Manuals / Efficient Networks / Computer Equipment / Network Router

Efficient Networks 107-0001-000 Eth ip filter check, Eth ip filter list, Eth ip filter watch

Models: 107-0001-000

1 516

Page 160

Chapter 5: Ethernet Interface Commands	Efficient Networks® Router family
	Command Line Interface Guide

eth ip filter check

eth ip filter check <type> <parameters> [<interface>]

Checks the action that would be taken if a packet with the specified parameters was compared with the list of filters defined for the specified <type> and <interface>. For example, the command:

-> eth ip filter check input -p TCP 1

would check what action (accept, drop, reject, inipsec, outipsec) would be taken for a TCP packet after it was compared with the list of input filters defined for port 1.

eth ip filter list

eth ip filter list <type> [<interface>]

Lists all filters of the specified <type> defined for the specified <interface>.

eth ip filter watch

eth ip filter watch <on off> [-q -v] [<interface>]

Enables or disables the console watch for the interface. If the watch is on, a message is printed to the console serial port when a packet is dropped or rejected. (The message is also sent to any Syslog servers; see “Syslog Client” on page 7-1.)

However, if the parameter -q(quiet) was specified for a filter, no message is printed when that filter matches a packet. If the parameter -v(verbose) was specified for a filter, a message is printed whenever that filter matches a packet, regardless of the filter <action>.

To see the messages, Telnet to the router and enter system log start. The watch does not continue after a reboot; to resume the watch after a reboot, you must enter the eth ip filter watch on command again.

Parameters

The filter <type> specifies at which point the filter is compared to the IP packet (see the illustration under “Filters and Interfaces” on page 5-23of the Technical Reference Guide.):

input When the packet enters the interface, before any network address translation is performed.

receive When the packet enters the interface, after any network address translation, but before routing table processing.

transmit After routing table processing, before any network address transla- tion before the packet is sent out.

output After routing and network address translation, just before the packet is sent out.

Page 5-22

Efficient Networks®

Page 160

Image 160

Efficient Networks 107-0001-000 manual Eth ip filter check, Eth ip filter list, Eth ip filter watch

Contents

5RXWHUDPLO\ Efficient Networks Software License and Limited Warranty Limitations 001 12 Feb Revision HistoryRelease Contents File System Commands Contents Contents Remote Commands Eth ip directbcastContents Contents WAN Interface Commands Dhcp Commands L2TP Commands Remote setpppoeservice -1 pppoe close -2 pppoe list L2tp set window -16 remote setl2tpclient -17 remote setlnsContents Voice Commands User Commands Stateful Firewall Commands QoS Commands Ssh set rekey -8 ssh set status -8 system sshportThis page intentionally left blank Introduction How This Manual is OrganizedCommand Conventions Accessing the Command LinePassword UsernameRe-enter the new password at the prompt Password change will be confirmedCommand line is now available for use Terminal SessionsTerminal Session under Windows HyperTerminal Data bits Parity None Stop bits Flow control Hardware Terminal Session for Macintosh or Unix Telnet Session for Remote Access TelnetCommand Line via the Web Management Interface Lists the top-level commands and keywords and a Resolution Protocol ARP tableMode is learning, listening, or forwarding Lists the contents of the bridge tableLists the current services in the IPX SAPs table Changes the current user passwordInitiates a reboot of the system Enables Sntp requests? or help Input FormatParameters ResponseArp delete Arp listMgmt Class ExampleInput Format Parameters Arp listVoice R Arp listBi list Bi listBi list Call Voice R/WCall remotename Remotenamea Name of the target routerDisplay when date is entered with no parameters Display when date is entered with parametersDate All R/WWhen entered with no parameters, same as erase all Admin R/WErase Exit IfsAll R Voice R, Network RIpifs Typical response is shown belowAn example of additional interfaces that may be displayed IpifsIproutes IpxroutesIproutes IpxroutesIpxsaps IpxsapsIpxroutes IpxsapsLogout LogoutMem System R, Debug RMem MemMlp summary Mlp summaryPassword old password new password PasswordAdmin101@console- password 1675309 lobster Ping Ping -I 192.168.254.254 Ping -c 2 -i 7 -s 34Ping -I 192.168.1.2 TID Name Bottom Current Size 1IDLE Reboot Reboot optionSave User is prompted to verify the commandSave Sntp disable Disables Sntp requestsSntp disable Sntp activeSntp enable When no parameter is entered, current offset is displayedSntp offset Itive number is east a negative number is westWhen entered with no number parameter Sntp prefserverSntp prefserver number Number of a server within the Sntp server listWhen entered with a number parameter When entered while sntp function is currently disabledWhen entered and no sntp preferred server is defined When entered and an sntp preferred server has been definedSntp server ipaddress default number Requests the default server listWhen entered with the default parameter Sntp serverTcp stats Tcp statsTypical response Tcp statsTime Traceroute Network R/W, Debug RDress as the source address Hop is listed in the output messageTraceroute 172.17.20.1Traceroute -n Vers VersThis command loads batch files of configuration Commands into the routerCopies a file from the source to the destination Deletes the specified file from the flash filesystemCopy ExamplesCopy srcfile dstfile Copy tftp@128.1.210.66kernelnw kernel.f2kAdmin R/W, System R/W DeleteRefer to examples for typical responses Delete filenameDir DirDir Execute Execute filenameFollowing is an example of the format disk command Format diskSystem R/W, Debug R/W Format diskMsfs fix MsfsMsfs Following is an example rename command RenameSync Commits the changes made to the file system to Flash memoryAdds an address to the BootP server list Lists the supported keywordsRemaps a range of local-LAN IP addresses to a Range of public IP addresses on a system-wide baDisables the Dial Backup option in the router Enables the Dial Backup option in the routerChanges the Dial Backup retry period Changes the Dial Backup stability periodLists the default modem settings Removes an address from the BootP server listManages the system Http port access Lists the system settings for the target routerEnables and disables the secure mode function Manages Snmp port accessManages SSH port access Manages Syslog port accessSystem addbootpserver System addbootpserver ipaddrSystem ? System ?System addbootpserver IP address of the serverSystem addhostmapping System addhttpfilter Security R/WSystem addhttpfilter first ip addr last ip addr lan Local Ethernet LANSystem addiproutingtable Response Example System addserverSystem addiproutingtable 192.168.1.5 192.168.1.12 Rosa Action One of the following command actions Rlogin portSelects the host with this IP address as server Discards the incoming server requestSystem addsnmpfilter System addsnmpfilter first ip addr last ip addr lanSystem addsyslogfilter System addsyslogfilter firstipaddr last ipaddr lanSystem addsyslogserver System R/WSystem addsyslogserver ipaddr IP address to be added to the Syslog server address listSystem addtelnetfilter System addtelnetfilter first ip addr last ip addr lanSystem addudprelay WardedFirst port in the UDP port range to be created Incorporates all the available UDP ports in the new rangeSystem authen System authen none pap chapCally Chap is performedSystem backup add System backup add ipaddr gw dns groupIP address to be added to the list AddressSystem backup delete Following command deletes the gateway address from groupFollowing command deletes all addresses from group IP address to be deleted from the listSystem backup disable Following command clears all addresses from the listSystem backup disable System backup delete all allSystem backup enable System backup enableSystem backup pinginterval System backup pinginterval seconds groupNumber of seconds in the ping interval for the group Optional, number of a groupSystem backup pingsamples System backup pingsamples samples groupSystem backup pingsamples System backup pingsamples 0System backup retry System backup retry minutesFollowing command changes the retry period to 60 minutes Following command changes the retry period toSystem backup stability System backup successrateSystem backup stability minutes Following command changes the stability period to 5 minutesSystem blocknetbiosdefault System backup successrate percentage groupSystem backup successrate System backup successrate 0System blocknetbiosdefault yes no Sets the default to block all NetBIOS and NetBUI requestsSystem community System community snmp community nameSystem default modem System delbootpserverSystem defaultmodem System delbootpserver ipaddr allRemoves all addresses from the BootP server list System delbootpserverSystem delbootpserver all System delhostmappingSystem delhttpfilter System deliproutingtableSystem delhttpfilter first ip addr last ip addr lan First IP address of the rangeFollowing command deletes the virtual routing table Rosa Deletes an entry created by the system addserver commandSystem delserver System deliproutingtable 192.168.1.5 192.168.1.6 RosaAction One of the following command actions System delsnmpfilter first ip addr last ip addr lan System delsnmpfilterFirst IP address of the client range System delsyslogfilter System delsyslogserverSystem delsyslogfilter firstipaddr last ipaddr lan System delsyslogserver ipaddrSystem deltelnetfilter System deltelnetfilter first ipaddr last ipaddr lanSystem deludprelay System historyDeletes all existing UDP ports Last port in the UDP port range to be deletedFollowing is a typical response System historySystem httpport default disabled port This command sets the Http port to the default valueSystem httpport CessSystem list System listFollowing is an example of a typical response System listSystem log System log start stop statusInitiates monitoring activity TureFollowing command changes the string for the init setting Following command selects pulse dialingSystem modem Enter one of the following optionsSystem moveiproutingtable First ipaddra First IP address of the range to be movedSystem msg Configured on10/21/98 System msgSystem msg message Message a,bSystem name System name nameRouter name Name a,bSystem onewandialup on off System onewandialupTions System riptimer Passworda,bAuthentication password of the target routerTimer value for RIP information exchange System passwdSystem securemode set enable disable System securemode listSystem securemode set Security RDisable Disables secure mode Typical response indicating the curent mode is displayedSystem securemode set cli System securemode set cli valueMode is enabled System securemode set lanSystem securemode set wan System securemode set lan trusted untrustedSystem securitytimer minutes System securitytimerSystem securemode set wan trusted untrusted System selnat addpolicy Specifies the destination IP address to which the policyWill be applied Policy will be appliedSystem selnat delpolicy System selnat listSystem selnat delpolicy policy number Number of the policy to be deletedSystem snmpport default disabled port System snmpportThis command disables the existing Snmp port This command sets the Snmp port to the default valueThis command remaps the Snmp port to port System sshport System supporttraceSystem supporttrace Debug R/WSystem supporttrace === Processes === TID Name FL P Bottom Current Size 1IDLE DSP ATZ QA-LABPC === Interfaces === NW PRM Efficient Networks === END of Tech Support Data System syslogport default disabled port System syslogportThis command sets the Syslog port to the default value This command disables the existing Syslog portThis command remaps the syslog port to port System telnetport default disabled portDisables the existing Telnet port Mote accessThis command sets the Telnet port to the default value This command disables the existing telnet portSystem wan2wanforwarding on System wan2wanforwardingLink That the router can provide service to multiple IP Adds a logical interface onto an Ethernet port soSubnets Deletes a logical interface from an Ethernet portRemoves a route from the default routing table Disables IP routing across the Ethernet LANEnables IP routing across the Ethernet LAN Enables and disables Ethernet Firewall FilteringDisables IPX routing across the Ethernet LAN Enables IPX routing across the Ethernet LANClears the password in a Vrrp attribute record for Vrid Sets the IPX network number for the Ethernet LAN ConnectionEth ? Eth ?Eth add port#logical# Eth addEth add Eth delete Eth delete port#logical#Ethernet interface from which logical port will be deleted Logical interface number to be deletedEth ip addhostmapping Typical usageEth ip addr Eth ip addr ipaddr ipnetmask interfaceEthernet LAN IP address IP network maskEth ip addroute Eth ip addroute ipaddr ipnetmask gateway hops interfaceIP address of the IP gateway Ethernet interface through which the packet is sentEth ip addserver Eth ip bindroute Ethernet LAN IP address Eth ip defgateway Eth ip defgateway ipaddr interfaceEth ip delhostmapping Eth ip delroute Eth ip addroute ipaddr ipnetmask interfaceEth ip delroute 10.9.2.0 Eth ip delroute 10.1.3.0 255.255.255.0Eth ip delserver Hypettext Transfer Protocol Http port Protocolid a Numerical protocol IDMP port Eth ip disable Enables the forwarding of packets broadcast to a subnetDisables the forwarding of packets broadcast to a subnet Eth ip directbcastEth ip disable Eth ip enableEth ip enable Eth ip filter command type action parameters interface Eth ip filterEth ip filter append Eth ip filter insertEth ip filter delete Eth ip filter flushEth ip filter clear Eth ip filter delete type action parameters interfaceEth ip filter list Eth ip filter checkEth ip filter watch Protocol TCP UDP Icmp Dp Icmp type first dest portlast dest port Eth ip filter flush input Disables the firewall filtering feature Eth ip firewallEth ip firewall on off list To be performedPing -I 192.168.1.2 Eth ip mgmtEth ip mgmt ipaddr ipnetmask interface Eth ip options Eth ip mgmt 10.0.0.1 255.255.255.0 Save RebootEth ip options option on off interface OptionMust be one of the following Eth ip ripmulticastEth ip ripmulticast ipaddr Eth ip translate Eth ip translate on off interfaceEth ip translate on Eth ip translate offEth ip unbindroute Eth ip unbindroute ipaddr tablename interfaceEth ip vrid Eth ip vrid vrid interfaceEth ipx disable Eth ipx addrEth ipx addr ipxnet port# Eth ip vrid 7Eth ipx enable This command requires a rebootEth ipx disable port# Eth ipx enable port#Eth ipx enable type Eth ipx frameEth list Eth list interfaceGlobal BRIDGING/ROUTING Settings Eth listEth restart Eth mtuEth mtu size interface Eth start Eth restart interfaceInterfacea,b Logical Ethernet interface Eth start interfaceEth stop Interfacea,b Logical Ethernet interfaceEth vrrp add Eth vrrp add vrid port#Eth vrrp add Eth vrrp add 2Eth vrrp clear password vrid port# Eth vrrp clear passwordEth clear password Eth vrrp delete vrid port# Eth vrrp deleteEth vrrp delete Eth vrrp set multicast Eth vrrp listEth vrrp list port# Eth vrrp set multicast ipaddr Eth vrrp set optionEth vrrp multicast Eth vrrp set password Tribute record was created by the command eth vrrp addPreempt immediately Do not preempt a router with lower priorityEth vrrp set password password vrid port# PasswordAttribute record was created by the command eth vrrp add Eth vrrp set password AbCdEfGhEth vrrp set priority Eth vrrp set priority priority vrid port#Eth vrrp set priority 255 Eth vrrp set timeintervalEth vrrp set priority 50 7 Eth vrrp set timeinterval seconds vrid port# Time interval value in secondsVirtual router ID of the Vrrp attribute record Eth vrrp set timeinterval 2Removes the source routing option. Default value Eth ip remsrcrouteopt enable disableAdds the source routing option Remote Commands Remote bindipvirtualroute Remote disbridge Remote setcompression Remote setppppretrytimer Remote ? Remote addAdds a remote router entry into the remote router database Remotenamea Name of the tunnel. bRemote addbridge Remote addbridge * macaddr remotenameAll MAC addresses MAC addressRemote addhostmapping Remote addiproute Examples Remote addipxroute Remote addIpxRoute ipxne# metric ticks remotenameIPX network number Network/stationName of service Remote addipxsapIPX node address ErsRemote addserver Smtp SntpT120 TelnetEnter a gateway only if you are configuring a MER interface Remote bindipvirtualrouteRoute Address of a router on the remote LANRemote blocknetbios Enables NetBIOS filteringDisables NetBIOS filtering Remote delRemote delatmsnap Remote delbridgeATM forum encoding ITU E164 encodingDeletes encryption files associated with a remote router Remote delencryptionRemote delencryption remotename Remote deliproute Remote delhostmappingRemote deliproute ipaddr remotename Remote delipxroute Remote delIpxRoute ipxnet remotenameRemote delipxSap servicename remotename Remote delipxsapRemote delourpasswd Remote deloursysnameRemote delourpasswd remotename Remote deloursysname remotenameRemote delphone Remote delserverAction One of the following command actions Remote disable Remote disable remotenameRemote disauthen Remote disauthen remotenameRemote disbridge Remote disbridge remotenameRemote enable Remote enable remotenameRemote enaauthen Remote enaAuthen remotenameRemote enablebridge remotename Remote enabridgeRemote ipfilter command type action parameters remotename Remote ipfilterRemote ipfilter append Remote ipfilter insertRemote ipfilter delete Remote ipfilter flushRemote ipfilter clear Remote ipfilter checkFor example, the command Management Protocol error messageRemote ipfilter list Remote ipfilter watchProtocol TCP UDP Icmp Tcp syn ack noflag rst Remote list Remote list remotenameRemote ipfilter flush receive internet Remote ipfilter list input internetIf entered with no parameters, all remote router entries Are listedIf entered with no parameters, bridge settings for all re Typical response when entered with no remotename parameterRemote listbridge Mote routers entries are listedRemote listiproutes Remote listiproutes remotenameDest Private YesRemote listipxroutes Remote listipxsapsRemote listipxroutes remotename Remote listipxsaps remotenameRemote listphones Remote listphones remotenameRem listipxsaps hq Rem listphones hqRemote setatmnsap Remote restartRemote restart remotename Remote setauthen Remote setatmnasp atmf e164 partial full nsap remotenameNsap Remote setauthen protocol remotenameRemote setbod Remote setBOD in out both remotenameDefault is on Any traffic, including PPPoE traffic. The default is offRemote setbroptions Remote setBrOptions option on off remotenameDefault is 0, in which case, whenever data transmission Remote setbwthreshRemote setBWthresh threshold remotename Occurs, the maximum number of links is allocatedDisables compression negotiation. The default is off Remote setcompressionRemote setencryption They both share a common compression protocolRemote setEncryption DESE1KEYDESE2KEY filename remoteName Remote setipoptions Remote setipoptions option on off remotenameSlave mode setting. The default is no Remote setipslavepppUse periodic echo Remote setipslaveppp yes no remotenameEnables or disables NAT Remote setiptranslateRemote setipxaddr Remote setiptranslate on off remotenameRemote setipxoptions Remote setIpxOptions ripsap on off remotenameDefault is Remote setmaxlineRemote setmgmtipaddr Remote setMaxLine 1 2 remotenameIP address Remote setmgmtipaddr ipaddr mask remotenameIP sub-network mask Is allocated for the connection only when needed. Remote setMinLine 0 PPPoEuser Remote settimer 600 PPPoEuserRemote setminline Remote setminline minlines remotenameRemote setmtu size remotename Remote setmtuRemote setmtu 1400 HQ Remote setourpasswd password remotename Remote setourpasswdRemote setoursysname Remote routerRemote setpasswd password remotename Authentication password of the remote routerRemote setpasswd Remote setphoneRemote setphone async 1 5552000&5554000 backup Remote setspeed 115200 async 2 backupRemote setPhone async isdn 1 2 phone# remotename Desired setting for the option Remote setpppoptionsRemote setpppoptions option on off remotename Use IPX RIP/SAP protocolsRemote setpppretrytimer timervalue remotename Remote setppppretrytimerValue to Remote setprefer Remote setprefer async fr hsd remotenameBers and bit rates in the remote profile Frame RelayRemote setPrefer async backup Remote list backup Remote setprotocol Remote setpvc Remote setpvc vpi number*vci number remotenameVirtual Path ID number that identifies the link formed by Virtual pathRemote setrmtipaddr Remote setrmtipaddr ipaddr mask remotenameIP address of the remote router IP network mask of the remote routerUse the default speed Remote setspeedBit rate to be used for the phone number Primary phone numberRemote setsrcipaddr ipaddr mask remotename Remote setsrcipaddrTarget IP address of the WAN connection to the remote rout Remote settimer seconds remotename Remote settimerNumber of seconds in the timeout period Remote start Remote start remotenameRemote stats remotename Remote statsTotal connect time +011148 Total bytes out 15896 Remote stop Remote stop remotenameRemote unbindipvirtualroute Remote unbindipvirtualroute ipaddr tablename remotenameIP virtual routing table to which the route is removed Remote unbindIPVirtualRoute 10.1.2.0 Francisco HQThis page intentionally left blank WAN Interface Commands Adsl Commands Adsl ?Adsl restart Adsl speedAdsl restart Adsl speedAdsl stats Adsl stats clearStatistical information displayed Adsl speedAtm ? ATM CommandsAtm ? Following command requests the current speed Typical response when entered with no parameterAtm pcr Atm pcr cells/secondSaves the ATM configuration settings Atm saveAtm speed Atm saveRemote setatmtraffic Upstream speed requested in kilobits/secondRemote setATMTraffic scr mbs remoteName Atm speedSustained Cell Rate cells per second Remote setATMTraffic 0 0 HQRemote setATMtraffic 47 31 HQ Remote setATMtraffic 47 1 HQDmt ? DMT CommandsDmt ? Dmt link Dmt mode ansi notrellisansi uawg Dmt modeAnsi notrellisansi Selects the DMT mode used Dual-Ethernet Router ETH Commands Eth br enable Eth br disableEth br enable Eth br disableEth br options option on off port# Eth br optionsEthernet port number Eth br options stp off Eth br options pppoeonly onFrame ? Frame CommandsFrame ? Selects bridging mode Selects bridging mode, default valueFrame cmpplay Frame lmiFrame stats Displays frame relay statisticsFrame stats Frame statsDisplays the voice Dlci for voice routers Frame voiceFrame voice Gti ? GTI CommandsGti speed Gti stats Gti speedGti stats Gti speedGTI Adsl Version information is displayed Gti versionGti version Hdsl ? Hdsl CommandsHdsl ? Saves the HDSL-related changes across restarts and reboots Hdsl saveHdsl speed Hdsl saveSets the terminal operation mode to CPE Sets the terminal operation mode to COCommand example displaying current mode Hdsl terminalIdsl Commands Idsl listIdsl list Typical responseIdsl save Idsl set speedIdsl save Idsl set speed 64 128Idsl set switch Remote setdlciLink speed of 64 Kbps Link speed of 128 KbpsRemote setprotocol Frame Relay number identifying the data-link connectionRemote setProtocol ppp fr mer remotename PPP protocol with no encapsulationSdsl ? Sdsl CommandsSdsl ? Disables pre-activation Sdsl preactSdsl preact on off CPE end. aSdsl save Sdsl speedSdsl save Sdsl speed speed noautoSee examples above This command example requests a line speed of 1152 Kb/sSdsl speed Sdsl terminal Sdsl terminal cpe coTerminal operation is displayed Sdsl terminalShdsl Commands Enables the selected annex Shdsl ?Shdsl annex Lists the supported Shdsl keywordsLists the current configuration of the G.shdsl interface Shdsl listShdsl list Shdsl listSelects adaptive or fixed rate mode Shdsl marginShdsl ratemode Noise margin in decibelsSelects adaptive mode Selects fixed modeShdsl restart Current ratemode is displayedShdsl speed Shdsl saveShdsl save This command usage requests a line speed of 1096 Kb/s Shdsl speed speed autoSpeed in Kbps Selects auto-speed detectionShdsl stats Shdsl stats clearShdsl stats Shdsl stats clearShdsl terminal Shdsl terminalShdsl ver Displays the G.shdsl version level of the modem firmwareShdsl ver Shdsl verThis page intentionally left blank Allows a BootP request to be processed for a par Denies processing of a BootP request for a particSpecifies the boot file name kernel and the sub Lists the supported Dhcp keywordsSpecifies the Tftp server boot server Disables a subnetwork or a client leaseEnables a subnetwork or a client lease Clears the values from a pool of addressesDhcp ? Dhcp addTo define a subnetwork To define a client leaseCommand usage defining a subnetwork Command usage defining a client leaseDhcp add Dhcp add 128 1 4 ipAddressCommand usage defining, then listing a Dhcp relay server Dhcp addrelayDhcp addrelay ipaddr Dhcp addrelayDhcp bootp allow Dhcp bootp disallowIP address of the subnetwork lease IP address of the client leaseDhcp bootp file net ipaddr name Dhcp bootp fileName of the file to boot from Dhcp bootp tftpserver Dhcp bootp tftpserver net ipaddr tftpserver ipaddrDhcp clear addresses IP address of the Tftp serverWord records cannot be abbreviated in the command Dhcp clear all recordsDhcp clear expire Dhcp clear all recordsDhcp clear valueoption Ipaddra IP address of the subnetwork leaseDhcp clear valueoption net ipaddr code User defined code cExample command to delete the defined subnetwork Example command usage deleting a client leaseExample command deleting the user-defined option with code Dhcp delDhcp disable Dhcp disable all net ipaddrDhcp delrelay Dhcp delrelay ipaddr allDhcp enable Disables all subnetsEnables all subnets IIP address of the subnetwork leaseFollowing example command lists global information Dhcp listLists global, subnetwork, and client lease information Dhcp list net ipaddrFollowing example command lists information for client GatewayDhcp list definedoptions Dhcp list definedoptions code stringPredefined or user-defined number or keyword Character stringEfficient Networks Dhcp list lease Dhcp list leaseDhcp list definedoptions ga Default lease duration is displayed Dhcp set expire ipaddr hours default infiniteDhcp set addresses Dhcp set expireDhcp set lease Example command sets client lease time to the default value Example command sets lease time to infinite for this subnetDhcp set mask Dhcp set mask net maskDhcp set otherserver Dhcp set otherserver net continue stopDhcp set valueoption LeaseSubnetwork lease Code specifying the option to be setThis page intentionally left blank Configures the router to forward all incoming calls Display of the current configuration settings for tunNels, except for the authentication password/se Lists the supported L2TP keywordsCreates a Chap secret Creates local router’s host nameCreates the host name of the remote tunnel Defines the type of L2TP support for the tunnelExample command adding the tunnel named PacingAtWork L2tp ?L2tp add Tunnelnamea Name of the tunnel. bL2tp call L2tp closeL2tp call tunnelname L2tp call PacingAtWorkL2tp del L2tp forward Forward all incoming calls through the tunnel to an LNSNo incoming calls are allowed to be forwarded through Tunnel to an LNSL2tp list L2tp list tunnelnameTunnelname a Name of the tunnel. b L2tp listL2tp set address ipaddr tunnelname L2tp set addressIP address of the remote LAC or LNS Enables authentication Disables authenticationL2tp set authen L2tp set chapsecretChap secret used to authenticate the creation of the tunnel L2tp set dialoutL2tp set hiddenavp L2tp set dialout yes no tunnelnameAllows the router hide AVPs. Default value Disables hidden AVPsL2tp set ouraddress Source IP address used for this tunnelL2tp set ourpassword L2tp set oursysnameLenged by another router Name of the tunnelL2tp set ourtunnelname L2tp set remotenameName of the local router Tunnelnamea,b Name of the tunnelL2tp set type L2tp set wanif remote tunnelname L2tp set wanifLishing the L2TP tunnel L2tp set window Remote setl2tpclient tunnelnameremotename Remote setl2tpclientName of the remote entry Remote setlns Remote setLNS tunnelname remotenameFilter br ? Lists the supported Bridge Filtering keywordsFilter br add Byte offset within a packetHexadecimal number up to 6 bytes Allows forwarding of the packetsFilter br del pos data allow deny Filter br delFilter br del 12 8035 deny Filter br list Lists the bridging filters in the filtering databaseFilter br list Filter br listFilter br use This page intentionally left blank Remote setpppoeservice Pppoe close ifsnumber Pppoe closeIfsnumber Session to be closed.a Pppoe list Lists information about the currently active PPPoE sessionsPppoe list Pppoe listThis page intentionally left blank IKE/IPSEC Commands Defines a peer filtering parameter value for the pol Icy Defines the pfs filtering parameter value for PolicyDefines a proposal filtering parameter value for Defines a protocol filtering parameter value forMessage authentication done Disables a defined IPSec security association SA EntryLists the defined IKE peers Sets the local ID for the IKE peer connectionClears all IPSec definitions Enables a defined IPSec security association en TrySpecifies the identifier Spid for the IPSec tunnel Ike ipsec ? Commit bit is not set. Default value Ike commitIke flush Displays help messageIke ipsec policies add Ike ipsec policies deleteIke ipsec policies add policyname Policynamea New name for an IPsec policy.bIke ipsec policies disable Ike ipsec policies disable policynameName of an existing IPsec policy. b Policynamea Name of an existing IPsec policy.bIke ipsec policies enable policyname Ike ipsec policies enableIke ipsec policies enable mypolicy Ike ipsec policies list Ike ipsec policies list IKE IPSec policies mypolicy enabledIke ipsec policies list Ike ipsec policies set dest Ike ipsec policies set destportIP address allowed to be the destination of the data Name of the IPsec policy to which the destination parameterPortnumber Telnet Http Snmp Tftp Policynamea Ike ipsec policies set interface Ike ipsec policies set interface interface all policynameIke ipsec policies set mode Ike ipsec policies set mode tunnel transport policynameIke ipsec policies set interface backup corporate Ike ipsec policies set interface all mypolicyName of the IPsec policy to which the encapsulation mode Ike ipsec policies set peerParameter value is added. a Ike ipsec policies set peer peerpame policynameIke ipsec policies set pfs Ike ipsec policies set pfs 1 2 none policynameNegotiation Ike ipsec policies set pfs 2 mypolicyIke ipsec policies set proposal proposalname policyname Ike ipsec policies set proposalIke ipsec policies set proposal myproposal mypolicy Ike ipsec policies set protocol Ue is added. bIke ipsec policies set source Ike ipsec policies set source ipaddress ipmask policynameIP address allowed to be the source of the data Is added. cIke ipsec policies set sourceport Ike ipsec policies set translate Ike ipsec policies set translate on off policynameIke ipsec proposals add Ike ipsec proposals add proposalnameIke ipsec proposals delete Ike ipsec proposals delete proposalnameName of an existing IPsec proposal. b Ike ipsec proposals add myproposalIke ipsec proposals list Ike ipsec proposals listIke ipsec proposals list Use AH encapsulation and authenticate using hash algorithm Ike ipsec proposals set ahauthIke ipsec proposals set ahauth md5 sha1 none proposalname Secure Hash Algorithm-1Use ESP encapsulation and authenticate using hash algorithm No ESP encapsulation and no ESP message authentication. IfAuth command Ike ipsec proposals set espauthIke ipsec proposals set espenc Use ESP encapsulation and 56-bit encryptionUse ESP encapsulation and 168-bit encryption if 3DES is en Abled in the routerCompress using the LZS algorithm Ike ipsec proposals set ipcompIke ipsec proposals set lifedata Ike ipsec proposals set ipcomp none lzs proposalnameIke ipsec proposals set lifetime Ike ipsec proposals set lifedata kbytes proposalnameMeans unlimited Ike ipsec proposals set lifetime seconds proposalnameIke peers add UnlimitedIke peers add peername Peernamea New name for an IKE peer.bIke peers delete Ike peers listIke peers delete peername Peernamea Name of the IKE peer to delete.bIke peers set address ipaddress peername Ike peers set addressIke peers list IKE Peers Ike peers set localid aggressivemodeid peername Ike peers set localidIke peers set address 0.0.0.0 myaggressivepeer Ike peers set localidtype Example ResponseName of the IKE peer whose local ID is specified. c Ike peers set localidtype ipaddr domainname email peernameIke peers set localidtype domainname myaggressivepeer Ike peers set mode Select main mode both ends constantSelects aggressive mode one end can change Name of the IKE peer whose mode is specified. bIke peers set peerid Ike peers set peeridtypeIke peers set peerid aggressivemodeid peername Name of the IKE peer whose peer ID is specified. cIke peers set secret Ike peers set peeridtype ipaddr domainname email peernameIke peers set secret secret peername Ike peers set peeridtype domainname myaggressivepeerIke proposals add Ike proposals deleteIke proposals add ProposalName Proposalnamea New name for an IKE proposal.bIke proposals list Proposalnamea Name of the IKE proposal to delete.bIke proposals list Ike proposals delete myikeproposalIke proposals set dhgroup Ike proposals set dhgroup none 1 2 proposalnameNo DH group is used Use DH groupUse 3DES 168-bit encryption if 3DES encryption is enabled Ike proposals set encryptionIke proposals set lifetime Use DES 56-bit encryptionIke proposals set messageauth Maximum number of seconds before renegotiationIke proposals set messageauth none md5 sha1 proposalName Ike proposals set lifetime 86400 myikeproposalIke proposals set sessionauth IPSec Commands Ipsec addIpsec add saname Sanamea Name for the new IPSec SA.bIpsec disable Disables a defined IPSec security association entrySanamea Name of the IPSec SA to be disabled.b Ipsec deleteIpsec enable Ipsec enable sanameSanamea Name of the IPSec SA to be enabled.b Ipsec disable showrxIpsec flush Ipsec listIpsec flush Ipsec list sanameIpsec list Ipsec set authentication Ipsec set authentication md5 sha1 sanameSpecifies the authentication key for the IPSec SA Ipsec set authkeyHexadecimal authentication key Ipsec set directionDefines the direction of the IPSec SA Ipsec set direction inbound outbound sanameIpsec set compression Ipsec set enckeyIpsec set compression none lzs saname Specifies the encryption key for the IPSec SAIpsec set encryption Ipsec set gateway Ipsec set identDefines the IP address of the IP gateway of the IPSec SA Ipaddressa IP address of the IP gatewayIpsec set mode Ipsec set mode tunnel transport sanameSpid for the IPSec tunnel Name of the IPSec SA. bIpsec set service Ipsec set service esp ah both sanameAH authentication Use Both ESP encryption and authenticationLists the top-level voice or dsp commands Keywords and a brief description of their functionDisplays the current voice rate and encoding type Clears the L2 control channel statisticsDsp ? / voice ? Dsp voice ?Typical response when entered with no parameters Dsp ecodeSelects the voice encoding method for all voice ports Sets encoding method to alawDsp jitter Dsp jitter millisecondsIs displayed Optional, Length of jitter buffer in millisecondsDsp provision Voice port to configure Dsp saveDsp vr Dsp saveVoice l2clear Voice l2statsVoice profile profile Voice l2statsExample response confirming the configuration change Voice profileVoice l2stats Voice profileVoice refreshcas Voice refreshcas active alwaysMode An idle stateThis page intentionally left blank Lists the supported radius commands and key Deletes a configured radius server entryAttempting the next radius server, if configured WordsRad ? Rad deleteserverRad ? Rad deleteserver integerRad list secret Rad list secretRad list secret Rad list server Rad list serverRad list server Rad set retries Radius set serverRadius set timeout Authentication secret for the specified radius serverRadius set secret Number of seconds between retry attemptsAdds an access privilege to for the specified user Configures the managements class with read-onlyDeletes an access path from the specified user ac Disables an existing user accountDisplays the contents of the user account data Base Lists the characteristics of the pre-defined user TemplatesAdmin R User ?User add access Adds user access through a LAN connectionAdds user access through the WAN connection Adds user access through the console serial portUser add class User add user username password template enable disable User add userUser delete access User delete access lan wan console usernameRemoves user access through a LAN connection Removes user access through the WAN connectionEnabled for read-only User delete classUser delete class mgtclass read write username Must be one of the followingUser delete class admin write Admin1 User delete class voice read Admin1User delete user User delete user username1 username2 usernameNUser disable User disable usernameUser delete user Admin1 staff001 User disable VoiceAdminUser enable User enable usernameUser enable Admin1 User listUser list User list lookup User list templateUser list lookup Displays the pre-defined user template informationEfficient Networks User set lookup User set password Changes the password of an existing user accountUser setpassword username newpassword Newpassworda New password for the user accountThis page intentionally left blank Lists the supported key commands Validates and adds a key to the key-enabled feaDeletes a feature key from the key-enabled feature Ture databaseDisables a key-enabled feature Revokes a key-enabled feature keyUnrevokes a revoked feature key Updates the expiration date of an expired feature KeyKey add Example response when adding a key for L2TPKey add keystring Key delete featurename Featurenamea Name of the feature to be deleted.bExample response when deleting the key for Radius Key deleteKey disable Key disable featurenameFeaturename Name of the feature to be disabled.a Key disable l2tpKey enable Key enable featurenameFeaturenamea Name of the feature to be enabled.b Key listInstalled Typical response with the -lparameter is shown belowKey revoke feature Featurenamea Name of the feature key to be revokedKey revoke Key unrevokeKey update Key update keystringKeystringa Key string for the feature Key unrevoke keystringThis page intentionally left blank Disables Snmp access from the specified inter Enables Snmp access from the specified interEnables or disables transmission of unsolicited Sets an authentication password for an SnmpSnmp addsnmpfilter Snmp ?Snmp ? Snmp addtrapdest Snmp addsnmpfilter first ip addr last ip addr lanSnmp addstrapdest ip addr IP address of the trap managerSnmp community Snmp community snmp community nameSnmp community name Following example sets the Snmp community name to iadsSnmp delsnmpfilter Snmp delsnmpfilter first ip addr last ip addr lanSnmp disablesnmpif Snmp disablesnmpif wanlanSnmp deltrapdest Snmp deltrapdest ip addrSnmp enablesnmpif Wan lan Interface from which Snmp access will be disabledSnmp enablesnmpif wanlan Wan lan Interface from which Snmp access will be enabledSnmp settrapenable Snmp settrapenable on offSnmp list Snmp listEnables trap event message transmission Current passwordSnmp Manager authentication password Example response when a password parameter is enteredSnmp snmpport default disabled port Snmp snmpportDisplays the current stateful firewall settings Configured rulesEnables or disables the stateful firewall function Due to firewall rules that when exceeded, will logFirewall ? Sets the threshold value for the number of IcmpSets the threshold value for the number of SYN Sets the threshold value for the number of UDPPackets must match the assigned application characteristics Firewall allowFirewall allow protocol application parameters Packet must have the specified protocolExamples Firewall allow -a FTP -sa 192.168.1.34 -d out Firewall -a netmeeting -sa 192.168.1.23 -d outFirewall clearcounter Indicates the specified rule is in the allow rules listIndicates the specified rule is in the deny rules list Firewall clearcounter 13 allowFirewall delete Firewall clearcounter allFirewall clearcounter all Example command deletes rule 3 from the deny rules list Firewall delete allFirewall delete all allow deny Will delete all rules from the allow rules listFirewall deny protocol application parameters Firewall denyFirewall delete all allow Both Command entered with no parameters Firewall listFirewall list allow deny Optional parameter will display only allow rules listCommand entered with the optional allow parameter Firewall modifyFirewall modify allow deny number parameter Following identifies the firewall rule to be modifiedSpecifies the protocol a packet must have Modifies the firewall rule typeModifies the source IP address or specified address range Modifies the specified source ip maskEnables the firewall as currently configured Disables the firewallFirewall set Firewall setdroppktthresholdFirewall seticmpfloodthreshold Firewall seticmpfloodthreshold numberThreshold value in packets per seconds Firewall setdroppkthresholdFirewall setsynfloodthreshold Firewall setsynfloodthreshold numberFirewall setudpfloodthreshold Firewall viewdroppktsFirewall setudpfloodthreshold number Firewall viewdroppkts numberTypical response using the optional number parameter Firewall viewdroppktsFirewall watch on off Firewall watchNo messages are printed to the console or Syslog server This page intentionally left blank List the supported SSH sub-commands Displays the current SSH configuration with the exConfigured SSH port Sets the idle timeout period for SSH connectionsSsh ? Ssh keygenSsh ? Generates the Private-Public key-pair for the local serverSsh list Ssh load privatekeySsh list Ssh load publickey tftp@server-addrpriv-key-fileSsh load publickey Ssh load publickey TFTP@server-addrpub-key-fileKey file to load Ssh load privatekey tftp@192.168.13.174mykeyMultiple types are allowed on the command line Ssh set encryptionSets the types of encryption the SSH connections will use DES 56-bit encryptionSsh set idletimeout Ssh set idletimeout secondsIdle timeout period in seconds Ssh set keepalive enable disableSsh set keepalive enable Ssh set macKeepalive messages are sent Ssh set mac md5 sha1Enables and disables SSH server connections Ssh set status enable disableSsh set rekey Ssh set statusSsh set status enable Allows SSH connectionsThis page intentionally left blank List the supported QoS commands and a brief de Enables and disables marking of the differentiatedServices field Scription of their functionsSaves the current QoS configuration and QoS pol Icies Qos ?Qos append Defines a proposal filtering parameter value for PolicySpecifies that all disabled QoS policies will be deleted Qos delPolicy namea Specifies the QoS policy name to be added Specifies the QoS policy to be deletedQos disable Example command that deletes all disabled QoS policiesQos diffserv QOS will mark Diffserv field in IP headerQos enable Policy namea Specifies the QoS policy to be disabledQos enable policy name Specifies the QoS policy to be enabledQos insert Qos listQos del policy name insert before this policy Qos list policy nameQos list mypolicy3 LOWQos move Qos movetoendQos move policy name move to before this policy Specifies the QoS policy to be movedQos off Qos offSaves the current QoS feature and policy configurations Qos onQos save Qos onQos set Specifies the priority, with normal the default valueQos set parameter policy name Specifies the incoming code point Specifies the outgoing code pointQos setweight highmeduimnormallow weight Qos setweightQueue This page intentionally left blank Lists the supported Switch sub-commands Specifies the aging time of the switchDisables the specified Ethernet port Configures port traffic mirroringSwitch ? Switch agetimeSwitch ? help Switch agetime secondsSwitch block Switch block portEthernet port to be disabled Switch blockSwitch mirror on off capture port map port unmap port Switch mirrorSwitch mirror capture 6 switch mirror map Switch mirror map Switch status Displays the current port states for the Ethernet switchSwitch status Switch mirror captureSwitch unblock Switch unblock portEthernet port to be enabled Switch status