Manages Snmp port access | Efficient Networks 107-0001-000 guide

Chapter 4: System Commands		Efficient Networks® Router family
		Command Line Interface Guide

	Table 4-1: System Command Listing (Cont.)

	Command	Function


	system name	Sets or changes the name of the local router being
		configured.

	system onewandialup	Can force the router to have no more than one re-
		mote connection active at a time.

	system passwd	Sets the system authentication password for the
		target router that is used when the router connects
		to other routers or is challenged by them.

	system riptimer	Sets the duration for RIP information to be ex-
		changed with remote routers.

	system securemode list	Displays the current secure mode configuration
		values and the number of concurrent Telnet and
		SSH sessions allowed.

	system securemode set	Enables and disables the secure mode function.

	system securemode set cli	Sets the number of concurrent Telnet and SSH
		sessions the system will allow.

	system securemode set lan	Allows discrete control of the secure mode for the
		LAN interface.

	system securemode set wan	Allows discrete control of the secure mode for the
		WAN interface.

	system securitytimer	Allows the user to change the 10-minute default
		security timer to another value.

	system selnat addpolicy	Adds a Selective NAT policy.

	system selnat delpolicy	Deletes a Selective NAT policy.

	system selnat list	Lists the current Selective NAT policies.

	system snmpport	Manages SNMP port access.

	system sshport	Manages SSH port access.

	system supporttrace	Provides the ability to capture all configuration data
		to a file for troubleshooting.

	system syslogport	Manages Syslog port access.

	system telnetport	Manages the built-in Telnet server port access.

	system wan2wanforwarding	Allows management of WAN-to-WAN forwarding
		of data from one WAN link to another.

Page 4-4

Efficient Networks®

Page 74

Image 74

Efficient Networks 107-0001-000 manual Enables and disables the secure mode function, Manages Snmp port access

Contents

5RXWHUDPLO\ Efficient Networks Software License and Limited Warranty Limitations Release Revision History001 12 Feb Contents File System Commands Contents Contents Remote Commands Eth ip directbcast Contents Contents WAN Interface Commands Dhcp Commands L2TP Commands Remote setpppoeservice -1 pppoe close -2 pppoe list L2tp set window -16 remote setl2tpclient -17 remote setlns Contents Voice Commands User Commands Stateful Firewall Commands QoS Commands Ssh set rekey -8 ssh set status -8 system sshport This page intentionally left blank Introduction How This Manual is Organized Password Command ConventionsAccessing the Command Line Username Command line is now available for use Re-enter the new password at the promptPassword change will be confirmed Terminal Sessions Terminal Session under Windows HyperTerminal Data bits Parity None Stop bits Flow control Hardware Terminal Session for Macintosh or Unix Telnet Session for Remote Access Telnet Command Line via the Web Management Interface Mode is learning, listening, or forwarding Lists the top-level commands and keywords and aResolution Protocol ARP table Lists the contents of the bridge table Initiates a reboot of the system Lists the current services in the IPX SAPs tableChanges the current user password Enables Sntp requests Parameters ? or helpInput Format Response Mgmt Class Arp deleteArp list Example Voice R Input Format ParametersArp list Arp list Bi list Bi listBi list Call remotename CallVoice R/W Remotenamea Name of the target router Date Display when date is entered with no parametersDisplay when date is entered with parameters All R/W Erase Admin R/WWhen entered with no parameters, same as erase all All R ExitIfs Voice R, Network R An example of additional interfaces that may be displayed IpifsTypical response is shown below Ipifs Iproutes IproutesIpxroutes Ipxroutes Ipxroutes IpxsapsIpxsaps Ipxsaps Logout Logout Mem MemSystem R, Debug R Mem Mlp summary Mlp summary Admin101@console- password 1675309 lobster PasswordPassword old password new password Ping Ping -I 192.168.1.2 Ping -c 2 -i 7 -s 34Ping -I 192.168.254.254 TID Name Bottom Current Size 1IDLE Reboot Reboot option Save User is prompted to verify the commandSave Sntp disable Sntp disableDisables Sntp requests Sntp active Sntp offset Sntp enableWhen no parameter is entered, current offset is displayed Itive number is east a negative number is west Sntp prefserver number When entered with no number parameterSntp prefserver Number of a server within the Sntp server list When entered and no sntp preferred server is defined When entered with a number parameterWhen entered while sntp function is currently disabled When entered and an sntp preferred server has been defined When entered with the default parameter Sntp server ipaddress default numberRequests the default server list Sntp server Typical response Tcp statsTcp stats Tcp stats Time Dress as the source address TracerouteNetwork R/W, Debug R Hop is listed in the output message Traceroute -n 172.17.20.1Traceroute Vers Vers Copies a file from the source to the destination This command loads batch files of configurationCommands into the router Deletes the specified file from the flash filesystem Copy srcfile dstfile CopyExamples Copy tftp@128.1.210.66kernelnw kernel.f2k Refer to examples for typical responses Admin R/W, System R/WDelete Delete filename Dir DirDir Execute Execute filename System R/W, Debug R/W Following is an example of the format disk commandFormat disk Format disk Msfs MsfsMsfs fix Sync Following is an example rename commandRename Commits the changes made to the file system to Flash memory Remaps a range of local-LAN IP addresses to a Adds an address to the BootP server listLists the supported keywords Range of public IP addresses on a system-wide ba Changes the Dial Backup retry period Disables the Dial Backup option in the routerEnables the Dial Backup option in the router Changes the Dial Backup stability period Manages the system Http port access Lists the default modem settingsRemoves an address from the BootP server list Lists the system settings for the target router Manages SSH port access Enables and disables the secure mode functionManages Snmp port access Manages Syslog port access System ? System addbootpserverSystem addbootpserver ipaddr System ? System addbootpserver IP address of the server System addhostmapping System addhttpfilter first ip addr last ip addr lan System addhttpfilterSecurity R/W Local Ethernet LAN System addiproutingtable System addiproutingtable 192.168.1.5 192.168.1.12 Rosa System addserverResponse Example Selects the host with this IP address as server Action One of the following command actionsRlogin port Discards the incoming server request System addsnmpfilter System addsnmpfilter first ip addr last ip addr lan System addsyslogfilter System addsyslogfilter firstipaddr last ipaddr lan System addsyslogserver ipaddr System addsyslogserverSystem R/W IP address to be added to the Syslog server address list System addtelnetfilter System addtelnetfilter first ip addr last ip addr lan First port in the UDP port range to be created System addudprelayWarded Incorporates all the available UDP ports in the new range Cally System authenSystem authen none pap chap Chap is performed IP address to be added to the list System backup addSystem backup add ipaddr gw dns group Address Following command deletes all addresses from group System backup deleteFollowing command deletes the gateway address from group IP address to be deleted from the list System backup disable System backup disableFollowing command clears all addresses from the list System backup delete all all System backup enable System backup enable Number of seconds in the ping interval for the group System backup pingintervalSystem backup pinginterval seconds group Optional, number of a group System backup pingsamples System backup pingsamplesSystem backup pingsamples samples group System backup pingsamples 0 Following command changes the retry period to 60 minutes System backup retrySystem backup retry minutes Following command changes the retry period to System backup stability minutes System backup stabilitySystem backup successrate Following command changes the stability period to 5 minutes System backup successrate System blocknetbiosdefaultSystem backup successrate percentage group System backup successrate 0 System community System blocknetbiosdefault yes noSets the default to block all NetBIOS and NetBUI requests System community snmp community name System defaultmodem System default modemSystem delbootpserver System delbootpserver ipaddr all System delbootpserver all Removes all addresses from the BootP server listSystem delbootpserver System delhostmapping System delhttpfilter first ip addr last ip addr lan System delhttpfilterSystem deliproutingtable First IP address of the range System delserver Following command deletes the virtual routing table RosaDeletes an entry created by the system addserver command System deliproutingtable 192.168.1.5 192.168.1.6 Rosa Action One of the following command actions First IP address of the client range System delsnmpfilterSystem delsnmpfilter first ip addr last ip addr lan System delsyslogfilter firstipaddr last ipaddr lan System delsyslogfilterSystem delsyslogserver System delsyslogserver ipaddr System deltelnetfilter System deltelnetfilter first ipaddr last ipaddr lan Deletes all existing UDP ports System deludprelaySystem history Last port in the UDP port range to be deleted Following is a typical response System history System httpport System httpport default disabled portThis command sets the Http port to the default value Cess Following is an example of a typical response System listSystem list System list Initiates monitoring activity System logSystem log start stop status Ture System modem Following command changes the string for the init settingFollowing command selects pulse dialing Enter one of the following options System moveiproutingtable First ipaddra First IP address of the range to be moved System msg message System msg Configured on10/21/98System msg Message a,b Router name System nameSystem name name Name a,b Tions System onewandialupSystem onewandialup on off Timer value for RIP information exchange System riptimerPassworda,bAuthentication password of the target router System passwd System securemode set System securemode set enable disableSystem securemode list Security R System securemode set cli Disable Disables secure modeTypical response indicating the curent mode is displayed System securemode set cli value System securemode set wan Mode is enabledSystem securemode set lan System securemode set lan trusted untrusted System securemode set wan trusted untrusted System securitytimerSystem securitytimer minutes Will be applied System selnat addpolicySpecifies the destination IP address to which the policy Policy will be applied System selnat delpolicy policy number System selnat delpolicySystem selnat list Number of the policy to be deleted System snmpport default disabled port System snmpport This command remaps the Snmp port to port This command sets the Snmp port to the default valueThis command disables the existing Snmp port System sshport System supporttrace System supporttrace Debug R/WSystem supporttrace === Processes === TID Name FL P Bottom Current Size 1IDLE DSP ATZ QA-LABPC === Interfaces === NW PRM Efficient Networks === END of Tech Support Data System syslogport default disabled port System syslogport This command remaps the syslog port to port This command sets the Syslog port to the default valueThis command disables the existing Syslog port System telnetport default disabled port This command sets the Telnet port to the default value Disables the existing Telnet portMote access This command disables the existing telnet port Link System wan2wanforwardingSystem wan2wanforwarding on Subnets That the router can provide service to multiple IPAdds a logical interface onto an Ethernet port so Deletes a logical interface from an Ethernet port Enables IP routing across the Ethernet LAN Removes a route from the default routing tableDisables IP routing across the Ethernet LAN Enables and disables Ethernet Firewall Filtering Clears the password in a Vrrp attribute record for Vrid Disables IPX routing across the Ethernet LANEnables IPX routing across the Ethernet LAN Sets the IPX network number for the Ethernet LAN Connection Eth ? Eth ? Eth add Eth addEth add port#logical# Ethernet interface from which logical port will be deleted Eth deleteEth delete port#logical# Logical interface number to be deleted Eth ip addhostmapping Typical usage Ethernet LAN IP address Eth ip addrEth ip addr ipaddr ipnetmask interface IP network mask IP address of the IP gateway Eth ip addrouteEth ip addroute ipaddr ipnetmask gateway hops interface Ethernet interface through which the packet is sent Eth ip addserver Eth ip bindroute Ethernet LAN IP address Eth ip defgateway Eth ip defgateway ipaddr interface Eth ip delhostmapping Eth ip delroute 10.9.2.0 Eth ip delrouteEth ip addroute ipaddr ipnetmask interface Eth ip delroute 10.1.3.0 255.255.255.0 Eth ip delserver MP port Protocolid a Numerical protocol IDHypettext Transfer Protocol Http port Disables the forwarding of packets broadcast to a subnet Eth ip disableEnables the forwarding of packets broadcast to a subnet Eth ip directbcast Eth ip enable Eth ip enableEth ip disable Eth ip filter append Eth ip filter command type action parameters interfaceEth ip filter Eth ip filter insert Eth ip filter clear Eth ip filter deleteEth ip filter flush Eth ip filter delete type action parameters interface Eth ip filter watch Eth ip filter checkEth ip filter list Protocol TCP UDP Icmp Dp Icmp type first dest portlast dest port Eth ip filter flush input Eth ip firewall on off list Disables the firewall filtering featureEth ip firewall To be performed Eth ip mgmt ipaddr ipnetmask interface Eth ip mgmtPing -I 192.168.1.2 Eth ip options option on off interface Eth ip mgmt 10.0.0.1 255.255.255.0 Save RebootEth ip options Eth ip ripmulticast ipaddr Eth ip ripmulticastOptionMust be one of the following Eth ip translate on Eth ip translateEth ip translate on off interface Eth ip translate off Eth ip unbindroute Eth ip unbindroute ipaddr tablename interface Eth ip vrid Eth ip vrid vrid interface Eth ipx addr ipxnet port# Eth ipx disableEth ipx addr Eth ip vrid 7 Eth ipx disable port# Eth ipx enableThis command requires a reboot Eth ipx enable port# Eth list Eth ipx enable typeEth ipx frame Eth list interface Global BRIDGING/ROUTING Settings Eth list Eth mtu size interface Eth mtuEth restart Interfacea,b Logical Ethernet interface Eth startEth restart interface Eth start interface Eth stop Interfacea,b Logical Ethernet interface Eth vrrp add Eth vrrp addEth vrrp add vrid port# Eth vrrp add 2 Eth clear password Eth vrrp clear passwordEth vrrp clear password vrid port# Eth vrrp delete Eth vrrp deleteEth vrrp delete vrid port# Eth vrrp list port# Eth vrrp listEth vrrp set multicast Eth vrrp multicast Eth vrrp set optionEth vrrp set multicast ipaddr Preempt immediately Eth vrrp set passwordTribute record was created by the command eth vrrp add Do not preempt a router with lower priority Attribute record was created by the command eth vrrp add Eth vrrp set password password vrid port#Password Eth vrrp set password AbCdEfGh Eth vrrp set priority Eth vrrp set priority priority vrid port# Eth vrrp set priority 50 7 Eth vrrp set timeintervalEth vrrp set priority 255 Virtual router ID of the Vrrp attribute record Eth vrrp set timeinterval seconds vrid port#Time interval value in seconds Eth vrrp set timeinterval 2 Adds the source routing option Eth ip remsrcrouteopt enable disableRemoves the source routing option. Default value Remote Commands Remote bindipvirtualroute Remote disbridge Remote setcompression Remote setppppretrytimer Adds a remote router entry into the remote router database Remote ?Remote add Remotenamea Name of the tunnel. b All MAC addresses Remote addbridgeRemote addbridge * macaddr remotename MAC address Remote addhostmapping Remote addiproute Examples IPX network number Remote addipxrouteRemote addIpxRoute ipxne# metric ticks remotename Network/station IPX node address Name of serviceRemote addipxsap Ers Remote addserver T120 SmtpSntp Telnet Route Enter a gateway only if you are configuring a MER interfaceRemote bindipvirtualroute Address of a router on the remote LAN Disables NetBIOS filtering Remote blocknetbiosEnables NetBIOS filtering Remote del ATM forum encoding Remote delatmsnapRemote delbridge ITU E164 encoding Remote delencryption remotename Remote delencryptionDeletes encryption files associated with a remote router Remote deliproute ipaddr remotename Remote delhostmappingRemote deliproute Remote delipxroute Remote delIpxRoute ipxnet remotename Remote delipxSap servicename remotename Remote delipxsap Remote delourpasswd remotename Remote delourpasswdRemote deloursysname Remote deloursysname remotename Remote delphone Remote delserver Action One of the following command actions Remote disauthen Remote disableRemote disable remotename Remote disauthen remotename Remote disbridge Remote disbridge remotename Remote enaauthen Remote enableRemote enable remotename Remote enaAuthen remotename Remote enablebridge remotename Remote enabridge Remote ipfilter append Remote ipfilter command type action parameters remotenameRemote ipfilter Remote ipfilter insert Remote ipfilter clear Remote ipfilter deleteRemote ipfilter flush Remote ipfilter check Remote ipfilter list For example, the commandManagement Protocol error message Remote ipfilter watch Protocol TCP UDP Icmp Tcp syn ack noflag rst Remote ipfilter flush receive internet Remote listRemote list remotename Remote ipfilter list input internet If entered with no parameters, all remote router entries Are listed Remote listbridge If entered with no parameters, bridge settings for all reTypical response when entered with no remotename parameter Mote routers entries are listed Dest Remote listiproutesRemote listiproutes remotename Private Yes Remote listipxroutes remotename Remote listipxroutesRemote listipxsaps Remote listipxsaps remotename Rem listipxsaps hq Remote listphonesRemote listphones remotename Rem listphones hq Remote restart remotename Remote restartRemote setatmnsap Nsap Remote setauthenRemote setatmnasp atmf e164 partial full nsap remotename Remote setauthen protocol remotename Remote setbod Remote setBOD in out both remotename Remote setbroptions Default is onAny traffic, including PPPoE traffic. The default is off Remote setBrOptions option on off remotename Remote setBWthresh threshold remotename Default is 0, in which case, whenever data transmissionRemote setbwthresh Occurs, the maximum number of links is allocated Remote setencryption Disables compression negotiation. The default is offRemote setcompression They both share a common compression protocol Remote setEncryption DESE1KEYDESE2KEY filename remoteName Remote setipoptions Remote setipoptions option on off remotename Use periodic echo Slave mode setting. The default is noRemote setipslaveppp Remote setipslaveppp yes no remotename Remote setipxaddr Enables or disables NATRemote setiptranslate Remote setiptranslate on off remotename Remote setipxoptions Remote setIpxOptions ripsap on off remotename Remote setmgmtipaddr Default isRemote setmaxline Remote setMaxLine 1 2 remotename IP sub-network mask Remote setmgmtipaddr ipaddr mask remotenameIP address Remote setminline Is allocated for the connection only when needed.Remote setMinLine 0 PPPoEuser Remote settimer 600 PPPoEuser Remote setminline minlines remotename Remote setmtu 1400 HQ Remote setmtuRemote setmtu size remotename Remote setoursysname Remote setourpasswd password remotenameRemote setourpasswd Remote router Remote setpasswd Remote setpasswd password remotenameAuthentication password of the remote router Remote setphone Remote setPhone async isdn 1 2 phone# remotename Remote setspeed 115200 async 2 backupRemote setphone async 1 5552000&5554000 backup Remote setpppoptions option on off remotename Desired setting for the optionRemote setpppoptions Use IPX RIP/SAP protocols Value to Remote setppppretrytimerRemote setpppretrytimer timervalue remotename Bers and bit rates in the remote profile Remote setpreferRemote setprefer async fr hsd remotename Frame Relay Remote setPrefer async backup Remote list backup Remote setprotocol Virtual Path ID number that identifies the link formed by Remote setpvcRemote setpvc vpi number*vci number remotename Virtual path IP address of the remote router Remote setrmtipaddrRemote setrmtipaddr ipaddr mask remotename IP network mask of the remote router Bit rate to be used for the phone number Use the default speedRemote setspeed Primary phone number Target IP address of the WAN connection to the remote rout Remote setsrcipaddrRemote setsrcipaddr ipaddr mask remotename Number of seconds in the timeout period Remote settimerRemote settimer seconds remotename Remote start Remote start remotename Total connect time +011148 Total bytes out 15896 Remote statsRemote stats remotename Remote stop Remote stop remotename IP virtual routing table to which the route is removed Remote unbindipvirtualrouteRemote unbindipvirtualroute ipaddr tablename remotename Remote unbindIPVirtualRoute 10.1.2.0 Francisco HQ This page intentionally left blank WAN Interface Commands Adsl Commands Adsl ? Adsl restart Adsl restartAdsl speed Adsl speed Statistical information displayed Adsl statsAdsl stats clear Adsl speed Atm ? ATM CommandsAtm ? Atm pcr Following command requests the current speedTypical response when entered with no parameter Atm pcr cells/second Atm speed Saves the ATM configuration settingsAtm save Atm save Remote setATMTraffic scr mbs remoteName Remote setatmtrafficUpstream speed requested in kilobits/second Atm speed Remote setATMtraffic 47 31 HQ Sustained Cell Rate cells per secondRemote setATMTraffic 0 0 HQ Remote setATMtraffic 47 1 HQ Dmt ? DMT CommandsDmt ? Dmt link Ansi notrellisansi Selects the DMT mode used Dmt modeDmt mode ansi notrellisansi uawg Dual-Ethernet Router ETH Commands Eth br enable Eth br enableEth br disable Eth br disable Ethernet port number Eth br optionsEth br options option on off port# Eth br options stp off Eth br options pppoeonly on Frame ? Frame CommandsFrame ? Frame cmpplay Selects bridging modeSelects bridging mode, default value Frame lmi Frame stats Frame statsDisplays frame relay statistics Frame stats Frame voice Frame voiceDisplays the voice Dlci for voice routers Gti speed GTI CommandsGti ? Gti stats Gti statsGti speed Gti speed Gti version Gti versionGTI Adsl Version information is displayed Hdsl ? Hdsl CommandsHdsl ? Hdsl speed Saves the HDSL-related changes across restarts and rebootsHdsl save Hdsl save Command example displaying current mode Sets the terminal operation mode to CPESets the terminal operation mode to CO Hdsl terminal Idsl list Idsl CommandsIdsl list Typical response Idsl save Idsl saveIdsl set speed Idsl set speed 64 128 Link speed of 64 Kbps Idsl set switchRemote setdlci Link speed of 128 Kbps Remote setProtocol ppp fr mer remotename Remote setprotocolFrame Relay number identifying the data-link connection PPP protocol with no encapsulation Sdsl ? Sdsl CommandsSdsl ? Sdsl preact on off Disables pre-activationSdsl preact CPE end. a Sdsl save Sdsl saveSdsl speed Sdsl speed speed noauto Sdsl speed This command example requests a line speed of 1152 Kb/sSee examples above Terminal operation is displayed Sdsl terminalSdsl terminal cpe co Sdsl terminal Shdsl Commands Shdsl annex Enables the selected annexShdsl ? Lists the supported Shdsl keywords Shdsl list Lists the current configuration of the G.shdsl interfaceShdsl list Shdsl list Shdsl ratemode Selects adaptive or fixed rate modeShdsl margin Noise margin in decibels Shdsl restart Selects adaptive modeSelects fixed mode Current ratemode is displayed Shdsl save Shdsl saveShdsl speed Speed in Kbps This command usage requests a line speed of 1096 Kb/sShdsl speed speed auto Selects auto-speed detection Shdsl stats Shdsl statsShdsl stats clear Shdsl stats clear Shdsl terminal Shdsl terminal Shdsl ver Shdsl verDisplays the G.shdsl version level of the modem firmware Shdsl ver This page intentionally left blank Specifies the boot file name kernel and the sub Allows a BootP request to be processed for a parDenies processing of a BootP request for a partic Lists the supported Dhcp keywords Enables a subnetwork or a client lease Specifies the Tftp server boot serverDisables a subnetwork or a client lease Clears the values from a pool of addresses To define a subnetwork Dhcp ?Dhcp add To define a client lease Dhcp add Command usage defining a subnetworkCommand usage defining a client lease Dhcp add 128 1 4 ipAddress Dhcp addrelay ipaddr Command usage defining, then listing a Dhcp relay serverDhcp addrelay Dhcp addrelay IP address of the subnetwork lease Dhcp bootp allowDhcp bootp disallow IP address of the client lease Name of the file to boot from Dhcp bootp fileDhcp bootp file net ipaddr name Dhcp clear addresses Dhcp bootp tftpserverDhcp bootp tftpserver net ipaddr tftpserver ipaddr IP address of the Tftp server Dhcp clear expire Word records cannot be abbreviated in the commandDhcp clear all records Dhcp clear all records Dhcp clear valueoption net ipaddr code Dhcp clear valueoptionIpaddra IP address of the subnetwork lease User defined code c Example command deleting the user-defined option with code Example command to delete the defined subnetworkExample command usage deleting a client lease Dhcp del Dhcp delrelay Dhcp disableDhcp disable all net ipaddr Dhcp delrelay ipaddr all Enables all subnets Dhcp enableDisables all subnets IIP address of the subnetwork lease Lists global, subnetwork, and client lease information Following example command lists global informationDhcp list Dhcp list net ipaddr Following example command lists information for client Gateway Predefined or user-defined number or keyword Dhcp list definedoptionsDhcp list definedoptions code string Character string Efficient Networks Dhcp list definedoptions ga Dhcp list leaseDhcp list lease Dhcp set addresses Default lease duration is displayedDhcp set expire ipaddr hours default infinite Dhcp set expire Dhcp set lease Dhcp set mask Example command sets client lease time to the default valueExample command sets lease time to infinite for this subnet Dhcp set mask net mask Dhcp set otherserver Dhcp set otherserver net continue stop Subnetwork lease Dhcp set valueoptionLease Code specifying the option to be set This page intentionally left blank Nels, except for the authentication password/se Configures the router to forward all incoming callsDisplay of the current configuration settings for tun Lists the supported L2TP keywords Creates the host name of the remote tunnel Creates a Chap secretCreates local router’s host name Defines the type of L2TP support for the tunnel L2tp add Example command adding the tunnel named PacingAtWorkL2tp ? Tunnelnamea Name of the tunnel. b L2tp call tunnelname L2tp callL2tp close L2tp call PacingAtWork L2tp del No incoming calls are allowed to be forwarded through L2tp forwardForward all incoming calls through the tunnel to an LNS Tunnel to an LNS Tunnelname a Name of the tunnel. b L2tp listL2tp list tunnelname L2tp list IP address of the remote LAC or LNS L2tp set addressL2tp set address ipaddr tunnelname L2tp set authen Enables authenticationDisables authentication L2tp set chapsecret L2tp set hiddenavp Chap secret used to authenticate the creation of the tunnelL2tp set dialout L2tp set dialout yes no tunnelname L2tp set ouraddress Allows the router hide AVPs. Default valueDisables hidden AVPs Source IP address used for this tunnel Lenged by another router L2tp set ourpasswordL2tp set oursysname Name of the tunnel Name of the local router L2tp set ourtunnelnameL2tp set remotename Tunnelnamea,b Name of the tunnel L2tp set type Lishing the L2TP tunnel L2tp set wanifL2tp set wanif remote tunnelname L2tp set window Name of the remote entry Remote setl2tpclientRemote setl2tpclient tunnelnameremotename Remote setlns Remote setLNS tunnelname remotename Filter br ? Lists the supported Bridge Filtering keywords Hexadecimal number up to 6 bytes Filter br addByte offset within a packet Allows forwarding of the packets Filter br del 12 8035 deny Filter br delFilter br del pos data allow deny Filter br list Filter br listLists the bridging filters in the filtering database Filter br list Filter br use This page intentionally left blank Remote setpppoeservice Ifsnumber Session to be closed.a Pppoe closePppoe close ifsnumber Pppoe list Pppoe listLists information about the currently active PPPoE sessions Pppoe list This page intentionally left blank IKE/IPSEC Commands Defines a proposal filtering parameter value for Defines a peer filtering parameter value for the pol IcyDefines the pfs filtering parameter value for Policy Defines a protocol filtering parameter value for Lists the defined IKE peers Message authentication doneDisables a defined IPSec security association SA Entry Sets the local ID for the IKE peer connection Specifies the identifier Spid for the IPSec tunnel Enables a defined IPSec security association en TryClears all IPSec definitions Ike ipsec ? Ike flush Commit bit is not set. Default valueIke commit Displays help message Ike ipsec policies add policyname Ike ipsec policies addIke ipsec policies delete Policynamea New name for an IPsec policy.b Name of an existing IPsec policy. b Ike ipsec policies disableIke ipsec policies disable policyname Policynamea Name of an existing IPsec policy.b Ike ipsec policies enable mypolicy Ike ipsec policies enableIke ipsec policies enable policyname Ike ipsec policies list Ike ipsec policies list IKE IPSec policies mypolicy enabledIke ipsec policies list IP address allowed to be the destination of the data Ike ipsec policies set destIke ipsec policies set destport Name of the IPsec policy to which the destination parameter Portnumber Telnet Http Snmp Tftp Policynamea Ike ipsec policies set interface Ike ipsec policies set interface interface all policyname Ike ipsec policies set interface backup corporate Ike ipsec policies set modeIke ipsec policies set mode tunnel transport policyname Ike ipsec policies set interface all mypolicy Parameter value is added. a Name of the IPsec policy to which the encapsulation modeIke ipsec policies set peer Ike ipsec policies set peer peerpame policyname Negotiation Ike ipsec policies set pfsIke ipsec policies set pfs 1 2 none policyname Ike ipsec policies set pfs 2 mypolicy Ike ipsec policies set proposal myproposal mypolicy Ike ipsec policies set proposalIke ipsec policies set proposal proposalname policyname Ike ipsec policies set protocol Ue is added. b IP address allowed to be the source of the data Ike ipsec policies set sourceIke ipsec policies set source ipaddress ipmask policyname Is added. c Ike ipsec policies set sourceport Ike ipsec policies set translate Ike ipsec policies set translate on off policyname Ike ipsec proposals add Ike ipsec proposals add proposalname Name of an existing IPsec proposal. b Ike ipsec proposals deleteIke ipsec proposals delete proposalname Ike ipsec proposals add myproposal Ike ipsec proposals list Ike ipsec proposals listIke ipsec proposals list Ike ipsec proposals set ahauth md5 sha1 none proposalname Use AH encapsulation and authenticate using hash algorithmIke ipsec proposals set ahauth Secure Hash Algorithm-1 Auth command Use ESP encapsulation and authenticate using hash algorithmNo ESP encapsulation and no ESP message authentication. If Ike ipsec proposals set espauth Use ESP encapsulation and 168-bit encryption if 3DES is en Ike ipsec proposals set espencUse ESP encapsulation and 56-bit encryption Abled in the router Ike ipsec proposals set lifedata Compress using the LZS algorithmIke ipsec proposals set ipcomp Ike ipsec proposals set ipcomp none lzs proposalname Means unlimited Ike ipsec proposals set lifetimeIke ipsec proposals set lifedata kbytes proposalname Ike ipsec proposals set lifetime seconds proposalname Ike peers add peername Ike peers addUnlimited Peernamea New name for an IKE peer.b Ike peers delete peername Ike peers deleteIke peers list Peernamea Name of the IKE peer to delete.b Ike peers list IKE Peers Ike peers set addressIke peers set address ipaddress peername Ike peers set address 0.0.0.0 myaggressivepeer Ike peers set localidIke peers set localid aggressivemodeid peername Name of the IKE peer whose local ID is specified. c Ike peers set localidtypeExample Response Ike peers set localidtype ipaddr domainname email peername Ike peers set localidtype domainname myaggressivepeer Selects aggressive mode one end can change Ike peers set modeSelect main mode both ends constant Name of the IKE peer whose mode is specified. b Ike peers set peerid aggressivemodeid peername Ike peers set peeridIke peers set peeridtype Name of the IKE peer whose peer ID is specified. c Ike peers set secret secret peername Ike peers set secretIke peers set peeridtype ipaddr domainname email peername Ike peers set peeridtype domainname myaggressivepeer Ike proposals add ProposalName Ike proposals addIke proposals delete Proposalnamea New name for an IKE proposal.b Ike proposals list Ike proposals listProposalnamea Name of the IKE proposal to delete.b Ike proposals delete myikeproposal No DH group is used Ike proposals set dhgroupIke proposals set dhgroup none 1 2 proposalname Use DH group Ike proposals set lifetime Use 3DES 168-bit encryption if 3DES encryption is enabledIke proposals set encryption Use DES 56-bit encryption Ike proposals set messageauth none md5 sha1 proposalName Ike proposals set messageauthMaximum number of seconds before renegotiation Ike proposals set lifetime 86400 myikeproposal Ike proposals set sessionauth Ipsec add saname IPSec CommandsIpsec add Sanamea Name for the new IPSec SA.b Sanamea Name of the IPSec SA to be disabled.b Ipsec disableDisables a defined IPSec security association entry Ipsec delete Sanamea Name of the IPSec SA to be enabled.b Ipsec enableIpsec enable saname Ipsec disable showrx Ipsec flush Ipsec flushIpsec list Ipsec list saname Ipsec list Specifies the authentication key for the IPSec SA Ipsec set authenticationIpsec set authentication md5 sha1 saname Ipsec set authkey Defines the direction of the IPSec SA Hexadecimal authentication keyIpsec set direction Ipsec set direction inbound outbound saname Ipsec set compression none lzs saname Ipsec set compressionIpsec set enckey Specifies the encryption key for the IPSec SA Ipsec set encryption Defines the IP address of the IP gateway of the IPSec SA Ipsec set gatewayIpsec set ident Ipaddressa IP address of the IP gateway Spid for the IPSec tunnel Ipsec set modeIpsec set mode tunnel transport saname Name of the IPSec SA. b AH authentication Ipsec set serviceIpsec set service esp ah both saname Use Both ESP encryption and authentication Displays the current voice rate and encoding type Lists the top-level voice or dsp commandsKeywords and a brief description of their function Clears the L2 control channel statistics Dsp ? / voice ? Dsp voice ? Selects the voice encoding method for all voice ports Typical response when entered with no parametersDsp ecode Sets encoding method to alaw Is displayed Dsp jitterDsp jitter milliseconds Optional, Length of jitter buffer in milliseconds Dsp provision Dsp vr Voice port to configureDsp save Dsp save Voice profile profile Voice l2clearVoice l2stats Voice l2stats Voice l2stats Example response confirming the configuration changeVoice profile Voice profile Mode Voice refreshcasVoice refreshcas active always An idle state This page intentionally left blank Attempting the next radius server, if configured Lists the supported radius commands and keyDeletes a configured radius server entry Words Rad ? Rad ?Rad deleteserver Rad deleteserver integer Rad list secret Rad list secretRad list secret Rad list server Rad list serverRad list server Rad set retries Radius set server Radius set secret Radius set timeoutAuthentication secret for the specified radius server Number of seconds between retry attempts Deletes an access path from the specified user ac Adds an access privilege to for the specified userConfigures the managements class with read-only Disables an existing user account Admin R Displays the contents of the user account data BaseLists the characteristics of the pre-defined user Templates User ? Adds user access through the WAN connection User add accessAdds user access through a LAN connection Adds user access through the console serial port User add class User add user username password template enable disable User add user Removes user access through a LAN connection User delete accessUser delete access lan wan console username Removes user access through the WAN connection User delete class mgtclass read write username Enabled for read-onlyUser delete class Must be one of the following User delete user User delete class admin write Admin1User delete class voice read Admin1 User delete user username1 username2 usernameN User delete user Admin1 staff001 User disableUser disable username User disable VoiceAdmin User enable Admin1 User enableUser enable username User list User list User list lookup User list lookupUser list template Displays the pre-defined user template information Efficient Networks User set lookup User setpassword username newpassword User set passwordChanges the password of an existing user account Newpassworda New password for the user account This page intentionally left blank Deletes a feature key from the key-enabled feature Lists the supported key commandsValidates and adds a key to the key-enabled fea Ture database Unrevokes a revoked feature key Disables a key-enabled featureRevokes a key-enabled feature key Updates the expiration date of an expired feature Key Key add keystring Example response when adding a key for L2TPKey add Example response when deleting the key for Radius Key delete featurenameFeaturenamea Name of the feature to be deleted.b Key delete Featurename Name of the feature to be disabled.a Key disableKey disable featurename Key disable l2tp Featurenamea Name of the feature to be enabled.b Key enableKey enable featurename Key list Installed Typical response with the -lparameter is shown below Key revoke Key revoke featureFeaturenamea Name of the feature key to be revoked Key unrevoke Keystringa Key string for the feature Key updateKey update keystring Key unrevoke keystring This page intentionally left blank Enables or disables transmission of unsolicited Disables Snmp access from the specified interEnables Snmp access from the specified inter Sets an authentication password for an Snmp Snmp ? Snmp ?Snmp addsnmpfilter Snmp addstrapdest ip addr Snmp addtrapdestSnmp addsnmpfilter first ip addr last ip addr lan IP address of the trap manager Snmp community name Snmp communitySnmp community snmp community name Following example sets the Snmp community name to iads Snmp delsnmpfilter Snmp delsnmpfilter first ip addr last ip addr lan Snmp deltrapdest Snmp disablesnmpifSnmp disablesnmpif wanlan Snmp deltrapdest ip addr Snmp enablesnmpif wanlan Snmp enablesnmpifWan lan Interface from which Snmp access will be disabled Wan lan Interface from which Snmp access will be enabled Snmp list Snmp settrapenableSnmp settrapenable on off Snmp list Snmp Manager authentication password Enables trap event message transmissionCurrent password Example response when a password parameter is entered Snmp snmpport default disabled port Snmp snmpport Enables or disables the stateful firewall function Displays the current stateful firewall settingsConfigured rules Due to firewall rules that when exceeded, will log Sets the threshold value for the number of SYN Firewall ?Sets the threshold value for the number of Icmp Sets the threshold value for the number of UDP Firewall allow protocol application parameters Packets must match the assigned application characteristicsFirewall allow Packet must have the specified protocol Examples Firewall allow -a FTP -sa 192.168.1.34 -d out Firewall -a netmeeting -sa 192.168.1.23 -d out Indicates the specified rule is in the deny rules list Firewall clearcounterIndicates the specified rule is in the allow rules list Firewall clearcounter 13 allow Firewall clearcounter all Firewall clearcounter allFirewall delete Firewall delete all allow deny Example command deletes rule 3 from the deny rules listFirewall delete all Will delete all rules from the allow rules list Firewall delete all allow Firewall denyFirewall deny protocol application parameters Both Firewall list allow deny Command entered with no parametersFirewall list Optional parameter will display only allow rules list Firewall modify allow deny number parameter Command entered with the optional allow parameterFirewall modify Following identifies the firewall rule to be modified Modifies the source IP address or specified address range Specifies the protocol a packet must haveModifies the firewall rule type Modifies the specified source ip mask Firewall set Enables the firewall as currently configuredDisables the firewall Firewall setdroppktthreshold Threshold value in packets per seconds Firewall seticmpfloodthresholdFirewall seticmpfloodthreshold number Firewall setdroppkthreshold Firewall setsynfloodthreshold Firewall setsynfloodthreshold number Firewall setudpfloodthreshold number Firewall setudpfloodthresholdFirewall viewdroppkts Firewall viewdroppkts number Typical response using the optional number parameter Firewall viewdroppkts No messages are printed to the console or Syslog server Firewall watchFirewall watch on off This page intentionally left blank Configured SSH port List the supported SSH sub-commandsDisplays the current SSH configuration with the ex Sets the idle timeout period for SSH connections Ssh ? Ssh ?Ssh keygen Generates the Private-Public key-pair for the local server Ssh list Ssh listSsh load privatekey Ssh load publickey tftp@server-addrpriv-key-file Key file to load Ssh load publickeySsh load publickey TFTP@server-addrpub-key-file Ssh load privatekey tftp@192.168.13.174mykey Sets the types of encryption the SSH connections will use Multiple types are allowed on the command lineSsh set encryption DES 56-bit encryption Idle timeout period in seconds Ssh set idletimeoutSsh set idletimeout seconds Ssh set keepalive enable disable Keepalive messages are sent Ssh set keepalive enableSsh set mac Ssh set mac md5 sha1 Ssh set rekey Enables and disables SSH server connectionsSsh set status enable disable Ssh set status Ssh set status enable Allows SSH connections This page intentionally left blank Services field List the supported QoS commands and a brief deEnables and disables marking of the differentiated Scription of their functions Qos append Saves the current QoS configuration and QoS pol IciesQos ? Defines a proposal filtering parameter value for Policy Policy namea Specifies the QoS policy name to be added Specifies that all disabled QoS policies will be deletedQos del Specifies the QoS policy to be deleted Qos diffserv Qos disableExample command that deletes all disabled QoS policies QOS will mark Diffserv field in IP header Qos enable policy name Qos enablePolicy namea Specifies the QoS policy to be disabled Specifies the QoS policy to be enabled Qos del policy name insert before this policy Qos insertQos list Qos list policy name Qos list mypolicy3 LOW Qos move policy name move to before this policy Qos moveQos movetoend Specifies the QoS policy to be moved Qos off Qos off Qos save Saves the current QoS feature and policy configurationsQos on Qos on Qos set parameter policy name Specifies the priority, with normal the default valueQos set Specifies the incoming code point Specifies the outgoing code point Queue Qos setweightQos setweight highmeduimnormallow weight This page intentionally left blank Disables the specified Ethernet port Lists the supported Switch sub-commandsSpecifies the aging time of the switch Configures port traffic mirroring Switch ? help Switch ?Switch agetime Switch agetime seconds Ethernet port to be disabled Switch blockSwitch block port Switch block Switch mirror capture 6 switch mirror map Switch mirror map Switch mirrorSwitch mirror on off capture port map port unmap port Switch status Switch statusDisplays the current port states for the Ethernet switch Switch mirror capture Ethernet port to be enabled Switch unblockSwitch unblock port Switch status

Enables and disables the secure mode function.

Manages SNMP port access.

Manages SSH port access.

Manages Syslog port access.

Manages the built-in Telnet server port access.

Efficient Networks®