5RXWHUDPLO\
Efficient Networks
Software License and Limited Warranty
Limitations
Release
Revision History
001 12 Feb
Contents
File System Commands
Contents
Contents
Remote Commands
Eth ip directbcast
Contents
Contents
WAN Interface Commands
Dhcp Commands
L2TP Commands
Remote setpppoeservice -1 pppoe close -2 pppoe list
L2tp set window -16 remote setl2tpclient -17 remote setlns
Contents
Voice Commands
User Commands
Stateful Firewall Commands
QoS Commands
Ssh set rekey -8 ssh set status -8 system sshport
This page intentionally left blank
Introduction
How This Manual is Organized
Command Conventions
Accessing the Command Line
Password
Username
Re-enter the new password at the prompt
Password change will be confirmed
Command line is now available for use
Terminal Sessions
Terminal Session under Windows HyperTerminal
Data bits Parity None Stop bits Flow control Hardware
Terminal Session for Macintosh or Unix
Telnet Session for Remote Access
Telnet
Command Line via the Web Management Interface
Lists the top-level commands and keywords and a
Resolution Protocol ARP table
Mode is learning, listening, or forwarding
Lists the contents of the bridge table
Lists the current services in the IPX SAPs table
Changes the current user password
Initiates a reboot of the system
Enables Sntp requests
? or help
Input Format
Parameters
Response
Arp delete
Arp list
Mgmt Class
Example
Input Format Parameters
Arp list
Voice R
Arp list
Bi list
Bi list
Bi list
Call
Voice R/W
Call remotename
Remotenamea Name of the target router
Display when date is entered with no parameters
Display when date is entered with parameters
Date
All R/W
Erase
Admin R/W
When entered with no parameters, same as erase all
Exit
Ifs
All R
Voice R, Network R
Ipifs
Typical response is shown below
An example of additional interfaces that may be displayed
Ipifs
Iproutes
Ipxroutes
Iproutes
Ipxroutes
Ipxsaps
Ipxsaps
Ipxroutes
Ipxsaps
Logout
Logout
Mem
System R, Debug R
Mem
Mem
Mlp summary
Mlp summary
Admin101@console- password 1675309 lobster
Password
Password old password new password
Ping
Ping -I 192.168.1.2
Ping -c 2 -i 7 -s 34
Ping -I 192.168.254.254
TID Name Bottom Current Size 1IDLE
Reboot
Reboot option
Save
User is prompted to verify the command
Save
Sntp disable
Disables Sntp requests
Sntp disable
Sntp active
Sntp enable
When no parameter is entered, current offset is displayed
Sntp offset
Itive number is east a negative number is west
When entered with no number parameter
Sntp prefserver
Sntp prefserver number
Number of a server within the Sntp server list
When entered with a number parameter
When entered while sntp function is currently disabled
When entered and no sntp preferred server is defined
When entered and an sntp preferred server has been defined
Sntp server ipaddress default number
Requests the default server list
When entered with the default parameter
Sntp server
Tcp stats
Tcp stats
Typical response
Tcp stats
Time
Traceroute
Network R/W, Debug R
Dress as the source address
Hop is listed in the output message
Traceroute -n
172.17.20.1
Traceroute
Vers
Vers
This command loads batch files of configuration
Commands into the router
Copies a file from the source to the destination
Deletes the specified file from the flash filesystem
Copy
Examples
Copy srcfile dstfile
Copy tftp@128.1.210.66kernelnw kernel.f2k
Admin R/W, System R/W
Delete
Refer to examples for typical responses
Delete filename
Dir
Dir
Dir
Execute
Execute filename
Following is an example of the format disk command
Format disk
System R/W, Debug R/W
Format disk
Msfs
Msfs
Msfs fix
Following is an example rename command
Rename
Sync
Commits the changes made to the file system to Flash memory
Adds an address to the BootP server list
Lists the supported keywords
Remaps a range of local-LAN IP addresses to a
Range of public IP addresses on a system-wide ba
Disables the Dial Backup option in the router
Enables the Dial Backup option in the router
Changes the Dial Backup retry period
Changes the Dial Backup stability period
Lists the default modem settings
Removes an address from the BootP server list
Manages the system Http port access
Lists the system settings for the target router
Enables and disables the secure mode function
Manages Snmp port access
Manages SSH port access
Manages Syslog port access
System addbootpserver
System addbootpserver ipaddr
System ?
System ?
System addbootpserver
IP address of the server
System addhostmapping
System addhttpfilter
Security R/W
System addhttpfilter first ip addr last ip addr lan
Local Ethernet LAN
System addiproutingtable
System addiproutingtable 192.168.1.5 192.168.1.12 Rosa
System addserver
Response Example
Action One of the following command actions
Rlogin port
Selects the host with this IP address as server
Discards the incoming server request
System addsnmpfilter
System addsnmpfilter first ip addr last ip addr lan
System addsyslogfilter
System addsyslogfilter firstipaddr last ipaddr lan
System addsyslogserver
System R/W
System addsyslogserver ipaddr
IP address to be added to the Syslog server address list
System addtelnetfilter
System addtelnetfilter first ip addr last ip addr lan
System addudprelay
Warded
First port in the UDP port range to be created
Incorporates all the available UDP ports in the new range
System authen
System authen none pap chap
Cally
Chap is performed
System backup add
System backup add ipaddr gw dns group
IP address to be added to the list
Address
System backup delete
Following command deletes the gateway address from group
Following command deletes all addresses from group
IP address to be deleted from the list
System backup disable
Following command clears all addresses from the list
System backup disable
System backup delete all all
System backup enable
System backup enable
System backup pinginterval
System backup pinginterval seconds group
Number of seconds in the ping interval for the group
Optional, number of a group
System backup pingsamples
System backup pingsamples samples group
System backup pingsamples
System backup pingsamples 0
System backup retry
System backup retry minutes
Following command changes the retry period to 60 minutes
Following command changes the retry period to
System backup stability
System backup successrate
System backup stability minutes
Following command changes the stability period to 5 minutes
System blocknetbiosdefault
System backup successrate percentage group
System backup successrate
System backup successrate 0
System blocknetbiosdefault yes no
Sets the default to block all NetBIOS and NetBUI requests
System community
System community snmp community name
System default modem
System delbootpserver
System defaultmodem
System delbootpserver ipaddr all
Removes all addresses from the BootP server list
System delbootpserver
System delbootpserver all
System delhostmapping
System delhttpfilter
System deliproutingtable
System delhttpfilter first ip addr last ip addr lan
First IP address of the range
Following command deletes the virtual routing table Rosa
Deletes an entry created by the system addserver command
System delserver
System deliproutingtable 192.168.1.5 192.168.1.6 Rosa
Action One of the following command actions
First IP address of the client range
System delsnmpfilter
System delsnmpfilter first ip addr last ip addr lan
System delsyslogfilter
System delsyslogserver
System delsyslogfilter firstipaddr last ipaddr lan
System delsyslogserver ipaddr
System deltelnetfilter
System deltelnetfilter first ipaddr last ipaddr lan
System deludprelay
System history
Deletes all existing UDP ports
Last port in the UDP port range to be deleted
Following is a typical response
System history
System httpport default disabled port
This command sets the Http port to the default value
System httpport
Cess
System list
System list
Following is an example of a typical response
System list
System log
System log start stop status
Initiates monitoring activity
Ture
Following command changes the string for the init setting
Following command selects pulse dialing
System modem
Enter one of the following options
System moveiproutingtable
First ipaddra First IP address of the range to be moved
System msg Configured on10/21/98
System msg
System msg message
Message a,b
System name
System name name
Router name
Name a,b
Tions
System onewandialup
System onewandialup on off
System riptimer
Passworda,bAuthentication password of the target router
Timer value for RIP information exchange
System passwd
System securemode set enable disable
System securemode list
System securemode set
Security R
Disable Disables secure mode
Typical response indicating the curent mode is displayed
System securemode set cli
System securemode set cli value
Mode is enabled
System securemode set lan
System securemode set wan
System securemode set lan trusted untrusted
System securemode set wan trusted untrusted
System securitytimer
System securitytimer minutes
System selnat addpolicy
Specifies the destination IP address to which the policy
Will be applied
Policy will be applied
System selnat delpolicy
System selnat list
System selnat delpolicy policy number
Number of the policy to be deleted
System snmpport default disabled port
System snmpport
This command remaps the Snmp port to port
This command sets the Snmp port to the default value
This command disables the existing Snmp port
System sshport
System supporttrace
System supporttrace
Debug R/W
System supporttrace
=== Processes === TID Name FL P Bottom Current Size 1IDLE
DSP
ATZ
QA-LABPC
=== Interfaces ===
NW PRM
Efficient Networks
=== END of Tech Support Data
System syslogport default disabled port
System syslogport
This command sets the Syslog port to the default value
This command disables the existing Syslog port
This command remaps the syslog port to port
System telnetport default disabled port
Disables the existing Telnet port
Mote access
This command sets the Telnet port to the default value
This command disables the existing telnet port
Link
System wan2wanforwarding
System wan2wanforwarding on
That the router can provide service to multiple IP
Adds a logical interface onto an Ethernet port so
Subnets
Deletes a logical interface from an Ethernet port
Removes a route from the default routing table
Disables IP routing across the Ethernet LAN
Enables IP routing across the Ethernet LAN
Enables and disables Ethernet Firewall Filtering
Disables IPX routing across the Ethernet LAN
Enables IPX routing across the Ethernet LAN
Clears the password in a Vrrp attribute record for Vrid
Sets the IPX network number for the Ethernet LAN Connection
Eth ?
Eth ?
Eth add
Eth add
Eth add port#logical#
Eth delete
Eth delete port#logical#
Ethernet interface from which logical port will be deleted
Logical interface number to be deleted
Eth ip addhostmapping
Typical usage
Eth ip addr
Eth ip addr ipaddr ipnetmask interface
Ethernet LAN IP address
IP network mask
Eth ip addroute
Eth ip addroute ipaddr ipnetmask gateway hops interface
IP address of the IP gateway
Ethernet interface through which the packet is sent
Eth ip addserver
Eth ip bindroute
Ethernet LAN IP address
Eth ip defgateway
Eth ip defgateway ipaddr interface
Eth ip delhostmapping
Eth ip delroute
Eth ip addroute ipaddr ipnetmask interface
Eth ip delroute 10.9.2.0
Eth ip delroute 10.1.3.0 255.255.255.0
Eth ip delserver
MP port
Protocolid a Numerical protocol ID
Hypettext Transfer Protocol Http port
Eth ip disable
Enables the forwarding of packets broadcast to a subnet
Disables the forwarding of packets broadcast to a subnet
Eth ip directbcast
Eth ip enable
Eth ip enable
Eth ip disable
Eth ip filter command type action parameters interface
Eth ip filter
Eth ip filter append
Eth ip filter insert
Eth ip filter delete
Eth ip filter flush
Eth ip filter clear
Eth ip filter delete type action parameters interface
Eth ip filter watch
Eth ip filter check
Eth ip filter list
Protocol TCP UDP Icmp
Dp Icmp type first dest portlast dest port
Eth ip filter flush input
Disables the firewall filtering feature
Eth ip firewall
Eth ip firewall on off list
To be performed
Eth ip mgmt ipaddr ipnetmask interface
Eth ip mgmt
Ping -I 192.168.1.2
Eth ip options option on off interface
Eth ip mgmt 10.0.0.1 255.255.255.0 Save Reboot
Eth ip options
Eth ip ripmulticast ipaddr
Eth ip ripmulticast
OptionMust be one of the following
Eth ip translate
Eth ip translate on off interface
Eth ip translate on
Eth ip translate off
Eth ip unbindroute
Eth ip unbindroute ipaddr tablename interface
Eth ip vrid
Eth ip vrid vrid interface
Eth ipx disable
Eth ipx addr
Eth ipx addr ipxnet port#
Eth ip vrid 7
Eth ipx enable
This command requires a reboot
Eth ipx disable port#
Eth ipx enable port#
Eth ipx enable type
Eth ipx frame
Eth list
Eth list interface
Global BRIDGING/ROUTING Settings
Eth list
Eth mtu size interface
Eth mtu
Eth restart
Eth start
Eth restart interface
Interfacea,b Logical Ethernet interface
Eth start interface
Eth stop
Interfacea,b Logical Ethernet interface
Eth vrrp add
Eth vrrp add vrid port#
Eth vrrp add
Eth vrrp add 2
Eth clear password
Eth vrrp clear password
Eth vrrp clear password vrid port#
Eth vrrp delete
Eth vrrp delete
Eth vrrp delete vrid port#
Eth vrrp list port#
Eth vrrp list
Eth vrrp set multicast
Eth vrrp multicast
Eth vrrp set option
Eth vrrp set multicast ipaddr
Eth vrrp set password
Tribute record was created by the command eth vrrp add
Preempt immediately
Do not preempt a router with lower priority
Eth vrrp set password password vrid port#
Password
Attribute record was created by the command eth vrrp add
Eth vrrp set password AbCdEfGh
Eth vrrp set priority
Eth vrrp set priority priority vrid port#
Eth vrrp set priority 50 7
Eth vrrp set timeinterval
Eth vrrp set priority 255
Eth vrrp set timeinterval seconds vrid port#
Time interval value in seconds
Virtual router ID of the Vrrp attribute record
Eth vrrp set timeinterval 2
Adds the source routing option
Eth ip remsrcrouteopt enable disable
Removes the source routing option. Default value
Remote Commands
Remote bindipvirtualroute
Remote disbridge
Remote setcompression
Remote setppppretrytimer
Remote ?
Remote add
Adds a remote router entry into the remote router database
Remotenamea Name of the tunnel. b
Remote addbridge
Remote addbridge * macaddr remotename
All MAC addresses
MAC address
Remote addhostmapping
Remote addiproute
Examples
Remote addipxroute
Remote addIpxRoute ipxne# metric ticks remotename
IPX network number
Network/station
Name of service
Remote addipxsap
IPX node address
Ers
Remote addserver
Smtp
Sntp
T120
Telnet
Enter a gateway only if you are configuring a MER interface
Remote bindipvirtualroute
Route
Address of a router on the remote LAN
Remote blocknetbios
Enables NetBIOS filtering
Disables NetBIOS filtering
Remote del
Remote delatmsnap
Remote delbridge
ATM forum encoding
ITU E164 encoding
Remote delencryption remotename
Remote delencryption
Deletes encryption files associated with a remote router
Remote deliproute ipaddr remotename
Remote delhostmapping
Remote deliproute
Remote delipxroute
Remote delIpxRoute ipxnet remotename
Remote delipxSap servicename remotename
Remote delipxsap
Remote delourpasswd
Remote deloursysname
Remote delourpasswd remotename
Remote deloursysname remotename
Remote delphone
Remote delserver
Action One of the following command actions
Remote disable
Remote disable remotename
Remote disauthen
Remote disauthen remotename
Remote disbridge
Remote disbridge remotename
Remote enable
Remote enable remotename
Remote enaauthen
Remote enaAuthen remotename
Remote enablebridge remotename
Remote enabridge
Remote ipfilter command type action parameters remotename
Remote ipfilter
Remote ipfilter append
Remote ipfilter insert
Remote ipfilter delete
Remote ipfilter flush
Remote ipfilter clear
Remote ipfilter check
For example, the command
Management Protocol error message
Remote ipfilter list
Remote ipfilter watch
Protocol TCP UDP Icmp
Tcp syn ack noflag rst
Remote list
Remote list remotename
Remote ipfilter flush receive internet
Remote ipfilter list input internet
If entered with no parameters, all remote router entries
Are listed
If entered with no parameters, bridge settings for all re
Typical response when entered with no remotename parameter
Remote listbridge
Mote routers entries are listed
Remote listiproutes
Remote listiproutes remotename
Dest
Private Yes
Remote listipxroutes
Remote listipxsaps
Remote listipxroutes remotename
Remote listipxsaps remotename
Remote listphones
Remote listphones remotename
Rem listipxsaps hq
Rem listphones hq
Remote restart remotename
Remote restart
Remote setatmnsap
Remote setauthen
Remote setatmnasp atmf e164 partial full nsap remotename
Nsap
Remote setauthen protocol remotename
Remote setbod
Remote setBOD in out both remotename
Default is on
Any traffic, including PPPoE traffic. The default is off
Remote setbroptions
Remote setBrOptions option on off remotename
Default is 0, in which case, whenever data transmission
Remote setbwthresh
Remote setBWthresh threshold remotename
Occurs, the maximum number of links is allocated
Disables compression negotiation. The default is off
Remote setcompression
Remote setencryption
They both share a common compression protocol
Remote setEncryption DESE1KEYDESE2KEY filename remoteName
Remote setipoptions
Remote setipoptions option on off remotename
Slave mode setting. The default is no
Remote setipslaveppp
Use periodic echo
Remote setipslaveppp yes no remotename
Enables or disables NAT
Remote setiptranslate
Remote setipxaddr
Remote setiptranslate on off remotename
Remote setipxoptions
Remote setIpxOptions ripsap on off remotename
Default is
Remote setmaxline
Remote setmgmtipaddr
Remote setMaxLine 1 2 remotename
IP sub-network mask
Remote setmgmtipaddr ipaddr mask remotename
IP address
Is allocated for the connection only when needed.
Remote setMinLine 0 PPPoEuser Remote settimer 600 PPPoEuser
Remote setminline
Remote setminline minlines remotename
Remote setmtu 1400 HQ
Remote setmtu
Remote setmtu size remotename
Remote setourpasswd password remotename
Remote setourpasswd
Remote setoursysname
Remote router
Remote setpasswd password remotename
Authentication password of the remote router
Remote setpasswd
Remote setphone
Remote setPhone async isdn 1 2 phone# remotename
Remote setspeed 115200 async 2 backup
Remote setphone async 1 5552000&5554000 backup
Desired setting for the option
Remote setpppoptions
Remote setpppoptions option on off remotename
Use IPX RIP/SAP protocols
Value to
Remote setppppretrytimer
Remote setpppretrytimer timervalue remotename
Remote setprefer
Remote setprefer async fr hsd remotename
Bers and bit rates in the remote profile
Frame Relay
Remote setPrefer async backup Remote list backup
Remote setprotocol
Remote setpvc
Remote setpvc vpi number*vci number remotename
Virtual Path ID number that identifies the link formed by
Virtual path
Remote setrmtipaddr
Remote setrmtipaddr ipaddr mask remotename
IP address of the remote router
IP network mask of the remote router
Use the default speed
Remote setspeed
Bit rate to be used for the phone number
Primary phone number
Target IP address of the WAN connection to the remote rout
Remote setsrcipaddr
Remote setsrcipaddr ipaddr mask remotename
Number of seconds in the timeout period
Remote settimer
Remote settimer seconds remotename
Remote start
Remote start remotename
Total connect time +011148 Total bytes out 15896
Remote stats
Remote stats remotename
Remote stop
Remote stop remotename
Remote unbindipvirtualroute
Remote unbindipvirtualroute ipaddr tablename remotename
IP virtual routing table to which the route is removed
Remote unbindIPVirtualRoute 10.1.2.0 Francisco HQ
This page intentionally left blank
WAN Interface Commands
Adsl Commands
Adsl ?
Adsl restart
Adsl speed
Adsl restart
Adsl speed
Adsl stats
Adsl stats clear
Statistical information displayed
Adsl speed
Atm ?
ATM Commands
Atm ?
Following command requests the current speed
Typical response when entered with no parameter
Atm pcr
Atm pcr cells/second
Saves the ATM configuration settings
Atm save
Atm speed
Atm save
Remote setatmtraffic
Upstream speed requested in kilobits/second
Remote setATMTraffic scr mbs remoteName
Atm speed
Sustained Cell Rate cells per second
Remote setATMTraffic 0 0 HQ
Remote setATMtraffic 47 31 HQ
Remote setATMtraffic 47 1 HQ
Dmt ?
DMT Commands
Dmt ?
Dmt link
Ansi notrellisansi Selects the DMT mode used
Dmt mode
Dmt mode ansi notrellisansi uawg
Dual-Ethernet Router ETH Commands
Eth br enable
Eth br disable
Eth br enable
Eth br disable
Ethernet port number
Eth br options
Eth br options option on off port#
Eth br options stp off
Eth br options pppoeonly on
Frame ?
Frame Commands
Frame ?
Selects bridging mode
Selects bridging mode, default value
Frame cmpplay
Frame lmi
Frame stats
Displays frame relay statistics
Frame stats
Frame stats
Frame voice
Frame voice
Displays the voice Dlci for voice routers
Gti speed
GTI Commands
Gti ?
Gti stats
Gti speed
Gti stats
Gti speed
Gti version
Gti version
GTI Adsl Version information is displayed
Hdsl ?
Hdsl Commands
Hdsl ?
Saves the HDSL-related changes across restarts and reboots
Hdsl save
Hdsl speed
Hdsl save
Sets the terminal operation mode to CPE
Sets the terminal operation mode to CO
Command example displaying current mode
Hdsl terminal
Idsl Commands
Idsl list
Idsl list
Typical response
Idsl save
Idsl set speed
Idsl save
Idsl set speed 64 128
Idsl set switch
Remote setdlci
Link speed of 64 Kbps
Link speed of 128 Kbps
Remote setprotocol
Frame Relay number identifying the data-link connection
Remote setProtocol ppp fr mer remotename
PPP protocol with no encapsulation
Sdsl ?
Sdsl Commands
Sdsl ?
Disables pre-activation
Sdsl preact
Sdsl preact on off
CPE end. a
Sdsl save
Sdsl speed
Sdsl save
Sdsl speed speed noauto
Sdsl speed
This command example requests a line speed of 1152 Kb/s
See examples above
Sdsl terminal
Sdsl terminal cpe co
Terminal operation is displayed
Sdsl terminal
Shdsl Commands
Enables the selected annex
Shdsl ?
Shdsl annex
Lists the supported Shdsl keywords
Lists the current configuration of the G.shdsl interface
Shdsl list
Shdsl list
Shdsl list
Selects adaptive or fixed rate mode
Shdsl margin
Shdsl ratemode
Noise margin in decibels
Selects adaptive mode
Selects fixed mode
Shdsl restart
Current ratemode is displayed
Shdsl save
Shdsl save
Shdsl speed
This command usage requests a line speed of 1096 Kb/s
Shdsl speed speed auto
Speed in Kbps
Selects auto-speed detection
Shdsl stats
Shdsl stats clear
Shdsl stats
Shdsl stats clear
Shdsl terminal
Shdsl terminal
Shdsl ver
Displays the G.shdsl version level of the modem firmware
Shdsl ver
Shdsl ver
This page intentionally left blank
Allows a BootP request to be processed for a par
Denies processing of a BootP request for a partic
Specifies the boot file name kernel and the sub
Lists the supported Dhcp keywords
Specifies the Tftp server boot server
Disables a subnetwork or a client lease
Enables a subnetwork or a client lease
Clears the values from a pool of addresses
Dhcp ?
Dhcp add
To define a subnetwork
To define a client lease
Command usage defining a subnetwork
Command usage defining a client lease
Dhcp add
Dhcp add 128 1 4 ipAddress
Command usage defining, then listing a Dhcp relay server
Dhcp addrelay
Dhcp addrelay ipaddr
Dhcp addrelay
Dhcp bootp allow
Dhcp bootp disallow
IP address of the subnetwork lease
IP address of the client lease
Name of the file to boot from
Dhcp bootp file
Dhcp bootp file net ipaddr name
Dhcp bootp tftpserver
Dhcp bootp tftpserver net ipaddr tftpserver ipaddr
Dhcp clear addresses
IP address of the Tftp server
Word records cannot be abbreviated in the command
Dhcp clear all records
Dhcp clear expire
Dhcp clear all records
Dhcp clear valueoption
Ipaddra IP address of the subnetwork lease
Dhcp clear valueoption net ipaddr code
User defined code c
Example command to delete the defined subnetwork
Example command usage deleting a client lease
Example command deleting the user-defined option with code
Dhcp del
Dhcp disable
Dhcp disable all net ipaddr
Dhcp delrelay
Dhcp delrelay ipaddr all
Dhcp enable
Disables all subnets
Enables all subnets
IIP address of the subnetwork lease
Following example command lists global information
Dhcp list
Lists global, subnetwork, and client lease information
Dhcp list net ipaddr
Following example command lists information for client
Gateway
Dhcp list definedoptions
Dhcp list definedoptions code string
Predefined or user-defined number or keyword
Character string
Efficient Networks
Dhcp list definedoptions ga
Dhcp list lease
Dhcp list lease
Default lease duration is displayed
Dhcp set expire ipaddr hours default infinite
Dhcp set addresses
Dhcp set expire
Dhcp set lease
Example command sets client lease time to the default value
Example command sets lease time to infinite for this subnet
Dhcp set mask
Dhcp set mask net mask
Dhcp set otherserver
Dhcp set otherserver net continue stop
Dhcp set valueoption
Lease
Subnetwork lease
Code specifying the option to be set
This page intentionally left blank
Configures the router to forward all incoming calls
Display of the current configuration settings for tun
Nels, except for the authentication password/se
Lists the supported L2TP keywords
Creates a Chap secret
Creates local router’s host name
Creates the host name of the remote tunnel
Defines the type of L2TP support for the tunnel
Example command adding the tunnel named PacingAtWork
L2tp ?
L2tp add
Tunnelnamea Name of the tunnel. b
L2tp call
L2tp close
L2tp call tunnelname
L2tp call PacingAtWork
L2tp del
L2tp forward
Forward all incoming calls through the tunnel to an LNS
No incoming calls are allowed to be forwarded through
Tunnel to an LNS
L2tp list
L2tp list tunnelname
Tunnelname a Name of the tunnel. b
L2tp list
IP address of the remote LAC or LNS
L2tp set address
L2tp set address ipaddr tunnelname
Enables authentication
Disables authentication
L2tp set authen
L2tp set chapsecret
Chap secret used to authenticate the creation of the tunnel
L2tp set dialout
L2tp set hiddenavp
L2tp set dialout yes no tunnelname
Allows the router hide AVPs. Default value
Disables hidden AVPs
L2tp set ouraddress
Source IP address used for this tunnel
L2tp set ourpassword
L2tp set oursysname
Lenged by another router
Name of the tunnel
L2tp set ourtunnelname
L2tp set remotename
Name of the local router
Tunnelnamea,b Name of the tunnel
L2tp set type
Lishing the L2TP tunnel
L2tp set wanif
L2tp set wanif remote tunnelname
L2tp set window
Name of the remote entry
Remote setl2tpclient
Remote setl2tpclient tunnelnameremotename
Remote setlns
Remote setLNS tunnelname remotename
Filter br ?
Lists the supported Bridge Filtering keywords
Filter br add
Byte offset within a packet
Hexadecimal number up to 6 bytes
Allows forwarding of the packets
Filter br del 12 8035 deny
Filter br del
Filter br del pos data allow deny
Filter br list
Lists the bridging filters in the filtering database
Filter br list
Filter br list
Filter br use
This page intentionally left blank
Remote setpppoeservice
Ifsnumber Session to be closed.a
Pppoe close
Pppoe close ifsnumber
Pppoe list
Lists information about the currently active PPPoE sessions
Pppoe list
Pppoe list
This page intentionally left blank
IKE/IPSEC Commands
Defines a peer filtering parameter value for the pol Icy
Defines the pfs filtering parameter value for Policy
Defines a proposal filtering parameter value for
Defines a protocol filtering parameter value for
Message authentication done
Disables a defined IPSec security association SA Entry
Lists the defined IKE peers
Sets the local ID for the IKE peer connection
Specifies the identifier Spid for the IPSec tunnel
Enables a defined IPSec security association en Try
Clears all IPSec definitions
Ike ipsec ?
Commit bit is not set. Default value
Ike commit
Ike flush
Displays help message
Ike ipsec policies add
Ike ipsec policies delete
Ike ipsec policies add policyname
Policynamea New name for an IPsec policy.b
Ike ipsec policies disable
Ike ipsec policies disable policyname
Name of an existing IPsec policy. b
Policynamea Name of an existing IPsec policy.b
Ike ipsec policies enable mypolicy
Ike ipsec policies enable
Ike ipsec policies enable policyname
Ike ipsec policies list
Ike ipsec policies list IKE IPSec policies mypolicy enabled
Ike ipsec policies list
Ike ipsec policies set dest
Ike ipsec policies set destport
IP address allowed to be the destination of the data
Name of the IPsec policy to which the destination parameter
Portnumber Telnet Http Snmp Tftp Policynamea
Ike ipsec policies set interface
Ike ipsec policies set interface interface all policyname
Ike ipsec policies set mode
Ike ipsec policies set mode tunnel transport policyname
Ike ipsec policies set interface backup corporate
Ike ipsec policies set interface all mypolicy
Name of the IPsec policy to which the encapsulation mode
Ike ipsec policies set peer
Parameter value is added. a
Ike ipsec policies set peer peerpame policyname
Ike ipsec policies set pfs
Ike ipsec policies set pfs 1 2 none policyname
Negotiation
Ike ipsec policies set pfs 2 mypolicy
Ike ipsec policies set proposal myproposal mypolicy
Ike ipsec policies set proposal
Ike ipsec policies set proposal proposalname policyname
Ike ipsec policies set protocol
Ue is added. b
Ike ipsec policies set source
Ike ipsec policies set source ipaddress ipmask policyname
IP address allowed to be the source of the data
Is added. c
Ike ipsec policies set sourceport
Ike ipsec policies set translate
Ike ipsec policies set translate on off policyname
Ike ipsec proposals add
Ike ipsec proposals add proposalname
Ike ipsec proposals delete
Ike ipsec proposals delete proposalname
Name of an existing IPsec proposal. b
Ike ipsec proposals add myproposal
Ike ipsec proposals list
Ike ipsec proposals list
Ike ipsec proposals list
Use AH encapsulation and authenticate using hash algorithm
Ike ipsec proposals set ahauth
Ike ipsec proposals set ahauth md5 sha1 none proposalname
Secure Hash Algorithm-1
Use ESP encapsulation and authenticate using hash algorithm
No ESP encapsulation and no ESP message authentication. If
Auth command
Ike ipsec proposals set espauth
Ike ipsec proposals set espenc
Use ESP encapsulation and 56-bit encryption
Use ESP encapsulation and 168-bit encryption if 3DES is en
Abled in the router
Compress using the LZS algorithm
Ike ipsec proposals set ipcomp
Ike ipsec proposals set lifedata
Ike ipsec proposals set ipcomp none lzs proposalname
Ike ipsec proposals set lifetime
Ike ipsec proposals set lifedata kbytes proposalname
Means unlimited
Ike ipsec proposals set lifetime seconds proposalname
Ike peers add
Unlimited
Ike peers add peername
Peernamea New name for an IKE peer.b
Ike peers delete
Ike peers list
Ike peers delete peername
Peernamea Name of the IKE peer to delete.b
Ike peers list IKE Peers
Ike peers set address
Ike peers set address ipaddress peername
Ike peers set address 0.0.0.0 myaggressivepeer
Ike peers set localid
Ike peers set localid aggressivemodeid peername
Ike peers set localidtype
Example Response
Name of the IKE peer whose local ID is specified. c
Ike peers set localidtype ipaddr domainname email peername
Ike peers set localidtype domainname myaggressivepeer
Ike peers set mode
Select main mode both ends constant
Selects aggressive mode one end can change
Name of the IKE peer whose mode is specified. b
Ike peers set peerid
Ike peers set peeridtype
Ike peers set peerid aggressivemodeid peername
Name of the IKE peer whose peer ID is specified. c
Ike peers set secret
Ike peers set peeridtype ipaddr domainname email peername
Ike peers set secret secret peername
Ike peers set peeridtype domainname myaggressivepeer
Ike proposals add
Ike proposals delete
Ike proposals add ProposalName
Proposalnamea New name for an IKE proposal.b
Ike proposals list
Proposalnamea Name of the IKE proposal to delete.b
Ike proposals list
Ike proposals delete myikeproposal
Ike proposals set dhgroup
Ike proposals set dhgroup none 1 2 proposalname
No DH group is used
Use DH group
Use 3DES 168-bit encryption if 3DES encryption is enabled
Ike proposals set encryption
Ike proposals set lifetime
Use DES 56-bit encryption
Ike proposals set messageauth
Maximum number of seconds before renegotiation
Ike proposals set messageauth none md5 sha1 proposalName
Ike proposals set lifetime 86400 myikeproposal
Ike proposals set sessionauth
IPSec Commands
Ipsec add
Ipsec add saname
Sanamea Name for the new IPSec SA.b
Ipsec disable
Disables a defined IPSec security association entry
Sanamea Name of the IPSec SA to be disabled.b
Ipsec delete
Ipsec enable
Ipsec enable saname
Sanamea Name of the IPSec SA to be enabled.b
Ipsec disable showrx
Ipsec flush
Ipsec list
Ipsec flush
Ipsec list saname
Ipsec list
Ipsec set authentication
Ipsec set authentication md5 sha1 saname
Specifies the authentication key for the IPSec SA
Ipsec set authkey
Hexadecimal authentication key
Ipsec set direction
Defines the direction of the IPSec SA
Ipsec set direction inbound outbound saname
Ipsec set compression
Ipsec set enckey
Ipsec set compression none lzs saname
Specifies the encryption key for the IPSec SA
Ipsec set encryption
Ipsec set gateway
Ipsec set ident
Defines the IP address of the IP gateway of the IPSec SA
Ipaddressa IP address of the IP gateway
Ipsec set mode
Ipsec set mode tunnel transport saname
Spid for the IPSec tunnel
Name of the IPSec SA. b
Ipsec set service
Ipsec set service esp ah both saname
AH authentication
Use Both ESP encryption and authentication
Lists the top-level voice or dsp commands
Keywords and a brief description of their function
Displays the current voice rate and encoding type
Clears the L2 control channel statistics
Dsp ? / voice ?
Dsp voice ?
Typical response when entered with no parameters
Dsp ecode
Selects the voice encoding method for all voice ports
Sets encoding method to alaw
Dsp jitter
Dsp jitter milliseconds
Is displayed
Optional, Length of jitter buffer in milliseconds
Dsp provision
Voice port to configure
Dsp save
Dsp vr
Dsp save
Voice l2clear
Voice l2stats
Voice profile profile
Voice l2stats
Example response confirming the configuration change
Voice profile
Voice l2stats
Voice profile
Voice refreshcas
Voice refreshcas active always
Mode
An idle state
This page intentionally left blank
Lists the supported radius commands and key
Deletes a configured radius server entry
Attempting the next radius server, if configured
Words
Rad ?
Rad deleteserver
Rad ?
Rad deleteserver integer
Rad list secret
Rad list secret
Rad list secret
Rad list server
Rad list server
Rad list server
Rad set retries
Radius set server
Radius set timeout
Authentication secret for the specified radius server
Radius set secret
Number of seconds between retry attempts
Adds an access privilege to for the specified user
Configures the managements class with read-only
Deletes an access path from the specified user ac
Disables an existing user account
Displays the contents of the user account data Base
Lists the characteristics of the pre-defined user Templates
Admin R
User ?
User add access
Adds user access through a LAN connection
Adds user access through the WAN connection
Adds user access through the console serial port
User add class
User add user username password template enable disable
User add user
User delete access
User delete access lan wan console username
Removes user access through a LAN connection
Removes user access through the WAN connection
Enabled for read-only
User delete class
User delete class mgtclass read write username
Must be one of the following
User delete class admin write Admin1
User delete class voice read Admin1
User delete user
User delete user username1 username2 usernameN
User disable
User disable username
User delete user Admin1 staff001
User disable VoiceAdmin
User enable
User enable username
User enable Admin1
User list
User list
User list lookup
User list template
User list lookup
Displays the pre-defined user template information
Efficient Networks
User set lookup
User set password
Changes the password of an existing user account
User setpassword username newpassword
Newpassworda New password for the user account
This page intentionally left blank
Lists the supported key commands
Validates and adds a key to the key-enabled fea
Deletes a feature key from the key-enabled feature
Ture database
Disables a key-enabled feature
Revokes a key-enabled feature key
Unrevokes a revoked feature key
Updates the expiration date of an expired feature Key
Key add keystring
Example response when adding a key for L2TP
Key add
Key delete featurename
Featurenamea Name of the feature to be deleted.b
Example response when deleting the key for Radius
Key delete
Key disable
Key disable featurename
Featurename Name of the feature to be disabled.a
Key disable l2tp
Key enable
Key enable featurename
Featurenamea Name of the feature to be enabled.b
Key list
Installed
Typical response with the -lparameter is shown below
Key revoke feature
Featurenamea Name of the feature key to be revoked
Key revoke
Key unrevoke
Key update
Key update keystring
Keystringa Key string for the feature
Key unrevoke keystring
This page intentionally left blank
Disables Snmp access from the specified inter
Enables Snmp access from the specified inter
Enables or disables transmission of unsolicited
Sets an authentication password for an Snmp
Snmp ?
Snmp ?
Snmp addsnmpfilter
Snmp addtrapdest
Snmp addsnmpfilter first ip addr last ip addr lan
Snmp addstrapdest ip addr
IP address of the trap manager
Snmp community
Snmp community snmp community name
Snmp community name
Following example sets the Snmp community name to iads
Snmp delsnmpfilter
Snmp delsnmpfilter first ip addr last ip addr lan
Snmp disablesnmpif
Snmp disablesnmpif wanlan
Snmp deltrapdest
Snmp deltrapdest ip addr
Snmp enablesnmpif
Wan lan Interface from which Snmp access will be disabled
Snmp enablesnmpif wanlan
Wan lan Interface from which Snmp access will be enabled
Snmp settrapenable
Snmp settrapenable on off
Snmp list
Snmp list
Enables trap event message transmission
Current password
Snmp Manager authentication password
Example response when a password parameter is entered
Snmp snmpport default disabled port
Snmp snmpport
Displays the current stateful firewall settings
Configured rules
Enables or disables the stateful firewall function
Due to firewall rules that when exceeded, will log
Firewall ?
Sets the threshold value for the number of Icmp
Sets the threshold value for the number of SYN
Sets the threshold value for the number of UDP
Packets must match the assigned application characteristics
Firewall allow
Firewall allow protocol application parameters
Packet must have the specified protocol
Examples
Firewall allow -a FTP -sa 192.168.1.34 -d out
Firewall -a netmeeting -sa 192.168.1.23 -d out
Firewall clearcounter
Indicates the specified rule is in the allow rules list
Indicates the specified rule is in the deny rules list
Firewall clearcounter 13 allow
Firewall clearcounter all
Firewall clearcounter all
Firewall delete
Example command deletes rule 3 from the deny rules list
Firewall delete all
Firewall delete all allow deny
Will delete all rules from the allow rules list
Firewall delete all allow
Firewall deny
Firewall deny protocol application parameters
Both
Command entered with no parameters
Firewall list
Firewall list allow deny
Optional parameter will display only allow rules list
Command entered with the optional allow parameter
Firewall modify
Firewall modify allow deny number parameter
Following identifies the firewall rule to be modified
Specifies the protocol a packet must have
Modifies the firewall rule type
Modifies the source IP address or specified address range
Modifies the specified source ip mask
Enables the firewall as currently configured
Disables the firewall
Firewall set
Firewall setdroppktthreshold
Firewall seticmpfloodthreshold
Firewall seticmpfloodthreshold number
Threshold value in packets per seconds
Firewall setdroppkthreshold
Firewall setsynfloodthreshold
Firewall setsynfloodthreshold number
Firewall setudpfloodthreshold
Firewall viewdroppkts
Firewall setudpfloodthreshold number
Firewall viewdroppkts number
Typical response using the optional number parameter
Firewall viewdroppkts
No messages are printed to the console or Syslog server
Firewall watch
Firewall watch on off
This page intentionally left blank
List the supported SSH sub-commands
Displays the current SSH configuration with the ex
Configured SSH port
Sets the idle timeout period for SSH connections
Ssh ?
Ssh keygen
Ssh ?
Generates the Private-Public key-pair for the local server
Ssh list
Ssh load privatekey
Ssh list
Ssh load publickey tftp@server-addrpriv-key-file
Ssh load publickey
Ssh load publickey TFTP@server-addrpub-key-file
Key file to load
Ssh load privatekey tftp@192.168.13.174mykey
Multiple types are allowed on the command line
Ssh set encryption
Sets the types of encryption the SSH connections will use
DES 56-bit encryption
Ssh set idletimeout
Ssh set idletimeout seconds
Idle timeout period in seconds
Ssh set keepalive enable disable
Ssh set keepalive enable
Ssh set mac
Keepalive messages are sent
Ssh set mac md5 sha1
Enables and disables SSH server connections
Ssh set status enable disable
Ssh set rekey
Ssh set status
Ssh set status enable
Allows SSH connections
This page intentionally left blank
List the supported QoS commands and a brief de
Enables and disables marking of the differentiated
Services field
Scription of their functions
Saves the current QoS configuration and QoS pol Icies
Qos ?
Qos append
Defines a proposal filtering parameter value for Policy
Specifies that all disabled QoS policies will be deleted
Qos del
Policy namea Specifies the QoS policy name to be added
Specifies the QoS policy to be deleted
Qos disable
Example command that deletes all disabled QoS policies
Qos diffserv
QOS will mark Diffserv field in IP header
Qos enable
Policy namea Specifies the QoS policy to be disabled
Qos enable policy name
Specifies the QoS policy to be enabled
Qos insert
Qos list
Qos del policy name insert before this policy
Qos list policy name
Qos list mypolicy3
LOW
Qos move
Qos movetoend
Qos move policy name move to before this policy
Specifies the QoS policy to be moved
Qos off
Qos off
Saves the current QoS feature and policy configurations
Qos on
Qos save
Qos on
Qos set parameter policy name
Specifies the priority, with normal the default value
Qos set
Specifies the incoming code point
Specifies the outgoing code point
Queue
Qos setweight
Qos setweight highmeduimnormallow weight
This page intentionally left blank
Lists the supported Switch sub-commands
Specifies the aging time of the switch
Disables the specified Ethernet port
Configures port traffic mirroring
Switch ?
Switch agetime
Switch ? help
Switch agetime seconds
Switch block
Switch block port
Ethernet port to be disabled
Switch block
Switch mirror capture 6 switch mirror map Switch mirror map
Switch mirror
Switch mirror on off capture port map port unmap port
Switch status
Displays the current port states for the Ethernet switch
Switch status
Switch mirror capture
Switch unblock
Switch unblock port
Ethernet port to be enabled
Switch status
