Alcatel-Lucent OmniAccess 5510 ADSL Reference Manual Download | Manualshive

Page: 553 / 792

background image

show firewall session source

Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)

525

Alcatel-Lucent

Beta

Beta

OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide

SHOW

FIREWALL

SESSION

SOURCE

show firewall session

[

source

{

ip

<

ip-address>

|

net <ip-address/

prefix-length>

} [{<

1-65535>|proto

{

gre

|

icmp

|

tcp

|

udp

}

|

destination

}]

D

ESCRIPTION

This command is entered in the Super User Mode or Configuration Mode or
Interface Configuration Mode. This command is used to view the firewall session
details given the source address.

P

ARAMETERS

E

XAMPLE

ALU(config-if FastEthernet0)# show firewall session source ip

10.91.1.108

ID 70 ICMP timeout 25 secs, used by NAT

Initiator: (10.91.1.108:13)=>(10.91.0.1:13)

Responder: (10.91.0.1:34416)=>(10.91.1.108:34416)

TCP

-

FIN

-

NO

-

ACK

tcp-fin-no-ack

D

ESCRIPTION

This command is entered in the Firewall-Attack Sub Configuration Mode. TCP
packets without ACK are set for FIN.This leads to system crashing at times. To
avoid this mishap, include the above command in the user-defined attack
prevention list or just use the “default” keyword.

P

ARAMETERS

None.

E

XAMPLE

ALU(config-firewall-attack-A1)# tcp-fin-no-ack

Parameter

Description

ip-address

Source IP address.

ip-address/prefix-length

Source IP address with prefix length.

1-65535

Denotes the port number.

gre

|

icmp

|

tcp

|

udp

Protocol type.

«
...
551
552
553
554
555
...
»

Summary of Contents for OmniAccess 5510 ADSL

Page 1: ...800 995 2696 International Customer Support 818 878 4507 Internet service esd alcatel lucent com Website www alcatel lucent com Part No 060286 00 Rev A For final production import color definitions f...

Page 2: ...e with the installation instructions it may not function exactly to the said specifications Modifying the equipment without Alcatel Lucent s written authorization may result in the equipment no longer...

Page 3: ...ystem Configuration and Monitoring 37 aaa authentication console 38 aaa authentication enable 38 aaa authentication remotelogin 39 aaa authentication web 39 aaa authentication password prompt 40 aaa a...

Page 4: ...essage 65 no aaa authentication password prompt 65 no aaa authentication success message 65 no aaa authentication username prompt 66 no aaa services 66 no aaa authentication console 66 no aaa authenti...

Page 5: ...r key 71 no tacacs server timeout 71 no username 71 package backup 72 package install 73 package install flash 75 package remove 76 ping 78 radius server 79 radius server auth port 80 radius server de...

Page 6: ...5 show snmp group 106 show snmp stats 107 show snmp user 108 show snmp view 108 show startup config 109 show tech support 110 show version 111 snmp agent 111 snmp agent version 112 snmp disable 112 sn...

Page 7: ...ce 130 show vrrp all 131 show vrrp interface 132 vrrp group id authentication text 133 vrrp group id description 134 vrrp group ID ip address 134 vrrp group id IP ip address secondary 135 vrrp group i...

Page 8: ...id native vlan 162 switchport mode 162 switchport trunk allowed vlan 163 switchport trunk allowed vlan range 163 7 Spanning Tree Protocol 165 no spanning tree enable 166 no spanning tree cost 166 no s...

Page 9: ...ebug ppp 192 no encapsulation pppoe 192 no ppp authentication 192 no ppp authentication client password 192 no ppp authentication client username 193 no ppp authentication password 193 no ppp authenti...

Page 10: ...03 pppoe negotiate 204 pppoe retry timer 205 pppoe service name 206 show ppp all configuration 207 show ppp all statistics 208 show ppp authentication configuration 209 show ppp authentication statist...

Page 11: ...7 ip community list standard 248 ip prefix list 249 ip route 250 ip tcp adjust mss 251 ip unnumbered 252 match as path 253 match community 253 match interface 254 match ip address 254 match ip next ho...

Page 12: ...83 ip rip authentication key chain 284 ip rip authentication mode 284 ip rip send receive 285 ip split horizon 285 key 286 key chain 286 key string 287 network 287 neighbor 287 no auto summary 289 no...

Page 13: ...d 311 bgp bestpath med 312 bgp client to client reflection 312 bgp cluster id 313 bgp confederation identifier 313 bgp confederation peers 314 bgp dampening 314 bgp default local preference 315 bgp en...

Page 14: ...figuration inbound 336 neighbor timers 337 neighbor unsupress map 338 neighbor update source 339 neighbor version 340 neighbor weight 340 network 341 router bgp 342 show ip bgp 342 show ip bgp cidr on...

Page 15: ...ority 379 ip ospf retransmit interval 379 ip ospf transmit delay 380 log adjacency changes 380 neighbor 381 network area 382 no passive interface 382 no log adjacency changes 383 no area authenticatio...

Page 16: ...mode 422 ip pim spt threshold 423 ip pim query interval 424 no ip pim sparse mode 424 show ip pim rp hash 425 show ip pim bsr router 425 show ip pim interface 426 show ip pim neighbor 427 show ip pim...

Page 17: ...s family 449 arp 450 clear arp cache 450 clear arp traffic 451 clear ip bgp 451 clear ip traffic 452 clear ip route 452 description 453 ip route 453 ip vrf 454 ip vrf forwarding 454 ping 455 router os...

Page 18: ...ip nat statistics 481 change 481 debug firewall nat 482 ip nat 482 ip nat in out 483 ip nat statistics in out both 484 no debug firewall nat 484 no ip nat force 484 no ip nat in out 485 no ip nat stat...

Page 19: ...tack 510 ip source routing 510 ip spoofing 511 ip tear drop 511 ip tiny frag 512 ip zero length 513 no all 513 no attack 513 no attack name force 513 no debug firewall 514 no default 514 no firewall p...

Page 20: ...alg rpc statistics 538 show firewall alg rtsp debug counters 538 show firewall alg rtsp statistics 539 show firewall alg sip debug counters 539 show firewall alg sip statistics 540 show firewall alg...

Page 21: ...ame 561 crypto key generate rsa 562 crypto key import rsa name 563 crypto nat traversal 563 crypto map 564 crypto map map name 564 crypto peer certificate import 565 crypto peer certificate delete 566...

Page 22: ...pto ike key 587 show crypto ike policy 588 show crypto ipsec sa 589 show crypto ipsec transform set 590 show crypto map 591 show crypto peer certificate 592 show crypto rsa key 594 show crypto signed...

Page 23: ...rusion selector 617 no intrusion sensor 618 no update 618 rebuild 618 rollback 619 rule detection 619 rule disable 620 rule enable 620 rule modify 621 rule prevention 622 show firewall intrusion senso...

Page 24: ...dialplan rule 645 rovr callserver address 646 rovr display message interval 647 rovr keep alive message 648 show rovr keep alive message details 649 show rovr uptime 649 show telephony active call det...

Page 25: ...ass 677 no class map 677 no fair queue 677 no network control 677 no police 677 no policy map 677 no priority 678 no qos preclassify 678 no random detect 678 no rule 678 no set 678 no service policy 6...

Page 26: ...p dhcp option lease time 713 ip dhcp option log server 714 ip dhcp option ntp server 715 ip dhcp option routers 716 ip dhcp option subnet mask 717 ip dhcp option tftp server 718 ip dhcp option time of...

Page 27: ...9 no network 729 no range 729 range 730 service dhcp enable 731 service dhcp disable 731 show ip dhcp bindings 732 show ip dhcp options 733 show ip dhcp pools 734 show ip dhcp server statistics 735 27...

Page 28: ...o ip domain name 750 no ip host 750 no ip host max age 750 no ip name server 750 nslookup 751 show hosts 751 Part 10 License Manager 30 License Manager 755 dir licenses 756 license backup 757 license...

Page 29: ...AA AB USG It focuses on accessing OmniAccess 5510 AA AB USG by using the Command Line Interface CLI All commands are described in alphabetical order They do not follow the sequence of configuration Ea...

Page 30: ...parameters software management configuration management AAA services SNMP etc The various commands include SSH Telnet show version update show environment show mem show proc etc Chapter 4 Virtual Rout...

Page 31: ...rk changes occur Routing also affects how large the network can grow that is the complexity of the topology and the stability of the network as it expands All the chapters in this part focus on config...

Page 32: ...rk provides the CLI syntax of the various commands needed to configure IPsec Chapter 22 Intrusion Detection Intrusion Prevention System comprehends the commands to configure Intrusion Detection and In...

Page 33: ...focuses on DHCP Server configuration commands and Chapter 27 TFTP Trivial File Transfer Protocol Server that documents the TFTP Server configuration commands Chapter 28 DHCP Dynamic Host Configuration...

Page 34: ...input supplied by you Square brackets enclose an optional element keyword or argument Braces enclose a mandatory element keyword or argument Line indicates an optional choice x y Square brackets encl...

Page 35: ...tel Lucent provides several ways to obtain technical assistance and other technical resources Documents can be downloaded from our support site service esd alcatel lucent com REFERENCE PUBLICATIONS Th...

Page 36: ...the Alcatel Lucent Technical Support Team provides 24 hour a day technical support services online and over the phone Alcatel Lucent US Customer Support 800 995 2696 International Customer Support 81...

Page 37: ...Beta Beta For final production import color definitions from daldoc01 docteam templates framemaker book template color defs production colors fm Do not import other template elements such as page lay...

Page 38: ...Left running head Chapter name automatic 10 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 39: ...CLI OVERVIEW The Command Line Interface CLI is the primary interface to access OmniAccess 5510 AA AB USG The CLI is the interface for console and connections via SSH and Telnet The CLI which automatic...

Page 40: ...e which is the User Mode UM CLI CONFIGURATION MODE In the configuration mode you can configure OmniAccess 5510 AA AB USG by creating a hierarchy of configuration statements by using the CLI or by crea...

Page 41: ...that are available in the user mode Type the config terminal command to enter the Configuration Mode This mode is used to configure the system globally or to enter specific configuration modes to con...

Page 42: ...trative level only a limited set of commands like basic diagnostics monitoring commands ping and SSH are available The UM command set is a subset of the SUM command set UM is also the starting point f...

Page 43: ...be entered in either mode It is recommend that you set up password authentication for users who need to access the SUM command set The SUM mode prompt consists of the host name of the device followed...

Page 44: ...a command or set its defaults qos Show QoS Debug Information nslookup Translate a DNS name to an IP address or vice versa ping Send echo messages quit Quit this session reload Reboot the Chassis rmdir...

Page 45: ...gure terminal ALU config Enter configuration commands one per line End with CNTL Z To exit the Configuration Mode and return to the SUM enter the Control Z command ALU config Z ALU CM COMMAND SET Comm...

Page 46: ...ging facilities mac address table Configure the mac address table match list Define Modify a match list nat ip NAT port reservation no Negate a command or set its defaults package Package Manipulation...

Page 47: ...iAccess 5510 Unified Services Gateway CLI Command Reference Guide time range Define modify a time range object top Enter top level configuration mode transparent forward Define modify transparent forw...

Page 48: ...oopback etc EXAMPLE The following command configures a Fast Ethernet interface ALU config interface FastEthernet 0 ALU config if FastEthernet0 The following command configures a loopback interface ALU...

Page 49: ...0 1 ALU config subif FastEthernet0 1 To exit from the S ICM and return to the ICM use the Exit command To end your configuration session and return to SUM mode press Ctrl Z or enter the End command Co...

Page 50: ...guration mode to return to the previous configuration mode EXAMPLE ALU configure Enter configuration commands one per line End with CNTL Z ALU config interface FastEthernet 0 ALU config if FastEtherne...

Page 51: ...tion commands one per line End with CNTL Z ALU config interface FastEthernet 0 ALU config if FastEthernet0 C ALU ALU configure Enter configuration commands one per line End with CNTL Z ALU config inte...

Page 52: ...enter a question mark at the CLI prompt You can also get a list of keywords and arguments associated with any command by using the context sensitive help feature ENABLE CLI HELP EXAMPLE ALU config ser...

Page 53: ...pe of Help is called the Word Help EXAMPLE ALU config show i PRIVILEGE COMMANDS inband inband interfaces Display information for all interfaces internal Internal info ip IP information ip policy ip po...

Page 54: ...MMANDS access lists List IP access lists as path access list List AS path access lists community list List community list dhcp Dynamic Host Configuration Protocol commands filter filter details mroute...

Page 55: ...the full command name The command is not executed until you use the Return or Enter key This way you can modify the command if the full command was not what you intended by the abbreviation If the CL...

Page 56: ...the cursor one character to the right Esc B Back word Moves the cursor back one word Esc F Forward word Moves the cursor forward one word Ctrl A Beginning of line Moves the cursor to the beginning of...

Page 57: ...of the cursor Ctrl K Deletes all characters from the cursor to the end of the command line Esc D Deletes from the cursor to the end of the word Keystrokes Function Details Ctrl Y Recalls the most rec...

Page 58: ...rnet 0 8 exit 9 interface FastEthernet 0 10 ip address 10 91 0 24 24 11 top 12 configure t 13 interface FastEthernet 0 14 interface switchport 3 15 exit 16 interface switchport 2 17 interface switchpo...

Page 59: ...figuration in particular More information will be added later INTERFACE TYPES AND LIMITATIONS Physical interface types are obviously decided by the hardware In addition certain physical interface type...

Page 60: ...of show interface counters never Queueing strategy fifo Output queue 0 0 size max 0 drops Input queue 0 0 size max 0 drops 5 minute input rate 0 bits sec 0 packets sec 5 minute output rate 0 bits sec...

Page 61: ...ts sec 5 minute output rate 0 bits sec 0 packets sec 0 packets input 0 bytes Received 0 broadcasts 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 frame 0 overrun 0 ignored 0 packets output 0 byte...

Page 62: ...SHUTTING DOWN AND BRING UP AN INTERFACE EXAMPLE ALU config if FastEthernet0 shutdown ALU config if FastEthernet0 no shutdown Command in UM Description clear counters interface name This command is us...

Page 63: ...ex Half Auto 10 1000BaseTx Fx ARP type ARPA ARP Timeout never Last input never output never output hang never Last clearing of show interface counters never Queueing strategy fifo Output queue 0 0 siz...

Page 64: ...hernet0 interface Encapsulation pppoe keepalive set 10 sec LCP Open IPCP Open VPI 0 VCI 33 MTU 1492 Output queue 0 0 size max 0 drops Input queue 0 0 size max 0 drops 5 minute input rate 96 bits sec 0...

Page 65: ...ents the Command Line Interface CLI commands for configuring the basic functionalities at the system level This chapter includes tables of parameters default values and configuration examples for conf...

Page 66: ...eady configured method list with the console client type PARAMETERS EXAMPLE ALU config aaa authentication console m1 AAA AUTHENTICATION ENABLE aaa authentication enable method list name DESCRIPTION Th...

Page 67: ...nfigured method list with remote login client type Note The client type Remote Login is a reference to SSH and Telnet clients PARAMETERS EXAMPLE ALU config aaa authentication remotelogin m1 AAA AUTHEN...

Page 68: ...brings the default back into effect PARAMETERS EXAMPLE ALU config aaa authentication password prompt p1 AAA AUTHENTICATION USERNAME PROMPT aaa authentication username prompt prompt text DESCRIPTION T...

Page 69: ...This command is used to enter a descriptive message to be displayed before the user is asked for user name and password credentials PARAMETERS EXAMPLE ALU config aaa authentication banner Only authori...

Page 70: ...ode This command is used to enter a descriptive message to be displayed after a successfully authenticated login PARAMETERS EXAMPLE ALU config aaa authentication success message Login attempt successf...

Page 71: ...is entered in the Configuration Mode This command is used to enter a descriptive message to be displayed after a failed login attempt PARAMETERS EXAMPLE ALU config aaa authentication fail message Logi...

Page 72: ...e a method list A method list can be successfully configured only if the lists do not contain any invalid method like empty radius TACACS groups etc PARAMETERS EXAMPLE ALU config aaa method list m1 ra...

Page 73: ...me DESCRIPTION This command is entered in the Configuration Mode This command is used to configure a RADIUS server group This command enters the RADIUS Server Group Mode Note You cannot enter a RADIUS...

Page 74: ...is command is entered in the Configuration Mode This command is used to configure a TACACS server group This command enters the TACACS Server Group Mode Note You cannot enter a TACACS server group as...

Page 75: ...does not match with the one stored in the known_hosts file This mismatch can happen if the an IP address is assigned to a different host or if the key of the host is regenerated In such cases you have...

Page 76: ...ion 5 CLOCK SET clock set hh mm ss mm dd yyyy timezone zone sub timezone DESCRIPTION This command is entered in the Configuration Mode This command allows you to set the RTC as well as the system s cl...

Page 77: ...d establishes how the chassis should synchronize its time with an external source Note Currently rdate is not supported PARAMETERS EXAMPLE ALU config clock synchronize using ntp server 10 91 2 87 ever...

Page 78: ...mezone time zone sub timezone DESCRIPTION This command is entered in the Configuration Mode This command allows you to set the time zone This command lists the names of the time zones and the sub time...

Page 79: ...onfig startup config The following command is used to copy the config file to the user area fpkey tftp or ftp server HTTP and HTTPS are not supported in this command ALU config copy running config tft...

Page 80: ...s command deletes all the files in fpkey or user directory PARAMETERS EXAMPLE ALU config delete all fpkey DELETE CONFIG FILE delete config file file name DESCRIPTION This command is entered in the Con...

Page 81: ...in fpkey Note Enter the file name after fpkey keyword without any space PARAMETERS EXAMPLE ALU config delete fpkey backup_package DELETE USER delete user file name DESCRIPTION This command is entered...

Page 82: ...command displays all the directories and files configured in fpkey or user location If none of the options are given user is taken by default PARAMETERS EXAMPLE ALU config dir Permission Size Date mo...

Page 83: ...acter as it marks the beginning of a comment EXAMPLE ALU config enable secret test Secret for level 15 is set ALU config enable password pass Secret for level 15 is set HOSTNAME hostname name DESCRIPT...

Page 84: ...ration Mode Use this command to enable disable the HTTP service PARAMETERS EXAMPLE ALU config http enable HTTPS https enable disable DESCRIPTION This command is entered in the Configuration Mode Use t...

Page 85: ...baudrate 19200 LINE CONSOLE EXEC TIMEOUT line console exec timeout 0 35791 0 60 DESCRIPTION This command is entered in the Configuration Mode This command is used to configure the timeout in minutes...

Page 86: ...ARAMETERS DEFAULT VALUE The default time out is 20 minutes EXAMPLE ALU config line vty exec timeout 0 ALU config line vty exec timeout 45 15 LIST CONFIG FILES list config files DESCRIPTION This comman...

Page 87: ...tory PARAMETERS EXAMPLE ALU load config file config1 Loading config1 to running config Percent Complete LOGGING BUFFERED logging buffered priority 0 7 alerts critical debugging emergencies errors info...

Page 88: ...gs DESCRIPTION This command is entered in the Configuration Mode This command is used to display the log messages of the specified priority and higher on the console PARAMETERS EXAMPLE ALU config logg...

Page 89: ...LOG 1 499 4 ICMP Large ICMP Packet In the above message the tag is snort priority is 5 and subtag is LOG To limit the number of messages coming from snort to say 5 in 2 seconds execute the following c...

Page 90: ...t unique LOGGING RATE LIMIT NO UNIQUE logging rate limit no unique DESCRIPTION This command is entered in the Configuration Mode This command restricts the number of messages in a given interval to th...

Page 91: ...debugging emergencies errors informational notifications warnings DESCRIPTION This command is entered in the Configuration Mode Use this command to configure an external server to store log messages P...

Page 92: ...l messages PARAMETERS DEFAULT VALUE By default messages with a priority of 5 and lower will be logged EXAMPLE ALU config logging system LOGGING WATERMARK logging watermark 100 10000 DESCRIPTION This c...

Page 93: ...o command removes the configured authentication banner NO AAA AUTHENTICATION FAIL MESSAGE no aaa authentication fail message delimiter multi lined string delimiter This command is entered in the Confi...

Page 94: ...tication enable method list name This command is entered in the Configuration Mode The no command removes the associated method list from the enable client type NO AAA AUTHENTICATION REMOTELOGIN no aa...

Page 95: ...Configuration Mode This command will remove the timezone settings and sets it to the default GMT UTC NO ENABLE AUTHENTICATION no enable authentication This command is entered in the Configuration Mod...

Page 96: ...no logging rate limit 1 10000 1 3600 priority 0 7 tag string subtag string This command is entered in the Configuration Mode The no command removes the specified rate limiting configuration NO LOGGIN...

Page 97: ...iguration Mode The no command deletes the global RADIUS key from the configuration and resets it to default for all servers that do not have a server specific key NO RADIUS SERVER RETRANSMIT no radius...

Page 98: ...up NO SNMP SERVER USER no snmp server user user name This command is entered in the Configuration Mode This command deletes a SNMPv3 user NO SNMP SERVER VIEW no snmp server view view name MIB family n...

Page 99: ...uration and resets it to default for all servers that do not have a server specific port NO TACACS SERVER KEY no tacacs server key This command is entered in the Configuration Mode The no command dele...

Page 100: ...TERS EXAMPLE The default package can be backed up locally in user or fpkey or in a remote location using ftp or tftp ALU config package backup ftp Remote Host 10 91 2 87 Remote Port Enter for default...

Page 101: ...he package before proceeding with the installation PARAMETERS EXAMPLE The following command installs a package after downloading it from remote site using ftp ALU config package install ftp Remote Hos...

Page 102: ...1 Are you sure you want to install alu apps oa5510 2 3 2 12 1 npm y n y Installing new release alu apps oa5510 2 3 2 12 1 npm OK Complete Deleting temporary file OK Do you want to set default immediat...

Page 103: ...grade Do you want to continue y n y Do you want to save config before proceeding y n n Verifying and Extracting firmware image Checking for free space in User area OK Extracting firmware image OK Veri...

Page 104: ...ove package name DESCRIPTION This command is entered in the Configuration Mode This command removes the specified package However the default package cannot be removed PARAMETERS EXAMPLE To remove 2 3...

Page 105: ...as default The system can have multiple application packages like 2 2 8 1 R04 2 2 9 1 R04 The package being set as default should exist in the system PARAMETERS EXAMPLE To set the package 2 3 2 12 1...

Page 106: ...he connectivity between OmniAccess 5510 AA AB USG and any remote machine PARAMETERS EXAMPLE ALU config ping 192 168 10 121 Sending 5 64 byte ICMP Echos to 192 168 10 121 timeout is 10 seconds Success...

Page 107: ...ADIUS server group PARAMETERS EXAMPLE ALU config rad grp radius server 1 1 1 1 Parameter Description vrf name Name of the VRF ip address IP address of the remote RADIUS server to be added to the group...

Page 108: ...authentication port is 1812 EXAMPLE ALU config radius server auth port 1800 RADIUS SERVER DEADTIME radius server deadtime 1 1440 DESCRIPTION This command is entered in the Configuration Mode This comm...

Page 109: ...default key is empty string EXAMPLE ALU config radius server key test RADIUS SERVER RETRANSMIT radius server retransmit 1 100 DESCRIPTION This command is entered in the Configuration Mode This comman...

Page 110: ...RELOAD reload line DESCRIPTION This command is entered in the Super User Mode or Configuration Mode The reload command can be used to reload the system Reload is immediate and once issued cannot be r...

Page 111: ...directory from the user area or fpkey PARAMETERS EXAMPLE ALU config rmdir user Directory abc deleted directory abc SAVE RUNNING CONFIG save running config DESCRIPTION This command is entered in the C...

Page 112: ...s the running configuration under the specified file name in the config directory PARAMETERS EXAMPLE ALU save running config my config Saving to my config SAVE LOGGING save logging DESCRIPTION This co...

Page 113: ...d logs in the ALU user area SAVE LOGGING PRIORITY save logging priority 0 7 alerts critical debugging emergencies errors informational notifications warnings DESCRIPTION This command is entered in the...

Page 114: ...d string PARAMETERS EXAMPLE ALU save logging string time This saves log messages with string time This is case sensitive SAVE LOGGING TAG save logging tag tag name DESCRIPTION This command is entered...

Page 115: ...10 Unified Services Gateway CLI Command Reference Guide SERVICE TIMESTAMPS LOG service timestamps log DESCRIPTION This command is entered in the Configuration Mode This command is used to display the...

Page 116: ...ig show aaa aaa services username user1 password pass1 username recovery password 5 034b6651566323f45a647d39e8548cb7 username superadmin password 5 8ec760e45da5b29afb19ed8d68a3eb5e aaa server group ra...

Page 117: ...s the associations between client types and method lists PARAMETERS None EXAMPLE ALU config show aaa client methodlist associations aaa authentication remotelogin m2 aaa authentication web m1 SHOW AAA...

Page 118: ...ays all the configured method lists on the system PARAMETERS None EXAMPLE ALU config show aaa methodlists aaa method list m1 rad1 tac1 local aaa method list m2 tac1 SHOW AAA RADIUS show aaa radius DES...

Page 119: ...AMPLE ALU config show aaa tacacs aaa server group tacacs tac1 tacacs server 12 34 42 2 tacacs server 23 4 2 232 auth port 2050 key some SHOW AAA USERS show aaa users DESCRIPTION This command is entere...

Page 120: ...W CONFIG FILE show config file file name DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command is used to show the contents of the specified configuration file...

Page 121: ...rations aaa services username recovery password 5 c69ab28cffbe009202b1dcf79f025b04 username superadmin password 5 8ec760e45da5b29afb19ed8d68a3eb5e interface FastEthernet0 shutdown top interface switch...

Page 122: ...de or Configuration Mode This command displays the chassis hardware information and chassis temperature reading PARAMETERS None EXAMPLE ALU config show chassis Physical inventory at Thu Oct 1 15 24 01...

Page 123: ...LU config show clock RTC set to Wed Jul 15 15 42 39 2009 System time is Wed Jul 15 21 12 39 IST 2009 Timezone set to ASIA CALCUTTA Configured to synchronize using RTC every 10 minutes Last successful...

Page 124: ...console logging level errors 3 system logging level notifications 5 logging timestamp enabled logging rate limit tag SWE subtag DOS upto 1 messages in 10 seconds logging rate limit tag PVSTD subtag P...

Page 125: ...and higher numerically lower PARAMETERS DEFAULT VALUE Default priority is 7 EXAMPLE The following example shows messages of priority 3 or higher ALU config show logging priority 3 2008 Oct 13 04 41 3...

Page 126: ...59 ENVAGT 4 LOG EA 7 Cannot read temperature sensor SHOW LOGGING TAG show logging tag tag name DESCRIPTION This command is entered in the Super User Mode or Configuration Mode Displays the log messag...

Page 127: ...to the system memory such as the Memory usage memory free space memory buffers configured shared memory space etc PARAMETERS None EXAMPLE ALU config show memory MemTotal 257040 kB MemFree 32104 kB Buf...

Page 128: ...2 3 2 26 1 DHCP relay DHCP Relay service 2 3 2 26 1 Ethernet Ethernet software 2 3 2 26 1 GRE GRE Encapsulation and tunneling 2 3 2 26 1 HTTP HTTP server 2 3 2 26 1 IDS Intrusion Detection Prevention...

Page 129: ...is entered in the Super User Mode or Configuration Mode This command displays the CPU information PARAMETERS None EXAMPLE ALU config show processes PID Uid VmSize Stat Command 1 root 572 S init 2 root...

Page 130: ...2 S pbr_fs 594 root 2376 S ospfd ospfd initial 595 root 3248 S mim im_ip so irb_im so tunnel im so mlppp_im so mlfr_ 596 root 2484 S mgmtutil_fs 597 root 2252 S mgmt gw 598 root 2488 S mcribmgr mcribm...

Page 131: ...ning config DESCRIPTION This command is entered in the Super User Mode or Configuration Mode Shows the configuration currently running on the system The command write terminal can also be used to view...

Page 132: ...nt com name alu1 snmp agent rocommunity private snmp trap 1 1 1 1 v1 test 10 snmp trap 1 1 1 11 v1 test1 11 snmp server user user123 auth MD5 passpass1 snmp server group testgroup user123 security mod...

Page 133: ...d in the Super User Mode or Configuration Mode This command is used to view the SNMP configuration details PARAMETERS None EXAMPLE ALU config show snmp details SNMP status Enabled SNMP version Not con...

Page 134: ...Command Reference Guide Alcatel Lucent SHOW SNMP GROUP show snmp group DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command displays the configuration of the...

Page 135: ...IPTION This command is entered in the Super User Mode or Configuration Mode This command displays the SNMP statistics PARAMETERS None EXAMPLE ALU config show snmp stats 560 SNMP packets input 0 Bad SN...

Page 136: ...the configured SNMP users PARAMETERS EXAMPLE ALU config show snmp user User Name user123 Authentication Protocol MD5 Security Level Auth SHOW SNMP VIEW show snmp view DESCRIPTION This command is ente...

Page 137: ...ermanent storage media This configuration is read at system startup The command write memory has to be entered to view the output of this command PARAMETERS None EXAMPLE ALU config show startup config...

Page 138: ...the modules running in the system PARAMETERS None EXAMPLE The show tech support command collectively shows the output of these commands show version show clock dir user cores show chassis show runnin...

Page 139: ...10 Copyright c 2006 2009 by Alcatel Lucent Inc Built on Fri Sep 25 00 04 52 IST 2009 Flash version 1 8 SNMP AGENT snmp agent rocommunity rwcommunity community string DESCRIPTION This command is entere...

Page 140: ...This command is entered in the Configuration Mode This command configures an SNMP agent version to either Version 1 or Version 2c PARAMETERS EXAMPLE ALU config version v2c SNMP DISABLE snmp disable D...

Page 141: ...tic 113 Alcatel Lucent Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide SNMP ENABLE snmp enable DESCRIPTION This command is entered in the Configuration Mode This command...

Page 142: ...v3 SNMP version auth Provides authentication based on the MD5 or SHA algorithms noauth No authentication is used priv Provides authentication based on the MD5 or SHA algorithms and encryption based o...

Page 143: ...v2c v3 DESCRIPTION This command is entered in the Configuration Mode This command is used to configure a User Security Model USM group PARAMETERS EXAMPLE ALU config snmp server group testgroup user12...

Page 144: ...MD5 pass123456 priv DES test123456 Parameter Description user name A string identifying the name of the SNMP user auth Indicates that the message sent on behalf of the user is to be authenticated MD5...

Page 145: ...on name name DESCRIPTION This command is entered in the Configuration Mode This command is used to configure the SNMP system contact details system s physical location information and SNMP system name...

Page 146: ...p receivers PARAMETERS EXAMPLE ALU config snmp trap 10 1 1 1 v1 trapcommunity 162 SNMP TRAP ENABLE snmp trap enable DESCRIPTION This command is entered in the Configuration Mode This command enables t...

Page 147: ...name ip address hostname user name version 1 2 DESCRIPTION This command is entered in the Configuration Mode Use this command to access a remote computer by SSH PARAMETERS Parameter Description enable...

Page 148: ...ut Connection to 172 25 19 1 closed TACACS SERVER tacacs server ip address auth port 1 65535 key string timeout 1 1000 DESCRIPTION This command is entered in the Configuration Mode This command is ent...

Page 149: ...configured PARAMETERS DEFAULT VALUE The default authentication port is 49 EXAMPLE ALU config tacacs server auth port 100 TACACS SERVER KEY tacacs server key 5 string string DESCRIPTION This command i...

Page 150: ...entered in the Configuration Mode This command is used to specify a global timeout value that will be applied to all the TACACS Groups provided there is no server specific timeout value configured PAR...

Page 151: ...S EXAMPLE ALU telnet enable TELNET telnet vrf vrf name ip address hostname DESCRIPTION This command is entered in the Configuration Mode This command starts a telnet connection to a remote computer PA...

Page 152: ...CLI Command Reference Guide Alcatel Lucent TERMINAL LENGTH terminal length 0 5 512 DESCRIPTION This command is entered in the Configuration Mode This command is used to set the terminal length for thi...

Page 153: ...through SSH or Telnet PARAMETERS EXAMPLE ALU config terminal monitor TRACEROUTE traceroute vrf vrf name ip address hostname DESCRIPTION This command is entered in the Configuration Mode This command...

Page 154: ...config username alu1 password pass1 WRITE ERASE write erase DESCRIPTION This command is entered in the Configuration Mode This command is used to delete the startup config permanently The command era...

Page 155: ...Command Line Interface CLI commands for Virtual Router Redundancy Protocol VRRP These commands are used to configure VRRP on an interface This chapter includes table of parameters default values and...

Page 156: ...rol all DEBUG VRRP MANAGEMENT debug vrrp management all protocol vrrpfs DESCRIPTION This command is entered in the Super User Mode Configuration Mode or Interface Configuration Mode This command displ...

Page 157: ...face Configuration Mode This command removes all configuration associated with the VRRP group on the interface NO VRRP GROUP ID IP no vrrp 1 8 ip ip address This command is entered in the Interface Co...

Page 158: ...advertise This command is entered in the Interface Configuration Mode This command restores the default advertisement interval NO VRRP GROUP ID TIMERS LEARN no vrrp 1 8 timers learn This command is en...

Page 159: ...Master Virtual IP address is 10 1 1 1 Virtual MAC address is 0000 5e00 0101 Advertisement interval is 1 000 sec Preemption enabled Priority is 255 Master Router is 10 1 1 1 local priority is 255 Maste...

Page 160: ...ate is Master Virtual IP address is 10 1 1 1 Virtual MAC address is 0000 5e00 0101 Advertisement interval is 1 000 sec Preemption enabled Priority is 255 Master Router is 10 1 1 1 local priority is 25...

Page 161: ...Configuration Mode This command is used to set authentication for the VRRP group The authentication string can have a maximum of 8 characters Note OmniAccess 5510 AA AB USG supports null authenticatio...

Page 162: ...on ALU vrrp VRRP GROUP ID IP ADDRESS vrrp 1 8 ip ip address DESCRIPTION This command is entered in the Interface Configuration Mode This command is used to configure a VRRP group with the specified gr...

Page 163: ...if FastEthernet0 vrrp 7 ip 10 91 0 101 secondary VRRP GROUP ID PREEMPT vrrp 1 8 preempt DESCRIPTION This command is entered in the Interface Configuration Mode This command enables the preempt mode B...

Page 164: ...1 8 priority 1 254 DESCRIPTION This command is entered in the Interface Configuration Mode This command is used to set the priority for the router within a group PARAMETERS DEFAULT VALUE By default pr...

Page 165: ...and configures the interval between successive advertisements by the master virtual router in a VRRP group The unit is in seconds unless the optional msec parameter is specified PARAMETERS DEFAULT VAL...

Page 166: ...ures the backup virtual router to learn the advertisement interval used by the master virtual router Learning and millisecond timers are mutually exclusive That is learning cannot be enabled when mill...

Page 167: ...DESCRIPTION This command is entered in the Interface Configuration Mode This command configures the interface to be tracked that can alter the priority level of a virtual router in a VRRP group The pr...

Page 168: ...Virtual Router Redundancy Protocol Left running head Chapter name automatic 140 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 169: ...a For final production import color definitions from daldoc01 docteam templates framemaker book template color defs production colors fm Do not import other template elements such as page layout To re...

Page 170: ...Left running head Chapter name automatic 142 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 171: ...MANDS This chapter documents the Command Line Interface CLI commands for the Fast Ethernet interface This chapter includes table of parameters default values and configuration examples for the physica...

Page 172: ...ETERS None EXAMPLE ALU config if FastEthernet0 clear Clear counters on this interface confirm y ALU config CLEAR COUNTERS clear counters FastEthernet port DESCRIPTION This command is entered in the Su...

Page 173: ...PARAMETERS DEFAULT VALUE The default Duplex mode is auto EXAMPLE ALU config if FastEthernet0 duplex full INTERFACE interface FastEthernet port DESCRIPTION This command is entered in the Configuration...

Page 174: ...nters the S ICM The range for sub interface is 1 to 4094 Note VLAN encapsulation is supported on FE in the form of FE sub interfaces The frames coming out of FE sub interfaces are tagged with sub inte...

Page 175: ...ERS DEFAULT VALUE None EXAMPLE ALU config if FastEthernet0 ip address 20 20 20 20 24 MTU mtu 64 1500 DESCRIPTION This command is entered in the Interface Configuration Mode This command is used to con...

Page 176: ...guration Mode This command restores the default duplex operation The default on a Fast Ethernet interface is auto NO MTU no mtu This command is entered in the Interface Configuration Mode This command...

Page 177: ...s BW 100000 Kbit DLY 0 usec reliability 0 255 txload 0 255 rxload 0 255 Loopback not set Encapsulation ARPA keepalive not set Auto duplex Auto 100BaseTx Fx ARP type ARPA ARP Timeout never Last input n...

Page 178: ...0 255 rxload 0 255 Loopback not set Encapsulation ARPA keepalive not set ARP type ARPA ARP Timeout never Auto duplex Auto Speed 100BaseTx Fx Last input never output never output hang never Last cleari...

Page 179: ...TU 1500 bytes BW 100000 Kbit DLY 0 usec reliability 0 255 txload 0 255 rxload 0 255 Loopback not set Encapsulation ARPA keepalive not set Auto duplex Auto 100BaseTx Fx ARP type ARPA ARP Timeout never...

Page 180: ...ce counters never Queueing strategy fifo Output queue 0 0 size max 0 drops Input queue 0 0 size max 0 drops 5 minute input rate 0 bits sec 0 packets sec 5 minute output rate 0 bits sec 0 packets sec 0...

Page 181: ...d Line Interface CLI commands for Layer 2 switching These commands are used to configure L2 interface This chapter includes the table of parameters default values and configuration examples for L2 swi...

Page 182: ...of the packets processed at the main switching process for all the switchports PARAMETERS None EXAMPLE ALU config clear lan counters Clearing LAN counters CLEAR MAC ADDRESS TABLE DYNAMIC clear mac add...

Page 183: ...switchport0 duplex full INTERFACE SWITCHPORT interface switchport port DESCRIPTION This command is entered in the Configuration Mode This command is used to configure an L2 interface PARAMETERS EXAMP...

Page 184: ...configured on the interface and resets it to its default The default hybrid native VLAN ID is 1 NO SWITCHPORT MODE no switchport mode This command is entered in the Interface Configuration Mode This c...

Page 185: ...000 0000 0002 MTU 1500 bytes BW 100000 Kbit DLY 0 usec reliability 255 255 txload 0 255 rxload 0 255 loopback not set Keepalive not set Auto duplex Auto 100BaseTx Fx Last input never output never outp...

Page 186: ...ARAMETERS None EXAMPLE ALU config show lan counters LAN STATISTICS Output queue 0 0 size max 0 drops Input queue 0 0 size max 0 drops 5 minute input rate 0 bits sec 0 packets sec 5 minute output rate...

Page 187: ...erface Vlan Type 0001 2924 2959 switchport0 10 Dynamic 0001 e6b0 77eb switchport0 10 Dynamic 0006 1bd4 3847 switchport0 10 Dynamic 0006 1bd4 655d switchport0 10 Dynamic 00c0 9f33 6d23 switchport0 10 D...

Page 188: ...VLAN_ID Status Interface name Mode 10 Inactive switchport0 Access ALU config show vlan Brief VLAN_ID Interface name Mode 1 switchport0 No Mode switchport1 No Mode switchport2 No Mode switchport3 No Mo...

Page 189: ...tion Mode This command configures the interface speed PARAMETERS None DEFAULT VALUE The default speed is auto EXAMPLE ALU config if switchport0 speed 100 SWITCHPORT ACCESS VLAN switchport access vlan...

Page 190: ...ange 2 4094 PARAMETERS EXAMPLE ALU config if switchport0 switchport hybrid native vlan 7 SWITCHPORT MODE switchport mode trunk hybrid DESCRIPTION This command is entered in the Interface Configuration...

Page 191: ...runk mode in the range 2 4094 Multiple VLANs can be configured PARAMETERS EXAMPLE ALU config if switchport0 switchport trunk allowed vlan 3 SWITCHPORT TRUNK ALLOWED VLAN RANGE switchport trunk allowed...

Page 192: ...Switching on L2 Ports Left running head Chapter name automatic 164 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 193: ...d Line Interface commands for Spanning Tree Protocol STP These commands are used to configure the Spanning Tree Protocol This chapter includes tables of parameters default values and configuration exa...

Page 194: ...is 4 NO SPANNING TREE FWD TIME HELLO TIME MAX AGE PRIORITY no spanning tree enable forward time 4 30 hello time 1 10 max age 6 40 priority 0 65535 This command is entered in the Configuration Mode The...

Page 195: ...has priority 32768 address 00 11 8b 00 27 13 Designated bridge has priority 50000 address 00 00 00 00 00 02 Designated port Id is 128 9 path cost 4 Timers message age 0 forward delay 0 hold 0 BPDU se...

Page 196: ...one EXAMPLE ALU show spanning tree brief VLAN1 Spanning tree enabled protocol IEEE ROOT ID Priority 32768 Address 00 11 8b 00 27 13 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Prior...

Page 197: ...CLI Command Reference Guide SHOW SPANNING TREE SUMMARY show spanning tree summary DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command displays only a summary...

Page 198: ...ommand enables the spanning tree for the default VLAN i e VLAN 1 ALU config spanning tree enable SPANNING TREE COST spanning tree cost 1 65535 DESCRIPTION This command is entered in the Interface Conf...

Page 199: ...mula has to be satisfied when configuring the forward time hello time and max age forward time 1 2 max age max age hello time 1 2 PARAMETERS DEFAULT VALUE The default for each of the parameter is give...

Page 200: ...e port priority command is used to prioritize an interface Spanning tree port priority is configured on a per port basis PARAMETERS DEFAULT VALUE The default value for port priority is 128 EXAMPLE ALU...

Page 201: ...G This chapter documents the Command Line Interface CLI commands for Integrated Routing and Bridging IRB This chapter includes tables of parameters default values and configuration examples for config...

Page 202: ...NDS This section deals with the commands related to configuring IRB on an interface INTERFACE VLAN interface vlan 1 4094 DESCRIPTION This is entered in the Interface Configuration Mode This command is...

Page 203: ...reliability 0 255 txload 0 255 rxload 0 255 loopback not set Keepalive not set Auto duplex Auto 1000BaseTx Fx Last input never output never output hang never Last clearing of show interface counters n...

Page 204: ...Integrated Routing and Bridging Left running head Chapter name automatic 176 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 205: ...eta For final production import color definitions from daldoc01 docteam templates framemaker book template color defs production colors fm Do not import other template elements such as page layout To...

Page 206: ...Left running head Chapter name automatic 178 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 207: ...UBSCRIBER LINE This chapter documents the CLI commands for ATM interface This document includes tables of parameters default values and configuration examples for ATM interface configuration as quick...

Page 208: ...used to configure DSL operating mode for the ATM interface on OmniAccess 5510 ADSL Annex A system dsl operating mode adsl2plus etsi auto itu dmt itu dmt bis tone low This command is entered in the Int...

Page 209: ...sulation on the interface The interface comes up in the PPPoE client mode PARAMETERS None DEFAULT VALUE None EXAMPLE ALU config if atm0 encapsulation pppoe auto Configures the ADSL interface to auto n...

Page 210: ...PARAMETERS DEFAULT VALUE None EXAMPLE ALU config interface atm 0 ALU config if atm0 IP ADDRESS ip address ip address subnet mask ip address prefix length DESCRIPTION This command is entered in the Int...

Page 211: ...ommand removes the service name configured NO PVC no pvc vpi 0 255 vci 32 2047 This command is entered in the Interface Configuration Mode This command removes the service name configured NO SHUTDOWN...

Page 212: ...ded when the PPPoE session becomes active This command is entered in the Interface Configuration Mode This command is used to configure PPPoE service name PARAMETERS DEFAULT VALUE None EXAMPLE ALU con...

Page 213: ...P SHOW DSL INTERFACE ATM show dsl interface atm port DESCRIPTION This command is entered in the Super User Mode or Configuration Mode Displays the DSL specific details of the interface PARAMETERS EXAM...

Page 214: ...PPPoE session remote MAC 0021 918e 2a9a keepalive set 10 sec LCP Open IPCP Open VPI 0 VCI 33 MTU 1492 Output queue 0 0 size max 0 drops Input queue 0 0 size max 0 drops 5 minute input rate 56 bits se...

Page 215: ...matic 187 Alcatel Lucent Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide SHUTDOWN shutdown DESCRIPTION This command is entered in the Interface Configuration Mode to adm...

Page 216: ...ADSL Asymmetric Digital Subscriber Line Left running head Chapter name automatic 188 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 217: ...nterface CLI commands for the Point to Point Protocol over Ethernet PPPoE These commands are used to configure PPPoE encapsulation on an ADSL ATM interface or Fast Ethernet interface This chapter incl...

Page 218: ...9 DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command shows all the debug messages pertaining to the PPP functionality PARAMETERS DEFAULT VALUE By default de...

Page 219: ...output all log vty DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command shows the LCP echo requests and reply messages PARAMETERS DEFAULT VALUE By default debu...

Page 220: ...ppp echo all This command is entered in the Super User Mode or Configuration Mode The no command disables the debug functionality By default debug is disabled NO ENCAPSULATION PPPOE no encapsulation...

Page 221: ...PP authentication user name on the server side NO PPP IPCP ADDRESS ACCEPT LOCAL no ppp ipcp address accept local This command is entered in the Interface Configuration Mode The no command sets the fla...

Page 222: ...default 5 NO PPP TIMEOUT MAX TERMINATE no ppp timeout max terminate This command is entered in the Interface Configuration Mode The no command sets the max terminate value to its default i e 2 NO PPP...

Page 223: ...This command enables you to configure an authentication protocol for authenticating the peer PARAMETERS EXAMPLE ALU config if atm0 ppp authentication pap PPP AUTHENTICATION CLIENT PASSWORD ppp authent...

Page 224: ...e for PPP authentication on the client side PARAMETERS EXAMPLE ALU config if atm0 ppp authentication client username client1 PPP AUTHENTICATION PASSWORD ppp authentication password password DESCRIPTIO...

Page 225: ...or PPP authentication on the server side PARAMETERS EXAMPLE ALU config if atm0 ppp authentication username alcatel lucent PPP IPCP ADDRESS ACCEPT LOCAL ppp ipcp address accept local DESCRIPTION This c...

Page 226: ...ess during IPCP EXAMPLE ALU config if atm0 ppp ipcp address accept peer PPP IPCP ADDRESS POOL LOCAL ppp ipcp address pool local ip address DESCRIPTION This command is entered in the Interface Configur...

Page 227: ...ault the OA5110 ADSL AA AB USG responds to IPCP negotiation initiated by the peer Auto negotiation happens when the IP address is changed on the interface EXAMPLE ALU config if atm0 ppp ipcp negotiate...

Page 228: ...fully or when the MTU is changed on the interface PARAMETERS None EXAMPLE ALU config if atm0 ppp lcp negotiate PPP LCP MAX ECHO ppp lcp max echo 0 30 DESCRIPTION The command is used in the Interface C...

Page 229: ...LUE The default LCP NCP restart interval is 30 seconds EXAMPLE ALU config if atm0 ppp timeout restart interval 10 PPP TIMEOUT RESTART TIMER ppp timeout restart timer 1 30 DESCRIPTION This command is e...

Page 230: ...eout max configure 15 PPP TIMEOUT MAX FAILURE ppp timeout max failure 1 30 DESCRIPTION This command is entered in the Interface Configuration Mode This command sets the maximum number of configure NaK...

Page 231: ...XAMPLE ALU config if atm0 ppp timeout max terminate 10 PPPOE MAX RETRY pppoe max retry 1 255 DESCRIPTION This command is entered in the interface configuration mode This command sets an upper limit on...

Page 232: ...e Configuration Mode This command is used to initiate the PPPoE negotiation on the interface This command helps to terminate the existing PPPoE session if any and re negotiate the session Note When th...

Page 233: ...or PADR packets in the absence of a PADO or PADS from a server Wait period doubles between successive PADIs However after threee unanswered PADIs wait period is reset to configured retry timer If the...

Page 234: ...s command is used to configure PPPoE service name like the name of the Internet service provider ISP Note The PPPoE service name configured on OmniAccess 5510 AA AB USG should match the service name c...

Page 235: ...guration information for a specified interface PARAMETERS EXAMPLE ALU show ppp all configuration atm 0 LCP Max Echoes 5 LCP Echo Interval 60 sec LCP Restart Interval 30 sec IPCP pool IP address 50 51...

Page 236: ...ived 22 Packets dropped 0 PPP sessions initiated 1 PPP sessions received 1 PPP sessions successful 2 PPP sessions terminated 1 IN OUT LCP Configure Requests 2 2 LCP Configure Acks 2 2 LCP Configure Na...

Page 237: ...AP Failures 0 0 CHAP Invalid Packets 0 0 IN OUT EAP Requests 0 4 EAP Responses 4 0 EAP Successes 0 2 EAP Failures 0 0 EAP Invalid Packets 0 0 SHOW PPP AUTHENTICATION CONFIGURATION show ppp authenticat...

Page 238: ...n Mode Displays detailed statistics for PPP authentication for a specified interface PARAMETERS EXAMPLE ALU show ppp authentication statistics atm 0 IN OUT PAP Authentication Requests 2 2 PAP Authenti...

Page 239: ...IPCP pool IP address 50 51 52 54 IPCP local IP address from peer Reject IPCP peer IP address Reject SHOW PPP IPCP STATISTICS show ppp ipcp statistics atm port DESCRIPTION This command is entered in t...

Page 240: ...CP CONFIGURATION show ppp lcp configuration atm port DESCRIPTION This command is entered in the Super User Mode or Configuration Mode Displays the PPP LCP configuration information for a specified int...

Page 241: ...he Super User Mode or Configuration Mode Displays detailed LCP statistics for a specified interface PARAMETERS EXAMPLE ALU show ppp lcp statistics atm 0 IN OUT LCP Configure Requests 2 2 LCP Configure...

Page 242: ...tion atm 0 PPP Restart timer 3 sec PPP Max Terminate 2 PPP Max Configure 10 PPP Max Failure 5 SHOW PPP SESSION STATISTICS show ppp session statistics atm port DESCRIPTION This command is entered in th...

Page 243: ...ATM interface PARAMETERS EXAMPLE ALU config show pppoe configuration atm 0 pppoe max retry 0 pppoe retry timer 10 s pppoe service name ISP1 SHOW PPPOE STATISTICS ATM show pppoe statistics atm port DES...

Page 244: ...Point to Point Protocol over Ethernet PPPoE Left running head Chapter name automatic 216 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 245: ...a Beta For final production import color definitions from daldoc01 docteam templates framemaker book template color defs production colors fm Do not import other template elements such as page layout...

Page 246: ...Left running head Chapter name automatic 218 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 247: ...nce Guide CHAPTER 11 COMMON CLASSIFIERS This chapter explains the functionality and syntax of OmniAccess 5510 AA AB USG common classifier commands All commands are described in alphabetical order They...

Page 248: ...fix 192 168 1 0 24 host 192 168 1 72 ALU config match list m2 ALU config match list m2 tcp any any service ssh ALU config match list m2 tcp prefix 192 168 2 0 24 any service smtp ALU config match list...

Page 249: ...der the following example with the necessary modes of configurations included ALU config list l1 host 192 168 0 4 prefix 192 168 0 1 24 interface FastEthernet 0 ALU config list l2 host 192 168 0 3 inc...

Page 250: ...ay also include other lists by referencing the other list s name effectively extending the list by combining the elements in the other list as shown below ALU config list l2 prefix 10 0 0 0 8 prefix 2...

Page 251: ...L3 prefix 192 168 1 0 24 prefix 192 168 2 0 24 ALU config list L4 prefix 192 168 18 0 24 prefix 192 168 19 0 24 ALU config match list m1 ALU config match list m1 1 tcp list L3 list L4 service telnet A...

Page 252: ...tel Lucent MATCH LIST match list name DESCRIPTION This command is entered in the Configuration Mode This command is used to configure a match list This enters Match list Configuration Mode PARAMETERS...

Page 253: ...gure rules for TCP in a match list 1 1024 tcp any host source ip address interface name list name prefix source ip address prefix length any host destination ip address interface name list name prefix...

Page 254: ...the protocol numbers 1 1024 protocol 1 65535 any host source ip address interface name list name prefix source ip address prefix length any host destination ip address interface name list name prefix...

Page 255: ...ALU config match list test 2 icmp any any icmp type 1 ALU config match list test 10 protocol 1 any any dscp 10 fragment Used to match an IP fragment ip precedence 0 7 precedence mnemonics Specifies th...

Page 256: ...nfig match list m2 2 udp prefix 22 1 1 0 8 any ALU config match list m2 3 include m1 Now to delete the included match list use the no include command ALU config match list m2 no include m1 NO LIST no...

Page 257: ...are configured They can be deleted only one at a time PARAMETER DEFAULT VALUE None EXAMPLE ALU config no match list M1 NO RULE no rule 1 1024 DESCRIPTION This command is entered in the Match list Conf...

Page 258: ...1 0 8 any SHOW LIST show list name DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command displays the details of all the lists that are configured Specify the l...

Page 259: ...he details of a specific match list PARAMETERS EXAMPLE The following example displays details of all the match lists configured ALU config match list m1 show match list match list m1 1 icmp any any 2...

Page 260: ...the details of the rule corresponding to the line rule number specified PARAMETERS EXAMPLE The following example displays the details of the rule in line number 2 ALU config match list m1 show rule 2...

Page 261: ...eta Beta For final production import color definitions from daldoc01 docteam templates framemaker book template color defs production colors fm Do not import other template elements such as page layou...

Page 262: ...Left running head Chapter name automatic 234 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 263: ...ter lists the protocol independent commands that are generic across all routing protocols You are required to have a thorough knowledge of this chapter before you proceed to configure the RIP OSPF and...

Page 264: ...ress and destination IP address PARAMETERS Parameter Description 100 199 2000 2699 Access list number 0 255 IP protocol number Access list is applied only If packet belongs to the specified protocol n...

Page 265: ...ESCRIPTION This command is entered in the Configuration Mode This command is used to configure a Standard Access list Standard Access list uses only source IP address PARAMETERS DEFAULT VALUE By defau...

Page 266: ...oute DEFAULT METRIC default metric metric value DESCRIPTION This command is entered in the Route Configuration Mode This command causes the current routing protocol to use the same metric value for al...

Page 267: ...ative distance for RIP or OSPF or BGP PARAMETERS DEFAULT VALUE RIP The default distance is 120 OSPF The default distance is 110 BGP The default distance is 20 for EBGP and 200 for IBGP EXAMPLE ALU con...

Page 268: ...outes External routes are those routes that are those learned from a neighbor external to the autonomous system You can specify a value between 1 255 Routes with a distance of 255 are not installed in...

Page 269: ...d performs the same function as the distance command used with an access list However the distance OSPF command allows you to set a distance for an entire group of routes rather than a specific route...

Page 270: ...The distribute list in command is used to filter networks in received routing updates Note OmniAccess 5510 AA AB USG does not support the Distribute list feature in OSPF PARAMETERS DEFAULT VALUE None...

Page 271: ...ed to configure a rule for a Extended IP Access List You can configure multiple rules for an IP access list permit deny igre icmp ip ipinip pim rsvp tcp udp 0 255 any host host ip address source ip ad...

Page 272: ...cific to UDP and TCP protocol Compares TCP UDP ports of the source destination ports When used after the source IP address source mask specifies a source port When used after the destination IP addres...

Page 273: ...nfig std nacl Configure Standard IP Access list Rule This command is used to configure a rule for a Standard IP Access List You can configure multiple rules for an IP access list permit deny any host...

Page 274: ...is used to configure AS path Access list PARAMETERS DEFAULT VALUE None EXAMPLE In the following example the ip as path access list command creates an as path access list named 1 to deny only those rou...

Page 275: ...MUNITY LIST EXTENDED ip community list 100 199 deny permit regular expression DESCRIPTION This command is entered in the Configuration Mode This command is used to configure a Extended Community list...

Page 276: ...EFAULT VALUE None EXAMPLE ALU config ip community list 1 permit internet Parameter Description 1 99 Standard community list number deny Denies access for matching conditions permit Permits access for...

Page 277: ...s than or equal to 23 Denies all network updates with a network mask length greater than 23 ALU config ip prefix list test permit 0 0 0 0 0 le 23 Parameter Description name Prefix list name 1 42949672...

Page 278: ...CRIPTION This command is entered in the Configuration Mode This command is used to configure a static route PARAMETERS DEFAULT VALUE By default no static route is configured EXAMPLE ALU config ip rout...

Page 279: ...and Reference Guide IP TCP ADJUST MSS ip tcp adjust mss 24 1460 DESCRIPTION This command is entered in the Interface Configuration Mode to set the MSS maximum segment size value on the packets going o...

Page 280: ...ces PARAMETERS DEFAULT VALUE None EXAMPLE Configuring an atm interface to be an unnumbered interface The IP address configured on the FastEthernet 0 interface is also assigned to the interface atm 0 a...

Page 281: ...s list PARAMETERS DEFAULT VALUE None EXAMPLE ALU config route map match as path 1 MATCH COMMUNITY match community 1 99 100 199 exact match DESCRIPTION This command is entered in the Route map Configur...

Page 282: ...name DESCRIPTION This command is entered in the Route map Configuration Mode This command is used to match a destination network number address that is permitted by a standard access list an extended...

Page 283: ...the Route Map Configuration Mode PARAMETERS DEFAULT VALUE Routes are distributed freely without being required to match a next hop address EXAMPLE ALU config route map match ip next hop 1 Parameter D...

Page 284: ...specified advertised access lists prefix lists PARAMETERS DEFAULT VALUE None EXAMPLE ALU config route map match ip route source 5 Parameter Description 1 99 Standard IP access list number or name The...

Page 285: ...paths number of paths DESCRIPTION This command is entered in the Router Configuration Mode This command is used to configure the maximum number of parallel paths to be allowed in a routing table PARA...

Page 286: ...o passive interface interface name DESCRIPTION This command is entered in the Router Configuration Mode This command activates only those interfaces that need to have adjacencies set PARAMETERS DEFAUL...

Page 287: ...rface NO IP UNNUMBERED no ip unnumbered interface name This command is entered in the Interface Configuration Mode This command is used to unconfigure the unnumbered interface PASSIVE INTERFACE passiv...

Page 288: ...Lucent PASSIVE INTERFACE DEFAULT passive interface default DESCRIPTION This command is entered in the Router Configuration Mode This command sets all interfaces as passive by default PARAMETERS DEFAUL...

Page 289: ...c parameter has to be configured This command is entered in the BGP Router Configuration Mode The following command is used to redistribute routes to BGP redistribute connected static rip metric 0 429...

Page 290: ...e map testospf weight 10 tag 0 4294967295 Specified tag is assigned to redistributed routes subnets Redistribute only subnet routes external 1 2 Redistribute route if route is external type 1 or type...

Page 291: ...oute map permit If the match criteria are met for this route map and the permit keyword is specified the route map result is permit If the match criteria are not met and the permit keyword is specifie...

Page 292: ...mmand modifies the BGP autonomous system path PARAMETERS DEFAULT VALUE Autonomous system path is not specified EXAMPLE ALU config route map set as path tag Parameter Description tag Converts the tag o...

Page 293: ...S DEFAULT VALUE No BGP communities attributes exist EXAMPLE ALU config route map set community 10 Parameter Description 1 4294967295 Specifies the community number AA NN Community number in aa nn form...

Page 294: ...45 1 20000 1 20000 1 255 DESCRIPTION This command is entered in the Route Map Configuration Mode This command sets BGP route dampening factors PARAMETERS Parameter Description 1 99 Standard community...

Page 295: ...local preference 0 4294967295 DESCRIPTION This command is entered in the Route Map Configuration Mode This command assigns a local preference to the BGP path PARAMETERS DEFAULT VALUE By default local...

Page 296: ...for redistribution PARAMETERS DEFAULT VALUE None EXAMPLE ALU config route map set metric 10 SET METRIC TYPE set metric type internal external type 1 type 2 DESCRIPTION This command is entered in the...

Page 297: ...rned from EBGP route origin is set to EGP EXAMPLE ALU config route map set origin incomplete SET WEIGHT set weight 0 4294967295 DESCRIPTION This command is entered in the Route Map Configuration Mode...

Page 298: ...ss list configuration PARAMETERS EXAMPLE ALU show access lists Standard IP access list 1 deny 1 0 0 0 0 255 255 255 0 packets Standard IP access list 2 permit 20 0 0 0 0 255 255 255 0 packets Extended...

Page 299: ...packets deny 12 0 0 0 0 255 255 255 0 packets ALU SHOW IP AS PATH ACCESS LIST show ip as path access list 1 199 DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This co...

Page 300: ...munity standard access list 1 permit internet Community standard access list 2 permit no export ALU SHOW IP PREFIX LIST show ip prefix list prefix list name DESCRIPTION This command is entered in the...

Page 301: ...distributing External Routes from connected metric 3 static metric 4 Default version control send version 2 receive version 2 Automatic network summarization is in effect Outgoing update filter list f...

Page 302: ...has been set Incoming update Specifies whether the incoming filtering list has been set Default version control Specifies the version of RIP packets that are sent and received Redistributing Lists the...

Page 303: ...candidate default route Gateway of last resort is 135 254 163 1 to network 0 0 0 0 S 0 0 0 0 0 1 0 via 135 254 163 1 Vlan2 1 0 0 0 24 is subnetted 1 subnet O E2 1 1 1 0 110 20 100 via 2 2 2 2 FastEthe...

Page 304: ...connected Codes R RIP O OSPF C connected S static M mcstatic B BGP A ASE IA OSPF inter area route E1 OSPF external type 1 route E2 OSPF external type 2 route N1 OSPF NSSA external type 1 route N2 OSP...

Page 305: ...p route map test permit sequence 1 Description Exit Policy Match clauses community community list filter 1 ip address access lists prefix list testprefix Set clauses route map test deny sequence 2 Des...

Page 306: ...isfied then the route map result is permit sequence Number that indicates the position a new route map is to have in the list of route maps already configured with the same name Match clauses tag Matc...

Page 307: ...ATION PROTOCOL This chapter explains the function and syntax of the Router Information Protocol RIP commands It includes table of parameters default values and configuration examples for RIP configura...

Page 308: ...tic summarization of the subnet routes into network level routes PARAMETERS None DEFAULT VALUE By default auto summary is enabled EXAMPLE ALU config router rip auto summary CLEAR IP RIP clear ip rip d...

Page 309: ...router rip default information originate DEFAULT METRIC default metric 1 16 DESCRIPTION A default metric helps to solve the problem of redistributing routes with incompatible metrics Whenever metrics...

Page 310: ...ter the command in the Router Configuration Mode This command is used to define an administrative distance PARAMETERS DEFAULT VALUE The default distance is 120 EXAMPLE ALU config router rip distance 1...

Page 311: ...etworks from being advertised in updates PARAMETERS DEFAULT VALUE Disabled EXAMPLE ALU config router rip distribute list prefix prefix example in FastEthernet0 Parameter Description 1 99 IP access lis...

Page 312: ...nfig if FastEthernet0 ip rip authentication key chain allen IP RIP AUTHENTICATION MODE ip rip authentication mode md5 text DESCRIPTION Use the following command in the Interface Configuration Mode Thi...

Page 313: ...P behavior configured on a per interface basis PARAMETERS DEFAULT VALUE Version 1 and Version 2 packets are received by default EXAMPLE ALU config if FastEthernet0 ip rip send version 1 2 IP SPLIT HOR...

Page 314: ...AMETERS DEFAULT VALUE None EXAMPLE ALU config keychain allen key 100 ALU config keychain key 100 KEY CHAIN key chain key chain name DESCRIPTION This command is entered in the Configuration Mode This c...

Page 315: ...is used to configure the password for the key PARAMETERS DEFAULT VALUE None EXAMPLE ALU config keychain key 100 key string ab123 NETWORK network network number DESCRIPTION This command is entered in...

Page 316: ...CRIPTION This command is entered in the Router Configuration Mode This command defines a neighboring router to exchange the routing information PARAMETERS DEFAULT VALUE No neighboring routers are defi...

Page 317: ...lt metric 1 16 This command is entered in the Router Configuration Mode This command sets the metric of redistributed routes to its default NO DISTANCE no distance 1 255 This command is entered in the...

Page 318: ...This command disables the split horizon mechanism NO NEIGHBOR no neighbor neighbor address This command is entered in the Router Configuration Mode This command removes the statically configured neig...

Page 319: ...onfiguration Mode This command disables the redistribution of routes NO TIMERS BASIC no timers basic This command is entered in the Router Configuration Mode This command removes the configured routin...

Page 320: ...ip offset list 1 in 2 atm 0 The syntax of the offset list says Examine RIP advertisements incoming from interface atm 0 For route entries matching the addresses specified in access list 1 add 2 hops t...

Page 321: ...nd is entered in the Router Configuration Mode This command disables the sending of routing updates on specified interfaces and controls the set of interfaces with which to exchange routing updates PA...

Page 322: ...uration Mode This command is used to import routes from other routing protocols PARAMETERS DEFAULT VALUE None EXAMPLE ALU config router rip redistribute bgp 1 metric 10 Parameter Description bgp 1 655...

Page 323: ...ser Mode Configuration Mode or Router Configuration Mode This command displays a detailed routing configuration PARAMETERS EXAMPLE ALU show ip protocols Routing Protocol is rip Sending updates every 3...

Page 324: ...ich the individual routing information will be flushed out Outgoing update filter list is not set for all interfaces Specifies whether the outgoing filtering list has been set Incoming update filter l...

Page 325: ...ngth vrf vrf name DESCRIPTION This command is entered in the Super User Mode Configuration Mode or Router Configuration Mode Displays all route entries in the RIP routing database PARAMETERS EXAMPLE A...

Page 326: ...database PARAMETERS EXAMPLE ALU show ip rip interfaces RIP Interface Table Interface Interface Address Interface Mask Send Ver Recv Ver Flags FastEthernet0 1 1 1 2 255 255 255 0 2 2 B S Flags U Unnumb...

Page 327: ...guration Mode or Router Configuration Mode This command displays the RIP peer table details PARAMETERS EXAMPLE ALU show ip rip peers RIP Peer Table Peer Address Interface LastUpd sec Rcv Ver Bad Pkts...

Page 328: ...istics including both the global and interface statistics PARAMETERS EXAMPLE ALU show ip rip statistics RIP Global Statistics Route Changes Route Queries Rx Bad Msgs Routes Learnt Routes Held down 0 1...

Page 329: ...ETERS EXAMPLE ALU config show key chain key chain alu1 key 1 key string alcatel lucent Accept lifetime 00 00 00 01 Jan 2000 Infinite Valid Now Send lifetime 00 00 00 02 Feb 2001 Infinite Valid Now key...

Page 330: ...route is marked inaccessible and advertised as unreachable However the route is still used for forwarding packets The default is 180 seconds Holddown 0 4294967295 Interval in seconds during which rout...

Page 331: ...VALUE update 30 seconds invalid 180 seconds holddown 180 seconds flush 240 seconds EXAMPLE ALU config router rip timers basic 10 30 30 30 VALIDATE UPDATE SOURCE validate update source DESCRIPTION Ent...

Page 332: ...he RIP process configured on OmniAccess 5510 AA AB USG sends only RIPv1 messages but receives both RIPv1 and RIPv2 messages PARAMETERS DEFAULT VALUE By default the software receives both RIP Version 1...

Page 333: ...I Command Reference Guide V2 BROADCAST RIP ip rip v2 broadcast DESCRIPTION This command is entered in the Interface Configuration Mode This command is used to allow RIP Version 2 update packets to be...

Page 334: ...Router Information Protocol Left running head Chapter name automatic 306 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 335: ...OTOCOL This chapter explains the syntax of the various commands needed to configure Border Gateway Protocol It includes table of parameters default values and configuration examples for BGP configurat...

Page 336: ...and is entered in the Router Configuration Mode This command specifies the type of address family to be created and changes the command mode to Address Family mode PARAMETERS None Note In OmniAccess 5...

Page 337: ...r Configuration Mode This command configures BGP aggregate entries PARAMETERS DEFAULT VALUE None EXAMPLE ALU config router bgp AS30 aggregate address 35 0 0 0 8 advertise map admap1 Parameter Descript...

Page 338: ...belonging to different AS If this command is enabled MED is compared among paths regardless of AS from which paths are received PARAMETERS None DEFAULT VALUE MEDs per paths from neighbors in different...

Page 339: ...luster length for identical paths PARAMETERS None DEFAULT VALUE Cluster length is not compared for choosing the best path EXAMPLE ALU config router bgp AS30 bgp bestpath compare cluster length BGP BES...

Page 340: ...ers Paths with missing MED are cancelled EXAMPLE ALU config router bgp AS30 bgp bestpath med confed BGP CLIENT TO CLIENT REFLECTION bgp client to client reflection DESCRIPTION This command is entered...

Page 341: ...lector is used as the Cluster ID EXAMPLE ALU config router bgp AS30 bgp cluster id 50 BGP CONFEDERATION IDENTIFIER bgp confederation identifier 1 65535 DESCRIPTION This command is entered in the Route...

Page 342: ...CRIPTION This command is entered in the Address Family or Router Configuration Mode This command enables BGP route flap dampening and changes various BGP route dampening factors PARAMETERS Parameter D...

Page 343: ...ommand is entered in the Router Configuration Mode This command configures the default local preference value In the best path selection process this attribute is used and route with highest local pre...

Page 344: ...eceived from EBGP peer that does not add its AS number at the beginning of AS Path in the incoming update packets PARAMETERS None DEFAULT VALUE Disabled EXAMPLE ALU config router bgp AS30 bgp enforce...

Page 345: ...bility PARAMETERS DEFAULT VALUE Restart timer 175 seconds State Route Keep timer 100 seconds EXAMPLE ALU config router bgp AS30 bgp graceful restart timer 100 150 BGP LOG NEIGHBOR CHANGES bgp log neig...

Page 346: ...nterface IP addresses EXAMPLE ALU config router bgp AS30 bgp router id 1 1 1 1 BGP WRITE CONFIG bgp write config DESCRIPTION This command is entered in the Address Family or Router Configuration Mode...

Page 347: ...bgp CLEAR IP BGP DAMPENING clear ip bgp dampening ip address mask network number DESCRIPTION This command is entered in the Super User Mode Configuration Mode or Router Configuration Mode This command...

Page 348: ...dress mask filter list 1 199 regexp regular expression DESCRIPTION This command is entered in the Super User Mode Configuration Mode or Router Configuration Mode This command clears BGP route flap sta...

Page 349: ...p peer group name ipv4 unicast in out soft in out DESCRIPTION This command is entered in the Super User Mode Configuration Mode or Router Configuration Mode This command clears IP BGP peer group PARAM...

Page 350: ...eighbor PARAMETERS EXAMPLE ALU clear ip bgp 1 1 1 1 DEFAULT INFORMATION ORIGINATE default information originate DESCRIPTION This command is entered in the Address Family or Router Configuration Mode T...

Page 351: ...n Mode This command displays the BGP communities in the AA NN format PARAMETERS None DEFAULT BGP communities are displayed in one 32 bit number format EXAMPLE ALU config ip bgp community new format AL...

Page 352: ...er bgp AS30 neighbor 1 1 1 1 activate NEIGHBOR ADVERTISEMENT INTERVAL neighbor ip address peer group name advertisement interval 0 600 DESCRIPTION This command is entered in the Address Family or Rout...

Page 353: ...ighbor 1 1 1 1 capability graceful restart NEIGHBOR DEFAULT ORIGINATE neighbor ip address peer group name default originate DESCRIPTION This command is entered in the Address Family or Router Configur...

Page 354: ...in the Router Configuration Mode This command can be used to associate a description to a neighbor PARAMETERS DEFAULT There is no description of the neighbor EXAMPLE ALU config router bgp AS30 neighbo...

Page 355: ...ighbor information as specified in an access list PARAMETERS DEFAULT No BGP neighbor is specified EXAMPLE ALU config router bgp AS30 neighbor 1 1 1 1 distribute list 1 in Parameter Description ip addr...

Page 356: ...ig router bgp AS30 neighbor 1 1 1 1 ebgp multihop 4 NEIGHBOR FILTER LIST neighbor ip address peer group name filter list 1 199 in out DESCRIPTION This command is entered in the Router Configuration Mo...

Page 357: ...ip address peer group name local as 1 65535 DESCRIPTION This command is entered in the Router Configuration Mode This command is used to enable local as feature for specified neighbor AS number speci...

Page 358: ...can be received from a neighbor PARAMETERS DEFAULT This command is disabled by default There is no limit on the number of prefixes EXAMPLE ALU config router bgp AS30 neighbor 1 1 1 1 maximum prefix 2...

Page 359: ...ig router bgp AS30 neighbor 1 1 1 1 next hop self NEIGHBOR PEER GROUP ADDING MEMBERS neighbor ip address peer group peer group name DESCRIPTION This command is entered in the Address Family or Router...

Page 360: ...config router bgp AS30 neighbor testpeergroup peer group NEIGHBOR PREFIX LIST neighbor ip address peer group name prefix list name in out DESCRIPTION This command is entered in the Address Family or R...

Page 361: ...list PL1 in NEIGHBOR REMOTE AS neighbor ip address peer group name remote as 1 65535 DESCRIPTION This command is entered in the Address Family or Router Configuration Mode Configures a BGP neighbor an...

Page 362: ...AMPLE ALU config router bgp AS30 neighbor 1 1 1 1 remove private as NEIGHBOR ROUTE MAP neighbor ip address peer group name route map name in out DESCRIPTION This command is entered in the Address Fami...

Page 363: ...eflector in the AS EXAMPLE ALU config router bgp AS30 neighbor 35 0 0 1 route reflector client NEIGHBOR SEND COMMUNITY neighbor ip address peer group name send community DESCRIPTION This command is en...

Page 364: ...n NEIGHBOR SOFT RECONFIGURATION INBOUND neighbor ip address peer group name soft reconfiguration inbound DESCRIPTION This command is entered in the Address Family or Router Configuration Mode This com...

Page 365: ...This command is entered in the Address Family or Router Configuration Mode This command sets the timers for a specific BGP peer or peer group PARAMETERS DEFAULT VALUE Keepalive time 60 seconds Holdtim...

Page 366: ...dress Family or Router Configuration Mode This command enables BGP routers to selectively advertise routes previously suppressed by the aggregate address command PARAMETERS DEFAULT VALUE If aggregate...

Page 367: ...mmand is entered in the Router Configuration Mode This command is used to configure the software to allow BGP sessions to use a particular interface for TCP connections PARAMETERS DEFAULT VALUE By def...

Page 368: ...4 NEIGHBOR WEIGHT neighbor ip address peer group name weight 0 65535 DESCRIPTION This command is entered in the Address Family or Router Configuration Mode This command sets the default weight for the...

Page 369: ...tered in the Address Family or Router Configuration Mode This command specifies the networks to be advertised through BGP PARAMETERS DEFAULT VALUE No networks are specified EXAMPLE ALU config router b...

Page 370: ...ddress prefix length longer prefixes DESCRIPTION This command is entered in the Super User Mode Configuration Mode or Router Configuration Mode This command displays entries in the BGP routing table P...

Page 371: ...ription ip address prefix length Network with prefix length in the BGP routing table network number Network in the BGP routing table bestpaths BGP bestpaths table cidr only Displays routes with non na...

Page 372: ...show ip bgp 5 0 0 0 8 BGP routing table entry for 5 0 0 0 8 100 1 1 1 2 from 1 1 1 2 3 3 3 3 Origin IGP metric 200 localpref 100 weight 70 valid external uptime 00 10 24 best One Available Path Commu...

Page 373: ...0 0 0 8 1 1 1 2 200 100 70 100i 6 0 0 0 8 1 1 1 2 200 100 70 100i d 7 0 0 0 8 1 1 1 2 200 100 70 100i 111 111 111 0 24 111 111 111 112 110 100 50 300 d 118 0 0 0 24 111 111 111 112 110 100 50 300 ALU...

Page 374: ...router ID is 111 111 111 111 Status codes s suppressed d damped h history valid best i internal Origin codes i IGP e EGP incomplete Prefix len Next Hop Metric LocPref Weight Path 1 0 0 0 8 1 1 1 2 20...

Page 375: ...SHOW IP BGP COMMUNITY LIST show ip bgp community list 1 199 exact match DESCRIPTION This command is entered in the Super User Mode Configuration Mode or Router Configuration Mode This command is used...

Page 376: ...MPLE ALU show ip bgp dampened paths BGP local router ID is 111 111 111 111 Status codes s suppressed d damped h history valid best i internal Origin codes i IGP e EGP incomplete Prefix len From Reuse...

Page 377: ...R LIST show ip bgp filter list access list number DESCRIPTION This command is entered in the Super User Mode Configuration Mode or Router Configuration Mode This command is used to display routes that...

Page 378: ...i internal Origin codes i IGP e EGP incomplete Prefix len From Flaps Duration Reuse Path d 7 0 0 0 8 1 1 1 2 2 00 10 48 00 17 50 100i d 118 0 0 0 24 111 111 111 112 1 00 06 08 00 22 00 300 ALU SHOW IP...

Page 379: ...ghbor capabilities Route refresh advertised and received Address family IPv4 Unicast advertised and received Received 342 messages 0 notifications 0 in queue Sent 333 messages 7 notifications 0 in que...

Page 380: ...seconds Neighbor capabilities Route refresh advertised and received Address family IPv4 Unicast advertised and received Received 322 messages 1 notifications 0 in queue Sent 331 messages 8 notificatio...

Page 381: ...n seconds between sending keepalive packets which help ensure that the TCP connection is up Neighbor capabilities BGP capabilities advertised and received from this neighbor Received Number of total B...

Page 382: ...ng session was last reset Connection state State of BGP peer Local host Local port Peering address of local router plus port Foreign host Foreign port Peering address of the neighbor iss Initial send...

Page 383: ...in the Super User Mode Configuration Mode or Router Configuration Mode This command displays all the BGP paths in the database PARAMETERS None EXAMPLE ALU show ip bgp paths Hash Refcount Metric Path 3...

Page 384: ...None EXAMPLE ALU show ip bgp peer group internal SHOW IP BGP REGEXP show ip bgp regexp regular expression DESCRIPTION This command is entered in the Super User Mode Configuration Mode or Router Config...

Page 385: ...392 bytes of memory Dampening enabled 0 History paths 2 Dampened paths 3 Path attribute entries using 672 bytes of memory 2 Aspath entries using 614 bytes of memory 2 Community entries using 44 bytes...

Page 386: ...config router bgp AS30 synchronization Up Down The length of time that the BGP session has been in the Established state or the current state if it is not Established State PfxRcd Current state of th...

Page 387: ...alive and holdtime interval These are global timers for BGP router Keepalive and holdtime configured for a neighbor take precedence PARAMETERS DEFAULT VALUE The default keepaalive interval is 60 secon...

Page 388: ...Border Gateway Protocol Left running head Chapter name automatic 360 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 389: ...SHORTEST PATH FIRST This chapter lists the commands to monitor and configure the OSPF protocol It includes table of parameters default values and configuration examples for OSPF configuration as quick...

Page 390: ...RIPTION This command is entered in the Router Configuration Mode This command enables authentication for an OSPF area Use the message digest keyword to enable MD5 authentication The default authentica...

Page 391: ...SCRIPTION This command is entered in the Router Configuration Mode This command specifies the cost for the default summary route sent into a stub or NSSA PARAMETERS DEFAULT VALUE Default cost is 1 EXA...

Page 392: ...UE No NSSA area is defined EXAMPLE ALU config router ospf 30 area 1 nssa Parameter Description 0 4294967295 OSPF area ID as a decimal value ip address OSPF area ID in IP address format no redistributi...

Page 393: ...te will be advertised PARAMETERS DEFAULT VALUE Disabled EXAMPLE ALU config router ospf 30 area 1 range 10 0 0 0 8 not advertise Parameter Description 0 4294967295 Identifier of the area about which th...

Page 394: ...mand is entered in the Router Configuration Mode This command defines an area to be a stub area PARAMETERS DEFAULT VALUE No stub area is defined EXAMPLE ALU config router ospf 30 area 1 stub no summar...

Page 395: ...th neighbor specified by router ID PARAMETERS DEFAULT VALUE None EXAMPLE ALU config router ospf 30 area 1 virtual link 202 202 202 5 Parameter Description 0 4294967295 Identifier for the OSPF stub are...

Page 396: ...MPLE ALU config router ospf 30 auto cost referenece bandwidth 100 CLEAR IP OSPF clear ip ospf 1 65535 process redistribution counters neighbor neighbor id interface name interface statistics hello ddp...

Page 397: ...d to calculate summary route costs per RFC 1583 This command is entered in the Router Configuration Mode To minimize the chance of routing loops all OSPF routers in an OSPF routing domain should have...

Page 398: ...LU config router ospf 30 default information originate always metric 100 Parameter Description always Always advertises the default route regardless of whether the software has a default route 0 16777...

Page 399: ...uide DEFAULT METRIC default metric 1 4294967295 DESCRIPTION Enter the default metric command in Router Configuration Mode This command sets default metric values for the OSPF routing protocol PARAMETE...

Page 400: ...s command is entered in the Router Configuration Mode This command is used to change the administrative distance for a given network PARAMETERS DEFAULT VALUE The default distance is 110 EXAMPLE ALU co...

Page 401: ...istance command used with an access list However the distance ospf command allows you to set a distance for an entire group of routes rather than a specific route that passes an access list PARAMETERS...

Page 402: ...sage digest IP OSPF AUTHENTICATION KEY ip ospf authentication key 0 0 password key DESCRIPTION This command is entered in the Interface Configuration Mode This command assigns an authentication passwo...

Page 403: ...ost resulting from the auto cost command PARAMETERS DEFAULT VALUE The default cost is calculated based on the interface bandwidth EXAMPLE ALU config if FastEthernet0 ip ospf cost 100 IP OSPF DATABASE...

Page 404: ...our times the hello interval EXAMPLE ALU config if FastEthernet0 ip ospf dead interval 50 IP OSPF FLOOD REDUCTION ip ospf flood reduction DESCRIPTION This command is entered in the Interface Configura...

Page 405: ...ig if FastEthernet0 ip ospf hello interval 20 IP OSPF MESSAGE DIGEST KEY ip ospf message digest key 1 255 md5 key DESCRIPTION This command is entered in the Interface Configuration Mode This command e...

Page 406: ...if FastEthernet0 ip ospf mtu ignore IP OSPF NETWORK ip ospf network broadcast non broadcast point to multipoint point to point DESCRIPTION This command is entered in the Interface Configuration Mode...

Page 407: ...E ALU config if FastEthernet0 ip ospf priority 2 IP OSPF RETRANSMIT INTERVAL ip ospf retransmit interval 1 65535 DESCRIPTION This command is entered in the Interface Configuration Mode This command sp...

Page 408: ...PF interface PARAMETERS DEFAULT VALUE The default transmit delay is 1 second EXAMPLE ALU config if FastEthernet0 ip ospf transmit delay 2 LOG ADJACENCY CHANGES log adjacency changes detail DESCRIPTION...

Page 409: ...neighbor in the form of an integer from 1 to 65535 Neighbors with no specific cost configured will assume the cost of the interface based on the ip ospf cost command For point to multipoint interface...

Page 410: ...g router ospf 30 network 10 0 0 0 8 area 1 NO PASSIVE INTERFACE no passive interface interface name default This command is entered in the Router Configuration Mode The no command enables sending of h...

Page 411: ...EA NSSA no area 0 4294967295 ip address nssa default information originate no summary no redistribution This command is entered in the Router Configuration Mode The no command sets area to default NO...

Page 412: ...erfaces EXAMPLE ALU config router ospf 30 passive interface FastEthernet 0 ROUTER ID router id ip address DESCRIPTION This command is entered in the Router Configuration Mode This command configures O...

Page 413: ...TION This command is entered in the Super User Mode Configuration Mode or Router Configuration Mode This command displays general information about the OSPF routing processes PARAMETERS EXAMPLE ALU sh...

Page 414: ...ranges are Number of LSA 6 Checksum Sum 0x35E53 Number of opaque link LSA 0 Checksum Sum 0x0 Flood list length 0 Area 1 Number of interfaces in this area is 1 Area has no authentication SPF algorithm...

Page 415: ...Process 1 internal Routing Table Codes i Intra area route I Inter area route i 6 6 6 6 100 via 2 2 2 1 FastEthernet 0 ABR Area 1 SPF 5 Parameter Description 1 65535 Process ID This parameter when spe...

Page 416: ...rea id database external link state id show ip ospf process id area id database external link state id adv router ip address show ip ospf process id area id database external link state id self origin...

Page 417: ...que link link state id adv router ip address show ip ospf process id area id database opaque link link state id self originate link state id show ip ospf process id area id database router link state...

Page 418: ...summary Optional Displays information only about the Autonomous System Boundary Router ASBR summary LSAs link state id Shows the specified type of LSA with matching link state ID database summary Opt...

Page 419: ...ng command ALU show ip ospf database external OSPF Router with ID 1 1 1 2 Process ID 1 Type 5 AS External Link States LS age 1715 Options No TOS capability No DC LS Type AS External Link Link State ID...

Page 420: ...lity DC LS Type AS External Link Link State ID 3 3 3 0 External Network Number Advertising Router 1 1 1 1 LS Seq Number 80000001 Checksum 0x5D36 Length 36 Network Mask 24 Metric Type 2 Larger than any...

Page 421: ...ing Router 6 6 6 6 LS Seq Number 80000006 Checksum 0xB91F Length 32 Network Mask 32 Attached Router 6 6 6 6 Attached Router 1 1 1 2 Routing Bit Set on this LSA LS age 1150 Options No TOS capability No...

Page 422: ...th 36 Network Mask 24 Metric Type 2 Larger than any link state path TOS 0 Metric 20 Forward Address 1 1 1 2 External Route Tag 0 LS age 714 Options No TOS capability No DC LS Type AS External Link Lin...

Page 423: ...36 Number of Links 1 Link connected to a Transit Network Link ID Designated Router address 1 1 1 2 Link Data Router Interface address 1 1 1 1 Number of TOS metrics 0 TOS 0 Metrics 10 LS age 118 Optio...

Page 424: ...ink State ID 1 1 1 2 Advertising Router 1 1 1 2 LS Seq Number 80000005 Checksum 0x579A Length 36 Number of Links 1 Link connected to a Transit Network Link ID Designated Router address 2 2 2 2 Link Da...

Page 425: ...1135 0x80000004 0xBD46 Summary Net Link States Area 0 Link ID ADV Router Age Seq Checksum 2 2 2 0 1 1 1 2 110 0x80000002 0x43CC Router Link States Area 1 Link ID ADV Router Age Seq Checksum Link count...

Page 426: ...Link States Area 0 LS age 133 Options No TOS capability No DC Opq Bit LS Type Summary Links Network Link State ID 2 2 2 0 summary Network Number Advertising Router 1 1 1 2 LS Seq Number 80000002 Check...

Page 427: ...iting to be flooded over an interface PARAMETERS EXAMPLE ALU show ip ospf flood list OSPF Router with ID 1 1 1 2 Process ID 1 Interface FastEthernet 0 Queue length 1 Type LS ID ADV RTR Seq NO Age Chec...

Page 428: ...ervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 07 Neighbor Count is 1 Adjacent neighbor count is 1 Adjacent with neighbor 2 2 2 2 Designated Router Suppress hello for 0 nei...

Page 429: ...ets Received 39 LS Acknowledgment Packets Sent 166 Errors 0 Events 0 Parameter Description FastEthernet Status of physical link and operational status of the protocol Internet Address Interface IP add...

Page 430: ...IPTION This command is entered in the Super User Mode Configuration Mode or Router Configuration Mode This command displays the interface process table PARAMETERS EXAMPLE ALU config show ip ospf inter...

Page 431: ...00 31 2 2 2 2 FastEthernet0 EXAMPLE 2 ALU show ip ospf neighbor FastEthernet 0 Process ID 100 Neighbor ID Pri State Dead Time Address Interface 2 2 2 2 1 FULL DR 00 00 31 2 2 2 2 FastEthernet0 EXAMPLE...

Page 432: ...Number of state changes since the neighbor was created This value can be reset using the clear ip ospf counters neighbor command DR is Router ID of the designated router for the interface BDR is Rout...

Page 433: ...I Command Reference Guide SHOW IP OSPF PROCESS INTERFACE show ip ospf process interface DESCRIPTION This command is entered in the Super User Mode Configuration Mode or Router Configuration Mode This...

Page 434: ...ip ospf request list OSPF Router with ID 1 1 1 2 Process ID 1 Neighbor 6 6 6 6 interface FastEthernet0 address 2 2 2 2 Type LS ID ADV RTR Seq NO Age Checksum 1280 192 175 142 0 1 1 1 1 0x80000003 774...

Page 435: ...of all LSAs waiting to be re sent PARAMETERS EXAMPLE ALU show ip ospf retransmission list OSPF Router with ID 1 1 1 2 Process ID 1 Neighbor 6 6 6 6 interface FastEthernet0 address 2 2 2 2 Link state...

Page 436: ...Displays the OSPF internal routing table PARAMETERS EXAMPLE ALU config router ospf 20 show ip ospf route OSPF Router with ID 1 1 1 2 Process ID 1 Dest Mask Type Adv Rtr Cost Area tag NextHop 2 0 0 0...

Page 437: ...e Router Configuration Mode This command displays a list of all summary address redistribution information configured under an OSPF process PARAMETERS EXAMPLE The following is sample output from the s...

Page 438: ...smit Delay is 1 sec State POINT TO POINT Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 04 Adjacency state FULL Retransmission queue length 2 number of retransmiss...

Page 439: ...0 0 8 tag 20 ALU config router ospf 30 summary address 10 0 0 0 8 not advertise Hello due in 00 00 04 When the next hello is expected from the neighbor Adjacency State FULL The adjacency state betwee...

Page 440: ...lsa group pacing 10 1800 DESCRIPTION This command is entered in the Router Configuration Mode This command changes the group pacing of LSAs PARAMETERS DEFAULT VALUE The default lsa group pacing inter...

Page 441: ...RS DEFAULT VALUE SPF schedule delay is 5 seconds Hold time between two SPFs is 10 seconds EXAMPLE ALU config router ospf 30 timers spf 20 10 Parameter Description 0 65535 spf delay Delay time in secon...

Page 442: ...ss 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent WRITE OSPF write ospf DESCRIPTION This command is entered in the Router Configuration Mode This command is used to view the...

Page 443: ...his chapter lists the commands to monitor and configure the Multicast Routing Protocols It includes table of parameters default values and configuration examples for Multicast Routing configuration as...

Page 444: ...pim neighbor FastEthernet 0 1 1 1 1 CLEAR IP PIM STATE INFO clear ip pim state info group address source address DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This...

Page 445: ...ccess 5510 Unified Services Gateway CLI Command Reference Guide IP MULTICAST ROUTING ip multicast routing DESCRIPTION This command is entered in the Router Configuration Mode This command enables mult...

Page 446: ...cified interface address PARAMETERS DEFAULT VALUE None EXAMPLE ALU config ip pim bsr candidate FastEthernet 0 1 10 Parameter Description BSRAdminZone prefix mask BSR Admin Zone can take all multicast...

Page 447: ...EFAULT VALUE Default DR priority is 1 EXAMPLE ALU config if FastEthernet0 ip pim dr priority 2 IP PIM MESSAGE INTERVAL ip pim message interval 1 65535 DESCRIPTION This command is entered in the Config...

Page 448: ...ers on an interface EXAMPLE ALU config if FastEthernet0 ip pim neighbor filter acc list1 IP PIM RP ADDRESS ip pim rp address ip address override DESCRIPTION This command is entered in the Configuratio...

Page 449: ...P uses specified interface address BSR selects the RP with the highest priority If multiple routers are candidate RP for same group then BSR calculates the hash value and with the highest hash value b...

Page 450: ...s 0 EXAMPLE ALU config ip pim rp candidate priority 10 IP PIM SPARSE MODE ip pim sparse mode DESCRIPTION This command is entered in the Interface Configuration Mode This command is used to enable PIM...

Page 451: ...entered in the Configuration Mode This command is used to configure the SPT threshold value PARAMETERS DEFAULT VALUE Switch to SPT just after receiving first packet That means 0 Kbps EXAMPLE ALU confi...

Page 452: ...outer sends periodic hello messages on all PIM enabled interfaces Use this command to configure this interval in seconds PARAMETERS DEFAULT VALUE The default query interval is 30 seconds EXAMPLE ALU c...

Page 453: ...up PARAMETERS EXAMPLE ALU config show ip pim rp hash 227 0 0 1 RP 1 1 1 1 Priority 0 Holdtime 150 v2 Info source 1 1 1 1 via bootstrap Uptime 00 00 32 expires 00 01 58 SHOW IP PIM BSR ROUTER show ip p...

Page 454: ...ION This command is entered in the Super User Mode or Configuration Mode This command shows the interfaces on which PIM is enabled and details like interface DR priority and current DR on the interfac...

Page 455: ...interface name DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command displays PIM neighbors on all interfaces To see neighbors on a specific interface use the...

Page 456: ...nd displays the group to RP mapping table of PIM PARAMETERS EXAMPLE ALU config show ip pim rp mapping PIM Group to RP Mappings Group s 225 0 0 0 8 RP 1 1 1 1 v2 Info source 1 1 1 1 via bootstrap prior...

Page 457: ...rmation PARAMETERS EXAMPLE ALU show ip pim state info PIMv2 State information Flags M Nexthop from Mroute T Terminating A Reported by IGMP K KeepAlive Timer Running S SPT bit set 8 0 0 1 226 1 1 25 NO...

Page 458: ...ted by access lists This restricts the host on a subnet joining only multicast groups that are permitted by access lists PARAMETERS DEFAULT VALUE None EXAMPLE ALU config if FastEthernet0 ip igmp acces...

Page 459: ...ned by default EXAMPLE ALU config if FastEthernet0 ip igmp join group 226 2 2 2 IP IGMP LAST MEMBER QUERY COUNT ip igmp last member query count 1 7 DESCRIPTION This command is entered in the Interface...

Page 460: ...EXAMPLE ALU config if FastEthernet0 ip igmp last member query interval 2000 IP IGMP QUERY INTERVAL ip igmp query interval 1 65535 DESCRIPTION This command is entered in the Interface Configuration Mod...

Page 461: ...MPLE ALU config if FastEthernet0 ip igmp query max response time 20 IP IGMP QUERIER TIMEOUT ip igmp querier timeout 60 300 DESCRIPTION This command is entered in the Interface Configuration Mode This...

Page 462: ...onfiguration Mode This command is used to enable IGMP on an interface After enabling this command IGMP learns the multicast host information on given interface PARAMETERS None DEFAULT VALUE By default...

Page 463: ...red in the Super User Mode or Configuration Mode This command displays all the multicast groups joined You can enter the interface name to see multicast groups on that interface PARAMETERS EXAMPLE ALU...

Page 464: ...terface parameters PARAMETERS EXAMPLE ALU show ip igmp interface FastEthernet0 Internet address 2 20 1 1 Mask 255 0 0 0 Host version 2 Router Version 2 Query Interval 125 Querier Timeout 255 Max query...

Page 465: ...IP MROUTE clear ip mroute DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command clears multicast routing information PARAMETERS None EXAMPLE ALU clear ip mrout...

Page 466: ...ERS EXAMPLE ALU show ip mroute IP Multicast Forwarding Information Base Flags R RP bit set T SPT bit set F Register flag J Joined 226 0 0 1 uptime 0 13 23 flags J Incoming Interface Tunnel23 RPF failu...

Page 467: ...de SHOW IP MULTICAST TRAFFIC show ip multicast traffic DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command displays the statistics of the multicast packets PA...

Page 468: ...Multicast Routing Left running head Chapter name automatic 440 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 469: ...POLICY BASED ROUTING This chapter lists the commands to configure Policy Based Routing PBR It includes table of parameters default values and configuration examples for PBR configuration as quick star...

Page 470: ...ration Mode This command clears the statistics of all the IP policies configured in the system PARAMETERS EXAMPLE ALU config clear ip policy statistics IP POLICY ip policy name DESCRIPTION This comman...

Page 471: ...licy pbr1 20 match m1 m2 next hop 1 2 2 2 Parameter Description 1 65535 Denotes the routing policy rule number The range for the IP policy rule match all any match list name match all In this type of...

Page 472: ...pbr1 NO IP POLICY no ip policy name force This command is entered in the Configuration Mode This command is used to delete an IP policy If the policy is attached to any of the interfaces it cannot be...

Page 473: ...ntered in the Super User Mode or Configuration Mode This command is used to view all the IP policies configured in the system This command also displays interfaces on which these policies are applied...

Page 474: ...tion Mode This command is used to display the statistics of all the IP policies configured in the system This displays the number of packets that hit the rules in the IP policy and number of packets d...

Page 475: ...ace CLI commands for Virtual Routing and Forwarding Customer Edge VRF CE These commands are used to configure VRF CE on an interface This chapter includes tables of parameters default values and confi...

Page 476: ...n mode This command associates the address family with the VRF and enters the address family configuration mode If the VRF name is not specified then the configurations are associated with the Default...

Page 477: ...ast vrf vrf name DESCRIPTION This command is entered in the RIP Routing Configuration Mode This command associates the address family with the VRF and enters the VRF configuration mode PARAMETERS EXAM...

Page 478: ...e defualt VRF PARAMETERS EXAMPLE ALU config arp vrf ALU vrf 10 91 0 21 0004 9BE9 C4A8 CLEAR ARP CACHE clear arp cache vrf vrf name DESCRIPTION This command is entered in the Super User Mode or Configu...

Page 479: ...ip bgp vrf vrf name 1 65535 ip address dampening external flap statistics ipv4 peer group DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command clears the BGP c...

Page 480: ...d clears counters of IP traffic statistics PARAMETERS EXAMPLE ALU config clear ip traffic vrf ALU vrf CLEAR IP ROUTE clear ip route vrf vrf name DESCRIPTION This command is entered in the Super User M...

Page 481: ...nterface name gateway ip address 1 255 DESCRIPTION This command is entered in the Configuration Mode This command adds a static routing entry into the specified VRF routing table If the VRF name is no...

Page 482: ...ALU vrf ALU config vrf IP VRF FORWARDING ip vrf forwarding vrf name DESCRIPTION This command is entered in the Interface Configuration Mode This command is used to associate a VRF on an interface Not...

Page 483: ...name DESCRIPTION This command is entered in the Configuration Mode Ping command is used for testing connectivity PARAMETERS EXAMPLE ALU config ping vrf ALU vrf 1 2 3 1 Parameter Description vrf name I...

Page 484: ...nfig router ospf 1 SHOW ARP show arp vrf vrf name DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command displays the ARP entries in the specified VRF PARAMETERS...

Page 485: ...affic statistics PARAMETERS EXAMPLE ALU config show arp traffic vrf ALU vrf ARP Traffic statistics Request Recvd 0 Request Sent 6 Response Recvd 1 Response Sent 0 Rate limiting Request Not Answered 0...

Page 486: ...PLE ALU config show ip bgp SHOW IP BGP COMMUNITY show ip bgp community vrf vrf name DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command displays the routes th...

Page 487: ...BGP community list PARAMETERS EXAMPLE ALU config show ip bgp community list SHOW IP BGP FLAP STATISTICS show ip bgp flap statistics vrf vrf name DESCRIPTION This command is entered in the Super User...

Page 488: ...fied VRF PARAMETERS EXAMPLE ALU config show ip bgp neighbors SHOW IP BGP PEER GROUP show ip bgp peer group vrf vrf name DESCRIPTION This command is entered in the Super User Mode or Configuration Mode...

Page 489: ...S EXAMPLE ALU config show ip fib vrf ALU vrf IP FIB table values Levels 4 Load balance span 16 IPC Connect 0 RIB Connected 0 Total leaves 12 Level 0 1 Level 1 4 Level 2 4 Level 3 3 Total branches 12 L...

Page 490: ...filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Routing for Networks 4 0 0 0 8 Routing Information Sources Gateway Distance Last Update 4 4 4 1 110...

Page 491: ...E1 OSPF external type 1 route E2 OSPF external type 2 route N1 OSPF NSSA external type 1 route N2 OSPF NSSA external type 2 route candidate default route Gateway of last resort is not set 10 0 0 0 24...

Page 492: ...tination 0 format errors 0 checksum errors 0 bad hop count Frags 0 reassembled 0 timeouts 0 couldn t reassemble 0 fragmented 0 couldn t fragment 0 fragments created Sent 11 generated 11 forwarded 5 en...

Page 493: ...ommand is entered in the Super User Mode or Configuration Mode This command displays the information on the defined VRF instances PARAMETERS EXAMPLE ALU config show ip vrf interfaces ALU Interface IP...

Page 494: ...H command is used for logging into a remote system specified by the address PARAMETERS EXAMPLE ALU config ssh vrf ALU vrf 10 91 0 25 Parameter Description vrf name Name of the VRF If the VRF name is s...

Page 495: ...ame DESCRIPTION This command is entered in the Configuration Mode Traceroute command is used for figuring out the path taken by the IP packet PARAMETERS EXAMPLE ALU config traceroute vrf ALU vrf 1 2 3...

Page 496: ...Virtual Routing and Forwarding Left running head Chapter name automatic 468 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 497: ...Beta Beta For final production import color definitions from daldoc01 docteam templates framemaker book template color defs production colors fm Do not import other template elements such as page layo...

Page 498: ...Left running head Chapter name automatic 470 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 499: ...DDRESS TRANSLATION This chapter provides Network Address Translation NAT Command Line Interface CLI commands The commands referring to the SNAT and DNAT are alphabetically arranged This chapter provid...

Page 500: ...e rule set priority for the rule associate match lists and set action for the configured SNAT PARAMETERS DEFAULT VALUE None EXAMPLE ALU config nat N1 10 match m1 source nat Parameter Description 1 655...

Page 501: ...d Only host IP address can be configured DEFAULT VALUE If no address is configured the IP address of the egress interface on which the NAT policy is applied will be used EXAMPLE ALU config nat N1 matc...

Page 502: ...configured the IP address of the egress interface on which the NAT policy is applied will be used PARAMETERS DEFAULT VALUE None EXAMPLE ALU config nat N1 match m1 source nat pool l1 Parameter Descript...

Page 503: ...DEFAULT VALUE If no port range is specified a default port range of 2048 65535 is used EXAMPLE ALU config nat N1 match m1 source nat port range 2048 6000 Parameter Description 1 65535 The range for th...

Page 504: ...ss of the egress interface on which the NAT policy is applied will be used PARAMETERS DEFAULT VALUE By default NAT enables dynamic mapping EXAMPLE ALU config nat N1 match m1 source nat static Paramete...

Page 505: ...s command is used to configure a DNAT with host IP address or an IP address pool PARAMETERS Note Presently Hostname option is not supported Only host IP address can be configured DEFAULT VALUE None EX...

Page 506: ...m1 destination nat host 192 168 10 91 port 100 ALU config nat N2 match m1 destination nat pool l1 port 100 Parameter Description 1 65535 The range for the NAT policy rule This rule number signifies t...

Page 507: ...dress mapping without port translation PARAMETERS DEFAULT VALUE None EXAMPLE ALU config nat N2 match m1 destination nat pool l1 static Parameter Description 1 65535 The range for the NAT policy rule T...

Page 508: ...1 bypass CLEAR IP NAT STATISTICS clear ip nat statistics nat policy name DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command clears the statistics of a specif...

Page 509: ...ARAMETERS EXAMPLE The following example clears the statistics of the NAT for interface FastEthernet0 ALU clear ip nat statistics FastEthernet0 in CHANGE change 1 65535 1 65535 DESCRIPTION This command...

Page 510: ...the debugging functionality for NAT on OmniAccess 5510 AA AB USG PARAMETERS EXAMPLE ALU debug firewall nat IP NAT ip nat nat policy name DESCRIPTION This command is entered in the Configuration Mode T...

Page 511: ...ent to external network Returning HTTP responses are automatically allowed and translated even if there is a filter to block ALU config match list m1 ALU config match list m1 tcp any any service http...

Page 512: ...no debug firewall session filter nat attack alg intrusion selector saddr ip address daddr ip address protocol number sport number dport number output permanent all detail level This command is entered...

Page 513: ...ISTICS IN OUT BOTH no ip nat statistics in out both This command is entered in the Interface Configuration Mode to turn off the statistical details enabled on the interface NO RULE no rule 1 65535 Thi...

Page 514: ...details of all the configured NAT policies or a specific NAT PARAMETERS EXAMPLE 1 The following example displays the details of all the NAT policies configured ip nat n1 10 match all m1 source nat ip...

Page 515: ...iguration Mode This command displays detailed statistics for the NAT policies configured or for a specific NAT policy PARAMETERS EXAMPLE The following example shows detailed statistics for the NAT pol...

Page 516: ...command displays NAT statistics for a specific interface PARAMETERS EXAMPLE The following example shows NAT statistics on a specified interface ALU show ip nat statistics FastEthernet0 Out ip nat n1 D...

Page 517: ...ds for configuring the filters firewall policies and DoS attack prevention Common Classification CC commands are used in these CLIs Refer to the Common Classifiers chapter to know more on Alcatel Luce...

Page 518: ...ter Configuration Mode This command changes the priority of a configured filter rule PARAMETERS EXAMPLE Consider the following configuration ALU config ip filter f1 ALU config filter f1 10 match m1 de...

Page 519: ...tistics for a specific filter PARAMETERS EXAMPLE ALU clear ip filter statistics FastEthernet 0 in ALU clear ip filter statistics FastEthernet 0 out IP FILTER ip filter name DESCRIPTION Enter the IP Fi...

Page 520: ...mple below configures a deny rule with reset option on traffic as defined in m1 ALU config filter f1 10 match m1 deny reset Parameter Description 1 65535 Denotes the filter rule number The range for t...

Page 521: ...used to delete the filter when it is not attached to any interface no ip filter name force This command is entered in the Configuration Mode This command is used to delete the filter when it is attac...

Page 522: ...level and if this filter is not bound to any interface it deletes the filter definition NO RULE no rule line number This command is issued in the Filter Configuration Mode The command deletes a single...

Page 523: ...tem If filter name is specified it displays the details for the specified filter PARAMETERS EXAMPLE The following syntax displays the all the filters configured in the system ALU show ip filter ip fil...

Page 524: ...a filter on a particular interface To view the statistics turn it on by using the command ip filter statistics both for both IN and OUT directions PARAMETERS EXAMPLE The following command displays the...

Page 525: ...ss 5510 Unified Services Gateway CLI Command Reference Guide STATELESS stateless DESCRIPTION This command is entered in the Filter Configuration Mode This command sets the filter behavior to stateless...

Page 526: ...tack object PARAMETERS None EXAMPLE ALU config firewall attack A1 all The following are the Optional attacks that are not present in the default attack prevention list of OmniAccess 5510 AA AB USG icm...

Page 527: ...ALU config firewall P1 10 match m1 attack atk drop 20 match m2 attack atk reset 30 match m3 attack atk reset 40 match m4 attack atk drop In the above sequence if m4 has a priority 40 Use the change k...

Page 528: ...CLEAR FIREWALL SESSION SESSION ID clear firewall session session id 0 128000 DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command is used to clear the firewal...

Page 529: ...ttings except icmp block trace route icmp router advertisement icmp redirect and ip rate threshold These attacks can be either manually turned on for detection or filters can be applied to block them...

Page 530: ...ing attacks ip tear drop ip tiny frag 50 64 icmp ping of death 50 65507 ip zero length icmp smurf attack ip land attack tcp xmas scan tcp_ invalid urgent offset tcp null scan tcp syn fin tcp fin no ac...

Page 531: ...e entries To change these default values use this command PARAMETERS DEFAULT VALUE Default TCP value is 15 minutes Default UDP value is 5 minutes Default ICMP value is 30 seconds EXAMPLE ALU config fi...

Page 532: ...until it is bound to an interface PARAMETERS DEFAULT VALUE No default parameters EXAMPLE ALU config interface FastEthernet 0 ALU config if FastEthernet0 firewall policy in P1 ICMP BLOCK TRACE ROUTE ic...

Page 533: ...ttack Sub Configuration Mode This attack is implicitly a part of the default attack prevention list However if you do not want to use these default lists he can turn on only a selected number of attac...

Page 534: ...ICMP echo requests or pings to different hosts within a defined interval The purpose of this scheme is to ping several hosts in the hope that one will reply thus uncovering an address to target resul...

Page 535: ...a victim If the routing device delivering traffic to the broadcast addresses performs the IP broadcast to another broadcast function Most hosts on that IP network will take the ICMP echo request and...

Page 536: ...lso placed in the DoS attack prevention list to secure the system from this attack PARAMETERS DEFAULT VALUE Number of the maximum fragments allowed in one ping packet default value is 50 Number of max...

Page 537: ...each other networks PARAMETERS None EXAMPLE ALU config firewall attack A1 icmp router advertisement ICMP SMURF ATTACK icmp smurf attack DESCRIPTION This command is entered in the Firewall Attack Sub C...

Page 538: ...p land attack IP SOURCE ROUTING ip source routing DESCRIPTION This command is entered in the Firewall Attack Sub Configuration Mode Source routing is a technique whereby the sender of a packet can spe...

Page 539: ...ad to unauthorized remote root access to the systems behind a filtering router firewall After gaining root access and taking over existing terminal and login connections intruders can gain access to r...

Page 540: ...ize a disallowed packet might be passed because it didn t hit a match in the filter This can be avoided by including the above command with a specified minimum fragment size in the user defined attack...

Page 541: ...ystem crash This attack is prevented by use of the above command PARAMETERS None EXAMPLE ALU config firewall attack A1 ip zero length NO ALL no all This command is entered in the Firewall Attack Sub C...

Page 542: ...off debugging only for selected traffic NO DEFAULT no default stateless This command is entered in the Firewall Attack Sub Configuration Mode The no command disables all the default attacks configure...

Page 543: ...sed to delete all the policy rules NO RULE no rule 1 65535 This command is entered in the Firewall Policy Sub Configuration Mode This deletes only the rule in the firewall policy corresponding to the...

Page 544: ...s configured to drop all the attacks ALU config firewall P1 match m1 attack atk drop In the following example the attack object atk is configured to drop all the attacks and send acknowledgement such...

Page 545: ...nd is used to configure port scan attack for an attack object PARAMETERS DEFAULT The deafult is 5 packets in 1000 milliseconds EXAMPLE ALU config firewall attack A1 port scan RENUMBER renumber DESCRIP...

Page 546: ...DEFAULT VALUE None EXAMPLE The following syntax is used to view the details of attack A1 ALU show firewall attack A1 attack A1 udp port loopback 10 1000 udp flood 200 1000 tcp fin scan icmp ip address...

Page 547: ...used to view the attacks configured for the system default attack object PARAMETERS None EXAMPLE ALU show firewall attack system default attack system default udp port loopback 10 1000 udp flood 200 1...

Page 548: ...l policy PARAMETERS EXAMPLE To view the firewall policy details use the following syntax ALU show firewall policy P1 policy P1 10 match any dos attack P1 drop interface FastEthernet0 In SHOW FIREWALL...

Page 549: ...ESSION show firewall session DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command is used to view all the firewall sessions used by the system PARAMETERS None...

Page 550: ...Configuration Mode This command is used to view all the firewall sessions in a detailed format PARAMETERS EXAMPLE The following syntax is used to view the details of firewall session ALU config show f...

Page 551: ...he firewall sessions with respect to the protocol type PARAMETERS EXAMPLE The following syntax is used to view the details of firewall session with respect to ICMP protocol ALU config show firewall se...

Page 552: ...entered in the Super User Mode or Configuration Mode This command is used to view the firewall session details given the source address PARAMETERS EXAMPLE ALU config if FastEthernet0 show firewall ses...

Page 553: ...RS EXAMPLE ALU config if FastEthernet0 show firewall session source ip 10 91 1 108 ID 70 ICMP timeout 25 secs used by NAT Initiator 10 91 1 108 13 10 91 0 1 13 Responder 10 91 0 1 34416 10 91 1 108 34...

Page 554: ...lt attack prevention list PARAMETERS None EXAMPLE ALU config firewall attack A1 tcp fin scan TCP HEADER FRAG tcp header frag DESCRIPTION This command is entered in the Firewall Attack Sub Configuratio...

Page 555: ...st the end of the data This may cause some TCP IP implementations to become unstable or crash Some TCP IP implementations will hang when receiving many such frames PARAMETERS None EXAMPLE ALU config f...

Page 556: ...s entered in the Firewall Attack Sub Configuration Mode It has TCP packets with both SYN and FIN flag set causing a denial of service The above keyword is also turned on by default If you wish to disa...

Page 557: ...erflow by intentionally creating too many partially open connections Systems providing TCP based services to the Internet community may be unable to provide services while under this attack and for so...

Page 558: ...ack A TCP frame has been seen with a sequence number of zero and the FIN URG and PUSH bits all set To avoid this attack include the above command PARAMETERS None EXAMPLE ALU config firewall attack A1...

Page 559: ...p fraggle attack UDP PORT LOOPBACK udp port loopback threshold 1 4294967295 1 4294967295 DESCRIPTION This command is entered in the Firewall Attack Sub Configuration Mode A UDP packet travels between...

Page 560: ...b Configuration Mode This is an attempt to connect two services which if enabled will engage in an indefinite communication with each other This will cause many frames to be unnecessarily transmitted...

Page 561: ...3 15 00 4 15 2004 ALU config time range t2 periodic daily 08 00 00 to 19 00 00 ALU config time range t3 periodic weekly wednesday 10 00 00 to 13 30 00 Parameter Description absolute hh mm ss mm dd yyy...

Page 562: ...his command is used to view information of all the time range configured on the system or a specific time range PARAMETERS EXAMPLE If t1 is a schedule then to view the particulars in it use the follow...

Page 563: ...User Mode or Configuration Mode This command is used to clear the the ALG SIP statistics PARAMETERS None EXAMPLE ALU config clear firewall alg sip statistics SHOW FIREWALL ALG DNS DEBUG COUNTERS show...

Page 564: ...dns statistics Total DNAT Ordinary Queries 0 Total DNAT Inverse Queries 0 Total DNAT Ordinary Query Responses 0 Total DNAT Inverse Query Responses 0 Total non translated Packets 0 SHOW FIREWALL ALG FT...

Page 565: ...alg ftp statistics Total SNAT Port commands 0 Total DNAT Port commands 0 Total Filter Port commands 0 Total SNAT Pasv Response commands 0 Total DNAT Pasv Response commands 0 Total Filter Pasv Response...

Page 566: ...ne EXAMPLE ALU config show firewall alg rpc statistics Total SNAT RPC CALL Packets 0 Total DNAT RPC REPLY Packets 0 Total DNAT DUMP REPLY Packets 0 Total Pinholes created 0 Total Pinholes matched 0 To...

Page 567: ...al RTP sessions 0 Total RTCP sessions 0 Total RTP Pinholes created 0 Total RTP Pinholes matched 0 Total RTP Pinholes timed out 0 Total RTCP Pinholes created 0 Total RTCP Pinholes matched 0 Total RTCP...

Page 568: ...inholes created 2 Total RTP Pinholes freed 1 Total RTP Pinholes matched 1 Total RTP Pinholes timeout 0 Total RTCP Pinholes created 2 Total RTCP Pinholes freed 0 Total RTCP Pinholes matched 0 Total RTC...

Page 569: ...w firewall alg tftp statistics Total SNAT Write commands 0 Total DNAT Write commands 0 Total Filter Write Commands 0 Total SNAT Read Commands 0 Total DNAT Read Commands 0 Total Filter Read commands 0...

Page 570: ...ucent UDP ANY ANY SERVICE udp any any service dns nfs rpc portmap sip tftp DESCRIPTION This command is entered in the Match list mode This command is used to enable DNS NFS RPC Portmap TFTP or SIP ALG...

Page 571: ...mode Use this command to change the priority of a specific ALG rule configured PARAMETERS EXAMPLE The following example shows how to change the priority of an ALG rule ALU config customized service c...

Page 572: ...zed as FTP and the ALG is invoked accordingly The standard port invocation of ALG is also active here ALU config match list m1 ALU config match list m1 tcp any host 20 1 1 1 service 100 ALU config cus...

Page 573: ...None EXAMPLE ALU config clear firewall alg noe statistics CLEAR FIREWALL ALG NOE SUBADDRESS MAPPING clear firewall alg noe subaddress mapping phone ip address phone mac address DESCRIPTION This comman...

Page 574: ...in the customized service mode Use this command to define NOE TFTP traffic Note The match list configured should match the TFTP traffic PARAMETERS EXAMPLE ALU config match list m1 ALU config match lis...

Page 575: ...t range 32512 32520 SHOW FIREWALL ALG NOE DEBUG COUNTERS show firewall alg noe debug counters DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command is used to v...

Page 576: ...ode or Configuration Mode This command is used to view the NOE ALG statistics PARAMETERS None EXAMPLE ALU config show firewall alg noe statistics UA pinholes outstanding 0 UA sessions created 0 UA ses...

Page 577: ...view the NOE sub address mapping You can specify the IP address or the MAC address to view sub address mapping for a specific NOE phone PARAMETERS EXAMPLE ALU config show firewall alg noe subaddress...

Page 578: ...way CLI Command Reference Guide Alcatel Lucent UDP ANY ANY TYPE NOE udp any any type noe DESCRIPTION This command is entered in the match list mode Use this command to classify the NOE signalling traf...

Page 579: ...ax of the various commands needed to configure IPsec This chapter includes table of parameters default values and configuration examples for IPsec configurations as quick start and reference informati...

Page 580: ...ation type to be used during IKE negotiation PARAMETERS None DEFAULT VALUE If the authentication type is not explicitly configured by default pre shared is used EXAMPLE ALU config crypto ike policy P1...

Page 581: ...clear all the IPsec SAs or IPsec SAs corresponding to a specific SA index PARAMETERS EXAMPLE ALU clear crypto ipsec sa all ALU clear crypto ipsec sa 16 Note The sa index must be a valid sa index of a...

Page 582: ...o ca identity ALUCA CRYPTO CERTIFICATE DATABASE REFRESH crypto certificate database refresh DESCRIPTION This command is entered in the Configuration Mode This command adds the imported certificate or...

Page 583: ...RS EXAMPLE ALU config crypto certificate request req_Simpsom export ftp CRYPTO CERTIFICATE REQUEST GENERATE KEY NAME crypto certificate request name generate key name name ca name DESCRIPTION This com...

Page 584: ...t CRYPTO IKE DPD INTERVAL crypto ike dpd interval 5 3600 timeout 5 72000 DESCRIPTION This command is entered in the Configuration Mode This command configures the DPD globally with the interval in sec...

Page 585: ...Reference Guide CRYPTO IKE IDENTITY crypto ike identity name force DESCRIPTION This command is entered in the Configuration Mode This command configures an IKE identity Entering this command changes t...

Page 586: ...the form of a key string PARAMETERS DEFAULT VALUE There is no default pre shared authentication key EXAMPLE ALU config crypto ike key top_secret1612 peer 10 10 1 2 ALU config crypto ike key netsecret...

Page 587: ...Access 5510 Unified Services Gateway CLI Command Reference Guide CRYPTO IKE POLICY crypto ike policy name force DESCRIPTION This command is entered in the Configuration Mode This command configures an...

Page 588: ...encryption esp md5 aes256 encapsulation with MD5 and 256 bit AES encryption esp md5 des encapsulation with MD5 and 56 bit DES encryption esp sha1 3des encapsulation with SHA1 and three key Triple DES...

Page 589: ...ftp tftp scp DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command exports the RSA keys from OmniAccess 5510 AA AB USG If none of the optional arguments are use...

Page 590: ...mmand is entered in the Configuration Mode This command generates an RSA key pair PARAMETERS EXAMPLE ALU config crypto key generate rsa 1024 exampleKey The generated keys will be named examplekey star...

Page 591: ...e command Enter upto 80 characters on a line Enter a blank line to exit Currently SCP option is not supported PARAMETERS EXAMPLE ALU config crypto key import rsa testKey ftp CRYPTO NAT TRAVERSAL crypt...

Page 592: ...E The crypto map name can have a maximum of 32 characters PARAMETERS EXAMPLE ALU config crypto map exampleMap ipsec ike examplePolicy CRYPTO MAP MAP NAME crypto map map name DESCRIPTION Crypto map nee...

Page 593: ...nfiguration Mode This command imports trusted peer certificates into OmniAccess 5510 AA AB USG You also have an option to directly enter or paste the certificate after the command Enter upto 80 charac...

Page 594: ...red in the Configuration Mode This command deletes the specified peer certificate PARAMETERS EXAMPLE ALU config crypto peer certificate cert_Bouvier delete CRYPTO RSA KEY DELETE crypto rsa key name de...

Page 595: ...the Crypto Map Configuration Mode This command allows all connections associated with a crypto map to use a DPD policy that is different from the global policy PARAMETERS DEFAULT VALUE The default va...

Page 596: ...ntent fpkey file path ftp tftp http https scp DESCRIPTION This command is entered in the ca identity mode This command imports a CA certificate You also have an option to directly enter or paste the c...

Page 597: ...n the ca identity mode This command is used to import a CRL from a remote location You also have an option to directly enter or paste the CRL after the command Enter upto 80 characters on a line Enter...

Page 598: ...certificate signed by the CA from a remote location You also have an option to directly enter or paste the certificate after the command Enter upto 80 characters on a line Enter a blank line to exit N...

Page 599: ...lifetime has a default value of 28800 seconds There is no default value for IPsec SA lifetime in Kilobytes EXAMPLE ALU config crypto ike policy P1 ipsec security association lifetime kilobytes 5400 A...

Page 600: ...e PARAMETERS DEFAULT VALUE Lifetime has a default value of 28800 seconds There is no default value for lifetime in Kilobytes EXAMPLE ALU config crypto map exampleMap lifetime kilobytes 1005236 ALU con...

Page 601: ...tificate PARAMETERS EXAMPLE ALU config ike identity exampleidentity my ca CN ALU OU Certificate Authority C US MY CERT my cert name DESCRIPTION This command is entered in the IKE identity mode This co...

Page 602: ...CN Bart Simpson O ALU C US NO CRYPTO CRL CHECK STRICT no crypto crl check strict This command is entered in the Configuration Mode This command makes the CRL policy lenient NO CRYPTO IKE DPD no crypto...

Page 603: ...IDENTITY no ike identity This command is entered in the Crypto Map Configuration Mode This command detaches the specified IKE identity attached to a crypto map NO IPSEC SECURITY ASSOCIATION LIFETIME n...

Page 604: ...e crypto map is attached to an interface NO PFS no pfs If this command is entered in the IKE Policy Configuration Mode this command resets the PFS Group to its default If this command is entered in th...

Page 605: ...e This command deletes a transform set Note If a transform set is being used by any crypto map it is prohibited from deletion Hence the transform set must be first disabled from the crypto map and the...

Page 606: ...EXAMPLE ALU config ike identity exampleidentity peer ca CN ALU OU Certificate Authority C US PEER CERT peer cert name DESCRIPTION This command is entered in the ike identity mode This command specifi...

Page 607: ...pleidentity peer id user fqdn selma_bouvier alu com PFS pfs group1 group2 group5 DESCRIPTION This command when entered in the IKE Policy Configuration Mode configures a PFS group This command when ent...

Page 608: ...PARAMETERS DEFAULT VALUE Default proposal is md5 des EXAMPLE ALU config crypto ike policy P1 proposal md5 aes 128 SHOW CRYPTO show crypto DESCRIPTION This command is entered in the Super User Mode or...

Page 609: ...e seconds 28800 lifetime seconds 7200 pfs group5 authentication pre shared Policy in Use by 1 cryptomap s crypto ipsec transform set default esp md5 des esp sha1 des crypto ipsec transform set example...

Page 610: ...yption RSA Public Key 1024 bit Modulus 1024 bit 00 b2 bf d4 a9 46 f0 d3 38 3c 46 e1 52 0e e4 31 1c 0c 81 70 90 1a 95 dd 79 44 c6 e3 1b c6 a3 ec d7 d5 18 9e c2 d0 14 a3 8c 35 c0 34 e1 9f ff 2c ae fd 0e...

Page 611: ...KqpwbsUHxU4zI M5lw8obgQSxqYwn20 0M0CAwEAAaN6MHgwHQYDVR0OBBYEFAWY0iXTGBKhx0t6mNLYJXMra66xMEkGA1Ud IwRCMECAFAWY0iXTGBKhx0t6mNLYJXMra66xoSWkIzAhMRAwDgYDVQQDFAdDQV8w eDAxMQ0wCwYDVQQKEwROZXRkggEAMAwGA1UdE...

Page 612: ...Key 512 bit Modulus 512 bit 00 ba f3 af cf 09 49 f4 ef 13 df a7 e3 ee 28 32 b5 ef 06 e2 f8 c9 31 6d 44 44 81 d2 3f 49 82 c9 6b 5a d1 73 d0 7b af 3f 5e 82 34 15 54 49 a7 d3 5e 69 29 c4 72 57 25 6a ee...

Page 613: ...006 GMT Serial Number 02 Revocation Date Jan 9 11 46 16 2006 GMT Signature Algorithm md5WithRSAEncryption 45 6b da 5f 10 09 77 7c 16 1e a4 c2 aa b6 3c 04 d1 ca 4c bc 9c 74 07 a7 a4 8a 09 cc ad e0 8b 9...

Page 614: ...nly that IKE identity PARAMETER EXAMPLE ALU config show crypto ike identity crypto ike identity someOtherIdentity peer id fqdn www simpsons com my id DN CN CM Burns O ALU C IN my cert cert_Burns crypt...

Page 615: ...rypto ike key peer address DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command displays the details of the all the IKE keys configured or details of a specifi...

Page 616: ...me seconds 28800 lifetime seconds 86400 pfs group2 crypto ike policy ike1 proposal sha1 aes128 ipsec security association lifetime seconds 28800 lifetime seconds 86400 pfs group2 authentication pre sh...

Page 617: ...ays IPsec SA details the encryption and authentication algorithms used in negotiating SAs PARAMETER None EXAMPLE ALU show crypto ipsec sa Interface FastEthernet0 Crypto Map ALU Match m1 Peer 60 60 60...

Page 618: ...uration Mode This command displays all the Transform sets configured if the transform set name is not specified If the Transform set name is specified it displays the details of the specified transfor...

Page 619: ...n case no map name is specified all the crypto maps will be displayed ALU config show crypto map crypto map examplemap ipsec ike P1 peer 10 10 10 1 match m1 transform set default pfs group2 Applied to...

Page 620: ...g show crypto peer certificate cert_fred Certificate Data Version 3 0x2 Serial Number 0 0x0 Signature Algorithm md5WithRSAEncryption Issuer C US ST Bedrock CN Fred Flintstone emailAddress fred flintst...

Page 621: ...2 12 70 5f 00 e7 80 01 2c 8a da d5 e0 e5 ALU config show crypto peer certificate cert_fred pem BEGIN CERTIFICATE MIIC7DCCAlWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBeMQswCQYDVQQGEwJVUzEQ MA4GA1UECBMHQmVkcm9jaz...

Page 622: ...LENGTH exampleKey 512 key_Bruns 1024 ALU config show crypto rsa key exampleKey LENGTH 512 BEGIN RSA PRIVATE KEY MIIBOwIBAAJBALrzr88JSfTvE9 n4 4oMrXvBuL4yTFtRESB0j9JgslrWtFz0Huv P16CNBVUSafTXmkpxHJXJWr...

Page 623: ...gned cert cert_Simpson cert_Burn ALU config show crypto signed cert cert_Simpson Certificate Data Version 3 0x2 Serial Number 8 0x8 Signature Algorithm md5WithRSAEncryption Issuer CN CA_0x01 O ALU Val...

Page 624: ...3 02 ed c0 17 1e 72 be 7b fd 11 76 91 05 db ALU config show crypto signed cert cert_Simpson pem BEGIN CERTIFICATE MIICLTCCAZagAwIBAgIBCDANBgkqhkiG9w0BAQQFADAhMRAwDgYDVQQDFAdDQV8w eDAxMQ0wCwYDVQQKEwROZ...

Page 625: ...e Jan 18 2005 from line 0 Statlog Configuration logging on logging console debugging logging os messages informational logging buffered priority 7 logging buffered size 131072 service timestamps log i...

Page 626: ...group2 Policy in Use by 1 cryptomaps ipsec profiles crypto ipsec transform set ts1 esp md5 des crypto map examplemap ipsec ike P1 peer 10 10 10 1 match m1 transform set default pfs group2 Applied to...

Page 627: ...or this CSR if generated on OmniAccess 5510 AA AB USG PARAMETER EXAMPLE ALU config ca ALUCA subject name CN Bart Simpson O ALU C US TRANSFORM SET transform set name DESCRIPTION This command is entered...

Page 628: ...to configure an IPsec Profile PARAMETERS EXAMPLE ALU config crypto ipsec profile PF1 ALU ipsec profile PF1 IKE IDENTITY ike identity name DESCRIPTION This command is entered in the IPsec Profile Conf...

Page 629: ...gured IKE policy to an IPsec profile PARAMETERS DEFAULT VALUE If no IKE policy is attached to an IPsec profile default IKE policy is used EXAMPLE ALU ipsec profile PF1 ike policy IKE1 INTERFACE TUNNEL...

Page 630: ...ALU config if Tunnel1 ip address 20 20 20 20 24 IPSEC PROFILE ipsec profile profile name DESCRIPTION This command is entered in the Interface Configuration Mode This command is used to attach the con...

Page 631: ...tion Mode This command configures lifetime for an IPsec profile Use Kilobytes keyword to configure lifetime in kilobytes and use Seconds keyword to configure lifetime in seconds for a profile PARAMETE...

Page 632: ...EXAMPLE ALU config if Tunnel1 mode ipsec NO IKE IDENTITY no ike identity This command is entered in the IPsec Profile Configuration Mode The no command detaches the specified IKE identity attached to...

Page 633: ...s entered in the IPsec Profile Configuration Mode The no command disables PFS completely when entered in the IPsec Profile Configuration Mode NO SHUTDOWN no shutdown This command is entered in the Int...

Page 634: ...cent PFS pfs group1 group2 group5 DESCRIPTION This command is entered in the IPsec Profile Configuration Mode This command is used to attach a PFS group to an IPsec profile PARAMETERS DEFAULT VALUE If...

Page 635: ...r Configuration Mode This command displays the IPsec profile details PARAMETERS EXAMPLE ALU config show crypto ipsec profile crypto ipsec profile default ike policy default transform set default pfs g...

Page 636: ...atively bring down the tunnel interface PARAMETERS None EXAMPLE ALU config if Tunnel1 shutdown TRANSFORM SET transform set name DESCRIPTION This command is entered in the IPsec Profile Configuration M...

Page 637: ...he remote end PARAMETERS DEFAULT VALUE None EXAMPLE ALU config if Tunnel1 tunnel destination 2 2 2 3 TUNNEL SOURCE tunnel source ip address interface name DESCRIPTION This command is entered in the In...

Page 638: ...IP Security Virtual Private Network Left running head Chapter name automatic 610 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 639: ...s chapter documents the Command Line Interface CLI commands for Intrusion Detection Intrusion Prevention System IDS IPS on an interface This chapter includes table of parameters default values and con...

Page 640: ...r firewall intrusion snort statistics preprocessor back orifice http inspect rpc stream4 DESCRIPTION This command is entered in the Super User Mode or the Configuration Mode Use this command to clear...

Page 641: ...This command is entered in the Super User Mode or the Configuration Mode Use this command to clear group level Snort statistics PARAMETER EXAMPLE ALU clear firewall intrusion snort statistics rule all...

Page 642: ...on selector saddr ip address daddr ip address protocol number sport number dport number output permanent all detail level DESCRIPTION This command is entered in the Super User Mode or the Configuratio...

Page 643: ...This command is used to attach a firewall policy to which an intrusion sensor is attached to an interface in in or out direction PARAMETERS Note Firewall policy will take effect once it is attached to...

Page 644: ...PARAMETER EXAMPLE ALU config firewall ALU config firewall intrusion sensor sensor1 snort threshold 10 1000 ALU config firewall intrusion sensor sensor1 INTRUSION SNORT intrusion snort DESCRIPTION This...

Page 645: ...fig firewall policy1 1 match m1 intrusion sensor1 detection NO DEBUG TRACE FIREWALL INTRUSION SELECTOR no debug firewall session filter nat attack alg intrusion selector saddr ip address daddr ip addr...

Page 646: ...nsor if it is attached to a firewall policy Detach the sensor from the firewall policy before deleting it NO UPDATE no update passive rebuild This command is entered in the Intrusion Snort Configurati...

Page 647: ...firewall intrusion snort rollback 2 3 1 RULE DETECTION rule detection category name classtype name priority high low medium DESCRIPTION This command is entered in the Intrusion Snort Configuration Mod...

Page 648: ...enable category name classtype name priority high low medium sid 1 4294967295 DESCRIPTION This command is used in Intrusion Snort Configuration Mode Use this command to enable Snort rules by Snort Rul...

Page 649: ...METER EXAMPLE To modify the rule given below use the rule modify command Original rule alert tcp HOME_NET any EXTERNAL_NET any msg ATTACK RESPONSES directory listing flow from_server established conte...

Page 650: ...AMPLE ALU config firewall intrusion snort rule prevention category attack responses SHOW FIREWALL INTRUSION SENSOR show firewall intrusion sensor name DESCRIPTION This command is entered in the Super...

Page 651: ...ateway CLI Command Reference Guide SHOW FIREWALL INTRUSION SNORT ARCHIVES show firewall intrusion snort archives DESCRIPTION This command is entered in the Super User Mode or the Configuration Mode Us...

Page 652: ...hese rules are potentially bad ICMP traffic They include most of the ICMP scanning tools and other BAD ICMP traffic Such as redirect host Other ICMP rules are included in icmp info rules alert icmp EX...

Page 653: ...y HOME_NET any msg DOS Jolt attack dsize 408 fragbits M reference cve 1999 0345 classtype attempted dos sid 268 rev 4 alert udp EXTERNAL_NET any HOME_NET any msg DOS Teardrop attack fragbits M id 242...

Page 654: ...entered in the Super User Mode or the Configuration Mode Use this command to display the information of group of rules that are disabled PARAMETER EXAMPLE ALU show firewall intrusion snort rule disabl...

Page 655: ...NORT STATISTICS show firewall intrusion snort statistics interface name DESCRIPTION This command is entered in the Super User Mode or the Configuration Mode Use this command to display Snort statistic...

Page 656: ...d in the Super User Mode or the Configuration Mode Use this command to display statistics for a specific snort pre processor Note Currently preprocessor attacks of type rpc and stream4 is not supporte...

Page 657: ...iority high low medium DESCRIPTION This command is entered in the Super User Mode or the Configuration Mode This command is used to display Snort rule statistics PARAMETER EXAMPLE ALU show firewall in...

Page 658: ...to display the status of the snort signature database update PARAMETER EXAMPLE ALU show firewall intrusion snort update report SHOW FIREWALL POLICY show firewall policy name DESCRIPTION This command i...

Page 659: ...ent com It will internally verify the signature versions and download the latest signatures However if you want to use an in house HTTP server you need to copy the signature files and corresponding di...

Page 660: ...firewall intrusion snort update instant https https idsdl esd alcatel lucent com signature tar gz rebuild passive Downloads the latest signature database Changes will not come into effect even on nex...

Page 661: ...e Command Line Interface CLI commands for Generic Routing Encapsulation These commands are used to configure GRE on an interface This chapter includes table of parameters default values and configurat...

Page 662: ...alive interval is 10 seconds EXAMPLE ALU config gre keep alive interval 100 GRE KEEP ALIVE MAX TRIES gre keep alive max tries 1 100 DESCRIPTION This command is entered in the Configuration Mode This c...

Page 663: ...t tunnel is configured in GRE mode EXAMPLE ALU config interface Tunnel 7 ALU config if Tunnel7 IP ADDRESS ip address ip address subnet mask ip address prefix length DESCRIPTION This command is entered...

Page 664: ...ERVAL no gre keep alive interval 1 3600 This command is entered in the Configuration Mode This command resets the keepalive interval to its default The default keepalive interval is 10 seconds NO GRE...

Page 665: ...ntered in the Interface Configuration Mode The no command removes the configured source IP address of the tunnel SHUTDOWN shutdown DESCRIPTION This command is entered in the Interface Configuration Mo...

Page 666: ...e default DF BIT value is clear EXAMPLE ALU config if Tunnel7 tunnel df bit clear TUNNEL SOURCE tunnel source ip address interface name DESCRIPTION This command is entered in the Interface Configurati...

Page 667: ...lt DESCRIPTION This command is entered in the Interface Configuration Mode This command allows to resolve the tunnel source and tunnel destination from the specified VRF instead of the VRF associated...

Page 668: ...Generic Routing Encapsulation Left running head Chapter name automatic 640 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 669: ...eta Beta For final production import color definitions from daldoc01 docteam templates framemaker book template color defs production colors fm Do not import other template elements such as page layou...

Page 670: ...Left running head Chapter name automatic 642 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 671: ...erface CLI commands for Telephony Service feature on OmniAccess 5510 AA AB USG This chapter includes table of parameters default values and configuration examples for Telephony Service as quick start...

Page 672: ...ephony Service Configuration Mode This command terminates all the active calls PARAMETERS None DEFAULT VALUE None EXAMPLE ALU telephony service clear telephony active calls CLEAR TELEPHONY REGISTERED...

Page 673: ...removes the IP address of the call server and its priority NO TELEPHONY CALL FORWARD no telephony call forward busy noanswer unconditional This command is entered in the Telephony Service Configuratio...

Page 674: ...B USG as their server destination are forwarded to secondary if it is up If it is down calls are forwarded to higher priority call server primary call server which is up The same behavior applies to t...

Page 675: ...ommand is entered in the Telephony Service Configuration Mode This command is used to configure the interval in seconds at which the display messages is to be transmitted to the phones from the ROVR m...

Page 676: ...e configured retry after value will be considered only after getting the response for the keep alive Retry Count Retry After determines the time before the call servers are declared down PARAMETERS DE...

Page 677: ...isplays the details regarding the type interval and retry count for the keep alive message PARAMETERS None EXAMPLE ALU config show rovr keep alive message details keep_alive_message type is REGISTER k...

Page 678: ...ll details DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command displays the details of all the active calls caller and callee user name duration of the call a...

Page 679: ...LE ALU config show telephony config telephony identity address 3 3 3 50 name omni telephony enable rovr callserver address 100 0 0 10 priority 1 rovr callserver address 100 0 0 11 priority 2 rovr call...

Page 680: ...000 telephony address 3 3 3 50 SHOW TELEPHONY REGISTERED USERS show telephony registered users DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command displays th...

Page 681: ...PointIP SPIP_300 UA 2 1 3 0028 Expires 2008 11 27 12 54 42 User 3310 100 0 0 12 Contact sip 3310 3 3 3 101 Agent PolycomSoundPointIP SPIP_300 UA 2 1 3 0028 Expires 2008 11 27 12 56 44 User 3310 100 0...

Page 682: ...status Call Server 100 0 0 10 Priority 1 Status True Call Server 100 0 0 11 Priority 2 Status True Call Server 100 0 0 12 Priority 3 Status True Survivability Mode Enable Status InActive When primary...

Page 683: ...ephony Service Configuration Mode This command is used to configure call forward feature PARAMETERS DEFAULT VALUE None EXAMPLE ALU telephony service telephony call forward busy 100 Parameter Descripti...

Page 684: ...mand is entered in the Telephony Service Configuration Mode This command enables debugging of Telephony Service features PARAMETERS DEFAULT VALUE The default debug level is 0 EXAMPLE ALU telephony ser...

Page 685: ...tension digits call will be successful All other calls will be dropped ALU telephony service telephony default dialplan dest num pattern 0 9 3 2 In the following example only 6 digits call will be suc...

Page 686: ...he following example calls to phones having 3 characters followed by 2 digits will be successful All 4 digit and 5 digit calls will also be allowed ALU telephony service telephony default dialplan des...

Page 687: ...ERS None DEFAULT VALUE None EXAMPLE ALU telephony service telephony disable TELEPHONY ENABLE telephony enable DESCRIPTION This command is entered in the Telephony Service Configuration Mode This comma...

Page 688: ...nfiguring VRF is mandatory if the WAN link is associated to a VRF Supports single VRF configuration across voice feature The VRF being configured should be the one which is configured on the WAN link...

Page 689: ...calls to be allowed PARAMETERS DEFAULT VALUE None EXAMPLE ALU telephony service telephony maximum active calls 30 TELEPHONY MAXIMUM CALLS PER SECOND telephony maximum calls per second 0 10 DESCRIPTIO...

Page 690: ...ony maximum reg users 1 250 DESCRIPTION This command is entered in the Telephony Service Configuration Mode This command is used to configure the maximum number of users that can be registered PARAMET...

Page 691: ...red in the Telephony Service Configuration Mode This command is used to configure the IP address of the outbound proxy Note It is preferable to configure the IP address of the outbound proxy server on...

Page 692: ...s Gateway CLI Command Reference Guide Alcatel Lucent TELEPHONY SERVICE telephony service DESCRIPTION This command is entered in the Configuration Mode This command enters the Telephony Service Configu...

Page 693: ...dial plan rules PARAMETERS DEFAULT VALUE None Parameter Description destination number pattern Destination number pattern Note Destination number pattern is based on the PCRE standard The number patte...

Page 694: ...ss configured If above match fails it is checked against rule 2 of telephony user defined dialplan If the match is found then call will be forwarded to 2202 If all the above match fails it is checked...

Page 695: ...eta Beta For final production import color definitions from daldoc01 docteam templates framemaker book template color defs production colors fm Do not import other template elements such as page layou...

Page 696: ...Left running head Chapter name automatic 668 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 697: ...pter documents the Command Line Interface CLI commands for Quality of Service QoS This chapter includes table of parameters default values and configuration examples for QoS configurations as quick st...

Page 698: ...orwarding and expedited forwarding PARAMETERS None DEFAULT VALUE None EXAMPLE ALU config if atm0 auto qos diff serv AUTO QOS TEMPLATE auto qos template diff serv voip policy map name DESCRIPTION This...

Page 699: ...interface PARAMETERS None DEFAULT VALUE None EXAMPLE ALU config if atm0 auto qos voip BANDWIDTH bandwidth 101 70000000 percent 1 100 DESCRIPTION This command is entered in the class mode This command...

Page 700: ...mmand enters the Class sub configuration mode inside the Policy map mode Note If no rule is associated with a class map and if you try to configure a class on that class map a warning is displayed Exa...

Page 701: ...match any EXAMPLE ALU config class map C1 match all ALU config qos C1 To Configure a Rule for the Class map 1 65535 match all any match list name This command is used to configure rules associate mat...

Page 702: ...he QoS statistics on that particular interface PARAMETERS EXAMPLE ALU clear queuing statistics DESCRIPTION description line DESCRIPTION This command is entered in the Policy map Mode The description f...

Page 703: ...Access 5510 Unified Services Gateway CLI Command Reference Guide FAIR QUEUE fair queue DESCRIPTION This command is entered in the Class Mode This command is used to enable fair queue on the Default Cl...

Page 704: ...s entered in the Interface Configuration Mode This command disables Auto QoS Diff Serv on an interface NO AUTO QOS TEMPLATE no auto qos template diff serv voip policy map name This command is entered...

Page 705: ...p NO FAIR QUEUE no fair queue This command is entered in the Class Mode This command disables fair queue on the Default Class NO NETWORK CONTROL no network control This command is entered in the Class...

Page 706: ...ce values values This command is entered in the Class Mode This command disables the random detect on ip dscp and ip precedence The command also deletes all ip dscp ip precedence configuration or all...

Page 707: ...s command is entered in the Class Mode This command deletes a policy map as the child policy NO SHAPE no shape This command is entered in the Class Mode This command removes the configured shaping par...

Page 708: ...and is entered in the Class Mode This command sets the QoS traffic policing parameters on the traffic class This command is entered in the Class mode This command is used to apply policing on the traf...

Page 709: ...in the Configuration Mode This command is used to configure a policy map PARAMETERS DEFAULT VALUE None EXAMPLE ALU config policy map P1 ALU config qos P1 PRIORITY priority DESCRIPTION This command is...

Page 710: ...his command is entered in the Class Mode This command is used to set the traffic class as a priority class and configure bandwidth for the same Note You cannot mix the absolute bandwidth command with...

Page 711: ...tered in the Super User Mode or Configuration Mode This command is used to get the credits used for all the interfaces PARAMETERS None DEFAULT VALUE None EXAMPLE ALU config qos credits debug QOS PRECL...

Page 712: ...resh 50 750 max thresh 150 950 Use this command to change the default ip dscp based WRED values This command populates the WRED values but does not enable the features To enable this use the random de...

Page 713: ...VALUES FOR RANDOM DETECT IP DSCP Parameter Description ip dscp 0 63 min thresh 50 150 max thresh 150 750 This command configures the WRED parameters minimum threshold and maximum threshold for a part...

Page 714: ...90 10 8 30 90 10 9 30 90 10 10 100 150 10 11 30 90 10 12 75 150 10 13 30 90 10 14 50 150 10 15 30 90 10 16 30 90 10 17 30 90 10 18 100 150 10 19 30 90 10 20 75 150 10 21 30 90 10 22 50 150 10 23 30 9...

Page 715: ...30 90 10 36 75 150 10 37 30 90 10 38 50 150 10 39 30 90 10 40 30 90 10 41 30 90 10 42 30 90 10 43 30 90 10 44 30 90 10 45 30 90 10 46 125 150 10 47 30 90 10 48 30 90 10 49 30 90 10 50 30 90 10 51 30 9...

Page 716: ...ION This command is entered in the Interface Configuration Mode This command is used to attach a policy map to an interface either in ingress or egress direction Note An empty policy can be attached t...

Page 717: ...ild policy Note Direction parameter is not required here PARAMETERS DEFAULT VALUE None EXAMPLE Create policies p1 and p2 and configure traffic class c1 and c2 in each of the policy ALU conifg policy m...

Page 718: ...and is used to set IP Precedence IP DSCP ToS flags on the matched packet and 802 1p marking on the VLAN interface PARAMETERS DSCP MNEMONICS Parameter Description 0 63 DSCP value in the range 0 63 dscp...

Page 719: ...ide IP PRECEDENCE MNEMONICS TOS MNEMONICS DEFAULT VALUE None EXAMPLE ALU config qos P1 C1 set ip dscp af11 af22 20 af23 22 af31 26 af32 28 af33 30 af41 34 af42 36 af43 38 IP Precedence Mnemonics Value...

Page 720: ...0 DESCRIPTION This command is entered in the Class Mode This command sets QoS shaping parameters on the policy map s traffic class Note If shape is configured on a priority class the system gives a wa...

Page 721: ...0 random detect ip dscp af13 min threshold 100 max threshold 300 random detect ip dscp class autoqos class af2 match ip any any dscp af21 match ip any any dscp af22 match ip any any dscp af23 bandwidt...

Page 722: ...class autoqos class ef match ip any any dscp ef priority police committed rate 350000 committed burst 30000 exceed action drop violate action drop class class default fair queue ALU config show auto q...

Page 723: ...mmand Reference Guide SHOW CLASS MAP show class map name DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command shows all or specified class map along with its m...

Page 724: ...command is entered in the Super User Mode or Configuration Mode This command shows the details of all or specified policy map configured in the system PARAMETERS DEFAULT VALUE None EXAMPLE ALU show po...

Page 725: ...S EXAMPLE ALU config show random detect defaults ip dscp ip dscp Min Thresh Max Thresh Drop Probability be 50 150 10 af11 100 150 10 af12 75 150 10 af13 50 150 10 af21 100 150 10 af22 75 150 10 af23 5...

Page 726: ...cm_ef match any match any ml_ef 0 packets total 0 bytes total 0 packets transmitted 0 bytes transmitted 0 packets dropped 0 bytes dropped RED Class Random drops Tail drops Min Th Max Th Mark Prob be 0...

Page 727: ...LU show qos config class map c1 match any 1 match any m1 m2 class map c2 match any 1 match any m1 class map 3 match any class map c5 match any 3 match any m1 policy map p1 description p1 is the name o...

Page 728: ...where the QoS policy is attached The order of display of running config is as follows Match lists Class maps Policy maps Interfaces where the QoS policy is attached PARAMETERS None DEFAULT VALUE None...

Page 729: ...This command shows all the interfaces to which the QoS service policy is attached and the name direction of the policy PARAMETERS DEFAULT VALUE None EXAMPLE ALU config show queuing interface atm 0 in...

Page 730: ...AMETERS DEFAULT VALUE None EXAMPLE ALU config show queuing statistics interface FastEthernet0 service policy in t class class default Packets dropped 0 Packets dequeued 364 Bytes dequeued 48626 class...

Page 731: ...ued 0 Queue length Packets 0 class L2 network control Packets dropped 0 Packets dequeued 0 Bytes dequeued 0 Queue length Packets 0 TUNNEL tunnel Tunnel 0 14487 DESCRIPTION This command is entered in t...

Page 732: ...METERS DEFAULT VALUE None EXAMPLE ALU config pmap tunnel tunnel1 bandwidth percent 10 QUEUE LIMIT queue limit 10 1500 DESCRIPTION This command is entered in the Class Mode This command sets a queue li...

Page 733: ...Beta Beta For final production import color definitions from daldoc01 docteam templates framemaker book template color defs production colors fm Do not import other template elements such as page layo...

Page 734: ...Left running head Chapter name automatic 706 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 735: ...N PROTOCOL SERVER This chapter documents the Command Line Interface CLI commands for DHCP Server This chapter includes table of parameters default values and configuration examples for DHCP Server con...

Page 736: ...LUDE IP exclude ip ip address DESCRIPTION This command is entered in the DHCP Pool Configuration Mode This command is used to exclude an IP address from the pool The excluded address should exist with...

Page 737: ...Configuration Mode This command is used to statically bind an IP address with a hardware MAC address Note The IP address should exist within any of the configured network pools and should be configur...

Page 738: ...f name DESCRIPTION This command is entered in the Configuration Mode This command is used to configure the boot file for a host PARAMETERS DEFAULT VALUE None EXAMPLE ALU config ip dhcp option bootfile...

Page 739: ...s vrf vrf name DESCRIPTION This command is entered in the Configuration Mode This command is used to configure the DNS IP address to be used by the clients PARAMETERS DEFAULT VALUE None EXAMPLE ALU co...

Page 740: ...ESCRIPTION This command is entered in the Configuration Mode This command is used to configure the domain name to be used by the clients PARAMETERS DEFAULT VALUE None EXAMPLE ALU config ip dhcp option...

Page 741: ...red in the Configuration Mode This command is used to configure the time in seconds for which the clients can use the IP address assigned to them PARAMETERS DEFAULT VALUE None EXAMPLE ALU config ip dh...

Page 742: ...N This command is entered in the Configuration Mode This command is used to configure the MIT LCS UDP log server IP address to be used by the clients PARAMETERS DEFAULT VALUE None EXAMPLE ALU config i...

Page 743: ...is command is entered in the Configuration Mode This command is used to configure the IP address of the Network Time Protocol server to be used by the clients PARAMETERS DEFAULT VALUE None EXAMPLE ALU...

Page 744: ...TION This command is entered in the Configuration Mode This command is used to configure the router in the subnet for which the DHCP is configured PARAMETERS DEFAULT VALUE None EXAMPLE ALU config ip d...

Page 745: ...et mask vrf vrf name DESCRIPTION This command is entered in the Configuration Mode This command is used to configure the client s subnet mask PARAMETERS DEFAULT VALUE None EXAMPLE ALU config ip dhcp o...

Page 746: ...TION This command is entered in the Configuration Mode This command is used to configure the IP address domain name of the TFTP server PARAMETERS DEFAULT VALUE None EXAMPLE ALU config ip dhcp option t...

Page 747: ...T VALUE None EXAMPLE ALU config ip dhcp option time offset 100 OPTION BOOTFILE NAME option bootfile name file name DESCRIPTION This command is entered in the DHCP Pool Configuration Mode This command...

Page 748: ...IP address to be used by the clients PARAMETERS DEFAULT VALUE None EXAMPLE ALU config dhcp pool p1 option dns server 1 2 2 2 primary OPTION DOMAIN NAME option domain name name DESCRIPTION This comman...

Page 749: ...n use the IP address assigned to it PARAMETERS DEFAULT VALUE None EXAMPLE ALU config dhcp pool p1 option lease time 106400 OPTION LOG SERVER option log server ip address DESCRIPTION This command is en...

Page 750: ...ork Time Protocol server to be used by the clients PARAMETERS DEFAULT VALUE None EXAMPLE ALU config dhcp pool p1 option ntp server 1 1 1 1 OPTION ROUTERS option routers ip address DESCRIPTION This com...

Page 751: ...o configure the client s subnet mask PARAMETERS DEFAULT VALUE None EXAMPLE ALU config dhcp pool p1 option subnet mask 255 255 255 0 OPTION TFTP SERVER option tftp server string DESCRIPTION This comman...

Page 752: ...ce Guide Alcatel Lucent OPTION TIME OFFSET option time offset 1 315360000 DESCRIPTION This command is entered in the DHCP Pool Configuration Mode This command is used to determine the time variation f...

Page 753: ...n the Configuration Mode This command is used to configure a DHCP pool This command enters the DHCP pool sub configuration mode PARAMETERS DEFAULT VALUE None EXAMPLE ALU config ip dhcp pool p1 vrf alu...

Page 754: ...the DHCP Pool Configuration Mode Deletes the manual binding between the host and IP address specified for it NO IP DHCP OPTION BOOTFILE NAME no ip dhcp option bootfile name file name vrf vrf name Thi...

Page 755: ...me Protocol server NO IP DHCP OPTION ROUTERS no ip dhcp option routers ip address vrf vrf name This command is entered in the Configuration Mode Deletes the configured router in the subnet for which t...

Page 756: ...ON LOG SERVER no option log server ip address This command is entered in the DHCP Pool Configuration Mode Deletes the configured log server IP address NO OPTION NTP SERVER no option ntp server ip addr...

Page 757: ...ol Configuration Mode Deletes the configured time offset NO IP DHCP POOL no ip dhcp pool pool name This command is entered in the Configuration Mode Deletes a configured DHCP pool NO NETWORK no networ...

Page 758: ...he pool which are used to service DHCP requests from the clients Specification of range is mandatory for a network pool The range cannot include the network address and the broadcast address of the ne...

Page 759: ...ng DHCP service disables DHCP relay PARAMETERS DEFAULT VALUE By default DHCP service is disabled EXAMPLE ALU config service dhcp enable Service DHCP enabled successfully SERVICE DHCP DISABLE service d...

Page 760: ...ss Hardware Address Lease Expiration Type Pool 10 91 2 87 00 0f fe 3a 63 da Wed Jan 17 23 38 11 2007 DYNAMIC p1 203 196 196 74 00 0f ef 3b 63 de INFINITE MANUAL p2 ALU config show ip dhcp bindings dyn...

Page 761: ...RIPTION This command is entered in the Super User Mode or Configuration Mode This command shows all the DHCP global options configured PARAMETERS EXAMPLE ALU config show ip dhcp options Routers 1 1 1...

Page 762: ...me p2 Pool Host Address 1 2 3 66 Pool Host Mac Address 11 22 aa bb 55 ff Pool Name p1 Pool Network Number 1 2 3 0 Pool Network Mask 255 255 255 0 Number of leases 50 Pool Range 1 2 3 50 1 2 3 100 Boot...

Page 763: ...ference Guide SHOW IP DHCP SERVER STATISTICS show ip dhcp server statistics DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command shows the DHCP server statisti...

Page 764: ...DHCP Dynamic Host Configuration Protocol Server Left running head Chapter name automatic 736 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 765: ...nterface CLI commands for TFTP Server This chapter includes table of parameters default values and configuration examples for TFTP Server configurations as quick start and reference information In thi...

Page 766: ...ode This command is used to remove the file from the tftp file list If a file is removed from the tftp file list then all its aliases are also removed SHOW TFTP FILES show tftp files DESCRIPTION This...

Page 767: ...le the TFTP service on OmniAccess 5510 AA AB USG PARAMETERS DEFAULT VALUE By default the TFTP service is disabled EXAMPLE ALU config tftp server disable TFTP SERVER ENABLE tftp server enable DESCRIPTI...

Page 768: ...allowed for download through the TFTP server Using the alias keyword you can create an alias for the file You can then download the file through this alias instead of its actual path This could be use...

Page 769: ...FIGURATION PROTOCOL RELAY This chapter documents the Command Line Interface CLI commands for DHCP Relay This chapter includes table of parameters default values and configuration examples for DHCP Rel...

Page 770: ...e configured per interface PARAMETERS DEFAULT VALUE None EXAMPLE ALU config if FastEthernet0 ip dhcp relay 192 168 1 1 IP DHCP RELAY INTERFACE ip dhcp relay interface interface name DESCRIPTION This c...

Page 771: ...ERFACE no ip dhcp relay interface interface name This command is entered in the Interface Configuration Mode This command is used to disable the relay of DHCP requests to the specified interface SHOW...

Page 772: ...DHCP Dynamic Host Configuration Protocol Relay Left running head Chapter name automatic 744 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 773: ...CE CLIENT This chapter documents the Command Line Interface CLI commands for DNS Client This chapter includes table of parameters default values and configuration examples for DNS Client as quick star...

Page 774: ...LE ALU config clear host IP DOMAIN LIST ip domain list name DESCRIPTION This command is entered in the Configuration Mode This command is used to add domain names to the domain list These are the doma...

Page 775: ...s command is used to enable the system to query the name server s for name address translation PARAMETERS None DEFAULT VALUE By default domain lookup is enabled EXAMPLE ALU config ip domain lookup IP...

Page 776: ...ion Mode This command is used to configure the maximum time in seconds for which the dynamic host entries will be stored in DNS client cache Host entries will be stored for a time which is the minimum...

Page 777: ...nt You can add maximum of three name servers and specify the order of preference to them individually Primary Secondary Tertiary Primary is tried first then the Secondary and lastly Tertiary Secondary...

Page 778: ...nfiguration Mode This command is used to remove the default domain name NO IP HOST no ip host name ip address This command is entered in the Configuration Mode This command is used to remove a static...

Page 779: ...ookup www google com SHOW HOSTS show hosts DESCRIPTION This command is entered in the Super User Mode or Configuration Mode This command shows all the configuration parameters and all learned name add...

Page 780: ...DNS Domain Name Service Client Left running head Chapter name automatic 752 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 781: ...Beta Beta For final production import color definitions from daldoc01 docteam templates framemaker book template color defs production colors fm Do not import other template elements such as page layo...

Page 782: ...Left running head Chapter name automatic 754 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Page 783: ...his chapter documents the Command Line Interface CLI commands for License Manager This chapter includes tables of parameters default values and configuration examples for the license manager component...

Page 784: ...IR LICENSES dir licenses DESCRIPTION This command is entered in the Configuration Mode This command is used to view the list of license files present on the system This command displays the same infor...

Page 785: ...em to a given destination The backup file can be stored in the user area or fpkey front panel USB It can also be sent to a remote location using FTP or TFTP PARAMETERS EXAMPLE ALU config license backu...

Page 786: ...ndividual licenses present in the file If the file being installed already exists in the system then the following message is displayed ALU config license install user License name serial xml_org Lice...

Page 787: ...K1582151_VOICE txt from a remote location through TFTP and the file is installed successfully ALU config license install tftp Address name of remote host 4 4 4 9 Remote Port Enter for default Source...

Page 788: ...e licenses for all related features PARAMETERS EXAMPLE ALU config license remove K1582151_VOICE txt WARNING Removing a license will permanently delete it from the system You may wish to back it up bef...

Page 789: ...uper User Mode or Configuration Mode This command is used to view a list of all licensable features present on the OmniAccess 5510 AA AB USG The features shown require a license for their functioning...

Page 790: ...C is valid License K1582151_DATA txt Issued on Aug 13 08 13 01 2009 Chassis ID K1582151 Serial num 3 Details IP Security Encryption Attributes Name Value VALIDITY UNLIMITED 2 License for feature IDS U...

Page 791: ...Alcatel Lucent Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide 4 License for feature SBC ROR is valid License K1582151_VOICE txt Issued on Aug 13 08 13 01 2009 Chassis...

Page 792: ...License Manager Left running head Chapter name automatic 764 Beta Beta OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide Alcatel Lucent...

Reviews:

No comments

Related manuals for OmniAccess 5510 ADSL

Brand: Pathport Pages: 3

Brand: Wiznet Pages: 41

Brand: Soyal Pages: 4

Brand: Hitron Pages: 2

KONA ENTERPRISE T0007242

Brand: TEKTELIC Communications Pages: 15

Firebox SSL Core

Brand: Watchguard Pages: 20

Brand: Lauda Pages: 24

Brand: ZyXEL Communications Pages: 68

Brand: ZyXEL Communications Pages: 296

Brand: Advantech Pages: 42

Brand: Cooper Atkins Pages: 21

TotalStorage NAS Gateway 500

Brand: IBM Pages: 358

Brand: ViewSonic Pages: 53

Brand: TP-Link Pages: 5

Brand: Vanderbilt Pages: 5

Brand: ASTRO Pages: 28

Brand: RadiSys Pages: 198

Brand: Pakedge Device & Software Pages: 52

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands