background image

Efficient Networks

® 

Router family

Command Line Interface Guide

Chapter 19: SSH Commands

Efficient Networks

®

Page 19-1

CHAPTER 19

CHAPTER 19    

SSH COMMANDS

The commands in this section are used to Secure Shell (SSH) connections. For 
additional information Secure Shell, see 

SSH

 in 

Chapter 5, System Security

The commands found in this section include:

Table 19-1: SSH Command Listing

Command

Function

ssh ?

List the supported SSH sub-commands.

ssh keygen

Generates the Private-Public key-pair for the local 

server.

ssh list

Displays the current SSH configuration with the ex-

ception of the list of public-private key pairs and the 

configured SSH port.

ssh load privatekey

Loads a precomputed private-key, from the speci-

fied TFTP server.

ssh load publickey

Loads a precomputed public-key, from the speci-

fied TFTP server.

ssh set encryption

Sets the type of encryption the SSH connections 

will use.

ssh set idletimeout

Sets the idle timeout period for SSH connections.

ssh set keepalive

Enables and disables keepalive messages trans-

mission. 

ssh set mac

Sets the type of message authentication code use 

for SSH connections.

ssh set rekey

Sets the interval between key re-exchange.

ssh set status

Enables and disables SSH connections.

system sshport

Manages system SSH port access. 

Содержание   Router family Command line interface

Страница 1: ...Part No 107 0001 000 IILFLHQW 1HWZRUNV 5RXWHU DPLO RPPDQG LQH QWHUIDFH XLGH...

Страница 2: ...Efficient Networks...

Страница 3: ...eement and Limited Warranty 4 Upgrades Covered This License covers the Software originally provided to you with the Hardware and any additional software that you may receive from EFFICIENT whether del...

Страница 4: ...lease contact EFFICIENT at the numbers provided above to determine out of warranty repair rate End users seeking out of warranty repair should contact EFFICIENT as described above to obtain an RMA and...

Страница 5: ...Efficient Networks Router family Command Line Interface Guide Revision History Revision Effective Date Description Of Change 001 12 Feb 2002 Initial Release Information provided to support software ke...

Страница 6: ...Sessions 1 3 Terminal Session under Windows HyperTerminal 1 4 Terminal Session for Macintosh or UNIX 1 6 Telnet Session for Remote Access 1 7 Command Line via the Web Management Interface 1 8 Status...

Страница 7: ...erver 2 25 sntp request 2 26 sntp server 2 27 tcp stats 2 28 time 2 29 traceroute 2 30 vers 2 32 File System Commands 3 1 copy 3 2 delete 3 3 dir 3 4 execute 3 5 format disk 3 6 msfs 3 7 rename 3 8 sy...

Страница 8: ...3 system backup retry 4 24 system backup stability 4 25 system backup successrate 4 25 system blocknetbiosdefault 4 26 system community 4 27 system default modem 4 28 system delbootpserver 4 28 system...

Страница 9: ...system securitytimer 4 50 system selnat addpolicy 4 51 system selnat delpolicy 4 52 system selnat list 4 52 system snmpport 4 53 system sshport 4 55 system supporttrace 4 55 system syslogport 4 65 sys...

Страница 10: ...ndroute 5 31 eth ip vrid 5 32 eth ipx addr 5 33 eth ipx disable 5 33 eth ipx enable 5 34 eth ipx frame 5 35 eth list 5 35 eth mtu 5 37 eth start 5 38 eth stop 5 39 eth vrrp add 5 40 eth vrrp clear pas...

Страница 11: ...ryption 6 18 remote delhostmapping 6 19 remote deliproute 6 19 remote delipxroute 6 20 remote delipxsap 6 21 remote delourpasswd 6 22 remote deloursysname 6 22 remote delphone 6 23 remote delserver 6...

Страница 12: ...anslate 6 49 remote setipxaddr 6 49 remote setipxoptions 6 50 remote setmaxline 6 51 remote setmgmtipaddr 6 51 remote setminline 6 53 remote setmtu 6 54 remote setourpasswd 6 55 remote setoursysname 6...

Страница 13: ...d 7 7 remote setatmtraffic 7 8 DMT Commands 7 10 dmt 7 10 dmt link 7 11 dmt mode 7 12 Dual Ethernet Router ETH Commands 7 13 eth br enable 7 14 eth br disable 7 14 eth br options 7 15 Frame Commands 7...

Страница 14: ...dsl terminal 7 35 SHDSL Commands 7 36 shdsl 7 37 shdsl annex 7 37 shdsl list 7 38 shdsl margin 7 39 shdsl ratemode 7 39 shdsl restart 7 40 shdsl save 7 41 shdsl speed 7 41 shdsl stats 7 43 shdsl termi...

Страница 15: ...p set lease 8 20 dhcp set mask 8 21 dhcp set otherserver 8 22 dhcp set valueoption 8 23 L2TP Commands 9 1 l2tp 9 3 l2tp add 9 3 l2tp call 9 4 l2tp close 9 4 l2tp del 9 5 l2tp forward 9 6 l2tp list 9 7...

Страница 16: ...E IPsec Commands 12 1 ike ipsec 12 5 ike commit 12 6 ike flush 12 6 ike ipsec policies add 12 7 ike ipsec policies delete 12 7 ike ipsec policies disable 12 8 ike ipsec policies enable 12 9 ike ipsec...

Страница 17: ...sec proposals set lifetime 12 29 ike peers add 12 30 ike peers delete 12 31 ike peers list 12 31 ike peers set address 12 32 ike peers set localid 12 33 ike peers set localidtype 12 34 ike peers set m...

Страница 18: ...tion 12 53 ipsec set gateway 12 54 ipsec set ident 12 54 ipsec set mode 12 55 ipsec set service 12 56 Voice Commands 13 1 dsp voice 13 2 dsp ecode 13 3 dsp jitter 13 4 dsp provision 13 5 dsp save 13 6...

Страница 19: ...ete user 15 8 user disable 15 9 user enable 15 10 user list1 15 10 user list lookup 15 12 user list template 15 12 user set lookup 15 14 user set password 15 15 Key Commands 16 1 key 16 2 key add 16 3...

Страница 20: ...er all 18 7 firewall delete 18 7 firewall delete all 18 8 firewall deny 18 9 firewall list 18 11 firewall modify 18 12 firewall set 18 14 firewall setdroppktthreshold 18 14 firewall seticmpfloodthresh...

Страница 21: ...S Commands 20 1 qos 20 2 qos append 20 2 qos del 20 3 qos diffserv 20 4 qos disable 20 4 qos enable 20 5 qos insert 20 6 qos list 20 6 qos move 20 8 qos movetoend 20 8 qos off 20 9 qos on 20 10 qos sa...

Страница 22: ...Efficient Networks Router family Command Line Interface Guide Efficient Networks This page intentionally left blank...

Страница 23: ...al Reference Guide has also been supplied that provides essential information on the application configuration and management of these features Configuration of network connections bridging routing an...

Страница 24: ...ameters that allow Parameters enclosed in and are placeholders representing specific information that you supply or a list of defined parameters of which one must be entered Parameters may include mor...

Страница 25: ...st change your password from the default value Step 8 Enter a new password at the prompt Enter New Password Step 9 Re enter the new password at the prompt Enter New Password Again The password change...

Страница 26: ...indows operating system Step 1 Click Start on the Windows taskbar then select The HyperTerminal window will appear in the background and you will be prompted for configuration information Step 2 In th...

Страница 27: ...age 1 5 Step 4 In the Com 1 or 2 Properties page enter the following port settings and select OK Task Complete Bits per second Data bits Parity Stop bits Flow control 9600a 8 None 1 Hardware a To use...

Страница 28: ...n a Macintosh or UNIX environment a VT100 terminal emulation program is required Step 1 Start your VT100 terminal emulator Step 2 Configure the emulator with the following settings Task Complete Bits...

Страница 29: ...5 15 Step 1 Make sure that your PC and router addresses are in the same subnetwork For example the router address could be 192 168 254 254 and the PC address could be 192 168 254 253 Step 2 Start a T...

Страница 30: ...nd Line via the Web Management Interface The Web Management interface provides a web gateway to the command line interface allowing command line syntax the be entered through a browser based connectio...

Страница 31: ...a remote router to test the line list IP routes IPX routes and SAPs and root bridge save the new configuration image reboot the system The status commands found in this section include Table 2 1 Statu...

Страница 32: ...istrative security mem Reports the amount of RAM memory installed in the router and its current allocation mlp summary Lists the status of the protocols negotiated for an active remote connection pass...

Страница 33: ...a description of their function sntp server Displays or changes the SNTP server list tcp stats Displays the TCP statistics and open connections time Displays or changes the current time on the rout e...

Страница 34: ...ample arp delete 128 1 2 0 Response Command prompt arp list Lists Address Resolution Protocol ARP table entries in an IP routing environment ARP is a tool used to find the appropriate MAC addresses of...

Страница 35: ...e R Input Format bi Parameters None Response ipaddr a a Dotted decimal notation IP address associated with a MAC address for a device on the local interface interfacename b b HEX notation MAC address...

Страница 36: ...onds elapsed since the last packet was received by the MAC address followed by flags Possible flags include Mgmt Class Voice R Input Format bi list Parameters None Response P Permanent This entry is n...

Страница 37: ...d can be used to test the ISDN link or L2TP secession and the configuration settings for the remote router Mgmt Class Voice R W Input Format call remotename Parameters Response Normal response If an u...

Страница 38: ...o see the current date and time on the router clock enter date with no parameters Mgmt Class All R W Input Format date mm dd yy Parameters Response Display when date is entered with no parameters Disp...

Страница 39: ...l all Erases the entire router configuration from FLASH memory includ ing settings for the system Ethernet LAN DSL line DHCP and re mote router database atom Erases the ATM configuration settings dhcp...

Страница 40: ...deleted from FLASH memory To commit the changes to FLASH memory issue a sync command after an erase command before powering off the router exit Has the same function as logout but will disconnect an a...

Страница 41: ...nection ETHERNET 0 10 0mb 0 0 0 0 Ethernet OPENED SHDSL 0 384kb 50 50 50 50 ATM OFF ATM VOICE 1 384kb 45 45 0 0 ATM OFF BACKUP 0 57kb 0 0 0 0 AHDLC PPP OPENED to backup CONSOLE 0 9600 b 0 0 0 0 ATM OF...

Страница 42: ...routing table Mgmt Class Network R Input Format ipxroutes Parameters None iproutes IP route Mask Gateway Interface Hops Flags 0 0 0 0 ffffffff 0 0 0 0 none 0 NW PRIV 192 84 210 0 ffffff00 0 0 0 0 ETHE...

Страница 43: ...the current services in the IPX SAPs table Mgmt Class Network R Input Format ipxsaps Parameters None Response ipxroutes Network Gateway Interface Hops Ticks Flags 00001001 HQ down 1 4 STATIC FORWARD...

Страница 44: ...t Networks Router family Command Line Interface Guide Page 2 14 Efficient Networks logout Logs user out to login prompt to reinstate administrative security Mgmt Class All R Input Format logout Parame...

Страница 45: ...current allocation Mgmt Class System R Debug R Input Format mem Parameters None Response mem Small buffers used 18 7 of 256 used Large buffers used 41 16 of 256 used Buffer descriptors used 59 7 of 7...

Страница 46: ...rotocols MLP Multilink Procedure IPNCP IP routing Network Protocol CCP Compression Control Protocol BNCP Bridging Network Protocol IPXCP IPX Network Protocol Mgmt Class Network R Input Format mlp summ...

Страница 47: ...password Mgmt Class All R W Input Format password old password new password Parameters Response The follwoing example would change the password for user admin101 from 1675309 to lobster old password a...

Страница 48: ...can ping your own WAN address To fit the echo message into one ATM cell in routing mode set the length of user data down to 0 bytes s 0 or l 0 NOTE To terminate the ping before it ends press control...

Страница 49: ...address 192 168 254 2 Example The following command sends packets with the source IP address 192 168 254 254 to the IP address 192 4 210 122 Default values are used for the other options Example The...

Страница 50: ...TTOM CURRENT SIZE 1 IDLE 02 7 1208f0 121008 2032 3 MSFS_SYNC 03 6 1224a0 122ba8 2032 4 SYSTEM LOGGER 03 5 122cd0 1233d8 2032 5 LL_PPP 03 5 126750 126e58 2032 6 NL_IP 03 5 126fe0 1272e0 1000 7 TL_IP_UD...

Страница 51: ...ules Other configuration changes become effective following either a reboot or a restart of the Ethernet or remote interface These changes include System settings Ethernet IP address TCP IP routing Re...

Страница 52: ...save command before powering off the router This commits the changes to FLASH memory Mgmt Class All R W Input Format save Parameters None Response Command prompt If no option is specified the router...

Страница 53: ...the server that last responded to an SNTP request Mgmt Class Admin R W Input Format sntp active Parameters None Response sntp disable Disables SNTP requests Mgmt Class Admin R W Input Format sntp dis...

Страница 54: ...ffset is specified in minutes A positive offset is an offset to the east of the Greenwich meridian a negative offset is to the west of the Greenwich meridian Mgmt Class Admin R W Input Format sntp off...

Страница 55: ...e server that last responded to an SNTP request use the command sntp active NOTE To make this change permanent a save must be performed before a reboot Mgmt Class Admin R W Input Format sntp prefserve...

Страница 56: ...nable Mgmt Class Admin R W Input Format sntp request Parameters None Response When entered while sntp function is currently disabled When entered and no sntp preferred server is defined When entered a...

Страница 57: ...removed NOTE To make a change permanent you must save the change before you reboot Mgmt Class Admin R W Input Format sntp server ipaddress default number Parameters Response When entered with the def...

Страница 58: ...Network R Input Format tcp stats Parameters None Response Typical response tcp stats TCP Statistics Active Opens 0 Passive Opens 0 Failed Connect Attempts 0 Connections Reset 0 Current Connections 0 S...

Страница 59: ...he command sntp server and a UTC offset with the command sntp offset Mgmt Class All R W Input Format time hh mm ss Parameters Response When entered with no parameters When entered with parameters When...

Страница 60: ...ng c count i wait s l size I srceaddr n ipaddr domainname Parameters Response The following are application examples of the traceroute command and their responses c count a a Integer 1 2000000000 5 Nu...

Страница 61: ...t com 2 172 17 20 1 checkpoint flowpoint com 3 12 39 98 136 csco2 efficient com 4 12 124 40 65 5 12 123 13 166 gbr5 p56 sffca ip att net 6 12 122 5 142 gbr3 p100 sffca ip att net 7 12 122 5 253 gbr2 p...

Страница 62: ...ption has a prefix the option is disabled in this router For more information refer to the Technical Reference Guide and see Key Enabled Features on page 4 29 Mgmt Class All R Input Format vers Parame...

Страница 63: ...o the DOS commands of the same name The file system commands found in this section include Table 3 1 File System Command Listing Command Function copy Copies a file from the source to the destination...

Страница 64: ...er address is not specified the address used is either the one from which the router booted or the one permanently configured in the boot system To force use of a specific source address when copying...

Страница 65: ...3 Response Refer to examples for typical responses delete Deletes the specified file from the flash filesystem Mgmt Class Admin R W System R W Input Format delete filename Parameters Response A typica...

Страница 66: ...Displays the directory of the file system The size of each file is listed in bytes Mgmt Class Admin R W System R W Input Format dir Parameters None Response A typical response is shown below dir KEYFI...

Страница 67: ...lines introduced by the or characters and blank lines There are two kinds of script files A one time script that is executed on startup only once A group of commands that can be executed at any time f...

Страница 68: ...f the dir command indicates the file system is corrupted you may wish to reformat the disk reboot the device and recopy the system software Mgmt Class System R W Debug R W Input Format format disk Par...

Страница 69: ...ystem R W Debug R W Input Format msfs fix Parameters Response The following is an example of a typical response without the fix parameter fix Optional If fix is specified errors are corrected in the F...

Страница 70: ...mat rename oldname newname Parameters Response The following is an example rename command sync Commits the changes made to the file system to FLASH memory Mgmt Class All R W Input Format sync Paramete...

Страница 71: ...on password security authentication protocol management security system administration password IP address translation NAT configuration host mapping WAN to WAN forwarding filters Dial Backup configur...

Страница 72: ...ystem addudprelay Create a UDP port range for packet forwarding system authen Forces the target router authentication protocol that is used for security negotiation with the remote routers when the lo...

Страница 73: ...rence a vir tual routing table or deletes the entire virtual rout ing table system delserver Deletes an server entry system delsnmpfilter Deletes the SNMP client range system delsyslogfilter Renames a...

Страница 74: ...the number of concurrent Telnet and SSH sessions the system will allow system securemode set lan Allows discrete control of the secure mode for the LAN interface system securemode set wan Allows discr...

Страница 75: ...s at least one address the router disables its own DHCP server and instead forwards all DHCP BootP requests to all servers in the list It forwards every reply received from any of the servers in the l...

Страница 76: ...e Page 4 6 Efficient Networks Parameters Response The following is an example of adding a server address then querying a response ipaddr a a Dotted decimal notation IP address of the server system add...

Страница 77: ...first public addr number of addresses remapped 1 inclusive Automatic SNTP requests are generated if the system needs to get the time You can specify an SNTP server using the command sntp server and a...

Страница 78: ...t the range of allowed clients use the command system list when you are logged in with read and write permission be sure to log in with password To delete addresses from the HTTP filter use the system...

Страница 79: ...the source address of a packet is not within the address ranges for any virtual routing table the default routing table is referenced to route the packet For more information see Virtual Routing Tabl...

Страница 80: ...guration To learn more see Network Address Translation NAT on page 4 17 of the Technical Reference Guide Multiple system addserver remote addserver and eth ip addserver commands can designate differen...

Страница 81: ...ort First or only port as seen by the remote end Port used by the select ed server portid c c Integer 0 65 535 Numerical port value a value of 0 matches any port dns Domain Name Server DNS port ftp Fi...

Страница 82: ...immediately NOTE To list the range of allowed clients use the system list command To delete addresses from the SNMP filter use the system delsnmpfilter or snmp delsnmpfilter command For more informat...

Страница 83: ...the Syslog server addresses that you specify explicitly For more information on the router as a Syslog client see Syslog Client on page 7 1 of the Technical Reference Guide NOTE This command does not...

Страница 84: ...about the router as a Syslog client refer to Syslog Client on page 7 1 of the Technical Reference Guide To see the server addresses use the system list command To remove a Syslog server address from t...

Страница 85: ...nce Guide NOTE This command does not require a reboot and is effective immediately NOTE To list the range of allowed clients use the system list command To delete addresses from the Telnet filter use...

Страница 86: ...rlap of UDP ports is not allowed Mgmt Class Network R W Input Format system addudprelay ipaddr first port all last port Parameters Response Command prompt ipaddr a a Dotted decimal notation IP address...

Страница 87: ...Security R W Input Format system authen none pap chap Parameters Response This following example illustrates setting the authentication level then displaying the current setting When the command is e...

Страница 88: ...Mgmt Class Network R W Input Format system backup add ipaddr gw dns group Parameters Examples The following command adds the address 192 168 1 5 to group 0 of the addresses to be pinged The following...

Страница 89: ...Network R W Input Format system backup delete ipaddr gw dns all group all Parameters Examples The following command deletes the address 192 168 1 5 from group 0 The following command deletes the gatew...

Страница 90: ...NOTE If you do not use the save command to save this change Dial Backup is only temporarily disabled and it is re enabled at the next reboot Temporarily disabling Dial Backup stops Dial Backup but it...

Страница 91: ...the Dial Backup switch use the system list command To disable Dial Backup use the system backup disable command For more information see Dial Backup on page 6 7 of the Technical Reference Guide NOTE...

Страница 92: ...Number of Samples and Success Rate on page 6 13 of the Technical Reference Guide NOTE If you change the ping interval to 0 the group of addresses is disabled Mgmt Class Network R W Input Format syste...

Страница 93: ...page 6 12 of the Technical Reference Guide NOTE If you change the ping samples value to 0 you disable pinging for that group of addresses Mgmt Class Network R W Input Format system backup pingsamples...

Страница 94: ...de The default retry period is thirty minutes The minimum retry period is two minutes To see the current retry value use the system list command NOTE When the Dial Backup retry timer expires the modem...

Страница 95: ...t Class Network R W Input Format system backup stability minutes Parameters Examples The following command changes the stability period to 5 minutes Response Command prompt system backup successrate C...

Страница 96: ...esses in group 0 The following command disables the pinging of addresses in group 1 Response Command prompt system blocknetbiosdefault The router can block all NetBIOS and NetBUI requests from being s...

Страница 97: ...to a different value Refer to SNMP on page 7 2 of the Technical Reference Guide for additional information NOTE This command is functionally equivalent to the snmp community command Mgmt Class Securi...

Страница 98: ...nformation on the Dial Backup option refer to Dial Backup on page 6 7 of the Technical Reference Guide Mgmt Class Network R W Input Format system defaultmodem Parameters None Response Command prompt s...

Страница 99: ...apping on a per system wide basis Mgmt Class Network R W Input Format system delhostmapping first private addr second private addr first public addr Parameters Response Command prompt ipaddr a a Dotte...

Страница 100: ...d prompt system deliproutingtable Deletes a range of addresses that reference a virtual routing table or deletes the entire virtual routing table To list the virtual routing tables use the iproutes co...

Страница 101: ...d Mgmt Class Network R W Input Format system addServer action protocol first port last port first private port Response Command prompt all Deletes the virtual routing table Both the table definition a...

Страница 102: ...ort First or only port as seen by the remote end Port used by the select ed server portid c c Integer 0 65 535 Numerical port value a value of 0 matches any port dns Domain Name Server DNS port ftp Fi...

Страница 103: ...and is effective immediately NOTE To list the range of allowed clients use the command system list For more information see Controlling Remote Management on page 5 15 of the Technical Reference Guide...

Страница 104: ...m delsyslogfilter firstipaddr last ipaddr lan Parameters Response Command prompt system delsyslogserver Removes an address from the list of Syslog servers To see the server addresses use the command s...

Страница 105: ...ctive immediately NOTE To list the range of allowed clients use the command system list Mgmt Class Security R W Input Format system deltelnetfilter first ipaddr last ipaddr lan Parameters Response Com...

Страница 106: ...put Format system deludprelay ipaddr first port all last port Parameters Response Command prompt system history Displays the router s most recent console log Mgmt Class Admin R W Input Format system h...

Страница 107: ...ng to boot from flash memory loading done Verifying CRC 77D79D92 done Efficient Networks Inc SS5871 P N 120 5871 001 Rev 34 06 S N 747425 Now 2769k free before buffers Interfaces detected LAN Ethernet...

Страница 108: ...r more information see Controlling Remote Management on page 5 15 of the Technical Reference Guide Mgmt Class Network R W Input Format system httpport default disabled port Parameters Examples This co...

Страница 109: ...ion override none file systems done WAN to WAN Forwarding no file systems done Block NetBIOS Default no file systems done BOOTP DHCP Server address none Telnet Port default 23 file systems done Telnet...

Страница 110: ...system log Allows logging of the device s activity in a Telnet session Mgmt Class Admin R W Input Format system log start stop status Parameters Response Command prompt start Initiates monitoring acti...

Страница 111: ...Format system modem reset escape init offhook dial answer hangup string Parameters Examples The following command changes the string for the init setting The following command selects pulse dialing R...

Страница 112: ...erence Guide Mgmt Class Network R W Input Format system moveiproutingtable first ip addr last ip addr tablename Parameters Examples With this command all packets with source addresses in the range 192...

Страница 113: ...system msg message Parameters Response The following is an example response of a message configuration and recall Entering the command with no parameter will display the current mes sage or use the co...

Страница 114: ...uter during PAP CHAP Security Authentication Mgmt Class Security R W Input Format system name name Parameters Example The following is an example response of name configuration and recall Response Com...

Страница 115: ...ts the PPP Multi Link protocol To do so at system startup time the router examines each remote entry If it finds only one remote enabled it leaves the remote enabled If it finds more than one remote e...

Страница 116: ...ty R W Input Format system passwd password Parameters Response Command prompt system riptimer Sets the duration in seconds for Routing Information Protocol RIP information to be exchanged with remote...

Страница 117: ...arameters None Response A typical response is shown below system securemode set Enables and disables secure mode When secure mode is enabled management access of the system is allowed only through sec...

Страница 118: ...llowed is a system setting and independent of the secure mode state enabled or disabled NOTE If the number of sessions allowed is set to 0 access to the command line interface will be available only t...

Страница 119: ...W Input Format system securemode set lan trusted untrusted Parameters Response Typical response system securemode set wan Allows discrete control of the secure mode function on the WAN interface When...

Страница 120: ...vileged mode when no typing has occurred for the length of time set for the security timer To see the current security timer value use the system list command To disable the security timer set the min...

Страница 121: ...ublic addr system selnat addpolicy remote addr remote addr mask notrans Parameters Examples Response Command prompt remote addr a a Dotted decimal notation Specifies the destination IP address to whic...

Страница 122: ...ameters Response Command prompt system selnat list Lists the current selective NAT policies Policies are sorted by subnet mask then listed in ascending order from more specific to general policies Mgm...

Страница 123: ...Request the default SNMP port 161 This re enables SNMP after it is disabled Redefine the SNMP port NOTE This command is functionally equivalent to the snmp snmpport command NOTE This command requires...

Страница 124: ...the default value 161 and re enables the port disable Disables the existing SNMP port port a a Integer Defines a new SNMP port number Use this option to restrict remote ac cess This command sets the S...

Страница 125: ...orates the following commands default Restores the SSH port value to the default value 22 and re enables the port disable Disables the existing SSH port port a a Integer 1 65525 22 Defines a new SNMP...

Страница 126: ...built Mon May 7 17 42 01 PDT 2001 Maximum users unlimited Options FRAME RELAY ASYNC SDSL VOICE TOLLBRIDGE RFC1483 IP ROUTING IP FILTERING WEB HW DES IPSEC 3DES L2TP ENCRYPT BRIDGE IPX CMMGMT DIAL BAC...

Страница 127: ...1be8 2000 11 BOOTP 03 5 303fd4 3046c0 2032 12 DUM 03 5 302964 303850 4080 13 SDSL 03 5 304d34 3053d8 2032 14 CALLCTRL 03 3 306624 306d18 2032 15 DSP 03 3 306e34 307520 2032 16 SNMPD 03 5 3055a4 3064a8...

Страница 128: ...nced 2 fat s reserved 1437184 bytes used by files 14848 bytes by tables 302080 bytes free SYSTEM GENERAL INFORMATION FOR System started on 5 17 2001 at 17 49 Authentication override none WAN to WAN Fo...

Страница 129: ...address default VRRP Multicast address default IPX Routing enabled no ETHERNET INFORMATION FOR ETHERNET 0 Hardware MAC address 00 20 6F 09 0C 25 Send IP RIP to the LAN rip 1 compatible Advertise me as...

Страница 130: ...0 2 0 0 G711 uLaw Inactive 0 3 0 0 G711 uLaw Inactive 0 4 0 0 G711 uLaw Inactive 0 5 0 0 G711 uLaw Inactive 0 6 0 0 G711 uLaw Inactive 0 7 198 570 G711 uLaw Inactive 0 8 0 0 G711 uLaw Inactive 0 REMOT...

Страница 131: ...ction ETHERNET 0 10 0mb 0 0 0 0 Ethernet OPENED FR 0 784kb 0 0 0 0 HDLC FR OPENED FR VOICE 1 784kb 0 0 0 0 CLEAR OPENED CONSOLE 0 57kb 0 0 0 0 TTY OPENED FR VC 2 784kb 0 0 0 0 FR OPENED to configuredF...

Страница 132: ...e L2TP TUNNELS IP FILTERS Begin IPFilters for configuredForCMPPlay watching for dropped rejected packets is OFF Begin rules for input list remote ipfilter flush input configuredForCMPPlay remote ipfil...

Страница 133: ...input accept c 0 p 50 da 192 168 254 254 IKE Global Filter 0 eth ip filter insert 1 input accept c 0 p 51 da 192 168 254 254 IKE Global Filter 0 eth ip filter insert 2 input accept c 0 p udp sp 500 da...

Страница 134: ...d Line Interface Guide Page 4 64 Efficient Networks End IPFilters for ETHERNET 0 IPSEC There are no security associations IKE There are no IKE peers There are no IKE proposals There are no IKE IPSec P...

Страница 135: ...syslog port 514 Re enables Syslog after it is disabled Redefine the syslog port NOTE This command requires a save and reboot to take effect To see the current setting use the command system list For...

Страница 136: ...command requires a save and reboot to take effect To see the current setting use the system list command Mgmt Class Network R W Input Format system telnetport default disabled port default Restores th...

Страница 137: ...Response Command prompt default Restores the port value to the default value 23 and re enables the port disabled Disables the existing Telnet port port a a Integer Defines a new Telnet port number Us...

Страница 138: ...any information to the Internet WAN to WAN forwarding should be disabled To see the current setting for WAN to WAN forwarding use the command system list This system wan2wanforwarding command compleme...

Страница 139: ...commands require a save and reboot before they take effect However changes made to IP filters and to virtual routing tables take effect immediately the changes are lost though if they are not saved be...

Страница 140: ...ast Enables or disables the forwarding of broadcast packets directed to a specific network prefix eth ip disable Disables IP routing across the Ethernet LAN eth ip enable Enables IP routing across the...

Страница 141: ...rnet interface eth vrrp add Defines a VRRP attribute record for the VRID vir tual router ID eth vrrp clear password Clears the password in a VRRP attribute record for the VRID eth vrrp delete Deletes...

Страница 142: ...Guide Page 5 4 Efficient Networks eth Lists the supported keywords To see the syntax for a command enter the command followed by a Mgmt Class All R Input Format eth Parameters None Response A listing...

Страница 143: ...dual port router logical interface 0 cannot be deleted Once defined routes and filters can be created for the new logical interface using the other eth commands in this section To list the currently d...

Страница 144: ...he deleted interface reappears after the reboot Once defined routes and filters can be created for the new logical interface using the other eth commands in this section To list the currently defined...

Страница 145: ...apping first private addr second private addr first public addr interface Parameters Example Typical usage Response Command prompt first public addr a a Dotted decimal notation First IP address of the...

Страница 146: ...IP address and subnet mask for logical interface 1 on Ethernet port 0 Response Command prompt ip addr a a Dotted decimal notation Ethernet LAN IP address ipnetmask a IP network mask interface b c b Th...

Страница 147: ...llowing command adds a route to the default routing table for logical interface 1 on Ethernet port 0 Response Command prompt ip addr a a Dotted decimal notation Ethernet LAN IP address ipnetmask a IP...

Страница 148: ...rst port last port first private port interface Parameters action One of the following command actions ipaddr a a Dotted decimal notation Selects the host with this IP address as server discard Discar...

Страница 149: ...wever the change is lost if it is not saved before the next reboot smtp Simple Mail Transfer Protocol SMTP port snmp Simple Network Management Protocol SNMP port t120 T 120 port telnet Telnet port tft...

Страница 150: ...etwork mask hops b b Integer Number of routers through which the packet must go to get to its desti nation gateway a IP address of the IP gateway tablename c c ASCII string IP virtual routing table o...

Страница 151: ...the eth ip defgateway command It sends packets for all IP addresses to the specified gateway eth ip addRoute 0 0 0 0 255 255 255 0 gateway 1 Mgmt Class Network R W Input Format eth ip defgateway ipadd...

Страница 152: ...nse Command prompt first public addr a a Dotted decimal notation First IP address of the range of IP addresses second public addr a Last IP address of the range of IP addresses first public addr a Def...

Страница 153: ...letes the route for IP address 10 9 2 0 255 255 255 0 for the default Ethernet interface 0 0 The following command deletes the route for IP address 10 1 3 0 255 255 255 0 for the Ethernet interface 0...

Страница 154: ...erver requests to the local router regardless of the IP address protocol Protocol used by the selected server protocolid b b Integer Numerical protocol ID tcp TCP only udp UDP only all All protocols f...

Страница 155: ...mple Mail Transfer Protocol SMTP port snmp Simple Network Management Protocol SN MP port t120 T 120 port telnet Telnet port tftp Trivial File Transfer Protocol TFTP port all All ports last port Option...

Страница 156: ...168 254 254 and its mask is 255 255 255 0 its network prefix directed broadcast addresses are 192 168 254 0 and 192 168 254 255 This feature is independent of the IP firewall and IP filtering feature...

Страница 157: ...ip disable Parameters None Response Command prompt eth ip enable Enables IP routing across the Ethernet LAN This command acts as a master switch allowing you to re enable all IP routing NOTE This com...

Страница 158: ...r types are applied refer to IP Filtering on page 5 23 of the Technical Reference Guide NOTE IP filters take effect immediately upon entry They can even affect the current connection that you are usin...

Страница 159: ...this type and interface If no line numbers are specified all filters in the list are deleted If only the first line number is specified all filters from that line to the end are deleted To see the cur...

Страница 160: ...servers see Syslog Client on page 7 1 However if the parameter q quiet was specified for a filter no message is printed when that filter matches a packet If the parameter v verbose was specified for a...

Страница 161: ...l TCP UDP ICMP The packet must have the specified protocol If no protocol is specified the filter matches every protocol sa first source ip addr last source ip addr The packet must have a source IP ad...

Страница 162: ...rt last dest port The packet must have a destination port that matches the specified ICMP type or that is within the specified port range If only one port is specified the packet must have that destin...

Страница 163: ...list This command example prevents the forwarding of all IP traffic If you put these filters at the end of the filter lists they will stop all packets that have not matched filters earlier in the list...

Страница 164: ...ist the active state This command requires a save and reboot before it takes effect To perform Firewall Filtering IP routing must be enabled For more information see IP Filtering on page 5 23 of the T...

Страница 165: ...eth ip addr command NOTE The management address is not effective until after the next save and reboot NOTE To use the management address as the source address for a ping you must specify it using the...

Страница 166: ...ast traffic NOTE This command is not effective until after save and reboot commands have been performed Mgmt Class Network R W Input Format eth ip options option on off interface ip addr a a Dotted de...

Страница 167: ...RIP 2 packets only rxdef Receive the default route address from the Ethernet LAN The default is on This option is useful if you do not want to configure your router with a default route txrip Transmit...

Страница 168: ...ork Address Translation for port 0 The following command disables Network Address Translation for logical interface 0 1 Response Command prompt ip addr a a Dotted decimal notation IP address of the re...

Страница 169: ...dr tablename interface Parameters Example The following commands remove Ethernet routes from virtual routing table ROSA The first deleted route is for IP address 10 1 2 0 and the default Ethernet inte...

Страница 170: ...logical Ethernet interface as the management interface for the router To create a new logical Ethernet interface use the command eth add and then assign it an IP address with an eth ip addr command N...

Страница 171: ...ng you to disable IPX routing for testing or control purposes vrid a a Integer 1 255 Virtual route ID interface b b To specify a logical interface other than 0 0 specify both the port number 0 or 1 an...

Страница 172: ...eters Response Command prompt eth ipx enable Enables IPX routing across the Ethernet LAN This acts as a master switch allowing you to enable IPX routing NOTE This command requires a reboot Mgmt Class...

Страница 173: ...hernet interfaces including the status of bridging and routing IP protocol controls and IP address and subnet mask Mgmt Class Network R Input Format eth list interface Parameters type 802 2 DEC standa...

Страница 174: ...no RIP Multicast address default IPX Routing enabled no ETHERNET INFORMATION FOR ETHERNET 0 Hardware MAC Address 00 20 6F 02 98 04 Send IP RIP to the LAN no Advertise me as default router yes Process...

Страница 175: ...read about logical Ethernet interfaces see IP Subnets on page 6 1 of the Technical Reference Guide Certain configuration changes for a logical Ethernet interface become effective only after the logica...

Страница 176: ...Ethernet interface use the command eth restart Mgmt Class Network R W Input Format eth start interface Parameters Response Command prompt interface a b a Integer 0 1 or it may be omitted if the router...

Страница 177: ...arted again To start a logical Ethernet interface use the command eth start To stop and immediately restart a logical Ethernet interface use the command eth restart Mgmt Class Network R W Input Format...

Страница 178: ...interface or reboot the router To see the contents of the VRRP attribute records use the command eth vrrp list You can change the attribute values using other eth vrrp commands see VRRP Configuration...

Страница 179: ...VRRP router you must clear the password for every router for that VRID on the LAN For example if VRID 7 is defined in routers A B and C in the LAN and you clear the password for router A you must clea...

Страница 180: ...ing a VRRP configuration from a router you would delete both the VRRP attribute record and the extra logical interface To do so use the commands eth vrrp delete and eth delete NOTE This command takes...

Страница 181: ...s address is used by all VRRP announcements from this router regardless of VRID or port For more information see VRRP Backup on page 6 16 of the Technical Reference Guide NOTE This command is not usua...

Страница 182: ...s its function in the network The preemption option cannot change this However if the router is a backup router for the IP address and it determines that a router with a lower priority is currently fu...

Страница 183: ...s sent as clear text on the LAN For more information see VRRP Backup on page 6 16 of the Technical Reference Guide NOTE If you do not specify a password no authentication is performed To see the curre...

Страница 184: ...after you restart the interface or reboot the router Mgmt Class Network R W Input Format eth vrrp set password password vrid port Parameters Example This command example specifies the password AbCdEfG...

Страница 185: ...router for VRID 7 must have priority 255 while the first backup router for VRID 7 could have the default priority 100 and a second backup router for VRID 7 could have priority 50 NOTE This command ta...

Страница 186: ...ther VRRP router during the master down interval the backup assumes the other router is down The master down interval is calculated as follows Thus the default skew time is 256 100 256 or 609375 The d...

Страница 187: ...rs Example This command example specifies two seconds as time interval for VRID 7 using default port 0 Response Command prompt seconds a a Integer 0 60 Time interval value in seconds vrid b b Integer...

Страница 188: ...de Page 5 50 Efficient Networks eth ip remsrcrouteopt Adds or removes the source routing option Mgmt Class Network R W Input Format eth ip remsrcrouteopt enable disable Parameters Response Command pro...

Страница 189: ...nt Bandwidth management Security authentication protocols and passwords WAN IP IPX addresses IP routes IPX routes and SAPS Remote bridging addresses and bridging control Host mapping The remote comman...

Страница 190: ...ry from the remote router da tabase remote delatmsnap Deletes an ATM mapping entry remote delbridge Removes the designation of the remote router entry as the default bridging destination remote delenc...

Страница 191: ...n for a remote router or if the router name is omitted for all routers in the remote router da tabase remote listipxroutes Lists all network IPX route addresses defined for the LAN connected beyond th...

Страница 192: ...s a connection where the link goes up and down remote setmgmtipaddr Assigns to the remote router entry an IP address which is to be used for management purposes only and not for IP address translation...

Страница 193: ...to be used when dialing out using the backup V 90 modem connected to the console port remote setsrcipaddr Sets the IP address for the target WAN connection to the remote router remote settimer Sets t...

Страница 194: ...model Mgmt Class Network R Input Format remote Parameters None Response A listing of the remote commands and keywords with a brief description of their function remote add Adds a remote router entry i...

Страница 195: ...ies in the bridging table use the bi list command NOTE Bridging using the specified remote is effective only after it has been enabled using the remote enabridge command To see the current bridge sett...

Страница 196: ...the range is computed automatically from first public addr to first public addr number of addresses remapped 1 inclusive Mgmt Class Network R W Input Format remote addhostmapping first private addr s...

Страница 197: ...the local router never connects to the remote router and the remote router supports RIP NOTE Changes to the default routing table require a save and a remote restart or reboot before they take effect...

Страница 198: ...command adds the default route when the WAN interface is a point to point interface the sixth command adds the default route when the WAN interface is a broadcast interface Response Command prompt re...

Страница 199: ...Setting this address is not required if a target router never connects to the remote router and the remote router supports RIP NOTE A reboot command must be performed on the target router for the add...

Страница 200: ...must be performed on the target router for the addition of a SAP to take effect Mgmt Class Network R W Input Format remote addipxsap servicename ipxnet ipxnode socket type hops remotename Parameters...

Страница 201: ...22 To delete a server designation use the remote delserver command Mgmt Class Network R W Input Format remote addserver action protocol first port last port first private port remotename Parameters a...

Страница 202: ...MTP port sntp Simple Network Management Protocol SNMP port t120 T 120 port telnet Telnet port tftp Trivial File Transfer Protocol TFTP port all All ports last port Optional last port in the range of p...

Страница 203: ...e ipaddr ipnetmask hops ipgateway tablename remotename Parameters Example The following command adds a route to virtual routing table FRANCISCO The route is to IP address 10 1 2 0 255 255 255 0 and go...

Страница 204: ...Class Security R W Input Format remote blocktetbios on off remotename Parameters Response Command prompt remote del Deletes a remote router entry from the remote router database Input Format remote d...

Страница 205: ...d using the remote addbridge command To see the bridge settings for a remote entry use the remote listbridge command To remove a designation as the default bridging destination for a specific MAC addr...

Страница 206: ...tion Deletes encryption files associated with a remote router Mgmt Class Security R W Input Format remote delencryption remotename Parameters Response Command prompt All MAC addresses mac_addr a a HEX...

Страница 207: ...deliproute Deletes an IP address route for a network or station on the LAN connected beyond the remote router The route is deleted from the default routing table NOTE Changes to the default routing t...

Страница 208: ...OTE A reboot command must be performed on the target router for the deletion of a static route to take effect Mgmt Class Network R W Input Format remote delIpxRoute ipxnet remotename Parameters Respon...

Страница 209: ...X service on the LAN network connected beyond the remote router NOTE A reboot must be performed on the target router for a deleted service to take effect Mgmt Class Network R W Input Format remote del...

Страница 210: ...gmt Class Network R W Input Format remote delourpasswd remotename Parameters Response Command prompt remote deloursysname Removes the unique CHAP or PAP authentication system name entries established...

Страница 211: ...erver Deletes a server entry created by the remote addserver command Mgmt Class Network R W Input Format remote delserver action protocol first port last port first private port async Asynchronous con...

Страница 212: ...p TCP only udp UDP only all All protocols first port First or only port as seen by the remote end Port used by the se lected server portid c c Integer 0 65 535 Numerical port value a value of 0 matche...

Страница 213: ...be used until it is enabled NOTE If the remote is currently active when the remote is disabled the active session is not stopped To stop the active session use the remote stop command Mgmt Class Netwo...

Страница 214: ...ridge Disables bridging from the target router to the remote router NOTE This command requires a reboot of the target system for the change to take effect Mgmt Class Security R W Input Format remote d...

Страница 215: ...enaAuthen remotename Parameters Response Command prompt remote enable Enables use of an entry in the remote router database Although the command makes it possible to use the remote entry it does not...

Страница 216: ...idge Enables bridging from the target router to the remote router NOTE This command requires a reboot of the target system for the change to take effect Mgmt Class Security R W Input Format remote ena...

Страница 217: ...nds Unlike other configuration changes you do not need to save and restart or reboot Mgmt Class Security R W Input Format remote ipfilter command type action parameters remotename The following comman...

Страница 218: ...nd are deleted To see the current filter list use the remote ipfilter list list command Filters are used in the order they appear in their list remote ipfilter clear remote ipfilter clear first line l...

Страница 219: ...for a filter a message is printed whenever that filter matches a packet regardless of the filter action To see the messages Telnet to the router and enter system log The watch does not continue after...

Страница 220: ...t have that source IP address If no source IP address is specified the filter matches any address in the range 0 0 0 0 255 255 255 255 sm source ip mask The filter uses the specified mask when compari...

Страница 221: ...to every TCP packet that has either the RESET flag or the ACK flag set The following parameter s request additional filter options tcp syn ack noflag rst If the IP packet is a TCP packet the filter ma...

Страница 222: ...sult is a complete display of the current configuration settings for the remote router s except for the authentication password secret Mgmt Class Network R Input Format remote list remotename Specify...

Страница 223: ...quired PAP Use periodic LCP pings yes Connection Identifier VPI VCI 0 38 IP address translation off IP filters defined no Send Receive Multicast off Block NetBIOS Packets off Compression Negotiation o...

Страница 224: ...e parameter Exchange spanning tree with dest no TX Encryption unknown RX Encryption unknown mtu 1500 If entered with no parameters bridge settings for all re mote routers entries are listed remotename...

Страница 225: ...ut Format remote listiproutes remotename Parameters Response The following example command response lists routing information for remote router HQ It lists five routes that use HQ the first four are i...

Страница 226: ...s Network R Input Format remote listipxroutes remotename Parameters Response Typical response remote listipxsaps Lists all services defined for the LAN connected beyond the remote router Each service...

Страница 227: ...t Format remote listphones remotename Parameters Response Typical response remotename a a ASCII string Name of the remote router rem listipxsaps hq IPX SAP INFORMATION FOR HQ 1 Total IPX SAPs SERV312_...

Страница 228: ...an Ethernet interface use the eth restart command Mgmt Class Network R W Input Format remote restart remotename Parameters Response Command prompt remote setatmnsap RFC1577 Classical IP over ATM speci...

Страница 229: ...ys attempt to negotiate the highest level of security possible CHAP The router will not accept a negotiated security level less than this minimum authentication method The parameter in the remote rout...

Страница 230: ...ckup The bandwidth on demand management option can be set to apply to incoming outgoing or both incoming and outgoing traffic The bandwidth threshold set by the remote setbwthresh command applies to t...

Страница 231: ...r remote router HQ The following example command configures remote router PPPoEbridge as the remote through which only PPPoE traffic is bridged Response Command prompt option l stp Set this option to...

Страница 232: ...he additional channel is available if the maximum links was set to 2 by a remote setmaxline command Both channel are utilized until the bandwidth utilization drops below the threshold The default is 0...

Страница 233: ...ession Negotiation line If desired you can follow the negotiation of the Stac LZS compression within CCP using the debug command mlp debug ccp Mgmt Class Network R W Input Format remote setCompression...

Страница 234: ...ion file on the router must have a num suffix e g dh96 num Mgmt Class Security R W Input Format remote setEncryption DESE_1_KEY DESE_2_KEY filename remoteName Parameters Response Command prompt rx Rec...

Страница 235: ...ierarchical organizations If you are connecting to another company or an Internet Ser vice Provider you may wish to set this option off The default is off rxrip1 Receive and process RIP 1 packets only...

Страница 236: ...ever in certain situations where the router is managed by another party as part of a managed service you could set this value to yes to ensure that the central management site always specifies the IP...

Страница 237: ...routers local WAN port This command requires that you define a Source WAN IP Address with the remote setsrcipaddr command Mgmt Class Network R W Input Format remote setiptranslate on off remotename Pa...

Страница 238: ...les or disables the IPX option RIPSAP for the remote WAN connection Mgmt Class Network R W Input Format remote setIpxOptions ripsap on off remotename Parameters Response Command prompt ipxnet a a Hexa...

Страница 239: ...rs Response Command prompt remote setmgmtipaddr Assigns to the remote router entry an IP address which is to be used for management purposes only and not for IP address translation This management IP...

Страница 240: ...1 2 192 168 100 100 NOTE To use the management address as the source address for a copy you must specify both the source and destination addresses on the copy command To list the current management ad...

Страница 241: ...ged by the hour then having a channel allocated continually would save you the 2 3 second wait time required for each channel re allocation Mgmt Class Network R W Input Format remote setminline minlin...

Страница 242: ...the maximum receive unit Other information in the mlp show output includes the maxtu the maximum packet size that can be sent it is based on the peer s MRU size the ourmru the maximum PPP packet size...

Страница 243: ...sswd password remotename Parameters Response Command prompt remote setoursysname Sets a unique CHAP or PAP authentication system name for the local router that is used for authentication when the loca...

Страница 244: ...tion where the link goes up and down These links include those for ISDN L2TP tunnels IPSec tunnels and dial backup For dial backup the phone number is used when dialing out using the backup V 90 modem...

Страница 245: ...on 1 Primary phone number or first ISDN channel 2 Alternative phone number or first ISDN channel phone a a Digits the asterisk and the characters are accepted use a comma to specify a 2 second pause D...

Страница 246: ...ed This could be useful if the other PPP system does not completely support IP address negotiation Response Command prompt option Specify one of the following options compression Van Jacobson compress...

Страница 247: ...e same time and this could crash the PPP server To solve this problem turn on the PPP retry timer for each remote Then when the link comes back up each router waits a random time before attempting rec...

Страница 248: ...hanges the lines presented in the display phone numbers are displayed only for asynchronous See the example below Mgmt Class Network R W Input Format remote setprefer async fr hsd remotename Parameter...

Страница 249: ...ur System Name when dialing out gwbush Our Password used when dialing out yes Disconnect timeout in seconds 60 Min max channels 0 1 Interface in use ASYNC Protocol in use PPP Authentication disabled A...

Страница 250: ...the Technical Reference manual Mgmt Class Network R W Input Format remote setProtocol PPP PPPLLC RFC1483 RFC1483MER FRF8 RAWIP remotename Parameters Response Command prompt ppp PPP protocol with VC m...

Страница 251: ...ponse Command prompt vpi number Virtual Path ID number that identifies the link formed by the virtual path vci number Virtual Circuit ID number that identifies a channel within a vir tual path in a DS...

Страница 252: ...support IP address negotiation under PPP i e numbered mode is required and the remote router cannot specify a WAN IP address for use during the negotiation process Mgmt Class Network R W Input Format...

Страница 253: ...ormat remote setspeed bitrate default async 1 2 remotename Parameters Examples The following command specifies the primary phone number and its bit rate The following commands specifies the alternativ...

Страница 254: ...etwork Another instance is to force numbered mode and to prevent the remote router from changing the target WAN IP address through IPCP address negotiation The target WAN IP address defaults to the Et...

Страница 255: ...irable if your service provider charges by the hour However the connection has to wait a few seconds each time a channel is re allocated NOTE The timeout period set by this command is not effective if...

Страница 256: ...E A reboot ends the active session to start a session after the reboot you must enter another remote start command To stop an active session for the remote use the remote stop command To stop and imme...

Страница 257: ...ASCII string Name of the remote router remote setprefer fr backup remote list backup Current state Currently connected Current output bandwidth 0 bps Current input bandwidth 0 bps Current bandwidth a...

Страница 258: ...command before stopping the remote interface NOTE The stop command does not disable the remote entry so another session can be started for the remote To start an active session for the remote use the...

Страница 259: ...y However the change is lost if it is not saved before the next remote restart or reboot Mgmt Class Network R W Input Format remote unbindipvirtualroute ipaddr tablename remotename Parameters Example...

Страница 260: ...Chapter 6 Remote Commands Efficient Networks Router family Command Line Interface Guide Page 6 72 Efficient Networks This page intentionally left blank...

Страница 261: ...e Multi Tone commands see DMT Commands Dual Ethernet commands see Dual Ethernet Router ETH Commands Frame Relay commands see Frame Commands HDSL High speed Digital Subscriber Line commands see HDSL Co...

Страница 262: ...ds To see the syntax for a command enter the command followed by a Mgmt Class Network R Input Format adsl Parameters None Response A listing of the ADSL commands and keywords with a brief description...

Страница 263: ...LAM Mgmt Class Network R Input Format adsl speed Parameters None adsl restart 12 02 1997 12 47 46 ADSL Idle 12 02 1997 12 47 46 ADSL Startup initiated 12 02 1997 12 47 48 ADSL Startup training in prog...

Страница 264: ...rk R W Input Format adsl stats clear Parameters Response Statistical information displayed adsl speed downstream rate 6272 Kb s upstream rate 1088 Kb s When entered with no parameters the current ADSL...

Страница 265: ...command enter the command followed by a Mgmt Class Network R Input Format atm Parameters None Response Lists the supported ATM commands and keywords and a brief description of their function inconsist...

Страница 266: ...ream speed attained When the command changes the processor clocks only certain discrete values are allowed The speed achieved is the allowed speed value that is equal to or the next lower value to the...

Страница 267: ...eam speed is 326 Kb s Generally your Network Service Provider should provide you with your speed value If your service provider states your speed value in cells per second enter the value using the co...

Страница 268: ...l Rate PCR ATM traffic shaping should be used to allocate bandwidth whenever more than one remote router is defined Enter a remote setATMTraffic command for each remote For example if you have five re...

Страница 269: ...tream data rate of 20 Kbps 47 cells s is desired you would issue the following command If a constant bit rate CBR is required use the following command Response Command prompt scr a a Integer Sustaine...

Страница 270: ...y include dmt Lists the supported DMT keywords To see the syntax for a command enter the command followed by a Input Format dmt Mgmt Class Network R Parameters None Response Lists the supported DMT co...

Страница 271: ...u do not want the CO and CPE to negotiate the link type but instead want to specify the type of data link required CAUTION This command forces the CPE into the specified mode It is not for normal use...

Страница 272: ...de command can request one of three modes ANSI no_Trellis_ANSI and UAWG NOTE UAWG mode is becoming obsolete No Trellis encoding for T1 413 ANSI ADSL is only needed where auto negotiation is not suppor...

Страница 273: ...ngle 10Base T connector This Dual Ethernet router may be configured via the Web Browser GUI or from the Command Line Interface CLI To set up any DHCP options and to configure optional features like IP...

Страница 274: ...mmand requires a reboot of the router for the change to take effect Mgmt Class Network R W Input Format eth br enable Parameters None Response Command prompt eth br disable Disables bridging in a Dual...

Страница 275: ...e Protocol stp setting without approval from your system administrator The PPPoESet option limit this Ethernet port to bridging PPPoE traffic only If the option is set to off then the port can bridge...

Страница 276: ...e Page 7 16 Efficient Networks Examples The following command turns off the spanning tree protocol for Ethernet port 0 The following command configures Ethernet port 1 so that only PPPoE traffic is br...

Страница 277: ...ollowed by a Mgmt Class Network R Input Format frame Parameters None Response Lists the supported frame relay commands and keywords and a brief description of their function Table 7 5 Frame Relay Comm...

Страница 278: ...r is configured using Copper Mountain Plug Play see Chapter 3 of the Technical Reference manual Mgmt Class Network R W Input Format frame cmpplay router bridge Parameters Response Command prompt frame...

Страница 279: ...ived as well as LMI events frame stats FR 0 Frame Relay Statistics ANSI LMI Protocol Errors 0 Unknown Msg Recv 0 T391 Timeouts 0 PVC Status Changes 0 StatusEnq Sent 0 Status Recv 0 StatusEnq Recv 0 Un...

Страница 280: ...Mgmt Class Voice R Input Format frame voice Parameters None Response Command prompt LMI State UNKNOWN Status State Changes 0 Active to Not Active Changes 0 Not Active to Active Changes 0 Data Packets...

Страница 281: ...and enter the command followed by a Mgmt Class Network R Input Format gti Parameters None Response A listing of the gti commands and keywords with a brief description of their function gti speed Displ...

Страница 282: ...rmat gti speed Parameters None Response gti stats Shows the operational time for the system and ADSL connection Mgmt Class Network R Input Format gti stats Parameters None Response Statistical informa...

Страница 283: ...Chapter 7 WAN Interface Commands Efficient Networks Page 7 23 gti version Displays GTI ADSL version information Mgmt Class Network R Input Format gti speed Parameters None Response GTI ADSL Version in...

Страница 284: ...the syntax for a command enter the command followed by a Mgmt Class Network R Input Format hdsl Parameters None Response Lists the supported HDSL commands and keywords and a brief description of thei...

Страница 285: ...rameters None Response Command prompt hdsl speed Manages the line speed for the HDSL interface as follows CO end Sets the speed manually on the Central Office CO end only CPE end The router on the Cus...

Страница 286: ...gmt Class Network R W Input Format hdsl terminal cpe co Parameters Response Command example displaying current mode When entered with no parameters the current speed is dispaly ed a a Available only i...

Страница 287: ...nd Mgmt Class Network R Input Format idsl list Parameters None Response Typical response Table 7 8 IDSL Command Listing Command Function idsl list Lists the current switch type idsl save Saves the IDS...

Страница 288: ...rk R W Input Format idsl save Parameters None Response Command prompt idsl set speed Specifies the speed of the IDSL connection The IDSL bandwidth is composed of two 64 Kbps B channels plus one 16 Kbp...

Страница 289: ...mote router entry The DLCI Data Link Connection Identifier is an address identifying a logical connection in a Frame Relay environment The DLCI is generally provided by the Network Service Provider Th...

Страница 290: ...der should provide which link protocol to use Mgmt Class Network R W Input Format remote setProtocol ppp fr mer remotename Parameters Response Command prompt dlcinumber a a Integer Frame Relay number...

Страница 291: ...syntax for a command enter the command followed by a Mgmt Class Network R Input Format sdsl Parameters None Response Lists the supported SDSL commands and keywords and a brief description of their fun...

Страница 292: ...of the connection NOTE Remember to enter an sdsl save or save command to save SDSL changes across restarts and reboots For more information on the autobaud feature see Auto baud preactivation Mgmt Cla...

Страница 293: ...ompt sdsl speed Manages the speed of the SDSL line At the Central Office CO end the command sets the speed manually only At the Customer Premises Equipment CPE end the command can Display the current...

Страница 294: ...tion is no longer in effect the AUTO indicator is not displayed Response See examples above When entered with no parameters the current speed is displayed speed Speed in kbps a a If the auto speed sea...

Страница 295: ...ault configured as Customer Premises Equipment CPE Use this command if to configure the router as Central Office equipment CO Mgmt Class Network R W Input Format sdsl terminal cpe co Parameters Respon...

Страница 296: ...ex A or annex B of the G shdsl standard shdsl list Lists the current configuration of the G shdsl interface shdsl margin Specifies the acceptable noise margin in decibels shdsl ratemode Selects adapti...

Страница 297: ...ion of their function shdsl annex Selects annex A or annex B of the G shdsl standard The annex used depends on the DSLAM the router is to connect to In general annex B is used in Europe and annex A is...

Страница 298: ...Lists the current configuration of the G shdsl interface Mgmt Class Network R Input Format shdsl list Parameters None Response The following is a typical response shdsl list G SHDSL INTERFACE CONFIGUR...

Страница 299: ...s unstable you may need to increase the margin Mgmt Class Network R W Input Format shdsl margin dB Parameters Response Current margin is displayed shdsl ratemode Selects adaptive or fixed rate mode Mg...

Страница 300: ...displayed shdsl restart Restarts the G shdsl WAN interface NOTE Unlike a reboot a restart does not discard unsaved changes Mgmt Class Network R W Input Format shdsl restart Parameters None Response C...

Страница 301: ...r Premises Equipment CPE and the line speed desired is the maximum allowed by the central office CO This command can Display the current requested speed and actual speed shdsl speed with no parameter...

Страница 302: ...dsl rates This command usage requests a line speed of 1096 Kb s Response See examples above Enter the command with no parameter to display the current speed speed a b a Integer 72 2312 in increments o...

Страница 303: ...ed with clear parameter Enter the command with no parameter to display the current speed clear Option used to reset the statistical counters shdsl stats SHDSL 24hr statistics displayed in time period...

Страница 304: ...ter is assumed to be CPE Use this command if the router is to be used as CO Mgmt Class Network R W Input Format sdsl terminal cpe co NOTE To determine the current CO CPE setting enter shdsl terminal w...

Страница 305: ...Guide Chapter 7 WAN Interface Commands Efficient Networks Page 7 45 shdsl ver Displays the G shdsl version level of the modem firmware Mgmt Class Network R W Input Format shdsl ver Parameters None Res...

Страница 306: ...Chapter 7 WAN Interface Commands Efficient Networks Router family Command Line Interface Guide Page 7 46 Efficient Networks This page intentionally left blank...

Страница 307: ...ed in this section are included in Table 8 1 DHCP Command Listing To read about DHCP concepts and the DHCP configuration process see DHCP Dynamic Host Configuration Protocol on page 4 2 of the Technic...

Страница 308: ...s a subnetwork or a client lease dhcp enable Enables a subnetwork or a client lease dhcp list Lists global subnetwork and client lease informa tion dhcp list definedoptions Lists all available predefi...

Страница 309: ...dhcp Parameters None Response List of the supported DHCP commands and keywords and a brief description of their function dhcp add Provides one of three types of DHCP definitions subnetwork client leas...

Страница 310: ...er has a minimum of one up to a maximum of four IP addresses and the type is ipaddress Response Command prompt net a a Dotted decimal notation IP address of the subnetwork lease mask a IP network mask...

Страница 311: ...uest is issued whenever a device attempts to acquire an IP address It forwards every reply received from any of the servers in the relay list to the appropriate LAN To remove an address from the list...

Страница 312: ...w net ipaddr Parameters Response Command prompt dhcp bootp disallow Denies processing of a BootP request for a particular client or subnet Mgmt Class Network R W Input Format dhcp bootp disallow net i...

Страница 313: ...TE The TFTP server IP address must be specified when specifying the file using the command dhcp bootp tftpserver Mgmt Class Network R W Input Format dhcp bootp file net ipaddr name Parameters Response...

Страница 314: ...r tftpserver ipaddr Parameters Response Command prompt dhcp clear addresses Clears the values from a pool of addresses Mgmt Class Network R W Input Format dhcp clear addresses net Parameters Response...

Страница 315: ...s the DHCP DAT file intact If you want to clear the information in the DHCP DAT file as well enter a save command after dhcp clear all records Mgmt Class Network R W Input Format dhcp clear all record...

Страница 316: ...twork or with a specific client Mgmt Class Network R W Input Format dhcp clear valueoption net ipaddr code Parameters Response Command prompt ipaddr a a Dotted decimal notation IP address of the subne...

Страница 317: ...command to delete the defined subnetwork Example command usage deleting a client lease Example command deleting the user defined option with code 128 Response Command prompt net a a Dotted decimal no...

Страница 318: ...and resumes processing DHCP requests and also BootP requests if BootP processing is enabled To add an address to the list use the command dhcp addrelay command For further discussion see Configuring B...

Страница 319: ...or a client lease Mgmt Class Network R W Input Format dhcp enable all net ipaddr Parameters Response Command prompt all Disables all subnets net a a Dotted decimal notation IIP address of the subnetwo...

Страница 320: ...lobal DHCP in formation net a a Dotted decimal notation IIP address of the subnetwork lease ipaddr a IIP address of the client lease dhcp list bootp server none bootp file DOMAINNAMESERVER 6 192 168 2...

Страница 321: ...st 192 168 254 3 Client 192 168 254 3 Enabled lease Default expires 1998 5 16 11 31 33 bootp not allowed bootp server none bootp file HOSTNAME 12 JO CLIENTIDENTIFIER 61 1 2 96 140 76 149 180 dhcp list...

Страница 322: ...ed a a Options may be predefined and or user defined code Predefined or user defined number or keyword net b b Dotted decimal notation Character string dhcp list definedoptions code TIMEOFFSET 2 1 occ...

Страница 323: ...4 1 occurrence type BINARY code ARPCACHETIMEOUT 35 1 occurrence type LONGINT code ETHERNETENCAP 36 1 occurrence type BINARY code TCPDEFAULTTTL 37 1 occurrence type BYTE code TCPKEEPALIVEINTVL 38 1 occ...

Страница 324: ...5 characters type STRING code NISSERVERS 65 1 to 63 occurrences type IPADDRESS code TFTPSERVERNAME 66 4 to 255 characters type STRING code BOOTFILENAME 67 1 to 255 characters type STRING code MOBILEIP...

Страница 325: ...st ipaddr Parameters Response Command prompt dhcp set expire Allows manual changing of a client lease expiration time to a certain value NOTE The client information does not get updated it will still...

Страница 326: ...decimal notation P address of the client lease hours b b Integer minimum 1 168 Lease time default Lease time that has been specified at the subnetwork or glo bal level infinite No lease time limit th...

Страница 327: ...this subnet Response Command prompt dhcp set mask Used to conveniently change the mask of a DHCP subnet without having to delete and recreate the subnet and all its entries Mgmt Class Network R W Inpu...

Страница 328: ...detected on the LAN Mgmt Class Network R W Input Format dhcp set otherserver net continue stop Parameters Response Command prompt net a a Dotted decimal notation IP address of the subnetwork lease co...

Страница 329: ...thus sets a global value for the domainnameserver option Response Command prompt ipaddr a a Dotted decimal notation Specify the client IP address if the option value applies only to the client lease N...

Страница 330: ...Chapter 8 DHCP Commands Efficient Networks Router family Command Line Interface Guide Page 8 24 Efficient Networks This page intentionally left blank...

Страница 331: ...resses Management of traffic performance Restrict a tunnel so it can be established only with a specific remote interface l2tp set wanif The L2TP commands found in this section include Table 9 1 L2TP...

Страница 332: ...the router to protect some L2TP control information using hidden AVPs l2tp set ouraddress Specifies the source IP address used when the tunnel is originated l2tp set ourpassword Specifies the router s...

Страница 333: ...Mgmt Class Security R Input Format l2tp Parameters None Response Lists the supported L2TP commands and keywords and a brief description of their function l2tp add Creates a tunnel entry Mgmt Class Se...

Страница 334: ...ut creating a session Mgmt Class Security R W Input Format l2tp call tunnelname Parameters Example Example command adding the tunnel named PacingAtWork Response Command prompt l2tp close Closes an L2T...

Страница 335: ...Example command deletes the tunnel named PacingAtWork Response Command prompt L2TP unit number a a Integer IP address of the subnetwork lease n tunnelname b b ASCII string Name of the tunnel c c The t...

Страница 336: ...normally used when the router is acting as a LAC or both a LAC and LNS NOTE Only one tunnel entry can have this option set Mgmt Class Security R W Input Format l2tp forward all none tunnelname Parame...

Страница 337: ...e l2tp list INFORMATION FOR pacingAtWork type L2TPClient LAC will not dial LNS All Incoming Calls Tunneled here no CHAP challenge issued yes hidden AVPs used yes sequencing pacing window pacing sequen...

Страница 338: ...y for this address must be explicitly added Normally this routing entry will be added to remote entry which has the default route NOTE When a remote router tries to create a tunnel the remote router s...

Страница 339: ...ded a CHAP secret has been configured Mgmt Class Security R W Input Format l2tp set authen on off tunnelname Parameters Response Command prompt l2tp set chapsecret Creates a CHAP secret This CHAP secr...

Страница 340: ...router to protect some L2TP control information such as names and passwords for a PPP session using hidden AVPs This command is often used to turn off hidden AVPs no option in cases where the other en...

Страница 341: ...on is not being used all IP addresses on the Ethernet LAN would be visible You could then specify as the source IP address the Ethernet IP address of the router which would be visible instead of the W...

Страница 342: ...et oursysname Specifies the router s name for PPP authentication on a per tunnel basis Mgmt Class Security R W Input Format l2tp set oursysname name tunnelname Parameters Response Command prompt passw...

Страница 343: ...ame name is used Mgmt Class Security R W Input Format l2tp set ourTunnelName name tunnelname Parameters Response Command prompt l2tp set remotename Creates the host name of the remote tunnel NOTE If t...

Страница 344: ...The name is case sensitive Host name of the remote tunnel This is the fully qualified domain name of the remote host tunnelname a b Name of the tunnel all The router is configured to act as both a LAC...

Страница 345: ...f remote tunnelname Parameters Examples This command example restricts the tunnel named OfficeTunnel to the remote interface named officertr This command example clears the remote interface restrictio...

Страница 346: ...ng Sequence numbers are placed in the L2TP payload packets When a session is created the router specifies a window size Acknowledgments for received packets are issued nosequencing No sequence numbers...

Страница 347: ...tunnel calls Use this command if your router acts as an LNS You must also specify PPP authentication and IP routes for this remote Mgmt Class Security R W Input Format remote setl2tpclient tunnelname...

Страница 348: ...remote entry through the tunnel named TunnelName if your router is the client NOTE The remote entry must also have appropriate information such as PPP authentication IP routing IPX routing bridging o...

Страница 349: ...base and let all other packets pass Allow mode will only pass the packets that match the allow filter database and discard all others Up to 40 deny and 40 allow filters can be activated from the filte...

Страница 350: ...d specifies the position within the packet that is checked and the data that must appear in that location in order for the packet to match this filter Mgmt Class Security R W Input Format filter br ad...

Страница 351: ...er to be deleted Mgmt Class Security R W Input Format filter br del pos data allow deny Parameters Example This command deletes the filter which denies the forwarding of packets that have the hex valu...

Страница 352: ...and Line Interface Guide Page 10 4 Efficient Networks filter br list Lists the bridging filters in the filtering database Mgmt Class Security R W Input Format filter br list Parameters None Response T...

Страница 353: ...5 filter br use Sets the mode of filtering to either deny allow or none Mgmt Class Security R W Input Format filter br use none deny allow Parameters Example This command enables allow filtering Resp...

Страница 354: ...Chapter 10 Bridge Filtering Commands Efficient Networks Router family Command Line Interface Guide Page 10 6 Efficient Networks This page intentionally left blank...

Страница 355: ...oeservice Defines the remote router entry as a PPPoE remote entry It also specifies the service to which PPPoE users connect through this remote entry NOTE Enter this command immediately after the rem...

Страница 356: ...E sessions use the command pppoe list Mgmt Class Security R W Input Format pppoe close ifsnumber Parameters Response Command prompt service a a ASCII string Name of the PPPoE service to which this rem...

Страница 357: ...t Lists information about the currently active PPPoE sessions Mgmt Class Security R W Input Format pppoe list Parameters None Response Typical response pppoe list PPPoE Client Session DialUpPPP net PP...

Страница 358: ...Chapter 11 PPPoE Commands Efficient Networks Router family Command Line Interface Guide Page 11 4 Efficient Networks This page intentionally left blank...

Страница 359: ...entry as a PPPoE re mote entry ike flush Closes a currently active PPPoE session ike ipsec policies add Lists information about the currently active PPPoE sessions ike ipsec policies delete Deletes a...

Страница 360: ...he IPSec proposals ike ipsec proposals set ah auth Sets the proposal parameter that determines whether AH message authentication is requested and if it is requested the hash algorithm used ike ipsec p...

Страница 361: ...ting IKE proposal ike proposals list Lists the IKE proposals ike proposals set dh_group Sets the IKE proposal parameter that specifies the Diffie Hellman DH key generation group used no group or group...

Страница 362: ...authen tication SA ipsec set compression Selects either LZ compression or no compression for the IPSec security authentication SA ipsec set enckey Specifies the encryption key for the IPSec security a...

Страница 363: ...to list the supported IKE IPSEC and IKE IPSEC keywords To see the syntax for a command enter the command followed by a Mgmt Class Security R Input Format ike ipsec for IKE IPSec sub commands ike for I...

Страница 364: ...t makes sure that no IPSec traffic arrives at the router before the router is ready for it Mgmt Class Security R W Input Format ike commit on off help Parameters Response Command prompt ike flush Clea...

Страница 365: ...on page 5 61 Mgmt Class Security R W Input Format ike ipsec policies add policyname Parameters Example Response Command prompt ike ipsec policies delete Deletes an existing IPSec policy To define IPSe...

Страница 366: ...able command Mgmt Class Security R W Input Format ike ipsec policies disable policyname Parameters Example Response Command prompt policyname a a ASCII string Name of an existing IPsec policy b b To s...

Страница 367: ...the policy is complete and the policy is ready to be used The enable command can also be used to re enable a disabled policy For more information see IKE IPSec Policy Commands on page 5 61 Mgmt Class...

Страница 368: ...IPSec Policy Commands on page 5 61 Mgmt Class Security R Input Format ike ipsec policies list Parameters None Response Typical response ike ipsec policies list IKE IPSec policies mypolicy enabled Sou...

Страница 369: ...policies set destport Defines a destination port filtering parameter value for the policy The destination port parameter requires a specific destination port for the data or allows any destination por...

Страница 370: ...icy The port can be specified by one of the listed names or by its number To allow data through for any destination port specify an asterisk telnet http snmp tftp policyname a a ASCII string Name of t...

Страница 371: ...specify the remote name as the interface for the policy Otherwise if the policy can be used regardless of the connected interface specify the string none To read about Dial Backup see Dial Backup on p...

Страница 372: ...face that must be connected when the policy is used This is usually referenced by a remote name although it could be another interface such as ethernet 0 If no interface restriction is to be set for t...

Страница 373: ...icyname Parameters Example Response Command prompt tunnel transport Encapsulation method required for the connection The de fault value is TUNNEL policyname a Name of the IPsec policy to which the enc...

Страница 374: ...nection and no Diffie Hellman group is used to encrypt the keys during rekey To read more about PFS see IKE Management on page 5 52 Mgmt Class Security R W Input Format ike ipsec policies set pfs 1 2...

Страница 375: ...than one value for the proposal parameter For example two set proposal commands could specify two proposals either of which could be used by the connection see IKE IPSec Policy Commands on page 5 61...

Страница 376: ...ike ipsec policies set protocol protocolnumber tcp udp policyname Parameters Examples Response Command prompt protocolnumber Protocol required by the policy The protocol can be specified by number or...

Страница 377: ...at sent the packet not the router that routes the packet Mgmt Class Security R W Input Format ike ipsec policies set source ipaddress ipmask policyname Parameters Example Response Command prompt ipadd...

Страница 378: ...gmt Class Security R W Input Format ike ipsec policies set sourceport portnumber telnet http smtp tftp policyname Parameters Examples Response Command prompt portnumber Source port whose data is allow...

Страница 379: ...dress is not the desired choice for the network address translation you can define a virtual Ethernet interface A virtual Ethernet interface can be created to translate to an arbitrary IP address see...

Страница 380: ...the desired NAT address is 10 0 0 1 so you create a virtual interface 0 99 turn off RIP for the interface and assign it the address 10 0 0 1 24 eth add 0 99 eth ip opt txrip off 0 99 eth ip opt rxrip...

Страница 381: ...page 5 58 Mgmt Class Security R W Input Format ike ipsec proposals delete proposalname Parameters Example Response Command prompt proposalname a a ASCII string New name for an IPsec proposal b b To se...

Страница 382: ...list Lists the IPSec proposals For more information see IKE IPSec Proposal Commands on page 5 58 Mgmt Class Security R W Input Format ike ipsec proposals list Parameters None Response Typical respons...

Страница 383: ...ommands on page 5 58 Mgmt Class Security R W Input Format ike ipsec proposals set ahauth md5 sha1 none proposalname Parameters Example Response Command prompt md5 Use AH encapsulation and authenticate...

Страница 384: ...sha1 none proposalname Parameters Example Response Command prompt md5 Use ESP encapsulation and authenticate using hash algorithm Message Digest 5 sha1 Use ESP encapsulation and authenticate using ha...

Страница 385: ...s Use ESP encapsulation and 56 bit encryption 3des Use ESP encapsulation and 168 bit encryption if 3DES is en abled in the router null No encryption but use ESP encapsulation Headers are inserted as t...

Страница 386: ...rameter that specifies the maximum number of kilobytes for the IPSec SA 0 means unlimited After the maximum data is transferred IKE renegotiates the connection By limiting the amount of data that can...

Страница 387: ...ue is 86400 24 hours When the time limit expires IKE renegotiates the connection For more information on proposal parameters see IKE IPSec Proposal Commands on page 5 58 Mgmt Class Security R W Input...

Страница 388: ...y R W Input Format ike peers add peername Parameters Example Response Command prompt seconds a a Integer Maximum number of seconds before renegotiation 0 means unlimited proposalname b b ASCII string...

Страница 389: ...Mgmt Class Security R W Input Format ike peers delete peername Parameters Example Response Command prompt ike peers list Lists the defined IKE peers For more information see IKE Peer Commands on page...

Страница 390: ...address If the mode is aggressive mode one end of the connection the gateway has a fixed IP address The other end the client has a changing address When configuring the client set the peer IP address...

Страница 391: ...cal ID must match the peer ID on the other end of the connection The local ID can be an IP address domain name or e mail address as specified by the ike peers set localidtype command For more informat...

Страница 392: ...type must match the peer ID type on the other end of the connection The possible ID types are IP address domain name or e mail address For more information see IKE Peer Commands on page 5 56 Mgmt Cla...

Страница 393: ...rompt Choose one of the following ipaddr The local ID must be an IP address domainname The local ID must be a domain name email The local ID must be an e mail address peername a a ASCII string Name of...

Страница 394: ...one end can change as with a typical modem or DSL connection See Main Mode and Aggressive Mode on page 5 54 Mgmt Class Security R W Input Format ike peers set mode main aggressive peername Parameters...

Страница 395: ...peerid aggressivemodeid peername Parameters Example Response Command prompt ike peers set peeridtype Sets the type of the peer ID for the IKE peer connection This command is used only when aggressive...

Страница 396: ...put Format ike peers set secret secret peername Parameters Choose one of the following ipaddr The peer ID must be an IP address domainname The peer ID must be a domain name email The peer ID must be a...

Страница 397: ...on page 5 52 Mgmt Class Security R W Input Format ike proposals add ProposalName Parameters Example Response Command prompt ike proposals delete Deletes an existing IKE proposal For more information...

Страница 398: ...mands on page 5 58 Mgmt Class Security R Input Format ike proposals list Parameters None Response Typical response proposalname a a ASCII string Name of the IKE proposal to delete b b To see the peer...

Страница 399: ...See IKE Proposal Commands on page 5 58 Mgmt Class Security R W Input Format ike proposals set dh_group none 1 2 proposalname Parameters Example Response Command prompt Choose one of the following non...

Страница 400: ...meter that specifies the length of time in seconds before the Phase 1 SA expires the recommended value is 86400 24 hours When the time limit expires IKE renegotiates the connection See IKE Management...

Страница 401: ...ion or it can propose authentication using the hash algorithm Message Digest 5 MD5 or Secure Hash Algorithm 1 SHA1 Mgmt Class Security R W Input Format ike proposals set message_auth none md5 sha1 pro...

Страница 402: ...name Parameters Example Response Command prompt none No authentication md5 Authentication using the Message Digest 5 algorithm sha1 Authentication using algorithm Secure Hash Algorithm 1 proposalname...

Страница 403: ...rity on page 5 50 NOTE If you define a tunnel using IPSec commands the keys will remain static This could pose a security risk and is not recommended Use of IKE for key management is recommended ipsec...

Страница 404: ...saname Parameters Example Response Command prompt ipsec disable Disables a defined IPSec security association entry Mgmt Class Security R W Input Format ipsec disable saname Parameters saname a a ASCI...

Страница 405: ...able Enables a defined IPSec security association entry indicating it is complete and ready to be used Mgmt Class Security R W Input Format ipsec enable saname Parameters Example Response Command prom...

Страница 406: ...lush Clears all IPSec definitions Mgmt Class Debug R W Input Format ipsec flush Parameters None Response Command prompt ipsec list Lists one or all of the IPSec security association SA entries Mgmt Cl...

Страница 407: ...ow_rx Gateway 207 135 89 233 Inbound Tunnel Both 3DES key 1111111122222222333333334444444455555555 SHA1 key aaaaaaaabbbbbbbbccccccccdddddddd 20 No compression ID 424242 seq 1 bitmap ffffffff show_tx G...

Страница 408: ...ication md5 sha1 saname Parameters Example Response Command prompt ipsec set authkey Specifies the authentication key for the IPSec SA Mgmt Class Security R W Input Format ipsec set authkey key saname...

Страница 409: ...Response Command prompt key Hexadecimal authentication key saname a a ASCII string Name of the IPSec SA to which the authentication key is added b b To see the IPSec SA names in use use the ipsec list...

Страница 410: ...ion none lzs saname Parameters Example Response Command prompt ipsec set enckey Specifies the encryption key for the IPSec SA Mgmt Class Security R W Input Format ipsec set enckey key saname Choose on...

Страница 411: ...ample Response Command prompt key a a 64 bits for DES 192 bits for 3DES Hexadecimal encryption key saname b b ASCII string Name of the IPSec SA to which the authentication key is added c c To see the...

Страница 412: ...sec set ident Specifies the identifier SPID for the IPSec tunnel It must match the SPID at the other end of the tunnel that is the tx SPID on this end must match the rx SPID on the other end Mgmt Clas...

Страница 413: ...ansport saname Parameters Example Response Command prompt ident a a ASCII string SPID for the IPSec tunnel saname a Name of the IPSec SA b b To see the IPSec SA names in use use the ipsec list command...

Страница 414: ...Mgmt Class Security R W Input Format ipsec set service esp ah both saname Parameters Example Response Command prompt Choose one of the following esp ESP encryption ah AH authentication both Use Both E...

Страница 415: ...e Lists the top level voice or dsp commands and keywords and a brief description of their function dsp ecode Deletes the IP address of the entry in the Address Resolution Protocol ARP table dsp jitter...

Страница 416: ...t Networks dsp voice Two commands are used to list the voice related commands To see the syntax for a command enter the command followed by a Mgmt Class Voice R Input Format dsp voice Parameters None...

Страница 417: ...ass Voice R W Input Format dsp ecode alaw ulaw Parameters Example The following command example will set the voice encoding method to alaw Response Typical response when entered with no parameters Whe...

Страница 418: ...o changing the jitter buffer size cease any active calls and close all data transfers Mgmt Class Voice R W Input Format dsp jitter milliseconds Parameters Example The following command example will ch...

Страница 419: ...onse Typical response when entered with no parameters Typical response when configuration has been changed When entered with no parameter the current configuration is dis played port a a Integer 1 4 o...

Страница 420: ...Mgmt Class Voice R W Input Format dsp save Parameters None Response Command prompt dsp vr Displays the current voice rate and encoding type Mgmt Class Voice R Input Format dsp vr port Parameters Resp...

Страница 421: ...d is only enabled when configured for operation with a Jetstream voice gateway Mgmt Class Voice R W Input Format voice profile profile Parameters None Response Command prompt voice l2stats Displays L2...

Страница 422: ...e profile profile Parameters Example The following command example will change the voice profile to profile 7 Response Example response confirming the configuration change voice l2stats Stats for Sub...

Страница 423: ...Mgmt Class Voice R W Input Format voice refreshcas active always Parameters Example The following command example will change the refresh cas mode to always The following command example entered with...

Страница 424: ...Chapter 13 Voice Commands Efficient Networks Router family Command Line Interface Guide Page 13 10 Efficient Networks This page intentionally left blank...

Страница 425: ...rad Lists the supported radius commands and key words rad deleteserver Deletes a configured radius server entry rad list secret Displays the radius servers shared secret authen tication rad list serve...

Страница 426: ...Format rad Parameters None Response A listing of the rad commands and keywords and a brief description of their function rad deleteserver Deletes a configured radius server entry Mgmt Class Security R...

Страница 427: ...isplays the radius servers shared secret authentication NOTE The local servers shared secret must match the remote server s shared secret or authentication will not occur Mgmt Class Security R Input F...

Страница 428: ...d list server Displays the IP address and port for the primary and secondary radius servers Mgmt Class Security R Input Format rad list server Parameters None Response A typical response is shown belo...

Страница 429: ...ommand prompt radius set server Sets the IP address and port values for the primary and or secondary radius server s Mgmt Class Secret R W Input Format radius set server IPAddr port server Parameters...

Страница 430: ...arameters Response Command prompt radius set timeout Sets the number of seconds between retry attempts to the radius server Mgmt Class Security R W Input Format rad set timeout integer Parameters Resp...

Страница 431: ...ccess control see Chapter 5 System Security in the Technical Reference Guide The user commands found in this section include Table 15 1 User Command Listing Command Function user Lists the supported u...

Страница 432: ...on user enable Enables or disables authentication of the remote router during tunnel establishment using the CHAP secret user list Displays the contents of the user account data base user list lookup...

Страница 433: ...dmin R W Input Format user add access lan wan console username Parameters Example The following example will add console access or the user VoiceAdmin Response See example above lan Adds user access t...

Страница 434: ...min R W Input Format user add class class read write user_name Parameters Response A typical response is shown below class Must be one of the following admin Adds Admin management class for the specif...

Страница 435: ...e optional parameters is used Mgmt Class Admin R W Input Format user add user user_name password template enable disable Parameters user_name a a ASCII string 6 32 characters User name and password ar...

Страница 436: ...access methods for a user use the command user list Mgmt Class Admin R W Input Format user delete access lan wan console username Parameters Response A typical response is shown below user add user g...

Страница 437: ...ad only permission will remove the management class from a user account Deleting a write permission from a user account will render the user account read only for the management class Mgmt Class Admin...

Страница 438: ...above user delete user Deletes an existing user account from the management database Deletion of multiple user accounts is supported To view a user account listing use the command user list NOTE The...

Страница 439: ...use the command user list NOTE The system must contain at least one enabled user account with privilege read and write access If only one privilege account exists it cannot be deleted or disabled Mgm...

Страница 440: ...user enable username Parameters Response A typical response is shown when enabling the user account Admin1 user list Displays the contents of the user account database The username management class pr...

Страница 441: ...mt Class read NETWORK SYSTEM ADMIN VOICE SECURITY DEBUG Mgmt Class write NETWORK SYSTEM ADMIN VOICE SECURITY DEBUG Access WAN LAN CONSOLE Status ENABLED Username Admin1 Password Mgmt Class read NETWOR...

Страница 442: ...d Mgmt Class Admin R W Input Format user list lookup Parameters None Response A typical response is shown below user list template Displays the pre defined user template information Mgmt Class Admin R...

Страница 443: ...AN LAN CONSOLE Status ENABLED Template 2 Username NetworkManager Password Mgmt Class read NETWORK SYSTEM Mgmt Class write NETWORK SYSTEM Access WAN LAN CONSOLE Status ENABLED Template 3 Username Secur...

Страница 444: ...t Class Admin R W Input Format user set lookup primary secondary local radius none primary secondary local radius none Parameters NOTE Atleast one location primary or secondary must be set to local Re...

Страница 445: ...ser account Mgmt Class Admin R W Input Format user setpassword user_name new_password Parameters Response A typical response is shown below user_name a a ASCII string 6 32 characters The user name and...

Страница 446: ...Chapter 15 User Commands Efficient Networks Router family Command Line Interface Guide Page 15 16 Efficient Networks This page intentionally left blank...

Страница 447: ...90 modem IP Stack IP Stack Check IP Security and IKE Internet Key Exchange L2TP Tunneling Quality of Service QOS Remote Authentication Service RADIUS client SSH Secure Shell Server Stateful Firewall...

Страница 448: ...key commands and a brief description of their function key disable Disables a key enabled feature key enable Enables a feature key that has been previously added to the key enabled feature database k...

Страница 449: ...ondition The key state is Manufacturing or Legacy NOTE The key will not be written to flash memory until a save command has been issued Mgmt Class Security R W Input Format key add key_string Paramete...

Страница 450: ...ty of service or may otherwise effect system operation NOTE Features with keys that have expired or have been revoked cannot be deleted nor can Legacy or Manufacturing keys be deleted Mgmt Class Secur...

Страница 451: ...lt in reduced security or quality of service or may otherwise effect system operation NOTE Disabling a feature does not change or extend the expiration date of the feature key NOTE Legacy or Manufactu...

Страница 452: ...Mgmt Class Security R W Input Format key enable featurename Parameters Response A typical response is shown below key list Lists the contents of the key enabled feature database Information provided i...

Страница 453: ...ipsec IP Security Not Inst d ipstack IP Stack 1 MFG l2tp L2TP Tunneling Not Inst d radius RADIUS Client Not Inst d sshd SSH Server Not Inst d Feature name Description En Rv Ex Installed Expires 3des 3...

Страница 454: ...d added NOTE Manufacturing or Legacy keys cannot be revoked Mgmt Class Security R W Input Format key revoke feature Parameters Response A typical response is shown below key unrevoke Unrevokes a previ...

Страница 455: ...W Input Format key update key_string Parameters Response A typical response is shown below key_string a a The key string is case sensitive and must be entered exactly as received and with no spaces U...

Страница 456: ...Chapter 16 Key Commands Efficient Networks Router family Command Line Interface Guide Page 16 10 Efficient Networks This page intentionally left blank...

Страница 457: ...ter via SNMP Same function as system addsnmpfilter snmp addtrapdest Adds an SNMP Trap manager by IP address snmp community Sets the SNMP community to which the router be longs snmp delsnmpfilter Delet...

Страница 458: ...Validates SNMP clients by defining a range of IP addresses that are allowed to access the router via SNMP This validation feature is off by default NOTE This command is functionally equivalent to sys...

Страница 459: ...ommand snmp list For additional information on SNMP see SNMP on page 7 2 NOTE This command does not require a reboot and is effective immediately Mgmt Class Network R W Input Format snmp addstrapdest...

Страница 460: ...a save to be persistent across reboots Mgmt Class Network R W Input Format snmp community snmp community name Parameters Example The following example sets the SNMP community name to iads Response Exa...

Страница 461: ...OTE This command does not require a reboot and is effective immediately NOTE To list the range of allowed clients use the command system list For more information on SNMP see Mgmt Class Network R W In...

Страница 462: ...and does not require a reboot and is effective immediately Mgmt Class Network R W Input Format snmp deltrapdest ip addr Parameters Response Command prompt snmp disablesnmpif Disables SNMP access from...

Страница 463: ...not require a reboot and is effective immediately Mgmt Class Network R W Input Format snmp enablesnmpif wan lan Parameters Response Command prompt snmp list Displays current SNMP configuration inform...

Страница 464: ...n of unsolicited trap event messages to trap destinations To see the current Global Trap Enable setting use the command snmp list NOTE This command does not require a reboot and is effective immediate...

Страница 465: ...configuration NOTE This command does not require a reboot and is effective immediately Mgmt Class Network R W Input Format snmp snmppasswd passwd Parameters Response Example response when a password p...

Страница 466: ...is command is the functional equivalent of system snmpport NOTE This command requires a save and reboot to take effect To see the current setting use the command snmp list For more information on SNMP...

Страница 467: ...irewall allow Creates a firewall rule for inclusion in the allow rules list firewall clearcounter Clears the counter for a specified rule firewall clearcounter all Clears counters for all stateful fir...

Страница 468: ...ny subsequent ICMP packets until the ICMP traffic drops below the threshold value firewall setsynflood threshold Sets the threshold value for the number of SYN packets per second which when exceeded w...

Страница 469: ...ave the specified protocol a imap telnet bootp nntp rpc tftp smtp dns ftp rexec rsh rlogin syslog winframe rdp http https ntp smb ras realaudio netmeeting aolim quicktime cuseeme netshow pptp nfs nis...

Страница 470: ...destination IP address is specified the firewall rule matches any valid IPV4 address sa first source ip addr last source ip addr The packet must have a source IP address within the specified address...

Страница 471: ...ollowing example will allow only one machine 192 168 1 34 in the subnet to be able to FTP to the internet The following example will enable ports for one machine 192 168 1 34 in the subnet to use the...

Страница 472: ...allow rules list The following example will clear the counter values for firewall rules 4 thorugh 10 of the deny rules list Response Command prompt firstrulenumber a a Integer Specifies a filter rule...

Страница 473: ...ll rule or range of firewall rules based on firewall rule numbers NOTE If deleting a rule or rules from the firewall allow rules list the change will only be effective for subsequent sessions current...

Страница 474: ...be performed for the changes to become effective Mgmt Class Security R W Input Format firewall delete all allow deny Parameters start rule number a a Integer Specifies the firewall rule or first rule...

Страница 475: ...sses However for inbound rules the rules would need to use the router s WAN address Mgmt Class Security R W Input Format firewall deny protocol application parameters Parameters The following paramete...

Страница 476: ...that is within the specified destina tion port range If no destination port is specified the firewall rule matches any des tination port in the range 0 65535 da first dest ip addr last dest ip addr Th...

Страница 477: ...llow Optional parameter will display only allow rules list deny Optional parameter will display only deny rules list firewall list INFORMATION FOR FIREWALL Status off Watch on SYNFloodThreshold 200 IC...

Страница 478: ...ifying a rule to allow what was previously denied the changes will be in effect for current sessions Mgmt Class Security R W Input Format firewall modify allow deny number parameter Parameters The fol...

Страница 479: ...rlogin syslog winframe rdp http https ntp smb ras realaudio netmeeting aolim quicktime cuseeme netshow pptp nfs nis traceroute sqlnet ipsec Modifies the firewall rule type sp ICMP type first source po...

Страница 480: ...of the firewall status Mgmt Class Security R W Input Format firewall set on off Parameters Response Command prompt firewall setdroppktthreshold Specifies a threshold value for the number of dropped pa...

Страница 481: ...hreshold value for the number of ICMP packets per second When the specified threshold is exceeded the firewall will block any subsequent ICMP packets until the ICMP traffic drops below the threshold v...

Страница 482: ...he threshold value for the number of SYN packets per second When the specified threshold is exceeded the firewall will block any subsequent SYN packets until the SYN traffic drops below the threshold...

Страница 483: ...l will block any subsequent UDP packets until the UDP traffic drops below the threshold value For more information on UDP attacks see Stateful Firewall on page 4 34 Mgmt Class Security R W Input Forma...

Страница 484: ...Addr 192 168 1 2 Dest Addr 1 1 1 1 ICMP type 8 ICMP code 0 3 10 17 2001 at 19 01 31 000 Packet matched a Deny Rule Protocol ICMP Src Addr 192 168 1 2 Dest Addr 1 1 1 1 ICMP type 8 ICMP code 0 4 10 17...

Страница 485: ...is on a message is printed to the console serial port and any Syslog Servers when a packet is dropped or accepted or as specified in the message logging parameter within the firewall rule Mgmt Class...

Страница 486: ...Chapter 18 Stateful Firewall Commands Efficient Networks Router family Command Line Interface Guide Page 18 20 Efficient Networks This page intentionally left blank...

Страница 487: ...t SSH configuration with the ex ception of the list of public private key pairs and the configured SSH port ssh load privatekey Loads a precomputed private key from the speci fied TFTP server ssh load...

Страница 488: ...onse Lists the supported SSH commands and a brief description of their functions ssh keygen Generates the Private Public key pair for the local server Mgmt Class Security R W Input Format ssh keygen P...

Страница 489: ...sponse is shown below ssh load privatekey Loads a precomputed private key from the given TFTP server NOTE This command should be use in conjunction with the ssh load publickey command Mgmt Class Secur...

Страница 490: ...ommand Mgmt Class Security R W Input Format ssh load publickey TFTP server addr pub key file Parameters Response A typical response is shown below server addr a a Dotted decimal notation IP address of...

Страница 491: ...ty R W Input Format ssh set encryption type NOTE Multiple types are allowed on the command line Parameters Response A typical response is shown below Select from the following encryption types des DES...

Страница 492: ...s Security R W Input Format ssh set idletimeout seconds Parameters Response A typical response is shown below ssh set keepalive Enables and disables keepalive messages transmission Keepalive messages...

Страница 493: ...R W Input Format ssh set mac md5 sha1 NOTE Multiple types are allowed on the command line Parameters Response A typical response is shown below enablea a Default value Keepalive messages are sent dis...

Страница 494: ...s Security R W Input Format ssh set rekeyinterval interval Parameters Response A typical response is shown below ssh set status Enables and disables SSH server connections Mgmt Class Security R W Inpu...

Страница 495: ...H connections disable Disallows SSH connections ssh set status enable SSH Enabled Connections now permitted default Restores the SSH port value to the default value 22 and re enables the port disable...

Страница 496: ...Chapter 19 SSH Commands Efficient Networks Router family Command Line Interface Guide Page 19 10 Efficient Networks This page intentionally left blank...

Страница 497: ...tes a new QoS policy name and appends it to the end QoS policies list qos del Deletes a single or all existing QoS policies qos diffserv Enables and disables marking of the differentiated services fie...

Страница 498: ...ates a new QoS policy name and appends it to the end QoS policies list To view the existing QoS policy names use the qos list command NOTE QOS policies are numbered sequentially with the initial polic...

Страница 499: ...view the existing QoS policy numbers use the qos list command NOTE A QoS policy that is currently enabled cannot be deleted until it is disabled with the qos disable command Mgmt Class Network R W Inp...

Страница 500: ...ces DiffServ field of the IP header Mgmt Class Network R W Input Format qos diffserv on off Parameters Response Command prompt qos disable Disables an existing QoS policy To view the existing QoS poli...

Страница 501: ...S policy To view the existing QoS policies and their status use the qos list command Mgmt Class Network R W Input Format qos enable policy name Parameters Response Command prompt policy name a a ASCII...

Страница 502: ...and adds the QoS policy mypolicya in the policies list immediately before mypolicy2 Response Command prompt qos list Displays QoS queue parameters and all user configured QoS policies For more informa...

Страница 503: ...sitive Optional parameter that will display only the specified policy name qos list mypolicy3 QoS On DiffServ On Queue Priority Code Point Weight 0 HIGH 0x4 10 1 MEDIUM 0x3 10 2 NORMAL 0x2 10 3 LOW 0x...

Страница 504: ...oS policy mypolicy3 to the location immediately before mypolicy4 in the QoS policies list Response Command prompt qos movetoend Moves an existing QoS policy to the end of the policies list To display...

Страница 505: ...ponse Command prompt qos off Disables the QOS feature To view the current QoS status use the qos list command Mgmt Class Network R W Input Format qos off Parameters None Response Command prompt policy...

Страница 506: ...ured To view the current QoS status use the qos list command NOTE QoS policies that are currently disabled will not be active Mgmt Class Network R W Input Format qos on Parameters None Response Comman...

Страница 507: ...nge of addresses Off will disable source address checking da destination address a off start address end address Specifies the destination address or range of addresses Off will disable destination ad...

Страница 508: ...ified policy becomes active du duration hh mm e Specifies the active time period for the policy r repetition off once mm dd yy everyday mon tue wed thu fri sat sun Specifies the policy as a one time r...

Страница 509: ...ffic priority For more information on bandwidth management see the Technical Reference Manual Mgmt Class Network R W Input Format qos setweight high meduim normal low weight Parameters Response Comman...

Страница 510: ...Chapter 20 QoS Commands SpeedStream Router family Command Line Interface Guide Page 20 14 Efficient Networks This page intentionally left blank...

Страница 511: ...are used for Ethernet switch management and include Table 21 1 Switch Command Listing Command Function switch Lists the supported Switch sub commands switch agetime Specifies the aging time of the sw...

Страница 512: ...brief description of their function switch agetime Specifies the aging time of the switch When age time expires the port MAC address entry will be removed from the table containing this information Mg...

Страница 513: ...fficient Networks Page 21 3 switch block Disables the specified Ethernet Port The port can be re enabled with the switch unblock command Mgmt Class Network R W Input Format switch block port Parameter...

Страница 514: ...nd 4 will be mirrored to the capture port 6 When entered with no parameters the current port mirroring state information is displayed see Response below on Enables port mirroring function If no additi...

Страница 515: ...l response when entered with no parameters and port mirroring is currently enabled switch status Displays the current port states for the Ethernet switch Mgmt Class Network R Input Format switch statu...

Страница 516: ...status No Connection 10Mb s Half Duplex Enabled Port 2 status No Connection 10Mb s Half Duplex Enabled Port 3 status No Connection 10Mb s Half Duplex Disabled Port 4 status Connected 100Mb s Full Dupl...

Отзывы: