Manuals / Efficient Networks / Computer Equipment / Network Router

Efficient Networks 107-0001-000 manual Remote ipfilter list, Remote ipfilter watch

Models: 107-0001-000

1 516

Download 516 pages 19.79 Kb

Page 219

Efficient Networks® Router family	Chapter 6: Remote Commands
Command Line Interface Guide

For example, the command

-> remote ipfilter check input -p TCP branch1

would check what action (accept, drop, reject, inipsec, outipsec) would be taken for a TCP packet after it was compared with the list of input filters defined for remote entry branch1.

remote ipfilter list

remote ipfilter list <type> <remotename>

Lists all filters of the specified <type> (input, receive, transmit, or output) for this remote entry.

remote ipfilter watch

remote ipfilter watch <on off> [-q -v] <remotename>

Turns on or turns off the console watch for this remote router entry. If the watch is on, a message is printed to the console serial port when a packet is dropped or rejected. (The message is also sent to any Syslog servers; see “Syslog Client” on page 7-1.)

However, if the parameter -q (quiet) was specified for a filter, no message is printed when that filter matches a packet. If the parameter -v (verbose) was specified for a filter, a message is printed whenever that filter matches a packet, regardless of the filter action.

To see the messages, Telnet to the router and enter system log. The watch does not continue after a remote restart or save; to resume the watch, you must enter the remote ipfilter watch <on> command again.

Parameters

The filter <type> specifies at which point the filter is compared to the IP packet (see the illustration under “Filters and Interfaces” on page 5-23):

input When the packet enters the interface, before any network address translation is performed.

receive When the packet enters the interface, after any network address translation, but before routing table processing.

transmit After routing table processing, before any network address transla- tion before the packet is sent out.

output After routing and network address translation, just before the packet is sent out.

If the packet matches the filter, the specified action is performed:

accept	The packet is allowed to proceed for further processing.
drop	The packet is discarded, without sending an ICMP (Internet Control
	Management Protocol) error message.

Efficient Networks®

Page 6-31

Image 219

Efficient Networks 107-0001-000 manual Remote ipfilter list, Remote ipfilter watch, For example, the command

Contents

5RXWHUDPLO\ Efficient Networks Software License and Limited Warranty Limitations Revision History 001 12 FebRelease Contents File System Commands Contents Contents Eth ip directbcast Remote CommandsContents Contents WAN Interface Commands Dhcp Commands L2TP Commands L2tp set window -16 remote setl2tpclient -17 remote setlns Remote setpppoeservice -1 pppoe close -2 pppoe listContents Voice Commands User Commands Stateful Firewall Commands Ssh set rekey -8 ssh set status -8 system sshport QoS CommandsThis page intentionally left blank How This Manual is Organized IntroductionUsername Command ConventionsAccessing the Command Line PasswordTerminal Sessions Re-enter the new password at the promptPassword change will be confirmed Command line is now available for useTerminal Session under Windows HyperTerminal Data bits Parity None Stop bits Flow control Hardware Terminal Session for Macintosh or Unix Telnet Telnet Session for Remote AccessCommand Line via the Web Management Interface Lists the contents of the bridge table Lists the top-level commands and keywords and aResolution Protocol ARP table Mode is learning, listening, or forwardingEnables Sntp requests Lists the current services in the IPX SAPs tableChanges the current user password Initiates a reboot of the systemResponse ? or helpInput Format ParametersExample Arp deleteArp list Mgmt ClassArp list Input Format ParametersArp list Voice RBi list Bi listBi list Remotenamea Name of the target router CallVoice R/W Call remotenameAll R/W Display when date is entered with no parametersDisplay when date is entered with parameters DateAdmin R/W When entered with no parameters, same as erase allErase Voice R, Network R ExitIfs All RIpifs IpifsTypical response is shown below An example of additional interfaces that may be displayedIpxroutes IproutesIpxroutes IproutesIpxsaps IpxsapsIpxsaps IpxroutesLogout LogoutMem MemSystem R, Debug R MemMlp summary Mlp summaryPassword Password old password new passwordAdmin101@console- password 1675309 lobster Ping Ping -c 2 -i 7 -s 34 Ping -I 192.168.254.254Ping -I 192.168.1.2 TID Name Bottom Current Size 1IDLE Reboot option RebootUser is prompted to verify the command SaveSave Sntp active Sntp disableDisables Sntp requests Sntp disableItive number is east a negative number is west Sntp enableWhen no parameter is entered, current offset is displayed Sntp offsetNumber of a server within the Sntp server list When entered with no number parameterSntp prefserver Sntp prefserver numberWhen entered and an sntp preferred server has been defined When entered with a number parameterWhen entered while sntp function is currently disabled When entered and no sntp preferred server is definedSntp server Sntp server ipaddress default numberRequests the default server list When entered with the default parameterTcp stats Tcp statsTcp stats Typical responseTime Hop is listed in the output message TracerouteNetwork R/W, Debug R Dress as the source address172.17.20.1 TracerouteTraceroute -n Vers VersDeletes the specified file from the flash filesystem This command loads batch files of configurationCommands into the router Copies a file from the source to the destinationCopy tftp@128.1.210.66kernelnw kernel.f2k CopyExamples Copy srcfile dstfileDelete filename Admin R/W, System R/WDelete Refer to examples for typical responsesDir DirDir Execute filename ExecuteFormat disk Following is an example of the format disk commandFormat disk System R/W, Debug R/WMsfs Msfs fixMsfs Commits the changes made to the file system to Flash memory Following is an example rename commandRename SyncRange of public IP addresses on a system-wide ba Adds an address to the BootP server listLists the supported keywords Remaps a range of local-LAN IP addresses to aChanges the Dial Backup stability period Disables the Dial Backup option in the routerEnables the Dial Backup option in the router Changes the Dial Backup retry periodLists the system settings for the target router Lists the default modem settingsRemoves an address from the BootP server list Manages the system Http port accessManages Syslog port access Enables and disables the secure mode functionManages Snmp port access Manages SSH port accessSystem ? System addbootpserverSystem addbootpserver ipaddr System ?IP address of the server System addbootpserverSystem addhostmapping Local Ethernet LAN System addhttpfilterSecurity R/W System addhttpfilter first ip addr last ip addr lanSystem addiproutingtable System addserver Response ExampleSystem addiproutingtable 192.168.1.5 192.168.1.12 Rosa Discards the incoming server request Action One of the following command actionsRlogin port Selects the host with this IP address as serverSystem addsnmpfilter first ip addr last ip addr lan System addsnmpfilterSystem addsyslogfilter firstipaddr last ipaddr lan System addsyslogfilterIP address to be added to the Syslog server address list System addsyslogserverSystem R/W System addsyslogserver ipaddrSystem addtelnetfilter first ip addr last ip addr lan System addtelnetfilterIncorporates all the available UDP ports in the new range System addudprelayWarded First port in the UDP port range to be createdChap is performed System authenSystem authen none pap chap CallyAddress System backup addSystem backup add ipaddr gw dns group IP address to be added to the listIP address to be deleted from the list System backup deleteFollowing command deletes the gateway address from group Following command deletes all addresses from groupSystem backup delete all all System backup disableFollowing command clears all addresses from the list System backup disableSystem backup enable System backup enableOptional, number of a group System backup pingintervalSystem backup pinginterval seconds group Number of seconds in the ping interval for the groupSystem backup pingsamples 0 System backup pingsamplesSystem backup pingsamples samples group System backup pingsamplesFollowing command changes the retry period to System backup retrySystem backup retry minutes Following command changes the retry period to 60 minutesFollowing command changes the stability period to 5 minutes System backup stabilitySystem backup successrate System backup stability minutesSystem backup successrate 0 System blocknetbiosdefaultSystem backup successrate percentage group System backup successrateSystem community snmp community name System blocknetbiosdefault yes noSets the default to block all NetBIOS and NetBUI requests System communitySystem delbootpserver ipaddr all System default modemSystem delbootpserver System defaultmodemSystem delhostmapping Removes all addresses from the BootP server listSystem delbootpserver System delbootpserver allFirst IP address of the range System delhttpfilterSystem deliproutingtable System delhttpfilter first ip addr last ip addr lanSystem deliproutingtable 192.168.1.5 192.168.1.6 Rosa Following command deletes the virtual routing table RosaDeletes an entry created by the system addserver command System delserverAction One of the following command actions System delsnmpfilter System delsnmpfilter first ip addr last ip addr lanFirst IP address of the client range System delsyslogserver ipaddr System delsyslogfilterSystem delsyslogserver System delsyslogfilter firstipaddr last ipaddr lanSystem deltelnetfilter first ipaddr last ipaddr lan System deltelnetfilterLast port in the UDP port range to be deleted System deludprelaySystem history Deletes all existing UDP portsSystem history Following is a typical responseCess System httpport default disabled portThis command sets the Http port to the default value System httpportSystem list System listSystem list Following is an example of a typical responseTure System logSystem log start stop status Initiates monitoring activityEnter one of the following options Following command changes the string for the init settingFollowing command selects pulse dialing System modemFirst ipaddra First IP address of the range to be moved System moveiproutingtableMessage a,b System msg Configured on10/21/98System msg System msg messageName a,b System nameSystem name name Router nameSystem onewandialup System onewandialup on offTions System passwd System riptimerPassworda,bAuthentication password of the target router Timer value for RIP information exchangeSecurity R System securemode set enable disableSystem securemode list System securemode setSystem securemode set cli value Disable Disables secure modeTypical response indicating the curent mode is displayed System securemode set cliSystem securemode set lan trusted untrusted Mode is enabledSystem securemode set lan System securemode set wanSystem securitytimer System securitytimer minutesSystem securemode set wan trusted untrusted Policy will be applied System selnat addpolicySpecifies the destination IP address to which the policy Will be appliedNumber of the policy to be deleted System selnat delpolicySystem selnat list System selnat delpolicy policy numberSystem snmpport System snmpport default disabled portThis command sets the Snmp port to the default value This command disables the existing Snmp portThis command remaps the Snmp port to port System supporttrace System sshportDebug R/W System supporttraceSystem supporttrace === Processes === TID Name FL P Bottom Current Size 1IDLE DSP ATZ QA-LABPC === Interfaces === NW PRM Efficient Networks === END of Tech Support Data System syslogport System syslogport default disabled portSystem telnetport default disabled port This command sets the Syslog port to the default valueThis command disables the existing Syslog port This command remaps the syslog port to portThis command disables the existing telnet port Disables the existing Telnet portMote access This command sets the Telnet port to the default valueSystem wan2wanforwarding System wan2wanforwarding onLink Deletes a logical interface from an Ethernet port That the router can provide service to multiple IPAdds a logical interface onto an Ethernet port so SubnetsEnables and disables Ethernet Firewall Filtering Removes a route from the default routing tableDisables IP routing across the Ethernet LAN Enables IP routing across the Ethernet LANSets the IPX network number for the Ethernet LAN Connection Disables IPX routing across the Ethernet LANEnables IPX routing across the Ethernet LAN Clears the password in a Vrrp attribute record for VridEth ? Eth ?Eth add Eth add port#logical#Eth add Logical interface number to be deleted Eth deleteEth delete port#logical# Ethernet interface from which logical port will be deletedTypical usage Eth ip addhostmappingIP network mask Eth ip addrEth ip addr ipaddr ipnetmask interface Ethernet LAN IP addressEthernet interface through which the packet is sent Eth ip addrouteEth ip addroute ipaddr ipnetmask gateway hops interface IP address of the IP gatewayEth ip addserver Eth ip bindroute Ethernet LAN IP address Eth ip defgateway ipaddr interface Eth ip defgatewayEth ip delhostmapping Eth ip delroute 10.1.3.0 255.255.255.0 Eth ip delrouteEth ip addroute ipaddr ipnetmask interface Eth ip delroute 10.9.2.0Eth ip delserver Protocolid a Numerical protocol ID Hypettext Transfer Protocol Http portMP port Eth ip directbcast Eth ip disableEnables the forwarding of packets broadcast to a subnet Disables the forwarding of packets broadcast to a subnetEth ip enable Eth ip disableEth ip enable Eth ip filter insert Eth ip filter command type action parameters interfaceEth ip filter Eth ip filter appendEth ip filter delete type action parameters interface Eth ip filter deleteEth ip filter flush Eth ip filter clearEth ip filter check Eth ip filter listEth ip filter watch Protocol TCP UDP Icmp Dp Icmp type first dest portlast dest port Eth ip filter flush input To be performed Disables the firewall filtering featureEth ip firewall Eth ip firewall on off listEth ip mgmt Ping -I 192.168.1.2Eth ip mgmt ipaddr ipnetmask interface Eth ip mgmt 10.0.0.1 255.255.255.0 Save Reboot Eth ip optionsEth ip options option on off interface Eth ip ripmulticast OptionMust be one of the followingEth ip ripmulticast ipaddr Eth ip translate off Eth ip translateEth ip translate on off interface Eth ip translate onEth ip unbindroute ipaddr tablename interface Eth ip unbindrouteEth ip vrid vrid interface Eth ip vridEth ip vrid 7 Eth ipx disableEth ipx addr Eth ipx addr ipxnet port#Eth ipx enable port# Eth ipx enableThis command requires a reboot Eth ipx disable port#Eth list interface Eth ipx enable typeEth ipx frame Eth listEth list Global BRIDGING/ROUTING SettingsEth mtu Eth restartEth mtu size interface Eth start interface Eth startEth restart interface Interfacea,b Logical Ethernet interfaceInterfacea,b Logical Ethernet interface Eth stopEth vrrp add 2 Eth vrrp addEth vrrp add vrid port# Eth vrrp addEth vrrp clear password Eth vrrp clear password vrid port#Eth clear password Eth vrrp delete Eth vrrp delete vrid port#Eth vrrp delete Eth vrrp list Eth vrrp set multicastEth vrrp list port# Eth vrrp set option Eth vrrp set multicast ipaddrEth vrrp multicast Do not preempt a router with lower priority Eth vrrp set passwordTribute record was created by the command eth vrrp add Preempt immediatelyEth vrrp set password AbCdEfGh Eth vrrp set password password vrid port#Password Attribute record was created by the command eth vrrp addEth vrrp set priority priority vrid port# Eth vrrp set priorityEth vrrp set timeinterval Eth vrrp set priority 255Eth vrrp set priority 50 7 Eth vrrp set timeinterval 2 Eth vrrp set timeinterval seconds vrid port#Time interval value in seconds Virtual router ID of the Vrrp attribute recordEth ip remsrcrouteopt enable disable Removes the source routing option. Default valueAdds the source routing option Remote Commands Remote bindipvirtualroute Remote disbridge Remote setcompression Remote setppppretrytimer Remotenamea Name of the tunnel. b Remote ?Remote add Adds a remote router entry into the remote router databaseMAC address Remote addbridgeRemote addbridge * macaddr remotename All MAC addressesRemote addhostmapping Remote addiproute Examples Network/station Remote addipxrouteRemote addIpxRoute ipxne# metric ticks remotename IPX network numberErs Name of serviceRemote addipxsap IPX node addressRemote addserver Telnet SmtpSntp T120Address of a router on the remote LAN Enter a gateway only if you are configuring a MER interfaceRemote bindipvirtualroute RouteRemote del Remote blocknetbiosEnables NetBIOS filtering Disables NetBIOS filteringITU E164 encoding Remote delatmsnapRemote delbridge ATM forum encodingRemote delencryption Deletes encryption files associated with a remote routerRemote delencryption remotename Remote delhostmapping Remote deliprouteRemote deliproute ipaddr remotename Remote delIpxRoute ipxnet remotename Remote delipxrouteRemote delipxsap Remote delipxSap servicename remotenameRemote deloursysname remotename Remote delourpasswdRemote deloursysname Remote delourpasswd remotenameRemote delserver Remote delphoneAction One of the following command actions Remote disauthen remotename Remote disableRemote disable remotename Remote disauthenRemote disbridge remotename Remote disbridgeRemote enaAuthen remotename Remote enableRemote enable remotename Remote enaauthenRemote enabridge Remote enablebridge remotenameRemote ipfilter insert Remote ipfilter command type action parameters remotenameRemote ipfilter Remote ipfilter appendRemote ipfilter check Remote ipfilter deleteRemote ipfilter flush Remote ipfilter clearRemote ipfilter watch For example, the commandManagement Protocol error message Remote ipfilter listProtocol TCP UDP Icmp Tcp syn ack noflag rst Remote ipfilter list input internet Remote listRemote list remotename Remote ipfilter flush receive internetAre listed If entered with no parameters, all remote router entriesMote routers entries are listed If entered with no parameters, bridge settings for all reTypical response when entered with no remotename parameter Remote listbridgePrivate Yes Remote listiproutesRemote listiproutes remotename DestRemote listipxsaps remotename Remote listipxroutesRemote listipxsaps Remote listipxroutes remotenameRem listphones hq Remote listphonesRemote listphones remotename Rem listipxsaps hqRemote restart Remote setatmnsapRemote restart remotename Remote setauthen protocol remotename Remote setauthenRemote setatmnasp atmf e164 partial full nsap remotename NsapRemote setBOD in out both remotename Remote setbodRemote setBrOptions option on off remotename Default is onAny traffic, including PPPoE traffic. The default is off Remote setbroptionsOccurs, the maximum number of links is allocated Default is 0, in which case, whenever data transmissionRemote setbwthresh Remote setBWthresh threshold remotenameThey both share a common compression protocol Disables compression negotiation. The default is offRemote setcompression Remote setencryptionRemote setEncryption DESE1KEYDESE2KEY filename remoteName Remote setipoptions option on off remotename Remote setipoptionsRemote setipslaveppp yes no remotename Slave mode setting. The default is noRemote setipslaveppp Use periodic echoRemote setiptranslate on off remotename Enables or disables NATRemote setiptranslate Remote setipxaddrRemote setIpxOptions ripsap on off remotename Remote setipxoptionsRemote setMaxLine 1 2 remotename Default isRemote setmaxline Remote setmgmtipaddrRemote setmgmtipaddr ipaddr mask remotename IP addressIP sub-network mask Remote setminline minlines remotename Is allocated for the connection only when needed.Remote setMinLine 0 PPPoEuser Remote settimer 600 PPPoEuser Remote setminlineRemote setmtu Remote setmtu size remotenameRemote setmtu 1400 HQ Remote router Remote setourpasswd password remotenameRemote setourpasswd Remote setoursysnameRemote setphone Remote setpasswd password remotenameAuthentication password of the remote router Remote setpasswdRemote setspeed 115200 async 2 backup Remote setphone async 1 5552000&5554000 backupRemote setPhone async isdn 1 2 phone# remotename Use IPX RIP/SAP protocols Desired setting for the optionRemote setpppoptions Remote setpppoptions option on off remotenameRemote setppppretrytimer Remote setpppretrytimer timervalue remotenameValue to Frame Relay Remote setpreferRemote setprefer async fr hsd remotename Bers and bit rates in the remote profileRemote setPrefer async backup Remote list backup Remote setprotocol Virtual path Remote setpvcRemote setpvc vpi number*vci number remotename Virtual Path ID number that identifies the link formed byIP network mask of the remote router Remote setrmtipaddrRemote setrmtipaddr ipaddr mask remotename IP address of the remote routerPrimary phone number Use the default speedRemote setspeed Bit rate to be used for the phone numberRemote setsrcipaddr Remote setsrcipaddr ipaddr mask remotenameTarget IP address of the WAN connection to the remote rout Remote settimer Remote settimer seconds remotenameNumber of seconds in the timeout period Remote start remotename Remote startRemote stats Remote stats remotenameTotal connect time +011148 Total bytes out 15896 Remote stop remotename Remote stopRemote unbindIPVirtualRoute 10.1.2.0 Francisco HQ Remote unbindipvirtualrouteRemote unbindipvirtualroute ipaddr tablename remotename IP virtual routing table to which the route is removedThis page intentionally left blank WAN Interface Commands Adsl ? Adsl CommandsAdsl speed Adsl restartAdsl speed Adsl restartAdsl speed Adsl statsAdsl stats clear Statistical information displayedATM Commands Atm ?Atm ? Atm pcr cells/second Following command requests the current speedTypical response when entered with no parameter Atm pcrAtm save Saves the ATM configuration settingsAtm save Atm speedAtm speed Remote setatmtrafficUpstream speed requested in kilobits/second Remote setATMTraffic scr mbs remoteNameRemote setATMtraffic 47 1 HQ Sustained Cell Rate cells per secondRemote setATMTraffic 0 0 HQ Remote setATMtraffic 47 31 HQDMT Commands Dmt ?Dmt ? Dmt link Dmt mode Dmt mode ansi notrellisansi uawgAnsi notrellisansi Selects the DMT mode used Dual-Ethernet Router ETH Commands Eth br disable Eth br enableEth br disable Eth br enableEth br options Eth br options option on off port#Ethernet port number Eth br options pppoeonly on Eth br options stp offFrame Commands Frame ?Frame ? Frame lmi Selects bridging modeSelects bridging mode, default value Frame cmpplayFrame stats Frame statsDisplays frame relay statistics Frame statsFrame voice Displays the voice Dlci for voice routersFrame voice GTI Commands Gti ?Gti speed Gti speed Gti statsGti speed Gti statsGti version GTI Adsl Version information is displayedGti version Hdsl Commands Hdsl ?Hdsl ? Hdsl save Saves the HDSL-related changes across restarts and rebootsHdsl save Hdsl speedHdsl terminal Sets the terminal operation mode to CPESets the terminal operation mode to CO Command example displaying current modeTypical response Idsl CommandsIdsl list Idsl listIdsl set speed 64 128 Idsl saveIdsl set speed Idsl saveLink speed of 128 Kbps Idsl set switchRemote setdlci Link speed of 64 KbpsPPP protocol with no encapsulation Remote setprotocolFrame Relay number identifying the data-link connection Remote setProtocol ppp fr mer remotenameSdsl Commands Sdsl ?Sdsl ? CPE end. a Disables pre-activationSdsl preact Sdsl preact on offSdsl speed speed noauto Sdsl saveSdsl speed Sdsl saveThis command example requests a line speed of 1152 Kb/s See examples aboveSdsl speed Sdsl terminal Sdsl terminalSdsl terminal cpe co Terminal operation is displayedShdsl Commands Lists the supported Shdsl keywords Enables the selected annexShdsl ? Shdsl annexShdsl list Lists the current configuration of the G.shdsl interfaceShdsl list Shdsl listNoise margin in decibels Selects adaptive or fixed rate modeShdsl margin Shdsl ratemodeCurrent ratemode is displayed Selects adaptive modeSelects fixed mode Shdsl restartShdsl save Shdsl speedShdsl save Selects auto-speed detection This command usage requests a line speed of 1096 Kb/sShdsl speed speed auto Speed in KbpsShdsl stats clear Shdsl statsShdsl stats clear Shdsl statsShdsl terminal Shdsl terminalShdsl ver Shdsl verDisplays the G.shdsl version level of the modem firmware Shdsl verThis page intentionally left blank Lists the supported Dhcp keywords Allows a BootP request to be processed for a parDenies processing of a BootP request for a partic Specifies the boot file name kernel and the subClears the values from a pool of addresses Specifies the Tftp server boot serverDisables a subnetwork or a client lease Enables a subnetwork or a client leaseTo define a client lease Dhcp ?Dhcp add To define a subnetworkDhcp add 128 1 4 ipAddress Command usage defining a subnetworkCommand usage defining a client lease Dhcp addDhcp addrelay Command usage defining, then listing a Dhcp relay serverDhcp addrelay Dhcp addrelay ipaddrIP address of the client lease Dhcp bootp allowDhcp bootp disallow IP address of the subnetwork leaseDhcp bootp file Dhcp bootp file net ipaddr nameName of the file to boot from IP address of the Tftp server Dhcp bootp tftpserverDhcp bootp tftpserver net ipaddr tftpserver ipaddr Dhcp clear addressesDhcp clear all records Word records cannot be abbreviated in the commandDhcp clear all records Dhcp clear expireUser defined code c Dhcp clear valueoptionIpaddra IP address of the subnetwork lease Dhcp clear valueoption net ipaddr codeDhcp del Example command to delete the defined subnetworkExample command usage deleting a client lease Example command deleting the user-defined option with codeDhcp delrelay ipaddr all Dhcp disableDhcp disable all net ipaddr Dhcp delrelayIIP address of the subnetwork lease Dhcp enableDisables all subnets Enables all subnetsDhcp list net ipaddr Following example command lists global informationDhcp list Lists global, subnetwork, and client lease informationGateway Following example command lists information for clientCharacter string Dhcp list definedoptionsDhcp list definedoptions code string Predefined or user-defined number or keywordEfficient Networks Dhcp list lease Dhcp list leaseDhcp list definedoptions ga Dhcp set expire Default lease duration is displayedDhcp set expire ipaddr hours default infinite Dhcp set addressesDhcp set lease Dhcp set mask net mask Example command sets client lease time to the default valueExample command sets lease time to infinite for this subnet Dhcp set maskDhcp set otherserver net continue stop Dhcp set otherserverCode specifying the option to be set Dhcp set valueoptionLease Subnetwork leaseThis page intentionally left blank Lists the supported L2TP keywords Configures the router to forward all incoming callsDisplay of the current configuration settings for tun Nels, except for the authentication password/seDefines the type of L2TP support for the tunnel Creates a Chap secretCreates local router’s host name Creates the host name of the remote tunnelTunnelnamea Name of the tunnel. b Example command adding the tunnel named PacingAtWorkL2tp ? L2tp addL2tp call PacingAtWork L2tp callL2tp close L2tp call tunnelnameL2tp del Tunnel to an LNS L2tp forwardForward all incoming calls through the tunnel to an LNS No incoming calls are allowed to be forwarded throughL2tp list L2tp listL2tp list tunnelname Tunnelname a Name of the tunnel. bL2tp set address L2tp set address ipaddr tunnelnameIP address of the remote LAC or LNS L2tp set chapsecret Enables authenticationDisables authentication L2tp set authenL2tp set dialout yes no tunnelname Chap secret used to authenticate the creation of the tunnelL2tp set dialout L2tp set hiddenavpSource IP address used for this tunnel Allows the router hide AVPs. Default valueDisables hidden AVPs L2tp set ouraddressName of the tunnel L2tp set ourpasswordL2tp set oursysname Lenged by another routerTunnelnamea,b Name of the tunnel L2tp set ourtunnelnameL2tp set remotename Name of the local routerL2tp set type L2tp set wanif L2tp set wanif remote tunnelnameLishing the L2TP tunnel L2tp set window Remote setl2tpclient Remote setl2tpclient tunnelnameremotenameName of the remote entry Remote setLNS tunnelname remotename Remote setlnsLists the supported Bridge Filtering keywords Filter br ?Allows forwarding of the packets Filter br addByte offset within a packet Hexadecimal number up to 6 bytesFilter br del Filter br del pos data allow denyFilter br del 12 8035 deny Filter br list Filter br listLists the bridging filters in the filtering database Filter br listFilter br use This page intentionally left blank Remote setpppoeservice Pppoe close Pppoe close ifsnumberIfsnumber Session to be closed.a Pppoe list Pppoe listLists information about the currently active PPPoE sessions Pppoe listThis page intentionally left blank IKE/IPSEC Commands Defines a protocol filtering parameter value for Defines a peer filtering parameter value for the pol IcyDefines the pfs filtering parameter value for Policy Defines a proposal filtering parameter value forSets the local ID for the IKE peer connection Message authentication doneDisables a defined IPSec security association SA Entry Lists the defined IKE peersEnables a defined IPSec security association en Try Clears all IPSec definitionsSpecifies the identifier Spid for the IPSec tunnel Ike ipsec ? Displays help message Commit bit is not set. Default valueIke commit Ike flushPolicynamea New name for an IPsec policy.b Ike ipsec policies addIke ipsec policies delete Ike ipsec policies add policynamePolicynamea Name of an existing IPsec policy.b Ike ipsec policies disableIke ipsec policies disable policyname Name of an existing IPsec policy. bIke ipsec policies enable Ike ipsec policies enable policynameIke ipsec policies enable mypolicy Ike ipsec policies list IKE IPSec policies mypolicy enabled Ike ipsec policies listIke ipsec policies list Name of the IPsec policy to which the destination parameter Ike ipsec policies set destIke ipsec policies set destport IP address allowed to be the destination of the dataPortnumber Telnet Http Snmp Tftp Policynamea Ike ipsec policies set interface interface all policyname Ike ipsec policies set interfaceIke ipsec policies set interface all mypolicy Ike ipsec policies set modeIke ipsec policies set mode tunnel transport policyname Ike ipsec policies set interface backup corporateIke ipsec policies set peer peerpame policyname Name of the IPsec policy to which the encapsulation modeIke ipsec policies set peer Parameter value is added. aIke ipsec policies set pfs 2 mypolicy Ike ipsec policies set pfsIke ipsec policies set pfs 1 2 none policyname NegotiationIke ipsec policies set proposal Ike ipsec policies set proposal proposalname policynameIke ipsec policies set proposal myproposal mypolicy Ue is added. b Ike ipsec policies set protocolIs added. c Ike ipsec policies set sourceIke ipsec policies set source ipaddress ipmask policyname IP address allowed to be the source of the dataIke ipsec policies set sourceport Ike ipsec policies set translate on off policyname Ike ipsec policies set translateIke ipsec proposals add proposalname Ike ipsec proposals addIke ipsec proposals add myproposal Ike ipsec proposals deleteIke ipsec proposals delete proposalname Name of an existing IPsec proposal. bIke ipsec proposals list Ike ipsec proposals listIke ipsec proposals list Secure Hash Algorithm-1 Use AH encapsulation and authenticate using hash algorithmIke ipsec proposals set ahauth Ike ipsec proposals set ahauth md5 sha1 none proposalnameIke ipsec proposals set espauth Use ESP encapsulation and authenticate using hash algorithmNo ESP encapsulation and no ESP message authentication. If Auth commandAbled in the router Ike ipsec proposals set espencUse ESP encapsulation and 56-bit encryption Use ESP encapsulation and 168-bit encryption if 3DES is enIke ipsec proposals set ipcomp none lzs proposalname Compress using the LZS algorithmIke ipsec proposals set ipcomp Ike ipsec proposals set lifedataIke ipsec proposals set lifetime seconds proposalname Ike ipsec proposals set lifetimeIke ipsec proposals set lifedata kbytes proposalname Means unlimitedPeernamea New name for an IKE peer.b Ike peers addUnlimited Ike peers add peernamePeernamea Name of the IKE peer to delete.b Ike peers deleteIke peers list Ike peers delete peernameIke peers set address Ike peers set address ipaddress peernameIke peers list IKE Peers Ike peers set localid Ike peers set localid aggressivemodeid peernameIke peers set address 0.0.0.0 myaggressivepeer Ike peers set localidtype ipaddr domainname email peername Ike peers set localidtypeExample Response Name of the IKE peer whose local ID is specified. cIke peers set localidtype domainname myaggressivepeer Name of the IKE peer whose mode is specified. b Ike peers set modeSelect main mode both ends constant Selects aggressive mode one end can changeName of the IKE peer whose peer ID is specified. c Ike peers set peeridIke peers set peeridtype Ike peers set peerid aggressivemodeid peernameIke peers set peeridtype domainname myaggressivepeer Ike peers set secretIke peers set peeridtype ipaddr domainname email peername Ike peers set secret secret peernameProposalnamea New name for an IKE proposal.b Ike proposals addIke proposals delete Ike proposals add ProposalNameIke proposals delete myikeproposal Ike proposals listProposalnamea Name of the IKE proposal to delete.b Ike proposals listUse DH group Ike proposals set dhgroupIke proposals set dhgroup none 1 2 proposalname No DH group is usedUse DES 56-bit encryption Use 3DES 168-bit encryption if 3DES encryption is enabledIke proposals set encryption Ike proposals set lifetimeIke proposals set lifetime 86400 myikeproposal Ike proposals set messageauthMaximum number of seconds before renegotiation Ike proposals set messageauth none md5 sha1 proposalNameIke proposals set sessionauth Sanamea Name for the new IPSec SA.b IPSec CommandsIpsec add Ipsec add sanameIpsec delete Ipsec disableDisables a defined IPSec security association entry Sanamea Name of the IPSec SA to be disabled.bIpsec disable showrx Ipsec enableIpsec enable saname Sanamea Name of the IPSec SA to be enabled.bIpsec list saname Ipsec flushIpsec list Ipsec flushIpsec list Ipsec set authkey Ipsec set authenticationIpsec set authentication md5 sha1 saname Specifies the authentication key for the IPSec SAIpsec set direction inbound outbound saname Hexadecimal authentication keyIpsec set direction Defines the direction of the IPSec SASpecifies the encryption key for the IPSec SA Ipsec set compressionIpsec set enckey Ipsec set compression none lzs sanameIpsec set encryption Ipaddressa IP address of the IP gateway Ipsec set gatewayIpsec set ident Defines the IP address of the IP gateway of the IPSec SAName of the IPSec SA. b Ipsec set modeIpsec set mode tunnel transport saname Spid for the IPSec tunnelUse Both ESP encryption and authentication Ipsec set serviceIpsec set service esp ah both saname AH authenticationClears the L2 control channel statistics Lists the top-level voice or dsp commandsKeywords and a brief description of their function Displays the current voice rate and encoding typeDsp voice ? Dsp ? / voice ?Sets encoding method to alaw Typical response when entered with no parametersDsp ecode Selects the voice encoding method for all voice portsOptional, Length of jitter buffer in milliseconds Dsp jitterDsp jitter milliseconds Is displayedDsp provision Dsp save Voice port to configureDsp save Dsp vrVoice l2stats Voice l2clearVoice l2stats Voice profile profileVoice profile Example response confirming the configuration changeVoice profile Voice l2statsAn idle state Voice refreshcasVoice refreshcas active always ModeThis page intentionally left blank Words Lists the supported radius commands and keyDeletes a configured radius server entry Attempting the next radius server, if configuredRad deleteserver integer Rad ?Rad deleteserver Rad ?Rad list secret Rad list secretRad list secret Rad list server Rad list serverRad list server Radius set server Rad set retriesNumber of seconds between retry attempts Radius set timeoutAuthentication secret for the specified radius server Radius set secretDisables an existing user account Adds an access privilege to for the specified userConfigures the managements class with read-only Deletes an access path from the specified user acUser ? Displays the contents of the user account data BaseLists the characteristics of the pre-defined user Templates Admin RAdds user access through the console serial port User add accessAdds user access through a LAN connection Adds user access through the WAN connectionUser add class User add user User add user username password template enable disableRemoves user access through the WAN connection User delete accessUser delete access lan wan console username Removes user access through a LAN connectionMust be one of the following Enabled for read-onlyUser delete class User delete class mgtclass read write usernameUser delete user username1 username2 usernameN User delete class admin write Admin1User delete class voice read Admin1 User delete userUser disable VoiceAdmin User disableUser disable username User delete user Admin1 staff001User list User enableUser enable username User enable Admin1User list Displays the pre-defined user template information User list lookupUser list template User list lookupEfficient Networks User set lookup Newpassworda New password for the user account User set passwordChanges the password of an existing user account User setpassword username newpasswordThis page intentionally left blank Ture database Lists the supported key commandsValidates and adds a key to the key-enabled fea Deletes a feature key from the key-enabled featureUpdates the expiration date of an expired feature Key Disables a key-enabled featureRevokes a key-enabled feature key Unrevokes a revoked feature keyExample response when adding a key for L2TP Key addKey add keystring Key delete Key delete featurenameFeaturenamea Name of the feature to be deleted.b Example response when deleting the key for RadiusKey disable l2tp Key disableKey disable featurename Featurename Name of the feature to be disabled.aKey list Key enableKey enable featurename Featurenamea Name of the feature to be enabled.bTypical response with the -lparameter is shown below InstalledKey unrevoke Key revoke featureFeaturenamea Name of the feature key to be revoked Key revokeKey unrevoke keystring Key updateKey update keystring Keystringa Key string for the featureThis page intentionally left blank Sets an authentication password for an Snmp Disables Snmp access from the specified interEnables Snmp access from the specified inter Enables or disables transmission of unsolicitedSnmp ? Snmp addsnmpfilterSnmp ? IP address of the trap manager Snmp addtrapdestSnmp addsnmpfilter first ip addr last ip addr lan Snmp addstrapdest ip addrFollowing example sets the Snmp community name to iads Snmp communitySnmp community snmp community name Snmp community nameSnmp delsnmpfilter first ip addr last ip addr lan Snmp delsnmpfilterSnmp deltrapdest ip addr Snmp disablesnmpifSnmp disablesnmpif wanlan Snmp deltrapdestWan lan Interface from which Snmp access will be enabled Snmp enablesnmpifWan lan Interface from which Snmp access will be disabled Snmp enablesnmpif wanlanSnmp list Snmp settrapenableSnmp settrapenable on off Snmp listExample response when a password parameter is entered Enables trap event message transmissionCurrent password Snmp Manager authentication passwordSnmp snmpport Snmp snmpport default disabled portDue to firewall rules that when exceeded, will log Displays the current stateful firewall settingsConfigured rules Enables or disables the stateful firewall functionSets the threshold value for the number of UDP Firewall ?Sets the threshold value for the number of Icmp Sets the threshold value for the number of SYNPacket must have the specified protocol Packets must match the assigned application characteristicsFirewall allow Firewall allow protocol application parametersExamples Firewall -a netmeeting -sa 192.168.1.23 -d out Firewall allow -a FTP -sa 192.168.1.34 -d outFirewall clearcounter 13 allow Firewall clearcounterIndicates the specified rule is in the allow rules list Indicates the specified rule is in the deny rules listFirewall clearcounter all Firewall deleteFirewall clearcounter all Will delete all rules from the allow rules list Example command deletes rule 3 from the deny rules listFirewall delete all Firewall delete all allow denyFirewall deny Firewall deny protocol application parametersFirewall delete all allow Both Optional parameter will display only allow rules list Command entered with no parametersFirewall list Firewall list allow denyFollowing identifies the firewall rule to be modified Command entered with the optional allow parameterFirewall modify Firewall modify allow deny number parameterModifies the specified source ip mask Specifies the protocol a packet must haveModifies the firewall rule type Modifies the source IP address or specified address rangeFirewall setdroppktthreshold Enables the firewall as currently configuredDisables the firewall Firewall setFirewall setdroppkthreshold Firewall seticmpfloodthresholdFirewall seticmpfloodthreshold number Threshold value in packets per secondsFirewall setsynfloodthreshold number Firewall setsynfloodthresholdFirewall viewdroppkts number Firewall setudpfloodthresholdFirewall viewdroppkts Firewall setudpfloodthreshold numberFirewall viewdroppkts Typical response using the optional number parameterFirewall watch Firewall watch on offNo messages are printed to the console or Syslog server This page intentionally left blank Sets the idle timeout period for SSH connections List the supported SSH sub-commandsDisplays the current SSH configuration with the ex Configured SSH portGenerates the Private-Public key-pair for the local server Ssh ?Ssh keygen Ssh ?Ssh load publickey tftp@server-addrpriv-key-file Ssh listSsh load privatekey Ssh listSsh load privatekey tftp@192.168.13.174mykey Ssh load publickeySsh load publickey TFTP@server-addrpub-key-file Key file to loadDES 56-bit encryption Multiple types are allowed on the command lineSsh set encryption Sets the types of encryption the SSH connections will useSsh set keepalive enable disable Ssh set idletimeoutSsh set idletimeout seconds Idle timeout period in secondsSsh set mac md5 sha1 Ssh set keepalive enableSsh set mac Keepalive messages are sentSsh set status Enables and disables SSH server connectionsSsh set status enable disable Ssh set rekeyAllows SSH connections Ssh set status enableThis page intentionally left blank Scription of their functions List the supported QoS commands and a brief deEnables and disables marking of the differentiated Services fieldDefines a proposal filtering parameter value for Policy Saves the current QoS configuration and QoS pol IciesQos ? Qos appendSpecifies the QoS policy to be deleted Specifies that all disabled QoS policies will be deletedQos del Policy namea Specifies the QoS policy name to be addedQOS will mark Diffserv field in IP header Qos disableExample command that deletes all disabled QoS policies Qos diffservSpecifies the QoS policy to be enabled Qos enablePolicy namea Specifies the QoS policy to be disabled Qos enable policy nameQos list policy name Qos insertQos list Qos del policy name insert before this policyLOW Qos list mypolicy3Specifies the QoS policy to be moved Qos moveQos movetoend Qos move policy name move to before this policyQos off Qos offQos on Saves the current QoS feature and policy configurationsQos on Qos saveSpecifies the priority, with normal the default value Qos setQos set parameter policy name Specifies the outgoing code point Specifies the incoming code pointQos setweight Qos setweight highmeduimnormallow weightQueue This page intentionally left blank Configures port traffic mirroring Lists the supported Switch sub-commandsSpecifies the aging time of the switch Disables the specified Ethernet portSwitch agetime seconds Switch ?Switch agetime Switch ? helpSwitch block Switch blockSwitch block port Ethernet port to be disabledSwitch mirror Switch mirror on off capture port map port unmap portSwitch mirror capture 6 switch mirror map Switch mirror map Switch mirror capture Switch statusDisplays the current port states for the Ethernet switch Switch statusSwitch status Switch unblockSwitch unblock port Ethernet port to be enabled