r2.0 cem command reference
TRANSCRIPT
-
7/28/2019 R2.0 CEM Command Reference
1/485
NetSocket Cloud Experience Manager
Command Reference
Release 2.0
-
7/28/2019 R2.0 CEM Command Reference
2/485
THE PRODUCT INFORMATION PRESENTED WITHIN THIS DOCUMENT IS SUBJECT TO CHANGE
WITHOUT NOTICE. ALL PRODUCT INFORMATION IS BELIEVED TO BE ACCURATE, BUT IS PROVIDED
WITHOUT WARRANTY OF ANY KIND, EXPRESSED OR IMPLIED. NETSOCKET, INC. ACCEPTS NO
RESPONSIBILITY FOR USERS SPECIFIC APPLICATION OF THE PRODUCT(S) FEATURED WITHIN THIS
DOCUMENT. NEITHER NETSOCKET, INC. NOR ITS SUPPLIERS SHALL BE LIABLE FOR DAMAGES OF
ANY KIND, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA OR REVENUE, ARISING FROM THE
USE OF THE FEATURED PRODUCT(S) AND ASSOCIATED INFORMATION PRESENTED WITHIN THIS
DOCUMENT.
NETSOCKET I NC., CONFID ENTIAL
THE INFORMATION CONTAINED IN THIS DOCUMENT IS THE PROPERTY OF NETSOCKET. EXCEPT AS
SPECIFICALLY AUTHORIZED IN WRITING BY NETSOCKET, THE HOLDER OF
THIS DOCUMENT SHALL KEEP THE INFORMATION CONTAINED HEREIN CONFIDENTIAL AND SHALL
PROTECT SAME IN WHOLE OR IN PART FROM DISCLOSURE AND DISSEMINATION
TO THIRD PARTIES AND USE SAME FOR EVALUATION, OPERATION AND MAINTENANCE PURPOSES
ONLY.
THE CONTENT OF THIS DOCUMENT IS PROVIDED FOR INFORMATION PURPOSES ONLY AND IS
SUBJECT TO MODIFICATION. IT DOES NOT CONSTITUTE ANY REPRESENTATION OR WARRANTY
FROM NETSOCKET AS TO THE CONTENT OR ACCURACY OF THE
INFORMATION CONTAINED HEREIN, INCLUDING BUT NOT LIMITED TO THE SUITABILITY AND
PERFORMANCES OF THE PRODUCT OR ITS INTENDED APPLICATION.
NetSocket 2012 - 20 13
-
7/28/2019 R2.0 CEM Command Reference
3/485
NetSocket, Inc. - Proprietary and Confidential i
Table of Contents1 Introduction ................................................................................................................................ 1-1
1.1 About the Document ........................................................................................................ 1-11.2 Audience .......................................................................................................................... 1-11.3 How to Get Help .............................................................................................................. 1-11.4 Product Documentation ................................................................................................... 1-1
2 System Overview ...................................................................................................................... 2-22.1 ICE Correlation ................................................................................................................ 2-22.2 SVM ................................................................................................................................. 2-32.3 SVP .................................................................................................................................. 2-32.4 SVA .................................................................................................................................. 2-4
2.4.1 SVA Standard IP MOS Monitoring ...................................................................... 2-42.4.2 SVAA IP MOS Plus Analogue ............................................................................. 2-4
2.5 SVM Dashboard .............................................................................................................. 2-42.6 Calls, Sessions, and Media ............................................................................................. 2-5
3 Initial System Access ................................................................................................................ 3-13.1 1U Server ......................................................................................................................... 3-13.2 2U Server ......................................................................................................................... 3-23.3 CLI Access using the Default IP Address ........................................................................ 3-23.4 CLI Access using the Serial Ports ................................................................................... 3-3
3.4.1 System Serial Ports ............................................................................................. 3-33.4.2 Accessing the CLI from a Serial Port .................................................................. 3-4
3.5 CLI Access using a Monitor and Keyboard ..................................................................... 3-4 4 CLI Basics ................................................................................................................................. 4-1
4.1 Command Structure ........................................................................................................ 4-14.1.1 Command Classes .............................................................................................. 4-14.1.2 Command Modes ................................................................................................ 4-14.1.3 Command Syntax ................................................................................................ 4-3
4.2 CLI Fundamentals ........................................................................................................... 4-44.2.1 CLI Functions ...................................................................................................... 4-44.2.2 CLI Customization ............................................................................................... 4-7
5 CLI Command Definitions ......................................................................................................... 5-1
-
7/28/2019 R2.0 CEM Command Reference
4/485
NetSocket, Inc. - Proprietary and Confidential 1-1
1 IntroductionThe NetSocket solution consists of the Service Visibility Manager (SVM), the Service VisibilityPoint (SVP), and the Service Visibility Analyzer (SVA). This document provides basicdescription of the SVM, SVP, and SVA, as well as a web-based Graphical User Interface (GUI)
called the SVM Dashboard.
1.1 About the Document
This Command and Configuration Guide describes the steps used to configure the CloudExperiem and defines the CLI commands used. A brief overview of the solution at thebeginning of the document is followed by configuration examples for the SVM, SVP, and SVA.The final section of the document gives the CLI command definitions used on the NetSocketproducts.
1.2 Audience
The Command and Configuration Guide is intended for the individuals tasked with the turn-upand configuration of the SVM, SVP, and SVA in the providers network.
1.3 How to Get Help
To receive technical support, contact NetSocket in one of the following ways:
NetSocket technical support e-mail address: [email protected]
Visit http://www.support.netsocket.com for additional information. Use your companys
login information to access the documentation.
1.4 Product Documentation
Following is the list of all documents included into the product documentation suite:
Software Release Notes
Installation Guide contains installation procedures.
User Guide contains description and explanation of the SVM, SVP, and SVA
functionality. The User Guide is intended for SVM Dashboard users.
Command and Configuration Guide contains CLI command definitions and configuration
examples.
SVM SNMP Reference contains information about NetSockets proprietary MIBs andSNMP Traps.
-
7/28/2019 R2.0 CEM Command Reference
5/485
Introduction
1-2
2 System OverviewThe NetSocket Cloud Experience Manager (CEM) provides real-time IP service assurance forUnified Communications environments correlating real-time session (signaling), media(voice/video) streams and topology paths and events for Unified Communications applications.
The solution consists of three component types:
The Service Visibility Manager (SVM) is an element management system for the SVPsand SVAs. The SVM provides a web based GUI, called the SVM Dashboard, used tomonitor the NetSocket CEM.
The Service Visibility Point (SVP) is a server appliance that monitors the layer-3 IPnetwork and the layer-4 session signaling.
The Service Visibility Analyzer (SVA) is a server appliance that monitors and analyzesQuality of Experience (QoE) for media streams associated with the sessions monitoredby the SVP.
The NetSocket CEM works in a hierarchical model where one SVM monitors one or more SVPs
and an SVP can monitor zero or more SVAs. After the initial configuration, the user accessesand monitors the entire solution via the SVM Dashboard.
This chapter provides a functional overview of the SVM, the SVP and the SVA. The followingtopics are covered within this chapter:
IP Correlation Engine (ICE)
SVM
SVP
SVA
SVM Dashboard
2.1 ICE CorrelationAs the name suggests, this key technology automatically correlates the real-time state andchanges in the IP network to the individual sessions being carried through that network. Inreal-time, CEM calculates the exact hop-by-hop path of any session, and can identify whatnetwork or signaling event has impacted, or is impacting, that session. Further, this sameknowledge is used to proactively alert the service manager to changes in network configurationthat can impact the traffic on the network.
Unique aspects of the IP Correlation Engine include:
Works in real time to create a service assurance mashup, providing a dynamic "map" of
the network onto which media and application/service information is correlated. Monitors the network without imposing any burden on the deployed network nodes, such
as routers; it passively participates in the routed network using standard IP routing
protocols.
The results of the ICE correlation are presented in the Quality of Session Record (QSR).
-
7/28/2019 R2.0 CEM Command Reference
6/485
Introduction
1-3
2.2 SVM
The Service Visibility Manager is a management node for the SVPs and SVAs deployed in anetwork. For each application, the SVM provides metrics applicable to that application. Inaddition, the SVM provides Fault, Configuration, Accounting, Performance, and Security(FCAPS) management for the SVPs deployed. The SVM receives operational information fromall the SVPs within the network, which is then displayed on the SVM Dashboard.
SNMP traps can be used to provide the operators NMS/OSS with SVM fault/alarm information.The SVM supports SNMP v1 and v2c for this purpose.
2.3 SVP
The Service Visibility Point monitors signaling traffic (i.e., sessions) in a routed IP network.SVPs collect signaling traffic from applications that terminate call processing signaling andcontrol streams. The CEM network stores information pertaining to these sessions, andprovides real-time and historical operational statistics for them. The SVP passively monitorssignaling information exchanged between signaling terminations points (e.g., call processingapplications, IP phones, VoIP gateways, SIP proxies and Session Border Controllers). Thedefinition of a signaling session is described below. In essence, a signaling session is bi-directional signaling information streamed between these signaling termination points andspans the time from the start of the signaling session to the end of that session. A call may (andprobably does!) consist of multiple signaling sessions
When used in a Microsoft Lync environment, the signaling monitoring function is performedby the Lync solution. Signaling information from Lync Front End servers is abstracted anddelivered to an SVP through the Lync Network Diagnostics (LND) API. The SVP captures thissignaling information and transforms it to signaling session information that is presented in theSVMs Dashboard in a similar format to that of signaling sessions monitored directly by the
SVP. This monitoring approach is required because the Lync signaling stream information is
encrypted. In addition to signaling session information, the LND API delivers quality ofexperience (QoE) information to the SVP related to the quality of the end-to-end media stream.This information can be used to supplement the QoE information delivered by the SVA.
The SVP also discovers network topology and status of available network resources by usingstandard IP routing protocols, such as OSPF and BGP, and by collecting information from themonitored routers using SNMP and CLI. Through BGP or OSPF polling, the SVP can construct,at any time, the hop-by-hop path taken by media streams from their source to their destination.For any call, the SVP can then precisely determine the calls source and destination endpoints,
the precise hop-by-hop path that the calls media streams takes from source to destinationendpoint and can exclude router service degradation events from those events by routersidentified as NOT being in the calls media path. All of this information is correlated by the SVPto the collected signaling and media sessions of the aggregate call.
As signaling stream sessions and media streams are established and released during a call,the SVP maintains operational metrics about each session. If these metrics deviate outside thenormal operational range (based on user defined thresholds), the SVP alerts the Operationsteam of potential problems and provides a list of affected sessions. This allows proactivemanagement of the network and can significantly reduce the Mean Time to Isolate (MTTI)during problem resolution.
-
7/28/2019 R2.0 CEM Command Reference
7/485
Introduction
1-4
2.4 SVA
The Service Visibility Analyzer analyzes voice and video media streams associated with thesessions monitored by an SVP. Within a single, aggregate call, one or more media legs canexist between the source and destination endpoints that terminate the call s media, A mediasession is defined as any media (sequence of voice or video packets) stream that is terminatedbetween two media terminating endpoints (e.g., IP phone, Session Border Controller, VoIPgateway, conference bridge application, etc.). Multiple media sessions of a call can and do takedifferent paths through the routed network than the multiple signaling sessions of that samecall. SVAs capture media stream packets and perform calculations on the data contained withinthese media packets that yield Quality of Experience (QoE MOS scores, number of packetslost, jitter, media packet delay). The QoE calculated information is correlated in the SVP with itsspecific signaling session and presented in the SVM dashboard for analysis and diagnostics.
2.4.1 SVA Standard IP MOS Monitoring
The SVA Standard IP MOS Monitoring configuration analyzes RTP streams for degradationthat can be attributed directly to the IP network. The metrics are independently collected on
each monitoring interface. The SVA calculates interval metric values every 30 seconds and atthe end of the session. Cumulative metrics are also provided, which are calculated over theentire media session. It is important to note that the interval and cumulative metrics are doneindependently. The cumulative metrics are not averages of the interval metrics.
Cumulative metrics are also calculated separately for any Call Hold and Re-invite scenariosthat occur following call establishment.
2.4.2 SVAA IP MOS Plus Analogue
The Service Visibility Analysis (SVAA) application is specifically designed to monitor mediastreams for echo and other media stream service degradations introduced through eitheranalog-to-digital hybrid interfaces in the PSTN or acoustic echo service degradation
introduced through endpoints such as speaker phones. The SVA IP MOS Plus Analogue(SVAA) configuration analyzes both directions of the G.711 A-law and G.711 -law RTPstreams associated with a call. Therefore, unlike the standard configuration, RTP streams forall configured interfaces are analyzed as a whole. Duplication of streams across multipleinterfaces must be avoided so that accurate results can be calculated. In this configuration, theSVA reports the standard IP MOS monitoring metrics as well Signal to Noise and Echo. Thereporting of the standard IP MOS monitoring metrics is the same as described inSVAStandard IP MOS Monitoring. The Signal to Noise and Echo calculations are performed overa subset of the entire call according to the media analysis configuration command on the SVA.The results are reported as part of the cumulative IP MOS metrics.
2.5 SVM Dashboard
The SVM contains a web server to enable access to the SVM Dashboard using industrystandard web browsers such as Chrome, Firefox, and Internet Explorer. The Dashboard can beaccessed from any personal workstation within an operators network where the SVM isdeployed. It presents information about the SVM-monitored domain in an easily understood andmeaningful format and allows a user to run various searches and reports, while analyzing anetwork issue.
The SVM Dashboard presents information about SVPs, SVAs and the operators network in
-
7/28/2019 R2.0 CEM Command Reference
8/485
Introduction
1-5
both tabular and graphical formats. There are two SVM dashboards graphical user interfaces(GUI) that can be used for operations. The legacy dashboard GUI is referred to as the orange
GUI. The newer GUI is referred to as the blue GUI. The blue GUI was developed to improveoperational workflows in a help desk environment.
2.6 Calls, Sessions, and Media
As explained in the preceding sections, the SVM and SVA monitor the signaling sessions andmedia streams respectively. To help you use and interpret the data available in the SVMDashboard, it is important to understand how and what the NetSocket CEM monitors.
The following figure illustrates the signaling traffic. A callis all sessions from a source end-pointto a destination end-point. A session is the signaling between two signaling termination points.In the figure, a call from the source computer to the destination computer includes 5 sessionsbetween the different end-points, such as computers, call managers, the session initiationprotocol (SIP) proxy, and the session border controller (SBC). An SVP can monitor one or more
of these sessions, but it might not monitor the call, or all of the sessions.
Figure 2-1 Signaling Session Structure
The media, or content, structure is shown in the following figure. The media (voice, video)streams are comprised of all voice or video packet streams that pass through media terminationpoints, which are the SBC and the source computer in the figure. A media legis the mediastream passing between two media points, such as the computers, SBC and routers that
terminate a media stream. It is important to recognize the distinction between a device thatterminates media (such as an IP phone or an SBC or a VoIP gateway) and a device thatforwards media such as a router or switch. In the example, the media has two legs, each ofwhich has three legs. An SVA can monitor one stream, which includes one or more media legs.
-
7/28/2019 R2.0 CEM Command Reference
9/485
Introduction
1-6
Figure 2-2 Media Structure
The following shows an example implementation of an SVP and two SVAs. The SVP canmonitor four sessions, which in the example includes sessions 1, 2, 3, and 5. It does not
monitor the session between the SBC and the destination call manager. If a support staff founda session with an alert, he could use the Find Related Sessions query to search for the othermonitored sessions that were part of the same call.
Figure 2-3 Implementation of SVA and SVP
Similarly, the SVAs cannot monitor an entire media stream but can monitor the individual medialegs. In this example, SVA-DAL is connected to the DAL-CE2 router and monitors the mediastream exiting from the DAL-CE2 router. Similarly, SVA-NY is connected to the 03-NewYorkrouter and monitors the media stream from the destination end-point to the SBC.
The following figure shows an alternative configuration, in which a Lync Server is used with thesource end-point. The figure shows a hybrid environment with Lync and another call managersystem. The SVP receives quality of experience (QoE) and signaling data from the Lync server
-
7/28/2019 R2.0 CEM Command Reference
10/485
Introduction
1-7
using the LND API through the SVPs management interface, not a monitoring port. The Lyncserver provides QoE media data for the encrypted Lync sessions, and the Lync clientapplications function similarly to SVAs by providing the QoE data for the inbound media streamto the Lync client. The SVP collects data from other sessions that are not Lync encrypted.
Figure 2-4 SVP and SVA Configuration with Lync
In the QSR window, the source-to-destination and destination-to-source metrics include datafrom all monitoring points in the media stream, which includes each router or switch connectedto an SVA and each Lync client endpoint. For example, in the following figure, the QSR windowshows two columns of destination-to-source data. One SVA (DAL-SVA-CE1) retrieves anddisplays data from a router, shown as 1 in the figure. Another SVA (DAL-SVA-CE2) gets data
from another router, marked as 2 in the figure. If a Lync server were used (as in Figure 2-4), itsdata would be presented in a separate column as Endpoint Statistics.
-
7/28/2019 R2.0 CEM Command Reference
11/485
Introduction
1-8
1 2
-
7/28/2019 R2.0 CEM Command Reference
12/485
NetSocket, Inc. - Proprietary and Confidential 3-1
3 Initial System AccessThe SVM, SVP, and SVA systems are delivered with the NetSocket software installed but willneed to be configured before they are placed in service. The systems are configured using acommand line interface (CLI) which is typically accessed via SSH or Telnet using the IP
address assigned to the management interface. However, during the initial configuration thisinterface will not have an IP address that is accessible on the management network. Thefollowing sections describe how to access the CLI using the default IP address, the serial ports,and a monitor and keyboard. The figures and table below show the connection points used toaccess the CLI using these three methods.
3.1 1U Server
Figure 3-1 - 1U Server Rear Panel Connection Points
Table 3-1 2U Server CLI Access Connection Points
Letter Location Description
A Rear Panel Serial port
B Rear Panel VGA connector
C Rear Panel USB ports
D Rear Panel Management interface (nnet0)
-
7/28/2019 R2.0 CEM Command Reference
13/485
Initial System Access
NetSocket, Inc. - Proprietary and Confidential 3-2
3.2 2U Server
Figure 3-2 U2 Server Front Panel Connection Points
Figure 3-3 U2 Server Rear Panel Connection Points
Table 3-2 2U Server CLI Access Connection Points
Letter Location Description
A Front Panel Serial port
B Front Panel USB port
C Rear Panel Serial port
D Rear Panel VGA connector
E Rear Panel USB ports
F Rear Panel Management interface (nnet0)
3.3 CLI Access using the Default IP Address
The NetSocket systems ship with a default IP address of 192.168.0.1 and network mask of255.255.255.0 configured on the management interface. To access the CLI using the default
IP address, connect a PC or laptop directly to the management port using an Ethernet cable.The network interface on the PC or laptop should be configured with a static IP address of192.168.0.2 and a network mask of 255.255.255.0. Once this interface has been configuredthe system will be reachable via SSH or Telnet using the IP address 192.168.0.1.
Opening an SSH or Telnet connection to the default IP address will display the CLI loginprompt. The default login credentials are username admin and password adminn.
-
7/28/2019 R2.0 CEM Command Reference
14/485
Initial System Access
NetSocket, Inc. - Proprietary and Confidential 3-3
3.4 CLI Access using the Serial Ports
3.4.1 System Serial Ports
The 1U servers have a single serial port located on the rear panel. The 2U servers have two
serial ports; one on the front panel and one at the rear panel. Connections can be made toeither the front or the rear port. However, if the front panel serial port is used the rear serialport is deactivated. Both ports cannot be used at the same time. The serial ports have 8-pinRJ-45 connectors.
The table below lists the pinout for the front and back panel serial port connectors.
Table 3-3 - Serial Port Pinout
Pin Signal
1 RTS (Request to Send)
2 DTR (Data Terminal Ready)
3 TXD (Transmit Data)
4 GND
5 RIA (Ring Indicator)
6 RXD (Receive Data)
7 DSR/DCD (Data set Ready / Data Carrier Detect
8 CTS (Clear to Send)
To connect a PC to the system a RJ-45 to DB-9 adapter will be required. The pinout for thisadapter is provided in the table below.
Table 3-4 - RJ-45 to DB-9 Adapter Pinout
SVM/SVP/SVA RJ-45 Serial Port PC DB-9 Serial PortSignal Pin Pin Signal
RTS 1 8 CTS
DTR 2 6 DSR
TXD 3 2 RXD
GND 4 5 GND
RIA 5 5 GND
RXD 6 3 TXD
DSR/DCD 7 4 DTR
CTS 8 7 RTS
The serial port on the NetSocket servers has the same pinouts as Cisco routers and switches.Therefore, console cables that can be used to connect to a Cisco device may also be used toconnect to a NetSocket server. Note that the NetSocket serial port uses a higher baud ratethan Cisco devices as shown in the table below.
-
7/28/2019 R2.0 CEM Command Reference
15/485
Initial System Access
NetSocket, Inc. - Proprietary and Confidential 3-4
The following table provides the terminal settings used to connect to the serial ports.
Table 3-5 - Serial Port Terminal Settings
Setting Value
Baud Rate 115200
Data Bits 8
Parity None
Stop Bits 1
Flow Control RTS/CTS
3.4.2 Accessing the CLI from a Serial Port
After connecting to one of the serial ports, pressing the enter key will cause the system shelllogin prompt to be displayed. The default login credentials are username admin and passwordadminn. Once the shell prompt (%) is displayed, type cli to enter the CLI. The defaultusername and password are also used to login to the CLI. At the initial CLI prompt (>) type
enable to enter enable mode.
By default, the console uses a terminal length of 25 lines. If you are using a terminal windowwith more than 25 lines, you will need to set the terminal length so the paging behavesproperly. This can be accomplished using the terminal length CLI command.
3.5 CLI Access using a Monitor and Keyboard
The CLI can also be accessed using a monitor and USB keyboard. The monitor should beconnected to the VGA connector on the rear panel. The USB keyboard can be connected toany of the USB connectors on the front or rear panels.
After the keyboard is connected, pressing the enter key will cause the CLI login prompt to bedisplayed. The default login credentials are username admin and password adminn. At theinitial CLI prompt (>) type enable to enter enable mode.
-
7/28/2019 R2.0 CEM Command Reference
16/485
4-1NetSocket, Inc. - Proprietary and Confidential
4 CLI BasicsThis chapter provides information about the Command Line Interface (CLI) used to provisionthe NetSocket SVP, SVA, and SVM.
4.1 Command Structure
In its basic form, a CLI command can be thought of as a single-word command followed bypossible mandatory or optional keywords and arguments. However, when forming names ofCLI commands for documentation purposes, the single-word command is often combined withmandatory keyword choices to produce one or more commands. For example, the show alarmsand show aliases CLI commands are documented as two separate commands instead of asingle show command with alarms and aliases as keyword choices. This breakdown of largecommands into smaller units is done so that the resulting commands can be more effectivelylocated and understood by the user of the documentation.
4.1.1 Command Classes
The CLI command set is comprised of three classes of commands: Configuration, Monitoring,and Operations.
The Configuration class of commands includes all commands that allow a user to create,
modify, or delete persistent configuration information within the SVP, SVA, and SVM.
Configuration commands are available within various configuration command modes.
The Monitoring class of commands includes all commands that allow a user to retrieve
configuration and status information from the system. Monitoring commands are available
entirely within the EXEC command mode.
The Operations class of commands includes all commands that allow a user to initiate
specific functions of the system, but not to change any configuration information.Operations commands are available entirely within the EXEC command mode.
4.1.2 Command Modes
The CLI contains a hierarchical structure for accessing commands. Sets of commands areavailable within different command modes located at various levels within the hierarchicalstructure. The left column of the following table lists the names of all supported commandmodes. For configuration command modes that vary the set of commands available dependingupon the type of object being configured, a command mode qualifier is also specified as part ofthe command mode. The command mode qualifier is simply the name for the type of objectbeing configured, enclosed within parentheses.
By default, the CLI prompt indicates the current command mode. The right column lists the CLIdefault prompt values for each command mode. The contents of the CLI prompt can becustomized using the prompt command.
-
7/28/2019 R2.0 CEM Command Reference
17/485
CLI Basics
NetSocket, Inc. - Proprietary and Confidential 4-2
Table 4-1 - Command Modes and Prompts
Command Mode Prompt
User EXEC Router>
Privileged EXEC Router#
Global Configuration Router(config)#
Address Family Configuration (at-type) Router(config-router-af)#
Flow Aggregation Cache Configuration Router(config-flow-cache)#
Interface Configuration (entity-type) Router(config-if)#
IP Extended Access-List Configuration Router(config-ext-nacl)#
IP Standard Access-List Configuration Router(config-std-nacl)#
Route-Map Assign Router(route-map-assign)#
Route-Map Configuration Router(config-route-map)#
Router Configuration (protocol) Router(config-router)#
Session-Thresholds Router(config- session-threshold)
Subinterface Configuration (entity-type) Router(config-subif)#
Traceoptions Configuration Router(config-traceoptions)#
Topology Map Router (config-topology-map)#
Topology Map Router Router (config-topology-map-router)#
When establishing a connection with the CLI, the user is placed in the EXEC command mode.The EXEC command mode has 16 possible privilege levels (ranging from 0 to 15), but bydefault, the user starts at privilege level 1, or the User level. When at the User level, the EXECcommand mode is referred to as the User EXEC Mode. The User EXEC Mode has a limited setof commands made available to the user.
To gain access to additional commands at a higher privilege level, the user enters the enablecommand (followed by a password if configured). As an initial system default, all commands notavailable at the User level are available at privilege level 15, referred to as the Privileged
level. When at the Privileged level, the EXEC command mode is referred to as the PrivilegedEXEC Mode. Once the user is in the Privileged EXEC Mode, all other command modes areaccessible.
The Global Configuration Mode can be used to configure items that are of a non-specific
nature. From the Privileged EXEC Mode, the user enters the configure command to move tothe Global Configuration Mode. From the Global Configuration Mode, a number of specificconfiguration modes can also be reached by entering the specific configuration mode entrycommand. For example, the Controller Configuration Mode can be reached from the GlobalConfiguration Mode by entering controller (followed by a controller entity-name).
By using a small set of commands, a user can move from one command mode to another. Fora complete list of all mode navigation commands, see the following table.
-
7/28/2019 R2.0 CEM Command Reference
18/485
CLI Basics
NetSocket, Inc. - Proprietary and Confidential 4-3
Table 4-2 - Mode Navigation Commands
From I To Command
from EXEC to User EXEC (creates a new
session)
login
from User EXEC to Privileged EXEC enable
from Privileged EXEC to User EXEC
(creates a new session)
login
from Privileged EXEC to Global
Configuration
configure
from Global Configuration to any
configuration mode
specific configuration mode entry command
from any configuration mode to Global
Configuration
any Global Configuration command
from any configuration mode to back onemode
exit (config)
from any configuration mode to Privileged
EXEC
end
from Privileged EXEC to User EXEC disable (EXEC)
from any EXEC mode to log off router exit (EXEC) or logout
4.1.3 Command Syntax
As an aid in conveying CLI syntax requirements, command syntax conventions have beenadopted within the command documentation. These syntax conventions are summarizedbelow.
Table 4-3 - Syntax Conventions
Syntax Convention Description
bold Bold indicates keywords input exactly as shown
italics Italic type indicates arguments that must be supplied by the user
output Non-proportional font indicates output from the router
In Progress ... Output message indicates the entered command is in progress
a Nothing indicates required keyword, argument, or combination
[a] Brackets indicate optional keyword, argument, or combination
... I * Ellipsis, pipe, and asterisk indicate operators of an expression
[a]... Brackets followed by an ellipsis indicate optional one or more unique
instances of an argument, expression, or combination
-
7/28/2019 R2.0 CEM Command Reference
19/485
CLI Basics
NetSocket, Inc. - Proprietary and Confidential 4-4
{a}... Braces followed by an ellipsis indicate required one or more unique
instances of an argument, expression, or combination
[a I b] Brackets separated by one or more pipes indicate optional choice of
a keyword, argument, expression, or combination
{a I b} Braces separated by one or more pipes indicate required choice of a keyword, argument, expression, or combination
*[a I b] Brackets preceded by an asterisk and separated by one or more
pipes indicate optional one or more non-ordered choices of a
keyword, argument, expression, or combination
*{a I b} Braces preceded by an asterisk and separated by one or more pipes
indicate required one or more non-ordered choices of a keyword,
argument, expression, or combination
4.2 CLI Fundamentals4.2.1 CLI Functions
The CLI allows unique abbreviations to be substituted within commands in place of fullyentered keywords (and certain arguments). This function is merely a time-saving feature to beused or not used by preference of the user.
The CLI provides command-line help functions to assist the user in forming valid commandinput. The following table summarizes the available command-line help functions and how toaccess them. Note that help is only offered for the commands that are valid within the currentcommand mode.
Table 4-4 - Command-Line Help
Help Function How to Access
Show command-line help information Type help and then the enter key
Show a list of all available commands Type ?
Show commands starting with given input Type ? after entering input
Show available keywords and arguments Type a command, a space, and then ?
Auto-complete command or keyword Type first letter(s) and then the tab key
The CLI provides a set of command-line editing functions. These functions are invoked by
special key combinations. A list of these key combinations and corresponding functions isshown below. Note that a dash (-) means two keys must be pressed at the same time.
-
7/28/2019 R2.0 CEM Command Reference
20/485
CLI Basics
NetSocket, Inc. - Proprietary and Confidential 4-5
Table 4-5 - Command-Line Editing
Key Combination Function
Ctrl-a Move cursor to the start of the line being edited
{Ctrl-b I lt arrow} Move cursor backward one character (to the left)
Ctrl-e Move cursor to the end of the line being edited
{Ctrl-f I rt arrow} Move cursor forward one character (to the right)
{del I backspace} Delete character to the left of the cursor
Ctrl-d Delete character directly under cursor
Ctrl-k Delete characters from the cursor to the end of the line being edited
{Ctrl-u I Ctrl-x} Delete characters from the cursor to the start of the line being edited
Ctrl-w Delete entire word to the left of the cursor
Ctrl-t Transpose character under the cursor with the character to the left
{Ctrl-p I up arrow} Display older command within the command history buffer
{Ctrl-n I dn arrow} Display newer command within the command history buffer
The CLI provides the capability within all show commands to filter out certain lines in the outputbased on matching a regular expression string. By simply appending the output modifier syntaxshown in the following table to the normal show command syntax, the corresponding filterfunction can be applied. Note that the reg-exp (regular expression) argument of the outputmodifier syntax is case sensitive.
If the regular expression string includes one or more spaces to be used in the filtering criteria,parentheses must be used as delimiters.
Table 4-6 - Show Output Filtering
Output Modifier Function
I begin reg-exp Display show output beginning at line matched by reg-exp string
I include reg-exp Display show output including all lines matched by reg-exp string
I exclude reg-exp Display show output excluding all lines matched by reg-exp string
The CLI provides the capability to enter and display numeric constants using multiple formatsbased on special prefixes applied to the constant. The following table shows the prefixesunderstood by the CLI and the corresponding meaning.
Table 4-7 - Numeric Constant Prefixes
Prefix Meaning
(none) Numeric constant is interpreted as decimal (base 10)
0 Numeric constant is interpreted as octal (base 8)
0x Numeric constant is interpreted as hexadecimal (base 16)
-
7/28/2019 R2.0 CEM Command Reference
21/485
CLI Basics
NetSocket, Inc. - Proprietary and Confidential 4-6
While displaying output that exceeds the length of a single display screen, the CLI provides apaging capability that allows entry of various paging-related commands. These CLI pagingcommands are listed below.
Table 4-8 - Paging Commands
Command Function:help Display paging command help[n] {f I Ctrl-f I space} Forward n lines, default one screen[n] {b I Ctrl-b} Backward n lines, default one screen[n] {j I cr} Forward n lines, default one line[n] k Backward n lines, default one line[n] {d I Ctrl-d} Forward n lines, default half screen or last n[n] {u I Ctrl-u} Backward n lines, default half screen or last n[n] g Go to line n, default line 1{r I Ctrl-l} Repaint screen[n] Ipattern Search forward fornth line containing the pattern[n] I!pattern Search forward fornth line not containing the pattern[n] ?pattern Search backward fornth line containing the pattern[n] ?!pattern Search backward fornth line not containing the pattern[n] n Repeat previous search (for nth occurrence)[n] N Repeat previous search other direction (for nth occurrence){= I Ctrl-g} Display current status{q I :q I ZZ} Exit
Finally, the CLI provides many powerful utilities that can be accessed by the user. These CLIutilities are listed below.
Table 4-9 - Utility Commands
Command Utility
send Sends an asynchronous user message to another user
telnet Opens a telnet connection with a remote host
wall Sends an asynchronous user message to all users
-
7/28/2019 R2.0 CEM Command Reference
22/485
CLI Basics
NetSocket, Inc. - Proprietary and Confidential 4-7
4.2.2 CLI Customization
Some aspects of the CLI can be modified to accommodate the individual needs of the user.The CLI commands and corresponding functions that provide this level of CLI customization arelisted below.
Table 4-10 - CLI Customization Commands
Command Function
alias Sets a command alias to be used instead of an original command
banner enable Sets a message to display upon enabling to a new privilege level
banner exec Sets a message to display after user login
banner login Sets a message to display before user login
banner motd Sets a message of the day (MOTD) message
enable password Sets a password to control access to a specified privilege level
exec-banner Enables both the EXEC and message of the day (MOTD) banners
exec-timeout Sets the EXEC time-out period
motd-banner Enables the message of the day (MOTD) banner
privilege level Assigns a privilege level to a command
prompt Enables a custom prompt string to be configured
terminal history Enables the command history feature or sets the command buffer
size
terminal length Sets the number of display lines per screen
terminal monitor Enables output of debug and error messages
terminal width Sets the number of characters per display line
-
7/28/2019 R2.0 CEM Command Reference
23/485
NetSocket, Inc. - Proprietary and Confidential 5-1
5 CLI Command Definitions
aaa accounting commands
Enables AAA accounting for commands at a specified privilege level. The no form of thiscommand disables this function (default).
Syntax
aaa accounting commandslevel
no aaa accounting commands[level]
Parameters
Parameter Description Type/Range
level Privilege level, 1 usuallyindicates the EXEC mode
and 15 (default) usually
indicates the Privileged
EXEC Mode.
1 to 15
Mode
Global Configuration
aaa accounting execEnables AAA accounting for an EXEC session. The no form of this command disables thisfunction (default).
Syntax
aaa accounting exec default {none | radius | start-stop | stop-only} tacacs+
no aaa accounting exec default [[none | radius | start-stop | stop-only] tacacs+]
Parameters
Parameter Description
none Disables accounting services for this (tty)
line
radius Include the RADIUS servers methods.
start-stop Sends an accounting notice when a process
starts and ends.
-
7/28/2019 R2.0 CEM Command Reference
24/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-2
stop-only Sends an accounting notice only when a
process ends.
tacacs+ Include the TACACS+ method.
Mode
Global Configuration
aaa accounting system
Enables AAA accounting for non-user, system level events. The no form of this commanddisables this function (default).
Syntax
aaa accounting system default {none | start-stop | stop-only} tacacs+
no aaa accounting system default [[none | start-stop | stop-only] tacacs+]
Parameters
Parameter Description
none Disables accounting services for this (tty)
line
start-stop Sends an accounting notice when a process
starts and ends.
stop-only Sends an accounting notice only when a
process ends.
tacacs+ Include the TACACS+ method.
Mode
Global Configuration
aaa authentication login
Creates the default AAA authentication method list. The no form of this command deletes the
default AAA authentication method list (default).
Syntax
aaa authentication login default *{local | radius | tacacs+}
no aaa authentication login default *[local | radius | tacacs+]
-
7/28/2019 R2.0 CEM Command Reference
25/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-3
Parameters
Parameter Description
default Use the list of authentication methods that
follow to create the default list.
local Include the local user name database
method.
radius Include the RADIUS servers method.
tacacs+ Include the TACACS+ servers method.
Mode
Global Configuration
Guidel ines
If the default login AAA authentication method list does not exist, the local user name databaseis used as the default login AAA authentication method list.
aaa authorization commands
Creates an AAA authorization method list for commands at a specified privilege level. The noform of this command removes the authorization method list (default).
Syntax
aaa authorization commands leveldefault *{local | tacacs+}
no aaa authorization commands [level] default *[local | tacacs+]
Parameters
Parameter Description Type/Range
level Privilege level, 1 usually
indicates the EXEC mode
and 15 (default) usually
indicates the PrivilegedEXEC Mode.
1 to 15
default Use the list of authorization
methods that follow to
create the default list.
local Include the local user
name database method.
-
7/28/2019 R2.0 CEM Command Reference
26/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-4
tacacs+ Include the TACACS+
servers method.
Mode
Global Configuration
aaa authorization config-commands
Enables AAA configuration command authorization method for all global-config commands.The no form of this command disables this function.
Syntax
aaa authorization config-commands
no aaa authorization config-commands
Mode
Global Configuration
aaa authorization exec
Creates the default EXEC shell AAA authorization method list. The no form of this commanddeletes the default EXEC shell AAA authorization method list (default).
Syntax
aaa authorization exec default *{local | radius | tacacs+}
no aaa authorization exec default *[local | radius | tacacs+]
Parameters
Parameter Description
default Use the list of authorization methods that
follow to create the default list.
local Include the local user name database
method.
radius Include the RADIUS servers method.
tacacs+ Include the TACACS+ servers method.
Mode
-
7/28/2019 R2.0 CEM Command Reference
27/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-5
Global Confguration
Guidel ines
If the default EXEC shell AAA authorization method list does not exist, the local user namedatabase is used as the default EXEC shell AAA authorization method list.
aar
Average Active Registrations (AAR) is an average number of active registrations. Thecommand replaces the existing settings for the intervals specified. This alert can be used if aknown minimum number of registrations is expected. The no form of the command with noarguments disables the AAR alert for all time intervals. The no form of the command with asingle interval, regardless of set/clear threshold value, will disable the AAR alert for that timeinterval.
This command enables generation of alerts to the SVM and traps to the NMS. The setthreshold must be less than or equal to the clear threshold.
Syntax
aar {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
no aar {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
Parameters
Parameter Description Type/Range Default
interval1 set/clear thresholds forfirst interval of the day.
None
interval2 set/clear thresholds for
second interval of the day.
None
interval3 set/clear thresholds for
third interval of the day.
None
interval4 set/clear thresholds for
fourth interval of the day.
None
set If number of active tunnels
is less than this value,
alert will set.
0 to 300,000 where
00 implies off.
0
clear If number of active tunnels
is greater than or equal to
this value, alert will clear.
00 to 300,000 0
Mode
Session thresholds configuration
-
7/28/2019 R2.0 CEM Command Reference
28/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-6
aat
Average Active Tunnels (AAT) is an average number of active tunnels. This alert can be used ifa known minimum number of tunnels expected. The command replaces the existing settings forthe intervals specified. The no form of the command with no arguments disables the AAT alertfor all time intervals. The no form of the command with a single interval, regardless of set/clearthreshold value, will disable the AAT alert for that time interval.
This command enables generation of alerts to the SVM and traps to the NMS. The setthreshold must be less than or equal to the clear threshold.
Syntax
aat {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
no aat {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
Parameters
Parameter Description Type/Range Default
interval1 set/clear thresholds for
first interval of the day.
None
interval2 set/clear thresholds for
second interval of the day.
None
interval3 set/clear thresholds forthird interval of the day.
None
interval4 set/clear thresholds for
fourth interval of the day.
None
set If number of active tunnels
is less than this value,
alert will set.
0 to 300,000 where
00 implies off.
0
clear If number of active tunnels
is greater than or equal to
this value, alert will clear.
00 to 300,000 0
Mode
Session thresholds configuration
access-list (extended)
-
7/28/2019 R2.0 CEM Command Reference
29/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-7
Creates an extended access-list. If no sequence number or matching clause is specified, the noform of this command deletes the entire access-list; otherwise, only the access-list clausespecified by the sequence number and/or matching clause is deleted.
Syntax
access-listaccess-list-id[seqsequence-number] {{deny | permit} {protocol| ip} {source-ipaddress source-wildmask| any | hostsource-ip-address} {dest-ip-address dest-wildmask|any | hostdest-ip-address} *[dscpdscp-value | precedenceprecedence-value | tos tos-value| {log | log-input} | fragments] | remarkstring} [class-mapclass-map-name]
no access-listaccess-list-id[seqsequence-number] [{deny | permit} {protocol| ip} {source-ipaddress source-wildmask| any | hostsource-ip-address} {dest-ip-address dest-wildmask|any | hostdest-ip-address} *[dscpdscp-value | precedenceprecedence-value | tostos-value| {log | log-input} | fragments] | remarkstring] [class-mapclass-map-name]
Parameters
Parameter Description
access-list-id Alphanumeric name string (40 characters maximum) of the
extended access-list being defined.
sequence-number Unique sequence number of the deny, permit, or remark
clause being added to (or deleted from) the access list; by
default, sequence numbers start at 10 and increment by 10
for each entry added to the end of the access list.
deny Access is denied for the source and destination addresses
specified.
permit Access is permitted for the source and destination
addresses specified.
protocol Name or number of an internet protocol, or symbol-name as
defined in define ipprotocol, valid protocol numbers are 0 to
255 (SVP option only).
ip Any IP protocol.
source-ip-address source-
wildmask
Access is denied or permitted for packets originating from
this source IP address and wildcard mask combination.
any Access is denied or permitted for packets originating from
any source IP address.
host source-ip-address Access is denied or permitted for packets originating from
this source IP address host.dest-ip-address dest-
wildmask
Access is denied or permitted for packets sent to this
destination IP address and wildcard mask combination.
any Access is denied or permitted for packets sent to any
destination IP address.
host dest-ip-address Access is denied or permitted for packets sent to this
destination IP address host.
-
7/28/2019 R2.0 CEM Command Reference
30/485
-
7/28/2019 R2.0 CEM Command Reference
31/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-9
Parameters
Parameter Description
icmp-type ICMP name or code to be matched, range is 0 to 255, or
symbol-name may be used if defined in define icmp-code.
icmp-subcode ICMP subcode to be matched, range is 0 to 255.
Mode
Global Configuration
access-list (extended IGMP)
Creates an IGMP extended access-list. If no sequence number or matching clause is specified,the no form of this command deletes the entire access-list; otherwise, only the access-list
clause specified by the sequence number and/or matching clause is deleted.
See the access-list (extended) command for other descriptions of inputs that are commonbetween the access-list family of commands.
Syntax
access-list access-list-id[seq sequence-number] {{deny | permit} {2 | igmp} {source-ipaddress source-wildmask| any | host source-ip-address} {dest-ip-address dest-wildmask|any | host dest-ip-address} *[dscp dscp-value | precedenceprecedence-value | tos tos-value| {log | log-input} | fragments | igmp-type] | remark string} [class-map class-map-name]
no access-list access-list-id[seq sequence-number] [{deny | permit} {2 | igmp} {source
ipaddress source-wildmask| any | host source-ip-address} {dest-ip-address dest-wildmask|any |host dest-ip-address} *[dscp dscp-value | precedenceprecedence-value | tos tos-value| {log |log-input} | fragments | igmp-type] | remark string] [class-map class-map-name]
Parameter Description Type/Range
igmp-type IGMP protocol name or
code to be matched or
symbol-name may be used
if defined in define igmp.
0 to 15
Mode
Global Configuration
access-list (extended TCP)
Creates an TCP extended access-list. If no sequence number or matching clause is specified,the no form of this command deletes the entire access-list; otherwise, only the access-listclause specified by the sequence number and/or matching clause is deleted.
-
7/28/2019 R2.0 CEM Command Reference
32/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-10
See the access-list (extended) command for other descriptions of inputs that are commonbetween the access-list family of commands.
Syntax
access-list access-list-id[seq sequence-number] {{deny | permit} {6 | tcp} {source-ipaddresssource-wildmask| any | host source-ip-address} [{eq | gt | lt | neq} source-tcp-port | range
source-tcp-port1 source-tcp-port2] {dest-ip-address dest-wildmask| any | host dest-ipaddress}
[{eq | gt | lt | neq} dest-tcp-port| range dest-tcp-port1 dest-tcp-port2] *[dscp dscp-value |
precedenceprecedence-value | tos tos-value | {log | log-input} | fragments | ack |
established | fin | psh | rst | syn | urg] | remark string} [class-map class-map-name]
no access-list access-list-id[seq sequence-number] [{deny | permit} {6 | tcp} {source-
ipaddress source-wildmask| any | host source-ip-address} [{eq | gt | lt | neq} source-tcp-port|
range source-tcp-port1 source-tcp-port2] {dest-ip-address dest-wildmask| any | host dest-
ipaddress} [{eq | gt | lt | neq} dest-tcp-port| range dest-tcp-port1 dest-tcp-port2] *[dscp dscp-
value | precedenceprecedence-value | tos tos-value | {log | log-input} | fragments | ack |
established | fin | psh | rst | syn | urg] | remark string] [class-map class-map-name]
Parameters
Parameter Description
eq Specifies that port must be equal to a value.
gt Specifies that port must be greater than a value.
lt Specifies that port must be less than a value.
neq Specifies that port must be not equal to a value.
range Specifies that port must be within a range of values.
source-tcp-port Decimal number or well-known name of the source TCPport, or symbol name if defined in define tcp-port.
dest-tcp-port Decimal number or well-known name of the destination TCP
port, or symbol name if defined in define tcp-port.
ack TCP flag to be matched (SVP option only).
established TCP flag to be matched (SVP option only).
fin TCP flag to be matched (SVP option only).
psh TCP flag to be matched (SVP option only).
rst TCP flag to be matched (SVP option only).
syn TCP flag to be matched (SVP option only).
urg TCP flag to be matched (SVP option only).
Mode
Global Configuration
-
7/28/2019 R2.0 CEM Command Reference
33/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-11
access-list (extended UDP)
Creates an UDP extended access-list. If no sequence number or matching clause is specified,the no form of this command deletes the entire access-list; otherwise, only the access-listclause specified by the sequence number and/or matching clause is deleted.
See the access-list (extended) command for other descriptions of inputs that are commonbetween the access-list family of commands.
Syntax
access-list access-list-id[seq sequence-number] {{deny | permit} {17 | udp} {source-
ipaddress source-wildmask| any | host source-ip-address} [{eq | gt | lt | neq} source-udp-port
| range source-udp-port1 source-udp-port2] {dest-ip-address dest-wildmask| any | host dest-
ipaddress} [{eq | gt | lt | neq} dest-udp-port| range dest-udp-port1 dest-udp-port2] *[dscp
dsc-pvalue | precedenceprecedence-value | tos tos-value | {log | log-input} | fragments] |
remark string} [class-map class-map-name]
no access-list access-list-id[seq sequence-number] [{deny | permit} {17 | udp} {source-ipaddress source-wildmask| any | host source-ip-address} [{eq | gt | lt | neq} source-udp-port
| range source-udp-port1 source-udp-port2] {dest-ip-address dest-wildmask| any | host dest-
ipaddress} [{eq | gt | lt | neq} dest-udp-port| range dest-udp-port1 dest-udp-port2] *[dscp
dscp-value | precedenceprecedence-value | tos tos-value | {log | log-input} | fragments] |
remark string] [class-map class-map-name]
Parameters
Parameter Description
eq Specifies that port must be equal to a value.
gt Specifies that port must be greater than a value.
lt Specifies that port must be less than a value.
neq Specifies that port must be not equal to a value.
range Specifies that port must be within a range of values.
source-udp-port Decimal number or well-known name of the source UDP
port, or symbol name if defined in define udp-port.
dest-udp-port Decimal number or well-known name of the destination UDP
port, or symbol name if defined in define udp-port.
Mode
Global Configuration
access-list sequence-enable
Enables the display of sequence numbers when showing access-lists. The no form of thiscommand disables the display of sequence numbers when showing access-lists (default).
-
7/28/2019 R2.0 CEM Command Reference
34/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-12
This command does not affect access-list commands displayed within running configurationoutput. Sequence numbers are not displayed within running configuration output.
Syntax
access-list sequence-enable
no access-list sequence-enable
Mode
Global Configuration
access-list (standard)
Creates a standard access-list. If no sequence number or matching clause is specified, the no
form of this command deletes the entire access-list; otherwise, only the access-list clausespecified by the sequence number and/or matching clause is deleted.
Syntax
access-list access-list-id[seq sequence-number] {{deny | permit} {ip-address [wildmask] |
any | host ip-address} [log] | remark string} [class-map class-map-name]
no access-list access-list-id[seq sequence-number] [{deny | permit} {ip-address [wildmask] |
any | host ip-address} [log] | remark string] [class-map class-map-name]
Parameters
Parameter Description
access-list-id Alphanumeric name string (40 characters maximum) of the
standard access-list being defined.
sequence-number Unique sequence number of the deny, permit, or remark
clause being added to (or deleted from) the access list; by
default, sequence numbers start at 10 and increment by 10
for each entry added to the end of the access list.
deny Access is denied for the source addresses specified.
permit Access is permitted for the source addresses specified.
ip-address [wildmask] Access is denied or permitted for packets originating fromthis source IP address and wildcard mask combination (if
wildcard mask is not specified, 0.0.0.0 is assumed).
any Access is denied or permitted for packets originating from
any source IP address.
host ip-address Access is denied or permitted for packets originating from
this source IP address host.
-
7/28/2019 R2.0 CEM Command Reference
35/485
-
7/28/2019 R2.0 CEM Command Reference
36/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-14
clear Value of duration in
seconds is greater than or
equal to this value, alert
will clear.
00 to 600 0
Mode
Session thresholds configuration
acdd
Average Call Disconnect Delay (ACDD) is an average delay for VoIP sessions measured fromthe release request to the acknowledgement. The command replaces the existing settings forthe intervals specified. The no form of the command with no arguments disables the ACDDalert for all time intervals. The no form of the command with a single interval, regardless ofset/clear threshold value, will disable the ACDD alert for that time interval.
This command enables generation of alerts to the SVM and traps to the NMS based on theAverage Call Disconnect Delay. The set threshold must be greater than or equal to the clearthreshold.
Syntax
acdd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
no acdd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
Parameters
Parameter Description Type/Range Default
interval1 set/clear thresholds for
first interval of the day.
None
interval2 set/clear thresholds for
second interval of the day.
None
interval3 set/clear thresholds for
third interval of the day.
None
interval4 set/clear thresholds for
fourth interval of the day.
None
set Value of duration in
seconds is greater than
this value, alert will set.
0 to 600 where 00
implies off.
0
-
7/28/2019 R2.0 CEM Command Reference
37/485
-
7/28/2019 R2.0 CEM Command Reference
38/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-16
Mode
Session thresholds configuration
address-family ipv4Enables IPv4 address family based running configuration on the RCP and enters into thespecified Address Family Configuration Mode. The no form of this command does a no activatecommand on all peers and peer groups in the address family, removes all peers from their peergroups, and clears out all the attributes from peers.
Syntax
address-family ipv4 [multicast | [unicast] [vrfvrf-name]]
no address-family ipv4 [multicast | [unicast] [vrfvrf-name]]
Parameters
Parameter Description
ipv4 Specifies IP version 4
multicast Specifies Multicast mode.
unicast Specifies Unicast mode (default).
vrf-name Alpha-numeric-symbolic name for the VRF
the address-family information is associated
with, range is 1 to 40 characters.
Mode
Router Configuration (BGP)
Guidel ines
Once address family based running configuration is enabled on the RCP, it cannot be disabled.
address-family (traceoptions)
Enables debug messages of specified BGP address family names to be placed in the trace file.
The no form of this command disables debug messages of specified BGP address familynames (or all names if none specified) from being placed in the trace file (default).
Syntax
address-family {family-name}...
no address-family [family-name]...
-
7/28/2019 R2.0 CEM Command Reference
39/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-17
Parameters
Parameter Description
family-name Family name of BGP address family, either
ipv4 unicast or ipv4 multicast.
Mode
Traceoptions Configuration
alias
Creates a command alias for a specified command within a specified command mode. The noform of this command deletes a specified command alias within a specified mode or deletes allcommand aliases within a specified mode.
Syntax
alias mode command-alias command
no alias mode [command-alias [command]]
Parameters
Parameter Description
mode {address-family | configure | controller|
cos-queue-group-in | cos-queuegroup-
out | exec | flow-cache | interface | ip-
explicit-path | ipenacl | ipsnacl | line |path-attr| policy-list | protmon |
QoSclassmap | QoSpolicymap-in |
QoSpolicymap-out | QoSpolicymapclass-
in | QoSpolicymapclass-out | route-map |
router| subinterface | traceoptions}.
address-family Address Family Configuration Mode.
configure Global Configuration Mode.
exec EXEC mode.
flow-cache Flow aggregation Cache Configuration
Mode.
interface Interface Configuration Mode.
ip-explicit-path IP Explicit Path Configuration Mode.
ipenacl IP Extended Access-List Configuration
Mode.
-
7/28/2019 R2.0 CEM Command Reference
40/485
-
7/28/2019 R2.0 CEM Command Reference
41/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-19
interval4 set/clear thresholds for
fourth interval of the day.
None
set Value of duration in
seconds is greater than
this value, alert will set.
0 to 600 where 00
implies off.
0
clear Value of duration in
seconds is less than or
equal to this value, alert
will clear.
00 to 600 0
Mode
Session thresholds configuration
ard
Average Registration Delay (ARD) is the average delay for VoIP applications for registrationdelay duration. The command replaces the existing settings for the intervals specified. The noform of the command with no arguments disables the ARD alert for all time intervals. The noform of the command with a single interval, regardless of set/clear threshold value, will disablethe ARD alert for that time interval.
This command enables generation of alerts to the SVM and traps to the NMS based on theAverage Registration Delay. The set threshold must be greater than or equal to the clearthreshold.
Syntax
ard {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
no ard {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
Parameters
Parameter Description Type/Range Default
interval1 set/clear thresholds for
first interval of the day.
None
interval2 set/clear thresholds forsecond interval of the day.
None
interval3 set/clear thresholds for
third interval of the day.
None
interval4 set/clear thresholds for
fourth interval of the day.
None
-
7/28/2019 R2.0 CEM Command Reference
42/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-20
set Value of duration in
seconds is greater than
this value, alert will set.
0 to 600 where 00
implies off.
0
clear Value of duration in
seconds is less than or
equal to this value, alertwill clear.
00 to 600 0
Mode
Session thresholds configuration
area authentication
Enables authentication in the OSPF area specified. The no form of this command disablesauthentication for the area (default).
Syntax
area {ip-address | area-id} authentication [simple | message-digest]
no area {ip-address | area-id} authentication [simple | message-digest]
Parameters
Parameter Description Type/Range
ip-address Area to be authenticated,
expressed as an IP
address (dotted decimal).
area-id Area to be authenticated,
expressed as a decimal
number
0 to 4294967295
simple Specifies Type-1 (simple
password) authentication
(default).
message-digest Specifies MD5
authentication.
Mode
Router Configuration (OSPF)
Guidel ines
If simple or message-digest is not specified, simple authentication is done.
-
7/28/2019 R2.0 CEM Command Reference
43/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-21
area default-cost
In an Area Border Router (ABR), specifies the cost of the default summary route sent into astub area. The no form of this command removes the specified default summary route cost, andsets the default-cost to 1 (default).
Syntax
area {ip-address | area-id} default-cost cost
no area {ip-address | area-id} default-cost [cost]
Parameters
Parameter Description Type/Range
ip-address IPv4 or IPv6 address of the
area into which the default-
cost is being sent.
IPv4 or IPv6
area-id Area into which the default-
cost is being sent,
expressed as a decimal
number
0 to 4294967295
cost Default summary route cost
for the stub area
1 to 65535, default is 1.
Mode
Router Configuration (OSPF)
area nssa
Enables an OSPF area to be a not-so-stubby-area (NSSA). The no form of this commandremoves an OSPF area from NSSA designation.
Syntax
area {ip-address | area-id} nssa [no-redistribution] [default-information-originate ][nosummary]
no area {ip-address | area-id} nssa [no-redistribution] [default-information-originate ][nosummary]
Parameters
Parameter Description Type/Range
-
7/28/2019 R2.0 CEM Command Reference
44/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-22
ip-address Area being designated as
an NSSA, expressed as an
ip address (dotted
decimal).
area-id Area being designated as
an NSSA, expressed as adecimal number
0 to 4294967295
no-redistribution Configures this router
(which must be an NSSA
Area Border Router) to not
redistribute routes into the
NSSA, but to allow
redistribution into the non-
NSSA areas.
no-summary Configures this router to
not send Network
Summary LSAs (Type 3)into the NSSA
default-information-
originate
Configures this router
(which must be an NSSA
Area Border Router) to
generate an NSSA External
LSA (Type 7) default route
into the NSSA.
Mode
Router Configuration (OSPF)
area virtual-link
Sets an OSPF virtual link (a link to the backbone through a non-backbone area). The no form ofthis command removes the virtual link.
Syntax
area {ip-address | area-id} virtual-link router-id*[authentication [null | message-digest] |dead-interval seconds | hello-interval seconds | retransmit-interval seconds | transmitdelayseconds] [authentication-key [encryption-type]password| message-digest-key key-idmd5
[encryption-type] key]
no area {ip-address | area-id} virtual-link router-id*[authentication [null | message-digest] |dead-interval seconds | hello-interval seconds | retransmit-interval seconds | transmitdelayseconds] [authentication-key [encryption-type]password| message-digest-key key-idmd5[encryption-type] key]
Parameters
-
7/28/2019 R2.0 CEM Command Reference
45/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-23
Parameter Description Type/Range
ip-address IP address of the area of
the non-backbone (transit)
area being used for the
virtual link.
area-id Area of the non-backbone
(transit) area being used for
the virtual link
0 to 4294967295
router-id Router-id of the ABR with
which the virtual-link is
being established.
hello-interval seconds Amount of time in seconds
that passes between the
sending of Hello packets.
1 to 8192, default is 10
retransmit-interval
seconds
Amount of time in seconds
to wait betweenunacknowledged OSPF
packet retransmissions
1 to 8192, default is 5
transmit-delay seconds Amount of time in seconds
it takes to transmit an LSA
on this interface. The LSA
age will be increased by
this amount as it exits this
interface or resides in the
LSA database
1 to 8192, default is 1
dead-interval seconds Amount of time in seconds
that the RCP will wait tohear a Hello from a
neighbor on the network to
which the interface is
connected before declaring
the neighbor dead (down)
1 to 8192, default is 40
authentication Configures the link to use
simple (password)
authentication.
authentication null Configures the link to use
no authentication.
authentication message-
digestConfigures the link to useMD5 authentication.
authentication-key
encryption-type
Optional number specifying
the type of encryption to
use when storing and
displaying the simple
password
0 to 7, default is 0 (no
encryption).
-
7/28/2019 R2.0 CEM Command Reference
46/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-24
password Continuous string of
characters, up to 8 bytes
long, that is the simple
password to be used by
neighboring routers.
key-id Identifier for the MD5 key 1 to 255
md5 encryption-type Optional number specifying
the type of encryption to
use when storing and
displaying the md5 key
0 to 7, default is 0 (no
encryption).
key Alphanumeric string of up
to 16 characters that is the
value of the MD5 key.
Mode
Router Configuration (OSPF)
Guidel ines
If the command password-encryption has been enabled, all passwords are encrypted forstorage and display, regardless of the encryption type parameters specified here.
arp
Creates a static entry within the Address Resolution Protocol (ARP) table. The no form of thiscommand removes a static entry.
Syntax
arp ip-address mac-address
no arp ip-address [mac-address]
Parameters
Parameter Description
ip-address IP address of the static entry.
mac-address 48-bit IEEE MAC address using three 4-digithex numbers separated by periods
(xxxx.xxxx.xxxx)
Mode
Global Configuration
-
7/28/2019 R2.0 CEM Command Reference
47/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-25
assign
Creates a variable that can have multiple match commands associated with it, so that morethan one match condition may exist for a set command. The no form of this command deletesthe variable definition.
Syntax
assign variable-name
no assign variable-name
Parameters
Parameter Description Type/Range
variable-name Name of the variable being
created, can be one
alphabetic character
a-z
Mode
Route-Map Configuration
Guidel ines
This command enters Route-Map Assign Mode, where all of the route-map match commandsare available. After entering the match commands to be assigned to this variable, type exit toreturn to normal Route-Map Configuration Mode.
atdAverage Tunnel Duration (ATD) is an average duration of successfully established tunnelsessions. The command replaces the existing settings for the intervals specified. The no formof the command with no arguments disables the ATD alert for all time intervals. The no form ofthe command with a single interval, regardless of set/clear threshold value, will disable the ATDalert for that time interval.
This command enables generation of alerts to the SVM and traps to the NMS based on theAverage Tunnel Duration. The set threshold must be less than or equal to the clear threshold.
Syntax
atd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
no atd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
Parameters
-
7/28/2019 R2.0 CEM Command Reference
48/485
-
7/28/2019 R2.0 CEM Command Reference
49/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-27
interval2 set/clear thresholds for
second interval of the day.
None
interval3 set/clear thresholds for
third interval of the day.
None
interval4 set/clear thresholds for
fourth interval of the day.
None
set Value of duration in
seconds is less than this
value, alert will set.
0 to 600 where 00
implies off.
0
clear Value of duration in
seconds is greater than or
equal to this value, alert
will clear.
00 to 600 0
Mode
Session thresholds configuration
avdd
Average Video Disconnect Delay (AVDD) is the average from the request for termination untilthe acknowledgement. The command replaces the existing settings for the intervals specified.The no form of the command with no arguments disables the AVDD alert for all time intervals.The no form of the command with a single interval, regardless of set/clear threshold value, willdisable the AVDD alert for that time interval.
This command enables generation of alerts to the SVM and traps to the NMS based on theAverage Video Disconnect Delay. The set threshold must be greater than or equal to the clearthreshold.
Syntax
avdd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
no avdd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
Parameters
Parameter Description Type/Range Default
interval1 set/clear thresholds for
first interval of the day.
None
interval2 set/clear thresholds for
second interval of the day.
None
-
7/28/2019 R2.0 CEM Command Reference
50/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-28
interval3 set/clear thresholds for
third interval of the day.
None
interval4 set/clear thresholds for
fourth interval of the day.
None
set Value of duration in
seconds is greater than
this value, alert will set.
0 to 600 where 00
implies off.
0
clear Value of duration in
seconds is less than or
equal to this value, alert
will clear.
00 to 600 0
Mode
Session thresholds configuration
avpdd
Average Video Post Dial Delay (AVPDD) is the average delay from the initial request to theringing. The command replaces the existing settings for the intervals specified. The no form ofthe command with no arguments disables the AVPDD alert for all time intervals. The no form ofthe command with a single interval, regardless of set/clear threshold value, will disable theAVPDD alert for that time interval.
This command enables generation of alerts to the SVM and traps to the NMS. The setthreshold must be greater than or equal to the clear threshold.
Syntax
avpdd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
no avpdd {[interval1set clear] [interval2set clear] [interval3set clear] [interval4set clear] }
Parameters
Parameter Description Type/Range Default
interval1 set/clear thresholds for
first interval of the day.
None
interval2 set/clear thresholds for
second interval of the day.
None
interval3 set/clear thresholds for
third interval of the day.
None
interval4 set/clear thresholds for
fourth interval of the day.
None
-
7/28/2019 R2.0 CEM Command Reference
51/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-29
set Value of duration in
seconds is greater than
this value, alert will set.
0 to 600 where 00
implies off.
0
clear Value of duration in
seconds is less than or
equal to this value, alertwill clear.
00 to 600 0
Mode
Session thresholds configuration
bandwidth (interface)
Sets the bandwidth informational value for an interface. The no form of this command sets thebandwidth informational value to the default value.
Syntax
bandwidth kilobits
no bandwidth [kilobits]
Parameters
Parameter Description Type/Range
kilobits Bandwidth in kilobits per
second
Range is 1 to 80000000,
default values are 9 for
Tunnel; 10000 for Admin
and NNET; and Loopback,
and Null. For Port-chan and
Pos-chan, the default is for
the bandwidth value to be
dynamically set according
to the number of active
members. Subinterface
defaults are same as
parent interface.
Mode
Interface Configuration (Admin, Em, Loopback, NNET, Null, Tunnel)
Guidel ines
When an interface is assigned as a member of a link bundle interface, the bandwidth value forthat interface is changed to the default value for that interface. Once an interface is removed as
-
7/28/2019 R2.0 CEM Command Reference
52/485
-
7/28/2019 R2.0 CEM Command Reference
53/485
-
7/28/2019 R2.0 CEM Command Reference
54/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-32
no banner motd [c message c]
Parameters
Parameter Description
c Delimiting character, any character isallowed but it must use a different character
than any used in the banner message.
message Banner message text.
Mode
Global Configuration
bgpEnables the RCP to allow any integer as a valid router ID, including 0. The no form of thiscommand enables the RCP to reject bad router IDs (default).
Syntax
bgp allow-illegal-routerid
no bgp allow-illegal-routerid
Mode
Router Configuration (BGP)Address Family Configuration (IPv4 Unicast)Address Family Configuration (IPv4 Unicast VRF)Address Family Configuration (IPv6 Unicast VRF)
bgp client-to-client reflection
Enables route reflection from a BGP route reflector to clients (default). The no form of thiscommand disables client-to-client reflection.
Syntax
bgp client-to-client reflection
no bgp client-to-client reflection
Mode
Router Configuration (BGP)Address Family Configuration (IPv4 Unicast)
-
7/28/2019 R2.0 CEM Command Reference
55/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-33
Address Family Configuration (IPv4 Unicast VRF)Address Family Configuration (IPv4 Multicast)Address Family Configuration (IPv6 Unicast)Address Family Configuration (IPv6 Unicast VRF)Address Family Configuration (IPv6 Multicast)Address Family Configuration (VPNv4 Unicast)
Address Family Configuration (VPNv4 Multicast)Address Family Configuration (VPNv6 Unicast)Address Family Configuration (VPNv6 Multicast)
bgp cluster-id
Sets the cluster ID for the routers acting as route reflectors if the BGP cluster has more thanone route reflector. The no form of this command removes the cluster ID.
Syntax
bgp cluster-id cluster-id
no bgp cluster-id [cluster-id]
Parameters
Parameter Description
cluster-id Cluster ID of this route reflector expressed
as a nonzero-32-bit-integer (1 to
4294967295) or a dotted decimal IP
address.
Mode
Router Configuration (BGP)Address Family Configuration (IPv4 Unicast)Address Family Configuration (IPv4 Unicast VRF)Address Family Configuration (IPv4 Multicast)Address Family Configuration (IPv6 Unicast)Address Family Configuration (IPv6 Unicast VRF)Address Family Configuration (IPv6 Multicast)Address Family Configuration (VPNv4 Unicast)Address Family Configuration (VPNv4 Multicast)
Address Family Configuration (VPNv6 Unicast)Address Family Configuration (VPNv6 Multicast)
bgp default ipv4-unicast
Sets the RCPs default address-family to IPv4-unicast (default). The no form of this commandcauses the RCP to not activate the IPv4-unicast address-family by default.
-
7/28/2019 R2.0 CEM Command Reference
56/485
CLI Command Definitions
NetSocket, Inc. - Proprietary and Confidential 5-34
Syntax
bgp default ipv4-unicast
no bgp default ipv4-unicast
Mode
Router Configuration (BGP)Address Family Configuration (IPv4 Unicast)
bgp default route-target filter
Enables automatic BGP route-target community filtering. The no form of this command disablesthis feature.
Syntax
bgp default route-target filter
no bgp default route-target filter
Mode
Router Configuration (BGP)Address Family Configuration (IPv4 Unicast)
bgp fast-external-fallover
Enables the BGP sessions of any directly adjacent external peers to immediately reset if thelink used to reach them goes down (default). The no form of this command disables thisfunction.
Syntax
bgp fast-external-fallover
no bgp fast-external-fallover
Modes
Router Configuration (BGP)Address Family Configuration (IPv4 Unicast)Address Family Configuration (IPv4 Unicast VRF)Address Family Configuration (IPv6 Unicast VRF)
bgp log-neighbor-changes
-
7/28/2019 R2.0 CEM Command Reference
57/485
-
7/28/2019 R2.0 CEM Command Reference
58/485
-
7/28/2019 R2.0 CEM Command Reference
59/485
CLI Command Definitions