Manuals / Brands / Power Tools / Router / Enterasys Networks / Power Tools / Router

Enterasys Networks XSR CLI ISAKMP Protocol Policy Mode Commands crypto isakmp proposal

1 684

Download 684 pages, 5.92 Mb

ISAKMP Protocol Policy Mode Commands

XSR CLI Reference Guide 14-95

ISAKMP Protocol Policy Mode Commands

crypto isakmp proposal

ThiscommanddefinesanIKEproposal(policy)‐asetofparametersusedduringIKEnegotiation.

ItinvokesISAKMPprotocolpolicyconfigurationmodewherethefollowingsub‐commandsare

availabletospecifyparametersintheproposal:

•authentication ‐AuthenticationmethodusedbyanIKEproposal.Refertopage14‐96for

thecommanddefinition.

•encryption ‐EncodingmethodusedbyanIKEproposal.Refertopage14‐97forthe

commanddefinition.

•group ‐Diffie‐HellmangrouptypeusedbyanIKEproposal.Refertopage14‐97forthe

commanddefinition.

•hash ‐HashalgorithmusedbyanIKEproposal.Refertopage14‐98forthecommand

definition.

•lifetime ‐SAintervalusedbyanIKEproposal.Refertopage14‐99forthecommand

definition.

ManyIKEproposals(policies)canbeconfiguredoneachpeerparticipatinginIPSec.WhenIKE

negotiationbegins,ittriestofindacommonproposal(policy)onbothpeers;thecommon

proposalcontainsexactlythesameencryption,hash,authentication,andDiffie‐Hellmanvalues.

Thelifetimevaluedoesnotnecessarilyhavetobethesame.

Syntax

crypto isakmp proposal name

Syntax of the “no” Form

TodeleteanIKEproposal(policy),usethenoformofthiscommand:

no crypto isakmp proposal name

Defaults

TheDEFAULTproposalcontainsthesedefaultvalues:

• Authentication:RSAsignatures

• Encryption:TripleDES

•Group:2

•Hash:SHA‐1

• Lifetime:28,840seconds(8hours)

Mode

Globalconfiguration:XSR(config)#

name Proposalnametobedefined.

Contents

Main Page Notice Enterasys Networks, Inc. FIRMWARE LICENSE AGREEMENT Page Page Contents Preface Chapter 1: Network Management Chapter 2: Configuring T1/E1 and T3/E3 Subsystems Chapter 3: Configuring the XSR Platform Chapter 4: Configuring Hardware Controllers Chapter 6: Configuring the Border Gateway Protocol Chapter 7: Configuring IP Multicast Chapter 8: Configuring the Point-to-Point Protocol Chapter 9: Configuring Frame Relay Chapter 10: Configuring the Dialer Interface Chapter 13: Configuring ADSL Chapter 14: Configuring the VPN Chapter 15: Configuring DHCP Chapter 16: Configuring Security Page Preface Contents of the Guide Conventions Used in This Guide Thefollowingconventionsareusedinthisguide: Getting Help + Page Page Network Management Network Management Commands General Network Management Commands banner configure terminal crypto key dsa disable enable end help ip http port ip http server ip ssh server ip telnet port ip telnet server ping Thefollowingexampleshowsthedestinationlostafterthreepings: privilege Page session-timeout terminal traceroute Parameters in the Response Abnormal Termination Signs username Admin/Administrative Users General Show Commands crypto key dsa show Thefollowingoutputdisplayspublickey: show ip http ThiscommandinformationabouttheHTTP(Web)session. Thefollowingisoutputfromtheip httpcommand: show ip telnet ThiscommandinformationabouttheTelnetsession. snmp-server Commands Page snmp-server community snmp-server contact snmp-server enable/disable snmp-server enable traps snmp-server engineID snmp-server group snmp-server host snmp-server informs snmp-server location snmp-server max-traps-per-window snmp-server min-trap-spacing snmp-server packetsize snmp-server queue-length snmp-server set entityMIB snmp-server system-shutdown snmp-server tftp-server-list snmp-server trap-source snmp-server trap-timeout snmp-server user snmp-server view Page Page snmp-server window-time SNMP Show Commands show snmp ThiscommandinformationabouttheSNMPserver. Theexamplebelowshowsoutputwiththelocationoptionentered: show snmp engineID ThiscommanddisplaystheidentificationofthelocalSNMPengine. show snmp group ThiscommanddisplaysthenamesofgroupsontheXSRwiththeirsecuritymodelandviews. show snmp host ThiscommanddisplaysinformationfromtheSNMPHosttable. show snmp user ThiscommanddisplaysinformationoneachSNMPusernameintheUsernametable. show snmp view (nonvolatile)orwillbelostifthedeviceisreset(volatile). ThiscommanddisplaysinformationoneachSNMPviewinthegroupusernametable. SLA Agent Commands aggregate period buckets-of-history-kept frequency map owner request-data-size tag timeout type RTR-mode Commands rtr rtr owner rtr schedule RTR Show Commands show rtr operation-state show rtr configuration show rtr history ThiscommanddisplaysthemeasurementhistoryoftheResponseTimeReporter(RTR). EXECconfiguration: XSR> Configuring T1/E1 and T3/E3 Subsystems T1/E1 & T3/E3 Commands cablelength For T3 controllers only cablelength long For T1 controllers only cablelength short For T1 controllers only channel-group clock source controller crc Page dsu mode For T3/E3 un-channelized controllers only dsu bandwidth For T3 controllers only e-bit-reset equipment For T3/E3 controllers only framing Page interface serial international bit For E3 controllers only invert data linecode loopback national bit For E3 controllers only scramble Page T1/E1 and T3/E3 Clear and Show Commands clear controller show controllers Thefollowinglineisaddedtotheoutputifloopbackissetasline: ThefollowingisapartialexampleoftheoutputfromaT3NIM: Page Page Page Drop and Insert Commands drop-and-insert-group show controller For Drop & Insert NIM only Page Configuring the XSR Platform Platform Commands Clock Commands clock set clock timezone Crypto Key Commands crypto key master generate crypto key master remove crypto key master specify Other Platform Commands cpu-utilization debug processor hostname logging LogGen Functionality User Guidelines netload SNTP Commands sntp-client sntp-client poll-interval sntp-server enable no sntp-server show sntp Output Platform Clear and Show Commands clear counter processor clear fault-report clear logging ThiscommanddeletesallmessagesfromtheloggingbufferinRAM. show buffers PrivilegedEXECconfiguration:XSR# Page show buffers i/o show buffers malloc Refertothe show bufferscommand. show clock ThiscommandshowscurrentUniversalTimeClock(UTC)setbyGreenwichMeanTime(GMT). Ifthetimezoneissetup,show clockdisplaysbothUTCandlocaltime: show cpu-utilization Parameter Description show fault-report Watchdog Fault Report ThefollowingissampleoutputfromanXSR3020router: show logging show logging file show logging history show sntp show version ThiscommanddisplayscurrentXSRhardwareandfirmwaredata. ThefollowingisexampleisoutputfromanXSR1805: ThefollowingexampledisplaysoutputfromanXSR3150: show whoami Thiscommanddisplaysidentificationdataforacurrentterminalsession. File System Commands boot system cd copy <file> Save Configuration to TFTP Server Software Image Loading from a TFTP Server Configuration Load Save Running Configuration copy running-config startup-config copy startup-config tftp delete <file> dir more pwd reload Page rename show hostname show reload Parameter Description show running-config Page Page verify write Bootrom Monitor Mode Commands bc bw bp bu bU cd copy da Thiscommanddisplayssystemdateandtimewiththissampleoutput: del Thiscommandremovesafilefromflash:orcflash:memory. df dt ff ffc ng np ns ThiscommandsavesafileoverthenetworkusingaremoteIPaddress/filepath. rename Thiscommandrenamesafileusingthesyntaxrename <source name> <destination name> sb si ThiscommanddisplaysXSR1800Seriesinventorywiththissampleoutput: ThiscommanddisplaysXSR3000Seriesinventorywiththissampleoutput: sn ThiscommanddisplayssampleXSR1800Seriesnetworkvalues: sv ThiscommanddisplayssampleXSR1800Seriesbootromversionvalues: Page Configuring Hardware Controllers Hardware Controller Commands clock rate databits duplex loopback media-type nrzi-encoding parity physical-layer speed stopbits vlan Hardware Controller Clear and Show Commands clear counters fastethernet clear counters gigabitethernet clear interface fastethernet clear interface gigabitethernet clear counters serial clear interface serial show controllers fastethernet show controllers gigabitethernet ThefollowingexampledisplaysoutputfromGigabitEthernetport1: show controllers serial Thiscommanddisplaysdetailedserialcontrollerdataforaninterface. ThefollowingexampledisplaysoutputfromSerialport1/0: show interface bri ThiscommanddisplaysISDNBasicRateInterface(BRI)informationforaninterface. Thefollowingexampledisplaysoutputbythecommand: channels. show interface dialer show interface fastethernet ThefollowingissampleoutputfromaVLANinterfaceonFastEthernetsubinterface2.1: show interface gigabitethernet ThefollowingexampleissampleoutputfromGigabitEthernetinterface1: show interface loopback Thiscommanddisplaysinformationabouttheloopbackinterface. ThefollowingissampleoutputfromMultilinkinterface8: ThefollowingissampleoutputfromLoopbackinterface5: show interface multilink show interface null Thefollowingexampleissampleoutputfromtheshow interface null 0command: Thiscommanddisplaysgeneralinformationforaserialinterface. ThefollowingexampledisplaysoutputfromSerialinterface1/0: show interface vpn ThiscommanddisplaysattributesoftheconfiguredVPNinterface. ThefollowingissampleoutputdisplayingVPNinterface57statistics: Configuring the Internet Protocol IP Commands OSPF Commands area authentication area default-cost area nssa area range area stub area virtual-link Page auto-virtual-link database-overflow LSA Type: distance (OSPF) Page Page ip ospf cost ip ospf dead-interval ip ospf hello-interval ip ospf message-digest-key ip ospf passive ip ospf poll-interval ip ospf priority ip ospf retransmit-interval ip ospf transmit-delay redistribute router ospf summary address timers spf OSPF Debug and Show Commands debug ip ospf dr debug ip ospf packet Page debug ip ospf lsas debug ip ospf nbr Page show ip ospf Thefollowingissampleoutputwhenalldebuggingtypesareenabled: show ip ospf border-routers show ip ospf database No Parameter Router Parameter Network Parameter Summary Parameter: Response ASBR-summary Parameter: Response External Parameter Response NSSA-External Parameter Response Database-summary Parameter Response For No Parameter For Router Parameter For Network Parameter For Summary Parameter Display For ASB-summary Parameter Display For External Parameter For NSSA-external Parameter For Database-summary Parameter show ip ospf interface show ip ospf neighbor show ip ospf virtual-links Page RIP Commands distance (RIP) distribute-list ip rip authentication RIP Example ip rip authentication mode ip rip disable-triggered-updates ip rip offset ip rip receive version ip rip send version ip split-horizon neighbor passive-interface receive-interface redistribute (OSPF/Static) router rip timers RIP Show Commands show ip rip Thiscommanddisplaysconfigurationdataandstatisticsglobaltoallports. Thefollowingisasampleresponsewithnooptionchosen: Thefollowingissampleoutputwiththedatabaseoptionselected: RTP Header Compression Commands clear ip rtp header compression interface serial ip rtp compression connections ip rtp header-compression ip rtp range show ip rtp header compression interface serial Triggered on Demand RIP Commands ip rip max-retransmissions ip rip polling-interval ip rip triggered-on-demand Policy-Based Routing Commands ip policy route-map pbr match ip address set ip next-hop set interface PBR Clear and Show Commands clear ip pbr-cache show ip pbr-cache show route-map pbr ARP Commands arp arp-timeout Other IP Commands ip default-network ip directed-broadcast ip dhcp relay-source gateway ip domain ip equal-cost multi-path ip forward-protocol Page DHCP Relay Functionality ip helper-address ip host ip irdp ip mtu ip proxy-arp ip proxy-dns ip proxy-dns name server ip redirects ip route ip route maximum_multiple ip tcp adjust-mss ip telnet server ip unnumbered ip router-id IP Clear and Show Commands clear arp-cache clear ip interface-counters clear ip proxy-dns cache clear ip traffic-counters clear tcp counters show ip arp show ip interface ThefollowingissampleoutputshowingprimaryandsecondaryIPaddresses: Page show ip irdp Configuration Mode show ip proxy-dns cache show ip route Page show ip static database show ip traffic ThiscommanddisplaysgeneralIPprotocolsstatistics. Thefollowingissampleoutput: show resources Page show tcp Configuration Mode Connection Table General Information Display Connection state - Possible states for a TCP connection: telnet ip_address Network Address Translation Commands clear ip nat translation Page ip nat pool ip nat service list ???SPTD??? ip nat source (interface mode - NAPT) Default: ip nat source intf-static (interface mode) ip nat source static (global mode) ip nat translation show ip nat translations Page Virtual Router Redundancy Protocol Commands vrrp <group> adver-int vrrp <group> authentication vrrp <group> ip vrrp <group> master-respond-ping vrrp <group> preempt vrrp <group> priority vrrp <group> track VRRP Clear and Show Commands clear vrrp-counters show vrrp Thefollowingsampleoutputdisplaysconfigurationdataforallvirtualroutersonthisrouter: show vrrp interface Thiscommanddisplaysallthevirtualroutersandtheirstatusonaspecifiedinterface. ThissampleoutputdisplaysconfigurationdataofavirtualrouteroninterfaceFastEthernet2: FastEthernetInterface Interfacetypeandnumber GroupID VRRPgroupnumber show vrrp summary Page Page Configuring the Border Gateway Protocol BGP Configuration Commands router bgp aggregate-address auto-summary bgp always-compare-med bgp bestpath med missing-as-worst bgp client-to-client reflection bgp cluster-id bgp confederation identifier bgp confederation peers bgp dampening bgp default local-preference distance bgp neighbor advertisement-interval neighbor default-originate neighbor distribute-list neighbor ebgp-multihop neighbor filter-list neighbor maximum-prefix neighbor next-hop-self neighbor password neighbor peer-group neighbor remote-as neighbor route-map neighbor route-reflector-client neighbor send-community neighbor shutdown neighbor soft-reconfiguration inbound neighbor timers neighbor update-source neighbor weight ip as-path access-list ip community-list Page redistribute synchronization timers bgp Route Map Commands match as-path match community-list match metric match ip address match ip next-hop BGP Set Commands set as-path set community set dampening Page set ip next-hop set local-preference set metric set origin set weight BGP Clear and Show Commands clear ip bgp clear ip bgp dampening show ip bgp ThiscommanddisplaysentriesintheBGProutingtable. show ip bgp community show ip bgp community-list ThiscommanddisplaysroutesthatarepermittedbytheindicatedBGPcommunitylist. ThiscommanddisplaysBGProutessuppressedduetodampening. show ip bgp dampened-paths show ip bgp filter-list Thiscommanddisplaysroutesconformingtoaspecifiedfilterlist. Thefollowingexampleissampleoutputfromthecommand: show ip bgp inconsistent-as show ip bgp neighbors Page show ip bgp peer-group show ip bgp regexp show ip bgp summary show route-map BGP Debug Commands debug ip bgp Thenoformofthiscommanddisablesdebuggingoutput: BGPdebuggingisdisabled. Thefollowingissampleoutputwiththeeventsoptionchosen: Thefollowingissampleoutputwiththeupdatesoptionchosen: show ip traffic Configuring IP Multicast IGMP and Generic Multicast Commands ip multicast-routing ip igmp version ip igmp join ip igmp last-member-query-count ip igmp last-member-query-interval ip igmp query-interval ip igmp query-max-response-time ip igmp querier-timeout ip multicast ttl-threshold PIM Commands ip pim sparse-mode ip pim bsr-border ip pim bsr-candidate ip pim dr-priority ip pim message-interval ip pim query-interval ip pim rp-address ip pim rp-candidate ip pim regcksum wholepacket ip pim spt-threshold IGMP Clear and Show Commands clear ip mroute show ip igmp groups show ip igmp interface Page show ip mroute show ip pim bsr show ip pim interface show ip pim neighbor Parameters Descriptions show ip pim rp show ip pim rp-hash Page Page Configuring the Point-to-Point Protocol PPP Commands encapsulation ppp interface Page ppp authentication Example 1 Example 2 ppp chap ppp keepalive ppp lcp max-configure ppp lcp max-failure ppp lcp max-terminate ppp max-bad-auth ppp pap sent-username ppp peer default ip address ppp quality ppp timeout retry username PPP Debug, Clear and Show Commands debug ppp packet ppp debug packet clear ppp show ppp Page show ppp interface Page ThefollowingdisplaysoutputwithPPPqualityenabledandaPPPconnection: Output Parameters Summary LCP Statistics LQR Status and Statistics OutLQRs LCP Configuration Period InitialMRU MagicNumber FcsSize Multilink PPP Commands interface multilink multilink max-links multilink min-links ppp bap call ppp bap callback Mode of the no Form ppp bap number ppp bap timeout ppp multilink ppp multilink endpoint ppp multilink fragment-delay Page ppp multilink fragment disable Display Examples Thefollowingexampledisplaysfragmentationsettings: ppp multilink group multilink load-threshold ppp multilink multi-class Page Multilink Show Commands show interface multilink EXEC: ThefollowingissampleoutputforMultilinkinterface8: PPP Multilink Status Max Fragment Size High Pri Member link is Serial 1/00 PPP Multilink Bundle Statistics show ppp interface multilink/dialer ThefollowingisissampleoutputwithMultiClassconfigured: Refertotheshow interface multilinkcommandpage122forparameterdescriptions. show ppp interface multilink/dialer multi-class ThiscommanddisplaysMultiClassMLPPPstatusandstatistics. Thefollowingexampledisplaysoutputofthiscommand: PPP Multilink Multi-Class Bundle Parameter Descriptions Class QoSCls# Range 13 Page show ppp interface multilink/dialer memberlink PPP Multilink Member Link Paremeter Descriptions Tx Rx show ppp interface multilink/dialer memberlink multi-class PPP Multilink Member Link Multi-Class Parameter Descriptions Class LastRXSeq# LastRXSeq# show ppp interface dialer x mlpppgroup x bap Page Page Page Configuring Frame Relay Frame Relay Commands encapsulation frame-relay frame-relay class frame-relay interface-dlci Page frame-relay intf-type frame-relay lmi-t391dte frame-relay lmi-n391dte frame-relay lmi-n392dce frame-relay lmi-n392dte frame-relay lmi-t392dce frame-relay lmi-n392dce frame-relay lmi-n393dce frame-relay lmi-type frame-relay traffic-shaping interface Frame Relay Map Class Commands class frame-relay adaptive-shaping frame-relay bc frame-relay be frame-relay cir frame-relay fragment map-class frame-relay Page sub-interface Frame Relay Clear and Show Commands clear frame-relay counter clear frame-relay inarp show frame-relay fragment Page show frame-relay lmi show frame-relay map show frame-relay pvc Page show frame-relay traffic show frame-relay map-class ThefollowingstatisticsareaddedtothecommandiftheportisconfiguredforFrameRelay. ThefollowingexampledisplaysT1statistics: ThefollowingexampledisplaysSerialinterface2/0statistics: Page Page Configuring the Dialer Interface Dialer Interface Commands dialer dtr dialer pool dialer pool-member dialer string dialer wait-for-carrier-time (interface configuration) dialer wait-for-carrier-time (map-class dialer configuration) interface dialer Page map-class dialer modem-init-string Dialer Interface Clear and Show Commands clear dialer show dialer show dialer maps show dialer sessions Dial Backup Commands backup interface dialer backup time-range show interface dialer DOD/BOD Commands dialer-group dialer-list dialer called dialer caller dialer idle-timeout dialer map dialer persistent dialer redialer attempts dialer remote-name Dialer Watch Commands dialer watch-group dialer watch-list Usethenoformofthiscommandtodisablethisfeature: DialerInterfaceconfiguration:XSR(config-if<Dx>)# Initialdelay:30seconds Connectdelay:2seconds Disconnectdelay:2seconds Thefollowingexampleconfiguresthedialerwatchoption: Page Page ISDN BRI and PRI Commands ISDN Commands interface bri isdn answer1, isdn answer2 (BRI) isdn bchan-number-order (PRI) isdn call isdn calling-number isdn disconnect isdn spid1, isdn spid2 (BRI) isdn switch-type (BRI/PRI) BRI Switch Types: PRI Switch Types: leased-line bri pri-group shutdown (BRI) ISDN Debug and Show Commands debug isdn show controllers bri show interface bri Syntax (PRI) Syntax (BRI) Page show isdn history Prameter Descriptions show isdn active show isdn service Page Configuring Quality of Service QoS Commands Policy-Map Commands policy-map Page bandwidth class clear policy-map police priority queue-limit random-detect (RED) random-detect (WRED) random-detect dscp Page random-detect exponential-weighting-constant random-detect precedence set cos set ip dscp set ip precedence shape Class-map Commands class-map match access-group match cos match ip dscp match ip precedence QoS Show Commands show class-map show policy-map show policy-map interface Parmeter Descriptions show random-detect interface Page show shape interface Page Configuring ADSL ADSL Configuration Commands CMV Commands cmv append cmv clear cmv cr cmv cw cmv delete cmv print cmv save Other ADSL Commands interface atm interface atm sub-interface Page Page crypto encapsulation Page no shutdown oam-pvc oam retry pvc Page no shutdown PPP Configuration Commands ppp chap ppp keepalive ppp lcp ppp max-bad-auth ppp pap ppp quality ppp timeout retry ATM Clear and Show Commands clear counters atm show controllers atm Thefollowingissampleoutputwhenasubinterfaceisspecified: Parameters in the Sub-Interface Response Packet Processor Tx Scheduler Stats ATM Sub-interface Statistic Counters: show interface atm Thefollowingissampleoutputwhenaninterfaceisspecified: Thefollowingissampleoutputwhenasubinterfaceisspecified: Parameters in the Interface Response Operationalstate:OperUporOperDown. Negotiateddownstreamdatarate. Negotiatedupstreamdatarate. Parameters in the Sub-Interface Response Configuring the VPN VPN Commands PKI commands CA Identity Mode Commands crypto ca identity crl frequency enrollment http-proxy enrollment retry count enrollment retry period enrollment url crypto ca enroll Thenoformofthiscommandcancelsacurrentenrollmentrequest: thecrypto ca identitycommand. Globalconfiguration:XSR(config)# show crypto ca identity Other Certificate Commands crypto ca authenticate crypto ca certificate chain crypto ca crl request show crypto ca crls show crypto ca certificates IKE Security Protocol Commands clear crypto isakmp ISAKMP Protocol Policy Mode Commands crypto isakmp proposal authentication encryption hash lifetime Remote Peer ISAKMP Protocol Policy Mode Commands crypto isakmp peer config-mode exchange-mode nat-traversal proposal user-id Remote Peer Show Commands show crypto isakmp peer show crypto isakmp proposal show crypto isakmp sa Parameters Descriptions Main Mode Exchange Aggressive Mode Exchange IPSec Commands access-list Page IPSec Clear and Show Commands clear crypto sa show access-lists crypto key master Crypto Map Mode Commands crypto map (Global IPSec) Crypto Map Crypto Map Rules match address mode set peer set security-association level per-host set transform-set Crypto Transform Mode Commands crypto ipsec transform-set set pfs set security-association lifetime Crypto Show Commands show crypto ipsec sa show crypto ipsec transform-set show crypto map including:ATM,BRI,Dialer,Fast/GigabitEthernet,Multilink,orSerial. Interface CLI Commands crypto map crypto ezipsec Interface VPN Commands interface vpn Page copy-tos Page ip address negotiated ip multicast-redirect Tunnel Commands tunnel set active set heartbeat set peer set protocol set user Tunnel Clear and Show Commands clear tunnel show tunnels Page Additional Tunnel Termination Commands Page show ip local pool ThiscommanddisplaysstatisticsforanydefinedIPaddresspools. Thisoutputdisplayswhenthecommandisspecifiedwithoutaname: Thefollowingoutputdisplayswhenthecommandisspecifiedwiththenametest: DF Bit Commands crypto ipsec df-bit (Global configuration) crypto ipsec df-bit (Interface configuration) Configuring DHCP DHCP Commands bootfile client-class client-identifier client-name debug ip dhcp server default-router dns-server domain-name hardware-address host ip address dhcp ip dhcp ping packets ip dhcp ping timeout ip dhcp pool ip dhcp server Page Page lease netbios-name-server netbios-node-type next-server option Page Page Page Page Page Page Page Page Page service dhcp DHCP Clear and Show Commands clear ip dhcp binding clear ip dhcp server statistics show dhcp lease show interface show ip dhcp binding show ip dhcp server statistics Page Configuring Security General Security Commands access-list (extended) Additional Syntax access-list (standard) Page access-list log-update-threshold hostdos ip access-group Security Clear and Show Commands clear hostdos-counters show access-lists show access-list log-update-threshold show hostdos AAA Commands aaa client AAA Usergroup Commands aaa group dns server ip pool pptp encrypt mppe wins server AAA User Commands aaa user Page password policy privilege AAA Method Commands aaa method Page acct-port address attempts auth-port Page client enable Page hash enable key qtimeout retransmit timeout AAA Per-Interface Commands aaa-method aaa privilege AAA Debug and Show Commands debug aaa ThefollowingisadebugauthenticationmessageshowingtheLocalmethodfailedwithMSCHAP: show aaa group ThiscommanddisplayspropertiesoftheAAAgroup. Ifagroupnameisnotspecified,allgroupsaredisplayedincludingtheDEFAULTgroup. PrivilegedEXECorGlobalconfiguration:XSR> or XSR(config)# Thefollowingoutputisdisplayedbythecommand: show aaa user show aaa method Ifthemethodnameisnotset,allmethodsandmethodattributesdisplay. Thefollowingoutputisdisplayedbyenteringshow aaa method: Firewall Feature Set Commands ip firewall auth Thiscommanddefinestheobjectwhichhandlesconfigurationforfirewallauthentication. ip firewall disable/enable ip firewall filter ip firewall icmp timeout ip firewall java and ip firewall activex ip firewall load ip firewall logging ip firewall network ip firewall network-group ip firewall policy Page ip firewall redirectURL ip firewall rpc timeout ip firewall service ip firewall service-group ip firewall tcp/udp timeout ip firewall url-load-black/white-list Firewall Interface Commands ip firewall disable ip firewall ip-broadcast ip firewall ip-multicast ip firewall ip-options ip firewall sync-attack-protect Firewall Show Commands show ip firewall config displaysconfigurationobjectsassociatedwiththefirewallandvalueswhicharealwaysineffect: show ip firewall filter Thiscommanddisplaysallconfiguredfirewallfilters. show ip firewall network show ip firewall network-group show ip firewall service show ip firewall service-group show ip firewall policy show ip firewall sessions show ip firewall auth show ip firewall general Thefollowingsampleoutputdisplayssummarystatistics: show ip firewall URLList ThiscommanddisplaystheconfiguredURLfilterinformation. EXEC or Privileged EXEC Mode: XSR> or XSR#