redback router,smartedge os, basic system configuration guide

Corporate HeadquartersRedback Networks Inc.100 Headquarters DriveSan Jose, CA 95134-1362USAhttp://www.redback.comTel: +1 408 750 5000

Basic System Configuration Guide

SmartEdge OS

Release 6.1.1Part Number 220-0748-01

© 1998–2007, Redback Networks Inc. All rights reserved.

Redback and SmartEdge are trademarks registered at the U.S. Patent & Trademark Office and in other countries. AOS, NetOp, SMS, and User Intelligent Networks are trademarks or service marks of Redback Networks Inc. All other products or services mentioned are the trademarks, service marks, registered trademarks or registered service marks of their respective owners. All rights in copyright are reserved to the copyright owner. Company and product names are trademarks or registered trademarks of their respective owners. Neither the name of any third party software developer nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission of such third party.

Rights and RestrictionsAll statements, specifications, recommendations, and technical information contained are current or planned as of the date of publication of this document. They are reliable as of the time of this writing and are presented without warranty of any kind, expressed or implied. In an effort to continuously improve the product and add features, Redback Networks Inc. (“Redback”) reserves the right to change any specifications contained in this document without prior notice of any kind.

Redback shall not be liable for technical or editorial errors or omissions which may occur in this document. Redback shall not be liable for any indirect, special, incidental or consequential damages resulting from the furnishing, performance, or use of this document.

Third Party SoftwareThe following third party software may be included with this Software and is subject to the following terms and conditions:

The OpenLDAP Version 2.0.1 © 1999 The OpenLDAP Foundation; OpenSymphony Software License, Version 1.1 2001-2004 © The OpenSymphony Group; libpng library © 1995-2004; FreeType library © 1996-2000; NuSOAP Web Services Toolkit for PHP © 2002 NuSphere Corporation; The PHP License, versions 2.02 and 3.0 © 1999 - 2002 The PHP Group; The OpenSSL toolkit Copyright © 1998-2003 The OpenSSL Project; Apache HTTP © 2000 The Apache Software Foundation; Java © 2003 Sun Microsystems, Inc.; ISC Dhcpd 3.0pl2 © 1995, 1996, 1997, 1998, 1999 Internet Software Consortium - DHCP; IpFilter © 2003 Darren Reed; Perl Kit © 1989-1999 Larry Wall; SNMP Monolithic Agent © 2002 SNMP Research International, Inc.; VxWorks © 1984-2000, Wind River Systems, Inc.; Point-to-Point Protocol (PPP) © 1989, Carnegie-Mellon University; Dynamic Host Configuration Protocol (DHCP) © 1997, 1998 The Internet Software Consortium; portions of the Redback SmartEdge Operating System use cryptographic software written by Eric Young ([email protected]); Redback adaptation and implementation of the UDP and TCP protocols developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. © 1982, 1986, 1988, 1990, 1993, 1995 The Regents of the University of California. All advertising materials mentioning features or use of this Software must display the following acknowledgment: “This product includes software developed by the University of California, Berkeley and its contributors.”

This Software includes software developed by Sun Microsystems, Inc., Internet Software Consortium, Larry Wall, the Apache Software Foundation (http://www.apache.org/) and their contributors. Such software is provided “AS IS,” without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. LICENSORS AND ITS CONTRIBUTORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL LICENSOR OR ITS CONTRIBUTORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation. For more information on the Apache Software Foundation, please see http://www.apache.org/. Portions of this software are based upon public domain software originally written at the National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign. The portions of this Software developed by Larry Wall may be distributed and are subject to the GNU General Public License as published by the Free Software Foundation.

FCC NoticeThe following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.

1. MODIFICATIONS

The FCC requires the user to be notified that any changes or modifications made to this device that are not expressly approved by Redback could void the user’s authority to operate the equipment.

2. CABLES

Connection to this device must be made with shielded cables with metallic RFI/EMI connector hoods to maintain compliance with FCC Rules and Regulations. (This statement only applies to copper cables, Ethernet, DS-3, E1, T1, and so forth. It does not apply to fiber cables.)

3. POWER CORD SET REQUIREMENTS

The power cord set used with the System must meet the requirements of the country, whether it is 100-120 or 220-264 VAC. For the U.S. and Canada, the cord set must be UL Listed and CSA Certified and suitable for the input current of the system.

For DC-powered systems, the installation instructions need to be followed.

mailto:[email protected]

http://www.apache.org

http://www.apache.org

VCCI Class A Statement

European Community Mark

China RoHS InformationAll Redback Networks products built on or after March 1, 2007 conform to the People’s Republic of China’s Management Methods for Controlling Pollution by Electronic Information Products (Ministry of Information Industry Order #39), also known as “China RoHS.”

As required by China RoHS, the following tables summarize which of the 6 regulated substances are found in Redback Networks products and their location.

China RoHS also requires that manufacturers determine an “Environmental Protection Use Period” (EPUP), which has been defined as the term during which toxic and hazardous substances or elements contained in electronic information products will not leak out or mutate.

Redback Networks has determined that the EPUP for this product is 25 years from the date of manufacture and indicates this period on the product and/or packaging with the logo shown below.

The date of manufacture can be found on the product packaging label, or determined from the product serial number. The week and year of manufacture can be determined from the 6th though 9th digits of the 14 digit product serial number, xxxxxWWYYxxxxx, where WW represents the week of the year (01 = first week of year) and YY represents the year (07= 2007). For example, 0207 means that the unit was manufactured in the 2nd week of January 2007.

The marking on this product signifies that it meets all relevant European Union directives.

Part Name

Toxic or Hazardous Substance

Lead (Pb) Mercury (Hg) Cadmium (Cd)Hexavalent Chromium (Cr [VI])

Polybrominated Biphenyls (PBB)

Polybrominated Diphenyl Ethers (PBDE)

All printed circuit board assemblies

X O O O O O

Legend:O: Indicates that this toxic or hazardous substance contained in all of the homogeneous materials for this part is below the limit requirement in SJ/T11363-2006.X: Indicates that this toxic or hazardous substance contained in at least one of the homogeneous materials used for this part is above the limit requirement in SJ/T11363-2006.Note: Lead (Pb) is used in the soldering material and in some components located on the printed circuit board assemblies used in this product.

WEEE PolicyRedback Networks products are fully compliant with Directive 2002/96/EC on Waste Electrical and Electronic Equipment (WEEE) for all applicable geographies in the European Union. In accordance with the requirements of the WEEE Directive, Redback Networks has since August 13, 2005 labeled products placed on the market with the WEEE symbol, a crossed-out “wheelie bin” symbol with a black rectangle underneath, as shown below.

The presence of the WEEE symbol on a product or on its packaging indicates that you must not dispose of that item in the normal unsorted municipal waste stream. Instead, it is your responsibility to dispose of that product by returning it to a collection point that is designated for the recycling of electrical and electronic equipment waste.

Contact the reseller where the product was originally purchased and provide details of the product in question. The reseller will confirm whether the product is within the scope of the recycling program and then arrange for shipment of the product to the designated recycling location for proper recycling/disposal.

If you are unable to locate the original reseller or need additional information, please contact Redback Networks at [email protected]. Additional information on the Redback Networks WEEE policy is available at http://www.redback.com.

Safety Notices1. Laser Equipment:

CAUTION! Use of controls or adjustments of performance or procedures other than those specified herein may result in hazardous radiation exposure.

Class 1 Laser Product—Product is certified by the manufacturer to comply with DHHS Rule 21 Subchapter J.

CAUTION! Invisible laser radiation when an optical interface is open.

2. Lithium Battery Warnings:

It is recommended that, when required, Redback replace the lithium battery.

WARNING! Do not mutilate, puncture, or dispose of batteries in fire. The batteries can burst or explode, releasing hazardous chemicals. Discard used batteries according to the manufacturer’s instructions and in accordance with your local regulations.

Danger of explosion if battery is incorrectly replaced. Replace only with the same or equivalent type as recommended by the manufacturer’s instructions.

VARNING Eksplosionsfara vid felaktigt batteribyte. Använd samma batterityp eller en ekvivalent typ som rekommenderas av apparattillverkaren. Kassera använt batteri enligt fabrikantens instruktion.

ADVARSEL! Lithiumbatteri—Eksplosionsfare ved fejlagtig håndtering. Udskiftning må kun ske med batteri af samme fabrikat og type. Levér det brugte batteri tilbage tilleverandøren.

VARIOTUS Paristo voi räjähtää, jos se on virheellisesti asennettu. Vaihda paristo ainoastaan valmistajan suosittelemaan tyyppiin. Hävitä käytetty paristo valmistajan ohjeiden mikaisesti.

ADVARSEL Eksplosjonsfare ved feilaktig skifte av batteri. Benytt samme batteritype eller en tilsvarende type anbefait av apparatfabrikanten. Brukte batterier kasseres i henhold til fabrikantens instruksjoner.

WAARSCHUWING! Bij dit produkt zijn batterijen geleverd. Wanneer deze leeg zijn, moet u ze niet weggooien maar inleveren als KCA.

Contents vii

Contents

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvRelated Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvIntended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviiOrganization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviiConventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii

Command Modes and Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviiiCommand Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviiiExamples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxTask Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxOnline Navigation Aids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Ordering Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiOrder Additional Copies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiComplete the Online Redback Networks Documentation Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiiProvide Direct Feedback on Specific Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii

Part 1: Introduction

Chapter 1: Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1SmartEdge OS Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Independent System Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3System Redundancy and Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

SmartEdge OS Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4SmartEdge OS Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6Subscribers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7Ports, Channels, and Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7Cross-Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8

Static Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8Dynamic Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8

User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9Command Modes and Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10Command Mode Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12No and Default Forms of Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13

What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13

viii Basic System Configuration Guide

Part 2: Getting Started

Chapter 2: Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Commands and Case-Sensitivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2Partially Typed Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2No and Default Forms of Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

CLI Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2Log On and Initiate the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3Navigate the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4Manage Database Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5Work with Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Display Help for a Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5Recall Previous Command Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6Edit Command Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6Complete a Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

Navigate CLI Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

Exit Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7Display Available Commands, Keywords, and Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8Manage Database Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Commit Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9Delete Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9Provide Comments for Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10abort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12comment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13commit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21

Chapter 3: Configuration File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Software Storage Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2Storage for System Images and Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

File Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4File Management Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

boot configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7save configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

Part 3: Session and System

Chapter 4: System Access Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Contents ix

Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Log On to the Console Port for the First Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Configure a Local Administrator Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3Secure the Standby Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3Configure a Lawful Intercept Administrator or User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3Configure the Management Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3Configure SSH Remote Access Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4Configure SmartEdge OS Banners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5Configure Session Inactivity Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

banner exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8banner login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10banner motd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12ssh server full-drop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13ssh server rate-drop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15ssh server start-drop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16timeout login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17timeout session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18

Chapter 5: Basic System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

Access Global Configuration Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2Configure the System Identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3Configure Service Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3Enable Software Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4Configure the System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4Configure the TCP Keepalive Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5Configure CLI Command Aliases, Privileges, and Macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

Configure a CLI Command Alias or Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5Create a CLI Command Macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6System Identification and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6Software Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7Command Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7Command Macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8Command Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9clock set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13l2tp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15mpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18seq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22service auto-system-recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24service card-auto-reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-25service console-break . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26software license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-28subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29

x Basic System Configuration Guide

system clock-source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32system clock-source external . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34system clock-source timing-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-36system clock summer-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-38system clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-41system confirmations context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43system contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-44system hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45system lacp mac-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-46system lacp priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-47system location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-48tcp keepalive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-49

Part 4: Contexts, Interfaces, and Subscribers

Chapter 6: Context Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

Local Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2Multiple Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2Applications for Multiple Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3Multiple VPN Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3Intercontext Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3Administrator Authentication to Local and Non-Local Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4Administrator Privileges for Local and Non-Local Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4Subscriber Domains and Domain Aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5Enable Multiple-Context Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5Configure a Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6Configure an Administrator Account in a Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7Administrator Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7Public Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11context vpn-rd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15enable authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17enable encrypted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21full-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23ip pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24privilege max . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26privilege start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-28service multiple-contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-31service wildcard-domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-32

Chapter 7: Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3

Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3Configure Basic Features for an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5

Contents xi

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6

description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11ip clear-df . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-14ip icmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-15ip mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16ip pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17ip source-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20ip tcp mss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-23ip unnumbered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25ipv6 address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-26

Chapter 8: Subscriber Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3

Configure Subscriber Statistics Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3Configure a Subscriber Profile or Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3Configure Subscriber IP Address Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4Configure PPP and PPPoE Subscriber Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5Subscriber Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5Subscriber Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6NBNS Server for the Default Subscriber Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6PADM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6PPPoE MOTM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7count exclude subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9ip source-validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12ip subscriber route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13nbns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17port-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19session-action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20session-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-22shaping-profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-25stats-collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-26subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-27timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-29

Part 5: System Management

Chapter 9: System-Wide Management Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

Configure System-Wide Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2Configure NetOp EMS Server Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3Process Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3NetOp EMS Server Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3

xii Basic System Configuration Guide

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4advertise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5connection-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7monitor duration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-9netop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10service crash-dump-dram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11service upload-coredump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12snmp version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-14

Chapter 10: Logging Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3

Configure Optional Global Logging Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3Configure Optional Context-Specific Logging Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4

logging active . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5logging cct-valid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6logging console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7logging debug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-8logging file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9logging filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10logging standby . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-12logging syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-13logging timestamp millisecond . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-14

Chapter 11: Bulkstats Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

Function of Bulkstats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1Data Collected by Bulkstats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2Application of Bulkstats to an Entity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2

Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3Create or Modify a Bulkstats Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3Create or Modify a Bulkstats Schema Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4Apply a Specific Bulkstats Schema Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4Bulkstats Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5Bulkstats Global Schema Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5Bulkstats Specific Schema Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6bulkstats policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7bulkstats schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9bulkstats schema profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-12collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-23header format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-25limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-27localdir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-29receiver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-30remotefile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-32sample-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-34schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-35schema-dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-37transfer-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-38

Contents xiii

Chapter 12: SNMP and RMON Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2

SNMP Management Framework and RFCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2SNMP Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3MIBs, Traps, and Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3

Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5Configure SNMPv1 and SNMPv2c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6Configure SNMPv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6Configure RMON Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7SNMPv2c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8SNMPv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9context-filter ifmib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-10rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-11rmon event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-13snmp community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-15snmp engine-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-17snmp group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-19snmp notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21snmp notify-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-23snmp notify-target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-25snmp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-27snmp target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-29snmp target-parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-32snmp user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-34snmp view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-36traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-38

Part 6: Appendixes

Appendix A: Supported MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

xiv Basic System Configuration Guide

About This Guide xv

About This Guide

This guide describes the tasks and commands used to configure the following SmartEdge® OS features: SmartEdge OS administration, including system access and file management; fundamental edge-system parameters, including contexts, interfaces, and subscribers; and system-wide reporting, including bulk statistics, logging facilities, and the Simple Network Management Protocol (SNMP) and Remote Monitoring (RMON) functions.

This preface includes the following sections:

• Related Publications

• Intended Audience

• Organization

• Conventions

• Ordering Documentation

Related Publications

In parallel with this guide, use the Basic System Operations Guide for the SmartEdge OS, which describes the tasks and the commands used to monitor, administer, and troubleshoot basic system features.

Use these guides with the following publications:

• Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS

Describes the tasks and commands used to configure the following SmartEdge OS features: cards; ports; channels; Automatic Protection Switching (APS); circuits, including permanent virtual circuits (PVCs); Link Aggregation Control Protocol (LACP) features; clientless IP service selection (CLIPS) circuits; Point-to-Point Protocol (PPP) and PPP over Ethernet (PPPoE) information; link aggregation; bridging; cross-connections between circuits; IP-in-IP tunnels, overlay tunnels (IPv6 over IP Version 4 [IPv4]), Generic Routing Encapsulation (GRE) tunnels (including IP Version 6 [IPv6] over GRE tunnels), Layer 2 Tunneling Protocol (L2TP) tunnels; static and dynamic bindings between ports, channels, subchannels, and circuits to interfaces, either directly or indirectly.

Related Publications

xvi Basic System Configuration Guide

• IP Services and Security Configuration Guide for the SmartEdge OS

Describes the tasks and commands used to configure the following SmartEdge OS features: Address Resolution Protocol (ARP), Neighbor Discovery (ND) protocol for IPv6 routers, Network Time Protocol (NTP), Dynamic Host Configuration Protocol (DHCP), Access Node Control Protocol (ANCP), Domain Name System (DNS), HTTP redirect, access control lists (ACLs), forward policies, Network Address Translation (NAT) policies, Mobile IP services, service policies, quality of service (QoS) policies, flow admission control (FAC) profiles, authentication, authorization, and accounting (AAA), Remote Authentication Dial-In User Service (RADIUS), Terminal Access Controller Access Control System Plus (TACACS+), key chains, and lawful intercept (LI).

• Routing Protocols Configuration Guide for the SmartEdge OS

Describes the tasks and commands used to configure the following SmartEdge OS features: static IP routing; dynamically verified static routing (DVSR); Virtual Router Redundancy Protocol (VRRP); Routing Information Protocol (RIP) and RIP next generation (RIPng); Open Shortest Path First (OSPF) and OSPF Version 3 (OSPFv3); Border Gateway Protocol (BGP); BGP/Multiprotocol Label Switching Virtual Private Networks (BGP/MPLS VPNs); Intermediate System-to-Intermediate System (IS-IS); Bidirectional Forwarding Detection (BFD); IP multicast, including Internet Group Management Protocol (IGMP), Multicast Source Discovery Protocol (MSDP), and Protocol Independent Multicast (PIM); routing policies; MPLS; Layer 2 Virtual Private Networks (L2VPNs); Virtual Private LAN Services (VPLS); and Label Distribution Protocol (LDP). BGP, OSPFv3, RIPng, and routing policies include tasks and commands that provide limited support for IPv6 routing.

• Session Border Controller Configuration Guide for the SmartEdge OS

Describes the tasks and commands used to configure the following Session Border Controller (SBC) features and services on the SmartEdge OS: unified SBC features and services include number analysis, call routing, registration routing, adjacencies, media IP and authentication, authorization, and accounting (AAA) subscriber record; distributed SBC features and services include media gateway timers, media gateway attributes, media gateway controllers, and media IP.

Describes the tasks and commands used to configure the following SBC features and services on the SmartEdge OS: unified SBC features and services include number analysis, call routing, registration routing, adjacencies, media IP and AAA subscriber record; distributed SBC features and services include media gateway timers, media gateway attributes, media gateway controllers, and media IP.

• Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS

Describes the tasks and commands used to monitor, administer, and troubleshoot the SmartEdge OS features described in the Ports, Circuits, and Tunnels Configuration Guide; commands include all clear, debug, monitor, and show commands, along with other operations-based commands, such as device management and on-demand diagnostics.

• IP Services and Security Operations Guide for the SmartEdge OS

Describes the tasks and commands used to monitor, administer, and troubleshoot the SmartEdge OS features described in the IP Services and Security Configuration Guide; commands include all clear, debug, and show commands, along with other operations-based commands.

• Routing Protocols Operations Guide for the SmartEdge OS

Describes the tasks and commands used to monitor, administer, and troubleshoot the SmartEdge OS features described in the Routing Protocols Configuration Guide; commands include all clear, debug, monitor, process, and show commands, along with other operations-based commands.

Intended Audience

About This Guide xvii

• Session Border Controller Operations Guide for the SmartEdge OS

Describes the tasks and commands used to monitor, administer, and troubleshoot the Session Border Controller (SBC) features and services on the SmartEdge OS that are described in the Session Border Controller Configuration Guide; commands include all clear, debug, and show commands, along with other operations-based commands.

• SmartEdge 100 Router Hardware Guide

Describes the SmartEdge 100 hardware and provides site preparation information and installation, monitoring, and maintenance procedures for the chassis and media interface cards (MICs).


Describes the SmartEdge 400 hardware and provides site preparation information and installation, monitoring, and maintenance procedures for the chassis and cards.





Intended Audience

This guide is intended for system and network administrators experienced in access and internetwork administration.

Organization

This guide is organized as follows:

• Part 1, “Introduction”

Provides and overview of the SmartEdge OS features, functions, and applications.

• Part 2, “Getting Started”

Describes the tasks and commands used to access and navigate the SmartEdge OS CLI and to manage SmartEdge OS configuration file storage.

• Part 3, “Session and System”

Describes the tasks and commands used to configure system access and basic system parameters.

• Part 4, “Contexts, Interfaces, and Subscribers”

Describes the tasks and commands used to configure basic features for multiple contexts, interfaces, and subscribers.

Conventions

xviii Basic System Configuration Guide

• Part 5, “System Management”

Describes the tasks and commands used to configure system-wide parameters, system event logging, bulk statistics collection, and SNMP and RMON features.

• Part 6, “Appendixes”

Lists supported Management Information Base (MIB) objects.

Conventions

This guide uses special conventions for the following elements:

• Command Modes and Privilege Levels

• Command Syntax

• Examples

• Task Tables

• Online Navigation Aids

Command Modes and Privilege LevelsCommands are issued in exec mode or in one of many configuration modes. By default, the majority of commands in exec mode have a privilege level of 3, while commands in any configuration mode have a privilege level of 10. Exceptions are noted in parentheses ( ) in the “Command Mode” section in any command description; for example, “exec (15)”.

For a hierarchy list of command modes, see the “Command Mode Hierarchy” section in Chapter 1, “Overview.”

For detailed information about command modes and privilege levels, see the “User Interface” section in Chapter 1, “Overview.”

Command SyntaxTable 1 lists the descriptions of the elements used in a command syntax statement.

Note This guide has three indexes: an index of tasks and features, an index of commands, and an index of CLI modes with the commands found within each mode.

Table 1 Command Syntax Terminology

Syntax Element Definition Example Fragment

Argument An item for which you must supply a value. slot

Construct A combination of: • A keyword and its argument.• Two or more keywords that cannot be specified independently.• Two or more arguments that cannot be specified independently.

• min-wait seconds• line fdl ansi• dest dest-wildcard

Keyword An optional or required item that must be entered exactly as shown. all

Conventions

About This Guide xix

Table 2 describes separator characters used in a command syntax statement.

The following guidelines apply to separator characters in Table 2:

• The separator character between the prefix and suffix names in a structured username is configurable; the @ character is the default and is used in command syntax throughout this guide.

• Separator characters act as one-character keywords; therefore, they are always shown in bold.

Table 3 lists the characters and formats used in command syntax statements.

Table 2 Separator Characters in Command Syntax Statement

Character Use Example Fragment

@ Separates the prefix name from the suffix name. sub-name@ctx-name

/ Separates a slot from port, IP address from prefix length, and fields in URLs. slot[/port]{ip-addr | /prefix-length} /device[/directory]/filename.ext

: Separates port from channel and a channel from a subchannel port[:chan-num] ds3-chan-num[:ds1-chan-num]

- Separates starting value from ending value start-end

| Separates output modifiers from keywords and arguments in show commands1

1. For more information about the use of the pipe ( | ) character, see Chapter 2, “Using the CLI.”

show configuration | include port

Table 3 Text Formats and Characters in Command Syntax Statements

Convention Example

Commands and keywords are indicated in bold. no ip unnumbered

Arguments for which you must supply values are indicated in italics. banner login delimited-text

Square brackets ([ ]) indicate optional arguments, keywords, and constructs within scripts or commands.

show clock [universal]enable [level]

Alternative arguments, keywords, and constructs within commands are separated by the pipe character ( | ).

public-key {DSA | RSA} [after-key existing-key | position key-position] {new-key | ftp url}

Alternative, but required arguments, keywords, and constructs are shown within grouped braces ({ }), and are separated by the pipe character ( | ).

debug ssh {all | ssh-general | sshd-detail | sshd-general}ip address ip-addr {netmask | /prefix-length} [secondary]

Optional and required arguments, keywords, and constructs can be nested with grouped braces and square brackets, where the syntax requires such format.

enable authentication {none | method [method [method]]}

Conventions

xx Basic System Configuration Guide

ExamplesExamples use the following conventions:

• System prompts are of the form [context]hostname(mode)#, [context]hostname#, or [context]hostname>.

In this case, context indicates the current context, hostname represents the configured name of the SmartEdge system, and mode indicates the string for the current configuration mode, if applicable.

Whether the prompt includes the # or the > symbol depends on the privilege level. For further information about privilege levels, see Chapter 1, “Overview.”

For example, the prompt in the local context on the system Redback in context configuration mode is:

[local]Redback(config-ctx)#

• Information displayed by the system is in Courier font.

• Information that you enter is in Courier bold font.

Task TablesTask tables under the “Configuration Tasks” section in each chapter describe tasks for configuring features. The command syntax displays only the root command, which is hyperlinked to the location where the complete command syntax is described in the “Command Descriptions” section of the chapter.

Table 4 displays an example of a configuration task table.

Table 4 Example of a Task Table

# Task Root Command Notes

1. Create or modify a context and access context configuration mode with one of the following tasks:

• Create or modify a standard context and access context configuration mode.

context Enter these commands in global configuration mode.

• Create or modify a VPN context and access context configuration mode.

context vpn-rd

2. Specify a privilege level password in the local database for the enable command with one of the following tasks:

• Configure a password that the system will encrypt. enable password Enter these commands in context configuration mode.

• Configure a password in encrypted form. enable encrypted

3. Specify how the system performs privilege level authentication.

enable authentication

4. Specify general attributes for the context (all attributes are optional):

Specify falling-threshold parameters for IP pools in the context.

ip pool Enter these commands in context configuration mode.

Create one or more unique subscriber service domain aliases for a context.

domain

Apply an existing bulkstats schema profile to the context.

bulkstats schema

Ordering Documentation

About This Guide xxi

Additional conventions for the task tables in this guide include:

• Alternative tasks are shown as bulleted lists. The task description indicates that they are alternatives; see step 1.

• Subtasks are shown as an unnumbered list under a task heading; see step 4.

• Optional subtasks are shown as unnumbered lists. The task description indicates that they are optional; see step 4.

Online Navigation AidsTo aid in accessing information in the online format for this guide, the following types of cross-references are hyperlinks:

• Cross-references to chapters, sections, tables, and figures in the text

• Lists of section headings within a chapter or an appendix

• Commands listed in the “Related Commands” section at the end of each command description

• Entries in the table of context

• Entries in indexes


Redback® documentation is available on CD-ROM, which ships with Redback products. The appropriate CD-ROMs are included with your products as follows:

• SMS™ products

• SmartEdge products

• NetOp™ Element Management System [EMS] and NetOp Policy Manager [PM] products

The following sections describe how to order additional copies and provide feedback:

• Order Additional Copies

• Complete the Online Redback Networks Documentation Survey

• Provide Direct Feedback on Specific Product Documentation

We appreciate your comments.

Order Additional CopiesTo order additional copies of the documentation CD-ROM or printed and bound books, perform the following steps:

Note Hyperlinks in PDF files appear the same as regular text; however, your cursor changes from an open hand icon to a pointing finger icon when you move your cursor over a hyperlink.


xxii Basic System Configuration Guide

1. Log on to the Redback Networks Support web site at http://support.redback.com, enter a username and password, and click Login.

If you do not have a username and password, consult your Redback Networks support representative, or send an e-mail to [email protected] with a copy of the show hardware command output, your contact name, company name, address, and telephone number.

2. Click one of the Redback products at the bottom of the web page, click Documentation on the navigation bar, then click To Order Books on the navigation bar.

Complete the Online Redback Networks Documentation SurveyTo complete the online Redback Networks Documentation Survey, perform the following steps:

1. On the Documentation web page, click Feedback on the navigation bar.

2. Complete and submit the feedback form.

Provide Direct Feedback on Specific Product DocumentationTo provide direct feedback on a specific documentation issue related to the SmartEdge OS, send e-mail to [email protected].

http://support.redback.com



P a r t 1

Introduction

This part provides an overview of the SmartEdge® OS features, functions, and applications, and consists of Chapter 1, “Overview.”

Overview 1-1

C h a p t e r 1

Overview

The edge of the network is a highly demanding environment due to the large number of access terminations and the need to perform in-service upgrades to handle new feature deployments.

The SmartEdge® router hardware and software products provide multiservice optical platforms that enable the next generation of services in the new access network. The SmartEdge OS runs on all the SmartEdge routers; however, the command-line interface (CLI) varies according to the chassis. In this guide, all commands, modes, traffic cards, and other peripherals are supported on every router unless otherwise noted. Check individual chapters for sections that explain platform compatibility.

The SmartEdge router products provide:

• High performance—Enables line-rate packet forwarding.

• Robustness—Enables packet reliability, meeting rigorous uptime and availability requirements.

• Scalability—Supports a large number of access terminations.

• Flexibility—Provides support for multiple services.

This chapter describes the SmartEdge OS software, including the following sections:

• SmartEdge OS Architecture

• SmartEdge OS Applications

• SmartEdge OS Concepts

• User Interface

• What’s Next?

Note In the following descriptions, the term controller card applies to any version of the Cross-Connect Route Processor (XCRP) Controller card (XCRP, XCRP3, XCRP4), including the controller carrier card unless otherwise noted.

The term controller carrier card refers to the controller functions on the carrier card within the SmartEdge 100 chassis; these functions are compatible with the XCRP3 Controller card. The term I/O carrier card refers to the traffic card functions on the carrier card; these functions are compatible with the similar functions that are implemented on the traffic card that are supported on all other SmartEdge routers.

The term chassis refers to any SmartEdge chassis; the term SmartEdge 800 chassis refers to any version of the SmartEdge 800 chassis. The term SmartEdge 1200 chassis refers to any version of the SmartEdge 1200 chassis.

SmartEdge OS Architecture

1-2 Basic System Configuration Guide


The SmartEdge OS is the advanced software system that works in conjunction with the ASIC-based SmartEdge hardware products to provide a scalable and robust multiservice platform, including the features described in the following sections:

• Independent System Processes

• System Redundancy and Synchronization

The SmartEdge OS performs the route processing and other control functions and runs on the controller card. The packet forwarding function is performed by Packet Processing ASICs (PPAs) on the individual traffic cards.

Figure 1-1 illustrates the SmartEdge OS architecture.

Figure 1-1 SmartEdge OS Architecture


Overview 1-3

The SmartEdge OS is based on a general-purpose operating system; each major system component (see Table 1-1) runs as a separate process in the system.

Independent System ProcessesThe implementation of the major software components as independent processes provides several benefits:

• Processes in the system can be independently stopped, restarted, and upgraded without reloading the entire system or individual traffic cards.

• The system continues to operate in the event of a failure or disruption to any single component.

The separation of the route processing and control functions (performed by the SmartEdge OS software running on the controller card) from the forwarding function (performed on the individual traffic cards) also provides several benefits:

• Dedicated route processing functions are not affected by heavy traffic; dedicated packet forwarding is not affected by routing instability in the network.

• The architecture enables line-rate forwarding on all traffic cards. New features can be added to the control software on the controller without affecting the forwarding performance.

• The architecture provides nonstop forwarding during system upgrades or reloads; the traffic cards continue to forward packets.

Table 1-1 SmartEdge OS System Components

System Component Function

Authentication, authorization, and accounting (AAA)

Forces all authentication requests and accounting updates to a single set of Remote Authentication Dial-In User Service (RADIUS) servers.

NetBSD kernel Provides a lean and stable base for the SmartEdge OS.

Process Manager (PM) Monitors and controls the operation of the other processes in the system.

Router Configuration Manager (RCM) Controls all system configurations using a transaction-oriented database.

Interface and Circuit State Manager (ISM) Monitors and disseminates the state of all interfaces, ports, and circuits in the system.

Routing protocols Run as an independent processes, maintaining independent Routing Information Bases (RIBs). The routing processes send the routing information to the central RIB.

RIB Downloads forwarding tables to the traffic cards.

Feature modules Run as independent processes, each in its own protected address space.

Traffic card Includes the PPA ASICs, which contain the Forwarding Information Base (FIB) and forwarding code.

SmartEdge OS Applications


System Redundancy and SynchronizationAmong other redundancy features, the SmartEdge routers and the operating system support dual controller cards; one controller card acts as the active controller and the other acts as its hot standby:

Both controller cards contain disk memory (compact-flash) cards that store the operating system image, its associated files, and the configuration database. A synchronization process ensures that the standby controller is always ready to become the active controller:

• When either the software release or the firmware on the active controller is upgraded, the standby controller automatically synchronizes its software or firmware version to that of the active controller.

• When a user modifies the contents of the compact-flash card (for example, by saving a configuration to a file, copying a file, or deleting a file), the change is propagated to the compact flash of the standby controller.

• The configuration database of the active and standby controllers are always synchronized.

To guard against system inconsistency, the synchronization process is protected.While the synchronization is in progress, switchover from the active to the standby controller is not allowed. If the active controller should fail during such a time, the standby does not become active. If the user attempts to force a switchover during this synchronization period, the system warns the user that the standby is not ready.

The synchronization process is not affected by traffic card installation and removal. The active controller, and hence the system, continues to forward traffic and detect and notify the administrator of any faults that occur while the standby controller card is being synchronized (FAIL LED is blinking).

After the synchronization is complete, the standby controller is ready to become the active controller, if the active should fail.

SmartEdge OS Applications

The SmartEdge products provide carrier-class, scalable termination and aggregation of IP-based traffic. The SmartEdge router combines high-density optical and electrical interfaces with robust IP routing software to support business-grade IP service aggregation and delivery.

The SmartEdge router can be used as an edge aggregation router to directly connect customers. The SmartEdge OS supports a variety of interfaces and vital services such as quality of service (QoS) and inbound and outbound access control lists. New services can easily be added with software upgrades.

Because of the optimized packet forwarding capabilities and support of high-bandwidth uplink interfaces, the SmartEdge router can also be used in the metropolitan core to aggregate traffic from other routers into the long-haul transit core.

SmartEdge OS Concepts

Overview 1-5

Figure 1-2 shows an example application for the SmartEdge products.

Figure 1-2 SmartEdge OS Application


SmartEdge OS concepts include the following entities (see Figure 1-3):

• Contexts

• Interfaces

• Subscribers

• Ports, Channels, and Circuits

• Cross-Connections

• Bindings



Figure 1-3 SmartEdge OS Software Component Interrelationships

ContextsMost networking products are designed so that the entire set of ports, circuits, and protocols operate together as one global instance. The SmartEdge OS supports an advanced feature called multiple contexts. Each context is a virtual SmartEdge router instance running within a single physical device. A context operates as a separate routing and administrative domain, with separate routing protocol instances, addressing, authentication, accounting, and so on, and does not share this information with other contexts. By separating the address and name spaces in this way, service providers can use multiple contexts to provide direct access to customers, or to provide different classes of services for customers. Service providers use a single physical device to implement this, with one or more contexts being assigned to each service provider or service class. Implementing this today with equipment from other vendors requires multiple devices.

The SmartEdge router is always configured with the special “local” context. This context is always present on the system and cannot be deleted. In a single-context configuration, the local context is the only context present on the system.

InterfacesThe concept of an interface in the SmartEdge OS differs from that in traditional networking devices. In traditional devices, the term interface is often used synonymously with port, channel, or circuit, which are physical entities. In the SmartEdge OS, an interface is a logical construct that provides higher-layer protocol and service information, such as Layer 3 addressing. Interfaces are configured as part of a context and are independent of physical ports, channels, and circuits. The decoupling of the interface from the physical layer entities enables many of the advanced features offered by the SmartEdge OS.

For the higher-layer protocols to become active, an interface must be associated with a physical port, channel, or circuit. This association is referred to as a binding in the SmartEdge OS. For more information, see the “Bindings” section that follows.


Overview 1-7

SubscribersSubscribers are the end users of the high-speed access services. Subscriber records are configured as part of a context, either locally on the SmartEdge router or on a RADIUS server. Subscriber records contain the information necessary to bind a subscriber to the correct interface, and therefore, to the correct network context and services. Subscriber records can also contain other configuration information, such as authentication, access control, rate-limiting, and policing information.

The number of active subscribers is a function of configuration, memory, processing power, and desired per-subscriber bandwidth. Each software and hardware variant has a maximum active subscriber figure, which may or may not be achieved under deployment scenarios.

With this release of the SmartEdge OS, the operating system supports the following subscriber management services:

• Dynamic service selection—The unique capability to dynamically bind subscriber sessions to services.

• Provides access functions that traditional routers were not designed to provide, such as subscriber management, provisioning, authentication, and accounting.

• Provides the routing of subscriber traffic based on Layer 3 addressing.

• Performs all translations necessary to convert subscriber traffic to IP, relieving the service provider backbone routers of frame translations that can cause congestion on high-volume routers.

• Grooms individual subscriber data streams into simplified IP flows for routers connecting to the Internet backbone.

Ports, Channels, and CircuitsPorts, channels, and circuits in the SmartEdge OS represent the physical connectors and paths on the SmartEdge traffic and controller cards. Physical port, channel, and circuit configurations include both hardware and software parameters that allow the behavior of the port, channel, or circuit to be specified for a specific router.

Before any higher-layer user data can flow through a physical port, channel, or circuit, that port, channel, or circuit must be associated with an interface within a context. This association is referred to as a binding in the SmartEdge OS. The configuration for each port, channel, and circuit includes binding information. For more detailed information on ports, channels, and circuits, in the SmartEdge OS, see the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS, and the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS.



Cross-ConnectionsThe SmartEdge OS supports various types of cross-connections that allow you to cross-connect circuits of different types or of the same type. Types of supported cross-connections include:

• Transparent, self-learning bridges using Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs) with RFC 1483 bridged encapsulation, Ethernet ports, or 802.1Q PVCs

• Cross-connections with and without filtering

— ATM PVCs-to-ATM PVCs

— ATM PVCs-to-802.1Q PVCs

— 802.1Q PVCs-to-802.1Q PVCs

• Interworking cross-connections between ATM PVCs and 802.1Q PVCs

BindingsBindings form the association in the SmartEdge OS between the ports, channels, or circuits and the higher-layer routing protocols configured for a given context. No user data can flow on a port, channel, or circuit until some higher-layer service is configured and associated with it. After a port, channel, or circuit is bound to an interface, traffic flows through the context as it would through any IP router.

Bindings are either statically mapped during configuration or dynamically created based on subscriber characteristics as defined in the local database, or on a RADIUS server; see the “Static Bindings” and “Dynamic Bindings” sections that follow.

Static BindingsWith static bindings, a port, channel, or circuit is bound directly to an interface. In this case, the port, channel, or circuit is hard-wired to the higher-layer protocols defined for the interface. Multiple ports, channels, or circuits can be bound to a single interface.

A circuit can also be statically bound to a particular subscriber in a given context. In this case, the binding between the circuit and the higher-layer protocols is determined indirectly, through the subscriber record. In Figure 1-4, subscriber joe is configured with an IP address that maps to interface if1 in the context local. When the virtual circuit on ATM port 6/1 is bound to subscriber joe, the SmartEdge OS determines the interface that the circuit will be bound to by examining the subscriber information for joe.

Dynamic BindingsDynamic binding occurs when a circuit is bound to the higher-layer protocols based on session information. For example, a PPP-encapsulated session can be bound to a particular context and interface by examining the authenticated structured subscriber name in the form sub-name@ctx-name.

Dynamic binding is the key to enabling advanced features, such as dynamic service and provider selection. Dynamic binding also enables simultaneous access to multiple services on a single circuit.

Note The separator character between the sub-name and the ctx-name arguments is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default character is @, which is used throughout this guide.

User Interface

Overview 1-9

Figure 1-4 also shows a dynamic binding between the virtual circuit on ATM port 6/2 and interface if5 in context ispgold. When the subscriber initiates a PPP session using the structured subscriber name, mary@ispgold, the SmartEdge OS determines the context (ispgold) for the connection, and selects an interface (if5) to which to bind the circuit. Successful dynamic binding depends on subscriber information for subscriber mary configured in context ispgold, and successful PPP authentication during PPP session establishment. The binding between this circuit and the ispgold context will be removed when the PPP session is terminated. Because the binding on the circuit is dynamic, this same circuit could be used by a different subscriber to select a different service.

Figure 1-4 Static and Dynamic Bindings

User Interface

The primary user interface to the SmartEdge OS is the CLI. The CLI concepts are described in the following sections:

• Command Modes and Prompts

• Command Mode Hierarchy

• Privilege Levels

• No and Default Forms of Commands

For more information about using CLI commands, see Chapter 2, “Using the CLI.”

User Interface


Command Modes and PromptsThe two major modes are exec and global configuration. When a session is initiated, the CLI is set to the exec mode by default. The exec mode allows you to examine the state of the system and perform most monitoring, troubleshooting, and administration tasks using a subset of the available CLI commands.

Exec mode prompts can be one of the following forms, depending on the user privilege level (see the “Privilege Levels” section that follows):

[local]hostname# [local]hostname>

In this example, local is the context in which commands are applied and hostname is the currently configured hostname of the router. When you exit exec mode, using the exit command; this also ends the CLI session.

Global configuration mode is the top-level configuration mode; all other configuration modes are accessed from this mode. These modes allow you to interactively configure the system through the CLI, or to create and modify a configuration file offline by entering configuration commands using any text editor. After you have saved the file, you can then load it to the operating system at a later time.

To access global configuration mode, enter the configure command (in exec mode).

Configuration mode prompts are of the following form:

[local]hostname(mode-name)#

In the example above, local is the context in which commands are applied, hostname is the currently configured hostname of the router, and mode-name is a string indicating the name of the current configuration mode.

The prompt (in global configuration mode), assuming the factory default hostname of Redback and the local context, is as follows:

[local]Redback(config)#

Each feature supported through the SmartEdge OS can have one or more configuration modes, some of which you access using a command (in global configuration mode). Table 1-2 lists the configuration modes for the commands described in this guide and the commands that you enter to access them.

Command Mode HierarchyCommand modes exist in a hierarchy. You must access the higher-level command mode before you can access a lower-level command mode in the same chain.

Note For modes relevant to routing protocol features see the “Overview” chapter in the Routing Protocols Configuration Guide for the SmartEdge OS. For modes relevant to IP services and security features, see the “Overview” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

User Interface

Overview 1-11

Figure 1-5 shows the hierarchy of the command modes used to configure basic system features.

Figure 1-5 Command Mode Hierarchy for Basic System Commands

Table 1-2 lists the command modes (in alphabetical order) relevant to basic system features for the SmartEdge routers. It includes the commands that enable access to each mode and the command-line prompt for each mode.

Table 1-2 Command Modes and System Prompts

Mode Name Commands Used to Access Command-Line Prompt

exec (user logon) # or >

administrator administrator command from context configuration mode (config-administrator)#

ATM DS-31 port atm command from global configuration mode (config-atm-ds3)#

ATM OC port atm command from global configuration mode (config-atm-oc)#

ATM profile atm profile command from global configuration mode (config-atm-profile)#

bulkstats bulkstats policy command from context configuration mode (config-bulkstats)#

context context command from global configuration mode (config-ctx)#

User Interface


1. These modes are not available supported on the SmartEdge 100 router.

Privilege Levels The SmartEdge OS supports 16 different privilege levels for administrators and for commands. By default, administrators are assigned an initial privilege level of 6; administrators can only issue commands that are assigned at the same level as their own privilege level or lower than their privilege level. Each command in the CLI is assigned a default privilege level. At a privilege level of 6 or higher, the prompt in the CLI displays a number sign (#) instead of an angle bracket (>).

There are three types of administrators:

• Local—An administrator authenticated to the “local” context. The local administrator has a structured administrator name of the form admin-name@local.

• Non-local—An administrator authenticated to any context other than the local context. An example of a non-local administrator that has a administrator name of the form admin-name@ctx-name is joe@vpn1, where vpn1 is the name of the context.

dot1q profile dot1q profile command from global configuration mode (config-dot1q-profile)#

DS-0 group1 port ds0s command from global configuration mode (config-ds0-group)#

DS-11 port ds1 command from global configuration mode (config-ds1)#

DS-31 port channelized-ds3 and port d3 commands from global configuration mode (config-ds3)#

E11 port e1 command from global configuration mode (config-e1)#

E31 port e3 command from global configuration mode (config-e3)#

Frame Relay profile1 frame-relay profile from global configuration mode (config-fr-profile)#

global configure command from exec mode (config)#

interface interface command from context configuration mode (config-if)#

macro macro command from global configuration mode (config-macro)#

NetOp netop command from global configuration mode (config-netop)#

port1 port channelized oc-12, port ethernet, and port pos commands from global configuration mode

(config-port)#

SNMP server snmp server command from global configuration mode (config-snmp-server)#

software license software license command from global configuration mode (config-license)#

stats collection configuration

stats-collection command from global configuration mode (config-stats-collect)#

STM-11 port channelized-stm1 command from global configuration mode (config-stm1)#

subscriber subscriber command from context configuration mode (config-sub)#

Note The separator character between the admin-name and the ctx-name arguments is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default character is @, which is used throughout this guide.

Table 1-2 Command Modes and System Prompts (continued)

Mode Name Commands Used to Access Command-Line Prompt

What’s Next?

Overview 1-13

• Lawful intercept (LI)—An administrator or user authenticated to perform LI functions.

An administrator authenticated to the “local” context, given appropriate administrator privileges, can configure all functions on the SmartEdge router, including functions for each context and global entities, such as ports, port profiles, SNMP, and so on. Non-local administrators have no configuration mode privileges and have restricted exec mode privileges.

To configure administrator privilege levels, see the “Configure an Administrator Account in a Context” section in Chapter 6, “Context Configuration.”

Each command has a default privilege level that determines, given the privilege assigned to the administrator, who can enter the command. The majority of commands (in exec mode) have a default privilege level of 3, while commands in any configuration mode have a default privilege level of 10. Exceptions are noted in parentheses ( ) in the “Command Mode” section in any command description; for example, “exec (15)”.

Command privilege levels are configurable; to change the default privilege level for a command, see the “Configure a CLI Command Alias or Privilege” section in Chapter 5, “Basic System Configuration.”

No and Default Forms of CommandsMany configuration commands support the no keyword. Entering the no keyword in front of a command disables the function or removes the command from the configuration. For example, to create a message that displays after a user logs on to the system, enter the banner exec command (in global configuration mode). To subsequently disable the command from the configuration, enter the no banner exec command (in global configuration mode).

Many configuration commands support the default keyword. Entering the default keyword in front of a command returns a parameter or feature to the default state.

What’s Next?

You can interactively configure the SmartEdge router through the CLI. You can also configure the SmartEdge router using a text editor to create a configuration file and then loading that file on to the router.

The SmartEdge OS configuration process is transaction-based and supports atomic transactions, including commits and aborts, against the configuration database. Sequences of commands can be entered and validated before being applied, and automated provisioning systems can be interfaced to the SmartEdge for flow-through provisioning and scheduled command execution.

The CLI commands are described in Chapter 2, “Using the CLI.” Commands to access the CLI are described in Chapter 4, “System Access Configuration.” For configuration file and system image commands, see Chapter 3, “Configuration File Management.”

Note For more information about LI administrators, users, and how to configure them, see the “Lawful Intercept Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

What’s Next?


P a r t 2

Getting Started

This part describes the tasks and commands used to access and navigate the SmartEdge® OS command-line interface (CLI) and to manage SmartEdge OS configuration file storage.

This part consists of the following chapters:

• Chapter 2, “Using the CLI”

• Chapter 3, “Configuration File Management”

Using the CLI 2-1

C h a p t e r 2

Using the CLI

This chapter provides an overview of the command-line interface (CLI), describes the tasks used to initiate and navigate the CLI, manage database transactions, work with commands, and provides examples and detailed descriptions of the commands used to perform these tasks through the SmartEdge® OS.

This chapter includes the following sections:

• Overview

• CLI Tasks

• CLI Examples

• Command Descriptions

Overview

The primary administrator interface to the SmartEdge OS is the CLI. You access the CLI from the console port or through a remote session (for example, Telnet or Secure Shell [SSH]) to perform all configuration tasks and to monitor the SmartEdge OS. To access the SmartEdge OS software and its CLI, use either of the following methods:

• Connect to the console port—Located on the controller card and labeled “Craft 2”; you can connect a terminal to this port, either directly or through a terminal server.

• Connect to the Ethernet management port—Located on the controller card and labeled “ENET”; you can connect a terminal to the system over a LAN using this port if remote access using Telnet or SSH has been enabled.

If the console port has been secured or if the Ethernet management port has been configured, you are prompted to log on. If the console port has not been secured, you initiate your session by simply pressing Enter. In either case, your session begins in exec mode. To secure the console port and configure the Ethernet management port, see Chapter 4, “System Access Configuration.”

This section includes the following information about CLI commands:

• Commands and Case-Sensitivity

• Partially Typed Commands

• No and Default Forms of Commands

CLI Tasks


Commands and Case-SensitivityKeywords in commands are not case-sensitive. For example, the show version command is accepted if entered in any of the following ways: show version, SHOW VERSION, or Show Version.

Arguments are case-sensitive. For example, if you supply Customers for the ctx-name argument in the context ctx-name command, the SmartEdge OS software does not recognize the name customers as the same context.

Partially Typed CommandsIn all modes, the system recognizes and accepts partially typed commands and keywords, provided that you have entered a sufficient text to be unique. For example, rather than typing configure, you can type conf and press Enter to enter configuration mode. However, if you enter the string con, an error is returned, because insufficient characters have been entered to distinguish between the configure command, and the context command.

No and Default Forms of CommandsMany configuration commands support the no keyword. Typing the no keyword in front of a command disables the function, removes a command from the configuration, or sets a command to its default state. For example, to enable the Routing Information Protocol (RIP), enter the router rip command (in context configuration mode). To subsequently disable the RIP process and remove the command from the configuration, enter the no router rip command (in context configuration mode).

Many configuration commands support the default keyword. Typing the default keyword in front of a command returns a parameter or feature to the default state.

CLI Tasks

CLI tasks are described in the following sections:

• Log On and Initiate the CLI

• Navigate the CLI

• Manage Database Transactions

• Work with Commands

• Navigate CLI Output

Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the “Command Descriptions” section.

CLI Tasks

Using the CLI 2-3

Log On and Initiate the CLITo initiate a CLI session, you log on to the SmartEdge router, either remotely connected to the Ethernet management port or directly connected to the console port; upon successful log on, the CLI is set to exec mode, by default.

To log on to the system, you must enter a valid administrator name and password at the appropriate prompts to gain access. The administrator name is of the form admin-name@ctx-name. The ctx-name specifies the name of the context the system uses for authentication. You can include a context for a logon, but the context name is optional—if a context name is not supplied, the local context is assumed.

When you connect to the system either directly to the console or remotely to the management port, the password you enter is not echoed. In addition, passwords are stored in the configuration file in encrypted format.

If you have configured the management port, you can establish a Telnet or SSH session to the system. There are many tools that provide Telnet and SSH access to remote systems. These tools are beyond the scope of this document. In general, you must provide the system name (the hostname configured for the system) or IP address (the IP address configured for the system management port), as well as an administrator name and password.

If you forget a password, you must delete the administrator account and create a new one; there is no way to modify the password for an administrator account.

If you forget all passwords on the system, you must perform the password discovery procedure described in the “Bootrom Operations” appendix in the Basic System Operations Guide for the SmartEdge OS.

The SmartEdge OS provides default settings for local console sessions. You can customize these settings for the duration of the current session. To change the settings, see the “Session Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

After you are logged on to the system, you have access to the CLI, based on the context to which you are logged on and the privilege level of your account.

Note You must have an administrator account to log on. To configure the initial administrator account in the local context for a new system, see Chapter 4, “System Access Configuration”; to configure additional administrator accounts in any context, see Chapter 6, “Context Configuration.”

Note The separator character between the admin-name and the ctx-name arguments is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default character is @, which is used throughout this guide.

Note If you are using Telnet to access the system, to enter the Telnet shell (with the Telnet prompt), enter the ^] characters. The se_telnet> prompt displays.

CLI Tasks


Navigate the CLITo navigate the CLI, perform the tasks described in Table 2-1.

Table 2-1 Navigate the CLI

Task Root Command Notes

Return the privilege level for the current exec session to the initial privilege level configured for the current administrator account.

disable When you create the account, the initial privilege level is specified. Enter this command in exec mode.

Change the current privilege level for an exec session while in exec mode.

enable You can specify a level up to the level specified for your account.Enter this command in exec mode.

Return to exec mode while in any configuration mode. end Enter this command in any configuration mode.

Terminate the current CLI session while in exec mode. exit Enter this command in exec mode.

Move up one level in the configuration mode hierarchy while in a configuration mode; return to exec mode while in global configuration mode.

exit Enter this command in any configuration mode.

Enter global configuration mode. configure Enter this command in exec mode.

Displays the current configuration of the SmartEdge router or the contents of a previously saved configuration file on the local file system.

show configuration Enter this command in any configuration mode

Display the command history for the current session. show history Enter this command in any configuration mode

Display outstanding transactions for other administrators or for internal processes.

show transaction Enter this command in any configuration mode

Enter a configuration mode from another configuration mode. See Table 1-2 for the command to enter the mode.

Note Within any configuration mode, you can enter commands that are available at the one level higher than the current configuration mode without first entering the exit command to return to the higher-level configuration mode. For example, within interface configuration mode, you can type any of the commands in that mode and any commands in the context configuration mode—the next highest mode in the hierarchy.

CLI Tasks

Using the CLI 2-5

Manage Database TransactionsEvery configuration command that you enter becomes part of a database transaction, which has a transaction ID associated with it. Commands in a transaction are not incorporated into the database until you commit the transaction. To manage database transactions, perform the tasks described in Table 2-2.

Work with CommandsThe following sections provide techniques for working with commands:

• Display Help for a Command

• Recall Previous Command Entries

• Edit Command Entries

• Complete a Command

Display Help for a CommandYou can access the online Help for the CLI in the following ways:

• Use the ? command when entering a command to display the options available at the current state of the command syntax.

• Use the help command to display how to use the ? character to obtain help.

Table 2-3 lists these commands; enter either command in any mode.

Table 2-2 Manage Database Transactions


Begin a transaction and enter global configuration mode. configure Enter this command in exec mode.

Erase the current transaction and begin a new one. abort Enter this command in any configuration mode.

Assign a comment to the current configuration database transaction. The description can only be viewed with the show transaction command.

comment Enter this command in any configuration mode. For more information on the show transaction command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Save the current transaction and begin a new one. commit Enter this command in any configuration mode.

Save the current transaction, exit the current configuration mode, and return to exec mode.

end Enter this command in any mode.

Neither save nor delete the current transaction when returning to the next highest level configuration mode; commit the transaction when exiting global configuration mode and returning to exec mode.

exit Enter this command in any mode.

Table 2-3 Access Online Help


Obtain help for the current command. ?

Obtain help for using the ? command. help

CLI Tasks


Recall Previous Command EntriesTable 2-4 lists two Emacs-style command keyboard sequences that allow you to step through previously entered commands.

Edit Command EntriesTable 2-5 lists additional Emacs-style command keyboard sequences.

Complete a CommandYou can use the Tab key in any mode to complete a command. Partially typing a command name and pressing the Tab key causes the command to be displayed in full to the point where a further choice has to be made.

Note To enter the ? character as part of a command, when it is not a request for online Help, enter the Esc key followed by the ? character.

Table 2-4 Recall Previously Entered Commands

Keyboard Description

Ctrl+p or up arrow Recalls previous command in the command history

Ctrl+n or down arrow Recalls next command in the command history

Table 2-5 Additional Emacs-Style Keyboard Sequences

Keyboard Description

Ctrl+f or right arrow Moves cursor forward one character

Ctrl+b or left arrow Moves cursor backward one character

Esc+f Moves cursor forward one word

Esc+b Moves cursor backward one word

Ctrl+a Moves cursor to beginning of line

Ctrl+e Moves cursor to end of line

Ctrl+k Deletes to end of line

Ctrl+u Deletes to beginning of line

Ctrl+d Deletes character

Esc+d Deletes word

Ctrl+c Quits editing the current line

Ctrl+l Refreshes (redraws) the current line

Ctrl+t Transposes current character with previous

CLI Examples

Using the CLI 2-7

Navigate CLI OutputThe CLI automatically pages output for console, Telnet, and SSH sessions. The SmartEdge OS prints “--more--” to indicate the presence of more output. To navigate command output, use the keyboard sequences described in Table 2-6.

CLI Examples

This section provides configuration examples for:

• Exit Command Modes

• Display Available Commands, Keywords, and Arguments

• Manage Database Transactions

Exit Command ModesThe following example exits global configuration mode and returns to exec mode:

[local]Redback(config)#exit[local]Redback#

The following example exits a CLI session:

[local]Redback>exit

The following example exits context configuration mode and returns to exec mode:

[local]Redback(config-ctx)#end[local]Redback#

Table 2-6 Auto-More Keys and Functions

Key Function

q Skips all remaining output and returns to the CLI prompt

Enter Displays one additional line of output

Space Displays the next page of output

b Displays the previous page of output

Note You can use the terminal length and terminal width commands (in exec mode) to specify a terminal size to correctly paginate the output. For more information, see the “Session Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

CLI Examples


Display Available Commands, Keywords, and ArgumentsThe following output displays the first few commands available for an administrator with a default privilege level of 6 (> prompt):

[local]Redback>?bulkstats Manage bulk statistics collection filedisable Drop into disable administrator modeenable Modify command mode privilegeexit Exit exec modehelp Description of the interactive help systemmodify Modify condition action for ACL rulemonitor Monitor informationmore Display the contents of a filemrinfo Request multicast router informationmtrace Trace reverse multicast path from source to receiverno Disable an interactive optionping Packet Internet Groper Commandreauthorize Reauthorize subscriber using RADIUSshow Show running system informationssh Execute SSH/SSHD commandstalk talk to administratortelnet Telnet to a hostterminal Modify terminal settingstraceroute Trace route to destination

The following example uses partial help to display all commands (in global configuration mode) that begin with the character sequence cl:

[local]Redback(config)#cl?

clock clock-source

The following example uses full help to display the next argument of a partially complete clock command in global configuration mode:

[local]Redback(config)#system clock ?

summer-time Configure summer (daylight savings) timetimezone Configure time zone

Manage Database TransactionsThis section provides examples for the following types of database transactions:

• Commit Transactions

• Delete Transactions

• Provide Comments for Transactions

Command Descriptions

Using the CLI 2-9

Commit TransactionsThe following example commits the current database transaction in 60 minutes, and includes the comment, Cfg BGP in local ctx, to help identify the commit:

[local]Redback(config)#commit in 60 Cfg BGP in local ctx

The following example, by another administrator logged on to the current session, displays information about the transaction:

[local]Redback>show transaction

TID State User Wait Comment-------------------------------------------------------------------3491 Waiting to Commit admin1 60 min Cfg BGP in local ctx

For more information on the show transaction command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Delete TransactionsThe following example deletes the current transaction:

[local]Redback(config)#abort

Provide Comments for TransactionsThe following example provides a comment for the current transaction:

[local]Redback(config-ctx)#comment Config context local


This section describes the syntax and usage guidelines for the commands used to initiate and navigate the CLI, manage database transactions, and display command history. The commands are presented in alphabetical order.

? abort comment commit disable

enable end exit help



??

PurposeDisplays brief system help for the available commands or command options.

Command Modeall modes

Syntax DescriptionThis command has no keywords or arguments.

DefaultNone

Usage GuidelinesUse the ? command to display brief system help on the available commands or command options.

To list all valid commands available in the current mode, enter a question mark (?) at the system prompt.

To list the associated keywords or arguments for a command, enter the ? command in place of a keyword or argument on the command line. This form of help is called full help, because it lists the keywords or arguments that apply to the command based on the full command, keywords, and arguments you have already entered.

To obtain a list of commands or keywords that begin with a particular character string, enter the abbreviated command or keyword immediately followed by the ? command. This form of help is called partial help, because it lists only the commands or keywords that begin with the abbreviation you entered.

ExamplesThe following example displays the first few commands available for an administrator with a default privilege level of 6 (> prompt):

[local]Redback>?

bulkstats Manage bulk statistics collection filedisable Drop into disable administrator modeenable Modify command mode privilege...

Note To enter the ? character as part of a command, when it is not a request for online Help, enter the Esc character followed by the ? character.


Using the CLI 2-11

The following example shows how to use partial help to display all commands (in global configuration mode) that begin with the character sequence sy:

[local]Redback(config)#sy?

system system clock-source

The following example shows how to use full help to display the next argument of a partially complete system clock command (in global configuration mode):

[local]Redback(config)#system clock ?

summer-time Configure summer (daylight savings) timetimezone Configure time zone

[local]Redback(config-ctx)#system clock

Related Commandshelp



abortabort

PurposeDeletes an outstanding database transaction.

Command Modeall configuration modes


DefaultNone

Usage GuidelinesUse the abort command to delete an outstanding database transaction, which includes all configuration commands entered since the beginning of the configuration session, or since the latest abort or commit command.

In any configuration mode, this command deletes the database transaction for the current configuration session; a new database transaction is started for the configuration session, and subsequent commands entered in the session are part of the new transaction.

ExamplesThe following example deletes the current database transaction:

[local]Redback#abort

Related Commandscomment commit

Caution Risk of data loss. When you use the abort command (in any configuration mode) to delete the current transaction, all configuration information associated with the transaction is deleted and cannot be recovered. To minimize the risk, save your configuration before and after you enter the transaction commands, and do not abort the transaction without ensuring that you do not need the commands in it.


Using the CLI 2-13

commentcomment text

PurposeAssigns a comment to the current configuration database transaction.


Syntax Description

DefaultNone

Usage GuidelinesUse the comment command to assign a textual description to the current configuration database transaction. This string displays in the output of the show transaction command (in any mode). For more information on the show transaction command (in any mode), see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

You can modify the comment at any point during a configuration session.

ExamplesThe following example assigns a comment for the current configuration database transaction:

[local]Redback(config-ctx)#comment Config context local

Related Commandsabort commit

text Text string of up to 25 characters describing the current configuration database transaction.

Note When you enter the comment command, any existing comment is overwritten.



commitcommit [{at yyyy:mm:dd:hh:mm[:ss]} | {in minutes}] [text]

PurposeCommits an outstanding configuration database transaction.


Syntax Description

DefaultIn any configuration mode, commits the current configuration database transaction.

Usage GuidelinesUse the commit command to commit an outstanding configuration database transaction. You can use the at or in keywords to schedule the transaction to be committed at a later time. You can also associate a comment with the transaction.

Commands entered in any configuration mode do not immediately change the working configuration of the router. Outstanding configuration commands are maintained in a transaction. To commit the transaction so that the commands take effect, you must enter the commit command.

When any database transaction is committed, a new database transaction is started for the configuration session, and subsequent commands entered in the session are part of the new transaction.

at yyyy:mm:dd:hh:mm[:ss] Optional. Time at which to commit the configuration database transaction, specified as year, month, day, hour, minutes, and optionally, seconds. The hour is in a 24-hour format; for example, 6:00 p.m. is 18:00. This construct is not allowed in exec mode.

in minutes Optional. Number of minutes to wait before committing current database transaction. This construct is not allowed in exec mode.

text Optional. Text string of up to 25 characters describing the transaction.

Caution Risk of incorrect operation. You can cause problems in your system if you commit configuration changes to the database before you validate them. To reduce the risk, always save your configuration before and after you enter the transaction commands in separate files, and validate the configuration changes in the transaction before you commit it.


Using the CLI 2-15

ExamplesThe following example examines commits the current database transaction in 60 minutes, with the comment Cfg BGP in local ctx:

[local]Redback(config)#commit in 60 Cfg BGP in local ctx

The following example displays information on the transaction:

[local]Redback>show transaction

TID State Sequence State InformationUser Comment

-------------------------------------------------------------------------------3491 Waiting to Commit 3634 Committing in 60 min

admin1 Cfg BGP in local ctx

For more information on the show transaction command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Related Commands

Note The configuration database is locked whenever the system is not ready to incorporate your configuration commands with the commit command. During a database locked situation, you can enter global configuration mode, and can test out modifications, but you cannot commit these changes. If you attempt to commit a configuration change when the database is locked, you are notified with a prompt to either wait for the lock to be freed, or to return to the configuration mode prompt:

• Waiting causes the system to wait until the lock is freed or up to 20 seconds before prompting you again.

• Returning to the configuration mode prompt leaves your configuration changes as they are, so that you can make more configuration changes or commit your changes at a later time.

abortcomment

end exit



disabledisable

PurposeReturns the privilege level for the current exec session to the initial privilege level configured for the current administrator account.

Command Modeexec

Syntax DescriptionThis command has no arguments or keywords.

DefaultNone

Usage GuidelinesUse the disable command to return the privilege level for the current exec session to the initial privilege level configured for the current administrator account. The no enable command (in exec mode) performs the same function. This command is available for any privilege level.

ExamplesThe following example displays the enabled privilege level for the current exec session:

[local]Redback#show privilege

Current privilege level is 15

The following example returns the current exec session to the initial privilege level for the administrator:

[local]Redback#disable[local]Redback>show privilege level

The current privilege level is 6

Related Commands

enableprivilege max

privilege startshow privilege


Using the CLI 2-17

enableenable [level]

no enable

PurposeModifies the privilege level for the current exec session.

Command Modeexec

Syntax Description

DefaultWhen you enter this command without the level argument, the current exec session is held at level 15. For whatever value is set, the administrator’s privilege level must be the same or higher.

Usage GuidelinesUse the enable command to modify the privilege level for the current exec session. Use the level argument to select the desired privilege level, up to the maximum privilege level configured for this administrator account. If this argument is omitted, the maximum privilege level (15) is enabled. This command is available for any privilege level.

If no passwords have been configured and if local authentication is enabled, you can enter the enable command (in exec mode) only on the console port; the system does not prompt for a password. By default, local authentication is enabled; see the enable authentication command (in context configuration mode). If at least one password has been configured, you can enter the enable command from the console or a remote session; see the enable password and enabled encrypted commands (in context configuration mode).

You can use the enable command to enter a privilege level password only if a password for the privilege level has been set. If you attempt to use this command for a privilege level that has no password, the system displays an error message and does not change the privilege level for the exec session. For information on the privilege level passwords, see Chapter 6, “Context Configuration.”

Use the no form of this command to return to the initial privilege level configured for the administrator account. The disable command (in exec mode) performs the same function.

level Optional. Requested privilege level. The range of values is 0 to 15; if you do not enter a value, the system defaults to 15.



ExamplesThe following example shows the results of an attempt by an administrator to set the privilege level for the exec session to a privilege level for which no password is configured:

[local]Redback>enable 10

%No enable password configured for this level

The following example shows how to set the current exec session privilege level to 15. The system prompts for the password, which the system does not display on the screen. After the administrator enters the correct password, the system enters privileged mode as indicated by the pound sign (#) in the prompt.


Password:[local]Redback#

Related Commands

disableenableenable authenticationenable encrypted

enable passwordprivilege maxprivilege startshow privilege


Using the CLI 2-19

endend

PurposeExits the current configuration mode and returns to exec mode.



DefaultNone

Usage GuidelinesUse the end command to exit the current configuration mode and return to exec mode. When you enter this command, all commands that you have entered since the beginning of the configuration session, or since the last abort or commit command (in any configuration mode), are committed to the database.

ExamplesThe following example displays an administrator exiting context configuration mode and returning to exec mode:

[local]Redback(config-ctx)#end[local]Redback#

Related Commandsabort commit exit



exitexit

PurposeExits the current configuration mode and returns to the next highest level configuration mode. At the exec prompt, closes an active terminal or console session and terminates the session.



DefaultNone

Usage GuidelinesUse the exit command to exit the current configuration mode, return to exec mode, or close an active terminal or console session.

Entering this command (in any configuration mode) exits the current configuration mode and returns to the next highest level configuration mode. When you enter this command (in global configuration mode) and return to exec mode, all commands that you have entered since the beginning of the configuration session, or since the last abort or commit command (in any configuration mode), are committed to the database.

ExamplesThe following example shows an administrator exiting global configuration mode and returning to exec mode:

[local]Redback(config)#exit[local]Redback#

The following example shows how to exit an active Telnet session:

[local]Redback>exit

Related Commandsabort commit end


Using the CLI 2-21

helphelp

PurposeDescribes how to use the question mark (?) command to display help about available commands or command options.



DefaultNone

Usage GuidelinesUse the help command to display a brief description of the ? command. You can enter this command in any mode. The output describes full help, which you use to identify all possible arguments to a command or command keyword; and partial help, which you use to identify how to complete a command keyword.

ExamplesThe following example displays the output from the help command:

[local]Redback>help

Help may be requested at any point in a command by enteringa question mark '?'. If nothing matches, the help list willbe empty and you must backup until entering a '?' shows theavailable options.Two styles of help are provided:1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possibleargument.

2. Partial help is provided when an abbreviated argument is enteredand you want to know what arguments match the input(e.g. 'show pr?'.)

Related Commands?

Configuration File Management 3-1

C h a p t e r 3

Configuration File Management

This chapter provides an overview of file storage and configuration files and describes the tasks and commands that are used to load and save system configuration files through the SmartEdge® OS.

For a description of the tasks used to administer file storage and releases, see the “File and Release Operations” chapter in the Basic System Operations Guide for the SmartEdge OS. For information about the boot loader interface, see the “System Recovery Operations” section in the “Bootrom Operations” appendix in the Basic System Operations Guide for the SmartEdge OS.


• Overview

• File Management Tasks

• File Management Examples


Overview

This section includes the following topics:

• Software Storage Organization

• Configuration Files




Overview


• Storage for System Images and Configuration Files

• URLs

Software Storage OrganizationEach SmartEdge chassis can contain one or two controller cards. If there are two controller cards, one is active and the other is standby. Each controller card has two internal compact-flash cards: one to store the SmartEdge OS, configuration, and other system files, and one to store the low-level software. The compact-flash card for the low-level software is not accessible from the command-line interface (CLI).

The compact-flash card stores the operating system files. Storage on the compact-flash card is divided into three independent partitions: p01, p02, and /flash:

• The p01 and p02 partitions are system boot partitions used to store SmartEdge OS image files; one is the active partition and one is the alternate partition.

The active partition always stores the current SmartEdge OS image files; the alternate partition is either empty or stores the SmartEdge OS image files from a previous release.

The controller cards in the SmartEdge router ship with the current SmartEdge OS release, which consists of many files, installed in the active partition, either p01 or p02. The system is configured to automatically load the release installed on the active partition when the system is powered up.

• The /flash partition is configured as a UNIX-based local file system device and is used to store configuration files, core dump files, and other operating system files.

• The size of the compact flash cards in the active and standby controllers cards need not match, but both controllers cards must have at least 192 MB capacity.

You can also install a 1-GB mass-storage device in the external slot of a controller card for additional storage space. The device is divided into two independent partitions, a UNIX-based file system, /md, and a partition to store operating system core dumps.

Configuration FilesA configuration file is a script of configuration commands that can be loaded into the system. Configuration files can contain partial configurations and more than one can be read at any time. This allows you to keep sequences of commands that may be required from time to time.

A configuration file can have two versions: a text version and a binary version. The system generates both versions of the file when you enter the save configuration command (in exec mode).

By default (if a different file has not been specified with the boot configuration command, in global configuration mode), the system automatically loads the binary version of the system configuration file, redback.bin, from the local file system during system power on or reload. If the binary version does not exist, or if it does not match the redback.cfg file, the system loads the redback.cfg file.

The redback.cfg file is loaded on the file system at the factory, but if the file does not exist, the system automatically generates a minimal configuration. You can then begin to modify the configuration.

You can modify the active system configuration in both of the following ways:

Note If you install a mass-storage device in the active controller card, you must also install one in the standby controller card.

Overview


• You can change the system configuration interactively.

• You can create and modify configuration files offline.

An interactive configuration consists of beginning a CLI session, and then accessing global configuration mode by entering the configure command (in exec mode). In global configuration mode, you can enter any number of configuration commands.

An offline configuration allows you to enter configuration commands using any text editor and save the file to be loaded by the operating system at a later time.

The SmartEdge OS supports comment lines within configuration files. To add a comment to your configuration file, simply begin the line using the exclamation point (!) key. When you load a configuration file, any line that begins with the ! key is not processed as a command.

Storage for System Images and Configuration FilesSystem images and configuration files can be stored locally in the /flash partition on the internal compact-flash card or in the /md partition on the mass-storage device.

You can also store them on a remote server and access them using the File Transfer Protocol (FTP), Remote Copy Protocol (RCP), Secure Copy Protocol (SCP), Secure Shell FTP (SFTP), or Trivial FTP (TFTP).

You can also use the Redback® proprietary Management Information Base (MIB), RBN-CONFIG-FILE-MIB, to save and load configuration files to and from a TFTP or FTP server. The server must be reachable through one of the system ports.

URLsMany SmartEdge OS commands use a URL to access a file. For details on a particular command, see the “Usage Guidelines” section for that command in the appropriate chapter. When referring to a file on the local file system, the URL takes the following form:

[/device][/directory]/filename.ext

Configuration files can be stored on the local file system (/flash) or on the mass-storage device (/md) on a SmartEdge system. The device argument can be flash, or if a mass-storage device is installed, md. If the device argument is not specified, the default value is the device in the current working directory. If the directory argument is not specified, the default value is the current directory. Directories can be nested. The filename argument can be up to 256 characters in length.

You can also access files using the FTP, RCP, SCP, SFTP, or TFTP. Table 3-1 describes the syntax for the url argument when accessing a remote server.

Note For operations that request the use of transfer protocol, such as FTP, SCP, or TFTP, it is assumed that there is a system configured and reachable by the SmartEdge router to service these requests.

Table 3-1 url Syntax for Accessing a Remote Server

Server Protocol URL Format

FTP, SCP, or SFTP ftp://username[:passwd]@{ip-addr | hostname}[//directory]/filename.extscp://username[:passwd]@{ip-addr | hostname}[//directory]/filename.extsftp://username[:passwd]@{ip-addr | hostname}[//directory]/filename.ext

RCP rcp://username@{ip-addr | hostname}[//directory]/filename.ext

File Management Tasks


File Management Tasks

To load and save configuration files, perform the tasks described in Table 3-2.

File Management Examples

The following example loads the configuration file, test.cfg:

[local]Redback(config)#configure test.cfg besteffort verbose


This section describes the syntax and usage guidelines for the commands used to load and save system configuration files. The commands are presented in alphabetical order.

TFTP ftp://{ip-addr | hostname}[//directory]/filename.ext

Note Use double slashes (//) if the pathname to the directory on the remote server is an absolute pathname; use a single slash (/) if it is a relative pathname (under the hierarchy of username account home directory).

You can specify the hostname argument only if the Domain Name System (DNS) is enabled with the ip domain-lookup, ip domain-name, and ip name-servers commands (in context configuration mode). For more information, see the “DNS Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Note In this section, the command syntax in the task table displays only the root command; for the complete command syntax, see the full description for the command in the “Command Descriptions” section.

Table 3-2 Load and Save Configuration Files


Set the boot configuration file. boot configuration Enter this command in global configuration mode.

Load a configuration file. configure Enter the configure and save configuration commands in exec mode. You must specify the URL of the file.Save the running configuration to a specified file

on the local or a remote file system.save configuration

boot configuration configure save configuration

Table 3-1 url Syntax for Accessing a Remote Server (continued)




boot configurationboot configuration url

no boot configuration url

default boot configuration

PurposeSpecifies a configuration file to be read when the system boots.

Command Mode global configuration

Syntax Description

DefaultThe boot configuration file is /flash/redback.cfg.

Usage GuidelinesUse the boot configuration command to specify a configuration file to be read when the system is loaded after a power on sequence or a reload. When you enter this command, any previously configured boot configuration file is replaced.

You must specify a file on the local file system, with a URL in the following form:


The device argument can be flash, or if a mass-storage device is installed, md. If the device argument is not specified, the default value is the device in the current working directory. If the directory argument is not specified, the default value is the current directory. Directories can be nested. The filename argument can be up to 256 characters in length.

Use the no form of this command to undo a previous boot configuration command. You must provide the same url argument provided in that previous command.

Use the default form of this command to set the configuration file to the default boot configuration file.

ExamplesThe following example specifies that the file, old_config.cfg, be loaded when the system is reloaded or powered on:

[local]Redback(config)#boot configuration /flash/old_config.cfg

url URL of a configuration file to be read at boot time.

Note The system loads the binary version of the redback.cfg file if it is available. The system creates the binary version when you enter the save configuration command (in exec mode) without specifying a filename.



The following example specifies that the default configuration file be loaded when the system is reloaded or powered on:

[local]Redback(config)#default boot configuration

Related Commandsconfigure



configureconfigure url [besteffort [implicit]] [verbose [lines]]

PurposeConfigures the system from a preexisting configuration file on the local or a remote file system.

Command Modeexec (10)

Syntax Description

DefaultNone

Usage GuidelinesUse the configure url command to configure the system from a configuration file on the local or a remote file system. Configuration commands are read from the file associated with the URL that you specify with the url argument. The system does not restart when loading a configuration file.

When referring to a file on the local file system, the URL takes the following form:


The device argument can be flash, or if a mass-storage device is installed, md. If the device argument is not specified, the default value is the device in the current working directory. If the directory argument is not specified, the default value is the current directory. Directories can be nested. The filename argument can be up to 256 characters in length.

You can also access files using the File Transfer Protocol (FTP), Remote Copy Protocol (RCP), Secured Copy Protocol (SCP), Secured FTP (SFTP), or Trivial FTP (TFTP).

url URL of an existing configuration file. For the format of this argument, see the “Usage Guidelines” section.

besteffort Optional. Ignores errors in the configuration file, and continues executing the command file.

implicit Optional. Commits the changes to the configuration database as the file is processed.

verbose Optional. Displays each line and its line number when configuring from a preexisting configuration file.

lines Optional. Number of configuration file lines to process. The range of values is 1 to 4,294,967,295; the default value is to process all lines.



Table 3-3 describes the syntax for the url argument when accessing a file on a remote server.

The filename argument can be up to 256 characters in length. The hostname argument can only be used if Domain Name System (DNS) is enabled with the ip domain-lookup, ip domain-name, and ip name-servers commands (in context configuration mode). For more information, see the “DNS Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

By default, if an error is encountered, the system displays a message and stops processing the configuration file. Use the besteffort keyword to configure the system to continue processing a file, even if an error is encountered; in this case, all commands in the configuration file that do not fail are applied to the database.

Use the implicit keyword to commit the configuration changes to the database as the file is processed unless the database or a database record is locked.

If the system stops a commit because of a database lock, the system displays the following message:

Database lock contention detectedglobally locked for:

and then displays the reason for the database lock with the following prompt:

Would you like to wait (w) or abort (a)?

If the system stops a commit because of a record lock, the system displays the following message:

Database lock contention detectedlocked by process nn with transaction id nnnnlocking transaction was started on transaction-date-time

Would you like to wait (w) or abort (a)?

Enter w to wait until the database is unlocked; enter a to cancel the current transaction and roll back the database to the previous commit.

Table 3-3 url Syntax for Accessing a File on a Remote Server





Note Use the // if the pathname to the directory on the remote server is an absolute pathname; use a single / if it is a relative pathname (under the hierarchy of username account home directory).

Note If you enter this command without specifying a URL, the system begins an interactive configuration session and enters global configuration mode. For information about using the configure command for this purpose, see Chapter 5, “Basic System Configuration.”



Possible reasons for a database lock include:

• Standby synchronization—The online database in the memory of the standby controller card is being synchronized with the online database in the memory of the active controller card.

• Binary configuration—The binary configuration file on the local file system is being updated from the online database.

• Switchover—The system is in the process of switching over from the currently active controller card to the standby controller card.

• Backend bulk download—The online database is being accessed by another process on the system.

ExamplesThe following example configures the system from a configuration file on the local file system:

[local]Redback#configure /flash/old_config.cfg

Related Commandsexit



save configurationsave configuration [url] [-noconfirm]

PurposeSaves the current configuration of the SmartEdge router to a specified file.


Syntax Description

DefaultCommands are saved to the default configuration file.

Usage GuidelinesUse the save configuration command to save the current configuration of the system to a specified file.

Only those commands that modify the default configuration of the SmartEdge router are saved.

When saving the configuration to the local file system, the URL takes the following form:


The device argument can be flash, or if a mass-storage device is installed, md. If the device argument is not specified, the default value is the device in the current working directory. If the directory argument is not specified, the default value is the current directory. Directories can be nested. The filename argument can be up to 256 characters in length. If the filename.ext argument is not specified, the configuration is saved to redback.cfg.

To ensure that the binary version of the default configuration file (/flash/redback.bin) is created correctly when saving to redback.cfg, enter this command without a filename or specify redback.cfg as the filename without a device or directory. For more information about these files, see the “Configuration Files” section.

When saving the configuration to a remote server, you can use the File Transfer Protocol (FTP), Remote Copy Protocol (RCP), Secured Copy Protocol (SCP), Secured FTP (SFTP), or Trivial FTP (TFTP).

url Optional. URL of the file to which the configuration is saved; if not specified the configuration is saved to redback.cfg.

-noconfirm Optional. Replaces an existing file without prompting for confirmation.



Table 3-4 describes the syntax for the url argument when saving the file to a remote server.

The filename argument can be up to 256 characters in length. The hostname argument can be used only if Domain Naming System (DNS) is enabled with the ip domain-lookup, ip domain-name, and ip name-servers commands (in context configuration mode). For more information, see the “DNS Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

If you attempt to overwrite an existing file on the local file system, the system prompts you for confirmation. Use the optional -noconfirm keyword to replace an existing file without providing confirmation to the system. In either case, the system saves a backup of the existing file with the .bak file extension. Only a single copy of the file is saved as a backup.

ExamplesThe following example saves the current active system configuration to a file, current.cfg, on the local file system. The user is prompted to overwrite an existing file.

[local]Redback#save configuration /flash/current.cfg

Save to file: current.cfgTarget file exists, overwrite? y

The following example shows that the existing current.cfg file has been saved as current.cfg.bak:

[local]Redback#directory /flash

Contents of /flashtotal 2590-rw-r--r-- 1 root 10000 4564 Mar 21 2003 current.cfg-rw-r--r-- 1 root 10000 3654 Mar 24 2003 current.cfg.bak-rw-r--r-- 1 root 10000 1578 Jan 20 2003 redback.cfg

Related Commandsboot configuration

Table 3-4 url Syntax for the save Command





Note Use the // if the pathname to the directory on the remote server is an absolute pathname; use a single / if it is a relative pathname (under the hierarchy of username account home directory).

P a r t 3

Session and System

This part describes the tasks and commands used to configure system access and basic system parameters through the SmartEdge® OS command-line interface (CLI).


• Chapter 4, “System Access Configuration”

• Chapter 5, “Basic System Configuration”

System Access Configuration 4-1

C h a p t e r 4

System Access Configuration

This chapter provides an overview of accessing the SmartEdge® router and its software, describes the tasks used to configure system access features, and provides configuration examples and detailed descriptions of the commands used to configure system access through the SmartEdge OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer system access, see the “Session Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview

• Configuration Tasks

• Configuration Examples


Overview

You can access the SmartEdge OS software and its command line-interface (CLI) using either of the following methods:

• The console port—Located on the controller card and labeled “Craft 2”; you can connect a terminal to this port, either directly or through a terminal server.

• The Ethernet management port—Located on the controller card and labeled “ENET”; you can configure the system to enable remote access using Telnet and Secure Shell (SSH) with this port; you can then access the system remotely using a LAN.

Remote access through the Ethernet management port is disabled by default.

Remote access enables remote file operations, such as downloading and uploading files from and to a remote server, with utilities such as File Transfer Protocol (FTP), Secure Shell FTP (SFTP), Trivial FTP (TFTP), and others.

Configuration Tasks


Configuration Tasks

This section describes the tasks used to configure the system to allow access through Telnet and SSH, access remote systems supported by the SmartEdge OS, and relay any relevant system messages to the user. It includes the following topics:

• Log On to the Console Port for the First Time

• Configure a Local Administrator Account

• Secure the Standby Console Port

• Configure a Lawful Intercept Administrator or User Account

• Configure the Management Port

• Configure SSH Remote Access Attributes

• Configure SmartEdge OS Banners

• Configure Session Inactivity Timers

Log On to the Console Port for the First TimeYou can connect a terminal to this port, either directly or through a terminal server; see the appropriate hardware guide for your system for information about connecting and configuring a terminal for use with the console port.

Before you configure the system, the console is not secure; to initiate a session, simply press Enter.





Configuration Tasks


Configure a Local Administrator AccountTo secure the local console and enable remote access, you must configure at least one administrator account on the system. For a newly installed system with only the local context available, you configure an administrator account in the local context. For information about administrator accounts configured in any context, see Chapter 6, “Context Configuration.”

To configure an administrator account, perform the tasks described in Table 4-1.

Secure the Standby Console PortOn SmartEdge routers equipped with two controller cards, the standby console port is on the standby controller card is labeled “Craft 2.” You can connect a terminal to this port, either directly or through a terminal server.

Before you configure the system, the standby console port is not secure. To initiate a session, you simply press Enter.

To secure the standby console port, use the same commands that you use to configure an administrator account on the active console port; see “Configure a Local Administrator Account” on page 3.

Configure a Lawful Intercept Administrator or User AccountTo configure a lawful intercept administrator or user account, see the “Lawful Intercept Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Configure the Management PortThe management port is the 10/100 Ethernet port located on the controller card and is designated for system management. The management port is usually configured in the local context.

Table 4-1 Configure an Administrator Account


1. Access context configuration mode. context Enter this command in global configuration mode.Specify local as the context.

2. Create an administrator logon account, secure the console port, enable remote access to the system, and access administrator configuration mode.

administrator Enter this command in content configuration mode.

3. Specify general attributes for the account; enter these commands in administrator configuration mode (all attributes are optional):

Assign a full name or textual description for the administrator.

full-name

Specify the initial privilege level for exec sessions initiated by an administrator.

privilege start The default value is 6; specify a setting of 10 to allow the local administrator to enter configuration commands without needing to enter the enable command (in exec mode).

Specify the maximum privilege level for an administrator.

privilege max The default value is 15, which is suitable for the local administrator.

Specify public key authentication for an administrator accessing the SmartEdge OS CLI through SSH.

public-key

Configuration Tasks


To configure the management port, perform the tasks described in Table 4-2.

Configure SSH Remote Access AttributesThe SmartEdge OS software supports SSH and Telnet access to the CLI.

Remote access to the CLI using SSH is similar to remote access using Telnet, in that administrators use the same administrator name and password stored in the SmartEdge OS configuration file, in Remote Authentication Dial-In User Service (RADIUS), or in Terminal Access Controller Access Control System Plus (TACACS+). The difference is that with SSH, the interactive session is encrypted with the single DES encryption algorithm.

You must complete the tasks described in Table 4-2 before you configure the SSH attributes.

To configure the global SSH attributes, perform one or more of the tasks described in Table 4-3; enter all commands in global configuration mode.

Note Only the management port on the active controller card is enabled. By default, when the system is powered on or reloaded, the active controller card is in slot 6 in the SmartEdge 400 chassis and slot 7 in the SmartEdge 800 and SmartEdge 1200 chassis.

Table 4-2 Configure the Management Port


1. Accesses context configuration mode. context Enter this command in global configuration mode. Specify local as the context.

2. Creates an interface for the management port and access interface configuration mode.

interface Enter this command in context configuration mode.

3. Assigns an IP address to the interface. ip address Enter this command in interface configuration mode.

4. Selects the management port and access port configuration mode.

port ethernet Enter this command in global configuration mode.The Ethernet management port is port 1 on a controller card. The slot number is 6 in a SmartEdge 400 chassis and slot 7 in a SmartEdge 800 chassis. For a description of this command, see the “ATM, Ethernet, and POS Port Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

5. Binds the management port to the interface created in step 2.

bind interface For a description of this command, see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

6. Disables the port. shutdown Use the no form to enable the port. For a description of this command, see the “Clear-Channel and Channelized Port and Channel Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Note If the system has dual controller cards installed, it is sufficient to configure the Ethernet management port on the controller card in slot 6 or 7, depending on the chassis. Access to the system is switched to the standby controller card if it should become the active controller card during normal operations.

Configuration Tasks


Configure SmartEdge OS BannersTo configure banners to display different types of messages seen by administrators and subscribers, perform one or more of the tasks described in Table 4-4; enter all commands in global configuration mode.

Configure Session Inactivity TimersTo configure session inactivity timers, perform one or more of the tasks described in Table 4-5; enter all commands in global configuration mode.

Table 4-3 Configure SSH Attributes


Specify the maximum number of concurrent SSH sessions on the system.

ssh server full-drop The SmartEdge OS supports up to 32 concurrent administrative sessions (Telnet and SSH) plus one connection to the console port.

Specify the number of concurrent sessions after which the system starts dropping SSH connection requests.

ssh server start-drop

Specify the rate at which the system drops SSH connection requests after the start-drop value has been reached.

ssh server rate-drop

Note The preceding task table configures the global attributes of remote administrative sessions. The number of authenticated administrative sessions in any context is also configurable. For more information about specifying the maximum number of authenticated administrative sessions in a context, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Table 4-4 Configure SmartEdge OS Banners


Create a message that displays after a user logs on to the system.

banner exec

Create a message of the day (MOTD) that displays on all connected systems before the login prompt.

banner motd The message displays only for Telnet and SSH sessions.

Create a message that displays on all connected systems after the login prompt.

banner login The message displays only for Telnet and SSH sessions.

Table 4-5 Configure Session Inactivity Timers


Set the amount of time the system waits before timing out during a logon attempt.

timeout login

Set the amount of time before a CLI session times out. timeout session

Configuration Examples



The following example displays the creation of an administrator account with the administrator name super and the password icandoanything. Because this account is created in the local context, this administrator is able to view and modify the entire system configuration, and view all running information on the system. When the administrator logs on to the system, the initial privilege level is 10. The administrator can modify the privilege level up to the maximum of 15.

[local]Redback#configure[local]Redback(config)#context local[local]Redback(config-ctx)#administrator super password icandoanything[local]Redback(config-administrator)#full-name "Fred P. Lynch x.1234"[local]Redback(config-administrator)#privilege start 10[local]Redback(config-administrator)#privilege max 15

The following example configures the management port on the controller card in slot 7:

[local]Redback#configure!Create the interface in the local context and assign an IP address[local]Redback(config)#context local[local]Redback(config-ctx)#interface mgmt[local]Redback(config-if)#ip address 192.168.110.1 255.255.255.0[local]Redback(config-if)#exit

!Configure the management port[local]Redback(config)#port ethernet 7/1[local]Redback(config-port)#bind interface mgmt local[local]Redback(config-port)#no shutdown[local]Redback(config-port)#end

The following example configures the system banners:

[local]Redback#configure[local]Redback(config)#banner motd /Warning - System going down at 0400./[local]Redback(config)#banner exec /Welcome to Redback SmartEdge OS/

There are many different tools that provide Telnet access to a system. The following example initiates a Telnet session to the system with hostname Redback from a UNIX system. The administrator super types in the icandoanything password to log on; the password is not echoed by the SmartEdge OS.

unix>telnet Redback

Connected to Redback.Escape character is ‘^]’.

Username:super@localPassword:[local]Redback#..[local]Redback#exit




This section describes the syntax and usage guidelines for the commands used to configure system access features. The commands are presented in alphabetical order.

banner execbanner loginbanner motdssh server full-drop

ssh server rate-dropssh server start-droptimeout logintimeout session



banner execbanner exec delimited-text

no banner exec

PurposeCreates a message that displays after a user logs on to the system.


Syntax Description

DefaultNo banner is defined.

Usage GuidelinesUse the banner exec command to create a message that displays after a user logs on to the system. The system accepts multiple lines of input; you must enter the matching delimiter to end the message. You can use any character as the delimiting character.

Use the no form of this command to delete the message. You do not need to delete an existing message to change it. When you create a new message, the old one is overwritten.

ExamplesThe following example configures a message to be displayed after users log on to the system. The message is delimited by the backslash (/) character.

[local]Redback(config)#banner exec /Logged in to system Redback. Welcome to exec mode/

The following example configures a message using the letter z as the delimiting character:

[local]Redback(config)#banner exec zWarning - System going down at 0400.z

Users then see the following output after logging on to the system:

Redback login:administratorjeannepassword:xxxxxxxx

System going down at 0400.

[local]Redback#

delimited-text Alphanumeric text to be displayed, using a delimiting character at the beginning and end of the message.



Related Commandsbanner login banner motd



banner loginbanner login delimited-text

no banner login

PurposeCreates a message that displays after a user logs on to the system.


Syntax Description

DefaultNo login banner is defined.

Usage GuidelinesUse the banner login command to create a message that displays after a user logs on to the system. The system accepts multiple lines of input; you must enter the matching delimiter to end the message. You can use any character as the delimiting character.


ExamplesThe following example configures a message to be displayed when a user logs on to the system, using the backslash (/) character as the delimiter:

[local]Redback(config)#banner login /Welcome to system Redback. Unauthorized access is prohibited./

Users then see the following output after logging on to the system:

Redback login:administratorlassiepassword:xxxxxxxx

Welcome to system Redback. Unauthorized access is prohibited.

[local]Redback#


Note The message displays only for Telnet and Secure Shell (SSH) sessions.



Related Commandsbanner exec banner motd



banner motdbanner motd delimited-text

no banner motd

PurposeCreates a message of the day (MOTD) that displays before the logon prompt on all connected systems.


Syntax Description

DefaultNo MOTD banner is defined.

Usage GuidelinesUse the banner motd command to create an MOTD to display before the logon prompt. The system accepts multiple lines of input; you must enter the matching delimiter to end the message. You can use any character as the delimiting character.


ExamplesThe following example configures a message to be displayed before the logon prompt on all connected systems:

[local]Redback(config)#banner motd /Welcome to system Redback./

Users then see the following output before logging on to the system:

Welcome to system Redback.

Redback login:

Related Commandsbanner exec banner login


Note The message displays only for Telnet and Secure Shell (SSH) sessions.



ssh server full-dropssh server full-drop max-num

default ssh server full-drop

PurposeSpecifies the maximum number of concurrent Secure Shell (SSH) sessions permitted on the system.

Command Modeglobal configuration

Syntax Description

DefaultA maximum of 16 concurrent SSH sessions is permitted on the system.

Usage GuidelinesUse the ssh server full-drop command to specify the maximum number of concurrent SSH sessions permitted on the system. The system drops all SSH connection requests after the maximum number of concurrent sessions is established.

The SmartEdge OS supports up to 32 concurrent administrative sessions (Telnet and SSH) plus one connection to the console port. If the number of concurrent SSH sessions reaches the maximum set by this command, the remaining administrative sessions must be Telnet sessions.

While this command specifies a global system-wide limit to the number of SSH administrative sessions, you can also specify context-specific maximums for administrative sessions (Telnet and SSH) in one or more contexts, using the aaa authentication administrator command (in context configuration mode) with the maximum sessions num-sess construct. The number of concurrent Telnet and SSH sessions is governed by the configuration of context-specific limits as follows:

• Within a context, if the maximum number of permitted administrative sessions is larger than the maximum number of globally permitted SSH sessions, the remaining sessions (num-sess–max-num) for that context must be Telnet sessions.

• Within the system, the maximum number of concurrent sessions permitted is either 32 or the sum of all sessions permitted for each context, whichever is smaller. If the maximum number of concurrent sessions permitted on the system is greater than the maximum number of permitted SSH sessions, the remaining sessions must be Telnet sessions.

Use the default form of this command to return an attribute to the default value.

max-num Maximum number of concurrent SSH sessions permitted on the system. The range of values is 0 to 32; the default value is 16.



ExamplesThe following example limits the number of concurrent SSH sessions on the system to 10. It limits the maximum number of concurrent administrative sessions in the local context to 10 and in the isp1 context to 2:

[local]Redback(config)#ssh server full-drop 10[local]Redback(config)#context local[local]Redback(config-ctx)#aaa authentication administrator maximum sessions 10[local]Redback(config)#context isp1[local]Redback(config-ctx)#aaa authentication administrator maximum sessions 2

As a result, there can be no more than 12 concurrent administrative sessions on the system and at least two of them must be Telnet sessions.

Related Commandsssh server rate-drop ssh server start-drop



ssh server rate-dropssh server rate-drop rate

default ssh server rate-drop

PurposeSpecifies the rate at which the system drops Secure Shell (SSH) connection requests when the start drop value has been reached.


Syntax Description

DefaultThe drop value is 100%.

Usage GuidelinesUse the ssh server rate-drop command to specify the rate at which the system drops SSH connection requests when the start drop value has been reached.

This command is used in conjunction with the ssh server full-drop and ssh server start-drop commands (in global configuration mode) to instruct the system how to handle incoming SSH connection requests. After the number of sessions established on the system equals the number configured for the ssh server start-drop value, the system drops incoming SSH connection requests at the value specified by the ssh server rate-drop command.

Use the default form of this command to return an attribute to the default value.

ExamplesThe following example configures the maximum number of SSH sessions to the system to 10; the starting drop number to 5, and the drop value to 50. With this configuration, the system establishes the first five SSH sessions. The system then drops 50% (or one out of every two) subsequent connection requests until ten concurrent sessions are established. The system does not accept any additional SSH connections after ten concurrent SSH sessions are established.

[local]Redback(config)#ssh server start-drop 5[local]Redback(config)#ssh server rate-drop 50[local]Redback(config)#ssh server full-drop 10

Related Commandsssh server full-drop ssh server start-drop

rate Percentage of dropping unauthenticated connections after the start drop value has been exceeded. The range of values is 1 to 100; the default value is 100%.



ssh server start-dropssh server start-drop start-num

default ssh server start-drop

PurposeConfigures the number of Secure Shell (SSH) connections after which the system can start to drop connection requests.


Syntax Description

DefaultThe system drops connections after 40 concurrent sessions.

Usage GuidelinesUse the ssh server start-drop command to configure the number of SSH connections after which the system can start to drop connection requests.

This command is used in conjunction with the ssh server rate-drop and ssh server full-drop commands (in global configuration mode) to instruct the system how to handle incoming SSH connection requests. After this value has been exceeded, the system can drop subsequent SSH connection requests at the rate configured by the ssh server rate-drop command. After the number of connections specified by the ssh server full-drop command are established, the system drops all subsequent connection requests.

Use the default form of this command to return to the default value.

ExamplesThe following example configures the maximum number of SSH sessions to the system to 10; the starting drop number to 5, and the drop rate to 50. The result is that five SSH connections to the system are allowed. After the fifth connection, subsequent connection requests have a 50% chance of being dropped. The system will not accept any SSH connections after ten concurrent SSH sessions are established.

[local]Redback(config)#ssh server start-drop 5[local]Redback(config)#ssh server rate-drop 50[local]Redback(config)#ssh server full-drop 10

Related Commandsssh server full-drop ssh server rate-drop

start-num Number of connections after which the system starts dropping connection requests. The range of values is 1 to 90; the default value is 40.



timeout logintimeout login response minutes

{no | default} timeout login response

PurposeSets the amount of time the system waits before timing out during a logon attempt after a Telnet or SSH session starts.


Syntax Description

DefaultThe system waits 10 minutes for a response during a logon attempt after a Telnet or SSH session starts.

Usage GuidelinesUse the timeout login command to set the amount of time the system waits before timing out during log on attempt after a Telnet or SSH session starts.

Use the no form of this command to disable the logon timeout value.

Use the default form of this command to configure the default logon timeout value.

ExamplesThe following example configures the system to time out if a user does not enter logon information for 5 minutes:

[local]Redback(config)#timeout login response 5

Related Commandstimeout session

response minutes Time, in minutes, that the system waits before timing out during a logon attempt after a Telnet or SSH session starts. The range of values is 1 to 99,999; the default value is 10.



timeout sessiontimeout session idle minutes

{no | default} timeout session idle

PurposeSpecifies the maximum idle timeout for any administrator account or administrator sessions on the console port (in global configuration mode), or disables the global or administrator session idle timer.

Command Modeadministrator configurationglobal configuration

Syntax Description

DefaultThe maximum session idle time for the administrator account is governed by the global session idle timer. The maximum session idle time is 10 minutes.

Usage GuidelinesUse the timeout session idle command to specify the maximum idle time for any administrator account session, or disable the global or administrator session idle timer. When specified, the system disconnects any session with no input for the specified time. The value that you specify in the administrator session overrides the value specified for the global session idle timer; if disabled, there is no timeout value.

To specify a different timeout session for a specific administrator, use this command (in administrator configuration mode); the value you specify for a specific administrator overrides the value specified for the global session idle timer.

Use the no form of this command to disable the global session idle timer; the global form of the command does not affect the session idle timer for a specific administrator.

Use the default form of this command to specify the default value for the global session idle timer.

ExamplesThe following example configures the system to disconnect any administrator session after remaining idle for 30 minutes:

[local]Redback(config)#timeout session idle 30

The following example specifies the session idle timer for this administrator to 60 minutes. This value overrides the value specified for the global session idle timer.

[local]Redback(config-administrator)#timeout session idle 60

idle minutes Time, in minutes, that the session remains connected without input before timing out. The range of values is 1 to 99,999; the default value is 10.



Related Commandstimeout login

Basic System Configuration 5-1

C h a p t e r 5

Basic System Configuration

This chapter provides an overview of basic system parameters, describes the tasks used to configure them, provides configuration examples and detailed descriptions of the commands used to configure basic system parameters through the SmartEdge® OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer basic system parameters, see the “System Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview




Overview

Basic system parameters identify and locate the system being used, establish basic services, enable software for paid licensed features, set the system clock parameters, set Transmission Control Protocol (TCP) keepalive parameters, and modify command-line interface (CLI) commands for the system.




Configuration Tasks


Certain key features in the SmartEdge OS are separately licensed. These features can be selectively enabled and disabled, using the paid license password for a feature. These features include:

• Layer 2 Tunneling Protocol (L2TP) features and functions—There is a single license for all L2TP features and functions.

• Multiprotocol Label Switching (MPLS) features and functions—There is a single license for all MPLS features and functions.

• Subscriber features and functions—There are separate licenses for specifying the number of active subscribers, enabling dynamic services for subscribers, and specifying the average subscriber bandwidth, and specifying that subscriber sessions remain active during a controller card switchover for any reason. Dynamic subscriber services include nonstatic Asynchronous Transfer Mode (ATM) profiles, the dynamic assignment of profiles to ATM permanent virtual circuits (PVCs), clientless IP service selection (CLIPS) circuits, HTTP redirect, and Remote Authentication Dial-In User Service (RADIUS) refresh.

Configuration Tasks

This section includes the tasks to configure basic system parameters:

• Access Global Configuration Mode

• Configure the System Identity

• Configure Service Options

• Enable Software Licensing

• Configure the System Clock

• Configure the TCP Keepalive Parameters

• Configure CLI Command Aliases, Privileges, and Macros

Access Global Configuration ModeTo perform any configuration task, you must first access global configuration mode. To access global configuration mode, perform the task in Table 5-1.


Table 5-1 Access Global Configuration Mode


Access global configuration mode. configure Enter this command in exec mode.

Configuration Tasks


Configure the System IdentityTo configure the system contact, location, Link Aggregation Control Protocol (LACP) address and priority levels, and system hostname, perform the tasks described in Table 5-2; enter all commands in global configuration mode.

Configure Service OptionsWhen configuring service options, you cannot create a context until you have enabled the multiple context feature; the only context available without this feature is the local context.

To configure service options, perform one or more of the tasks described in Table 5-3; enter all commands in global configuration mode.

Table 5-2 Configure the System Identity


Identify the department or person to contact, and how, for information regarding the system.

system contact

Query the user before creating a new context. system confirmations context

Specify the system hostname. system hostname The default hostname is Redback.

Configures the MAC address that will be used in the LACP packet negotiation with peers.

system lacp mac-address

Configure the LACP priority order that will be used in the LACP packet negotiation with peers.

system lacp priority The default value is 2.

Configure the system location information. system location

Caution Risk of data loss. If the console port is directly attached to the serial port of a computer running Windows NT or UNIX, the computer might send a break sequence when it reboots. This has the affect of halting the system and entering kernel debug mode. To reduce the risk, do not enable the console-break feature if the workstation attached to the console port is running Windows NT or UNIX.

Table 5-3 Configure Service Options


Enable the creation of multiple contexts. service multiple-contexts

Enable the automatic reload of the PPA code on a traffic card if either of its PPAs becomes inoperable.

service card-auto-reload This command enables automatic reload for all traffic cards.

Enable automatic system recovery when a process halts. service auto-system-recovery

Enable the console break feature. service console-break

Enable an application-layer protocol (FTP, RCP, SCP, SFTP, SSH, Telnet, TFTP).

service

Configuration Tasks


Enable Software LicensingCertain features and functions that are supported in the SmartEdge OS require a paid software license. To make use of one of these features or functions, you must enable it with a password that is provided by Redback® when that license fee is paid. Each feature or function requires its own unique password.

To enable software licensing for one or more of these features and functions, perform the tasks described in Table 5-4.

Configure the System ClockThe system clock is the logical clock running the hardware and software functions of the SmartEdge router, regardless of the source of its timing. The real-time clock is a battery backed-up clock derived from an on-board oscillator that updates the system clock during system reload and other circumstances. For further information on clocks, see the hardware guide for your SmartEdge router.

To configure the system clock, perform the tasks described in Table 5-5. Enter all commands in global configuration mode, except the clock set command, which is entered in exec mode.

Note Enabling the license for LI features is restricted to LI administrators and users. For more information about enabling licensing for LI features, see the “Lawful Intercept Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Table 5-4 Enable Software Licensing


1. Enable software licensing and access software license configuration mode.

software license Enter this command in global configuration mode.

2. Enable the license for a feature and its functions; enter these commands in software license configuration mode:

L2TP features and functions. l2tp You must specify the L2TP functions to be enabled.

MPLS features and functions. mpls All MPLS functions are enabled.

Subscriber features and functions. subscriber You must specify the subscriber functions to be enabled.

Table 5-5 Configure the System Clock


1. Specify the type of timing interface. system clock-source timing-type This command is for XCRP3 and XCRP4 Controller cards only.

2. Optional. Specify the clock source with one of the following tasks:

• Specify an internal source. system clock-source The default value is the active controller card.

• Specify an external source. system clock-source external

3. Define one or more time zones, including the one in which the system is located.

system clock timezone Use the local keyword to identify the zone in which the system is located.

Configuration Tasks


Configure the TCP Keepalive ParametersTo modify the TCP keepalive parameters, perform the task described in Table 5-6; enter the command in global configuration mode.

Configure CLI Command Aliases, Privileges, and MacrosA command alias is a character string that you would like to use in place of a command string. You typically use aliases to create shortcuts for frequently used commands. A command macro is an extended alias that allows you to define a sequence of commands to run with the macro name, instead of entering each command separately.

Each command has a privilege level that determines, given the privilege assigned to the administrator, who can enter the command. For more information about privilege levels for commands and administrators, see the “Privilege Levels” section in Chapter 1, “Overview.”

The following tasks are described in this section:

• Configure a CLI Command Alias or Privilege

• Create a CLI Command Macro

Configure a CLI Command Alias or PrivilegeTo modify the privilege for a CLI command or create an alias for it, perform the tasks described in Table 5-7; enter all commands in global configuration mode.

4. Optional. Enable the system to automatically switch to daylight saving or standard time.

system clock summer-time

5. Set the current time and date. clock set Sets both system and real-time clock. Enter this command in exec mode.

Table 5-6 Configure TCP Keepalive Parameters


Optional. Modify the following TCP keepalive parameters as needed by your configuration:• Maximum number of times the SmartEdge OS tries to re-establish a

dropped connection. • Amount of time that the SmartEdge OS allows a TCP connection to remain

open. • Amount of time that the SmartEdge OS keeps an idle connection open

before disconnecting it.

tcp keepalive

Table 5-7 Configure a CLI Command Alias or Privilege


Define an alias for a command. alias

Assign a privilege level to a command to expand or restrict its use. privilege

Table 5-5 Configure the System Clock (continued)




Create a CLI Command MacroTo create a macro for one or more CLI commands, perform the tasks described in Table 5-8.


This section includes examples for the following tasks:

• System Identification and Services

• Software Licensing

• System Clock

• Command Alias

• Command Macro

• Command Privilege

System Identification and ServicesThe following example defines system contact information, hostname, location, and services:

[local]Redback#configure[local]Redback(config)#system contact IS Hotline 1-800-555-1567[local]Redback(config)#system hostname freebird[local]freebird(config)#system location Building 3, 2nd Floor, Lab 3[local]freebird(config)#service multiple-contexts[local]freebird(config)#service card-auto-reload[local]freebird(config)#service auto-system-recovery

Note To disable alias processing for a particular command, begin the command line with the backslash (\) character.

Caution Risk of disabled commands. It is possible to create an alias that disables existing commands. To reduce the risk, use care when you define aliases. Avoid defining an alias name that is a SmartEdge OS command keyword or a partial keyword. Aliases apply to all users on a system.

Table 5-8 Create a CLI Command Macro


1. Define a macro and enter macro configuration mode. macro Enter this command in global configuration mode.

2. Specify a command in the macro. seq Enter this command in macro configuration mode. Use this command for each command to be included in the macro.

3. Complete the macro. exit Enter this command in all modes.



Software LicensingThe following example enables the features and functions for paid license features and functions; a unique password is required for each feature or function to be enabled:

[local]Redback#configure[local]Redback(config)#software license

!Enable L2TP[local]Redback(config-license)#l2tp lns password l2tp-password

!Enable MPLS[local]Redback(config-license)#mpls password mpls-password

!Enable up to 32,000 active subscribers[local]Redback(config-license)#subscriber active 32000 password sub-active32-password

!Enable ATM dynamic profiles, CLIPS dynamic circuits, HTTP redirect, RADIUS refresh[local]Redback(config-license)#subscriber dynamic-service password sub-dynamic-password

!Enable hitless switchover for subscriber sessions[local]Redback(config-license)#subscriber high-availability password sub-high-password

System ClockThe following example shows how to specify system clock settings; the SmartEdge router has either XCRP3 or XCRP4 Controller cards installed and the external source is a synchronization supply unit (SSU) with an E1 interface:

[local]Redback(config)#system clock-source timing-type sdh[local]Redback(config)#system clock-source external primary framing crc4

Command AliasThe following example defines the string, pc, as a shortcut for the show port counters command, and then demonstrates the use of the new alias:

[local]Redback(config)#alias inherit pc show port counters[local]Redback(config)#end[local]Redback#pc 4/1

Port Type Pkts/Bytes Sent Pkts/Bytes Received4/1 atm 0 0

For more information on the show port counters command, see the “Card, Port, and Channel Operations” chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS.



Command MacroThe following example defines the show-port-all macro:

[local]Redback(config)#macro inherit show-port-all[local]Redback(config-macro)#seq 10 show port $1/$2[local]Redback(config-macro)#seq 20 show circuit $1/$2[local]Redback(config-macro)#exit

The following example displays port data for port 3 of the traffic card in slot 4 using the same macro:

[local]Redback>show-port-all 4 3

Command PrivilegeThe following example assigns the minimum privilege level to all commands that start with the snmp keyword to 12:

[local]Redback(config)#privilege config inherit level 12 snmp


This section describes the syntax and usage guidelines for the commands used to configure basic system parameters. The commands are presented in alphabetical order.

alias clock setconfigurel2tp macro mpls privilege seq service service auto-system-recovery service card-auto-reload service console-break software license

subscribersystem clock-source system clock-source external system clock-source timing-type system clock summer-time system clock timezone system confirmations context system contact system hostname system lacp mac-address system lacp priority system location tcp keepalive



aliasalias {exec | inherit | mode} alias-name command-string

no alias {exec | inherit | mode} alias-name

PurposeDefines an alias for a command.


Syntax Description

DefaultNone

Usage GuidelinesUse the alias command to define an alias for a command. A command alias is a character string that you can use in place of a command string. Aliases are typically used to create shortcuts for frequently used commands. When aliases are defined, the software examines each command for a match in the alias table. If the system finds an alias match, it replaces the alias with the associated command string prior to processing the command.

Table 5-9 lists all mode prompt and keyword exceptions for the alias command. Except for those listed in Table 5-9, the keyword for the mode argument is the command mode prompt. For a list of all keywords, see the command-line interface (CLI) online Help.

exec Specifies that the macro be available (in exec mode).

inherit Defines the alias in all modes.

mode Configuration mode in which the alias is available; see Table 5-9 for exceptions.

alias-name Alias name.

command-string Command string to be substituted for the alias.

Table 5-9 Exceptions for the alias Command

Mode Description Mode Prompt Mode Keyword

Network Address Translation (NAT) access control list

policy-acl nat-policy-acl

NAT access control list class policy-acl-class nat-policy-acl-class

Caution Risk of disabled commands. It is possible to create an alias that disables existing commands. To reduce the risk, use care when you define aliases. Avoid defining an alias name that is a SmartEdge OS command keyword or a partial keyword. Aliases apply to all users on a system.



You can bypass alias processing for a single command by beginning a command line with the backslash (\) character.

Use the no form of this command to remove an alias.

ExamplesThe following example defines the alias, sc, (in exec mode) as show configuration:

[local]Redback(config)#alias exec sc show configuration[local]Redback>sc

Building configuration...

Current configuration:!! Configuration last changed by user 'test' at Wed Jan 29 11:20:03 2003!context localport ethernet 7/1!end

The following example shows how the definition of an alias can cause unexpected problems. The first example defines the alias, sh, (in all modes) as show configuration.

[local]Redback(config)#alias inherit sh show configuration

As a result, show chassis command is disabled; the show chassis command is interpreted to mean show configuration chassis, which results in an error.

For more information on the show configuration command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

The following example demonstrates the use of the backslash character (\) to disable alias processing for the command:

[local]Redback>\sh chassis

Related Commandsmacro



clock setclock set yyyy:mm:dd:hh:mm[:ss]

PurposeSets the time of day and calendar date of both the system clock and the real-time clock.


Syntax Description

DefaultNone

Usage GuidelinesUse the clock set command in exec mode to set the time of day and calendar date of the time-of-day clock and, if present on the installed controller cards, the real-time clock (RTC). The time-of-day clock for a SmartEdge router is implemented in software. When a system with an XCRP3 or XCRP4 Controller card is powered on, the RTC sets the time-of-day clock; otherwise, the time-of-day clock is undefined until it is configured and set using the SmartEdge OS. The time-of-day clock can be maintained by synchronization with a Network Time Protocol (NTP) server. Periodically, the SmartEdge OS updates the RTC based on the current value of the time-of-day clock.

To configure the system clock, which is different from the time-of-day clock and RTC, enter the system clock-source, system clock-source external, or system clock-source timing-type command in global configuration mode. To configure the time-of-day clock, enter the clock set, system clock summer-time, or system clock timezone command (in global configuration mode). The system clock performs system hardware timing functions. See Table 5-5 on page 5-4 for more information on configuring the system clock.

ExamplesThe following example sets the clock to 12:01 p.m. on Jun 28, 2005:

[local]Redback#clock set 2005:06:28:12:01

yyyy:mm:dd:hh:mm[:ss] Year, month, day, hour, minutes, and optionally, seconds. The hour is expressed in a 24-hour format; for example, 6:00 p.m. is 18:00.

Note The setting of the time-of-day clock is not preserved across system reloads unless the controller card has an RTC. On system reload, the time-of-day clock is initialized with the current setting of the RTC.



Related Commands

system clock-sourcesystem clock-source externalsystem clock-source timing-type

system clock summer-timesystem clock timezone



configureconfigure

PurposeEnters global configuration mode.


Syntax DescriptionThis command has no arguments or keywords.

DefaultNone

Usage GuidelinesUse the configure command to enter global configuration mode. This mode provides commands that allow you to make changes that are universal to the system, such as configuring the system clock or creating login banners. It also provides commands that allow you to enter other configuration modes.

To show information on the changes you are implementing, use the show configuration command. For more information on the show configuration command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

ExamplesThe following example enters global configuration mode:

[local]Redback#configure

Enter configuration commands, one per line, 'end' to exit[local]Redback(config)#

Related CommandsNone

Note To load a configuration file, enter the configure url command (in exec mode). For information about using the configure command for that purpose, see Chapter 3, “Configuration File Management.”



l2tpl2tp [all] {encrypted 1 | password} password

no l2tp [all]

PurposeEnables Layer 2 Tunneling Protocol (L2TP) features and functions.

Command Modesoftware license configuration

Syntax Description

DefaultL2TP features and functions are disabled.

Usage GuidelinesUse the l2tp command to enable L2TP features and functions. You can specify the password argument in either encrypted or unencrypted form. Neither form displays by the show configuration command command (in any mode). For more information on the show configuration command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no form of this command to disable L2TP features and functions. A password is not required if you are disabling the license for any of the L2TP features and functions; it is ignored if entered.

ExamplesThe following example licenses L2TP features and functions. The password is in an unencrypted form:

[local]Redback(config-license)#l2tp all password l2tp-password

Related Commandsmpls software license subscriber

all Optional. Enables all L2TP features and functions; this is the default.

encrypted 1 Specifies that the password that follows is encrypted.

password Specifies that the password that follows is not encrypted

password Paid license password that is required to enable L2TP features and functions. The password argument is unique for L2TP and is provided at the time the software license is paid.



macromacro {exec | inherit | mode} macro-name

no macro {exec | inherit | mode} macro-name

PurposeDefines an alias for a sequence of commands and accesses macro configuration mode.


Syntax Description

DefaultNo macros are defined.

Usage GuidelinesUse the macro command to define an alias for a sequence of commands. After entering macro configuration mode, you enter the commands to be included in the macro using the seq command (in macro configuration mode).

Table 5-10 lists all the mode prompts and keyword exceptions for the macro command. Except for the modes listed in Table 5-10, the keyword for the mode argument is the command mode prompt. For a list of all keywords, see the command-line interface (CLI) online Help.

Use the exit command (in macro configuration mode) to complete the macro and exit to global configuration mode.

Use the no form of this command to delete the macro.

exec Specifies that the macro be available in exec mode.

inherit Specifies that the macro be available in exec mode.

mode Configuration mode in which the macro is available; see Table 5-10 for exceptions.

macro-name Name of the macro to be defined.

Table 5-10 Mode Prompts and Keyword Exceptions for the macro Command

Mode Description Mode Prompt Mode Keyword

Network Address Translation (NAT) access control list

policy-acl nat-policy-acl

NAT access control list class policy-acl-class nat-policy-acl-class



ExamplesThe following example defines a macro, show-port-all, to display port information:


The following example displays port data for port 3 of the traffic card in slot 4 using the show-port-all macro:


The following example defines the macro, show-all, that uses the $ character:

[local]Redback(config)#macro inherit show-all[local]Redback(config-macro)#seq 10 show config $*[local]Redback(config-macro)#seq 30 show circuit $*[local]Redback(config-macro)#exit

The following example displays Asynchronous Transfer Mode (ATM) and Frame Relay configuration and circuits using the show-all macro:

[local]Redback>show-all atm frame-relay

Related Commandsalias seq



mplsmpls {encrypted 1 | password} password

no mpls

PurposeEnables Multiprotocol Label Switching (MPLS) features and functions.


Syntax Description

DefaultMPLS features and functions are disabled.

Usage GuidelinesUse the mpls command to enable MPLS features and functions. You can specify the password argument in either encrypted or unencrypted form. Neither form displays by the show configuration command command (in any mode). For more information on the show configuration command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no form of this command to disable MPLS features and functions. A password is not required if you are disabling the license for MPLS features and functions; it is ignored if entered.

ExamplesThe following example licenses MPLS. The password is in an unencrypted form.

[local]Redback(config-license)#mpls password mpls-password

Related Commandsl2tp software license subscriber


password Specifies that the password that follows is not encrypted.

password Paid license password that is required to enable MPLS features and functions. The password argument is unique for MPLS and is provided at the time the software license is paid. Optional only when using the no form.



privilegeprivilege mode [inherit] level level command

{no | default} privilege mode command

PurposeAssigns a different privilege level to the specified command.


Syntax Description

DefaultFor the default minimum privilege level, see the individual commands. In general, most exec mode commands require privilege level 3, and most configuration mode commands require privilege level 10.

Usage GuidelinesUse the privilege command to assign a different privilege level to a specific command or set of commands.

Use the inherit keyword to modify the privilege level of all commands that begin with one or more keywords within a particular mode. For example, to modify all commands that begin with the snmp keyword (snmp community, snmp server, snmp target, and so on) in global configuration mode, specify config for the mode argument, the inherit keyword, and snmp for the command argument; the command appears as follows:

[local]Redback(config)#privilege config inherit snmp

If you are an administrator at privilege level 15, you can determine the privilege level of any given command by recursively applying the enable and show ? commands at level 15, level 14, level 13, and so on. Initially, all commands at privilege level 15 and lower are listed, then all commands at privilege level 14 and lower, and do on. Be aware that this method yields the current privilege levels, which could be different from the default privilege levels.

Use the no or default form of this command to return a command to the default privilege level.

mode Mode of the command.

inherit Optional. Assigns the specified privilege level to all keywords that follow the last keyword specified in the command argument.

level level Minimum privilege level required to generate the specified command. The range of values is 0 to 15.

command Command keyword (or keywords).



ExamplesThe following example assigns the minimum privilege level to the abort and commit commands (in exec mode) to 15:

[local]Redback(config)#privilege exec abort level 15[local]Redback(config)#privilege exec commit level 15

The following example assigns the minimum privilege level, 12, to all global configuration mode commands that start with the snmp keyword:

[local]Redback(config)#privilege configuration inherit level 12 snmp

Related Commandsenable privilege max privilege start



seqseq num command-string [param-num]...

no seq num

PurposeSpecifies a command in the macro.

Command Modemacro configuration

Syntax Description

DefaultNo commands are specified for a macro.

Usage GuidelinesUse the seq command to specify a command to be included in the macro.

Use $1, $2, and so on, as placeholders in the command-string argument to designate the arguments for the command. You can specify up to nine placeholders, $1 to $9, for command arguments. Use the asterisk (*) character to specify all values of that argument for the command.

Use the exit command (in macro configuration mode) to complete the macro and exit to global configuration mode.

Use the no form of this command to delete the command from the macro.

ExamplesThe following example defines the macro, show-all-port, to display port information:


num Sequence number that denotes the order in which this command is included in the macro.

command-string Command with the appropriate keywords, arguments, and constructs to be included in the macro. Use the $ symbol as a placeholder in the command-string argument to designate the arguments for the command.

param-num Optional. Sequence number of a parameter to be entered with the macro name. Separate the sequence numbers with a space. The range of values is 1 to 10; the asterisk (*) character is also supported.



The following example displays port and circuit data for port 3 of the traffic card in slot 4 using the same macro:


The following example defines a macro that uses the * character:

[local]Redback(config)#macro inherit show-all[local]Redback(config-macro)#seq 10 show config $*[local]Redback(config-macro)#seq 20 show ip interface $*[local]Redback(config-macro)#seq 30 show circuit $*[local]Redback(config-macro)#exit

The following example captures the information displayed by the same macro in the file, output.txt:

[local]Redback>show-all | append output.txt

Related Commandsalias macro



serviceservice protocol [client] [server]

no service protocol [client] [server]

PurposeEnables application-layer protocols in a context.

Command Modecontext configuration

Syntax Description

DefaultThe FTP, RCP, SCP, SFTP, SSH, Telnet, and TFTP servers are enabled in the local context and disabled in all other contexts; the SCP, SFTP, SSH, Telnet, and TFTP clients are enabled in all contexts.

Usage GuidelinesUse the service command to enable application-layer protocols in a context.

Use the no form of this command to disable application-layer protocols in a context.

ExamplesThe following example enables Telnet service:

[local]Redback(config-ctx)#service telnet

protocol Type of service to enable, according to one of the following keywords:

• ftp—Specifies the File Transfer Protocol (FTP).

• rcp—Specifies the Remote Copy Protocol (RCP).

• scp—Specifies the Secured Copy Protocol (SCP).

• sftp—Specifies the Secured FTP (SFTP).

• ssh—Specifies Secure Shell (SSH) service.

• telnet—Specifies Telnet service.

• tftp—Specifies the Trivial FTP (TFTP).

client Optional. Enables the protocol’s client.

server Optional. Enables the protocol’s server. This keyword is not supported with the FTP and RCP protocols.



service auto-system-recoveryservice auto-system-recovery

no service auto-system-recovery

PurposeEnables automatic system recovery.



DefaultAutomatic system recovery is disabled.

Usage GuidelinesUse the service auto-system-recovery command to enable automatic system recovery.

Automatic system recovery allows the system to recover from an error condition in which a process halts. The recovery is carried out by switching to the standby controller card while reloading the current controller card. If the standby controller is not ready or is absent, only a reload is performed.

Use the no form of this command to disable automatic system recovery.

ExamplesThe following example enables automatic system recovery:

[local]Redback(config)#service auto-system-recovery

Related Commandsservice card-auto-reload

Note The SmartEdge 100 router does not have a standby controller card.



service card-auto-reloadservice card-auto-reload

no service card-auto-reload

PurposeEnables the automatic reload of the Packet Processing ASIC (PPA) code on a traffic card if either of its PPAs becomes inoperable.



DefaultThe PPA code reloads automatically on a traffic card if either of the PPAs becomes inoperable.

Usage GuidelinesUse the service card-auto-reload command to automatically reload the PPA code on a traffic card if either of its PPAs becomes inoperable.

Use the no form of this command to disable the automatic reload of PPA code on a traffic card.

ExamplesThe following example configures the system to automatically reload PPA code on a traffic card on a traffic card if either of its PPAs becomes inoperable:

[local]Redback(config)#service card-auto-reload


Note You enter this command only once to enable automatic reload of the PPA code for any traffic card.



service console-breakservice console-break

no service console-break

PurposeEnables the console break feature.



DefaultThe console break feature is disabled.

Usage GuidelinesUse the service console-break command to enable the console break feature. When this feature is enabled, you can press the Ctrl+Break keys (in sequence) when you are connected to the SmartEdge router through the console port to send a break sequence to the system to halt the system, and enter kernel debug mode.

After the system receives the break sequence from the console, the prompt changes to db>. At this point, you can enter the commands in Table 5-11.

The system waits for a command for 25 seconds. If you do not enter any command within this time, the system automatically reloads.

Use the no form of this command to disable the console break feature. When the feature is disabled, the system does not process a break sequence from the console port.

Table 5-11 Kernel Debug Mode Commands

Kernel Debug Command Description

continue Resumes normal system operation.

reboot Reloads the system (has the same effect as the reload command in exec mode).

Caution Risk of data loss. If the console port is directly attached to the serial port of a computer running Windows NT or UNIX, the computer might send a break sequence when it reboots. This has the affect of halting the system and entering kernel debug mode. To reduce the risk, do not enable the console-break feature if the workstation attached to the console port is running Windows NT or UNIX.



ExamplesThe following example enables the console break feature:

[local]Redback(config)#service console-break




software licensesoftware license

no software license

PurposeEnables software licensing and accesses software license configuration mode.



DefaultNo software licensed features or functions are enabled.

Usage GuidelinesUse the software license command to enable software licensing and access software license configuration mode.

Use the no form to disable software licensing and remove any existing licenses.

ExamplesThe following example enables software licensing and accesses software license configuration mode:

[local]Redback(config)#software license[local]Redback(config-license)#

Related Commandsl2tp mpls subscriber

Note Enabling the license for lawful intercept (LI) features is restricted to LI administrators and users. For more information about enabling licensing for LI features, see the “Lawful Intercept Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.



subscribersubscriber {active sub-num | bandwidth kbits | dynamic-service | high-availability}

{encrypted 1 | password} password

no subscriber active sub-num {encrypted 1 | password} password

no subscriber {bandwidth kbits | dynamic-service | high-availability}

PurposeConfigures the system-level features of subscriber sessions.


Syntax Description

active sub-num Number of active subscriber sessions licensed, according to one of the following keywords:

• 2000—Licenses 2,000 active subscriber sessions.







The number of active subscriber sessions that you can enter depends on your licenses and the SmartEdge router model.

bandwidth kbits Average bandwidth, in kilobits per second (kbps) for each active subscriber session to be licensed, according to one of the following keywords:

• 60—Specifies 60,000 bps.



• 1000—Specifies 1,000,000 bps.

dynamic-service Enables dynamic services features and functions for subscribers. See the “Usage Guidelines” section for more information.

high-availability Enables subscriber sessions to be preserved during a controller card switchover.


password Specifies that the password that follows is not encrypted.



DefaultNo subscriber sessions are licensed, the average bandwidth is 60 kbps for each licensed subscriber session, and the dynamic service and high-availability options for licensed subscriber sessions are disabled.

Usage GuidelinesUse the subscriber command to configure the system-level features of subscriber sessions. This command configures the number of concurrent active subscriber sessions allowed and the average bandwidth for each subscriber session. You can also use it to enable subscriber dynamic services and specify whether subscriber sessions are to be preserved during a controller card switchover.

You can specify a password in either encrypted or unencrypted form. The show configuration command (in any mode) does not display either form of the password.

Use the active sub-num construct to specify the number of active licensed subscriber sessions. You can enter the subscriber command multiple times with this construct. The number of licensed active sessions allowed on the system is the sum of the individual licensed values entered. This construct also enables clientless IP service selection (CLIPS) circuits. You must use this construct to enable any of the other subscriber functions.

Use the bandwidth kbits construct to specify a larger bandwidth for the licensed subscriber sessions.

Use the dynamic-service keyword to enable dynamic services features and functions. These features and functions include:

• Asynchronous Transfer Mode (ATM) nonstatic profiles and the dynamic assignment of ATM profiles to on-demand permanent virtual circuits (PVCs)

• CLIPS dynamic circuits

• Remote Authentication Dial-In User Service (RADIUS) refresh

Use the high-availability keyword to ensure that subscribers sessions are not dropped during a controller card switchover. This option requires that your SmartEdge router has two controller cards installed.

Use the no form of this command to enable the default value for the specified keyword. A password is required for this form only if you are disabling the license for the number of active subscribers.

password Paid license password that is required to enable the subscriber function. The password argument is unique for each value of the sub-num and kbits arguments and for each function; it is provided at the time the license is paid.

Note Subscriber sessions remain active while the traffic card PPA software is upgraded with the new patch release.

Note The SmartEdge 100 router does not have a standby controller card.



ExamplesThe following example licenses 40000 active subscriber sessions, specifies the average bandwidth for them, enables dynamic services, and enables sessions to be preserved during a switchover. (The system has two controller cards installed.)

[local]Redback(config-license)#subscriber active 16000 password sub-active16-password[local]Redback(config-license)#subscriber active 8000 password sub-active8-password[local]Redback(config-license)#subscriber active 2000 password sub-active2-password[local]Redback(config-license)#subscriber bandwidth 250 password sub-band250-password[local]Redback(config-license)#subscriber dynamic-service password sub-dynamic-password[local]Redback(config-license)#subscriber high-availability password sub-high-password

Related Commandsl2tp mpls software license



system clock-sourcesystem clock-source {internal | line {primary | secondary} slot/port}

{no | default} system clock-source {internal | line {primary | secondary} slot/port}

PurposeSpecifies whether the SmartEdge router gets its system clock from an internal source or the receive line of a traffic card.


Syntax Description

DefaultThe transmit clock is generated from the internal clock on the active controller card.

Usage GuidelinesUse the system clock-source command to specify whether the SmartEdge router gets its system clock from an internal source or the receive line of a traffic card. The internal source for the system clock is the Stratum 3 oscillator on the XCRP3 Controller card.

If you specify the line keyword, you can select both a primary and secondary clock source, but not in the same command. Appropriate traffic cards include any Asynchronous Transfer Mode (ATM) OC-3, ATM OC-12, OC-3c/STM-1c, OC-12c/STM-4c, or OC-48c/STM-16c card.

Use the no or default form of this command to select the default value for the clock source.

internal Specifies the internal clock on the active controller card; this is the default.

line Specifies a traffic card receive line as the clock source.

primary Specifies a primary port from which the transmit clock is derived.

secondary Specifies a secondary port from which the transmit clock is derived.

slot Chassis slot number of the port from which the transmit clock is derived.

port Number of the port from which the transmit clock is derived.

Note To set the system clock, enter the clock set command (in exec mode); the clock set command is described in the “System Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Note The SmartEdge 100 router does not support this command.



ExamplesThe following example selects the secondary transmit clock source to be derived from the received clock on port 1 in slot 3:

[local]Redback(config)#system clock-source line secondary 3/1

Related Commands

clock set system clock-source external system clock-source timing-type



system clock-source externalsystem clock-source external {primary | secondary} [framing type]

{no | default} system clock-source external {primary | secondary} [framing framing-type]

PurposeSpecifies external equipment as the source of the transmit data clock for all ports in the system.


Syntax Description

DefaultThe transmit clock is generated from the internal clock on the active controller card.

Usage GuidelinesUse the system clock-source external command to specify external equipment as the source of the transmit data clock for all ports in the system. The type of equipment can be building integrated timing supply (BITS) or synchronization supply unit (SSU).

The type of framing you specify must be compatible with the version of the active controller card:

• For a Cross-Connect Route Processor (XCRP) Version 3 (XCRP3) and Version 4 (XCRP4) Controller card, it must be compatible with the timing interface that you have specified using the system clock-source timing-type command (in global configuration mode).

• For an XCRP Controller card, it must be compatible with the hardware version of the card, either XCRP-T1 BITS (DS-1 interface) or XCRP-E1 SSU (E1 interface).

If the framing type that you specify is incompatible, the system displays a warning message and rejects this command.

primary Specifies a primary external clock source.

secondary Specifies a secondary external clock source

framing type Optional. Framing for the external interface, according to one of the following keywords:

• crc4—Specifies cyclic redundancy check (CRC)-4 framing for an E1 interface.

• esf—Specifies Extended Super Frame (ESF) formatting for a DS-1 interface.

• no-crc4—Specifies non-CRC-4 framing for an E1 interface.

• sf—Specifies Super Frame (SF) formatting for a DS-1 interface.

The default framing type is sf.



To specify an internal source, use the system clock-source command (in global configuration mode).

Use the no or default form of this command to select the default value for the clock source.

ExamplesThe following example selects an external source with the CRC-4 framing to be the primary source for the transmit clock:

[local]Redback(config)#system clock-source external primary framing crc4

Related Commands



clock set system clock-source system clock-source timing-type



system clock-source timing-typesystem clock-source timing-type {sonet | sdh}

{no | default} system clock-source timing-type {sonet | sdh}

PurposeSpecifies the type of timing interface for the Cross-Connect Route Processor (XCRP) Version 3 (XCRP3) and Version 4 (XCRP4) Controller cards.


Syntax Description

DefaultThe timing type is SONET.

Usage GuidelinesUse the system clock-source timing-type command to specify the type of timing interface for the XCRP3 and XCRP4 Controller cards.

This command is available only if the SmartEdge router is running in internal timing mode. It is not available if the SmartEdge router is running in external timing or line timing mode. To disable external timing, enter the no system clock-source external command (in global configuration mode). To disable line timing, enter the no system clock-source command (in global configuration mode).

This command applies only to the XCRP3 and XCRP4 Controller cards; if XCRP Controller cards are installed and you enter this command, the system displays an error message.

Use the no or default form of this command to specify the default timing type.

ExamplesThe following example specifies SDH timing:

[local]Redback(config)#system clock-source timing-type sdh

sonet Specifies Synchronous Optical Network (SONET) timing for the clock interface.

sdh Specifies Synchronous Digital Hierarchy (SDH) timing for the clock interface.





Related Commands

clock set system clock-source system clock-source external



system clock summer-timesystem clock summer-time zone1 zone2 {date yyyy:mm:dd:hh:mm[:ss] yyyy:mm:dd:hh:mm[:ss] |

recurring start-date end-date}

no system clock summer-time zone1 zone2 {date yyyy:mm:dd:hh:mm[:ss] yyyy:mm:dd:hh:mm[:ss] | recurring start-date end-date}

PurposeEnables the system to automatically switch to daylight saving time or standard time.


Syntax Description

DefaultAutomatic switch to daylight saving time is disabled.

zone1 Previously defined name of the time zone to which this adjustment applies; for example, Pacific Standard Time (PST).

zone2 Name of the time zone to be displayed when summer time is in effect; for example, Pacific Daylight Time (PDT).

date Specifies start and end dates for summer time.

yyyy:mm:dd:hh:mm[:ss] Year, month, day, hour, minutes, and optionally seconds expressed in a 24-hour format; for example, 6:30 p.m. is expressed as 18:30.

recurring Indicates if the rules for switching to summer time are the same each year. If the recurring keyword is not followed by date information, the rules for the United States are applied. The offset applied is 60 minutes.

start-date end-date Dates for the beginning and end of summer time. Each argument includes the following components separated by a space:

• week—Week of the month (first, 1 to 4, or last).

• day—Day of the week; for example, Sunday, Monday, and so on.

• month—Month of the year; for example, January, February, and so on.

• hh—Hour of the day, expressed in a 24-hour format; for example, 6:00 p.m. is expressed as 18:00.



Usage GuidelinesUse the system clock summer-time command to enable the system to automatically switch to daylight saving time or standard time.

The start time is relative to standard time and the end time is relative to summer time. If the starting month is after the ending month, the system assumes that you are in the Southern Hemisphere.

The value for the zone1 argument must be a previously defined time zone using the system clock timezone command (in global configuration mode).

The value for the zone2 argument is name of the time zone specified by the zone1 argument when summer time is in effect.

Use the recurring keyword if the rules for switching to summer time are applied in precisely the same way each year. The first set of variables (week, day, month, hh) refers to the start day; the second set refers to the end day.

Alternatively, you can use the date keyword to specify a start and end date for summer time. In the date format, you can specify start and end dates for multiple years at the same time, as long as the time zones to which the dates apply are unique and there is no overlap of dates.

Use the no form of this command to disable the automatic switch to daylight saving time or standard time and delete the information for the specified time zone and for the specified year.

To set the system clock, enter the clock set command (in exec mode); the clock set command is described in the “System Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

ExamplesThe following example enables the system to switch to daylight saving time (summer-time), which will start on the first Sunday in April at 7:00 a.m. and end on the last Sunday in October at 3:00 a.m. for the PST and Mountain Standard Time (MST) time zones, (PDT and MDT, respectively), that were previously defined using the system clock timezone command:

[local]Redback(config)#system clock summer-time PST PDT recurring first Sunday April 6last Sunday October 2

[local]Redback(config)#system clock summer-time MST MDT recurring first Sunday April 6last Sunday October 2

The next example enables the system to switch to daylight saving time in a Southern Hemisphere location:

[local]Redback(config)#system clock summer-time AST ADT date 2005:10:26:02:00 2005:04:06:02:00

The final example disables the automatic switch and deletes the summer time information for the Atlantic Standard Time (AST) time zone:

[local]Redback(config)#no system clock summer-time AST ADT date 2005:10:26:02:00 2005:04:06:02:00

Note You must use the recurring keyword with a specified date, because the system default (U.S. summer time) cannot be deleted. If the time zone for which the summer time information is specified you delete the no system clock timezone command (in global configuration mode). The summer time information is deleted. In addition, the relevant system clock summer-time command is removed from the configuration file.



Related Commandssystem clock timezone



system clock timezonesystem clock timezone zone hours [minutes] [local]

no system clock timezone [zone]

PurposeDefines one or more time zones and their distances from Greenwich Meridian Time (GMC) for display purposes.


Syntax Description

DefaultThe default time zone is GMC. If no time zone is defined with the local keyword, the system uses GMC when displaying time.

Usage GuidelinesUse the system clock timezone command to define one or more time zones and their distances from GMC. The system keeps time in GMC and the specified local time zone displays. The specified local time zone is also used when you enter the clock set command (in exec mode). The clock set command is described in the “System Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

You can specify multiple time zones; the only time zone assumed to be local is the one with the optional local keyword.

Use the no form of this command with the time zone specified to delete previously configured information for that time zone. If the specified time zone was configured as the local time zone, the system reverts to GMC time. Use the no form of this command with no time zone specified to remove all previously configured time zone and corresponding daylight saving information.

zone User-defined name of the time zone to be displayed when standard time is in effect; for example, Pacific Standard Time (PST).

hours Number of hours that the time zone is offset from GMC. The range of values is –23 to 23; the default value is 0.

minutes Optional. Number of minutes that the time zone is offset from GMC. The range of values is 0 to 59; the default value is 0.

local Optional. Specifies that the time zone being defined is the local time zone.



ExamplesThe following example defines Atlantic Standard Time (AST), Eastern Standard Time (EST), Central Standard Time (CST), Mountain Standard Time (MST), PST, and Hawaii Standard Time (HST) time zones. PST is also specified as the local time zone.

[local]Redback(config)#system clock timezone AST –4[local]Redback(config)#system clock timezone EST –5[local]Redback(config)#system clock timezone CST –6[local]Redback(config)#system clock timezone MST –7[local]Redback(config)#system clock timezone PST –8 local[local]Redback(config)#system clock timezone HST –10

The following example deletes the EST time zone information:

[local]Redback(config)#no system clock timezone EST

Related Commandssystem clock summer-time



system confirmations contextsystem confirmations context

no system confirmations context

PurposeEnables the system to query the user when attempting to create a context.



DefaultSystem confirmation query is disabled.

Usage GuidelinesUse the system confirmations context command to enable the system to query a user when attempting to create a context.

Use the no form of this command to restore the default behavior.

ExamplesThe following example displays the system confirmations context command when it is enabled:

[local]Redback(config)#system confirmation context[local]Redback(config)#context accountAre you sure you want to create context account?

Related Commandssystem contact



system contactsystem contact text

no system contact

PurposeIdentifies the system contact.


Syntax Description

DefaultNo system contact information is configured.

Usage GuidelinesUse the system contact command to configure the system to identify the person or department to contact regarding system information. The system contact information is available using the sysContact Management Information Base-II (MIB-II) object. The text argument can be any alphanumeric string, including spaces. The text cannot be longer than one line.

Use the no form of this command to remove system contact information.

ExamplesThe following example sets a contact string:

[local]Redback(config)#system contact IS Hotline 1-800-555-1567

Related Commandssystem hostname system location

text Text that explains the department or person to contact, and how, for information regarding the system.



system hostnamesystem hostname hostname

default system hostname

PurposeSpecifies the system hostname.


Syntax Description

DefaultThe factory-assigned hostname is Redback.

Usage GuidelinesUse the system hostname command to specify the system hostname. This hostname is available using the sysName Management Information Base-II (MIB-II) object. Do not expect the case to be preserved. Uppercase and lowercase characters appear the same to many Internet software applications. It might seem appropriate to capitalize a name, the same way you do in conventional text, but Internet conventions dictate that computer names appear as all lowercase. For more information, see RFC 1178, Choosing a Name for Your Computer.

The name must also follow the rules for Advanced Research Projects Agency Network (ARPANET) hostnames. Names must start with a letter, end with a letter or digit, and have (as interior characters only) letters, digits, hyphens (-), periods (.), and underscores (_). Names must be 63 characters or fewer. For more information, see RFC 1035, Domain Names—Implementation and Specification.

Use the default form of this command to set the hostname to the default.

ExamplesThe following example changes the hostname to freebird:

[local]Redback(config)#system hostname freebird[local]freebird(config)#

Related Commandssystem contact system location

hostname Alphanumeric string to be used as the hostname for the system.



system lacp mac-addresssystem lacp mac-address mac-addr

{no | default} lacp mac-address mac-addr

PurposeConfigures the medium access control (MAC) address that will be used in the Link Aggregation Control Protocol (LACP) packet negotiation with peers.


Syntax Description

DefaultThe MAC address of the system backplane is used.

Usage GuidelinesUse the system lacp mac-address command to configure the MAC address to be used in the system link aggregation group ID (LAG ID) in LACP packets that are exchanged with the peer.

Use the no or default form of this command to revert back to the original MAC address on the system backplane.

ExamplesThe following example changes the MAC address to 11:22:33:44:55:66.

[local]Redback(config)#system lacp mac-address 11:22:33:44:55:66[local]Redback(config)#commit Transaction committed

The following example sets the MAC address back to the default MAC address.

[local]Redback(config)#no system lacp mac-addr [local]Redback(config)#end

Related Commandssystem lacp priority

mac-addr MAC address to be used for the link group in the form hh:hh:hh:hh:hh:hh.



system lacp prioritysystem lacp priority [priority]

default system lacp priority

PurposeConfigures the system Link Aggregation Control Protocol (LACP) priority to be used in the system link aggregation group ID (LAG ID) in LACP packets that are exchanged with the peer.


Syntax Description

DefaultThe default value is 2.

Usage GuidelinesUse the system lacp priority command to configure the system LACP priority to be used in the system link aggregation group ID (LAG ID) in LACP packets that are exchanged with the peer.

Use the default form of this command to set the LACP priority to 2.

ExamplesThe following example sets the LACP packets to priority 4:

[local]Redback(config)#system lacp priority 4[local]Redback(config)#commit Transaction committed

The following example sets the LACP packets back to the default value:

[local]Redback(config)#no system lacp priority 4

Related Commandssystem lacp mac-address

priority Optional. Numeric value that sets the number of LACP packets exchanged between peers; the default value is 2.



system locationsystem location text

no system location

PurposeConfigures the system location information.


Syntax Description

DefaultNo system location is specified.

Usage GuidelinesUse the system location command to configure the system location information available using the sysLocation Management Information Base-II (MIB-II) object. The text argument can be any alphanumeric string, including spaces. The text cannot be longer than one line.

Use the no form of this command to remove system location information.

ExamplesThe following example sets a location string:

[local]Redback(config)#system location Building 3, 2nd Floor, Lab 3

Related Commandssystem contact system hostname

text Text that explains the physical location of the system.



tcp keepalivetcp keepalive [count count-num | idle idle-time | interval interval-time]

default tcp keepalive {count | idle | interval}

PurposeModifies the Transmission Control Protocol (TCP) keepalive parameters.


Syntax Description

DefaultThe values for the TCP keepalive parameters are described in the “Syntax Description” section.

Usage GuidelinesUse the tcp keepalive command to modify the TCP keepalive parameters.

To display the current TCP keepalive settings and TCP status, use the show tcp command (in any mode); for details about this command, see the Basic System Operations Guide for the SmartEdge OS.

Use the default form of this command to return the TCP keepalive parameters to their default settings.

ExamplesThe following example shows how to change the count to 4 tries:

[local]Redback#configure[local]Redback(config)#tcp keepalive count 4


count count-num Optional. Maximum number of times that the SmartEdge OS tries to re-establish a dropped connection. The range of values is 1 to 32; the default value is 8.

idle idle-time Optional. Maximum amount of time, in half-seconds, that the SmartEdge OS allows a TCP connection to remain open. The range of values is 1 to 14,400; the default value is 14,400.

interval interval-time Optional. Amount of time, in half-seconds, that the SmartEdge OS keeps an idle connection open before disconnecting it. The range of values is 1 to 300; the default value is 150.

P a r t 4

Contexts, Interfaces, and Subscribers

This part describes tasks and commands used to configure the basic features for multiple contexts, interfaces, and subscribers, and consists of the following chapters:

• Chapter 6, “Context Configuration”

• Chapter 7, “Interface Configuration”

• Chapter 8, “Subscriber Configuration”

Context Configuration 6-1

C h a p t e r 6

Context Configuration

This chapter provides overview of contexts, describes the tasks used to configure basic features for contexts, and provides configuration examples and detailed descriptions of the commands used to configure these features through the SmartEdge® OS.

For protocol- or feature-specific commands that appear in context configuration mode, see the appropriate chapter in the Routing Protocols Configuration Guide or the IP Services and Security Configuration Guide for the SmartEdge OS, respectively.

For information about the tasks and commands used to monitor, troubleshoot, and administer contexts, see the “Context, Interface, and Subscriber Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview




Overview

One of the most advanced features of the SmartEdge OS is the ability to support both a “local” context and multiple other contexts. A context is an instance of a virtual router, complete with its own management domain, authentication, authorization, and accounting (AAA) name space, IP address space, and routing protocols. A SmartEdge router can support over a thousand contexts. While they share common resources, such as memory and processor cycles, each context is completely independent of all other contexts configured on a SmartEdge router. Contexts are conceptually similar to virtual routing and forwarding (VRF) instances, but are more powerful, and offer advanced capabilities not available in existing VRF implementations.

A context is not a dedicated, hard-wired set of physical ports, slots, CPUs, and memory. It is a logical construct that is created or deleted through configuration commands. The administrator has complete flexibility to determine which ports and circuits are associated with each context.

Overview


A physical circuit, on the other hand, refers to the physical communications channels through which packets are sent to or received by the SmartEdge router. A port, channel, or circuit is not considered part of any context. Examples of circuits, in the broadest sense of the term, include Ethernet, Packet over SONET/SDH (POS), DS-3, and DS-1 ports, and Layer 2 circuit endpoints, such as Asynchronous Transfer Mode (ATM), Frame Relay, and 802.1Q permanent virtual circuits (PVCs).

However, no traffic can flow over a circuit until it is associated with an interface through a configuration step called “binding”. The binding, in SmartEdge terminology, ties a particular circuit to a particular interface, and the circuit is said to be bound to that interface. The binding is simply a configuration statement provided as part of the circuit definition.

This section describes the following concepts:

• Local Context

• Multiple Contexts

• Applications for Multiple Contexts

• Multiple VPN Contexts

• Intercontext Interfaces

• Administrator Authentication to Local and Non-Local Contexts

• Administrator Privileges for Local and Non-Local Contexts

Local ContextA SmartEdge router with a single configured context is similar to traditional networking products. This is referred to as a “single-context configuration”. Every configuration includes the special context “local” that cannot be deleted. In single-context configurations, the local context is the only context.

Multiple ContextsA SmartEdge router configured to support several contexts simultaneously is said to support multiple contexts. The SmartEdge software base is designed to support multiple contexts. All SmartEdge OS features, such as the command-line interface (CLI), management features, such as the Simple Network Management Protocol (SNMP); troubleshooting features, such as ping, traceroute, debug, and system logging, IP addresses, interfaces, access control lists (ACLs); and routing protocol instances, are implemented on a per-context basis. When a new feature is added, it inherits the multicontext infrastructure, allowing the new functions to be used in a multicontext application.

Every context has its own complete implementation of IP routing protocols, including the Border Gateway Protocol (BGP), Open Shortest Path First (OSPF) protocol, Intermediate System-to-Intermediate System (IS-IS) protocol, and the complete IP multicast routing protocol suite. In particular, each BGP instance has its own autonomous system number (ASN), policies, and import and export properties, and each context can contain any mix of Interior Gateway Protocol (IGP) routing protocols. All routing protocols are implemented as multithreaded processes with multiinstance capability, which in combination with an intelligent scheduler, provides an efficient multicontext routing protocol implementation.

Overview


Each context has its own IP address space, which can overlap with the address space of other contexts. Every physical I/O channel—for ports, channels, subchannels, and ATM, Frame Relay, and 802.1Q PVCs—can be associated with a context through configuration commands and the binding process.

A context can have its own unique set of CLI administrators, each with their own (possibly overlapping) administrator names and passwords, and each authenticated through their own set of AAA databases. Each context can have its own SNMP community strings. This support allows Virtual Private Network (VPN) customers visibility into their own routing context for debugging and troubleshooting purposes.

Applications for Multiple ContextsA simple yet powerful application for multiple contexts is olympic services, wherein a provider offers platinum, gold, and silver service classes to its customers, as a function of oversubscription (statistical gain) that is engineered at the access point. This setup takes advantage of the closed administrator group aspect of contexts, and less so of the ability of contexts to support multiple, overlapping address spaces.

Many service providers have different service offerings. For reasons ranging from mergers and acquisitions to organizational structure, these services often operate within their own, respective, autonomous systems. With conventional routers, an independent, physical router must be used for each autonomous system (AS), because conventional routers allow only a single routing instance in an AS.

However, each context in a SmartEdge router can have its own routing instance, for example BGP, and each BGP instance can optionally be a member of its own AS, with its own set of policies. The multiple context capability of the SmartEdge router allows a single router to replace multiple conventional routers in such an application. Each context appears as a virtual router, and thus the SmartEdge router can perform the functions of multiple routers simultaneously. Just as physical routers communicate over physical cables, the virtual routers in the SmartEdge router can communicate over intercontext interfaces.

Multiple VPN ContextsProvider edge (PE) routers maintain a separate VPN context for each VPN connection. Each customer connection, such as an ATM, Frame Relay, or 802.1Q PVC, is mapped to a specific VPN context. Multiple ports on a PE router can be associated with a single VPN context; however, it is the ability of PE routers to maintain multiple VPN contexts that supports the per-VPN segregation of routing information.

Intercontext InterfacesAn intercontext interface allows routing protocols to exchange routing information between two or more contexts within the same physical SmartEdge router; this capability is similar to the exchange of routing information between two physical routers. An intercontext interface can be either a point-to-point intercontext interface or a point-to-multipoint (referred to as a LAN) intercontext interface. The point-to-point type links two intercontext interfaces of two different contexts; for this type of intercontext interface, there can be only two intercontext interfaces with the same ID on the SmartEdge router. The LAN type links multiple interfaces in multiple contexts. For LAN intercontext interfaces, the id argument specifies the group identifier for all the intercontext interfaces with the same ID that are linked together.

Overview


Administrator Authentication to Local and Non-Local ContextsEach context is configured with a AAA search list for authenticating administrators. The AAA search list determines the order in which administrators of a particular context are authenticated. At the logon prompt, the administrator provides a structured administrator name of the form admin-name@ctx-name. The ctx-name portion of the administrator name string selects the context; the AAA search order for that context is used to authenticate the administrator.

The context of the data path through which an administrator’s Telnet or Secure Shell (SSH) packets arrive and leave the SmartEdge router is not dependent on the context to which the administrator authenticates. For example, it is valid for an administrator whose workstation is connected to an Ethernet segment bound to the corpA context to log on to the SmartEdge router as root@local, thereby becoming a local administrator, even though the path through which Telnet or SSH packets arrive is through a port on the SmartEdge router that is bound to the corpA context.

Administrator Privileges for Local and Non-Local ContextsWith regard to the SmartEdge OS concept of multiple contexts, there are three types of administrators:

• Local—An administrator authenticated to the “local” context. The local administrator has a structured administrator name of the form admin-name@local.

• Non-local—An administrator authenticated to any context other than the local context. An example of a non-local administrator has a administrator name of the form admin-name@ctx-name is joe@vpn1, where vpn1 is the name of the context.

An administrator authenticated to the “local” context, given appropriate administrator privileges, can configure all functions on the SmartEdge router, including functions for each context, and global entities, such as ports, port profiles, SNMP, and so on.

Non-local administrators have no configuration mode privileges, and have restricted exec mode privileges. An exec command is accessible to a non-local administrator if its purpose is to provide information about, or to generate limited troubleshooting for, the context to which the administrator is authenticated. For example, when an administrator authenticated as fred@corpA runs the show ip route command (in global configuration mode), the output displays only the IP routing table for the context corpA and not for any other context.

• Lawful intercept (LI)—An administrator or user authenticated to perform LI functions.

Note The separator character between the admin-name and the ctx-name arguments is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default value is @, which is used throughout this guide.

Note For more information about LI administrators and users, and how to configure them, see the “Lawful Intercept Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Configuration Tasks


Subscriber Domains and Domain AliasesA subscriber domain is the name of the context in which the subscriber is configured or a domain alias for that context (as defined by the domain command). Use subscriber domains as one way to control which subscribers can connect to each context. If enabled by the service wildcard-domain command, the subscriber domain alias can be specified using the asterisk (*) wildcard character.

Configuration Tasks

To configure the basic features for a context and accounts for the administrators who manage them, perform the tasks described in the following sections:

• Enable Multiple-Context Service

• Configure a Context

• Configure an Administrator Account in a Context

For more information about configuring administrator accounts, including how to configure authentication, session limits, and command authorization, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Enable Multiple-Context ServiceTo configure any context other than the local context, you must enable multiple-context service; perform the task described in Table 6-1.

Note In addition to context authentication, the SmartEdge OS software supports privilege levels that affect an administrator’s access to the SmartEdge OS CLI. Both administrators and commands have default privilege levels that you can modify. For details, see the privilege max and privilege start commands in this chapter, and the privilege command in Chapter 4, “System Access Configuration,” respectively.


Table 6-1 Enable Multiple-Context Service


Enable multiple-context service. service multiple-contexts Enter this command in global configuration mode.

Configuration Tasks


Configure a ContextTo configure a context, perform the tasks described in Table 6-2.

Table 6-2 Configure a Context


1. Create or modify a context and access context configuration mode with one of the following tasks:

• Create or modify a standard context and access context configuration mode.

context Enter this command in global configuration mode.

• Create or modify a VPN context and access context configuration mode.

context vpn-rd Enter this command in global configuration mode.

2. Specify a privilege level password in the local database for the enable command with one of the following tasks:

• Configure a password that the system will encrypt. enable password Enter this command in context configuration mode.

• Configure a password in encrypted form. enable encrypted Enter this command in context configuration mode.

3. Specify how the system performs privilege level authentication.

enable authentication Enter this command in context configuration mode.

4. Specify general attributes for the context (all attributes are optional):

Specify falling-threshold parameters for IP pools in the context.

ip pool Enter this command in context configuration mode.

Create one or more unique domain aliases for a context. domain Enter this command in context configuration mode.

Enable the use of the asterisk (*) wildcard character in subscriber domain aliases.

service wildcard-domain Enter this command in global configuration mode

Apply an existing bulkstats schema profile to the context. bulkstats schema Enter this command in context configuration mode.



Configure an Administrator Account in a ContextTo configure an administrator account in a context, perform the tasks described in Table 6-3.


This section provides the following configuration examples:

• Administrator Privileges

• Public Keys

Administrator PrivilegesThe following example displays the creation of an administrator account with the administrator name super and the password icandoanything. When the administrator logs on to the system, the initial privilege level is 10. The administrator can modify the privilege level up to the maximum of 15.

[local]Redback#configure[local]Redback(config)#context local[local]Redback(config-ctx)#administrator super password icandoanything[local]Redback(config-administrator)#full-name "Fred P. Lynch x.1234"[local]Redback(config-administrator)#privilege start 10[local]Redback(config-administrator)#privilege max 15

Because this account is created in the local context, this administrator is able to view and modify the entire system configuration, and view all running information on the system.

Table 6-3 Configure an Administrator Account in a Context


1. Create an administrator logon account and access administrator configuration mode.

administrator Enter this command in context configuration mode.

2. Specify general attributes for the account, enter these commands in administrator configuration mode (all attributes are optional):

Assign a full name or textual description for the administrator.

full-name

Specify the initial privilege level for exec sessions initiated by the administrator.

privilege start

Specify the maximum privilege level for the administrator.

privilege max

Specify public key authentication for the administrator who is accessing the SmartEdge OS CLI through SSH.

public-key



Public KeysThe following example configures a public RSA key for the administrator, jewel:

[local]Redback(config-administrator)#public-key RSA

Enter public key for the user

$053136276382193869961246761 admin@local% adding public key 1024 35 138778925487550112496264060257494473953477802145777234711904931356017804253563842290930011054450485363243280246400199717731319844418831089264593496852809170833789839891527385879500645266732532498938549779362601026271493734075903025216457395231727858414474890514861688652497950829684053136276382193869961246761 to user jewel


This section describes the syntax and usage guidelines for the commands used to configure basic context features. The commands are presented in alphabetical order.

administrator context context vpn-rd domain enable authentication enable encrypted enable password

full-name ip pool privilege max privilege start public-key service multiple-contexts service wildcard-domain



administrator administrator admin-name [{encrypted 1 password} | {password password}]

no administrator admin-name

PurposeCreates an administrator logon account, or selects an existing one for modification, and enters administrator configuration mode.


Syntax Description

DefaultNo administrator accounts are defined.

Usage GuidelinesUse the administrator command to create an administrator logon account, or select an existing one for modification, and enter administrator configuration mode. When creating a new administrator account, you must specify a password using either the encrypted 1 password or password password construct. When specifying an existing administrator account, a password is not required.

This command also secures the console port and enables remote access to the system. Administrators can log on directly to the console, or through a Telnet or Secure Shell (SSH) session.

You can enter an unencrypted password with embedded spaces by enclosing the entire password in double quotation marks; for example, "This is a Password With Spaces".

When the system generates the configuration, all administrator passwords are encrypted. Passwords are never displayed in readable text.

Use the no form of this command to remove the specified administrator account.

admin-name Alphanumeric string representing a new or existing administrator.

encrypted 1 password Optional. Alphanumeric string representing an encrypted type 1 password for the administrator account. Required only when configuring a new administrator account.

password password Optional. Alphanumeric string representing an unencrypted password for the administrator account. Required only when configuring a new administrator account.



ExamplesThe following example configures an administrator with an administrator name of admin1 and a password of supersecret:

[local]Redback(config-ctx)#administrator admin1 password supersecret[local]Redback(config-administrator)#

Related Commandspublic-key



contextcontext ctx-name [show show-param]

no context ctx-name

PurposeWhen entered in exec mode, changes from the existing context to the specified context or displays the specified information for the specified context.

When entered in global configuration mode, creates a new context, or selects an existing one for modification, and enters context configuration mode.

Command Modeexecglobal configuration

Syntax Description

DefaultThe local context is defined on the system.

Usage GuidelinesUse the context command (in global configuration mode) to create a new context, or select an existing one for modification, and enter context configuration mode. You cannot create new contexts on the system unless you have enabled the multiple context feature using the service multiple-contexts command (in global configuration mode).

The special context local is always present and has unique qualities. Only an administrator authenticated in the local context can configure the system. Administrators authenticated in the local context can observe any portion of the system, regardless of context. Administrators authenticated in other contexts are restricted to the portion of the system relevant to that context.

Contexts are completely independent name spaces and data spaces. For example, a routing process in one context can share routing information with a routing process in another context through inter-context interfaces just as physical routers are connected together by physical cables.

For information about creating Virtual Private Network (VPN) contexts, see the context vpn-rd command in this chapter.

Use the context command (in exec mode) to change to a different context or to display the specified information for the specified context without entering that context. The show show-param construct is any show command.

ctx-name Name of a new or existing context; an alphanumeric string with up to 63 characters.

show show-param Optional. Type of information to be displayed for the specified context.



Use the no form of this command to delete a context and all configuration information associated with it.

ExamplesThe following example shows how to enter context configuration mode to configure the local context:

[local]Redback(config)#context local[local]Redback(config-ctx)#

The following example displays IP route information for the local context:

[local]Redback>context local show ip route

Codes: C - connected, S - static, S dv - dvsr, R - RIP, e B - EBGP, i B - IBGPO - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1N2 - OSPF NSSA external type 2, E1 - OSPF external type 1E2 - OSPF external type 2i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2> - Active RouteType Network Next Hop Dist Metric UpTime Interface> C 10.3.0.0/16 0 0 01:01:50 three> C 10.13.49.0/24 0 0 01:01:50 mgmt> S 155.0.0.0/8 10.13.49.254 1 0 01:01:39 mgmt> C 193.4.0.0/16 0 0 01:01:50 one> C 193.10.25.7/32 0 0 01:01:50 lo1

Related Commandscontext vpn-rd service multiple-contexts

Note To change to a different context, you must be an administrator authenticated to the local context.



context vpn-rdcontext ctx-name vpn-rd route-distinguisher

PurposeCreates a new Virtual Private Network (VPN) context, or selects an existing one for modification, and enters context configuration mode.


Syntax Description

DefaultNone. A route distinguisher must be configured for a VPN context to be functional.

Usage GuidelinesUse the context vpn-rd command to create a new VPN context, or select an existing one for modification, and enter context configuration mode. You cannot create new contexts on the system unless you have enabled the multiple context feature using the service multiple-contexts command (in global configuration mode).

Entering the full context vpn-rd command is required to create a VPN context. Entering the command without the vpn-rd route-distinguisher construct creates a context that will not be recognized as VPN-enabled.

Each VPN context supports only one route distinguisher, and the route distinguisher argument must conform to the format specified in Internet Draft, BGP/MPLS VPNs, draft-ietf-ppvpn-rfc2547bis-01.txt.

An existing non-VPN context cannot be configured as a VPN context. You must delete the existing non-VPN context, and re-create it as a VPN context. Likewise, a VPN context cannot be configured as a non-VPN context. You must delete the existing VPN context, and re-create it as a non-VPN context.

ctx-name Name of a new or existing context; an alphanumeric string with up to 63 characters.

route-distinguisher VPN route distinguisher, which can be expressed in either of the following formats:

• asn:nnnn, where asn is the autonomous system number and nnnn is a 32-bit integer.

• ip-addr:nn, where ip-addr is the IP address in the form A.B.C.D and nn is a 16-bit integer.



ExamplesThe following example creates a VPN context vpncontext with the route distinguisher 701:3:

[local]Redback(config)#context vpncontext vpn-rd 701:3[local]Redback(config-ctx)#

Related Commandscontext service multiple-contexts



domaindomain alias [advertise]

no domain alias [advertise]

PurposeCreates a unique domain alias for the current context for use in subscriber authentication.


Syntax Description

DefaultNo domain aliases are created.

Usage GuidelinesUse the domain command in context configuration mode to create a domain alias for the current context for use in subscriber authentication. This command provides a flexible way to associate subscribers with contexts. With the exception of wildcard domain aliases, whose use is restricted to subscriber authentication, you can use a domain alias instead of a context name in any command that takes a context name as an argument.

You can create any number of aliases; however, each alias must be unique across all contexts.

When one or more domain aliases are configured with this command, a subscriber can authenticate as username@ctx-name or username@alias and, in either case, be associated with the same context.

Table 6-4 provides the rules used when matching domain aliases with embedded wildcards to subscriber log-ins:

alias Domain alias for the current context. The domain alias can include a single wildcard. The default wildcard character is an asterisk (*). See the service wildcard-domain command for information on configuring wildcard characters.

advertise Optional. Advertises the domain alias in Point-to-Point Protocol over Ethernet (PPPoE) discovery messages.

Table 6-4 Rules Governing Matching Aliases to Subscriber Log-ins:

Rule Description

wildcards allowed: per domain alias

Only one wildcard character (*) can be specified in each domain alias.

wildcard matching: to multiple characters

A wildcard can match multiple contiguous characters or no characters; for example, “bob*” matches both “bobby” and “bob.”

domain alias: uniqueness

You are not allowed to define a domain alias with an embedded wildcard if the domain alias name matches an existing context or domain alias name. An example is provided in the “Examples” section.



Use the no form of this command to delete the domain alias.

For additional information, see the “Service Policy Configuration” chapter in the IP Services and Security Configuration Guide.

ExamplesThe following example creates a domain alias, guest, for the isp1 context and advertises it in PPPoE discovery messages:

[local]Redback(config)#context isp1[isp1]Redback(config-ctx)#domain guest advertise

In the following example, the domain alias bar* is not allowed because it matches the already existing context bar:

[local]Redback(config)#context bar[local]Redback(config-ctx)#domain RBAKERIC*[local]Redback(config-ctx)#domain *com[local]Redback(config-ctx)#domain bar*Error: This name is already a domain or context name

In the following example, [email protected] matches the domain aliases RBAK* and *com. The user would be associated with the context bob because of the priority given to far left characters.

[local]Redback(config)#context bar[local]Redback(config-ctx)#domain RBAKERIC*[local]Redback(config-ctx)#domain *com[local]Redback(config-ctx)#commit[local]Redback(config-ctx)#exit[local]Redback(config)#context bob[local]Redback(config-ctx)#domain RB*[local]Redback(config-ctx)#domain bob*bar[local]Redback(config-ctx)#commit

Related Commandsservice wildcard-domain

first criteria: far left characters

When a subscriber log-in name matches more than one wildcard domain, the far left characters have the highest matching significance. An example is provided in the “Examples” section.

second criteria: number of characters

If a subscriber log-in name matches more than one wildcard domain and a priority cannot be chosen on the basis of the far left characters, the subscriber is associated with the context whose domain alias provides the greatest number of matching characters.In the “Examples” section, the subscriber [email protected] would be associated with the context bar rather than the context bob because RBAKERICemployee.com matches RBAKERIC* (bar) in eight characters while matching RB* (bob) in only two characters.

Table 6-4 Rules Governing Matching Aliases to Subscriber Log-ins: (continued)

Rule Description



enable authenticationenable authentication {none | local | radius | tacacs+}

default enable authentication

PurposeSpecifies how the system performs privilege level authentication.


Syntax Description

DefaultThe system authenticates privilege level passwords using the local configuration database.

Usage GuidelinesUse the enable authentication command to specify how the system performs privilege level authentication. If you select the none keyword, administrators are not prompted for a password when changing privilege levels.

If you enter the radius or tacacs+ keyword, you must configure the enable passwords on the RADIUS or TACACS+ system, respectively. The format of the enable password is enable [level]@ctx-name, where the level argument represents the privilege level of the password (and is not specified for level 15), and the ctx-name argument is the name of the context for which the password is configured.

Use the default form of this command to configure the system to use the default authentication (local).

none Specifies no privilege level password authentication.

local Specifies privilege level password authentication using the local configuration.

radius Specifies privilege level password authentication using the Remote Authentication Dial-In User Service (RADIUS) database.

tacacs+ Specifies privilege level password authentication using the Terminal Access Controller Access Control System Plus (TACACS+) database.

Note The separator character between the admin-name and the ctx-name arguments is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default value is @, which is used throughout this guide.



ExamplesThe following example configures the system to authenticate privilege level passwords using RADIUS:

[local]Redback(config-ctx)#enable authentication radius

The following example shows how the administrator names would be configured on the RADIUS server for privilege level 10 and privilege level 15 in the local context:

username = enable10@localusername = enable@local

Related Commandsenable enable encrypted enable password



enable encrypted enable encrypted [level level] encrypt-type password

no enable encrypted [level level encrypt-type]

PurposeCreates a password, in encrypted form, for the specified privilege level.


Syntax Description

DefaultNo passwords are assigned for any privilege level.

Usage GuidelinesUse the enable encrypted command to create a password, in encrypted form, for the specified privilege level.

The SmartEdge OS supports up to 16 different privilege levels (0 through 15) for both administrators and commands. Privilege levels are enabled on a per-context basis.

If password authentication is enabled, the system prompts the administrator for a password when the administrator attempts to enter the privilege level using the enable command (in exec mode). By default, local password authentication is enabled; see the enable authentication command (in context configuration mode).

This command is similar to the enable password command (in context configuration mode), except that this command requires you to enter the password in encrypted form. Typically, you use the enable password command to configure a password in unencrypted form. However, to protect your passwords, the system always displays the enable encrypted command when displaying the configuration.

Use the no form of this command to delete the password for a specific privilege level.

level level Optional. Privilege level for which to configure a password. The range of values is 0 to 15.

encrypt-type Type of encryption used for a password; only type 1 is supported. Optional for the no form of this command.

password Password to assign to the specified privilege level. This argument is not available when using the no form of this command.



ExamplesThe following example creates an encrypted password for privilege level 15:

[local]Redback#(config-ctx)enable encrypted level 15 1 $1$......$CMfiiltCkWPquxFsg8WPy0

The following example shows an administrator attempting to enter privilege level 15. The administrator is prompted for the password (unencrypted, and not echoed).


password:

[local]Redback#

Related Commandsenable enable authentication enable password



enable passwordenable password [level level] password

no enable password [level level]

PurposeConfigures a password for the specified privilege level that the system will encrypt.


Syntax Description

DefaultNo passwords are assigned for any privilege level.

Usage GuidelinesUse the enable password command to configure a password for the specified privilege level that the system will encrypt.

The SmartEdge OS supports up to 16 different privilege levels (0 through 15) for both administrators and commands. Privilege levels are enabled on a per-context basis.

If password authentication is enabled, the system prompts an administrator for the password when the administrator attempts to enter the privilege level using the enable command (in exec mode). By default, local password authentication is enabled; see the enable authentication command (in context configuration mode).

To protect your passwords, the system does not store or display this command. Instead, the system stores and displays the password in an encrypted form. When displaying the configuration, the system uses the enable encrypted command (in context configuration mode).

Use the no form of this command to delete the password for a specific privilege level.

ExamplesThe following example shows an administrator attempting to enter privilege level 15. The administrator is prompted for the password to enter privilege level 15 (the password is not echoed).

[local]Redback>enable 15password:[local]Redback#

level level Optional. Privilege level for which to configure a password. The range of values is 0 to 15; the default value is 15.

password Password to assign to the specified privilege level. This argument is not available when using the no form of this command.



The following example creates the s00persecret password for privilege level 15:

[local]Redback(config-ctx)#enable password level 15 s00persecret

The following example shows how the previous command is stored and displayed by the system, in its encrypted form:

[local]Redback#show configuration...enable encrypted 1 $1$........$AGSXlr2Tk5AsG92NBXzqi0...

Related Commandsenable enable authentication enable encrypted



full-namefull-name text

no full-name

PurposeAssociates a full name or textual description with an administrator account.

Command Modeadministrator configuration

Syntax Description

DefaultNo full name is associated with an administrator account.

Usage GuidelinesUse the full-name command to associate a full name or text description with an administrator account. You can enter a full name with embedded spaces by enclosing the entire name in double quotation marks; for example, "Fred Q. Lynch".

Use the no form of this command to remove the full name text for an administrator.

ExamplesThe following example configures the full name for an administrator, Fred:

[local]Redback(config-ctx)#administrator fred[local]Redback(config-administrator)#full-name "Fred Q. Lynch, x1234"


text Alphanumeric string representing a new or existing administrator.



ip pool ip pool {falling-threshold num {trap [log] | log} | options use-class-c-bcast-addrs}

no ip pool {falling-threshold | options use-class-c-bcast-addrs}

PurposeSpecifies context-specific falling-threshold parameters or includes Class C network and broadcast IP addresses in IP pools in the context.


Syntax Description

DefaultNo threshold parameters are defined for any context; Class C network and broadcast IP addresses are excluded.

Usage GuidelinesUse the ip pool command (in context configuration mode) to specify falling-threshold parameters or to include Class C network and broadcast IP addresses in IP pools for the context.

The falling-threshold parameters provide an alert when the number of available IP addresses for all IP pools in the context is reduced to the value specified. This value is unaffected if any threshold for an individual IP pool is altered.

Use the falling-threshold num construct to specify the total number of available IP addresses in all pools in the context, for which a falling-threshold crossing event is generated. A crossing event occurs only when the total number of available IP addresses in all pools in the context equals the value specified. If the number of available IP addresses becomes greater than the value specified, and then drops again to the value, a second falling-threshold crossing event is generated.

falling-threshold num Threshold value for creating a falling-threshold crossing event. The range of values is 0 to 4,294,967,295.

trap Reports the falling-threshold event with a Simple Network management Protocol (SNMP) event.

log Logs the falling-threshold event. Optional only if you specify the trap keyword.

options use-class-c-bcast-addrs Allows Class C network (.0) and broadcast (.255) IP addresses in all configured IP pools in this context.



If you specify the falling-threshold num construct and the threshold parameters already exist, the current falling threshold parameters are set to the new values, or are added to the definition of the context if they did not previously exist. If you specify a value that is larger than the sum of all IP addresses in all IP pools in the context, no threshold event can occur at the context level. To remove the threshold, specify 0 for the num argument.

You can specify that the falling-threshold crossing event be reported with an SNMP trap, a log message, or both the trap and the log message.

By default, network (.0) and broadcast (.255) IP addresses are excluded in any IP pool of Class C IP addresses, even when that pool is supernetted; you must specify the options use-class-c-bcast-addrs construct to include the intervening Class C network and broadcast addresses in the range. For example:

• If you do not specify this option, and you configure the pool with an IP address of 192.200.100.0/23, IP addresses 192.200.100.0, 192.200.100.255, 192.200.101.0, and 192.200.101.255 are excluded in the pool.

• If you do not specify this option, 192.200.100.255 and 192.200.101.0 are included.

For more information about guidelines for IP addresses in IP pools, see the description for the ip pool command (in interface configuration mode) in Chapter 7, “Interface Configuration.”

Use the no form of this command to remove context-specific threshold parameters to exclude intervening Class C network and broadcast IP addresses in any IP pool in the context.

ExamplesThe following example specifies that an SNMP trap and a log message be generated for the isp1.net context when the available IP addresses in all IP pools in the context equals 1,000:

[local]Redback(config)#context isp1.net[local]Redback(config-ctx)#ip pool falling-threshold 1000 trap log

Related Commandsip pool—interface configuration mode



privilege maxprivilege max level

default privilege max

PurposeSpecifies the maximum privilege level for the administrator.


Syntax Description

DefaultThe maximum privilege level is 15.

Usage GuidelinesUse the privilege max command to specify the maximum privilege level for the administrator.

Using the enable command (in exec mode), an administrator can change the privilege level of the current exec session up to the maximum privilege level specified by this command for the administrator.

Use the default form of this command to return the maximum privilege level to the default value.

ExamplesThe following command configures administrator fred to a maximum privilege level of 13:

[local]Redback(config-ctx)#administrator fred[local]Redback(config-administrator)#privilege max 13

Related Commandsenable privilege privilege start

level Maximum privilege level for an administrator. The range of values is 0 to 15; the default value is 15.



privilege startprivilege start level

default privilege start

PurposeSpecifies the initial privilege level for exec sessions initiated by an administrator.


Syntax Description

DefaultThe initial privilege level is set to 6.

Usage GuidelinesUse the privilege start command to specify the initial privilege level for any exec session initiated by the administrator.

When an administrator logs on to the system, the exec session runs at the initial privilege level specified by this command for the administrator.

Use the default form of this command to return the initial privilege level for an administrator to the default value.

ExamplesThe following command configures administrator fred with an initial privilege level of 11:

[local]Redback(config-ctx)#administrator fred[local]Redback(config-administrator)#privilege start 11

Related Commandsenable privilege privilege max

level Initial privilege level for exec sessions initiated by an administrator. The range of values is 0 to 15; the default value is 6.



public-key public-key {DSA | RSA} [{after-key existing-key} | {position key-position}] {new-key | ftp url}

no public-key {DSA | RSA} {all | position key-position}

PurposeSpecifies public key authentication for any administrator accessing the SmartEdge OS command-line interface (CLI) through Secure Shell (SSH).


Syntax Description

DefaultNone

Usage GuidelinesUse the public-key command to specify public key authentication for administrators accessing the SmartEdge OS CLI through SSH.

Use the // if the pathname to the directory on the remote server is an absolute pathname; use a single / if it is a relative pathname (under the hierarchy of username account home directory).

SSH uses cryptographic keys instead of relying on a password scheme. A key is a digital identity based on a unique string of binary data. By using keys, the SSH client can prove to the SSH server on the SmartEdge router that the client is genuine and can prove its identity.

SSH uses a pair of keys—a public key and a private key. The private key, known only to the SSH client, is used to prove the client’s identity. The public key is known by all parties. The public key can be stored on the SmartEdge router if the administrator has an account on the router.

DSA Identifies the Digital Signature Algorithm (DSA).

RSA Identifies the Rivest-Shamir-Adelman (RSA) algorithm.

after-key existing-key Optional. Existing key string after which the new key string should follow.

position key-position Optional. Position in which the new key is to be placed within a string of keys. When used with the no form of this command, it is not optional, and it deletes the key in the specified position. The range of values is 1 to 100,000.

new-key New DSA or RSA key string.

ftp url URL for the file that contains DSA or RSA keys. The file resides on an File Transfer Protocol (FTP) server. The url of the file argument is //admin-name[:passwd]@ip-addr [//directory]/filename.ext.

all Deletes all DSA or RSA keys. Used only with the no form of this command.



When an administrator logs on to the CLI, the SSH client and the SSH server on the SmartEdge router both compare the private key of the client with the public key on the SmartEdge router. If the keys match, the administrator is authenticated by the SmartEdge router.

An administrator can have multiple RSA and DSA keys. The SmartEdge OS maintains the list of keys in the preferred order of the administrator. This is also the order in which the keys are searched when each administrator attempts to log on to the SmartEdge router.

SSH-1 uses the RSA cryptographic algorithm. SSH-2 uses the DSA. For more information, see the Internet Draft, Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and CRL Profile, draft-ietf-pkix-ipki-pkalgs-05.txt.

Use the no form of this command to disable public key authentication.

ExamplesThe following example configures a public RSA key for the administrator jewel:

[local]Redback(config-administrator)#public-key RSA

Enter public key for the user

$053136276382193869961246761 admin@local% adding public key 1024 35 138778925487550112496264060257494473953477802145777234711904931356017804253563842290930011054450485363243280246400199717731319844418831089264593496852809170833789839891527385879500645266732532498938549779362601026271493734075903025216457395231727858414474890514861688652497950829684053136276382193869961246761 to user jewel

For the following example, the administrator jenny configures a public RSA key from the file, nextkey.pub, located on an FTP server at IP address, 155.53.36.231:

[local]Redback(config-administrator)#public-key RSA ftp//[email protected]/.ssh/nextkey.pub

Connected to 155.53.36.231.220-220 pepper.redback.com FTP server (NetBSD-ftpd 20000723) ready.Remote system type is UNIX.Using binary mode to transfer files.331 Password required for jenny.Password:230-

NetBSD 1.5.1_ALPHA (NETZUUL) #34: Mon Jan 27 19:22:08 PST 2003Welcome to NetBSD!

230 User jenny logged in.200 Type set to I.250 CWD command successful.local: /tmp/tmp_public_key remote: nextkey.pub227 Entering Passive Mode (155,53,36,231,219,44)150 Opening BINARY mode data connection for 'nextkey.pub' (326 bytes).100% |*************************************| 326 780.29 KB/s 00:00 ETA226 Transfer complete.



326 bytes received in 00:00 (1.67 KB/s)221-

Data traffic for this session was 326 bytes in 1 file.Total traffic for this session was 1030 bytes in 1 transfer.

221 Thank you for using the FTP service on pepper.corpA.com.key added 1024 41 106550588489651853198387942858555137190150221510677201916940579736947912236774865600704984815328288560583788592878872188050874678597142562885007685976641197404862724563782974798054110263241761648218460956869243973768579522783213091212849871241135162384999782579058690696235490214548641915001425565861448893991




service multiple-contextsservice multiple-contexts

no service multiple-contexts

PurposeEnables the creation of multiple contexts on a system.



DefaultMultiple contexts are disabled.

Usage GuidelinesUse the service multiple-contexts command to enable the creation of multiple contexts on a system. By default, the “local” context is present, and you cannot use the context command (in global configuration mode) to create additional contexts until you enable the multiple context feature.

Use the no form of this command to disable multiple contexts.

ExamplesThe following example displays sample output when an administrator attempts to create a new context, netone, when the multiple context feature is disabled:

[local]Redback(config)#context netone

Context netone doesn’t exist.To configure multiple contexts configure 'service multiple-contexts'

The following example enables the multiple context feature and creates the context, netone:

[local]Redback(config)#service multiple-contexts[local]Redback(config)#context netone

Related Commandscontext



service wildcard-domainservice wildcard-domain

no service wildcard-domain

PurposeEnables the creation of domain aliases with embedded wildcard characters.



DefaultWildcards are not permitted in domain name aliases.

Usage GuidelinesUse the service wildcard-domain command in global configuration mode to enable the creation of domain aliases with embedded wildcard characters. See the domain command for rules on the use of domain name alias wildcard characters.

Use the no form of this command to disable the use of the * wildcard character.

ExamplesThe following example illustrates the creation of the RBAKERIC* and *com domain aliases for the context bar and the RB* and bob*bar domain aliases for the context bob:

[local]Redback(config)#service wildcard-domain[local]Redback(config)#context bar[local]Redback(config-ctx)#domain RBAKERIC*[local]Redback(config-ctx)#domain *com[local]Redback(config-ctx)#commit[local]Redback(config-ctx)#exit[local]Redback(config)#context bob[local]Redback(config-ctx)#domain RB*[local]Redback(config-ctx)#domain bob*bar[local]Redback(config-ctx)#commit

Related Commandsdomain

Interface Configuration 7-1

C h a p t e r 7

Interface Configuration

This chapter provides an overview of interfaces, describes the tasks used to configure basic features for interfaces, and provides configuration examples and detailed descriptions of the commands used to configure these features through the SmartEdge® OS.

For protocol or feature-specific commands that appear (in interface configuration mode), see the appropriate chapter in the Routing Protocols Configuration Guide or the IP Services and Security Configuration Guide for the SmartEdge OS, respectively.

For information about the tasks and commands used to monitor, troubleshoot, and administer interfaces, see the “Context, Interface, and Subscriber Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview







Overview


Overview

Within the SmartEdge OS, an interface is a logical entity that provides higher-layer protocol and service information, such as Layer 3 addressing. Interfaces are configured as part of a context and are independent of physical ports and circuits. The separation of the interface from the physical layer allows for many of the advanced features offered by the SmartEdge OS. For higher-layer protocols to become active, you must bind a physical port or circuit to an interface.

With Dynamic Host Configuration Protocol (DHCP) relay enabled on an interface, the SmartEdge router can examine all responses from a DHCP relay server and note the bindings among the assigned IP address, the requesting Ethernet medium access control (MAC) address, and the circuit from which the request was received.

The result is a behavior similar to that of secured Address Resolution Protocol (ARP). Because an entry is automatically placed in the SmartEdge host table for this binding, the need to use secured ARP for the binding is eliminated. This ensures that the address cannot be spoofed and that traffic cannot be redirected.

The SmartEdge OS supports the following types of interfaces:

• Bridged interface—Allows circuits, such as Ethernet ports or Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs) with RFC 1483 bridged encapsulation, to be bridged. A bridged interface is associated with a bridge in this context by using the bridge command (in interface configuration mode). For more information on the bridge command (in interface configuration mode), see the “Bridging Configuration” chapter, in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS.

• Intercontext interface—Allows the Intermediate System-to-Intermediate System (IS-IS) routing protocol to exchange routing information between two or more contexts within the same physical SmartEdge router; this capability is similar to the exchange of routing information between two physical routers. An intercontext interface can be either a point-to-point intercontext interface or a point-to-multipoint (referred to as a LAN) intercontext interface.

— The point-to-point type links two intercontext interfaces of two different contexts; for this type of intercontext interface, there can be only two intercontext interfaces with the same ID on the SmartEdge router.

— The LAN type links multiple interfaces in multiple contexts. For LAN intercontext interfaces, the id argument specifies the group identifier for all the intercontext interfaces with the same ID that are linked together.

• Loopback interface—Has no explicit association with any circuit in the system. This feature is useful in applications that require an IP address in a particular context, but not necessarily a physical connection, because a loopback interface is always up. For example, loopback interfaces can be useful for routing protocols, because the interface is not associated with a physical port that can go down. You cannot configure secondary IP addresses for a loopback interface.

• Multibind interface—Allows multiple circuits to be bound to the interface. This feature is useful when the interface is used for subscriber circuits. You can also specify that a multibind interface act as a last-resort interface.

• Last-resort interface, which is a type of multibind interface—Acts as a fallback for any incoming subscriber circuit for which the subscriber record does not include an IP address that is assigned to any other interface. If a subscriber session is established, and there is no valid interface to which it can bind, the session binds to the last-resort interface.

Configuration Tasks


Each interface must have an IP address you can explicitly specify, using the ip address command (in interface configuration mode), or implicitly, using the ip unnumbered command (in interface configuration mode). When specified implicitly, the interface borrows the IP address from the interface specified by the command. The IP address is used as the source address for routing updates and packets, thus conserving network and address space. Last-resort interfaces must always be configured using the ip unnumbered command.

IPv6 is a new version of the Internet Protocol, designed as the successor toIPv4. IPv6 is fully described in RFC 2460, Internet Protocol, Version 6 (IPv6) Specification. The changes from IPv4 to IPv6 include:

• Increase in address size from 32 bits to 128 bits

• Simplified header

• Extensible header with optional extension headers

• Designed to co-exist with IPv4

• Uses multicast addresses instead of broadcast addresses

Configuration Tasks


• Configuration Guidelines

• Configure Basic Features for an Interface

Configuration GuidelinesConsider the following guidelines for interfaces, IP addresses, and IP pools:

• A standard (one that is not a last-resort interface) multibind interface must have an IP address assigned explicitly, using the ip address command (in interface configuration mode).

• A last-resort multibind interface must be configured as unnumbered, using the ip unnumbered command (in interface configuration mode).

• The interface from which the IP address is borrowed for an unnumbered interface must be in the same context as the unnumbered interface.

Note When IP Version 6 (IPv6) addresses are not referenced or explicitly specified, the term IP address can refer generally to IP Version 4 (IPv4) addresses, IPv6 addresses, or IP addressing. In instances where IPv6 addresses are referenced or explicitly specified, the term IP address refers only to IPv4 addresses. For a description of IPv6 addressing and the types of IPv6 addresses, see RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture.


Configuration Tasks


• An IP address can be of any class: A, B, or C.

• Only standard and last-resort multibind interfaces support IP pools.

• IP pools can be named or unnamed.

• Last-resort interfaces support up to 2,048 IP pools, which can be named or unnamed; standard multibind interfaces can be configured to have only a single IP pool, which can be either named or unnamed.

• An IP pool can have the same name as an interface within a context, but the name must be unique among IP pools within that context.

• The IP addresses in a named IP pool are reserved; they can be assigned only to subscribers that have been configured to use this specific IP pool. The assignment can be made either by the ip address command (in subscriber configuration mode) or by the Redback® vendor-specific attribute (VSA) 36, IP-Address-Pool-Name.

• For a standard multibind interface, the specified IP address for a pool must be within the subnet specified by the primary IP address for the interface, and the prefix length for the pool must be either the same length or larger than that specified for the interface. Standard network subnetting rules apply for creating the range of IP addresses for the pool.

• For a last-resort multibind interface, the specified IP address and subnet range for any pool cannot overlap the subnet range assigned to any other interface with the exception of loopback interfaces. IP addresses that are assigned to loopback interfaces and that overlap the subnet range for an IP pool in a last-resort multibind interface are marked as reserved in the IP pool.

• Depending on the value of the netmask or prefix-length argument for the IP address assigned to the interface and the range of IP addresses assigned to a pool in that interface, the IP address assigned to the interface and its network (.0) and broadcast (.255) IP addresses need not overlap the IP addresses assigned to the pool. If they do overlap the range of IP addresses assigned to the pool, they are excluded from the pool.

• The maximum number of IP addresses in a pool is 65,536 addresses; therefore, the minimum values for the netmask and prefix-length arguments is 255.255.0.0 and 16, respectively.

• For pools with Class A or Class B addresses:

All IP addresses in the assigned range are included in the pool except the interface, network (.0), and broadcast (.255) IP addresses assigned to the interface when they overlap with the pool IP addresses.

• For pools with Class C addresses:

By default, all network (.0) and broadcast (.255) IP addresses are excluded from the pool, even if the pool is supernetted; to include any intervening network and broadcast IP addresses in any IP pool configured with Class C addresses in the context, you must use the ip pool command (in context configuration mode) with the options use-class-c-bcast-addrs construct.



Configure Basic Features for an InterfaceTo configure the basic features for an interface, perform the tasks described in Table 7-1; enter all commands in interface configuration mode, unless otherwise specified.


The following example creates the enet71 interface, assigns it an IP address, and binds it to an Ethernet port:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface enet71[local]Redback(config-if)#ip address 10.1.2.1 255.255.255.0[local]Redback(config-if)#exit[local]Redback(config)#port ethernet 7/1[local]Redback(config-port)#bind interface enet71 local

Table 7-1 Configure Basic Features for an Interface


1. Create a new interface, or modify an existing one, and access interface configuration mode.

interface Enter this command in context configuration mode.

2. Associate a text description with the interface. description

3. Specify that the Dont’t Fragment (DF) flag in received packets be ignored.

ip clear-df

4. Specify that the Internet Control Message Protocol (ICMP) Destination Unreachable packet-too-big message be suppressed.

ip icmp

5. If the interface is not bridged, configure IP addresses for the interface with one of the following tasks:

• Assign a primary or secondary IP address. ip address This command is not used for last-resort interfaces.

• Assigns a primary or secondary IPv6 address. ipv6 address

• Create a pool of IP addresses for the interface. ip pool

• Select a fixed IP address as the source address for one or more protocols.

ip source-address Use this command only with loopback interfaces.

• Enable IP processing on an interface without assigning it an explicit IP address.

ip unnumbered This command is required for last-resort interfaces.

6. Set the maximum transmission unit (MTU) for an IP packet.

ip mtu

7. Set the maximum segment size (MSS) for TCP sessions.

ip tcp mss

8. If the interface is bridged, bind it to an existing bridge group.

bridge For a description of this command, see the “Bridging Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.



The following example creates a loopback interface (loop-lo2) and an unnumbered interface (unnum2). The unnumbered interface borrows its IP address from the loopback interface. Do not bind a circuit to the loopback interface.

[local]Redback(config-ctx)#interface loop-lo2 loopback[local]Redback(config-if)#ip address 11.1.2.3/32[local]Redback(config-if)#interface unnum2[local]Redback(config-if)#ip unnumbered loop-lo2

The following example assigns an IPv6 address to the enet1 interface:

[local]Redback(config-ctx)#interface enet1[local]Redback(config-if)#ipv6 address 7001::1/64


This section describes the syntax and usage guidelines for the commands used to configure basic features for interfaces. The commands are presented in alphabetical order.

descriptioninterfaceip addressip clear-dfip icmpip mtu

ip poolip source-addressip tcp mssip unnumberedipv6 address



descriptiondescription text

no description

PurposeAssociates a text description with an interface.

Command Modeinterface configuration

Syntax Description

DefaultNone

Usage GuidelinesUse the description command to associate a text description with an interface. The description appears in the output of the show ip interface and show configuration commands. Text can be any alphanumeric string, including spaces. For more information on the show configuration command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no form of this command to delete the existing description. Because there can be only one description for an interface, you can omit the text argument when you use the no form of this command. To change a description, create a new one; it overwrites the existing one.

ExamplesThe following example creates the interface, upstream, as the upstream interface to the goldisp.net service provider:

[local]Redback(config-ctx)#interface upstream[local]Redback(config-if)#description interface to goldisp.net

Related Commandsshow configuration

text Text string, up to 255 ASCII characters, that identifies the interface.



interfaceinterface if-name [{bridge | {intercontext if-type grp-num} | loopback | multibind [lastresort] |

p2p}]

no interface if-name [{bridge | {intercontext if-type grp-num} | loopback | multibind [lastresort] | p2p}]

PurposeCreates a new interface, or selects an existing one for modification, and enters interface configuration mode.


Syntax Description

if-name Name of the interface; an alphanumeric string with up to 127 characters.

bridge Optional. Specifies that the interface is a bridged interface.

intercontext Optional. Specifies that the interface is to link two or more contexts. An intercontext interface is not a general purpose interface. Use it only for:

• Intermediate System-to-Intermediate System (IS-IS) routing

• Intercontext static routes

• Interfacing to the default multicast domain tree (MDT) group in multicast virtual private networks (VPNs).

If you provide an IP address to an intercontext interface, the netmask 255.255.255.255 is not allowed.

if-type Optional. Type of intercontext interface, according to one of the following keywords:

• lan—Specifies a point-to-multipoint (LAN) interface.

• p2p—Specifies a point-to-point interface.

grp-num Optional. Intercontext group number; the range of values is 1 to 1,023.

loopback Optional. Specifies that the interface is a loopback interface.

multibind Optional. Enables the interface to have multiple circuits bound to it.

lastresort Optional. Specifies that this multibind interface, called a last-resort interface, is used for any subscriber circuit that attempts to come up and cannot bind to any other interface.

p2p Optional. When binding to a LAN circuit, indicates to routing protocols, such as Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF), that the circuit should be treated as a point-to-point interface from an Interior Gateway Protocol (IGP) point of view.



DefaultNone

Usage GuidelinesUse the interface command to create a new interface, or select an existing one for modification, and enter interface configuration mode. Optionally, you can specify the interface as an intercontext interface, a loopback interface, or enable the interface to have multiple circuits bound to it.

You must bind a port or circuit to an interface (other than a bridged or loopback interface) for data to flow across the interface.

When there are only two routers over the LAN media, it makes sense to treat the interface as a point-to-point interface from routing protocol point of view. The p2p keyword can be used to achieve this point-to-point-over-LAN feature. For more detailed information, see the Internet Draft, draft-ietf-isis-igp-p2p-over-lan-03.txt.

Use the bind interface command (in link configuration mode) to bind a port or circuit to a previously created interface in the specified context. Both the interface and the specified context must exist before you enter the bind interface command. If either is missing, an error message displays. For more information about this command, see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Use the bridge command (in interface configuration mode) to associates the bridge with the interface or subscriber. For more information on this command, see the “Bridging Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Use the no form of this command to delete the interface.

ExamplesThe following example configures an interface, enet1:

[local]Redback(config-ctx)#interface enet1[local]Redback(config-if)#ip address 10.1.1.1 255.255.255.0

The following example configures a loopback interface, local-loopback, for the local context:

[local]Redback(config-ctx)#interface local-loopback loopback[local]Redback(config-if)#ip address 10.1.1.1/32

The following example configures three intercontext interfaces in three different contexts all with group 10:

[local]Redback(config-config)#context isp1[local]Redback(config-ctx)#interface isp1-lan intercontext lan 10[local]Redback(config-if)#ip address 10.1.1.1/24

Caution Risk of data loss. Deleting an interface removes all bindings to the interface. To reduce the risk, do not delete an interface, unless you are certain it is no longer needed.

Note To enable OSPF routing on an interface, see the “OSPF Configuration” chapter in the Routing Protocols Configuration Guide for the SmartEdge OS.



[local]Redback(config-if)#exit[local]Redback(config-ctx)#exit!Configure the second interface[local]Redback(config-config)#context isp2[local]Redback(config-ctx)#interface isp2-lan intercontext lan 10[local]Redback(config-if)#ip address 10.1.1.2/24[local]Redback(config-if)#exit[local]Redback(config-ctx)#exit!Configure the third interface[local]Redback(config-config)#context isp3[local]Redback(config-ctx)#interface isp3-lan intercontext lan 10[local]Redback(config-if)#ip address 10.1.1.3/24[local]Redback(config-if)#exit[local]Redback(config-ctx)#exit

The following example deletes the atm3 interface:

[local]Redback(config-ctx)#no interface atm3

The following example configures a last-resort interface and borrows an IP address for it from the enet1 interface:

[local]Redback(config-ctx)#interface last multibind lastresort[local]Redback(config-if)#ip unnumbered enet1

The following example configures a bridged interface and binds it to an existing bridge group, isp1:

[local]Redback(config-config)#context bridge[local]Redback(config-ctx)#interface if-isp1 bridge[local]Redback(config-if)#bridge name isp1

Related Commands

descriptionip address

ip tcp mssipv6 address



ip addressip address ip-addr {netmask | /prefix-length} [secondary] [tag tag]

no ip address ip-addr {netmask | /prefix-length} [secondary] [tag tag]

PurposeAssigns a primary IP address, and optionally, one or more secondary IP addresses, to an interface.


Syntax Description

DefaultNo IP address is assigned to an interface.

Usage GuidelinesUse the ip address command to assign a primary IP address, and optionally, one or more secondary IP addresses, to an interface. This assignment enables IP services on an interface.

Use the ip-addr argument and either the netmask or /prefix-length construct to assign the interface a primary IP address and netmask or prefix length. For nonloopback interfaces, use the bind interface command (in port configuration mode) to bind a circuit to the interface on which IP services are enabled.

Use the optional secondary keyword to designate an IP address as a secondary IP address for the interface. You can configure up to 15 secondary addresses for each primary interface. Interface costs configured for routing protocols apply to secondary IP addresses in the same manner that they apply to primary IP addresses. Secondary IP addresses are treated as locally attached networks.

If Routing Information Protocol (RIP) split horizon is enabled on an interface that is configured with multiple IP addresses, a single update sourced by the primary IP address is sent advertising only the major networks. If split horizon is disabled, multiple updates sourced from each address on the interface are sent and all subnets are advertised.

Use the optional tag tag construct to assign a route tag to the IP address. If you do not include this construct, the value 0 is assigned as the route tag.

ip-addr Primary or secondary IP address of the interface.

netmask Network mask for the associated IP network.

prefix-length Prefix length for the associated IP address. The range of values is 0 to 32.

secondary Optional. Configures the address as a secondary IP address on the interface.

tag tag Optional. Route tag for the IP address. An unsigned 32-bit integer, the range of values is 1 to 4,294,967,295; the default value is 0.

Note The Address Resolution Protocol (ARP) is enabled by default on broadcast-capable interfaces.



Assigning a route tag allows you to propagate the connected route for the interface to other protocols such as Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF), using a route map with a match condition that specifies the route tag value. For more information about route tags and the routing policy commands to manage them, see the “Routing Policy Configuration” chapter in the Routing Protocols Configuration Guide for the SmartEdge OS.

When configuring an OSPF interface, use the ip address command first to establish the interface, and then enable OSPF on it by using the interface command in OSPF area configuration mode; see the “OSPF Configuration” chapter in the Routing Protocols Configuration Guide for the SmartEdge OS. The primary IP address of the interface must belong to the area in which OSPF is enabled. In addition, only neighbors on the primary address subnet can be OSPF peers.

Use the bind interface command (in link configuration mode) to statically bind a port, channel, permanent virtual circuits (PVCs), 802.1Q tunnel, link group, Generic Routing Encapsulation (GRE) tunnel circuit, or overlay tunnel circuit to a previously created interface in the specified context. No data can flow through a port, channel, PVC, 802.1Q tunnel, child circuit, link group, or tunnel circuit until it is bound to an interface. Both the interface and the specified context must exist before you enter the bind interface command. If either is missing, an error message displays. For more information on bind interface command, see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Use the no form of this command to remove an IP address from an interface. You must remove all secondary IP addresses before you can remove the primary IP address.

ExamplesThe following example assigns an IP address and netmask to the enet1 interface:

[local]Redback(config-ctx)#interface enet1[local]Redback(config-if)#ip address 10.4.5.2/24

The following example configures two noncontiguous Classless InterDomain Routing (CIDR) blocks for the downstream interface:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface downstream[local]Redback(config-if)#ip address 10.0.0.1/24[local]Redback(config-if)#ip address 11.0.0.1/24 secondary

The following example binds port 3/1 to the downstream interface using either IP address:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface downstream[local]Redback(config-if)#ip address 10.0.0.2/28[local]Redback(config-if)#ip address 11.0.0.2/28 secondary[local]Redback(config-if)#exit[local]Redback(config-ctx)#exit

Caution Risk of IP service loss. Removing the primary IP address disables all IP services for that address on the specified interface. Disabling IP services deletes a corresponding OSPF interface from the running configuration. To reduce the risk, do not remove a primary IP address for an OSPF interface, unless you have configured a secondary IP address for the OSPF interface, or intend to delete it.



[local]Redback(config)#port ether 3/1[local]Redback(config-port)#bind interface downstream local

Related Commandsinterface ip tcp mssip unnumbered



ip clear-dfip clear-df

{no | default} ip clear-df

PurposeSpecifies that the IP header Don’t Fragment (DF) flag should be ignored in any packet that is to be transmitted on this outbound interface when that packet is too large to be forwarded to a device with a smaller maximum transmission unit (MTU) than is required by the packet.



DefaultThe IP header DF flag is honored.

Usage GuidelinesUse the ip clear-df command to specify that the IP header DF flag should be ignored in any packet that is to be transmitted on this outbound interface when that packet is too large to be forwarded to a device with a smaller MTU than is required by the packet. In this case, the DF flag is cleared in the resulting fragmented packets. The DF flag is not affected in packets that are not too large for the MTU of the device to which they are transmitted.

If you enter the clear-df command (in GRE tunnel configuration mode) for a tunnel circuit, instead of this command, the DF flag is cleared in all packets that are transmitted on that Generic Routing Encapsulation (GRE) tunnel circuit. If you run both commands, the clear-df command takes precedence for that GRE tunnel circuit, and clears the DF flag in all packets transmitted on that tunnel circuit. For more information about the clear-df command (in GRE tunnel configuration mode), see the “GRE Tunnel Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Use the no or default form of this command to honor the DF flag in all packets.

ExamplesThe following example specifies that the DF flag should be ignored in large packets:

[local]Redback(config)#context isp1[local]Redback(config-ctx)#interface large-packets[local]Redback(config-if)#ip clear-df

Related Commandsip icmp



ip icmpip icmp suppress packet-too-big

{no | default} ip icmp

PurposeSpecifies that the Internet Control Message Protocol (ICMP) Destination Unreachable packet-too-big message should be suppressed when any packet that is to be transmitted on this interface has its Don’t Fragment (DF) flag set, and is too large to be forwarded without fragmentation.


Syntax Description

DefaultICMP Destination Unreachable packet-too-big messages are generated.

Usage GuidelinesUse the ip icmp command to specify that the ICMP Destination Unreachable packet-too-big message should be suppressed when any packet that is to be transmitted on this interface has its DF flag set, and is too large to be forwarded without fragmentation.

Use the no or default form of this command to generate ICMP Destination Unreachable packet-too-big messages.

ExamplesThe following example suppresses the Destination Unreachable packet-too-big messages:

[local]Redback(config)#context isp1[local]Redback(config-ctx)#interface large-packets[local]Redback(config-if)#ip icmp suppress packet-too-big

Related Commandsip clear-df

suppress packet-too-big Suppresses the generation of the ICMP Destination Unreachable packet-too-big message.



ip mtuip mtu bytes

no ip mtu

PurposeSets the maximum transmission unit (MTU) size for IP packets sent on an interface.


Syntax Description

DefaultMTU for the media type of the port or circuit to which the interface is bound.

Usage GuidelinesUse the ip mtu command to set the MTU size for IP packets sent on an interface. If an IP packet exceeds the MTU configured for an interface, the system fragments that packet.

An interface does not have an MTU size until either one is explicitly configured using the ip mtu command, or a circuit is bound to the interface. If no MTU size is configured, the MTU size is the same as that of the bound circuit. If an IP MTU is explicitly configured, the resulting IP MTU is calculated. It is the lesser of the configured IP MTU and the circuit MTU.

Use the no form of this command to remove the IP MTU and use the MTU of the bound circuit.

ExamplesThe following example sets the maximum IP packet size for the atm1 interface to 300 bytes:

[local]Redback(config-ctx)#interface atm1[local]Redback(config-if)#ip mtu 300


bytes MTU size in bytes. The range of values is 256 to 16,384.

Note This command does not apply to loopback interfaces.



ip pool ip pool ip-addr {netmask | /prefix-length | to ip-addr} [name pool-name] [falling-threshold num {trap

[log] | log}]

no ip pool [ip-addr {netmask | /prefix-length} [name pool-name]]

PurposeCreates or modifies a pool of IP addresses for an interface to allow a subscriber on a Point-to-Point Protocol (PPP)- or PPP over Ethernet (PPPoE)-encapsulated circuit to be assigned any available IP address from the pool.


Syntax Description

DefaultNo IP pool is created for any interface.

Usage GuidelinesUse the ip pool command (in interface configuration mode) to create or modify a pool of IP addresses for an interface to allow a subscriber on a PPP- or PPPoE-encapsulated circuit to be assigned an IP address from the pool. The interface must have been created using the interface command (in context configuration mode) with the multibind keyword.

You can use IP pools to provide addresses for the Dynamic Host Configuration Protocol (DHCP) server; specifically, if no range of values is specified for a DHCP subnet, the DHCP server takes the IP addresses from the IP pool defined by the interface command (in context configuration mode). This IP pool can be used by the DHCP server and PPP subscribers on the same interface.

ip-addr Starting IP address of the IP pool in the form A.B.C.D.

netmask Network mask for the associated IP network in the form A.B.C.D. The range of values is 255.255.0.0 to 255.255.255.255.

prefix-length Prefix length. The range of values is 16 to 32.

to ip-addr Ending address of the IP pool.

name pool-name Optional. Name for the IP pool; a string with up to 31 characters.

falling-threshold num Optional. Threshold value for creating a falling-threshold crossing event. The range of values is 0 to 65,535; if omitted, the default value is 0.

trap Reports the falling-threshold event with a Simple Network Management Protocol (SNMP) event.

log Logs the falling-threshold event; this keyword is optional if you specify the trap keyword.



To create the pool, specify an IP address within the range for the pool and either the netmask or the prefix length. You can enter this command multiple times if you are configuring a last-resort interface.

The number of available IP addresses in a pool is decremented whenever an IP address is assigned from the pool and incremented when it is returned to the pool.

If you use the Remote Authentication Dial-In User Service (RADIUS) to authenticate subscribers, follow these guidelines:

• You must ensure that the RADIUS server is configured to return attribute 8, Framed-IP-Address, with a value of 255.255.255.254 or 0.0.0.0. These values allow the subscriber to be assigned any available IP address from any pool configured within the context.

• If you create a named pool, you must ensure that the RADIUS server is configured to return Redback

VSA 36, IP-Address-Pool-Name, with the name of the IP pool.

The name that you specify for the IP pool (the pool-name argument) can be the name an interface created with the interface command (in context configuration mode), but it must be unique among all named IP pools within the context.

The falling-threshold parameters provide an alert when the number of available IP addresses in the pool is reduced to the value specified.

Use the to ip-addr construct to select a range of IP addresses for the IP pool.

Use the falling-threshold num construct to specify the number of available IP addresses in the pool for which a falling-threshold crossing event is generated. A crossing event occurs only when the number of available IP addresses in the pool equals the value specified. If the number of available IP addresses becomes greater than the value specified and then drops again to the value, a second falling-threshold crossing event is generated.

If you specify the falling-threshold num construct and the IP pool already exists, the current falling-threshold parameters are set to the new values, or are added to the definition of the IP pool if they did not previously exist. If you enter the ip pool command without the falling-threshold parameters and the IP pool already exists, the threshold is removed.

You can specify that the falling-threshold crossing event be reported with an SNMP trap, a log message, or both the trap and the log message.

For information about configuring context-specific falling-threshold parameters or including Class C network and broadcast IP addresses in IP pools in the context, see the ip pool command (in context configuration mode) in Chapter 6, “Context Configuration.”

Use the no form of this command to delete the IP address pool for the specified starting IP address or all IP pools created in the interface.

Note This command does not apply to loopback interfaces.



ExamplesThe following example creates a named IP pool for the interface isp1.net context and specifies that both an SNMP trap and a log message be generated when the number of available IP addresses in the pool equals 22:

[local]Redback(config)#context isp1.net[isp1.net]Redback(config-ctx)#interface isp1.net multibind[isp1.net]Redback(config-if)#ip address 10.1.1.1 255.255.255.0[isp1.net]Redback(config-if)#ip pool 10.1.1.1 255.255.255.0 name ip-pool1 falling-threshold 22 trap log

The following example creates a named IP pool for the isp1.net context and specifies a range of IP addresses for the IP pool using the to ip-addr construct:

[local]Redback(config)#context isp1.net[isp1.net]Redback(config-ctx)#interface isp1.net multibind[isp1.net]Redback(config-if)#ip address 10.1.1.1/24[isp1.net]Redback(config-if)#ip pool 10.1.1.2 to 10.1.1.100

Related Commandsip address ip pool—context configuration mode



ip source-addressip source-address [all | {[packet-type] [packet-type] ... }]

no ip source-address [all | {[packet-type] [packet-type] ... }]

PurposeSpecifies the primary IP address of this interface as the source address for one or more types of locally generated packets or packets sent to a Dynamic Host Configuration Protocol (DHCP) server.


Syntax Description

DefaultThe IP address for the interface on which the traffic is transmitted is used as the source address in locally generated packets or packets sent to a DHCP relay server.

Usage GuidelinesUse the ip source-address command to specify the primary IP address of this interface as the source address for one or more types of locally generated packets or packets sent to a DHCP relay server. The primary IP address for the interface is assigned using the ip address command (in interface configuration mode).

You can specify multiple keywords in any order with this command; you can also enter the command multiple times to specify additional protocols. Table 7-2 lists the keywords for the types of packets in which the IP address is sent.

all Optional. Specifies the primary IP address of this interface as the source address for all types of packets listed in Table 7-2.

packet-type Optional. Type of packets in which the primary IP address of this interface is used as the source address, according to one of the keywords listed in Table 7-2. You can list multiple packet types, each separated by a space.

Note Enter this command with the IP source addresses of loopback interfaces and not with IP addresses of interfaces associated with physical ports or circuits. You should not specify the IP source address of a physical port or circuit because if the port or circuit goes down, the reply packets would be disrupted.

Table 7-2 Keywords for Supported Protocols and Servers

Keyword Packet Description

dhcp-server Specifies packets to a DHCP relay server.

ftp Specifies File Transfer Protocol (FTP) packets.



Use the all keyword to specify all supported protocols and servers.

By default, the local IP address for the interface on which the traffic is transmitted is included in transmitted packets. As a result, the local IP address used for packets can change from connection to connection, based on the interface that the routing algorithm has chosen to reach the destination.

For IP packets sent by IP routing protocols, including Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Resource Reservation Protocol (RSVP), and the multicast protocols, but not including Intermediate System-to-Intermediate System (IS-IS), the local IP address selection is often constrained by the protocol specification so that the protocol operates correctly. When this constraint exists in the routing protocol, the IP source address included in the outgoing packet is determined by the routing protocol and not the ip source-address command.

Use the no form of this command to use the local IP address for the interface on which the traffic is transmitted.

ExamplesThe following example specifies the IP address of the notify interface in the local context for all outgoing Telnet packets:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface notify[local]Redback(config-if)#ip address 172.16.1.1/24[local]Redback(config-if)#ip source-address telnet

icmp-dest-unreachable Specifies Internet Control Message Protocol (ICMP) type 3, Destination Unreachable, packets.

icmp-time-exceeded Specifies that all replies to ICMP type 11 packets are sourced with the defined IP address.

netop Specifies advertisement packets which the SmartEdge router sends as part of the automatic node discovery process with the NetOp™ EMS server. Allows the NetOp EMS server to reach the SmartEdge router through the IP source address set by this command and bound to traffic cards as opposed to the default management IP address of the controller card.

radius Specifies packets to a Remote Authentication Dial-In User Service (RADIUS) server.

snmp Specifies Simple Network Management Protocol (SNMP) packets.

ssh Specifies Secure Shell (SSH) and Secure Shell FTP (SFTP) packets.

syslog Specifies syslog packets.

tacacs+ Specifies Terminal Access Controller Access Control System Plus (TACACS+) packets.

telnet Specifies Telnet packets.

tftp Specifies Trivial FTP (TFTP) packets.

Note For the RADIUS application, use the radius attribute nas-ip-address command (in context configuration mode) to configure the SmartEdge OS to send the IP source address in access request and accounting request packets to the RADIUS server. For more information, see the “RADIUS Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Table 7-2 Keywords for Supported Protocols and Servers (continued)

Keyword Packet Description



The following example adds the SNMP protocol to the list of protocols using the IP address for the notify interface:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface notify[local]Redback(config-if)#ip source-address snmp

As a result, both the Telnet and SNMP protocols use the IP address of the notify interface.

The following example specifies that ICMP packets will also use the IP address of the notify interface:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface notify[local]Redback(config-if)#ip source-address icmp-dest-unreachable




ip tcp mssip tcp mss replace [dir] mss-size

no ip tcp mss replace [dir]

PurposeChanges the value of the maximum segment size (MSS) field in the TCP header to prevent fragmentation.


Syntax Description

DefaultPackets for ingress and egress traffic pass unaltered through the SmartEdge router.

Usage GuidelinesUse the ip tcp mss command to replace the value of the MSS field in the TCP header to prevent fragmentation. Specify the maximum size of ingress and egress traffic in bytes.

The system does not replace MSS value in the datagram if the MSS value is bigger than the one found in the datagram. MSS replacement applies only to TCP SYN packets.

To set a different MSS for ingress traffic and egress traffic, enter the command twice—once for ingress traffic and once for egress traffic. To set the same MSS for both ingress and egress traffic, do not specify the direction. If you set an MSS for only one direction, no MSS is set for the other direction and the packets for that direction pass unaltered through the SmartEdge router.

Use the no form of this command to delete the current MSS configuration. Packets for ingress and egress traffic pass unaltered through the SmartEdge router.

ExamplesThe following example shows how to configure the seattle-p2p interface with an MSS of 1420 bytes for both ingress and egress traffic:

replace Replace the value of the MSS field in the TCP header with the specified value.

dir Optional. Identifies the direction of the traffic for which you are specifying a maximum segment size:

• in—to specify an MSS for ingress traffic.

• out—to specify an MSS for egress traffic.

If you do not specify a direction, the MSS applies to both directions.

mss-size Maximum segment size of a datagram in bytes. This value must be between 216 and 16,384 bytes and replaces the value of the MSS field in the TCP header.



[local]Redback(config-ctx)#interface seattle-p2p[local]Redback(config-if)#ip tcp mss replace 1420

Related Commandsinterface ip address



ip unnumberedip unnumbered if-name

no ip unnumbered

PurposeEnables IP processing on an interface without assigning it an explicit IP address.


Syntax Description

DefaultInterfaces do not borrow IP addresses.

Usage GuidelinesUse the ip unnumbered command to enable IP processing on an interface without assigning it an explicit IP address. This feature allows the interface to borrow the IP address of another interface.

Use the no form of this command to remove the ability to borrow IP addresses from another interface.

ExamplesThe following example configures the seattle-p2p interface to borrow an IP address from the eth2 interface:

[local]Redback(config-ctx)#interface seattle-p2p[local]Redback(config-if)#ip unnumbered eth2

Related Commandsinterface ip address

if-name Name of the interface from which an IP address is to be borrowed.



ipv6 addressipv6 address ip-addr/prefix-length [secondary]

no ipv6 address ip-addr/prefix-length [secondary]

PurposeAssigns a primary Internet Protocol Version 6 (IPv6) address, and optionally, one or more secondary IPv6 addresses, to an interface.


Syntax Description

DefaultNo IPv6 address is assigned to an interface.

Usage GuidelinesUse the ipv6 address command to assign a primary IPv6 address, and optionally, one or more secondary IPv6 addresses, to an interface. This assignment enables IPv6 services on an interface.

Use the ip-addr argument and the /prefix-length construct to assign the interface a primary IPv6 address or prefix length. For nonloopback interfaces, use the bind interface command (in port configuration mode) to bind a circuit to the interface on which IP services are enabled. For more information on the bind interface command, see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Use the optional secondary keyword to designate a IPv6 address as a secondary IPv6 address for the interface. You can configure up to 15 secondary addresses for each primary interface. Interface costs configured for routing protocols apply to secondary IP addresses in the same manner that they apply to primary IP addresses. Secondary IP addresses are treated as locally attached networks.

If Routing Information Protocol (RIP) split horizon is enabled on an interface that is configured with multiple IP addresses, a single update sourced by the primary IPv6 address is sent that advertises only the major networks. If split horizon is disabled, multiple updates sourced from each address on the interface are sent and all subnets are advertised.

When configuring an Open Shortest Path First (OSPF) interface, use the ipv6 address command first to establish the interface, and then enable OSPF version 3 (OSPFv3) on it by using the interface command in OSPFv3 area configuration mode; see the “RADIUS Configuration” chapter in the Routing Protocols

ip-addr Primary or secondary IPv6 address of the interface.

prefix-length Prefix length for the associated IPv6 address. The range of values is 0 to 128.

secondary Optional. Configures the address as a secondary IPv6 address on the interface.

Note The Neighbor Discovery (ND) protocol is enabled by default on broadcast-capable interfaces.



Configuration Guide for the SmartEdge OS. The primary IPv6 address of the interface must belong to the area in which OSPFv3 is enabled. In addition, only neighbors on the primary address subnet can be OSPFv3 peers.

Use the bind interface command (in IPv6 tunnel configuration mode) to statically bind a port, channel, permanent virtual circuits (PVCs), 802.1Q tunnel, link group, Generic Routing Encapsulation (GRE) tunnel circuit, or overlay tunnel circuit to a previously created interface in the specified context. No data can flow through a port, channel, PVC, 802.1Q tunnel, child circuit, link group, or tunnel circuit until it is bound to an interface. For more information on bind interface command, see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Use the no form of this command to remove a IPv6 address from an interface. You must remove all secondary IPv6 addresses before you can remove the primary IPv6 address.

ExamplesThe following example assigns an IPv6 address to the enet1 interface:

[local]Redback(config-ctx)#interface enet1[local]Redback(config-if)#ipv6 address 7001::1/64

The following example configures two noncontiguous blocks for the downstream interface:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface downstream[local]Redback(config-if)#ipv6 address 7002::1/112[local]Redback(config-if)#ipv6 address 7003::1/112 secondary

The following example binds the Ethernet port 3/1 to the downstream interface using either IPv6 address:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface downstream[local]Redback(config-if)#ipv6 address 7002::1/112[local]Redback(config-if)#ipv6 address 7003::1/112 secondary[local]Redback(config-if)#exit[local]Redback(config-ctx)#exit[local]Redback(config)#port ether 3/1[local]Redback(config-port)#bind interface downstream local

Related Commandsinterface ip unnumbered

Caution Risk of IP service loss. Removing the primary IPv6 address disables all IP services for that address on the specified interface. Disabling IPv6 services deletes a corresponding OSPFv3 interface from the running configuration. To reduce the risk, do not remove a primary IPv6 address for an OSPFv3 interface, unless you have configured a secondary IPv6 address for the OSPFv3 interface, or intend to delete it.

Subscriber Configuration 8-1

C h a p t e r 8

Subscriber Configuration

This chapter provides an overview of subscribers, describes the tasks used to configure basic features for subscribers and subscriber sessions, and provides configuration examples and detailed descriptions of the commands used to configure these features through the SmartEdge® OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer subscribers, see the “Context, Interface, and Subscriber Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

For protocol- or feature-specific commands that appear in subscriber configuration mode, see the appropriate chapter in this guide or in the Routing Protocols Configuration Guide or the IP Services and Security Configuration Guide for the SmartEdge OS, respectively.


• Overview




Overview

Subscribers are end users of high-speed access services. Subscriber records are used to define a set of attributes, such as subscriber name, password, authentication, access control, rate-limiting, and policing information. A record is specific to the context in which the subscriber is configured.

You can configure a default subscriber profile to define attributes that are applied to all subscribers. With a default subscriber profile, you can configure attributes that are shared by many subscribers in a single configuration, rather than applying the same attributes separately to each subscriber record.

Similarly, you can create a named subscriber profile, which you can assign to one or more subscribers. Unlike the default subscriber profile which is automatically assigned to every subscriber record, you must explicitly assign a named subscriber profile to a subscriber record.

When assigned to a subscriber record, the values of the attributes in a named subscriber profile override the identical attributes in the default profile. Profile attributes, either from the default or named profile are overridden when identical attributes with different values are configured in a specific subscriber record.

Overview


Subscribers use hosts connected to various types of circuits. Table 8-1 lists the types of circuits which support subscribers and their encapsulations.

Subscriber records can be configured in one of two ways:

• Locally, using commands in the SmartEdge OS command-line interface (CLI).

You can use subscriber records to provide local authentication and authorization information whenever a remote authentication and authorization server, such as Remote Authentication Dial-In User Service (RADIUS), is not available nor wanted.

• Using attributes (authentication, accounting, or both) stored on a RADIUS server that the SmartEdge OS is configured to access.

If the RADIUS server is configured within the local context of the SmartEdge OS, attributes are applied globally to all subscribers. If the RADIUS server is configured within any other context, attributes are applied only to subscribers configured in that particular context.

If you are using the Challenge Handshake Authentication Protocol (CHAP), Password Authentication Protocol (PAP), or both authentication protocols, the response from the RADIUS server (in attribute 18) is forwarded to the Point-to-Point Protocol (PPP) client with the reason for the acceptance or rejection of the subscriber.

IPv6 is a new version of the Internet Protocol, designed as the successor to IPv4. IPv6 is fully described in RFC 2460, Internet Protocol, Version 6 (IPv6) Specification. The changes from IPv4 to IPv6 include:

• Increase in address size from 32 bits to 128 bits

• Simplified header

• Extensible header with optional extension headers

• Designed to co-exist with IPv4

• Uses multicast addresses instead of broadcast addresses

Table 8-1 Subscriber Circuit Types and Their Encapsulations

Circuit Encapsulations

Circuit Type Bridge1483 Multi Route1483 PPP IPoE IPv6oE PPPoE

ATM PVC Yes – Yes Yes Yes – Yes

802.1Q PVC – Yes – – Yes – Yes

POS port – – – Yes – – –

Child circuit – – – – – No Yes

Note If you specify the encapsulation for a circuit with the multi keyword, the parent circuit carries IP over Ethernet (IPoE) traffic.

Note When IP Version 6 (IPv6) addresses are not referenced or explicitly specified, the term IP address can refer generally to IP Version 4 (IPv4) addresses, IPv6 addresses, or IP addressing. In instances where IPv6 addresses are referenced or explicitly specified, the term IP address refers only to IPv4 addresses. For a description of IPv6 addressing and the types of IPv6 addresses, see RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture.

Configuration Tasks


Configuration Tasks

To configure the basic features for a subscriber, perform the tasks described in the following sections:

• Configure Subscriber Statistics Collection

• Configure a Subscriber Profile or Record

• Configure Subscriber IP Address Attributes

• Configure PPP and PPPoE Subscriber Attributes

Configure Subscriber Statistics CollectionTo configure statistics collection for all subscribers, perform the tasks in Table 8-2.

Configure a Subscriber Profile or RecordTo configure a subscriber profile or record, perform the tasks in Table 8-3; enter all commands in subscriber configuration mode unless otherwise noted.


Note For information about IP multicast options for a subscriber record or profile, see the “IP Multicast Configuration” chapter in the Routing Protocols Configuration Guide for the SmartEdge OS.

Note For information about configuring Address Resolution Protocol (ARP) and Dynamic Host Configuration Protocol (DHCP) options for a subscriber record or profile, see the “ARP Configuration” and “DHCP Configuration” chapters in the IP Services and Security Configuration Guide for the SmartEdge OS.

Table 8-2 Configure Subscriber Statistics Collection


1. Accesses stats collection configuration mode.

stats-collection Enter this command in global configuration mode.

2. Excludes Layer 2 header data only, or Layer 2 header data, PPP control data, and PPPoE control data from subscriber statistics collection.

count exclude subscriber Enter this command in stats collection configuration mode.

Table 8-3 Configure a Subscriber Profile or Record


1. Create a default subscriber profile, a named subscriber profile, or an individual subscriber record, and access subscriber configuration mode.

subscriber Enter this command in context configuration mode.

2. Specify general attributes for the subscriber profile or record (all attributes are optional):

Configuration Tasks


Configure Subscriber IP Address AttributesTo configure subscriber IP address attributes for a subscriber record or profile, perform one or more of the tasks in Table 8-4; enter all commands in subscriber configuration mode.

Assign a named subscriber profile to the subscriber record.

profile

Specify the action taken when a session times out or reaches its traffic limit.

session-action

Specify the maximum number of sessions allowed for each subscriber line.

session-limit

Assign an ATM shaping profile. shaping-profile

Set an idle or absolute session timeout value. timeout

Limit the number of sessions a subscriber can access simultaneously.

port-limit

Apply a bulkstats schema to the default subscriber profile for this context.

bulkstats schema This command applies only to the default subscriber profile.

Table 8-4 Configure Subscriber IP Address Attributes


Assign an IP address to the subscriber record or profile. ip address

Prevent address spoofing with IP source-address validation.

ip source-validation

Assign one or more static routes (to the same destination) to the subscriber record or profile.

ip subscriber route

Specifies the IP address of the primary or secondary NetBIOS Name Server (NBNS).

nbns

Table 8-3 Configure a Subscriber Profile or Record (continued)




Configure PPP and PPPoE Subscriber AttributesTo configure the PPP and Point-to-Point Protocol over Ethernet (PPPoE) attributes for a subscriber profile or record, perform one or more of the tasks in Table 8-5; enter all commands in subscriber configuration mode.


This section provides several example configurations for various subscriber features:

• Subscriber Record

• Subscriber Timeout

• NBNS Server for the Default Subscriber Profile

• PADM

• PPPoE MOTM

Subscriber RecordThe following example configures a PPP password, an IP address, and a static route and assigns a route tag to the IP address and to the static route in the subscriber record, pppuser, in the local context:

[local]Redback(config)#context local[local]Redback(config-ctx)#subscriber name pppuser[local]Redback(config-sub)#password in-test[local]Redback(config-sub)#ip address 10.1.3.30[local]Redback(config-sub)#ip subscriber-route 10.2.1.1/24

Table 8-5 Configure the PPP and PPPoE Attributes for a Subscriber Profile


Specify the authentication password that the subscriber enters when initiating a PPP session.

password

Set the MTU used by PPP for the subscriber circuit. ppp mtu For more information on this command, see the “PPP and PPPoE Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Create the message of the minute (MOTM) that the subscriber will see when first logging on.

pppoe motm For more information on this command, see the “PPP and PPPoE Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Set the subscriber’s PPPoE client to point the subscriber’s browser to a specific location after the subscriber’s PPP session is established.

pppoe url For more information on this command, see the “PPP and PPPoE Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.



Subscriber TimeoutThe following example configures a subscriber, roger, in the corp.com context to have a maximum session time of 120 minutes (2 hours):

[local]Redback(config)#context corp.com[local]Redback(config-ctx)#subscriber name roger[local]Redback(config-admin)#timeout absolute 120

The next example shows how to specify an idle timeout. In the default idle timeout, the subscriber session is dropped after a specified number of minutes with no activity. Optionally, you can specify an idle threshold and idle timeout direction. The following example shows how to configure an idle timeout of 60 bps in the receive and 30 bps in the transmit direction:

[local]Redback(config)#context corp.com[local]Redback(config-ctx)#subscriber name roger[local]Redback(config-admin)#timeout idle tx 60 rx 30

Use the idle threshold to exclude small amounts of traffic, such as those that viruses and worms might generate, from keeping otherwise inactive subscriber sessions from disconnecting.

Use the idle timeout direction to specify whether the idle condition is based on the traffic flowing in (receive) or out (transmit). If you specify no direction, the idle timeout is the same for both directions.

NBNS Server for the Default Subscriber ProfileThe following example configures the default subscriber profile to supply a primary NBNS address to every PPP subscriber in the current context. For more information, see RFC 1877, PPP Internet Protocol Control Protocol Extensions for Name Server Addresses.

[local]Redback(config-ctx)#subscriber default[local]Redback(config-sub)#nbns primary 10.10.1.1

PADMThe following example causes a PPPoE Active Discovery Message (PADM) packet containing the URL, http://www.cust1.com/members/joe@local, to be sent to the PPPoE client when the PPP session is established:

[local]Redback(config-ctx)#subscriber name joe[local]Redback(config-sub)#pppoe url http://www.cust1.com/members/%U

The next example uses the pppoe url command (in subscriber configuration mode) to configure the subscriber default profile. For every subscriber, a PADM containing http://www.aol.com/members/name is sent to the PPPoE client when the PPP session is established.

Note Configuring a password is not required. However, if you specify a password in the bind subscriber command, you must configure the same password in the subscriber record. For more information on the bind subscriber command, see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.



[local]Redback(config-ctx)#subscriber default[local]Redback(config-sub)#pppoe url http://www.aol.com/members/%u

PPPoE MOTMThe following example creates a PPPoE MOTM:

[local]Redback(config-sub)#pppoe motm System coming down at 0400 today for scheduled maintenance

The following example replaces the first MOTM with a new one:

[local]Redback(config-sub)#pppoe motm Scheduled system maintenance cancelled for 08/29.

The following example removes the existing MOTM so that no message is sent to subscribers:

[local]Redback(config-sub)#no pppoe motm


This section describes the syntax and usage guidelines for the commands used to configure basic features for subscribers and subscriber sessions. The commands are presented in alphabetical order.

count exclude subscriberip addressip source-validationip subscriber routenbnspasswordport-limit

profilesession-actionsession-limitshaping-profilestats-collectionsubscribertimeout



count exclude subscribercount exclude subscriber layer-2 [ppp-pppoe-control]

no count exclude subscriber layer-2 [ppp-pppoe-control]

PurposeExcludes Layer 2 header data only, or Layer 2 header data, Point-to-Point Protocol (PPP) control data, and PPP over Ethernet (PPPoE) control data from subscriber statistics collection.

Command Modestats collection configuration

Syntax Description

DefaultAll data in the subscriber packet is included in statistics collection.

Usage GuidelinesUse the count exclude subscriber command to exclude Layer 2 header data only, or Layer 2 header data, PPP control data, and PPPoE control data from subscriber statistics collection.

Use the layer-2 keyword to exclude Layer 2 header data only. Use the ppp-pppoe-control keyword to exclude Layer 2 header data and PPP and PPPoE control data.

Use the no form of this command to include Layer 2 header data and PPP and PPPoE control data in the statistics collection.

ExampleThe following example excludes both Layer 2 header data and PPP and PPPoE control data from statistics collection:

[local]Redback(config)#stats-collection[local]Redback(config-stats-collect)#count exclude subscriber layer-2 ppp-pppoe-control

Related Commandsstats-collection

layer-2 Excludes Layer 2 header data only.

ppp-pppoe-control Optional. Excludes Layer 2 header and PPP and PPPoE control data.



ip addressip address {ip-addr [netmask | /prefix-length] | pool [name name]}

no ip address {ip-addr [netmask | /prefix-length] | pool}

PurposeAssigns an IP address to the subscriber record or profile.

Command Modesubscriber configuration

Syntax Description

DefaultNone

Usage GuidelinesUse the ip address command to assign an IP address to the subscriber record or profile. To specify a range of contiguous IP addresses, use the optional netmask argument. For Point-to-Point Protocol (PPP)-encapsulated circuits, only the first available IP address in a subscriber record is used for address negotiation. For subscriber circuits using RFC 1483 bridged encapsulation, entries are added to the host table for any and all such IP addresses.

You can specify either an IP address or an IP pool, but not both. You must use the pool keyword to configure a default subscriber profile. The name name construct is either the name of a named IP pool (created with the pool-name argument) or the name of an interface (created with the if-name argument).

When binding a subscriber circuit that has been configured with the bind authentication command (in subscriber configuration mode), and the local or Remote Authentication Dial-In User Service (RADIUS) subscriber record specifies an IP pool or interface name, the SmartEdge OS first checks for an available IP address in the IP pool specified in the record. If the pool does not exist, it then looks for an interface with that name. If there are no unnamed IP pools associated with the interface, the binding for the subscriber circuit fails. For more information on the bind authentication command (in subscriber configuration mode), see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

ip-addr IP address for the subscriber record or profile.

netmask Optional. Network mask for the IP address. You must enter a mask of at least 24 bits; that is, a mask in the range of 255.255.255.0 to 255.255.255.255.

prefix-length Optional. Prefix length. The range of values is 0 to 32.

pool Indicates that the subscriber will be assigned an IP address from a locally managed IP pool. Required if configuring a default subscriber profile.

name name Optional. Name of an IP pool or an interface with a named or unnamed IP pool.



If this subscriber will be a user of clientless IP service selection (CLIPS), or if this named or default subscriber profile is intended for such subscribers, follow these guidelines:

• For static CLIPS circuits, a subscriber record or its assigned profile must have one and only one IP address. If you enter this command more than once for a subscriber record or profile, only the last IP address is applied to the static CLIPS circuit.

• For dynamic CLIPS circuits, do not use this command to assign an IP address; instead, use the dhcp max-addrs command (in subscriber configuration mode) and specify 1 as the value for the max-num argument. For more information about the dhcp max-addr command, see the “DHCP Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Any IP address assigned to a subscriber must fall within the address and netmask range configured for an interface in the context to which the subscriber is to be bound; otherwise, the binding fails. The same is true of IP addresses that are returned by RADIUS servers and that are to be assigned to subscribers.

Use the no form of this command to remove an IP address from a subscriber record.

ExampleThe following example defines the IP address, 10.1.1.7, for a subscriber, host1:

[local]Redback(config-ctx)#subscriber name host1[local]Redback(config-sub)#ip address 10.1.1.7

The next example defines two IP addresses, 10.1.1.14 and 10.1.1.15, for a subscriber, host2:

[local]Redback(config-ctx)#subscriber name host2[local]Redback(config-sub)#ip address 10.1.1.14[local]Redback(config-sub)#ip address 10.1.1.15

The following example defines eight IP addresses, 10.1.1.32 to 10.1.1.39, for a subscriber, host8:

[local]Redback(config-ctx)#subscriber name host8[local]Redback(config-sub)#ip address 10.1.1.32 255.255.255.248

Note To create a pool of IP addresses for an interface, use the ip pool command (in interface configuration mode); to assign an IP address to an interface, use the ip address command (in interface configuration mode).

Note If you are authenticating a subscriber using the RADIUS, the subscriber record is ignored.

To assign an IP pool address to the subscriber using RADIUS, configure the RADIUS server to return either 255.255.255.254 or 0.0.0.0 as the value for attribute 8, Framed-IP-Address. These values allow the subscriber to be assigned any available IP address from any pool configured within the context.

If you specify a named IP pool, configure the RADIUS server to return the name of the pool in the Redback® vendor-specific attribute (VSA) 36, IP-Address-Pool-Name.



The following pair of examples show the use of unnamed and named IP pools:

• The first example uses an unnamed pool to assign an IP address to a subscriber, joe. At runtime, the SmartEdge OS looks for the If-One pool. Because the pool does not exist, the SmartEdge OS looks for an unnamed pool for the If-One interface. If there is an available IP address, subscriber joe is assigned an address in the 11.1.1.n range; if no address is available in the pool, the next interface is checked. If no interface has an IP address available, the session fails.

• The second example uses a named pool to assign an IP address to subscriber joe. In this example, subscriber joe is assigned an address in the 12.2.2.n range, if one is available, from the named pool for the If-Two interface. If one if not available, the session fails.

In each example, the configuration of the interfaces and pools is as follows:

[local]Redback(config)#context local[local]Redback(config-ctx)#aaa authentication subscriber local[local]Redback(config-ctx)#interface If-One[local]Redback(config-if)#ip address 11.1.1.1 255.255.255.0[local]Redback(config-if)#ip pool 11.1.1.2 255.255.255.0[local]Redback(config-if)#interface If-Two[local]Redback(config-if)#ip address 12.2.2.1 255.255.255.0[local]Redback(config-if)#ip pool 12.2.2.2 255.255.255.0 name If-Two

!Example 1 - Use an unnamed pool associated with interface If-One[local]Redback(config-ctx)#subscriber name joe[local]Redback(config-sub)#ip address pool If-One

!Example 2 - Use a named pool[local]Redback(config-ctx)#subscriber name joe[local]Redback(config-sub)#ip address pool name If-Two

Related Commands

Note The SmartEdge OS does not attempt to assign an IP address from the If-Two pool; those addresses are reserved for subscribers that have been explicitly configured to use that pool, as shown in the next example.

ip addressip pool

profilesubscriber



ip source-validationip source-validation

no ip source-validation

PurposeEnables IP source-address validation (SAV), which denies all IP packets from address sources that are not reachable through a subscriber’s associated circuit.



DefaultIP SAV is disabled.

Usage GuidelinesUse the ip source-validation command to enable IP SAV. IP SAV, also known as ingress filtering, denies all IP packets from address sources that are not reachable through the subscriber’s associated circuit. You can use this command to prevent address spoofing.

Use the no form of this command to disable IP SAV.

ExamplesThe following example enables IP SAV for the subscriber, bart:

[local]Redback(config-ctx)#subscriber name bart[local]Redback(config-sub)#ip source-validation




ip subscriber routeip subscriber route ip-addr {netmask | /prefix-length} [next-hop-ip-addr]

no ip subscriber route ip-addr {netmask | /prefix-length} [next-hop-ip-addr]

PurposeAssigns one or more static IP routes to a subscriber’s configuration.


Syntax Description

DefaultNone

Usage GuidelinesUse the ip subscriber route command to assign one or more static IP routes to a subscriber’s configuration.

To configure a default static IP route, use the netmask argument. If you use non-zero bits for the host portion of the network address, the route is not added to the routing table.

With RFC 1483 bridged encapsulation, a valid next-hop address and interface are required. If you are not using RFC 1483 bridged encapsulation, you can omit the next-hop address, but the route is not added to the routing table, unless the subscriber’s circuit has one of the encapsulation types that does not require a next hop to be configured: Asynchronous Transfer Mode (ATM) Route1483, Layer 2 Tunneling Protocol (L2TP), Point-to-Point (PPP) over ATM (PPPoA), or PPP over Ethernet (PPPoE).

Use the no form of this command to delete a static route from the subscriber’s configuration.

The routes for multiple protocols, including subscriber routes, have default routing distance values. When routing multiple routes with the same destination, the route with the lowest distance value is preferred.

ip-addr IP address of the target network or subnet.

netmask Network mask where the 1 bits indicates the network, or subnet, and the 0 bits indicate the host portion of the network address provided.

prefix-length Prefix length. The range of values is 0 to 32. Optional when specified in conjunction with the next-hop-ip-addr argument.

next-hop-ip-addr Optional. Required with RFC 1483 bridged-encapsulated circuits, and optional with other encapsulation types. IP address of a next hop router that can reach the target network or subnet.

Note This command is available only if you are configuring a named subscriber record.



Unlike the distance values for Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), and Routing Information Protocol (RIP) routes, the distance values for directly connected, static IP, and subscriber routes cannot be modified. They always take the default distance values, as shown in Table 8-6.

For more information about protocol distances, see the “Overview” chapter in the Routing Protocols Configuration Guide for the SmartEdge OS.

ExamplesThe following example assigns the IP route, 216.199.130.160 255.255.255.224, to the subscriber, SamQ:

[local]Redback(config-ctx)#subscriber name SamQ[local]Redback(config-sub)#ip address 10.1.2.3[local]Redback(config-sub)#ip subscriber route 216.199.130.160 255.255.255.224


Table 8-6 Protocol Default Distance Values

Protocol Default Distance Value

Directly connected 0

Static IP 1

Subscriber IP host 15

Subscriber IP route 16



nbnsnbns {primary | secondary} ip-addr

no nbns {primary | secondary} ip-addr

PurposeSpecifies the IP address of the primary or secondary NetBIOS Name Server (NBNS) in the subscriber record or profile.


Syntax Description

DefaultNBNS information is not provided to the subscriber.

Usage GuidelinesUse the nbns command to specify the IP address of the primary or secondary NBNS in the subscriber record or profile.

Use the no form of this command to remove the IP address of the primary or secondary NBNS from the subscriber profile or record.

ExamplesThe following example specifies the primary address of the NBNS in the record for subscriber SamQ:

[local]Redback(config-ctx)#subscriber name SamQ[local]Redback(config-sub)#nbns primary 10.1.1.20

primary Specifies that the IP address is for the primary NBNS.

secondary Specifies that the IP address is for the secondary NBNS.

ip-addr IP address of the primary or secondary NBNS.

Note This command does not instruct the SmartEdge router to use the specified name servers in any way for its own purposes. Rather, this information is passed to the subscriber using the Point-to-Point Protocol (PPP) negotiation. The subscriber uses NBNS to obtain IP addresses from NetBIOS names. These values are utilized using PPP when the remote peer requests this information (see RFC 1877, PPP Internet Protocol Control Protocol Extensions for Name Server Addresses). The SmartEdge router does not push this information to the remote peer.

Note The comparable commands to specify the IP addresses for a Domain Name System (DNS) server are described in the “DNS Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.



Related Commandssubscriber



passwordpassword password

no password

PurposeSpecifies the authentication password that the subscriber enters when initiating a Point-to-Point Protocol (PPP) session.


Syntax Description

DefaultNone

Usage GuidelinesUse the password command to specify the authentication password that the subscriber enters when initiating a PPP session. When using Challenge Handshake Authentication Protocol (CHAP) Password Authentication Protocol (PAP), the password obtained from the subscriber must match the password configured in the corresponding subscriber record. This command is available for individual subscriber records, but not for a default subscriber record.

You can enter a password with embedded spaces by enclosing the entire password in double quotes; for example, “This is a Password With Spaces.”

Use the no form of this command to remove the password from the subscriber’s record.

ExamplesThe following example configures a password of DontTellAnyone:

[local]Redback(config-sub)#password DontTellAnyone


password Alphanumeric text string. Control characters are not allowed.



port-limitport-limit max-sessions

no port-limit

PurposeLimits the number of sessions a subscriber can access simultaneously.


Syntax Description

DefaultThere are no session limits.

Usage GuidelinesUse the port-limit command to limit the number of sessions a subscriber can access simultaneously. This command is useful for dial-up and ISDN users who might attempt to consume multiple links in their multilink bundle. You can also use this command to prevent a single user’s account from being accessed by multiple users.

At runtime, if the subscriber sessions are using links in a Point-to-Point Protocol (PPP) multilink bundle, the maximum number of sessions (links) is reduced to eight if the value specified for the max-sessions argument is greater than eight. However, the value stored in the subscriber record is unchanged.

To set the port limit remotely using Remote Authentication Dial-In User Service (RADIUS), use the Port-Limit RADIUS attribute described in the “RADIUS Attributes” appendix in the IP Services and Security Configuration Guide for the SmartEdge OS.

Use the no form of this command to remove the session limitation.

ExamplesThe following example sets a maximum of two sessions for subscriber joe to use simultaneously:

[local]Redback(config-ctx)#subscriber name joe[local]Redback(config-sub)#port-limit 2


max-sessions Maximum number of simultaneous subscriber sessions allowed. The range of values is 1 to 255.



profileprofile prof-name

no profile

PurposeAssigns an existing named profile to the subscriber.


Syntax Description

DefaultThe default profile is assigned to the subscriber.

Usage GuidelinesUse the profile command to assign an existing named profile to the subscriber.

If this subscriber will be a user of clientless IP service selection (CLIPS), adhere to the following guidelines:

• For static CLIPS circuits, the profile that you assign must have one and only one IP address; to assign an IP address to a subscriber profile, use the ip address command (in subscriber configuration mode).

• For dynamic CLIPS circuits, the profile that you assign must not include an IP address; instead, set the maximum number of IP addresses to 1, using the dhcp max-addrs command (in subscriber configuration mode). For more information about the dhcp max-addr command, see the “DHCP Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Use the no form of this command to assign the default profile to the subscriber.

ExamplesThe following example assigns the existing profile, hi-perf, to subscriber joe in the isp1 context:

[local]Redback(config)#context ips1[isp1]Redback(config-ctx)#subscriber name joe[isp1]Redback(config-sub)#profile hi-perf

Related Commandsip addresssubscriber

prof-name Existing profile.



session-actionsession-action {absolute-timeout | idle-timeout | traffic-limit} account-alive

no session-action

PurposeAssigns the actions taken when a subscriber reaches a timeout or traffic limit.


Syntax Description

DefaultNo action is taken when a subscriber reaches session limits.

Usage GuidelinesUse the session-action command to assign the actions taken when a subscriber reaches a timeout or traffic limit.

The Account-Alive message contains Redback vendor-specific attribute (VSA) 144 giving the reason for the session action: volume ingress exceeded, volume egress exceeded, idle timeout, or session timeout (absolute timeout). For more information about Redback VSA 144, see the “RADIUS Attributes” appendix in the IP Services and Security Configuration Guide for the SmartEdge OS.

The specified action is assigned either to a subscriber profile or an individual subscriber record depending on the type of subscriber:

• Default subscriber

• Named subscriber profile

• Named individual subscriber

Use the no form of this command to remove the session action from the subscriber record or profile.

absolute-timeout Clears the subscriber session if it reaches the absolute-timeout limit.

idle-timeout Clears the subscriber session if it reaches the idle-timeout limit.

traffic-limit Clears the subscriber session if it reaches the traffic limit.

account-alive Sends a Remote Authentication Dial-In User Service (RADIUS) Account-Alive message.



ExamplesThe following example assigns the idle-timeout account-alive session action to the subscriber profile named tomtom:

[local]Redback(config-ctx)#subscriber profile tomtom[local]Redback(config-sub)#session-action idle-timeout account-alive




session-limitsession-limit {agent-circuit-id | agent-remote-id} number

no session-limit agent-circuit-id | session-limit agent-remote-id

PurposeSets a limit to the number of sessions allowed for each subscriber line identified by an agent circuit ID or agent remote ID.


Syntax Description

DefaultBy default, the SmartEdge OS does not enforce a session limit.

Usage GuidelinesUse the session-limit command to set a limit to the number of sessions allowed for each subscriber line identified by an agent circuit ID or agent remote ID.

The SmartEdge router typically acquires an agent circuit ID or agent remote ID for a subscriber during the discovery process with a digital subscriber line access multiplexer (DSLAM) or dot1q PVC configuration.

A session limit is an attribute of a subscriber and exists within a local configuration. You can configure a session limit attribute within one of the following items:

• Subscriber name, which affects one subscriber

• Profile, which affects a custom group of subscribers

• Default profile, which affects all subscribers within a context

If several subscribers share a DSL service, you must configure the session limit attribute consistently for each subscriber to enforce the configured limit properly. The SmartEdge router checks the session limit for each subscriber when it authenticates the subscriber.

agent-circuit-id Specifies session-limiting behavior based on the agent circuit ID.

agent-remote-id Specifies session-limiting behavior based on the agent remote ID.

number Specifies the maximum number of sessions allowed; number is a value between 1 and 255.

Note If the DSLAM or dot1q PVC configuration does not provide an agent circuit ID or agent remote ID, then the SmartEdge router does not enforce a configured session limit.

If a subscriber acquires an agent circuit ID and agent remote ID, the SmartEdge router checks for both session limits (if configured). If either check fails, the subscriber session fails.



Use the no form of this command to remove a previously configured session limit and revert to the default behavior.

ExamplesAlice, Bob, and Connie share a DSL connection, but they purchased a plan that allows only two people to use the connection at the same time. If Alice and Bob are already logged in and Connie tries to log in, the SmartEdge router rejects the request from Connie. This section shows the following examples:

• Session Limit by Subscriber Name

• Profile Assignment to Enforce a Session Limit

• Default Profile Enforcement of a Session Limit

Session Limit by Subscriber NameYou enter a context and then you enter each subscriber name and session limit attribute.

[local]Redback(config)#context isp2[local]Redback(config-sub)#subscriber name alice[local]Redback(config-sub)#session-limit agent-remote-id 2[local]Redback(config-sub)#subscriber name bob[local]Redback(config-sub)#session-limit agent-remote-id 2[local]Redback(config-sub)#subscriber name connie[local]Redback(config-sub)#session-limit agent-remote-id 2

Profile Assignment to Enforce a Session LimitYou create a context named isp2 and then a service profile for a service plan named gold. Next, you configure a session limit of two (2) for the service profile. You reference the profile as you add each subscriber. A profile can contain multiple subscriber attributes, which can save you repetitive keystrokes and avoid entry errors.

[local]Redback(config)#context isp2[local]Redback(config-ctx)#subscriber profile gold[local]Redback(config-sub)#session-limit agent-remote-id 2[local]Redback(config-sub)#subscriber name alice[local]Redback(config-sub)#profile gold[local]Redback(config-sub)#subscriber name bob[local]Redback(config-sub)#profile gold[local]Redback(config-sub)#subscriber name connie[local]Redback(config-sub)#profile gold



Default Profile Enforcement of a Session LimitYou create a context named isp2 and then you enter context configuration mode and set the session limit to two (2). Every subscriber line created within the context isp2 is automatically limited to two sessions.

[local]Redback(config)#context isp2[local]Redback(config-ctx)#subscriber default[local]Redback(config-sub)#session-limit agent-remote-id 2[local]Redback(config-sub)#subscriber name alice[local]Redback(config-sub)#subscriber name bob[local]Redback(config-sub)#subscriber name connie




shaping-profileshaping-profile atm-prof-name

no shaping-profile

PurposeAssigns an Asynchronous Transfer Mode (ATM) profile to the subscriber record or profile.


Syntax Description

DefaultA subscriber session that is initiated on an ATM permanent virtual circuit (PVC) is governed by the ATM profile assigned to the PVC.

Usage GuidelinesUse the shaping-profile command to assign an ATM profile to the subscriber record or profile.

Use the no form of this command to remove the ATM profile from the subscriber record or profile; a subscriber session initiated on an ATM PVC will be governed by the ATM profile assigned to that ATM PVC.

ExamplesThe following example assigns the ATM profile, ubr, to the named subscriber profile, isp2:

[local]Redback(config-ctx)#subscriber profile isp2[local]Redback(config-sub)#shaping-profile ubr


atm-prof-name Name of an existing ATM profile.

Note The ATM profile must exist or the subscriber session is not initiated.



stats-collectionstats-collection

PurposeAccesses stats collection configuration mode.



DefaultNone

Usage GuidelinesUse the stats-collection command to access stats collection configuration mode.

ExampleThe following example accesses stats collection configuration mode:

[local]Redback(config)#stats-collection[local]Redback(config-stats-collect)#

Related Commandscount exclude subscriber



subscribersubscriber {default | name sub-name | profile prof-name}

no subscriber {default | name sub-name | profile prof-name}

PurposeCreates a default subscriber profile, a named subscriber profile, or an individual named subscriber record, and enters subscriber configuration mode.


Syntax Description

DefaultNo default profile, named subscriber profile, or subscriber record exists.

Usage GuidelinesUse the subscriber command to configure a default subscriber profile, a named subscriber profile, or an individual named subscriber record, and enter subscriber configuration mode. When created, a default or named subscriber profile is empty; there are no default values associated with it.

Use the default keyword to create a default subscriber profile. Each configured attribute in the default profile is appended to all subscriber records in the context. However, if you configure a named subscriber profile or a subscriber record, attribute values in the named subscriber profile or subscriber record override the values set in the default profile record.

Use the name sub-name construct to create a named subscriber record. Attribute values in the subscriber record override the values set in the named and default subscriber profiles. This is true whether the named subscriber record is created through the local configuration or is accessed through a Remote Authentication Dial-In User Service (RADIUS) server.

Use the profile prof-name construct to create a named subscriber profile. Each configured attribute in the named profile is appended to any subscriber record to which the profile is assigned. However, if you configure a subscriber record, attribute values in the subscriber record override the values set in the named subscriber profile.

The maximum length for the sub-name argument together with a separator character and the domain name for the subscriber, is 253 characters. The domain name is the name of the context in which the subscriber is configured, or a domain alias for the context.

default Specifies the creation of the default subscriber profile.

name sub-name Named subscriber record.

profile prof-name Named subscriber profile.



For information about configuring domain aliases, see Chapter 6, “Context Configuration.” For information about configuring the format, sub-name@domain-name, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

If this subscriber will be a user of clientless IP service selection (CLIPS), or if this named or default subscriber profile is intended for such subscribers, you must adhere to the following restrictions:

• For static CLIPS circuits, a subscriber record or its assigned profile must have one and only one IP address. Use the ip address command (in subscriber configuration mode) to assign the IP address.

• For dynamic CLIPS circuits, a subscriber record or profile must have no IP addresses; instead, use the dhcp max-addrs command (in subscriber configuration mode) and specify 1 as the value for the max-num argument. For more information about the dhcp max-addr command, see the “DHCP Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Use the no form of this command to delete a default or named profile or named subscriber record.

ExamplesThe following example creates the subscriber record, dave:

[local]Redback(config)#context isp2[local]Redback(config-ctx)#subscriber name dave[local]Redback(config-sub)#

The following example configures primary and secondary Domain Name System (DNS) servers for the default subscriber profile:

[local]Redback(config-ctx)#subscriber default[local]Redback(config-sub)#dns primary 10.1.1.1[local]Redback(config-sub)#dns secondary 10.1.1.2

The following example creates the named profile, isp2:

[local]Redback(config)#context isp2[local]Redback(config-ctx)#subscriber profile isp2[local]Redback(config-sub)#

Related Commands

Note If you modify a subscriber record for a subscriber that is already bound, you must use the clear subscriber command (in exec mode) for the changes to take effect. For more information on the clear subscriber command, see the “Context, Interface, and Subscriber Operations” chapter in the Basic System Operations Guide for the SmartEdge OS. The subscriber session is ended and restarted with the new parameters. This is true regardless of whether subscriber records are configured locally or in RADIUS.

domainip address profile



timeoutFor absolute timeouts, to set the minutes allowed before session termination:

timeout absolute minutes

no timeout absolute

For idle timeouts, to set the direction, activity threshold, and allowed minutes of inactivity before session termination:

timeout idle {minutes | direction {in | out} | threshold bps}

no timeout idle {minutes | direction {in | out} | threshold bps}

For idle timeouts, to set the direction and allowed minutes of inactivity before session termination:

timeout idle {minutes | direction {in | out}}

no timeout idle {minutes | direction {in | out}}

PurposeConfigures the absolute or idle session timeout criteria for a subscriber session.


Syntax Description

DefaultSubscriber sessions do not time out. Idle timeouts, if configured, apply to traffic in both the send and receive directions, and the bytes-per-second threshold is zero.

absolute Specifies an absolute session timeout. After the time defined by the minutes argument, the subscriber is disconnected regardless of activity.

minutes Time, in minutes, that elapses before a session times out. The range of values is 1 to 596523.

idle Specifies an idle session timeout. If no activity above the minimum level takes place for the amount of time defined by the minutes argument, the subscriber is disconnected. Activity is measured in the direction specified by the optional direction {in | out} construct.

direction {in | out} Optional. Specifies the direction on which the idle session timeout minutes are measured. The keyword in specifies the incoming (receive) direction, while the keyword out specifies the outgoing (transmit) direction.

threshold bps Optional. Specifies the minimum level of activity below which a subscriber session is considered inactive. Enter the argument bps in bytes per second.



Usage GuidelinesUse the timeout command to set the absolute or idle session timeout criteria for a subscriber session. The system terminates subscriber sessions when they reach timeout.

Use the no forms of this command to restore the default behaviors.

ExamplesThe following example sets an absolute timeout value of 20 minutes:

[local]Redback(config-sub)#timeout absolute 20


Note This command applies to either locally terminated or Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) subscriber sessions.

Note Keepalive messages are not considered traffic for purposes of measuring idle time.

P a r t 5

System Management

This part describes the tasks and commands used to configure system-wide parameters, system event logging, collection of bulk statistics, and Simple Network Management Protocol (SNMP) and Remote Monitoring (RMON) features.


• Chapter 9, “System-Wide Management Configuration”

• Chapter 10, “Logging Configuration”

• Chapter 11, “Bulkstats Configuration”

• Chapter 12, “SNMP and RMON Configuration”

System-Wide Management Configuration 9-1

C h a p t e r 9

System-Wide Management Configuration

This chapter provides an overview of system-wide management features, describes the tasks used to configure these features, and provides configuration examples and detailed descriptions of the commands used to configure them through the SmartEdge® OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer general system-wide management features, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview




Overview

Typically, the SmartEdge OS show and debug commands are used to provide information to verify correct system operation and to troubleshoot feature-specific problems. Those commands are described in the Basic System Operations Guide for the SmartEdge OS, and the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS, respectively.




Configuration Tasks


The configuration tasks and commands described in this chapter allow you to perform other types of general system-wide monitoring and testing tasks, such as enabling power-on diagnostics, monitoring processes, managing crash dumps, and communicating with a network management system.

Configuration Tasks

To configure system-wide management features and communications with the NetOp™ Element Management System (EMS) server, perform the tasks described in the following sections:

• Configure System-Wide Management Features

• Configure NetOp EMS Server Communication

Configure System-Wide Management FeaturesTo configure system-wide management features, such as crash dumps, core dumps, and system monitoring, perform the tasks described in Table 9-1; enter all commands in global configuration mode.

Configure NetOp EMS Server CommunicationTo configure communication with the NetOp EMS server, perform the tasks described in Table 9-2. Enter all commands in NetOp configuration mode, unless otherwise noted.


Table 9-1 Configure System-Wide Management Features


Enable dynamic random-access memory (DRAM) crash dump data collection.

service crash-dump-dram This is the default condition.

Set the duration of the system monitoring process. monitor duration

Enable the sending of core dump files to a URL using the File Transfer Protocol (FTP).

service upload-coredump

Table 9-2 Configure NetOp EMS Server Communications


1. Enter NetOp configuration mode and enable communication with a NetOp EMS server.

netop Enter this command in global configuration mode.

2. Specify operational attributes:

Enable the SmartEdge router to send advertisement packets to the NetOp EMS server.

advertise




The following examples are included in this section:

• Process Monitoring

• NetOp EMS Server Communication

Process MonitoringThe following example sets process management parameters for the Border Gateway Protocol (BGP) process, sets the monitor duration, and then enables monitoring of the BGP process:

[local]Redback#configure[local]Redback(config)#monitor duration 3600[local]Redback(config)#exit[local]Redback#monitor process bgp

% enter ctrl-C to exit monitor mode, monitor duration(sec): 3600 (00:00:08)

NAME PID SPAWN MEMORY TIME %CPU STATErip 12652 1 576K 00:00:00.02 0.00% run

NetOp EMS Server CommunicationThe following example enables communication with a network management system and enables the sending of an advertising packet every 10 seconds to the NetOp EMS server. The node group that the SmartEdge router is assigned is NOCuser1 and the listen port is 6581.

[local]Redback#configure[local]Redback(config)#netop[local]Redback(config-netop)#advertise 192.168.0.1 interval 10 node-group NOCuser1 port 6581[local]Redback(config-netop)#snmp version 2c

Specify the version of the SNMP traps that the SmartEdge router sends to the NetOp EMS server.

snmp version You must configure the Simple Network Management Protocol (SNMP) community before you specify the version of the SNMP traps that the NetOp EMS server receives. See the “SNMP and RMON Configuration” section on page 5 for additional information.

Configure the type of encryption, if any, that the SmartEdge router allows on the connection to the NetOp EMS server.

connection-mode

3. Optional.

Table 9-2 Configure NetOp EMS Server Communications (continued)





This section describes the syntax and usage guidelines for the commands used to configure system-wide management features. The commands are presented in alphabetical order.

advertise connection-modemonitor duration netop

service crash-dump-dram service upload-coredump snmp version



advertiseadvertise ip-addr [interval seconds] [node-group group-name] [port node-discovery-port-num]

no advertise ip-addr

PurposeEnables the SmartEdge router to send advertisement packets to the NetOp Element Management System (EMS) server.

Command ModeNetOp configuration

Syntax Description

DefaultNo advertisement packets are sent by the SmartEdge router.

Usage GuidelinesUse the advertise command to enable the sending of advertisement packets to the NetOp EMS server from the SmartEdge router. The receipt of an advertise packet allows the NetOp EMS server to auto-discover the SmartEdge router.

The SmartEdge router sends advertise packets at the specified interval. When the NetOp EMS server receives an advertise packet, the NetOp EMS server connects to the SmartEdge router, which then stops sending advertise packets. If the SmartEdge router loses communication with the NetOp EMS server, the SmartEdge router starts sending advertise packets again, unless the administrator enters the no form of this command.

By default, the hostname of each SmartEdge router is “Redback,” and this is the node name that is sent in the advertisement packet. To specify a different node name in the advertisement packet, use the system hostname command in global configuration mode.

Use the node-group group-name construct to specify a group to which the SmartEdge router is to be assigned. If you do not specify a group, then the SmartEdge router is added to the NetOp inventory database.

ip-addr IP address of the NetOp EMS server.

interval seconds Optional. Interval, in seconds, between sending advertising packets. The range of values is 10 to 86,400 (24 hours); the default value is 60.

node-group group-name Optional. Text string identifying the group to which the SmartEdge router is to be assigned. If not specified, no group assignment is made.

port node-discovery-port-num Optional. Port number on the NetOp EMS server that is used to listen for node advertisement packets. The range is 1 to 65, 535; the default value is 6,580.



If the port is not the default, use the port node-discovery-port-num construct to specify the port on the NetOp EMS server that listens for Discovery packets. This port is not the port on the NetOp EMS server that connects to the SmartEdge router.

Use the no form of this command to disable the sending of advertising packets.

ExamplesThe following example enables communication with the NetOp EMS server and sends an advertising packet every 45 seconds:

[local]Redback(config)#netop[local]Redback(config-netop)#advertise 10.1.1.1 interval 45 node-group G10 port 6080

Related Commandsnetop

Note The port used by the NetOp EMS server to connect to the SmartEdge router is not configurable.



connection-modeconnection-mode {unencrypted | tls | tls unencrypted}

no connection-mode

PurposeConfigures the type of encryption, if any, that the SmartEdge router allows on the connection to the NetOp Element Management System (EMS) server.


Syntax Description

DefaultAllow both TLS and unencrypted connections.

Usage GuidelinesUse the connection mode command to configure the type of encryption, if any, that the SmartEdge router allows on the connection to the NetOp EMS server.

To allow both TLS and unencrypted communication, include both the tls and unencrypted keywords in the command or use the no form of this command.

The SmartEdge router negotiates the connection mode with the NetOp EMS server immediately after a raw connection is established between the two. In this negotiation, the NetOp EMS server acts as a client and the SmartEdge router acts as the server.

Use the no form of this command to return to the default condition.

ExamplesThe following example enables communication with the NetOp EMS server and allows either a TLS or unencrypted connection to it:

[local]Redback#config[local]Redback(config)#netop[local]Redback(config-netop)#connection-mode tls unencrypted

tls Allows Transport Level Security (TLS) connections, also known as Secure Sockets Layer (SSL) communication, between the SmartEdge router and the NetOp EMS server.

unencrypted Allows unencrypted connections between the SmartEdge router and the NetOp EMS server.



Related Commandsnetop



monitor durationmonitor duration seconds

no monitor duration

PurposeSets the duration of the system monitoring process.


Syntax Description

DefaultThe duration of system monitoring is 600 seconds, or 10 minutes.

Usage GuidelinesUse the monitor duration command to set the duration of the monitoring process, enabled through any of the monitor commands (available in exec mode). For additional information, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no form of this command to set the monitor duration to its default value of 600 seconds.

ExamplesThe following example sets the monitor duration to 3600 seconds, or 60 minutes:

[local]Redback(config)#monitor duration 3600


seconds Amount of time, in seconds, that system monitoring lasts. The range of values is 1 to 65,535; the default value is 600.



netopnetop

no netop

PurposeEnables the NetOp daemon, which allows the SmartEdge router to communicate with the NetOp Element Management System (EMS) server, and enters NetOp configuration mode.



DefaultThe NetOp daemon is disabled.

Usage GuidelinesUse the netop command to enable the NetOp daemon, which allows the SmartEdge router to communicate with the NetOp EMS server, and enter NetOp configuration mode.

Use the no form of this command to disable communication with the NetOp EMS server.

ExamplesThe following example enables the SmartEdge router to communicate with the NetOp EMS server and enters NetOp configuration mode:

[local]Redback(config)#netop[local]Redback(config-netop)#

Related Commandsadvertise

Note You must configure the Simple Network Management Protocol (SNMP) community before you specify the version of the SNMP traps that the NetOp EMS server receives.



service crash-dump-dramservice crash-dump-dram

no service crash-dump-dram

PurposeEnables dynamic random-access memory (DRAM) data collection during a crash dump.



DefaultDRAM data collection is enabled.

Usage GuidelinesUse the service crash-dump-dram command to enable DRAM data collection during a crash dump.

Use the no form of this command to disable DRAM data collection during a core dump. In situations where the Packet Processing ASIC (PPA) data collection might take a long time, you can use the no form of this command to skip the DRAM data collection.

ExamplesThe following example disables the DRAM data collection during a crash dump:

[local]Redback(config)#no service crash-dump-dram


Note The reload card command (in exec mode) suppresses the in-progress DRAM data collection if confirmed by user.

Note Because DRAM data collection during a crash dump is enabled by default, the service crash-dump-dram command is used only to return the router to its default behavior after it has been changed by the no form of this command.



service upload-coredumpservice upload-coredump ftp:url

no service upload-coredump

PurposeEnables the sending of core dump files from the local SmartEdge router to the specified URL using the File Transfer Protocol (FTP).


Syntax Description

DefaultNone

Usage GuidelinesUse the service upload-coredump command to enable the sending of core dump files from the local SmartEdge router to a URL using FTP. The url argument takes the following form, where the username:passwd construct specifies the user and an optional password, the ip-addr argument is the IP address of the server, and the hostname argument is the hostname of the server:

//username[:passwd]@{ip-addr | hostname}[//directory]

The hostname argument can only be used if Domain Name System (DNS) resolution is enabled using the ip domain-lookup, ip domain-name, and ip name-servers commands in context configuration mode. For more information, see the “DNS Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Use the no form of this command to disable the sending of crash files to the specified URL.

ftp:url URL of the server that the system is to send a core dump file using FTP.

Note Use double slashes (//) if the pathname to the directory on the remote server is an absolute pathname; use a single slash (/ ) if it is a relative pathname (under the hierarchy of the username account home directory).

Note We strongly recommend that you enable this feature because it maximizes the use of available disk space and improves system stability and performance. For more information about core dumps, crash files, and the operations commands to administer them, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.



ExamplesThe following example specifies that crash files are to be sent to the specified URL using FTP:

[local]Redback(config)#service upload-coredump ftp://client1:[email protected]//out




snmp versionsnmp version {1 | 2c | 3}

no snmp version

PurposeSpecifies the version of the Simple Network Management Protocol (SNMP) traps that the NetOp Element Management System (EMS) server receives.


Syntax Description

DefaultSNMPv2c traps are sent to the NetOp EMS server.

Usage GuidelinesUse the snmp version command to specify the version of SNMP traps that the SmartEdge router sends to the NetOp EMS server.

Use the no form of this command to specify the default.

ExamplesThe following example configures the SmartEdge router to send SNMPv1 traps to the NetOp EMS server:

[local]Redback(config)#netop[local]Redback(config-netop)#snmp version 1


1 Specifies that the SmartEdge router sends SNMP Version 1 (SNMPv1) traps to the NetOp EMS server.

2c Specifies that the SmartEdge router sends SNMP Version 2c (SNMPv2c) traps to the NetOp EMS server.

3 Specifies that the SmartEdge router sends SNMP Version 3 (SNMPv3) traps to the NetOp EMS server.

Note You must configure the SNMP community before you specify the version of the SNMP traps sent to the NetOp EMS server. See “Configuration Tasks” on page 5 for additional information.

Logging Configuration 10-1

C h a p t e r 1 0

Logging Configuration

This chapter provides an overview of logging features, describes the tasks used to configure them, and provides configuration examples and detailed descriptions of the commands used to configure logging features through the SmartEdge® OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer logging features, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview







Overview


Overview

The SmartEdge OS contains two log buffers: main and debug. By default, messages are stored in the main log. If the system restarts, for example as a result of a logging daemon or system error, and the logger daemon shuts down and restarts cleanly, the log buffers are save to the /md/loggd_dlog.bin for the main log buffer, and the /md/loggd_ddbg.bin for the debug log buffer. You can view the contents of the main log files that are saved using the show log command (in any mode).

By default, log messages for local contexts are displayed in real time on the console; non-local contexts are not displayed in real time on the console. To change this behavior, and display messages in real time, use the logging console command (in context configuration mode). However, log messages can be displayed in real time from any Telnet session using the terminal monitor command (in exec mode). For more information on the terminal monitor command, see the “Session Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

In large installations, it is convenient to have all systems log to a remote machine for centralized management and to save space on the device. The SmartEdge OS uses the UNIX syslog facility for this purpose, and can send log messages to multiple machines concurrently. Logging can be constrained to events occurring on a specific circuit.

All log messages contain a numeric value indicating the severity of the event or condition that caused the message to be logged. Many log messages are normal and do not indicate a system problem.

Table 10-1 lists event severity levels in log messages and their respective descriptions.

Note The debug buffer is not fully supported in this release. You cannot use the show log command (in any mode) to display the contents of the debug buffer. To view all log messages, enable the logging debug command (in global configuration mode), so that the contents of the debug buffer can be displayed using the show log command (in exec mode). Be aware that enabling the logging debug command can quickly fill up the log buffer with debug and non debug messages. To prevent the main buffer from filling up with debug messages and overwriting other more significant messages, disable the logging debug command, (in context configuration mode).

Table 10-1 Event Severity Levels in Log Messages

Value Severity Level Description

0 emergencies Panic condition—the system is unusable.

1 alerts Immediate administrator intervention is required.

2 critical Critical conditions have been detected.

3 errors An error condition has occurred.

4 warnings A potential problem exists.

5 notifications Normal, but significant, events or conditions exist.

6 informational Informational messages only; no problem exists.

7 debugging Output from an enabled system debugging function.

Configuration Tasks


Configuration Tasks

To configure logging features, perform the tasks described in the following sections:

• Configure Optional Global Logging Features

• Configure Optional Context-Specific Logging Features

Configure Optional Global Logging FeaturesTo configure optional global logging features, perform the tasks described in Table 10-2; enter all commands in global configuration mode.

Configure Optional Context-Specific Logging FeaturesTo configure optional context-specific logging features, perform the tasks described in Table 10-3; enter all commands in context configuration mode, unless otherwise noted.


Table 10-2 Configure Optional Global Logging Features


Enable the display of logged system event messages with a millisecond resolution timestamp.

logging timestamp millisecond

Enables the logger to send logging and debug messages from the active controller card to the standby controller card.

logging active Enter the no form of this command to disable this feature.

Enables the filtering of debug messages for valid circuits only. logging cct-valid Enter this command in global configuration mode.

Enables the logger to send logging and debug messages from the standby controller card to the active controller card.

logging standby Use the no form of this command to disable this feature.

Enables the display of all debug messages in the main log buffer.

logging debug Use the no form of this command to prevent the debug messages from being sent to the main log buffer.

Table 10-3 Configure Optional Context-Specific Logging Features


Isolate events from certain facilities in the logs and trim the flow of information.

logging filter

Enable event logging messages to the console. logging console

Enable event logging messages to a file. logging file You can configure up to four log files per context.

Enable the logging of system events to a remote syslog server that is reachable within the current context.

logging syslog You can configure up to four syslog servers per context.




The following example configures the system to remotely log all system messages to a network syslog server. Information to forward packets to the 10.1.1.1 address specified for the syslog host is derived from routing tables specific to the NewContext context.

[local]Redback(config)#context NewContext[local]Redback(config-ctx)#logging syslog 10.1.1.1

The following example shows a configuration where log messages are sent to a syslog server (198.168.148.99) in the local context using the syslog facility, local6, and to another syslog server (198.168.145.99) in the green context using the syslog facility, local3:

[local]Redback(config)#context local[local]Redback(config-ctx)#logging sys 198.168.148.99 facility local6[local]Redback(config-ctx)#exit[local]Redback(config)#context green[local]Redback(config-ctx)#logging sys 198.168.145.99 facility local3


This section describes the syntax and usage guidelines for the commands used to configure logging features. The commands are presented in alphabetical order.

logging active logging cct-valid logging console logging debug logging file

logging filter logging standby logging syslog logging timestamp millisecond



logging activelogging active

no logging active

PurposeEnables the logger to send logging and debug messages from the active controller card to the standby controller card.


Syntax Description This command has no keywords or arguments.

DefaultLogging and debug messages are sent to the standby controller card.

Usage GuidelinesUse the logging active command to enable the sending of logging and debug messages from the active controller card to the standby controller card.

Use the no form of this command to disable the sending of logging and debug messages to the standby controller card.

ExamplesThe following example enables the sending of logging and debug messages to the standby controller card:

[local]Redback(config)#logging active

Related Commandslogging standby


Note If you do not specify the short keyword, the message is logged on the active controller card using the same severity as the original log message.



logging cct-validlogging cct-valid

no logging cct-valid

PurposeEnables the filtering of debug messages for valid circuits only.


Syntax Description This command has no keywords or arguments.

DefaultFiltering of logging and debug messages for circuits is disabled.

Usage GuidelinesUse the logging cct-valid command to enable the filtering of debug messages for valid circuits only.

Use the no form of this command to disable the filtering of debug messages.

ExamplesThe following example enables the filtering of debug messages for valid circuits only:

[local]Redback(config)#logging cct-valid




logging consolelogging console

no logging console

PurposeEnables event logging messages to the console.

Command Mode context configuration


DefaultConsole logging for contexts other than local is disabled.

Usage GuidelinesUse the logging console command (in context configuration mode) to quickly isolate problems by displaying event log messages directly to the console rather than to a file. Messages sent to the console can be further constrained by using the logging filter command in context configuration mode to establish a logging filter.

Use the no form of this command to disable event logging to the console.

ExamplesThe following example enables event logging messages to the console:

[local]Redback(config-ctx)#logging console

Related Commandslogging filter



logging debuglogging debug

no logging debug

PurposeStores messages that have been generated by all enabled debug processes in the log buffer.



DefaultDebugging messages are not stored in the log buffer.

Usage GuidelinesUse the logging debug command to store messages for all enabled debugging processes in the log buffer. Use the show log command in any mode to display the logged messages. For more information on the show log command, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no form of this command to disable the storing of debugging messages in the log buffer.

ExamplesThe following example enables the logging of debugging messages to the log buffer:

[local]Redback(config)#logging debug




logging filelogging file [text] filename

no logging file [text] filename

PurposeEnables event logging messages to a file.


Syntax Description

DefaultIf you do not use this command, events are not logged to a file. If you use this command without the optional text keyword, the file is saved in binary form.

Usage GuidelinesUse the logging file command to enable event logging messages to a file. You can also configure up to four log files per context.

Use the filename argument to specify the name and path of the logging file. If the full path is not specified, the file is saved to the /flash directory.

Use the show log command in any mode to display log files. For more information on the show log command, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no form of this command to disable the enabling of event log messages to a file.

ExamplesThe following example enables the storing of event logs to a file, /flash/log_file:

[local]Redback(config-ctx)#logging file /flash/log_file

Related Commandslogging debug

text Optional. Specifies that the log file is to be saved as a text, rather than binary, file.

filename Name of the file to which events are logged.



logging filterlogging filter {console | file | monitor | syslog} level

default logging filter {console | file | monitor | syslog}

PurposeIsolates events based on message severity in the logs and trims the flow of information.


Syntax Description

DefaultThe default filter levels for the console, file, monitor, and syslog keywords are set to debug.

Table 10-4 describes the default input and output filter levels for each filter type.

console Specifies the console filter type.

file Specifies the file filter type.

monitor Specifies the monitor filter type.

syslog Specifies the syslog server filter type.

level Filter logging level, according to one of the following keywords (in descending priority order):

• emergency—Logs only emergency events.

• alert—Logs alert and more severe events.

• critical—Logs critical and more severe events.

• error—Logs error and more severe events.

• warning—Logs warning and more severe events.

• notice—Logs notice and more severe events.

• informational—Logs informational and more severe events.

• debug—Logs all events, including debug events.

Table 10-4 Default Filter Levels

Input Filter Output Filter

console debug

monitor debug

runtime informational

syslog notice



Usage GuidelinesUse the logging filter command to isolate events based on certain severities in the logs and trim the flow of information.

Use the show logging command in any mode to display the configured filter levels for the current context. For more information on the show log command, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the default form of this command to set a logging filter back to its default level.

ExamplesThe following example modifies the severity level for several log facilities:

[local]Redback(config-ctx)#logging filter monitor error

The following example modifies the severity level for console:

[local]Redback(config-ctx)#logging filter console critical




logging standbylogging standby [short]

no logging standby

PurposeEnables the logger to send logging and debug messages from the standby controller card to the active controller card.


Syntax Description

DefaultLogging and debug messages are sent from the standby controller card to the active controller card.

Usage GuidelinesUse the logging standby command to enable the sending of logging and debug messages from the standby controller card to the active controller card.

Use the short keyword to display a message on the active controller card using a shorter, less verbose form.

Use the no form of this command to disable the sending of logging and debug messages from the standby controller card to the active controller card.

ExamplesThe following example enables the sending of logging and debug messages to the standby controller card:

[local]Redback(config)#logging standby

Related Commandslogging active

short Optional. Logs a message on the active controller card using a shorter, less verbose form when a message is sent from the standby controller card to the active controller card.


Note If you do not specify the short keyword, the message is logged on the active controller card using the same severity as the original log message.



logging sysloglogging syslog ip-addr [facility sys-fac-name]

no logging syslog ip-addr

PurposeEnables the logging of system events to a remote syslog server that is reachable within the context.


Syntax Description

DefaultSystem events logging is disabled.

Usage GuidelinesUse the logging syslog command to enable the logging of system events to a remote syslog server that is reachable within the context. The remote syslog server is identified by its IP address. You can also configure up to four syslog servers per context.

Use the no form of this command to disable the logging of system events to a remote syslog server.

ExamplesThe following example enables logging to a remote syslog server at IP address, 10.10.3.46, in the newworld context:

[local]Redback(config)#context newworld[local]Redback(config-ctx)#logging syslog 10.10.3.46

The following example shows a configuration using a non-default syslog facility:

[local]Redback(config)#context gretzky[local]Redback(config-ctx)#logging syslog 1.2.3.4 local4

Related Commandslogging debug logging filter

ip-addr IP address of the syslog server.

facility sys-fac-name Optional. System logging facility. The range of values is local0 to local7; the default value is local7.



logging timestamp millisecondlogging timestamp millisecond

no logging timestamp millisecond

PurposeEnables the display of logged system event messages with a millisecond resolution timestamp.


Syntax Description This command has no keywords or arguments

DefaultMillisecond resolution is disabled and is not displayed.

Usage GuidelinesUse the logging timestamp millisecond command to enable the display of logged system event messages with a millisecond resolution timestamp.

Use the no form of this command to disable the display of logged system event messages with millisecond resolution.

ExamplesThe following example enables the display of logged system event messages with millisecond resolution:

[local]Redback(config)#logging timestamp millisecond

The following example displays system event log messages when millisecond resolution is enabled:

Oct 21 03:44:47.697: [0001]: %ISIS-7-ADJ: sent PTPT IIH on inter-ctx intf blackOct 21 03:44:48.610: [0002]: %ISIS-7-ADJ: rcvd L2 LAN IIH from 001e.1000.0002 seq 16835 on inter-ctxintf bluefoo


Bulkstats Configuration 11-1

C h a p t e r 1 1

Bulkstats Configuration

This chapter provides an overview of the bulk statistics (bulkstats) features, describes the tasks used to configure them and provides configuration examples and detailed descriptions of the commands used to configure bulkstats features through the SmartEdge® OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer bulkstats features, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview




Overview


• Function of Bulkstats

• Data Collected by Bulkstats

• Application of Bulkstats to an Entity

Function of BulkstatsThe bulkstats feature gathers large amounts of data from the SmartEdge router, periodically sending updates to a management station. The bulkstats feature frees both the SmartEdge router and the management station from the Simple Network Management Protocol (SNMP) polling processes and minimizes the amount of memory used by the SmartEdge router for statistics collection.

The collection of data is governed by a named bulkstats policy. Bulkstats policies are context-specific and there can be multiple bulkstats polices can exist for each context. A bulkstats policy defines the collection information, such as the transfer interval, the server to which the data files are sent, and the sampling interval.

Overview


Data Collected by BulkstatsThe kinds of data that are collected is governed by a bulkstats schema profile; it defines the type and format of data that is collected and acts as a template which, when applied to the system or to a context, subscriber, port, channel, or permanent virtual circuit (PVC), results in the collection of the data specified by the schema profile. There are two types of schema profiles: global (for collecting system-wide data) and specific (for collecting data specific type of entity).

Because the type of data that can be collected varies for each type of entity, there are different types of schema profiles, specific to the entity being monitored: contexts, subscribers, ports, channels, Asynchronous Transfer Mode (ATM), Frame Relay, and 802.1Q PVCs. A bulkstats schema profile also describes the format in which the data displays. A bulkstats schema profile consists of a name, a display format, and a list of statistics.

Bulkstats schema profiles employ a format string that uses special-character sequences; see Table 11-5. Format strings are replaced with SmartEdge OS variables, such as system uptime, date, time of day, port and slot number information, and more. Supported SmartEdge OS variables vary according to the type of schema profile. These variables are defined in Table 11-6 to Table 11-13 in the description of the bulkstats schema profile command.

Application of Bulkstats to an EntityWhen a bulkstats schema profile is applied to an entity, such as a port, a bulkstats policy is also applied together with the context in which the bulkstats policy is configured. Data is collected and transferred to a management station as follows:

1. The SmartEdge router samples and stores system, network, and traffic statistics at specified sampling intervals. Information can be collected at the system, port, channel, and circuit levels. Bulkstats data is stored as continuous counter values.

2. At specified transfer intervals, bulkstats data is transferred to a network management station acting as a file server. The file transfer mechanism can be File Transfer Protocol (FTP), Secure Shell FTP (SSH FTP), or Secure Copy Protocol (SCP). The file data comprises of lines of ASCII text.

3. When the file is successfully transmitted, the information is deleted from the SmartEdge router memory.

Before you enable bulkstats collection for a policy, you must configure the following elements for an existing bulkstats policy:

1. Specify the primary bulkstats file server and file transfer mechanism using the receiver command in bulkstats configuration mode.

2. Specify the directory on the local SmartEdge router in which collected data is stored using the localdir command in bulkstats configuration mode.

3. Specify the name and location of the collection files using the remotefile command in bulkstats configuration mode.

Configuration Tasks


You must also:

• Create one or more schema profiles using the bulkstats schema profile command in global configuration mode.

• Apply one or more schema profiles using the schema command in bulkstats configuration mode (for system-wide statistics) or the bulkstats schema command in ATM DS-3, ATM OC, ATM profile, context, dot1q profile, DS-0 group, DS-1, DS-3, E1, E3, Frame Relay profile, port, subscriber, or STM-1 configuration mode.

You can enable collection for a bulkstats policy anytime after you have performed these tasks. You do not have to disable collection before you apply the policy to an entity, such as a port, channel, or circuit.

Configuration Tasks

To configure bulkstats, perform the tasks described in the following sections:

• Create or Modify a Bulkstats Policy

• Create or Modify a Bulkstats Schema Profile

• Apply a Specific Bulkstats Schema Profile

Create or Modify a Bulkstats PolicyTo create or modify a bulkstats policy, perform the tasks described in Table 11-1.


Table 11-1 Create or Modify a Bulkstats Policy


1. Create a bulkstats policy, or select one for modification, and access bulkstats configuration mode.

bulkstats policy Enter this command in context configuration mode.

2. Specify operational attributes; enter all commands in bulkstats configuration mode, unless otherwise noted.

Specify where the bulkstats data is stored for this policy on the SmartEdge router.

localdir

Set a limit on the space that is used to store bulkstats collection files.

limit The default value is 1,024 KB.

Specify the servers where remote bulkstats files are stored.

receiver Enter this command twice to specify both a primary and a secondary bulkstats file server.

Specify the format of the filename and the location of the bulkstats collection files that are stored on remote servers.

remotefile

Specify header lines that are inserted at the beginning of each bulkstats collection file for this policy.

header format



Create or Modify a Bulkstats Schema ProfileTo create or modify a bulkstats schema profile, perform the task described in Table 11-2; enter this command in global configuration mode.

Apply a Specific Bulkstats Schema ProfileTo apply a specific bulkstats schema profile, perform one of the tasks described in Table 11-3, depending on the type of schema profile.


This section provides configuration examples for:

• Bulkstats Policy

• Bulkstats Global Schema Profile

• Bulkstats Specific Schema Profile

Enable the writing of the definitions of the configured bulkstats schema profiles to the beginning of each bulkstats data collection file.

schema-dump

Specify the interval between the collection of bulk statistics samples.

sample-interval The default value is 15 minutes.

Specify the interval after which bulkstats data is uploaded to the bulkstats file server for this policy.

transfer-interval The default value is 60 minutes.

3. Enable the collection of bulkstats for all the entities to which this bulkstats policy will be applied.

collection

Table 11-2 Create or Modify a Bulkstats Schema Profile


Create or modify a bulkstats schema profile. bulkstats schema profile

Table 11-3 Apply a Specific Bulkstats Schema Profile


Apply a bulkstats schema profile with one of the following tasks:

• Apply a global bulkstats schema profile for system-level data collection.

schema Enter this command in bulkstats configuration mode.

• Apply an existing schema profile and bulkstats policy in the specified context to the context, a port, channel, or channel group; to a profile for an ATM PVC, Frame Relay PVC, or 802.1Q PVC; or to a default subscriber profile.

bulkstats schema Enter this command in the configuration mode for the entity.

Table 11-1 Create or Modify a Bulkstats Policy (continued)




Bulkstats PolicyThe following example specifies the IP address of the primary file server that receives the uploaded bulkstats data files for the bulk policy:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#receiver 198.168.145.99 primary mechanism ftp login snmp password snmp

The following example specifies the local directory on the SmartEdge router for the bulk policy, the amount of local file space allocated to bulk statistics storage in KB, and the filename format on the remote host. The filename format ensures that the filenames for two different policies will always be different, even if their transfer dates and time coincide.

[local]Redback(config-bulkstats)#localdir /flash/bulkstat[local]Redback(config-bulkstats)#limit 2048[local]Redback(config-bulkstats)#remotefile format "Bulkstats/%s_%s_%s_%s" context, policy date timeofday

The following example defines the header lines in each bulkstats file for the bulk policy:

[local]Redback(config-bulkstats)#header format "Collection file from host %s, Context:%s, Policy: %s" hostname context policy

[local]Redback(config-bulkstats)#header format "Data collected on %s" date

The following example enables the sampling and collection of bulkstats data for the bulk policy:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#collection

Bulkstats Global Schema ProfileThe data collected by bulkstats policies are defined by schemas. Use the bulkstats schema profile command to create schemas.

The following example creates the gbl-bulk global schema profile:

[local]Redback(config)#bulkstats schema profile global gbl-bulk format "uptime: %u, date:%s, time:%s" sysuptime date timeofday

Bulkstats Specific Schema ProfileThe following example creates an ATM schema profile that collects circuit statistics for each ATM PVC to which the ATM profile, ubr-bulk, is applied. The last line of the example shows how the bulkstats schema command applies the newly defined schema, atm-ubr, to the bulkstats policy, bulk:

[local]Redback(config)#bulkstats schema profile atm atm-ubr format "uptime: %u, slot:%u, port: %u, vpi: %u, vci: %u, inoctets: %u outoctets: %u" sysuptime slot port vpi vci inoctets outoctets[local]Redback(config)#atm profile ubr-bulk



[local]Redback(config-atm-profile)#shaping ubr[local]Redback(config-atm-profile)#bulkstats schema atm-ubr policy bulk local

The following example configures an ATM PVC that references the ATM profile, ubr-bulk, on an ATM OC port:

[local]Redback(config)#port atm 4/1[local]Redback(config-atm-oc)#atm pvc 16 233 profile ubr-bulk encapsulation route1483[local]Redback(config-atm-pvc)#

The result of this schema is a line in the bulkstats collection file as follows:

atm-ubr: uptime: 348765, slot:4, port:1, vpi:16, vci:233, inoct:234975, outoct:165444


This section describes the syntax and usage guidelines for the commands used to configure bulkstats features. The commands are presented in alphabetical order.

bulkstats policy bulkstats schema bulkstats schema profile collection header format limit localdir

receiver remotefile sample-interval schema schema-dump transfer-interval



bulkstats policybulkstats policy bulk-pol-name

no bulkstats policy bulk-pol-name

PurposeCreates a bulk statistics (bulkstats) policy, or selects one for modification, and enters bulkstats configuration mode.


Syntax Description

DefaultNone

Usage GuidelinesUse the bulkstats policy command to create a bulkstats policy or select one for modification. You can configure multiple bulkstats policies within each context.

No more than 100 bulkstats policies are allowed for the entire SmartEdge router.

Use the no form of this command to delete a bulkstats policy.

ExamplesThe following command creates a bulkstats policy, bulk, and enters bulkstats configuration mode:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#

bulk-pol-name Name of the bulkstats policy to be created or modified. Alphanumeric string with up to 19 characters.

Caution Risk of system performance degradation. Too many bulkstats policies can reduce system performance. To reduce the risk, minimize the number of policies.



Related Commands

bulkstats schema bulkstats schema profile collection header format limit localdir

receiver remotefile sample-interval schema schema-dump transfer-interval



bulkstats schemaIn context or subscriber configuration mode, the syntax is:

bulkstats schema sch-prof-name policy bulk-pol-name [ctx-name]

no bulkstats schema sch-prof-name policy bulk-pol-name [ctx-name]

In all other configuration modes, the syntax is:

bulkstats schema sch-prof-name policy bulk-pol-name ctx-name

no bulkstats schema sch-prof-name policy bulk-pol-name ctx-name

PurposeApplies an existing bulkstats schema profile and bulk statistics (bulkstats) policy in the specified context to the context, port, channel, or channel group; to a profile for an Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC), Frame Relay PVC, or 802.1Q PVC; or to a default bulkstats subscriber profile.

In the case of Multilink Point-to-Point Protocol (MP) subscribers, data is collected on individual ATM PVC links, as well as the MP bundles.

Command ModeATM DS-3 configurationATM OC configurationATM profile configurationcontext configurationdot1q profile configurationDS-0 group configurationDS-1 configurationDS-3 configurationE1 configurationE3 configurationFrame Relay profile configurationport configurationSTM-1 configurationsubscriber configuration

Note Bulkstats subscriber schema profiles can only be applied under the default subscriber schema profile.



Syntax Description

DefaultNone

Usage GuidelinesUse the bulkstats schema command with the ctx-name argument (in context and subscriber configuration mode) to allow local context policies to collect data in other contexts. Applying the name of the context using ctx-name can only be applied as local in subscriber and context configuration modes.

Use the bulkstats schema command, in all other configuration modes, to apply an existing bulkstats schema profile and bulkstats policy in the specified context to the context, a port, channel, or channel group; to a profile for an ATM PVC, Frame Relay PVC, or 802.1Q PVC; or to a default bulkstats subscriber profile. You can apply multiple bulkstats schemas to contexts, ports, channels, channel groups, and profiles using multiple policies in various contexts.

Use the no form of this command to remove the application of the specified bulkstats schema profile and policy from the context, port, channel, channel group; profile for an ATM PVC, Frame Relay PVC, or 802.1Q PVC; or default subscriber profile.

sch-prof-name Name of the bulkstats schema profile. Alphanumeric string with up to 19 characters.

policy bulk-pol-name Name of the bulkstats policy. Alphanumeric string with up to 19 characters.

ctx-name Name of the context in which the bulkstats policy is configured. Alphanumeric string with up to 31 characters. Optional in context and subscriber configuration modes.

Caution Risk of system performance degradation. Although you can apply multiple bulkstats schema profiles, each gathering a different type and format of data, it is advisable to minimize the number of bulkstats schema profile applications to reduce impact on system performance. To reduce the risk, you can instead create one bulkstats schema profile that records several subsets of data. Separate each subset within the format string by entering the \n character sequence, which creates a new starting line in the output file. You can then apply this single bulkstats schema profile in place of multiple bulkstats schema profiles.

Caution Risk of system performance degradation. Applying multiple bulkstats policies can also reduce system performance. To reduce the risk, minimize the number of policies applied to a port, channel, channel group, or profile.

Note Do not apply a bulkstats schema profile to a DS-1 channel, E1 channel, or E1 port if you are adding it to an MP or Multilink Frame Relay (MFR) bundle.

Note The SmartEdge 100 router does not support Frame Relay PVCs or 802.1Q PVCs.



ExamplesThe following example applies an existing bulkstats schema profile, sample, to an Ethernet port using the bulk policy, in the local context:

[local]Redback(config)#port ethernet 3/1[local]Redback(config-port)#bulkstats schema sample policy bulk local

The following example applies existing bulkstats schema profiles to the context, isp2,and to the default subscriber profile in that context, using the bulk-isp2 policy:

[local]Redback(config)#context isp2[local]Redback(config-ctx)#bulkstats schema ctx-sample policy bulk-isp2[local]Redback(config-ctx)#subscriber default[local]Redback(config-sub)#bulkstats schema sub-sample policy bulk-isp2

Related Commands

bulkstats policy bulkstats schema profile

schema schema-dump



bulkstats schema profilebulkstats schema profile prof-type sch-prof-name format format-string [OS-variable]

[OS-variable] ...

no bulkstats schema profile prof-type sch-prof-name

PurposeCreates or modifies a bulkstats schema profile that can be used to gather statistics for system-wide, context, subscriber, port, channel, Asynchronous Transfer Mode (ATM), Frame Relay, or 802.1Q permanent virtual circuit (PVC).


Syntax Description

DefaultNo bulkstats schema profile is defined.

Usage GuidelinesUse the bulkstats schema profile command to create or modify a bulkstats schema profile that can be used as a template to gather statistics for system-wide, context, subscriber, port, channel, ATM, Frame Relay, or 802.1Q PVC. Table 11-4 lists the keywords for the types of bulkstats schema profiles that you can create or modify.

prof-type Type of bulkstats profile according to one of the keywords listed in Table 11-4.

sch-prof-name Name of the bulkstats schema profile to be defined.

format format-string Table 11-5 describes the format strings, used to format the bulkstats schema profile. Format strings can contain anything or nothing as a label for a SmartEdge OS variable. They follow the C programming language printf() function syntax and must be enclosed in quotation marks.

OS-variable Optional. SmartEdge OS variable for which data will be collected. Separate the variables with a space. Table 11-6 to Table 11-13 describe the supported SmartEdge OS variables for different types of bulkstats schema profiles.

Table 11-4 Types of Bulkstats Schema Profiles

Keyword Description

atm Uses profile with one or more ATM PVCs (using ATM profiles). (Table 11-11)

channel Uses profile with one or more DS-0 channel groups, or DS-1, DS-3, or E1 channels. (Table 11-10)

context Uses profile with one or more contexts. (Table 11-7)

dot1q Uses profile with one or more 802.1Q PVCs (using dot1q profiles). (Table 11-13)



Use the port keyword to create a bulkstats schema profile for a port on a clear-channel or channelized DS-3 traffic card; use the channel keyword to create a bulkstats schema profile for a DS-3 channel on a channelized OC-12 traffic card.

Use the port keyword to create a bulkstats schema profile for an E1 port on a channelized E1 traffic card; use the channel keyword to create a bulkstats schema profile for an E1 channel on a channelized STM-1 traffic card.

Use the port keyword to create a bulkstats schema profile for an E3 port on a clear-channel E3 traffic card; use the channel keyword to create a bulkstats schema profile for a DS-0 group or DS-1 channel.

To apply a global bulkstats schema profile to the system, use the schema command in bulkstats configuration mode.

To apply a bulkstats schema profile to a context, port, channel, or PVC, use the bulkstats schema command in the appropriate configuration mode.

To apply a bulkstats schema profile to a default subscriber profile, use the bulkstats schema command with the apply keyword in subscriber configuration mode.

To save the definitions of a bulkstats schema profiles in the collection file, use the schema-dump command in bulkstats configuration mode.

Use the no form of this command to delete the specified bulkstats schema profile. When you delete a schema profile, all the references (applications) of the profile are also removed. If the same statistics are to be collected, the schema profile must be recreated and re-applied.

Table 11-5 describes the supported format strings.

frame-relay Uses profile with one or more Frame Relay PVCs (using Frame Relay profiles). (Table 11-12)

global Uses profile to collect system-wide statistics. (Table 11-6)

port Uses profile with one or more ATM, channelized OC-12, channelized STM-1, clear-channel or channelized DS-3, clear-channel E3, E1, Ethernet, or Packet over SONET/SDH (POS) ports. (Table 11-9)

subscriber Uses profile with one or more subscribers (using default subscriber profiles). (Table 11-8)

Note The SmartEdge 100 router does not support Frame Relay PVCs or 802.1Q PVCs.

Table 11-5 Format String Special Character Descriptions

Syntax Description

\n Creates a new line

%s Represents a character string

%d Represents an integer in decimal (base 10)

%u Represents an unsigned integer in decimal (base 10)

%x Represents an integer in hexadecimal format (base 16)

%% Represents a single % character in the output

Table 11-4 Types of Bulkstats Schema Profiles (continued)

Keyword Description



Table 11-6 describes the supported SmartEdge OS variables for bulkstats global schema profiles

Caution Risk of system performance degradation. Although you can apply multiple bulkstats schema profiles, each gathering a different type and format of data, it is advisable to minimize the number of bulkstats schema profile applications to reduce impact on system performance. To reduce the risk, you can instead create one bulkstats schema profile that records several subsets of data. Separate each subset within the format string by entering the \n character sequence, which creates a new starting line in the output file. You can then apply this single bulkstats schema profile in place of multiple bulkstats schema profiles.

Caution Risk of system performance degradation. Schema profiles that are created with policing and drop counters (the qos_inoctets, qos_outoctets, rcv_drop_octets, xmt_drop_octets variables) could result in a substantial increase in CPU usage, when applied, using the bulkstats schema command in any of its configuration modes). To reduce the risk, limit their use whenever possible or decrease the sampling rate (by increasing the sample interval using the sample-interval command in bulkstats configuration mode) when the bulkstats schema with these parameters is applied to a large number of ports, channels, or circuits.

Table 11-6 SmartEdge OS Variables for Bulkstats Global Schema Profiles

Variable Description Type

active_subs Total number of active subscribers Integer

active_subs_bridged1483 Total number of active subscribers on RFC 1483-bridged circuits Integer

active_subs_clips Total number of active subscribers on CLIPS circuits Integer

active_subs_dot1qEnet Total number of active subscribers on 802.1Q PVCs Integer

active_subs_ppp Total number of active subscribers on PPP-encapsulated circuits Integer

active_subs_pppoe Total number of active subscribers on PPPoE-encapsulated circuits Integer

active_subs_routed1483 Total number of active subscribers on RFC 1483-routed circuits Integer

cpu1min System CPU usage for the last minute Integer

cpu5min System CPU usage for the last five minutes Integer

cpu5sec System CPU usage for the last five seconds Integer

date Today’s date in YYYYMMDD format String

epochtime Time of day in epoch format (number of seconds since January 1, 1970) Integer

free_user_mem Available memory in KB Integer

hostname System hostname String

load15min System load average for the last fifteen minutes Integer

load1min System load average for the last minute Integer

load5min System load average for the last five minutes Integer

sysuptime System uptime in seconds Integer

timeofday Time of day in HHMMSS format using a 24-hour clock String

total_user_mem Total memory in KB Integer



Table 11-7 describes the supported SmartEdge OS variables for bulkstats context schema profiles.

Table 11-8 describes the supported SmartEdge OS variables for bulkstats subscriber schema profiles.

Table 11-7 SmartEdge OS Variables for Bulkstats Context Schema Profiles


active_subs Active subscribers for this context Integer

active_subs_bridged1483 Active subscribers on RFC 1483-bridged circuits for this context Integer

active_subs_clips Active subscribers on CLIPS circuits for this context Integer

active_subs_dot1qEnet Active subscribers on 802.1Q PVCs for this context Integer

active_subs_ppp Active subscribers on PPP-encapsulated circuits for this context Integer

active_subs_pppoe Active subscribers on PPPoE-encapsulated circuits for this context Integer

active_subs_routed1483 Active subscribers on RFC 1483-routed circuits for this context Integer

context_name Context name String


start_time Session start time Integer


Table 11-8 SmartEdge OS Variables for Subscriber Schema Profiles


agent_circuit_id Agent circuit ID corresponding to this subscriber. String

agent_remote_id Agent remote ID corresponding to this subscriber. String

bind_type Subscriber bind type. String

cct_handle Circuit descriptor. String

context_name Context name. String

epochtime Time of day in epoch format (number of seconds since January 1, 1970).

Integer

inoctets Number of octets received on this subscriber session. Integer

inpackets Number of packets received on this subscriber session. Integer

ip_addr IP address. String

ip_mask IP address mask. String

mcast_inoctets Number of multicast octets received on this subscriber session. Integer

mcast_inpackets Number of multicast packets received on this subscriber session. Integer

mcast_outoctets Number of multicast octets sent on this subscriber session. Integer

mcast_outpackets Number of multicast packets sent on this subscriber session. Integer

metering_class_counters Metering counter statistics per Differentiated Services Code Point (DSCP) class for this subscriber session. One line of output exists for each class defined in the corresponding QoS metering policy.

Integer

metering_policy_name Names of the QoS metering policy applied to this subscriber. String



num_queues Number of queues configured on this subscriber session. Integer

outoctets Number of octets sent on this subscriber session. Integer

outpackets Number of packets sent on this subscriber session. Integer

policing_class_counters Policing counter statistics per DSCP class for this subscriber session. One line of output exists for each class defined in the corresponding QoS policing policy.

Integer

policing_policy_name Name of the QoS policing policy applied to this subscriber. String

queue_counters Number of queue counters for this subscriber session. Integer

queue_policy_name QOS PWFQ policy name. String

session_id Subscriber session ID. String

start_time Session start time in seconds. Integer

sysuptime System uptime in seconds. Integer

user_name Username. String

Note Configuring the agent_remote_id variable in the bulkstats subscriber schema profile causes the output data to contain the string value in the configuration.

Configuring the agent_circuit_id variable in the bulkstats subscriber schema profile causes the output data to contain the string value in the configuration.

Application of the bulkstats subscriber schema to the default bulkstats subscriber profile for a context affects all subscribers in the context.

Note Configuring the queue_counters variable in the bulkstats subscriber schema profiles causes the output data to contain the queue_counters statistics, when applicable. If no quality of service (QoS) priority weighted fair queuing (PWFQ) policy is applied, the queue_counters variable displays an error message.

One line is printed per queue. Each line contains a predefined format, with all of the following elements (none are configurable):

• queue_index

• outoctets

• outpackets

• wred_drop_octets

• wred_drop_packets

• tail_drop_octets

• tail_drop_packets

Table 11-8 SmartEdge OS Variables for Subscriber Schema Profiles (continued)




Table 11-9 describes the supported SmartEdge OS variables for bulkstats port schema profiles.

Note Configuring the metering_class_counters or the policing_class_counters variable in the bulkstats subscriber schema profile causes the output data to contain the counter statistics per class, when applicable.

Application of the bulkstats subscriber schema to the default subscriber profile for a context affects all subscribers in the context.

One line of output data is printed per class, each containing a predefined format with all of the following elements (none is configurable):

• class_name

• conform_octets

• conform_packets

• conform_drop_octets

• conform_droppackets

• exceed_octets

• exceed_packets

• exceed_drop_octets

• exceed_drop_packets

• violate_octets

• violate_packets

• violate_drop_octets

• violate_drop_packets

If no QoS policy is applied, the output line for the metering_class_counters parameter or the policing_class_counters parameter displays “N/A”.

Table 11-9 SmartEdge OS Variables for Bulkstats Port Schema Profiles


description Description of port String


inoctets Number of octets received on this port Integer

inpackets Number of packets received on this port Integer

mcast_inoctets Number of multicast octets received on this port Integer

mcast_inpackets Number of multicast packets received on this port Integer

mcast_outoctets Number of multicast octets sent on this port Integer

mcast_outpackets Number of multicast packets sent on this port Integer

metering_class_counters Packet statistics, class-based metering on this port, one line of output for each DSCP class defined in the metering policy

Integer

metering_policy_name Name of the QoS metering policy applied to the port String

outoctets Number of octets sent on the port Integer



Table 11-10 describes the supported SmartEdge OS variables for bulkstats channel schema profiles.

outpackets Number of packets sent on the port Integer

policing_class_counters Packet statistics, class-based policing on this port, one line of output for each DSCP class defined in the policing policy

Integer

policing_policy_name Name of the QoS policing policy applied to the port String

port Port number on the traffic card Integer

portspeed Port speed in kbps Integer

porttype Port type String

qos_inoctets Number of post-limited octets received on this port Integer

qos_outoctets Number of pre-limited octets sent on this port Integer

rcv_drop_octets Number of receive octets dropped on this port Integer

slot Slot number in the SmartEdge router Note: On the SmartEdge 100 router, only slot 2 interfaces to subscriber sessions.

Integer


xmt_drop_octets Number of transmitted octets dropped on this port Integer

Table 11-10 SmartEdge OS Variables for Bulkstats Channel Schema Profiles


channel Channel number on port Integer


inoctets Number of octets received on this channel Integer

inpackets Number of packets received on this channel Integer

mcast_inoctets Number of multicast octets received on this port Integer

mcast_inpackets Number of multicast packets received on this port Integer

mcast_outoctets Number of multicast octets sent on this port Integer

mcast_outpackets Number of multicast packets sent on this port Integer

outoctets Number of octets sent on this channel Integer

outpackets Number of packets sent on this channel Integer


qos_inoctets Number of post-limited octets received on this channel Integer

qos_outoctets Number of pre-limited octets sent on this channel Integer

Table 11-9 SmartEdge OS Variables for Bulkstats Port Schema Profiles (continued)




Table 11-11 describes the supported SmartEdge OS variables for bulkstats ATM PVC schema profiles.

rcv_drop_octets Number of receive octets dropped on this channel Integer


Integer


xmt_drop_octets Number of transmitted octets dropped on this channel Integer

Table 11-11 SmartEdge OS Variables for Bulkstats ATM PVC Schema Profiles


cctstate State of the ATM PVC String


inoctets Number of octets received on the PVC Integer

inpackets Number of packets received on the PVC Integer

mcast_inoctets Number of multicast octets received on the PVC Integer

mcast_inpackets Number of multicast packets received on the PVC Integer

mcast_outoctets Number of multicast octets sent on the PVC Integer

mcast_outpackets Number of multicast packets sent on the PVC Integer

metering_class_counters Packet statistics, class-based metering on this PVC, one line of output for each DSCP class defined in the metering policy

Integer

metering_policy_name Name of the QoS metering policy applied to the PVC String

outoctets Number of octets sent on the PVC Integer

outpackets Number of packets sent on the PVC Integer

policing_class_counters Packet statistics, class-based policing on this PVC, one line of output for each DSCP class defined in the policing policy

Integer

policing_policy_name Name of the QoS policing policy applied to the PVC String


qos_inoctets Number of post-limited octets received on the PVC Integer

qos_outoctets Number of pre-limited octets sent on the PVC Integer

rcv_drop_octets Number of receive octets dropped on the PVC Integer


Integer


vci Virtual channel identifier (VCI) for the PVC Integer

vpi Virtual path identifier (VPI) for the PVC Integer

Table 11-10 SmartEdge OS Variables for Bulkstats Channel Schema Profiles (continued)




Table 11-12 describes the supported SmartEdge OS variables for bulkstats Frame Relay PVC schema profiles.

Table 11-13 describes the supported SmartEdge OS variables for bulkstats 802.1Q PVC (dot1q) schema profiles.

xmt_drop_octets Number of transmitted octets dropped on the PVC Integer

Table 11-12 SmartEdge OS Variables for Frame Relay PVC Schema Profiles


cctstate State of the Frame Relay PVC String

channel Channel number on port Integer

dlci Data Link Connection Identifier (DLCI) for the PVC Integer















Integer



Table 11-11 SmartEdge OS Variables for Bulkstats ATM PVC Schema Profiles (continued)




ExamplesThe following example creates a bulkstats schema profile, prfl-port, for a port and applies that profile to an Ethernet port using the bulk policy:

[local]Redback(config)#bulkstats schema profile port prfl-port format “%d/%d desc: %s” slot port description[local]Redback(config)#port ethernet 3/1[local]Redback(config-port)#bulkstats schema prfl-port policy bulk

Table 11-13 SmartEdge OS Variables for Bulkstats 802.1Q PVC (dot1q) Schema Profiles


cctstate State of the 802.1Q PVC String








metering_class_counters Packet statistics, class-based metering on this PVC, one line of output for each DSCP class defined in the metering policy

Integer

metering_policy_name Name of the QoS metering policy applied to the PVC String



policing_class_counters Packet statistics, class-based policing on this PVC, one line of output for each DSCP class defined in the policing policy

Integer

policing_policy_name Name of the QoS policing policy applied to the PVC String






Integer


vlan_id VLAN tag value for the PVC Integer




The following example creates a bulkstats subscriber schema profile that uses the policing_class_counters and metering_class_counters subscriber schema variables:

[local]Redback(config)#bulkstats schema profile subscriber SubSchema format "session_id: %s, cct_handle: %s \n Policing Class Counters: %s \n Metering Class Counters: %s" session_id cct_handle policing_class_counters metering_class_counters

Related Commands

bulkstats policy bulkstats schema sample-interval

schema schema-dump



collectioncollection

no collection

PurposeEnables the collection of bulk statistics (bulkstats) for all the entities to which this bulkstats policy has been applied.

Command Mode bulkstats configuration


DefaultBulk statistics are not collected for any policy.

Usage GuidelinesUse the collection command to enable the collection of bulkstats for all the entities to which this bulkstats policy has been applied.

Before you enable bulkstats collection for it, you must perform the following tasks for the bulkstats policy:

• Specify the primary bulkstats file server using the receiver command in bulkstats configuration mode.

• Specify the directory on the local SmartEdge router where collected data is stored using the localdir command in bulkstats configuration mode.

• Specify the name and location of the collection files on the bulkstats file server using the remotefile command in bulkstats configuration mode.

You must also perform these tasks:

• Create one or more schema profiles using the bulkstats schema profile command in global configuration mode.

• Apply one or more schema profiles using the schema command (in bulkstats configuration mode) for system-wide statistics or the bulkstats schema command (in ATM profile, dot1q profile, Frame Relay profile, or DS-0 group, DS-1, DS-3, E1, or port configuration mode) for applying an existing schema profile and bulk statistics policy.

You can enable collection for a bulkstats policy at any time after you have performed these tasks. It is not necessary to disable collection before you apply the policy to an entity, such as a port, channel, or circuit.

Use the no form of this command to disable collection for this bulkstats policy.



ExamplesThe following command enables the collection of bulk statistics:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#collection

Related Commands

bulkstats schema bulkstats schema profile localdir

receiver remotefile schema



header formatheader format format-string [OS-variable] [OS-variable] ...

no header format

PurposeSpecifies lines of informative text that are inserted at the beginning of each bulk statistics (bulkstats) collection file for this policy.


Syntax Description

DefaultNo header lines are included in any bulkstats collection file for any policy.

Usage GuidelinesUse the header format command to specify lines of informative text (headers) at the beginning of each bulkstats collection file for this policy. Lines added by using this command are inserted in each file in the order in which they are configured. You can specify at most 10 headers for a policy.

Table 11-14 describes the supported format strings.

format-string Table 11-14 describes the format strings, used to format the header line. Format strings can contain anything or nothing as a label for a SmartEdge OS variable. They follow the C programming language printf() function syntax and must be enclosed in quotation marks.

OS-variable Optional. SmartEdge OS system variable. Table 11-15 describes the supported variables.


Format String Description






%% Represents a single % character



Table 11-15 describes the SmartEdge OS variables that you can use to format the headers in each bulkstats collection file.

Each header definition must be unique. If a new header line is configured so that it exactly matches an existing header line, the new header is ignored.

Use the no form of this command to delete all bulkstats header specifications for each bulkstats file. After you use this command, you must redefine all headers. Use a text editor for minor editing of the headers rather than editing them with the header format command.

ExampleThe following example inserts a line of text about the date that data is collected in each bulkstats collection file for the policy, bulk, in the local context:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#header format "Data collected on %s for %s policy in%s context" date policy

The previous line puts the following line in the collection file:

Data collected on 20030530 for bulk policy in local context

Related Commandscollection

Table 11-15 SmartEdge OS Variables for the header format Command


chassis_type Type of chassis String

context Context name String


epochtime Time of day in epoch format (seconds since January 1, 1970) Integer

hostname Hostname as specified in the configuration file String

policy Bulkstats policy name String

sysuptime System uptime in seconds. Integer

timeofday Time of day in HHMMSS format (using a 24-hour clock) String



limitlimit kilobytes

default limit

PurposeSets a limit on the space that is used to store bulk statistics (bulkstats) collection files on the SmartEdge router.


Syntax Description

DefaultThe limit for storing bulkstats data is 1,024 KB (or 1 MB).

Usage GuidelinesUse the limit command to set a limit on the space that is used to store bulkstats collection files on the SmartEdge router.

You cannot change the limit size while bulkstats collection is enabled; you must first disable bulkstats collection using the collection command in bulkstats configuration mode and then re-enable bulkstats collection after entering the limit command.

If data collection fails or if the file size reaches the limit before collection, the oldest data is overwritten, which allows collection to continue with the most recent data saved.

Use the default form of this command to set the bulkstats data storage limit to 1,024 KB.

ExamplesThe following example limits the space used to store bulkstats data to 4906 KB:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#limit 4906

kilobytes Amount of space, in KB, used to store bulkstats data. The range of values is 100 to 100,000 KB. The default value is 1,024 KB.

Caution Risk of data loss. If bulkstats collection is re-enabled after a new limit value has been set, data is deleted, and a new collection file is created. To reduce the risk, enter a bulkstats force transfer command (in exec mode) for the specified policy prior to disabling bulkstats collection so that all collected data is transferred to the bulkstats file server. For information on the bulkstats force transfer command, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.



Related Commandscollection localdir



localdirlocaldir dir-name

no localdir dir-name

PurposeSpecifies the local directory on the SmartEdge router where bulk statistics (bulkstats) data for this policy is stored.


Syntax Description

DefaultNone

Usage GuidelinesUse the localdir command to specify the local directory where bulkstats collection files for this policy are stored.

You must first create a local directory using the mkdir command (in exec mode) before you enable bulkstats collection. For more information on the mkdir command, see the “File and Release Operations” chapter in the Basic System Operations Guide for the SmartEdge OS. You can specify a directory on the local file system (/flash) or the mass-storage device (/md). (The mass-storage device is preferable due to faster write speed.) You can limit the space allowed for bulkstats storage with the limit command.

You cannot change the local directory while bulkstats collection is enabled; you must first disable bulkstats collection for this policy using the collection command in bulkstats configuration mode and then re-enable bulkstats collection after entering the localdir command.

Use the no form of this command to remove the configuration of the current local directory used to store bulkstats data for this policy. You should disable bulkstats collection for the policy using the collection command in bulkstats configuration mode before you delete the configuration.

ExampleThe following example stores bulkstats collection files for the policy, bulk, in the /md/blksts directory:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#localdir /md/blksts

Related Commandscollection limit

dir-name Local directory where bulkstats collection files for this policy are stored.



receiverreceiver ip-addr {primary | secondary} mechanism {ftp | sftp | scp} login login-name

{password password | encrypted password | nopassword}

no receiver ip-addr {primary | secondary}

PurposeSpecifies the remote file servers where bulk statistics (bulkstats) files for this policy are stored.


Syntax Description

DefaultNo server is specified to receive bulkstats.

Usage GuidelinesUse the receiver command to specify the remote file servers where bulk statistics (bulkstats) files for this policy are stored.

If a transfer to the primary file server that receives bulkstats fails, a transfer to the secondary receiver is immediately attempted. If the transfer to the secondary receiver fails, the SmartEdge router waits five minutes before making another attempt. Retries continue every five minutes until a transfer transfer succeeds.

ip-addr IP address of the bulkstats file server.

primary Specifies that the file server is the primary receiver.

secondary Specifies that the file server is the secondary receiver.

mechanism ftp Specifies the file transfer method as File Transfer Protocol (FTP).

mechanism sftp Specifies the file transfer method as Secure Shell FTP (SFTP).

mechanism scp Specifies the file transfer method as Secure Copy Protocol (SCP).

login login-name Login name to be used for file transfer.

password password Password to be used with the logon name.

encrypted password Encrypted password to be entered with the logon name. (The password is encrypted while saving the configuration.)

nopassword Specifies that a password is not required with the logon name.

Note Whenever a transfer to any bulkstats file server fails, a Simple Network Management Protocol (SNMP) trap is generated.



Use the no form of this command to delete a previously configured bulkstats remote file server. If you use the no form of this command while bulkstats collection is running, no data is transmitted to the deleted file server until you define a new bulkstats file server.

ExamplesThe following example identifies the server at IP address, 198.168.145.99, as the primary bulkstats file server; the logon account is snmp and its password is snmp:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#receiver 198.168.145.99 primary mechanism ftp login snmp password snmp

To see how this information displays, see the example for the show bulkstats command in the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Related Commandsremotefile transfer-interval



remotefileremotefile format format-string [OS-variable] [OS-variable] ...

no remotefile format

PurposeSpecifies the format of the filename and the location of the bulk statistics (bulkstats) collection files that are stored on remote file servers.


Syntax Description

DefaultNo filename format is defined for bulkstats collection files for any policy.

Usage GuidelinesUse the remotefile command to specify the format of the filename and the location of the bulkstats collection files that are stored on remote file servers.

Table 11-16 describes the format strings used to format the remote filename.

format Specifies the format of the filename for the bulkstats collection files.

format-string Table 11-16 describes the format strings used to format the remote filename for the bulkstats collection files. Format strings can contain anything or nothing as a label for a SmartEdge OS variable. They follow the C programming language printf() function syntax and must be enclosed in quotation marks.

OS-variable Optional. SmartEdge OS system variable. Table 11-17 describes the supported variables.


Format String Description






%% Represents a single % character in the output



Table 11-17 describes the SmartEdge OS variables used to format the remote filename.

You cannot change the remote filename or location while bulkstats collection is enabled; you must first disable bulkstats collection using the collection command in bulkstats configuration mode and then re-enable bulkstats collection after entering the receiver command.

Use the no form of this command to delete information about the format of the remote filename and location used to store bulkstats data for this policy.

ExampleThe following example specifies the format of the filename where the bulkstats data for the bulk policy, is to be stored:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#remotefile format "Bulkstats/%s_%s" hostname timeofday

The file is specified as Bulkstats/hostname_HHMMSS where the hostname argument is the name configured for the SmartEdge router and the HHMMSS argument is the hour, minute, and second (24-hour clock) of the transfer.

To see how this information displays, see the example for the show bulkstats command in the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Related Commandscollection receiver

Table 11-17 SmartEdge OS Variables for the remotefile Command


context Context name String


epochtime Time of day in epoch format (seconds since January 1, 1970) Integer

hostname Hostname as specified in the configuration file String

policy Bulkstats policy name String


timeofday Time of day in HHMMSS format (using a 24-hour clock) String



sample-intervalsample-interval minutes

default sample-interval

PurposeSpecifies the interval between the collection of bulk statistics (bulkstats) samples.


Syntax Description

DefaultThe sampling interval is 15 minutes.

Usage GuidelinesUse the sample-interval command to specify the interval between the collection of bulkstats samples. Setting the sampling interval so that sampling occurs too often can decrease the performance of the SmartEdge router.

Use the default form of this command to return the sampling interval to 15 minutes.

ExamplesThe following example sets the sampling interval to 30 minutes:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#sample-interval 30

Related Commandstransfer-interval

minutes Interval, in minutes, between samples. The range of values is 1 to 1,440 minutes (24 hours); the default value is 15 minutes.



schemaschema sch-prof-name

no schema sch-prof-name

PurposeApplies a system-level bulk statistics (bulkstats) schema profile to gather system-wide statistics using this policy.


Syntax Description

DefaultNone

Usage GuidelinesUse the schema command to apply a system-level (global) bulkstats schema profile to gather system-wide statistics using this policy. You can apply multiple schema profiles using this command. Each schema can gather a different type and format of data. Each application of a schema profile is used to create a text record that is appended to the bulkstats collection file for this policy after every sample period.

Use the no form of this command to remove the specified schema profile.

ExamplesThe following example applies a previously configured schema profile sample for the bulk policy.

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#schema sample

sch-prof-name Name of the global schema profile. Alphanumeric string with up to 19 characters.

Caution Risk of system performance degradation. Although you can apply multiple schema profiles, each gathering a different type and format of data, it is advisable to minimize the number of schema profile applications to reduce impact on system performance. To reduce the risk, you can instead create one schema profile that records several subsets of data. Separate each subset within the format string by entering the \n character sequence, which creates a new starting line in the output file. You can then apply this single schema profile in place of multiple schema profiles.



Related Commandsbulkstats schema bulkstats schema profile schema-dump



schema-dumpschema-dump

no schema-dump

PurposeEnables writing the definitions of the configured bulk statistics (bulkstats) schema profiles to the beginning of the bulkstats data collection file.

Command Modebulkstats configuration


DefaultNo schema profile definition is saved in any bulkstats data collection file for any policy.

Usage GuidelinesUse the schema-dump command to enable writing the definitions of the configured bulkstats schema profiles to the beginning of the bulkstats data collection file. When enabled, the definition of each configured schema profile is printed at the beginning of the bulkstats collection file.

Use the no form of this command to disable writing the definitions of schema profiles to the bulkstats data collection file.

ExamplesThe following example writes the definitions of the configured bulkstats schema profiles to the bulkstats data file:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#schema-dump

Related Commandsbulkstats schema bulkstats schema profile schema



transfer-intervaltransfer-interval minutes

default transfer-interval

PurposeSpecifies the interval after which bulk statistics (bulkstats) data for this policy is uploaded to a remote file server.


Syntax Description

DefaultThe bulkstats transfer interval is 60 minutes.

Usage GuidelinesUse the transfer-interval command to specify the interval after which bulkstats data for this policy is uploaded to a remote file server. Use the bulkstats force transfer command in exec mode to force an immediate transfer for this policy. For information on the bulkstats force transfer command, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the default form of this command to return the transfer interval to 60 minutes.

ExampleThe following example specifies that bulkstats data is transferred to a remote file server every 180 minutes:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#transfer-interval 180

Related Commandsreceiver

minutes Transfer interval in minutes. The range of values is 1 to 1,440 minutes (24 hours); the default value is 60 minutes.

SNMP and RMON Configuration 12-1

C h a p t e r 1 2

SNMP and RMON Configuration

This chapter provides an overview of Simple Network Management Protocol (SNMP) and Remote Monitoring (RMON) features, describes the tasks used to configure them, and provides configuration examples and detailed descriptions of the commands used to configure SNMP and RMON features through the SmartEdge® OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer SNMP features, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview







Overview


Overview

This section provides a brief overview of the current SNMP management framework. For a more detailed introduction to the SNMP management framework, see the RFC documents referenced in this section. This section includes the following topics:

• SNMP Management Framework and RFCs

• SNMP Versions

• MIBs, Traps, and Events

SNMP Management Framework and RFCsThe SNMP management framework has five components:

• An overall architecture—Described in RFC 3411, An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks

• Mechanisms for describing and naming objects and events for the purpose of management

The first version, Structure of Management Information (SMIv1) is described in:

— STD 16, RFC 1155, Structure and Identification of Management Information for TCP/IP-based Internets

— STD 16, RFC 1212, Concise MIB Definitions

— RFC 1215, Convention for Defining Traps for use with the SNMP

The second version, SMIv2, is described in:

— STD 58, RFC 2578, Structure of Management Information Version 2 (SMIv2)

— STD 58, RFC 2579, Textual Conventions for SMIv2

— STD 58, RFC 2580, Conformance Statements for SMIv2

The following RFCs provide detailed information on SNMPv3:

— STD 62, RFC 2570, Introduction to Version 3 of the Internet-standard Network Management Framework

— STD 62, RFC 2576, Coexistence between Version 1, Version 2, and Version 3 of the Internet-Standard Network Management Framework

• Message protocols for transferring management information

— The first version, SNMPv1, is described in STD 15, RFC 1157, Simple Network Management Protocol (SNMP).

— The second version, SNMPv2, which is not an Internet standards track protocol, is described in RFC 1901, Introduction to Community-based SNMPv2 and RFC 1906, Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2).

Overview


— The third version, SNMPv3, is described in RFC 3417, Transport Mappings for the Simple Network Management Protocol (SNMP), RFC 3412, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP), and RFC 3414, User-based Security Model (USM) for Version 3 of the Simple Network Management Protocol (SNMPv3).

• Protocol operations for accessing management information

— The first set of protocol operations and associated protocol data unit (PDU) formats is described in STD 15, RFC 1157.

— The second set of protocol operations and associated PDU formats is described in RFC 3416, version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP).

• A set of fundamental applications—Described in RFC 3413, Simple Network Management Protocol (SNMP) Applications

• A view-based access control mechanism—Described in RFC 3415, View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)

The SmartEdge OS supports the User-Based Security Model (USM) and the following applications specific to RFC 3413, and RFC 3414:

• Command Responder—The SmartEdge OS accepts SNMP read-class and write-class requests, performs the appropriate protocol operation, and generates a response message.

• Notification Originator—The SmartEdge OS monitors the system for particular events and conditions and generates notification-class messages based on these events or conditions.

Managed objects are accessed through a virtual information store, the Management Information Base (MIB). MIB objects are defined using the mechanisms set out in the Structure of Management Information (SMI); for more information, see Appendix A, “Supported MIBs.”

SNMP VersionsThe SmartEdge OS supports SNMP Version 1 (SNMPv1), Version 2c (SNMPv2c), and Version 3 (SNMPv3).

There are several differences between configuring SNMPv1 and SNMPv2c, and configuring SNMPv3:

• With SNMPv1 and 2c, communities are created to control access to MIB information. You can configure these communities to meet management requirements. For instance, you can set up the automatic generation of community strings for all managed Redback® contexts. This automatically creates a group with the same name as the community string.

• With SNMPv3, groups and users (instead of communities) are manually configured to control access to MIB information. Privacy and encryption options ensure a high level of configurable security.

• SNMPv3 uses engine IDs to provide additional security.

MIBs, Traps, and EventsDesigned to facilitate the exchange of management information between network devices, SNMP consists of three parts: an SNMP manager (typically, a management station), SNMP agents, and the MIB. SNMP agents gather data (variables in the MIB database) from the managed device, respond to requests for data

Overview


from the SNMP manager, and send traps (notifications of certain events) to the SNMP manager. A management station can also control a managed device by sending a message to one of the device’s SNMP agents, requiring the device to change the value of one or more of its MIB variables; see Figure 12-1.

Figure 12-1 SNMP Manager, SNMP Agent, and MIB Relationship

For a list of MIBs supported by the SmartEdge OS, including Redback Networks Enterprise MIBs, see Appendix A, “Supported MIBs.” Table 12-1 lists the supported traps and events.

Note For a list of controller and traffic card alarms supported by the RBN-CARDMON-MIB, see the MIB’s capability file.

Note Alarm conditions that are reported in the RBN-ENVMON-MIB are normal, failed, absent, or unknown.

Table 12-1 SmartEdge OS Supported Traps and Events

Trap or Event Documentation Source

authenticationFailurecoldStart

RFC 3418, Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)

bgpBackwardTransNotificationbgpEstablishedNotification

RFC 4273, Definitions of Managed Objects for BGP-4

dsx1LineStatusChange RFC 2495, Definitions of Managed Objects for the DS1, E1, DS2, and E2 Interface Types

dsx3LineStatusChange RFC 2496, Definitions of Managed Objects for the DS3/E3 Interface Type

entConfigChange RFC 2037, Entity MIB using SMIv2

fallingAlarmrisingAlarm

RFC 2819, Remote Network Monitoring Management Information Base

linkDownlinkUp

RFC 2863, The Interfaces Group MIB

rbnAtmPvcOamStatusStateChange RBN-ATM-PVC-OAM-MIB (Redback Networks Enterprise MIB)

rbnBulkStatsTrfrFail2 RBN-BULKSTATS-MIB (Redback Networks Enterprise MIB)

rbnCardAlarm RBN-CARDMON-MIB (Redback Networks Enterprise MIB)

rbnDhcpCtxThresholdFallingThresholdMetrbnDhcpCtxThresholdRisingThresholdMetrbnDhcpRangeThresholdFallingThresholdMetrbnDhcpRangeThresholdRisingThresholdMet

RBN-DHCP-MIB (Redback Networks Enterprise MIB)

Configuration Tasks


Configuration Tasks

To configure SNMP and RMON features, perform the tasks described in the following sections:

• Configure SNMPv1 and SNMPv2c

• Configure SNMPv3

• Configure RMON Features

rbnNECardAlarmrbnNEdsx1LineStatusChangerbnNEdsx3LineStatusChangerbnNEentConfigChangerbnNElinkDownrbnNElinkUp

RBN-NOTIFY-ENHANCE-MIB (Redback Networks Enterprise MIB)

rbnFanStatusChangerbnPowerStatusChange

RBN-ENVMON-MIB (Redback Networks Enterprise MIB)

rbnIpPoolThreshholdMetrbnIpPoolContextThreshholdMetrbnIpPoolContextThreshholdPercentageMet

RBN-IP-POOL-MIB (Redback Networks Enterprise MIB)

rbnL2tpMibTunnelStateChange2 RBN-L2TP-MIB (Redback Networks Enterprise MIB)

rbnRadiusAcctStateChangerbnRadiusAuthStateChange

RBN-RADIUS-MIB (Redback Networks Enterprise MIB)

rbnSRProcessEventrbnSRStorageFailedEventrbnSRSwitchoverEvent

RBN-SYS-RESOURCES-MIB (Redback Networks Enterprise MIB)

rbnTacacsStateChange RBN-TACACS-MIB (Redback Networks Enterprise MIB)

rcfJobCompleted RBN-CONFIG-MIB (Redback Networks Enterprise MIB)


Table 12-1 SmartEdge OS Supported Traps and Events (continued)

Trap or Event Documentation Source

Configuration Tasks


Configure SNMPv1 and SNMPv2cTo configure SNMPv1 and SNMPv2c for SNMP target management stations, such as the NetOp™ Element Management System (EMS) server, perform the tasks described in Table 12-2; enter all commands in global configuration mode unless otherwise noted.

Configure SNMPv3Follow these guidelines to maximize security and ensure proper configuration of SNMPv3 for SNMP target management stations such as the NetOp EMS server:

• Define unique engine IDs—Do not define the engine ID value in a configuration file that will be applied to multiple systems.

• Protect configuration files—If you create configuration files that contain security information, such as authorization passwords and keys, the files should be stored on a secured system.

• Do not use saved configurations on multiple systems—SNMP security data is system-dependent. You compromise security if the same SNMP security data is assigned to multiple systems.

To configure SNMPv3, perform the tasks described in Table 12-3; enter all commands in global configuration mode, unless otherwise noted.

Table 12-2 Configure SNMPv1 and SNMPv2c


1. Enable the SNMP server and access SNMP server configuration mode.

snmp server

2. Specify operational attributes for the server:

Enable or disable per-context filtering of SNMP reporting. context-filter ifmib Enter this command in SNMP server configuration mode.

Enable or disable linkUp and linkDown notifications for Cisco High-Level Data Link Control (HDLC), Point-to-Point Protocol (PPP), and Frame Relay encapsulation layers, IP layers, or Layer 2 Tunneling Protocol (L2TP) tunnels.

traps Enter this command in SNMP server configuration mode.

Create additional SNMP MIB views. snmp view

Create SNMP community strings. snmp community Enter this command multiple times to create multiple community strings.

Configure an SNMP target management station to receive SNMP notifications, and optionally specify the context from which notifications are sent.

snmp target

Table 12-3 Configure SNMPv3


1. Enable the SNMP server and access SNMP server configuration mode.

snmp server

2. Specify operational attributes for the server:

Enable or disable per-context filtering of SNMP reporting.

context-filter ifmib Enter this command in SNMP server configuration mode.



Configure RMON FeaturesTo configure RMON features, perform the tasks described in Table 12-4; enter all commands in global configuration mode.


This section provides examples for:

• SNMPv2c

• SNMPv3

Enable linkUp and linkDown notifications for Cisco HDLC, PPP, and Frame Relay encapsulation layers, IP layers, or L2TP tunnels.

traps Enter this command in SNMP server configuration mode.

Specify a unique engine ID that can be either local or remote.

snmp engine-id

Create additional SNMP MIB views. snmp view

3. Create an SNMP group. snmp group Enter this command multiple times to create multiple groups.

4. Create an SNMP user. snmp user Enter this command multiple times to create multiple users.

5. Configure an SNMP target management station, and optionally specify the context from which notifications are sent. Select Option 1 or Option 2.Option 1 and Option 2 are mutually exclusive. The snmp target command is equivalent to the set of commands of Option 2, but only if, in step 3, the SNMP group was created without a notification view identified (the snmp group command with the notify notify-view construct).

• Option 1 snmp target

• Option 2 snmp notify snmp notify-filter snmp target-parameterssnmp notify-target

You must enter the first three commands before you enter the snmp notify-target command.

Note You must first enable the SNMP server before you can configure RMON features.

Table 12-4 Configure RMON Features


Define an RMON alarm. rmon alarm

Define an RMON event. rmon event

Table 12-3 Configure SNMPv3 (continued)




SNMPv2cIn the following SNMPv2c example, the view, Inet-View, includes all objects in the Internet object identifier (OID) tree. The Admin community allows read access to the Inet-View view, and then the SmartEdge OS is configured to send traps to a system, NM-Station1, with an IP address of 198.164.190.110.

[local]Redback(config)#snmp server[local]Redback(config-snmp-server)#traps ifmib encaps[local]Redback(config-snmp-server)#exit[local]Redback(config)#snmp view Inet-View internet included[local]Redback(config)#snmp community Admin view Inet-View read-only[local]Redback(config)#snmp target NM-Station1 198.164.190.110 security-name Admin version 2c view Inet-View trap[local]Redback(config)#end

SNMPv3The following SNMPv3 example configures a view, Inet-View view, to include all objects in the Internet MIB tree. It also configures an authenticated group, Group4, to allow read and notify access to the Inet-View view, and a user, Admin, who is part of Group4, with an encoded authorization password. It also configures the SmartEdge OS to send inform notifications from the Inet-View view, to a system, Nm-Station1, (IP address 10.3.4.5), excluding rbnSRMIBNotifications trap.

[local]Redback(config)#snmp server[local]Redback(config-snmp-server)#traps ifmib encaps[local]Redback(config-snmp-server)#exit[local]Redback(config)#snmp engine-id local AA:00:00:00:01[local]Redback(config)#snmp view Inet-View internet included[local]Redback(config)#snmp group Group4 security-model usm auth read Inet-View notifyInet-View

[local]Redback(config)#snmp user Admin group Group4 security-model usm md5 key encodedbase64 L1sR+UKZj4PqeRodf3zqTg==

[local]Redback(config)#snmp notify Notify-Inform Tag-Inform inform[local]Redback(config)#snmp notify-filter Filter-incInet 1.3.*.4 included[local]Redback(config)#snmp notify-filter Filter-NOrbnSRMIB rbnSRMIBNotifications excluded[local]Redback(config)#snmp target-parameters Param2 security-name Admin version 3 security-level auth[local]Redback(config)#snmp notify-target Nm-Station1 10.3.4.5/24 tag Inet-Informs parameters Param2 filter Filter-NOrbnSRMIB




This section describes the syntax and usage guidelines for the commands used to configure SNMP and RMON features. The commands are presented in alphabetical order.

context-filter ifmib rmon alarm rmon event snmp community snmp engine-id snmp group snmp notify snmp notify-filter

snmp notify-targetsnmp server snmp target snmp target-parameters snmp user snmp view traps



context-filter ifmibcontext-filter ifmib

no context-filter ifmib

PurposeRestricts Simple Network Management Protocol (SNMP) responses to circuits bound to the context assigned to the community or group that sends the query.

Command ModeSNMP server configuration


DefaultContext filtering is not applied to SNMP responses.

Usage GuidelinesUse the context-filter ifmib command to restrict SNMP responses to circuits bound to the context assigned to the community or group that sends the query. Information about circuits bound to other contexts is not reported.

The context-filter ifmib command applies only to the following types of circuits:

• 802.1Q permanent virtual circuits (PVCs)

• Asynchronous Transfer Mode (ATM) PVCs

• Frame Relay data-link connection identifier (DLCI) PVCs

If the SNMP community or group that sends the SNMP query is local or the context assigned to the SNMP community is local, the SNMP agent sends back information about circuits regardless of their binding.

ExamplesThe following example shows how to enable the SmartEdge router to send context-specific IF-MIB responses to SNMP queries:

[local]Redback(config)#snmp server[local]Redback(config-snmp-server)#context-filter ifmib

Related Commandssnmp community snmp group snmp server



rmon alarmrmon alarm index object-id interval {absolute | delta} rising-threshold value [event-index]

falling-threshold value [event-index] [owner owner-name]

no rmon alarm index

PurposeDefines a Remote Monitoring (RMON) alarm and associates it with the RMON event that reports the alarm when its criteria are met.


Syntax Description

DefaultNo RMON alarms are defined.

Usage GuidelinesUse the rmon alarm command to define an RMON alarm and to associate it with the RMON event that reports the alarm when its criteria are met.

Keep the following guidelines in mind when you use the rmon alarm command:

• Enable the Simple Network Management Protocol (SNMP) server using the snmp server command (in global configuration mode) before you use this command.

index Index that uniquely identifies an alarm event with an entry in the alarm table in the RMON Management Information Base (RMON-MIB).

object-id Object ID (OID) of the MIB object to be monitored.

interval Sampling time in seconds. The range of values is 1 to 2,147,483,647.

absolute Compares the actual object value against the threshold value.

delta Compares the difference between successive samples of the object value against the threshold value.

rising-threshold value Value at which an alarm event is triggered.

event-index Optional. Index of the entry in the event table in the RMON-MIB that is associated with the alarm event.

falling-threshold value Value at which an alarm event is triggered.

owner owner-name Optional. Name of the alarm owner.



• Before you define RMON alarms, define the RMON events that will describe and report the RMON alarms when they occur. Use the rmon event command (in global configuration mode) and save the index identifiers of the event entries, because the rmon alarm command uses them.

• You can use this command multiple times to define multiple RMON alarms.

• If you configure an RMON alarm on an invalid OID, SNMP warning log messages are generated. Use the no form of the rmon alarm command to remove the invalid alarm configuration; otherwise, the SNMP daemon removes the invalid RMON alarm entry after 50 minutes.

Use the no form of this command to delete an entry from the RMON alarm table.

ExamplesThe following example configures entries in the RMON events table with index identifiers 11 and 12. Then it defines an RMON alarm that triggers when the difference between successive 60-second samples of the ipForwDatagrams alarm rises faster than 3,000,000 or drops faster than 1,000,000:

[local]Redback(config)#rmon event 11 log notify owner gold.isp.net description “packets per second rising too quickly in context gold.isp.net”[local]Redback(config)#rmon event 12 log notify owner gold.isp.net description “packets per second falling too quickly in context gold.isp.net”[local]Redback(config)#rmon alarm 1 ipForwDatagrams.0 60 delta rising-threshold 3000000 11 falling-threshold 1000000 12 owner gold.isp.net

Related Commandsrmon event snmp server



rmon eventrmon event index [log] [notify] [owner owner-name] [description text]

no rmon event index

PurposeDefines a Remote Monitoring (RMON) event.


Syntax Description

DefaultNo RMON events are defined

Usage GuidelinesUse the rmon event command to define an RMON event and optionally to provide a description of the event.

You must enable the SNMP server using the snmp server command (in global configuration mode) before you use this command.

If notification is enabled using the notify keyword, the SNMP notification is sent to the destination obtained from the SNMP-NOTIFICATION-MIB and the SNMP-TARGET-MIB, as configured by one or more snmp target or snmp notify-target commands as either an SNMP trap or inform protocol data unit (PDU).

Use the no form of this command to delete an entry from the RMON event table.

ExamplesThe following example shows an RMON event that is saved in the SNMP log table and sends an SNMP notification:

[local]Redback(config)#rmon event 1 log notify owner gold.isp.net description “packetsper second too high in context gold.isp.net”

index Index that uniquely identifies an event with an entry in the event table in the RMON Management Information Base (RMON-MIB).

log Optional. Specifies that the event generates an entry in the RMON-MIB log table.

notify Optional. Specifies that the event generates an SNMP notification.

owner owner-name Optional. Owner of the event.

description text Optional. Description of the event.



Related Commands

rmon alarm snmp notify-target

snmp server snmp target



snmp communitysnmp community string [{all-contexts | context ctx-name}] [access] [tag tag-name] [view

view-name]

no snmp community string

PurposeCreates a community string that permits access to Management Information Base (MIB) objects. This command is used for Simple Network Management Protocol (SNMP) version 1 (SNMPv1) and SNMP version 2c (SNMPv2c) only.


Syntax Description

DefaultThe default context is local. The default access is read-only. The default view name is initial.

Usage GuidelinesUse the snmp community command to create a community string that permits access to MIB objects.

When you create an SNMP community, it is accessible by both SNMPv1 and SNMPv2c agents. The community string can contain up to 63 characters; the first 28 characters in the string must be unique. You cannot include the @ character in the community name because it is used in generating community names when you specify the all-contexts keyword.

string Alphanumeric string to be used as the community string. The string can contain up to 64 characters; the first 28 characters must be unique.

all-contexts Optional. Allows the community access to all contexts.

context ctx-name Optional. Name of the context that contains the specific instances of MIB objects available to the community. The default context is local.

access Optional. Type of access, according to one of the following keywords:

• read-only—Allows the community read-only access to MIB objects.

• read-write—Allows the community read-write access to MIB objects.

tag tag-name Optional. Alphanumeric character string that matches one of the notification tag names defined by the snmp notify-target command in global configuration mode.

view view-name Optional. Name of the previously configured view.

Note This command is used with SNMPv1 and SNMPv2c only. You do not need to enable SNMP server capabilities before creating communities.



Use the all-contexts keyword to trigger the automatic generation of community names for all managed contexts. This keyword allows you to create a community to support all contexts without having to enter the snmp community command for each context. For example, if a SmartEdge router has three configured contexts (local, aol, and uunet), the snmp community Fred all-contexts command creates the structured community strings Fred@local, Fred@aol, and Fred@uunet.

Use the tag tag-name construct to link one or more SNMP communities to one or more IP addresses and thereby limit access to only the SNMP messages from those IP addresses.

The treatment of Border Gateway Protocol (BGP) peer up and peer down traps (bgpBackwardTransNotification and bgpEstablishedNotification) differs from the treatment of other context-specific traps.

• For BGP peer up and peer down traps:

— If you specify the all-contexts keyword, the system reports traps from all contexts.

— If you specify the context ctx-name construct, the system reports traps originating from the specified context.

— If you specify neither the all-contexts nor context ctx-name construct, the system reports only traps from the local context.

• For all other context-specific traps, the system reports traps from all contexts, regardless of whether the all-contexts keyword or context ctx-name construct is used.

Use the no form of this command to remove a community string.

ExamplesThe following command grants the public community read-only access to the MIB objects in the generic view, and triggers the automatic generation of community strings for the local context:

[local]Redback(config)#snmp community public view generic

Related Commands

snmp notify-target snmp server

snmp target snmp view



snmp engine-idsnmp engine-id {local | remote name} id-string

no snmp engine-id remote name

default snmp engine-id local

PurposeSpecifies a unique engine ID for the Simple Network Management Protocol (SNMP) Version 3 (SNMPv3) that can be either local or remote.


Syntax Description

DefaultThe SNMP engine ID is a 24-character string consisting of the Redback Networks Enterprise Management Information Base (MIB) OID and the management port medium access control (MAC) address.

Usage GuidelinesUse the snmp engine-id command to specify a unique engine ID for SNMPv3.

Use the no form of this command to delete the remote engine ID. The local engine ID cannot be deleted.

local Local engine ID.

remote name Remote engine ID.

id-string String of 10 to 64 hexadecimal characters to be used for the engine ID. Use a colon as a separator after each two hexadecimal characters. For a detailed description and format of the SNMP engine ID, see RFC 2571, An Architecture for Describing SNMP Management Frameworks. The string can be arbitrary as long as its length conforms to the format described in RFC 2571. The default value is a variable-length octet string consisting of:

• The Redback Networks Enterprise object identifier (OID), a Redback defined type value, which defines the format of the remaining octets.

• The management IP address, which is the IP address specified for the interface to which the Ethernet management port on the controller card is bound.

• The receiving User Datagram Protocol (UDP) port number, which is either the default, 161, or the UDP port number specified by the snmp server command (in global configuration mode).

Note This command is used with SNMPv3 only. There is no equivalent for SNMP Version 1 (SNMPv1) or SNMP Version 2c (SNMPv2c). You must enable the SNMP server using the snmp server command in global configuration mode before you can specify the engine ID.



Use the default form of this command to set the engine ID to the default value.

ExamplesThe following example specifies an engine ID of 01:02:03:04:ab:cd:

[local]Redback(config)#snmp engine-ID local 01:02:03:04:ab:cd

Related Commandssnmp server snmp user

Caution Risk of data loss. Changing the engine ID invalidates security information for all SNMP users using authentication or privacy, and requires you to re-enter the snmp user command (in global configuration mode). To reduce this risk, postpone entering the snmp user command until after you are satisfied with the definition of the engine ID.

Note It is recommended that you enable the SNMP server using the snmp server command (in global configuration mode) before you configure the engine ID, although it is not required. The recommended sequence of configuration tasks is described in Table 12-3.



snmp groupsnmp group group-name [{context ctx-name [exact | prefix]}] [notify notify-view] [read read-view]

[security-model {1 | 2c | usm level}] [write write-view]

no snmp group group-name [{context ctx-name [exact | prefix]}] [notify notify-view]] [read read-view] [security-model {1 | 2c | usm level}] [write write-view]

PurposeCreates a Simple Network Management Protocol (SNMP) Version 3 (SNMPv3) group.


Syntax Description

group-name Name of the group. The string can be up to 32 characters in length.

context ctx-name Optional. Name of the context. The default value is the local context.

exact Optional. Matches only the context exactly as specified by the context name construct.

prefix Optional. Matches any context that begins with the context name construct.

notify notify-view Optional. Name of the view from which notifications are sent to the group.

read read-view Optional. Name of the view to which this group has read access.

security-model Optional. Specifies the security model to use for the group.

1 Specifies a security model based on SNMP Version 1 (SNMPv1) community strings.

2c Specifies a security model based on SNMP Version 2c (SNMPv2c) community strings.

usm level Security model based on SNMP users (SNMPv3 only), according to one of the following keywords:

• auth—Authorizes SNMP users.

• no auth—Does not authorize SNMP users.

• priv—Enforces authentication privilege level support in SNMPv3.

write write-view Optional. Name of the view to this group has write access.



DefaultA group, “initial”, is automatically created if needed (for instance, if the snmp user command is used in global configuration mode without specifying a group). This group uses the user security model with the noauth security level, and allows read access to the view, “restricted”. No write view or notify view is automatically defined. If the security-model keyword is not specified, the security model is usm and the security level is noauth.

Usage GuidelinesUse the snmp group command to create an SNMPv3 group.

Use the no form of this command to delete an SNMP group. If not specified in the no form of this command, optional parameters are set to their default values.

ExamplesThe following command creates an SNMP group, Admin, that provides authorized read and modify access to the MIB objects defined in a view, Admin-View:

[local]Redback(config)#snmp group Admin security-model usm auth context local read Admin-View write Admin-View

Related Commandssnmp user snmp view

Note This command is used only with SNMPv3 to define access parameters for an SNMP group. You must enable the SNMP server using the snmp server command in global configuration mode before you can configure SNMP groups. For SNMP versions 1 and 2c, use the snmp community command (in global configuration mode).



snmp notifysnmp notify notify-name tag-name [{inform | trap}]

no snmp notify notify-name

PurposeDefines a Simple Network Management Protocol (SNMP) notification entry and associates a tag name with the entry.


Syntax Description

DefaultThe notification type is trap.

Usage GuidelinesUse the snmp notify command to define an SNMP notification entry and to associate a tag name with the entry.

You must enable the SNMP server using the snmp server command (in global configuration mode) before you use this command.

Use this command in conjunction with the snmp notify-target command (in global configuration mode), which references the tag-name argument.

Use the no form of this command to remove a notification entry and tag name from the configuration.

ExamplesThe following example defines a notify entry with the notify and tag names both set to V3Traps:

[local]Redback(config)#snmp notify V3Traps V3Traps trap

notify-name Name of the notification. The string can be up to 32 characters in length.

tag-name Tag name for the notification. The string can be up to 32 characters in length.

inform Optional. Indicates that the notification requires a response from the SNMP target. If no response is sent within five seconds, the inform notification is sent again. The maximum number of retries is two.

trap Optional. Indicates that the SNMP message is a trap, a nonconfirmed notification of certain events.



Related Commandssnmp notify-target snmp server



snmp notify-filtersnmp notify-filter filter-name oid-tree {excluded | included}

no snmp notify-filter filter-name oid-tree

PurposeCreates a Simple Network Management Protocol (SNMP) notify filter that includes or excludes specific notifications.


Syntax Description

DefaultNone

Usage GuidelinesUse the snmp notify-filter command to create an SNMP notify filter that includes or excludes specific notifications.

Use this command in conjunction with the snmp notify-target command (in global configuration mode), which references the filter-name argument.

Use the no form of this command to remove the specified notify filter from the configuration.

ExamplesThe following example displays the notify filter, F-NO-rpMau, excluding the rpMauNotifications notifications:

[local]Redback(config)#snmp notify-filter F-NO-rpMau rpMauNotifications excluded

filter-name Name of the notify filter. The string can be up to 32 characters in length.

oid-tree Object identifier (OID) of the Abstract Syntax Notation One (ASN.1) subtree for which the notifications are to be included or excluded. The format is a string of numbers (such as 1.3.6.2.4) or a word (such as system). Replace a single subidentifier with the asterisk (*) wildcard to specify a subtree family; for example, 1.3.*.4.

excluded Excludes the specified OID tree.

included Includes the specified OID tree.

Note You must enable the SNMP server using the snmp server command (in global configuration mode) before configuring a notify filter.



Related Commands

snmp notify snmp notify-target snmp server



snmp notify-targetsnmp notify-target notify-target-name ip-addr {[address-context ctx-name] [port port] tag tag-list

parameters target-parameters} [filter filter-name] [retry count] [timeout seconds]

no snmp notify-target notify-target-name ip-addr {[address-context ctx-name] [port port] tag tag-list parameters target-parameters} [filter filter-name] [retry count] [timeout seconds]

PurposeConfigures the Simple Network Management Protocol (SNMP) target management station, which receives SNMP notifications.


Syntax Description

DefaultThe UPD port is 162. The context is local. The timeout value is five seconds. The number of retries is two.

notify-target-name Name of the notify target. The string can be up to 32 characters in length. Use the name specified using the snmp notify command (in global configuration mode).

ip-addr IP address of the management station to receive the notifications.

address-context ctx-name Optional. Name of the context from which the notifications are sent. The default context is local.

port port Optional. User Datagram Protocol (UDP) port used to send the notifications to the target. The range of values is 1 to 65,535. The default port number is 162.

tag tag-list List of notification tag names, separated by commas. No spaces are allowed in the list. Tag names are configured using the snmp notify command (in global configuration mode).

parameters target-parameters Name of the target parameters for this target. Use the name specified using the snmp target-parameters command (in global configuration mode).

filter filter-name Optional. Name of the filter to be applied to the target. Use the name specified using the snmp notify-filter command (in global configuration mode).

retry count Optional. Number of times to retry when sending an inform notification. The range of values is 0 to 255; the default value is 2.

timeout seconds Optional. Number of seconds to wait for a reply when an inform notification is sent. The range of values is 0 to 2,147,483,647; the default value is 5.



Usage GuidelinesUse the snmp notify-target command to configure the SNMP target management station, which receives SNMP notifications.

The snmp target and the snmp notify-target commands are mutually exclusive. The snmp target command sets certain parameters to their default values; these parameters are notifyName, targParmName, tag, tagList, seconds, and count.

The snmp target command (in global configuration mode) is equivalent to the set of snmp notify-target, snmp notify, snmp target-parameters, and snmp group (only if the notify notify-view construct has not been set) commands.

Before specifying the notify-target-name argument, you must first create the name using the snmp notify command. You must enable the SNMP server using the snmp server command (in global configuration mode) before you can configure the target management station. Before specifying the parameters target-parameters construct, you must first create the name using the snmp target-parameters command (in global configuration mode). You must enable the SNMP server using the snmp server command (in global configuration mode) before you can configure the target management station. Before specifying the filter-name argument, you must first create the name using the snmp notify-filter command (in global configuration mode).

Use the no form of this command to remove a target from the configuration.

ExamplesThe following command configures the system to send notifications to a target, Nm-Station1, IP address 10.3.4.5, using the tag Inet-Informs, parameters, Param2, and notify filter, F-NO-rpMau:

[local]Redback(config)#snmp notify-target Nm-Station1 10.3.4.5 tag Inet-Informs parameters Param2 filter F-NO-rpMau

Related Commandssnmp notify snmp server

Note You must enable the SNMP server using the snmp server command (in global configuration mode) before you can configure the target management station.



snmp serversnmp server [port port] [enhance ifmib]

no snmp server

PurposeEnables the Simple Network Management Protocol (SNMP) server for SNMP Version 1 (SNMPv1), SNMP Version 2c (SNMPv2c), and SNMP Version 3 (SNMPv3), and enters SNMP server configuration mode.


Syntax Description

DefaultSNMP server capabilities are disabled. The default port is 161.

Usage GuidelinesUse the snmp server command to enable the SNMP server. This command enables the protocol engines for all supported versions of SNMP.

Use the enhance ifmib keyword to add the following functions to the IF-MIB:

• Supports Asynchronous Transfer Mode (ATM), Frame Relay, and 802.1Q permanent virtual circuits (PVCs)

• Supports ATM operations, administration, and management (OAM) trap notifications when the state of an ATM PVC transitions as a result of the OAM function

• Sets the IF-MIB object, ifDescr equal, to ifName

• Supports the IF-MIB objects, ifHCInOctets and ifHCOutOctets, wherever ifInOctets and ifOutoctets are supported

• Supports quality of service (QoS) transmit counters for each queue for each circuit and port for all traffic cards

• To display aggregate traffic counter and link group hierarchical structure information for circuits.

port port Optional. Port number through which the SNMP server receives data. The range of values is 1 to 65,535; the default value is 161.

enhance ifmib Optional. Enables enhancements to the Interfaces Management Information Base (IF-MIB) implementation.



Use the no form of this command to disable the SNMP server.

ExamplesThe following command enables the SNMP server on the default User Datagram Protocol (UDP) port (161):

[local]Redback(config)#snmp server

Related Commands

Note You must enter the snmp server and no snmp server commands in separate transactions for both to take effect. Within a single transaction, entering the snmp server command, followed by the no snmp server command, simply enables the server without then disabling it. Similarly, entering the no snmp server command, followed in the same transaction by the snmp server command, disables the server without then re-enabling it. To terminate the current transaction, enter the commit command (in global configuration mode) before you can configure the target management station. Then enter the form of the snmp server command as required. For more information on the commit command, see Chapter 2, “Using the CLI.”

abort context-filter ifmib snmp community snmp server

snmp target snmp view traps



snmp targetTo send Simple Network Management Protocol (SNMP) version 1 notifications, use the following syntax:

snmp target target-name ip-addr [[port port] address-context ctx-name] security-name sec-name [trap] [version 1] [view notify-view]

no snmp target target-name

To send SNMP version 2 (SNMPv2) notifications, use the following syntax:

snmp target target-name ip-addr [[port port] address-context ctx-name] security-name sec-name [inform | trap] [version 2] [view notify-view]


To send SNMP version 3 (SNMPv3) notifications, use the following syntax:

snmp target target-name ip-addr [[port port] address-context ctx-name] security-name sec-name [group group-name] [inform | trap] [version 3 [security-level level]] [view notify-view]


PurposeConfigures the SNMP notifications sent to the SNMP target management station.


Syntax Description

target-name Name of the target management station. The string can be up to 32 characters in length.

ip-addr IP address of the target management station.

address-context ctx-name Optional. Name of the context from which notifications are sent.

port port Optional. User Datagram Protocol (UDP) port to receive notifications. The default port is 162.

security-name sec-name Username or community string for the notifications. For SNMPv1 or SNMPv2c, enter a community name you specified with the snmp community command (in global configuration mode). For SNMPv3, enter a username you specified with the snmp user command (in global configuration mode).

group group-name Optional. String that specifies which group parameters apply to the notifications sent to the SNMP target management station. The group name is a name you specified with the snmp group command (in global configuration mode) for SNMPv3.



DefaultThe SNMP version is version 2c. The notification view created by the system is restricted. The notification type is trap. The port is 162.

Usage GuidelinesUse the snmp target command to configure the SNMP notifications sent to the SNMP target management station.

The snmp target and the snmp notify-target commands are mutually exclusive.

The snmp target command sets certain parameters to their default values; these parameters are notifyName, targParmName, tag, tagList, seconds, and count. It is equivalent to the set of snmp notify-target, snmp notify, snmp target-parameters, and snmp group commands (only if the notify notify-view construct has not been set).

Use the no form of this command to remove an SNMP target.

ExamplesThe following example creates an SNMP target, NM-Station1, at IP address, 198.164.190.110, to receive SNMPv2c and SNMPv3 traps from the view, InetView, using a community name of Admin:

[local]Redback(config)#snmp target NM-Station1 198.164.190.110 security-name Admin version 2c view InetView trap

inform Optional. Indicates that the type of notification is inform, a confirmed notification that requires a response from the SNMP target. If no response is sent within five seconds, the inform notification is sent again. The number of retries is two.

trap Optional. Indicates that the type of notification is trap: a nonconfirmed notification.

version 1 Optional. Specifies that SNMPv1 is sent to the target.

version 2 Optional. Specifies that SNMPv2c is sent to the target.

version 3 Optional. Specifies that SNMPv3 is sent to the target.

security-level level Optional. Applies only to SNMPv3. Security level to be applied to an SNMP target, according to one of the following keywords:

• auth—Provides authorization.

• noauth—Does not provide authorization.

• priv—Privacy. Enforces authentication privilege level in SNMPv3.

view notify-view Optional. SNMP notify view. The default view is restricted.

Note SNMPv2c and SNMPv3 support both the inform and trap keywords, but SNMPv1 supports only the trap keyword.



Related Commands

rmon eventsnmp community

snmp server snmp view



snmp target-parameterssnmp target-parameters parameter-name security-name sec-name [version version]

[security-level level]

no snmp target-parameters parameter-name

PurposeConfigures the security name and optionally the Simple Network Management Protocol (SNMP) version and security level used in notifications sent to the SNMP target management station.


Syntax Description

DefaultNone

Usage GuidelinesUse the snmp target-parameters command to configure the security name and optionally the SNMP version and security level used in notifications sent to the SNMP target management station.

parameter-name Name of the target parameter set.

security-name sec-name Community name you specified using the snmp community command for SNMP Version 1 (SNMPv1) or SNMP Version 2c (SNMPv2c), or username you specified using the snmp user command for SNMP Version 3 (SNMPv3).

version version Optional. SNMP version to use to send the notifications, according to one of the following keywords:

• 1—Specifies SNMPv1.

• 2c—Specifies SNMPv2c.

• 3—Specifies SNMPv3.

security-level level Optional. Security level to be applied to an SNMP target, according to one of the following keywords:

• auth—Provides authorization.

• noauth—Does not provide authorization.

• priv—Enforces authentication privilege level support in SNMPv3.

Note You must enable the SNMP server using the snmp server command (in global configuration mode) before you can configure target parameters.



Use this command in conjunction with the snmp notify-target command (in global configuration mode).

For the auth, noauth, and priv keywords, no authorization is provided in SNMPv1 and SNMPv2c. You must specify the noauth keyword for SNMPv1 and SNMPv2c. For SNMPv3, you can specify any of the three keywords. Enforcing either the optional auth or priv keyword applies authorization or privacy support to the designated SNMP target; use the optional noauth keyword to apply neither authorization nor privacy support.

Use the no form of this command to remove the specified target parameter information from the configuration.

ExamplesThe following command configures a set of parameters, Param2, that includes the security name, ADMIN, and specifies the SNMPv3 protocol using authorization:

[local]Redback(config)#snmp target-parameters Param2 security-name ADMIN version 3 security-level auth

Related Commands

snmp community snmp notify snmp notify-target

snmp server snmp target snmp user



snmp usersnmp user name [engine name] [group group-name] [security-model usm {noauth |

authentication {key auth-key [encoded base64] [des56 des-key] | password auth-pwd [des56 priv-pwd]}}]

no snmp user name [engine name] [group group-name] [security-model usm {noauth | authentication {key auth-key [encoded base64] [des56 des-key] | password auth-pwd [des56 priv-pwd]}}]

PurposeConfigures a Simple Management Network Protocol (SNMP) version 3 (SNMPv3) user.


Syntax Description

DefaultThe default security model is USM with no authentication.

name Name of the SNMP user, up to 32 characters long.

engine name Optional. Name of the remote engine previously configured using the snmp engine-id command.

group group-name Optional. Name of the group to which the user belongs, up to 32 characters long.

security-model usm Optional. Specifies the User-Based Security Model (USM) for SNMPv3.

noauth Specifies no authentication.

authentication USM for SNMPv3, according to one of the following keywords:

• md5—Specifies Message Digest 5 (MD5) authentication.

• sha—Specifies Secure Hash Algorithm (SHA) authentication.

key auth-key Authentication key value. Specified only for the user security model, with MD5 or SHA authentication.

encoded base64 Optional. Specifies that the key provided in the command is already in a base 64 encoded form. If you omit this keyword, the system encodes the auth-key argument prior to storing it in the configuration.

des56 des-key Optional. Data encryption standard 56 (DES56) encrypted key value.

password auth-pwd Authentication password. Specified only for the user security model, with MD5 or SHA authentication.

des56 priv-pwd Optional. DES56 encrypted privileged password in text string form.



Usage GuidelinesUse the snmp user command to configure an SNMPv3 user. You must first enable the SNMP server using the snmp server command (in global configuration mode) before configuring a user.

Use the no form of this command to remove an SNMP user.

ExamplesThe following command creates an SNMP user, Admin, that is part of the group, Group4, and uses MD5 authentication with the password xyzzy, and an optional des56 password, loopy:

[local]Redback(config)#snmp user Admin group Group4 security-model usm md5 password “xyzzy” des56 loopy

Related Commands

snmp engine-id snmp group snmp server

snmp targetsnmp view



snmp viewsnmp view view-name oid-tree {excluded | included}

no snmp view view-name [oid-tree]

PurposeDefines a Simple Network Management Protocol (SNMP) Management Information Base (MIB) view.


Syntax Description

DefaultA default view, “restricted”, is enabled when it is referenced by a user creating a community without a specific view. This view provides access to the following MIB groups: system, snmp, snmpEngine, and snmpMPDStats.

Usage GuidelinesUse the snmp view command to define an SNMP MIB view. MIB views control which SNMP communities have access to specific MIB objects.

Use the no form of this command to remove the specified MIB view entry.

ExamplesThe following example creates a view that includes all objects in the Internet subtree:

[local]Redback(config)#snmp view everything internet included

The following example creates a view that includes only the system group and the interface MIB objects for the port with a value of 6:

[local]Redback(config)#snmp view port6 system include[local]Redback(config)#snmp view port6 ifEntry.*.6 included

view-name Alphanumeric string used as a label for the view record that you are updating or creating. The name is used to reference the record. The string can be up to 32 characters in length.

oid-tree Object identifier (OID) of the ASN.1 subtree to be included, or excluded, from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system. Replace a single subidentifier with the asterisk (*) wildcard to specify a subtree family; for example 1.3.*.4. Optional when used in the no form.

excluded Excludes the specified OID tree.

included Includes the specified OID tree.



Related Commandssnmp community snmp server



trapstraps {ifmib {encaps | ip} | ds1mib | ds3mib | l2tpmib | nemib {exclusive | non-exclusive}}

no traps {ifmib {encaps | ip} | ds1mib | ds3mib | l2tpmib | nemib}

PurposeEnables Simple Network Management Protocol (SNMP) notifications for events described in the selected Management Information Bases (MIBs).

Command ModeSNMP server configuration

Syntax Description

DefaultNotification of all conditions is disabled globally for all encapsulation layers, IP layers, and L2TP tunnels.

Usage GuidelinesUse the traps command to enable SNMP notifications for events described in the selected MIBs.

You can enter this command multiple times to enable notifications for encapsulation layers, IP layers, or L2TP tunnels.

The settings for the traps command are global; however, with the ifmib encaps construct, it is overridden locally by the setting of the traps command (in DS-0 group configuration mode) for that specific DS-0 channel group. For more information on the traps command in DS-0 group configuration mode, see the “Clear-Channel and Channelized Port and Channel Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

ifmib encaps Enables linkUp and linkDown notifications as described in the Interfaces MIB (IF-MIB) for the following interface encapsulation layers: Cisco High-Level Data Link Control (HDLC), Point-to-Point Protocol (PPP), and Frame Relay.

ifmib ip Enables linkUp and linkDown notifications as described in the IF-MIB for the IP layer.

ds1mib Enables event notifications as described in the DS1-MIB for DS-1 ports.

ds3mib Enables event notifications as described in the DS3-MIB for DS-3 ports.

l2tpmib Enables event notifications as described in the Layer 2 Tunneling Protocol MIB (L2TP-MIB) for L2TP tunnels.

nemib exclusive Enables event notifications as described in the RBN-NOTIFY-ENHANCE-MIB while disabling the corresponding notifications in all other MIBs.

nemib non-exclusive Enables event notifications as described in the RBN-NOTIFY-ENHANCE-MIB in addition to the corresponding notifications in all other MIBs.



When entered with the nemib non-exclusive and nemib exclusive constructs, the notifications in the RBN-NOTIFY-ENHANCE-MIB provide more information than the corresponding notifications in standard MIBs, such as IF-MIB, DS1-MIB, DS3-MIB, ENTITY-MIB, and some earlier Redback Networks Enterprise MIBs, such as RBN-CARDMON-MIB.

The nemib exclusive construct disables the following standard traps:

• linkDown and linkUp

• dsx1LineStatusChange and dsx3LineStatusChange

• entConfigChange and rbnCardAlarm

If you specify neither the nemib non-exclusive nor nemib exclusive construct, the notifications in the RBN-NOTIFY-ENHANCE-MIB are disabled by default.

Use the no form of this command to disable notifications of up and down conditions for encapsulation layers, IP layers, or L2TP tunnels and use the unenhanced versions of the traps.

ExamplesThe following example enables notifications for Cisco HDLC, PPP, and Frame Relay encapsulation layers, IP layers, and L2TP tunnels:

[local]Redback(config)#snmp server enhance ifmib[local]Redback(config-snmp-server)#traps ifmib encaps[local]Redback(config-snmp-server)#traps ifmib ip[local]Redback(config-snmp-server)#traps l2tpmib[local]Redback(config-snmp-server)#traps nemib exclusive

Related Commandssnmp server

Note By default, only IF-MIB physical ports generate linkUp and linkDown notifications.

Note The SmartEdge 100 router does not have DS-1 and DS-3 ports.

P a r t 6

Appendixes

This part provides a list of supported Management Information Base (MIB) objects and consists of Appendix A, “Supported MIBs.”

Supported MIBs A-1

A p p e n d i x A

Supported MIBs

The SmartEdge® OS supports the IETF-standard Management Information Bases (MIBs) listed in Table A-1 and the Redback® Networks Enterprise MIBs listed in Table A-2.

Note The SmartEdge 100 router does not support all MIBs listed in the tables. Unsupported MIBs are indicated in the Notes column of Table A-1 and the footnotes of Table A-2.

Note If you have a support contract, you can download the Redback Networks Enterprise MIBs after you log on at http://www.redback.com/Redback/Home/Support.html.

Table A-1 Standard MIBs Supported by the SmartEdge OS

MIB Name Reference Document Notes

ATM-MIB RFC 2515, Definitions of Managed Objects for ATM Management

BGP4-MIB RFC 4273, Definitions of Managed Objects for BGP-4

DS1-MIB RFC 2495, Definitions of Managed Objects for the DS1, E1, DS2 and E2 Interface Types

Unsupported on the SmartEdge 100 router

DS3-MIB RFC 2496, Definitions of Managed Objects for the DS3/E3 Interface Type


ENTITY-MIB RFC 2037, Entity MIB Using SMIv2

ETHERLIKE-MIB RFC 2665, Definitions of Managed Objects for the Ethernet-like Interface Types

FRAME-RELAY-DTE-MIB RFC 2115, Management Information Base for Frame Relay DTEs Using SMIv2


http://www.redback.com/Redback/Home/Support.html

A-2 Basic System Configuration Guide

IF-MIB RFC 2863, The Interfaces Group MIB Write access to some read-write objects is not allowed.Use the IF-MIB to display management port information.Use the snmp server command (in global configuration mode) with the enhance ifmib keyword to enable IF-MIB enhancements; for example, to display aggregate traffic counter and link group hierarchical structure information for circuits. Use the traps command (in SNMP server configuration mode) to enable linkUp and linkDown notifications on the IF-MIB encapsulation layers.Use the IF-MIB to allow a user to obtain the total traffic passed for all Border Gateway Protocol (BGP)/Multiprotocol Label Switching Virtual Private Networks (BGP/MPLS VPNs) instances between a given pair of provider edge (PE) routers.The IF-MIB also supports virtual LAN (VLAN) circuit description in the ifAlias object.

IP-FORWARD-MIB RFC 2096, IP Forwarding Table MIB

IP-MIB RFC 2011, SNMPv2 Management Information Base for the Internet Protocol using SMIv2

OSPF2-MIB RFC 4750, OSPF Version 2 Management Information Base

RADIUS-ACC-CLIENT-MIB RFC 2620, RADIUS Accounting Client MIB

RADIUS-AUTH-CLIENT-MIB RFC 2618, RADIUS Authentication Client MIB

RFC1213-MIB RFC 1213, Management Information Base for Network Management of TCP/IP-based Internets: MIB-II

RMON-MIB RFC 2819, Remote Network Monitoring Management Information Base

SNMP-COMMUNITY-MIB RFC 2576, Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework

For security reasons, the snmpCommunityTable is accessible only through the command-line interface (CLI).

SNMP-FRAMEWORK-MIB RFC 3411, An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks

SNMP-MPD-MIB RFC 3412, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)

SNMP-NOTIFICATION-MIB RFC 3413, Simple Network Management Protocol (SNMP) Applications

SNMP-TARGET-MIB RFC 3413

SNMP-USER-BASED-SM-MIB RFC 3414, User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)

Table A-1 Standard MIBs Supported by the SmartEdge OS (continued)


Supported MIBs A-3

Table A-2 lists the Redback Networks Enterprise MIBs supported by the SmartEdge OS.

SNMPv2-MIB RFC 3418, Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)

SNMP-VIEW-BASED-ACM-MIB RFC 3415, View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)

SONET-MIB RFC 2558, Definitions of Managed Objects for the SONET/SDH Interface Type


TCP-MIB RFC 2012, SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2

TRAP-DEFINITIONS-MIB RFC 1215, Convention for defining traps for use with the SNMP

UDP-MIB RFC 2013, SNMPv2 Management Information Base for the User Datagram Protocol Using SMIv2

Table A-2 Redback Networks Enterprise MIBs Supported by the SmartEdge OS

MIB Name Task

RBN-AAL5-VCL-STAT-MIB Defines objects used to instrument configuration and performance statistics beyond those instrumented by standards-track MIBs for an Asynchronous Transfer Mode (ATM) virtual channel link (VCL).

RBN-X-AAL5-VCL-STAT-MIB Defines objects used to instrument statistics associated with an ATM VCL.

RBN-ATM-PROFILE-MIB Manages ATM profiles.

RBN-ATM-PVC-OAM-MIB Monitors the ATM operations, administration, and maintenance (OAM) functions.

RBN-BGP-ACCOUNTING-MIB Defines objects to account for IP traffic differentially using the BGP policies. RBN-BGP-ACCOUNTING-MIB only works when the snmp server enhance ifmib command (in global configuration mode) is enabled.

RBN-BIND-MIB Defines the objects for used to support the configuration and management of circuit bindings.

RBN-BULKSTATS-MIB Manages bulk statistics gathering functions on SmartEdge routers.

RBN-CARDMON-MIB Manages the controller, alarm, and traffic card alarm functions.1

RBN-CONFIG-FILE-MIB Saves the running SmartEdge router configuration on a File Transfer Protocol (FTP) or Trivial FTP (TFTP) server, and loads the SmartEdge router configuration files from a FTP or TFTP server.

RBN-CPU-METER-MIB Manages CPU utilization.

RBN-DHCP-MIB Provides a table for monitoring the configuration and statistics of Dynamic Host Configuration Protocol (DHCP) range thresholds in an interface, and a group of scalars for monitoring the configuration and statistics of DHCP thresholds for the context.

RBN-DS1-MIB3 Describes DS-1, E-1, and E-2 interface objects beyond those instrumented by standards-track MIBs.

RBN-DS3-MIB3 Describes DS-3 and E-3 interface objects, beyond those instrumented by standards-track MIBs.

RBN-ENVMON-MIB Generically manages environmental monitoring functions on SmartEdge routers.2 A new MIB table, rbnFanSpeedTable, is also added to display the speed of the fan unit on the SmartEdge 100 router.

RBN-IP-BIND-MIB Monitors IP interface binding to physical ports and circuits as they are represented in the IF-MIB.

Table A-1 Standard MIBs Supported by the SmartEdge OS (continued)


A-4 Basic System Configuration Guide

RBN-IP-POOL-MIB Provides information that matches the information displayed by the show ip pool falling-threshold command (in any mode).

RBN-L2TP-MIB Defines the objects used to monitor Layer 2 Tunneling Protocol (L2TP) configuration information.

RBN-L2VPN-MIB Provides data that matches the information displayed when entering the show l2vpn command (in any mode) using the xc option.

RBN-MEMORY-MIB Manages system memory usage.

RBN-NOTIFY-ENHANCE-MIB Enhances the notification objects on Redback devices.

RBN-PRODUCT-MIB Contains the administrative assignments which are used to uniquely identify physical components.

RBN-PVC-MIB Defines the objects used to support the creation, deletion, and management of ATM and Ethernet 802.1Q PVCs.

RBN-QOS-MIB Manages the interfaces which have quality of service (QoS) enabled. Also monitors the QoS queue statistics on the subscriber circuits (CLIPS and PPPoE), with traffic management (TM) based priority weighted fair queuing (PWFQ).

RBN-RADIUS-MIB Defines additional objects and notifications for managing the Remote Authentication Dial-In User Service (RADIUS) authentication and accounting servers in use by the SmartEdge router.

RBN-SMI Defines the object identifiers (OIDs) for use within the enterprise OID subtree allocated to Redback Networks.

RBN-STACKED-VLAN-MIB Defines objects for managing the interfaces in the stacked VLAN.

RBN-SUBSCRIBER-ACTIVE-MIB Defines the objects used to support the management of active subscribers in the Redback product family.

RBN-SYS-RESOURCES-MIB Manages system resources, such as process event, disk utilization, and switchovers.

RBN-TACACS-MIB Defines notifications for tracking the Terminal Access Controller Access Control System Plus (TACACS+) server state (in accordance with Internet-Draft draft-grant-tacacs-02.txt).

1. For a list of controller and traffic card alarms supported by this MIB, see the MIB’s capability file.2. Alarm conditions that are reported in this MIB are normal, failed, absent, or unknown.3. RBN-DS1-MIB and RBN-DS3-MIB are unsupported on the SmartEdge 100 router.

Table A-2 Redback Networks Enterprise MIBs Supported by the SmartEdge OS (continued)

MIB Name Task

Index 1

Index

Symbols! character, to add configuration file comments, 3-3? character, to include in command syntax when not a request

for help, 2-6\ character, to disable alias processing, 5-6

Numerics802.1Q PVCs, bulkstats schema profile variables, 11-21

Aadministrator accounts, context administrator

configuring attributesauthentication, 6-7described, 6-7initial privilege level, 6-7maximum privilege level, 6-7

creating, 6-7administrator accounts, local administrator

configuring attributesauthentication, 4-3described, 4-3initial privilege level, 4-3maximum privilege level, 4-3

creating, 4-3enabling remote access, 4-3securing the console, 4-3selecting context, 4-3

administrator configuration mode, described, 1-11administrator name, logging on to the system, 2-3alias, for context, 6-15architecture, SmartEdge OS, 1-2ATM (Asynchronous Transfer Mode) ports, bulkstats

schema profile variables, 11-17ATM DS-3 configuration mode, described, 1-11ATM OC configuration mode, described, 1-11ATM profile configuration mode, described, 1-11ATM PVCs, bulkstats schema profile variables, 11-19audience, for this guide, xviiauto-more commands, 2-7

Bbanners, creating or modifying

after logonall users, 4-5Telnet and SSH users, 4-5

MOTD, 4-5BGP (Border Gateway Protocol) process, monitoring,

example, 9-3bulkstats (bulk statistics)

defined, 11-1file transfer mechanism, 11-2overview, 11-1

bulkstats (bulk statistics) policiesconfiguring attributes

filename format on remote server, 11-3header lines in collection files, 11-3interval between collection samples, 11-4interval between file uploads, 11-4local storage location, 11-3maximum storage allocated, 11-3profile definitions included in collection files, 11-4remote server for collection files, 11-3

creating or selecting, 11-3enabling collection, 11-4

bulkstats (bulk statistics) schema profilesapplying, 11-4creating or modifying, 11-4defined, 11-2SmartEdge OS variables for

802.1Q PVCs, 11-21ATM PVCs, 11-19context schemas, 11-15DS-0 channel groups, 11-18DS-1 channels, 11-18DS-3 channels, 11-18E1 channels or ports, 11-18Frame Relay PVCs, 11-20global schemas, 11-14ports, 11-17

2 Basic System Configuration Guide

subscribers, 11-15special characters for format strings, 11-13

bulkstats configuration mode, described, 1-11

Cchannelized OC-12 ports, bulkstats schema profile

variables, 11-17channelized STM-1 ports, bulkstats schema profile

variables, 11-17channels, in the SmartEdge OS, 1-7characters, in command syntax, xixcircuits, in the SmartEdge OS, 1-7CLI (command-line interface), accessing

from console port, 2-1through SSH, 2-1through Telnet, 2-1

clocks, configuring, 5-4command modes

conventions, xviiitable of, 1-11

command output, examining, 2-7command privilege conventions, xviiicommands

aliases, defining, 5-5case-sensitivity, 2-2default form, 2-2displaying

configuration, 2-4history, 2-4transactions, 2-4

macroscompleting, 5-6defining, 5-6specifying commands, 5-6

no form, 2-2privilege level, assigning, 5-5

command syntaxspecial characters, xixterminology, xviiitext formats, xix

configuration filesadding comments, 3-3loading, 3-4saving, 3-4specifying for automatic reload, 3-4

configuration modes, organization, 1-10console ports

accessing the CLI, 2-1enabling console break key, 5-3logging on, 4-2securing, 4-2

context-boundSNMP query responses, 12-10

context configuration mode, described, 1-11contexts

bulkstats schema profile variables, 11-15configuring attributes

bulkstats schema profile, 6-6domain alias, 6-6falling-threshold parameters, 6-6privilege level authentication, 6-6privilege level password, 6-6

creating or modifying, 6-6enabling multiple-context service, 6-5local, defined, 6-2multiple contexts, 5-3multiple contexts, defined, 6-2

context-specificbulkstats, 11-1ip pool, 6-24logging, 10-3

conventions, used in this guidecommand modes, xviiicommand privilege, xviiicommand syntax, xviiionline navigation aids, xxitask tables, xx

core dump data collection, enabling, 9-2core dumps, managing, 9-2Craft port, 2-1

Ddatabase transactions

commenting, 2-5committing, 2-5exiting, 2-5managing, 2-5saving, 2-5starting, 2-5terminating, 2-5

default, form of a commanddescribed, 1-13using, 2-2

DHCP (Dynamic Host Control Protocol), configuring ip pools, 7-17

domain alias, configuring for context, 6-15dot1q profile configuration mode, described, 1-12DS-0 channel groups, bulkstats schema profile

variables, 11-18DS-0 group configuration mode, described, 1-12DS-1 configuration mode, described, 1-12DS-3 channels or ports, channelized bulkstats schema profile

channel variables, 11-18port variables, 11-17

DS-3 channels or ports, clear-channel bulkstats schema profile

Index 3


DS-3 configuration mode, described, 1-12

EE1 channels or ports, channelized bulkstats schema profile


E1 channels or ports, clear-channel bulkstats schema profilechannel variables, 11-18port variables, 11-17

E1 configuration mode, described, 1-12E3 configuration mode, described, 1-12E3 ports, clear-channel bulkstats schema profile

variables, 11-17Emacs, keyboard shortcuts, 2-6encryption

DES, 4-4password, 2-3SSH, 4-4

Ethernet ports, bulkstats schema profile variables, 11-17events

severity levels in log messages, 10-2SNMP, 12-4

exec modedescribed, 1-11functions, 1-10initial command mode, 2-3

FFrame Relay profile configuration mode, described, 1-12Frame Relay PVCs, bulkstats schema profile

variables, 11-20FTP (File Transfer Protocol)

bulkstats file transfers, 11-30system images and configuration files, 3-3

Gglobal configuration mode, described, 1-12

Hhelp, obtaining

for current command or option, 2-5for the ? option, 2-5

Iinterface configuration mode, described, 1-12interfaces, configuring

binding bridged interface, 7-5described, 7-5DF flag, 7-5ICMP packet-too-big messages, 7-5

IP addresses, 7-5MTU IP packet size, 7-5

Kkeepalive parameters, TCP, configuring, 5-5

LL2TP (Layer 2 Tunneling Protocol), enabling licenses, 5-4last-resort interface

configuring, 7-5defined, 7-2

local context, defined, 6-2logging

configuration examples, 10-4configuring context-specific attributes

filtering debug messages for valid circuits only, 10-3filtering information, 10-3sending messages to console, 10-3sending messages to file, 10-3sending messages to remote syslog server, 10-3

configuring global attributesdisplaying millisecond resolution timestamp, 10-3sending messages to controller card, 10-3storing debug messages in log buffer, 10-3

debug, 10-2event severity levels, 10-2main, 10-2on to the system, 2-3severity filter, 10-10severity numeric value, 10-2syslog facility, 10-2

loopback interfaces, with ip source address, 7-20

Mmacro configuration mode, described, 1-12management port

binding, creating, 4-4configuring attributes

context, 4-4IP address, 4-4

creating an interface, 4-4enabling operations, 4-4selecting, 4-4

messages, event severity levels, 10-2metering policy, 11-15MIBs (Management Information Bases), supported

Redback Networks Enterprise, A-3standard, A-1

mode access commands and prompts, 1-11monitor duration, setting, example, 9-3MOTD (message of the day), configuring, 4-5MPLS (Multiprotocol Label Switching), enabling

licenses, 5-4


multiple contexts, defined, 6-2

NNetOp

communicationconfiguring, 9-2example, 9-3

configuration mode, described, 1-12daemon, enabling, 9-2

no, form of a commanddescribed, 1-13using, 2-2

Oonline navigation aids, in this guide, xxiordering documentation, xxiorganization, of this guide, xvii

Ppasswords

configuring for privilege levels, 6-6enabling software license, 5-4encryption, 2-3logging on to the system, 2-3

PDU (protocol data unit)configuring, 12-13RFC, 12-3

policing policy, 11-16port configuration mode, described, 1-12ports, in the SmartEdge OS, 1-7POS (Packet over SONET/SDH) ports, bulkstats schema

profile variables, 11-17privilege level, determining, 5-18process management parameters, setting, example, 9-3publications, related to this guide, xv

RRBN-ATM-PVC-OAM-MIB, 12-4RBN-BULKSTATS-MIB, 12-4RBN-CARDMON-MIB, 12-4RBN-CONFIG-MIB, 12-5RBN-DHCP-MIB, 12-4RBN-L2TP-MIB, 12-5RBN-NOTIFY-ENHANCE-MIB, 12-5RBN-RADIUS-MIB, 12-5RBN-SYS-RESOURCES-MIB, 12-5RBN-TACACS-MIB, 12-5RCP (Remote Copy Protocol)

system images and configuration files, 3-3real-time clock

setting time and date, 5-5RMON (Remote Monitoring), configuring alarm or event

entry, 12-7

SSCP (Secure Copy Protocol)

bulkstats file transfers, 11-30system images and configuration files, 3-3

sessionschanging

configuration modes, 2-4modes, 2-4privilege level, 2-4

configuring timeouts forCLI session, 4-5log on, 4-5

ending, 2-4restoring privilege level, 2-4returning to exec mode, 2-4starting configuration, 2-4timeout, configuring, 4-5

SFTP (Secure Shell File Transfer Protocol)bulkstats file transfers, 11-30system images and configuration files, 3-3

shortcuts, for commands and keywords, 2-2SmartEdge OS

applications, 1-4architecture, described, 1-2channels, 1-7circuits, 1-7concepts, 1-5performance, 1-1

SNMP server configuration mode, described, 1-12SNMPv1 (Simple Network Management Protocol,

Version 1), 12-6configuring target management station, 12-6creating

additional views, 12-6communities, 12-6

enablingnotifications, 12-6server, 12-6

SNMPv2c (Simple Network Management Protocol, Version 2c)

configuring target management station, 12-6creating

additional views, 12-6communities, 12-6

enablingnotifications, 12-6per-context filtering, 12-6server, 12-6

SNMPv3 (Simple Network Management Protocol, Version 3)

configuring target management station, 12-7

Index 5

creatingadditional views, 12-7groups, 12-7users, 12-7

enablingnotifications, 12-7per-context filtering, 12-6server, 12-6

security, 12-6specifying engine ID, 12-7

software license configuration mode, described, 1-12software licensing, enabling

L2TP, 5-4MPLS, 5-4subscriber features and functions, 5-4

special characters, in command syntax, xixSSH (Secure Shell)

configuring, 4-4configuring attributes

concurrent sessions, 4-5drop rate, 4-5maximum sessions, 4-5

DES encryption, 4-4server attributes, 4-4using to log on, 2-3

standby console portlogging on, 4-3securing, 4-3

STM-1 configuration mode, described, 1-12subscriber configuration mode, described, 1-12subscriber name, configuring, 8-27subscribers

bulkstats schema profile variables, 11-15configuring attributes

ATM shaping profile, 8-4browser URL, 8-5bulkstats schema profile, 8-4IP address, 8-4IP address spoofing, 8-4IP static routes, 8-4maximum number of sessions, 8-4MOTM, 8-5named profile, 8-4NBNS server, 8-4passwords, 8-5PPP MTU, 8-5session timeouts, 8-4

creatingdefault profile, 8-3named profiles, 8-3record, 8-3

enabling the software license, 5-4excluding header data from statistics collection, 8-3limiting sessions, 8-4

statistics collection, 8-3syslog facility, 10-2, 10-4system access, enabling application protocols, 5-3system clock

configuring automatic daylight savings time switching, 5-5

configuring clock source, 5-4configuring clock zones, 5-4configuring timing interface, 5-4setting time and date, 5-5

system configurationchanging configuration, 3-3changing interactively, 3-3

system hostname, required for remote log on, 2-3system identity, configuring attributes

system confirmations context, 5-3system contact, 5-3system hostname, 5-3system lacp mac-address, 5-3system lacp priority, 5-3system location, 5-3

system monitoringapplying global bulkstats schema profile, 11-4bulkstats schema profile variables, 11-14core dump files, uploading, 9-2enabling

DRAM crash dumps, 9-2NetOp communications, 9-2

monitoring process duration, 9-2setting processes, 9-2

system monitoring, managing, 9-2system prompts, 1-11system recovery, enabling automatic reload, 5-3system-wide management features, configuring, 9-2

Ttab key, using to complete CLI commands, 2-6task tables, described, xxTelnet, using to log on, 2-3terminal, CLI pagination, 2-7terminology, in command syntax, xviiitext formats, in command syntax, xixTFTP (Trivial File Transfer Protocol)

system images and configuration files, 3-3timeout, session, configuring, 8-4traffic cards, configuring attributes, automatic reload of

PPAs, 5-3Transmission Control Protocol (TCP), configuring keepalive

parameters, 5-49traps, SNMP, 12-3

Commands 1

Commands

Symbols?, 2-10

Aabort, 2-12administrator, 6-9advertise, 9-5alias, 5-9

Bbanner exec, 4-8banner login, 4-10banner motd, 4-12boot configuration, 3-5bulkstats policy, 11-7bulkstats schema, 11-9bulkstats schema profile, 11-12

Cclock set, 5-11collection, 11-23comment, 2-13commit, 2-14configure

entering global configuration mode, 5-13using existing configuration file, 3-7

connection-mode, 9-7context, 6-11context-filter ifmib, 12-10context vpn-rd, 6-13count exclude subscriber, 8-8

Ddescription, 7-7disable, 2-16domain, 6-15

Eenable, 2-17enable authentication, 6-17enable encrypted, 6-19enable password, 6-21end, 2-19exit, 2-20

Ffull-name, 6-23

Hheader format, 11-25help, 2-21

Iinterface, 7-8ip address

interfaces, 7-11subscribers, 8-9

ip clear-df, 7-14ip icmp, 7-15ip mtu, 7-16ip pool

contexts, 6-24interfaces, 7-17

ip source-address, 7-20ip source-validation, 8-12ip subscriber route, 8-13ip tcp mss, 7-23ip unnumbered, 7-25ipv6 address, interfaces, 7-26

Ll2tp, 5-14limit, 11-27localdir, 11-29logging active, 10-5


logging cct-valid, 10-6logging console, 10-7logging debug, 10-8logging file, 10-9logging filter, 10-10logging standby, 10-12logging syslog, 10-13logging timestamp millisecond, 10-14

Mmacro, 5-15monitor duration, 9-9mpls, 5-17

Nnbns, 8-15netop, 9-10

Ppassword, 8-17port-limit, 8-18privilege, 5-18privilege max, 6-26privilege start, 6-27profile, 8-19public-key, 6-28

Rreceiver, 11-30remotefile, 11-32rmon alarm, 12-11rmon event, 12-13

Ssample-interval, 11-34save configuration, 3-10schema, 11-35schema-dump, 11-37seq, 5-20service, 5-22service auto-system-recovery, 5-24service card-auto-reload, 5-25service console-break, 5-26service crash-dump-dram, 9-11service multiple-contexts, 6-31service upload-coredump, 9-12service wildcard-domain, 6-32session-action, 8-20session-limit, 8-22shaping-profile, 8-25snmp community, 12-15snmp engine-id, 12-17

snmp group, 12-19snmp notify, 12-21snmp notify-filter, 12-23snmp notify-target, 12-25snmp server, 12-27snmp target, 12-29snmp target-parameters, 12-32snmp user, 12-34snmp version, 9-14snmp view, 12-36software license, 5-28ssh server full-drop, 4-13ssh server rate-drop, 4-15ssh server start-drop, 4-16stats-collection, 8-26subscriber

creating record or profile, 8-27licensing, 5-29

system clock-source, 5-32system clock-source external, 5-34system clock-source timing-type, 5-36system clock summer-time, 5-38system clock timezone, 5-41system confirmations context, 5-43system contact, 5-44system hostname, 5-45system lacp mac-address, 5-46system lacp priority, 5-47system location, 5-48

Ttcp keepalive, 5-49timeout, subscriber sessions, 8-29timeout login, 4-17timeout sessions, default for all administrators, 4-18transfer-interval, 11-38traps, 12-38

Modes 1

Modes

Aadministrator configuration mode

full-name, 6-23privilege max, 6-26privilege start, 6-27public-key, 6-28

all configuration modesabort, 2-12comment, 2-13end, 2-19

all modes?, 2-10commit, 2-14exit, 2-20help, 2-21

ATM DS-3 configuration modebulkstats schema, 11-9

ATM OC configuration modebulkstats schema, 11-9

ATM profile configuration modebulkstats schema, 11-9

Bbulkstats configuration mode

header format, 11-25limit, 11-27localdir, 11-29receiver, 11-30remotefile, 11-32sample-interval, 11-34schema, 11-35schema-dump, 11-37transfer-interval, 11-38

Ccontext configuration mode

administrator, 6-9bulkstats policy, 11-7bulkstats schema, 11-9

collection, 11-23domain, 6-15enable authentication, 6-17enable encrypted, 6-19enable password, 6-21interface, 7-8ip pool, 6-24logging console, 10-7logging file, 10-9logging filter, 10-10logging syslog, 10-13service, 5-22subscriber, 8-27

Ddot1q profile configuration mode

bulkstats schema, 11-9DS-0 group configuration mode

bulkstats schema, 11-9DS-1 configuration mode

bulkstats schema, 11-9DS-3 configuration mode

bulkstats schema, 11-9

EE1 configuration mode

bulkstats schema, 11-9E3 configuration mode

bulkstats schema, 11-9exec mode

configureto enter global configuration mode, 5-13to use existing configuration file, 3-7

disable, 2-16enable, 2-17save configuration, 3-10


FFrame Relay profile configuration mode


Gglobal configuration mode

alias, 5-9banner exec, 4-8banner login, 4-10banner motd, 4-12boot configuration, 3-5bulkstats schema profile, 11-12context, 6-11context vpn-rd, 6-13logging active, 10-5logging cct-valid, 10-6logging debug, 10-8logging standby, 10-12logging timestamp millisecond, 10-14macro, 5-15monitor duration, 9-9netop, 9-10privilege, 5-18rmon alarm, 12-11rmon event, 12-13service auto-system-recovery, 5-24service card-auto-reload, 5-25service console-break, 5-26service crash-dump-dram, 9-11service multiple-contexts, 6-31service upload-coredump, 9-12service wildcard-domain, 6-32snmp community, 12-15snmp engine-id, 12-17snmp group, 12-19snmp notify, 12-21snmp notify-filter, 12-23snmp notify-target, 12-25snmp server, 12-27snmp target, 12-29snmp target-parameters, 12-32snmp user, 12-34snmp view, 12-36software license, 5-28ssh server full-drop, 4-13ssh server rate-drop, 4-15ssh server start-drop, 4-16stats-collection, 8-26system clock-source, 5-32system clock-source external, 5-34system clock-source timing-type, 5-36system clock summer-time, 5-38system clock timezone, 5-41

system confirmations context, 5-43system contact, 5-44system hostname, 5-45system lacp mac-address, 5-46system location, 5-48tcp keepalive, 5-49timeout login, 4-17timeout session, 4-18

Iinterface configuration mode

description, 7-7ip address, 7-11ip clear-df, 7-14ip icmp, 7-15ip mtu, 7-16ip pool, 7-17ip source-address, 7-20ip tcp mss, 7-23ip unnumbered, 7-25ipv6 address, 7-26

Mmacro configuration mode

seq, 5-20

NNetOp configuration mode

advertise, 9-5connection-mode, 9-7snmp version, 9-14

Pport configuration mode


SSNMP server configuration mode

context-filter ifmib, 12-10traps, 12-38

software license configuration model2tp, 5-14mpls, 5-17subscriber, 5-29

stats collection configuration modecount exclude subscriber, 8-8

STM-1 configuration modebulkstats schema, 11-9

subscriber configuration modebulkstats schema, 11-9ip address, 8-9ip source-validation, 8-12

Modes 3

ip subscriber route, 8-13nbns, 8-15password, 8-17port-limit, 8-18profile, 8-19session-action, 8-20session-limit, 8-22shaping-profile, 8-25timeout, 8-29

redback router,smartedge os, basic system configuration guide

Documents