM transactions on the interface allowing only IGMP mechanism to be active To turn off passive mode use the no ip pim sparse mode passive or the ip pim...

Страница 1685: ...hop PIM router to switch to SPT NOTE The switching to SPT happens either at the receiving of the first data packet or not at all it is not rate based Syntax ip pim spt threshold no ip pim spt threshol...

Страница 1686: ...default no ip pim ssm Default By default the command is disabled Mode Global Configuration Usage When an SSM range of IP multicast addresses is defined by the ip pim ssm command the no G or S G rpt st...

Страница 1687: ...ature Overview and Configuration Guide Syntax show debugging pim sparse mode Mode User Exec and Privileged Exec Example To display PIM SM debugging settings use the command awplus show debugging pim s...

Страница 1688: ...mmand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode bsr router Mode User Exec and Privileged Exec Output Figure 36 3 Outpu...

Страница 1689: ...face Total configured interfaces 16 Maximum allowed 31 Total active interfaces 12 Address Interface VIFindex Ver Nbr DR DR Mode Count Prior 192 168 1 53 vlan2 0 v2 S 2 2 192 168 1 53 192 168 10 53 vla...

Страница 1690: ...IP PIM SPARSE MODE INTERFACE Related Commands ip pim sparse mode show ip pim sparse mode rp mapping show ip pim sparse mode neighbor DR Priority Designated Router priority DR The IP address of the Des...

Страница 1691: ...Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode interface detail Mode User Exec and Privileged Exec Output Figure 36 5 Example output from the show...

Страница 1692: ...Exec and Privileged Exec Example To show detailed PIM SM information for all PIM SM configured VLAN interfaces use the command awplus show ip pim sparse mode local members Output Figure 36 6 Example...

Страница 1693: ...xec Usage Note that when a feature license is enabled the output for the show ip pim sparse mode mroute command will only show 32 interfaces because of the terminal display width limit Use the show ip...

Страница 1694: ...sparse mode mroute Related Commands show ip pim sparse mode mroute detail awplus show ip pim sparse mode mroute IP Multicast Routing Table RP Entries 0 G Entries 1 S G Entries 0 S G rpt Entries 0 FCR...

Страница 1695: ...dress detail show ip pim sparse mode mroute group address source address detail show ip pim sparse mode mroute source address group address detail Usage Based on the group and source address the outpu...

Страница 1696: ...ommand IP Multicast Routing Table RP Entries 0 G Entries 4 S G Entries 0 S G rpt Entries 0 FCR Entries 0 224 0 1 24 Uptime 00 06 42 RP 0 0 0 0 RPF nbr None RPF idx None Upstream State JOINED SPT Switc...

Страница 1697: ...output from the show ip pim sparse mode neighbor command Figure 36 11 Example output from the show ip pim sparse mode neighbor interface detail command Parameter Description interface Interface name...

Страница 1698: ...Nexthop Nexthop Nexthop Metric Pref Refcnt Num Addr Ifindex Name ____________________________________________________________________________ 10 10 0 9 RS 1 0 0 0 0 4 0 0 1 Table 2 Parameters in outpu...

Страница 1699: ...lowing command displays the current packet receive counts for PIM sparse mode awplus configure terminal awplus config show ip pim sparse mode statistics Output Figure 36 13 Example output from show ip...

Страница 1700: ...ing command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode rp hash group addr Mode User Exec and Privileged Exec Example aw...

Страница 1701: ...filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode rp mapping Mode Privileged Exec Example awplus...

Страница 1702: ...Version 5 4 7 1 x PIM SM COMMANDS UNDEBUG ALL PIM SPARSE MODE undebug all pim sparse mode Overview Use this command to disable all PIM SM debugging Syntax undebug all pim sparse mode Mode Privileged...

Страница 1703: ...Multicast addresses showncanbederivedfromIPv6unicastprefixes as per RFC 3306 The IPv6 unicast prefix reserved for documentation is 2001 0db8 32 as per RFC 3849 Using the base 32 prefix the IPv6 multic...

Страница 1704: ...pv6 pim neighbor filter on page 1730 ipv6 pim register rate limit on page 1731 ipv6 pim register rp reachability on page 1732 ipv6 pim register source on page 1733 ipv6 pim register suppression on pag...

Страница 1705: ...w ipv6 pim sparse mode neighbor on page 1756 show ipv6 pim sparse mode nexthop on page 1757 show ipv6 pim sparse mode rp hash on page 1758 show ipv6 pim sparse mode rp mapping on page 1759 show ipv6 p...

Страница 1706: ...dynamicIPv6multicastroutes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Synt...

Страница 1707: ...IPv6multicastroutes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clea...

Страница 1708: ...over from previous static IPv6 multicast routes Syntax clear ipv6 pim sparse mode bsr rp set Mode Privileged Exec Usage For multicast clients note that one router will be automatically or statically...

Страница 1709: ...configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode all awplus configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode events...

Страница 1710: ...e packet awplus show debugging ipv6 pim sparse mode PIM SMv6 debugging status PIM event debugging is on PIM MFC debugging is off PIM state debugging is on PIM packet debugging is on PIM Hello HT timer...

Страница 1711: ...igure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode packet in awplus configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode packe...

Страница 1712: ...m ipv6 sparse mode timer register rst Parameter Description assert Enable or disable debugging for the Assert timers at Enable or disable debugging for the Assert Timer bsr Enable or disable debugging...

Страница 1713: ...ommand awplus config debug ipv6 pim sparse mode timer hello ht To enable debugging for the PIM SMv6 Joinprune expiry timer use the command awplus debug ipv6 pim sparse mode timer joinprune et To disab...

Страница 1714: ...which only one receiver endpoint is chosen Anycast is often implemented using BGP to simultaneously advertise the same destination IPv6 address range from many sources resulting in packets addressed t...

Страница 1715: ...x PIM SMV6 COMMANDS IPV6 PIM ANYCAST RP The following example shows how to remove the Anycast RP in the RP set specifying only the anycast RP address with no ipv6 pim anycast rp but not specifying th...

Страница 1716: ...ace Configure an interface bordering another PIM SMv6 domain with this command to avoid BSR messages from being exchanged between the two PIM SMv6 domains BSR messages should not be exchanged between...

Страница 1717: ...to be the PIM SMv6 domain border awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface ppp0 awplus config if ipv6 enable awplus config if...

Страница 1718: ...lus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 pim bsr candidate vlan2 20 30 To withdraw the address of vlan2 from being offered as a BSR...

Страница 1719: ...0V 1719 AlliedWare Plus Operating System Version 5 4 7 1 x PIM SMV6 COMMANDS IPV6 PIM BSR CANDIDATE To withdraw the address of ppp0 from being offered as a BSR candidate enter awplus configure termina...

Страница 1720: ...perate with older Cisco IOS versions Use the no variant of this command to disable this option Syntax ipv6 pim cisco register checksum no ipv6 pim cisco register checksum Default This command is disab...

Страница 1721: ...riant of this command to revert to the default settings Syntax ipv6 pim crp cisco prefix no ipv6 pim crp cisco prefix Mode Global Configuration Usage Cisco s BSR code does not conform to the latest BS...

Страница 1722: ...configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 pim dr priority 11234 To disable...

Страница 1723: ...7 1 x PIM SMV6 COMMANDS IPV6 PIM DR PRIORITY To disable the Designated Router priority value for the PPP interface ppp0 apply the commands as shown below awplus configure terminal awplus config inter...

Страница 1724: ...id no ipv6 pim exclude genid Default By default this command is disabled the GenID option is included Mode Interface Configuration for a VLAN interface or a PPP interface Examples awplus configure ter...

Страница 1725: ...commands awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 pim ext srcs dire...

Страница 1726: ...me the hello interval is updated the hello holdtime is also updated according to the following rules If the hello holdtime is not configured or if the hello holdtime is configured and less than the cu...

Страница 1727: ...d the hello holdtime is not configured or when the configured hello holdtime value is less than the new hello interval value the holdtime value is modified to the 3 5 hello interval Otherwise the hell...

Страница 1728: ...hanism for RP selection Use the no variant of this command to disable this setting Syntax ipv6 pim ignore rp set priority no ipv6 pim ignore rp set priority Mode Global Configuration Usage This comman...

Страница 1729: ...eighbors Use the no variant of this command to return the PIM SMv6 join prune timer to its default value of 210 seconds Syntax ipv6 pim jp timer 1 65535 no ipv6 pim jp timer 1 65535 Default The defaul...

Страница 1730: ...if denied by the filtering IPv6 access list Use the no variant of this command to disable this function Syntax ipv6 pim neighbor filter IPv6 accesslist no ipv6 pim neighbor filter IPv6 accesslist Def...

Страница 1731: ...command to remove the limit and reset to the default rate limit Syntax ipv6 pim register rate limit 1 65535 no ipv6 pim register rate limit Mode Global Configuration Default The default is 0 as reset...

Страница 1732: ...is no checking for RP reachability Use the no variant of this command to disable this processing Syntax ipv6 pim register rp reachability no ipv6 pim register rp reachability Default This command is...

Страница 1733: ...y the RP to send corresponding Register Stop messages in response It is normally the local loopback IPv6 interface address but can also be a physical IPv6 address This IPv6 addressmustbeadvertised byu...

Страница 1734: ...suppression Mode Global Configuration Default The default PIM SMv6 register suppression time is 60 seconds and is restored with the no variant of this command Usage Configuring this value modifies reg...

Страница 1735: ...red statically are both available for a group range then the RP address configured through BSR is chosen over the statically configured RP address If multiple static RPs are available for a group rang...

Страница 1736: ...50186 01 Rev B Command Reference for AR2050V 1736 AlliedWare Plus Operating System Version 5 4 7 1 x PIM SMV6 COMMANDS IPV6 PIM RP ADDRESS Related commands ipv6 pim rp candidate ipv6 pim rp register...

Страница 1737: ...mand ipv6 pim rp candidate interface without optional priority interval or grouplist parameters will configure the candidate RP with a priority value of 192 Examples To specify a priority of 3 use the...

Страница 1738: ...is enabled by default use the no variant of this command to disable the default Syntax ipv6 pim rp embedded no ipv6 pim rp embedded Mode Global Configuration Default Embedded RP is enabled by default...

Страница 1739: ...v6 KAT timer to its default value of 210 seconds Syntax ipv6 pim rp register kat 1 65535 no ipv6 pim rp register kat Mode Global Configuration Default The default PIM SMv6 KAT timer value is 210 secon...

Страница 1740: ...n for a VLAN interface or a PPP interface Examples awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enab...

Страница 1741: ...interface or a PPP interface Usage Passive mode essentially stops PIM SMv6 transactions on the interface allowing only the MLD mechanism to be active Examples awplus configure terminal awplus config i...

Страница 1742: ...NOTE The switching to SPT happens either at the receiving of the first data packet or not at all it is not rate based Syntax ipv6 pim spt threshold no ipv6 pim spt threshold Mode Global Configuration...

Страница 1743: ...to disable the SSM range Syntax ipv6 pim ssm default no ipv6 pim ssm Default By default the command is disabled Mode Global Configuration Usage Any G or S G rpt joins received for multicast groups ad...

Страница 1744: ...ce Configuration for a VLAN interface Default Unicast BSM is disabled by default on an interface Usage This command provides backward compatibility with older versions of the Boot Strap Router BSR spe...

Страница 1745: ...sparse mode Figure 37 2 Example output from the show debugging ipv6 pim sparse mode command Related commands debug ipv6 pim sparse mode undebug ipv6 pim sparse mode awplus show debugging ipv6 pim spar...

Страница 1746: ...sparse mode bsr router Mode User Exec and Privileged Exec Example To display the BSR IPv6 address use the command awplus show ipv6 pim sparse mode bsr router Output Figure 37 3 Example output from the...

Страница 1747: ...de User Exec and Privileged Exec Examples To display information about all PIM SMv6 interfaces use the command awplus show ipv6 pim sparse mode interface awplus show ipv6 pim sparse mode interface Int...

Страница 1748: ...ce for AR2050V 1748 AlliedWare Plus Operating System Version 5 4 7 1 x PIM SMV6 COMMANDS SHOW IPV6 PIM SPARSE MODE INTERFACE Related commands ipv6 pim sparse mode show ipv6 pim sparse mode rp mapping...

Страница 1749: ...ample To show detailed PIM SMv6 information for all PIM SMv6 configured interfaces use the command awplus show ipv6 pim sparse mode interface detail Output Figure 37 4 Example output from the show ipv...

Страница 1750: ...erview and Configuration Guide Syntax show ipv6 pim sparse mode local members interface Mode User Exec and Privileged Exec Example To show detailed PIM SMv6 information for all PIM SMv6 configured VLA...

Страница 1751: ...ersion 5 4 7 1 x PIM SMV6 COMMANDS SHOW IPV6 PIM SPARSE MODE LOCAL MEMBERS Output Figure 37 6 Example output from the show ipv6 pim sparse mode local members vlan1 command awplus show ipv6 pim sparse...

Страница 1752: ...ipv6 pim sparse mode mroute source IPv6 address group IPv6 address Mode User Exec and Privileged Exec Usage Note that when a feature license is enabled the output for the show ipv6 pim sparse mode mro...

Страница 1753: ...Entries 0 G Entries 2 S G Entries 0 S G rpt Entries 0 FCR Entries 2 ff0x db8 0 0 96 RP 3ffe 10 10 5 153 RPF nbr fe80 202 b3ff fed4 69fe RPF idx wm0 Upstream State JOINED Local l Joined Asserted FCR So...

Страница 1754: ...tput see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 pim sparse mode mroute source IPv6 address detail Usage Based on the group and source IPv6 a...

Страница 1755: ...Pv6 Multicast Routing Table RP Entries 0 G Entries 1 S G Entries 0 S G rpt Entries 0 FCR Entries 0 ff13 10 Uptime 00 00 09 RP RPF nbr None RPF idx None Upstream State JOINED SPT Switch Enabled JT off...

Страница 1756: ...t from the show ipv6 pim sparse mode neighbor command Figure 37 10 Example output from the show ipv6 pim sparse mode neighbor interface detail command Parameter Description interface Interface name e...

Страница 1757: ...Nexthop Nexthop Nexthop Nexthop Metric Pref Refcnt Num Addr Ifindex Name _____________________________________________________________________________________ 3ffe 10 10 5 153 RS 1 fe80 20e cff fe01 f...

Страница 1758: ...etting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 pim sparse mode rp hash IPv6 group addr Mode User Exec and Privileged Exec Example awplus show ipv6 pim sp...

Страница 1759: ...and output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 pim sparse mode rp mapping Mode User Exec and Privileged Exec Example awplus show ipv6...

Страница 1760: ...display next hop RP information entered in the form X X X X awplus show ipv6 pim sparse mode rp nexthop 3ffe 10 10 5 153 Flags N New R RP S Source U Unreachable Destination Type Nexthop Nexthop Nextho...

Страница 1761: ...IM SMV6 COMMANDS SHOW IPV6 PIM SPARSE MODE RP NEXTHOP Metric The metric of the route towards the destination Preference The preference of the route towards destination Refcnt Only used for debugging T...

Страница 1762: ...1 x PIM SMV6 COMMANDS UNDEBUG ALL IPV6 PIM SPARSE MODE undebug all ipv6 pim sparse mode Overview Use this command to disable all PIM SMv6 debugging Syntax undebug all ipv6 pim sparse mode Mode Privil...

Страница 1763: ...g ipv6 pim sparse mode all awplus configure terminal awplus config terminal monitor awplus config undebug ipv6 pim sparse mode events awplus configure terminal awplus config terminal monitor awplus co...

Страница 1764: ...arse mode PIM SMv6 debugging status PIM event debugging is off PIM MFC debugging is off PIM state debugging is off PIM packet debugging is off PIM Hello HT timer debugging is off PIM Hello NLT timer d...

Страница 1765: ...C613 50186 01 Rev B Command Reference for AR2050V 1765 AlliedWare Plus Operating System Version 5 4 7 1 x Part 5 Access and Security...

Страница 1766: ...ug traffic control on page 1774 interface traffic control on page 1775 l3 filtering enable on page 1776 move rule traffic control on page 1777 policy traffic control on page 1778 red curve on page 178...

Страница 1767: ...rsion 5 4 7 1 x TRAFFIC CONTROL COMMANDS sub class htb on page 1798 sub class priority on page 1800 sub class wrr on page 1802 sub sub class htb on page 1804 sub sub class priority on page 1806 sub su...

Страница 1768: ...of the class cir committed rate Set the Committed Information Rate CIR for the queue This parameter is compulsory when creating a new class When editing an existing class this parameter is optional pi...

Страница 1769: ...To configure a class with a sub sub class as the leaf class use the commands awplus configure terminal awplus config traffic control awplus config tc policy p01 htb awplus config tc policy class c01...

Страница 1770: ...policy is specified this command uses the Traffic Control Class mode to apply it Parameter Description class name Name of the class priority level 0 15 Set the priority level 15 is the highest This pa...

Страница 1771: ...c policy class c01 priority level 5 sub class policy priority awplus config tc class sub class s01 priority level 7 sub sub class policy priority awplus config tc subclass sub sub class ss01 priority...

Страница 1772: ...with the specified name the command will replace the configuration of the existing class if it does not have any sub classes If a sub class policy is specified this command uses the Traffic Control C...

Страница 1773: ...1 wrr awplus config tc policy class c01 weight 50 sub class policy wrr awplus config tc class sub class s01 weight 30 sub sub class policy wrr awplus config tc subclass sub sub class ss01 weight 5 que...

Страница 1774: ...nformation to be logged and available using the show debugging traffic control Use the no variant of this command to disable traffic control debugging Syntax debug traffic control no debug traffic con...

Страница 1775: ...terminal awplus config traffic control awplus config tc interface eth1 overhead ethernet virtual bandwidth 10mbit system bandwidth 1 Related Commands show running config traffic control show traffic c...

Страница 1776: ...for bridged traffic on a bridge interface Syntax l3 filtering enable no l3 filtering enable Default Traffic control is disabled by default for bridged traffic Mode Interface mode for a bridge interfac...

Страница 1777: ...x move rule 1 65535 to 1 65535 Default None Mode Traffic Control Example To change rule ID 10 to rule ID 25 use the commands awplus cofigure terminal awplus config traffic control awplus config tc mov...

Страница 1778: ...level queueing discipline which determines the type of classes that can be configured under the policy This command uses the Traffic Control Policy mode Examples To configure a policy use the command...

Страница 1779: ...mand Reference for AR2050V 1779 AlliedWare Plus Operating System Version 5 4 7 1 x TRAFFIC CONTROL COMMANDS POLICY TRAFFIC CONTROL sub class priority sub class wrr sub sub class htb sub sub class prio...

Страница 1780: ...rminal awplus config traffic control awplus config tc red curve red ecn ecn Parameter Description red curve name The RED curve name limit 4 127 The hard queue length limit in packets for the RED curve...

Страница 1781: ...commands awplus configure terminal awplus config traffic control awplus config tc red curve aggressive min 5 max 50 probability 70 Related Commands class htb class priority class wrr show traffic con...

Страница 1782: ...le order by using the move rule traffic control command Parameter Description 1 65535 The rule ID is an integer in the range from 1 to 65535 If you do not designate a rule ID one will be automatically...

Страница 1783: ...c is high priority traffic that is allocated a fixed amount of bandwidth on an interface Use the interface traffic control command to configure system bandwidth on an interface Examples To configure a...

Страница 1784: ...lay the status of traffic control debugging Syntax show debugging traffic control Default None Mode Privileged Exec Example To show if traffic control debugging is on or off run the command awplus sho...

Страница 1785: ...trol policy A wrr class B5001 weight 30 class B5002 weight 60 policy P priority class P10 priority level 10 max 5mbit class P3 priority level 3 max 8mbit sub class policy htb sub class H cir 3mbit bc...

Страница 1786: ...C613 50186 01 Rev B Command Reference for AR2050V 1786 AlliedWare Plus Operating System Version 5 4 7 1 x TRAFFIC CONTROL COMMANDS SHOW RUNNING CONFIG TRAFFIC CONTROL traffic control...

Страница 1787: ...ll interfaces with traffic control policies applied is displayed Syntax show traffic countrol counters interface name Default None Mode Privileged Exec Examples To show the traffic control counters fo...

Страница 1788: ...config traffic control Interface eth2 Class Counter Bytes Packets A Sent 58681224 232862 Currently Queued 0 383 Dropped 1039845 A B5001 Sent 10671444 42347 Currently Queued 32004 128 Dropped 164954 A...

Страница 1789: ...to traffic control Syntax show traffic control interface interface name Default None Mode Privileged Exec Examples To show traffic control information for all interfaces use the command awplus show t...

Страница 1790: ...control show running config traffic control vlan10 Policy Default policy Virtual bandwidth Not set optional Packet overhead 0 Bytes vlan3 Policy Default policy Virtual bandwidth Not set optional Pack...

Страница 1791: ...olicies are displayed Syntax show traffic control policy policy name Default None Mode Privileged Exec Examples To show all traffic control policies use the command awplus show traffic control policy...

Страница 1792: ...ucket Type htb Applied interfaces None Classes Class A Committed rate CIR 5000kbit Peak rate PIR 6000kbit Preference 2 Class B Committed rate CIR 2000kbit Peak rate PIR 4000kbit Burst Bc 100000B Exces...

Страница 1793: ...awplus show traffic control red curve To show a specified red curve called TCP_session_1 use the command awplus show traffic control red curve TCP_session_1 Output Figure 38 6 Example output from show...

Страница 1794: ...rom show traffic control red curve TCP_session_1 Related Commands red curve show running config show running config traffic control show traffic control policy awplus show traffic control red curve TC...

Страница 1795: ...id the show traffic control rule config check command will print the reasonswhy therule is invalid Information is onlyshown forinvalidrules If allrules are valid a message will be printed showing all...

Страница 1796: ...ng traffic will be sent to Examples To show a list of all traffic control rules configured use the command awplus show traffic control rule To show traffic control rule 10 configured use the command a...

Страница 1797: ...e This command shows if traffic control is enabled how many rules are configured and how many interfaces have a virtual bandwidth applied Example To show an overview of the status of the traffic contr...

Страница 1798: ...n class name Name of the class cir committed rate Set the Committed Information Rate CIR for the queue Specified in kbit mbit gbit per second 1kbit 100gbit This parameter is compulsory when creating a...

Страница 1799: ...l awplus config tc policy p01 htb awplus config tc policy class c01 cir 100mbit pir 150mbit sub class policy htb wplus config tc class sub class s02 cir 20mbit queue length 200 red curve s02 red To en...

Страница 1800: ...ll replace the configuration of the existing sub class if it does not have any sub sub classes If a sub sub class policy is specified this command uses the Traffic Control Class mode to apply it Param...

Страница 1801: ...50mbit queue length 200 red curve ss01 red To enter Traffic Control Class mode for an existing sub class use the commands awplus configure terminal awplus config traffic control awplus config tc poli...

Страница 1802: ...name the command will replace the configuration of the existing class if it does not have any sub classes If a sub class policy is specified this command uses the Traffic Control Class mode to apply i...

Страница 1803: ...ht 40 queue length 200 red curve s02 red To enter Traffic Control Class mode for an existing sub class use the commands awplus configure terminal awplus config traffic control awplus config tc policy...

Страница 1804: ...s command will replace the configuration of the existing sub sub class Parameter Description class name Name of the sub sub class cir committed rate Set the Committed Information Rate CIR for the queu...

Страница 1805: ...mands awplus configure terminal awplus config traffic control awplus config tc policy p01 htb awplus config tc policy class c01 cir 100mbit pir 150mbit sub class policy htb awplus config tc class sub...

Страница 1806: ...will replace the configuration of the existing sub sub class Examples To configure a sub sub class use the commands awplus configure terminal awplus config traffic control awplus config tc policy p01...

Страница 1807: ...vel 5 sub class policy priority awplus config tc class sub class s01 priority level 7 sub sub class policy priority awplus config tc subclass sub sub class ss01 priority level 3 max 5mbit queue length...

Страница 1808: ...e existing sub sub class Examples To configure a sub sub class as a leaf class use the commands awplus configure terminal awplus config traffic control awplus config tc policy p01 wrr awplus config tc...

Страница 1809: ...ht 50 sub class policy wrr awplus config tc class sub class s01 weight 30 sub sub class policy wrr awplus config tc subclass sub sub class ss01 weight 5 queue length 200 red curve ss01 red To delete a...

Страница 1810: ...affic control is enabled and no rules are added a default queueing discipline is applied to all interfaces that support traffic control You can use the policy command to configure traffic control poli...

Страница 1811: ...ode you can enable or disable traffic control create and delete traffic control policies create move and delete rules for traffic control set and unset packet overhead system bandwidth and virtual ban...

Страница 1812: ...RAFFIC CONTROL show running config traffic control show traffic control show traffic control counters show traffic control interface show traffic control policy show traffic control rule show traffic...

Страница 1813: ...e 1819 auth max supplicant on page 1821 auth profile Global Configuration on page 1823 auth profile Interface Configuration on page 1824 auth reauthentication on page 1825 auth supplicant ip on page 1...

Страница 1814: ...ge 1859 auth web server page welcome message on page 1860 auth web server ping poll enable on page 1861 auth web server ping poll failcount on page 1862 auth web server ping poll interval on page 1863...

Страница 1815: ...ystem Version 5 4 7 1 x AUTHENTICATION COMMANDS show auth statistics interface on page 1883 show auth supplicant on page 1884 show auth supplicant interface on page 1887 show auth web server on page 1...

Страница 1816: ...ode Examples To enable the critical port feature on interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if auth critical To disable the criti...

Страница 1817: ...awplus configure terminal awplus config interface eth1 awplus config if auth host mode multi supplicant Parameter Description single host Single host mode In this mode only one host may be authorized...

Страница 1818: ...f no auth host mode To set the host mode to multi supplicant on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile...

Страница 1819: ...to interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if auth log auth web failure To configure the logging of web authentication failures t...

Страница 1820: ...sable the logging of all types of authentication log messages to the log file for supplicants client devices connected to authentication profile student use the commands awplus configure terminal awpl...

Страница 1821: ...ples To set the maximum number of supplicants to 10 on interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if auth max supplicant 10 To reset...

Страница 1822: ...01 Rev B Command Reference for AR2050V 1822 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH MAX SUPPLICANT Related Commands auth profile Global Configuration show runn...

Страница 1823: ...port authentication profiles are created by default Mode Global Configuration Usage A port authentication profile is a configuration object that aggregates multiple port authentication commands These...

Страница 1824: ...ge This command attaches a authentication profile created using the auth profile Global Configuration command to an Ethernet port You can only attach one profile to an interface at a time use the no v...

Страница 1825: ...uthentication on interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if auth reauthentication To disable reauthentication on interface eth1 u...

Страница 1826: ...ntry in A B C D P format max reauth req The number of reauthentication attempts before becoming unauthorized 1 10 Count of reauthentication attempts default 2 port control Port control commands auto A...

Страница 1827: ...interface eth1 use the commands awplus configure terminal awplus config interface eth1 awplus config if no auth supplicant ip 192 168 10 0 24 To disable reauthentication for the supplicant s IP addres...

Страница 1828: ...The mask comprises a string of three period separated bytes where each byte comprises four hexadecimal characters that will generally be either 1or 0 When the mask is applied to a specific MAC addres...

Страница 1829: ...andthen toforceauthorizedportcontrol for interface eth1 use the commands awplus configure terminal awplus config interface eth1 awplus config if auth supplicant mac 0000 5E00 0000 mask ffff ff00 0000...

Страница 1830: ...0000 5E00 5343 port control force authorized To delete the supplicant MAC address 0000 5E00 5343 for authentication profile student use the commands awplus configure terminal awplus config auth profi...

Страница 1831: ...ect timeout period to 3600 seconds for interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if auth timeout connect timeout 3600 To reset the...

Страница 1832: ...nds for interface eth1 use the commands awplus configure terminal awplus config interface eth1 awplus config if auth timeout quiet period 10 To reset the quiet period to the default 60 seconds for int...

Страница 1833: ...Authentication Profile mode Examples To set the reauthentication period to 1 day for interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if...

Страница 1834: ...nd Reference for AR2050V 1834 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH TIMEOUT REAUTH PERIOD Related Commands auth profile Global Configuration auth reauthentica...

Страница 1835: ...commands awplus configure terminal awplus config interface eth1 awplus config if auth timeout server timeout 120 To set the server timeout to the default 30 seconds for interface eth1 use the followin...

Страница 1836: ...list name no auth web accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list example_acct on the eth1 interface use the co...

Страница 1837: ...th web authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list example_auth on the eth1 interface use the commands awpl...

Страница 1838: ...mmand are both configured you need to configure a firewall rule to allow Auth web traffic to pass through thefirewall Web authuses TCP ports8081 8082 8083 and 8084 You can create a firewall rule like...

Страница 1839: ...ION COMMANDS AUTH WEB ENABLE To disable Web authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no...

Страница 1840: ...o auth web forward ip address ip address prefix length dns tcp 1 65535 udp 1 65535 Or no auth web forward arp dhcp dns tcp 1 65535 udp 1 65535 Default Packet forwarding for port authentication is enab...

Страница 1841: ...37 on interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if no auth web forward tcp 137 To delete the all of TCP forwarding on interface eth...

Страница 1842: ...tudent use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth web forward tcp 137 To delete all tcp forwarding on authentication profile stude...

Страница 1843: ...Syntax auth web idle timeout enable no auth web idle timeout enable Default The idle timeout is disabled by default Mode Interface Mode and Auth Profile Example To enable the idle timeout on an interf...

Страница 1844: ...efault setting 3600 seconds Syntax auth web idle timeout timeout 420 86400 no auth web idle timeout timeout Default The timeout is 3600 seconds by default Mode Interface Mode and Auth Profile Example...

Страница 1845: ...n Ethernet port or Authentication Profile mode Examples To set the lock count to 5 on interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if...

Страница 1846: ...r AR2050V 1846 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH WEB MAX AUTH FAIL Related Commands auth profile Global Configuration auth timeout quiet period show auth...

Страница 1847: ...e Example To set the Web Authentication method to eap md5 on interface eth1 use the following commands awplus configure terminal awplus config interface eth1 awplus config if auth web method eap md5 T...

Страница 1848: ...tion Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together You canno...

Страница 1849: ...e the AAA and Port Authentication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancemen...

Страница 1850: ...to use WPAD the supplicant s web browser will use TCP port 80 as usual Therefore the packet can be intercepted by Web Authentication as normal and the Web Authentication Login page can be sent However...

Страница 1851: ...S protocol the web browser will validate the certificate If the certificate is invalid the web page gives a warning message before displaying server content However the web page will not give warning...

Страница 1852: ...rt number In this case Web Authentication cannot intercept the connection To overcome this limitation you can use this command to tell the switch which additional port it should intercept and then sen...

Страница 1853: ...eb server ipaddress ip address no auth web server ipaddress Default The Web Authentication server address on the system is not set by default Mode Global Configuration Examples To set the IP address 1...

Страница 1854: ...glish by default Mode Global Configuration Examples To set Japanese as the presentation language of Web authentication pages use the following commands awplus configure terminal awplus config auth web...

Страница 1855: ...figuration Guide for details Use the no variant of this command to delete the URL Syntax auth web server login url URL no auth web server login url Default The built in login page is set by default Mo...

Страница 1856: ...Port Authentication Feature Overview and Configuration Guide Syntax auth web server page logo auto default hidden no auth web server page logo Default Logo type is auto by default Mode Global Configu...

Страница 1857: ...Overview and Configuration Guide Syntax auth web server page sub title hidden text sub title no auth web server page sub title Default Allied Telesis is displayed by default Mode Global Configuration...

Страница 1858: ...Port Authentication Feature Overview and Configuration Guide Syntax auth web server page success message text success message no auth web server page success message Default No success message is set...

Страница 1859: ...yntax auth web server page title hidden text title no auth web server page title Default Web Access Authentication Gateway is displayed by default Mode Global Configuration Examples To set the custom...

Страница 1860: ...nd Port Authentication Feature Overview and Configuration Guide Syntax auth web server page welcome message text welcome message no auth web server page welcome message Default No welcome message is s...

Страница 1861: ...icated by Web Authentication Syntax auth web server ping poll enable no auth web server ping poll enable Default The ping polling feature for Web Authentication is disabled by default Mode Global Conf...

Страница 1862: ...the no variant of this command to resets the fail count for the ping polling feature to the default 5 pings Syntax auth web server ping poll failcount 1 100 no auth web server ping poll failcount Def...

Страница 1863: ...polling 30 seconds Syntax auth web server ping poll interval 1 65535 no auth web server ping poll interval Default The interval for ping polling is 30 seconds by default Mode Global Configuration Exa...

Страница 1864: ...variant of this command to reset the reauth timer refresh parameter to the default setting disabled Syntax auth web server ping poll reauth timer refresh no auth web server ping poll reauth timer ref...

Страница 1865: ...set the timeout of ping polling to the default 1 second Syntax auth web server ping poll timeout 1 30 no auth web server ping poll timeout Default The default timeout for ping polling is 1 second Mode...

Страница 1866: ...thentication server HTTP port number is set to 80 by default Mode Global Configuration Examples To set the HTTP port number 8080 for the Web Authentication server use the following commands awplus con...

Страница 1867: ...b server redirect delay time Default The default redirect delay time is 5 seconds Mode Global Configuration Examples To set the delay time to 60 seconds for the Web Authentication server use the follo...

Страница 1868: ...x auth web server redirect url url no auth web server redirect url Default The redirect URL for the Web Authentication server feature is not set by default null Mode Global Configuration Examples To e...

Страница 1869: ...disabled by default Mode Global Configuration Usage This function doesn t ensure to keep session information in all cases Authenticated supplicant may be redirected to unexpected page when session ke...

Страница 1870: ...ax auth web server ssl no auth web server ssl Default HTTPS functionality for the Web Authentication server feature is disabled by default Mode Global Configuration Examples To enable HTTPS functional...

Страница 1871: ...iant of this command to delete registered port number Syntax auth web server ssl intercept port 1 65535 no auth web server ssl intercept port 1 65535 Default 443 TCP is registered by default Mode Glob...

Страница 1872: ...configuration PAC file to your switch The Web Authentication supplicant can get the downloaded file from the system web server Syntax copy filename proxy autoconfig file Mode Privileged Exec Example T...

Страница 1873: ...in PEM Privacy Enhanced Mail format and contain the private key and the server certificate Syntax copy filename web auth https file Mode Privileged Exec Example To download the server certificate fil...

Страница 1874: ...t No description configured by default Mode Authentication Profile Example To add a description to the authentication profile student use the following commands awplus configure terminal awplus config...

Страница 1875: ...UTOCONFIG FILE erase proxy autoconfig file Overview Use this command to remove the proxy auto configuration file Syntax erase proxy autoconfig file Mode Privileged Exec Example To remove the proxy aut...

Страница 1876: ...h https file Overview Use this command to remove the SSL server certificate for web based authentication Syntax erase web auth https file Mode Privileged Exec Example To remove the SSL server certific...

Страница 1877: ...namic or LACP channel group or a switch port awplus show auth all 802 1X Port Based Authentication Enabled MAC based Port Authentication Disabled WEB based Port Authentication Enabled RADIUS server ad...

Страница 1878: ...rameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g eth1 a continuous range of interfaces e g eth1 2 a com...

Страница 1879: ...ified interface Syntax show auth interface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Example To display the Port based authentication status for eth...

Страница 1880: ...ns in KT keyTxEnabled false critical disabled guestVlan disabled authFailVlan disabled dynamicVlanCreation disabled hostMode single host dot1x enabled protocolVersion 1 authMac disabled authWeb enable...

Страница 1881: ...the command awplus show auth statistics interface eth1 To display the Port Authenticated supplicant on interface eth1 enter the command awplus show auth interface eth1 supplicant Related Commands show...

Страница 1882: ...r the command awplus show auth sessionstatistics interface eth1 Output Figure 39 3 Example output from the show auth sessionstatistics command Parameter Description interface Specify ports to show int...

Страница 1883: ...cified interface Syntax show auth statistics interface interface list Mode Privileged Exec Example To display Port Authentication statistics for eth1 enter the command awplus show auth statistics inte...

Страница 1884: ...To display authenticated supplicant information for device with MAC address 0000 5E00 5301 enter the command awplus show auth supplicant 0000 5E00 5301 Output Figure 39 4 Example output from show auth...

Страница 1885: ...start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 0 CD adminControlledDirections i...

Страница 1886: ...01 Rev B Command Reference for AR2050V 1886 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS SHOW AUTH SUPPLICANT Related Commands aaa accounting auth web aaa authentication...

Страница 1887: ...plicant interface interface list brief Mode Privileged Exec Examples To display the authenticated supplicant on the interface eth1 enter the command awplus show auth supplicant interface eth1 To displ...

Страница 1888: ...Example output from the show auth web server command Related Commands auth web server ipaddress auth web server port auth web server redirect delay time auth web server redirect url auth web server s...

Страница 1889: ...the web authentication page information use the command awplus show auth web server page Figure 39 8 Example output from the show auth web server page command Related Commands auth web forward auth w...

Страница 1890: ...yntax show proxy autoconfig file Mode Privileged Exec Example To display the contents of the proxy auto configuration PAC file enter the command awplus show auth proxy autoconfig file Output Figure 39...

Страница 1891: ...1897 aaa authentication auth web on page 1900 aaa authentication enable default group tacacs on page 1902 aaa authentication enable default local on page 1904 aaa authentication login on page 1905 aa...

Страница 1892: ...dius secure proxy aaa on page 1922 server radsecproxy aaa on page 1923 server mutual authentication on page 1925 server name check on page 1926 server trustpoint on page 1927 show aaa local user locke...

Страница 1893: ...none group group name radius no aaa accounting auth web default list name Default RADIUS accounting for Web based authentication is disabled by default Mode Global Configuration Usage This command can...

Страница 1894: ...use the commands awplus configure terminal awplus config aaa accounting auth web default start stop group radius To disable the default RADIUS accounting method for Web based authentication use the c...

Страница 1895: ...by default Mode Global Configuration Usage This command only supports a default method list this means that it is applied to every console and VTY line The stop only parameter indicates that the comm...

Страница 1896: ...vilege levels 1 7 and 15 use the following commands awplus configure terminal awplus config aaa accounting commands 1 default stop only group tacacs awplus config aaa accounting commands 7 default sto...

Страница 1897: ...ounting method list for login shell sessions configured by an aaa accounting login command If the method list being deleted is already applied to a console or VTY line accounting on that line will bed...

Страница 1898: ...ame use the specified RADIUS server group configured with the aaa group server command There is one way to define servers where TACACS accounting messages are sent group tacacs use all TACACS servers...

Страница 1899: ...AR2050V 1899 AlliedWare Plus Operating System Version 5 4 7 1 x AAA COMMANDS AAA ACCOUNTING LOGIN Related Commands aaa accounting commands aaa authentication login aaa accounting login accounting log...

Страница 1900: ...default list name Default Web based authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a name...

Страница 1901: ...entication use the commands awplus configure terminal awplus config no aaa authentication auth web default To enable Web based authentication for named list example_auth with RADIUS server group rad_g...

Страница 1902: ...ed privilege level is equal to or less than the users maximum privilege level then they are granted access to that level If the user attempts to access a privilege level that is higher than their maxi...

Страница 1903: ...Examples To enable a privilege level authentication method that will not allow the user to access Privileged Exec mode if the TACACS server goes offline or is not reachable during enable password auth...

Страница 1904: ...n Usage The privilege level configured for a particular user in the local user database is the privilege threshold above which the user is prompted for an enable Privileged Exec mode command Examples...

Страница 1905: ...efault method list This will return the default method list to its default state local is the default Syntax aaa authentication login default list name local group radius tacacs group name no aaa auth...

Страница 1906: ...r user login to first use all available RADIUS servers for user login authentication and then use the local user database use the following commands awplus configure terminal awplus config aaa authent...

Страница 1907: ...dius containing all RADIUS servers configured by the radius server host command Note that if the default authentication method is used all OpenVPN tunnels will use the group radius containing all RADI...

Страница 1908: ...t to the first available configured TACACS server the first server configured for authorization Parameter Description privilege level The privilege level of the set of commands the method list will be...

Страница 1909: ...llback is not configured and all servers become unreachable then all commands except logout exit and quit will be denied The default method list is defined with a local fallback unless configured diff...

Страница 1910: ...Usage If authorization of configuration mode commands is not enabled then all configuration commands are accepted by default including command authorization commands NOTE Authorization of configurati...

Страница 1911: ...RADIUS servers and to enter Server Group Configurationmode inwhich you canadd servers to thegroup Use a server groupto specify a subset of RADIUS servers in AAA commands Each RADIUS server must be co...

Страница 1912: ...ration Default The default for the lockout time is 300 seconds 5 minutes Usage While locked out all attempts to login with the locked account will fail The lockout can be manually cleared by another p...

Страница 1913: ...login counter reaches the limit configured by this command that user account is locked out for a specified duration configured by the aaa local authentication attempts lockout time command When a succ...

Страница 1914: ...console SSH and Telnet Use the novariantof this commandtoresetthe minimumtimeperiod to itsdefault value Syntax aaa login fail delay 1 10 no aaa login fail delay 1 10 Default 1 second Mode Global conf...

Страница 1915: ...ogin default login accounting is applied after issuing the no accounting login command Accounting is disabled with default Syntax accounting login default list name no accounting login Default By defa...

Страница 1916: ...list with privilege level 15 to VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line authorization commands 15 TAC15 To reset the command...

Страница 1917: ...ommand Reference for AR2050V 1917 AlliedWare Plus Operating System Version 5 4 7 1 x AAA COMMANDS AUTHORIZATION COMMANDS aaa authorization config commands tacacs server host Command changes Version 5...

Страница 1918: ...aaa local user lockout username username all Mode Privileged Exec Examples To unlock the user account bob use the following command awplus clear aaa local user lockout username bob To unlock all user...

Страница 1919: ...ounting all authentication authorization Default AAA debugging is disabled by default Mode Privileged Exec Examples To enable authentication debugging for AAA use the command awplus debug aaa authenti...

Страница 1920: ...Default The default login authentication method list as specified by the aaa authentication login command is used to authenticate user login If this has not been specified the default is to use the l...

Страница 1921: ...roxy port Default The default port is 1645 Mode RadSecProxy AAA Configuration Mode Usage It is not necessary to change the value from the default unless UDP port 1645 is required for another purpose R...

Страница 1922: ...uration mode This application allows local RADIUS based clients on system to communicate with remote RadSec servers via a secure TLS proxy Syntax radius secure proxy aaa Mode Global Configuration Mode...

Страница 1923: ...value for RADIUS servers will be used The global timeout may be changed using the radius server timeout command The default global timeout is 5 seconds Each server may be configured to use certificate...

Страница 1924: ...ER RADSECPROXY AAA Example To add a server which waits 3 seconds before receiving replies use the commands awplus configure terminal awplus config radius secure proxy aaa awplus config radsecproxy aaa...

Страница 1925: ...g the RadSecProxy AAA application to not transmit a certificate to the server NOTE Ifmutualauthenticationisdisabledontheclient AAA applicationbutenabled on the server a connection will not be establis...

Страница 1926: ...ject field of the client s X 509 certificate must match the domain name or IP address specified in the server radsecproxy aaa command Use the no variant of this command to set the global behavior for...

Страница 1927: ...ver must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustp...

Страница 1928: ...C613 50186 01 Rev B Command Reference for AR2050V 1928 AlliedWare Plus Operating System Version 5 4 7 1 x AAA COMMANDS SERVER TRUSTPOINT server radsecproxy aaa server name check...

Страница 1929: ...ed account successfully logs into the system after waiting for the lockout time this command will display nothing for that particular account Syntax show aaa local user locked Mode User Exec and Privi...

Страница 1930: ...ation on a device use the command awplus aaa server group Output Figure 40 2 Example output from aaa server group Related Commands aaa accounting auth web aaa authentication auth web awplus show aaa s...

Страница 1931: ...plays the current debugging status for AAA Authentication Authorization Accounting Syntax show debugging aaa Mode User Exec and Privileged Exec Example To display the current debugging status of AAA u...

Страница 1932: ...groups use the command awplus show radius server group To display a information for a RADIUS server group named rad_group_list1 use the command awplus show radius server group rad_group_list1 Output F...

Страница 1933: ...S SERVER GROUP Figure 40 5 Example output from show radius server group rad_group_list1 Related Commands aaa group server awplus show radius server group rad_group_list1 RADIUS Group Configuration Gro...

Страница 1934: ...6 01 Rev B Command Reference for AR2050V 1934 AlliedWare Plus Operating System Version 5 4 7 1 x AAA COMMANDS UNDEBUG AAA undebug aaa Overview This command applies the functionality of the no debug aa...

Страница 1935: ...tion see the RADIUS Feature Overview and Configuration Guide Command List deadtime RADIUS server group on page 1936 debug radius on page 1937 ip radius source interface on page 1938 radius server dead...

Страница 1936: ...IUS server is set to 0 minutes by default Syntax deadtime 0 1440 no deadtime Default The deadtime is set to 0 minutes by default Mode Server Group Configuration Usage If the RADIUS server does not res...

Страница 1937: ...l Default RADIUS debugging is disabled by default Mode Privileged Exec Examples To enable debugging for RADIUS packets use the command awplus debug radius packet To enable debugging for RADIUS events...

Страница 1938: ...ius source interface interface ip address no ip radius source interface Default Source IP address of outgoing RADIUS packets depends on the interface the packets leave Mode Global Configuration Exampl...

Страница 1939: ...lt RADIUS deadtime configured on the system is 0 seconds Mode Global Configuration Usage The RADIUS client considers a RADIUS server to be dead if it fails to respond to a request after it has been re...

Страница 1940: ...5535 auth port 0 65535 key key string retransmit 0 100 timeout 1 1000 no radius server host host name ip address acct port 0 65535 auth port 0 65535 Parameter Description host name Server host name Th...

Страница 1941: ...time interval in seconds to wait for the RADIUS server to reply before retransmitting a request or considering the server dead This setting overrides the global value set by the radius server timeout...

Страница 1942: ...DIUS server 10 0 0 20 use the following commands awplus configure terminal awplus config no radius server host 10 0 0 20 To configure rad1 company com for authentication only use the following command...

Страница 1943: ...al secret key shared between this client and its RADIUS servers If no secret key is specified for a particular RADIUS server using the radius server host c ommand this global key is used After enablin...

Страница 1944: ...t RADIUS retransmit count on the device is 3 Mode Global Configuration Examples To set the RADIUS retransmit count to 1 use the following commands awplus configure terminal awplus config radius server...

Страница 1945: ...3 50186 01 Rev B Command Reference for AR2050V 1945 AlliedWare Plus Operating System Version 5 4 7 1 x RADIUS COMMANDS RADIUS SERVER RETRANSMIT Related Commands radius server deadtime radius server ho...

Страница 1946: ...5 seconds Mode Global Configuration Examples To globally set the device to wait 20 seconds before retransmitting a RADIUS request to unresponsive RADIUS servers use the following commands awplus confi...

Страница 1947: ...n 5 4 7 1 x RADIUS COMMANDS RADIUS SERVER TIMEOUT To reset the global timeout period for RADIUS servers to the default use the following command awplus configure terminal awplus config no radius serve...

Страница 1948: ...port for accounting requests to the server To disable accounting for the server set acct port to 0 If the accounting port is missing the default port number is 1812 Use the no variant of this command...

Страница 1949: ...hentication use the following commands awplus configure terminal awplus config aaa group server radius RAD_AUTH1 awplus config sg server 192 168 1 1 acct port 0 awplus config sg server 192 168 2 1 aut...

Страница 1950: ...plays the current debugging status for the RADIUS servers Syntax show debugging radius Mode User Exec and Privileged Exec Example To display the current debugging status of RADIUS servers use the comm...

Страница 1951: ...show radius command showing RADIUS servers Example See the sample output below showing RADIUS client status and RADIUS configuration awplus show radius RADIUS Global Configuration Source Interface not...

Страница 1952: ...nterface The interface name or IP address to be used for the source address of all outgoing RADIUS packets Secret Key A shared secret key to a radius server Timeout A time interval in seconds Retransm...

Страница 1953: ...been dead for Alive The server is alive Error The server is not responding Dead The server is detected as dead and it will not be used for deadtime period The time displayed in the output shows the se...

Страница 1954: ...ev B Command Reference for AR2050V 1954 AlliedWare Plus Operating System Version 5 4 7 1 x RADIUS COMMANDS UNDEBUG RADIUS undebug radius Overview This command applies the functionality of the no debug...

Страница 1955: ...uthentication on page 1963 client name check on page 1964 client trustpoint on page 1965 clear radius local server statistics on page 1966 copy fdb radius users to file on page 1967 copy local radius...

Страница 1956: ...e 1985 server enable on page 1986 show crypto pki certificates deleted on page 1987 show crypto pki certificates local radius all users deleted on page 1988 show crypto pki certificates user deleted o...

Страница 1957: ...roup If the specified attribute is already defined then it is replaced with the new value Use the no variant of this command to delete an attribute from the local RADIUS server user group Syntax attri...

Страница 1958: ...use the following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute help A list of Vendor specific Attributes...

Страница 1959: ...ollowing commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute Service Type 6 To delete the attribute Service Type...

Страница 1960: ...abled by default Mode RADIUS Server Configuration Examples The following commands enable EAP MD5 authentication methods on the local RADIUS server awplus configure terminal awplus config radius server...

Страница 1961: ...global behavior defined by client name check or no client name check will be used If name checking is enabled the Common Name portion of the subject field of the client s X 509 certificate must match...

Страница 1962: ...50186 01 Rev B Command Reference for AR2050V 1962 AlliedWare Plus Operating System Version 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS CLIENT RADSECPROXY SRV client trustpoint radius secure proxy local se...

Страница 1963: ...l certificate validation The local server application will still transmit the local server certificate to the client but will not expect or validate a certificate from the client Syntax client mutual...

Страница 1964: ...of the subject field of the client s X 509 certificate must match the domain name or IP address specified in the client radsecproxy aaa command Use the no variant of this command to set the global be...

Страница 1965: ...th the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustpoint list will be unchanged If no client trustpo...

Страница 1966: ...rs the number of successful and failed logins for each local RADIUS server user Examples To clear the NAS Network Access Server statistics stored on the device use the command awplus clear radius loca...

Страница 1967: ...radius user db Copy the local RADIUS server users created to the local RADIUS server nvs Copy the local RADIUS server users created to NVS memory flash Copy the local RADIUS server users created to F...

Страница 1968: ...US server users from the local FDB directly to the local RADIUS server use the command awplus copy fdb radius users local radius user db To register the local RADIUS server users from the interface po...

Страница 1969: ...RADIUS server user database before copying the contents of specified file Syntax copy source url local radius user db add replace Default When no copy method is specified with this command the replac...

Страница 1970: ...Syntax copy local radius user db nvs flash card usb tftp scp destination url Mode Privileged Exec Example Copy the current local RADIUS server user data to http datahost user csv awplus copy local rad...

Страница 1971: ...ADIUS SERVER COMMANDS CRYPTO PKI ENROLL LOCAL DELETED crypto pki enroll local deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpoint...

Страница 1972: ...ROLL LOCAL LOCAL RADIUS ALL USERS DELETED crypto pki enroll local local radius all users deleted Overview This command is no longer available Please use the following command instead crypto pki enroll...

Страница 1973: ...COMMANDS CRYPTO PKI ENROLL LOCAL USER DELETED crypto pki enroll local user deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpoint u...

Страница 1974: ...DS CRYPTO PKI EXPORT LOCAL PEM DELETED crypto pki export local pem deleted Overview This command is no longer available Please use the crypto pki export pem command instead crypto pki export trustpoin...

Страница 1975: ...KI EXPORT LOCAL PKCS12 DELETED crypto pki export local pkcs12 deleted Overview This command is no longer available Please use the crypto pki export pkcs12 command instead crypto pki export trustpoint...

Страница 1976: ...SERVER COMMANDS CRYPTO PKI TRUSTPOINT LOCAL DELETED crypto pki trustpoint local deleted Overview This command is no longer available Please use the following command instead crypto pki trustpoint trus...

Страница 1977: ...ev B Command Reference for AR2050V 1977 AlliedWare Plus Operating System Version 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS DEBUG CRYPTO PKI DELETED debug crypto pki deleted Overview This command is no lo...

Страница 1978: ...tion Usage When both domain styles are enabled the first domain style configured has the highest priority A username login string is matched against the first domain style enabled Then if the username...

Страница 1979: ...ntifier 200 with tagged frames use the commands awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awplus config radsrv group egress vlan id 200 tagged...

Страница 1980: ...rmalUsers with the VLAN name vlan2 and all frames on this VLAN tagged use the commands awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awplus config...

Страница 1981: ...p Syntax group user group name no group user group name Mode RADIUS Server Configuration Examples The following command creates the user group NormalUsers awplus configure terminal awplus config radiu...

Страница 1982: ...ddress key nas keystring no nas ip address Mode RADIUS Server Configuration Examples The following commands add the NAS with an IP address of 192 168 1 2 to the list of clients that may send authentic...

Страница 1983: ...mode This application allows remote RadSec clients to communicate with the local RADIUS server process via a secure TLS proxy Syntax radius secure proxy local server Mode Global Configuration Mode Ex...

Страница 1984: ...n Example Local RADIUS Server commands are available from config radsrv configuration mode To change mode from User Exec mode to the Local RADIUS Server mode config radsrv use the commands awplus conf...

Страница 1985: ...Default The default local RADIUS server UDP authentication port number is 1812 Mode RADIUS Server Configuration Examples The following commands set the RADIUS server authentication port to 10000 awpl...

Страница 1986: ...local RADIUS server stops operating Syntax server enable no server enable Default The local RADIUS server is disabled by default and must be enabled for use with this command Mode RADIUS Server Config...

Страница 1987: ...ion 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES DELETED show crypto pki certificates deleted Overview This command is no longer available Please use the following command inste...

Страница 1988: ...4 7 1 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES LOCAL RADIUS ALL USERS DELETED show crypto pki certificates local radius all users deleted Overview This command is no longeravailabl...

Страница 1989: ...g System Version 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES USER DELETED show crypto pki certificates user deleted Overview This command is no longeravailablebecause usercerti...

Страница 1990: ...rsion 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI TRUSTPOINTS DELETED show crypto pki trustpoints deleted Overview This command is no longer available Please use the following command inste...

Страница 1991: ...uration Guide Syntax show radius local server group user group name Mode User Exec and Privileged Exec Example The following command displays Local RADIUS server user group information awplus show rad...

Страница 1992: ...ure Overview and Configuration Guide Syntax show radius local server nas ip address Mode User Exec and Privileged Exec Example The following command displays NAS information awplus show radius local s...

Страница 1993: ...mmand displays Local RADIUS server statistics awplus show radius local server statistics Output Related Commands clear radius local server statistics radius server local server enable server auth port...

Страница 1994: ...server user information for user Tom awplus show radius local server user Tom The following command displays all Local RADIUS server information for all users awplus show radius local server user The...

Страница 1995: ...ADIUS SERVER COMMANDS SHOW RADIUS LOCAL SERVER USER Related Commands group user RADIUS server Table 8 Parameters in the output from the show radius local server user command Parameter Description User...

Страница 1996: ...icant MAC address to configure the user name and user password parameters to use local RADIUS server for MAC Authentication See the AAA and Port_Authentication Feature Overview and Configuration_Guide...

Страница 1997: ...igure terminal awplus config radius server local awplus config radsrv user Tom password QwerSD group NormalUsers The following commands remove user Tom from the local RADIUS server awplus configure te...

Страница 1998: ...yntax vlan vid vlan name no vlan Default VLAN information is not set by default Mode RADIUS Server Group Configuration Examples The following commands set VLAN ID 200 to the group named NormalUsers aw...

Страница 1999: ...01 crypto pki authenticate on page 2002 crypto pki enroll on page 2003 crypto pki enroll user on page 2004 crypto pki export pem on page 2006 crypto pki export pkcs12 on page 2007 crypto pki import pe...

Страница 2000: ...t lengths are more secure but require more computation time The specified key must not already exist Example To create a key with the label example server key and a bit length of 2048 use the commands...

Страница 2001: ...h zeros The specified key must exist but must not be in use for any existing server certificates A key may not be deleted if it is associated with the server certificate or server certificate signing...

Страница 2002: ...ment setting is terminal then this command prompts the user to paste a certificate Privacy Enhanced Mail PEM file at the CLI terminal If the certificate is a valid selfsigned CA certificate then it wi...

Страница 2003: ...command results in the direct generation of the server certificate signed by the root CA for the trustpoint If the trustpoint represents an external certificate authority then this command results in...

Страница 2004: ...S server The specified trustpoint must represent a locally self signed certificate authority The private key and certificate are packaged into a PKCS 12 formatted file suitable for export using the cr...

Страница 2005: ...on 5 4 7 1 x PUBLIC KEY INFRASTRUCTURE COMMANDS CRYPTO PKI ENROLL USER To enroll all local RADIUS users with the trustpoint example use the following commands awplus enable awplus crypto pki enroll ex...

Страница 2006: ...Exec Usage The specified trustpoint must already exist and it must already be authenticated Example To display the PEM file for the trustpoint example to the terminal use the following commands awplu...

Страница 2007: ...erver certificate and thecorrespondingprivatekey iftheserverhasbeen enrolledtothetrustpoint The command prompts for a passphrase to encrypt the private key If a RADIUS username is specified this comma...

Страница 2008: ...E COMMANDS CRYPTO PKI EXPORT PKCS12 Example To export the PKCS 12 file example pk12 for the trustpoint example to the URL tftp backup use the following commands awplus enable awplus crypto pki export...

Страница 2009: ...e they are proper CA certificates and that the issuer chain ends in a root CA certificate already installed for the trustpoint If there is no root CA certificate for the trustpoint i e if the trustpoi...

Страница 2010: ...EY INFRASTRUCTURE COMMANDS CRYPTO PKI IMPORT PEM To import the PEM file for the trustpoint example from the URL tftp server_a use the following commands awplus enable awplus crypto pki import example...

Страница 2011: ...re N is a non negative integer This operation is only valid if the server certificate does not already exist for the trustpoint i e if the server is not enrolled to the trustpoint PKCS 12 files for RA...

Страница 2012: ...te the trustpoint as a local self signed certificate authority The no variant of this command destroys the trustpoint by removing all CA and server certificates associated with the trustpoint as well...

Страница 2013: ...e root CA certificate Privacy Enhanced Mail PEM file at the terminal when the crypto pki authenticate command is issued It will create a Certificate Signing Request CSR file for the local server when...

Страница 2014: ...any pre accepted value then the user will be prompted to verify the certificate contents and fingerprint visually This command is useful when certificates from an external certificate authority are b...

Страница 2015: ...13 50186 01 Rev B Command Reference for AR2050V 2015 AlliedWare Plus Operating System Version 5 4 7 1 x PUBLIC KEY INFRASTRUCTURE COMMANDS FINGERPRINT TRUSTPOINT CONFIGURATION MODE crypto pki import p...

Страница 2016: ...by the specified certificate the command will be rejected If the specified certificate is the root CA certificate and the trustpoint represents a locally selfsigned CA then the corresponding private...

Страница 2017: ...uest The optional numeric parameter defines the bit length for the key and is only applicable for keys that are implicitly created during enrollment This command does not affect server certificates or...

Страница 2018: ...print a hash of the key contents to help uniquely identify a key and a list of trustpoints in which the server certificate is using the key The specified keys must exist Example To show all keys use t...

Страница 2019: ...ith the server certificate and then displays its issuer and continues up the issuer chain until the root CA certificate is reached For each certificate the command displays the certificate type the su...

Страница 2020: ...local loc lc Issuer C NZ CN local_Signing_CA Valid From Nov 11 15 35 21 2015 GMT Valid To Aug 31 15 35 21 2018 GMT Fingerprint 5A81D34C 759CC4DA CFCA9F65 0303AD83 410B03AF Intermediate CA certificate...

Страница 2021: ...stpoints using the crypto pki export pkcs12 command Syntax crypto pki enrollment user username Mode Privileged Exec Example To show the list of trustpoints to which user exampleuser1 is enrolled use t...

Страница 2022: ...igured to use the trustpoint and the trustpoint parameters that were configured from trustpoint configuration mode The specified trustpoints must already exist Example To show the details of the trust...

Страница 2023: ...n Usage The subject name is specified as a variable number of fields where each field begins with a forward slash character Each field is of the form XX value where XX is the abbreviation of the node...

Страница 2024: ...186 01 Rev B Command Reference for AR2050V 2024 AlliedWare Plus Operating System Version 5 4 7 1 x PUBLIC KEY INFRASTRUCTURE COMMANDS SUBJECT NAME TRUSTPOINT CONFIGURATION Related Commands crypto pki...

Страница 2025: ...e the device to use TACACS servers For more information about TACACS see the TACACS Feature Overview and Configuration Guide Command List authorization commands on page 2026 aaa authorization commands...

Страница 2026: ...d list with privilege level 15 to VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line authorization commands 15 TAC15 To reset the comma...

Страница 2027: ...mand Reference for AR2050V 2027 AlliedWare Plus Operating System Version 5 4 7 1 x TACACS COMMANDS AUTHORIZATION COMMANDS aaa authorization config commands tacacs server host Command changes Version 5...

Страница 2028: ...nt to the first available configured TACACS server the first server configured for authorization Parameter Description privilege level The privilege level of the set of commands the method list will b...

Страница 2029: ...fallback is not configured and all servers become unreachable then all commands except logout exit and quit will be denied The default method list is defined with a local fallback unless configured di...

Страница 2030: ...on Usage If authorization of configuration mode commands is not enabled then all configuration commands are accepted by default including command authorization commands NOTE Authorization of configura...

Страница 2031: ...es that all TACACS packets sent from the device will have the same source IP address Once configured this affects all TACACS packets namely accounting authentication and authorization If the specified...

Страница 2032: ...ed Timeout 5 sec Server Host Server IP Address Status 192 168 1 10 Alive 192 168 1 11 Unknown Table 1 Parameters in the output of the show tacacs command Output Parameter Meaning Source Interface IP a...

Страница 2033: ...C613 50186 01 Rev B Command Reference for AR2050V 2033 AlliedWare Plus Operating System Version 5 4 7 1 x TACACS COMMANDS SHOW TACACS Command changes Version 5 4 6 2 1 Source Interface parameter added...

Страница 2034: ...figured is regarded as the primary server and if the primary server fails then the backup servers are consulted in turn A backup server is consulted if the primary server fails not if a login authenti...

Страница 2035: ...wing commands awplus configure terminal awplus config tacacs server host tac1 company com To set the secret key to secret on the TACACS server 192 168 1 1 use the following commands awplus configure t...

Страница 2036: ...client and its TACACS servers If no secret key is specified for a particular TACACS server using the tacacs server host command this global key is used Examples To set the global secret key to secret...

Страница 2037: ...no variant of this command resets the transmit timeout to the default 5 seconds Syntax tacacs server timeout seconds no tacacs server timeout Default The default timeout value is 5 seconds Mode Globa...

Страница 2038: ...C613 50186 01 Rev B Command Reference for AR2050V 2038 AlliedWare Plus Operating System Version 5 4 7 1 x Part 6 High Availability...

Страница 2039: ...Version 5 4 7 1 x High Availability Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure high availability For more information see the High Av...

Страница 2040: ...session is in backup or initial state then the associated wan bypass ports will be activated If no wan bypass ports are specified then it puts the VRRP session in HA mode and the wan bypass ports wil...

Страница 2041: ...us Operating System Version 5 4 7 1 x HIGH AVAILABILITY COMMANDS HA ASSOCIATE To change a VRRP session out of HA mode use the following commands awplus configure terminal awplus config router vrrp 1 v...

Страница 2042: ...re Plus Feature Overview and Configuration Guide Command List advertisement interval on page 2044 alternate checksum mode on page 2046 circuit failover on page 2047 debug vrrp on page 2049 debug vrrp...

Страница 2043: ...perating System Version 5 4 7 1 x VRRP COMMANDS show vrrp session on page 2071 transition mode on page 2073 undebug vrrp on page 2075 undebug vrrp events on page 2076 undebug vrrp packet on page 2077...

Страница 2044: ...lt advertisement interval of 1 second Syntax advertisement interval 1 255 csec 1 4095 no advertisement interval Default The default advertisement interval is 1 second Mode Router Configuration Usage S...

Страница 2045: ...n with VR ID 5 on interface vlan2 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router no advertisement interval The example below shows you how to configure the advertisem...

Страница 2046: ...sent by AlliedWare Plus devices Use the no variant of this command to disable the alternate checksum mode Syntax alternate checksum mode no alternate checksum mode Default Disabled Mode Router Configu...

Страница 2047: ...VRRP is configured to monitor VLAN2 and VLAN3 with the commands awplus configure terminal awplus config interface vlan1 awplus config if ip address 192 168 1 1 24 awplus config if exit awplus config r...

Страница 2048: ...ove zero if all the interfaces go down Examples To configure circuit failover on an IPv4 VRRP instance so that if interface VLAN3 goes down then the priority of VRRP instance 1 is reduced by 30 use th...

Страница 2049: ...function Syntax debug vrrp all no debug vrrp all Mode Privileged Exec and Global Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 debugging d...

Страница 2050: ...xec and Global Configuration Usage The debug vrrp events command enables the display of debug information related to VRRP internal events See the VRRP Feature Overview and Configuration Guide for more...

Страница 2051: ...rmation about VRRPv3 debugging details Examples The example belowshows youhow to enablereceived and sentpacket debugging for VRRP awplus configure terminal awplus config debug vrrp packet The example...

Страница 2052: ...or a VRRPv3 IPv6 session on the router Syntax disable Mode Router Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 and IPv6 configurati...

Страница 2053: ...P session using the virtual ip or virtual ipv6 and the router vrrp interface or router ipv6 vrrp interface commands before using this command See the VRRP Feature Overview and Configuration Guide for...

Страница 2054: ...router to relieve a lower priority backup router By default a preemptive scheme is enabled whereby a higher priority backup virtual router that becomes available take over for the backup virtual rout...

Страница 2055: ...reempt mode false The example below shows you how to configure preempt mode as true for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router pr...

Страница 2056: ...then this VRRP router functions as the master virtual router Priority also determines whether a VRRP router functions as a backup virtual router and the order of ascendancy to becoming a master virtu...

Страница 2057: ...the priority for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router priority 101 The example below shows you how to remove the configured pr...

Страница 2058: ...master state NOTE Tunnels and PPP interfaces are not supported NOTE Configuring a high number of instances may adversely affect the device s performance depending on the device CPU the other protocols...

Страница 2059: ...13 50186 01 Rev B Command Reference for AR2050V 2059 AlliedWare Plus Operating System Version 5 4 7 1 x VRRP COMMANDS ROUTER IPV6 VRRP INTERFACE Related Commands advertisement interval circuit failove...

Страница 2060: ...e virtual router when in master state NOTE Tunnels and PPP interfaces are not supported NOTE Configuring a high number of instances may adversely affect the device s performance depending on the devic...

Страница 2061: ...1 Rev B Command Reference for AR2050V 2061 AlliedWare Plus Operating System Version 5 4 7 1 x VRRP COMMANDS ROUTER VRRP INTERFACE Related Commands advertisement interval circuit failover disable VRRP...

Страница 2062: ...se debug output is in the log file For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide See the VRRP Feature Ove...

Страница 2063: ...ide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv6 configuration details Syntax show running config router vrrp Mode Privileged Exec Global Configuration...

Страница 2064: ...iew and Configuration Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Syntax show running config router vrrp Mode Privileged Ex...

Страница 2065: ...output about VRRP IPv4 sessions enter the command awplus show vrrp brief Output Figure 46 3 Example output from the show vrrp command Figure 46 4 Example output from the show vrrp brief command Parame...

Страница 2066: ...C613 50186 01 Rev B Command Reference for AR2050V 2066 AlliedWare Plus Operating System Version 5 4 7 1 x VRRP COMMANDS SHOW VRRP Related Commands enable VRRP disable VRRP...

Страница 2067: ...e counters below the sample output as per RFC2787 NOTE Note that the counters displayed with this commands are the same counters as described in RFC 2787 Copyright C The Internet Society 2000 All Righ...

Страница 2068: ...h descriptions for the show vrrp counters command Counter Description Master Transitions The total number of times that this virtual router s state has transitioned to MASTER Received Advertisements T...

Страница 2069: ...f packets received with a packet length less than the length of the VRRP header Monitored Circuit Up The total number of times the monitored circuit has generated the UP event Monitored Circuit Down T...

Страница 2070: ...formation about VRRPv3 IPv6 configuration details Syntax show vrrp ipv6 interface Mode User Exec and Privileged Exec Example To display information about all VRRPv3 IPv6 sessions enter the command awp...

Страница 2071: ...n 1 configured on vlan2 Output shows that a Virtual IP address has been set awplus show vrrp 1 vlan2 See the below sample output from the show vrrp command displaying information about VRRP session 1...

Страница 2072: ...rface vlan2 awplus show vrrp 5 vlan2 awplus show vrrp 1 vlan3 Address family IPv4 VrId 1 Interface is vlan3 State is Initialize Virtual IP address is unset Priority is 100 Advertisement interval is 1...

Страница 2073: ...n using transition mode VRRPv2 can only use advertisements in whole second intervals Syntax transition mode true false Default The default is false Mode Router Configuration Usage See the VRRP Feature...

Страница 2074: ...ersion 5 4 7 1 x VRRP COMMANDS TRANSITION MODE The example below shows you how to configure IPv4 transition mode as false for VRRP VR ID 5 on vlan2 awplus configure terminal awplus config router vrrp...

Страница 2075: ...tem Version 5 4 7 1 x VRRP COMMANDS UNDEBUG VRRP undebug vrrp Overview Use this command to disable all VRRP debugging Syntax undebug vrrp all Mode Privileged Exec Example The example below shows you h...

Страница 2076: ...MANDS UNDEBUG VRRP EVENTS undebug vrrp events Overview Use this command to disable debugging options for VRRP event troubleshooting Syntax undebug vrrp events Mode Privileged Exec Example The example...

Страница 2077: ...d Exec Examples The example below shows you how to disable VRRP sent packet debugging awplus undebug vrrp packet send The example below shows you how to disable VRRP received packet debugging awplus u...

Страница 2078: ...RP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Examples The example below shows you how to set the virtual IP address for VRRP VR ID 5 and the...

Страница 2079: ...ID 5 and the router as owner of the virtual IPv4 address awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router virtual ip 192 0 2 30 owner The example below shows you how to...

Страница 2080: ...nk local addresses are used by IPv6 ND Neighbor Discovery A host s default route to a router points to the IPv6 link local address not a specific global IPv6 address for the router For the host s traf...

Страница 2081: ...wplus config router virtual ipv6 fe80 1 master The example below shows you how to set the virtual IPv6 address for VRRPv3 VR ID 3 and the router as the VRRPv3 backup awplus configure terminal awplus c...

Страница 2082: ...for any ARP responses associated with the virtual IP address or any gratuitous ARPs sent on behalf of the virtual IP address All VRRP advertisements are sent using this virtual MAC address as the sour...

Страница 2083: ...C613 50186 01 Rev B Command Reference for AR2050V 2083 AlliedWare Plus Operating System Version 5 4 7 1 x Part 7 Network Management...

Страница 2084: ...ly link to one other AMF node They cannot form cross links or virtual links AMF naming convention When AMF is enabled on a device it will automatically be assigned a host name If a host name has alrea...

Страница 2085: ...ckup guests synchronize on page 2110 atmf backup now on page 2111 atmf backup redundancy enable on page 2113 atmf backup server on page 2114 atmf backup stop on page 2116 atmf backup synchronize on pa...

Страница 2086: ...5 atmf secure mode certificate expire on page 2167 atmf secure mode certificate expiry on page 2168 atmf secure mode certificate renew on page 2169 atmf secure mode enable all on page 2170 atmf select...

Страница 2087: ...2231 show atmf guests on page 2233 show atmf guests detail on page 2235 show atmf links on page 2238 show atmf links detail on page 2240 show atmf links guest on page 2249 show atmf links guest detail...

Страница 2088: ...ESIS MANAGEMENT FRAMEWORK AMF COMMANDS switchport atmf agentlink on page 2284 switchport atmf arealink remote area on page 2285 switchport atmf crosslink on page 2287 switchport atmf guestlink on page...

Страница 2089: ...AMF Container Configuration Usage The AMF area link connects the AMF controller on a VAA host to the AMF container Once a container has been created with the atmf container command and an area link c...

Страница 2090: ...IS MANAGEMENT FRAMEWORK AMF COMMANDS AREA LINK To remove an area link from container vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf cont...

Страница 2091: ...r of areas supported on a controller depends on the license installed on that controller You must give each area in an AMF network a unique name and ID number Only one local area can be configured on...

Страница 2092: ...V 2092 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA Related Commands atmf area password show atmf area show atmf area summary show atmf...

Страница 2093: ...ly on both of the area that locally contains the controller and the remote AMF area masters The command show running config atmf will display the encrypted version of this password The encryption keys...

Страница 2094: ...V 2094 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA PASSWORD Related Commands atmf area show atmf area show atmf area summary show atmf...

Страница 2095: ...ers must be authorized by the controller and the AMF remote area masters will also need to authorized access from the AMF controller Example To authorize all AMF nodes in the pending authorization que...

Страница 2096: ...R2050V 2096 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AUTHORIZE show atmf secure mode certificates show atmf secure mode statistics Comma...

Страница 2097: ...authorize provision mac mac address no atmf authorize provision all Default The default timeout is 60 minutes Mode Privileged Exec Example To provisionally authorize all non secure AMF nodes use the c...

Страница 2098: ...VISION To authorize a node with a MAC address of 0000 cd28 0880 for 2 hours use the command awplus authorize provision timeout 120 mac 0000 cd28 0880 To remove all provisional authorization on an AMF...

Страница 2099: ...chedule backup requests to begin at 11 am and execute twice per day 11 am and 11 pm use the following command node_1 configure terminal node_1 config atmf backup 11 00 frequency 2 CAUTION File names t...

Страница 2100: ...ote that this command can only be run on an AMF controller Syntax atmf backup area masters delete area area name node node name Mode Privileged Exec Example To delete the backup of the remote area mas...

Страница 2101: ...Remote area backups are disabled by default Usage Use the following commands to configure the remote area master backups atmf backup to configure when the backups begin and how often they run atmf ba...

Страница 2102: ...ed Exec Example To back up all local master nodes in all areas controlled by controller 1 use the command controller 1 atmf backup area masters now To back up all local masters in the AMF area named W...

Страница 2103: ...the active remote file server and the backup remote file server Files are copied from the active server to the remote server Note that this command is only valid on AMF controllers Syntax atmf backup...

Страница 2104: ...e maximum configurable speed of 1000 kBps In effect zero means unlimited Use the no variant of this command to reset to its default value of zero the maximum bandwidth in kilobytes per second kBps ava...

Страница 2105: ...kup file from the external media of a specified AMF node Note that this command can only be run from an AMF master node Syntax atmf backup delete node name Mode Privileged Exec Example To delete the b...

Страница 2106: ...enable Default Automatic AMF backup functionality is enabled on the AMF master when it is configured and external media i e an SD card or a USB storage device or remote server is detected Mode Global...

Страница 2107: ...ntax atmf backup guests delete node name guest port Mode User Exec Privileged Exec Example On a parent node named node1 which in this case the user has a direct console connection to usethefollowing c...

Страница 2108: ...able the ability of the guest nodes to be backed up Syntax atmf backup guests enable no atmf backup guests enable Default Guest node backups are enabled by default Mode Global Config Usage We recommen...

Страница 2109: ...ow node name guest port Default N A Mode Privileged Exec Example Use the following command to manually trigger the backup of all guests in the AMF network awplus atmf backup guests now Example To manu...

Страница 2110: ...ancy backup media such as USB storage devices This facility ensures that each device contains the same backup image files Note that this backup synchronization process will occur as part of the regula...

Страница 2111: ...backups on both masters you can apply the backup now command to the master working set This is shown in Example 4 below Example 1 In this example an AMF member has not been assigned a host name The f...

Страница 2112: ...x and store the configuration on both masters use the following process From the AMF_master_1 set the working set to comprise only of the automatic group master nodes AMF_Master_1 atmf working set gro...

Страница 2113: ...supports any removable media SD card USB it uses the removable media as the redundant backup for the AMF data backup This feature is valid only if remote file servers are configured on the AMF Master...

Страница 2114: ...ands AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 1 192 168 1 1 username backup1 Parameter Description id Remote server backup server identifier 1 2 The backup server iden...

Страница 2115: ...with a hostname and username use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 To configure server 2 with a hostname and user...

Страница 2116: ...command separately on each master node or add both masters to a working set and issue this command to the working set Note that this command can only be run on a master node Syntax atmf backup stop M...

Страница 2117: ...its backup remote file server Note that this process happens automatically each time the network is backed up Note that this command can only be run from a master node Syntax atmf backup synchronize M...

Страница 2118: ...the backup release file license files It then reboots to put the device in a clean state ready to be used as a replacement node on a provisioned port Syntax atmf cleanup Mode Privileged Exec Usage Th...

Страница 2119: ...iguration Guide for more information on running multiple tenants on a single VAA host Use the no variant of this command to remove an AMF container Syntax atmf container container name no atmf contain...

Страница 2120: ...ion Guide for more information on running multiple tenants on a single VAA host Syntax atmf container login container name Mode Privileged Exec Usage If you try to login to a AMF container that has no...

Страница 2121: ...alid AMF controller license is not available on the device the device will accept this command but will not act as a controller until you install a valid license The following message will warn you of...

Страница 2122: ...meisupdatedusingthe bootsystemcommand Theoldrelease will become the backup release file If a release file exists in a remote device such as TFTP or HTTP for example then the URL should specify the exa...

Страница 2123: ...File Status Team1 x510 5 4 7 1 1 rel Release ready Team2 x930 5 4 7 1 1 rel Release ready Team3 x930 5 4 7 1 1 rel Release ready Continue the rolling reboot y n y Copying Release x510 5 4 7 1 1 rel to...

Страница 2124: ...VLANs each having the same VID and each being applied to a horizontal slice domain of the AMF It follows therefore thatthedomain VLANsare only applied to ports that form cross links and not to ports...

Страница 2125: ...xecute the command in parallel leave the AMF network and attempt to rejoin through the new VLAN 4 Create the working set again using the commands master config exit master atmf working set group all 5...

Страница 2126: ...ANDS ATMF DOMAIN VLAN To reset the AMF domain VLAN to its default of 4091in an existing AMF network use the following commands master atmf working set group all test 10 configure terminal test config...

Страница 2127: ...onfigured the AMF feature starts automatically when the device starts up Mode Global Configuration Usage The device does not auto negotiate AMF domain specific settings such as the Network Name You sh...

Страница 2128: ...re automatically assigned to the master group Use the no variant of this command to remove the membership Syntax atmf group group list no atmf group group list Mode Global Configuration Usage You can...

Страница 2129: ...sales first add the nodes to the working set master_node atmf working set member_node_1 member_node_2 This command returns the following output confirming that the nodes member_node_1 and member_node_...

Страница 2130: ...de discovery method model type http enable setting guest port user name and password The no variant of this command removes the guest class Note that you cannot remove a guest class that is assigned t...

Страница 2131: ...50186 01 Rev B Command Reference for AR2050V 2131 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF GUEST CLASS show atmf links guest show atmf g...

Страница 2132: ...nd to reset to the default Syntax atmf log verbose 1 3 no atmf log verbose Default The default log display is 3 Usage This command is intended for use in large networks where verbose output can make t...

Страница 2133: ...devices the same setting so they can all rejoin the AMF network Use the no variant of this command to remove the assigned subnet Syntax atmf management subnet a b 0 0 no atmf management subnet Defaul...

Страница 2134: ...0 nodes test 10 3 Enter the new subnet address using the commands test 10 configure terminal test config 10 atmf management subnet a b 0 0 The nodes will execute the command in parallel leave the AMF...

Страница 2135: ...GEMENT SUBNET To reset the AMF management subnet address to its default of 172 31 0 0 in an existing AMF network use the following commands master atmf working set group all test 10 configure terminal...

Страница 2136: ...try to rejoin it The AMF network will not be complete until you have given all devices the same setting so they can all rejoin the AMF network Use the no variant of this command to restore the VID to...

Страница 2137: ...ging into their consoles directly NOTE The management VLAN will automatically be assigned an IP subnet address based on the value configured by the command atmf management subnet The default VLAN ID l...

Страница 2138: ...nodes may exist in a network and they must be connected by an AMF crosslink NOTE Master nodes are an essential component of an AMF network In order to run AMF an AMF License is required for each maste...

Страница 2139: ...Global Configuration Usage The default value of 1300 will work for all AMF networks including those that involve virtual links over IPsec tunnels If there are virtual links over IPsec tunnels anywher...

Страница 2140: ...ng an AMF master node see the command atmf master Use the no variant of this command to remove the AMF network name Syntax atmf network name name no atmf network name Mode Global Configuration Usage T...

Страница 2141: ...ion nodename no atmf provision Default No AMF provisioning Mode Interface Configuration for a switchport a static aggregator or a dynamic channel group Usage The port should be configured as an AMF li...

Страница 2142: ...delete it before using the atmf provision node clone command When using this command it is important to be aware of the following A copy of media atmf atmf_name nodes source_node flash will be made f...

Страница 2143: ...new provisioned node device3 Figure 47 2 Sample output from the show atmf backup command device1 atmf provision node device3 clone device2 Copying Successful operation device1 show atmf backup Schedu...

Страница 2144: ...this command to set a backup configuration file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remote b...

Страница 2145: ...sage When using this command to set a backup release file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF...

Страница 2146: ...vision node clone must be executed before you can use other atmf provision node commands with the specified node name If a backup or provisioned node already exists for the specified node name then yo...

Страница 2147: ...F Feature Overview and Configuration Guide Related commands atmf provision node clone device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 201...

Страница 2148: ...ant to use the atmf provision node delete command to delete a provisioned node that was created in error or that is no longer needed This command cannot be used to delete backups created by the AMF ba...

Страница 2149: ...rovision node create device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 2016 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446 0M...

Страница 2150: ...py of the certificate file is deleted from AMF backup media Use the no variant of this command to set it back to the default This command can only be run on AMF master nodes Syntax atmf provision node...

Страница 2151: ...provision nodes command Related commands show atmf provision nodes device1 show atmf provision nodes ATMF Provisioned Node Information Backup Media SD Total 3827 0MB Free 3481 1MB Node Name device2 D...

Страница 2152: ...the command has already been set up Otherwise an error message is shown when the command is run NOTE We advise that after running this command you return to a known working directory typically flash E...

Страница 2153: ...boot the next node in the sequence This command can take a significant amount of time to complete Syntax atmf reboot rolling force url Mode Privileged Exec Usage You can load the software from a varie...

Страница 2154: ...ify the exact release filename without using wild card characters On bootup the software release is verified Should an upgrade fail the upgrading unit will revert back to its previous software version...

Страница 2155: ...Working set join ATMF_NETWORK 3 atmf reboot rolling ATMF Rolling Reboot Nodes Timeout Node Name Minutes SW_Team1 14 SW_Team2 8 SW_Team3 8 Continue the rolling reboot y n y ATMF Rolling Reboot Rebooti...

Страница 2156: ...ing Reboot Nodes Timeout Node Name Minutes New Release File Status SW_Team1 8 x510 5 4 6 0 1 rel Release Ready SW_Team2 10 x510 5 4 6 0 1 rel Release Ready SW_Team3 8 Not Supported HW_Team1 6 Incompat...

Страница 2157: ...e will poll all known AMF masters and controllers and execute an election process based on the last successful backup and its timestamp to determine which to use If no valid backup master or controlle...

Страница 2158: ...on 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RECOVER Example To recover the AMF node named Node_10 from the AMF master node named Master_2 use the following command Master_2 atmf...

Страница 2159: ...t by reloading its backup file set that is located within the AMF backup system Note that this command must be run on the edge node device that connects to the guest node Syntax atmf recover guest gue...

Страница 2160: ...tion to their normal operational mode and in doing so assists with resolving the recovery problem You can repeat this process until the recovery failure has been resolved For more information see the...

Страница 2161: ...account that does not exist on the second node provided that atmf restricted login is disabled and the user account on the first node has privilege level 15 Moreover it is possible to use a RADIUS or...

Страница 2162: ...ion on Node20 and return to Node10 s command line use the following command Node20 exit Node10 In this example user User1 is a valid user of node5 They can remotely login from node5 to node3 by using...

Страница 2163: ...This allows access to the atmf working set command from any node in the AMF network Syntax atmf restricted login no atmf restricted login Mode Privileged Exec Default Master nodes operate with atmf r...

Страница 2164: ...d Reference for AR2050V 2164 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RESTRICTED LOGIN Command changes Version 5 4 6 2 1 changes to AMF...

Страница 2165: ...etwork Use the no variant of this command to disable AMF secure mode on an AMF node Syntax atmf secure mode no atmf secure mode Default Secure mode is disabled by default Mode Global Configuration Usa...

Страница 2166: ...S MANAGEMENT FRAMEWORK AMF COMMANDS ATMF SECURE MODE clear atmf secure mode certificates clear atmf secure mode statistics show atmf show atmf authorization show atmf secure mode show atmf secure mode...

Страница 2167: ...eged Exec Example To remove an AMF node named node3 from an AMF network use the following command on the AMF master awplus atmf secure mode certificate expire node3 To remove an AMF node named node2 i...

Страница 2168: ...l Configuration Example To set AMF secure mode certificate expiry to 7 days use the commands awplus configure terminal awplus config atmf secure mode certificate expiry 7 To set AMF secure mode certif...

Страница 2169: ...twork Secure mode certificates renew automatically but this command could be used to renew a certificate in a situation where the automatic renewal may happen while the device is not attached to the A...

Страница 2170: ...of this command to disable AMF secure mode on an entire network Syntax atmf secure mode enable all no atmf secure mode enable all Default Secure mode is disabled by default Mode Privileged Exec Usage...

Страница 2171: ...t ticks every 10 seconds for a maximum of 10 times and checks if all the secure mode capable nodes rejoin the AMF network NOTE Enabling or disabling secure mode on the network saves the running config...

Страница 2172: ...rivileged Exec Usage After running this command use the atmf working set command to select the set of nodes you want to access in the remote area Example To access nodes in the area Canterbury use the...

Страница 2173: ...d member nodes Enabled by default on Controllers Mode Global Configuration mode Usage To use Vista Manager EX you must also enable the HTTP service on all AMF nodes including all AMF masters and contr...

Страница 2174: ...ommand allows a virtual tunnel to be created between two remote sites over a layer 3 link The tunnel encapsulates AMF packets and allows them to be sent transparently across a Wide Area Network WAN su...

Страница 2175: ...irtual crosslink id 10 ip 192 168 200 1 remote id 5 remote ip 192 168 100 1 To remove this virtual crosslink run the following commands on the local site siteA configure terminal siteA config no atmf...

Страница 2176: ...f the tunnel is configured to connect a head office and branch office over the Internet typically this would involve using some type of managed WAN service such as a site to site VPN Tunnels are only...

Страница 2177: ...168 1 1 remote id 2 remote ip 192 168 2 1 Node_20 config atmf virtual link id 2 ip 192 168 2 1 remote id 1 remote ip 192 168 1 1 Example 2 To set up an area virtual link to a remote site assuming IP c...

Страница 2178: ...hing other than the local device the prompt will change to the AMF network name followed by the size of the working set shown in square brackets This command has to be run at privilege level 15 In add...

Страница 2179: ...set use the command node1 atmf working set group all NOTE This command adds the implicit group all to the working set where all comprises all nodes in the AMF This command displays an output screen s...

Страница 2180: ...no variant of this command to remove a bridge group from an AMF container Syntax bridge group bridge id no bridge group Mode AMF Container Configuration Usage Each container has two virtual interface...

Страница 2181: ...ANDS CLEAR ATMF LINKS STATISTICS clear atmf links statistics Overview This command resets the values of all AMF link port and global statistics to zero Syntax clear atmf links statistics Mode Privileg...

Страница 2182: ...mf secure mode certificates If this is the only master on the network you will see the following warning On an AMF member you will see the following message Related Commands atmf authorize atmf secure...

Страница 2183: ...atmf secure mode statistics Overview Use this command to reset all secure mode statistics to 0 Syntax clear atmf secure mode statistics Mode Privileged Exec Example To reset the AMF secure mode stati...

Страница 2184: ...slink arealink database neighbor error all Default All debugging facilities are disabled Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command output...

Страница 2185: ...C613 50186 01 Rev B Command Reference for AR2050V 2185 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS DEBUG ATMF Related Commands no debug all...

Страница 2186: ...f 60 seconds with no filters applied NOTE An alias to the no variant of this command undebug atmf can be found elsewhere in this chapter Mode User Exec and Global Configuration Usage If no additional...

Страница 2187: ...dump packets from an interface portx x x on the local node ifname Interface port or virtual link pkt type Sets the filter on packets with a particular AMF packet type 1 Crosslink Hello BPDU packet wit...

Страница 2188: ...tem Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS DEBUG ATMF PACKET This example applies the debug atmf packet command and combines many of its options node_1 debug atmf packet di...

Страница 2189: ...al switch port to each of the guest nodes The MAC addresses of each of the guests of that class can then be learned from ARP or Neighbor discovery tables If you are using the static discovery method y...

Страница 2190: ...COMMANDS DISCOVERY Example 2 To return the discovery method for the guest class TQ4600 1 to its default of dynamic use the following commands Node1 conf t Node1 config atmf guest class TQ4600 1 Node1...

Страница 2191: ...host See the AMF Feature Overview and Configuration Guide for more information on running multiple tenants on a single VAA host Use the no variant of this command to remove the description from an AM...

Страница 2192: ...he backup release file license files The device is then rebooted and returned to its factory default condition The device can then be used for AMF automatic node recovery Syntax erase factory default...

Страница 2193: ...rt number no http enable Default http enable is off If http enable is selected without a port parameter the port number will default to 80 Mode ATMF Guest Configuration Mode Example 1 To enable HTTP a...

Страница 2194: ...rence for AR2050V 2194 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS HTTP ENABLE Related Commands atmf guest class switchport atmf guestlink show...

Страница 2195: ...s are set so syslog sends the messages out as they come NOTE There is a difference between log event and log host messages Log event messages are sent out as they come by syslog Log host messages are...

Страница 2196: ...tq to the guest class called tq_device use the following commands node1 conf t node1 config atmf guest class tq_device node1 config atmf guest modeltype tq node1 config atmf guest end Example 2 To re...

Страница 2197: ...rted with AlliedWare Plus Feature Overview and Configuration Guide Example 1 To show summary information on AMF node_1 use the following command node_1 show atmf summary Example 2 To show information...

Страница 2198: ...de_1 show atmf tech Table 2 Output from the show atmf session command node_1 show atmf session CLI Session Neighbors Session ID 73518 Node Name node_1 PID 7982 Link type Broadcast cli MAC Address 0000...

Страница 2199: ...C 0014 2299 137d Parent Domain Parent Domain Controller Parent Domain Controller MAC 0000 0000 0000 Number of Domain Events 0 Crosslink Ports Blocking 0 Uplink Ports Waiting on Sync 0 Crosslink Sequen...

Страница 2200: ...he VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet Network prefix for the subnet Manag...

Страница 2201: ...ller 1 show atmf area The following figure shows example output from running this command on a controller The following figure shows example output from running this command on a remote master Paramet...

Страница 2202: ...has not been established This could meanthat a port or vlan is down or that inconsistent VLANs have been configured using the switchport atmf arealink remote area command N A for the area of the contr...

Страница 2203: ...tmf area summary show atmf area nodes show atmf area nodes detail Table 8 Output from the show atmf area detail command controller 1 show atmf area detail ATMF Area Detail Information Controller dista...

Страница 2204: ...e area name for guest information node name The name of the node that connects to the guests main building Area Guest Node Information Device MAC IP IPv6 Type Address Parent Port Address 0008 5d10 763...

Страница 2205: ...AR2050V 2205 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF AREA GUESTS Related Commands show atmf area show atmf area nodes show atmf b...

Страница 2206: ...il northern node1 Output Figure 47 9 Example output from the show atmf guest detail command Parameter Description area name The name assigned to the AMF area An area is an AMF network that is under th...

Страница 2207: ...number on the parent node Guest Description A brief description of the guest node as manually entered into the description interface command for the guest node port on the parent node Device Type The...

Страница 2208: ...mple To show summarized information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes The following figure shows partial example output from running this...

Страница 2209: ...detail ATMF Master Whether the node is an AMF master node for its area Y if it is and N if it is not SC The device configuration one of C Chassis SBx8100 series S Stackable VCS or N Standalone Parent...

Страница 2210: ...ample To show information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes detail The following figure shows partial example output from running this co...

Страница 2211: ...m the show atmf area nodes detail command Parameter Definition Node name The name assigned to a particular node Parent node name The node to which the current node has an active uplink Domain id Board...

Страница 2212: ...rea summary The following figure shows example output from running this command Related Commands show atmf area show atmf area nodes show atmf area nodes detail Parameter Description area name Display...

Страница 2213: ...MF nodes which are requesting authorization on an AMF controller or AMF master use the command awplus show atmf authorization pending To display AMF nodes which have provisional authorization use the...

Страница 2214: ...thorization Authorization expiry time is set using atmf secure mode certificate expiry Pending Authorizations NZ Requests Node Name Product Parent Node Interface area_1_node_3 x230 18GP master_1 port1...

Страница 2215: ...show atmf secure mode show atmf secure mode certificates Command changes Version 5 4 7 0 3 command added Table 47 3 Parameters in the output from show atmf authorization provisional Parameter Descript...

Страница 2216: ...ogs Displays detailed log information server status Displays connectivity diagnostics information for each configured remote file server synchronize Display the file server synchronization status logs...

Страница 2217: ...logs Backup Redundancy Enabled Local media SD Total 3788 0MB Free 1792 8MB State Inactive Remote file server is not available Log File Location card atmf ATMF logs rsync_ node name log Node Name Log D...

Страница 2218: ...forming This will be a combination of either Idle Starting Doing Stopping or manual scheduled Started The date and time that the currently executing task was initiated in the format DD MMM YYYY HH MM...

Страница 2219: ...es note that the backup may still be deemed successful depending on the errors Stopped meaning that the backup attempt was manually aborted Good meaning that the backup was completed successfully In P...

Страница 2220: ...aster nodes in one or more areas Note that this command is only available on AMF controllers Syntax show atmf backup area area name node name logs Mode Privileged Exec Example To show information abou...

Страница 2221: ...e 15 Oct 2016 04 30 Backup Bandwidth Unlimited Backup Media FILE SERVER 1 Total 128886 5MB Free 26234 2MB Server Config 1 Configured Mounted Active Host 10 37 74 1 Username root Path tftpboot backups_...

Страница 2222: ...status use the command x930 master show atmf backup guest Output Figure 47 13 Example output from show atmf backup guest Parameter Description node name The name of parent guest node guest port The po...

Страница 2223: ...1 46 Good USB 19 Jan 2016 22 21 46 Good Table 47 1 Parameters in the output from show atmf backup guest Parameter Description Guest Backup The status of the guest node backup process Scheduled Backup...

Страница 2224: ...single VAA host See the AMF Feature Overview and_Configuration Guide for more information on running multiple tenants on a single VAA host Syntax show atmf container detail container name Mode Privile...

Страница 2225: ...command Memory The amount of memory the container is using on the VAA host CPU The percentage of CPU time the container is using on the VAA at the time the show command is run awplus show atmf contain...

Страница 2226: ...F management IP address CPU use The CPU usage of the container since it was enabled Memory use Container memory usage Link Each container has two links 1 An AMF area link this connects the container t...

Страница 2227: ...screen from this command is shown below Parameter Description detail Displays output in greater depth atmf 1 show atmf detail ATMF Detail Information Network Name Test_network Network Mtu 1300 Node Na...

Страница 2228: ...F root node Domain State The state of Node in a Domain in AMF network as Controller Backup Recovery State The AMF node recovery status Indicates whether a node recovery is in progress on this device A...

Страница 2229: ...these groups Syntax show atmf group user defined automatic Default All groups are displayed Mode Privileged Exec Example 1 To display group membership of node2 use the following command node2 show at...

Страница 2230: ...master poe x8100 node1 node2 node3 node4 node5 node6 ATMF group information sysadmin x8100 AMF_NETWORK 6 Table 49 Sample output from the show atmf group command for a working set AMF_NETWORK 6 show a...

Страница 2231: ...based on their own criteria which can be used to select groups of nodes Syntax show atmf group members user defined automatic Mode Privileged Exec Example To display group membership of all nodes in...

Страница 2232: ...52 Parameter definitions from the show atmf group members command Parameter Definition Automatic Groups Lists the Automatic Groups and their nodal composition The sample output shows AMF nodes based o...

Страница 2233: ...ommand awplus show atmf guests Output Figure 47 17 Example output from the show atmf guests command master show atmf guests Guest Information Device Device Parent Guest IP IPv6 Name Type Node Port Add...

Страница 2234: ...guestlink show atmf backup guest show atmf links guest Parent Node The name of the AMF node that directly connects to the guest node Guest Port The port on the parent node that directly connects to t...

Страница 2235: ...d specify the node name or show atmf links guest detail which shows information about the guest nodes and also about their link to their parent node Note that the parameters that are displayed depend...

Страница 2236: ...s discovered from the device or failing that auto assigned by AMF The auto assigned name consists of parent node name attached port number You can change this by configuring a description on the port...

Страница 2237: ...erence for AR2050V 2237 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF GUESTS DETAIL Related Commands atmf guest class switchport atmf gu...

Страница 2238: ...links brief Figure 47 19 Example output from show atmf links brief Parameter Description brief A brief summary of AMF links their configuration and status Example core show atmf links ATMF Link Brief...

Страница 2239: ...to ensure link is stable Incompatible Neighbor rejected the link because of inconsistency in AMF configurations OneWay Link is up and has waited the hold down period and now attempting to link to anot...

Страница 2240: ...ail The output from this command will display all the internal data held for AMF links The following example gives details of the links that are summarized in the example in show atmf links Parameter...

Страница 2241: ...0 Example core 4610 Transaction ID 2 2 MAC Address eccd 6dd1 64d0 0000 cd37 054b Link State Full Full Domain Nodes Tree Node Building A Links on Node 1 Link 0 Building A 4630 Example core 4630 Forward...

Страница 2242: ...Depth 0 Transaction ID 6 Flags 32 Domain Controller Domain Controller MAC 0000 0000 0000 Downlink Domain Information Domain Dept A s domain Domain Controller Dept A Domain Controller MAC eccd 6d20 c1d...

Страница 2243: ...Domain Dorm D s domain Node Building A Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Building B Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Example core Ifindex...

Страница 2244: ...t MAC eccd 6ddf 6cdf Adjacent Domain Controller Dorm D Adjacent Domain Controller MAC 0000 cd37 082c Port Forwarding State Forwarding Port BPDU Receive Count 95 Port Sequence Number 11 Port Adjacent S...

Страница 2245: ...Link has been shut down by user configuration Port BPDU Receive Count The number of AMF protocol PDU s received Adjacent Node Name The name of the adjacent node connected to this node Adjacent Ifindex...

Страница 2246: ...for the neighbor in crosslink Flags Used in domain messages to exchange the state ATMF_DOMAIN_FLAG_DOWN 0 ATMF_DOMAIN_FLAG_UP 1 ATMF_DOMAIN_FLAG_BLOCK 2 ATMF_DOMAIN_FLAG_NOT_PRESENT 4 ATMF_DOMAIN_FLA...

Страница 2247: ...tual router id for the local port Port Status Shows status of the local port on the Node as UP DOWN Port State AMF state of the local port Adjacent Node nodename of the adjacent node Adjacent Internal...

Страница 2248: ...mand Reference for AR2050V 2248 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF LINKS DETAIL Related Commands no debug all clear atmf link...

Страница 2249: ...on about AMF guests that are connectible from node1 use the command node1 show atmf links guest Output Figure 47 20 Example output from show atmf links guest Parameter Description interface interface...

Страница 2250: ...ort atmf guestlink show atmf backup guest Model Type The model type of the guest node as entered by the modeltype command Can be one of the following alliedware aw tq other DC The discovery method as...

Страница 2251: ...isplay details for all ports with guest nodes connected Mode User Exec Privileged Exec Usage Use this command to display the guest nodes connected to a single parent node If you want to see a list of...

Страница 2252: ...node1 1 0 17 Firmware Version 3 2 1 A02 Table 47 2 Parameters in the output from show atmf links guest detail Parameter Description Interface The port on the parent node that connects to the guest Lin...

Страница 2253: ...s in the process of retrieving any other available information from the guest firmware version etc The information available depends on what device the guest node is Full The AMF device has retrieved...

Страница 2254: ...uest Serial Number The serial number of the guest node Firmware Name The name of the firmware operating on the guest node Firmware Version The version of the firmware operating on the guest node HTTP...

Страница 2255: ...ce1 show atmf links statistics Parameter Description interface Specifies that the command applies to a specific interface port or range of ports Where both the interface and port number are unspecifie...

Страница 2256: ...cksum or type Type7 0 Incarnation is not possible with the data received Type8 0 Discard crosslink hello received not correct state Type9 0 Discard crosslink domain hello received on non crosslink Typ...

Страница 2257: ...debug all clear atmf links statistics show atmf device1 show atmf links statistics interface port1 0 5 ATMF Port Statistics Transmit Receive port1 0 5 Crosslink Hello 231 232 port1 0 5 Crosslink Hello...

Страница 2258: ...other improvements Syntax show atmf nodes guest all Mode Privileged Exec Usage You can use this command to display one of three sets of nodes all nodes except guest nodes by specifying show atmf nodes...

Страница 2259: ...e at the end node1 show atmf nodes all Node and Guest Information Local device SC Switch Configuration C Chassis S Stackable N Standalone G Guest Node Guest Device ATMF Parent Node Name Type Master SC...

Страница 2260: ...is run Example To show the details of all the provisioned nodes in the backup use the command NodeName show atmf provision nodes Figure 47 24 Sample output from the show atmf provision nodes command R...

Страница 2261: ...cure mode Output Figure 47 25 Example output from show atmf secure mode on an AMF master Figure 47 26 Example output from show atmf secure mode on an AMF node ATMF Secure Mode Secure Mode Status Enabl...

Страница 2262: ...te Expiry Certificate expiry time Set with atmf secure mode certificate expiry Certificates Total Total number of certificates Certificates Revoked Certificates that have been revoked by the AMF maste...

Страница 2263: ...ing The default username and password is enabled Good SNMP V1 or V2 is disabled Warning Telnet server is enabled Good ATMF is enabled Secure Mode is on Good ATMF Topology GUI is disabled No trustpoint...

Страница 2264: ...secure mode link audits for a node use the command awplus show atmf secure mode audit link Output Figure 47 28 Example output from show atmf secure mode audit link Related Commands show atmf show atmf...

Страница 2265: ...secure mode certificates for a node named area_2_node_1 in an area named area 2 use the command awplus show atmf secure mode certificates detail area area 2 node area_2_node_1 Output Figure 47 29 Exa...

Страница 2266: ...F commands Valid statuses are Active Revoked and Rejected Certificates Detail area_2_node_1 area area 2 MAC Address 0000 cd37 0003 Status Active Serial Number A24SC8001 Product x510 28GTX Key Fingerpr...

Страница 2267: ...IED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF SECURE MODE CERTIFICATES Related Commands atmf authorize atmf secure mode atmf secure mode certificate expire atmf secure mode certificate renew...

Страница 2268: ...er or member node use the command awplus show atmf secure mode sa detail neighbor Output Figure 47 31 Example output from show atmf secure mode sa Parameter Description detail Display detailed securit...

Страница 2269: ...cd 6d82 6c16 Flags 000003c0 Id 83 40000053 Type Neighbor Gateway State Complete Remote MAC Address 001a eb54 e53b Flags 000003c0 Id 175 400000af Type Neighbor Gateway State Complete Remote MAC Address...

Страница 2270: ...r master neighbor relationship Broadcast SA for working set broadcast requests State Current state of the Security Association The state must be Complete before a member node is trusted and can be acc...

Страница 2271: ...To display AMF secure mode statistics on a master or member node use the command awplus show atmf secure mode statistics Output Figure 47 33 Example output from show atmf secure mode statistics on an...

Страница 2272: ...mode atmf secure mode certificate renew clear atmf secure mode statistics show atmf secure mode Command changes Version 5 4 7 0 3 command added ATMF Secure Mode Statistics Local Certificates Valid 3 I...

Страница 2273: ...atmf tech Table 48 Sample output from the show atmf tech command node1 show atmf tech ATMF Summary Information ATMF Status Enabled Network Name ATMF_NET Node Name node1 Role Master Current ATMF Nodes...

Страница 2274: ...ed to the node within the AMF network Role The role configured on the device within the AMF either master or member Current ATMF Nodes A count of the AMF nodes in the AMF network Node Address The iden...

Страница 2275: ...address used for this traffic Domain IP Address the IP address allocated for this traffic Domain Mask the Netmask used to create a subnet for this traffic 255 255 128 0 prefix 17 Device Type Shows the...

Страница 2276: ...cts to a virtual link The first link has the IP address 192 168 1 1 and has a Local ID of 1 The second has the IP address 192 168 2 1 and has the Local ID of 2 Example 2 To display AMF virtual links M...

Страница 2277: ...ed vlink1 equivalent to an L2TP tunnel Local ID The local ID of the virtual link This matches the vlink number State The operational state of the vlink either Up or Down This state is always displayed...

Страница 2278: ...displays the nodes that form the current AMF working set Syntax show atmf working set Mode Privileged Exec Example To show current members of the working set use the command ATMF_NETWORK 6 show atmf w...

Страница 2279: ...ode User Exec and Global Configuration Example To display the AMF debugging status use the command node_1 show debugging atmf Figure 47 35 Sample output from the show debugging atmf command Related Co...

Страница 2280: ...he AMF packet debugging status use the command node_1 show debug atmf packet Figure 47 36 Sample output from the show debugging atmf packet command Related Commands debug atmf debug atmf packet Table...

Страница 2281: ...ays the running system information that is specific to AMF Syntax show running config atmf Mode User Exec and Global Configuration Example To display the current configuration of AMF use the following...

Страница 2282: ...disabled Mode AMF Container Configuration Usage The first time the state enable command is executed on a container it assigns the container to an area and configures it as an AMF master This is achie...

Страница 2283: ...vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf container state enable To stop the AMF container vac wlg 1 use the commands awplus confi...

Страница 2284: ...re not visible to AMF networks Mode Interface mode for a switch port Note that the link between the x600 and the AMF network must be a single link not an aggregated link Usage The x600 Series switch p...

Страница 2285: ...up Usage Run this command on the port or aggregator at both ends of the link Each area must have the area name configured and the same area password must exist on both ends of the link Running this co...

Страница 2286: ...e for AR2050V 2286 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SWITCHPORT ATMF AREALINK REMOTE AREA Related Commands atmf area atmf area passwor...

Страница 2287: ...for the selected port or aggregated link Syntax switchport atmf crosslink no switchport atmf crosslink Mode Interface Configuration for a switchport a static aggregator or a dynamic channel group Usag...

Страница 2288: ...e terminal Node_1 config interface sa1 Node_1 config if switchport atmf crosslink Node_1 config if switchport trunk allowed vlan add 2 Node_1 config if switchport trunk native vlan none In this exampl...

Страница 2289: ...nfigure switch port 1 0 44 to be a guest link that will connect to a guest node having a guest class of camera and an IPv4 address of 192 168 3 3 use the following commands node1 configure terminal no...

Страница 2290: ...nk node1 config if end Example 4 To configure switch ports 1 0 52 to 1 0 54 to be guest links for the guest class camera use the following commands node1 configure terminal node1 config int port1 0 41...

Страница 2291: ...erconnected AMF domains This tree must be loop free Therefore you must configure your links so that no rings are formed only from up down links and or virtual links Within each domain cross links betw...

Страница 2292: ...eave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns the...

Страница 2293: ...eturns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exit Y...

Страница 2294: ...C613 50186 01 Rev B Command Reference for AR2050V 2294 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS TYPE ATMF NODE Related Commands show trigger...

Страница 2295: ...ference for AR2050V 2295 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS UNDEBUG ATMF undebug atmf Overview This command is an alias for the no vari...

Страница 2296: ...the guest class of phone1 use the following commands node1 conf t node1 config amf guest class phone1 node1 config atmf guest username reception password secret node1 config atmf guest end Example 2...

Страница 2297: ...613 50186 01 Rev B Command Reference for AR2050V 2297 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS USERNAME show atmf links guest show atmf nodes...

Страница 2298: ...nd saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide This guide is available at the above link on alliedtelesis com Command List bootfile on p...

Страница 2299: ...page 2331 option on page 2332 probe enable on page 2334 probe packets on page 2335 probe timeout on page 2336 probe type on page 2337 range on page 2338 route on page 2339 service dhcp relay on page 2...

Страница 2300: ...f the boot file that the client should use in its bootstrap process It may need to include a path The no variant of this command removes the boot filename from a DHCP server pool Syntax bootfile filen...

Страница 2301: ...r range are specified and one or more static DHCP bindings exist within those addresses any dynamic entries within those addresses are cleared but any static entries are not cleared Examples To clear...

Страница 2302: ...ult router or all default routers from the DHCP pool Syntax default router ip address no default router ip address Mode DHCP Configuration Examples To add a router with an IP address 192 168 1 2 to th...

Страница 2303: ...pool Syntax dns server ip address no dns server ip address Mode DHCP Configuration Examples To add the DNS server with the assigned IP address 192 168 1 1 to the DHCP pool named P1 use the following...

Страница 2304: ...no variant of this command removes the domain name from the address pool Syntax domain name domain name no domain name Mode DHCP Configuration Examples To add the domain name Nerv_Office to DHCP pool...

Страница 2305: ...t be configured using a network command before issuing a host command Also note that a host address must match a network to add a static host address Examples To add the host at 192 168 1 5 with the M...

Страница 2306: ...ip name server command Option 15 a domain name used to resolve host names This option replaces the domain name set with the ip domain name command Your device ignores this domain name if it has a doma...

Страница 2307: ...FIGURATION PROTOCOL DHCP COMMANDS IP ADDRESS DHCP To stop the interface vlan10 from using DHCP to obtain its IP address use the commands awplus configure terminal awplus config interface vlan10 awplus...

Страница 2308: ...by default The no variant of this command configures the DHCP server to accept BOOTP requests This is the default setting Syntax ip dhcp bootp ignore no ip dhcp bootp ignore Mode Global Configuration...

Страница 2309: ...s Use the no variant of this command to disable the support of DHCPLEASEQUERY packets For more information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp leasequery enable no ip...

Страница 2310: ...1 254 The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name used to identify the option You cann...

Страница 2311: ...fined IP address option as option 175 with the name special address use the commands awplus configure terminal awplus config ip dhcp option 175 name special address ip To remove the specific user defi...

Страница 2312: ...iple interfaces This allows the device to act as a DHCP server on multiple interfaces to distribute different information to clients on the different networks The no variant of this command deletes th...

Страница 2313: ...is operating via an interface that is only intended to be used for back up interface redundancy purposes such as a VLAN containing a single switchport or a 4G cellular interface on an AR Series Firewa...

Страница 2314: ...V 2314 AlliedWare Plus Operating System Version 5 4 7 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS IP DHCP CLIENT DEFAULT ROUTE DISTANCE Related Commands show ip route show ip route database...

Страница 2315: ...the server For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide NOTE The DHCP relay service mightalter the content of the...

Страница 2316: ...field use the commands awplus configure terminal awplus config interface ppp0 awplus config if ip dhcp relay agent option To stop the relay agent from appending the DHCP Relay Agent Option 82 field on...

Страница 2317: ...ing no ip dhcp relay agent option checking Mode Interface Configuration for a VLAN interface or a PPP interface Examples To make the DHCP Relay Agent listening on vlan10 check the DHCP Relay Agent Inf...

Страница 2318: ...are Plus Operating System Version 5 4 7 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS IP DHCP RELAY AGENT OPTION CHECKING Related Commands ip dhcp relay agent option ip dhcp relay agent option...

Страница 2319: ...option remote id remote id no ip dhcp relay agent option remote id Default The Remote ID is set to the device s MAC address by default Mode Interface Configuration for a VLAN interface or a PPP interf...

Страница 2320: ...P interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 timeslots all awplus config if ip dhcp relay agent option remote id myid To remove the Remote ID specified for...

Страница 2321: ...y Agent Option 82 field with its own DHCP Relay Agent field This is equivalent to the functionality of the replace parameter The no variant of this command returns the policy to the default behavior i...

Страница 2322: ...ntain DHCP Relay Agent Option 82 information use the commands awplus configure terminal awplus config interface vlan15 awplus config if ip dhcp relay information policy drop To reset the DHCP relay in...

Страница 2323: ...of this command to reset the hop count to the default For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp...

Страница 2324: ...erface Usage When a DHCP Relay Agent that has DHCP Relay Agent Option 82 insertion enabled receives a request packet from a DHCP client it will append the DHCP Relay Agent Option 82 component data and...

Страница 2325: ...ON PROTOCOL DHCP COMMANDS IP DHCP RELAY MAX MESSAGE LENGTH To reset the maximum DHCP message length to the default of 1400 bytes for packets arriving in interface vlan7 use the commands awplus configu...

Страница 2326: ...relay server address ipv4 address ipv6 address server interface no ip dhcp relay Mode Interface Configuration for a VLAN interface or a PPP interface Usage For a DHCP server with an IPv6 address you...

Страница 2327: ...2 awplus config if no ip dhcp relay server address 192 0 2 200 To enable the DHCP Relay Agent on your device to relay DHCP packets on interface vlan10 to the DHCP server with the IPv6 address 2001 0db...

Страница 2328: ...t the lease expiry time to infinite leases never expire Use the no variant of this command to return the lease expiration time back to the default of one day Syntax lease days hours minutes seconds le...

Страница 2329: ...us config ip dhcp pool Nerv_Office awplus dhcp config lease 1 5 30 To set the lease expiration time for the address pool P3 to 20 seconds use the commands awplus configure terminal awplus config ip dh...

Страница 2330: ...e pool You must remove all ranges in the pool before issuing a no network command to remove a network from the pool Examples To configure a network for the address pool P2 where the subnet is 192 0 2...

Страница 2331: ...server that the client should use in its bootstrap process The no variant of this command removes the next server address from the DHCP address pool Syntax next server ip address no next server Mode D...

Страница 2332: ...es the specified user defined option from the DHCP pool or all user defined options from the DHCP pool Syntax option 1 254 option name option value no option 1 254 option value Mode DHCP Configuration...

Страница 2333: ...ption tcpip node type 08af To add multiple IP addresses for the ip type option 175 use the command awplus dhcp config option 175 192 0 2 6 awplus dhcp config option 175 192 0 2 12 awplus dhcp config o...

Страница 2334: ...sed by another host The no variant of this command disables probing for a DHCP pool Syntax probe enable no probe enable Default Probing is enabled by default Mode DHCP Pool Configuration Examples To e...

Страница 2335: ...of probe packets sent to the default of 5 Syntax probe packets 0 10 no probe packets Default The default is 5 Mode DHCP Pool Configuration Examples To set the number of probe packets to 2 for pool P2...

Страница 2336: ...ng 200 milliseconds Syntax probe timeout 50 5000 no probe timeout Default The default timeout interval is 200 milliseconds Mode DHCP Pool Configuration Examples To set the probe timeout value to 500 m...

Страница 2337: ...l send an ICMP Echo Request ping The no variant of this command sets the probe type to the default setting ping Syntax probe type arp ping no probe type Default The default probe type is ping Mode DHC...

Страница 2338: ...address ranges from the DHCP pool Syntax range ip address ip address no range ip address ip address no range all Mode DHCP Configuration Examples To add an address range of 192 0 2 5 to 192 0 2 16 to...

Страница 2339: ...DHCP Configuration Examples To distribute static routes for route 0 0 0 0 0 whose next hop is 192 16 1 1 to clients using both opt249 and rfc3442 use the command awplus configure terminal awplus conf...

Страница 2340: ...relay no service dhcp relay Mode Global Configuration Usage A maximum number of 400 DHCP Relay Agents one per interface can be configured on the device Once this limit has been reached any further at...

Страница 2341: ...your device The server then listens for DHCP requests on all IP interfaces It will not run if there are no IP interfaces configured The no variant of this command disables the DHCP server Syntax servi...

Страница 2342: ...tput from the show counter dhcp client command Related Commands ip address dhcp show counter dhcp client DHCPDISCOVER out 10 DHCPREQUEST out 34 DHCPDECLINE out 4 DHCPRELEASE out 0 DHCPOFFER in 22 DHCP...

Страница 2343: ...ers for the DHCP Relay Agent on your device use the following command awplus show counter dhcp relay Output Figure 48 2 Example output from the show counter dhcp relay command Parameter Description vr...

Страница 2344: ...elayed to servers Relayed To Client The number of DHCP Reply messages relayed to clients Out To Server Failed The number of failures when attempting to send request messages to servers This is an inte...

Страница 2345: ...t ID The number of incoming DHCP Reply messages dropped due to a missing circuit ID Note that Agent Option counters only increment on errors occurring if the ip dhcp relay agent option command is conf...

Страница 2346: ...another DHCP Relay Agent This policy is set with the ip dhcp relay information policy command there is a packet error that stops the DHCP Relay Agent from being able to append the packet with its DHC...

Страница 2347: ...rom the show counter dhcp server command DHCP server counters DHCPDISCOVER in 20 DHCPREQUEST in 12 DHCPDECLINE in 1 DHCPRELEASE in 0 DHCPINFORM in 0 DHCPOFFER out 8 DHCPACK out 4 DHCPNAK out 0 BOOTREQ...

Страница 2348: ...ages sent by the DHCP server The server sends these after receiving a request that it cannot fulfil because either there are no available IP addresses in the related address pool or the request has co...

Страница 2349: ...evice For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Syntax show dhcp l...

Страница 2350: ...9 Renew 13 Mar 2017 18 37 06 Rebind 13 Mar 2017 19 49 29 Server Options subnet mask 255 255 255 0 routers 19 18 2 100 12 16 2 17 dhcp lease time 3600 dhcp message type 5 domain name servers 192 168 10...

Страница 2351: ...us show ip dhcp binding 172 16 2 16 To display the leases from the address pool MyPool use the command awplus show ip dhcp binding MyPool Output Figure 48 6 Example output from the show ip dhcp bindin...

Страница 2352: ...or AR2050V 2352 AlliedWare Plus Operating System Version 5 4 7 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS SHOW IP DHCP BINDING Related Commands clear ip dhcp binding ip dhcp pool lease rang...

Страница 2353: ...pool Mode User Exec and Privileged Exec Example awplus show ip dhcp pool Output Figure 48 7 Example output from the show ip dhcp pool command Parameter Description address pool Name of a specific add...

Страница 2354: ...esses Total 8 Leased 2 Utilization 25 0 Static host addresses Total 1 Leased 1 Table 3 Parameters in the output of the show ip dhcp pool command Parameter Description Pool Name of the pool network Sub...

Страница 2355: ...sent In the range 50 to 5000 dns servers The DNS server addresses sent to by the pool to clients default router s The default router addresses sent by the pool to clients user defined options The lis...

Страница 2356: ...0V 2356 AlliedWare Plus Operating System Version 5 4 7 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS SHOW IP DHCP POOL Related Commands ip dhcp pool probe enable probe packets probe timeout pr...

Страница 2357: ...ample To display the DHCP Relay Agent s configuration on the interface vlan100 use the command awplus show ip dhcp relay interface vlan100 Output Figure 48 9 Example output from the show ip dhcp relay...

Страница 2358: ...agent option checking ip dhcp relay information policy ip dhcp relay maxhops ip dhcp relay server address Command changes Version 5 4 6 2 1 VRF lite support added DHCP Relay Service is enabled VRF re...

Страница 2359: ...eged Exec Example To display the server statistics use the command awplus show ip dhcp server statistics Output Figure 48 11 Example output from the show ip dhcp server statistics command DHCP server...

Страница 2360: ...request that it cannot fulfil because either there are no available IP addresses in the related address pool or the request has come from a client that doesn t fit the network setting for an address p...

Страница 2361: ...currently configured This show command does not include any configuration details of the address pools You can display these using the show ip dhcp pool command For information on filtering and savin...

Страница 2362: ...the pool s network mask specified using the next server command is applied The no variant of this command removes a subnet mask option from a DHCP pool The pool reverts to using the pool s network ma...

Страница 2363: ...prefixes DHCPv6 Prefix Delegation provides automatic configuration of IPv6 addresses and IPv6 prefixes Note that DHCPv6 client does not support tunnel interface For information on filtering and savin...

Страница 2364: ...384 ipv6 dhcp pool on page 2386 ipv6 dhcp server on page 2388 ipv6 local pool on page 2389 ipv6 nd prefix DHCPv6 on page 2391 link address on page 2393 option DHCPv6 on page 2395 prefix delegation poo...

Страница 2365: ...e available allocated by the IPv6 prefix randomly generating the suffix of the IPv6 address with the specified preferred and valid lifetime leases Leased IPv6 address are found in the Parameter Descri...

Страница 2366: ...nt from deprecated addresses or prefixes are delivered as expected An IPv6 address or prefix becomes invalid and is not available to an interface when the valid lifetime timer expires Invalid addresse...

Страница 2367: ...A deprecated address or prefix should not be used as a source address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected Parameter Description first ipv6 addres...

Страница 2368: ...o add the IPv6 address range 2001 0db8 1 1 to 2001 0db8 1fff 1 for DHCPv6 server pool configuration use the following commands awplus configure terminal awplus config ipv6 dhcp pool pool1 awplus confi...

Страница 2369: ...NTER IPV6 DHCP CLIENT clear counter ipv6 dhcp client Overview Use this command in Privileged Exec mode to clear DHCPv6 client counters Syntax clear counter ipv6 dhcp client Mode Privileged Exec Exampl...

Страница 2370: ...NTER IPV6 DHCP SERVER clear counter ipv6 dhcp server Overview Use this command in Privileged Exec mode to clear DHCPv6 server counters Syntax clear counter ipv6 dhcp server Mode Privileged Exec Exampl...

Страница 2371: ...are cleared but any static entries are not cleared The clear ipv6 dhcp binding command is used as a server function A binding table entry on the DHCPv6 server is automatically Created whenever a pref...

Страница 2372: ...HCPV6 COMMANDS CLEAR IPV6 DHCP BINDING Example To clear all dynamic DHCPv6 server binding entries use the command awplus clear ipv6 dhcp binding all Output Figure 49 1 Example output from the clear ip...

Страница 2373: ...Use this command in Privileged Exec mode to restart a DHCPv6 client on an interface Syntax clear ipv6 dhcp client interface Mode Privileged Exec Example To restart a DHCPv6 client on interface vlan1...

Страница 2374: ...dd the DNS server with the assigned IPv6 address 2001 0db8 3000 3000 32 to the DHCPv6 server pool named P2 use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus d...

Страница 2375: ...01 Rev B Command Reference for AR2050V 2375 AlliedWare Plus Operating System Version 5 4 7 1 x DHCP FOR IPV6 DHCPV6 COMMANDS DNS SERVER DHCPV6 Related Commands ipv6 dhcp pool option DHCPv6 show ipv6...

Страница 2376: ...he pre defined option 15 Note that if you add a user defined option 15 using the option DHCPv6 command then you will override any settings created with this command Examples To add the domain name Eng...

Страница 2377: ...the MAC address of the device For more information about EUI64 see the IPv6 Feature Overview and Configuration Guide Examples To configure a PD prefix named prefix1 on interface vlan1 and then add an...

Страница 2378: ...he following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 address 2001 0db8 a2 48 To remove the IPv6 address 2001 0db8 a2 48 from the VLAN interface vlan2 use...

Страница 2379: ...b8 32 from VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config interface vlan2 awplus config if no ipv6 address 2001 0db8 64 eui64 Val...

Страница 2380: ...ist appends the DNS servers set on your device with the dns server DHCPv6 command Option 15 a domain name used to resolve host names This option replaces any domain name that you have set with the dom...

Страница 2381: ...ress use the commands awplus configure terminal awplus config interface ppp0 awplus config if ipv6 address dhcp To stop the PPP interface ppp0 from using DHCPv6 to obtain its IPv6 address use the comm...

Страница 2382: ...n interface Usage Entering the ipv6 dhcp client pd command starts the DHCPv6 client process if not already running and enables requests for prefix delegation through the interface on which the command...

Страница 2383: ...DHCP CLIENT PD To disable prefix delegation on the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 dhcp client pd Rela...

Страница 2384: ...The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name used to identify the option You cannot use...

Страница 2385: ...ipv6 dhcp option 46 name tcpip node type hex To define a user defined IP address option as option 175 with the name special address use the following commands awplus configure terminal awplus config...

Страница 2386: ...to delete the specific DHCPv6 pool Syntax ipv6 dhcp pool DHCPv6 poolname no ipv6 dhcp pool DHCPv6 poolname Mode Global Configuration Usage All DHCPv6 prefix pool names must be unique IPv6 prefix pool...

Страница 2387: ...rence for AR2050V 2387 AlliedWare Plus Operating System Version 5 4 7 1 x DHCP FOR IPV6 DHCPV6 COMMANDS IPV6 DHCP POOL Related Commands ipv6 local pool option DHCPv6 prefix delegation pool show ipv6 d...

Страница 2388: ...ation and configuration through the specified interface Note that DHCPv6 client DHCPv6 server and DHCPv6 relay are mutually exclusive on an interface When one of the DHCPv6 functions is enabled on an...

Страница 2389: ...esses an IPv6 address prefix areassignedandnotsingleIPv6addresses IPv6prefixpoolsarenotallowed to overlap Parameter Description DHCPv6 poolname Description used to identify this DHCPv6 server pool Val...

Страница 2390: ...xpool All IPv6prefixesalready allocated are also freed Examples To create alocalDHCPv6 local pool named P2 withtheIPv6 prefixand prefixlength 2001 0db8 32 with an assigned length of 64 use the followi...

Страница 2391: ...usually set between 0 and 64 valid lifetime The the period during which the specified IPv6 address prefix is valid This can be set to a value between 5 and 315360000 seconds Note that this period shou...

Страница 2392: ...nvalid addresses or prefixes should not appear as the source or destination for a packet Examples The following example configures the device to issue RAs Router Advertisements on the VLAN interface v...

Страница 2393: ...eived via an intermediate relay to a configured delegation pool When an address on the incoming interface of the DHCPv6 server or a link address set in the incoming delegation request packet from the...

Страница 2394: ...b8 1 48 as the link address for pool P2 use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 address prefix 2001 0db8 2 48 awplus config dhcp6 link...

Страница 2395: ...ress format so if the option already exists in the pool then the new IP address is added to the list of existing IPv6 prefixes Also note options with the same number as one of the pre defined options...

Страница 2396: ...08af use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 option tcpip node type 08af To add multiple IP addresses for the ip type option 175 use t...

Страница 2397: ...n unassignedprefixes fromthe pool After the client releases the previously assigned prefixes the server returns the prefixes to the pool for reassignment Preferred IPv6 addresses or prefixes are avail...

Страница 2398: ...nvalid and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet Example This example adds DH...

Страница 2399: ...information use the command awplus show counter ipv6 dhcp client Output Figure 49 2 Example output from the show counter ipv6 dhcp client command awplus show counter ipv6 dhcp client SOLICIT out 20 A...

Страница 2400: ...sent by the DHCPv6 client REPLY in Displays the count of REPLY messages received by the DHCPv6 client RELEASE out Displays the count of RELEASE messages sent by the DHCPv6 client DECLINE out Displays...

Страница 2401: ...information use the command awplus show counter ipv6 dhcp server Output Figure 49 3 Example output from the show counter ipv6 dhcp server command awplus show counter ipv6 dhcp server SOLICIT in 20 ADV...

Страница 2402: ...ved by the DHCPv6 server REPLY out Displays the count of REPLY messages sent by the DHCPv6 server RELEASE in Displays the count of RELEASE messages received by the DHCPv6 server DECLINE in Displays th...

Страница 2403: ...e The DUID is based on the link layer address for both DHCPv6 client and DHCPv6 server identifiers The device uses the MAC address from the lowest interface number for the DUID The DUID is used by a D...

Страница 2404: ...nd Privileged Exec Example 1 To display the total DHCPv6 leasing address entries for all pools use the command awplus show ipv6 dhcp binding summary Output Figure 49 5 Example output from the show ipv...

Страница 2405: ...DHCPv6 unique identifier DUID see RFC 3315 Each DHCPv6 client has as DUID DHCPv6 servers use DUIDs to identify clients for the association of IAs Identity Associations with DHCPv6 clients DHCPv6 clie...

Страница 2406: ...OMMANDS SHOW IPV6 DHCP BINDING Related Commands clear ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp pool starts at The date and time at which the valid lifetime expires expires at The date and time...

Страница 2407: ...interface Output Figure 49 7 Example output from the show ipv6 dhcp interface command Example 2 To display DHCPv6 information for interface vlan2 use the command awplus show ipv6 dhcp interface vlan2...

Страница 2408: ...escription interface is in server client Prefix Delegation mode Displays whether the specified interface is in server or client mode and whether prefix delegation is applied to an interface Address Di...

Страница 2409: ...show ipv6 dhcp pool Output Figure 49 9 Example output from the show ipv6 dhcp pool command Parameter Description DHCPv6 address pool name Name of a specific DHCPv6 address pool This displays the conf...

Страница 2410: ...ecated address or prefix should not be used as a source address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected An IPv6 address or prefix becomes invalid and...

Страница 2411: ...CPv6 Configuration Examples The following example adds an SNTP Server IPv6 address of 2001 0db8 32 to the DHCPv6 pool named P2 awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config d...

Страница 2412: ...erver For information on filtering and saving command output see the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Command List ntp authenticate on page 2413 ntp authen...

Страница 2413: ...authenticate the associations with other systems for security purposes The no variant of this command disables NTP authentication Syntax ntp authenticate no ntp authenticate Mode Global Configuration...

Страница 2414: ...MD5 authentication key number 134343 and a key value mystring use the commands awplus configure terminal awplus config ntp authentication key 134343 md5 mystring To disable the authentication key num...

Страница 2415: ...adcastdelay delay no ntp broadcastdelay Default 0 microsecond offset which can only be applied with the no variant of this command Mode Global Configuration Examples To set the estimated round trip de...

Страница 2416: ...92 168 1 0 16 subnet if they arrive more frequently than every 5 seconds and also send kiss of death messages use the commands awplus configure terminal awplus config ntp discard minimum 5 awplus conf...

Страница 2417: ...tance from the reference clock and exist to prevent cycles in the hierarchy Stratum 1 is used to indicate time servers which are more accurate than Stratum 2 servers For more information on the Networ...

Страница 2418: ...0 2 23 awplus configure terminal awplus config ntp peer 192 0 2 23 awplus config ntp peer 192 0 2 23 prefer awplus config ntp peer 192 0 2 23 prefer version 4 awplus config ntp peer 192 0 2 23 prefer...

Страница 2419: ...s config ntp peer 2001 0db8 010d 1 prefer awplus config ntp peer 2001 0db8 010d 1 prefer version 4 awplus config ntp peer 2001 0db8 010d 1 prefer version 4 key 1234 awplus config ntp peer 2001 0db8 01...

Страница 2420: ...dress Apply this restriction to the specified IPv4 or IPv6 host Enter an IPv4 address in the format A B C D Enter an IPv6 address in the format X X X X host subnet Apply this restriction to the specif...

Страница 2421: ...2 1 and the subnet 192 168 1 0 16 to authenticate NTP sessions with this device use the commands awplus configure terminal awplus config ntp restrict 192 0 2 1 notrust awplus config ntp restrict 192...

Страница 2422: ...config ntp server 192 0 1 23 awplus config ntp server 192 0 1 23 prefer awplus config ntp server 192 0 1 23 prefer version 4 awplus config ntp server 192 0 1 23 prefer version 4 key 1234 awplus config...

Страница 2423: ...wplus config ntp server 2001 0db8 010e 2 prefer awplus config ntp server 2001 0db8 010e 2 prefer version 4 awplus config ntp server 2001 0db8 010e 2 prefer version 4 key 1234 awplus config ntp server...

Страница 2424: ...sing this command is matched to the interface When selecting a source IP address to use for NTP messages to the peer if the configured NTP client source IP address is unavailable then default behavior...

Страница 2425: ...figure the NTP source interface with the IPv6 address 2001 0db8 010e 2 enter the commands awplus configure terminal awplus config ntp source 2001 0db8 010e 2 To remove a configured address for the NTP...

Страница 2426: ...are Plus Operating System Version 5 4 7 1 x NTP COMMANDS NTP TRUSTED KEY DEPRECATED ntp trusted key deprecated Overview This command has been deprecated in Software Version 5 4 6 1 1 Please use the tr...

Страница 2427: ...or AR2050V 2427 AlliedWare Plus Operating System Version 5 4 7 1 x NTP COMMANDS SHOW COUNTER NTP DEPRECATED show counter ntp deprecated Overview From version 5 4 6 1 x onwards this command has been re...

Страница 2428: ...256 377 27 144 0 775 0 193 system peer backup candidate outlier x false ticker Table 2 Parameters in the output from the show ntp associations command Parameter Description system peer The peer that N...

Страница 2429: ...hen When last polled seconds ago h hours ago or d days ago poll Time between NTP requests from the device to the server reach An indication of whether or not the NTP server is responding to requests 0...

Страница 2430: ...icted 0 rate limited 0 KoD responses 0 processed for time 306 Table 50 1 Parameters in the output from show ntp counters Parameter Description uptime How long NTP has been running since it was last re...

Страница 2431: ...h any restrict statements in the NTP restrictions NTP drops these packets See the command ntp restrict for more information rate limited The number of packets dropped because the packet rate exceeded...

Страница 2432: ...icate 0 bad header 0 kod received 0 Table 50 2 Parameters in the output from show ntp counters associations Parameter Description Peer An NTP peer or server that the device is associated with sent The...

Страница 2433: ...The number of packets where one or more header fields are invalid kod received The number of Kiss of Death packets received from the peer KoD packets indicate that this device is sending NTP packets m...

Страница 2434: ...w ntp status For information about the output displayed by this command see ntp org Figure 50 3 Example output from the show ntp status command awplus show ntp status associd 0 status 061b leap_none s...

Страница 2435: ...and output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug snmp on page 2437 show counter snmp server on page 2438 show debugging snmp on page...

Страница 2436: ...D local reset on page 2461 snmp server group on page 2462 snmp server host on page 2464 snmp server legacy ifadminstatus on page 2466 snmp server location on page 2467 snmp server source interface on...

Страница 2437: ...detail To start SNMP debugging showing all SNMP debugging information use the command awplus debug snmp all Related Commands show debugging snmp terminal monitor undebug snmp Parameter Description al...

Страница 2438: ...e output from the show counter snmp server command SNMP SERVER counters inPkts 11 inBadVersions 0 inBadCommunityNames 0 inBadCommunityUses 0 inASNParseErrs 0 inTooBigs 0 inNoSuchNames 0 inBadValues 0...

Страница 2439: ...SNMP Messages inTooBigs The number of SNMP PDUs received by the SNMP agent where the value of the error status field is tooBig This is sent by an SNMP manager to indicate that an exception occurred w...

Страница 2440: ...NMP agent has sent outTooBigs The number of SNMP PDUs that the SNMP agent has generated with the value tooBig in the error status field This is sent to the SNMP manager to indicate that an exception o...

Страница 2441: ...agent s window UnknownUserNames The number of received packets that the SNMP agent has dropped because they referenced an unknown user UnknownEngineIDs The number of received packets that the SNMP age...

Страница 2442: ...This command displays whether SNMP debugging is enabled or disabled Syntax show debugging snmp Mode User Exec and Privileged Exec Example To display the status of SNMP debugging use the command awplu...

Страница 2443: ...ed Exec Example To display the current configuration of SNMP on your device use the command awplus show running config snmp Output Figure 51 3 Example output from the show running config snmp command...

Страница 2444: ...how snmp server Mode Privileged Exec Example To display the status of the SNMP server use the command awplus show snmp server Output Figure 51 4 Example output from the show snmp server command Relate...

Страница 2445: ...configured on the device SNMP communities are specific to v1 and v2c Syntax show snmp server community Mode Privileged Exec Example To display the SNMP server communities use the command awplus show...

Страница 2446: ...how snmp server group Mode Privileged Exec Example To display the SNMP groups configured on the device use the command awplus show snmp server group Output Figure 51 6 Example output from the show snm...

Страница 2447: ...SNMP server users and is used with SNMP version 3 only Syntax show snmp server user Mode Privileged Exec Example To display the SNMP server users configured on the device use the command awplus show s...

Страница 2448: ...SNMP server views and is used with SNMP version 3 only Syntax show snmp server view Mode Privileged Exec Example To display the SNMP server views configured on the device use the command awplus show...

Страница 2449: ...interface types switch port e g port 1 0 1 VLAN e g vlan2 Ethernet e g eth1 static and dynamic link aggregation e g sa2 po2 To specify where notifications are sent use the snmp server host command To...

Страница 2450: ...SNMP TRAP LINK STATUS To disable the sending of link status notifications for port 1 0 2 use following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no snmp tr...

Страница 2451: ...started when the first link status notification of a particular type linkUp or linkDown is sent for an interface If the threshold number of notifications of this type is sent before the timerreachesth...

Страница 2452: ...x SNMP COMMANDS SNMP TRAP LINK STATUS SUPPRESS To disable the suppression link status notifications for port 1 0 2 use following commands awplus configure terminal awplus config interface port1 0 2 a...

Страница 2453: ...v6 no snmp server ip ipv6 Default By default the SNMP agent is enabled for both IPv4 and IPv6 If neither the ip parameter nor the ipv6 parameter is specified for this command then SNMP is enabled or d...

Страница 2454: ...rsion 5 4 7 1 x SNMP COMMANDS SNMP SERVER Related Commands show snmp server show snmp server community show snmp server user snmp server community snmp server contact snmp server enable trap snmp serv...

Страница 2455: ...view name ro rw no snmp server community community name view view name Mode Global Configuration Example The following command creates an SNMP community called public with read only access to all MIB...

Страница 2456: ...command removes the contact information from the system Syntax snmp server contact contact info no snmp server contact Mode Global Configuration Example To set the system contact information to suppo...

Страница 2457: ...e below Default By default no notifications are generated Mode Global Configuration Usage This command cannot be used to enable link status notifications globally To enable link status notifications f...

Страница 2458: ...configure terminal awplus config snmp server enable trap thrash limit To disable the device from sending MAC address Thrash Limiting traps use the following commands awplus configure terminal awplus...

Страница 2459: ...current engine ID is also system generated Syntax snmp server engineID local engine id default no snmp server engineID local Mode Global Configuration Usage All devices must have a unique engine ID w...

Страница 2460: ...ig snmp server engineid local asdgdfh231234d awplus config exit awplus show snmp server SNMP Server Enabled IP Protocol IPv4 SNMPv3 Engine ID configured name asdgdfh231234d SNMPv3 Engine ID actual 0x8...

Страница 2461: ...engine ID by resetting the SNMPv3 engine If the current engine ID is user defined usethe snmp server engineID local command to set SNMPv3 engineID to a system generated value Syntax snmp server engin...

Страница 2462: ...server group groupname auth noauth priv Mode Global Configuration Examples To add SNMP group for ordinary users user the following commands awplus configure terminal awplus config snmp server group us...

Страница 2463: ...Rev B Command Reference for AR2050V 2463 AlliedWare Plus Operating System Version 5 4 7 1 x SNMP COMMANDS SNMP SERVER GROUP Related Commands snmp server show snmp server show snmp server group show sn...

Страница 2464: ...P v2c or the authentication encryption parameters and user name SNMP v3 Syntax snmp server host ipv4 address ipv6 address traps version 1 community name snmp server host ipv4 address ipv6 address info...

Страница 2465: ...aps to the IPv6 host destination 2001 db8 8a2e 7334 with the SNMPv2c community name private use the following command awplus configure terminal awplus config snmp server host version 2c private2001 db...

Страница 2466: ...the administrative state of the interface Syntax snmp server legacy ifadminstatus no snmp server legacy ifadminstatus Default Legacy ifAdminStatus is turned off by default so by default the SNMP ifAd...

Страница 2467: ...ariant of this command removes the configured location from the system Syntax snmp server location location name no snmp server location Mode Global Configuration Example To set the location to server...

Страница 2468: ...f the traps and informs messages Mode Global Configuration Usage An SNMP trap or inform message that is sent from an SNMP server carries the notification IP address of its originating interface Use th...

Страница 2469: ...lay time no snmp server startup trap delay Default The SNMP server trap delay time is 30 seconds The no variant restores the default Mode Global Configuration Example To delay the device sending SNMP...

Страница 2470: ...ds must be the same for both entities Use the encrypted parameter when you want to enter already encrypted passwords in encrypted form as displayed in the running and startup configs stored on the dev...

Страница 2471: ...mmand To enter existing SNMP user authuser with existing passwords as a member of group newusergroup with authentication protocol md5 plus the encrypted authentication password 0x1c74b9c22118291b0ce0c...

Страница 2472: ...C613 50186 01 Rev B Command Reference for AR2050V 2472 AlliedWare Plus Operating System Version 5 4 7 1 x SNMP COMMANDS SNMP SERVER USER Related Commands show snmp server user snmp server view...

Страница 2473: ...moves the specified view on the device The view must already exist Syntax snmp server view view name mib name included excluded no snmp server view view name Mode Global Configuration Examples The fol...

Страница 2474: ...01 Rev B Command Reference for AR2050V 2474 AlliedWare Plus Operating System Version 5 4 7 1 x SNMP COMMANDS UNDEBUG SNMP undebug snmp Overview This command applies the functionality of the no debug s...

Страница 2475: ...s an alphabetical reference for commands used to configure SMTP For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration G...

Страница 2476: ...ng for sending emails The no variant of this command turns off debugging for sending emails Syntax debug mail no debug mail Mode Privileged Exec Examples To turn on debugging for sending emails use th...

Страница 2477: ...ec Examples To delete a unique mail item 20060912142356 1234 from the queue use the command awplus delete mail 20060912142356 1234 To delete all mail from the queue use the command awplus delete mail...

Страница 2478: ...ct subject file filename Mode Privileged Exec Example To send an email to rei nerv comwith the subject dummy plug configuration and with the message body inserted from the file plug conf use the comma...

Страница 2479: ...put from the show counter mail command Example To show the emails in the queue use the command awplus show counter mail Related Commands debug mail delete mail mail show mail Mail Client SMTP counters...

Страница 2480: ...System Version 5 4 7 1 x SMTP COMMANDS SHOW MAIL show mail Overview This command displays the emails in the queue Syntax show mail Mode Privileged Exec Example To display the emails in the queue use...

Страница 2481: ...01 Rev B Command Reference for AR2050V 2481 AlliedWare Plus Operating System Version 5 4 7 1 x SMTP COMMANDS UNDEBUG MAIL undebug mail Overview This command applies the functionality of the no debug m...

Страница 2482: ...stkey on page 2486 crypto key destroy userkey on page 2487 crypto key generate hostkey on page 2488 crypto key generate userkey on page 2490 crypto key pubkey chain knownhosts on page 2491 crypto key...

Страница 2483: ...ssh server deny users on page 2514 ssh on page 2515 ssh client on page 2517 ssh server on page 2519 ssh server allow users on page 2521 ssh server authentication on page 2523 ssh server deny users on...

Страница 2484: ...of your message to save the text and re enter the normal command line mode The banner message is preserved if the device restarts The no variant of this command deletes the login banner from the devic...

Страница 2485: ...delete an SSH session if you are a system manager or the user who initiated the session If all is specified then all active SSH sessions are deleted Syntax clear ssh 1 65535 all Mode Privileged Exec E...

Страница 2486: ...y generate hostkey command to generate that key before you enable the SSH server Syntax crypto key destroy hostkey dsa ecdsa rsa rsa1 Mode Global Configuration Example To destroy the RSA host key used...

Страница 2487: ...ser key for the SSH user remoteuser use the commands awplus configure terminal awplus config crypto key destroy userkey remoteuser rsa Related Commands crypto key generate hostkey show ssh show crypto...

Страница 2488: ...generate hostkey dsa 768 1024 crypto key generate hostkey rsa rsa1 768 32768 crypto key generate hostkey ecdsa 256 384 Default The default key length for RSA and DSA is 1024 bits The default key size...

Страница 2489: ...4 7 1 x SECURE SHELL SSH COMMANDS CRYPTO KEY GENERATE HOSTKEY To generate an ECDSA host key with an elliptic curve size of 384 bits use the commands awplus configure terminal awplus config crypto key...

Страница 2490: ...ns for the user bob use the commands awplus configure terminal awplus config crypto key generate userkey bob rsa 2048 To generate a DSA user key for the user lapo use the commands awplus configure ter...

Страница 2491: ...chain knownhosts ip ipv6 hostname rsa dsa rsa1 no crypto key pubkey chain knownhosts 1 65535 Syntax VRF lite crypto key pubkey chain knownhosts vrf vrf name ip ipv6 hostname rsa dsa rsa1 no crypto ke...

Страница 2492: ...t the public key of the server is altered or unknown Examples To add the RSA host key of the remote SSH host IPv4 address 192 0 2 11 to the known host database use the command awplus crypto key pubkey...

Страница 2493: ...text into the terminal To add a key as text into the terminal first enter the command crypto key pubkey chain userkey username and hit Enter Enter the key as text Note that the key you enter as text m...

Страница 2494: ...n userkey joeType CNTL D to finish AAAAB3NzaC1yc2EAAAABIwAAAIEAr1s7SokW5aW2fcOw1TStpb9J20b WluhnUC768EoWhyPW6FZ2t5360O5M29EpKBmGqlkQaz5V0mU9IQe66 5YyD4Ux OKSDtTI 7jtjDcoGWHb2u4sFwRpXwJZcgYrXW16 6NvNbk...

Страница 2495: ...he SSH client from generating diagnostic debugging message Syntax debug ssh client brief full no debug ssh client Default SSH client debugging is disabled by default Mode Privileged Exec and Global Co...

Страница 2496: ...bugging facility This stops the SSH server from generating diagnostic debugging messages Syntax debug ssh server brief full no debug ssh server Default SSH server debugging is disabled by default Mode...

Страница 2497: ...ions use the clear ssh command Syntax service ssh ip ipv6 no service ssh ip ipv6 Default The Secure Shell server is disabled by default Both IPv4 and IPv6 Secure Shell server are enabled when you issu...

Страница 2498: ...for AR2050V 2498 AlliedWare Plus Operating System Version 5 4 7 1 x SECURE SHELL SSH COMMANDS SERVICE SSH Related Commands crypto key generate hostkey show running config ssh show ssh server ssh serv...

Страница 2499: ...nd displays the banner message configured on the device The banner message is displayed to the remote user before user authentication starts Syntax show banner login Mode User Exec Privileged Exec Glo...

Страница 2500: ...hostkey dsa ecdsa rsa rsa1 Mode User Exec Privileged Exec and Global Configuration Examples To show the public keys generated on the device for SSH server use the command awplus show crypto key hostke...

Страница 2501: ...L SSH COMMANDS SHOW CRYPTO KEY HOSTKEY Related Commands crypto key destroy hostkey crypto key generate hostkey Table 1 Parameters in output of the show crypto key hostkey command Parameter Description...

Страница 2502: ...is specified this command displays the known host database from the global routing environment If neither vrf nor global is specified this command displays the known host database from the global rout...

Страница 2503: ...VRF lite support added No Hostname Type Fingerprint 1 172 16 23 1 rsa c8 33 b1 fe 6f d3 8c 81 4e f7 2a aa a5 be df 18 2 172 16 23 10 rsa c4 79 86 65 ee a0 1d a5 6a e8 fd 1d d3 4e 37 bd 3 5ffe 1053 ac...

Страница 2504: ...are registered with the SSH server use the command awplus show crypto key pubkey chain userkey manager Output Figure 53 3 Example output from the show crypto key public chain userkey command Related C...

Страница 2505: ...ub Output Figure 53 4 Example output from the show crypto key userkey command Related Commands crypto key generate userkey Parameter Description username User name of the local SSH user whose keys you...

Страница 2506: ...168 1 ssh server allow users john ssh server deny user john a company com ssh server Table 5 Parameters in the output of the show running config ssh command Parameter Description ssh server SSH serve...

Страница 2507: ...SHELL SSH COMMANDS SHOW RUNNING CONFIG SSH Related Commands service ssh show ssh server ssh server allow users Add the user and hostname to the allow list ssh server deny users Add the user and hostna...

Страница 2508: ...command Secure Shell Sessions ID Type Mode Peer Host Username State Filename 414 ssh server 172 16 23 1 root open 456 ssh client 172 16 23 10 manager user auth 459 scp client 172 16 23 12 root downloa...

Страница 2509: ...has accepted a new session host auth host to host authentication is in progress user auth User authentication is in progress authenticated User authentication is complete open The session is in progre...

Страница 2510: ...t Output Figure 53 7 Example output from the show ssh client command Related Commands show ssh server Secure Shell Client Configuration Port 22 Version 2 1 Connect Timeout 30 seconds Session Timeout 0...

Страница 2511: ...hell Server Configuration SSH Server Enabled Port 22 Version 2 Services scp sftp User Authentication publickey password Resolve Hosts Disabled Session Timeout 0 Off Login Timeout 60 seconds Maximum Au...

Страница 2512: ...onds that the SSH server will wait to receive data from the SSH client The server disconnects if this timer limit is reached If set at 0 the idle timer remains off Maximum Startups The maximum number...

Страница 2513: ...use the command awplus show ssh server allow users Output Figure 53 9 Example output from the show ssh server allow users command Related Commands ssh server allow users ssh server deny users Username...

Страница 2514: ...al Configuration Example To display the user entries in the deny list of the SSH server use the command awplus show ssh server deny users Output Figure 53 10 Example output from the show ssh server de...

Страница 2515: ...VRF lite ssh vrf vrf name ip ipv6 user username port 1 65535 version 1 2 hostname line Parameter Description vrf Apply the command to the specified VRF instance vrf name The name of the VRF instance i...

Страница 2516: ...the cmd command on the remote SSH server at 192 0 2 5 use the command awplus ssh ip 192 0 2 5 cmd Example VRF lite To login to the remote SSH server at 192 168 1 1 on VRF red use the command awplus ss...

Страница 2517: ...sion timeout 0 3600 connect timeout 1 600 no ssh client port version session timeout connect timeout Parameter Description port The default TCP port of the remote SSH server If an SSH client specifies...

Страница 2518: ...timeout 600 To configure the connect timeout of SSH client to 10 seconds use the command awplus ssh client connect timeout 10 To restore the connect timeout to its default use the command awplus no s...

Страница 2519: ...ts both SSHv2 and SSHv1client connections Default v1v2 v2only Supports SSHv2 client connections only 1 65535 The TCP port number that the server listens to for incoming SSH sessions Default 22 session...

Страница 2520: ...ions waiting authentication from SSH server to 3 use the commands awplus configure terminal awplus config ssh server max startups To set max startups parameters of SSH server to the default configurat...

Страница 2521: ...sting entry Syntax ssh server allow users username pattern hostname pattern no ssh server allow users username pattern hostname pattern Mode Global Configuration Examples To allow the user john to cre...

Страница 2522: ...SECURE SHELL SSH COMMANDS SSH SERVER ALLOW USERS To delete the existing user entry john 192 168 1 in the allow list use the commands awplus configure terminal awplus config no ssh server allow users...

Страница 2523: ...r authentication password publickey no ssh server authentication password publickey Default Both RSA public key authentication and password authentication are enabled by default Mode Global Configurat...

Страница 2524: ...hentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication password To disable publickey authentication for users connecting thr...

Страница 2525: ...r deny users username pattern hostname pattern Mode Global Configuration Examples To deny the user john to access SSH login from any host use the commands awplus configure terminal awplus config ssh s...

Страница 2526: ...x SECURE SHELL SSH COMMANDS SSH SERVER DENY USERS To delete the existing user entry john 192 168 2 in the deny list use the commands awplus configure terminal awplus config no ssh server deny users jo...

Страница 2527: ...ts default value of 6 Syntax ssh server max auth tries 1 32 no ssh server max auth tries Default 6 attempts Mode Global Configuration Usage By default users must wait one second after a failed login a...

Страница 2528: ...ntax ssh server resolve hosts no ssh server resolve hosts Default This feature is disabled by default Mode Global Configuration Usage Your device has a DNS Client that is enabled automatically when yo...

Страница 2529: ...evice accepts SCP connections The SCP service is enabled by default as soon as the SSH server is enabled The no variant of this command disables the SCP service on the SSH server Once disabled SCP req...

Страница 2530: ...The SFTP service is enabled by default as soon as the SSH server is enabled If the SSH server is disabled SFTP service is unavailable The no variant of this command disables SFTP service on the SSH se...

Страница 2531: ...d Reference for AR2050V 2531 AlliedWare Plus Operating System Version 5 4 7 1 x SECURE SHELL SSH COMMANDS UNDEBUG SSH CLIENT undebug ssh client Overview This command applies the functionality of the n...

Страница 2532: ...d Reference for AR2050V 2532 AlliedWare Plus Operating System Version 5 4 7 1 x SECURE SHELL SSH COMMANDS UNDEBUG SSH SERVER undebug ssh server Overview This command applies the functionality of the n...

Страница 2533: ...put see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active trigger on page 2535 day on page 2536 debug trigger on page 2538 description trigger on pa...

Страница 2534: ...for AR2050V 2534 AlliedWare Plus Operating System Version 5 4 7 1 x TRIGGER COMMANDS type periodic on page 2562 type ping poll on page 2563 type reboot on page 2564 type time on page 2565 type usb on...

Страница 2535: ...ctive Mode Trigger Configuration Usage Configure a trigger first before you use this command to activate it Forinformationaboutconfiguringatrigger seethe TriggersFeatureOverviewand Configuration Guide...

Страница 2536: ...rt LEDs in the Triggers Feature Overview and Configuration Guide Examples To permit trigger 55 to activate on the 1 October 2016 use the commands awplus configure terminal awplus config trigger 55 awp...

Страница 2537: ...ting System Version 5 4 7 1 x TRIGGER COMMANDS DAY To permit trigger 12 to activate on a Mondays Wednesdays and Fridays use the commands awplus configure terminal awplus config trigger 12 awplus confi...

Страница 2538: ...essages about how your device is processing the trigger commands and activating the triggers The no variant of this command disables trigger debugging Syntax debug trigger no debug trigger Mode Privil...

Страница 2539: ...this trigger Syntax description description no description Mode Trigger Configuration Examples To give trigger 240 the description daily status report use the commands awplus configure terminal awplus...

Страница 2540: ...ited number of times To reset a trigger to this default specify either yes or forever Syntax repeat forever no once yes 1 4294967294 Mode Trigger Configuration Examples To allow trigger 21 to activate...

Страница 2541: ...position in the script list The all parameter removes all scripts from the trigger Syntax script 1 5 filename no script 1 5 filename all Mode Trigger Configuration Examples To configure trigger 71 to...

Страница 2542: ...cpu_trig sh from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script flash cpu_trig sh To remove all the scripts from trigger 7...

Страница 2543: ...ff from the debug trigger command Syntax show debugging trigger Mode User Exec and Privileged Exec Example To display the current configuration of trigger debugging use the command awplus show debuggi...

Страница 2544: ...displays the current running configuration of the trigger utility Syntax show running config trigger Mode Privileged Exec Example To display the current configuration of the trigger utility use the co...

Страница 2545: ...about all triggers full Displays detailed information about all triggers Table 1 Example output from the show trigger command awplus show trigger TR Type Details Name Ac Te Tr Repeat Scr Days Date 00...

Страница 2546: ...umber of times a trigger has activated use the show trigger 1 250 command Scr Number of scripts associated with the trigger Days Date Days or date when the trigger may be activated For the days option...

Страница 2547: ...ion not activated Number of scripts 0 1 not configured 2 not configured 3 not configured 4 not configured 5 not configured Trigger 2 Description no description Type and details USB out Days smtwtfs Af...

Страница 2548: ...inuous or for a set number of times When the trigger can repeat only a set number of times then the number of times the trigger has been activated is displayed in brackets Modified The date and time o...

Страница 2549: ...as been activated Time triggers activated today Number of times a time trigger has been activated today Periodic triggers activated today Number of times a periodic trigger has been activated today In...

Страница 2550: ...tivates the scripts associated with the trigger will be run as normal Syntax test no test Mode Trigger Configuration Usage Configure a trigger first before you use this command to diagnose it For info...

Страница 2551: ...idnight during which the trigger may activate By default the value of this parameter is 23 59 59 that is the trigger may activate at any time If the value specified for before is later than the value...

Страница 2552: ...ger 63 to activate between midnight and 10 30am use the commands awplus configure terminal awplus config trigger 63 awplus config trigger time before 10 30 00 To allow trigger 64 to activate between 3...

Страница 2553: ...MIB objects are supported the SNMP Feature Overview and Configuration_Guide the SNMP Commands chapter Since SNMP traps are enabled by default for all defined triggers a common usage will be for the n...

Страница 2554: ...l parameters can be specified At a minimum the trigger type information must be specified before the trigger can become active The no variant of this command removes a specified trigger and all config...

Страница 2555: ...his command manually activates a trigger without the normal trigger conditions being met The trigger is activated even if it is configured as inactive The scripts associated with the trigger will be e...

Страница 2556: ...fig trigger 5 node1 config trigger type atmf node leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1...

Страница 2557: ...This command returns the following display Display the triggers configured on each of the nodes in the AMF Network AMF Net 3 show running config trigger This command returns the following display node...

Страница 2558: ...7 1 x TRIGGER COMMANDS TYPE ATMF NODE Related Commands show trigger Node1 trigger 1 type periodic 2 script 1 atmf scp trigger 5 type atmf node leave description E mail on ATMF Exit script 1 email_me s...

Страница 2559: ...ctivity in the Triggers Feature Overview and Configuration Guide Examples To configure trigger 28 to be a CPU trigger that activates when CPU usage exceeds 80 use the following commands awplus configu...

Страница 2560: ...of these events occurs by using the any option Syntax type interface interface up down any Mode Trigger Configuration Example To configure trigger 19 to be an interface trigger that activates when po...

Страница 2561: ...ory trigger that activates when memory usage exceeds 50 use the following commands awplus configure terminal awplus config trigger 12 awplus config trigger type memory 50 up To configure trigger 40 to...

Страница 2562: ...figured If you attempt to add more than 10 triggers the following error message is displayed For an example trigger configuration that uses the type periodic command see See Daily Statistics in the Tr...

Страница 2563: ...r unreachable Syntax type ping poll 1 100 up down Mode Trigger Configuration Example To configure trigger 106 to activate when ping poll 12 detects that its target device is now unreachable use the fo...

Страница 2564: ...erview This command configures a trigger that activates when your device is rebooted Syntax type reboot Mode Trigger Configuration Example To configure trigger 32 to activate when your device reboots...

Страница 2565: ...imit of 10 triggers of the type time and type periodic can be configured If you attempt to add more than 10 triggers the following error message is displayed Example To configure trigger 86 to activat...

Страница 2566: ...Mode Trigger Configuration Usage USB triggers cannot execute script files from a USB storage device Examples To configure trigger 1 to activate on the insertion of a USB storage device use the comman...

Страница 2567: ...B Command Reference for AR2050V 2567 AlliedWare Plus Operating System Version 5 4 7 1 x TRIGGER COMMANDS UNDEBUG TRIGGER undebug trigger Overview This command applies the functionality of the no debu...

Страница 2568: ...mand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active ping polling on page 2570 clear ping poll on page 2571 critical interval on page 2...

Страница 2569: ...on page 2574 fail count on page 2575 ip ping polling on page 2576 length ping poll data on page 2577 normal interval on page 2578 ping poll on page 2579 sample size on page 2580 show counter ping pol...

Страница 2570: ...ing is unreachable The no variant of this command disables a ping poll instance The polling instance no longer sends ICMP echo requests to the polled device This also resets all counters for this poll...

Страница 2571: ...nd The device status changes to reachable once the device responses have reached the up count Syntax clear ping poll 1 100 all Mode Privileged Exec Examples To reset the ping poll instance 12 use the...

Страница 2572: ...one second Syntax critical interval 1 65536 no critical interval Default The default is 1 second Mode Ping Polling Configuration Examples To set the critical interval to 2 seconds for the ping polling...

Страница 2573: ...the specified ping poll Syntax debug ping poll 1 100 no debug ping poll 1 100 all Mode Privileged Exec Examples To enable debugging for ping poll instance 88 use the command awplus debug ping poll 88...

Страница 2574: ...e the description set Syntax description description no description Mode Ping Polling Configuration Examples To add the text Primary Gateway to describe the ping poll instance 45 use the commands awpl...

Страница 2575: ...he no variant of this command resets the fail count to the default Syntax fail count 1 100 no fail count Default The default is 5 Mode Ping Polling Configuration Examples To specify the number of ping...

Страница 2576: ...to poll the device with the IP address 192 168 0 1 use the commands awplus configure terminal awplus config ping poll 5 awplus config ping poll ip 192 168 0 1 To set ping poll instance 10 to poll the...

Страница 2577: ...opping packets of the size you are interested in The no variant of this command resets the data bytes to the default of 32 bytes Syntax length 4 1500 no length Default The default is 32 Mode Ping Poll...

Страница 2578: ...Configuration Examples To specify a time period of 60 seconds between pings when the device is reachable for ping poll instance 45 use the commands awplus configure terminal awplus config ping poll 45...

Страница 2579: ...the polling instance to poll It is not necessary to specify any further commands unless you want to change a command s default The no variant of this command deletes the specified ping poll Syntax pin...

Страница 2580: ...does not always reply to pings may be declared unreachable You cannot set this command s value lower than the fail count value The polling instance uses the number of pings specified by the up count...

Страница 2581: ...Reference for AR2050V 2581 AlliedWare Plus Operating System Version 5 4 7 1 x PING POLLING COMMANDS SAMPLE SIZE Related Commands critical interval fail count normal interval ping poll show ping poll t...

Страница 2582: ...plays the counters for the specified ping poll only If you do not specify a ping poll then this command displays counters for all ping polls Ping polling counters Ping poll 1 PingsSent 15 PingsFailedU...

Страница 2583: ...e the target device is in the Up state This is a cumulative counter for multiple occurrences of the Up state PingsFailedDownState Number of unanswered pings while the target device is in the Down stat...

Страница 2584: ...Displays polling instances based on whether the device they are polling is currently reachable or unreachable up Displays polling instance where the device state is reachable down Displays polling ins...

Страница 2585: ...polled device may be going down Critical Down The device is unreachable but the polling instance received a reply to the last ping packet so the polled device may be coming back up Destinatio n The I...

Страница 2586: ...is reachable Down The device is unreachable Critic a l Up The device is reachable but recently the polling instance has not received some ping replies so the polled device may be going down Critic a l...

Страница 2587: ...pings that must be unanswered within the total number of pings specified by the sample size command for the polling instance to consider the device unreachable This is set using the fail count command...

Страница 2588: ...dress no source ip Mode Ping Polling Configuration Examples To configure the ping polling instance 43 to use the source IP address 192 168 0 1 in ping packets use the commands awplus configure termina...

Страница 2589: ...ommand Reference for AR2050V 2589 AlliedWare Plus Operating System Version 5 4 7 1 x PING POLLING COMMANDS SOURCE IP Related Commands description ping polling ip ping polling length ping poll data pin...

Страница 2590: ...eout 1 30 no timeout Default The default is 1 second Mode Ping Polling Configuration Examples To specify the timeout as 5 seconds for ping poll instance 43 use the commands awplus configure terminal a...

Страница 2591: ...ing Polling Configuration Examples To set the upcount to 5 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll...

Страница 2592: ...mand Reference for AR2050V 2592 AlliedWare Plus Operating System Version 5 4 7 1 x PING POLLING COMMANDS UNDEBUG PING POLL undebug ping poll Overview This command applies the functionality of the no d...

Страница 2593: ...C613 50186 01 Rev B Command Reference for AR2050V 2593 AlliedWare Plus Operating System Version 5 4 7 1 x Part 8 Firewall and Network Address Translation NAT...

Страница 2594: ...The table below lists the firewall commands and their applicable modes Figure 56 1 Firewall commands and applicable modes Command List clear firewall connections on page 2596 connection limit Firewall...

Страница 2595: ...page 2602 protect Firewall on page 2603 rule Firewall on page 2604 show connection log events on page 2606 show firewall on page 2607 show firewall connections on page 2608 show firewall connections...

Страница 2596: ...continued to be translated The continued translation after associated NAT rule is removed will only stop when You use the clear firewall connections command to manually stop translations immediately w...

Страница 2597: ...pplied to an entity with multiple addresses will apply the limit to individual hosts not the total connections for the entity The limit applies to both IPv4 and IPv6 If a connection limit rule is remo...

Страница 2598: ...two types of messages you can log new connections and connections that ended You can control the amount of messages you log by choosing to log either type of message or all of the message types Messa...

Страница 2599: ...on mode The command prompt for this mode is awplus config firewall In the Firewall Configuration mode you can Enable or disable firewall protection see the protect Firewall command Create move or dele...

Страница 2600: ...s Use the no variant of this command to disable firewall debugging and NAT debugging For more information about NAT see the Firewall_and Network Address Translation NAT Feature Overview and Configurat...

Страница 2601: ...tions it may be beneficial to time out unused established TCP sessions earlier For example in a busy environment where there is an excessive number of sessions being established the firewall connectio...

Страница 2602: ...note that a change to the rule order may change the rule results Syntax move rule 1 65535 to 1 65535 Mode Firewall Configuration Examples To change the rule ID from 20 to 10 use the commands awplus co...

Страница 2603: ...guration Usage Firewall protection is disabled by default and all traffic can pass through the firewall When the firewall is enabled and no rules are added all traffic will be blocked by default You c...

Страница 2604: ...h this command deny Drop connections that match the application source entity and destination entity specified with this command No error message is sent back to the source host reject Reject connecti...

Страница 2605: ...tween public and private use the command awplus config firewall rule 10 permit ping from public to private To create a rule for denying application http between public wan and private lan use the comm...

Страница 2606: ...wall as configured by the connection log events command Syntax show connection log events Mode User Exec Example To show the logging configuration state for the connections passing through the firewal...

Страница 2607: ...the number of active connections being handled by the firewall You can use the protect Firewall command to enable firewall protection Syntax show firewall Mode Privileged Exec Examples To show the sta...

Страница 2608: ...s clear firewall connections awplus show firewall connections tcp ESTABLISHED src 192 168 1 2 dst 172 16 1 2 sport 58616 dport 23 packets 16 bytes 867 src 172 16 1 2 dst 172 16 1 1 sport 23 dport 5861...

Страница 2609: ...nection limits for a given entity Syntax show firewall connections limits Mode Privileged Exec Examples To show the information about all the firewall connection limits use the command awplus show fir...

Страница 2610: ...it also checks if the entity zone has a valid subnet Examples To check configuration validity of connection limit rules use the command awplus show firewall connections limits config check Output Fig...

Страница 2611: ...t from the show firewall rule command To show information about a specific firewall rule use the command awplus show firewall rule 10 Output Figure 56 9 Example output from the show firewall rule comm...

Страница 2612: ...RULE Related commands rule Firewall Output Parameter Description Indicates the rule is not valid and cannot be hit see the show firewall rule config check command Action The rule action set by the ru...

Страница 2613: ...destination entity the rule applies to is not configured properly To configure applications and entities see Application and Entity Commands Examples To check configuration validity of firewall rules...

Страница 2614: ...ewall command to enable firewall and NAT debugging For more information about NAT see the Firewall_and Network Address Translation NAT Feature Overview and Configuration_Guide Syntax show debugging fi...

Страница 2615: ...n commands that have been used to configure the firewall Syntax show running config firewall Mode Privileged Exec Examples To show the configuration commands that have been used to configure the firew...

Страница 2616: ...NAT Feature Overview and Configuration_Guide The table below lists the application commands and their applicable modes Figure 57 1 Application commands and applicable modes The table below lists the...

Страница 2617: ...p code on page 2626 icmp type on page 2628 ip address Entity on page 2630 ip subnet on page 2632 ipv6 address Entity on page 2634 ipv6 subnet on page 2636 network Entity on page 2638 protocol on page...

Страница 2618: ...and ICMP type for the application Application is invalid if its protocol source or destination are not properly configured for example application has no protocol configured or source and destination...

Страница 2619: ...System Version 5 4 7 1 x APPLICATION AND ENTITY COMMANDS APPLICATION To delete custom application openVPN use the commands awplus configure terminal awplus config no application openVPN Validation com...

Страница 2620: ...t range Syntax dport destination port any start range to end range no dport destination port any start range to end range Mode Application Mode Usage You can create more than one destination port numb...

Страница 2621: ...l awplus config application openVPN awplus config application dport any To remove destination port 15 from application openVPN use the commands awplus configure terminal awplus config application open...

Страница 2622: ...ues in the range 0 63 Use spaces to separate values af11 be One or more DSCP values specified according to the Assured Forwarding group as defined in RFC 2597 and RFC 3260 See the table below for valu...

Страница 2623: ...nfig application voice awplus config application dscp ef To specify DSCPs of 12 and 13 for the application named test use the commands awplus configure terminal awplus config application test awplus c...

Страница 2624: ...workName HostName This commands allows you to enter the Host Mode with the prompt awplus config host The Host Mode enables you to configure IPv4 address and IPv6 address for the host For more informat...

Страница 2625: ...d Reference for AR2050V 2625 AlliedWare Plus Operating System Version 5 4 7 1 x APPLICATION AND ENTITY COMMANDS HOST ENTITY Validation commands show entity Related commands ip address Entity ipv6 addr...

Страница 2626: ...ICMP code only for applications that use protocol ICMP To configure the application protocol see the protocol command You can specify only one ICMP message code for an application The newly specified...

Страница 2627: ...C613 50186 01 Rev B Command Reference for AR2050V 2627 AlliedWare Plus Operating System Version 5 4 7 1 x APPLICATION AND ENTITY COMMANDS ICMP CODE Related commands application icmp type protocol...

Страница 2628: ...at use protocol ICMP To configure the application protocol see the protocol command You can specify only one ICMP message type for an application The newly specified type will replace the previous one...

Страница 2629: ...Command Reference for AR2050V 2629 AlliedWare Plus Operating System Version 5 4 7 1 x APPLICATION AND ENTITY COMMANDS ICMP TYPE Validation commands show application Related commands application icmp...

Страница 2630: ...that contains the host s IP address Firewall policy rules will not apply to an IP address that is not in at least one of the network s subnets Examples To add an IP address to host ftp use the comman...

Страница 2631: ...N AND ENTITY COMMANDS IP ADDRESS ENTITY To remove an IP address from host ftp use the commands awplus configure terminal awplus config zone dmz awplus config zone network servers awplus config network...

Страница 2632: ...onfig network ip subnet 192 168 2 0 24 To add a subnet and an interface to network servers use the commands awplus configure terminal awplus config zone dmz awplus config zone network servers awplus c...

Страница 2633: ...awplus config zone dmz awplus config zone network servers awplus config network ip subnet 192 168 2 0 24 interface eth1 awplus config network ip subnet 10 1 0 0 16 interface eth1 To remove a subnet fr...

Страница 2634: ...v6 address Firewall policy rules will not apply to an IPv6 address that is not in at least one of the network s subnets Examples To add an IPv6 address to host web server use the commands awplus confi...

Страница 2635: ...COMMANDS IPV6 ADDRESS ENTITY To remove an IPv6 address from host web server use the commands awplus configure terminal awplus config zone dmz awplus config zone network servers awplus config network h...

Страница 2636: ...vers awplus config network ipv6 subnet 2001 db8 32 To add a subnet and an interface to network servers use the commands awplus configure terminal awplus config zone dmz awplus config zone network serv...

Страница 2637: ...wplus config zone dmz awplus config zone network servers awplus config network ipv6 subnet 2001 db8 7 32 interface eth1 awplus config network ipv6 subnet 2001 db8 8 32 interface eth1 To remove a subne...

Страница 2638: ...dot notation for example ZoneName NetworkName This commands allows you to enter the Network Mode with the prompt awplus config network In the Network Mode you can Configure subnets and interfaces for...

Страница 2639: ...on 5 4 7 1 x APPLICATION AND ENTITY COMMANDS NETWORK ENTITY To destroy a network entity named servers use the commands awplus configure terminal awplus config zone dmz awplus config zone no network se...

Страница 2640: ...tion The newly specified protocol will replace the previous one Examples To specify protocol tcp for application openVPN use the commands awplus configure terminal awplus config application openVPN aw...

Страница 2641: ...IPv6 for application openVPN use the commands awplus configure terminal awplus config application openVPN awplus config application protocol 41 To unset the protocol in application openVPN use the com...

Страница 2642: ...mation of the applications Syntax show application Mode Privileged Exec Examples To show all applications currently configured use the command awplus show application Output Figure 57 3 Example output...

Страница 2643: ...about custom and predefined applications currently configured The protocol destination port source port ICMP code ICMP type DSCP and the name of the applications will be displayed Syntax show applicat...

Страница 2644: ...ldap TCP sport 1024 65535 dport 389 lisa TCP sport 1024 65535 dport 7741 msn TCP sport 1024 65535 dport 1863 mysql TCP sport 1024 65535 dport 3306 news TCP sport 1024 65535 dport 119 nfs tcp TCP sport...

Страница 2645: ...tem Version 5 4 7 1 x APPLICATION AND ENTITY COMMANDS SHOW APPLICATION DETAIL Output Figure 57 5 Example output from show application detail for a particular application Related Commands show applicat...

Страница 2646: ...ork host Syntax show entity entity Mode Privileged Exec Examples To show the information about all entities use the command awplus show entity Output Figure 57 6 Example output from the show entity co...

Страница 2647: ...ormation associated with the host entity zone1 network1 host1 use the command awplus show entity zone1 network1 host1 Output Figure 57 8 Example output from the show entity command awplus show entity...

Страница 2648: ...n existing port range Syntax sport source port any start range to end range no sport source port any start range to end range Mode Application Mode Usage You can create more than one source port numbe...

Страница 2649: ...l awplus config application openVPN awplus config application sport any To remove source port 15 from application openVPN use the commands awplus configure terminal awplus config application openVPN a...

Страница 2650: ...e the no variant of this command to destroy a zone entity Syntax zone zone name no zone zone name Mode Global Configuration Usage This command allows you to enter the Zone Mode with the prompt awplus...

Страница 2651: ...C613 50186 01 Rev B Command Reference for AR2050V 2651 AlliedWare Plus Operating System Version 5 4 7 1 x APPLICATION AND ENTITY COMMANDS ZONE Validation commands show entity...

Страница 2652: ...work Address Translation NAT Feature Overview and Configuration_Guide The following figure lists the NAT commands and their applicable modes Figure 58 1 NAT commands and applicable modes Command List...

Страница 2653: ...mmand Reference for AR2050V 2653 AlliedWare Plus Operating System Version 5 4 7 1 x NAT COMMANDS show nat on page 2664 show nat rule on page 2665 show nat rule config check on page 2667 show running c...

Страница 2654: ...mmand to disable NAT without losing existing NAT configuration Syntax enable no enable Default NAT is disabled by default Mode NAT Configuration Examples To enable NAT use the commands awplus configur...

Страница 2655: ...by default Mode Interface Configuration Usage Limited local proxy ARP supports Static NAT configurations in which the NAT configuration s public address is different to the ethernet interface s addres...

Страница 2656: ...rver with address 172 22 0 3 zone public network eth1 ip subnet 0 0 0 0 0 interface eth1 host http_server ip address 172 22 0 3 Create a NAT rule to map from the public to the private zone nat rule 10...

Страница 2657: ...ocal proxy arp ip add mask no local proxy arp ip add mask Default No subnets are specified for use with limited local proxy ARP Mode Global Configuration Example To specify limited local proxy ARP for...

Страница 2658: ...on Examples To change the ID of a rule from 10 to 30 use the commands awplus configure terminal awplus config nat awplus config nat move rule 10 to 30 Validation commands show nat rule show running co...

Страница 2659: ...you to enter the NAT Configuration mode The command prompt for this mode is awplus config nat In the NAT Configuration mode you can Enable NAT see the enable NAT command Create NAT rules or change th...

Страница 2660: ...u do not designate a rule ID a rule ID will be automatically generated and it will be greater than the current highest rule ID masq The type of NAT rule NAT with IP Masquerade is a case where all or a...

Страница 2661: ...e zone command network network Entity command or host host Entity command source host entity In a masq rule the specific source host address that the traffic will masquerade as The source host entity...

Страница 2662: ...interfaces Removing a NAT rule for an actively translated flow does not stop it translating immediately This means subsequent packets in the flow continue to be translated The continued translation a...

Страница 2663: ...ic use the commands awplus configure terminal awplus config nat awplus config nat rule 20 masq http from private to public To use subnet based NAT to translate the source address of all traffic from p...

Страница 2664: ...SHOW NAT show nat Overview Use this command to show the configuration state of NAT Syntax show nat Mode Privileged Exec Examples To show the configuration state of NAT use the commands awplus show nat...

Страница 2665: ...about a specific NAT rule use the command awplus show nat rule 10 Output Figure 58 4 Example output from the show nat rule command Parameter Description 1 65535 Rule ID awplus show nat rule Rule is no...

Страница 2666: ...lliedWare Plus Operating System Version 5 4 7 1 x NAT COMMANDS SHOW NAT RULE Related commands rule NAT show nat rule config check with Target entity name To Destination entity Hits The number of times...

Страница 2667: ...plication source entity or destination entity the rule applies to is not configured properly To configure applications and entities see Application and Entity Commands Examples To check configuration...

Страница 2668: ...at have been used to configure NAT Syntax show running config nat Mode Privileged Exec Examples To show the configuration commands that have been used to configure NAT use the commands awplus show run...

Страница 2669: ...C613 50186 01 Rev B Command Reference for AR2050V 2669 AlliedWare Plus Operating System Version 5 4 7 1 x Part 9 Advanced Network Protection...

Страница 2670: ...eature Overview and Configuration_Guide The table below lists the IPS commands and their applicable modes Figure 59 1 IPS Commands and Applicable Modes Command List category action IPS on page 2671 ip...

Страница 2671: ...deny To set the default action for category checksum use the commands awplus configure terminal awplus config ips awplus config ips no category checksum action Validation Commands show ips categories...

Страница 2672: ...ion Usage This command allows you to enter the IPS mode The command prompt for this mode is awplus config ips In the IPS mode you can Enable or disable IPS protection see the protect IPS command Confi...

Страница 2673: ...tion is enabled traffic will be categorized according to the available IPS categories See the show ips categories command for the list of available IPS categories Default IPS is disabled by default Mo...

Страница 2674: ...e IPS configuration state and event count for the Intrusion Prevention System IPS Syntax show ips Mode Privileged Exec Examples To display information about IPS use the command awplus show ips Output...

Страница 2675: ...events alert http events alert icmp decoder events alert ip decoder events alert ppp decoder events alert smtp events alert stream events alert udp decoder events alert Parameter Description checksum...

Страница 2676: ...o large IPv4 in IPv6 invalid protocol IPv6 in IPv6 packet too short ppp decoder events PPP anomalies e g PPP packet too small PPP IPv6 too small PPP wrong type PPPoE wrong code PPPoE malformed tags sm...

Страница 2677: ...w Use this command to show the configuration commands that have been used to configure IPS Syntax show running config dpi Mode Privileged Exec Examples To show the commands that have been used to conf...

Страница 2678: ...tom whitelists to allow access to URLs For more information see the URL Filtering Feature Overview_and Configuration Guide The following table lists the URL filtering commands and their applicable mod...

Страница 2679: ...01 Rev B Command Reference for AR2050V 2679 AlliedWare Plus Operating System Version 5 4 7 1 x URL FILTERING COMMANDS url filter reload custom lists on page 2685 url filter on page 2686 whitelist on...

Страница 2680: ...ide You can use the whitelist command to add a whitelist that will override any corresponding blacklist entries Examples To add a blacklist that uses a custom file that is stored on USB for example an...

Страница 2681: ...ogging of HTTP and HTTPS URL requests passing through the firewall Syntax log url requests no log url requests Default Disabled by default Mode URL Filter Configuration Usage When enabled additional l...

Страница 2682: ...ter configuration Syntax protect no protect Default URL filter protection is disabled by default and all HTTP and HTTPS traffic is allowed Mode URL Filter Configuration Examples To enable URL filter p...

Страница 2683: ...S SHOW RUNNING CONFIG URL FILTER show running config url filter Overview Use this command to show the running configuration information for URL filtering Syntax show running config url filter Mode Pri...

Страница 2684: ...ing Syntax show url filter Mode Privileged Exec Examples To show information about the configuration state of URL filtering use the command awplus show url filter Output Figure 60 2 Example output fro...

Страница 2685: ...TS url filter reload custom lists Overview Use this command to reload all custom blacklists and whitelists after editing one or more of them Syntax url filter reload custom lists Mode Privileged Exec...

Страница 2686: ...iguration mode and changes the command prompt to awplus config url filter The URL Filter Configuration mode enables you to Enable URL filtering protection see the protect URL filtering command Configu...

Страница 2687: ...tted For information about whitelist rule format see the URL Filtering Feature Overview and_Configuration Guide Examples To add a whitelist that uses a custom file that is stored on USB for example an...

Страница 2688: ...C613 50186 01 Rev B Command Reference for AR2050V 2688 AlliedWare Plus Operating System Version 5 4 7 1 x Part 10 Virtual Private Networks VPNs...

Страница 2689: ...Feature Overview and_Configuration Guide Command List clear isakmp sa on page 2691 crypto ipsec profile on page 2692 crypto isakmp key on page 2694 crypto isakmp peer on page 2696 crypto isakmp profi...

Страница 2690: ...ow isakmp profile on page 2721 show isakmp sa on page 2723 transform IPsec Profile on page 2724 transform ISAKMP Profile on page 2725 tunnel destination IPsec on page 2727 tunnel local name IPsec on p...

Страница 2691: ...ed Exec Examples To delete the ISAKMP security associations at the peer for an IPv6 address use the command awplus clear isakmp sa peer 2001 0db8 1 To delete the ISAKMP security associations at the pe...

Страница 2692: ...f 8 hours applies to the default IPsec profile Mode Global Configuration Examples To configure a custom IPsec profile for establishing IPSec SAs with a remote peer use the following commands awplus co...

Страница 2693: ...mmand Reference for AR2050V 2693 AlliedWare Plus Operating System Version 5 4 7 1 x IPSEC COMMANDS CRYPTO IPSEC PROFILE Related Commands lifetime IPsec Profile transform IPsec Profile Validation Comma...

Страница 2694: ...ess ipv4 addr ipv6 addr no crypto isakmp key 8 key hostname hostname address ipv4 addr ipv6 addr Default ISAKMP keys do not exist Mode Global Configuration Examples To configure a pre shared authentic...

Страница 2695: ...plus config crypto isakmp key friend address 192 168 1 1 To configure a pre shared encrypted authentication key at a peer with IPv4 address use the commands below awplus configure terminal awplus conf...

Страница 2696: ...es To configure a profile for a peer with a dynamic IP address use the following commands awplus configure terminal awplus config crypto isakmp peer dynamic profile peer_profile To configure a profile...

Страница 2697: ...e following commands awplus config crypto isakmp peer hostname user domain com profile peer_profile awplus configure terminal To set the profile for the peer back to the default use the following comm...

Страница 2698: ...u cannot delete or edit the default profile Expiry time of 24 hours applies to the default profile Mode Global Configuration Parameter Description profile_name Profile name Profile names are case inse...

Страница 2699: ...llowing commands awplus configure terminal awplus config crypto isakmp profile my_profile awplus config isakmp profile transform 2 integrity sha1 encryption 3des group 5 To delete a custom profile use...

Страница 2700: ...akmp or undebug isakmp Syntax debug crypto isakmp info trace all Mode Privileged Exec Parameter Description debug Debugging function crypto Security specific command isakmp Internet Security Associati...

Страница 2701: ...v2 c 758 ikev2_initiate creating new ike_sa 21 04 13 awplus iked DEBUG ike_sa c 431 ikev2_allocate_sa ikev2_create_sa nil 10 1 0 10 500 10 2 0 10 500 0x810b678 21 04 13 awplus iked DEBUG ike_sa c 434...

Страница 2702: ...D acknowledgment message Use the no variant to set the interval to its default 30 seconds Syntax dpd interval 10 86400 no dpd interval Default If you do not specify an interval the default interval of...

Страница 2703: ...smission timeout applies as every exchange is used to detect dead peers Use the no variant to set the timeout to its default 150 seconds Syntax dpd timeout 10 86400 no dpd timeout Default If you do no...

Страница 2704: ...unnel interface to configure in Global Configuration mode This command is also used to enter Interface Configuration mode for existing tunnel interfaces Usage Note that you need to designate a tunnel...

Страница 2705: ...800 seconds Syntax lifetime seconds 300 31449600 no lifetime seconds Default If you do not specify a lifetime the default lifetime of 28800 seconds 8 hours applies Mode IPsec Profile Configuration Exa...

Страница 2706: ...ant to set the lifetime to default 86400 seconds Syntax lifetime 600 31449600 no lifetime Default If you do not specify a lifetime the default lifetime of 86400 seconds 8 hours applies Mode ISAKMP Pro...

Страница 2707: ...ax no crypto isakmp info trace all Mode Privileged Exec Related Commands debug isakmp undebug isakmp Parameter Description no Disable debugging function crypto Security specific isakmp Internet Securi...

Страница 2708: ...IKEv2 is used for ISAKMP SA negotiation With IKEv2 if there is a PFS group mismatch an IPsec SA will be established and the tunnel will come up because PFS is not required for the initial child SA neg...

Страница 2709: ...C613 50186 01 Rev B Command Reference for AR2050V 2709 AlliedWare Plus Operating System Version 5 4 7 1 x IPSEC COMMANDS PFS Validation Commands show ipsec profile...

Страница 2710: ...ow if debugging ISAKMP is enabled enter the command below awplus show debugging isakmp Output Figure 61 2 Example output from the show debugging isakmp command Parameter Description debugging Debuggin...

Страница 2711: ...ven tunnel identified by the tunnel index parameter tunnel index Specify a tunnel index in the range from 0 through 255 awplus show interface tunnel1 Interface tunnel1 Link is UP administrative state...

Страница 2712: ...n crypto Security specific command ipsec Internet Protocol Security defines the protection of IP packets using encryption and authentication counters Show IPSec transformation statistic awplus show ip...

Страница 2713: ...d peer Remote endpoint hostname Destination hostname ipv4 addr Destination IPv4 address The IPv4 address uses the format A B C D ipv6 addr Destination IPv6 address The IPv6 address uses the format X X...

Страница 2714: ...xamples To show IPSec policies enter the command below awplus show ipsec policy Output Figure 61 6 Example output from the show ipsec policy command Parameter Description crypto Security specific comm...

Страница 2715: ...cluding the default profile use the following command awplus show ipsec profile Output Figure 61 7 Example output from the show ipsec profile command Parameter Description crypto Security specific ips...

Страница 2716: ...ow IPsec profile my_profile use the command awplus show ipsec profile my_profile Output Figure 61 8 Example output from the show ipsec profile command Related Commands crypto ipsec profile awplus show...

Страница 2717: ...on Guide Syntax show crypto ipsec sa Mode Privileged Exec Examples To view the settings used by current security associations enter the command below awplus show ipsec sa Output Figure 61 9 Example ou...

Страница 2718: ...mp counters command Parameter Description crypto Security specific command isakmp Internet Security Association Key Management Protocol provides a common framework for key management implementations c...

Страница 2719: ...ed keys are not viewable and stored encrypted in the running configuration Syntax show crypto isakmp key Mode Privileged Exec Examples To show ISAKMP pre shared key enter the command below awplus show...

Страница 2720: ...KMP peers use the following command awplus show isakmp peer Output Figure 61 12 Example output from the show isakmp peer command Related Commands crypto isakmp peer Command changes Version 5 4 7 0 1 P...

Страница 2721: ...e command Examples To show ISAKMP profile my_profile use the command awplus show isakmp profile my_profile Parameter Description profile_name Custom profile name awplus show isakmp profile ISAKMP Prof...

Страница 2722: ...ANDS SHOW ISAKMP PROFILE Output Figure 61 14 Example output from the show isakmp profile command Related Commands crypto isakmp profile awplus show isakmp profile my_profile ISAKMP Profile my_profile...

Страница 2723: ...ut from the show isakmp sa command Parameter Description crypto Security specific command isakmp Internet Security Association Key Management Protocol provides a common framework for key management im...

Страница 2724: ...ile my_profile awplus config ipsec profile transform 2 protocol esp integrity sha1 encryption 3des To delete a created transform use the following command awplus config ipsec profile no transform 2 Re...

Страница 2725: ...profile transform use the following commands awplus config crypto isakmp profile my_profile awplus config isakmp profile transform 2 integrity sha1 encryption 3des group 5 Parameter Description 1 255...

Страница 2726: ...AR2050V 2726 AlliedWare Plus Operating System Version 5 4 7 1 x IPSEC COMMANDS TRANSFORM ISAKMP PROFILE To delete a created transform use the following command awplus config isakmp profile no transfor...

Страница 2727: ...tunnel mode ipsec ipv4 awplus config if tunnel destination 192 0 3 1 To configure a destination IPv6 address for IPsec tunnel145 use the commands below awplus configure terminal awplus config interfac...

Страница 2728: ...tination use the commands below awplus configure terminal awplus config interface tunnel145 awplus config if tunnel mode ipsec ipv4 awplus config if tunnel destination dynamic To remove the destinatio...

Страница 2729: ...Sec tunnel hostname Syntax tunnel local name local name no tunnel local name Default The default tunnel local name is the IP address of tunnel source Mode Interface Configuration Examples To configure...

Страница 2730: ...rmit traffic through a tunnel if the traffic matches a specified pair of local and remote subnets When the local selector is specified but the remote selector is not the selector pair implicitly match...

Страница 2731: ...c ipv6 awplus config if tunnel local selector 2001 db8 1 64 awplus config if tunnel remote selector 2001 db8 2 64 To configure an additional source and destination traffic selector pair for the traffi...

Страница 2732: ...ec in IPv4 tunnel mode use the commands awplus configure terminal awplus config interface tunnel6 awplus config if tunnel mode ipsec ipv4 To remove configured IPSec tunnels for tunnel6 use the command...

Страница 2733: ...s command for them to work GRE IPv6 and L2TPv3 IPv6 tunnel have IPsec protection as an option Examples To enable IPsec protection by using default profile use the following commands awplus configure t...

Страница 2734: ...nel remote name Syntax tunnel remote name remote name no tunnel local name Default The default tunnel remote name is the IP address of tunnel destination Mode Interface Configuration Examples To confi...

Страница 2735: ...pair is an agreement between IKE peers to permit trafic through a tunnel if the traffic matches a specified pair of local and remote subnets When the remote selector is specified but the local select...

Страница 2736: ...us config if tunnel destination 2001 db8 10 1 awplus config if tunnel local name office awplus config if tunnel mode ipsec ipv6 awplus config if tunnel local selector 2001 db8 1 64 awplus config if tu...

Страница 2737: ...ource interface name ipv4 address ipv6 address no tunnel source interface name ipv4 address ipv6 address Mode Interface Configuration Examples To configure a source IPv4 address for IPsec tunnel145 us...

Страница 2738: ...System Version 5 4 7 1 x IPSEC COMMANDS TUNNEL SOURCE IPSEC To remove the source address of IPsec tunnel145 use the commands below awplus configure terminal awplus config interface tunnel145 awplus c...

Страница 2739: ...crypto isakmp info trace all Mode Privileged Exec Related Commands debug isakmp no debug isakmp Parameter Description undebug Disable debugging function crypto Security specific command isakmp Interne...

Страница 2740: ...re isakmp profile my_profile awplus config isakmp profile version 1 mode main To set the version to its default use the following command awplus no version Related Commands crypto isakmp profile Valid...

Страница 2741: ...Guide Command List crypto isakmp key on page 2742 interface tunnel on page 2744 ip address GRE on page 2745 ip tcp adjust mss on page 2747 ipv6 address GRE on page 2749 ipv6 tcp adjust mss on page 27...

Страница 2742: ...address ipv4 addr ipv6 addr no crypto isakmp key 8 key hostname host name address ipv4 addr ipv6 addr Default ISAKMP keys do not exist Mode Global Configuration Examples To configure a pre shared auth...

Страница 2743: ...us configure terminal awplus config crypto isakmp key friend address 192 168 1 1 To configure a pre shared encrypted authentication key at a peer with IPv4 address use the commands below awplus config...

Страница 2744: ...0 255 no interface tunnel tunnel index Default Tunnel interfaces do not exist Mode Global Configuration Usage This command creates a new tunnel interface to configure in Global Configuration mode This...

Страница 2745: ...dress from the tunnel interface You cannot remove the primary address when a secondary address is present Syntax ip address ip addr prefix length secondary label label no ip address ip addr prefix len...

Страница 2746: ...Rev B Command Reference for AR2050V 2746 AlliedWare Plus Operating System Version 5 4 7 1 x GRE TUNNELING COMMANDS IP ADDRESS GRE Related Commands interface tunnel show ip interface show running conf...

Страница 2747: ...When a host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Trans...

Страница 2748: ...x GRE TUNNELING COMMANDS IP TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no...

Страница 2749: ...ig for a detailed command description and examples to enable and disable SLAAC Note that link local addresses are retained in the system until they are negated by using the no variant of the command t...

Страница 2750: ...64 To assign the eui64 derived address in the prefix 2001 db8 48 to tunnel interface tunnel2 use the commands awplus configure terminal awplus config interface tunnel2 awplus config if ipv6 address 2...

Страница 2751: ...en a host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmi...

Страница 2752: ...GRE TUNNELING COMMANDS IPV6 TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if n...

Страница 2753: ...to display tunnel status information of a given tunnel identified by the 0 255 parameter 0 255 Specify a tunnel index in the range from 0 through 255 awplus show interface tunnel20 Interface tunnel20...

Страница 2754: ...ared keys are not viewable and stored encrypted in the running configuration Syntax show crypto isakmp key Mode Privileged Exec Examples To show ISAKMP pre shared key enter the command below awplus sh...

Страница 2755: ...o detect packet corruption Use the no variant of this command to disable checksum insertion and checking Syntax tunnel checksum no tunnel checksum Default Checksum insertion and checking is disabled M...

Страница 2756: ...SCP field value is inherited from the inner header to the outer header Mode Interface Configuration Examples To configure the DSCP value to 10 for tunnel2 use the commands awplus configure terminal aw...

Страница 2757: ...config if tunnel mode gre awplus config if tunnel destination 2 2 2 2 To configure a GRE tunnel destination by using a destination network name use the commands awplus configure terminal awplus confi...

Страница 2758: ...01 Rev B Command Reference for AR2050V 2758 AlliedWare Plus Operating System Version 5 4 7 1 x GRE TUNNELING COMMANDS TUNNEL DESTINATION GRE Related commands interface tunnel tunnel mode GRE tunnel s...

Страница 2759: ...IPSec tunnel hostname Syntax tunnel local name local name no tunnel local name Default The default tunnel local name is the IP address of tunnel source Mode Interface Configuration Examples To configu...

Страница 2760: ...GRE as the encapsulation mode use the commands awplus configure terminal awplus config interface tunnel2 awplus config if tunnel mode gre To remove a configured GRE tunnel for tunnel2 use the commands...

Страница 2761: ...ts encapsulated by tunnel is disabled Mode Interface Configuration Usage You also need to configure a pre shared key in conjunction with this command See the crypto isakmp key command for more informa...

Страница 2762: ...unnel remote name Syntax tunnel remote name remote name no tunnel local name Default The default tunnel remote name is the IP address of tunnel destination Mode Interface Configuration Examples To con...

Страница 2763: ...nfig if tunnel mode gre awplus config if tunnel source 1 1 1 1 To use an interface name as the tunnel source use the commands awplus configure terminal awplus config interface tunnel2 awplus config if...

Страница 2764: ...01 Rev B Command Reference for AR2050V 2764 AlliedWare Plus Operating System Version 5 4 7 1 x GRE TUNNELING COMMANDS TUNNEL SOURCE GRE Related commands interface tunnel tunnel destination GRE tunnel...

Страница 2765: ...ue to its default Syntax tunnel ttl 1 255 no tunnel ttl Default The default TTL value is inherited from the encapsulated packet Mode Interface Configuration Example To set the TTL value of the packet...

Страница 2766: ...e The table below lists the OpenVPN commands and their applicable modes Figure 63 1 OpenVPN commands and applicable modes Command List ip tcp adjust mss on page 2768 ipv6 tcp adjust mss on page 2770 s...

Страница 2767: ...ating System Version 5 4 7 1 x OPENVPN COMMANDS tunnel mode openvpn tap on page 2778 tunnel mode openvpn tun on page 2779 tunnel openvpn expiry bytes on page 2780 tunnel openvpn expiry seconds on page...

Страница 2768: ...n a host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmis...

Страница 2769: ...1 x OPENVPN COMMANDS IP TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no ip...

Страница 2770: ...a host initiates a TCP session with a server it negotiates the IP segment size by using the MSS option field in the TCP packet The value of the MSS option field is determined by the Maximum Transmissi...

Страница 2771: ...1 x OPENVPN COMMANDS IPV6 TCP ADJUST MSS To restore the MSS size to the default size on PPP interface ppp0 use the commands awplus configure terminal awplus config interface ppp0 awplus config if no i...

Страница 2772: ...mation of a given tunnel identified by the 0 255 parameter tunnel index Specify a tunnel index in the range from 0 through 255 awplus show interface tunnel0 Interface tunnel0 Link is UP administrative...

Страница 2773: ...openvpn connections Mode Privileged Exec Examples To show information about connected OpenVPN users use the command awplus show openvpn connections Output Figure 63 3 Example output from the show ope...

Страница 2774: ...r Syntax show openvpn connections detail Mode Privileged Exec Examples To show detailed information about connected OpenVPN users use the command awplus show openvpn connections detail Output Figure 6...

Страница 2775: ...ou need to configure the client to use the same setting as the server To do this include one of the following lines in your client s OpenVPN configuration ovpn file Example To configure tunnel 5 which...

Страница 2776: ...he same setting as the server To do this include one of the following lines in your client s OpenVPN configuration ovpn file For example consider a client file tun ovpn that has the following settings...

Страница 2777: ...L OPENVPN CIPHER Example To configure tunnel 5 which is an OpenVPN tunnel to use AES 256 data channel encryption use the commands awplus configure terminal awplus config interface tunnel5 awplus confi...

Страница 2778: ...ant to transport any network protocol such as IPv4 IPv6 IPX Note that TAP will cause broadcast overhead on the VPN tunnel and add the overhead of Ethernet headers on all packets transported over the V...

Страница 2779: ...You want to transport traffic that is destined for the VPN client You want to transport only layer 3 packets You want to support VPN on mobile devices Note that TUN cannot be used in bridges and broa...

Страница 2780: ...mode for a tunnel Example To configure tunnel2 to rekey after 1Gbyte of traffic use the following commands awplus configure terminal awplus config interface tunnel2 awplus config if tunnel openvpn exp...

Страница 2781: ...a tunnel Example To configure tunnel2 to rekey every 30 minutes use the following commands awplus configure terminal awplus config interface tunnel2 awplus config if tunnel openvpn expiry seconds 180...

Страница 2782: ...ination port number 1194 You can use the show application detail command to see the application details If you specify a UDP number that is different to the default port number you need to create an a...

Страница 2783: ...n is received from the RADIUS server the value specified in this command is used Use the no variant of this command to remove the VID over the tunnel Note that you can add an 802 1Q tag in the TAP mod...

Страница 2784: ...roductory information about tunneling of PPP over L2TPv2 in AlliedWare Plus including overview and configuration information see the L2TPv2 Feature Overview and Configuration Guide Command List crypto...

Страница 2785: ...ow isakmp key L2TPv3 on page 2808 show l2tp session on page 2809 show l2tp tunnel on page 2811 show l2tp tunnel config check on page 2815 show running config l2tp profile on page 2817 show running con...

Страница 2786: ...ipv4 address ipv6 address no crypto isakmp key 8 key hostname host name address ipv4 address ipv6 address Default ISAKMP keys do not exist Mode Global Configuration Examples To configure a pre shared...

Страница 2787: ...configure terminal awplus config crypto isakmp key friend address 192 168 1 1 To configure a pre shared encrypted authentication key at a peer with IPv4 address use the commands awplus configure term...

Страница 2788: ...ebugging of L2TPv2 tunnels Syntax debug l2tp no debug l2tp undebug l2tp Default Debugging of L2TPv2 tunnels is disabled by default Mode Privileged Exec Example To enable debugging for L2TPv2 tunnels u...

Страница 2789: ...tunnel1 to 10 1 1 1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2tp tunnel destination 10 1 1 1 To remove the destination IP address from tunnel1 use th...

Страница 2790: ...rface eth1 1 or a cellular interface e g interface cellular0 L2TP Tunnel Configuration mode for an L2TP tunnel e g l2tp tunnel tunnel0 Examples To configure a PPP interface with index 0 for Ethernet i...

Страница 2791: ...7 1 x L2TP COMMANDS ENCAPSULATION PPP To remove the PPP interface with index 1 from L2TP tunnel tunnel1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2tp...

Страница 2792: ...default Mode L2TP Tunnel Configuration Example To set the IP version for tunnel1 to IPv6 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2tp tunnel ip verso...

Страница 2793: ...default Mode Global Configuration Example To create and begin configuring a new L2TP tunnel named tunnel1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2...

Страница 2794: ...50186 01 Rev B Command Reference for AR2050V 2794 AlliedWare Plus Operating System Version 5 4 7 1 x L2TP COMMANDS L2TP TUNNEL show l2tp tunnel config check show running config l2tp tunnel source ver...

Страница 2795: ...Configuration Usage The default UDP port for both unmanaged and managed L2TP tunnels is 1701 If both kinds of tunnel will be configured the UDP port for the unmanaged tunnel must be changed to a diffe...

Страница 2796: ...ame Default No L2TP profile is configured by default This command is not configured by default Mode Global Configuration Example To create a L2TP profile named public use the commands awplus configure...

Страница 2797: ...age If a local sub address is set this is checked against incoming the sub address AVP as a requirement for tunnel establishment The received sub address AVP content must match the configured local su...

Страница 2798: ...ection is disabled by default Mode L2TP Tunnel Configuration Example To protect tunnel1 with IPsec use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2tp tunne...

Страница 2799: ...used If a local name is configured with this command the crypto isakmp key command is required to configure a preshared authentication key using this local name as the hostname Example To set the IPs...

Страница 2800: ...C613 50186 01 Rev B Command Reference for AR2050V 2800 AlliedWare Plus Operating System Version 5 4 7 1 x L2TP COMMANDS PROTECTION LOCAL NAME show running config l2tp tunnel...

Страница 2801: ...et up tunnel1 with IPsec protection using IPsec profile profile1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l2tp tunnel protection ipsec awplus config l...

Страница 2802: ...remote name with this command protection remote name and set the key for this by using the crypto isakmp key command with this remote name as the hostname Example To set the IPsec remote name for tun...

Страница 2803: ...C613 50186 01 Rev B Command Reference for AR2050V 2803 AlliedWare Plus Operating System Version 5 4 7 1 x L2TP COMMANDS PROTECTION REMOTE NAME show running config l2tp tunnel...

Страница 2804: ...ub address configured at the other end of the tunnel If a remote sub address is configured for the tunnel this value is placed in the outgoing sub address AVP The other tunnel end point can check this...

Страница 2805: ...wplus config l2tp profile public awplus config l2tp profile shared secret my_password To set tunnel secret to my_password for tunnel tunnelone use the commands awplus configure terminal awplus config...

Страница 2806: ...e this command to display whether debugging of L2TP tunnels is on or off Syntax show debugging l2tp Mode Privileged Exec Example To display whether debugging of L2TP tunnels is on or off use the comma...

Страница 2807: ...ble 64 1 awplus show interface tunnel20 Interface tunnel20 Link is UP administrative state is UP Hardware is Tunnel IPv4 address 192 168 10 1 24 broadcast 192 168 10 255 IPv6 address 2001 db8 10 1 64...

Страница 2808: ...are not viewable and stored encrypted in the running configuration Syntax show crypto isakmp key Mode Privileged Exec Examples To show ISAKMP pre share key use the command awplus show isakmp key Outp...

Страница 2809: ...TPv2 sessions use the command awplus show l2tp session Output Figure 64 4 Example output from show l2tp session Parameter Description detail Displays more detailed information about L2TP sessions awpl...

Страница 2810: ...ssful connection retry Retrying connection Type The type of the L2TP session LAIC LAC incoming call LAOC LAC outgoing call LNIC LNS incoming call LNOC LNS outgoing call UNSPEC unspecified call type Cr...

Страница 2811: ...g idle LAC tunnel is also displayed Example To display information about all L2TPv2 tunnels use the command awplus show l2tp tunnel Output Figure 64 5 Example output from show l2tp tunnel Parameter De...

Страница 2812: ...ndow size 10 max retries 5 use udp checksums ON do pmtu discovery OFF mtu 1460 tos inherit framing capability SYNC ASYNC bearer capability DIGITAL ANALOG use tiebreaker ON tiebreaker f6 5e 50 9c 02 99...

Страница 2813: ...rived from a domain name set by that command State The current state of the tunnel idle Idle wait ctl reply Await control reply wait ctl conn Await connect reply established Successful connection clos...

Страница 2814: ...sages in seconds Retry Timeout The delay in seconds before sending the first retry of unacknowledged control frames Idle Timeout The time in seconds that a tunnel will remain after its last session ha...

Страница 2815: ...el commands For details of the configuration in the system use the show running config l2tp tunnel command Example To check for missing L2TP tunnel configuration for the tunnel tunnel1 use the command...

Страница 2816: ...he tunnel has a complete and valid configuration Incomplete configuration There is configuration still required or invalid for this tunnel as specified Examples of possible messages indicating missing...

Страница 2817: ...nning configuration for L2Tp profiles Syntax show running config l2tp profile Mode Privileged Exec Example To display the running configuration of L2TP profiles use the command awplus show running con...

Страница 2818: ...configuration use the command awplus show running config l2tp tunnel Output Figure 64 9 Example output from show running config l2tp tunnel Related Commands destination encapsulation ppp ip version l...

Страница 2819: ...l Configuration Example To configure IP address 10 1 1 2 as the source address for the tunnel named tunnel1 use the commands awplus configure terminal awplus config l2tp tunnel tunnel1 awplus config l...

Страница 2820: ...t must be specified as the tunnel remote ID on the other endpoint The local session ID defaults to the tunnel local ID and the local session ID is not configurable A session provides the data channel...

Страница 2821: ...mode use the commands awplus configure terminal awplus config interface tunnel20 awplus config if tunnel mode l2tp v3 To remove the established tunnel use the commands awplus configure terminal awplus...

Страница 2822: ...ackets encapsulated by tunnel is disabled Mode Interface Configuration Usage You also need to configure a pre shared key in conjunction with this command See the crypto isakmpkey command for more info...

Страница 2823: ...int must be specified as the tunnel local ID on the other endpoint The remote session ID defaults to the tunnel remote ID and the remote session ID is not configurable A session provides the data chan...

Страница 2824: ...el Configuration Example To use L2TPv2 for L2TP tunnel profile public use the commands awplus configure terminal awplus config l2tp profile public awplus config l2tp profile version 2 To use L2TPv2 fo...

Отзывы:

Нет отзывов