Manuals / Efficient Networks / Computer Equipment / Network Router

Efficient Networks 107-0001-000 manual Key add keystring

Models: 107-0001-000

1 516

Page 449

Efficient Networks® Router family	Chapter 16: Key Commands
Command Line Interface Guide

key add

Validates a the key that has been generated for the specific device. Once validated, adds key to key database. When adding a key enabled feature, the feature is enabled by default. To disable a feature, use the key disable command. A key cannot be entered if one of the following conditions exist:

•The key was generated for a different router.

•A non-revoked and non-expired key has already been added for the specified feature.

•The same key currently exists in a revoked condition.

•The key state is Manufacturing or Legacy

NOTE:

The key will not be written to flash memory until a save command has been issued.

Mgmt Class

Security (R/W)

Input Format

key add <key_string>

Parameters

<key_string>a Key string. Example shown below.

1H+zWqHlXa32Kir45Nqxean3a4kkvhSIH0H/cAHujbtRanrVpx9yxQZlLT6pCUnbuAZzHsLKin7=

aThe key string is case-sensitive and must be entered exactly as received and with no spaces.

Response

Example response when adding a key for L2TP.

-> key add 1H+zWqHlXa32Kir45Nqxean3a4kkvhSIH0H/cAHujbtRa=

10/03/2001-13:03:54:KEF: Load key for feature "l2tp" into DB SUCCEDEED

Example response when adding a key that already exists or has been revoked.

-> key add 1H+zWqHlXa32Kir45Nqxean3a4kkvhSIH0H/cAHujbtRa=

10/03/2001-13:50:31:KEF: Load key for feature "l2tp" into DB FAILED

Efficient Networks®

Page 16-3

Page 449

Image 449

Efficient Networks 107-0001-000 manual Key add keystring, Example response when adding a key for L2TP

Contents

5RXWHUDPLO\ Efficient Networks Software License and Limited Warranty Limitations Release Revision History001 12 Feb Contents File System Commands Contents Contents Eth ip directbcast Remote CommandsContents Contents WAN Interface Commands Dhcp Commands L2TP Commands L2tp set window -16 remote setl2tpclient -17 remote setlns Remote setpppoeservice -1 pppoe close -2 pppoe listContents Voice Commands User Commands Stateful Firewall Commands Ssh set rekey -8 ssh set status -8 system sshport QoS CommandsThis page intentionally left blank How This Manual is Organized IntroductionAccessing the Command Line Command ConventionsPassword UsernamePassword change will be confirmed Re-enter the new password at the promptCommand line is now available for use Terminal SessionsTerminal Session under Windows HyperTerminal Data bits Parity None Stop bits Flow control Hardware Terminal Session for Macintosh or Unix Telnet Telnet Session for Remote AccessCommand Line via the Web Management Interface Resolution Protocol ARP table Lists the top-level commands and keywords and aMode is learning, listening, or forwarding Lists the contents of the bridge tableChanges the current user password Lists the current services in the IPX SAPs tableInitiates a reboot of the system Enables Sntp requestsInput Format ? or helpParameters ResponseArp list Arp deleteMgmt Class ExampleArp list Input Format ParametersVoice R Arp listBi list Bi listBi list Voice R/W CallCall remotename Remotenamea Name of the target routerDisplay when date is entered with parameters Display when date is entered with no parametersDate All R/WErase Admin R/WWhen entered with no parameters, same as erase all Ifs ExitAll R Voice R, Network RTypical response is shown below IpifsAn example of additional interfaces that may be displayed IpifsIpxroutes IproutesIproutes IpxroutesIpxsaps IpxsapsIpxroutes IpxsapsLogout LogoutSystem R, Debug R MemMem MemMlp summary Mlp summaryAdmin101@console- password 1675309 lobster PasswordPassword old password new password Ping Ping -I 192.168.1.2 Ping -c 2 -i 7 -s 34Ping -I 192.168.254.254 TID Name Bottom Current Size 1IDLE Reboot option RebootSave User is prompted to verify the commandSave Disables Sntp requests Sntp disableSntp disable Sntp activeWhen no parameter is entered, current offset is displayed Sntp enableSntp offset Itive number is east a negative number is westSntp prefserver When entered with no number parameterSntp prefserver number Number of a server within the Sntp server listWhen entered while sntp function is currently disabled When entered with a number parameterWhen entered and no sntp preferred server is defined When entered and an sntp preferred server has been definedRequests the default server list Sntp server ipaddress default numberWhen entered with the default parameter Sntp serverTcp stats Tcp statsTypical response Tcp statsTime Network R/W, Debug R TracerouteDress as the source address Hop is listed in the output messageTraceroute -n 172.17.20.1Traceroute Vers VersCommands into the router This command loads batch files of configurationCopies a file from the source to the destination Deletes the specified file from the flash filesystemExamples CopyCopy srcfile dstfile Copy tftp@128.1.210.66kernelnw kernel.f2kDelete Admin R/W, System R/WRefer to examples for typical responses Delete filenameDir DirDir Execute filename ExecuteFormat disk Following is an example of the format disk commandSystem R/W, Debug R/W Format diskMsfs MsfsMsfs fix Rename Following is an example rename commandSync Commits the changes made to the file system to Flash memoryLists the supported keywords Adds an address to the BootP server listRemaps a range of local-LAN IP addresses to a Range of public IP addresses on a system-wide baEnables the Dial Backup option in the router Disables the Dial Backup option in the routerChanges the Dial Backup retry period Changes the Dial Backup stability periodRemoves an address from the BootP server list Lists the default modem settingsManages the system Http port access Lists the system settings for the target routerManages Snmp port access Enables and disables the secure mode functionManages SSH port access Manages Syslog port accessSystem addbootpserver ipaddr System addbootpserverSystem ? System ?IP address of the server System addbootpserverSystem addhostmapping Security R/W System addhttpfilterSystem addhttpfilter first ip addr last ip addr lan Local Ethernet LANSystem addiproutingtable System addiproutingtable 192.168.1.5 192.168.1.12 Rosa System addserverResponse Example Rlogin port Action One of the following command actionsSelects the host with this IP address as server Discards the incoming server requestSystem addsnmpfilter first ip addr last ip addr lan System addsnmpfilterSystem addsyslogfilter firstipaddr last ipaddr lan System addsyslogfilterSystem R/W System addsyslogserverSystem addsyslogserver ipaddr IP address to be added to the Syslog server address listSystem addtelnetfilter first ip addr last ip addr lan System addtelnetfilterWarded System addudprelayFirst port in the UDP port range to be created Incorporates all the available UDP ports in the new rangeSystem authen none pap chap System authenCally Chap is performedSystem backup add ipaddr gw dns group System backup addIP address to be added to the list AddressFollowing command deletes the gateway address from group System backup deleteFollowing command deletes all addresses from group IP address to be deleted from the listFollowing command clears all addresses from the list System backup disableSystem backup disable System backup delete all allSystem backup enable System backup enableSystem backup pinginterval seconds group System backup pingintervalNumber of seconds in the ping interval for the group Optional, number of a groupSystem backup pingsamples samples group System backup pingsamplesSystem backup pingsamples System backup pingsamples 0System backup retry minutes System backup retryFollowing command changes the retry period to 60 minutes Following command changes the retry period toSystem backup successrate System backup stabilitySystem backup stability minutes Following command changes the stability period to 5 minutesSystem backup successrate percentage group System blocknetbiosdefaultSystem backup successrate System backup successrate 0Sets the default to block all NetBIOS and NetBUI requests System blocknetbiosdefault yes noSystem community System community snmp community nameSystem delbootpserver System default modemSystem defaultmodem System delbootpserver ipaddr allSystem delbootpserver Removes all addresses from the BootP server listSystem delbootpserver all System delhostmappingSystem deliproutingtable System delhttpfilterSystem delhttpfilter first ip addr last ip addr lan First IP address of the rangeDeletes an entry created by the system addserver command Following command deletes the virtual routing table RosaSystem delserver System deliproutingtable 192.168.1.5 192.168.1.6 RosaAction One of the following command actions First IP address of the client range System delsnmpfilterSystem delsnmpfilter first ip addr last ip addr lan System delsyslogserver System delsyslogfilterSystem delsyslogfilter firstipaddr last ipaddr lan System delsyslogserver ipaddrSystem deltelnetfilter first ipaddr last ipaddr lan System deltelnetfilterSystem history System deludprelayDeletes all existing UDP ports Last port in the UDP port range to be deletedSystem history Following is a typical responseThis command sets the Http port to the default value System httpport default disabled portSystem httpport CessSystem list System listFollowing is an example of a typical response System listSystem log start stop status System logInitiates monitoring activity TureFollowing command selects pulse dialing Following command changes the string for the init settingSystem modem Enter one of the following optionsFirst ipaddra First IP address of the range to be moved System moveiproutingtableSystem msg System msg Configured on10/21/98System msg message Message a,bSystem name name System nameRouter name Name a,bTions System onewandialupSystem onewandialup on off Passworda,bAuthentication password of the target router System riptimerTimer value for RIP information exchange System passwdSystem securemode list System securemode set enable disableSystem securemode set Security RTypical response indicating the curent mode is displayed Disable Disables secure modeSystem securemode set cli System securemode set cli valueSystem securemode set lan Mode is enabledSystem securemode set wan System securemode set lan trusted untrustedSystem securemode set wan trusted untrusted System securitytimerSystem securitytimer minutes Specifies the destination IP address to which the policy System selnat addpolicyWill be applied Policy will be appliedSystem selnat list System selnat delpolicySystem selnat delpolicy policy number Number of the policy to be deletedSystem snmpport System snmpport default disabled portThis command remaps the Snmp port to port This command sets the Snmp port to the default valueThis command disables the existing Snmp port System supporttrace System sshportSystem supporttrace Debug R/WSystem supporttrace === Processes === TID Name FL P Bottom Current Size 1IDLE DSP ATZ QA-LABPC === Interfaces === NW PRM Efficient Networks === END of Tech Support Data System syslogport System syslogport default disabled portThis command disables the existing Syslog port This command sets the Syslog port to the default valueThis command remaps the syslog port to port System telnetport default disabled portMote access Disables the existing Telnet portThis command sets the Telnet port to the default value This command disables the existing telnet portLink System wan2wanforwardingSystem wan2wanforwarding on Adds a logical interface onto an Ethernet port so That the router can provide service to multiple IPSubnets Deletes a logical interface from an Ethernet portDisables IP routing across the Ethernet LAN Removes a route from the default routing tableEnables IP routing across the Ethernet LAN Enables and disables Ethernet Firewall FilteringEnables IPX routing across the Ethernet LAN Disables IPX routing across the Ethernet LANClears the password in a Vrrp attribute record for Vrid Sets the IPX network number for the Ethernet LAN ConnectionEth ? Eth ?Eth add Eth addEth add port#logical# Eth delete port#logical# Eth deleteEthernet interface from which logical port will be deleted Logical interface number to be deletedTypical usage Eth ip addhostmappingEth ip addr ipaddr ipnetmask interface Eth ip addrEthernet LAN IP address IP network maskEth ip addroute ipaddr ipnetmask gateway hops interface Eth ip addrouteIP address of the IP gateway Ethernet interface through which the packet is sentEth ip addserver Eth ip bindroute Ethernet LAN IP address Eth ip defgateway ipaddr interface Eth ip defgatewayEth ip delhostmapping Eth ip addroute ipaddr ipnetmask interface Eth ip delrouteEth ip delroute 10.9.2.0 Eth ip delroute 10.1.3.0 255.255.255.0Eth ip delserver MP port Protocolid a Numerical protocol IDHypettext Transfer Protocol Http port Enables the forwarding of packets broadcast to a subnet Eth ip disableDisables the forwarding of packets broadcast to a subnet Eth ip directbcastEth ip enable Eth ip enableEth ip disable Eth ip filter Eth ip filter command type action parameters interfaceEth ip filter append Eth ip filter insertEth ip filter flush Eth ip filter deleteEth ip filter clear Eth ip filter delete type action parameters interfaceEth ip filter watch Eth ip filter checkEth ip filter list Protocol TCP UDP Icmp Dp Icmp type first dest portlast dest port Eth ip filter flush input Eth ip firewall Disables the firewall filtering featureEth ip firewall on off list To be performedEth ip mgmt ipaddr ipnetmask interface Eth ip mgmtPing -I 192.168.1.2 Eth ip options option on off interface Eth ip mgmt 10.0.0.1 255.255.255.0 Save RebootEth ip options Eth ip ripmulticast ipaddr Eth ip ripmulticastOptionMust be one of the following Eth ip translate on off interface Eth ip translateEth ip translate on Eth ip translate offEth ip unbindroute ipaddr tablename interface Eth ip unbindrouteEth ip vrid vrid interface Eth ip vridEth ipx addr Eth ipx disableEth ipx addr ipxnet port# Eth ip vrid 7This command requires a reboot Eth ipx enableEth ipx disable port# Eth ipx enable port#Eth ipx frame Eth ipx enable typeEth list Eth list interfaceEth list Global BRIDGING/ROUTING SettingsEth mtu size interface Eth mtuEth restart Eth restart interface Eth startInterfacea,b Logical Ethernet interface Eth start interfaceInterfacea,b Logical Ethernet interface Eth stopEth vrrp add vrid port# Eth vrrp addEth vrrp add Eth vrrp add 2Eth clear password Eth vrrp clear passwordEth vrrp clear password vrid port# Eth vrrp delete Eth vrrp deleteEth vrrp delete vrid port# Eth vrrp list port# Eth vrrp listEth vrrp set multicast Eth vrrp multicast Eth vrrp set optionEth vrrp set multicast ipaddr Tribute record was created by the command eth vrrp add Eth vrrp set passwordPreempt immediately Do not preempt a router with lower priorityPassword Eth vrrp set password password vrid port#Attribute record was created by the command eth vrrp add Eth vrrp set password AbCdEfGhEth vrrp set priority priority vrid port# Eth vrrp set priorityEth vrrp set priority 50 7 Eth vrrp set timeintervalEth vrrp set priority 255 Time interval value in seconds Eth vrrp set timeinterval seconds vrid port#Virtual router ID of the Vrrp attribute record Eth vrrp set timeinterval 2Adds the source routing option Eth ip remsrcrouteopt enable disableRemoves the source routing option. Default value Remote Commands Remote bindipvirtualroute Remote disbridge Remote setcompression Remote setppppretrytimer Remote add Remote ?Adds a remote router entry into the remote router database Remotenamea Name of the tunnel. bRemote addbridge * macaddr remotename Remote addbridgeAll MAC addresses MAC addressRemote addhostmapping Remote addiproute Examples Remote addIpxRoute ipxne# metric ticks remotename Remote addipxrouteIPX network number Network/stationRemote addipxsap Name of serviceIPX node address ErsRemote addserver Sntp SmtpT120 TelnetRemote bindipvirtualroute Enter a gateway only if you are configuring a MER interfaceRoute Address of a router on the remote LANEnables NetBIOS filtering Remote blocknetbiosDisables NetBIOS filtering Remote delRemote delbridge Remote delatmsnapATM forum encoding ITU E164 encodingRemote delencryption remotename Remote delencryptionDeletes encryption files associated with a remote router Remote deliproute ipaddr remotename Remote delhostmappingRemote deliproute Remote delIpxRoute ipxnet remotename Remote delipxrouteRemote delipxsap Remote delipxSap servicename remotenameRemote deloursysname Remote delourpasswdRemote delourpasswd remotename Remote deloursysname remotenameRemote delserver Remote delphoneAction One of the following command actions Remote disable remotename Remote disableRemote disauthen Remote disauthen remotenameRemote disbridge remotename Remote disbridgeRemote enable remotename Remote enableRemote enaauthen Remote enaAuthen remotenameRemote enabridge Remote enablebridge remotenameRemote ipfilter Remote ipfilter command type action parameters remotenameRemote ipfilter append Remote ipfilter insertRemote ipfilter flush Remote ipfilter deleteRemote ipfilter clear Remote ipfilter checkManagement Protocol error message For example, the commandRemote ipfilter list Remote ipfilter watchProtocol TCP UDP Icmp Tcp syn ack noflag rst Remote list remotename Remote listRemote ipfilter flush receive internet Remote ipfilter list input internetAre listed If entered with no parameters, all remote router entriesTypical response when entered with no remotename parameter If entered with no parameters, bridge settings for all reRemote listbridge Mote routers entries are listedRemote listiproutes remotename Remote listiproutesDest Private YesRemote listipxsaps Remote listipxroutesRemote listipxroutes remotename Remote listipxsaps remotenameRemote listphones remotename Remote listphonesRem listipxsaps hq Rem listphones hqRemote restart remotename Remote restartRemote setatmnsap Remote setatmnasp atmf e164 partial full nsap remotename Remote setauthenNsap Remote setauthen protocol remotenameRemote setBOD in out both remotename Remote setbodAny traffic, including PPPoE traffic. The default is off Default is onRemote setbroptions Remote setBrOptions option on off remotenameRemote setbwthresh Default is 0, in which case, whenever data transmissionRemote setBWthresh threshold remotename Occurs, the maximum number of links is allocatedRemote setcompression Disables compression negotiation. The default is offRemote setencryption They both share a common compression protocolRemote setEncryption DESE1KEYDESE2KEY filename remoteName Remote setipoptions option on off remotename Remote setipoptionsRemote setipslaveppp Slave mode setting. The default is noUse periodic echo Remote setipslaveppp yes no remotenameRemote setiptranslate Enables or disables NATRemote setipxaddr Remote setiptranslate on off remotenameRemote setIpxOptions ripsap on off remotename Remote setipxoptionsRemote setmaxline Default isRemote setmgmtipaddr Remote setMaxLine 1 2 remotenameIP sub-network mask Remote setmgmtipaddr ipaddr mask remotenameIP address Remote setMinLine 0 PPPoEuser Remote settimer 600 PPPoEuser Is allocated for the connection only when needed.Remote setminline Remote setminline minlines remotenameRemote setmtu 1400 HQ Remote setmtuRemote setmtu size remotename Remote setourpasswd Remote setourpasswd password remotenameRemote setoursysname Remote routerAuthentication password of the remote router Remote setpasswd password remotenameRemote setpasswd Remote setphoneRemote setPhone async isdn 1 2 phone# remotename Remote setspeed 115200 async 2 backupRemote setphone async 1 5552000&5554000 backup Remote setpppoptions Desired setting for the optionRemote setpppoptions option on off remotename Use IPX RIP/SAP protocolsValue to Remote setppppretrytimerRemote setpppretrytimer timervalue remotename Remote setprefer async fr hsd remotename Remote setpreferBers and bit rates in the remote profile Frame RelayRemote setPrefer async backup Remote list backup Remote setprotocol Remote setpvc vpi number*vci number remotename Remote setpvcVirtual Path ID number that identifies the link formed by Virtual pathRemote setrmtipaddr ipaddr mask remotename Remote setrmtipaddrIP address of the remote router IP network mask of the remote routerRemote setspeed Use the default speedBit rate to be used for the phone number Primary phone numberTarget IP address of the WAN connection to the remote rout Remote setsrcipaddrRemote setsrcipaddr ipaddr mask remotename Number of seconds in the timeout period Remote settimerRemote settimer seconds remotename Remote start remotename Remote startTotal connect time +011148 Total bytes out 15896 Remote statsRemote stats remotename Remote stop remotename Remote stopRemote unbindipvirtualroute ipaddr tablename remotename Remote unbindipvirtualrouteIP virtual routing table to which the route is removed Remote unbindIPVirtualRoute 10.1.2.0 Francisco HQThis page intentionally left blank WAN Interface Commands Adsl ? Adsl CommandsAdsl speed Adsl restartAdsl restart Adsl speedAdsl stats clear Adsl statsStatistical information displayed Adsl speedAtm ? ATM CommandsAtm ? Typical response when entered with no parameter Following command requests the current speedAtm pcr Atm pcr cells/secondAtm save Saves the ATM configuration settingsAtm speed Atm saveUpstream speed requested in kilobits/second Remote setatmtrafficRemote setATMTraffic scr mbs remoteName Atm speedRemote setATMTraffic 0 0 HQ Sustained Cell Rate cells per secondRemote setATMtraffic 47 31 HQ Remote setATMtraffic 47 1 HQDmt ? DMT CommandsDmt ? Dmt link Ansi notrellisansi Selects the DMT mode used Dmt modeDmt mode ansi notrellisansi uawg Dual-Ethernet Router ETH Commands Eth br disable Eth br enableEth br enable Eth br disableEthernet port number Eth br optionsEth br options option on off port# Eth br options pppoeonly on Eth br options stp offFrame ? Frame CommandsFrame ? Selects bridging mode, default value Selects bridging modeFrame cmpplay Frame lmiDisplays frame relay statistics Frame statsFrame stats Frame statsFrame voice Frame voiceDisplays the voice Dlci for voice routers Gti speed GTI CommandsGti ? Gti speed Gti statsGti stats Gti speedGti version Gti versionGTI Adsl Version information is displayed Hdsl ? Hdsl CommandsHdsl ? Hdsl save Saves the HDSL-related changes across restarts and rebootsHdsl speed Hdsl saveSets the terminal operation mode to CO Sets the terminal operation mode to CPECommand example displaying current mode Hdsl terminalIdsl list Idsl CommandsIdsl list Typical responseIdsl set speed Idsl saveIdsl save Idsl set speed 64 128Remote setdlci Idsl set switchLink speed of 64 Kbps Link speed of 128 KbpsFrame Relay number identifying the data-link connection Remote setprotocolRemote setProtocol ppp fr mer remotename PPP protocol with no encapsulationSdsl ? Sdsl CommandsSdsl ? Sdsl preact Disables pre-activationSdsl preact on off CPE end. aSdsl speed Sdsl saveSdsl save Sdsl speed speed noautoSdsl speed This command example requests a line speed of 1152 Kb/sSee examples above Sdsl terminal cpe co Sdsl terminalTerminal operation is displayed Sdsl terminalShdsl Commands Shdsl ? Enables the selected annexShdsl annex Lists the supported Shdsl keywordsShdsl list Lists the current configuration of the G.shdsl interfaceShdsl list Shdsl listShdsl margin Selects adaptive or fixed rate modeShdsl ratemode Noise margin in decibelsSelects fixed mode Selects adaptive modeShdsl restart Current ratemode is displayedShdsl save Shdsl saveShdsl speed Shdsl speed speed auto This command usage requests a line speed of 1096 Kb/sSpeed in Kbps Selects auto-speed detectionShdsl stats clear Shdsl statsShdsl stats Shdsl stats clearShdsl terminal Shdsl terminalDisplays the G.shdsl version level of the modem firmware Shdsl verShdsl ver Shdsl verThis page intentionally left blank Denies processing of a BootP request for a partic Allows a BootP request to be processed for a parSpecifies the boot file name kernel and the sub Lists the supported Dhcp keywordsDisables a subnetwork or a client lease Specifies the Tftp server boot serverEnables a subnetwork or a client lease Clears the values from a pool of addressesDhcp add Dhcp ?To define a subnetwork To define a client leaseCommand usage defining a client lease Command usage defining a subnetworkDhcp add Dhcp add 128 1 4 ipAddressDhcp addrelay Command usage defining, then listing a Dhcp relay serverDhcp addrelay ipaddr Dhcp addrelayDhcp bootp disallow Dhcp bootp allowIP address of the subnetwork lease IP address of the client leaseName of the file to boot from Dhcp bootp fileDhcp bootp file net ipaddr name Dhcp bootp tftpserver net ipaddr tftpserver ipaddr Dhcp bootp tftpserverDhcp clear addresses IP address of the Tftp serverDhcp clear all records Word records cannot be abbreviated in the commandDhcp clear expire Dhcp clear all recordsIpaddra IP address of the subnetwork lease Dhcp clear valueoptionDhcp clear valueoption net ipaddr code User defined code cExample command usage deleting a client lease Example command to delete the defined subnetworkExample command deleting the user-defined option with code Dhcp delDhcp disable all net ipaddr Dhcp disableDhcp delrelay Dhcp delrelay ipaddr allDisables all subnets Dhcp enableEnables all subnets IIP address of the subnetwork leaseDhcp list Following example command lists global informationLists global, subnetwork, and client lease information Dhcp list net ipaddrGateway Following example command lists information for clientDhcp list definedoptions code string Dhcp list definedoptionsPredefined or user-defined number or keyword Character stringEfficient Networks Dhcp list definedoptions ga Dhcp list leaseDhcp list lease Dhcp set expire ipaddr hours default infinite Default lease duration is displayedDhcp set addresses Dhcp set expireDhcp set lease Example command sets lease time to infinite for this subnet Example command sets client lease time to the default valueDhcp set mask Dhcp set mask net maskDhcp set otherserver net continue stop Dhcp set otherserverLease Dhcp set valueoptionSubnetwork lease Code specifying the option to be setThis page intentionally left blank Display of the current configuration settings for tun Configures the router to forward all incoming callsNels, except for the authentication password/se Lists the supported L2TP keywordsCreates local router’s host name Creates a Chap secretCreates the host name of the remote tunnel Defines the type of L2TP support for the tunnelL2tp ? Example command adding the tunnel named PacingAtWorkL2tp add Tunnelnamea Name of the tunnel. bL2tp close L2tp callL2tp call tunnelname L2tp call PacingAtWorkL2tp del Forward all incoming calls through the tunnel to an LNS L2tp forwardNo incoming calls are allowed to be forwarded through Tunnel to an LNSL2tp list tunnelname L2tp listTunnelname a Name of the tunnel. b L2tp listIP address of the remote LAC or LNS L2tp set addressL2tp set address ipaddr tunnelname Disables authentication Enables authenticationL2tp set authen L2tp set chapsecretL2tp set dialout Chap secret used to authenticate the creation of the tunnelL2tp set hiddenavp L2tp set dialout yes no tunnelnameDisables hidden AVPs Allows the router hide AVPs. Default valueL2tp set ouraddress Source IP address used for this tunnelL2tp set oursysname L2tp set ourpasswordLenged by another router Name of the tunnelL2tp set remotename L2tp set ourtunnelnameName of the local router Tunnelnamea,b Name of the tunnelL2tp set type Lishing the L2TP tunnel L2tp set wanifL2tp set wanif remote tunnelname L2tp set window Name of the remote entry Remote setl2tpclientRemote setl2tpclient tunnelnameremotename Remote setLNS tunnelname remotename Remote setlnsLists the supported Bridge Filtering keywords Filter br ?Byte offset within a packet Filter br addHexadecimal number up to 6 bytes Allows forwarding of the packetsFilter br del 12 8035 deny Filter br delFilter br del pos data allow deny Lists the bridging filters in the filtering database Filter br listFilter br list Filter br listFilter br use This page intentionally left blank Remote setpppoeservice Ifsnumber Session to be closed.a Pppoe closePppoe close ifsnumber Lists information about the currently active PPPoE sessions Pppoe listPppoe list Pppoe listThis page intentionally left blank IKE/IPSEC Commands Defines the pfs filtering parameter value for Policy Defines a peer filtering parameter value for the pol IcyDefines a proposal filtering parameter value for Defines a protocol filtering parameter value forDisables a defined IPSec security association SA Entry Message authentication doneLists the defined IKE peers Sets the local ID for the IKE peer connectionSpecifies the identifier Spid for the IPSec tunnel Enables a defined IPSec security association en TryClears all IPSec definitions Ike ipsec ? Ike commit Commit bit is not set. Default valueIke flush Displays help messageIke ipsec policies delete Ike ipsec policies addIke ipsec policies add policyname Policynamea New name for an IPsec policy.bIke ipsec policies disable policyname Ike ipsec policies disableName of an existing IPsec policy. b Policynamea Name of an existing IPsec policy.bIke ipsec policies enable mypolicy Ike ipsec policies enableIke ipsec policies enable policyname Ike ipsec policies list Ike ipsec policies list IKE IPSec policies mypolicy enabledIke ipsec policies list Ike ipsec policies set destport Ike ipsec policies set destIP address allowed to be the destination of the data Name of the IPsec policy to which the destination parameterPortnumber Telnet Http Snmp Tftp Policynamea Ike ipsec policies set interface interface all policyname Ike ipsec policies set interfaceIke ipsec policies set mode tunnel transport policyname Ike ipsec policies set modeIke ipsec policies set interface backup corporate Ike ipsec policies set interface all mypolicyIke ipsec policies set peer Name of the IPsec policy to which the encapsulation modeParameter value is added. a Ike ipsec policies set peer peerpame policynameIke ipsec policies set pfs 1 2 none policyname Ike ipsec policies set pfsNegotiation Ike ipsec policies set pfs 2 mypolicyIke ipsec policies set proposal myproposal mypolicy Ike ipsec policies set proposalIke ipsec policies set proposal proposalname policyname Ue is added. b Ike ipsec policies set protocolIke ipsec policies set source ipaddress ipmask policyname Ike ipsec policies set sourceIP address allowed to be the source of the data Is added. cIke ipsec policies set sourceport Ike ipsec policies set translate on off policyname Ike ipsec policies set translateIke ipsec proposals add proposalname Ike ipsec proposals addIke ipsec proposals delete proposalname Ike ipsec proposals deleteName of an existing IPsec proposal. b Ike ipsec proposals add myproposalIke ipsec proposals list Ike ipsec proposals listIke ipsec proposals list Ike ipsec proposals set ahauth Use AH encapsulation and authenticate using hash algorithmIke ipsec proposals set ahauth md5 sha1 none proposalname Secure Hash Algorithm-1No ESP encapsulation and no ESP message authentication. If Use ESP encapsulation and authenticate using hash algorithmAuth command Ike ipsec proposals set espauthUse ESP encapsulation and 56-bit encryption Ike ipsec proposals set espencUse ESP encapsulation and 168-bit encryption if 3DES is en Abled in the routerIke ipsec proposals set ipcomp Compress using the LZS algorithmIke ipsec proposals set lifedata Ike ipsec proposals set ipcomp none lzs proposalnameIke ipsec proposals set lifedata kbytes proposalname Ike ipsec proposals set lifetimeMeans unlimited Ike ipsec proposals set lifetime seconds proposalnameUnlimited Ike peers addIke peers add peername Peernamea New name for an IKE peer.bIke peers list Ike peers deleteIke peers delete peername Peernamea Name of the IKE peer to delete.bIke peers list IKE Peers Ike peers set addressIke peers set address ipaddress peername Ike peers set address 0.0.0.0 myaggressivepeer Ike peers set localidIke peers set localid aggressivemodeid peername Example Response Ike peers set localidtypeName of the IKE peer whose local ID is specified. c Ike peers set localidtype ipaddr domainname email peernameIke peers set localidtype domainname myaggressivepeer Select main mode both ends constant Ike peers set modeSelects aggressive mode one end can change Name of the IKE peer whose mode is specified. bIke peers set peeridtype Ike peers set peeridIke peers set peerid aggressivemodeid peername Name of the IKE peer whose peer ID is specified. cIke peers set peeridtype ipaddr domainname email peername Ike peers set secretIke peers set secret secret peername Ike peers set peeridtype domainname myaggressivepeerIke proposals delete Ike proposals addIke proposals add ProposalName Proposalnamea New name for an IKE proposal.bProposalnamea Name of the IKE proposal to delete.b Ike proposals listIke proposals list Ike proposals delete myikeproposalIke proposals set dhgroup none 1 2 proposalname Ike proposals set dhgroupNo DH group is used Use DH groupIke proposals set encryption Use 3DES 168-bit encryption if 3DES encryption is enabledIke proposals set lifetime Use DES 56-bit encryptionMaximum number of seconds before renegotiation Ike proposals set messageauthIke proposals set messageauth none md5 sha1 proposalName Ike proposals set lifetime 86400 myikeproposalIke proposals set sessionauth Ipsec add IPSec CommandsIpsec add saname Sanamea Name for the new IPSec SA.bDisables a defined IPSec security association entry Ipsec disableSanamea Name of the IPSec SA to be disabled.b Ipsec deleteIpsec enable saname Ipsec enableSanamea Name of the IPSec SA to be enabled.b Ipsec disable showrxIpsec list Ipsec flushIpsec flush Ipsec list sanameIpsec list Ipsec set authentication md5 sha1 saname Ipsec set authenticationSpecifies the authentication key for the IPSec SA Ipsec set authkeyIpsec set direction Hexadecimal authentication keyDefines the direction of the IPSec SA Ipsec set direction inbound outbound sanameIpsec set enckey Ipsec set compressionIpsec set compression none lzs saname Specifies the encryption key for the IPSec SAIpsec set encryption Ipsec set ident Ipsec set gatewayDefines the IP address of the IP gateway of the IPSec SA Ipaddressa IP address of the IP gatewayIpsec set mode tunnel transport saname Ipsec set modeSpid for the IPSec tunnel Name of the IPSec SA. bIpsec set service esp ah both saname Ipsec set serviceAH authentication Use Both ESP encryption and authenticationKeywords and a brief description of their function Lists the top-level voice or dsp commandsDisplays the current voice rate and encoding type Clears the L2 control channel statisticsDsp voice ? Dsp ? / voice ?Dsp ecode Typical response when entered with no parametersSelects the voice encoding method for all voice ports Sets encoding method to alawDsp jitter milliseconds Dsp jitterIs displayed Optional, Length of jitter buffer in millisecondsDsp provision Dsp save Voice port to configureDsp vr Dsp saveVoice l2stats Voice l2clearVoice profile profile Voice l2statsVoice profile Example response confirming the configuration changeVoice l2stats Voice profileVoice refreshcas active always Voice refreshcasMode An idle stateThis page intentionally left blank Deletes a configured radius server entry Lists the supported radius commands and keyAttempting the next radius server, if configured WordsRad deleteserver Rad ?Rad ? Rad deleteserver integerRad list secret Rad list secretRad list secret Rad list server Rad list serverRad list server Radius set server Rad set retriesAuthentication secret for the specified radius server Radius set timeoutRadius set secret Number of seconds between retry attemptsConfigures the managements class with read-only Adds an access privilege to for the specified userDeletes an access path from the specified user ac Disables an existing user accountLists the characteristics of the pre-defined user Templates Displays the contents of the user account data BaseAdmin R User ?Adds user access through a LAN connection User add accessAdds user access through the WAN connection Adds user access through the console serial portUser add class User add user User add user username password template enable disableUser delete access lan wan console username User delete accessRemoves user access through a LAN connection Removes user access through the WAN connectionUser delete class Enabled for read-onlyUser delete class mgtclass read write username Must be one of the followingUser delete class voice read Admin1 User delete class admin write Admin1User delete user User delete user username1 username2 usernameNUser disable username User disableUser delete user Admin1 staff001 User disable VoiceAdminUser enable username User enableUser enable Admin1 User listUser list User list template User list lookupUser list lookup Displays the pre-defined user template informationEfficient Networks User set lookup Changes the password of an existing user account User set passwordUser setpassword username newpassword Newpassworda New password for the user accountThis page intentionally left blank Validates and adds a key to the key-enabled fea Lists the supported key commandsDeletes a feature key from the key-enabled feature Ture databaseRevokes a key-enabled feature key Disables a key-enabled featureUnrevokes a revoked feature key Updates the expiration date of an expired feature KeyKey add keystring Example response when adding a key for L2TPKey add Featurenamea Name of the feature to be deleted.b Key delete featurenameExample response when deleting the key for Radius Key deleteKey disable featurename Key disableFeaturename Name of the feature to be disabled.a Key disable l2tpKey enable featurename Key enableFeaturenamea Name of the feature to be enabled.b Key listTypical response with the -lparameter is shown below InstalledFeaturenamea Name of the feature key to be revoked Key revoke featureKey revoke Key unrevokeKey update keystring Key updateKeystringa Key string for the feature Key unrevoke keystringThis page intentionally left blank Enables Snmp access from the specified inter Disables Snmp access from the specified interEnables or disables transmission of unsolicited Sets an authentication password for an SnmpSnmp ? Snmp ?Snmp addsnmpfilter Snmp addsnmpfilter first ip addr last ip addr lan Snmp addtrapdestSnmp addstrapdest ip addr IP address of the trap managerSnmp community snmp community name Snmp communitySnmp community name Following example sets the Snmp community name to iadsSnmp delsnmpfilter first ip addr last ip addr lan Snmp delsnmpfilterSnmp disablesnmpif wanlan Snmp disablesnmpifSnmp deltrapdest Snmp deltrapdest ip addrWan lan Interface from which Snmp access will be disabled Snmp enablesnmpifSnmp enablesnmpif wanlan Wan lan Interface from which Snmp access will be enabledSnmp settrapenable on off Snmp settrapenableSnmp list Snmp listCurrent password Enables trap event message transmissionSnmp Manager authentication password Example response when a password parameter is enteredSnmp snmpport Snmp snmpport default disabled portConfigured rules Displays the current stateful firewall settingsEnables or disables the stateful firewall function Due to firewall rules that when exceeded, will logSets the threshold value for the number of Icmp Firewall ?Sets the threshold value for the number of SYN Sets the threshold value for the number of UDPFirewall allow Packets must match the assigned application characteristicsFirewall allow protocol application parameters Packet must have the specified protocolExamples Firewall -a netmeeting -sa 192.168.1.23 -d out Firewall allow -a FTP -sa 192.168.1.34 -d outIndicates the specified rule is in the allow rules list Firewall clearcounterIndicates the specified rule is in the deny rules list Firewall clearcounter 13 allowFirewall clearcounter all Firewall clearcounter allFirewall delete Firewall delete all Example command deletes rule 3 from the deny rules listFirewall delete all allow deny Will delete all rules from the allow rules listFirewall delete all allow Firewall denyFirewall deny protocol application parameters Both Firewall list Command entered with no parametersFirewall list allow deny Optional parameter will display only allow rules listFirewall modify Command entered with the optional allow parameterFirewall modify allow deny number parameter Following identifies the firewall rule to be modifiedModifies the firewall rule type Specifies the protocol a packet must haveModifies the source IP address or specified address range Modifies the specified source ip maskDisables the firewall Enables the firewall as currently configuredFirewall set Firewall setdroppktthresholdFirewall seticmpfloodthreshold number Firewall seticmpfloodthresholdThreshold value in packets per seconds Firewall setdroppkthresholdFirewall setsynfloodthreshold number Firewall setsynfloodthresholdFirewall viewdroppkts Firewall setudpfloodthresholdFirewall setudpfloodthreshold number Firewall viewdroppkts numberFirewall viewdroppkts Typical response using the optional number parameterNo messages are printed to the console or Syslog server Firewall watchFirewall watch on off This page intentionally left blank Displays the current SSH configuration with the ex List the supported SSH sub-commandsConfigured SSH port Sets the idle timeout period for SSH connectionsSsh keygen Ssh ?Ssh ? Generates the Private-Public key-pair for the local serverSsh load privatekey Ssh listSsh list Ssh load publickey tftp@server-addrpriv-key-fileSsh load publickey TFTP@server-addrpub-key-file Ssh load publickeyKey file to load Ssh load privatekey tftp@192.168.13.174mykeySsh set encryption Multiple types are allowed on the command lineSets the types of encryption the SSH connections will use DES 56-bit encryptionSsh set idletimeout seconds Ssh set idletimeoutIdle timeout period in seconds Ssh set keepalive enable disableSsh set mac Ssh set keepalive enableKeepalive messages are sent Ssh set mac md5 sha1Ssh set status enable disable Enables and disables SSH server connectionsSsh set rekey Ssh set statusAllows SSH connections Ssh set status enableThis page intentionally left blank Enables and disables marking of the differentiated List the supported QoS commands and a brief deServices field Scription of their functionsQos ? Saves the current QoS configuration and QoS pol IciesQos append Defines a proposal filtering parameter value for PolicyQos del Specifies that all disabled QoS policies will be deletedPolicy namea Specifies the QoS policy name to be added Specifies the QoS policy to be deletedExample command that deletes all disabled QoS policies Qos disableQos diffserv QOS will mark Diffserv field in IP headerPolicy namea Specifies the QoS policy to be disabled Qos enableQos enable policy name Specifies the QoS policy to be enabledQos list Qos insertQos del policy name insert before this policy Qos list policy nameLOW Qos list mypolicy3Qos movetoend Qos moveQos move policy name move to before this policy Specifies the QoS policy to be movedQos off Qos offQos on Saves the current QoS feature and policy configurationsQos save Qos onQos set parameter policy name Specifies the priority, with normal the default valueQos set Specifies the outgoing code point Specifies the incoming code pointQueue Qos setweightQos setweight highmeduimnormallow weight This page intentionally left blank Specifies the aging time of the switch Lists the supported Switch sub-commandsDisables the specified Ethernet port Configures port traffic mirroringSwitch agetime Switch ?Switch ? help Switch agetime secondsSwitch block port Switch blockEthernet port to be disabled Switch blockSwitch mirror capture 6 switch mirror map Switch mirror map Switch mirrorSwitch mirror on off capture port map port unmap port Displays the current port states for the Ethernet switch Switch statusSwitch status Switch mirror captureSwitch unblock port Switch unblockEthernet port to be enabled Switch status