r2.0 cem command reference

7/28/2019 R2.0 CEM Command Reference

1/485

NetSocket Cloud Experience Manager

Command Reference

Release 2.0


2/485

THE PRODUCT INFORMATION PRESENTED WITHIN THIS DOCUMENT IS SUBJECT TO CHANGE

WITHOUT NOTICE. ALL PRODUCT INFORMATION IS BELIEVED TO BE ACCURATE, BUT IS PROVIDED

WITHOUT WARRANTY OF ANY KIND, EXPRESSED OR IMPLIED. NETSOCKET, INC. ACCEPTS NO

RESPONSIBILITY FOR USERS SPECIFIC APPLICATION OF THE PRODUCT(S) FEATURED WITHIN THIS

DOCUMENT. NEITHER NETSOCKET, INC. NOR ITS SUPPLIERS SHALL BE LIABLE FOR DAMAGES OF

ANY KIND, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA OR REVENUE, ARISING FROM THE

USE OF THE FEATURED PRODUCT(S) AND ASSOCIATED INFORMATION PRESENTED WITHIN THIS

DOCUMENT.

NETSOCKET I NC., CONFID ENTIAL

THE INFORMATION CONTAINED IN THIS DOCUMENT IS THE PROPERTY OF NETSOCKET. EXCEPT AS

SPECIFICALLY AUTHORIZED IN WRITING BY NETSOCKET, THE HOLDER OF

THIS DOCUMENT SHALL KEEP THE INFORMATION CONTAINED HEREIN CONFIDENTIAL AND SHALL

PROTECT SAME IN WHOLE OR IN PART FROM DISCLOSURE AND DISSEMINATION

TO THIRD PARTIES AND USE SAME FOR EVALUATION, OPERATION AND MAINTENANCE PURPOSES

ONLY.

THE CONTENT OF THIS DOCUMENT IS PROVIDED FOR INFORMATION PURPOSES ONLY AND IS

SUBJECT TO MODIFICATION. IT DOES NOT CONSTITUTE ANY REPRESENTATION OR WARRANTY

FROM NETSOCKET AS TO THE CONTENT OR ACCURACY OF THE

INFORMATION CONTAINED HEREIN, INCLUDING BUT NOT LIMITED TO THE SUITABILITY AND

PERFORMANCES OF THE PRODUCT OR ITS INTENDED APPLICATION.

NetSocket 2012 - 20 13


3/485

NetSocket, Inc. - Proprietary and Confidential i

Table of Contents1 Introduction ................................................................................................................................ 1-1

1.1 About the Document ........................................................................................................ 1-11.2 Audience .......................................................................................................................... 1-11.3 How to Get Help .............................................................................................................. 1-11.4 Product Documentation ................................................................................................... 1-1

2 System Overview ...................................................................................................................... 2-22.1 ICE Correlation ................................................................................................................ 2-22.2 SVM ................................................................................................................................. 2-32.3 SVP .................................................................................................................................. 2-32.4 SVA .................................................................................................................................. 2-4

2.4.1 SVA Standard IP MOS Monitoring ...................................................................... 2-42.4.2 SVAA IP MOS Plus Analogue ............................................................................. 2-4

2.5 SVM Dashboard .............................................................................................................. 2-42.6 Calls, Sessions, and Media ............................................................................................. 2-5

3 Initial System Access ................................................................................................................ 3-13.1 1U Server ......................................................................................................................... 3-13.2 2U Server ......................................................................................................................... 3-23.3 CLI Access using the Default IP Address ........................................................................ 3-23.4 CLI Access using the Serial Ports ................................................................................... 3-3

3.4.1 System Serial Ports ............................................................................................. 3-33.4.2 Accessing the CLI from a Serial Port .................................................................. 3-4

3.5 CLI Access using a Monitor and Keyboard ..................................................................... 3-4 4 CLI Basics ................................................................................................................................. 4-1

4.1 Command Structure ........................................................................................................ 4-14.1.1 Command Classes .............................................................................................. 4-14.1.2 Command Modes ................................................................................................ 4-14.1.3 Command Syntax ................................................................................................ 4-3

4.2 CLI Fundamentals ........................................................................................................... 4-44.2.1 CLI Functions ...................................................................................................... 4-44.2.2 CLI Customization ............................................................................................... 4-7

5 CLI Command Definitions ......................................................................................................... 5-1


4/485

NetSocket, Inc. - Proprietary and Confidential 1-1

1 IntroductionThe NetSocket solution consists of the Service Visibility Manager (SVM), the Service VisibilityPoint (SVP), and the Service Visibility Analyzer (SVA). This document provides basicdescription of the SVM, SVP, and SVA, as well as a web-based Graphical User Interface (GUI)

called the SVM Dashboard.

1.1 About the Document

This Command and Configuration Guide describes the steps used to configure the CloudExperiem and defines the CLI commands used. A brief overview of the solution at thebeginning of the document is followed by configuration examples for the SVM, SVP, and SVA.The final section of the document gives the CLI command definitions used on the NetSocketproducts.

1.2 Audience

The Command and Configuration Guide is intended for the individuals tasked with the turn-upand configuration of the SVM, SVP, and SVA in the providers network.

1.3 How to Get Help

To receive technical support, contact NetSocket in one of the following ways:

NetSocket technical support e-mail address: [email protected]

Visit http://www.support.netsocket.com for additional information. Use your companys

login information to access the documentation.

1.4 Product Documentation

Following is the list of all documents included into the product documentation suite:

Software Release Notes

Installation Guide contains installation procedures.

User Guide contains description and explanation of the SVM, SVP, and SVA

functionality. The User Guide is intended for SVM Dashboard users.

Command and Configuration Guide contains CLI command definitions and configuration

examples.

SVM SNMP Reference contains information about NetSockets proprietary MIBs andSNMP Traps.


5/485

Introduction

1-2

2 System OverviewThe NetSocket Cloud Experience Manager (CEM) provides real-time IP service assurance forUnified Communications environments correlating real-time session (signaling), media(voice/video) streams and topology paths and events for Unified Communications applications.

The solution consists of three component types:

The Service Visibility Manager (SVM) is an element management system for the SVPsand SVAs. The SVM provides a web based GUI, called the SVM Dashboard, used tomonitor the NetSocket CEM.

The Service Visibility Point (SVP) is a server appliance that monitors the layer-3 IPnetwork and the layer-4 session signaling.

The Service Visibility Analyzer (SVA) is a server appliance that monitors and analyzesQuality of Experience (QoE) for media streams associated with the sessions monitoredby the SVP.

The NetSocket CEM works in a hierarchical model where one SVM monitors one or more SVPs

and an SVP can monitor zero or more SVAs. After the initial configuration, the user accessesand monitors the entire solution via the SVM Dashboard.

This chapter provides a functional overview of the SVM, the SVP and the SVA. The followingtopics are covered within this chapter:

IP Correlation Engine (ICE)

SVM

SVP

SVA

SVM Dashboard

2.1 ICE CorrelationAs the name suggests, this key technology automatically correlates the real-time state andchanges in the IP network to the individual sessions being carried through that network. Inreal-time, CEM calculates the exact hop-by-hop path of any session, and can identify whatnetwork or signaling event has impacted, or is impacting, that session. Further, this sameknowledge is used to proactively alert the service manager to changes in network configurationthat can impact the traffic on the network.

Unique aspects of the IP Correlation Engine include:

Works in real time to create a service assurance mashup, providing a dynamic "map" of

the network onto which media and application/service information is correlated. Monitors the network without imposing any burden on the deployed network nodes, such

as routers; it passively participates in the routed network using standard IP routing

protocols.

The results of the ICE correlation are presented in the Quality of Session Record (QSR).


6/485

Introduction

1-3

2.2 SVM

The Service Visibility Manager is a management node for the SVPs and SVAs deployed in anetwork. For each application, the SVM provides metrics applicable to that application. Inaddition, the SVM provides Fault, Configuration, Accounting, Performance, and Security(FCAPS) management for the SVPs deployed. The SVM receives operational information fromall the SVPs within the network, which is then displayed on the SVM Dashboard.

SNMP traps can be used to provide the operators NMS/OSS with SVM fault/alarm information.The SVM supports SNMP v1 and v2c for this purpose.

2.3 SVP

The Service Visibility Point monitors signaling traffic (i.e., sessions) in a routed IP network.SVPs collect signaling traffic from applications that terminate call processing signaling andcontrol streams. The CEM network stores information pertaining to these sessions, andprovides real-time and historical operational statistics for them. The SVP passively monitorssignaling information exchanged between signaling terminations points (e.g., call processingapplications, IP phones, VoIP gateways, SIP proxies and Session Border Controllers). Thedefinition of a signaling session is described below. In essence, a signaling session is bi-directional signaling information streamed between these signaling termination points andspans the time from the start of the signaling session to the end of that session. A call may (andprobably does!) consist of multiple signaling sessions

When used in a Microsoft Lync environment, the signaling monitoring function is performedby the Lync solution. Signaling information from Lync Front End servers is abstracted anddelivered to an SVP through the Lync Network Diagnostics (LND) API. The SVP captures thissignaling information and transforms it to signaling session information that is presented in theSVMs Dashboard in a similar format to that of signaling sessions monitored directly by the

SVP. This monitoring approach is required because the Lync signaling stream information is

encrypted. In addition to signaling session information, the LND API delivers quality ofexperience (QoE) information to the SVP related to the quality of the end-to-end media stream.This information can be used to supplement the QoE information delivered by the SVA.

The SVP also discovers network topology and status of available network resources by usingstandard IP routing protocols, such as OSPF and BGP, and by collecting information from themonitored routers using SNMP and CLI. Through BGP or OSPF polling, the SVP can construct,at any time, the hop-by-hop path taken by media streams from their source to their destination.For any call, the SVP can then precisely determine the calls source and destination endpoints,

the precise hop-by-hop path that the calls media streams takes from source to destinationendpoint and can exclude router service degradation events from those events by routersidentified as NOT being in the calls media path. All of this information is correlated by the SVPto the collected signaling and media sessions of the aggregate call.

As signaling stream sessions and media streams are established and released during a call,the SVP maintains operational metrics about each session. If these metrics deviate outside thenormal operational range (based on user defined thresholds), the SVP alerts the Operationsteam of potential problems and provides a list of affected sessions. This allows proactivemanagement of the network and can significantly reduce the Mean Time to Isolate (MTTI)during problem resolution.


7/485

Introduction

1-4

2.4 SVA

The Service Visibility Analyzer analyzes voice and video media streams associated with thesessions monitored by an SVP. Within a single, aggregate call, one or more media legs canexist between the source and destination endpoints that terminate the call s media, A mediasession is defined as any media (sequence of voice or video packets) stream that is terminatedbetween two media terminating endpoints (e.g., IP phone, Session Border Controller, VoIPgateway, conference bridge application, etc.). Multiple media sessions of a call can and do takedifferent paths through the routed network than the multiple signaling sessions of that samecall. SVAs capture media stream packets and perform calculations on the data contained withinthese media packets that yield Quality of Experience (QoE MOS scores, number of packetslost, jitter, media packet delay). The QoE calculated information is correlated in the SVP with itsspecific signaling session and presented in the SVM dashboard for analysis and diagnostics.

2.4.1 SVA Standard IP MOS Monitoring

The SVA Standard IP MOS Monitoring configuration analyzes RTP streams for degradationthat can be attributed directly to the IP network. The metrics are independently collected on

each monitoring interface. The SVA calculates interval metric values every 30 seconds and atthe end of the session. Cumulative metrics are also provided, which are calculated over theentire media session. It is important to note that the interval and cumulative metrics are doneindependently. The cumulative metrics are not averages of the interval metrics.

Cumulative metrics are also calculated separately for any Call Hold and Re-invite scenariosthat occur following call establishment.

2.4.2 SVAA IP MOS Plus Analogue

The Service Visibility Analysis (SVAA) application is specifically designed to monitor mediastreams for echo and other media stream service degradations introduced through eitheranalog-to-digital hybrid interfaces in the PSTN or acoustic echo service degradation

introduced through endpoints such as speaker phones. The SVA IP MOS Plus Analogue(SVAA) configuration analyzes both directions of the G.711 A-law and G.711 -law RTPstreams associated with a call. Therefore, unlike the standard configuration, RTP streams forall configured interfaces are analyzed as a whole. Duplication of streams across multipleinterfaces must be avoided so that accurate results can be calculated. In this configuration, theSVA reports the standard IP MOS monitoring metrics as well Signal to Noise and Echo. Thereporting of the standard IP MOS monitoring metrics is the same as described inSVAStandard IP MOS Monitoring. The Signal to Noise and Echo calculations are performed overa subset of the entire call according to the media analysis configuration command on the SVA.The results are reported as part of the cumulative IP MOS metrics.

2.5 SVM Dashboard

The SVM contains a web server to enable access to the SVM Dashboard using industrystandard web browsers such as Chrome, Firefox, and Internet Explorer. The Dashboard can beaccessed from any personal workstation within an operators network where the SVM isdeployed. It presents information about the SVM-monitored domain in an easily understood andmeaningful format and allows a user to run various searches and reports, while analyzing anetwork issue.

The SVM Dashboard presents information about SVPs, SVAs and the operators network in


8/485

Introduction

1-5

both tabular and graphical formats. There are two SVM dashboards graphical user interfaces(GUI) that can be used for operations. The legacy dashboard GUI is referred to as the orange

GUI. The newer GUI is referred to as the blue GUI. The blue GUI was developed to improveoperational workflows in a help desk environment.

2.6 Calls, Sessions, and Media

As explained in the preceding sections, the SVM and SVA monitor the signaling sessions andmedia streams respectively. To help you use and interpret the data available in the SVMDashboard, it is important to understand how and what the NetSocket CEM monitors.

The following figure illustrates the signaling traffic. A callis all sessions from a source end-pointto a destination end-point. A session is the signaling between two signaling termination points.In the figure, a call from the source computer to the destination computer includes 5 sessionsbetween the different end-points, such as computers, call managers, the session initiationprotocol (SIP) proxy, and the session border controller (SBC). An SVP can monitor one or more

of these sessions, but it might not monitor the call, or all of the sessions.

Figure 2-1 Signaling Session Structure

The media, or content, structure is shown in the following figure. The media (voice, video)streams are comprised of all voice or video packet streams that pass through media terminationpoints, which are the SBC and the source computer in the figure. A media legis the mediastream passing between two media points, such as the computers, SBC and routers that

terminate a media stream. It is important to recognize the distinction between a device thatterminates media (such as an IP phone or an SBC or a VoIP gateway) and a device thatforwards media such as a router or switch. In the example, the media has two legs, each ofwhich has three legs. An SVA can monitor one stream, which includes one or more media legs.


9/485

Introduction

1-6

Figure 2-2 Media Structure

The following shows an example implementation of an SVP and two SVAs. The SVP canmonitor four sessions, which in the example includes sessions 1, 2, 3, and 5. It does not

monitor the session between the SBC and the destination call manager. If a support staff founda session with an alert, he could use the Find Related Sessions query to search for the othermonitored sessions that were part of the same call.

Figure 2-3 Implementation of SVA and SVP

Similarly, the SVAs cannot monitor an entire media stream but can monitor the individual medialegs. In this example, SVA-DAL is connected to the DAL-CE2 router and monitors the mediastream exiting from the DAL-CE2 router. Similarly, SVA-NY is connected to the 03-NewYorkrouter and monitors the media stream from the destination end-point to the SBC.

The following figure shows an alternative configuration, in which a Lync Server is used with thesource end-point. The figure shows a hybrid environment with Lync and another call managersystem. The SVP receives quality of experience (QoE) and signaling data from the Lync server


10/485

Introduction

1-7

using the LND API through the SVPs management interface, not a monitoring port. The Lyncserver provides QoE media data for the encrypted Lync sessions, and the Lync clientapplications function similarly to SVAs by providing the QoE data for the inbound media streamto the Lync client. The SVP collects data from other sessions that are not Lync encrypted.

Figure 2-4 SVP and SVA Configuration with Lync

In the QSR window, the source-to-destination and destination-to-source metrics include datafrom all monitoring points in the media stream, which includes each router or switch connectedto an SVA and each Lync client endpoint. For example, in the following figure, the QSR windowshows two columns of destination-to-source data. One SVA (DAL-SVA-CE1) retrieves anddisplays data from a router, shown as 1 in the figure. Another SVA (DAL-SVA-CE2) gets data

from another router, marked as 2 in the figure. If a Lync server were used (as in Figure 2-4), itsdata would be presented in a separate column as Endpoint Statistics.


11/485

Introduction

1-8

1 2


12/485


3 Initial System AccessThe SVM, SVP, and SVA systems are delivered with the NetSocket software installed but willneed to be configured before they are placed in service. The systems are configured using acommand line interface (CLI) which is typically accessed via SSH or Telnet using the IP

address assigned to the management interface. However, during the initial configuration thisinterface will not have an IP address that is accessible on the management network. Thefollowing sections describe how to access the CLI using the default IP address, the serial ports,and a monitor and keyboard. The figures and table below show the connection points used toaccess the CLI using these three methods.

3.1 1U Server

Figure 3-1 - 1U Server Rear Panel Connection Points

Table 3-1 2U Server CLI Access Connection Points

Letter Location Description

A Rear Panel Serial port

B Rear Panel VGA connector

C Rear Panel USB ports

D Rear Panel Management interface (nnet0)


13/485

Initial System Access


3.2 2U Server

Figure 3-2 U2 Server Front Panel Connection Points

Figure 3-3 U2 Server Rear Panel Connection Points

Table 3-2 2U Server CLI Access Connection Points

Letter Location Description

A Front Panel Serial port

B Front Panel USB port

C Rear Panel Serial port

D Rear Panel VGA connector

E Rear Panel USB ports

F Rear Panel Management interface (nnet0)

3.3 CLI Access using the Default IP Address

The NetSocket systems ship with a default IP address of 192.168.0.1 and network mask of255.255.255.0 configured on the management interface. To access the CLI using the default

IP address, connect a PC or laptop directly to the management port using an Ethernet cable.The network interface on the PC or laptop should be configured with a static IP address of192.168.0.2 and a network mask of 255.255.255.0. Once this interface has been configuredthe system will be reachable via SSH or Telnet using the IP address 192.168.0.1.

Opening an SSH or Telnet connection to the default IP address will display the CLI loginprompt. The default login credentials are username admin and password adminn.


14/485



3.4 CLI Access using the Serial Ports

3.4.1 System Serial Ports

The 1U servers have a single serial port located on the rear panel. The 2U servers have two

serial ports; one on the front panel and one at the rear panel. Connections can be made toeither the front or the rear port. However, if the front panel serial port is used the rear serialport is deactivated. Both ports cannot be used at the same time. The serial ports have 8-pinRJ-45 connectors.

The table below lists the pinout for the front and back panel serial port connectors.

Table 3-3 - Serial Port Pinout

Pin Signal

1 RTS (Request to Send)

2 DTR (Data Terminal Ready)

3 TXD (Transmit Data)

4 GND

5 RIA (Ring Indicator)

6 RXD (Receive Data)

7 DSR/DCD (Data set Ready / Data Carrier Detect

8 CTS (Clear to Send)

To connect a PC to the system a RJ-45 to DB-9 adapter will be required. The pinout for thisadapter is provided in the table below.

Table 3-4 - RJ-45 to DB-9 Adapter Pinout

SVM/SVP/SVA RJ-45 Serial Port PC DB-9 Serial PortSignal Pin Pin Signal

RTS 1 8 CTS

DTR 2 6 DSR

TXD 3 2 RXD

GND 4 5 GND

RIA 5 5 GND

RXD 6 3 TXD

DSR/DCD 7 4 DTR

CTS 8 7 RTS

The serial port on the NetSocket servers has the same pinouts as Cisco routers and switches.Therefore, console cables that can be used to connect to a Cisco device may also be used toconnect to a NetSocket server. Note that the NetSocket serial port uses a higher baud ratethan Cisco devices as shown in the table below.


15/485



The following table provides the terminal settings used to connect to the serial ports.

Table 3-5 - Serial Port Terminal Settings

Setting Value

Baud Rate 115200

Data Bits 8

Parity None

Stop Bits 1

Flow Control RTS/CTS

3.4.2 Accessing the CLI from a Serial Port

After connecting to one of the serial ports, pressing the enter key will cause the system shelllogin prompt to be displayed. The default login credentials are username admin and passwordadminn. Once the shell prompt (%) is displayed, type cli to enter the CLI. The defaultusername and password are also used to login to the CLI. At the initial CLI prompt (>) type

enable to enter enable mode.

By default, the console uses a terminal length of 25 lines. If you are using a terminal windowwith more than 25 lines, you will need to set the terminal length so the paging behavesproperly. This can be accomplished using the terminal length CLI command.

3.5 CLI Access using a Monitor and Keyboard

The CLI can also be accessed using a monitor and USB keyboard. The monitor should beconnected to the VGA connector on the rear panel. The USB keyboard can be connected toany of the USB connectors on the front or rear panels.

After the keyboard is connected, pressing the enter key will cause the CLI login prompt to bedisplayed. The default login credentials are username admin and password adminn. At theinitial CLI prompt (>) type enable to enter enable mode.


16/485

4-1NetSocket, Inc. - Proprietary and Confidential

4 CLI BasicsThis chapter provides information about the Command Line Interface (CLI) used to provisionthe NetSocket SVP, SVA, and SVM.

4.1 Command Structure

In its basic form, a CLI command can be thought of as a single-word command followed bypossible mandatory or optional keywords and arguments. However, when forming names ofCLI commands for documentation purposes, the single-word command is often combined withmandatory keyword choices to produce one or more commands. For example, the show alarmsand show aliases CLI commands are documented as two separate commands instead of asingle show command with alarms and aliases as keyword choices. This breakdown of largecommands into smaller units is done so that the resulting commands can be more effectivelylocated and understood by the user of the documentation.

4.1.1 Command Classes

The CLI command set is comprised of three classes of commands: Configuration, Monitoring,and Operations.

The Configuration class of commands includes all commands that allow a user to create,

modify, or delete persistent configuration information within the SVP, SVA, and SVM.

Configuration commands are available within various configuration command modes.

The Monitoring class of commands includes all commands that allow a user to retrieve

configuration and status information from the system. Monitoring commands are available

entirely within the EXEC command mode.

The Operations class of commands includes all commands that allow a user to initiate

specific functions of the system, but not to change any configuration information.Operations commands are available entirely within the EXEC command mode.

4.1.2 Command Modes

The CLI contains a hierarchical structure for accessing commands. Sets of commands areavailable within different command modes located at various levels within the hierarchicalstructure. The left column of the following table lists the names of all supported commandmodes. For configuration command modes that vary the set of commands available dependingupon the type of object being configured, a command mode qualifier is also specified as part ofthe command mode. The command mode qualifier is simply the name for the type of objectbeing configured, enclosed within parentheses.

By default, the CLI prompt indicates the current command mode. The right column lists the CLIdefault prompt values for each command mode. The contents of the CLI prompt can becustomized using the prompt command.


17/485

CLI Basics


Table 4-1 - Command Modes and Prompts

Command Mode Prompt

User EXEC Router>

Privileged EXEC Router#

Global Configuration Router(config)#

Address Family Configuration (at-type) Router(config-router-af)#

Flow Aggregation Cache Configuration Router(config-flow-cache)#

Interface Configuration (entity-type) Router(config-if)#

IP Extended Access-List Configuration Router(config-ext-nacl)#

IP Standard Access-List Configuration Router(config-std-nacl)#

Route-Map Assign Router(route-map-assign)#

Route-Map Configuration Router(config-route-map)#

Router Configuration (protocol) Router(config-router)#

Session-Thresholds Router(config- session-threshold)

Subinterface Configuration (entity-type) Router(config-subif)#

Traceoptions Configuration Router(config-traceoptions)#

Topology Map Router (config-topology-map)#

Topology Map Router Router (config-topology-map-router)#

When establishing a connection with the CLI, the user is placed in the EXEC command mode.The EXEC command mode has 16 possible privilege levels (ranging from 0 to 15), but bydefault, the user starts at privilege level 1, or the User level. When at the User level, the EXECcommand mode is referred to as the User EXEC Mode. The User EXEC Mode has a limited setof commands made available to the user.

To gain access to additional commands at a higher privilege level, the user enters the enablecommand (followed by a password if configured). As an initial system default, all commands notavailable at the User level are available at privilege level 15, referred to as the Privileged

level. When at the Privileged level, the EXEC command mode is referred to as the PrivilegedEXEC Mode. Once the user is in the Privileged EXEC Mode, all other command modes areaccessible.

The Global Configuration Mode can be used to configure items that are of a non-specific

nature. From the Privileged EXEC Mode, the user enters the configure command to move tothe Global Configuration Mode. From the Global Configuration Mode, a number of specificconfiguration modes can also be reached by entering the specific configuration mode entrycommand. For example, the Controller Configuration Mode can be reached from the GlobalConfiguration Mode by entering controller (followed by a controller entity-name).

By using a small set of commands, a user can move from one command mode to another. Fora complete list of all mode navigation commands, see the following table.


18/485

CLI Basics


Table 4-2 - Mode Navigation Commands

From I To Command

from EXEC to User EXEC (creates a new

session)

login

from User EXEC to Privileged EXEC enable

from Privileged EXEC to User EXEC

(creates a new session)

login

from Privileged EXEC to Global

Configuration

configure

from Global Configuration to any

configuration mode

specific configuration mode entry command

from any configuration mode to Global

Configuration

any Global Configuration command

from any configuration mode to back onemode

exit (config)

from any configuration mode to Privileged

EXEC

end

from Privileged EXEC to User EXEC disable (EXEC)

from any EXEC mode to log off router exit (EXEC) or logout

4.1.3 Command Syntax

As an aid in conveying CLI syntax requirements, command syntax conventions have beenadopted within the command documentation. These syntax conventions are summarizedbelow.

Table 4-3 - Syntax Conventions

Syntax Convention Description

bold Bold indicates keywords input exactly as shown

italics Italic type indicates arguments that must be supplied by the user

output Non-proportional font indicates output from the router

In Progress ... Output message indicates the entered command is in progress

a Nothing indicates required keyword, argument, or combination

[a] Brackets indicate optional keyword, argument, or combination

... I * Ellipsis, pipe, and asterisk indicate operators of an expression

[a]... Brackets followed by an ellipsis indicate optional one or more unique

instances of an argument, expression, or combination


19/485

CLI Basics


{a}... Braces followed by an ellipsis indicate required one or more unique

instances of an argument, expression, or combination

[a I b] Brackets separated by one or more pipes indicate optional choice of

a keyword, argument, expression, or combination

{a I b} Braces separated by one or more pipes indicate required choice of a keyword, argument, expression, or combination

*[a I b] Brackets preceded by an asterisk and separated by one or more

pipes indicate optional one or more non-ordered choices of a

keyword, argument, expression, or combination

*{a I b} Braces preceded by an asterisk and separated by one or more pipes

indicate required one or more non-ordered choices of a keyword,

argument, expression, or combination

4.2 CLI Fundamentals4.2.1 CLI Functions

The CLI allows unique abbreviations to be substituted within commands in place of fullyentered keywords (and certain arguments). This function is merely a time-saving feature to beused or not used by preference of the user.

The CLI provides command-line help functions to assist the user in forming valid commandinput. The following table summarizes the available command-line help functions and how toaccess them. Note that help is only offered for the commands that are valid within the currentcommand mode.

Table 4-4 - Command-Line Help

Help Function How to Access

Show command-line help information Type help and then the enter key

Show a list of all available commands Type ?

Show commands starting with given input Type ? after entering input

Show available keywords and arguments Type a command, a space, and then ?

Auto-complete command or keyword Type first letter(s) and then the tab key

The CLI provides a set of command-line editing functions. These functions are invoked by

special key combinations. A list of these key combinations and corresponding functions isshown below. Note that a dash (-) means two keys must be pressed at the same time.


20/485

CLI Basics


Table 4-5 - Command-Line Editing

Key Combination Function

Ctrl-a Move cursor to the start of the line being edited

{Ctrl-b I lt arrow} Move cursor backward one character (to the left)

Ctrl-e Move cursor to the end of the line being edited

{Ctrl-f I rt arrow} Move cursor forward one character (to the right)

{del I backspace} Delete character to the left of the cursor

Ctrl-d Delete character directly under cursor

Ctrl-k Delete characters from the cursor to the end of the line being edited

{Ctrl-u I Ctrl-x} Delete characters from the cursor to the start of the line being edited

Ctrl-w Delete entire word to the left of the cursor

Ctrl-t Transpose character under the cursor with the character to the left

{Ctrl-p I up arrow} Display older command within the command history buffer

{Ctrl-n I dn arrow} Display newer command within the command history buffer

The CLI provides the capability within all show commands to filter out certain lines in the outputbased on matching a regular expression string. By simply appending the output modifier syntaxshown in the following table to the normal show command syntax, the corresponding filterfunction can be applied. Note that the reg-exp (regular expression) argument of the outputmodifier syntax is case sensitive.

If the regular expression string includes one or more spaces to be used in the filtering criteria,parentheses must be used as delimiters.

Table 4-6 - Show Output Filtering

Output Modifier Function

I begin reg-exp Display show output beginning at line matched by reg-exp string

I include reg-exp Display show output including all lines matched by reg-exp string

I exclude reg-exp Display show output excluding all lines matched by reg-exp string

The CLI provides the capability to enter and display numeric constants using multiple formatsbased on special prefixes applied to the constant. The following table shows the prefixesunderstood by the CLI and the corresponding meaning.

Table 4-7 - Numeric Constant Prefixes

Prefix Meaning

(none) Numeric constant is interpreted as decimal (base 10)

0 Numeric constant is interpreted as octal (base 8)

0x Numeric constant is interpreted as hexadecimal (base 16)


21/485

CLI Basics


While displaying output that exceeds the length of a single display screen, the CLI provides apaging capability that allows entry of various paging-related commands. These CLI pagingcommands are listed below.

Table 4-8 - Paging Commands

Command Function:help Display paging command help[n] {f I Ctrl-f I space} Forward n lines, default one screen[n] {b I Ctrl-b} Backward n lines, default one screen[n] {j I cr} Forward n lines, default one line[n] k Backward n lines, default one line[n] {d I Ctrl-d} Forward n lines, default half screen or last n[n] {u I Ctrl-u} Backward n lines, default half screen or last n[n] g Go to line n, default line 1{r I Ctrl-l} Repaint screen[n] Ipattern Search forward fornth line containing the pattern[n] I!pattern Search forward fornth line not containing the pattern[n] ?pattern Search backward fornth line containing the pattern[n] ?!pattern Search backward fornth line not containing the pattern[n] n Repeat previous search (for nth occurrence)[n] N Repeat previous search other direction (for nth occurrence){= I Ctrl-g} Display current status{q I :q I ZZ} Exit

Finally, the CLI provides many powerful utilities that can be accessed by the user. These CLIutilities are listed below.

Table 4-9 - Utility Commands

Command Utility

send Sends an asynchronous user message to another user

telnet Opens a telnet connection with a remote host

wall Sends an asynchronous user message to all users


22/485

CLI Basics


4.2.2 CLI Customization

Some aspects of the CLI can be modified to accommodate the individual needs of the user.The CLI commands and corresponding functions that provide this level of CLI customization arelisted below.

Table 4-10 - CLI Customization Commands

Command Function

alias Sets a command alias to be used instead of an original command

banner enable Sets a message to display upon enabling to a new privilege level

banner exec Sets a message to display after user login

banner login Sets a message to display before user login

banner motd Sets a message of the day (MOTD) message

enable password Sets a password to control access to a specified privilege level

exec-banner Enables both the EXEC and message of the day (MOTD) banners

exec-timeout Sets the EXEC time-out period

motd-banner Enables the message of the day (MOTD) banner

privilege level Assigns a privilege level to a command

prompt Enables a custom prompt string to be configured

terminal history Enables the command history feature or sets the command buffer

size

terminal length Sets the number of display lines per screen

terminal monitor Enables output of debug and error messages

terminal width Sets the number of characters per display line


23/485


5 CLI Command Definitions

aaa accounting commands

Enables AAA accounting for commands at a specified privilege level. The no form of thiscommand disables this function (default).

Syntax

aaa accounting commandslevel

no aaa accounting commands[level]

Parameters

Parameter Description Type/Range

level Privilege level, 1 usuallyindicates the EXEC mode

and 15 (default) usually

indicates the Privileged

EXEC Mode.

1 to 15

Mode

Global Configuration

aaa accounting execEnables AAA accounting for an EXEC session. The no form of this command disables thisfunction (default).

Syntax

aaa accounting exec default {none | radius | start-stop | stop-only} tacacs+

no aaa accounting exec default [[none | radius | start-stop | stop-only] tacacs+]

Parameters

Parameter Description

none Disables accounting services for this (tty)

line

radius Include the RADIUS servers methods.

start-stop Sends an accounting notice when a process

starts and ends.


24/485

CLI Command Definitions


stop-only Sends an accounting notice only when a

process ends.

tacacs+ Include the TACACS+ method.

Mode


aaa accounting system

Enables AAA accounting for non-user, system level events. The no form of this commanddisables this function (default).

Syntax

aaa accounting system default {none | start-stop | stop-only} tacacs+

no aaa accounting system default [[none | start-stop | stop-only] tacacs+]

Parameters


none Disables accounting services for this (tty)

line

start-stop Sends an accounting notice when a process

starts and ends.

stop-only Sends an accounting notice only when a

process ends.

tacacs+ Include the TACACS+ method.

Mode


aaa authentication login

Creates the default AAA authentication method list. The no form of this command deletes the

default AAA authentication method list (default).

Syntax

aaa authentication login default *{local | radius | tacacs+}

no aaa authentication login default *[local | radius | tacacs+]


25/485



Parameters


default Use the list of authentication methods that

follow to create the default list.

local Include the local user name database

method.

radius Include the RADIUS servers method.

tacacs+ Include the TACACS+ servers method.

Mode


Guidel ines

If the default login AAA authentication method list does not exist, the local user name databaseis used as the default login AAA authentication method list.

aaa authorization commands

Creates an AAA authorization method list for commands at a specified privilege level. The noform of this command removes the authorization method list (default).

Syntax

aaa authorization commands leveldefault *{local | tacacs+}

no aaa authorization commands [level] default *[local | tacacs+]

Parameters


level Privilege level, 1 usually

indicates the EXEC mode

and 15 (default) usually

indicates the PrivilegedEXEC Mode.

1 to 15

default Use the list of authorization

methods that follow to

create the default list.

local Include the local user

name database method.


26/485



tacacs+ Include the TACACS+

servers method.

Mode


aaa authorization config-commands

Enables AAA configuration command authorization method for all global-config commands.The no form of this command disables this function.

Syntax

aaa authorization config-commands

no aaa authorization config-commands

Mode


aaa authorization exec

Creates the default EXEC shell AAA authorization method list. The no form of this commanddeletes the default EXEC shell AAA authorization method list (default).

Syntax

aaa authorization exec default *{local | radius | tacacs+}

no aaa authorization exec default *[local | radius | tacacs+]

Parameters


default Use the list of authorization methods that

follow to create the default list.

local Include the local user name database

method.

radius Include the RADIUS servers method.

tacacs+ Include the TACACS+ servers method.

Mode


27/485



Global Confguration

Guidel ines

If the default EXEC shell AAA authorization method list does not exist, the local user namedatabase is used as the default EXEC shell AAA authorization method list.

aar

Average Active Registrations (AAR) is an average number of active registrations. Thecommand replaces the existing settings for the intervals specified. This alert can be used if aknown minimum number of registrations is expected. The no form of the command with noarguments disables the AAR alert for all time intervals. The no form of the command with asingle interval, regardless of set/clear threshold value, will disable the AAR alert for that timeinterval.

This command enables generation of alerts to the SVM and traps to the NMS. The setthreshold must be less than or equal to the clear threshold.

Syntax

aar {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

no aar {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

Parameters

Parameter Description Type/Range Default

interval1 set/clear thresholds forfirst interval of the day.

None

interval2 set/clear thresholds for

second interval of the day.

None


third interval of the day.

None


fourth interval of the day.

None

set If number of active tunnels

is less than this value,

alert will set.

0 to 300,000 where

00 implies off.

0

clear If number of active tunnels

is greater than or equal to

this value, alert will clear.

00 to 300,000 0

Mode

Session thresholds configuration


28/485



aat

Average Active Tunnels (AAT) is an average number of active tunnels. This alert can be used ifa known minimum number of tunnels expected. The command replaces the existing settings forthe intervals specified. The no form of the command with no arguments disables the AAT alertfor all time intervals. The no form of the command with a single interval, regardless of set/clearthreshold value, will disable the AAT alert for that time interval.

This command enables generation of alerts to the SVM and traps to the NMS. The setthreshold must be less than or equal to the clear threshold.

Syntax

aat {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

no aat {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

Parameters



first interval of the day.

None



None

interval3 set/clear thresholds forthird interval of the day.

None



None

set If number of active tunnels

is less than this value,

alert will set.

0 to 300,000 where

00 implies off.

0

clear If number of active tunnels

is greater than or equal to

this value, alert will clear.

00 to 300,000 0

Mode


access-list (extended)


29/485



Creates an extended access-list. If no sequence number or matching clause is specified, the noform of this command deletes the entire access-list; otherwise, only the access-list clausespecified by the sequence number and/or matching clause is deleted.

Syntax

access-listaccess-list-id[seqsequence-number] {{deny | permit} {protocol| ip} {source-ipaddress source-wildmask| any | hostsource-ip-address} {dest-ip-address dest-wildmask|any | hostdest-ip-address} *[dscpdscp-value | precedenceprecedence-value | tos tos-value| {log | log-input} | fragments] | remarkstring} [class-mapclass-map-name]

no access-listaccess-list-id[seqsequence-number] [{deny | permit} {protocol| ip} {source-ipaddress source-wildmask| any | hostsource-ip-address} {dest-ip-address dest-wildmask|any | hostdest-ip-address} *[dscpdscp-value | precedenceprecedence-value | tostos-value| {log | log-input} | fragments] | remarkstring] [class-mapclass-map-name]

Parameters


access-list-id Alphanumeric name string (40 characters maximum) of the

extended access-list being defined.

sequence-number Unique sequence number of the deny, permit, or remark

clause being added to (or deleted from) the access list; by

default, sequence numbers start at 10 and increment by 10

for each entry added to the end of the access list.

deny Access is denied for the source and destination addresses

specified.

permit Access is permitted for the source and destination

addresses specified.

protocol Name or number of an internet protocol, or symbol-name as

defined in define ipprotocol, valid protocol numbers are 0 to

255 (SVP option only).

ip Any IP protocol.

source-ip-address source-

wildmask

Access is denied or permitted for packets originating from

this source IP address and wildcard mask combination.

any Access is denied or permitted for packets originating from

any source IP address.

host source-ip-address Access is denied or permitted for packets originating from

this source IP address host.dest-ip-address dest-

wildmask

Access is denied or permitted for packets sent to this

destination IP address and wildcard mask combination.

any Access is denied or permitted for packets sent to any

destination IP address.

host dest-ip-address Access is denied or permitted for packets sent to this

destination IP address host.


30/485


31/485



Parameters


icmp-type ICMP name or code to be matched, range is 0 to 255, or

symbol-name may be used if defined in define icmp-code.

icmp-subcode ICMP subcode to be matched, range is 0 to 255.

Mode


access-list (extended IGMP)

Creates an IGMP extended access-list. If no sequence number or matching clause is specified,the no form of this command deletes the entire access-list; otherwise, only the access-list

clause specified by the sequence number and/or matching clause is deleted.

See the access-list (extended) command for other descriptions of inputs that are commonbetween the access-list family of commands.

Syntax

access-list access-list-id[seq sequence-number] {{deny | permit} {2 | igmp} {source-ipaddress source-wildmask| any | host source-ip-address} {dest-ip-address dest-wildmask|any | host dest-ip-address} *[dscp dscp-value | precedenceprecedence-value | tos tos-value| {log | log-input} | fragments | igmp-type] | remark string} [class-map class-map-name]

no access-list access-list-id[seq sequence-number] [{deny | permit} {2 | igmp} {source

ipaddress source-wildmask| any | host source-ip-address} {dest-ip-address dest-wildmask|any |host dest-ip-address} *[dscp dscp-value | precedenceprecedence-value | tos tos-value| {log |log-input} | fragments | igmp-type] | remark string] [class-map class-map-name]


igmp-type IGMP protocol name or

code to be matched or

symbol-name may be used

if defined in define igmp.

0 to 15

Mode


access-list (extended TCP)

Creates an TCP extended access-list. If no sequence number or matching clause is specified,the no form of this command deletes the entire access-list; otherwise, only the access-listclause specified by the sequence number and/or matching clause is deleted.


32/485




Syntax

access-list access-list-id[seq sequence-number] {{deny | permit} {6 | tcp} {source-ipaddresssource-wildmask| any | host source-ip-address} [{eq | gt | lt | neq} source-tcp-port | range

source-tcp-port1 source-tcp-port2] {dest-ip-address dest-wildmask| any | host dest-ipaddress}

[{eq | gt | lt | neq} dest-tcp-port| range dest-tcp-port1 dest-tcp-port2] *[dscp dscp-value |

precedenceprecedence-value | tos tos-value | {log | log-input} | fragments | ack |

established | fin | psh | rst | syn | urg] | remark string} [class-map class-map-name]

no access-list access-list-id[seq sequence-number] [{deny | permit} {6 | tcp} {source-

ipaddress source-wildmask| any | host source-ip-address} [{eq | gt | lt | neq} source-tcp-port|

range source-tcp-port1 source-tcp-port2] {dest-ip-address dest-wildmask| any | host dest-

ipaddress} [{eq | gt | lt | neq} dest-tcp-port| range dest-tcp-port1 dest-tcp-port2] *[dscp dscp-

value | precedenceprecedence-value | tos tos-value | {log | log-input} | fragments | ack |

established | fin | psh | rst | syn | urg] | remark string] [class-map class-map-name]

Parameters


eq Specifies that port must be equal to a value.

gt Specifies that port must be greater than a value.

lt Specifies that port must be less than a value.

neq Specifies that port must be not equal to a value.

range Specifies that port must be within a range of values.

source-tcp-port Decimal number or well-known name of the source TCPport, or symbol name if defined in define tcp-port.

dest-tcp-port Decimal number or well-known name of the destination TCP

port, or symbol name if defined in define tcp-port.

ack TCP flag to be matched (SVP option only).

established TCP flag to be matched (SVP option only).

fin TCP flag to be matched (SVP option only).

psh TCP flag to be matched (SVP option only).

rst TCP flag to be matched (SVP option only).

syn TCP flag to be matched (SVP option only).

urg TCP flag to be matched (SVP option only).

Mode



33/485



access-list (extended UDP)

Creates an UDP extended access-list. If no sequence number or matching clause is specified,the no form of this command deletes the entire access-list; otherwise, only the access-listclause specified by the sequence number and/or matching clause is deleted.


Syntax

access-list access-list-id[seq sequence-number] {{deny | permit} {17 | udp} {source-

ipaddress source-wildmask| any | host source-ip-address} [{eq | gt | lt | neq} source-udp-port

| range source-udp-port1 source-udp-port2] {dest-ip-address dest-wildmask| any | host dest-

ipaddress} [{eq | gt | lt | neq} dest-udp-port| range dest-udp-port1 dest-udp-port2] *[dscp

dsc-pvalue | precedenceprecedence-value | tos tos-value | {log | log-input} | fragments] |

remark string} [class-map class-map-name]

no access-list access-list-id[seq sequence-number] [{deny | permit} {17 | udp} {source-ipaddress source-wildmask| any | host source-ip-address} [{eq | gt | lt | neq} source-udp-port

| range source-udp-port1 source-udp-port2] {dest-ip-address dest-wildmask| any | host dest-

ipaddress} [{eq | gt | lt | neq} dest-udp-port| range dest-udp-port1 dest-udp-port2] *[dscp

dscp-value | precedenceprecedence-value | tos tos-value | {log | log-input} | fragments] |

remark string] [class-map class-map-name]

Parameters


eq Specifies that port must be equal to a value.

gt Specifies that port must be greater than a value.

lt Specifies that port must be less than a value.

neq Specifies that port must be not equal to a value.

range Specifies that port must be within a range of values.

source-udp-port Decimal number or well-known name of the source UDP

port, or symbol name if defined in define udp-port.

dest-udp-port Decimal number or well-known name of the destination UDP

port, or symbol name if defined in define udp-port.

Mode


access-list sequence-enable

Enables the display of sequence numbers when showing access-lists. The no form of thiscommand disables the display of sequence numbers when showing access-lists (default).


34/485



This command does not affect access-list commands displayed within running configurationoutput. Sequence numbers are not displayed within running configuration output.

Syntax

access-list sequence-enable

no access-list sequence-enable

Mode


access-list (standard)

Creates a standard access-list. If no sequence number or matching clause is specified, the no

form of this command deletes the entire access-list; otherwise, only the access-list clausespecified by the sequence number and/or matching clause is deleted.

Syntax

access-list access-list-id[seq sequence-number] {{deny | permit} {ip-address [wildmask] |

any | host ip-address} [log] | remark string} [class-map class-map-name]

no access-list access-list-id[seq sequence-number] [{deny | permit} {ip-address [wildmask] |

any | host ip-address} [log] | remark string] [class-map class-map-name]

Parameters


access-list-id Alphanumeric name string (40 characters maximum) of the

standard access-list being defined.

sequence-number Unique sequence number of the deny, permit, or remark

clause being added to (or deleted from) the access list; by

default, sequence numbers start at 10 and increment by 10

for each entry added to the end of the access list.

deny Access is denied for the source addresses specified.

permit Access is permitted for the source addresses specified.

ip-address [wildmask] Access is denied or permitted for packets originating fromthis source IP address and wildcard mask combination (if

wildcard mask is not specified, 0.0.0.0 is assumed).

any Access is denied or permitted for packets originating from

any source IP address.

host ip-address Access is denied or permitted for packets originating from

this source IP address host.


35/485


36/485



clear Value of duration in

seconds is greater than or

equal to this value, alert

will clear.

00 to 600 0

Mode


acdd

Average Call Disconnect Delay (ACDD) is an average delay for VoIP sessions measured fromthe release request to the acknowledgement. The command replaces the existing settings forthe intervals specified. The no form of the command with no arguments disables the ACDDalert for all time intervals. The no form of the command with a single interval, regardless ofset/clear threshold value, will disable the ACDD alert for that time interval.

This command enables generation of alerts to the SVM and traps to the NMS based on theAverage Call Disconnect Delay. The set threshold must be greater than or equal to the clearthreshold.

Syntax

acdd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

no acdd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

Parameters




None



None



None



None

set Value of duration in

seconds is greater than

this value, alert will set.

0 to 600 where 00

implies off.

0


37/485


38/485



Mode


address-family ipv4Enables IPv4 address family based running configuration on the RCP and enters into thespecified Address Family Configuration Mode. The no form of this command does a no activatecommand on all peers and peer groups in the address family, removes all peers from their peergroups, and clears out all the attributes from peers.

Syntax

address-family ipv4 [multicast | [unicast] [vrfvrf-name]]

no address-family ipv4 [multicast | [unicast] [vrfvrf-name]]

Parameters


ipv4 Specifies IP version 4

multicast Specifies Multicast mode.

unicast Specifies Unicast mode (default).

vrf-name Alpha-numeric-symbolic name for the VRF

the address-family information is associated

with, range is 1 to 40 characters.

Mode

Router Configuration (BGP)

Guidel ines

Once address family based running configuration is enabled on the RCP, it cannot be disabled.

address-family (traceoptions)

Enables debug messages of specified BGP address family names to be placed in the trace file.

The no form of this command disables debug messages of specified BGP address familynames (or all names if none specified) from being placed in the trace file (default).

Syntax

address-family {family-name}...

no address-family [family-name]...


39/485



Parameters


family-name Family name of BGP address family, either

ipv4 unicast or ipv4 multicast.

Mode

Traceoptions Configuration

alias

Creates a command alias for a specified command within a specified command mode. The noform of this command deletes a specified command alias within a specified mode or deletes allcommand aliases within a specified mode.

Syntax

alias mode command-alias command

no alias mode [command-alias [command]]

Parameters


mode {address-family | configure | controller|

cos-queue-group-in | cos-queuegroup-

out | exec | flow-cache | interface | ip-

explicit-path | ipenacl | ipsnacl | line |path-attr| policy-list | protmon |

QoSclassmap | QoSpolicymap-in |

QoSpolicymap-out | QoSpolicymapclass-

in | QoSpolicymapclass-out | route-map |

router| subinterface | traceoptions}.

address-family Address Family Configuration Mode.

configure Global Configuration Mode.

exec EXEC mode.

flow-cache Flow aggregation Cache Configuration

Mode.

interface Interface Configuration Mode.

ip-explicit-path IP Explicit Path Configuration Mode.

ipenacl IP Extended Access-List Configuration

Mode.


40/485


41/485





None




0 to 600 where 00

implies off.

0


seconds is less than or


will clear.

00 to 600 0

Mode


ard

Average Registration Delay (ARD) is the average delay for VoIP applications for registrationdelay duration. The command replaces the existing settings for the intervals specified. The noform of the command with no arguments disables the ARD alert for all time intervals. The noform of the command with a single interval, regardless of set/clear threshold value, will disablethe ARD alert for that time interval.

This command enables generation of alerts to the SVM and traps to the NMS based on theAverage Registration Delay. The set threshold must be greater than or equal to the clearthreshold.

Syntax

ard {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

no ard {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

Parameters




None

interval2 set/clear thresholds forsecond interval of the day.

None



None



None


42/485






0 to 600 where 00

implies off.

0



equal to this value, alertwill clear.

00 to 600 0

Mode


area authentication

Enables authentication in the OSPF area specified. The no form of this command disablesauthentication for the area (default).

Syntax

area {ip-address | area-id} authentication [simple | message-digest]

no area {ip-address | area-id} authentication [simple | message-digest]

Parameters


ip-address Area to be authenticated,

expressed as an IP

address (dotted decimal).

area-id Area to be authenticated,

expressed as a decimal

number

0 to 4294967295

simple Specifies Type-1 (simple

password) authentication

(default).

message-digest Specifies MD5

authentication.

Mode

Router Configuration (OSPF)

Guidel ines

If simple or message-digest is not specified, simple authentication is done.


43/485



area default-cost

In an Area Border Router (ABR), specifies the cost of the default summary route sent into astub area. The no form of this command removes the specified default summary route cost, andsets the default-cost to 1 (default).

Syntax

area {ip-address | area-id} default-cost cost

no area {ip-address | area-id} default-cost [cost]

Parameters


ip-address IPv4 or IPv6 address of the

area into which the default-

cost is being sent.

IPv4 or IPv6

area-id Area into which the default-

cost is being sent,

expressed as a decimal

number

0 to 4294967295

cost Default summary route cost

for the stub area

1 to 65535, default is 1.

Mode


area nssa

Enables an OSPF area to be a not-so-stubby-area (NSSA). The no form of this commandremoves an OSPF area from NSSA designation.

Syntax

area {ip-address | area-id} nssa [no-redistribution] [default-information-originate ][nosummary]

no area {ip-address | area-id} nssa [no-redistribution] [default-information-originate ][nosummary]

Parameters



44/485



ip-address Area being designated as

an NSSA, expressed as an

ip address (dotted

decimal).

area-id Area being designated as

an NSSA, expressed as adecimal number

0 to 4294967295

no-redistribution Configures this router

(which must be an NSSA

Area Border Router) to not

redistribute routes into the

NSSA, but to allow

redistribution into the non-

NSSA areas.

no-summary Configures this router to

not send Network

Summary LSAs (Type 3)into the NSSA

default-information-

originate

Configures this router

(which must be an NSSA

Area Border Router) to

generate an NSSA External

LSA (Type 7) default route

into the NSSA.

Mode


area virtual-link

Sets an OSPF virtual link (a link to the backbone through a non-backbone area). The no form ofthis command removes the virtual link.

Syntax

area {ip-address | area-id} virtual-link router-id*[authentication [null | message-digest] |dead-interval seconds | hello-interval seconds | retransmit-interval seconds | transmitdelayseconds] [authentication-key [encryption-type]password| message-digest-key key-idmd5

[encryption-type] key]

no area {ip-address | area-id} virtual-link router-id*[authentication [null | message-digest] |dead-interval seconds | hello-interval seconds | retransmit-interval seconds | transmitdelayseconds] [authentication-key [encryption-type]password| message-digest-key key-idmd5[encryption-type] key]

Parameters


45/485




ip-address IP address of the area of

the non-backbone (transit)

area being used for the

virtual link.

area-id Area of the non-backbone

(transit) area being used for

the virtual link

0 to 4294967295

router-id Router-id of the ABR with

which the virtual-link is

being established.

hello-interval seconds Amount of time in seconds

that passes between the

sending of Hello packets.

1 to 8192, default is 10

retransmit-interval

seconds

Amount of time in seconds

to wait betweenunacknowledged OSPF

packet retransmissions


transmit-delay seconds Amount of time in seconds

it takes to transmit an LSA

on this interface. The LSA

age will be increased by

this amount as it exits this

interface or resides in the

LSA database


dead-interval seconds Amount of time in seconds

that the RCP will wait tohear a Hello from a

neighbor on the network to

which the interface is

connected before declaring

the neighbor dead (down)


authentication Configures the link to use

simple (password)

authentication.

authentication null Configures the link to use

no authentication.

authentication message-

digestConfigures the link to useMD5 authentication.

authentication-key

encryption-type

Optional number specifying

the type of encryption to

use when storing and

displaying the simple

password

0 to 7, default is 0 (no

encryption).


46/485



password Continuous string of

characters, up to 8 bytes

long, that is the simple

password to be used by

neighboring routers.

key-id Identifier for the MD5 key 1 to 255

md5 encryption-type Optional number specifying

the type of encryption to

use when storing and

displaying the md5 key

0 to 7, default is 0 (no

encryption).

key Alphanumeric string of up

to 16 characters that is the

value of the MD5 key.

Mode


Guidel ines

If the command password-encryption has been enabled, all passwords are encrypted forstorage and display, regardless of the encryption type parameters specified here.

arp

Creates a static entry within the Address Resolution Protocol (ARP) table. The no form of thiscommand removes a static entry.

Syntax

arp ip-address mac-address

no arp ip-address [mac-address]

Parameters


ip-address IP address of the static entry.

mac-address 48-bit IEEE MAC address using three 4-digithex numbers separated by periods

(xxxx.xxxx.xxxx)

Mode



47/485



assign

Creates a variable that can have multiple match commands associated with it, so that morethan one match condition may exist for a set command. The no form of this command deletesthe variable definition.

Syntax

assign variable-name

no assign variable-name

Parameters


variable-name Name of the variable being

created, can be one

alphabetic character

a-z

Mode

Route-Map Configuration

Guidel ines

This command enters Route-Map Assign Mode, where all of the route-map match commandsare available. After entering the match commands to be assigned to this variable, type exit toreturn to normal Route-Map Configuration Mode.

atdAverage Tunnel Duration (ATD) is an average duration of successfully established tunnelsessions. The command replaces the existing settings for the intervals specified. The no formof the command with no arguments disables the ATD alert for all time intervals. The no form ofthe command with a single interval, regardless of set/clear threshold value, will disable the ATDalert for that time interval.

This command enables generation of alerts to the SVM and traps to the NMS based on theAverage Tunnel Duration. The set threshold must be less than or equal to the clear threshold.

Syntax

atd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

no atd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

Parameters


48/485


49/485





None



None



None


seconds is less than this

value, alert will set.

0 to 600 where 00

implies off.

0


seconds is greater than or


will clear.

00 to 600 0

Mode


avdd

Average Video Disconnect Delay (AVDD) is the average from the request for termination untilthe acknowledgement. The command replaces the existing settings for the intervals specified.The no form of the command with no arguments disables the AVDD alert for all time intervals.The no form of the command with a single interval, regardless of set/clear threshold value, willdisable the AVDD alert for that time interval.

This command enables generation of alerts to the SVM and traps to the NMS based on theAverage Video Disconnect Delay. The set threshold must be greater than or equal to the clearthreshold.

Syntax

avdd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

no avdd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

Parameters




None



None


50/485





None



None




0 to 600 where 00

implies off.

0




will clear.

00 to 600 0

Mode


avpdd

Average Video Post Dial Delay (AVPDD) is the average delay from the initial request to theringing. The command replaces the existing settings for the intervals specified. The no form ofthe command with no arguments disables the AVPDD alert for all time intervals. The no form ofthe command with a single interval, regardless of set/clear threshold value, will disable theAVPDD alert for that time interval.

This command enables generation of alerts to the SVM and traps to the NMS. The setthreshold must be greater than or equal to the clear threshold.

Syntax

avpdd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

no avpdd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }

Parameters




None



None



None



None


51/485






0 to 600 where 00

implies off.

0



equal to this value, alertwill clear.

00 to 600 0

Mode


bandwidth (interface)

Sets the bandwidth informational value for an interface. The no form of this command sets thebandwidth informational value to the default value.

Syntax

bandwidth kilobits

no bandwidth [kilobits]

Parameters


kilobits Bandwidth in kilobits per

second

Range is 1 to 80000000,

default values are 9 for

Tunnel; 10000 for Admin

and NNET; and Loopback,

and Null. For Port-chan and

Pos-chan, the default is for

the bandwidth value to be

dynamically set according

to the number of active

members. Subinterface

defaults are same as

parent interface.

Mode

Interface Configuration (Admin, Em, Loopback, NNET, Null, Tunnel)

Guidel ines

When an interface is assigned as a member of a link bundle interface, the bandwidth value forthat interface is changed to the default value for that interface. Once an interface is removed as


52/485


53/485


54/485



no banner motd [c message c]

Parameters


c Delimiting character, any character isallowed but it must use a different character

than any used in the banner message.

message Banner message text.

Mode


bgpEnables the RCP to allow any integer as a valid router ID, including 0. The no form of thiscommand enables the RCP to reject bad router IDs (default).

Syntax

bgp allow-illegal-routerid

no bgp allow-illegal-routerid

Mode

Router Configuration (BGP)Address Family Configuration (IPv4 Unicast)Address Family Configuration (IPv4 Unicast VRF)Address Family Configuration (IPv6 Unicast VRF)

bgp client-to-client reflection

Enables route reflection from a BGP route reflector to clients (default). The no form of thiscommand disables client-to-client reflection.

Syntax

bgp client-to-client reflection

no bgp client-to-client reflection

Mode

Router Configuration (BGP)Address Family Configuration (IPv4 Unicast)


55/485



Address Family Configuration (IPv4 Unicast VRF)Address Family Configuration (IPv4 Multicast)Address Family Configuration (IPv6 Unicast)Address Family Configuration (IPv6 Unicast VRF)Address Family Configuration (IPv6 Multicast)Address Family Configuration (VPNv4 Unicast)

Address Family Configuration (VPNv4 Multicast)Address Family Configuration (VPNv6 Unicast)Address Family Configuration (VPNv6 Multicast)

bgp cluster-id

Sets the cluster ID for the routers acting as route reflectors if the BGP cluster has more thanone route reflector. The no form of this command removes the cluster ID.

Syntax

bgp cluster-id cluster-id

no bgp cluster-id [cluster-id]

Parameters


cluster-id Cluster ID of this route reflector expressed

as a nonzero-32-bit-integer (1 to

4294967295) or a dotted decimal IP

address.

Mode

Router Configuration (BGP)Address Family Configuration (IPv4 Unicast)Address Family Configuration (IPv4 Unicast VRF)Address Family Configuration (IPv4 Multicast)Address Family Configuration (IPv6 Unicast)Address Family Configuration (IPv6 Unicast VRF)Address Family Configuration (IPv6 Multicast)Address Family Configuration (VPNv4 Unicast)Address Family Configuration (VPNv4 Multicast)

Address Family Configuration (VPNv6 Unicast)Address Family Configuration (VPNv6 Multicast)

bgp default ipv4-unicast

Sets the RCPs default address-family to IPv4-unicast (default). The no form of this commandcauses the RCP to not activate the IPv4-unicast address-family by default.


56/485



Syntax

bgp default ipv4-unicast

no bgp default ipv4-unicast

Mode


bgp default route-target filter

Enables automatic BGP route-target community filtering. The no form of this command disablesthis feature.

Syntax

bgp default route-target filter

no bgp default route-target filter

Mode


bgp fast-external-fallover

Enables the BGP sessions of any directly adjacent external peers to immediately reset if thelink used to reach them goes down (default). The no form of this command disables thisfunction.

Syntax

bgp fast-external-fallover

no bgp fast-external-fallover

Modes

Router Configuration (BGP)Address Family Configuration (IPv4 Unicast)Address Family Configuration (IPv4 Unicast VRF)Address Family Configuration (IPv6 Unicast VRF)

bgp log-neighbor-changes


57/485


58/485


59/485


r2.0 cem command reference

Documents