Basic Guide Redback

Corporate HeadquartersRedback Networks Inc.300 Holger WaySan Jose, CA 95134-1362USAhttp://www.redback.comTel: +1 408 750 5000

Basic System Configuration Guide

SmartEdge OS

Release 5.0.3Part Number 220-0581-01

© 1998–2005, Redback Networks Inc. All rights reserved.

Redback and SmartEdge are trademarks registered at the U.S. Patent & Trademark Office and in other countries. AOS, NetOp, SMS, and User Intelligent Networks are trademarks or service marks of Redback Networks Inc. All other products or services mentioned are the trademarks, service marks, registered trademarks or registered service marks of their respective owners. All rights in copyright are reserved to the copyright owner. Company and product names are trademarks or registered trademarks of their respective owners. Neither the name of any third party software developer nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission of such third party.

Rights and RestrictionsAll statements, specifications, recommendations, and technical information contained are current or planned as of the date of publication of this document. They are reliable as of the time of this writing and are presented without warranty of any kind, expressed or implied. In an effort to continuously improve the product and add features, Redback Networks Inc. ("Redback") reserves the right to change any specifications contained in this document without prior notice of any kind.

Redback shall not be liable for technical or editorial errors or omissions which may occur in this document. Redback shall not be liable for any indirect, special, incidental or consequential damages resulting from the furnishing, performance, or use of this document.

Third Party SoftwareThe following third party software may be included with this Software and is subject to the following terms and conditions:

The OpenLDAP Version 2.0.1 © 1999 The OpenLDAP Foundation; OpenSymphony Software License, Version 1.1 2001-2004 © The OpenSymphony Group; TOAD © 2004 Quest Software, Inc.; NuSOAP Web Services Toolkit for PHP © 2002 NuSphere Corporation; The PHP License, versions 2.02 and 3.0 © 1999 - 2002 The PHP Group; The OpenSSL toolkit Copyright © 1998-2003 The OpenSSL Project; Apache HTTP © 2000 The Apache Software Foundation; Java © 2003 Sun Microsystems, Inc.; ISC Dhcpd 3.0pl2 © 1995, 1996, 1997, 1998, 1999 Internet Software Consortium - DHCP; IpFilter © 2003 Darren Reed; Perl Kit © 1989-1999 Larry Wall; SNMP Monolithic Agent © 2002 SNMP Research International, Inc.; VxWorks © 1984-2000, Wind River Systems, Inc.; Point-to-Point Protocol (PPP) © 1989, Carnegie-Mellon University; Dynamic Host Configuration Protocol (DHCP) © 1997, 1998 The Internet Software Consortium; portions of the Redback SmartEdge Operating System use cryptographic software written by Eric Young ([email protected]); Redback adaptation and implementation of the UDP and TCP protocols developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. © 1982, 1986, 1988, 1990, 1993, 1995 The Regents of the University of California. All advertising materials mentioning features or use of this Software must display the following acknowledgment: “This product includes software developed by the University of California, Berkeley and its contributors.”

This Software includes software developed by Sun Microsystems, Inc., Internet Software Consortium, Larry Wall, the Apache Software Foundation (http://www.apache.org/) and their contributors. Such software is provided “AS IS,” without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. LICENSORS AND ITS CONTRIBUTORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL LICENSOR OR ITS CONTRIBUTORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation. For more information on the Apache Software Foundation, please see http://www.apache.org/. Portions of this software are based upon public domain software originally written at the National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign. The portions of this Software developed by Larry Wall may be distributed and are subject to the GNU General Public License as published by the Free Software Foundation.

FCC NoticeThe following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.

1. MODIFICATIONS

The FCC requires the user to be notified that any changes or modifications made to this device that are not expressly approved by Redback could void the user’s authority to operate the equipment.

2. CABLES

Connection to this device must be made with shielded cables with metallic RFI/EMI connector hoods to maintain compliance with FCC Rules and Regulations. (This statement only applies to copper cables, Ethernet, DS-3, E1, T1, and so forth. It does not apply to fiber cables.)

3. POWER CORD SET REQUIREMENTS

The power cord set used with the System must meet the requirements of the country, whether it is 100-120 or 220-264 VAC. For the U.S. and Canada, the cord set must be UL Listed and CSA Certified and suitable for the input current of the system.

For DC-powered systems, the installation instructions need to be followed.

mailto:[email protected]

http://www.apache.org

http://www.apache.org

VCCI Class A Statement

European Community Mark

Safety Notices1. Laser Equipment:

CAUTION! Use of controls or adjustments of performance or procedures other than those specified herein may result in hazardous radiation exposure.

Class 1 Laser Product—Product is certified by the manufacturer to comply with DHHS Rule 21 Subchapter J.

CAUTION! Invisible laser radiation when an optical interface is open.

2. Lithium Battery Warnings:

It is recommended that, when required, Redback replace the lithium battery.

WARNING! Do not mutilate, puncture, or dispose of batteries in fire. The batteries can burst or explode, releasing hazardous chemicals. Discard used batteries according to the manufacturer’s instructions and in accordance with your local regulations.

Danger of explosion if battery is incorrectly replaced. Replace only with the same or equivalent type as recommended by the manufacturer’s instructions.

VARNING Eksplosionsfara vid felaktigt batteribyte. Använd samma batterityp eller en ekvivalent typ som rekommenderas av apparattillverkaren. Kassera använt batteri enligt fabrikantens instruktion.

ADVARSEL! Lithiumbatteri—Eksplosionsfare ved fejlagtig håndtering. Udskiftning må kun ske med batteri af samme fabrikat og type. Levér det brugte batteri tilbage tilleverandøren.

VARIOTUS Paristo voi räjähtää, jos se on virheellisesti asennettu. Vaihda paristo ainoastaan valmistajan suosittelemaan tyyppiin. Hävitä käytetty paristo valmistajan ohjeiden mikaisesti.

ADVARSEL Eksplosjonsfare ved feilaktig skifte av batteri. Benytt samme batteritype eller en tilsvarende type anbefait av apparatfabrikanten. Brukte batterier kasseres i henhold til fabrikantens instruksjoner.

WAARSCHUWING! Bij dit produkt zijn batterijen geleverd. Wanneer deze leeg zijn, moet u ze niet weggooien maar inleveren als KCA.

The marking on this product signifies that it meets all relevant European Union directives.

Contents v

Contents

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiiRelated Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiiIntended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvOrganization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvConventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv

Command Modes and Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviCommand Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviExamples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviiTask Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviiOnline Navigation Aids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii

Ordering Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

Part 1: Introduction

Chapter 1: Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1SmartEdge OS Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Independent System Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3System Redundancy and Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

SmartEdge OS Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4SmartEdge OS Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6Subscribers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7Ports, Channels, and Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7Cross-Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8

GRE Tunnels and VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8L2TP Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9Overlay Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9

Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10Static Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10Dynamic Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10

User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11Command Modes and Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12Command Mode Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15No and Default Forms of Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16

What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16

vi Basic System Configuration Guide

Part 2: Getting Started

Chapter 2: Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Commands and Case-Sensitivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2Partially Typed Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2No and Default Forms of Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

CLI Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2Log On and Initiate the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3Navigate the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4Manage Database Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4Work with Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Display Help for a Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5Recall Previous Command Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5Edit Command Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6Complete a Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

Navigate CLI Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

Exit Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7Display Available Commands, Keywords, and Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7Manage Database Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Commit Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8Delete Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8Provide Comments for Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10abort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12comment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13commit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21

Chapter 3: Configuration File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Software Storage Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2Storage for System Images and Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

File Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4File Management Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

boot configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7save configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

Part 3: Session and System

Chapter 4: System Access Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Contents vii

Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Initial Log On to the Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Configure a Local Administrator Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Configure the Management Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3Configure SSH Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4Configure SmartEdge OS Banners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4Configure Session Inactivity Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

banner exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7banner login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9banner motd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11ssh server full-drop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12ssh server rate-drop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14ssh server start-drop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15timeout login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16timeout session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17

Chapter 5: Basic System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

Access Global Configuration Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2Configure the System Identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2Configure Service Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3Enable Software Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3Configure the System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4Configure CLI Command Aliases, Privileges, and Macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

Configure a CLI Command Alias or Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5Create a CLI Command Macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5System Identification and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6Software Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6Command Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7Command Macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7Command Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11l2tp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13mpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16seq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20service auto-system-recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22service card-auto-reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23service console-break . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24software license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27system clock-source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30system clock-source external . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32system clock-source timing-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34system clock summer-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-35

viii Basic System Configuration Guide

system clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-38system confirmations context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40system contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-41system hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-42system location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43

Part 4: Contexts, Interfaces, and Subscribers

Chapter 6: Context Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

Local Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2Multiple Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2Applications for Multiple Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3Multiple VPN Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3Intercontext Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3Administrator Authentication to Local and Non-Local Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4Administrator Privileges for Local and Non-Local Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4

Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5Enable Multiple-Context Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5Configure a Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5Configure an Administrator Account in a Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6Administrator Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7Public Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10context vpn-rd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14enable authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15enable encrypted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19full-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21ip pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22privilege max . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24privilege start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25public-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26service multiple-contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-29timeout session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-30

Chapter 7: Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3

Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3Configure Basic Features for an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6

description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11ipv6 address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-14ip clear-df . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16ip icmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17

Contents ix

ip mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-18ip pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-19ip source-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-22ip unnumbered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25

Chapter 8: Subscriber Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3

Configure Subscriber Statistics Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3Configure a Subscriber Profile or Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4Configure Subscriber IP Address Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4Configure PPP and PPPoE Subscriber Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5Subscriber Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5Subscriber Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6NBNS Server for the Default Subscriber Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6PADM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6PPPoE MOTM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7count exclude subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9ip source-validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12ip subscriber route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13nbns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17port-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19shaping-profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20stats-collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-21subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-22timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-24

Part 5: System Management

Chapter 9: System-Wide Management Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

Configure System-Wide Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2Configure NetOp EMS Server Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3Process Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3NetOp EMS Server Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3advertise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4monitor duration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6netop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7service crash-dump-dram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8service upload-coredump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-9snmp version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11

Chapter 10: Bulkstats Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1

Function of Bulkstats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1

x Basic System Configuration Guide

Data Collected by Bulkstats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2Application of Bulkstats to an Entity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2

Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3Configure a Bulkstats Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3Create or Modify a Bulkstats Schema Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4Apply a Specific Bulkstats Schema Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4Bulkstats Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5Bulkstats Global Schema Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5Bulkstats Specific Schema Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6bulkstats policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7bulkstats schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-8bulkstats schema profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-18header format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-20limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-22localdir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-24receiver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-25remotefile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27sample-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-29schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-30schema-dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-32transfer-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-33

Chapter 11: Logging Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2

Configure Optional Global Logging Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2Configure Optional Context-Specific Logging Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4

logging active . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5logging cct-valid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6logging console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7logging debug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8logging file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9logging filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-10logging standby . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-12logging syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13logging timestamp millisecond . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-14

Chapter 12: SNMP and RMON Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1

SNMP Management Framework and RFCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2SNMP Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3MIBs, Traps, and Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3

Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5Configure SNMPv1 and SNMPv2c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5Configure SNMPv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5Configure RMON Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7SNMPv2c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7SNMPv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7

Contents xi

Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9rmon event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-11snmp community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-12snmp engine-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-14snmp group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-16snmp notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-18snmp notify-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-19snmp notify-target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21snmp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-23snmp target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-25snmp target-parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-27snmp user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-29snmp view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-31traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-33

Part 6: Appendixes

Appendix A: Supported MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

xii Basic System Configuration Guide

About This Guide xiii

About This Guide

This guide describes the tasks and commands used to configure the following SmartEdge® OS features: access to the system; basic system parameters; contexts, interfaces, and subscribers; system-wide management features, including bulk statistics, logging facilities, and the Simple Network Management Protocol (SNMP) and Remote Monitoring (RMON) functions.

It also includes descriptions of commands used to navigate the command-line interface (CLI) and manage configuration files.

This preface includes the following sections:

• Related Publications

• Intended Audience

• Organization

• Conventions

• Ordering Documentation

Related Publications

In parallel with this guide, use the Basic System Operations Guide for the SmartEdge OS, which describes the tasks and the commands used to monitor, administer, and troubleshoot basic system features.

Use this guide and the Basic System Operations Guide in conjunction with the following publications:

• Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS

Describes the tasks and commands to use the CLI and manage SmartEdge OS releases and configuration files; describes the tasks and commands used to configure the following SmartEdge OS features: traffic cards, their ports, channels, and subchannels, and Automatic Protection Switching (APS); circuits, including clientless IP service selection (CLIPS) circuits and link aggregation; bridging and cross-connections between circuits; Generic Routing Encapsulation (GRE) tunnels (including IP Version 6 [IPv6] over GRE tunnels), Layer 2 Tunneling Protocol (L2TP) tunnels, and overlay tunnels (IPv6 over IP Version 4 [IPv4]); static and dynamic bindings between ports, channels, subchannels, and circuits to interfaces, either directly or indirectly.

Related Publications

xiv Basic System Configuration Guide

• Routing Protocols Configuration Guide for the SmartEdge OS

Describes the tasks and commands used to configure the following SmartEdge OS features: static IP routing; dynamically verified static routing (DVSR); Virtual Router Redundancy Protocol (VRRP); Routing Information Protocol (RIP) and RIP next generation (RIPng); Open Shortest Path First (OSPF) and OSPF Version 3 (OSPFv3); Border Gateway Protocol (BGP); BGP/Multiprotocol Label Switching Virtual Private Networks (BGP/MPLS VPNs); Intermediate System-to-Intermediate System (IS-IS); Bidirectional Forwarding Detection (BFD); IP multicast, including Internet Group Management Protocol (IGMP), Multicast Source Discovery Protocol (MSDP), and Protocol Independent Multicast (PIM); routing policies; MPLS; Layer 2 Virtual Private Networks (L2VPNs); Virtual Private LAN Services (VPLS); and Label Distribution Protocol (LDP). BGP, OSPFv3, RIPng, and routing policies include tasks and commands that provide limited support for IPv6 routing.

• IP Services and Security Configuration Guide for the SmartEdge OS

Describes the tasks and commands used to configure the following SmartEdge OS features: Address Resolution Protocol (ARP), Neighbor Discovery (ND) protocol for IPv6 routers, Dynamic Host Configuration Protocol (DHCP), Network Time Protocol (NTP), Domain Name System (DNS), HTTP redirect, access control lists (ACLs), forward policies, Network Address Translation (NAT) policies, service policies, quality of service (QoS) policies, authentication, authorization, and accounting (AAA), Remote Authentication Dial-In User Service (RADIUS), Terminal Access Controller Access Control System Plus (TACACS+), key chains, and lawful intercept (LI).

• Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS

Describes the tasks and commands used to monitor, administer, and troubleshoot the SmartEdge OS features described in the Ports, Circuits, and Tunnels Configuration Guide; commands include all clear, debug, monitor, and show commands, along with other operations-based commands, such as device management and on-demand diagnostics.

• Routing Protocols Operations Guide for the SmartEdge OS

Describes the tasks and commands used to monitor, administer, and troubleshoot the SmartEdge OS features described in the Routing Protocols Configuration Guide; commands include all clear, debug, monitor, process, and show commands, along with other operations-based commands.

• IP Services and Security Operations Guide for the SmartEdge OS

Describes the tasks and commands used to monitor, administer, and troubleshoot the SmartEdge OS features described in the IP Services and Security Configuration Guide; commands include all clear, debug, and show commands, along with other operations-based commands.

• SmartEdge 800 Router Hardware Guide

Describes the SmartEdge 800 hardware and provides site preparation information and installation, monitoring, and maintenance procedures for the chassis and cards.

• SmartEdge 400 Router Hardware Guide

Describes the SmartEdge 400 hardware and provides site preparation information and installation, monitoring, and maintenance procedures for the chassis and cards.

Intended Audience

About This Guide xv

Intended Audience

This publication is intended for system and network administrators experienced in access and internetwork administration.

Organization

This guide is organized as follows:

• Part 1, “Introduction”

Provides and overview of the SmartEdge OS features, functions, and applications.

• Part 2, “Getting Started”

Describes the tasks and commands used to access and navigate the SmartEdge OS CLI and to manage SmartEdge OS configuration file storage.

• Part 3, “Session and System”

Describes the tasks and commands used to configure system access and basic system parameters through the SmartEdge OS CLI.

• Part 4, “Contexts, Interfaces, and Subscribers”

Describes the tasks and commands used to configure basic features for multiple contexts, interfaces, and subscribers.

• Part 5, “System Management”

Describes the tasks and commands used to configure system-wide parameters for monitoring, the collection of bulk statistics, system event logging, and SNMP and RMON features.

• Part 6, “Appendixes”

Lists supported Management Information Base (MIB) objects.

Conventions

This guide uses special conventions for the following elements:

• Command Modes and Privilege Levels

• Command Syntax

• Examples

• Task Tables

• Online Navigation Aids

Note There are three indexes in this guide: an index of tasks and features, an index of commands, and an index of CLI modes with the commands found within each mode.

Conventions

xvi Basic System Configuration Guide

Command Modes and Privilege LevelsCommands are issued in exec mode or in one of many configuration modes. By default, the majority of commands in exec mode have a privilege level of 3, while commands in any configuration mode have a privilege level of 10. Exceptions are noted in parentheses ( ) in the “Command Mode” section in any command description; for example, “exec (15)”.

For a hierarchy list of command modes, see the “Command Mode Hierarchy” section in Chapter 1, “Overview.”

For detailed information about command modes and privilege levels, see the “User Interface” section in Chapter 1, “Overview.”

Command SyntaxTable 1 lists the descriptions of the elements used in a command syntax statement.

Table 2 describes separator characters used in a command syntax statement.

The following guidelines apply to separator characters in Table 2:

• The separator character between the prefix and suffix names in a structured username is configurable; the @ character is the default and is used in command syntax throughout this guide.

• Separator characters act as one-character keywords; therefore, they are always shown in bold.

Table 1 Command Syntax Terminology

Syntax Element Definition Example Fragment

Argument An item for which you must supply a value. slot

Construct A combination of: • A keyword and its argument.• Two or more keywords that cannot be specified independently.• Two or more arguments that cannot be specified independently.

• min-wait seconds• line fdl ansi• dest dest-wildcard

Keyword An optional or required item that must be entered exactly as shown. all

Table 2 Separator Characters in Command Syntax Statement

Character Use Example Fragment

@ Separates the prefix name from the suffix name. sub-name@ctx-name

/ Separates slot from port, IP address from prefix length, and separates fields in URLs.

slot[/port]{ip-addr | /prefix-length} /device[/directory]/filename.ext

: Separates port from channel and a channel from a subchannel port[:chan-num] ds3-chan-num[:ds1-chan-num]

- Separates starting value from ending value start-end

| Separates output modifiers from keywords and arguments in show commands1

1. For more information about the use of the pipe ( | ) character, see Chapter 2, “Using the CLI.”

show configuration | include port

Conventions

About This Guide xvii

Table 3 lists the characters and formats used in command syntax statements.

ExamplesExamples use the following conventions:

• System prompts are of the form [context]hostname(mode)#, [context]hostname#, or [context]hostname>.

In this case, context indicates the current context, hostname represents the configured name of the SmartEdge system, and mode indicates the string for the current configuration mode, if applicable.

Whether the prompt includes the # or the > symbol depends on the privilege level. For further information about privilege levels, see Chapter 1, “Overview.”

For example, the prompt in the local context on the system Redback in context configuration mode is:

[local]Redback(config-ctx)#

• Information displayed by the system is in Courier font.

• Information that you enter is in Courier bold font.

Task TablesTasks to configure features are described in task tables under the “Configuration Tasks” section in each chapter. The command syntax displays only the root command, which is hyperlinked to the location where the complete command syntax is described in the “Command Descriptions” section of the chapter. Table 4 displays an example of a task table.

Table 3 Text Formats and Characters in Command Syntax Statements

Convention Example

Commands and keywords are indicated in bold. no ip unnumbered

Arguments for which you must supply the value are indicated in italics. banner login delimited-text

Square brackets ([ ]) indicate optional arguments, keywords, and constructs within scripts or commands.

show clock [universal]enable [level]

Alternative arguments, keywords, and constructs within commands are separated by the pipe character ( | ).

public-key {DSA | RSA} [after-key existing-key | position key-position] {new-key | ftp url}

Alternative, but required arguments, keywords, and constructs are shown within grouped braces ({ }), and are separated by the pipe character ( | ).

debug ssh {all | ssh-general | sshd-detail | sshd-general}ip address ip-addr {netmask | /prefix-length} [secondary]

Optional and required arguments, keywords, and constructs can be nested with grouped braces and square brackets, where the syntax requires such format.

enable authentication {none | method [method [method]]}

Conventions

xviii Basic System Configuration Guide

Additional conventions for the task tables in this guide include:

• Alternative tasks are shown as bulleted lists. The task description indicates that they are alternatives; see step 1.

• Subtasks are shown as an unnumbered list under a task heading; see step 4.

• Optional subtasks are shown as unnumbered lists. The task description indicates that they are optional; see step 4.

Online Navigation AidsTo aid in accessing information in the online format for this guide, the following types of cross-references are hyperlinks:

• Cross-references to chapters, sections, tables, and figures in the text

• Lists of section headings within a chapter or appendix

• Commands listed in the “Related Commands” section at the end of each command description

• Entries in the table of context

• Entries in indexes

Table 4 Example of a Task Table

# Task Root Command Notes

1. Create or modify a context and access context configuration mode with one of the following tasks:

• Create or modify a standard context and access context configuration mode.

context Enter these commands in global configuration mode.

• Create or modify a VPN context and access context configuration mode.

context vpn-rd

2. Specify a privilege level password in the local database for the enable command with one of the following tasks:

• Configure a password that the system will encrypt. enable password Enter these commands in context configuration mode.

• Configure a password in encrypted form. enable encrypted

3. Specify how the system performs privilege level authentication.

enable authentication

4. Specify general attributes for the context (all attributes are optional):

Specify falling-threshold parameters for IP pools in the context.

ip pool Enter these commands in context configuration mode.

Create one or more unique subscriber service domain aliases for a context.

domain

Apply an existing bulkstats schema profile to the context.

bulkstats schema

Note Hyperlinks in PDF files appear the same as regular text; however, your cursor changes from an open hand icon to a pointing finger icon when you move your cursor over a hyperlink.

Ordering Documentation

About This Guide xix


Redback® documentation is available on CD-ROM, which ships with Redback products. The appropriate CD-ROMS are included with your products as follows:

• SMS™ product

• SmartEdge router product

• NetOp™ product (includes NetOp Element Manager System [EMS] and NetOp Policy Manager [PM])

To order additional copies of the appropriate CD-ROM or printed, bound books, perform the following steps:

1. Log on to the Redback Networks Support web site at http://www.redback.com and enter a username and password.

If you do not have a logon username and password, contact your Redback Networks support representative, or send an e-mail to [email protected] with a copy of the show hardware command output, your contact name, company name, address, and telephone number.

2. On the Redback Networks Support web site, select one of the Redback Networks product line tabs at the bottom of the web page, click Documentation on the navigation bar, and then click To Order Books on the navigation bar.

To electronically provide feedback on our documentation, perform the following steps:

1. On the Documentation web page, click Feedback on the navigation bar.

2. Complete and submit the documentation feedback form.

We appreciate your comments.

http://www.redback.com

mailto:[email protected]


xx Basic System Configuration Guide

P a r t 1

Introduction

This part provides an overview of the SmartEdge® OS features, functions, and applications, and consists of Chapter 1, “Overview.”

Overview 1-1

C h a p t e r 1

Overview

The edge of the network is a highly demanding environment due to the large number of access terminations and the need to perform in-service upgrades to handle new feature deployments.

The SmartEdge® router hardware and software products provide multiservice optical platforms that enable the next generation of services in the new access network. The SmartEdge OS runs on all the SmartEdge routers, including the SmartEdge 800, SmartEdge 800s, and SmartEdge 400. The SmartEdge router products are edge routing platforms that provide:

• High-performance—Enables line-rate packet forwarding.

• Robustness—Enables packet reliability, meeting rigorous uptime and availability requirements.

• Scalability—Supports a large number of access terminations.

• Flexibility—Provides platforms that can support multiple services.

This chapter describes the SmartEdge OS software, including the following sections:

• SmartEdge OS Architecture

• SmartEdge OS Applications

• SmartEdge OS Concepts

• User Interface

• What’s Next?

Note In the following descriptions, the term, controller card, applies to the Cross-Connect Route Processor (XCRP) or the XCRP Version 3 (XCRP3) Controller card, unless otherwise noted.

SmartEdge OS Architecture

1-2 Basic System Configuration Guide


The SmartEdge OS is the advanced software system that works in conjunction with the ASIC-based SmartEdge hardware products to provide a scalable and robust multiservice platform, including the features described in the following sections:

• Independent System Processes

• System Redundancy and Synchronization

The SmartEdge OS performs the route processing and other control functions and runs on the controller card. The packet forwarding function is performed by Packet Processing ASICs (PPAs) on the individual traffic cards.

Figure 1-1 illustrates the SmartEdge OS architecture.

Figure 1-1 SmartEdge OS Architecture


Overview 1-3

The SmartEdge OS is based on a general-purpose operating system; each major system component (see Table 1-1) runs as a separate process in the system.

Independent System ProcessesThe implementation of the major software components as independent processes provides several benefits:

• Processes in the system can be independently stopped, restarted, and upgraded without reloading the entire system or individual traffic cards.

• The system continues to operate in the event of a failure or disruption to any single component.

The separation of the route processing and control functions (performed by the SmartEdge OS software running on the controller card) from the forwarding function (performed on the individual traffic cards) also provides several benefits:

• Dedicated route processing functions are not affected by heavy traffic; dedicated packet forwarding is not affected by routing instability in the network.

• The architecture enables line-rate forwarding on all traffic cards. New features can be added to the control software on the controller without affecting the forwarding performance.

• The architecture provides nonstop forwarding during system upgrades or reloads; the traffic cards continue to forward packets.

Table 1-1 SmartEdge OS System Components

System Component Function

Authentication, authorization, and accounting (AAA)

Forces all authentication requests and accounting updates to a single set of Remote Authentication Dial-In User Service (RADIUS) servers.

NetBSD kernel Provides a lean and stable base for the SmartEdge OS.

Process Manager (PM) Monitors and controls the operation of the other processes in the system.

Router Configuration Manager (RCM) Controls all system configurations using a transaction-oriented database.

Interface and Circuit State Manager (ISM) Monitors and disseminates the state of all interfaces, ports, and circuits in the system.

Routing protocols Run as an independent processes, maintaining independent Routing Information Bases (RIBs). The routing processes send the routing information to the central RIB.

RIB Downloads forwarding tables to the traffic cards.

Feature modules Run as independent processes, each in its own protected address space.

Traffic card Includes the PPA ASICs, which contain the Forwarding Information Base (FIB) and forwarding code.

SmartEdge OS Applications


System Redundancy and SynchronizationAmong other redundancy features, the SmartEdge routers and the operating system support dual controller cards; one card acts as the active controller and the other acts as its hot standby:

Both controller cards contain disk memory (compact-flash) cards that store the operating system image, its associated files, and the configuration database. A synchronization process ensures that the standby controller is always ready to become the active controller:

• When either the software release or the firmware on the active controller is upgraded, the standby controller automatically synchronizes its software or firmware version to that of the active controller.

• When a user modifies the contents of the compact-flash card (for example, by saving a configuration to a file, copying a file, or deleting a file), the change is propagated to the compact flash of the standby controller.

• The configuration database of the active and standby controllers are always synchronized.

To guard against system inconsistency, the synchronization process is protected.While the synchronization is in progress, switchover from the active to the standby controller is not allowed. If the active controller should fail during such a time, the standby does not become active. If the user attempts to force a switchover during this synchronization period, the system warns the user that the standby is not ready.

The synchronization process is not affected by traffic card installation and removal. The active controller, and hence the system, continues to forward traffic and detect and notify the administrator of any faults that occur while the standby controller card is being synchronized (FAIL LED is blinking).

After the synchronization is complete, the standby controller is ready to become the active controller, if the active should fail.

SmartEdge OS Applications

The SmartEdge products provide carrier-class, scalable termination and aggregation of IP-based traffic. The SmartEdge platform combines high-density optical and electrical interfaces with robust IP routing software to support business-grade IP service aggregation and delivery.

The SmartEdge platform can be used as an edge aggregation router to directly connect customers. The SmartEdge OS supports a variety of interfaces and vital services such as quality of service (QoS) and inbound and outbound access control lists. New services can easily be added with software upgrades.

Because of the optimized packet forwarding capabilities and support of high-bandwidth uplink interfaces, the SmartEdge platform can also be used in the metropolitan core to aggregate traffic from other routers into the long-haul transit core.

SmartEdge OS Concepts

Overview 1-5

Figure 1-2 shows an example application for the SmartEdge products.

Figure 1-2 SmartEdge OS Application


SmartEdge OS concepts include the following entities (see Figure 1-3):

• Contexts

• Interfaces

• Subscribers

• Ports, Channels, and Circuits

• Cross-Connections

• Tunnels

• Bindings



Figure 1-3 SmartEdge OS Software Component Interrelationships

ContextsMost networking products are designed so that the entire set of ports, circuits, and protocols operate together as one global instance. The SmartEdge OS supports an advanced feature called multiple contexts. Each context is a virtual SmartEdge router instance running within a single physical device. A context operates as a separate routing and administrative domain, with separate routing protocol instances, addressing, authentication, accounting, and so on, and does not share this information with other contexts. By separating the address and name spaces in this way, service providers can use multiple contexts to provide direct access to customers, or to provide different classes of services for customers. Service providers use a single physical device to implement this, with one or more contexts being assigned to each service provider or service class. Implementing this today with equipment from other vendors requires multiple devices.

The SmartEdge router is always configured with the special “local” context. This context is always present on the system and cannot be deleted. In a single-context configuration, the local context is the only context present on the system.

InterfacesThe concept of an interface in the SmartEdge OS differs from that in traditional networking devices. In traditional devices, the term, interface, is often used synonymously with port, channel, or circuit, which are physical entities. In the SmartEdge OS, an interface is a logical construct that provides higher-layer protocol and service information, such as Layer 3 addressing. Interfaces are configured as part of a context and are independent of physical ports, channels, and circuits. The decoupling of the interface from the physical layer entities enables many of the advanced features offered by the SmartEdge OS.

For the higher-layer protocols to become active, an interface must be associated with a physical port, channel, or circuit. This association is referred to as a binding in the SmartEdge OS. For more information, see the “Bindings” section that follows.


Overview 1-7

SubscribersSubscribers are the end users of the high-speed access services. Subscriber records are configured as part of a context, either locally on the SmartEdge router or on a RADIUS server. Subscriber records contain the information necessary to bind a subscriber to the correct interface, and therefore, to the correct network context and services. Subscriber records can also contain other configuration information, such as authentication, access control, rate-limiting, and policing information.

The number of active subscribers is a function of configuration, memory, processing power, and desired per-subscriber bandwidth. Each platform and hardware variant has a maximum active subscriber figure, which may or may not be achieved under deployment scenarios.

With this release of the SmartEdge OS, the operating system supports the following subscriber management services:

• Dynamic service selection—The unique capability to dynamically bind subscriber sessions to services.

• Provides access functions that traditional routers were not designed to provide, such as subscriber management, provisioning, authentication, and accounting.

• Provides the routing of subscriber traffic based on Layer 3 addressing.

• Performs all translations necessary to convert subscriber traffic to IP, relieving the service provider backbone routers of frame translations that can cause congestion on high-volume routers.

• Grooms individual subscriber data streams into simplified IP flows for routers connecting to the Internet backbone.

Ports, Channels, and CircuitsPorts, channels, and circuits in the SmartEdge OS represent the physical connectors and paths on the SmartEdge traffic and controller cards. Physical port, channel, and circuit configurations include both hardware and software parameters that allow the behavior of the port, channel, or circuit to be specified for a specific platform.

Before any higher-layer user data can flow through a physical port, channel, or circuit, that port, channel, or circuit must be associated with an interface within a context. This association is referred to as a binding in the SmartEdge OS. The configuration for each port, channel, and circuit includes binding information. For more detailed information on ports, channels, and circuits, in the SmartEdge OS, see the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS, and the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS.



Cross-ConnectionsThe SmartEdge OS supports various types of cross-connections that allow you to cross-connect circuits of different types or of the same type. Types of supported cross-connections include:

• Transparent, self-learning bridges using Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs) with RFC 1483 bridged encapsulation, Ethernet ports, or 802.1Q PVCs

• Cross-connections with and without filtering

— ATM PVCs-to-ATM PVCs

— ATM PVCs-to-802.1Q PVCs

— 802.1Q PVCs-to-802.1Q PVCs

• Interworking cross-connections between ATM PVCs and 802.1Q PVCs

TunnelsThe SmartEdge OS supports Generic Routing Encapsulation (GRE) over IP Version 4 (IPv4) tunnels, the GRE Virtual Private Network (VPN) model, and the Layer 2 Tunneling Protocol (L2TP) for which the SmartEdge router acts as an L2TP access concentrator (LAC). Tunnels are described in the following sections:

• GRE Tunnels and VPNs

• L2TP Tunnels

• Overlay Tunnels

GRE Tunnels and VPNsGRE is a simple, stateless protocol that allows for the tunneling of IP in IP. GRE allows you to connect remote sites using private IP addresses over a public network that uses publicly routable IP addresses. GRE supports both IPv4 and IPv6 traffic. IP packets traveling through the tunnel are encapsulated with an IP header from the public address space as shown in Figure 1-4 and Figure 1-5.

Figure 1-4 GRE Tunnel Packet Encapsulation for IPv4 Packets

Figure 1-5 GRE Tunnel Packet Encapsulation for IPv6 Packets


Overview 1-9

One of the more common applications of GRE tunneling is the creation of VPNs to connect to remote sites. Multiple SmartEdge OS contexts and GRE tunnel circuits, one for each VPN, demultiplex traffic for each VPN into its own IP address space. Thus each context acts as a dedicated virtual router for a VPN, where the IP address space (for example, private addresses as described in RFC 1918, Address Allocation for Private Internets) and routing databases are maintained separately from other contexts.

L2TP TunnelsL2TP tunnels are User Datagram Protocol (UDP)/IP-encapsulated circuits that carry subscriber Point-to-Point Protocol (PPP) sessions to another router. The router is designated as an LNS or an LAC, depending on its relationship with the SmartEdge router:

• When functioning as an LNS, the SmartEdge router accepts IP packets from LACs in the network and terminates them.

• When functioning as an LAC, the SmartEdge router terminates subscriber PPP sessions and tunnels these sessions to a number of LNSs.

In each context configured on the system, the SmartEdge router can function as an LAC to one or more LNSs, as an LNS to one or more LACs, or as both a LAC and an LNS.

Figure 1-6 shows a SmartEdge router acting as a LAC: terminating subscriber PPP sessions and tunneling these sessions to a number of L2TP peers that are acting as LNSs.

Figure 1-6 L2TP Tunnels over UDP/IP

Overlay TunnelsAn overlay tunnel is used within a site or between sites; it is equivalent to a permanent link between two IPv6 domains over an IPv4 backbone. The primary use is for stable connections that require regular secure communication between two edge routers or between an end system and an edge router, or for connection to remote IPv6 networks. You can configure overlay tunnels between border routers or between a border router and a host. The host or router at each end of a tunnel must support both the IPv4 and IPv6 protocol stacks.

The SmartEdge OS implementation of overlay tunnels is based on the RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers. IPv6 is fully described in RFC 2460, Internet Protocol Version 6 (IPv6) Specification.



The changes from IPv4 to IPv6 include:

• Increase in address size from 32 bits to 128 bits

• Simplified header

• Extensible header with optional extension headers

• Designed to co-exist with IPv4

• Uses multicast addresses instead of broadcast addresses

For a description of IPv6 addressing and the types of IPv6 addresses, see RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture.

BindingsBindings form the association in the SmartEdge OS between the ports, channels, or circuits and the higher-layer routing protocols configured for a given context. No user data can flow on a port, channel, or circuit until some higher-layer service is configured and associated with it. After a port, channel, or circuit is bound to an interface, traffic flows through the context as it would through any IP router.

Bindings are either statically mapped during configuration or dynamically created based on subscriber characteristics as defined in the local database, or on a RADIUS server; see the “Static Bindings” and “Dynamic Bindings” sections that follow.

Static BindingsWith static bindings, a port, channel, or circuit is bound directly to an interface. In this case, the port, channel, or circuit is hard-wired to the higher-layer protocols defined for the interface. Multiple ports, channels, or circuits can be bound to a single interface.

A circuit can also be statically bound to a particular subscriber in a given context. In this case, the binding between the circuit and the higher-layer protocols is determined indirectly, through the subscriber record. In Figure 1-7, subscriber joe is configured with an IP address that maps to interface if1 in the context local. When the virtual circuit on ATM port 6/1 is bound to subscriber joe, the SmartEdge OS determines the interface that the circuit will be bound to by examining the subscriber information for joe.

Dynamic BindingsDynamic binding occurs when a circuit is bound to the higher-layer protocols based on session information. For example, a PPP-encapsulated session can be bound to a particular context and interface by examining the authenticated structured subscriber name in the form sub-name@ctx-name.

Dynamic binding is the key to enabling advanced features, such as dynamic service and provider selection. Dynamic binding also enables simultaneous access to multiple services on a single circuit.

Note The separator character between the sub-name and the ctx-name arguments is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default character is @, which is used throughout this guide.

User Interface

Overview 1-11

Figure 1-7 also shows a dynamic binding between the virtual circuit on ATM port 6/1 and interface if5 in context ispgold. When the subscriber initiates a PPP session using the structured subscriber name, mary@ispgold, the SmartEdge OS determines the context (ispgold) for the connection, and selects an interface (if5) to which to bind the circuit. Successful dynamic binding depends on subscriber information for subscriber mary configured in context ispgold, and successful PPP authentication during PPP session establishment. The binding between this circuit and the ispgold context will be removed when the PPP session is terminated. Because the binding on the circuit is dynamic, this same circuit could be used by a different subscriber to select a different service.

Figure 1-7 Static and Dynamic Bindings

User Interface

The primary user interface to the SmartEdge OS is the command-line interface (CLI). The CLI concepts are described in the following sections:

• Command Modes and Prompts

• Command Mode Hierarchy

• Privilege Levels

• No and Default Forms of Commands

For more information about using CLI commands, see Chapter 2, “Using the CLI.”

User Interface


Command Modes and PromptsThe two major modes are exec and global configuration. When a session is initiated, the CLI is set to the exec mode by default. The exec mode allows you to examine the state of the system and perform most monitoring, troubleshooting, and administration tasks using a subset of the available CLI commands.

Exec mode prompts can be one of the following forms, depending on the user privilege level (see the “Privilege Levels” section that follows):

[local]hostname# [local]hostname>

In this example, local is the context in which commands are applied and hostname is the currently configured hostname of the router. When you exit exec mode, using the exit command; this also ends the CLI session.

Global configuration mode is the top-level configuration mode; all other configuration modes are accessed from this mode. These modes allow you to interactively configure the system through the CLI, or to create and modify a configuration file offline by entering configuration commands using any text editor. After you have saved the file, you can then load it to the operating system at a later time.

To access global configuration mode, enter the configure command (in exec mode).

Configuration mode prompts are of the following form:

[local]hostname(mode-name)#

In the example above, local is the context in which commands are applied, hostname is the currently configured hostname of the router, and mode-name is a string indicating the name of the current configuration mode.

The prompt (in global configuration mode), assuming the factory default hostname of Redback and the local context, is as follows:

[local]Redback(config)#

Each feature supported through the SmartEdge OS can have one or more configuration modes, some of which you access using a command (in global configuration mode). Table 1-2 lists the configuration modes for the commands described in this guide and the commands that you enter to access them.

Command Mode HierarchyCommand modes exist in a hierarchy; that is, you must access the higher-level command mode before you can access a lower-level command mode in the same chain.

Note For modes relevant to routing protocol features see the “Overview” chapter in the Routing Protocols Configuration Guide for the SmartEdge OS. For modes relevant to IP services and security features, see the “Overview” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

User Interface

Overview 1-13

Figure 1-8 shows the hierarchy of the command modes used to configure basic system features.

Figure 1-8 Command Mode Hierarchy for Basic System Commands

User Interface


Table 1-2 lists the command modes (in alphabetical order) relevant to basic system features. It includes the commands that enable access to each mode, and the command-line prompt for each mode.

Table 1-2 Mode Access Commands and System Prompts

Mode Name Commands Used to Access Command-Line Prompt

exec (user logon) # or >

administrator administrator command from context configuration mode (config-administrator)#

APS aps group command from global configuration mode (config-aps)#

ATM DS-3 port atm command from global configuration mode (config-atm-ds3)#

ATM OC port atm command from global configuration mode (config-atm-oc)#

ATM profile atm profile command from global configuration mode (config-atm-profile)#

ATM PVC atm pvc command from ATM OC and ATM DS-3 configuration mode (config-atm-pvc)#

ATM child protocol circuit protocol command from ATM PVC configuration mode (config-atm-child-proto)#

AU-3 au3 command from STM-1 configuration mode (config-au3)#

bridge bridge command from context configuration mode (config-bridge)#

bridge profile bridge-profile command from global configuration mode (config-bridge-profile)#

bulkstats bulkstats policy command from context configuration mode (config-bulkstats)#

card card command from global configuration mode (config-card)#

CLIPS PVC clips pvc command from ATM PVC, dot1Q PVC, and port configuration modes (config-clips-pvc)#

context context command from global configuration mode (config-ctx)#

dot1q profile dot1q profile command from global configuration mode (config-dot1q-profile)#

dot1q PVC dot1q pvc command from port configuration mode (config-dot1q-pvc)#

dot1q child protocol circuit protocol command from dot1q PVC configuration mode (config-dot1q-child-proto)#

DS-0 group port ds0s command from global configuration mode (config-ds0-group)#

DS-1 port ds1 command from global configuration mode (config-ds1)#

DS-3 port channelized-ds3 and port d3 commands from global configuration mode (config-ds3)#

E1 port e1 command from global configuration mode (config-e1)#

E3 port e3 command from global configuration mode (config-e3)#

Frame Relay profile frame-relay profile from global configuration mode (config-fr-profile)#

Frame Relay PVC frame-relay pvc command from DS-0, DS-1, DS-3, E1, E3, and port configuration modes

(config-fr-pvc)#

global configure command from exec mode (config)#

GRE peer gre-peer command from context configuration mode (config-gre-peer)#

GRE tunnel gre-tunnel command from tunnel map configuration mode (config-gre-tunnel)#

interface interface command from context configuration mode (config-if)#

L2TP group l2tp-group command from context configuration mode (config-l2tp-group)#

L2TP peer l2tp-peer command from context configuration mode (config-l2tp)#

User Interface

Overview 1-15

Privilege Levels The SmartEdge OS supports 16 different privilege levels for administrators and for commands. By default, administrators are assigned an initial privilege level of 6; administrators can only issue commands that are assigned at the same level as their own privilege level or lower than their privilege level. Each command in the CLI is assigned a default privilege level. At a privilege level of 6 or higher, the prompt in the CLI displays a number sign (#) instead of an angle bracket (>).

There are two types of administrators:

• Local—An administrator authenticated to the “local” context. The local administrator has a structured administrator name of the form admin-name@local.

• Non-local—An administrator authenticated to any context other than the local context. An example of a non-local administrator has a administrator name of the form admin-name@ctx-name is joe@vpn1, where vpn1 is the name of the context.

An administrator authenticated to the “local” context, given appropriate administrator privileges, can configure all functions on the SmartEdge router, including functions for each context, and global entities, such as ports, port profiles, SNMP, and so on. Non-local administrators have no configuration mode privileges, and have restricted exec mode privileges.

To configure administrator privilege levels, see the “Configure an Administrator Account in a Context” section in Chapter 6, “Context Configuration.”

link group link-group command from global configuration mode (config-link-group)#

link PVC dot1q pvc command from link group configuration mode (config-link-pvc)#

macro macro command from global configuration mode (config-macro)#

NetOp netop command from global configuration mode (config-netop)#

port port channelized oc-12, port ethernet, and port pos commands from global configuration mode

(config-port)#

SNMP server snmp server command from global configuration mode (config-snmp-server)#

software license software license command from global configuration mode (config-license)#

stats collection stats-collection command from global configuration mode (config-stats-collection)#

STM-1 port channelized-stm1 command from global configuration mode (config-stm1)#

subscriber subscriber command from context configuration mode (config-sub)#

tunnel map tunnel map command from global configuration mode (config-tunnel-map)#

Note The separator character between the admin-name and the ctx-name arguments is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default character is @, which is used throughout this guide.

Table 1-2 Mode Access Commands and System Prompts (continued)

Mode Name Commands Used to Access Command-Line Prompt

What’s Next?


Each command has a default privilege level that determines, given the privilege assigned to the administrator, who can enter the command. The majority of commands (in exec mode) have a default privilege level of 3, while commands in any configuration mode have a default privilege level of 10. Exceptions are noted in parentheses ( ) in the “Command Mode” section in any command description; for example, “exec (15)”.

Command privilege levels are configurable; to change the default privilege level for a command, see the “Configure a CLI Command Alias or Privilege” section in Chapter 5, “Basic System Configuration.”

No and Default Forms of CommandsMany configuration commands support the no keyword. Entering the no keyword in front of a command disables the function or removes the command from the configuration. For example, to create a message that displays after a user logs on to the system, enter the banner exec command (in global configuration mode). To subsequently disable the command from the configuration, enter the no banner exec command (in global configuration mode).

Many configuration commands support the default keyword. Entering the default keyword in front of a command returns a parameter or feature to the default state.

What’s Next?

You can interactively configure the SmartEdge router through the CLI. You can also configure the SmartEdge router using a text editor to create a configuration file and then loading that file on to the router.

The SmartEdge OS configuration process is transaction-based and supports atomic transactions, including commits and aborts, against the configuration database. Sequences of commands can be entered and validated before being applied, and automated provisioning systems can be interfaced to the SmartEdge for flow-through provisioning and scheduled command execution.

The CLI commands are described in Chapter 2, “Using the CLI.” Commands to access the CLI are described in Chapter 4, “System Access Configuration.” For configuration file and system image commands, see Chapter 3, “Configuration File Management.”

P a r t 2

Getting Started

This part describes the tasks and commands used to access and navigate the SmartEdge® OS command-line interface (CLI) and to manage SmartEdge OS configuration file storage.

This part consists of the following chapters:

• Chapter 2, “Using the CLI”

• Chapter 3, “Configuration File Management”

Using the CLI 2-1

C h a p t e r 2

Using the CLI

This chapter provides an overview of the command-line interface (CLI), describes the tasks used to initiate and navigate the CLI, manage database transactions, work with commands, and provides examples and detailed descriptions of the commands used to perform these tasks through the SmartEdge® OS.

This chapter includes the following sections:

• Overview

• CLI Tasks

• CLI Examples

• Command Descriptions

Overview

The primary administrator interface to the SmartEdge OS is the CLI. You access the CLI from the console port or through a remote session (for example, Telnet or Secure Shell [SSH]) to perform all configuration tasks and to monitor the SmartEdge OS. To access the SmartEdge OS software and its CLI, use either of the following methods:

• Connect to the console port—Located on the controller card and labeled “Craft 2”; you can connect a terminal to this port, either directly or through a terminal server.

• Connect to the Ethernet management port—Located on the controller card and labeled “ENET”; you can connect a terminal to the system over a LAN using this port if remote access using Telnet or SSH has been enabled.

If the console port has been secured or if the Ethernet management port has been configured, you are prompted to log on. If the console port has not been secured, you initiate your session by simply pressing Enter. In either case, your session begins in exec mode. To secure the console port and configure the Ethernet management port, see Chapter 4, “System Access Configuration.”

This section includes the following information about CLI commands:

• Commands and Case-Sensitivity

• Partially Typed Commands

• No and Default Forms of Commands

CLI Tasks


Commands and Case-SensitivityKeywords in commands are not case-sensitive. For example, the show version command is accepted if entered in any of the following ways: show version, SHOW VERSION, or Show Version.

Arguments are case-sensitive. For example, if you supply Customers for the ctx-name argument in the context ctx-name command, the SmartEdge OS software does not recognize the name customers as the same context.

Partially Typed CommandsIn all modes, the system recognizes and accepts partially typed commands and keywords, provided that you have entered a sufficient text to be unique. For example, rather than typing configure, you can type conf and press Enter to enter configuration mode. However, if you enter the string con, an error is returned, because insufficient characters have been entered to distinguish between the configure command, and the context command.

No and Default Forms of CommandsMany configuration commands support the no keyword. Typing the no keyword in front of a command disables the function, removes a command from the configuration, or sets a command to its default state. For example, to enable the Routing Information Protocol (RIP), enter the router rip command (in context configuration mode). To subsequently disable the RIP process and remove the command from the configuration, enter the no router rip command (in context configuration mode).

Many configuration commands support the default keyword. Typing the default keyword in front of a command returns a parameter or feature to the default state.

CLI Tasks

CLI tasks are described in the following sections:

• Log On and Initiate the CLI

• Navigate the CLI

• Manage Database Transactions

• Work with Commands

• Navigate CLI Output

Note In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the full description for the command in the “Command Descriptions” section.

CLI Tasks

Using the CLI 2-3

Log On and Initiate the CLITo initiate a CLI session, you log on to the SmartEdge router, either remotely connected to the Ethernet management port or directly connected to the console port; upon successful log on, the CLI is set to exec mode, by default.

To log on to the system, you must enter a valid administrator name and password at the appropriate prompts to gain access. The administrator name is of the form admin-name@ctx-name. The ctx-name specifies the name of the context the system uses for authentication. You can include a context for a logon, but the context name is optional—if a context name is not supplied, the local context is assumed.

When you connect to the system either directly to the console or remotely to the management port, the password you enter is not echoed. In addition, passwords are stored in the configuration file in encrypted format.

If you have configured the management port, you can establish a Telnet or SSH session to the system. There are many tools that provide Telnet and SSH access to remote systems. These tools are beyond the scope of this document. In general, you must provide the system name (the hostname configured for the system) or IP address (the IP address configured for the system management port), as well as an administrator name and password.

If you forget a password, you must delete the administrator account and create a new one; there is no way to modify the password for an administrator account.

If you forget all passwords on the system, you must perform the password discovery procedure described in the “Boot Loader Operations” in Appendix A, in the Basic System Operations Guide for the SmartEdge OS.

The SmartEdge OS provides default settings for local console sessions. You can customize these settings for the duration of the current session. To change the settings, see the “Session Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

After you are logged on to the system, you have access to the CLI, based on the context to which you are logged on and the privilege level of your account.

Note You must have an administrator account to log on. To configure the initial administrator account in the local context for a new system, see Chapter 4, “System Access Configuration”; to configure additional administrator accounts in any context, see Chapter 6, “Context Configuration.”

Note The separator character between the admin-name and the ctx-name arguments is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default character is @, which is used throughout this guide.

Note If you are using Telnet to access the system, to enter the Telnet shell (with the Telnet prompt), enter the ^] characters. The se_telnet> prompt displays.

CLI Tasks


Navigate the CLITo navigate the CLI, perform the tasks described in Table 2-1.

Manage Database TransactionsEvery configuration command that you enter becomes part of a database transaction, which has a transaction ID associated with it. Commands in a transaction are not incorporated into the database until you commit the transaction. To manage database transactions, perform the tasks described in Table 2-2.

Table 2-1 Navigate the CLI

Task Root Command Notes

Return the privilege level for the current exec session to the initial privilege level configured for the current administrator account.

disable When you create the account, the initial privilege level is specified. Enter this command in exec mode.

Change the current privilege level for an exec session. enable You can specify a level up to the level specified for your account.Enter this command in exec mode.

Return to exec mode while in any configuration mode. end Enter this command in any configuration mode.

Terminate the current CLI session while in exec mode. exit Enter this command in any configuration mode.

Move up one level in the configuration mode hierarchy while in a configuration mode; return to exec mode while in global configuration mode.

exit Enter this command in any configuration mode.

Enter global configuration mode from exec mode. configure Enter this command in exec mode.

Enter a configuration mode from another configuration mode. See Table 1-2 for the command to enter the mode.

Note Within any configuration mode, you can enter commands that are available at the one level higher than the current configuration mode without first entering the exit command to return to the higher-level configuration mode. For example, within interface configuration mode, you can type any of the commands in that mode and any commands in the context configuration mode—the next highest mode in the hierarchy.

Table 2-2 Manage Database Transactions


Begin a transaction and enter global configuration mode. configure Enter this command in exec mode.

Erase the current transaction and begin a new one. abort Enter this command in any configuration mode.

Assign a comment to the current configuration database transaction. The description can only be viewed with the show transaction command.

comment Enter this command in any configuration mode. For more information on the show transaction command, see the “Using the CLI” chapter, in the Basic System Operations Guide for the SmartEdge OS.

Save the current transaction and begin a new one. commit Enter this command in any configuration mode.

CLI Tasks

Using the CLI 2-5

Work with CommandsThe following sections provide techniques for working with commands:

• Display Help for a Command

• Recall Previous Command Entries

• Edit Command Entries

• Complete a Command

Display Help for a CommandYou can access the online Help for the CLI in the following ways:

• Use the ? command when entering a command to display the options available at the current state of the command syntax.

• Use the help command to display how to use the ? character to obtain help.

Table 2-3 lists these commands; enter either command in any mode.

Recall Previous Command EntriesTable 2-4 lists two Emacs-style command keyboard sequences that allow you to step through previously entered commands.

Save the current trans action, exit the current configuration mode, and return to exec mode.

end Enter this command in any mode.

Neither save nor delete the current transaction when returning to the next highest level configuration mode; commit the transaction when exiting global configuration mode and returning to exec mode.

exit Enter this command in any mode.

Table 2-3 Access Online Help


Obtain help for the current command. ?

Obtain help for using the ? command. help

Note To enter the ? character as part of a command, when it is not a request for online Help, enter the Esc key followed by the ? character.

Table 2-4 Recall Previously Entered Commands

Keyboard Description

Ctrl+p or up arrow Recalls previous command in the command history

Ctrl+n or down arrow Recalls next command in the command history

Table 2-2 Manage Database Transactions (continued)


CLI Tasks


Edit Command EntriesTable 2-5 lists additional Emacs-style command keyboard sequences.

Complete a CommandYou can use the Tab key in any mode to complete a command. Partially typing a command name and pressing the Tab key causes the command to be displayed in full to the point where a further choice has to be made.

Navigate CLI OutputThe CLI automatically pages output for console, Telnet, and Secure Shell (SSH) sessions. The SmartEdge OS prints “--more--” to indicate the presence of more output. To navigate command output, use the keyboard sequences described in Table 2-6.

Table 2-5 Additional Emacs-Style Keyboard Sequences

Keyboard Description

Ctrl+f or right arrow Moves cursor forward one character

Ctrl+b or left arrow Moves cursor backward one character

Esc+f Moves cursor forward one word

Esc+b Moves cursor backward one word

Ctrl+a Moves cursor to beginning of line

Ctrl+e Moves cursor to end of line

Ctrl+k Deletes to end of line

Ctrl+u Deletes to beginning of line

Ctrl+d Deletes character

Esc+d Deletes word

Ctrl+c Quits editing the current line

Ctrl+l Refreshes (redraws) the current line

Ctrl+t Transposes current character with previous

Table 2-6 Auto-More Keys and Functions

Key Function

q Skips all remaining output and returns to the CLI prompt

Enter Displays one additional line of output

Space Displays the next page of output

b Displays the previous page of output

Note You can use the terminal length and terminal width commands (in exec mode) to specify a terminal size to correctly paginate the output. For more information, see the “Session Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

CLI Examples

Using the CLI 2-7

CLI Examples

This section provides configuration examples for:

• Exit Command Modes

• Display Available Commands, Keywords, and Arguments

• Manage Database Transactions

Exit Command ModesThe following example exits global configuration mode and returns to exec mode:

[local]Redback(config)#exit[local]Redback#

The following example exits a CLI session:

[local]Redback>exit

The following example exits context configuration mode and returns to exec mode:

[local]Redback(config-ctx)#end[local]Redback#

Display Available Commands, Keywords, and ArgumentsThe following example displays the commands available (in exec mode) for an administrator with a default privilege level of 6 (> prompt):

[local]Redback>?

atm ATM Operationsdebug Modify debugging parametersdisable Drop into disable user modeedit Edit a file with vienable Modify command mode privilegeexit Exit exec modehelp Description of the interactive help systemmonitor Monitor informationmore Display the contents of a filemrinfo Request multicast router informationmtrace Trace reverse multicast path from source to receiverno Disable an interactive optionping Packet Internet Groper Commandshow Show running system informationssh Execute SSH/SSHD commandstalk talk to usertelnet Telnet to a hostterminal Modify terminal settingstraceroute Trace route to destination

CLI Examples


The following example uses partial help to display all commands (in global configuration mode) that begin with the character sequence cl:

[local]Redback(config)#cl?

clock clock-source

The following example uses full help to display the next argument of a partially complete clock command in global configuration mode:

[local]Redback(config)#system clock ?

summer-time Configure summer (daylight savings) timetimezone Configure time zone

Manage Database TransactionsThis section provides examples for the following types of database transactions:

• Commit Transactions

• Delete Transactions

• Provide Comments for Transactions

Commit TransactionsThe following example commits the current database transaction in 60 minutes, and includes the comment, Cfg BGP in local ctx, to help identify the commit:

[local]Redback(config)#commit in 60 Cfg BGP in local ctx

The following example, by another administrator logged on to the current session, displays information about the transaction:

[local]Redback>show transaction

TID State User Wait Comment-------------------------------------------------------------------3491 Waiting to Commit admin1 60 min Cfg BGP in local ctx

For more information on the show transaction command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Delete TransactionsThe following example deletes the current transaction:

[local]Redback(config)#abort

Command Descriptions

Using the CLI 2-9

Provide Comments for TransactionsThe following example provides a comment for the current transaction:

[local]Redback(config-ctx)#comment Config context local


This section describes the syntax and usage guidelines for the commands used to initiate and navigate the CLI, manage database transactions, and display command history. The commands are presented in alphabetical order.

? abort comment commit disable

enable end exit help



??

PurposeDisplays brief system help for the available commands or command options.

Command Modeall modes

Syntax DescriptionThis command has no keywords or arguments.

DefaultNone

Usage GuidelinesUse the ? command to display brief system help on the available commands or command options.

To list all valid commands available in the current mode, enter a question mark (?) at the system prompt.

To list the associated keywords or arguments for a command, enter the ? command in place of a keyword or argument on the command line. This form of help is called full help, because it lists the keywords or arguments that apply to the command based on the full command, keywords, and arguments you have already entered.

To obtain a list of commands or keywords that begin with a particular character string, enter the abbreviated command or keyword immediately followed by the ? command. This form of help is called partial help, because it lists only the commands or keywords that begin with the abbreviation you entered.

ExamplesThe following example displays exec commands available for a user with a privilege level of 6 (> prompt):

[local]Redback>?

atm ATM Operationsdebug Modify debugging parametersdisable Drop into disable user modeedit Edit a file with vienable Modify command mode privilegeexit Exit exec modehelp Description of the interactive help systemmonitor Monitor informationmore Display the contents of a filemrinfo Request multicast router information

Note To enter the ? character as part of a command, when it is not a request for online Help, enter the Esc character followed by the ? character.


Using the CLI 2-11

mtrace Trace reverse multicast path from source to receiverno Disable an interactive optionping Packet Internet Groper Commandshow Show running system informationssh Execute SSH/SSHD commandstalk talk to usertelnet Telnet to a hostterminal Modify terminal settingstraceroute Trace route to destination

The following example shows how to use partial help to display all commands (in global configuration mode) that begin with the character sequence sy:

[local]Redback(config)#sy?

system system clock-source

The following example shows how to use full help to display the next argument of a partially complete system clock command (in global configuration mode):

[local]Redback(config)#system clock ?

summer-time Configure summer (daylight savings) timetimezone Configure time zone

[local]Redback(config-ctx)#system clock

Related Commandshelp



abortabort

PurposeDeletes an outstanding database transaction.

Command Modeall configuration modes


DefaultNone

Usage GuidelinesUse the abort command to delete an outstanding database transaction, which includes all configuration commands entered since the beginning of the configuration session, or since the latest abort or commit command.

In any configuration mode, this command deletes the database transaction for the current configuration session; a new database transaction is started for the configuration session, and subsequent commands entered in the session are part of the new transaction.

ExamplesThe following example deletes the current database transaction:

[local]Redback#abort

Related Commandscomment commit

Caution Risk of data loss. When you use the abort command (in any configuration mode) to delete the current transaction, all configuration information associated with the transaction is deleted and cannot be recovered. To minimize the risk, save your configuration before and after you enter the transaction commands, and do not abort the transaction without ensuring that you do not need the commands in it.


Using the CLI 2-13

commentcomment text

PurposeAssigns a comment to the current configuration database transaction.


Syntax Description

DefaultNone

Usage GuidelinesUse the comment command to assign a textual description to the current configuration database transaction. This string displays in the output of the show transaction command (in any mode). For more information on the show transaction command (in any mode), see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

You can modify the comment at any point during a configuration session.

ExamplesThe following example assigns a comment for the current configuration database transaction:

[local]Redback(config-ctx)#comment Config context local

Related Commandsabort commit

text Text string of up to 25 characters describing the current configuration database transaction.

Note When you enter the comment command, any existing comment is overwritten.



commitcommit [at yyyy:mm:dd:hh:mm[:ss] | in minutes] [text]

PurposeCommits an outstanding configuration database transaction.


Syntax Description

DefaultIn any configuration mode, commits the current configuration database transaction.

Usage GuidelinesUse the commit command to commit an outstanding configuration database transaction. You can use the at or in keywords to schedule the transaction to be committed at a later time. You can also associate a comment with the transaction.

Commands entered in any configuration mode do not immediately change the working configuration of the router. Outstanding configuration commands are maintained in a transaction. To commit the transaction so that the commands take effect, you must enter the commit command.

When any database transaction is committed, a new database transaction is started for the configuration session, and subsequent commands entered in the session are part of the new transaction.

at yyyy:mm:dd:hh:mm[:ss] Optional. Time at which to commit the configuration database transaction, specified as year, month, day, hour, minutes, and optionally, seconds. The hour is in a 24-hour format; for example, 6:00 p.m. is 18:00. This construct is not allowed in exec mode.

in minutes Optional. Number of minutes to wait before committing current database transaction. This construct is not allowed in exec mode.

text Optional. Text string of up to 25 characters describing the transaction.

Caution Risk of incorrect operation. You can cause problems in your system if you commit configuration changes to the database before you validate them. To reduce the risk, always save your configuration before and after you enter the transaction commands in separate files, and validate the configuration changes in the transaction before you commit it.


Using the CLI 2-15

ExamplesThe following example examines commits the current database transaction in 60 minutes, with the comment Cfg BGP in local ctx:

[local]Redback(config)#commit in 60 Cfg BGP in local ctx

The following example displays information on the transaction:

[local]Redback>show transaction

TID State Sequence State InformationUser Comment

-------------------------------------------------------------------------------3491 Waiting to Commit 3634 Committing in 60 min

admin1 Cfg BGP in local ctx

For more information on the show transaction command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Related Commands

Note The configuration database is locked whenever the system is not ready to incorporate your configuration commands with the commit command. During a database locked situation, you can enter global configuration mode, and can test out modifications, but you cannot commit these changes. If you attempt to commit a configuration change when the database is locked, you are notified with a prompt to either wait for the lock to be freed, or to return to the configuration mode prompt:

• Waiting causes the system to wait until the lock is freed or up to 20 seconds before prompting you again.

• Returning to the configuration mode prompt leaves your configuration changes as they are, so that you can make more configuration changes or commit your changes at a later time.

abortcomment

end exit



disabledisable

PurposeReturns the privilege level for the current exec session to the initial privilege level configured for the current administrator account.

Command Modeexec

Syntax DescriptionThis command has no arguments or keywords.

DefaultNone

Usage GuidelinesUse the disable command to return the privilege level for the current exec session to the initial privilege level configured for the current administrator account. The no enable command (in exec mode) performs the same function. This command is available for any privilege level.

ExamplesThe following example displays the enabled privilege level for the current exec session:

[local]Redback#show privilege

Current privilege level is 15

The following example returns the current exec session to the initial privilege level for the administrator:

[local]Redback#disable[local]Redback>show privilege level

The current privilege level is 6

Related Commandsenable privilege max privilege start


Using the CLI 2-17

enableenable [level]

no enable

PurposeModifies the privilege level for the current exec session.

Command Modeexec

Syntax Description

DefaultWhen you enter this command without the level argument, the current exec session is held at level 15. For whatever value is set, the administrator’s privilege level must be the same or higher.

Usage GuidelinesUse the enable command to modify the privilege level for the current exec session. Use the level argument to select the desired privilege level, up to the maximum privilege level configured for this administrator account. If this argument is omitted, the maximum privilege level (15) is enabled. This command is available for any privilege level.

If enable password authentication is enabled on the system (by default, local authentication is enabled; see the enable authentication command (in context configuration mode)), but no passwords are configured (using the enable password command (in context configuration mode)), you can only enter the enable command on the console port; the system does not prompt for a password. After you have configured at least one password, you can enter the enable command from the console or a remote session. If an enable password is configured for the requested privilege level, the system prompts for the password; otherwise, the system displays an error message and does not change the privilege level for the exec session.

If enable password authentication is disabled on the system, the system does not prompt for a password when you modify the exec session privilege level.

Use the no form of this command to return to the initial privilege level configured for the administrator account. The disable command (in exec mode) performs the same function.

level Optional. Requested privilege level. The range of values is 0 to 15; if you enter no value, the system defaults to 15.



ExamplesThe following example shows an administrator attempting to set the privilege level for the exec session to a privilege level for which no password is configured:

[local]Redback>enable 10

%No enable password configured for this level

The following example sets the current exec session privilege level to 15. The system prompts for the password, which is not displayed on the screen. After the administrator enters the correct password, the system enters privileged mode as indicated by the pound sign (#) in the prompt.


Password:[local]Redback#

Related Commands

enableenable authenticationenable encrypted

enable passwordprivilege maxprivilege start


Using the CLI 2-19

endend

PurposeExits the current configuration mode and returns to exec mode.



DefaultNone

Usage GuidelinesUse the end command to exit the current configuration mode and return to exec mode. When you enter this command, all commands that you have entered since the beginning of the configuration session, or since the last abort or commit command (in configuration mode), are committed to the database.

ExamplesThe following example displays an administrator exiting context configuration mode and returning to exec mode:

[local]Redback(config-ctx)#end[local]Redback#

Related Commandsabort commit exit



exitexit

PurposeExits the current configuration mode and returns to the next highest level configuration mode. At the exec prompt, closes an active terminal or console session, and terminates the session.



DefaultNone

Usage GuidelinesUse the exit command to exit the current configuration mode, return to exec mode, or close an active terminal or console session.

Entering this command (in any configuration mode) exits the current configuration mode and returns to the next highest level configuration mode. When you enter this command (in global configuration mode) and return to exec mode, all commands that you have entered since the beginning of the configuration session, or since the last abort or commit command (in configuration mode), are committed to the database.

ExamplesThe following example shows an administrator exiting global configuration mode and returning to exec mode:

[local]Redback(config)#exit[local]Redback#

The following example shows how to exit an active Telnet session:

[local]Redback>exit

Related Commandsabort commit end


Using the CLI 2-21

helphelp

PurposeDescribes how to use the question mark (?) command to display help about available commands or command options.



DefaultNone

Usage GuidelinesUse the help command to display a brief description of the ? command. You can enter this command in any mode. The output describes full help, which you use to identify all possible arguments to a command or command keyword; and partial help, which you use to identify how to complete a command keyword.

ExamplesThe following example displays the output from the help command:

[local]Redback>help

Help may be requested at any point in a command by enteringa question mark '?'. If nothing matches, the help list willbe empty and you must backup until entering a '?' shows theavailable options.Two styles of help are provided:1. Full help is available when you are ready to enter a

command argument (e.g. 'show ?') and describes each possibleargument.

2. Partial help is provided when an abbreviated argument is enteredand you want to know what arguments match the input(e.g. 'show pr?'.)

Related Commands?

Configuration File Management 3-1

C h a p t e r 3

Configuration File Management

This chapter provides an overview of file storage and configuration files and describes the tasks and commands that are used to load and save system configuration files through the SmartEdge® OS.

For a description of the tasks used to administer file storage and releases, see the “File and Release Operations” chapter in the Basic System Operations Guide for the SmartEdge OS. For information about the boot loader interface, see the “System Recovery Operations” section in Appendix A, “Boot Loader Operations in the Basic System Operations Guide for the SmartEdge OS.


• Overview

• File Management Tasks

• File Management Examples


Overview

This section includes the following topics:

• Software Storage Organization

• Configuration Files

• Storage for System Images and Configuration Files

• URLs


The term, chassis, refers to any SmartEdge chassis; the term, SmartEdge 800, refers to any version of the SmartEdge 800 chassis.

Overview


Software Storage OrganizationEach SmartEdge chassis can contain one or two controller cards. If there are two controller cards, one is active and the other is standby. Each controller card has two internal compact-flash cards: one to store the SmartEdge OS, configuration, and other system files, and one to store the low-level software. The compact-flash card for the low-level software is not accessible from the command-line interface (CLI).

The compact-flash card that stores the operating system files is also referred to as the NetBSD compact-flash card. Storage on the NetBSD compact-flash card is divided into three independent partitions: p01, p02, and /flash:

• The p01 and p02 partitions are system boot partitions used to store SmartEdge OS image files; one is the active partition and one is the alternate partition.

The active partition always stores the current SmartEdge OS image files; the alternate partition is either empty or stores the SmartEdge OS image files from a previous release.

The controller cards in the SmartEdge router ship with the current SmartEdge OS release, which consists of many files, installed in the active partition, either p01 or p02. The system is configured to automatically load the release installed on the active partition when the system is powered up.

• The /flash partition is configured as a UNIX-based local file system device and is used to store configuration files, core dump files, and other operating system files.

• The size of the NetBSD compact flash cards in the active and standby controllers cards need not match, but both cards must have at least 192 MB capacity.

You can also install a 1-GB mass-storage device in the external slot of a controller card for additional storage space. The device is divided into two independent partitions, a UNIX-based file system, /md, and a partition to store operating system core dumps.

Configuration FilesA configuration file is a script of configuration commands that can be loaded into the system. Configuration files can contain partial configurations and more than one can be read at any time. This allows you to keep sequences of commands that may be required from time to time.

A configuration file can have two versions: a text version and a binary version. The system generates both versions of the file when you enter the save configuration command (in exec mode).

By default (if a different file has not been specified with the boot configuration command, in global configuration mode), the system automatically loads the binary version of the system configuration file, redback.bin, from the local file system during system power on or reload. If the binary version does not exist, or if it does not match the redback.cfg file, the system loads the redback.cfg file.

The redback.cfg file is loaded on the file system at the factory, but if the file does not exist, the system automatically generates a minimal configuration. You can then begin to modify the configuration.

You can modify the active system configuration in both of the following ways:

• You can change the system configuration interactively.

• You can create and modify configuration files offline.

Note If you install a mass-storage device in the active controller card, you must also install one in the standby controller card.

Overview


An interactive configuration consists of beginning a command-line interface (CLI) session, and then accessing global configuration mode by entering the configure command (in exec mode). In global configuration mode, you can enter any number of configuration commands.

An offline configuration allows you to enter configuration commands using any text editor and save the file to be loaded by the operating system at a later time.

The SmartEdge OS supports comment lines within configuration files. To add a comment to your configuration file, simply begin the line using the exclamation point (!) key. When you load a configuration file, any line that begins with the ! key is not processed as a command.

Storage for System Images and Configuration FilesSystem images and configuration files can be stored locally in the /flash partition on the internal compact-flash card or in the /md partition on the mass-storage device.

You can also store them on a remote server and access them using the File Transfer Protocol (FTP), Remote Copy Protocol (RCP), Secured Copy Protocol (SCP), Secured File Transfer Protocol (SFTP), or Trivial File Transfer Protocol (TFTP).

You can also use the Redback® proprietary MIB, RBN-CONFIG-FILE-MIB, to save and load configuration files to and from a TFTP or FTP server. The server must be reachable through one of the system ports.

URLsMany SmartEdge OS commands use a URL to access a file. For details on a particular command, see the “Usage Guidelines” section for that command in the appropriate chapter. When referring to a file on the local file system, the URL takes the following form:

[/device][/directory]/filename.ext

Configuration files can be stored on the local file system (/flash) or on the mass-storage device (/md) on a SmartEdge system. The device argument can be flash, or if a mass-storage device is installed, md. If the device argument is not specified, the default value is the device in the current working directory. If the directory argument is not specified, the default value is the current directory. Directories can be nested. The filename argument can be up to 256 characters in length.

You can also access files using the FTP, RCP, SCP, SFTP, or TFTP. Table 3-1 describes the syntax for the url argument when accessing a remote server.

Note For operations that request the use of transfer protocol, such as FTP, SCP, or TFTP, it is assumed that there is a system configured and reachable by the SmartEdge router to service these requests.

Table 3-1 url Syntax for Accessing a Remote Server

Server Protocol URL Format

FTP, SCP, or SFTP ftp://username[:passwd]@{ip-addr | hostname}[//directory]/filename.extscp://username[:passwd]@{ip-addr | hostname}[//directory]/filename.extsftp://username[:passwd]@{ip-addr | hostname}[//directory]/filename.ext

RCP rcp://username@{ip-addr | hostname}[//directory]/filename.ext

TFTP ftp://{ip-addr | hostname}[//directory]/filename.ext

File Management Tasks


File Management Tasks

To load and save configuration files, perform the tasks described in Table 3-2.

File Management Examples

The following example loads the configuration file, test.cfg:

[local]Redback(config)#configure test.cfg besteffort verbose


This section describes the syntax and usage guidelines for the commands used to load and save system configuration files. The commands are presented in alphabetical order.

Note Use double slashes (//) if the pathname to the directory on the remote server is an absolute pathname; use a single slash (/) if it is a relative pathname (under the hierarchy of username account home directory).

You can specify the hostname argument only if the Domain Name System (DNS) is enabled with the ip domain-lookup, ip domain-name, and ip name-servers commands (in context configuration mode). For more information, see the “DNS Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Note In this section, the command syntax in the task table displays only the root command; for the complete command syntax, see the full description for the command in the “Command Descriptions” section.

Table 3-2 Load and Save Configuration Files


Set the boot configuration file. boot configuration Enter this command in global configuration mode.

Load a configuration file. configure Enter the configure and save configuration commands in exec mode. You must specify the URL of the file.Save the running configuration to a specified file

on the local or a remote file system.save configuration

boot configuration configure save configuration



boot configurationboot configuration url

no boot configuration url

default boot configuration

PurposeSpecifies a configuration file to be read when the system boots.

Command Mode global configuration

Syntax Description

DefaultThe boot configuration file is /flash/redback.cfg.

Usage GuidelinesUse the boot configuration command to specify a configuration file to be read when the system is loaded after a power on sequence or a reload. When you enter this command, any previously configured boot configuration file is replaced.

You must specify a file on the local file system, with a URL in the following form:


The device argument can be flash, or if a mass-storage device is installed, md. If the device argument is not specified, the default value is the device in the current working directory. If the directory argument is not specified, the default value is the current directory. Directories can be nested. The filename argument can be up to 256 characters in length.

Use the no form of this command to undo a previous boot configuration command. You must provide the same url argument provided in that previous command.

Use the default form of this command to set the configuration file to the default boot configuration file.

ExamplesThe following example specifies that the file, old_config.cfg, be loaded when the system is reloaded or powered on:

[local]Redback(config)#boot configuration /flash/old_config.cfg

url URL of a configuration file to be read at boot time.

Note The system loads the binary version of the redback.cfg file if it is available. The system creates the binary version when you enter the save configuration command (in exec mode) without specifying a filename.



The following example specifies that the default configuration file be loaded when the system is reloaded or powered on:

[local]Redback(config)#default boot configuration

Related Commandsconfigure



configureconfigure url [besteffort [implicit]] [verbose [lines]]

PurposeConfigures the system from a preexisting configuration file on the local or a remote file system.

Command Modeexec (10)

Syntax Description

DefaultNone

Usage GuidelinesUse the configure url command to configure the system from a configuration file on the local or a remote file system. Configuration commands are read from the file associated with the URL that you specify with the url argument. The system does not restart when loading a configuration file.

When referring to a file on the local file system, the URL takes the following form:


The device argument can be flash, or if a mass-storage device is installed, md. If the device argument is not specified, the default value is the device in the current working directory. If the directory argument is not specified, the default value is the current directory. Directories can be nested. The filename argument can be up to 256 characters in length.

You can also access files using the File Transfer Protocol (FTP), Remote Copy Protocol (RCP), Secured Copy Protocol (SCP), Secured File Transfer Protocol (SFTP), or Trivial File Transfer Protocol (TFTP).

url URL of an existing configuration file. For the format of this argument, see the “Usage Guidelines” section.

besteffort Optional. Ignores errors in the configuration file, and continues executing the command file.

implicit Optional. Commits the changes to the configuration database as the file is processed.

verbose Optional. Displays each line and its line number when configuring from a preexisting configuration file.

lines Optional. Number of configuration file lines to process. The range of values is 1 to 4,294,967,295; the default value is to process all lines.



Table 3-3 describes the syntax for the url argument when accessing a file on a remote server.

The filename argument can be up to 256 characters in length. The hostname argument can only be used if Domain Name System (DNS) is enabled with the ip domain-lookup, ip domain-name, and ip name-servers commands (in context configuration mode). For more information, see the “DNS Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

By default, if an error is encountered, the system displays a message and stops processing the configuration file. Use the besteffort keyword to configure the system to continue processing a file, even if an error is encountered; in this case, all commands in the configuration file that do not fail are applied to the database.

Use the implicit keyword to commit the configuration changes to the database as the file is processed unless the database or a database record is locked.

If the system stops a commit because of a database lock, the system displays the following message:

Database lock contention detected globally locked for:

and then displays the reason for the database lock with the following prompt:

Would you like to wait (w) or abort (a)?

If the system stops a commit because of a record lock, the system displays the following message:

Database lock contention detectedlocked by process nn with transaction id nnnnlocking transaction was started on transaction-date-time

Would you like to wait (w) or abort (a)?

Enter w to wait until the database is unlocked; enter a to cancel the current transaction and roll back the database to the previous commit.

Table 3-3 url Syntax for Accessing a File on a Remote Server





Note Use the // if the pathname to the directory on the remote server is an absolute pathname; use a single / if it is a relative pathname (under the hierarchy of username account home directory).

Note If you enter this command without specifying a URL, the system begins an interactive configuration session and enters global configuration mode. For information about using the configure command for this purpose, see Chapter 5, “Basic System Configuration.”



Possible reasons for a database lock include:

• Standby Synchronization—The online database in the memory of the standby controller card is being synchronized with the online database in the memory of the active controller card.

• Binary Configuration—The binary configuration file on the local file system is being updated from the online database.

• Switchover—The system is in the process of switching over from the currently active controller card to the standby controller card.

• Backend Bulk Download—The online database is being accessed by another process on the system.

ExamplesThe following example configures the system from a configuration file on the local file system:

[local]Redback#configure /flash/old_config.cfg

Related Commandsexit



save configurationsave configuration [url] [-noconfirm]

PurposeSaves the current configuration of the SmartEdge router to a specified file.


Syntax Description

DefaultCommands are saved to the default configuration file.

Usage GuidelinesUse the save configuration command to save the current configuration of the system to a specified file.

Only those commands that modify the default configuration of the SmartEdge router are saved.

When saving the configuration to the local file system, the URL takes the following form:


The device argument can be flash, or if a mass-storage device is installed, md. If the device argument is not specified, the default value is the device in the current working directory. If the directory argument is not specified, the default value is the current directory. Directories can be nested. The filename argument can be up to 256 characters in length. If the filename.ext argument is not specified, the configuration is saved to redback.cfg.

To ensure that the binary version of the default configuration file (/flash/redback.bin) is created correctly when saving to redback.cfg, enter this command without a filename or specify redback.cfg as the filename without a device or directory. For more information about these files, see the “Configuration Files” section.

When saving the configuration to a remote server, you can use the File Transfer Protocol (FTP), Remote Copy Protocol (RCP), Secured Copy Protocol (SCP), Secured File Transfer Protocol (SFTP), or Trivial File Transfer Protocol (TFTP).

url Optional. URL of the file to which the configuration is saved; if not specified the configuration is saved to redback.cfg.

-noconfirm Optional. Replaces an existing file without prompting for confirmation.



Table 3-4 describes the syntax for the url argument when saving the file to a remote server.

The filename argument can be up to 256 characters in length. The hostname argument can be used only if DNS is enabled with the ip domain-lookup, ip domain-name, and ip name-servers commands (in context configuration mode). For more information, see the “DNS Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

If you attempt to overwrite an existing file on the local file system, the system prompts you for confirmation. Use the optional -noconfirm keyword to replace an existing file without providing confirmation to the system. In either case, the system saves a backup of the existing file with the .bak file extension. Only a single copy of the file is saved as a backup.

ExamplesThe following example saves the current active system configuration to a file, current.cfg, on the local file system. The user is prompted to overwrite an existing file.

[local]Redback#save configuration /flash/current.cfg

Save to file: current.cfgTarget file exists, overwrite? y

The following example shows that the existing current.cfg file has been saved as current.cfg.bak:

[local]Redback#directory /flash

Contents of /flashtotal 2590-rw-r--r-- 1 root 10000 4564 Mar 21 2003 current.cfg-rw-r--r-- 1 root 10000 3654 Mar 24 2003 current.cfg.bak-rw-r--r-- 1 root 10000 1578 Jan 20 2003 redback.cfg

Related Commandsboot configuration

Table 3-4 url Syntax for the save Command





Note Use the // if the pathname to the directory on the remote server is an absolute pathname; use a single / if it is a relative pathname (under the hierarchy of username account home directory).

P a r t 3

Session and System

This part describes the tasks and commands used to configure system access and basic system parameters through the SmartEdge® OS command-line interface (CLI).


• Chapter 4, “System Access Configuration”

• Chapter 5, “Basic System Configuration”

System Access Configuration 4-1

C h a p t e r 4

System Access Configuration

This chapter provides an overview of accessing the SmartEdge® router and its software, describes the tasks used to configure system access features, and provides configuration examples and detailed descriptions of the commands used to configure system access through the SmartEdge OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer system access, see the “Session Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview

• Configuration Tasks

• Configuration Examples


Overview

You can access the SmartEdge OS software and its command line-interface (CLI) using either of the following methods:

• The console port—Located on the controller card and labeled “Craft 2”; you can connect a terminal to this port, either directly or through a terminal server.

• The Ethernet management port—Located on the controller card and labeled “ENET”; you can configure the system to enable remote access using Telnet and Secure Shell (SSH) with this port; you can then access the system remotely using a LAN.

The SmartEdge OS supports up to 20 concurrent remote sessions (Telnet and SSH) plus one console port connection to the system. An administrator can have up to 20 concurrent (remote or console) sessions. You can establish different maximums for individual contexts, but the total number of concurrent sessions is 20. For more information about limiting the number of sessions for a context, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Remote access also enables remote file operations, such as downloading and uploading files from and to a remote server, with utilities such as File Transfer Protocol (FTP), Secure FTP (SFTP), Trivial FTP (TFTP), and others. Remote access is disabled by default.

Configuration Tasks


Configuration Tasks

This section describes the tasks used to configure the system to allow access through Telnet and SSH, access remote systems supported by the SmartEdge OS, and relay any relevant system messages to the user. It includes the following topics:

• Initial Log On to the Console Port

• Configure a Local Administrator Account

• Configure the Management Port

• Configure SSH Attributes

• Configure SmartEdge OS Banners

• Configure Session Inactivity Timers

Initial Log On to the Console PortYou can connect a terminal to this port, either directly or through a terminal server; see the appropriate hardware guide for your system for information about connecting and configuring a terminal for use with the console port.

Before you configure the system, the console is not secured; to initiate a session, simply press Enter.

Configure a Local Administrator AccountTo secure the local console and enable remote access, you must configure at least one administrator account on the system. For a newly installed system with only the local context available, you configure an administrator account in the local context. For information about administrator accounts configured in any context, see Chapter 6, “Context Configuration.” To configure an administrator account, perform the tasks described in Table 4-1.

Note The term, chassis, refers to any SmartEdge chassis; the term, SmartEdge 800, refers to any version of the SmartEdge 800 chassis.


Table 4-1 Configure an Administrator Account


1. Access context configuration mode. context Enter this command in global configuration mode.Specify local as the context.

2. Create an administrator logon account, secure the console port, enable remote access to the system, and access administrator configuration mode.

administrator Enter this command in content configuration mode.

Configuration Tasks


Configure the Management PortThe management port is the 10/100 Ethernet port located on the controller card and is designated for system management. The management port is usually configured in the local context.

To configure the management port, perform the tasks described in Table 4-2.

3. Specify general attributes for the account; enter these commands in administrator configuration mode (all attributes are optional):

Assign a full name or textual description for the administrator.

full-name

Specify the initial privilege level for exec sessions initiated by an administrator.

privilege start The default value is 6; specify a setting of 10 to allow the local administrator to enter configuration commands without needing to enter the enable command (in exec mode).

Specify the maximum privilege level for an administrator.

privilege max The default value is 15, which is suitable for the local administrator.

Specify public key authentication for an administrator accessing the SmartEdge OS CLI through SSH.

public-key

Note Only the management port on the active controller card is enabled. By default, when the system is powered on or reloaded, the active controller card is in slot 7 in a SmartEdge 800 chassis and slot 6 in a SmartEdge 400 chassis.

Table 4-2 Configure the Management Port


1. Accesses context configuration mode. context Enter this command in global configuration mode. Specify local as the context.

2. Creates an interface for the management port and access interface configuration mode.

interface Enter this command in context configuration mode.

3. Assigns an IP address to the interface. ip address Enter this command in interface configuration mode.

4. Selects the management port and access port configuration mode.

port ethernet Enter this command in global configuration mode.The Ethernet management port is port 1 on a controller card. The slot number is 7 in a SmartEdge 800 chassis and 6 in a SmartEdge 400 chassis. For a description of this command, see the “ATM, Ethernet, and POS Port Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

5. Binds the management port to the interface created in step 2.

bind interface For a description of this command, see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Table 4-1 Configure an Administrator Account (continued)


Configuration Tasks


Configure SSH AttributesThe SmartEdge OS software supports SSH access to the CLI. Remote access to the CLI using SSH is similar to remote access using Telnet, in that administrators use the same administrator name and password stored in the SmartEdge OS configuration file, in Remote Authentication Dial-In User Service (RADIUS), or in Terminal Access Controller Access Control System Plus (TACACS+). The difference is that with SSH, the interactive session is encrypted with the single DES encryption algorithm. This makes eavesdropping on administrator names, passwords, and other data transmitted over the network very difficult.

You must complete the tasks described in Table 4-2, before you configure the SSH attribute.

The SmartEdge OS software supports three attributes that work in conjunction to instruct the SSH server software how to handle incoming requests. To configure SSH attributes, perform one or more of the tasks described in Table 4-3; enter all commands in global configuration mode.

Configure SmartEdge OS BannersTo configure banners to display different types of messages seen by administrators and subscribers, perform one or more of the tasks described in Table 4-4; enter all commands in global configuration mode.

6. Disables the port. shutdown Use the no form to enable the port. For a description of this command, see the “Clear-Channel and Channelized Port and Channel Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Note If the system has dual controller cards installed, it is sufficient to configure the Ethernet management port on the controller card in slot 7 or 6, depending on the chassis. Access to the system is switched to the standby controller card if it should become the active controller card during normal operations.

Table 4-3 Configure SSH Attributes


Specify the maximum number of concurrent SSH sessions on the system.

ssh server full-drop

Specify the number of concurrent sessions after which the system starts dropping SSH connection requests.

ssh server start-drop

Specify the rate at which the system drops SSH connection requests after the start-drop value has been reached.

ssh server rate-drop

Note The number of authenticated administrative sessions in any context is also configurable. For more information about specifying the maximum number of authenticated administrative sessions in a context, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Table 4-2 Configure the Management Port


Configuration Examples


Configure Session Inactivity TimersTo configure session inactivity timers, perform one or more of the tasks described in Table 4-5; enter all commands in global configuration mode.


The following example displays the creation of an administrator account with the administrator name super and the password icandoanything. Because this account is created in the local context, this administrator is able to view and modify the entire system configuration, and view all running information on the system. When the administrator logs on to the system, the initial privilege level is 10. The administrator can modify the privilege level up to the maximum of 15.

[local]Redback#configure[local]Redback(config)#context local[local]Redback(config-ctx)#administrator super password icandoanything[local]Redback(config-administrator)#full-name "Fred P. Lynch x.1234"[local]Redback(config-administrator)#privilege start 10[local]Redback(config-administrator)#privilege max 15

The following example configures the management port on the controller card in slot 7:

[local]Redback#configure!Create the interface in the local context and assign an IP address[local]Redback(config)#context local[local]Redback(config-ctx)#interface mgmt[local]Redback(config-if)#ip address 192.168.110.1 255.255.255.0[local]Redback(config-if)#exit

!Configure the management port[local]Redback(config)#port ethernet 7/1[local]Redback(config-port)#bind interface mgmt local

Table 4-4 Configure SmartEdge OS Banners


Create a message that displays after a user logs on to the system.

banner exec

Create a message of the day (MOTD) that displays on all connected systems before the login prompt.

banner motd The message displays only for Telnet and SSH sessions.

Create a message that displays on all connected systems after the login prompt.

banner login The message displays only for Telnet and SSH sessions.

Table 4-5 Configure Session Inactivity Timers


Set the amount of time the system waits before timing out during a logon attempt.

timeout login

Set the amount of time before a CLI session times out. timeout session



[local]Redback(config-port)#no shutdown[local]Redback(config-port)#end

The following example configures the system banners:

[local]Redback#configure[local]Redback(config)#banner motd /Warning - System going down at 0400./[local]Redback(config)#banner exec /Welcome to Redback SmartEdge OS/

There are many different tools that provide Telnet access to a system. The following example initiates a Telnet session to the system with hostname Redback from a UNIX system. The administrator super types in the icandoanything password to log on; the password is not echoed by the SmartEdge OS.

unix>telnet Redback

Connected to Redback.Escape character is ‘^]’.

Username:super@localPassword:[local]Redback#..[local]Redback#exit


This section describes the syntax and usage guidelines for the commands used to configure system access features. The commands are presented in alphabetical order.

banner execbanner loginbanner motdssh server full-drop

ssh server rate-dropssh server start-droptimeout logintimeout session



banner execbanner exec delimited-text

no banner exec

PurposeCreates a message that displays after a user logs on to the system.


Syntax Description

DefaultNo banner is defined.

Usage GuidelinesUse the banner exec command to create a message that displays after a user logs on to the system. The system accepts multiple lines of input; you must enter the matching delimiter to end the message. You can use any character as the delimiting character.

Use the no form of this command to delete the message. You do not need to delete an existing message to change it. When you create a new message, the old one is overwritten.

ExamplesThe following example configures a message to be displayed after users log on to the system. The message is delimited by the backslash (/) character.

[local]Redback(config)#banner exec /Logged in to system Redback. Welcome to exec mode/

The following example configures a message using the letter z as the delimiting character:

[local]Redback(config)#banner exec zWarning - System going down at 0400.z

Users then see the following output after logging on to the system:

Redback login:administratorjeannepassword:xxxxxxxx

System going down at 0400.

[local]Redback#

delimited-text Alphanumeric text to be displayed, using a delimiting character at the beginning and end of the message.



Related Commandsbanner login banner motd



banner loginbanner login delimited-text

no banner login

PurposeCreates a message that displays after a user logs on to the system.


Syntax Description

DefaultNo login banner is defined.

Usage GuidelinesUse the banner login command to create a message that displays after a user logs on to the system. The system accepts multiple lines of input; you must enter the matching delimiter to end the message. You can use any character as the delimiting character.


ExamplesThe following example configures a message to be displayed when a user logs on to the system, using the backslash (/) character as the delimiter:

[local]Redback(config)#banner login /Welcome to system Redback. Unauthorized access is prohibited./

Users then see the following output after logging on to the system:

Redback login:administratorlassiepassword:xxxxxxxx

Welcome to system Redback. Unauthorized access is prohibited.

[local]Redback#


Note The message displays only for Telnet and Secure Shell (SSH) sessions.



Related Commandsbanner exec banner motd



banner motdbanner motd delimited-text

no banner motd

PurposeCreates a message of the day (MOTD) that displays before the logon prompt on all connected systems.


Syntax Description

DefaultNo MOTD banner is defined.

Usage GuidelinesUse the banner motd command to create an MOTD to display before the logon prompt. The system accepts multiple lines of input; you must enter the matching delimiter to end the message. You can use any character as the delimiting character.


ExamplesThe following example configures a message to be displayed before the logon prompt on all connected systems:

[local]Redback(config)#banner motd /Welcome to system Redback./

Users then see the following output before logging on to the system:

Welcome to system Redback.

Redback login:

Related Commandsbanner exec banner login


Note The message displays only for Telnet and Secure Shell (SSH) sessions.



ssh server full-dropssh server full-drop max-num

default ssh server full-drop

PurposeSpecifies the maximum number of concurrent Secure Shell (SSH) sessions on the system.

Command Modeglobal configuration

Syntax Description

DefaultThe default number of concurrent SSH sessions is 40.

Usage GuidelinesUse the ssh server full-drop command to specify the maximum number of concurrent SSH sessions on the system. The system drops all SSH connection requests after the maximum number of concurrent sessions is established (40).

The SmartEdge OS supports up to 50 concurrent administrative sessions (Telnet and SSH) plus one connection to the console port; The SmartEdge OS supports up to 50 concurrent Telnet sessions, but the number of active Telnet sessions is subject to the number of concurrent SSH sessions.

You can specify context-specific maximums for administrative sessions (Telnet and SSH) in one or more contexts, using the aaa authentication administrator command (in context configuration mode) with the maximum sessions num-sess construct. The number of concurrent SSH and Telnet sessions is governed by the configuration of context-specific limits as follows:

• Within a context, the number of concurrent administrative sessions is governed by the value of num-sess for that context. If the num-sess value is larger than the max-num argument, the number of SSH sessions is subject to the max-num argument; the remaining sessions (num-sess–max-num) for that context must be Telnet sessions.

• The total number of concurrent administrative sessions is governed by the sum of all context-specific sessions (num-sess values); it cannot be larger than 50. If the sum of all num-sess values is larger than the max-num argument, the number of SSH sessions is subject to the max-num argument; the remaining sessions must be Telnet sessions.

Use the default form of this command to return an attribute to the default value.

max-num Maximum number of concurrent SSH sessions. The range of values is 1 to 100; the default value is 40.



ExamplesThe following example limits the number of concurrent SSH sessions on the system to 10, the maximum number of concurrent administrative sessions in the local context to 10, and in the isp1 context to 2:

[local]Redback(config)#ssh server full-drop 10[local]Redback(config)#context local[local]Redback(config-ctx)#aaa authentication administrator maximum sessions 10[local]Redback(config)#context isp1[local]Redback(config-ctx)#aaa authentication administrator maximum sessions 2

As a result, there can be no more than 12 concurrent administrative sessions on the system and at least two of them must be Telnet sessions.

Related Commandsssh server rate-drop ssh server start-drop



ssh server rate-dropssh server rate-drop rate

default ssh server rate-drop

PurposeSpecifies the rate at which the system drops Secure Shell (SSH) connection requests when the start drop value has been reached.


Syntax Description

DefaultThe drop value is 100%.

Usage GuidelinesUse the ssh server rate-drop command to specify the rate at which the system drops SSH connection requests when the start drop value has been reached.

This command is used in conjunction with the ssh server full-drop and ssh server start-drop commands (in global configuration mode) to instruct the system how to handle incoming SSH connection requests. After the number of sessions established on the system equals the number configured for the ssh server start-drop value, the system drops incoming SSH connection requests at the value specified by the ssh server rate-drop command.

Use the default form of this command to return an attribute to the default value.

ExamplesThe following example configures the maximum number of SSH sessions to the system to 10; the starting drop number to 5, and the drop value to 50. With this configuration, the system establishes the first five SSH sessions. The system then drops 50% (or one out of every two) subsequent connection requests until ten concurrent sessions are established. The system does not accept any additional SSH connections after ten concurrent SSH sessions are established.

[local]Redback(config)#ssh server start-drop 5[local]Redback(config)#ssh server rate-drop 50[local]Redback(config)#ssh server full-drop 10

Related Commandsssh server full-drop ssh server start-drop

rate Percentage of dropping unauthenticated connections after the start drop value has been exceeded. The range of values is 1 to 100; the default value is 100%.



ssh server start-dropssh server start-drop start-num

default ssh server start-drop

PurposeConfigures the number of Secure Shell (SSH) connections after which the system can start to drop connection requests.


Syntax Description

DefaultThe system drops connections after 40 concurrent sessions.

Usage GuidelinesUse the ssh server start-drop command to configure the number of SSH connections after which the system can start to drop connection requests.

This command is used in conjunction with the ssh server rate-drop and ssh server full-drop commands (in global configuration mode) to instruct the system how to handle incoming SSH connection requests. After this value has been exceeded, the system can drop subsequent SSH connection requests at the rate configured by the ssh server rate-drop command. After the number of connections specified by the ssh server full-drop command are established, the system drops all subsequent connection requests.

Use the default form of this command to return to the default value.

ExamplesThe following example configures the maximum number of SSH sessions to the system to 10; the starting drop number to 5, and the drop rate to 50. The result is that five SSH connections to the system are allowed. After the fifth connection, subsequent connection requests have a 50% chance of being dropped. The system will not accept any SSH connections after ten concurrent SSH sessions are established.

[local]Redback(config)#ssh server start-drop 5[local]Redback(config)#ssh server rate-drop 50[local]Redback(config)#ssh server full-drop 10

Related Commandsssh server full-drop ssh server rate-drop

start-num Number of connections after which the system starts dropping connection requests. The range of values is 1 to 90; the default value is 40.



timeout logintimeout login response minutes

no timeout login response

default timeout login response

PurposeSets the amount of time the system waits before timing out during a logon attempt after a Telnet session starts.


Syntax Description

DefaultThe system waits 10 minutes for a response during a logon attempt after a Telnet session starts.

Usage GuidelinesUse the timeout login command to set the amount of time the system waits before timing out during log on attempt after a Telnet session starts.

Use the no form of this command to disable the logon timeout value.

Use the default form of this command to configure the default logon timeout value.

ExamplesThe following example configures the system to time out if a user does not enter logon information for 5 minutes:

[local]Redback(config)#timeout login response 5

Related Commandstimeout session

response minutes Time, in minutes, that the system waits before timing out during a logon attempt after a Telnet session starts. The range of values is 1 to 99,999; the default value is 10 minutes.



timeout sessiontimeout session idle minutes

no timeout session idle

default timeout session idle

PurposeSpecifies the maximum idle time for any administrator session or disables the global session idle timer.


Syntax Description

DefaultMaximum session idle time is 10 minutes.

Usage GuidelinesUse the timeout session idle command to specify the maximum idle time for any administrator session or disable the global session idle timer. When specified, the system disconnects any session with no input for the specified time.

To specify a different timeout session for a specific administrator, use this command (in administrator configuration mode); the value you specify for a specific administrator overrides the value specified for the global session idle timer.

Use the no form of this command to disable the global session idle timer; this form of the command does not affect the session idle timer for a specific administrator.

Use the default form of this command to specify the default value for the global session idle timer.

ExamplesThe following example configures the system to disconnect any administrator session after remaining idle for 30 minutes:

[local]Redback(config)#timeout session idle 30

Related Commandstimeout login timeout session—context configuration mode

idle minutes Time, in minutes, that the session remains connected without input before timing out. The range of values is 1 to 99,999; the default value is 10 minutes.

Basic System Configuration 5-1

C h a p t e r 5

Basic System Configuration

This chapter provides an overview of basic system parameters, describes the tasks used to configure them, provides configuration examples and detailed descriptions of the commands used to configure basic system parameters through the SmartEdge® OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer basic system parameters, see the “System Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview




Overview

Basic system parameters identify and locate the system being used, establish basic services, enable software for paid licensed features, set the system clock parameters, and modify command-line interface (CLI) commands for the system.

Certain key features in the SmartEdge OS are separately licensed. These features can be selectively enabled and disabled, using the paid license password for a feature. These features include:

• Layer 2 Tunneling Protocol (L2TP) features and functions—There is a single license for all L2TP features and functions.

• Multiprotocol Label Switching (MPLS) features and functions—There is a single license for all MPLS features and functions.



Configuration Tasks


• Subscriber features and functions—There are separate licenses for specifying the number of active subscribers, enabling dynamic services for subscribers (such as nonstatic Asynchronous Transfer Mode (ATM) profiles, the dynamic assignment of profiles to ATM permanent virtual circuits (PVCs), clientless IP service selection (CLIPS) circuits, HTTP redirect, and RADIUS refresh), specifying the average subscriber bandwidth, and specifying that subscriber sessions remain active during a controller card switchover for any reason.

Configuration Tasks

This section includes the tasks to configure basic system parameters:

• Access Global Configuration Mode

• Configure the System Identity

• Configure Service Options

• Enable Software Licensing

• Configure the System Clock

• Configure CLI Command Aliases, Privileges, and Macros

Access Global Configuration ModeTo perform any configuration task, you must first access global configuration mode. To access global configuration mode, perform the task in Table 5-1.

Configure the System IdentityTo configure the system contact, location, and hostname, perform the tasks described in Table 5-2; enter all commands in global configuration mode.


Table 5-1 Access Global Configuration Mode


Access global configuration mode. configure Enter this command in exec mode.

Table 5-2 Configure the System Identity


Identifies the department or person to contact, and how, for information regarding the system.

system contact

Queries the user before creating a new context. system confirmations context

Configuration Tasks


Configure Service OptionsWhen configuring service options, you cannot create a context until you have enabled the multiple context feature; the only context available without this feature is the local context.

To configure service options, perform one or more of the tasks described in Table 5-3; enter all commands in global configuration mode.

Enable Software LicensingCertain features and functions that are supported in the SmartEdge OS require a paid software license. To make use of one of these features or functions, you must enable it with a password that is provided by Redback® when that license fee is paid. Each feature or function requires its own unique password. To enable software licensing for one or more of these features and functions, perform the tasks described in Table 5-4.

Specifies the system hostname. system hostname The default hostname is Redback.

Configures the system location information. system location

Caution Risk of data loss. If the console port is directly attached to the serial port of a computer running Windows NT or UNIX, the computer might send a break sequence when it reboots. This has the affect of halting the system and entering kernel debug mode. To reduce the risk, do not enable the console-break feature if the workstation attached to the console port is running Windows NT or UNIX.

Table 5-3 Configure Service Options


Enables the creation of multiple contexts. service multiple-contexts

Enables the automatic reload of the PPA code on a traffic card if either of its PPAs becomes inoperable.

service card-auto-reload This command enables automatic reload for all traffic cards.

Enables automatic system recovery when a process halts.

service auto-system-recovery

Enables the console break feature. service console-break

Enables an application-layer protocol (FTP, RCP, SCP, SFTP, SSH, Telnet, TFTP).

service

Table 5-4 Enable Software Licensing


1. Enable software licensing and access software license configuration mode.

software license Enter this command in global configuration mode.

Table 5-2 Configure the System Identity (continued)


Configuration Tasks


Configure the System ClockThe tasks to configure the system clock depend on the type of controller card installed in the SmartEdge chassis.

To configure the system clock, perform the tasks described in Table 5-5; enter all commands in global configuration mode.

Configure CLI Command Aliases, Privileges, and MacrosA command alias is a character string that you would like to use in place of a command string. You typically use aliases to create shortcuts for frequently used commands. A command macro is an extended alias that allows you to define a sequence of commands to run with the macro name, instead of entering each command separately.

Each command has a privilege level that determines, given the privilege assigned to the administrator, who can enter the command. For more information about privilege levels for commands and administrators, see the “Privilege Levels” section in Chapter 1, “Overview.”

2. Enable the license for a feature and its functions; enter these commands in software license configuration mode:

L2TP features and functions. l2tp You must specify the L2TP functions to be enabled.

MPLS features and functions. mpls All MPLS functions are enabled.

Subscriber features and functions. subscriber You must specify the subscriber functions to be enabled.

Note To set the system clock, see the “System Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Table 5-5 Configure the System Clock


1. Specify the type of timing interface. system clock-source timing-type This command is for XCRP3 Controller cards only.

2. Optional. Specify the clock source with one of the following tasks:

• Specify an internal source. system clock-source The default value is the active controller card.

• Specify an external source. system clock-source external

3. Define one or more time zones, including the one in which the system is located.

system clock timezone Use the local keyword to identify the zone in which the system is located.

4. Optional. Enable the system to automatically switch to daylight saving or standard time.

system clock summer-time

Table 5-4 Enable Software Licensing (continued)




The following tasks are described in this section:

• Configure a CLI Command Alias or Privilege

• Create a CLI Command Macro

Configure a CLI Command Alias or PrivilegeTo modify the privilege for a CLI command or create an alias for it, perform the tasks described in Table 5-6; enter all commands in global configuration mode.

Create a CLI Command MacroTo create a macro for one or more CLI commands, perform the tasks described in Table 5-7.


This section includes examples for the following tasks:

• System Identification and Services

• Software Licensing

• System Clock

• Command Alias

• Command Macro

• Command Privilege

Table 5-6 Configure a CLI Command Alias or Privilege


Define an alias for a command. alias

Assign a privilege level to a command to expand or restrict its use. privilege

Note To disable alias processing for a particular command, begin the command line with the backslash (\) character.

Caution Risk of disabled commands. It is possible to create an alias that disables existing commands. To reduce the risk, use care when you define aliases. Avoid defining an alias name that is a SmartEdge OS command keyword or a partial keyword. Aliases apply to all users on a system.

Table 5-7 Create a CLI Command Macro


1. Define a macro and enter macro configuration mode. macro Enter this command in global configuration mode.

2. Specify a command in the macro. seq Enter this command in macro configuration mode. Use this command for each command to be included in the macro.

3. Complete the macro. exit Enter this command in all modes.



System Identification and ServicesThe following example defines system contact information, hostname, location, and services:

[local]Redback#configure[local]Redback(config)#system contact IS Hotline 1-800-555-1567[local]Redback(config)#system hostname freebird[local]freebird(config)#system location Building 3, 2nd Floor, Lab 3[local]freebird(config)#service multiple-contexts[local]freebird(config)#service card-auto-reload[local]freebird(config)#service auto-system-recovery

Software LicensingThe following example enables the features and functions for paid license features and functions; a unique password is required for each feature or function to be enabled:

[local]Redback#configure[local]Redback(config)#software license

!Enable L2TP[local]Redback(config-license)#l2tp lns password l2tp-password

!Enable MPLS[local]Redback(config-license)#mpls password mpls-password

!Enable up to 32,000 active subscribers[local]Redback(config-license)#subscriber active 32000 password sub-active32-password

!Enable ATM dynamic profiles, CLIPS dynamic circuits, HTTP redirect, RADIUS refresh[local]Redback(config-license)#subscriber dynamic-service password sub-dynamic-password

!Enable hitless switchover for subscriber sessions[local]Redback(config-license)#subscriber high-availability password sub-high-password

System ClockThe following example specifies system clock settings; the SmartEdge router has XCRP3 Controller cards installed and the external source is an SSU with an E1 interface:

[local]Redback(config)#system clock-source timing-type sdh[local]Redback(config)#system clock-source external primary framing crc4



Command AliasThe following example defines the string, pc, as a shortcut for the show port counters command, and then demonstrates the use of the new alias:

[local]Redback(config)#alias inherit pc show port counters[local]Redback(config)#end[local]Redback#pc 4/1

Port Type Pkts/Bytes Sent Pkts/Bytes Received4/1 atm 0 0

For more information on the show port counters command, see the “Card, Port and Channel Operations” chapter in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS.

Command MacroThe following example defines the show-port-all macro:

[local]Redback(config)#macro inherit show-port-all[local]Redback(config-macro)#seq 10 show port $1/$2[local]Redback(config-macro)#seq 20 show circuit $1/$2[local]Redback(config-macro)#exit

The following example displays port data for port 3 of the traffic card in slot 4 using the same macro:

[local]Redback>show-port-all 4 3

Command PrivilegeThe following example assigns the minimum privilege level to all commands that start with the snmp keyword to 12:

[local]Redback(config)#privilege config inherit level 12 snmp




This section describes the syntax and usage guidelines for the commands used to configure basic system parameters. The commands are presented in alphabetical order.

alias configure l2tp macro mpls privilege seq service service auto-system-recovery service card-auto-reload service console-break

software license subscriber system clock-source system clock-source external system clock-source timing-type system clock summer-time system clock timezone system confirmations context system contact system hostname system location



aliasalias {exec | inherit | mode} alias-name command-string

no alias {exec | inherit | mode} alias-name

PurposeDefines an alias for a command.


Syntax Description

DefaultNone

Usage GuidelinesUse the alias command to define an alias for a command. A command alias is a character string that you can use in place of a command string. Aliases are typically used to create shortcuts for frequently used commands. When aliases are defined, the software examines each command for a match in the alias table. If the system finds an alias match, it replaces the alias with the associated command string prior to processing the command.

Table 5-8 lists all mode prompt and keyword exceptions for the alias command. Except for those listed in Table 5-8, the keyword for the mode argument is the command mode prompt. For a list of all keywords, see the command-line interface (CLI) online Help.

exec Specifies that the macro be available (in exec mode).

inherit Defines the alias in all modes.

mode Configuration mode in which the alias is available; see Table 5-8 for exceptions.

alias-name Alias name.

command-string Command string to be substituted for the alias.

Table 5-8 Exceptions for the alias Command

Mode Description Mode Prompt Mode Keyword

NAT access control list policy-acl nat-policy-acl

NAT access control list class policy-acl-class nat-policy-acl-class

Caution Risk of disabled commands. It is possible to create an alias that disables existing commands. To reduce the risk, use care when you define aliases. Avoid defining an alias name that is a SmartEdge OS command keyword or a partial keyword. Aliases apply to all users on a system.



You can bypass alias processing for a single command by beginning a command line with the backslash (\) character.

Use the no form of this command to remove an alias.

ExamplesThe following example defines the alias, sc, (in exec mode) as show configuration:

[local]Redback(config)#alias exec sc show configuration[local]Redback>sc

Building configuration...

Current configuration:!! Configuration last changed by user 'test' at Wed Jan 29 11:20:03 2003!context localport ethernet 7/1!end

The following example shows how the definition of an alias can cause unexpected problems. The first example defines the alias, sh, (in all modes) as show configuration.

[local]Redback(config)#alias inherit sh show configuration

As a result, show chassis command is disabled; the show chassis command is interpreted to mean show configuration chassis, which results in an error.

For more information on the show configuration command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

The following example demonstrates the use of the backslash character (\) to disable alias processing for the command:

[local]Redback>\sh chassis

Related Commandsmacro



configureconfigure

PurposeEnters global configuration mode.


Syntax DescriptionThis command has no arguments or keywords.

DefaultNone

Usage GuidelinesUse the configure command to enter global configuration mode. This mode provides commands that allow you to make changes that are universal to the system, such as configuring the system clock or creating login banners. It also provides commands that allow you to enter other configuration modes.

To show information on the changes you are implementing, use the show configuration command. For more information on the show configuration command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

ExamplesThe following example enters global configuration mode:

[local]Redback#configure

Enter configuration commands, one per line, 'end' to exit[local]Redback(config)#

Related CommandsNone

Note To load a configuration file, enter the configure url command (in exec mode). For information about using the configure command for that purpose, see “Chapter 3, “Configuration File Management.”



l2tpl2tp [all] {encrypted 1 | password} password

no l2tp [all]

PurposeEnables Layer 2 Tunneling Protocol (L2TP) features and functions.

Command Modesoftware license configuration

Syntax Description

DefaultL2TP features and functions are disabled.

Usage GuidelinesUse the l2tp command to enable L2TP features and functions. You can specify the password argument in either encrypted or unencrypted form. Neither form displays by the show configuration command command (in any mode). For more information on the show configuration command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no form of this command to disable L2TP features and functions. A password is not required if you are disabling the license for any of the L2TP features and functions; it is ignored if entered.

ExamplesThe following example licenses L2TP features and functions. The password is in an unencrypted form:

[local]Redback(config-license)#l2tp all password l2tp-password

Related Commandsmpls software license subscriber

all Optional. Enables all L2TP features and functions; this is the default.

encrypted 1 Specifies that the password that follows is encrypted.

password Specifies that the password that follows is not encrypted

password Paid license password that is required to enable L2TP features and functions. The password argument is unique for L2TP and is provided at the time the software license is paid.



macromacro {exec | inherit | mode} macro-name

no macro {exec | inherit | mode} macro-name

PurposeDefines an alias for a sequence of commands and accesses macro configuration mode.


Syntax Description

DefaultNo macros are defined.

Usage GuidelinesUse the macro command to define an alias for a sequence of commands. After entering macro configuration mode, you enter the commands to be included in the macro using the seq command (in macro configuration mode).

Table 5-9 lists all the mode prompts and keyword exceptions for the macro command. Except for the modes listed in Table 5-9, the keyword for the mode argument is the command mode prompt. For a list of all keywords, see the command-line interface (CLI) online Help.

Use the exit command (in macro configuration mode) to complete the macro and exit to global configuration mode.

Use the no form of this command to delete the macro.

exec Specifies that the macro be available (in exec mode).

inherit Specifies that the macro be available (in all modes).

mode Configuration mode in which the macro is available; see Table 5-9 for exceptions.

macro-name Name of the macro to be defined.

Table 5-9 Mode Prompts and Keyword Exceptions for the macro Command

Mode Description Mode Prompt Mode Keyword

NAT access control list policy-acl nat-policy-acl

NAT access control list class policy-acl-class nat-policy-acl-class



ExamplesThe following example defines a macro, show-port-all, to display port information:


The following example displays port data for port 3 of the traffic card in slot 4 using the show-port-all macro:


The following example defines the macro, show-all, that uses the $ character:

[local]Redback(config)#macro inherit show-all[local]Redback(config-macro)#seq 10 show config $*[local]Redback(config-macro)#seq 30 show circuit $*[local]Redback(config-macro)#exit

The following example displays ATM and Frame Relay configuration and circuits using the show-all macro:

[local]Redback>show-all atm frame-relay

Related Commandsalias seq



mplsmpls {encrypted 1 | password} password

no mpls

PurposeEnables multiprotocol label switching (MPLS) features and functions.


Syntax Description

DefaultMPLS features and functions are disabled.

Usage GuidelinesUse the mpls command to enable MPLS features and functions. You can specify the password argument in either encrypted or unencrypted form. Neither form displays by the show configuration command command (in any mode). For more information on the show configuration command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no form of this command to disable MPLS features and functions. A password is not required if you are disabling the license for MPLS features and functions; it is ignored if entered.

ExamplesThe following example licenses MPLS. The password is in an unencrypted form.

[local]Redback(config-license)#mpls password mpls-password

Related Commandsl2tp software license subscriber


password Specifies that the password that follows is not encrypted.

password Paid license password that is required to enable MPLS features and functions. The password argument is unique for MPLS and is provided at the time the software license is paid. Optional only when using the no form.



privilegeprivilege mode [inherit] level level command

{no | default} privilege mode command

PurposeAssigns a different privilege level to the specified command.


Syntax Description

DefaultFor the default minimum privilege level, see the individual commands. In general, most exec mode commands require privilege level 3, and most configuration mode commands require privilege level 10.

Usage GuidelinesUse the privilege command to assign a different privilege level to a specific command or set of commands.

Use the inherit keyword as a shortcut to modify all commands beginning with one or more keywords. For example, to modify all commands beginning with the snmp keyword (snmp community, snmp server, snmp target, and so on), specify the inherit keyword, and specify snmp for the command argument.

To display the assigned privilege for a command, use the show configuration command (in any mode). For more information on the show configuration command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no or default form of this command to return a command to the default privilege level.

ExamplesThe following example assigns the minimum privilege level to the abort and commit commands (in exec mode) to 15:

[local]Redback(config)#privilege exec abort level 15[local]Redback(config)#privilege exec commit level 15

mode Mode of the command.

inherit Optional. Assigns the specified privilege level to all keywords that follow the last keyword specified in the command argument.

level level Minimum privilege level required to generate the specified command. The range of values is 0 to 15.

command Command keyword (or keywords).



The following example assigns the minimum privilege level to all commands that start with the snmp keyword to 12:

[local]Redback(config)#privilege config inherit level 12 snmp

Related Commandsenable privilege max privilege start



seqseq num command-string [$param-num]...

no seq num

PurposeSpecifies a command in the macro.

Command Modemacro configuration

Syntax Description

DefaultNo commands are specified for a macro.

Usage GuidelinesUse the seq command to specify a command to be included in the macro.

Use $1, $2, and so forth, as placeholders in the command-string argument to designate the arguments for the command. You can specify up to nine placeholders, $1 to $9, for command arguments. Use the asterisk (*) character to specify all values of that argument for the command.

Use the exit command (in macro configuration mode) to complete the macro and exit to global configuration mode.

Use the no form of this command to delete the command from the macro.

ExamplesThe following example defines the macro, show-all-port, to display port information:


num Sequence number that denotes the order in which this command is included in the macro.

command-string Command with the appropriate keywords, arguments, and constructs to be included in the macro.

param-num Optional. Sequence number of a parameter to be entered with the macro name. Separate the sequence numbers with a space. The range of values is 1 to 10; the * character is also supported.



The following example displays port and circuit data for port 3 of the traffic card in slot 4 using the same macro:


The following example defines a macro that uses the * character:

[local]Redback(config)#macro inherit show-all[local]Redback(config-macro)#seq 10 show config $*[local]Redback(config-macro)#seq 20 show ip interface $*[local]Redback(config-macro)#seq 30 show circuit $*[local]Redback(config-macro)#exit

The following example captures the information displayed by the same macro in the file, output.txt:

[local]Redback>show-all | append output.txt

Related Commandsalias macro



serviceservice protocol [client] [server]

no service protocol [client] [server]

PurposeEnables application-layer protocols in a context.

Command Modecontext configuration

Syntax Description

DefaultThe FTP, RCP, SCP, SFTP, SSH, Telnet, and TFTP servers are enabled in the local context and disabled in all other contexts; the SCP, SFTP, SSH, Telnet, and TFTP clients are enabled in all contexts.

Usage GuidelinesUse the service command to enable application-layer protocols in a context.

Use the no form of this command to disable application-layer protocols in a context.

ExamplesThe following example enables Telnet service:

[local]Redback(config-ctx)#service telnet

protocol Type of service to enable, according to one of the following keywords:

• ftp—Specifies the File Transfer Protocol.

• rcp—Specifies the Remote Copy Protocol.

• scp—Specifies the Secured Copy Protocol.

• sftp—Specifies the Secured File Transfer Protocol.

• ssh—Specifies Secure Shell service.

• telnet—Specifies Telnet service.

• tftp—Specifies the Trivial File Transfer Protocol.

client Optional. Enables the protocol’s client.

server Optional. Enables the protocol’s server. This keyword is not supported with the FTP and RCP protocols.



service auto-system-recoveryservice auto-system-recovery

no service auto-system-recovery

PurposeEnables automatic system recovery.



DefaultAutomatic system recovery is disabled.

Usage GuidelinesUse the service auto-system-recovery command to enable automatic system recovery.

Automatic system recovery allows the system to recover from an error condition in which a process halts. The recovery is carried out by switching to the standby controller card while reloading the current controller card. If the standby controller is not ready or is absent, only a reload is performed.

Use the no form of this command to disable automatic system recovery.

ExamplesThe following example enables automatic system recovery:

[local]Redback(config)#service auto-system-recovery

Related Commandsservice card-auto-reload



service card-auto-reloadservice card-auto-reload

no service card-auto-reload

PurposeEnables the automatic reload of the Packet Processing ASIC (PPA) code on a traffic card if either of its PPAs becomes inoperable.



DefaultThe PPA code is not automatically reloaded on a traffic card if either of its PPAs becomes inoperable.

Usage GuidelinesUse the service card-auto-reload command to automatically reload the PPA code on a traffic card if either of its PPAs becomes inoperable.

Use the no form of this command to disable the automatic reload of PPA code on a traffic card.

ExamplesThe following example configures the system to automatically reload PPA code on a traffic card on a traffic card if either of its PPAs becomes inoperable:

[local]Redback(config)#service card-auto-reload


Note You enter this command only once to enable automatic reload of the PPA code for any traffic card.



service console-breakservice console-break

no service console-break

PurposeEnables the console break feature.



DefaultThe console break feature is disabled.

Usage GuidelinesUse the service console-break command to enable the console break feature. When this feature is enabled, you can press the Ctrl+Break keys (in sequence) when you are connected to the SmartEdge router through the console port to send a break sequence to the system to halt the system, and enter kernel debug mode.

After the system receives the break sequence from the console, the prompt changes to db>. At this point, you can enter the commands in Table 5-10.

The system waits for a command for 25 seconds. If you do not enter any command within this time, the system automatically reloads.

Use the no form of this command to disable the console break feature. When the feature is disabled, the system does not process a break sequence from the console port.

Table 5-10 Kernel Debug Mode Commands

Kernel Debug Command Description

continue Resumes normal system operation.

reboot Reloads the system (has the same effect as the reload command in exec mode).

Caution Risk of data loss. If the console port is directly attached to the serial port of a computer running Windows NT or UNIX, the computer might send a break sequence when it reboots. This has the affect of halting the system and entering kernel debug mode. To reduce the risk, do not enable the console-break feature if the workstation attached to the console port is running Windows NT or UNIX.



ExamplesThe following example enables the console break feature:

[local]Redback(config)#service console-break




software licensesoftware license

no software license

PurposeEnables software licensing and accesses software license configuration mode.



DefaultNo software licensed features or functions are enabled.

Usage GuidelinesUse the software license command to enable software licensing and access software license configuration mode.

Use the no form to disable software licensing and remove any existing licenses.

ExamplesThe following example enables software licensing and accesses software license configuration mode:

[local]Redback(config)#software license[local]Redback(config-license)#

Related Commandsl2tp mpls subscriber



subscribersubscriber {active sub-num | bandwidth kbits | dynamic-service | high-availability}

{encrypted 1 | password} password

no subscriber active sub-num {encrypted 1 | password} password

no subscriber {bandwidth kbits | dynamic-service | high-availability}

PurposeEnables the number of active subscriber sessions, the average bandwidth for each subscriber session, or enables subscriber sessions to be kept active during a controller card switchover for any reason.


Syntax Description

active sub-num Number of active subscriber sessions to be licensed, according to one of the following keywords:

• 2000—Licenses 2,000 active subscriber sessions.







bandwidth kbits Average bandwidth, in kilobits per second (kbps) for each active subscriber session to be licensed, according to one of the following keywords:

• 60—Specifies 60,000 bps.



• 1000—Specifies 1,000,000 bps.

dynamic-service Enables dynamic services features and functions for subscribers.

high-availability Enables subscriber sessions to be preserved during a controller card switchover.


password Specifies that the password that follows is not encrypted

password Paid license password that is required to enable the subscriber function. The password argument is unique for each value of the sub-num and kbits arguments and for each function; it is provided at the time the license is paid.



DefaultNo subscriber sessions are licensed, the average bandwidth is 60,000 bps for each licensed subscriber session, and the dynamic service and high-availability options for licensed subscriber sessions are disabled.

Usage GuidelinesUse the subscriber command to enable the number of active subscriber sessions, specify the average bandwidth for each active licensed subscriber session, or enable subscriber sessions to be preserved during a controller card switchover for any reason. You can specify the password argument in either encrypted or unencrypted form. The show configuration command (in any mode) does not display either form. For more information on the show configuration command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the active sub-num construct to specify the number of active licensed subscriber sessions. You can enter the subscriber command multiple times with this construct. The number of active sessions is the sum of the values entered. This keyword also enables clientless IP service selection (CLIPS) circuits. You must use this construct in order to enable any of the other subscriber functions.

Use the bandwidth kbits construct to specify a larger bandwidth for the licensed subscriber sessions.

Use the dynamic-service keyword to enable dynamic services features and functions. These features and functions include:

• Asynchronous Transfer Mode (ATM) nonstatic profiles and the dynamic assignment of ATM profiles to on-demand permanent virtual circuits (PVCs)

• CLIPS dynamic circuits

• Remote Authentication Dial-In User Service (RADIUS) refresh

Use the high-availability keyword to ensure that subscribers sessions are not shut down should there be a switchover from the active controller card to the standby controller card. This option requires that your system be configured with redundant controller cards.

Use the no form of this command to enable the default value for the specified keyword. A password is required for this form only if you are disabling the license for the number of active subscribers; otherwise it is ignored.

ExamplesThe following example licenses 40,000 active subscriber sessions, specifies the average bandwidth for them, enables dynamic services, and enables session preservation during a switchover. (The system has a pair of controller cards installed.)

[local]Redback(config-license)#subscriber active 16000 password sub-active16-password[local]Redback(config-license)#subscriber active 8000 password sub-active8-password[local]Redback(config-license)#subscriber active 2000 password sub-active2-password[local]Redback(config-license)#subscriber bandwidth 250 password sub-band250-password[local]Redback(config-license)#subscriber dynamic-service password sub-dynamic-password[local]Redback(config-license)#subscriber high-availability password sub-high-password

Note Subscriber sessions remain active while the line card PPA software is upgraded with the new patch release.



Related Commandsl2tp mpls software license



system clock-sourcesystem clock-source {internal | line {primary | secondary} slot/port}

{no | default} system clock-source {internal | line {primary | secondary} slot/port}

PurposeSpecifies an internal source of the transmit data clock for all ports in the system—either the internal clock on the active controller card or the receive line of a traffic card.


Syntax Description

DefaultThe transmit clock is generated from the internal clock on the active controller card.

Usage GuidelinesUse the system clock-source command to specify an internal source of the transmit data clock for all ports in the system—either the internal clock on the active controller card (driven by the Stratum 3 oscillator) or the receive line of a traffic card.

If you specify the line keyword, you can select both a primary and secondary clock source, but not in the same command. Appropriate traffic cards include any ATM OC-3, ATM OC-12, OC-3c/STM-1c, OC-12c/STM-4c, or OC-48c/STM-16c card.

To specify an external source for the clock, use the system clock-source external command (in global configuration mode).

Use the no or default form of this command to select the default value for the clock source.

To set the system clock, enter the clock set command (in exec mode); the clock set command is described in the “System Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

internal Specifies the internal clock on the active controller card; this is the default.

line Specifies a traffic card receive line as the clock source.

primary Specifies a primary port from which the transmit clock is derived.

secondary Specifies a secondary port from which the transmit clock is derived.

slot Chassis slot number of the port from which the transmit clock is derived.

port Card port number of the port from which the transmit clock is derived.



ExamplesThe following example selects the secondary transmit clock source to be derived from the received clock on port 1 in slot 3:

[local]Redback(config)#system clock-source line secondary 3/1

Related Commandssystem clock-source external



system clock-source externalsystem clock-source external {primary | secondary} [framing type]

{no | default} system clock-source external {primary | secondary} [framing framing-type]

PurposeSpecifies external equipment as the source of the transmit data clock for all ports in the system.


Syntax Description

DefaultThe transmit clock is generated from the internal clock on the active controller card.

Usage GuidelinesUse the system clock-source external command to specify external equipment as the source of the transmit data clock for all ports in the system. The type of equipment can be building integrated timing supply (BITS) or synchronization supply unit (SSU).

The type of framing you specify must be compatible with the version of the active controller card:

• For a Cross-Connect Route Processor Version 3 (XCRP3) Controller card, it must be compatible with the timing interface that you have specified using the system clock-source timing-type command (in global configuration mode).

• For an XCRP Controller card, it must be compatible with the hardware version of the card, either XCRP-T1 BITS (DS-1 interface) or XCRP-E1 SSU (E1 interface).

If the framing type that you specify is incompatible, the system displays a warning message and rejects this command.

primary Specifies a primary external clock source.

secondary Specifies a secondary external clock source

framing type Optional. Framing for the external interface, according to one of the following keywords:

• crc4—Specifies CRC-4 framing for an E1 interface.

• esf—Specifies Extended Super Frame (ESF) formatting for a DS-1 interface.

• no-crc4—Specifies non-CRC-4 framing for an E1 interface.

• sf—Specifies Super Frame (SF) formatting for a DS-1 interface.

The default framing type is sf.



To specify an internal source, use the system clock-source command (in global configuration mode).


Use the no or default form of this command to select the default value for the clock source.

ExamplesThe following example selects an external source with the CRC-4 framing to be the primary source for the transmit clock:

[local]Redback(config)#system clock-source external primary framing crc4

Related Commandssystem clock-source



system clock-source timing-typesystem clock-source timing-type {sonet | sdh}

{no | default} system clock-source timing-type {sonet | sdh}

PurposeSpecifies the type of timing interface for the Cross-Connect Route Processor Version 3 (XCRP3) Controller card.


Syntax Description

DefaultTiming type is SONET.

Usage GuidelinesUse the system clock-source timing-type command to specify the type of timing interface for the XCRP3 Controller card.

You cannot change the timing type if you have already entered the system clock-source external command (in global configuration mode). To change the timing type, you must first enter the no system clock-source external command.

Use the no or default form of this command to specify the default timing type.


ExamplesThe following example specifies SDH timing:

[local]Redback(config)#system clock-source timing-type sdh

Related Commandssystem clock-source system clock-source external

sonet Specifies Synchronous Optical Network (SONET) timing for the clock interface.

sdh Specifies Synchronous Digital Hierarchy (SDH) timing for the clock interface.

Note This command applies only to the XCRP3 Controller card; if XCRP Controller cards are installed and you enter this command, the system displays an error message.



system clock summer-timesystem clock summer-time zone1 zone2 {date yyyy:mm:dd:hh:mm[:ss] yyyy:mm:dd:hh:mm[:ss] |

recurring start-date end-date}

no system clock summer-time zone1 zone2 {date yyyy:mm:dd:hh:mm[:ss] yyyy:mm:dd:hh:mm[:ss] | recurring start-date end-date}

PurposeEnables the system to automatically switch to daylight saving time or standard time.


Syntax Description

DefaultAutomatic switch to daylight saving time is disabled.

zone1 Previously defined name of the time zone to which this adjustment applies; for example, Pacific Standard Time (PST).

zone2 Name of the time zone to be displayed when summer time is in effect; for example, Pacific Daylight Time (PDT).

date Specifies start and end dates for summer time.

yyyy:mm:dd:hh:mm[:ss] Year, month, day, hour, minutes, and optionally seconds expressed in a 24-hour format; for example, 6:30 p.m. is expressed as 18:30.

recurring Indicates if the rules for switching to summer time are the same each year. If the recurring keyword is not followed by date information, the rules for the United States are applied. The offset applied is 60 minutes.

start-date end-date Dates for the beginning and end of summer time. Each argument includes the following components separated by a space:

• week—Week of the month (first, 1 to 4, or last).

• day—Day of the week; for example, Sunday, Monday, and so on.

• month—Month of the year; for example, January, February, and so on.

• hh—Hour of the day, expressed in a 24-hour format; for example, 6:00 p.m. is expressed as 18:00.



Usage GuidelinesUse the system clock summer-time command to enable the system to automatically switch to daylight saving time or standard time.

The start time is relative to standard time and the end time is relative to summer time. If the starting month is after the ending month, the system assumes that you are in the Southern Hemisphere.

The value for the zone1 argument must be a previously defined time zone using the system clock timezone command (in global configuration mode).

The value for the zone2 argument is name of the time zone specified by the zone1 argument when summer time is in effect.

Use the recurring keyword if the rules for switching to summer time are applied in precisely the same way each year. The first set of variables (week, day, month, hh) refers to the start day; the second set refers to the end day.

Alternatively, you can use the date keyword to specify a start and end date for summer time. In the date format, you can specify start and end dates for multiple years at the same time, as long as the time zones to which the dates apply are unique and there is no overlap of dates.

Use the no form of this command to disable the automatic switch to daylight saving time or standard time and delete the information for the specified time zone and for the specified year.


ExamplesThe following example enables the system to switch to daylight saving time (summer time), which will start on the first Sunday in April at 7:00 a.m. and end on the last Sunday in October at 3:00 a.m. for the PST and Mountain Standard Time (MST) time zones (previously defined using the system clock timezone command):

[local]Redback(config)#system clock summer-time PST PDT recurring first Sunday April 6 last Sunday October 2[local]Redback(config)#system clock summer-time MST MDT recurring first Sunday April 6 last Sunday October 2

The next example enables the system to switch to daylight saving time in a Southern Hemisphere location:

[local]Redback(config)#system clock summer-time AST ADT date 2005:10:26:02:00 2005:04:06:02:00

The final example disables the automatic switch and deletes the summer time information for the Atlantic Standard Time (AST) time zone:

[local]Redback(config)#no system clock summer-time AST ADT date 2005:10:26:02:00 2005:04:06:02:00

Note You must use the recurring keyword with a specified date, because the system default (U.S. summer time) cannot be deleted. If the time zone for which the summer time information is specified you delete the no system clock timezone command (in global configuration mode). The summer time information is deleted. In addition, the relevant system clock summer-time command is removed from the configuration file.



Related Commandssystem clock timezone



system clock timezonesystem clock timezone zone hours [minutes] [local]

no system clock timezone zone hours [minutes] [local]

PurposeDefines one or more time zones and their distances from Greenwich Meridian Time (GMC) for display purposes.


Syntax Description

DefaultThe default time zone is GMC. If no time zone is defined with the local keyword, the system uses GMC when displaying time.

Usage GuidelinesUse the system clock timezone command to define one or more time zones and their distances from GMC. The system keeps time in GMC and the specified local time zone displays. The specified local time zone is also used when you enter the clock set command (in exec mode). The clock set command is described in the “System Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

You can specify multiple time zones; the only time zone assumed to be local is the one with the optional local keyword.

Use the no form of this command to delete previously configured time zone information. If the specified time zone was configured as the local time zone, the system reverts to displaying GMC time.

Use the no form of this command (with no parameters specified) to remove all previously configured time zone and corresponding daylight saving information.

zone User-defined name of the time zone to be displayed when standard time is in effect; for example, Pacific Standard Time (PST).

hours Number of hours that the time zone is offset from GMC. The range of values is –23 to 23; the default value is 0.

minutes Optional. Number of minutes that the time zone is offset from GMC. The range of values is 0 to 59; the default value is 0.

local Optional. Specifies that the time zone being defined is the local time zone.



ExamplesThe following example defines Atlantic Standard Time (AST), Eastern Standard Time (EST), Central Standard Time (CST), Mountain Standard Time (MST), Pacific Standard Time (PST), and Hawaii Standard Time (HST) time zones. PST is also specified as the local time zone.

[local]Redback(config)#system clock timezone AST –4[local]Redback(config)#system clock timezone EST –5[local]Redback(config)#system clock timezone CST –6[local]Redback(config)#system clock timezone MST –7[local]Redback(config)#system clock timezone PST –8 local[local]Redback(config)#system clock timezone HST –10

The following example deletes the EST time zone information:

[local]Redback(config)#no system clock timezone EST

Related Commandssystem clock summer-time



system confirmations contextsystem confirmations context

no system confirmations context

PurposeEnables the system to query the user when attempting to create a context.



DefaultThe default value is no system confirmations context; system confirmation query is not enabled.

Usage GuidelinesUse the system confirmations context command to enable the system to query a user when attempting to create a context.

Use the no form of this command to remove a previously enabled system confirmations context command.

ExamplesThe following example displays the system confirmations context command when it is enabled:

[local]Redback(config)#system confirmation context[local]Redback(config)#context accountAre you sure you want to create context account?

Related Commandssystem contact



system contactsystem contact text

no system contact

PurposeIdentifies the system contact.


Syntax Description

DefaultNo system contact information is configured.

Usage GuidelinesUse the system contact command to configure the system to identify the person or department to contact regarding system information. The system contact information is available using the sysContact Management Information Base-II (MIB-II) object. The text argument can be any alphanumeric string, including spaces. The text cannot be longer than one line.

Use the no form of this command to remove system contact information.

ExamplesThe following example sets a contact string:

[local]Redback(config)#system contact IS Hotline 1-800-555-1567

Related Commandssystem hostname system location

text Text that explains the department or person to contact, and how, for information regarding the system.



system hostnamesystem hostname hostname

default system hostname

PurposeSpecifies the system hostname.


Syntax Description

DefaultThe factory-assigned default hostname is Redback.

Usage GuidelinesUse the system hostname command to specify the system hostname. This hostname is available using the sysName Management Information Base-II (MIB-II) object. Do not expect the case to be preserved. Uppercase and lowercase characters appear the same to many Internet software applications. It might seem appropriate to capitalize a name, the same way you do in conventional text, but Internet conventions dictate that computer names appear as all lowercase. For more information, see RFC 1178, Choosing a Name for Your Computer.

The name must also follow the rules for Advanced Research Projects Agency Network (ARPANET) hostnames. Names must start with a letter, end with a letter or digit, and have (as interior characters only) letters, digits, hyphens (-), periods (.), and underscores (_). Names must be 63 characters or fewer. For more information, see RFC 1035, Domain Names—Implementation and Specification.

Use the default form of this command to set the hostname to the default name, Redback.

ExamplesThe following example changes the hostname to freebird:

[local]Redback(config)#system hostname freebird[local]freebird(config)#

Related Commandssystem contact system location

hostname Alphanumeric string to be used as the hostname for the system.



system locationsystem location text

no system location

PurposeConfigures the system location information.


Syntax Description

DefaultNo system location is specified.

Usage GuidelinesUse the system location command to configure the system location information available using the sysLocation Management Information Base-II (MIB-II) object. The text argument can be any alphanumeric string, including spaces. The text cannot be longer than one line.

Use the no form of this command remove system location information.

ExamplesThe following example sets a location string:

[local]Redback(config)#system location Building 3, 2nd Floor, Lab 3

Related Commandssystem contact system hostname

text Text that explains the physical location of the system.

P a r t 4

Contexts, Interfaces, and Subscribers

This part describes tasks and commands used to configure the basic features for multiple contexts, interfaces, and subscribers, and consists of the following chapters:

• Chapter 6, “Context Configuration”

• Chapter 7, “Interface Configuration”

• Chapter 8, “Subscriber Configuration”

Context Configuration 6-1

C h a p t e r 6

Context Configuration

This chapter provides overview of contexts, describes the tasks used to configure basic features for contexts, and provides configuration examples and detailed descriptions of the commands used to configure these features through the SmartEdge® OS.

For protocol- or feature-specific commands that appear in context configuration mode, see the appropriate chapter in the Routing Protocols Configuration Guide or the IP Services and Security Configuration Guide for the SmartEdge OS, respectively.

For information about the tasks and commands used to monitor, troubleshoot, and administer contexts, see the “Context, Interface, and Subscriber Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview




Overview

One of the most advanced features of the SmartEdge OS is the ability to support both a “local” context and multiple other contexts. A context is an instance of a virtual router, complete with its own management domain, authentication, authorization, and accounting (AAA) name space, IP address space, and routing protocols. A SmartEdge router can support over a thousand contexts. While they share common resources, such as memory and processor cycles, each context is completely independent of all other contexts configured on a SmartEdge router. Contexts are conceptually similar to virtual routing and forwarding (VRF) instances, but are more powerful, and offer advanced capabilities not available in existing VRF implementations.

A context is not a dedicated, hard-wired set of physical ports, slots, CPUs, and memory. It is a logical construct that is created or deleted through configuration commands. The administrator has complete flexibility to determine which ports and circuits are associated with each context.

Overview


A physical circuit, on the other hand, refers to the physical communications channels through which packets are sent to or received by the SmartEdge router. A port, channel, or circuit is not considered part of any context. Examples of circuits, in the broadest sense of the term, include Ethernet, Packet over SONET/SDH (POS), DS-3, and DS-1 ports, and Layer 2 circuit endpoints, such as Asynchronous Transfer Mode (ATM), Frame Relay, and 802.1Q permanent virtual circuits (PVCs).

However, no traffic can flow over a circuit until it is associated with an interface through a configuration step called “binding”. The binding, in SmartEdge terminology, ties a particular circuit to a particular interface, and the circuit is said to be bound to that interface. The binding is simply a configuration statement provided as part of the circuit definition.

This section describes the following concepts:

• Local Context

• Multiple Contexts

• Applications for Multiple Contexts

• Multiple VPN Contexts

• Intercontext Interfaces

• Administrator Authentication to Local and Non-Local Contexts

• Administrator Privileges for Local and Non-Local Contexts

Local ContextA SmartEdge router with a single configured context is similar to traditional networking products. This is referred to as a “single-context configuration”. Every configuration includes the special context “local” that cannot be deleted. In single-context configurations, the local context is the only context.

Multiple ContextsA SmartEdge router configured to support several contexts simultaneously is said to support multiple contexts. Τhe SmartEdge software base is designed to support multiple contexts. All SmartEdge OS features, such as the command-line interface (CLI), management features, such as the Simple Network Management Protocol (SNMP); troubleshooting features, such as ping, traceroute, debug, and system logging, IP addresses, interfaces, access control lists (ACLs); and routing protocol instances, are implemented on a per-context basis. When a new feature is added, it inherits the multicontext infrastructure, allowing the new functions to be used in a multicontext application.

Εvery context has its own complete implementation of IP routing protocols, including the Border Gateway Protocol (BGP), Open Shortest Path First (OSPF) protocol, Intermediate System-to-Intermediate System (IS-IS) protocol, and the complete IP multicast routing protocol suite. In particular, each BGP instance has its own autonomous system number (ASN), policies, and import and export properties, and each context can contain any mix of Interior Gateway Protocol (IGP) routing protocols. All routing protocols are implemented as multithreaded processes with multiinstance capability, which in combination with an intelligent scheduler, provides an efficient multicontext routing protocol implementation.

Overview


Each context has its own IP address space, which can overlap with the address space of other contexts. Every physical I/O channel—for ports, channels, subchannels, and ATM, Frame Relay, and 802.1Q PVCs—can be associated with a context through configuration commands and the binding process.

A context can have its own unique set of CLI administrators, each with their own (possibly overlapping) administrator names and passwords, and each authenticated through their own set of AAA databases. Each context can have its own SNMP community strings. This support allows Virtual Private Network (VPN) customers visibility into their own routing context for debugging and troubleshooting purposes.

Applications for Multiple ContextsA simple yet powerful application for multiple contexts is olympic services, wherein a provider offers platinum, gold, and silver service classes to its customers, as a function of oversubscription (statistical gain) that is engineered at the access point. This setup takes advantage of the closed administrator group aspect of contexts, and less so of the ability of contexts to support multiple, overlapping address spaces.

Many service providers have different service offerings. For reasons ranging from mergers and acquisitions to organizational structure, these services often operate within their own, respective, autonomous systems. With conventional routers, an independent, physical router must be used for each autonomous system (AS), because conventional routers allow only a single routing instance in an AS.

However, each context in a SmartEdge router can have its own routing instance, for example BGP, and each BGP instance can optionally be a member of its own AS, with its own set of policies. The multiple context capability of the SmartEdge router allows a single chassis to replace multiple conventional routers in such an application. Each context appears as a virtual router, and thus the SmartEdge router can perform the functions of multiple routers simultaneously. Just as physical routers communicate over physical cables, the virtual routers in the SmartEdge router can communicate over intercontext interfaces.

Multiple VPN ContextsProvider edge (PE) routers maintain a separate VPN context for each VPN connection. Each customer connection, such as an ATM, Frame Relay, or 802.1Q PVC, is mapped to a specific VPN context. Multiple ports on a PE router can be associated with a single VPN context; however, it is the ability of PE routers to maintain multiple VPN contexts that supports the per-VPN segregation of routing information.

Intercontext InterfacesAn intercontext interface allows routing protocols to exchange routing information between two or more contexts within the same physical SmartEdge router; this capability is similar to the exchange of routing information between two physical routers. An intercontext interface can be either a point-to-point intercontext interface or a point-to-multipoint (referred to as a LAN) intercontext interface. The point-to-point type links two intercontext interfaces of two different contexts; for this type of intercontext interface, there can be only two intercontext interfaces with the same ID on the SmartEdge router. The LAN type links multiple interfaces in multiple contexts. For LAN intercontext interfaces, the id argument specifies the group identifier for all the intercontext interfaces with the same ID that are linked together.

Overview


Administrator Authentication to Local and Non-Local ContextsEach context is configured with a AAA search list for authenticating administrators. The AAA search list determines the order in which administrators of a particular context are authenticated. At the logon prompt, the administrator provides a structured administrator name of the form admin-name@ctx-name. The ctx-name portion of the administrator name string selects the context; the AAA search order for that context is used to authenticate the administrator.

The context of the data path through which an administrator’s Telnet or Secure Shell (SSH) packets arrive and leave the SmartEdge router is not dependent on the context to which the administrator authenticates. For example, it is valid for an administrator whose workstation is connected to an Ethernet segment bound to the corpA context to log on to the SmartEdge router as root@local, thereby becoming a local administrator, even though the path through which Telnet or SSH packets arrive is through a port on the SmartEdge router that is bound to the corpA context.

Administrator Privileges for Local and Non-Local ContextsWith regard to the SmartEdge OS concept of multiple contexts, there are two types of administrators:

• Local—An administrator authenticated to the “local” context. The local administrator has a structured administrator name of the form admin-name@local.

• Non-local—An administrator authenticated to any context other than the local context. An example of a non-local administrator has a administrator name of the form admin-name@ctx-name is joe@vpn1, where vpn1 is the name of the context.

An administrator authenticated to the “local” context, given appropriate administrator privileges, can configure all functions on the SmartEdge router, including functions for each context, and global entities, such as ports, port profiles, SNMP, and so on.

Non-local administrators have no configuration mode privileges, and have restricted exec mode privileges. An exec command is accessible to a non-local administrator if its purpose is to provide information about, or to generate limited troubleshooting for, the context to which the administrator is authenticated. For example, when an administrator authenticated as fred@corpA runs the show ip route command (in global configuration mode), the output displays only the IP routing table for the context corpA and not for any other context.

Note The separator character between the admin-name and the ctx-name arguments is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default value is @, which is used throughout this guide.

Note In addition to context authentication, the SmartEdge OS software supports privilege levels that affect an administrator’s access to the SmartEdge OS CLI. Both administrators and commands have default privilege levels that you can modify. For details, see the privilege start and privilege max commands in this chapter, and the privilege command in Chapter 4, “System Access Configuration,” respectively.

Configuration Tasks


Configuration Tasks

To configure the basic features for a context and accounts for the administrators who manage them, perform the tasks described in the following sections:

• Enable Multiple-Context Service

• Configure a Context

• Configure an Administrator Account in a Context

Enable Multiple-Context ServiceTo configure any context other than the local context, you must enable multiple-context service; perform the task described in Table 6-1.

Configure a ContextTo configure a context, perform the tasks described in Table 6-2.


Table 6-1 Enable Multiple-Context Service


Enable multiple-context service. service multiple-contexts Enter this command in global configuration mode.

Table 6-2 Configure a Context


1. Create or modify a context and access context configuration mode with one of the following tasks:

• Create or modify a standard context and access context configuration mode.

context Enter this command in global configuration mode.

• Create or modify a VPN context and access context configuration mode.

context vpn-rd Enter this command in global configuration mode.

2. Specify a privilege level password in the local database for the enable command with one of the following tasks:

• Configure a password that the system will encrypt. enable password Enter this command in context configuration mode.

• Configure a password in encrypted form. enable encrypted Enter this command in context configuration mode.

3. Specify how the system performs privilege level authentication.

enable authentication Enter this command in context configuration mode.



Configure an Administrator Account in a ContextTo configure an administrator account in a context, perform the tasks described in Table 6-3.


This section provides the following configuration examples:

• Administrator Privileges

• Public Keys

4. Specify general attributes for the context (all attributes are optional):

Specify falling-threshold parameters for IP pools in the context.

ip pool Enter this command in context configuration mode.

Create one or more unique subscriber service domain aliases for a context.

domain Enter this command in context configuration mode.

Apply an existing bulkstats schema profile to the context. bulkstats schema Enter this command in context configuration mode.

Table 6-3 Configure an Administrator Account in a Context


1. Create an administrator logon account and access administrator configuration mode.

administrator Enter this command in context configuration mode.

2. Specify general attributes for the account, enter these commands in administrator configuration mode (all attributes are optional):

Assign a full name or textual description for the administrator.

full-name

Specify the initial privilege level for exec sessions initiated by the administrator.

privilege start

Specify the maximum privilege level for the administrator.

privilege max

Specify public key authentication for the administrator who is accessing the SmartEdge OS CLI through SSH.

public-key

Table 6-2 Configure a Context (continued)




Administrator PrivilegesThe following example displays the creation of an administrator account with the administrator name super and the password icandoanything. When the administrator logs on to the system, the initial privilege level is 10. The administrator can modify the privilege level up to the maximum of 15.

[local]Redback#configure[local]Redback(config)#context local[local]Redback(config-ctx)#administrator super password icandoanything[local]Redback(config-administrator)#full-name "Fred P. Lynch x.1234"[local]Redback(config-administrator)#privilege start 10[local]Redback(config-administrator)#privilege max 15

Because this account is created in the local context, this administrator is able to view and modify the entire system configuration, and view all running information on the system.

Public KeysThe following example configures a public RSA key for the administrator, jewel:

[local]Redback(config-administrator)#public-key RSA

Enter public key for the user

$053136276382193869961246761 admin@local% adding public key 1024 35 138778925487550112496264060257494473953477802145777234711904931356017804253563842290930011054450485363243280246400199717731319844418831089264593496852809170833789839891527385879500645266732532498938549779362601026271493734075903025216457395231727858414474890514861688652497950829684053136276382193869961246761 to user jewel


This section describes the syntax and usage guidelines for the commands used to configure basic context features. The commands are presented in alphabetical order.

administrator context context vpn-rd domain enable authentication enable encrypted enable password

full-name ip pool privilege max privilege start public-key service multiple-contexts timeout session



administrator administrator admin-name [encrypted 1 password | password password]

no administrator admin-name

PurposeCreates an administrator logon account, or selects an existing one for modification, and enters administrator configuration mode.


Syntax Description

DefaultNo administrator accounts are defined.

Usage GuidelinesUse the administrator command to create an administrator logon account, or select an existing one for modification, and enter administrator configuration mode. When creating a new administrator account, you must specify a password using either the encrypted 1 password or password password construct. When specifying an existing administrator account, a password is not required.

This command also secures the console port and enables remote access to the system. Administrators can log on directly to the console, or through a Telnet or Secure Shell (SSH) session.

You can enter an unencrypted password with embedded spaces by enclosing the entire password in double quotation marks; for example, "This is a Password With Spaces".

When the system generates the configuration, all administrator passwords are encrypted. Passwords are never displayed in readable text.

Use the no form of this command to remove the specified administrator account.

admin-name Alphanumeric string representing a new or existing administrator.

encrypted 1 password Optional. Alphanumeric string representing an encrypted type 1 password for the administrator account. Required only when configuring a new administrator account.

password password Optional. Alphanumeric string representing an unencrypted password for the administrator account. Required only when configuring a new administrator account.



ExamplesThe following example configures an administrator with an administrator name of admin1 and a password of supersecret:

[local]Redback(config-ctx)#administrator admin1 password supersecret[local]Redback(config-administrator)#

Related Commandspublic-key



contextcontext ctx-name [show show-param]

no context ctx-name

PurposeWhen entered in exec mode, changes from the existing context to the specified context or displays the specified information for the specified context.

When entered in global configuration mode, creates a new context, or selects an existing one for modification, and enters context configuration mode.

Command Modeexecglobal configuration

Syntax Description

DefaultThe local context is defined on the system.

Usage GuidelinesUse the context command (in global configuration mode) to create a new context, or select an existing one for modification, and enter context configuration mode. You cannot create new contexts on the system unless you have enabled the multiple context feature using the service multiple-contexts command (in global configuration mode).

The special context local is always present and has unique qualities. Only an administrator authenticated in the local context can configure the system. Administrators authenticated in the local context can observe any portion of the system, regardless of context. Administrators authenticated in other contexts are restricted to the portion of the system relevant to that context.

Contexts are completely independent name spaces and data spaces. For example, a routing process in one context can share routing information with a routing process in another context through inter-context interfaces just as physical routers are connected together by physical cables.

For information about creating VPN contexts, see the context vpn-rd command in this chapter.

Use the context command (in exec mode) to change to a different context or to display the specified information for the specified context without entering that context. The show show-param construct is any show command.

ctx-name Name of a new or existing context; an alphanumeric string with up to 63 characters.

show show-param Optional. Type of information to be displayed for the specified context.

Note To change to a different context, you must be an administrator authenticated to the local context.



Use the no form of this command to delete a context and all configuration information associated with it.

ExamplesThe following example shows how to enter context configuration mode to configure the local context:

[local]Redback(config)#context local[local]Redback(config-ctx)#

The following example displays IP route information for the local context:

[local]Redback>context local show ip route

Codes: C - connected, S - static, S dv - dvsr, R - RIP, e B - EBGP, i B - IBGPO - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1N2 - OSPF NSSA external type 2, E1 - OSPF external type 1E2 - OSPF external type 2i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2> - Active RouteType Network Next Hop Dist Metric UpTime Interface> C 10.3.0.0/16 0 0 01:01:50 three> C 10.13.49.0/24 0 0 01:01:50 mgmt> S 155.0.0.0/8 10.13.49.254 1 0 01:01:39 mgmt> C 193.4.0.0/16 0 0 01:01:50 one> C 193.10.25.7/32 0 0 01:01:50 lo1

Related Commandscontext vpn-rd service multiple-contexts



context vpn-rdcontext ctx-name vpn-rd route-distinguisher

PurposeCreates a new Virtual Private Network (VPN) context, or selects an existing one for modification, and enters context configuration mode.


Syntax Description

DefaultNone. A route distinguisher must be configured for a VPN context to be functional.

Usage GuidelinesUse the context vpn-rd command to create a new VPN context, or select an existing one for modification, and enter context configuration mode. You cannot create new contexts on the system unless you have enabled the multiple context feature using the service multiple-contexts command (in global configuration mode).

Entering the full context vpn-rd command is required to create a VPN context. Entering the command without the vpn-rd route-distinguisher construct creates a context that will not be recognized as VPN-enabled.

Each VPN context supports only one route distinguisher, and the route distinguisher argument must conform to the format specified in Internet Draft, BGP/MPLS VPNs, draft-ietf-ppvpn-rfc2547bis-01.txt.

An existing non-VPN context cannot be configured as a VPN context. You must delete the existing non-VPN context, and re-create it as a VPN context. Likewise, a VPN context cannot be configured as a non-VPN context. You must delete the existing VPN context, and re-create it as a non-VPN context.

ctx-name Name of a new or existing context; an alphanumeric string with up to 63 characters.

route-distinguisher VPN route distinguisher, which can be expressed in either of the following formats:

• asn:nnnn, where asn is the autonomous system number and nnnn is a 32-bit integer.

• ip-addr:nn, where ip-addr is the IP address in the form A.B.C.D and nn is a 16-bit integer.



ExamplesThe following example creates a VPN context vpncontext with the route distinguisher 701:3:

[local]Redback(config)#context vpncontext vpn-rd 701:3[local]Redback(config-ctx)#

Related Commandscontext service multiple-contexts



domaindomain alias [advertise]

no domain alias [advertise]

PurposeCreates a unique subscriber service domain alias for a context.


Syntax Description

DefaultNo aliases are created.

Usage GuidelinesUse the domain command to create a unique subscriber service domain alias for a context. Use the advertise keyword to advertise the context in PPPoE discovery messages.

There is no limit to the number of domain aliases that you can create; however, each domain alias must be unique across all contexts.

Use the no form of this command to delete the domain alias.

ExamplesThe following example creates a subscriber service domain alias, guest, for the isp1 context and advertises it in PPPoE discovery messages:

[local]Redback(config)#context isp1[isp1]Redback(config-ctx)#domain guest advertise


alias Unique name of the subscriber service domain alias to be created.

advertise Optional. Advertises the subscriber service domain alias in Point-to-Point Protocol over Ethernet (PPPoE) discovery messages.



enable authenticationenable authentication {none | local | radius | tacacs+}

default enable authentication

PurposeSpecifies how the system performs privilege level authentication.


Syntax Description

DefaultThe system authenticates privilege level passwords using the local configuration database.

Usage GuidelinesUse the enable authentication command to specify how the system performs privilege level authentication. If you select the none keyword, administrators are not prompted for a password when changing privilege levels.

If you enter the radius or tacacs+ keyword, you must configure the enable passwords on the RADIUS or TACACS+ system, respectively. The format of the enable password is enable [level]@ctx-name, where the level argument represents the privilege level of the password (and is not specified for level 15), and the ctx-name argument is the name of the context for which the password is configured.

Use the default form of this command to configure the system to use the default authentication (local).

none Specifies no privilege level password authentication.

local Specifies privilege level password authentication using the local configuration.

radius Specifies privilege level password authentication using the Remote Authentication Dial-In User Service (RADIUS) database.

tacacs+ Specifies privilege level password authentication using the Terminal Access Controller Access Control System Plus (TACACS+) database.

Note The separator character between the admin-name and the ctx-name arguments is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS. The default value is @, which is used throughout this guide.



ExamplesThe following example configures the system to authenticate privilege level passwords using RADIUS:

[local]Redback(config-ctx)#enable authentication radius

The following example shows how the administrator names would be configured on the RADIUS server for privilege level 10 and privilege level 15 in the local context:

username = enable10@localusername = enable@local

Related Commandsenable enable encrypted enable password



enable encrypted enable encrypted [level level] encrypt-type password

no enable encrypted [level level encrypt-type]

PurposeCreates a password, in encrypted form, for the specified privilege level.


Syntax Description

DefaultNo passwords are assigned for any privilege level.

Usage GuidelinesUse the enable encrypted command to create a password, in encrypted form, for the specified privilege level.

The SmartEdge OS supports up to 16 different privilege levels (0 through 15) for both administrators and commands. Privilege levels are enabled on a per-context basis.

If password authentication is enabled, the system prompts the administrator for a password when the administrator attempts to enter the privilege level using the enable command (in exec mode). By default, local password authentication is enabled; see the enable authentication command (in context configuration mode).

This command is similar to the enable password command (in context configuration mode), except that this command requires you to enter the password in encrypted form. Typically, you use the enable password command to configure a password in unencrypted form. However, to protect your passwords, the system always displays the enable encrypted command when displaying the configuration.

Use the no form of this command to delete the password for a specific privilege level.

level level Optional. Privilege level for which to configure a password. The range of values is 0 to 15.

encrypt-type Type of encryption used for a password; only type 1 is supported. Optional for the no form of this command.

password Password to assign to the specified privilege level. This argument is not available when using the no form of this command.



ExamplesThe following example creates an encrypted password for privilege level 15:

[local]Redback(config-ctx)#enable encrypted level 15 1 $1$......$CMfiiltCkWPquxFsg8WPy0The following example shows an administrator attempting to enter privilege level 15. The administrator is prompted for the password (unencrypted, and not echoed).


password:

[local]Redback#

Related Commandsenable enable authentication enable password



enable passwordenable password [level level] password

no enable password [level level]

PurposeConfigures a password for the specified privilege level that the system will encrypt.


Syntax Description

DefaultNo passwords are assigned for any privilege level.

Usage GuidelinesUse the enable password command to configure a password for the specified privilege level that the system will encrypt.

The SmartEdge OS supports up to 16 different privilege levels (0 through 15) for both administrators and commands. Privilege levels are enabled on a per-context basis.

If password authentication is enabled, the system prompts an administrator for the password when the administrator attempts to enter the privilege level using the enable command (in exec mode). By default, local password authentication is enabled; see the enable authentication command (in context configuration mode).

To protect your passwords, the system does not store or display this command. Instead, the system stores and displays the password in an encrypted form. When displaying the configuration, the system uses the enable encrypted command (in context configuration mode).

Use the no form of this command to delete the password for a specific privilege level.

ExamplesThe following example shows an administrator attempting to enter privilege level 15. The administrator is prompted for the password to enter privilege level 15 (the password is not echoed).


password:

level level Optional. Privilege level for which to configure a password. The range of values is 0 to 15; the default value is 15.

password Password to assign to the specified privilege level. This argument is not available when using the no form of this command.



[local]Redback#The following example creates the s00persecret password for privilege level 15:

[local]Redback(config-ctx)#enable password level 15 s00persecret

The following example shows how the previous command is stored and displayed by the system, in its encrypted form:

[local]Redback#show configuration...enable encrypted 1 $1$........$AGSXlr2Tk5AsG92NBXzqi0...

Related Commandsenable enable authentication enable encrypted



full-namefull-name text

no full-name

PurposeAssociates a full name or textual description with an administrator account.

Command Modeadministrator configuration

Syntax Description

DefaultNo full name is associated with an administrator account.

Usage GuidelinesUse the full-name command to associate a full name or text description with an administrator account. You can enter a full name with embedded spaces by enclosing the entire name in double quotation marks; for example, "Fred Q. Lynch".

Use the no form of this command to remove the full name text for an administrator.

ExamplesThe following example configures the full name for an administrator, Fred:

[local]Redback(config-ctx)#administrator fred[local]Redback(config-administrator)#full-name "Fred Q. Lynch, x1234"


text Alphanumeric string representing a new or existing administrator.



ip pool ip pool {falling-threshold num {trap [log] | log} | options use-class-c-bcast-addrs}

no ip pool {falling-threshold | options use-class-c-bcast-addrs}

PurposeSpecifies context-specific falling-threshold parameters or includes Class C network and broadcast IP addresses in IP pools in the context.


Syntax Description

DefaultNo threshold parameters are defined for any context; Class C network and broadcast IP addresses are excluded.

Usage GuidelinesUse the ip pool command to specify falling-threshold parameters or to include Class C network and broadcast IP addresses in IP pools for the context.

The falling-threshold parameters provide an alert when the number of available IP addresses for all IP pools in the context is reduced to the value specified. This value is unaffected if any threshold for an individual IP pool is altered.

Use the falling-threshold num construct to specify the total number of available IP addresses in all pools in the context, for which a falling-threshold crossing event is generated. A crossing event occurs only when the total number of available IP addresses in all pools in the context equals the value specified. If the number of available IP addresses becomes greater than the value specified, and then drops again to the value, a second falling-threshold crossing event is generated.

falling-threshold num Threshold value for creating a falling-threshold crossing event. The range of values is 0 to 4,294,967,295.

trap Reports the falling-threshold event with a Simple Network management Protocol (SNMP) event.

log Logs the falling-threshold event. Optional only if you specify the trap keyword.

options use-class-c-bcast-addrs Allows Class C network (.0) and broadcast (.255) IP addresses in all configured IP pools in this context.



If you specify the falling-threshold num construct and the threshold parameters already exist, the current falling threshold parameters are set to the new values, or are added to the definition of the context if they did not previously exist. If you specify a value that is larger than the sum of all IP addresses in all IP pools in the context, no threshold event can occur at the context level. To remove the threshold, specify 0 for the num argument.

You can specify that the falling-threshold crossing event be reported with an SNMP trap, a log message, or both the trap and the log message.

By default, network (.0) and broadcast (.255) IP addresses are excluded in any IP pool of Class C IP addresses, even when that pool is supernetted; you must specify the options use-class-c-bcast-addrs construct to include the intervening Class C network and broadcast addresses in the range. For example:

• If you do not specify this option, and you configure the pool with an IP address of 192.200.100.0/23, IP addresses 192.200.100.0, 192.200.100.255, 192.200.101.0, and 192.200.101.255 are excluded in the pool.

• If you do not specify this option, 192.200.100.255 and 192.200.101.0 are included.

For more information about guidelines for IP addresses in IP pools, see the description for the ip pool command (in interface configuration mode) in Chapter 7, “Interface Configuration.”

Use the no form of this command to remove context-specific threshold parameters to exclude intervening Class C network and broadcast IP addresses in any IP pool in the context.

ExamplesThe following example specifies that an SNMP trap and a log message be generated for the isp1.net context when the available IP addresses in all IP pools in the context equals 1,000:

[local]Redback(config)#context isp1.net[local]Redback(config-ctx)#ip pool falling-threshold 1000 trap log

Related Commandsip pool—interface configuration mode



privilege maxprivilege max level

default privilege max

PurposeSpecifies the maximum privilege level for the administrator.


Syntax Description

DefaultThe maximum privilege level is 15.

Usage GuidelinesUse the privilege max command to specify the maximum privilege level for the administrator.

Using the enable command (in exec mode), an administrator can change the privilege level of the current exec session up to the maximum privilege level specified by this command for the administrator.

Use the default form of this command to return the maximum privilege level to the default value.

ExamplesThe following command configures administrator fred to a maximum privilege level of 13:

[local]Redback(config-ctx)#administrator fred[local]Redback(config-administrator)#privilege max 13

Related Commandsenable privilege privilege start

level Maximum privilege level for an administrator. The range of values is 0 to 15; the default value is 15.



privilege startprivilege start level

default privilege start

PurposeSpecifies the initial privilege level for exec sessions initiated by an administrator.


Syntax Description

DefaultThe initial privilege level is set to 6.

Usage GuidelinesUse the privilege start command to specify the initial privilege level for any exec session initiated by the administrator.

When an administrator logs on to the system, the exec session runs at the initial privilege level specified by this command for the administrator.

Use the default form of this command to return the initial privilege level for an administrator to the default value.

ExamplesThe following command configures administrator fred with an initial privilege level of 11:

[local]Redback(config-ctx)#administrator fred[local]Redback(config-administrator)#privilege start 11

Related Commandsenable privilege privilege max

level Initial privilege level for exec sessions initiated by an administrator. The range of values is 0 to 15; the default value is 6.



public-key public-key {DSA | RSA} [after-key existing-key | position key-position] {new-key | ftp url}

no public-key {DSA | RSA} {all | position key-position}

PurposeSpecifies public key authentication for any administrator accessing the SmartEdge OS command-line interface (CLI) through Secure Shell (SSH).


Syntax Description

DefaultNone

Usage GuidelinesUse the public-key command to specify public key authentication for administrators accessing the SmartEdge OS CLI through SSH.

Use the // if the pathname to the directory on the remote server is an absolute pathname; use a single / if it is a relative pathname (under the hierarchy of username account home directory).

SSH uses cryptographic keys instead of relying on a password scheme. A key is a digital identity based on a unique string of binary data. By using keys, the SSH client can prove to the SSH server on the SmartEdge router that the client is genuine and can prove its identity.

SSH uses a pair of keys—a public key and a private key. The private key, known only to the SSH client, is used to prove the client’s identity. The public key is known by all parties. The public key can be stored on the SmartEdge router if the administrator has an account on the router.

DSA Identifies the Digital Signature Algorithm (DSA).

RSA Identifies the Rivest-Shamir-Adelman (RSA) algorithm.

after-key existing-key Optional. Existing key string after which the new key string should follow.

position key-position Optional. Position in which the new key is to be placed within a string of keys. When used with the no form of this command, it is not optional, and it deletes the key in the specified position. The range of values is 1 to 100,000.

new-key New DSA or RSA key string.

ftp url URL for the file that contains DSA or RSA keys. The file resides on an File Transfer Protocol (FTP) server. The url of the file argument is //admin-name[:passwd]@ip-addr [//directory]/filename.ext.

all Deletes all DSA or RSA keys. Used only with the no form of this command.



When an administrator logs on to the CLI, the SSH client and the SSH server on the SmartEdge router both compare the private key of the client with the public key on the SmartEdge router. If the keys match, the administrator is authenticated by the SmartEdge router.

An administrator can have multiple RSA and DSA keys. The SmartEdge OS maintains the list of keys in the preferred order of the administrator. This is also the order in which the keys are searched when each administrator attempts to log on to the SmartEdge router.

SSH-1 uses the Rivest-Shamir-Adelman (RSA) cryptographic algorithm. SSH-2 uses the Digital Signature Algorithm (DSA). For more information, see the Internet Draft, Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and CRL Profile, draft-ietf-pkix-ipki-pkalgs-05.txt.

Use the no form of this command to disable public key authentication.

ExamplesThe following example configures a public RSA key for the administrator jewel:

[local]Redback(config-administrator)#public-key RSA

Enter public key for the user

$053136276382193869961246761 admin@local% adding public key 1024 35 138778925487550112496264060257494473953477802145777234711904931356017804253563842290930011054450485363243280246400199717731319844418831089264593496852809170833789839891527385879500645266732532498938549779362601026271493734075903025216457395231727858414474890514861688652497950829684053136276382193869961246761 to user jewel

For the following example, the administrator jenny configures a public RSA key from the file, nextkey.pub, located on an FTP server at IP address, 155.53.36.231:

[local]Redback(config-administrator)#public-key RSA ftp//[email protected]/.ssh/nextkey.pub

Connected to 155.53.36.231.220-220 pepper.redback.com FTP server (NetBSD-ftpd 20000723) ready.Remote system type is UNIX.Using binary mode to transfer files.331 Password required for jenny.Password:230-

NetBSD 1.5.1_ALPHA (NETZUUL) #34: Mon Jan 27 19:22:08 PST 2003Welcome to NetBSD!

230 User jenny logged in.200 Type set to I.250 CWD command successful.local: /tmp/tmp_public_key remote: nextkey.pub227 Entering Passive Mode (155,53,36,231,219,44)150 Opening BINARY mode data connection for 'nextkey.pub' (326 bytes).100% |*************************************| 326 780.29 KB/s 00:00 ETA226 Transfer complete.



326 bytes received in 00:00 (1.67 KB/s)221-

Data traffic for this session was 326 bytes in 1 file.Total traffic for this session was 1030 bytes in 1 transfer.

221 Thank you for using the FTP service on pepper.corpA.com.key added 1024 41 106550588489651853198387942858555137190150221510677201916940579736947912236774865600704984815328288560583788592878872188050874678597142562885007685976641197404862724563782974798054110263241761648218460956869243973768579522783213091212849871241135162384999782579058690696235490214548641915001425565861448893991




service multiple-contextsservice multiple-contexts

no service multiple-contexts

PurposeEnables the creation of multiple contexts on a system.



DefaultMultiple contexts are disabled.

Usage GuidelinesUse the service multiple-contexts command to enable the creation of multiple contexts on a system. By default, the “local” context is present, and you cannot use the context command (in global configuration mode) to create additional contexts until you enable the multiple context feature.

Use the no form of this command to disable multiple contexts.

ExamplesThe following example displays sample output when an administrator attempts to create a new context, netone, when the multiple context feature is disabled:

[local]Redback(config)#context netone

Context netone doesn’t exist.To configure multiple contexts configure 'service multiple-contexts'

The following example enables the multiple context feature and creates the context, netone:

[local]Redback(config)#service multiple-contexts[local]Redback(config)#context netone

Related Commandscontext



timeout sessiontimeout session idle minutes

no timeout session idle

default timeout session idle

PurposeSpecifies the maximum idle time for any session for this administrator account or disables the session idle timer.


Syntax Description

DefaultMaximum session idle time for this administrator account is governed by the global session idle timer.

Usage GuidelinesUse the timeout session command to specify the maximum idle time for any session for this administrator account or disable the administrator session idle timer. The system disconnects the session if there is no input for the specified time; if disabled, there is no timeout value. The value that you specify overrides the value specified for the global session idle timer.

Use the no form of this command to disable the session idle timer for this administrator; this form of the command is not affected by the global session idle timer.

Use the default form of this command to set the maximum idle time to the value specified for the global session idle timer.

ExamplesThe following example specifies the session idle timer for this administrator to 60 minutes. This value overrides the value specified for the global session idle timer.

[local]Redback(config-administrator)#timeout session idle 60

Related Commandstimeout session—global configuration mode

idle minutes Time, in minutes, that the session remains connected without input before timing out. The range of values is 1 to 99,999.

Interface Configuration 7-1

C h a p t e r 7

Interface Configuration

This chapter provides an overview of interfaces, describes the tasks used to configure basic features for interfaces, and provides configuration examples and detailed descriptions of the commands used to configure these features through the SmartEdge® OS.

For protocol, or feature-specific commands that appear (in interface configuration mode), see the appropriate chapter in the Routing Protocols Configuration Guide or the IP Services and Security Configuration Guide for the SmartEdge OS respectively.

For information about the tasks and commands used to monitor, troubleshoot, and administer interfaces, see the “Context, Interface, and Subscriber Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview




Overview

Within the SmartEdge OS, an interface is a logical entity that provides higher-layer protocol and service information, such as Layer 3 addressing. Interfaces are configured as part of a context and are independent of physical ports and circuits. The separation of the interface from the physical layer allows for many of the advanced features offered by the SmartEdge OS. For higher-layer protocols to become active, you must bind a physical port or circuit to an interface.

With Dynamic Host Configuration Protocol (DHCP) relay enabled on an interface, the SmartEdge router can examine all responses from a DHCP relay server and note the bindings among the assigned IP address, the requesting Ethernet medium access control (MAC) address, and the circuit from which the request was received.


Overview


The result is a behavior similar to that of secured Address Resolution Protocol (ARP). Because an entry is automatically placed in the SmartEdge host table for this binding, the need to use secured ARP for the binding is eliminated. This ensures that the address cannot be spoofed and that traffic cannot be redirected.

The SmartEdge OS supports the following types of interfaces:

• Bridged interface—Allows circuits, such as Ethernet ports or Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs) with RFC 1483 bridged encapsulation, to be bridged. A bridged interface is associated with a bridge in this context by using the bridge command (in interface configuration mode). For more information on the bridge command (in interface configuration mode), see the “Bridging Configuration” chapter, in the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS.

• Intercontext interface—Allows the Intermediate System-to-Intermediate System (IS-IS) routing protocol to exchange routing information between two or more contexts within the same physical SmartEdge router; this capability is similar to the exchange of routing information between two physical routers. An intercontext interface can be either a point-to-point intercontext interface or a point-to-multipoint (referred to as a LAN) intercontext interface.

— The point-to-point type links two intercontext interfaces of two different contexts; for this type of intercontext interface, there can be only two intercontext interfaces with the same ID on the SmartEdge router.

— The LAN type links multiple interfaces in multiple contexts. For LAN intercontext interfaces, the id argument specifies the group identifier for all the intercontext interfaces with the same ID that are linked together.

• Loopback interface—Has no explicit association with any circuit in the system. This feature is useful in applications that require an IP address in a particular context, but not necessarily a physical connection, because a loopback interface is always up. For example, loopback interfaces can be useful for routing protocols, because the interface is not associated with a physical port that can go down. You cannot configure secondary IP addresses for a loopback interface.

• Multibind interface—Allows multiple circuits to be bound to the interface. This feature is useful when the interface is used for subscriber circuits. You can also specify that a multibind interface act as a last resort interface.

• Last resort interface, which is a type of multibind interface—Acts as a fallback for any incoming subscriber circuit for which the subscriber record does not include an IP address that is assigned to any other interface. If a subscriber session is established, and there is no valid interface to which it can bind, the session binds to the last resort interface.

Each interface must have an IP address you can explicitly specify, using the ip address command (in interface configuration mode), or implicitly, using the ip unnumbered command (in interface configuration mode). When specified implicitly, the interface borrows the IP address from the interface specified by the command. The IP address is used as the source address for routing updates and packets, thus conserving network and address space. Last-resort interfaces must always be configured using the ip unnumbered command.

Note When IP Version 6 (IPv6) addresses are not referenced or explicitly specified, the term, IP address, can refer generally to IP Version 4 (IPv4) addresses, IPv6 addresses, or IP addressing. In instances where IPv6 addresses are referenced or explicitly specified, the term, IP address, refers only to IPv4 addresses. For a description of IPv6 addressing and the types of IPv6 addresses, see RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture.

Configuration Tasks


IPv6 is a new version of the Internet Protocol, designed as the successor to IP Version 4 (IPv4). IPv6 is fully described in RFC 2460, Internet Protocol, Version 6 (IPv6) Specification. The changes from IPv4 to IPv6 include:






Configuration Tasks


• Configuration Guidelines

• Configure Basic Features for an Interface

Configuration GuidelinesConsider the following guidelines for interfaces, IP addresses, and IP pools:

• A standard (one that is not a last-resort interface) multibind interface must have an IP address assigned explicitly, using the ip address command (in interface configuration mode).

• A last-resort multibind interface must be configured as unnumbered, using the ip unnumbered command (in interface configuration mode).

• The interface from which the IP address is borrowed for an unnumbered interface must be configured in the same context as the unnumbered interface.

• An IP address can be of any class: A, B, or C.

• Only standard and last-resort multibind interfaces support IP pools.

• IP pools can be named or unnamed.

• Last-resort interfaces support multiple IP pools, which can be both named and unnamed; standard multibind interfaces support a single IP pool, which can be either named or unnamed.

• An IP pool can have the same name as an interface within a context, but the name must be unique among IP pools within that context.

• The IP addresses in a named IP pool are reserved; they can be assigned only to subscribers that have been configured to use this specific IP pool. The assignment can be made either by the ip address command (in subscriber configuration mode) or by the RADIUS vender-specific attribute (VSA) 36, IP-Address-Pool-Name.


Configuration Tasks


• For a standard multibind interface, the specified IP address for a pool must be within the subnet specified by the primary IP address for the interface, and the prefix length for the pool must be either the same length or larger than that specified for the interface. Standard network subnetting rules apply for creating the range of IP addresses for the pool.

• For a last-resort multibind interface, the specified IP address and subnet range for any pool cannot overlap the subnet range assigned to any other interface with the exception of loopback interfaces. IP addresses that are assigned to loopback interfaces and that overlap the subnet range for an IP pool in a last-resort multibind interface are marked as reserved in the IP pool.

• Depending on the value of the netmask or prefix-length argument for the IP address assigned to the interface and the range of IP addresses assigned to a pool in that interface, the IP address assigned to the interface and its network (.0) and broadcast (.255) IP addresses need not overlap the IP addresses assigned to the pool. If they do overlap the range of IP addresses assigned to the pool, they are excluded from the pool.

• The maximum number of IP addresses in a pool is 65,536 addresses; therefore, the minimum values for the netmask and prefix-length arguments is 255.255.0.0 and 16, respectively.

• For pools with Class A or Class B addresses:

All IP addresses in the assigned range are included in the pool except the interface, network (.0), and broadcast (.255) IP addresses assigned to the interface when they overlap with the pool IP addresses.

• For pools with Class C addresses:

By default, all network (.0) and broadcast (.255) IP addresses are excluded from the pool, even if the pool is supernetted; to include any intervening network and broadcast IP addresses in any IP pool configured with Class C addresses in the context, you must use the ip pool command (in context configuration mode) with the options use-class-c-bcast-addrs construct.

Configure Basic Features for an InterfaceTo configure the basic features for an interface, perform the tasks described in Table 7-1; enter all commands in interface configuration mode, unless otherwise specified.

Table 7-1 Configure Basic Features for an Interface


1. Create a new interface, or modify an existing one, and access interface configuration mode.

interface Enter this command in context configuration mode.

2. Associate a text description with the interface. description

3. Specify that the DF flag in received packets be ignored.

ip clear-df

4. Specify that the ICMP Destination Unreachable packet-too-big message be suppressed.

ip icmp




The following example creates the enet71 interface, assigns it an IP address, and binds it to an Ethernet port:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface enet71[local]Redback(config-if)#ip address 10.1.2.1 255.255.255.0[local]Redback(config-if)#exit[local]Redback(config)#port ethernet 7/1[local]Redback(config-port)#bind interface enet71 local

The following example creates a loopback interface (loop-lo2) and an unnumbered interface (unnum2). The unnumbered interface borrows its IP address from the loopback interface. Do not bind a circuit to the loopback interface.

[local]Redback(config-ctx)#interface loop-lo2 loopback [local]Redback(config-if)#ip address 11.1.2.3/32[local]Redback(config-if)#interface unnum2[local]Redback(config-if)#ip unnumbered loop-lo2

The following example assigns an IPv6 address to the enet1 interface:

[local]Redback(config-ctx)#interface enet1[local]Redback(config-if)#ipv6 address 7001::1/64

5. If the interface is not bridged, configure IP addresses for the interface with one of the following tasks:

• Assign a primary or secondary IP address. ip address This command is not used for last-resort interfaces.

• Assigns a primary or secondary IPv6 address. ipv6 address

• Create a pool of IP addresses for the interface. ip pool

• Select a fixed IP address as the source address for one or more protocols.

ip source-address Use this command only with loopback interfaces.

• Enable IP processing on an interface without assigning it an explicit IP address.

ip unnumbered This command is required for last-resort interfaces.

6. Set the MTU IP packet size. ip mtu

7. If the interface is bridged, bind it to an existing bridge group.

bridge For a description of this command, see the “Bridging Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Table 7-1 Configure Basic Features for an Interface (continued)





This section describes the syntax and usage guidelines for the commands used to configure basic features for interfaces. The commands are presented in alphabetical order.

descriptioninterfaceip addressipv6 addressip clear-df

ip icmpip mtuip poolip source-addressip unnumbered



descriptiondescription text

no description

PurposeAssociates a text description with an interface.

Command Modeinterface configuration

Syntax Description

DefaultNone

Usage GuidelinesUse the description command to associate a text description with an interface. The description appears in the output of the show ip interface and show configuration commands. Text can be any alphanumeric string, including spaces. For more information on the show configuration command, see the “Using the CLI” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no form of this command to delete the existing description. Because there can be only one description for an interface, when you use the no form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.

ExamplesThe following example creates the interface, upstream, as the upstream interface to the goldisp.net service provider:

[local]Redback(config-ctx)#interface upstream[local]Redback(config-if)#description interface to goldisp.net

Related Commandsshow configuration

text Text string, up to 79 ASCII characters, that identifies the interface.



interfaceinterface if-name [bridge | intercontext if-type grp-num | loopback | multibind [lastresort] | p2p]

no interface if-name [bridge | intercontext if-type grp-num | loopback | multibind [lastresort] | p2p]

PurposeCreates a new interface, or selects an existing one for modification, and enters interface configuration mode.


Syntax Description

DefaultNone

if-name Name of the interface; an alphanumeric string with up to 127 characters.

bridge Optional. Specifies that the interface is a bridged interface.

intercontext Optional. Specifies that the interface is to link two or more contexts.

if-type Optional. Type of intercontext interface, according to one of the following keywords:

• lan—Specifies a point-to multipoint (LAN) interface.

• p2p—Specifies a point-to-point interface.

grp-num Optional. Intercontext group number; the range of values is 1 to 1,023.

loopback Optional. Specifies that the interface is a loopback interface.

multibind Optional. Enables the interface to have multiple circuits bound to it.

lastresort Optional. Specifies that this multibind interface will be used for any subscriber circuit that attempts to come up and cannot bind to any other interface.

p2p Optional. When binding to a LAN circuit, indicates to routing protocols, such as Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF), that the circuit should be treated as a point-to-point interface from an Interior Gateway Protocol (IGP) point of view.



Usage GuidelinesUse the interface command to create a new interface, or select an existing one for modification, and enter interface configuration mode. Optionally, you can specify the interface as an intercontext interface, a loopback interface, or enable the interface to have multiple circuits bound to it.

You must bind a port or circuit to an interface (other than a bridged or loopback interface) for data to flow across the interface.

When there are only two routers over the LAN media, it makes sense to treat the interface as a point-to-point interface from routing protocol point of view. The p2p keyword can be used to achieve this point-to-point-over-LAN feature. For more detailed information, see the Internet Draft, draft-shen-isis-ospf-p2p-over-lan-01.txt.

Use the bind interface command (in link configuration mode) to bind a port or circuit to a previously created interface in the specified context. Both the interface and the specified context must exist before you enter the bind interface command. If either is missing, an error message displays. For more information on the bind interface command, see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Use the bridge command (in interface configuration mode) to associates the bridge with the interface or subscriber. For more information on this command, see the “Bridging Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Use the no form of this command to delete the interface.

ExamplesThe following example configures an interface, enet1:

[local]Redback(config-ctx)#interface enet1[local]Redback(config-if)#ip address 10.1.1.1 255.255.255.0

The following example configures a loopback interface, local-loopback, for the local context:

[local]Redback(config-ctx)#interface local-loopback loopback[local]Redback(config-if)#ip address 10.1.1.1/32

The following example configures three intercontext interfaces in three different contexts all with group 10:

[local]Redback(config-config)#context isp1[local]Redback(config-ctx)#interface isp1-lan intercontext lan 10[local]Redback(config-if)#ip address 10.1.1.1/24[local]Redback(config-if)#exit[local]Redback(config-ctx)#exit

Note An intercontext interface is appropriate only for use by the Intermediate System-to-Intermediate System (IS-IS) routing protocol.

Caution Risk of data loss. Deleting an interface removes all bindings to the interface. To reduce the risk, do not delete an interface, unless you are certain it is no longer needed.

Note To enable OSPF routing on an interface, see the “OSPF Configuration” chapter in the Routing Protocols Configuration Guide for the SmartEdge OS.



!Configure the second interface[local]Redback(config-config)#context isp2[local]Redback(config-ctx)#interface isp2-lan intercontext lan 10[local]Redback(config-if)#ip address 10.1.1.2/24[local]Redback(config-if)#exit[local]Redback(config-ctx)#exit!Configure the third interface[local]Redback(config-config)#context isp3[local]Redback(config-ctx)#interface isp3-lan intercontext lan 10[local]Redback(config-if)#ip address 10.1.1.3/24[local]Redback(config-if)#exit[local]Redback(config-ctx)#exit

The following example deletes the atm3 interface:

[local]Redback(config-ctx)#no interface atm3

The following example configures a last resort interface and borrows an IP address for it from the enet1 interface:

[local]Redback(config-ctx)#interface last multibind lastresort[local]Redback(config-if)#ip unnumbered enet1

The following example configures a bridged interface and binds it to an existing bridge group, isp1:

[local]Redback(config-config)#context bridge[local]Redback(config-ctx)#interface if-isp1 bridge[local]Redback(config-if)#bridge name isp1

Related Commands

description—interface configuration modeip addressipv6 address



ip addressip address ip-addr {netmask | /prefix-length} [secondary] [tag tag]

no ip address ip-addr {netmask | /prefix-length} [secondary] [tag tag]

PurposeAssigns a primary IP address, and optionally, one or more secondary IP addresses, to an interface.


Syntax Description

DefaultNo IP address is assigned to an interface.

Usage GuidelinesUse the ip address command to assign a primary IP address, and optionally, one or more secondary IP addresses, to an interface. This assignment enables IP services on an interface.

Use the ip-addr argument and either the netmask or /prefix-length construct to assign the interface a primary IP address and netmask or prefix length. For nonloopback interfaces, use the bind interface command (in port configuration mode) to bind a circuit to the interface on which IP services are enabled.

Use the optional secondary keyword to designate an IP address as a secondary IP address for the interface. You can configure up to 15 secondary addresses for each primary interface. Interface costs configured for routing protocols apply to secondary IP addresses in the same manner that they apply to primary IP addresses. Secondary IP addresses are treated as locally attached networks.

If Routing Information Protocol (RIP) split horizon is enabled on an interface that is configured with multiple IP addresses, a single update sourced by the primary IP address is sent advertising only the major networks. If split horizon is disabled, multiple updates sourced from each address on the interface are sent and all subnets are advertised.

Use the optional tag tag construct to assign a route tag to the IP address. If you do not include this construct, the value 0 is assigned as the route tag.

ip-addr Primary or secondary IP address of the interface.

netmask Network mask for the associated IP network.

prefix-length Prefix length for the associated IP address. The range of values is 0 to 32.

secondary Optional. Configures the address as a secondary IP address on the interface.

tag tag Optional. Route tag for the IP address. An unsigned 32-bit integer, the range of values is 1 to 4,294,967,295; the default value is 0.

Note The Address Resolution Protocol (ARP) is enabled by default on broadcast-capable interfaces.



Assigning a route tag allows you to propagate the connected route for the interface to other protocols such as Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF), using a route map with a match condition that specifies the route tag value. For more information about route tags and the routing policy commands to manage them, see the “Routing Policy Configuration” chapter in the Routing Protocols Configuration Guide for the SmartEdge OS.

When configuring an OSPF interface, use the ip address command first to establish the interface, and then enable OSPF on it by using the interface command in OSPF area configuration mode; see the “OSPF Configuration” chapter in the Routing Protocols Configuration Guide for the SmartEdge OS. The primary IP address of the interface must belong to the area in which OSPF is enabled. In addition, only neighbors on the primary address subnet can be OSPF peers.

Use the bind interface command (in link configuration mode) to statically bind a port, channel, permanent virtual circuits (PVCs), 802.1Q tunnel, link group, GRE tunnel circuit, or overlay tunnel circuit to a previously created interface in the specified context. No data can flow through a port, channel, PVC, 802.1Q tunnel, child circuit, link group, or tunnel circuit until it is bound to an interface. Both the interface and the specified context must exist before you enter the bind interface command. If either is missing, an error message displays. For more information on bind interface command, see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Use the no form of this command to remove an IP address from an interface. You must remove all secondary IP addresses before you can remove the primary IP address.

ExamplesThe following example assigns an IP address and netmask to the enet1 interface:

[local]Redback(config-ctx)#interface enet1[local]Redback(config-if)#ip address 10.4.5.2/24

The following example configures two noncontiguous Classless InterDomain Routing (CIDR) blocks for the downstream interface:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface downstream[local]Redback(config-if)#ip address 10.0.0.1/24[local]Redback(config-if)#ip address 11.0.0.1/24 secondary

The following example binds the ethernet port 3/1 to the downstream interface using either IP address:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface downstream[local]Redback(config-if)#ip address 10.0.0.2/28[local]Redback(config-if)#ip address 11.0.0.2/28 secondary[local]Redback(config-if)#exit[local]Redback(config-ctx)#exit[local]Redback(config)#port ether 3/1

Caution Risk of IP service loss. Removing the primary IP address disables all IP services for that address on the specified interface. Disabling IP services deletes a corresponding OSPF interface from the running configuration. To reduce the risk, do not remove a primary IP address for an OSPF interface, unless you have configured a secondary IP address for the OSPF interface, or intend to delete it.



[local]Redback(config-port)#bind interface downstream local

Related Commandsinterface—context configuration mode ip unnumbered



ipv6 addressipv6 address ip-addr/prefix-length [secondary]

no ipv6 address ip-addr/prefix-length [secondary]

PurposeAssigns a primary Internet Protocol Version 6 (IPv6) address, and optionally, one or more secondary IPv6 addresses, to an interface.


Syntax Description

DefaultNo IPv6 address is assigned to an interface.

Usage GuidelinesUse the ipv6 address command to assign a primary IPv6 address, and optionally, one or more secondary IPv6 addresses, to an interface. This assignment enables IPv6 services on an interface.

Use the ip-addr argument and the /prefix-length construct to assign the interface a primary IPv6 address or prefix length. For nonloopback interfaces, use the bind interface command (in port configuration mode) to bind a circuit to the interface on which IP services are enabled. For more information on the bind interface command, see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Use the optional secondary keyword to designate a IPv6 address as a secondary IPv6 address for the interface. You can configure up to 15 secondary addresses for each primary interface. Interface costs configured for routing protocols apply to secondary IP addresses in the same manner that they apply to primary IP addresses. Secondary IP addresses are treated as locally attached networks.

If Routing Information Protocol (RIP) split horizon is enabled on an interface that is configured with multiple IP addresses, a single update sourced by the primary IPv6 address is sent that advertises only the major networks. If split horizon is disabled, multiple updates sourced from each address on the interface are sent and all subnets are advertised.

When configuring an Open Shortest Path First (OSPF) interface, use the ipv6 address command first to establish the interface, and then enable OSPF version 3 (OSPFv3) on it by using the interface command in OSPFv3 area configuration mode; see the “OSPF Configuration” chapter in the Routing Protocols

ip-addr Primary or secondary IPv6 address of the interface.

prefix-length Prefix length for the associated IPv6 address. The range of values is 0 to 128.

secondary Optional. Configures the address as a secondary IPv6 address on the interface.

Note The Neighbor Discovery (ND) protocol is enabled by default on broadcast-capable interfaces.



Configuration Guide for the SmartEdge OS. The primary IPv6 address of the interface must belong to the area in which OSPFv3 is enabled. In addition, only neighbors on the primary address subnet can be OSPFv3 peers.

Use the bind interface command (in IPv6 tunnel configuration mode) to statically bind a port, channel, permanent virtual circuits (PVCs), 802.1Q tunnel, link group, GRE tunnel circuit, or overlay tunnel circuit to a previously created interface in the specified context. No data can flow through a port, channel, PVC, 802.1Q tunnel, child circuit, link group, or tunnel circuit until it is bound to an interface. For more information on bind interface command, see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Use the no form of this command to remove a IPv6 address from an interface. You must remove all secondary IPv6 addresses before you can remove the primary IPv6 address.

ExamplesThe following example assigns an IPv6 address to the enet1 interface:

[local]Redback(config-ctx)#interface enet1[local]Redback(config-if)#ipv6 address 7001::1/64

The following example configures two noncontiguous blocks for the downstream interface:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface downstream[local]Redback(config-if)#ipv6 address 7002::1/112[local]Redback(config-if)#ipv6 address 7003::1/112 secondary

The following example binds the Ethernet port 3/1 to the downstream interface using either IPv6 address:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface downstream[local]Redback(config-if)#ipv6 address 7002::1/112[local]Redback(config-if)#ipv6 address 7003::1/112 secondary[local]Redback(config-if)#exit[local]Redback(config-ctx)#exit[local]Redback(config)#port ether 3/1[local]Redback(config-port)#bind interface downstream local

Related Commandsinterface—context configuration mode ip unnumbered

Caution Risk of IP service loss. Removing the primary IPv6 address disables all IP services for that address on the specified interface. Disabling IPv6 services deletes a corresponding OSPFv3 interface from the running configuration. To reduce the risk, do not remove a primary IPv6 address for an OSPFv3 interface, unless you have configured a secondary IPv6 address for the OSPFv3 interface, or intend to delete it.



ip clear-dfip clear-df

{no | default} ip clear-df

PurposeSpecifies that the IP header Don’t Fragment (DF) flag should be ignored in any packet that is to be transmitted on this outbound interface when that packet is too large to be forwarded to a device with a smaller maximum transmission unit (MTU) than is required by the packet.



DefaultThe IP header DF flag is honored.

Usage GuidelinesUse the ip clear-df command to specify that the IP header DF flag should be ignored in any packet that is to be transmitted on this outbound interface when that packet is too large to be forwarded to a device with a smaller MTU than is required by the packet. In this case, the DF flag is cleared in the resulting fragmented packets. The DF flag is not affected in packets that are not too large for the MTU of the device to which they are transmitted.

If you run the clear-df command (in GRE tunnel configuration mode) for a tunnel circuit, instead of this command, the DF flag is cleared in all packets that are transmitted on that GRE tunnel circuit. If you run both commands, the clear-df command takes precedence for that GRE tunnel circuit, and clears the DF flag in all packets transmitted on that tunnel circuit. For more information on the clear-df command (in GRE tunnel configuration mode), see the “GRE Tunnel Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Use the no or default form of this command to honor the DF flag in all packets.

ExamplesThe following example specifies that the DF flag should be ignored in large packets:

[local]Redback(config)#context isp1[local]Redback(config-ctx)#interface large-packets[local]Redback(config-if)#ip clear-df

Related Commandsclear-df ip icmp



ip icmpip icmp suppress packet-too-big

{no | default} ip icmp

PurposeSpecifies that the Internet Control Message Protocol (ICMP) Destination Unreachable packet-too-big message should be suppressed when any packet that is to be transmitted on this interface has its Don’t Fragment (DF) flag set, and is too large to be forwarded without fragmentation.


Syntax Description

DefaultICMP Destination Unreachable packet-too-big messages are generated.

Usage GuidelinesUse the ip icmp command to specify that the ICMP Destination Unreachable packet-too-big message should be suppressed when any packet that is to be transmitted on this interface has its DF flag set, and is too large to be forwarded without fragmentation.

Use the no or default form of this command to generate ICMP Destination Unreachable packet-too-big messages.

ExamplesThe following example suppresses the Destination Unreachable packet-too-big messages:

[local]Redback(config)#context isp1[local]Redback(config-ctx)#interface large-packets[local]Redback(config-if)#ip icmp suppress packet-too-big

Related Commandsip clear-df

suppress packet-too-big Suppresses the generation of the ICMP Destination Unreachable packet-too-big message.



ip mtuip mtu bytes

no ip mtu

PurposeSets the maximum transmission unit (MTU) size for IP packets sent on an interface.


Syntax Description

DefaultMTU for the media type of the port or circuit to which the interface is bound.

Usage GuidelinesUse the ip mtu command to set the MTU size for IP packets sent on an interface. If an IP packet exceeds the MTU configured for an interface, the system fragments that packet.

An interface does not have an MTU size until either one is explicitly configured using the ip mtu command, or a circuit is bound to the interface. If no MTU size is configured, the MTU size is the same as that of the bound circuit. If an IP MTU is explicitly configured, the resulting IP MTU is calculated. It is the lesser of the configured IP MTU and the circuit MTU.

Use the no form of this command to remove the IP MTU and use the MTU of the bound circuit.

ExamplesThe following example sets the maximum IP packet size for the atm1 interface to 300 bytes:

[local]Redback(config-ctx)#interface atm1[local]Redback(config-if)#ip mtu 300


bytes MTU size in bytes. The range of values is 256 to 16,384.

Note This command does not apply to loopback interfaces.



ip pool ip pool ip-addr {netmask | /prefix-length | to ip-addr} [name pool-name] [falling-threshold num {trap

[log] | log}]

no ip pool [ip-addr {netmask | /prefix-length} [name pool-name]]

PurposeCreates or modifies a pool of IP addresses for an interface to allow a subscriber on a Point-to-Point Protocol (PPP)- or PPP over Ethernet (PPPoE)-encapsulated circuit to be assigned any available IP address from the pool.


Syntax Description

DefaultNo IP pool is created for any interface.

Usage GuidelinesUse the ip pool command to create or modify a pool of IP addresses for an interface to allow a subscriber on a PPP- or PPPoE-encapsulated circuit to be assigned an IP address from the pool. The interface must have been created using the interface command (in context configuration mode) with the multibind keyword.

To create the pool, specify an IP address within the range for the pool and either the netmask or the prefix length. You can enter this command multiple times if you are configuring a last-resort interface.

ip-addr Starting IP address of the IP pool in the form A.B.C.D.

netmask Network mask for the associated IP network in the form A.B.C.D. The range of values is 255.255.0.0 to 255.255.255.255.

prefix-length Prefix length. The range of values is 16 to 32.

to ip-addr Ending address of the IP pool.

name pool-name Optional. Name for the IP pool; a string with up to 31 characters.

falling-threshold num Optional. Threshold value for creating a falling-threshold crossing event. The range of values is 0 to 65,535; if omitted, the default value is 0.

trap Reports the falling-threshold event with a Simple Network Management Protocol (SNMP) event.

log Logs the falling-threshold event; this keyword is optional if you specify the trap keyword.

Note This command does not apply to loopback interfaces.



The number of available IP addresses in a pool is decremented whenever an IP address is assigned from the pool and incremented when it is returned to the pool.

If you use the Remote Authentication Dial-In User Service (RADIUS) to authenticate subscribers, follow these guidelines:

• You must ensure that the RADIUS server is configured to return attribute 8, Framed-IP-Address, with a value of 255.255.255.254 or 0.0.0.0. These values allow the subscriber to be assigned any available IP address from any pool configured within the context.

• If you create a named pool, you must ensure that the RADIUS server is configured to return Redback® vendor-specific attribute (VSA) 36, IP-Address-Pool-Name, with the name of the IP pool.

The name that you specify for the IP pool (the pool-name argument) can be the name an interface created with the interface command (in context configuration mode), but it must be unique among all named IP pools within the context.

The falling-threshold parameters provide an alert when the number of available IP addresses in the pool is reduced to the value specified.

Use the to ip-addr construct to select a range of IP addresses for the IP pool.

Use the falling-threshold num construct to specify the number of available IP addresses in the pool for which a falling-threshold crossing event is generated. A crossing event occurs only when the number of available IP addresses in the pool equals the value specified. If the number of available IP addresses becomes greater than the value specified and then drops again to the value, a second falling-threshold crossing event is generated.

If you specify the falling-threshold num construct and the IP pool already exists, the current falling-threshold parameters are set to the new values, or are added to the definition of the IP pool if they did not previously exist. If you enter the ip pool command without the falling-threshold parameters and the IP pool already exists, the threshold is removed.

You can specify that the falling-threshold crossing event be reported with an SNMP trap, a log message, or both the trap and the log message.

Use the no form of this command to delete the IP address pool for the specified starting IP address or all IP pools created in the interface.

ExamplesThe following example creates a named IP pool for the interface isp1.net context and specifies that both an SNMP trap and a log message be generated when the number of available IP addresses in the pool equals 22:

[local]Redback(config)#context isp1.net[isp1.net]Redback(config-ctx)#interface isp1.net multibind[isp1.net]Redback(config-if)#ip address 10.1.1.1 255.255.255.0[isp1.net]Redback(config-if)#ip pool 10.1.1.1 255.255.255.0 name ip-pool1 falling-threshold 22 trap log



The following example creates a named IP pool for the isp1.net context and specifies a range of IP addresses for the IP pool using the to ip-addr construct:

[local]Redback(config)#context isp1.net[isp1.net]Redback(config-ctx)#interface isp1.net multibind[isp1.net]Redback(config-if)#ip address 10.1.1.1/24[isp1.net]Redback(config-if)#ip pool 10.1.1.2 to 10.1.1.100

Related Commandsip address—interface configuration mode ip pool—context configuration mode



ip source-addressip source-address {all | [packet-type] [packet-type] ... }

no ip source-address {all | [packet-type] [packet-type] ...}

PurposeSpecifies the primary IP address of this interface as the source address for one or more types of locally generated packets or packets sent to a Dynamic Host Configuration Protocol (DHCP) server.


Syntax Description

DefaultThe IP address for the interface on which the traffic is transmitted is used as the source address in locally generated packets or packets sent to a DHCP relay server.

Usage GuidelinesUse the ip source-address command to specify the primary IP address of this interface as the source address for one or more types of locally generated packets or packets sent to a DHCP relay server. Table 7-2 lists the keywords for the types of packets in which the IP address is sent.

all Specifies the primary IP address of this interface as the source address for all types of packets listed in Table 7-2.

packet-type Optional. Type of packets in which the primary IP address of this interface is used as the source address, according to one of the keywords listed in Table 7-2. You can list multiple packet types, each separated by a space.

Table 7-2 Keywords for Supported Protocols and Servers

Keyword Packet Description

config-dhcp-relay Specifies packets to a DHCP relay server.

ftp Specifies File Transfer Protocol (FTP) packets.

icmp-dest-unreachable Specifies Internet Control Message Protocol (ICMP) type 3, Destination Unreachable, packets.

icmp-time-exceeded Specifies that all replies to ICMP type 11 packets are sourced with the defined IP address.

radius Specifies packets to a Remote Authentication Dial-In User Service (RADIUS) server.

snmp Specifies Simple Network Management Protocol (SNMP) packets.

ssh Specifies Secure Shell (SSH) and Secure FTP (SFTP) packets.

syslog Specifies Syslog packets.



Use the all keyword to specify all supported protocols and servers.

You can specify multiple keywords in any order with this command; you can also enter the command multiple times to specify additional protocols.

The primary IP address for the interface is assigned using the ip address command (in interface configuration mode).

By default, the local IP address for the interface on which the traffic is transmitted is included in transmitted packets. As a result, the local IP address used for packets can change from connection to connection, based on the interface that the routing algorithm has chosen to reach the destination.

For IP packets sent by IP routing protocols, including Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Resource Reservation Protocol (RSVP), and the multicast protocols, but not including Intermediate System-to-Intermediate System (IS-IS), the local IP address selection is often constrained by the protocol specification so that the protocol operates correctly. When this constraint exists in the routing protocol, the IP source address included in the outgoing packet is determined by the routing protocol and not the ip source-address command.

Use the no form of this command to use the local IP address for the interface on which the traffic is transmitted.

ExamplesThe following example specifies the IP address of the notify interface in the local context for all outgoing Telnet packets:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface notify[local]Redback(config-if)#ip address 172.16.1.1/24[local]Redback(config-if)#ip source-address telnet

tacacs+ Specifies Terminal Access Controller Access Control System Plus (TACACS+) packets.

telnet Specifies Telnet packets.

tftp Specifies Trivial FTP (TFTP) packets.

Note This command is intended for loopback interfaces, because they are always up; there is no association with any physical port or circuit that could cause the interface to be down. To avoid disruption of reply packets on any of the supported protocols because the interface is down, enter this command only when configuring a loopback interface.

Note For the RADIUS application, use the radius attribute nas-ip-address command (in context configuration mode) to configure the SmartEdge OS to send the IP source address in access request and accounting request packets to the RADIUS server. For more information, see the “RADIUS Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Table 7-2 Keywords for Supported Protocols and Servers (continued)

Keyword Packet Description



The following example adds the SNMP protocol to the list of protocols using the IP address for the notify interface:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface notify[local]Redback(config-if)#ip source-address snmp

As a result, both the Telnet and SNMP protocols will use the IP address of the notify interface.

The following example specifies that ICMP packets will also use the IP address of the notify interface:

[local]Redback(config)#context local[local]Redback(config-ctx)#interface notify[local]Redback(config-if)#ip source-address icmp-dest-unreachable




ip unnumberedip unnumbered if-name

no ip unnumbered

PurposeEnables IP processing on an interface without assigning it an explicit IP address.


Syntax Description

DefaultInterfaces are not preconfigured to borrow IP addresses.

Usage GuidelinesUse the ip unnumbered command to enable IP processing on an interface without assigning it an explicit IP address. This feature allows the interface to borrow the IP address of another interface.

Use the no form of this command to remove the ability to borrow IP addresses from another interface.

ExamplesThe following example configures the seattle-p2p interface to borrow an IP address from the eth2 interface:

[local]Redback(config-ctx)#interface seattle-p2p[local]Redback(config-if)#ip unnumbered eth2

Related Commandsinterface ip address

if-name Name of the interface from which an IP address is to be borrowed.

Subscriber Configuration 8-1

C h a p t e r 8

Subscriber Configuration

This chapter provides an overview of subscribers, describes the tasks used to configure basic features for subscribers and subscriber sessions, and provides configuration examples and detailed descriptions of the commands used to configure these features through the SmartEdge® OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer subscribers, see the “Context, Interface, and Subscriber Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

For protocol- or feature-specific commands that appear in subscriber configuration mode, see the appropriate chapter in this guide or in the Routing Protocols Configuration Guide or the IP Services and Security Configuration Guide for the SmartEdge OS respectively.


• Overview




Overview

Subscribers are end users of high-speed access services. Subscriber records are used to define a set of attributes, such as subscriber name, password, authentication, access control, rate-limiting, and policing information. A record is specific to the context in which the subscriber is configured.

You can configure a default subscriber profile to define attributes that are applied to all subscribers. With a default subscriber profile, you can configure attributes that are shared by many subscribers in a single configuration, rather than applying the same attributes separately to each subscriber record.

Similarly, you can create a named subscriber profile, which you can assign to one or more subscribers. Unlike the default subscriber profile which is automatically assigned to every subscriber record, you must explicitly assign a named subscriber profile to a subscriber record.

When assigned to a subscriber record, the values of the attributes in a named subscriber profile override the identical attributes in the default profile. Profile attributes, either from the default or named profile are overridden when identical attributes with different values are configured in a specific subscriber record.

Overview


Subscribers use hosts connected to various types of circuits. Table 8-1 lists the types of circuits which support subscribers and their encapsulations.

Subscriber records can be configured in one of two ways:

• Locally, using commands in the SmartEdge OS command-line interface (CLI).

You can use subscriber records to provide local authentication and authorization information whenever a remote authentication and authorization server, such as Remote Authentication Dial-In User Service (RADIUS), is not available nor wanted.

• Using attributes (authentication, accounting, or both) stored on a RADIUS server that the SmartEdge OS is configured to access.

If the RADIUS server is configured within the local context of the SmartEdge OS, attributes are applied globally to all subscribers. If the RADIUS server is configured within any other context, attributes are applied only to subscribers configured in that particular context.

If you are using the Challenge Handshake Authentication Protocol (CHAP), Password Authentication Protocol (PAP), or both authentication protocols, the response from the RADIUS server (in attribute 18) is forwarded to the Point-to-Point Protocol (PPP) client with the reason for the acceptance or rejection of the subscriber.

IPv6 is a new version of the Internet Protocol, designed as the successor to IP Version 4 (IPv4). IPv6 is fully described in RFC 2460, Internet Protocol, Version 6 (IPv6) Specification. The changes from IPv4 to IPv6 include:






Table 8-1 Subscriber Circuit Types and Their Encapsulations

Circuit Encapsulations

Circuit Type Bridge1483 Multi Route1483 PPP IPoE IPv6oE PPPoE

ATM PVC Yes – Yes Yes Yes – Yes

802.1Q PVC – Yes – – Yes – Yes

POS port – – – Yes – – –

Child circuit – – – – – No Yes

Note If you specify the encapsulation for a circuit with the multi keyword, the parent circuit carries IP over Ethernet (IPoE) traffic.

Note When IP Version 6 (IPv6) addresses are not referenced or explicitly specified, the term, IP address, can refer generally to IP Version 4 (IPv4) addresses, IPv6 addresses, or IP addressing. In instances where IPv6 addresses are referenced or explicitly specified, the term, IP address, refers only to IPv4 addresses. For a description of IPv6 addressing and the types of IPv6 addresses, see RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture.

Configuration Tasks


Configuration Tasks

To configure the basic features for a subscriber, perform the tasks described in the following sections:

• Configure Subscriber Statistics Collection

• Configure a Subscriber Profile or Record

• Configure Subscriber IP Address Attributes

• Configure PPP and PPPoE Subscriber Attributes

Configure Subscriber Statistics CollectionTo configure statistics collection for all subscribers, perform the tasks in Table 8-2.


Note For information about IP multicast options for a subscriber record or profile, see the “IP Multicast Configuration” chapter in the Routing Protocols Configuration Guide for the SmartEdge OS.

Note For information about configuring Address Resolution Protocol (ARP) and Dynamic Host Configuration Protocol (DHCP) options for a subscriber record or profile, see the “ARP Configuration” and “DHCP Configuration” chapters in the IP Services and Security Configuration Guide for the SmartEdge OS.

Table 8-2 Configure Subscriber Statistics Collection


1. Accesses stats collection configuration mode.

stats-collection Enter this command in global configuration mode.

2. Excludes Layer 2 header data only, or Layer 2 header data, PPP control data, and PPPoE control data from subscriber statistics collection.

count exclude subscriber Enter this command in stats collection configuration mode.

Configuration Tasks


Configure a Subscriber Profile or RecordTo configure a subscriber profile or record, perform the tasks in Table 8-3; enter all commands in subscriber information mode unless otherwise noted.

Configure Subscriber IP Address AttributesTo configure subscriber IP address attributes for a subscriber record or profile, perform one or more of the tasks in Table 8-4; enter all commands in subscriber configuration mode.

Table 8-3 Configure a Subscriber Profile or Record


1. Create a default subscriber profile, a named subscriber profile, or an individual subscriber record, and access subscriber configuration mode.

subscriber Enter this command in context configuration mode.

2. Specify general attributes for the subscriber profile or record (all attributes are optional:

Assign a named subscriber profile to the subscriber record.

profile

Assign an ATM shaping profile. shaping-profile

Set an idle or absolute session timeout value. timeout

Limit the number of sessions a subscriber can access simultaneously.

port-limit

Apply a bulkstats schema to the default subscriber profile for this context.

bulkstats schema This command applies only to the default subscriber profile.

Table 8-4 Configure Subscriber IP Address Attributes


Assign an IP address to the subscriber record or profile. ip address

Prevent address spoofing with IP source-address validation.

ip source-validation

Assign one or more static routes (to the same destination) to the subscriber record or profile.

ip subscriber route

Specifies the IP address of the primary or secondary NetBIOS Name Server (NBNS).

nbns



Configure PPP and PPPoE Subscriber AttributesTo configure the PPP and Point-to-Point Protocol over Ethernet (PPPoE) attributes for a subscriber profile or record, perform one or more of the tasks in Table 8-5; enter all commands in subscriber configuration mode.


This section provides several example configurations for various subscriber features:

• Subscriber Record

• Subscriber Timeout

• NBNS Server for the Default Subscriber Profile

• PADM

• PPPoE MOTM

Subscriber RecordThe following example configures a PPP password, an IP address, and a static route and assigns a route tag to the IP address and to the static route in the subscriber record, pppuser, in the local context:

[local]Redback(config)#context local[local]Redback(config-ctx)#subscriber name pppuser[local]Redback(config-sub)#password in-test[local]Redback(config-sub)#ip address 10.1.3.30[local]Redback(config-sub)#ip subscriber-route 10.2.1.1/24

Table 8-5 Configure the PPP and PPPoE Attributes for a Subscriber Profile


Specify the authentication password that the subscriber enters when initiating a PPP session.

password

Set the MTU used by PPP for the subscriber circuit. ppp mtu For more information on this command, see the “PPP and PPPoE Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Create the message of the minute (MOTM) that the subscriber will see when first logging on.

pppoe motm For more information on this command, see the “PPP and PPPoE Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

Set the subscriber’s PPPoE client to point the subscriber’s browser to a specific location after the subscriber’s PPP session is established.

pppoe url For more information on this command, see the “PPP and PPPoE Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.



Subscriber TimeoutThe following example configures a subscriber, roger, in the corp.com context to have a maximum session time of 120 minutes (2 hours):

[local]Redback(config)#context corp.com[local]Redback(config-ctx)#subscriber name roger[local]Redback(config-admin)#timeout absolute 120

NBNS Server for the Default Subscriber ProfileThe following example configures the default subscriber profile to supply a primary NBNS address to every PPP subscriber in the current context. For more information, see RFC 1877, PPP Internet Protocol Control Protocol Extensions for Name Server Addresses.

[local]Redback(config-ctx)#subscriber default[local]Redback(config-sub)#nbns primary 10.10.1.1

PADMThe following example causes a PPP over Ethernet (PPPoE) Active Discovery Message (PADM) packet containing the URL, http://www.cust1.com/members/joe@local, to be sent to the PPPoE client when the PPP session is established:

[local]Redback(config-ctx)#subscriber name joe[local]Redback(config-sub)#pppoe url http://www.cust1.com/members/%U

The next example uses the pppoe url command (in subscriber information mode) to configure the subscriber default profile. For every subscriber, a PADM containing http://www.aol.com/members/name is sent to the PPPoE client when the PPP session is established.

[local]Redback(config-ctx)#subscriber default[local]Redback(config-sub)#pppoe url http://www.aol.com/members/%u

PPPoE MOTMThe following example creates a PPPoE MOTM:

[local]Redback(config-sub)#pppoe motm System coming down at 0400 today for scheduled maintenance

The following example replaces the first MOTM with a new one:

[local]Redback(config-sub)#pppoe motm Scheduled system maintenance cancelled for 08/29.

Note Configuring a password is not required. However, if you specify a password in the bind subscriber command, you must configure the same password in the subscriber record. For more information on the bind subscriber command, see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.



The following example removes the existing MOTM so that no message is sent to subscribers:

[local]Redback(config-sub)#no pppoe motm


This section describes the syntax and usage guidelines for the commands used to configure basic features for subscribers and subscriber sessions. The commands are presented in alphabetical order.

count exclude subscriberip addressip source-validationip subscriber routenbnspassword

port-limitprofileshaping-profilestats-collectionsubscribertimeout



count exclude subscribercount exclude subscriber layer-2 [ppp-pppoe-control]

no count exclude subscriber layer-2 [ppp-pppoe-control]

PurposeExcludes Layer 2 header data only, or Layer 2 header data, Point-to-Point Protocol (PPP) control data, and Point-to-Point Protocol over Ethernet (PPPoE) control data from subscriber statistics collection.

Command Modestats collection configuration

Syntax Description

DefaultAll data in the subscriber packet is included in statistics collection.

Usage GuidelinesUse the count exclude subscriber command to exclude Layer 2 header data only, or Layer 2 header data, PPP control data, and PPPoE control data from subscriber statistics collection.

Use the layer-2 keyword to exclude Layer 2 header data only. Use the ppp-pppoe-control keyword to exclude Layer 2 header data and PPP and PPPoE control data.

Use the no form of this command to include Layer 2 header data and PPP and PPPoE control data in the statistics collection.

ExampleThe following example excludes both Layer 2 header data and PPP and PPPoE control data from statistics collection:

[local]Redback(config)#stats-collection[local]Redback(config-stats-collection)#count exclude subscriber layer-2 ppp-pppoe-control

Related Commandsstats-collection

layer-2 Excludes Layer 2 header data only.

ppp-pppoe-control Optional. Excludes Layer 2 header and PPP and PPPoE control data.



ip addressip address {ip-addr [netmask | /prefix-length] | pool [name name]}

no ip address {ip-addr [netmask | /prefix-length] | pool}

PurposeAssigns an IP address to the subscriber record or profile.

Command Modesubscriber configuration

Syntax Description

DefaultNone

Usage GuidelinesUse the ip address command to assign an IP address to the subscriber record or profile. To specify a range of contiguous IP addresses, use the optional netmask argument. For Point-to-Point Protocol (PPP)-encapsulated circuits, only the first available IP address in a subscriber record is used for address negotiation. For subscriber circuits using RFC 1483 bridged encapsulation, entries are added to the host table for any and all such IP addresses.

You can specify either an IP address or an IP pool, but not both. You must use the pool keyword to configure a default subscriber profile. The name name construct is either the name of a named IP pool (created with the pool-name argument) or the name of an interface (created with the if-name argument).

When binding a subscriber circuit that has been configured with the bind authentication command (in subscriber configuration mode), and the local or Remote Authentication Dial-In User Service (RADIUS) subscriber record specifies an IP pool or interface name, the SmartEdge OS first checks for an available IP address in the IP pool specified in the record. If the pool does not exist, it then looks for an interface with that name. If there are no unnamed IP pools associated with the interface, the binding for the subscriber circuit fails. For more information on the bind authentication command (in subscriber configuration mode), see the “Bindings Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

ip-addr IP address for the subscriber record or profile.

netmask Optional. Network mask for the IP address. You must enter a mask of at least 24 bits; that is, a mask in the range of 255.255.255.0 to 255.255.255.255.

prefix-length Optional. Prefix length. The range of values is 0 to 32.

pool Indicates that the subscriber will be assigned an IP address from a locally managed IP pool. Required if configuring a default subscriber profile.

name name Optional. Name of an IP pool or an interface with a named or unnamed IP pool.



If this subscriber will be a user of clientless IP service selection (CLIPS), or if this named or default subscriber profile is intended for such subscribers, follow these guidelines:

• For static CLIPS circuits, a subscriber record or its assigned profile must have one and only one IP address.

• For dynamic CLIPS circuits, do not use this command to assign an IP address; instead, use the dhcp max-addrs command (in subscriber configuration mode) and specify 1 as the value for the max-num argument. For more information about the dhcp max-addr command, see the “DHCP Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Any IP address assigned to a subscriber must fall within the address and netmask range configured for an interface in the context to which the subscriber is to be bound; otherwise, the binding fails. The same is true of IP addresses that are returned by RADIUS servers and that are to be assigned to subscribers.

Use the no form of this command to remove an IP address from a subscriber record.

ExampleThe following example defines the IP address, 10.1.1.7, for a subscriber, host1:

[local]Redback(config-ctx)#subscriber name host1[local]Redback(config-sub)#ip address 10.1.1.7

The next example defines two IP addresses, 10.1.1.14 and 10.1.1.15, for a subscriber, host2:

[local]Redback(config-ctx)#subscriber name host2[local]Redback(config-sub)#ip address 10.1.1.14[local]Redback(config-sub)#ip address 10.1.1.15

The following example defines eight IP addresses, 10.1.1.32 to 10.1.1.39, for a subscriber, host8:

[local]Redback(config-ctx)#subscriber name host8[local]Redback(config-sub)#ip address 10.1.1.32 255.255.255.248

Note If you enter this command more than once for a subscriber record or profile, only the last IP address is applied to the static CLIPS circuit.

Note To create a pool of IP addresses for an interface, use the ip pool command (in interface configuration mode); to assign an IP address to an interface, use the ip address command (in interface configuration mode).

Note If you are authenticating a subscriber using the RADIUS, the subscriber record is ignored.

To assign an IP pool address to the subscriber using RADIUS, configure the RADIUS server to return either 255.255.255.254 or 0.0.0.0 as the value for attribute 8, Framed-IP-Address. These values allow the subscriber to be assigned any available IP address from any pool configured within the context.

If you specify a named IP pool, configure the RADIUS server to return the name of the pool in the Redback® vendor-specific attribute (VSA) 36, IP-Address-Pool-Name.



The following pair of examples show the use of unnamed and named IP pools:

• The first example uses an unnamed pool to assign an IP address to a subscriber, joe. At runtime, the SmartEdge OS looks for the If-One pool. Because the pool does not exist, the SmartEdge OS looks for an unnamed pool for the If-One interface. If there is an available IP address, subscriber joe is assigned an address in the 11.1.1.n range; if no address is available in the pool, the next interface is checked. If no interface has an IP address available, the session fails.

• The second example uses a named pool to assign an IP address to subscriber joe. In this example, subscriber joe is assigned an address in the 12.2.2.n range, if one is available, from the named pool for the If-Two interface. If one if not available, the session fails.

In each example, the configuration of the interfaces and pools is as follows:

[local]Redback(config)#context local[local]Redback(config-ctx)#aaa authentication subscriber local[local]Redback(config-ctx)#interface If-One[local]Redback(config-if)#ip address 11.1.1.1 255.255.255.0[local]Redback(config-if)#ip pool 11.1.1.2 255.255.255.0[local]Redback(config-if)#interface If-Two[local]Redback(config-if)#ip address 12.2.2.1 255.255.255.0[local]Redback(config-if)#ip pool 12.2.2.2 255.255.255.0 name If-Two

!Example 1 - Use an unnamed pool associated with interface If-One[local]Redback(config-ctx)#subscriber name joe[local]Redback(config-sub)#ip address pool If-One

!Example 2 - Use a named pool[local]Redback(config-ctx)#subscriber name joe[local]Redback(config-sub)#ip address pool name If-Two

Related Commands

Note The SmartEdge OS does not attempt to assign an IP address from the If-Two pool; those addresses are reserved for subscribers that have been explicitly configured to use that pool, as shown in the next example.

ip address—interface configuration modeip pool

profilesubscriber



ip source-validationip source-validation

no ip source-validation

PurposeEnables IP source-address validation (SAV), which denies all IP packets from address sources that are not reachable through a subscriber’s associated circuit.



DefaultIP SAV is disabled.

Usage GuidelinesUse the ip source-validation command to enable IP SAV. IP SAV, also known as ingress filtering, denies all IP packets from address sources that are not reachable through the subscriber’s associated circuit. You can use this command to prevent address spoofing.

Use the no form of this command to disable IP SAV.

ExamplesThe following example enables IP SAV for the subscriber, bart:

[local]Redback(config-ctx)#subscriber name bart[local]Redback(config-sub)#ip source-validation




ip subscriber routeip subscriber route {ip-addr {netmask | /prefix-length}} [next-hop-ip-addr/prefix-length]

no ip subscriber route {ip-addr {netmask | /prefix-length}} [next-hop-ip-addr/prefix-length]

PurposeAssign one or more static IP routes to a subscriber’s configuration.


Syntax Description

DefaultNone

Usage GuidelinesUse the ip subscriber route command to assign one or more static IP routes to a subscriber’s configuration.

To configure a default static IP route, use the netmask argument.

With RFC 1483 bridged encapsulation, a valid nexthop address and interface are required. If you are not using RFC 1483 bridged encapsulation, you can omit the nexthop address, but the route is not added to the routing table, unless the subscriber’s circuit is configured with one of the encapsulation types that support the nexthop omission feature: logical link control (LLC) Subnetwork Access Protocol (SNAP) and High-Level Data Link Control (HDLC).

Use the no form of this command to delete a static route from the subscriber’s configuration.

The routes for multiple protocols, including subscriber routes, have default routing distance values. When routing multiple routes with the same destination, the route with the lowest distance value is preferred.

ip-addr IP address of the target network or subnet.

netmask Network mask where the 1 bits indicates the network, or subnet, and the 0 bits indicate the host portion of the network address provided.

prefix-length Prefix length. The range of values is 0 to 32. Optional when specified in conjunction with the next-hop-ip-addr argument.

next-hop-ip-addr Optional. Required with RFC 1483 bridged-encapsulated circuits, and optional with other encapsulation types. IP address of a nexthop router that can reach the target network or subnet.

Note This command is available only if you are configuring a named subscriber record.

Note If you use non-zero bits for the host portion of the network address, the route is not added to the routing table.



For more information about protocol distances, see the “Overview” chapter in the Routing Protocols Configuration Guide for the SmartEdge OS.

ExamplesThe following example assigns the IP route, 216.199.130.160 255.255.255.224, to the subscriber, SamQ:

[local]Redback(config-ctx)#subscriber name SamQ[local]Redback(config-sub)#ip address 10.1.2.3[local]Redback(config-sub)#ip subscriber route 216.199.130.160 255.255.255.224


Note Unlike the distance values for Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), and Routing Information Protocol (RIP) routes, the distance values for directly connected, static IP, and subscriber routes cannot be modified. They always take the default distance values, as shown in Table 8-6.

Table 8-6 Protocol Default Distance Values

Protocol Default Distance Value

Directly connected 0

Static IP 1

Subscriber IP host 15

Subscriber IP route 16



nbnsnbns {primary | secondary} ip-addr

no nbns {primary | secondary} ip-addr

PurposeSpecifies the IP address of the primary or secondary NetBIOS Name Server (NBNS) in the subscriber record or profile.


Syntax Description

DefaultNBNS information is not provided to the subscriber.

Usage GuidelinesUse the nbns command to specify the IP address of the primary or secondary NBNS in the subscriber record or profile.

Use the no form of this command to remove the IP address of the primary or secondary NBNS from the subscriber profile or record.

ExamplesThe following example specifies the primary address of the NBNS in the record for subscriber SamQ:

[local]Redback(config-ctx)#subscriber name SamQ[local]Redback(config-sub)#nbns primary 10.1.1.20

primary Specifies that the IP address is for the primary NBNS.

secondary Specifies that the IP address is for the secondary NBNS.

ip-addr IP address of the primary or secondary NBNS.

Note This command does not instruct the SmartEdge router to use the specified name servers in any way for its own purposes. Rather, this information is passed to the subscriber using the Point-to-Point Protocol (PPP) negotiation. The subscriber uses NBNS to obtain IP addresses from NetBIOS names. These values are utilized using PPP when the remote peer requests this information (see RFC 1877, PPP Internet Protocol Control Protocol Extensions for Name Server Addresses). The SmartEdge router does not push this information to the remote peer.

Note The comparable commands to specify the IP addresses for a Domain Name System (DNS) server are described in the “DNS Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.



Related Commandssubscriber



passwordpassword password

no password

PurposeSpecifies the authentication password that the subscriber enters when initiating a Point-to-Point Protocol (PPP) session.


Syntax Description

DefaultNone

Usage GuidelinesUse the password command to specify the authentication password that the subscriber enters when initiating a PPP session. When using Challenge Handshake Authentication Protocol (CHAP)/Password Authentication Protocol (PAP), the password obtained from the subscriber must match the password configured in the corresponding subscriber record. This command is available for individual subscriber records, but not for a default subscriber record.

You can enter a password with embedded spaces by enclosing the entire password in double quotes; for example, “This is a Password With Spaces.”

Use the no form of this command to remove the password from the subscriber’s record.

ExamplesThe following example configures a password of DontTellAnyone:

[local]Redback(config-sub)#password DontTellAnyone


password Alphanumeric text string. Control characters are not allowed.



port-limitport-limit max-sessions

no port-limit

PurposeLimits the number of sessions a subscriber can access simultaneously.


Syntax Description

DefaultThere are no session limits.

Usage GuidelinesUse the port-limit command to limit the number of sessions a subscriber can access simultaneously. This command is useful for dial-up and ISDN users who might attempt to consume multiple links in their multilink bundle. You can also use this command to prevent a single user’s account from being accessed by multiple users.

At runtime, if the subscriber sessions are using links in a Point-to-Point Protocol (PPP) multilink bundle, the maximum number of sessions (links) is reduced to eight if the value specified for the max-sessions argument is greater than eight. However, the value stored in the subscriber record is unchanged.

To set the port limit remotely using Remote Authentication Dial-In User Service (RADIUS), use the Port-Limit RADIUS attribute described in Appendix A, “RADIUS Attributes,” in the IP Services and Security Configuration Guide for the SmartEdge OS. Use the no form of this command to remove the session limitation.

ExamplesThe following example sets a maximum of two sessions for subscriber joe to use simultaneously:

[local]Redback(config-ctx)#subscriber name joe[local]Redback(config-sub)#port-limit 2


max-sessions Maximum number of simultaneous subscriber sessions allowed. The range of values is 1 to 255.



profileprofile prof-name

no profile

PurposeAssigns an existing named profile to the subscriber.


Syntax Description

DefaultThe default profile is assigned to the subscriber.

Usage GuidelinesUse the profile command to assign an existing named profile to the subscriber.

If this subscriber will be a user of clientless IP service selection (CLIPS), adhere to the following guidelines:

• For static CLIPS circuits, the profile that you assign must have one and only one IP address; to assign an IP address to a subscriber profile, use the ip address command (in subscriber configuration mode).

• For dynamic CLIPS circuits, the profile that you assign must not include an IP address; instead, set the maximum number of IP addresses to 1, using the dhcp max-addrs command (in subscriber configuration mode). For more information about the dhcp max-addr command, see the “DHCP Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Use the no form of this command to assign the default profile to the subscriber.

ExamplesThe following example assigns the existing profile, hi-perf, to subscriber joe in the isp1 context:

[local]Redback(config)#context ips1[isp1]Redback(config-ctx)#subscriber name joe[isp1]Redback(config-sub)#profile hi-perf

Related Commandsip address—subscriber configuration modesubscriber

prof-name Existing profile.



shaping-profileshaping-profile atm-prof-name

no shaping-profile

PurposeAssigns an Asynchronous Transfer Mode (ATM) profile to the subscriber record or profile.


Syntax Description

DefaultA subscriber session that is initiated on an ATM permanent virtual circuit (PVC) is governed by the ATM profile assigned to the PVC.

Usage GuidelinesUse the shaping-profile command to assign an ATM profile to the subscriber record or profile.

Use the no form of this command to remove the ATM profile from the subscriber record or profile; a subscriber session initiated on an ATM PVC will be governed by the ATM profile assigned to that ATM PVC.

ExamplesThe following example assigns the ATM profile, ubr, to the named subscriber profile, isp2:

[local]Redback(config-ctx)#subscriber profile isp2[local]Redback(config-sub)#shaping-profile ubr


atm-prof-name Name of an existing ATM profile.

Note The ATM profile must exist or the subscriber session is not initiated.



stats-collectionstats-collection

PurposeAccesses stats collection configuration mode.



DefaultNone

Usage GuidelinesUse the stats-collection command to access stats collection configuration mode.

ExampleThe following example accesses stats collection configuration mode:

[local]Redback(config)#stats-collection[local]Redback(config-stats-collection)#

Related Commandscount exclude subscriber



subscribersubscriber {default | name sub-name | profile prof-name}

no subscriber {default | name sub-name | profile prof-name}

PurposeCreates a default subscriber profile, a named subscriber profile, or an individual named subscriber record, and enters subscriber configuration mode.


Syntax Description

DefaultNo default profile, named subscriber profile, or subscriber record exists.

Usage GuidelinesUse the subscriber command to configure a default subscriber profile, a named subscriber profile, or an individual named subscriber record, and enter subscriber configuration mode. When created, a default or named subscriber profile is empty; there are no default values associated with it.

Use the default keyword to create a default subscriber profile. Each configured attribute in the default profile is appended to all subscriber records in the context. However, if you configure a named subscriber profile or a subscriber record, attribute values in the named subscriber profile or subscriber record override the values set in the default profile record.

Use the name sub-name construct to create a named subscriber record. Attribute values in the subscriber record override the values set in the named and default subscriber profiles. This is true whether the named subscriber record is created through the local configuration or is accessed through a Remote Authentication Dial-In User Service (RADIUS) server.

Use the profile prof-name construct to create a named subscriber profile. Each configured attribute in the named profile is appended to any subscriber record to which the profile is assigned. However, if you configure a subscriber record, attribute values in the subscriber record override the values set in the named subscriber profile.

The maximum length for the sub-name argument together with a separator character and the domain name for the subscriber, is 253 characters. The domain name is the name of the context in which the subscriber is configured, or a domain alias for the context.

default Specifies the creation of the default subscriber profile.

name sub-name Named subscriber record.

profile prof-name Named subscriber profile.



For information about configuring domain aliases, see Chapter 6, “Context Configuration.” For information about configuring the format, sub-name@domain-name, see the “AAA Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

If this subscriber will be a user of clientless IP service selection (CLIPS), or if this named or default subscriber profile is intended for such subscribers, you must adhere to the following restrictions:

• For static CLIPS circuits, a subscriber record or its assigned profile must have one and only one IP address. Use the ip address command (in subscriber configuration mode) to assign the IP address.

• For dynamic CLIPS circuits, a subscriber record or profile must have no IP addresses; instead, use the dhcp max-addrs command (in subscriber configuration mode) and specify 1 as the value for the max-num argument. For more information about the dhcp max-addr command, see the “DHCP Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Use the no form of this command to delete a default or named profile or named subscriber record.

ExamplesThe following example creates the subscriber record, dave:

[local]Redback(config)#context isp2 [local]Redback(config-ctx)#subscriber name dave[local]Redback(config-sub)#

The following example configures primary and secondary Domain Name System (DNS) servers for the default subscriber profile:

[local]Redback(config-ctx)#subscriber default[local]Redback(config-sub)#dns primary 10.1.1.1[local]Redback(config-sub)#dns secondary 10.1.1.2

The following example creates the named profile, isp2:

[local]Redback(config)#context isp2 [local]Redback(config-ctx)#subscriber profile isp2[local]Redback(config-sub)#

Related Commands

Note If you modify a subscriber record for a subscriber that is already bound, you must use the clear subscriber command (in exec mode) for the changes to take effect. For more information on the clear subscriber command, see the “Context, Interface, and Subscriber Operations” chapter in the Basic System Operations Guide for the SmartEdge OS. The subscriber session is ended and restarted with the new parameters. This is true regardless of whether subscriber records are configured locally or in RADIUS.

ip address—subscriber configuration modeprofile



timeouttimeout {absolute | idle} minutes

{no | default} timeout {absolute | idle}

PurposeSets the idle or absolute timeout value or sessions; the time after which a session for a subscriber is dropped.


Syntax Description

DefaultAll timeout sessions are disabled.

Usage GuidelinesUse the timeout command to set the time after which a subscriber’s session is dropped.

Use the no or default form of this command to disable a timeout session.

ExamplesThe following example sets an absolute timeout value of 20 minutes:

[local]Redback(config-sub)#timeout absolute 20


absolute Specifies an absolute timeout value after which the subscriber is disconnected from the session.

idle Specifies an idle timeout value. This is the amount of time allowed for no activity by the subscriber before the session is dropped.

minutes Time, in minutes, that elapses before a timeout session occurs. The range of values is 1 to 596,523.

Note This command applies to either locally terminated or Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) subscriber sessions.

Note Keepalive messages are not considered traffic for purposes of measuring idle time.

P a r t 5

System Management

This part describes the tasks and commands used to configure system-wide parameters for monitoring, the collection of bulk statistics, system event logging, and Simple Network Management Protocol (SNMP) and Remote Monitoring (RMON) features.


• Chapter 9, “System-Wide Management Configuration”

• Chapter 10, “Bulkstats Configuration”

• Chapter 11, “Logging Configuration”

• Chapter 12, “SNMP and RMON Configuration”

System-Wide Management Configuration 9-1

C h a p t e r 9

System-Wide Management Configuration

This chapter provides an overview of system-wide management features, describes the tasks used to configure these features, and provides configuration examples and detailed descriptions of the commands used to configure them through the SmartEdge® OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer general system-wide management features, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview




Overview

Typically, the SmartEdge OS show and debug commands are used to provide information to verify correct system operation and to troubleshoot feature-specific problems. Those commands are described in the Basic System Operations Guide for the SmartEdge OS, and the Ports, Circuits, and Tunnels Operations Guide for the SmartEdge OS, respectively.

The configuration tasks and commands described in this chapter allow you to perform other types of general system-wide monitoring and testing tasks, such as enabling power-on diagnostics, monitoring processes, managing crash dumps, and communicating with a network management system.



Configuration Tasks


Configuration Tasks

To configure system-wide management features and communications with the NetOp™ Element Manager System (EMS) server, perform the tasks described in the following sections:

• Configure System-Wide Management Features

• Configure NetOp EMS Server Communications

Configure System-Wide Management FeaturesTo configure system-wide management features, perform the tasks described in Table 9-1; enter all commands in global configuration mode.

Configure NetOp EMS Server CommunicationsTo configure communications with the NetOp EMS server, perform the tasks described in Table 9-2.


Table 9-1 Configure System-Wide Management Features


Enable dynamic random-access memory (DRAM) crash dump data collection.

service crash-dump-dram This is the default condition.

Set the duration of the system monitoring process. monitor duration

Enable the sending of core dump files to a URL using the File Transfer Protocol (FTP).

service upload-coredump

Table 9-2 Configure NetOp EMS Server Communications


1. Enable communication with a NetOp EMS server and access NetOp configuration mode.

netop Enter this command in global configuration mode.You must configure the SNMP community prior to specifying the version of the SNMP traps that the NetOp EMS server receives.

2. Specify operational attributes:

Enable the sending of advertisement packets to the NetOp EMS server from the SmartEdge router.

advertise Enter this command in NetOp configuration mode.

Specify the version of the SNMP traps that the NetOp EMS server receives.

snmp version Enter this command in NetOp configuration mode.You must configure the SNMP community prior to specifying the version of the SNMP traps that the NetOp EMS server receives.




The following examples are included in this section:

• Process Monitoring

• NetOp EMS Server Communications

Process MonitoringThe following example sets process management parameters for the BGP process, sets the monitor duration, and then enables monitoring of the BGP process:

[local]Redback#configure[local]Redback(config)#monitor duration 3600[local]Redback(config)#exit[local]Redback#monitor process bgp

% enter ctrl-C to exit monitor mode, monitor duration(sec): 3600 (00:00:08)

NAME PID SPAWN MEMORY TIME %CPU STATErip 12652 1 576K 00:00:00.02 0.00% run

NetOp EMS Server CommunicationsThe following example enables communication with a network management system and enables the sending of an advertising packet every 10 seconds to the NetOp EMS server. The node group that the SmartEdge router is assigned is NOCuser1 and the listen port is 6581.

[local]Redback#configure[local]Redback(config)#netop[local]Redback(config-netop)#advertise 192.168.0.1 interval 10 node-group NOCuser1 port 6581[local]Redback(config-netop)#snmp version 2c


This section describes the syntax and usage guidelines for the commands used to configure system-wide management features. The commands are presented in alphabetical order.

advertise monitor duration netop

service crash-dump-dram service upload-coredump snmp version



advertiseadvertise ip-addr [interval seconds] [node-group group-name] [port node-discovery-port-num]

no advertise ip-addr

PurposeEnables the sending of advertisement packets to the NetOp Element Manager System (EMS) server from the SmartEdge router.

Command ModeNetOp configuration

Syntax Description

DefaultNo advertising packets are sent by the SmartEdge router.

Usage GuidelinesUse the advertise command to enable the sending of advertisement packets to the NetOp EMS server from the SmartEdge router. The receipt of an advertise packet allows the NetOp EMS server to auto-discover the SmartEdge router.

The SmartEdge router sends advertise packets at the specified interval. When the NetOp EMS server receives an advertise packet, the NetOp EMS server connects to the SmartEdge router, which then stops sending advertise packets. If the SmartEdge router loses communication with the NetOp EMS server, the SmartEdge router starts sending advertise packets again, unless the administrator enters the no form of this command.

By default, the hostname of each SmartEdge router is “Redback”, and this is the node name that is sent in the advertisement packet. To specify a different node name in the advertisement packet, use the system hostname command in global configuration mode.

Use the node-group group-name construct to specify a group to which the SmartEdge router is to be assigned. If you do not specify a group, then the SmartEdge router is added to the NetOp inventory database.

ip-addr IP address of the NetOp EMS server.

interval seconds Optional. Interval, in seconds, between sending advertising packets. The range of values is 10 to 86,400 (24 hours); the default value is 60.

node-group group-name Optional. Text string identifying the group to which the SmartEdge router is to be assigned. If not specified, no group assignment is made.

port node-discovery-port-num Optional. Port number on the NetOp EMS server that is used to listen for node advertisement packets. The range is 1 to 65, 535; the default value is 6,580.



If the port is not the default, use the port node-discovery-port-num construct to specify the port on the NetOp EMS server that listens for Discovery packets. This port is not the port on the NetOp EMS server that connects to the SmartEdge router.

Use the no form of this command to disable the sending of advertising packets.

ExamplesThe following example enables communication with the NetOp EMS server and sends an advertising packet every 45 seconds:

[local]Redback(config)#netop[local]Redback(config-netop)#advertise 10.1.1.1 interval 45 node-group G10 port 6080

Related Commandsnetop

Note The port used by the NetOp EMS server to connect to the SmartEdge router is not configurable.



monitor durationmonitor duration seconds

no monitor duration

PurposeSets the duration of the system monitoring process.


Syntax Description

DefaultThe duration of system monitoring is 600 seconds, or 10 minutes.

Usage GuidelinesUse the monitor duration command to set the duration of the monitoring process, enabled through any of the monitor commands (available in exec mode) see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no form of this command to set the monitor duration to its default value of 600 seconds.

ExamplesThe following example sets the monitor duration to 3600 seconds, or 60 minutes:

[local]Redback(config)#monitor duration 3600


seconds Length of time, in seconds, that system monitoring lasts. The range of values is 1 to 65,535; the default value is 600 seconds.



netopnetop

no netop

PurposeEnables the netopd server, which allows the SmartEdge router to communicate with the NetOp Element Manager System (EMS) server, and enters NetOp configuration mode.



DefaultDisabled

Usage GuidelinesUse the netop command to enable the netopd server, which allows the SmartEdge router to communicate with the NetOp EMS server, and enter NetOp configuration mode.

Use the no form of this command to disable communication with the NetOp EMS server.

ExamplesThe following example enables the SmartEdge router to communicate with the NetOp EMS server and enters NetOp configuration mode:

[local]Redback(config)#netop[local]Redback(config-netop)#

Related Commandsadvertise

Note You must configure the SNMP community prior to specifying the version of the SNMP traps that the NetOp EMS server receives.



service crash-dump-dramservice crash-dump-dram

no service crash-dump-dram

PurposeEnables dynamic random-access memory (DRAM) data collection during a crash dump.



DefaultEnabled

Usage GuidelinesUse the service crash-dump-dram command to enable DRAM data collection during a crash dump.

Use the no form of this command to disable DRAM data collection during a core dump. In situations where the Packet Processing ASIC (PPA) data collection might take a long time, you can use the no form of this command to skip the DRAM data collection.

ExamplesThe following example disables the DRAM data collection during a crash dump:

[local]Redback(config)#no service crash-dump-dram


Note The reload card command (in exec mode) suppresses the in-progress DRAM data collection if confirmed by user.

Note Because DRAM data collection during a crash dump is enabled by default, the service crash-dump-dram command is used only to return the router to its default behavior after it has been changed by the no form of this command.



service upload-coredumpservice upload-coredump ftp:url

no service upload-coredump

PurposeEnables the sending of core dump files from the local SmartEdge router to the specified URL using the File Transfer Protocol (FTP).


Syntax Description

DefaultNone

Usage GuidelinesUse the service upload-coredump command to enable the sending of core dump files from the local SmartEdge router to a URL using FTP. The url argument takes the following form, where the username:passwd construct specifies the user and an optional password, the ip-addr argument is the IP address of the server, and the hostname argument is the hostname of the server:

//username[:passwd]@{ip-addr | hostname}[//directory]

The hostname argument can only be used if Domain Name System (DNS) resolution is enabled using the ip domain-lookup, ip domain-name, and ip name-servers commands in context configuration mode. For more information see the “DNS Configuration” chapter in the IP Services and Security Configuration Guide for the SmartEdge OS.

Use the no form of this command to disable the sending of crash files to the specified URL.

ftp:url URL of the server that the system is to send a core dump file using FTP. Required format of the url argument is //username[:passwd]@{ip-addr | hostname}[//directory].

Note Use double slashes (//) if the pathname to the directory on the remote server is an absolute pathname; use a single slash (/ ) if it is a relative pathname (under the hierarchy of the username account home directory).

Note We strongly recommend that you enable this feature because it maximizes the use of available disk space and improves system stability and performance. For more information about core dumps, crash files, and the operations commands to administer them, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.



ExamplesThe following example specifies that crash files are to be sent to the specified URL using FTP:

[local]Redback(config)#service upload-coredump ftp://client1:[email protected]//out




snmp versionsnmp version {1 | 2c}

no snmp version

PurposeSpecifies the version of the Simple Network Management Protocol (SNMP) traps that the NetOp Element Manager System (EMS) server receives.

Command ModeNetOp configuration

Syntax Description

DefaultSNMPv2c traps are expected by the NetOp EMS server.

Usage GuidelinesUse the snmp version command to specify the version of the SNMP traps that the NetOp EMS server receives.

Use the no form of this command to specify SNMPv2c traps.

ExamplesThe following example specifies SNMPv1 traps:

[local]Redback(config)#netop[local]Redback(config-netop)#snmp version 1


1 Specifies that SNMP Version 1 (SNMPv1) is configured on the SmartEdge router.

2c Specifies that SNMP Version 2c (SNMPv2c) is configured on the SmartEdge router.

Note You must configure the SNMP community prior to specifying the version of the SNMP traps that the NetOp EMS server receives.

Bulkstats Configuration 10-1

C h a p t e r 1 0

Bulkstats Configuration

This chapter provides an overview of the bulk statistics (bulkstats) features, describes the tasks used to configure them, and provides configuration examples and detailed descriptions of the commands used to configure bulkstats features through the SmartEdge® OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer bulkstats features, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview




Overview


• Function of Bulkstats

• Data Collected by Bulkstats

• Application of Bulkstats to an Entity

Function of BulkstatsThe bulkstats feature gathers large amounts of data from the SmartEdge router, periodically sending updates to a management station. The bulkstats feature frees both the SmartEdge router and the management station from the Simple Network Management Protocol (SNMP) polling processes, and minimizes the amount of memory used by the SmartEdge router for statistics collection.

The collection of data is governed by a named bulkstats policy. Bulkstats policies are context-specific and there can be any number of bulkstats polices for each context. A bulkstats policy defines the collection information, such as the transfer interval, the server to which the data files are sent, and the sampling interval.

Overview


Data Collected by BulkstatsThe kinds of data that are collected is governed by a bulkstats schema profile; it defines the type and format of data that is collected and acts as a template which, when applied to the system or to a context, subscriber, port, channel, or permanent virtual circuit (PVC), results in the collection of the data specified by the schema profile. There are two types of schema profiles: global (for collecting system-wide data) and specific (for collecting data specific type of entity).

Because the type of data that can be collected varies for each type of entity, there are different types of schema profiles, specific to the entity being monitored: contexts, subscribers, ports, channels, Asynchronous Transfer Mode (ATM), Frame Relay, and 802.1Q PVCs. A bulkstats schema profile also describes the format in which the data displays. A bulkstats schema profile consists of a name, a display format, and a list of statistics.

Bulkstats schema profiles employ a format string that uses special-character sequences; see Table 10-5. Format strings are replaced with SmartEdge OS variables, such as system uptime, date, time of day, port and slot number information, and more. Supported SmartEdge OS variables vary according to the type of schema profile. These variables are defined in Table 10-6 to Table 10-13 in the description of the bulkstats schema profile command.

Application of Bulkstats to an EntityWhen a bulkstats schema profile is applied to an entity, such as a port, a bulkstats policy is also applied together with the context in which the bulkstats policy is configured. Data is collected and transferred to a management station, as follows:

1. The SmartEdge router samples and stores system, network, and traffic statistics at specified sampling intervals. Information can be collected at the system, port, channel, and circuit level. Bulkstats data is stored in the form of continuous counter values.

2. Data is periodically sent at a specified transfer interval using the File Transfer Protocol (FTP) to a network management station. The file sent is an ASCII format file consisting of data lines of ASCII text terminated by a UNIX new line.

3. When the file is successfully transmitted, the information is deleted from SmartEdge router memory.

Before you enable bulkstats collection for a policy, you must configure the following elements for an existing bulkstats policy:

• Specify the primary receiver using the receiver command in bulkstats configuration mode.

• Specify the directory on the local SmartEdge router where collected data is stored using the localdir command in bulkstats configuration mode.

• Specify the name and location of the collection files on the FTP server using the remotefile command in bulkstats configuration mode.

Configuration Tasks


You must also:

• Create one or more schema profiles using the bulkstats schema profile command in global configuration mode.

• Apply one or more schema profiles using the schema command in bulkstats configuration mode (for system-wide statistics) or the bulkstats schema command in ATM, ATM DS-3, ATM profile, dot1q profile, DS-0, DS-1, DS-3, E1, Frame Relay profile, port, or STM-1 configuration mode.

You can enable collection for a bulkstats policy at any time after you have performed these tasks. It is not necessary to disable collection before you apply the policy to an entity, such as a port, channel, or circuit.

Configuration Tasks

To configure bulkstats, perform the tasks described in the following sections:

• Configure a Bulkstats Policy

• Create or Modify a Bulkstats Schema Profile

• Apply a Specific Bulkstats Schema Profile

Configure a Bulkstats PolicyTo configure a bulkstats policy, perform the tasks described in Table 10-1; all commands apply only to the bulkstats policy being configured.


Table 10-1 Configure a Bulkstats Policy


1. Create a bulkstats policy, or select one for modification, and access bulkstats configuration mode.

bulkstats policy Enter this command in context configuration mode.

2. Specify operational attributes: Enter these commands in bulkstats configuration mode.

Specify where the bulkstats data is stored for this policy on the SmartEdge router.

localdir

Set a limit on the space that is used to store bulkstats collection files.

limit The default value is 1,024 KB.

Specify the FTP servers where remote bulkstats files are stored.

receiver Enter this command twice to specify both a primary and a secondary FTP server.

Specifies the format of the filename and the location of the bulkstats collection files that are stored on remote File Transfer Protocol (FTP) servers.

remotefile

Specify header lines that are inserted at the beginning of each bulkstats collection file for this policy.

header format



Create or Modify a Bulkstats Schema ProfileTo create or modify a bulkstats schema profile, perform the task described in Table 10-2; enter this command in global configuration mode.

Apply a Specific Bulkstats Schema ProfileTo apply a specific bulkstats schema profile, perform one of the tasks described in Table 10-3, depending on the type of schema profile.


This section provides configuration examples for:

• Bulkstats Policy

• Bulkstats Global Schema Profile

• Bulkstats Specific Schema Profile

Enable the writing of the definitions of the configured bulkstats schema profiles to the beginning of each bulkstats data collection file.

schema-dump

Specify the interval between the collection of bulk statistics samples.

sample-interval The default value is 15 minutes.

Specify the interval after which bulkstats data is uploaded to an FTP server for this policy.

transfer-interval The default value is 60 minutes.

3. Enable the collection of bulkstats for all the entities to which this bulkstats policy will be applied.

collection

Table 10-2 Create or Modify a Bulkstats Schema Profile


Create or modify a bulkstats schema profile. bulkstats schema profile

Table 10-3 Apply a Specific Bulkstats Schema Profile


Apply a bulkstats schema profile with one of the following tasks:

• Apply a global bulkstats schema profile for system-level data collection.

schema Enter this command in bulkstats configuration mode.

• Apply an existing schema profile and bulkstats policy in the specified context to the context, a port, channel, or channel group; to a profile for an ATM PVC, Frame Relay PVC, or 802.1Q PVC; or to a default subscriber profile.

bulkstats schema Enter this command in the configuration mode for the entity.

Table 10-1 Configure a Bulkstats Policy (continued)




Bulkstats PolicyThe following example specifies the IP address of the primary receiver of the uploaded bulkstats data files for the bulk policy:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#receiver 198.168.145.99 primary mechanism ftp login snmp password snmp

The following example specifies the local directory on the SmartEdge router for the bulk policy, the amount of local file space allocated to bulk statistics storage in KB, and the filename format on the remote host. The filename format ensures that the filenames for two different policies will always be different, even if their transfer dates and time coincide.

[local]Redback(config-bulkstats)#localdir /flash/bulkstat[local]Redback(config-bulkstats)#limit 2048[local]Redback(config-bulkstats)#remotefile format "Bulkstats/%s_%s_%s_%s" context, policy date timeofday

The following example defines the header lines in each bulkstats file for the bulk policy:

[local]Redback(config-bulkstats)#header format "Collection file from host %s, Context: %s, Policy: %s" hostname context policy[local]Redback(config-bulkstats)#header format "Data collected on %s" date

The following example enables the sampling and collection of bulkstats data for the bulk policy:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#collection

Bulkstats Global Schema ProfileThe following example creates the gbl-bulk global schema profile:

[local]Redback(config)#bulkstats schema profile global gbl-bulk format "uptime: %u, date:%s, time:%s" sysuptime date timeofday

Bulkstats Specific Schema ProfileThe following example creates an ATM schema profile that collects circuit statistics for each ATM PVC to which the ATM profile, ubr-bulk, is applied:

[local]Redback(config)#bulkstats schema profile atm atm-ubr format "uptime: %u, slot: %u, port: %u, vpi: %u, vci: %u, inoctets: %u outoctets: %u" sysuptime slot port vpi vci inoctets outoctets[local]Redback(config)#atm profile ubr-bulk[local]Redback(config-atm-profile)#shaping ubr[local]Redback(config-atm-profile)#bulkstats schema atm-ubr policy bulk local



The following example configures an ATM PVC that references the ATM profile, ubr-bulk, on an ATM OC port:

[local]Redback(config)#port atm 4/1[local]Redback(config-atm-oc)#atm pvc 16 233 profile ubr-bulk encapsulation route1483[local]Redback(config-atm-pvc)#

The result of this schema is a line in the bulkstats collection file as follows:

atm-ubr: uptime: 348765, slot:4, port:1, vpi:16, vci:233, inoct:234975, outoct:165444


This section describes the syntax and usage guidelines for the commands used to configure bulkstats features. The commands are presented in alphabetical order.

bulkstats policy bulkstats schema bulkstats schema profile collection header format limit localdir

receiver remotefile sample-interval schema schema-dump transfer-interval



bulkstats policybulkstats policy bulk-pol-name

no bulkstats policy bulk-pol-name

PurposeCreates a bulk statistics (bulkstats) policy, or selects one for modification, and enters bulkstats configuration mode.

Command Mode context configuration

Syntax Description

DefaultNone

Usage GuidelinesUse the bulkstats policy command to create a bulkstats policy, or select one for modification, and enter bulkstats configuration mode. You can configure multiple bulkstats policies within each context.

Use the no form of this command to delete a bulkstats policy.

ExamplesThe following command creates a bulkstats policy, bulk, and enters bulkstats configuration mode:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#

Related Commandsbulkstats schema bulkstats schema profile collection

bulk-pol-name Name of the bulkstats policy to be created or modified. Can be no more than 19 characters in length.

Caution Risk of system performance degradation. Creating multiple bulkstats policies can reduce system performance. To reduce the risk, minimize the number of policies configured on the system.



bulkstats schemaIn context or subscriber configuration mode, the syntax is:

bulkstats schema sch-prof-name policy bulk-pol-name

no bulkstats schema sch-prof-name policy bulk-pol-name

In all other configuration modes, the syntax is:

bulkstats schema sch-prof-name policy bulk-pol-name ctx-name

no bulkstats schema sch-prof-name policy bulk-pol-name ctx-name

PurposeApplies an existing schema profile and bulk statistics (bulkstats) policy in the specified context to the context, port, channel, or channel group; to a profile for an Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC), Frame Relay PVC, or 802.1Q PVC; or to a default subscriber profile.

In the case of Multilink Point-to-Point Protocol (MP) subscribers, data is collected on individual ATM PVC links, as well as the MP bundles.

Command ModeATM DS-3 configurationATM OC configurationATM profile configurationcontext configurationdot1q profile configurationDS-0 group configurationDS-1 configurationDS-3 configurationE1 configurationE3 configurationFrame Relay profile configurationport configurationSTM-1 configurationsubscriber configuration

Syntax Description

DefaultNone

sch-prof-name Name of the schema profile. Can be no more than 19 characters in length.

policy bulk-pol-name Name of the bulkstats policy. Can be no more than 19 characters in length.

ctx-name Name of the context in which the bulkstats policy is configured. Can be no more than 31 characters in length. Not required in context or subscriber configuration mode.



Usage GuidelinesUse the bulkstats schema command to apply an existing schema profile and bulkstats policy in the specified context to the context, a port, channel, or channel group; to a profile for an ATM PVC, Frame Relay PVC, or 802.1Q PVC; or to a default subscriber profile. You can apply multiple bulkstats schemas to contexts, ports, channels, channel groups, and profiles using multiple policies in various contexts.

Use the no form of this command to remove the application of the specified bulkstats schema profile and policy from the context, port, channel, channel group; profile for an ATM PVC, Frame Relay PVC, or 802.1Q PVC; or default subscriber profile.

ExamplesThe following example applies an existing schema profile, sample, to an Ethernet port using the bulk policy, in the local context:

[local]Redback(config)#port ethernet 3/1[local]Redback(config-port)#bulkstats schema sample policy bulk local

The following example applies existing schema profiles to the context, isp2,and to the default subscriber profile in that context, using the bulk-isp2 policy:

[local]Redback(config)#context isp2[local]Redback(config-ctx)#bulkstats schema ctx-sample policy bulk-isp2[local]Redback(config-ctx)#subscriber default[local]Redback(config-sub)#bulkstats schema sub-sample policy bulk-isp2

Related Commandsbulkstats policy bulkstats schema profile schema schema-dump

Caution Risk of system performance degradation. Although you can apply multiple schema profiles, each gathering a different type and format of data, it is advisable to minimize the number of schema profile applications to reduce impact on system performance. To reduce the risk, you can instead create one schema profile that records several subsets of data. Separate each subset within the format string by entering the \n character sequence, which creates a new starting line in the output file. You can then apply this single schema profile in place of multiple schema profiles.

Caution Risk of system performance degradation. Applying multiple bulkstats policies can also reduce system performance. To reduce the risk, minimize the number of policies applied to a port, channel, channel group, or profile.

Note Do not apply a bulkstats schema profile to an Ethernet port you are to add to an Ethernet or 802.1Q link group.

Note Do not apply a bulkstats schema profile to a DS-1 channel, E1 channel, or E1 port if you are adding it to an MP or Multilink Frame Relay (MFR) bundle.



bulkstats schema profilebulkstats schema profile prof-type sch-prof-name format format-string [OS-variable]

[OS-variable] ...

no bulkstats schema profile prof-type sch-prof-name

PurposeCreates or modifies a schema profile that can be used to gather statistics for system-wide, context, subscriber, port, channel, Asynchronous Transfer Mode (ATM), Frame Relay, or 802.1Q permanent virtual circuit (PVC).


Syntax Description

DefaultNo bulkstats schema profile is defined.

Usage GuidelinesUse the bulkstats schema profile command to create or modify a schema profile that can be used as a template to gather statistics for system-wide, context, subscriber, port, channel, ATM, Frame Relay, or 802.1Q PVC. Table 10-4 lists the keywords for the types of schema profiles that you can create or modify.

prof-type Type of profile according to one of the keywords listed in Table 10-4.

sch-prof-name Name of the schema profile to be defined.

format format-string Table 10-5 describes the format strings, used to format the schema profile. Format strings can contain anything or nothing as a label for a SmartEdge OS variable. They follow the C programming language printf() function syntax, and must be enclosed in quotation marks.

OS-variable Optional. SmartEdge OS variable for which data will be collected. Separate the variables with a space. Table 10-6 to Table 10-13 describe the supported SmartEdge OS variables for different types of schema profiles.

Table 10-4 Types of Schema Profiles

Keyword Description

atm Uses profile with one or more ATM PVCs (using ATM profiles).

chan Uses profile with one or more DS-0 channel groups, or DS-1, DS-3, or E1 channels.

context Uses profile with one or more contexts.

dot1q Uses profile with one or more 802.1Q PVCs (using dot1q profiles).

frame-relay Uses profile with one or more Frame Relay PVCs (using Frame Relay profiles).



Use the port keyword to create a schema profile for a port on a clear-channel or channelized DS-3 traffic card; use the chan keyword to create a schema profile for a DS-3 channel on a channelized OC-12 traffic card.

Use the port keyword to create a schema profile for an E1 port on a channelized E1 traffic card; use the chan keyword to create a schema profile for an E1 channel on a channelized STM-1 traffic card.

Use the port keyword to create a schema profile for an E3 port on a clear-channel E3 traffic card; use the chan keyword to create a schema profile for a DS-0 or DS-1 channel.

To apply a global schema profile to the system, use the schema command in bulkstats configuration mode.

To apply a schema profile to a context, port, channel, or PVC, use the bulkstats schema command in the appropriate configuration mode.

To apply a schema profile to a default subscriber profile, use the bulkstats schema command with the apply keyword in subscriber configuration mode.

To save the definitions of schema profiles in the collection file, use the schema-dump command in bulkstats configuration mode.

Use the no form of this command to delete the specified bulkstats schema profile. When you delete a schema profile, all the references (applications) of the profile are also removed. If the same statistics are to be collected, the schema profile must be recreated and re-applied.

Table 10-5 describes the supported format strings.

global Uses profile to collect system-wide statistics.

port Uses profile with one or more ATM, channelized OC-12, channelized STM-1, clear-channel or channelized DS-3, clear-channel E3, E1, Ethernet, or Packet over SONET/SDH (POS) ports.

subscriber Uses profile with one or more subscribers (using default subscriber profiles).

Table 10-5 Format String Special Character Descriptions

Syntax Description

\n Creates a new line

%s Represents a character string

%d Represents an integer in decimal (base 10)

%u Represents an unsigned integer in decimal (base 10)

%x Represents an integer in hexadecimal format (base 16)

%% Represents a single % character in the output

Table 10-4 Types of Schema Profiles (continued)

Keyword Description



Table 10-6 describes the supported SmartEdge OS variables for global schema profiles.


Caution Risk of system performance degradation. Schema profiles that are created with policing and drop counters (the qos_inoctets, qos_outoctets, rcv_drop_octets, xmt_drop_octets variables) could result in a substantial increase in CPU usage, when applied, using the bulkstats schema command in any of its configuration modes). To reduce the risk, limit their use whenever possible or decrease the sampling rate (by increasing the sample interval using the sample-interval command in bulkstats configuration mode) when the schema with these parameters is applied to a large number of ports, channels, or circuits.

Table 10-6 SmartEdge OS Variables for Global Schema Profiles

Variable Description Type

active_subs Total number of active subscribers Integer

active_subs_bridged1483 Total number of active subscribers on RFC 1483-bridged circuits Integer

active_subs_clips Total number of active subscribers on CLIPS circuits Integer

active_subs_dot1qEnet Total number of active subscribers on 802.1Q PVCs Integer

active_subs_ppp Total number of active subscribers on PPP-encapsulated circuits Integer

active_subs_pppoe Total number of active subscribers on PPPoE-encapsulated circuits Integer

active_subs_routed1483 Total number of active subscribers on RFC 1483-routed circuits Integer

cpu1min System CPU usage for the last minute Integer

cpu5min System CPU usage for the last five minutes Integer

cpu5sec System CPU usage for the last five seconds Integer

date Today’s date in YYYYMMDD format String

epochtime Time of day in epoch format (number of seconds since January 1, 1970) Integer

free_user_mem Available memory in KB Integer

hostname System hostname String

load15min System load average for the last fifteen minutes Integer

load1min System load average for the last minute Integer

load5min System load average for the last five minutes Integer

sysuptime System uptime in seconds Integer

timeofday Time of day in HHMMSS format using a 24-hour clock String

total_user_mem Total memory in KB Integer



Table 10-7 describes the supported SmartEdge OS variables for context schema profiles.

Table 10-8 describes the supported SmartEdge OS variables for subscriber schema profiles.

Table 10-7 SmartEdge OS Variables for Context Schema Profiles


active_subs Active subscribers for this context Integer

active_subs_bridged1483 Active subscribers on RFC 1483-bridged circuits for this context Integer

active_subs_clips Active subscribers on CLIPS circuits for this context Integer

active_subs_dot1qEnet Active subscribers on 802.1Q PVCs for this context Integer

active_subs_ppp Active subscribers on PPP-encapsulated circuits for this context Integer

active_subs_pppoe Active subscribers on PPPoE-encapsulated circuits for this context Integer

active_subs_routed1483 Active subscribers on RFC 1483-routed circuits for this context Integer

context_name Context name String


start_time Session start time Integer


Table 10-8 SmartEdge OS Variables for Subscriber Schema Profiles


bind_type Subscriber bind type String

cct_handle Circuit descriptor String

context_name Context name String


inoctets Number of octets received on this subscriber session Integer

inpackets Number of packets received on this subscriber session Integer

ip_addr IP address String

ip_mask IP address mask. String

mcast_inoctets Number of multicast octets received on this subscriber session Integer

mcast_inpackets Number of multicast packets received on this subscriber session Integer

mcast_outoctets Number of multicast octets sent on this subscriber session Integer

mcast_outpackets Number of multicast packets sent on this subscriber session Integer

outoctets Number of octets sent on this subscriber session Integer

outpackets Number of packets sent on this subscriber session Integer

session_id Subscriber session ID String




Table 10-9 describes the supported SmartEdge OS variables for port schema profiles.

Table 10-10 describes the supported SmartEdge OS variables for channel schema profiles.

Table 10-9 SmartEdge OS Variables for Port Schema Profiles


description Description of port String


inoctets Number of octets received on this port Integer

inpackets Number of packets received on this port Integer

mcast_inoctets Number of multicast octets received on this port Integer

mcast_inpackets Number of multicast packets received on this port Integer

mcast_outoctets Number of multicast octets sent on this port Integer

mcast_outpackets Number of multicast packets sent on this port Integer

outoctets Number of octets sent on this port Integer

outpackets Number of packets sent on this port Integer

port Port number on the traffic card Integer

portspeed Port speed in kbps Integer

porttype Port type String

qos_inoctets Number of post-limited octets received on this port Integer

qos_outoctets Number of pre-limited octets sent on this port Integer

rcv_drop_octets Number of receive octets dropped on this port Integer

slot Slot number in the SmartEdge router Integer


xmt_drop_octets Number of transmitted octets dropped on this port Integer

Table 10-10 SmartEdge OS Variables for Channel Schema Profiles


channel Channel number on port Integer


inoctets Number of octets received on this channel Integer

inpackets Number of packets received on this channel Integer

mcast_inoctets Number of multicast octets received on this port Integer

mcast_inpackets Number of multicast packets received on this port Integer

mcast_outoctets Number of multicast octets sent on this port Integer

mcast_outpackets Number of multicast packets sent on this port Integer

outoctets Number of octets sent on this channel Integer



Table 10-11 describes the supported SmartEdge OS variables for ATM PVC schema profiles.

outpackets Number of packets sent on this channel Integer


qos_inoctets Number of post-limited octets received on this channel Integer

qos_outoctets Number of pre-limited octets sent on this channel Integer

rcv_drop_octets Number of receive octets dropped on this channel Integer



xmt_drop_octets Number of transmitted octets dropped on this channel Integer

Table 10-11 SmartEdge OS Variables for ATM PVC Schema Profiles


cctstate State of the ATM PVC String


inoctets Number of octets received on the PVC Integer

inpackets Number of packets received on the PVC Integer

mcast_inoctets Number of multicast octets received on the PVC Integer

mcast_inpackets Number of multicast packets received on the PVC Integer

mcast_outoctets Number of multicast octets sent on the PVC Integer

mcast_outpackets Number of multicast packets sent on the PVC Integer

outoctets Number of octets sent on the PVC Integer

outpackets Number of packets sent on the PVC Integer


qos_inoctets Number of post-limited octets received on the PVC Integer

qos_outoctets Number of pre-limited octets sent on the PVC Integer

rcv_drop_octets Number of receive octets dropped on the PVC Integer



vci Virtual channel identifier (VCI) for the PVC Integer

vpi Virtual path identifier (VPI) for the PVC Integer

xmt_drop_octets Number of transmitted octets dropped on the PVC Integer

Table 10-10 SmartEdge OS Variables for Channel Schema Profiles (continued)




Table 10-12 describes the supported SmartEdge OS variables for Frame Relay PVC schema profiles.

Table 10-13 describes the supported SmartEdge OS variables for 802.1Q PVC (dot1q) schema profiles.

Table 10-12 SmartEdge OS Variables for Frame Relay PVC Schema Profiles


cctstate State of the Frame Relay PVC String

channel Channel number on port Integer

dlci Data Link Connection Identifier (DLCI) for the PVC Integer

















Table 10-13 SmartEdge OS Variables for 802.1Q PVC (dot1q) Schema Profiles


cctstate State of the 802.1Q PVC String










ExamplesThe following example creates a schema profile, prfl-port, for a port and applies the profile to an Ethernet port using the bulk policy:

[local]Redback(config)#bulkstats schema profile port prfl-port format “%d/%d desc: %s” slot port description[local]Redback(config)#port ethernet 3/1[local]Redback(config-port)#bulkstats schema prfl-port policy bulk

Related Commandsbulkstats policy bulkstats schema sample-interval schema schema-dump









vlan-id VLAN tag value for the PVC Integer


Table 10-13 SmartEdge OS Variables for 802.1Q PVC (dot1q) Schema Profiles (continued)




collectioncollection

no collection

PurposeEnables the collection of bulk (system) statistics (bulkstats) for all the entities to which this bulkstats policy has been applied.

Command Mode bulkstats configuration


DefaultBulk statistics are not collected for any policy.

Usage GuidelinesUse the collection command to enable the collection of bulkstats for all the entities to which this bulkstats policy has been applied.

Before you enable bulkstats collection for it, you must perform the following tasks for the bulkstats policy:

• Specify the primary receiver using the receiver command in bulkstats configuration mode.

• Specify the directory on the local SmartEdge router where collected data is stored using the localdir command in bulkstats configuration mode.

• Specify the name and location of the collection files on the FTP server using the remotefile command in bulkstats configuration mode.

You must also perform these tasks:

• Create one or more schema profiles using the bulkstats schema profile command in global configuration mode.

• Apply one or more schema profiles using the schema command (in bulkstats configuration mode) (for system-wide statistics) or the bulkstats schema command (in ATM profile, dot1q profile, Frame Relay profile, or DS-0, DS-1, DS-3, E1, or port configuration mode) (for applying an existing schema profile and bulk statistics (bulkstats) policy).

You can enable collection for a bulkstats policy at any time after you have performed these tasks. It is not necessary to disable collection before you apply the policy to an entity, such as a port, channel, or circuit.

Use the no form of this command to disable collection for this bulkstats policy.



ExamplesThe following command enables the collection of bulk statistics:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#collection

Related Commands

bulkstats schema bulkstats schema profile localdir

receiver remotefile schema



header formatheader format format-string [OS-variable] [OS-variable] ...

no header format

PurposeSpecifies lines of informative text that are inserted at the beginning of each bulk statistics (bulkstats) collection file for this policy.


Syntax Description

DefaultNo header lines are included in any bulkstats collection file for any policy.

Usage GuidelinesUse the header format command to specify lines of informative text (headers) at the beginning of each bulkstats collection file for this policy. Lines added by using this command are inserted in each file in the order in which they are configured. You can specify at most 10 headers for a policy.

Table 10-14 describes the supported format strings.

format-string Table 10-14 describes the format strings, used to format the header line. Format strings can contain anything or nothing as a label for a SmartEdge OS variable. They follow the C programming language printf() function syntax, and must be enclosed in quotation marks.

OS variable Optional. SmartEdge OS system variable. Table 10-15 describes the supported variables.


Format String Description






%% Represents a single % character



Table 10-15 describes the SmartEdge OS variables that you can use to format the headers in each bulkstats collection file.

Each header definition must be unique. If a new header line is configured so that it exactly matches an existing header line, the new header is ignored.

Use the no form of this command to delete all bulkstats header specifications for each bulkstats file. After you use this command, you must redefine all headers. Use a text editor for minor editing of the headers rather than editing them with the header format command.

ExampleThe following example inserts a line of text about the date that data is collected in each bulkstats collection file for the policy, bulk, in the local context:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#header format "Data collected on %s for %s policy in %s context" date policy local

The previous line puts the following line in the collection file:

Data collected on 20030530 for bulk policy in local context

Related Commandscollection

Table 10-15 SmartEdge OS Variables for the header format Command


chassis_type Type of chassis String

context Context name String


epochtime Time of day in epoch format (seconds since January 1, 1970) Integer

hostname Hostname as specified in the configuration file String

policy Bulkstats policy name String

sysuptime System uptime in seconds. Integer

timeofday Time of day in HHMMSS format (using a 24-hour clock) String



limitlimit kilobytes

default limit

PurposeSets a limit on the space that is used to store bulk statistics (bulkstats) collection files on the SmartEdge router.


Syntax Description

DefaultThe limit for storing bulkstats data is 1,024 KB (or 1 MB).

Usage GuidelinesUse the limit command to set a limit on the space that is used to store bulkstats collection files on the SmartEdge router.

You cannot change the limit size while bulkstats collection is enabled; you must first disable bulkstats collection using the collection command in bulkstats configuration mode and then re-enable bulkstats collection after entering the limit command.

If data collection fails or if the file size reaches the limit before collection, the oldest data is overwritten, which allows collection to continue with the most recent data saved.

Use the default form of this command to set the bulkstats data storage limit to 1,024 KB.

ExamplesThe following example limits the space used to store bulkstats data to 4906 KB:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#limit 4906

kilobytes Amount of space, in KB, used to store bulkstats data. The range of values is 100 to 100,000 KB. The default value is 1,024 KB.

Caution Risk of data loss. If bulkstats collection is re-enabled after a new limit value has been set, data is deleted, and a new collection file is created. To reduce the risk, enter a bulkstats force transfer command (in exec mode) for the specified policy prior to disabling bulkstats collection so that all collected data is transferred to the receiver. For information on the bulkstats force transfer command, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.



Related Commandscollection localdir



localdirlocaldir dir-name

no localdir dir-name

PurposeSpecifies the local directory on the SmartEdge router where bulk statistics (bulkstats) data for this policy is stored.


Syntax Description

DefaultNone

Usage GuidelinesUse the localdir command to specify the local directory where bulkstats collection files for this policy are stored.

You must first create a local directory using the mkdir command (in exec mode) before you enable bulkstats collection. For more information on the mkdir command, see the “File and Release Operations” chapter in the Basic System Operations Guide for the SmartEdge OS. You can specify a directory on the local file system (/flash) or the mass-storage device (/md). (The mass-storage device is preferable due to faster write speed.) You can limit the space allowed for bulkstats storage with the limit command.

You cannot change the local directory while bulkstats collection is enabled; you must first disable bulkstats collection for this policy using the collection command in bulkstats configuration mode and then re-enable bulkstats collection after entering the localdir command.

Use the no form of this command to remove the configuration of the current local directory used to store bulkstats data for this policy. You should disable bulkstats collection for the policy using the collection command in bulkstats configuration mode before you delete the configuration.

ExampleThe following example stores bulkstats collection files for the policy, bulk, in the /md/blksts directory:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#localdir /md/blksts

Related Commandscollection limit

dir-name Local directory where bulkstats collection files for this policy are stored.



receiverreceiver ip-addr {primary | secondary} mechanism ftp login login-name {password password |

encrypted password | nopassword}

no receiver ip-addr {primary | secondary}

PurposeSpecifies the File Transfer Protocol (FTP) servers where remote bulk statistics (bulkstats) files for this policy are stored.


Syntax Description

DefaultNo FTP server is specified for any bulkstats policy.

Usage GuidelinesUse the receiver command to specify the FTP servers where remote bulkstats files for this policy are stored. If a transfer to the primary receiver fails, a transfer to the secondary receiver is immediately attempted. If the transfer to the secondary receiver fails, the SmartEdge router re-attempts a transfer in five minutes. Retries continue every five minutes until a transfer is successful.

Use the no form of this command to delete a previously configured receiver. If you use the no form of this command while bulkstats collection is running, no data is transmitted to the deleted receiver until a new receiver is defined.

ip-addr IP address of the bulkstats receiver.

primary Specifies that the bulkstats receiver is the primary receiver.

secondary Specifies that the bulkstats receiver is the secondary receiver.

mechanism Sets the file transfer method.

ftp Specifies that the file transfer method is FTP.

login login-name Logon name to be used in FTP.

password password Password to be used with the logon name.

encrypted password Encrypted password to be entered with the logon name. (The password is encrypted while saving the configuration.)

nopassword Specifies that a password is not required with the logon name.

Note Whenever a transfer to any receiver fails, a Simple Network Management Protocol (SNMP) trap is generated.



ExamplesThe following example identifies the server at IP address, 198.168.145.99, as the primary bulkstats receiver; the logon account is snmp and its password is snmp:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#receiver 198.168.145.99 primary mechanism ftp login snmp password snmp

To see how this information displays, see the example for the show bulkstats command in the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Related Commandsremotefile transfer-interval



remotefileremotefile format format-string [OS-variable] [OS-variable] ...

no remotefile format

PurposeSpecifies the format of the filename and the location of the bulk statistics (bulkstats) collection files that are stored on remote File Transfer Protocol (FTP) servers.


Syntax Description

DefaultNo filename format is defined for bulkstats collection files for any policy.

Usage GuidelinesUse the remotefile command to specify the format of the filename and the location of the bulk statistics (bulkstats) collection files stored on remote FTP servers.

Table 10-16 describes the format strings used to format the remote filename.

format Specifies the format of the filename for the bulkstats collection files.

format-string Table 10-16 describes the format strings used to format the remote filename for the bulkstats collection files. Format strings can contain anything or nothing as a label for a SmartEdge OS variable. They follow the C programming language printf() function syntax, and must be enclosed in quotation marks.

OS variable Optional. SmartEdge OS system variable. Table 10-17 describes the supported variables.


Format String Description






%% Represents a single % character in the output



Table 10-17 describes the SmartEdge OS variables used in formatting the remote filename.

You cannot change the remote filename or location while bulkstats collection is enabled; you must first disable bulkstats collection using the collection command in bulkstats configuration mode and then re-enable bulkstats collection after entering the receiver command.

Use the no form of this command to delete information about the format of the remote filename and location used to store bulkstats data for this policy.

ExampleThe following example specifies the format of the filename where the bulkstats data for the bulk policy, is to be stored:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#remotefile format "Bulkstats/%s_%s" hostname timeofday

The file is specified as Bulkstats/hostname_HHMMSS where the hostname argument is the name configured for the SmartEdge router and the HHMMSS argument is the hour, minute, and second (24-hour clock) of the transfer.

To see how this information displays, see the example for the show bulkstats command in the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Related Commandscollection receiver

Table 10-17 SmartEdge OS Variables for the remotefile Command


context Context name String


epochtime Time of day in epoch format (seconds since January 1, 1970) Integer

hostname Hostname as specified in the configuration file String

policy Bulkstats policy name String


timeofday Time of day in HHMMSS format (using a 24-hour clock) String



sample-intervalsample-interval minutes

default sample-interval

PurposeSpecifies the interval between the collection of bulk statistics (bulkstats) samples.


Syntax Description

DefaultThe sampling interval is 15 minutes.

Usage GuidelinesUse the sample-interval command to specify the interval between the collection of bulkstats samples. Setting the sampling interval so that sampling occurs too often can decrease the performance of the SmartEdge router.

Use the default form of this command to return the sampling interval to 15 minutes.

ExamplesThe following example sets the sampling interval to 30 minutes:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#sample-interval 30

Related Commandstransfer-interval

minutes Interval, in minutes, between samples. The range of values is 1 to 1,440 minutes (24 hours); the default value is 15 minutes.



schemaschema sch-prof-name

no schema sch-prof-name

PurposeApplies a system-level bulk statistics (bulkstats) schema profile to gather system-wide statistics using this policy.


Syntax Description

DefaultNone

Usage GuidelinesUse the schema command to apply a system-level (global) bulkstats schema profile to gather system-wide statistics using this policy. You can apply multiple schema profiles using this command. Each schema can gather a different type and format of data. Each application of a schema profile is used to create a text record that is appended to the bulkstats collection file for this policy after every sample period.

Use the no form of this command to remove the specified schema profile.

ExamplesThe following example applies a previously configured schema profile sample for the bulk policy.

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#schema sample

sch-prof-name Name of the global schema profile. Can be no more than 19 characters in length.




Related Commandsbulkstats schema bulkstats schema profile schema-dump



schema-dumpschema-dump

no schema-dump

PurposeEnables writing the definitions of the configured bulk statistics (bulkstats) schema profiles to the beginning of the bulkstats data collection file.

Command Modebulkstats configuration


DefaultNo schema profile definition is saved in any bulkstats data collection file for any policy.

Usage GuidelinesUse the schema-dump command to enable writing the definitions of the configured bulkstats schema profiles to the beginning of the bulkstats data collection file. When enabled, the definition of each configured schema profile is printed at the beginning of the bulkstats collection file.

Use the no form of this command to disable writing the definitions of schema profiles to the bulkstats data collection file.

ExamplesThe following example writes the definitions of the configured bulkstats schema profiles to the bulkstats data file:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#schema-dump

Related Commandsbulkstats schema bulkstats schema profile schema



transfer-intervaltransfer-interval minutes

default transfer-interval

PurposeSpecifies the interval after which bulk statistics (bulkstats) data for this policy is uploaded to a File Transfer Protocol (FTP) server.


Syntax Description

DefaultThe interval is 60 minutes.

Usage GuidelinesUse the transfer-interval command to specify the interval after which bulkstats data for this policy is uploaded to an FTP server. Use the bulkstats force transfer command in exec mode to force an immediate transfer for this policy. For information on the bulkstats force transfer command, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the default form of this command to return the transfer interval to 60 minutes.

ExampleThe following example specifies that bulkstats data is transferred to an FTP server every 180 minutes:

[local]Redback(config)#context local[local]Redback(config-ctx)#bulkstats policy bulk[local]Redback(config-bulkstats)#transfer-interval 180


minutes Transfer interval in minutes. The range of values is 1 to 1,440 minutes (24 hours). The default value is 60 minutes.

Logging Configuration 11-1

C h a p t e r 1 1

Logging Configuration

This chapter provides an overview of logging features, describes the tasks used to configure them, and provides configuration examples and detailed descriptions of the commands used to configure logging features through the SmartEdge® OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer logging features, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview




Overview

The SmartEdge OS contains two log buffers: active and inactive. By default, messages are stored in the active log. If the system restarts as a result of an error, the active log is moved to the inactive log at restart. If the system is restarted normally, the inactive log is initially blank. You can move the entire contents of the active log buffer to the inactive log buffer. This is particularly useful when debugging messages cause the log buffer to fill rapidly. You can also save logs across system restarts and display the contents of logs. Log filtering allows you to isolate events from certain facilities in the logs and trim the flow of information in the system.



Configuration Tasks


By default, log messages are not displayed in real time on the console. However, log messages can be displayed in real time from any Telnet session. In large installations, it is convenient to have all systems log to a remote machine for centralized management and to save space on the device. The SmartEdge OS uses the UNIX syslog facility for this purpose, and can send log messages to multiple machines concurrently. Logging can be constrained to events occurring on a specific circuit.

All log messages contain a numeric value indicating the severity of the event or condition that caused the message to be logged. Many log messages are normal and do not indicate a system problem.

Table 11-1 lists event severity levels in log messages and their respective descriptions.

Configuration Tasks

To configure logging features, perform the tasks described in the following sections:

• Configure Optional Global Logging Features

• Configure Optional Context-Specific Logging Features

Configure Optional Global Logging FeaturesTo configure optional global logging features, perform the tasks described in Table 11-2; enter all commands in global configuration mode.

Table 11-1 Event Severity Levels in Log Messages

Value Severity Level Description

0 emergencies Panic condition—the system is unusable.

1 alerts Immediate administrator intervention is required.

2 critical Critical conditions have been detected.

3 errors An error condition has occurred.

4 warnings A potential problem exists.

5 notifications Normal, but significant, events or conditions exist.

6 informational Informational messages only; no problem exists.

7 debugging Output from an enabled system debugging function.


Table 11-2 Configure Optional Global Logging Features


Enable the display of logged system event messages with a millisecond resolution timestamp.

logging timestamp millisecond

Enables the logger to send logging and debug messages from the active controller card to the standby controller card.

logging active Enter the no form of this command to disable this feature.



Configure Optional Context-Specific Logging FeaturesTo configure optional context-specific logging features, perform the tasks described in Table 11-3; enter all commands in context configuration mode, unless otherwise noted.


The following example configures the system to remotely log all system messages to a network syslog server. Information to forward packets to the 10.1.1.1 address specified for the syslog host is derived from routing tables specific to the NewContext context.

[local]Redback(config)#context NewContext[local]Redback(config-ctx)#logging syslog 10.1.1.1

The following example shows a configuration where log messages are sent to a syslog server (198.168.148.99) in the local context using the syslog facility, local6, and to another syslog server (198.168.145.99) in the green context using the syslog facility, local3:

[local]Redback(config)#context local[local]Redback(config-ctx)#logging sys 198.168.148.99 facility local6[local]Redback(config-ctx)#exit[local]Redback(config)#context green[local]Redback(config-ctx)#logging sys 198.168.145.99 facility local3

Enables the logger to send logging and debug messages from the standby controller card to the active controller card.

logging standby Use the no form of this command to disable this feature.

Store messages that have been generated by all enabled debug processes in the log buffer.

logging debug

Table 11-3 Configure Optional Context-Specific Logging Features


Isolate events from certain facilities in the logs and trim the flow of information.

logging filter

Enables the filtering of debug messages for valid circuits only.

logging cct-valid Enter this command in global configuration mode.

Enable event logging messages to the console. logging console

Enable event logging messages to a file. logging file

Enable the logging of system events to a remote syslog server that is reachable within the current context.

logging syslog

Table 11-2 Configure Optional Global Logging Features (continued)





This section describes the syntax and usage guidelines for the commands used to configure logging features. The commands are presented in alphabetical order.

logging active logging cct-valid logging console logging debug logging file

logging filter logging standby logging syslog logging timestamp millisecond



logging activelogging active

no logging active

PurposeEnables the logger to send logging and debug messages from the active controller card to the standby controller card.


Syntax Description This command has no keywords or arguments.

DefaultLogging and debug messages are sent to the standby controller card.

Usage GuidelinesUse the logging active command to enable the sending of logging and debug messages from the active controller card to the standby controller card.

Use the no form of this command to disable the sending of logging and debug messages to the standby controller card.

ExamplesThe following example enables the sending of logging and debug messages to the standby controller card:

[local]Redback(config)#logging active

Related Commandslogging standby



logging cct-validlogging cct-valid

no logging cct-valid

PurposeEnables the filtering of debug messages for valid circuits only.


Syntax Description This command has no keywords or arguments.

DefaultFiltering of logging and debug messages for circuits is disabled.

Usage GuidelinesUse the logging cct-valid command to enable the filtering of debug messages for valid circuits only.

Use the no form of this command to disable the filtering of debug messages.

ExamplesThe following example enables the filtering of debug messages for valid circuits only:

[local]Redback(config)#logging cct-valid




logging consolelogging console

no logging console

PurposeEnables event logging messages to the console.



DefaultConsole logging for contexts other than local is disabled.

Usage GuidelinesUse the logging console command (in context configuration mode) to quickly isolate problems by displaying event log messages directly to the console rather than to a file. Messages sent to the console can be further constrained by using the logging filter command in context configuration mode to establish a logging filter.

Use the no form of this command to disable event logging to the console.

ExamplesThe following example enables event logging messages to the console:

[local]Redback(config-ctx)#logging console

Related Commandslogging filter



logging debuglogging debug

no logging debug

PurposeStores messages that have been generated by all enabled debug processes in the log buffer.



DefaultDebugging messages are not stored in the log buffer.

Usage GuidelinesUse the logging debug command to store messages for all enabled debugging processes in the log buffer. Use the show log command in any mode to display the logged messages. For more information on the show log command, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no form of this command to disable the storing of debugging messages in the log buffer.

ExamplesThe following example enables the logging of debugging messages to the log buffer:

[local]Redback(config)#logging debug




logging filelogging file [text] filename

no logging file [text] filename

PurposeEnables event logging messages to a file.


Syntax Description

DefaultIf you do not use this command, events are not logged to a file. If you use this command without the optional text keyword, the file is saved in binary form.

Usage GuidelinesUse the logging file command to enable event logging messages to a file. Unless you enter the logging debug command in global configuration mode, this file does not include debugging messages.

Use the filename argument to specify the name and path of the logging file. If the full path is not specified, the file is saved to the /flash directory.

Use the show log command in any mode to display log files. For more information on the show log command, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the no form of this command to disable the enabling of event log messages to a file.

ExamplesThe following example enables the storing of event logs to a file, /flash/log_file:

[local]Redback(config-ctx)#logging file /flash/log_file

Related Commandslogging debug

text Optional. Specifies that the log file is to be saved as a text, rather than binary, file.

filename Name of the file to which events are logged.



logging filterlogging filter {console | file | monitor | syslog} level

default logging filter {console | file | monitor | syslog}

PurposeIsolates events from certain facilities in the logs and trims the flow of information.


Syntax Description

DefaultThe default filter levels for the console, file, monitor, and syslog keywords are set to debug.

Table 11-4 describes the default input and output filter levels for each filter type.

console Specifies the console filter type.

file Specifies the file filter type.

monitor Specifies the monitor filter type.

syslog Specifies the system log filter type.

level Filter logging level, according to one of the following keywords (in descending priority order):

• emergency—Logs only emergency events.

• alert—Logs alert and more severe events.

• critical—Logs critical and more severe events.

• error—Logs error and more severe events.

• warning—Logs warning and more severe events.

• notice—Logs notice and more severe events.

• informational—Logs informational and more severe events.

• debug—Logs all events, including debug events.

Table 11-4 Default Filter Levels

Input Filter Output Filter

console debug

monitor debug

runtime informational

syslog notice



Usage GuidelinesUse the logging filter command to isolate events from certain facilities in the logs and trim the flow of information.

Use the show log level level command in any mode to display information about system event logs at, or above, a specified severity level. For more information on the show log command, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.

Use the default form of this command to set a logging filter back to its default level.

ExamplesThe following example modifies the severity level for several log facilities:

[local]Redback(config-ctx)#logging filter monitor

The following example modifies the severity level for console:

[local]Redback(config-ctx)#logging filter console critical




logging standbylogging standby [short]

no logging standby

PurposeEnables the logger to send logging and debug messages from the standby controller card to the active controller card.


Syntax Description

DefaultLogging and debug messages are sent from the standby controller card to the active controller card.

Usage GuidelinesUse the logging standby command to enable the sending of logging and debug messages from the standby controller card to the active controller card.

Use the short keyword to display the messages on both the Ethernet management port and the console; if the short keyword is not specified, messages are displayed on the Ethernet management port only.

Use the no form of this command to disable the sending of logging and debug messages from the standby controller card to the active controller card.

ExamplesThe following example enables the sending of logging and debug messages to the standby controller card:

[local]Redback(config)#logging standby

Related Commandslogging active

short Optional. Displays messages on both the Ethernet management port and the console.



logging sysloglogging syslog ip-addr [facility sys-fac-name]

no logging syslog ip-addr

PurposeEnables the logging of system events to a remote syslog server that is reachable within the context.


Syntax Description

DefaultSystem events logging is disabled.

Usage GuidelinesUse the logging syslog command to enable the logging of system events to a remote syslog server that is reachable within the context. The remote syslog server is identified by its IP address.

Use the no form of this command to disable the logging of system events to a remote syslog server.

ExamplesThe following example enables logging to a remote syslog server at IP address, 10.10.3.46, in the newworld context:

[local]Redback(config)#context newworld[local]Redback(config-ctx)#logging syslog 10.10.3.46

The following example enables logging to the system logger:

[local]Redback(config-ctx)#logging syslog

Related Commandslogging debug logging filter

ip-addr IP address of the syslog server.

facility sys-fac-name Optional. System logging facility. The range of values is local0 to local7; the default value is local7.



logging timestamp millisecondlogging timestamp millisecond

no logging timestamp millisecond

PurposeEnables the display of logged system event messages with a millisecond resolution timestamp.


Syntax Description This command has no keywords or arguments

DefaultMillisecond resolution is disabled and is not displayed.

Usage GuidelinesUse the logging timestamp millisecond command to enable the display of logged system event messages with a millisecond resolution timestamp.

Use the no form of this command to disable the display of logged system event messages with millisecond resolution.

ExamplesThe following example enables the display of logged system event messages with millisecond resolution:

[local]Redback(config)#logging timestamp millisecond

The following example displays system event log messages when millisecond resolution is enabled:

Oct 21 03:44:47.697: [0001]: %ISIS-7-ADJ: sent PTPT IIH on inter-ctx intf black Oct 21 03:44:48.610: [0002]: %ISIS-7-ADJ: rcvd L2 LAN IIH from 001e.1000.0002 seq 16835 on inter-ctxintf bluefoo


SNMP and RMON Configuration 12-1

C h a p t e r 1 2

SNMP and RMON Configuration

This chapter provides an overview of Simple Network Management Protocol (SNMP) and Remote Monitoring (RMON) features, describes the tasks used to configure them, and provides configuration examples and detailed descriptions of the commands used to configure SNMP and RMON features through the SmartEdge® OS.

For information about the tasks and commands used to monitor, troubleshoot, and administer SNMP features, see the “Software Operations” chapter in the Basic System Operations Guide for the SmartEdge OS.


• Overview




Overview

This section provides a brief overview of the current SNMP management framework. For a more detailed introduction to the SNMP management framework, see the RFC documents referenced in this section. This section includes the following topics:

• SNMP Management Framework and RFCs

• SNMP Versions

• MIBs, Traps, and Events


Overview


SNMP Management Framework and RFCsThe SNMP management framework has five components:

• An overall architecture—Described in RFC 3411, An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks

• Mechanisms for describing and naming objects and events for the purpose of management

The first version, Structure of Management Information (SMIv1) is described in:

— STD 16, RFC 1155, Structure and Identification of Management Information for TCP/IP-based Internets

— STD 16, RFC 1212, Concise MIB Definitions

— RFC 1215, Convention for Defining Traps for use with the SNMP

The second version, SMIv2, is described in:

— STD 58, RFC 2578, Structure of Management Information Version 2 (SMIv2)

— STD 58, RFC 2579, Textual Conventions for SMIv2

— STD 58, RFC 2580, Conformance Statements for SMIv2

The following RFCs provide detailed information on SNMPv3:

— STD 62, RFC 2570, Introduction to Version 3 of the Internet-standard Network Management Framework

— STD 62, RFC 2576, Coexistence between Version 1, Version 2, and Version 3 of the Internet-Standard Network Management Framework

• Message protocols for transferring management information

— The first version, SNMPv1, is described in STD 15, RFC 1157, Simple Network Management Protocol (SNMP).

— The second version, SNMPv2, which is not an Internet standards track protocol, is described in RFC 1901, Introduction to Community-based SNMPv2 and RFC 1906, Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2).

— The third version, SNMPv3, is described in RFC 3417, Transport Mappings for the Simple Network Management Protocol (SNMP), RFC 3412, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP), and RFC 3414, User-based Security Model (USM) for Version 3 of the Simple Network Management Protocol (SNMPv3).

• Protocol operations for accessing management information

— The first set of protocol operations and associated protocol data unit (PDU) formats is described in STD 15, RFC 1157.

— The second set of protocol operations and associated PDU formats is described in RFC 3416, version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP).

• A set of fundamental applications—Described in RFC 3413, Simple Network Management Protocol (SNMP) Applications

• A view-based access control mechanism—Described in RFC 3415, View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)

Overview


The SmartEdge OS supports the User-Based Security Model (USM) and the following applications specific to RFC 3413, and RFC 3414:

• Command Responder—The SmartEdge OS accepts SNMP read-class and write-class requests, performs the appropriate protocol operation, and generates a response message.

• Notification Originator—The SmartEdge OS monitors the system for particular events and conditions and generates notification-class messages based on these events or conditions.

Managed objects are accessed through a virtual information store, the Management Information Base (MIB). MIB objects are defined using the mechanisms set out in the Structure of Management Information (SMI); for more information, see Appendix A, “Supported MIBs.”

SNMP VersionsThe SmartEdge OS supports SNMP Version 1 (SNMPv1), Version 2c (SNMPv2c), and Version 3 (SNMPv3).

There are several differences between configuring SNMPv1 and SNMPv2c, and configuring SNMPv3:

• With SNMPv1 and 2c, communities are created to control access to MIB information. You can configure these communities to meet management requirements. For instance, you can set up the automatic generation of community strings for all managed Redback® contexts. This automatically creates a group with the same name as the community string.

• With SNMPv3, groups and users (instead of communities) are manually configured to control access to MIB information. Privacy and encryption options ensure a high level of configurable security.

• SNMPv3 uses engine IDs to provide additional security.

MIBs, Traps, and EventsDesigned to facilitate the exchange of management information between network devices, SNMP consists of three parts: an SNMP manager, SNMP agents, and the MIB. SNMP agents gather data from variables in the MIB database of the managed device. Then, agents send traps (notifications of certain events) to the SNMP manager (typically, a management station). A management station can also control a managed device by sending a message to one of the device’s SNMP agents, requiring the device to change the value of one or more of its MIB variables; see Figure 12-1.

Figure 12-1 SNMP Manager, SNMP Agent, and MIB Relationship

Overview


For a list of MIBs supported by the SmartEdge OS, including Redback Enterprise MIBs, see Appendix A, “Supported MIBs.” Table 12-1 lists the supported traps and events

Table 12-1 SmartEdge OS Supported Traps and Events

Trap or Event Documentation Source

authenticationFailurecoldStart

RFC 3418, Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)

bgpBackwardTransNotificationbgpEstablishedNotification

draft-ietf-idr-bgp4-mib-10.txt, Definitions of Managed Objects for the Fourth Version of Border Gateway Protocol (BGP-4)

dsx1LineStatusChange RFC 2495, Definitions of Managed Objects for the DS1, E1, DS2, and E2 Interface Types

dsx3LineStatusChange RFC 2496, Definitions of Managed Objects for the DS3/E3 Interface Type

entConfigChange RFC 2037, Entity MIB using SMIv2

fallingAlarmrisingAlarm

RFC 2819, Remote Network Monitoring Management Information Base

linkDownlinkUp

RFC 2863, The Interfaces Group MIB

rbnAtmPvcOamStatusStateChange Redback Proprietary MIB (RBN-ATM-PVC-OAM-MIB)

rbnBulkStatsTrfrFail2 Redback Proprietary MIB (RBN-BULKSTATS-MIB)

rbnCardAlarm Redback Proprietary MIB (RBN-CARDMON-MIB)1

1. For a list of controller and traffic card alarms supported by this MIB, see the MIB’s capability file.

rbnFanStatusChangerbnPowerStatusChange

Redback Proprietary MIB (RBN-ENVMON-MIB)2

2. Alarm conditions that are reported in this MIB are normal, failed, absent, or unknown.

rbnL2tpMibTunnelStateChange2 Redback Proprietary MIB (RBN-L2TP-MIB)

rbnRadiusAcctStateChangerbnRadiusAuthStateChange

Redback Proprietary MIB (RBN-RADIUS-MIB)

rbnSRProcessEventrbnSRSwitchoverEvent

Redback Proprietary MIB (RBN-SYS-RESOURCES-MIB)

rbnTacacsStateChange Redback Proprietary MIB (RBN-TACACS-MIB)

rcfJobCompleted Redback Proprietary MIB (RBN-CONFIG-MIB)

Configuration Tasks


Configuration Tasks

To configure SNMP and RMON features, perform the tasks described in the following sections:

• Configure SNMPv1 and SNMPv2c

• Configure SNMPv3

• Configure RMON Features

Configure SNMPv1 and SNMPv2cTo configure SNMPv1 and SNMPv2c, perform the tasks described in Table 12-2; enter all commands in global configuration mode unless otherwise noted.

Configure SNMPv3Follow these guidelines to maximize security and ensure proper configuration of SNMPv3:

• Define unique engine IDs—Do not define the engine ID value in a configuration file that will be applied to multiple systems.

• Protect configuration files—If you create configuration files that contain security information, such as authorization passwords and keys, the files should be stored on a secured system.

• Do not use saved configurations on multiple systems—SNMP security data is system-dependent. You compromise security if the same SNMP security data is assigned to multiple systems.


Table 12-2 Configure SNMPv1 and SNMPv2c


1. Enable the SNMP server for SNMPv1 and SNMPv2c and access SNMP server configuration mode.

snmp server

2. Specify operational attributes for the server:

Enable linkUp and linkDown notifications for Cisco HDLC, PPP, and Frame Relay encapsulation layers, IP layers, or L2TP tunnels.

traps Enter this command in SNMP server configuration mode.

Create additional SNMP MIB views. snmp view Enter this command in global configuration mode.

Create SNMP community strings. snmp community Enter this command multiple times to create multiple community strings.Enter this command in global configuration mode.

Configure an SNMP target management station to receive SNMP notifications.

snmp target Enter this command in global configuration mode.

Configuration Tasks


To configure SNMPv3, perform the tasks described in Table 12-3; enter all commands in global configuration mode, unless otherwise noted.

Configure RMON FeaturesTo configure RMON features, perform the tasks described in Table 12-4; enter all commands in global configuration mode.

Table 12-3 Configure SNMPv3


1. Enable the SNMP server for SNMPv3 and access SNMP server configuration mode.

snmp server

2. Specify operational attributes for the server:

Enable linkUp and linkDown notifications for Cisco HDLC, PPP, and Frame Relay encapsulation layers, IP layers, or L2TP tunnels.

traps Enter this command in SNMP server configuration mode.

Specify a unique engine ID that can be either local or remote.

snmp engine-id

Create additional SNMP MIB views. snmp view

3. Create an SNMP group. snmp group Enter this command multiple times to create multiple groups.

4. Create an SNMP user. snmp user Enter this command multiple times to create multiple users.

5. Configure an SNMP target management station with one of the following tasks:

• Use default parameters. snmp target

• Specify all parameters. snmp notify snmp notify-filter snmp target-parameters snmp notify-target

You must enter the first three commands before you enter the snmp notify-target command.

Note The snmp target and the snmp notify-target commands are mutually exclusive. The snmp target command is equivalent to the set of snmp notify-target, snmp notify, snmp target-parameters, and snmp group commands (only if the notify notify-view construct has not been set). The snmp target command sets certain parameters to their default values; these parameters are notifyName, targParmName, tag, tagList, seconds, and count.

Note You must first enable the SNMP server before you can configure RMON features.

Table 12-4 Configure RMON Features


Creates an RMON alarm entry. rmon alarm

Creates an RMON event entry. rmon event




This section provides examples for:

• SNMPv2c

• SNMPv3

SNMPv2cIn the following SNMPv2c example, the view, Inet-View, includes all objects in the Internet object identifier (OID) tree. The Admin community allows read access to the Inet-View view, and then the SmartEdge OS is configured to send traps to a system, NM-Station1, with an IP address of 198.164.190.110.

[local]Redback(config)#snmp server[local]Redback(config-snmp-server)#traps ifmib encaps[local]Redback(config-snmp-server)#exit[local]Redback(config)#snmp view Inet-View internet included [local]Redback(config)#snmp community Admin view Inet-View read-only[local]Redback(config)#snmp target NM-Station1 198.164.190.110 security-name Admin version 2c view Inet-View trap[local]Redback(config)#end

SNMPv3The following SNMPv3 example configures a view, Inet-View view, to include all objects in the Internet MIB tree. It also configures an authenticated group, Group4, to allow read and notify access to the Inet-View view, and a user, Admin, who is part of Group4, with an encoded authorization password. It also configures the SmartEdge OS to send inform notifications from the Inet-View view, to a system, Nm-Station1, (IP address 10.3.4.5), excluding rbnSRMIBNotifications trap.

[local]Redback(config)#snmp server[local]Redback(config-snmp-server)#traps ifmib encaps[local]Redback(config-snmp-server)#exit[local]Redback(config)#snmp engine-id local AA:00:00:00:01[local]Redback(config)#snmp view Inet-View internet included [local]Redback(config)#snmp group Group4 security-model usm auth read Inet-View notify Inet-View[local]Redback(config)#snmp user Admin group Group4 security-model usm md5 key encoded base64 L1sR+UKZj4PqeRodf3zqTg==[local]Redback(config)#snmp notify Notify-Inform Tag-Inform inform[local]Redback(config)#snmp notify-filter Filter-incInet 1.3.*.4 included[local]Redback(config)#snmp notify-filter Filter-NOrbnSRMIB rbnSRMIBNotifications excluded[local]Redback(config)#snmp target-parameters Param2 security-name Admin version 3 security-level auth [local]Redback(config)#snmp notify-target Nm-Station1 10.3.4.5/24 tag Inet-Informs parameters Param2 filter Filter-NOrbnSRMIB




This section describes the syntax and usage guidelines for the commands used to configure SNMP and RMON features. The commands are presented in alphabetical order.

rmon alarm rmon event snmp community snmp engine-id snmp group snmp notify snmp notify-filter

snmp notify-targetsnmp server snmp target snmp target-parameters snmp user snmp view traps



rmon alarmrmon alarm index object-id interval {absolute | delta} rising-threshold value [event-index]

falling-threshold value [event-index] [owner owner-name]

no rmon alarm index

PurposeCreates a Remote Monitoring (RMON) alarm entry.


Syntax Description

DefaultNo RMON alarms are configured.

Usage GuidelinesUse the rmon alarm command to create an RMON alarm entry. You must enable the SNMP server using the snmp server command in global configuration mode before using this command. The alarm group periodically takes statistical samples from MIB variables in the managed device and compares them to previously configured thresholds. If the monitored variable crosses a threshold, an event is generated.

Use the no form of this command to remove an RMON alarm from the configuration.

index Index of the RMON alarm entry. Used to identify the alarm.

object-id Object ID of the Management Information Base (MIB) object to be monitored.

interval Sampling time in seconds. The range of values is 1 to 2,147,483,647.

absolute Compares the actual object value against the threshold value.

delta Compares the difference between successive samples of the object value against the threshold value.

rising-threshold value Value at which an event is triggered by this alarm.

event-index Optional. Event to be triggered when the threshold value is exceeded.

falling-threshold value Value at which an event is triggered by this alarm.

owner owner-name Optional. Name of the alarm owner.



ExamplesThe following example configures an RMON alarm to trigger if the difference between successive 60-second samples of the ipForwDatagrams alarm exceeds 3,000,000 or is less than 600,000:

[local]Redback(config)#rmon alarm 1 ipForwDatagrams.0 60 delta rising-threshold 3000000 1 falling-threshold 600000 2 owner gold.isp.net

Related Commandsrmon event snmp server



rmon eventrmon event index [log] [notify] [owner owner-name] [description text]

no rmon event index

PurposeCreates a Remote Monitoring (RMON) event entry.


Syntax Description

DefaultNo RMON events are configured.

Usage GuidelinesUse the rmon event command to create an RMON event entry. You must enable the SNMP server using the snmp server command (in global configuration mode). The event group controls the generation and notification of events from this device. This group consists of the eventTable and the logTable events.

If notification is enabled using the notify keyword, the SNMP notification destination is obtained automatically from the SNMP-NOTIFICATION-MIB and the SNMP-TARGET-MIB Management Information Bases (MIBs).

Use the no form of this command to remove an RMON event from the configuration.

ExamplesThe following example creates an RMON event that logs a message and sends a trap to the gold.isp.net community:

[local]Redback(config)#rmon event 1 log notify owner gold.isp.net description “packets per second too high in context gold.isp.net”

Related Commandsrmon alarm snmp server

index Index of the RMON event entry. Used to identify the event.

log Optional. Specifies that the event generates a log message.

notify Optional. Enables Simple Network Management Protocol (SNMP) notification.

owner owner-name Optional. Owner of the event.

description text Optional. Description of the event.



snmp communitysnmp community string [all-contexts | context ctx-name] [access] [tag tag-name] [view view-name]

no snmp community string

PurposeCreates a community string used to permit access to Management Information Base (MIB) objects. Used for Simple Network Management Protocol version 1 (SNMPv1) and SNMP version 2c (SNMPv2c) only.


Syntax Description

DefaultThe default context is local. The default access is read-only. The default view name is initial.

Usage GuidelinesUse the snmp community command to create a community string used to permit access to MIB objects.

When you create an SNMP community, it is accessible by both SNMPv1 and SNMPv2c. The community string can contain up to 64 characters; the first 28 characters in the string must be unique. You cannot include the @ character in the community name, because it is used in generating community names when you specify the all-contexts keyword.

string Alphanumeric string to be used as the community string. String can contain up to 64 characters; the first 28 characters must be unique.

all-contexts Optional. Allows the community access to all contexts.

context ctx-name Optional. Name of the context that contains the specific instances of MIB objects available to the community. The default context is local.

access Optional. Type of access, according to one of the following keywords:

• read-only—Allows the community read-only access to MIB objects.

• read-write—Allows the community read-write access to MIB objects.

tag tag-name Optional. Alphanumeric character string that matches one of the notification tag names defined by the snmp notify-target command in global configuration mode.

view view-name Optional. Name of the previously configured view.

Note This command is used with SNMPv1 and SNMPv2c only. SNMP server capabilities do not need to be enabled before creating communities.



Use the all-contexts keyword to trigger the automatic generation of community names for all managed contexts. This keyword allows you to create a community to support all contexts without having to enter the snmp community command for each context. For example, if a SmartEdge router has three configured contexts (local, aol, and uunet), the snmp community Fred all-contexts command creates the structured community strings; Fred@local, Fred@aol, and Fred@uunet.

Use the tag tag-name construct to link one or more SNMP communities to one or more IP addresses and thereby limit access to only the SNMP messages from those IP addresses.

Use the no form of this command to remove a community string.

ExamplesThe following command grants the public community read-only access to the MIB objects in the generic view, and triggers the automatic generation of community strings for the local context:

[local]Redback(config)#snmp community public view generic

Related Commandssnmp notify-target snmp server snmp view



snmp engine-idsnmp engine-id {local | remote name} id-string

no snmp engine-id remote name

default snmp engine-id local

PurposeSpecifies a unique engine ID for the Simple Network Management Protocol (SNMP) Version 3 (SNMPv3) that can be either local or remote.


Syntax Description

DefaultThe default value is a local engine ID. The default value for the id-string argument is a 24-character string consisting of the Redback Enterprise Management Information Base (MIB) OID, the management IP address, and the UDP port.

Usage GuidelinesUse the snmp engine-id command to specify a unique engine ID for SNMPv3.

local Local engine ID.

remote name Remote engine ID. The name can be configured using the snmp user command (in global configuration mode).

id-string String of 10 to 64 hexadecimal characters to be used for the engine ID. Use a colon as a separator after each two hexadecimal characters. For a detailed description and format of the SNMP engine ID, see RFC 2571, An Architecture for Describing SNMP Management Frameworks. The string can be arbitrary as long as its length conforms to the format described in RFC 2571. The default value is a variable-length octet string consisting of:

• The Redback Enterprise object identifier (OID), a Redback defined type value, which defines the format of the remaining octets.

• The management IP address, which is the IP address specified for the interface to which the Ethernet management port on the controller card is bound.

• The receiving User Datagram Protocol (UDP) port number, which is either the default, 161, or the UDP port number specified by the snmp server command (in global configuration mode).



Use the no form of this command to disable the engine ID.

Use the default form of this command to set the engine ID to the default value.

ExamplesThe following example specifies an engine ID of 01:02:03:04:ab:cd:

[local]Redback(config)#snmp engine-ID local 01:02:03:04:ab:cd

Related Commandssnmp server snmp user

Note This command is used with SNMP Version 3 only. There is no equivalent for SNMP Version 1 or Version 2c. You must enable the SNMP server using the snmp server command in global configuration mode before you can specify the engine ID.

Caution Risk of data loss. Changing the engine ID invalidates security information for all SNMP users using authentication or privacy, and requires you to re-enter the snmp user command (in global configuration mode). To reduce this risk, postpone entering the snmp user command until after you are satisfied with the definition of the engine ID.

Note It is recommended that you enable the SNMP server using the snmp server command (in global configuration mode) before you configure the engine ID, although it is not required. The recommended sequence of configuration tasks is described in Table 12-3.



snmp groupsnmp group group-name [context ctx-name [exact | prefix]] [notify notify-view] [read read-view]

[security-model {1 | 2c | usm level}] [write write-view]

no snmp group group-name [context ctx-name [exact | prefix]] [notify notify-view]] [read read-view] [security-model {1 | 2c | usm level}] [write write-view]

PurposeCreates a Simple Network Management Protocol (SNMP) Version 3 (SNMPv3) group.


Syntax Description

DefaultA group, “initial”, is automatically created if needed (for instance, if the snmp user command is used in global configuration mode without specifying a group). This group uses the user security model with the noauth security level, and allows read access to the view, “restricted”. No write view or notify view is automatically defined. If the security-model keyword is not specified, the default security model is usm and the default security level is noauth.

group-name Name of the group. The string can be up to 32 characters in length.

context ctx-name Optional. Name of the context. The default value is the local context.

exact Optional. Matches only the context exactly as specified by the context name construct.

prefix Optional. Matches any context that begins with the context name construct.

notify notify-view Optional. Name of the view from which notifications are sent to the group.

read read-view Optional. Name of the view to which this group has read access.

security-model Optional. Specifies the security model to use for the group.

1 Specifies a security model based on SNMP Version 1 community strings.

2c Specifies a security model based on SNMP Version 2c community strings.

usm level Security model based on SNMP users (SNMPv3 only), according to one of the following keywords:

• auth—Authorizes SNMP users.

• no auth—Does not authorize SNMP users.

• priv—Enforces authentication privilege level support in SNMPv3.

write write-view Optional. Name of the view to this group has write access.



Usage GuidelinesUse the snmp group command to create an SNMPv3 group.

Use the no form of this command to delete an SNMP group. If not specified in the no form of this command, optional parameters are set to their default values.

ExamplesThe following command creates an SNMP group, Admin, that provides authorized read and modify access to the MIB objects defined in a view, Admin-View:

[local]Redback(config)#snmp group Admin security-model usm auth context local read Admin-View write Admin-View

Related Commandssnmp user snmp view

Note This command is used only with SNMPv3 to define access parameters for an SNMP group. You must enable the SNMP server using the snmp server command in global configuration mode before you can configure SNMP groups. For SNMP versions 1 and 2c, use the snmp community command (in global configuration mode).



snmp notifysnmp notify notify-name tag-name [inform | trap]

no snmp notify notify-name

PurposeCreates a Simple Network Management Protocol (SNMP) notification entry and tag name.


Syntax Description

DefaultThe notification type is trap.

Usage GuidelinesUse the snmp notify command to create an SNMP notification entry and to associate a tag name with the entry.

Use this command in conjunction with the snmp notify-target command (in global configuration mode), which references the tag-name argument.

Use the no form of this command to remove a notification entry and tag name from the configuration.

ExamplesThe following example defines a notify entry with the notify and tag names both set to V3Traps:

[local]Redback(config)#snmp notify V3Traps V3Traps trap

Related Commandssnmp notify-target snmp server

notify-name Name of the notification. The string can be up to 32 characters in length.

tag-name Tag name for the notification. The string can be up to 32 characters in length.

inform Optional. Indicates that the notification requires a response from the SNMP target. If no response is sent within five seconds, the inform notification is sent again. The maximum number of retries is two.

trap Optional. Indicates that the SNMP message is a trap, a nonconfirmed notification of certain events.

Note You must enable the SNMP server using the snmp server command (in global configuration mode) before creating a notification entry.



snmp notify-filtersnmp notify-filter filter-name oid-tree {excluded | included}

no snmp notify-filter filter-name oid-tree

PurposeCreates a Simple Network Management Protocol (SNMP) notify filter that includes or excludes specific notifications.


Syntax Description

DefaultNone

Usage GuidelinesUse the snmp notify-filter command to create an SNMP notify filter that includes or excludes specific notifications.

Use this command in conjunction with the snmp notify-target command (in global configuration mode), which references the filter-name argument.

Use the no form of this command to remove the specified notify filter from the configuration.

ExamplesThe following example displays the notify filter, F-NO-rpMau, excluding the rpMauNotifications notifications:

[local]Redback(config)#snmp notify-filter F-NO-rpMau rpMauNotifications excluded

filter-name Name of the notify filter. The string can be up to 32 characters in length.

oid-tree Object identifier (OID) of the Abstract Syntax Notation One (ASN.1) subtree for which the notifications are to be included or excluded. The format is a string of numbers (such as 1.3.6.2.4) or a word (such as system). Replace a single subidentifier with the asterisk (*) wildcard to specify a subtree family; for example, 1.3.*.4.

excluded Excludes the specified OID tree.

included Includes the specified OID tree.

Note You must enable the SNMP server using the snmp server command (in global configuration mode) before configuring a notify filter.



Related Commandsnmp notifysnmp notify-targetsnmp server



snmp notify-targetsnmp notify-target notify-target-name ip-addr {[address-context ctx-name] [port port] tag tag-list

parameters target-parameters} [filter filter-name] [retry count] [timeout seconds]

no snmp notify-target notify-target-name ip-addr {[address-context ctx-name] [port port] tag tag-list parameters target-parameters} [filter filter-name] [retry count] [timeout seconds]

PurposeConfigures the Simple Network Management Protocol (SNMP) target management station, which receives SNMP notifications.


Syntax Description

DefaultThe UPD port is 162. The context is local. The timeout value is five seconds. The number of retries is two.

notify-target-name Name of the notify target. The string can be up to 32 characters in length. Use the name specified using the snmp notify command (in global configuration mode).

ip-addr IP address of the management station to receive the notifications.

address-context ctx-name Optional. Name of the context from which the notifications are sent. The default context is local.

port port Optional. User Datagram Protocol (UDP) port used to send the notifications to the target. The range of values is 1 to 65,535. The default port number is 162.

tag tag-list List of notification tag names, separated by commas. No spaces are allowed in the list. Tag names are configured using the snmp notify command (in global configuration mode).

parameters target-parameters Name of the target parameters for this target. Use the name specified using the snmp target-parameters command (in global configuration mode).

filter filter-name Optional. Name of the filter to be applied to the target. Use the name specified using the snmp notify-filter command (in global configuration mode).

retry count Optional. Number of times to retry when sending an inform notification. The range of values is 0 to 255; the default value is 2.

timeout seconds Optional. Number of seconds to wait for a reply when an inform notification is sent. The range of values is 0 to 2,147,483,647; the default value is 5.



Usage GuidelinesUse the snmp notify-target command to configure the SNMP target management station, which receives SNMP notifications.

The snmp target and the snmp notify-target commands are mutually exclusive. The snmp target command sets certain parameters to their default values; these parameters are notifyName, targParmName, tag, tagList, seconds, and count.

The snmp target command (in global configuration mode) is equivalent to the set of snmp notify-target, snmp notify, snmp target-parameters, and snmp group (only if the notify notify-view construct has not been set) commands.

Before specifying the notify-target-name argument, you must first create the name using the snmp notify command. You must enable the SNMP server using the snmp server command (in global configuration mode) before you can configure the target management station. Before specifying the parameters target-parameters construct, you must first create the name using the snmp target-parameters command (in global configuration mode). You must enable the SNMP server using the snmp server command (in global configuration mode) before you can configure the target management station. Before specifying the filter-name argument, you must first create the name using the snmp notify-filter command (in global configuration mode).

Use the no form of this command to remove a target from the configuration.

ExamplesThe following command configures the system to send notifications to a target, Nm-Station1, IP address 10.3.4.5, using the tag Inet-Informs, parameters, Param2, and notify filter, F-NO-rpMau:

[local]Redback(config)#snmp notify-target Nm-Station1 10.3.4.5 tag Inet-Informs parameters Param2 filter F-NO-rpMau

Related Commandssnmp notify snmp server

Note You must enable the SNMP server using the snmp server command (in global configuration mode) before you can configure the target management station.



snmp serversnmp server [port port] [enhance ifmib]

no snmp server

PurposeEnables the Simple Network Management Protocol (SNMP) server for SNMPv1, SNMPv2c, and SNMPv3, and enters SNMP server configuration mode.


Syntax Description

DefaultSNMP server capabilities are disabled. The default port is 161.

Usage GuidelinesUse the snmp server command to enable the SNMP server. This command enables the protocol engines for all supported versions of SNMP.

Use the enhance ifmib keyword to add the following functions to the IF-MIB:

• Supports Asynchronous Transfer Mode (ATM), Frame Relay, and 802.1Q permanent virtual circuits (PVCs)

• Supports ATM operations, administration, and management (OAM) trap notifications when the state of an ATM PVC transitions as a result of the OAM function

• Sets the IF-MIB object, ifDescr equal, to ifName

• Supports the IF-MIB objects, ifHCInOctets and ifHCOutOctets, wherever ifInOctets and ifOutoctets are supported

• Supports quality of service (QoS) transmit counters for each queue for each circuit and port for all traffic cards

port port Optional. Port number through which the SNMP server receives data. The range of values is 1 to 65,535; the default value is 161.

enhance ifmib Optional. Enables enhancements to the Interfaces Management Information Base (IF-MIB) implementation.



Use the no form of this command to disable the SNMP server.

ExamplesThe following command enables the SNMP server on the default UDP port (161):

[local]Redback(config)#snmp server

Related Commandsabort snmp community snmp server snmp target snmp view traps

Note You must enter the snmp server and no snmp server commands in separate transactions for both to take effect. Within a single transaction, entering the snmp server command, followed by the no snmp server command, simply enables the server without then disabling it. Similarly, entering the no snmp server command, followed in the same transaction by the snmp server command, disables the server without then re-enabling it. To terminate the current transaction, enter the commit command (in global configuration mode) before you can configure the target management station. Then enter the form of the snmp server command as required. For more information on the commit command, see Chapter 2, “Using the CLI.”



snmp targetsnmp target target-name ip-addr [address-context ctx-name] [port port] security-name sec-name

[group group-name] [inform | trap] [version version] [view notify-view]

no snmp target target-name

PurposeConfigures a Simple Network Management Protocol (SNMP) target management station that receives SNMP notifications.


Syntax Description

target-name Name of the target management station. The string can be up to 32 characters in length.

ip-addr IP address of the target management station.

address-context ctx-name Optional. Name of the context from which notifications are sent.

port port Optional. User Datagram Protocol (UDP) port to receive notifications. The default port is 162.

security-name sec-name Community string for the notifications. The community string is either the community name you specified with the snmp community command (in global configuration mode) (SNMPv1 or SNMPv2c) or the username you specified with the snmp user command (in global configuration mode) (SNMPv3).

group group-name Optional. Group string for the notifications. The group name is the name you specified with the snmp group command (in global configuration mode) (SNMPv3).

inform Optional. Indicates that the type of notification is inform, a confirmed notification that requires a response from the SNMP target. If no response is sent within five seconds, the inform is sent again. The number of retries is two.

trap Optional. Indicates that the type of notification is trap, a nonconfirmed notification.

version version Optional. The SNMP version for the target, according to one of the following keywords:

• 1—Specifies SNMP Version 1.

• 2c—Specifies SNMP Version 2c.


view notify-view Optional. SNMP notify view. The default view is restricted.



DefaultThe default SNMP version is version 2c. The default notification view created by the system is restricted. The default notification type is trap. The default port is 162.

Usage GuidelinesUse the snmp target command to configure an SNMP target management station that receives SNMP notifications.

The snmp target and the snmp notify-target commands are mutually exclusive. The snmp target command sets certain parameters to their default values; these parameters are notifyName, targParmName, tag, tagList, seconds, and count.

The snmp target command is equivalent to the set of snmp notify-target, snmp notify, snmp target-parameters, and snmp group commands (only if the notify notify-view construct has not been set).

Use the no form of this command to remove an SNMP target.

ExamplesThe following example creates an SNMP target, NM-Station1, at IP address, 198.164.190.110, to receive SNMPv2c traps from the view, InetView, using a security name of Admin:

[local]Redback(config)#snmp target NM-Station1 198.164.190.110 security-name Admin version 2c view InetView trap

Related Commandssnmp community snmp server snmp view

Note SNMPv2 supports both the inform and trap keywords, but SNMPv1 supports only the trap keyword.



snmp target-parameterssnmp target-parameters parameter-name security-name sec-name [version version]

[security-level level]

no snmp target-parameters parameter-name

PurposeConfigures the set of parameters to be applied to a Simple Network Management Protocol (SNMP) target.


Syntax Description

DefaultNone

Usage GuidelinesUse the snmp target-parameters command to configure the set of parameters to be applied to an SNMP target.

Use this command in conjunction with the snmp notify-target command (in global configuration mode).

parameter-name Name of the target parameter set.

security-name sec-name Community name you specified using the snmp community command (SNMPv1 or SNMPv2c), or username you specified using the snmp user command (SNMPv3).

version version Optional. SNMP version to use to send the notifications, according to one of the following keywords:


• 2c—Specifies SNMP Version 2c.


security-level level Optional. Security level to be applied to an SNMP target, according to one of the following keywords:

• auth—Provides authorization.

• noauth—Does not provide authorization.

• priv—Enforces authentication privilege level support in SNMPv3.

Note You must enable the SNMP server using the snmp server command (in global configuration mode) before you can configure target parameters.



For the {auth, noauth, and priv} keywords, there is no authorization provided in SNMPv1 and SNMPv2c. You must specify the no auth keyword for SNMPv1 and SNMPv2c. For SNMPv3, you can specify any of the three keywords. Enforcing either the optional auth or priv keyword applies authorization or privacy support to the designated SNMP target; use the optional noauth keyword to apply neither authorization nor privacy support.

Use the no form of this command to remove the specified target parameter information from the configuration.

ExamplesThe following command configures a set of parameters, Param2, that includes the security name, ADMIN, and specifies the SNMPv3 protocol using authorization:

[local]Redback(config)#snmp target-parameters Param2 security-name ADMIN version 3 security-level auth

Related Commandssnmp community snmp notify snmp notify-target snmp server snmp target snmp user



snmp usersnmp user name [engine name] [group group-name] [security-model usm {noauth |

authentication {key auth-key [encoded base64] [des56 des-key] | password auth-pwd [des56 priv-pwd]}}]

no snmp user name [engine name] [group group-name] [security-model usm {noauth | authentication {key auth-key [encoded base64] [des56 des-key] | password auth-pwd [des56 priv-pwd]}}]

PurposeConfigures a Simple Management Network Protocol (SNMP) version 3 (SNMPv3) user.


Syntax Description

DefaultThe default security model is USM with no authentication.

name Name of the SNMP user, up to 32 characters long.

engine name Optional. Name of the remote engine previously configured using the snmp engine-id command in global configuration mode.

group group-name Optional. Name of the group to which the user belongs, up to 32 characters long.

security-model usm Optional. Specifies the User-Based Security Model (USM) for SNMPv3.

noauth Specifies no authentication.

authentication USM for SNMPv3, according to one of the following keywords:

• md5—Specifies Message Digest 5 (MD5) authentication.

• sha—Specifies Secure Hash Algorithm (SHA) authentication.

key auth-key Authentication key value. Specified only for the user security model, with MD5 or SHA authentication.

encoded base64 Optional. Specifies that the key provided in the command is already in a base 64 encoded form. If you omit this keyword, the system encodes the auth-key argument prior to storing it in the configuration.

des56 des-key Optional. data encryption standard 56 (DES56) encrypted key value.

password auth-pwd Authentication password. Specified only for the user security model, with MD5 or SHA authentication.

des56 priv-pwd Optional. DES56 encrypted privileged password in text string form.



Usage GuidelinesUse the snmp user command to configure an SNMPv3 user. You must first enable the SNMP server using the snmp server command (in global configuration mode) before configuring a user.

Use the no form of this command to remove an SNMP user.

ExamplesThe following command creates an SNMP user, Admin, that is part of the group, Group4, and uses MD5 authentication with the password xyzzy, and an optional des56 password, loopy:

[local]Redback(config)#snmp user Admin group Group4 security-model usm md5 password "xyzzy" des56 loopy

Related Commandssnmp engine-id snmp group snmp server snmp view



snmp viewsnmp view view-name oid-tree {excluded | included}

no snmp view view-name [oid-tree]

PurposeDefines a Simple Network Management Protocol (SNMP) Management Information Base (MIB) view.


Syntax Description

DefaultA default view, “restricted”, is enabled when it is referenced by a user creating a community without a specific view. This default view provides access to the following MIB groups: system, snmp, snmpEngine, and snmpMPDStats.

Usage GuidelinesUse the snmp view command to define an SNMP MIB view. MIB views control which SNMP communities have access to specific MIB objects.

Use the no form of this command to remove the specified MIB view entry.

ExamplesThe following example creates a view that includes all objects in the Internet subtree:

[local]Redback(config)#snmp view everything internet included

The following example creates a view that includes only the system group and the interface MIB objects for the port with a value of 6:

[local]Redback(config)#snmp view port6 system include[local]Redback(config)#snmp view port6 ifEntry.*.6 included

view-name Alphanumeric string used as a label for the view record that you are updating or creating. The name is used to reference the record. The string can be up to 32 characters in length.

oid-tree Object identifier (OID) of the ASN.1 subtree to be included, or excluded, from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system. Replace a single subidentifier with the asterisk (*) wildcard to specify a subtree family; for example 1.3.*.4. Optional when used in the no form.

excluded Excludes the specified OID tree.

included Includes the specified OID tree.



Related Commandssnmp community snmp server



trapstraps {ifmib {encaps | ip} | l2tpmib | nemib {exclusive | non-exclusive} }

no traps {ifmib {encaps | ip} | l2tpmib}

PurposeEnables linkUp and linkDown notifications for Cisco High-Level Data Link Control (HDLC), Point-to-Point Protocol (PPP), and Frame Relay encapsulation layers (IF-MIB encapsulation layers) on any channel or subchannel within a channelized port, for IP layers, or for Layer 2 Tunneling Protocol (L2TP) tunnels. Additionally enables enterprise Simple Network Management Protocol (SNMP) notifications in the RBN-NOTIFY-ENHANCE Management Information Base (MIB) to be sent with existing notifications.

Command ModeSNMP server configuration

Syntax Description

DefaultNotification of all conditions is disabled globally for all encapsulation and IP layers and L2TP tunnels.

Usage GuidelinesUse the traps command to enable linkUp and linkDown notifications for Cisco HDLC, PPP, and Frame Relay encapsulation layers on any channel or subchannel within a channelized port, for IP layers, or for L2TP tunnels.

You can enter this command multiple times to enable notifications for encapsulation layers, IP layers, or L2TP tunnels.

The settings for this command are global; however, for the ifmib encaps construct, it is overridden locally by the setting of the traps command (in DS-0 group configuration mode) for that specific DS-0 channel group. For more information on the traps command in DS-0 group configuration mode, see the “Clear-Channel and Channelized Port and Channel Configuration” chapter in the Ports, Circuits, and Tunnels Configuration Guide for the SmartEdge OS.

ifmib encaps Enables notifications for Cisco HDLC, PPP, and Frame Relay encapsulation layers.

ifmib ip Enables notifications for IP layers.

l2tpmib Enables notifications for L2TP tunnels.

nemib exclusive Enables notifications in the RBN-NOTIFY-ENHANCE-MIB MIB to be sent instead of the existing notifications.

nemib non-exclusive Enable the enterprise SNMP notifications in the RBN-NOTIFY-ENHANCE-MIB MIB to be sent in addition to the existing notifications.



Use the nemib keyword to enable the enterprise SNMP notifications to be sent as specified in the RBN-NOTIFY-ENHANCE. These notifications are meant to provide more information in the notifications than the existing SNMP notifications from the IF-MIB, DS1-MIB, DS3-MIB, ENTITY-MIB and RBN-CARDMON.

Use the non-exclusive keyword with the nemib command to send the notifications in the RBN-NOTIFY-ENHANCE-MIB MIB to the corresponding existing notifications.

Use the exclusive keyword with the nemib command to send the notifications in the RBN-NOTIFY-ENHANCE-MIB MIB instead of the to the corresponding existing notifications.

Use the no form of this command to disable notifications of up and down conditions for encapsulation layers, IP layers, or L2TP tunnels and use the non-enhanced versions of the traps.

ExamplesThe following example enables notifications for Cisco HDLC, PPP, and Frame Relay encapsulation layers, IP layers, and L2TP tunnels:

[local]Redback(config)#snmp server enhance ifmib [local]Redback(config-snmp-server)#traps ifmib encaps [local]Redback(config-snmp-server)#traps ifmib ip [local]Redback(config-snmp-server)#traps l2tpmib [local]Redback(config-snmp-server)#traps nemib exclusive

Related Commandssnmp server

Note By default, only IF-MIB physical ports generate linkUp and linkDown notifications.

P a r t 6

Appendixes

This part provides a list of supported Management Information Base (MIB) objects and consists of the following appendix:

• Appendix A, “Supported MIBs”

Supported MIBs A-1

A p p e n d i x A

Supported MIBs

The SmartEdge® OS supports the IETF-standard Management Information Bases (MIBs) listed in Table A-1.

Note For more details and features for each MIB, including the Redback® Networks Enterprise MIBs listed in Table A-2, see the Agent Capabilities files available on the Redback support web site at http://www.redback.com. If you have a support contract, you can download the Redback Networks Enterprise MIBs from the Support link on that web site.

Table A-1 Standard MIBs Supported by the SmartEdge OS

MIB Name Reference Document Notes

ATM-MIB RFC 2515, Definitions of Managed Objects for ATM Management

BGP4-MIB draft-ietf-idr-bgp4-mib-13.txt, Definitions of Managed Objects for the Fourth Version of Border Gateway Protocol (BGP-4)

DS1-MIB RFC 2495, Definitions of Managed Objects for the DS1, E1, DS2 and E2 Interface Types

DS3-MIB RFC 2496, Definitions of Managed Objects for the DS3/E3 Interface Type

ENTITY-MIB RFC 2037, Entity MIB Using SMIv2

ETHERLIKE-MIB RFC 2665, Definitions of Managed Objects for the Ethernet-like Interface Types

FRAME-RELAY-DTE-MIB RFC 2115, Management Information Base for Frame Relay DTEs Using SMIv2

http://www.redback.com

A-2 Basic System Configuration Guide

IF-MIB RFC 2863, The Interfaces Group MIB Write access to some read-write objects is not allowed.Use the snmp server command in global configuration mode to enable IF-MIB enhancements.Use the traps command in SNMP server configuration mode to enable linkUp and linkDown notifications on the IF-MIB encapsulation layers.Use the IF-MIB to allow a user to obtain the total traffic passed for all Border Gateway Protocol (BGP)/multiprotocol label switching Virtual Private Networks (BGP/MPLS VPNs) instances between a given pair of provider edge (PE) routers.

IP-FORWARD-MIB RFC 2096, IP Forwarding Table MIB

IP-MIB RFC 2011, SNMPv2 Management Information Base for the Internet Protocol using SMIv2

RADIUS-ACC-CLIENT-MIB RFC 2620, RADIUS Accounting Client MIB Not all objects are supported in this release.

RADIUS-AUTH-CLIENT-MIB RFC 2618, RADIUS Authentication Client MIB Not all objects are supported in this release.

RFC1213-MIB RFC 1213, Management Information Base for Network Management of TCP/IP-based Internets: MIB-II

RMON-MIB RFC 2819, Remote Network Monitoring Management Information Base

Alarms and events groups.

SNMP-COMMUNITY-MIB RFC 2576, Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework

For security reasons, the snmpCommunityTable is accessible only through the command-line interface (CLI).

SNMP-FRAMEWORK-MIB RFC 3411, An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks

SNMP-MPD-MIB RFC 3412, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)

SNMP-NOTIFICATION-MIB RFC 3413, Simple Network Management Protocol (SNMP) Applications

SNMP-TARGET-MIB RFC 3413

SNMP-USER-BASED-SM-MIB RFC 3414, User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)

SNMPv2-MIB RFC 3418, Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)

SNMP-VIEW-BASED-ACM-MIB RFC 3415, View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)

SONET-MIB RFC 2558, Definitions of Managed Objects for the SONET/SDH Interface Type

TCP-MIB RFC 2012, SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2

Table A-1 Standard MIBs Supported by the SmartEdge OS (continued)


Supported MIBs A-3

Table A-2 lists the Redback Networks MIBs supported by the SmartEdge OS.

TRAP-DEFINITIONS-MIB RFC 1215, Convention for defining traps for use with the SNMP

UDP-MIB RFC 2013, SNMPv2 Management Information Base for the User Datagram Protocol Using SMIv2

Table A-2 Redback Networks MIBs Supported by the SmartEdge OS

MIB Name Task

RBN-AAL5-VCL-STAT-MIB Defines objects used to instrument configuration and performance statistics beyond those instrumented by standards-track MIBs for an Asynchronous Transfer Mode (ATM) virtual channel link (VCL).

RBN-X-AAL5-VCL-STAT-MIB Defines objects used to instrument statistics associated with an ATM VCL.

RBN-ATM-PROFILE-MIB Manages ATM profiles.

RBN-ATM-PVC-OAM-MIB Monitors the ATM operations, administration, and maintenance (OAM) functions.

RBN-BGP-ACCOUNTING-MIB Defines objects to account for IP traffic differentially using the Border Gateway Protocol (BGP) policies.

RBN-BIND-MIB Defines the objects for used to support the configuration and management of circuit bindings.

RBN-BULKSTATS-MIB Manages bulk statistics gathering functions on SmartEdge routers.

RBN-CARDMON-MIB Manages the controller, alarm, and traffic card alarm functions.1

RBN-CONFIG-FILE-MIB Saves the running SmartEdge router configuration on a Trivial File Transfer Protocol (TFTP) or FTP server, and loads the SmartEdge router configuration files from a TFTP or FTP server.

RBN-CPU-METER-MIB Manages CPU utilization.

RBN-DS1-MIB Describes DS-1, E-1, and E-2 interface objects beyond those instrumented by standards-track MIBs.

RBN-DS3-MIB Describes DS-3 and E-3 interface objects, beyond those instrumented by standards-track MIBs.

RBN-ENVMON-MIB Generically manages environmental monitoring functions on SmartEdge routers.2

RBN-IP-BIND-MIB Monitors IP interface binding to physical ports and circuits as they are represented in the IF-MIB.

RBN-IP-POOL-MIB Provides information that matches the information displayed by the show ip pool falling-threshold command (in any mode).

RBN-L2TP-MIB Defines the objects used to monitor Layer 2 Tunneling Protocol (L2TP) configuration information.

RBN-L2VPN-MIB Provides data that matches the information displayed when entering the show l2vpn command (in any mode) using the xc option.

RBN-MEMORY-MIB Manages system memory usage.

RBN-NOTIFY-ENHANCE-MIB Enhances the notification objects on Redback devices.

Table A-1 Standard MIBs Supported by the SmartEdge OS (continued)


A-4 Basic System Configuration Guide

RBN-PRODUCT-MIB Contains the administrative assignments which are used to uniquely identify physical components.

RBN-PVC-MIB Defines the objects used to support the creation, deletion, and management of ATM and Ethernet 802.1Q permanent virtual circuits (PVCs).

RBN-QOS-MIB Manages the interfaces which have quality of service (QoS) enabled. Also monitors the QoS queue statistics on the subscriber circuits (CLIPS and PPPoE), with traffic management (TM) based priority weighted fair queuing (PWFQ).

RBN-RADIUS-MIB Defines additional objects and notifications for managing the Remote Authentication Dial-In User Service (RADIUS) authentication and accounting servers in use by the SmartEdge router.

RBN-SMI Defines the object identifiers (OIDs) for use within the enterprise OID subtree allocated to Redback Networks.

RBN-SUBSCRIBER-ACTIVE-MIB Defines the objects used to support the management of active subscribers in the Redback product family.

RBN-SYS-RESOURCES-MIB Manages system resources, such as process event, disk utilization, and switchovers.

RBN-TACACS-MIB Defines notifications for tracking the Terminal Access Controller Access Control System Plus (TACACS+) server state (in accordance with Internet-Draft draft-grant-tacacs-02.txt).

1. For a list of controller and traffic card alarms supported by this MIB, see the MIB’s capability file.2. Alarm conditions that are reported in this MIB are normal, failed, absent, or unknown.

Table A-2 Redback Networks MIBs Supported by the SmartEdge OS (continued)

MIB Name Task

Index 1

Index

Symbols! character, to add configuration file comments, 3-3? character, to include in command syntax when not a request

for help, 2-5\ character, to disable alias processing, 5-5

Numerics802.1Q PVCs

bulkstats schema profile variables, 10-16

Aadministrator accounts, context administrator

configuring attributesauthentication, 6-6described, 6-6initial privilege level, 6-6maximum privilege level, 6-6

creating, 6-6administrator accounts, local administrator

configuring attributesauthentication, 4-3described, 4-3initial privilege level, 4-3maximum privilege level, 4-3

creating, 4-2enabling remote access, 4-2securing the console, 4-2selecting context, 4-2

administrator configuration mode, described, 1-14administrator name, logging on to the system, 2-3administrators, concurrent sessions allowed, 4-1APS configuration mode, described, 1-14architecture, SmartEdge OS, 1-2ATM (Asynchronous Transfer Mode) ports

bulkstats schema profile variables, 10-14ATM (Asynchronous Transfer Mode) PVCs

bulkstats schema profile variables, 10-15ATM child protocol configuration mode, described, 1-14ATM DS-3 configuration mode, described, 1-14

ATM OC configuration mode, described, 1-14ATM profile configuration mode, described, 1-14ATM PVC configuration mode, described, 1-14AU-3 configuration mode, described, 1-14audience, for this guide, xvauto-more commands, 2-6

Bbanners, creating or modifying

after logonall users, 4-5Telnet and SSH users, 4-5

MOTD, 4-5BGP (Border Gateway Protocol) process, monitoring,

example, 9-3bridge configuration mode, described, 1-14bridge profile configuration mode, described, 1-14bulkstats (bulk statistics) policies

configuring attributesfilename format on remote server, 10-3header lines in collection files, 10-3interval between collection samples, 10-4interval between file uploads, 10-4local storage location, 10-3maximum storage allocated, 10-3profile definitions included in collection files, 10-4remote server for collection files, 10-3

creating or selecting, 10-3enabling collection, 10-4

bulkstats (bulk statistics) schema profilesapplying, 10-4creating or modifying, 10-4SmartEdge OS variables for

802.1Q PVCs, 10-16ATM PVCs, 10-15context schemas, 10-13DS-0 channel groups, 10-14DS-1 channels, 10-14DS-3 channels, 10-14

2 Basic System Configuration Guide

E1 channels or ports, 10-14Frame Relay PVCs, 10-16global schemas, 10-12ports, 10-14subscribers, 10-13

special characters for format strings, 10-11bulkstats configuration mode, described, 1-14

Ccard configuration mode, described, 1-14case-sensitivity, 2-2channelized OC-12 ports, bulkstats schema profile

variables, 10-14channelized STM-1 ports, bulkstats schema profile

variables, 10-14channels, in the SmartEdge OS, 1-7characters, in command syntax, xviicircuits, in the SmartEdge OS, 1-7CLI (command-line interface), accessing

from console port, 2-1through SSH, 2-1through Telnet, 2-1

CLIPS PVC configuration mode, described, 1-14command

modesaccess commands and prompts, 1-14

command modes, conventions, xvicommand output, examining, 2-6command privilege

conventions, xvicommands

aliases, defining, 5-5case-sensitivity, 2-2default form, 2-2macros

completing, 5-5defining, 5-5specifying commands, 5-5

no form, 2-2privilege level, assigning, 5-5

command syntaxspecial characters, xviiterminology, xvitext formats, xvii

configuration filesadding comments, 3-3loading, 3-4saving, 3-4specifying for automatic reload, 3-4

configuration modes, organization, 1-12console ports

accessing the CLI, 2-1enabling console break key, 5-3

logging on, 4-2securing, 4-2

context configuration mode, described, 1-14contexts

bulkstats schema profile variables, 10-13configuring attributes

bulkstats schema profile, 6-6domain alias, 6-6falling-threshold parameters, 6-6privilege level authentication, 6-5privilege level password, 6-5

creating or modifying, 6-5enabling

multiple-context service, 6-5local, defined, 6-2multiple, defined, 6-2multiple contexts, 5-3

conventionsused in this guide

online navigation aids, xviiiconventions, used in this guide

command modes, xvicommand privilege, xvicommand syntax, xvitask tables, xvii

core dump data collection, enabling, 9-2core dump files, sending to URL, 9-2crash dumps, managing, 9-1

Ddatabase transactions

commenting, 2-4committing, 2-4exiting, 2-5managing, 2-4saving, 2-5starting, 2-4terminating, 2-4

default, form of a commanddescribed, 1-16using, 2-2

dot1q child protocol configuration mode, described, 1-14dot1q profile configuration mode, described, 1-14dot1q PVC configuration mode, described, 1-14DS-0 channel groups

bulkstats schema profile variables, 10-14DS-0 group configuration mode, described, 1-14DS-1 configuration mode, described, 1-14DS-3 channels or ports, channelized

bulkstats schema profilechannel variables, 10-14port variables, 10-14

DS-3 channels or ports, clear-channel

Index 3


DS-3 configuration mode, described, 1-14

EE1 channels or ports, channelized


E1 channels or ports, clear-channelbulkstats schema profile

channel variables, 10-14port variables, 10-14

E1 configuration mode, described, 1-14E3 configuration mode, described, 1-14E3 ports, clear-channel

bulkstats schema profile variables, 10-14Emacs, keyboard shortcuts, 2-5encryption

DES, 4-4password, 2-3SSH, 4-4

Ethernet portsbulkstats schema profile variables, 10-14

eventsSNMP, 12-4

events, severity levels in log messages, 11-2examples

conventions used in this publication, xviiused in this guide, xvii

exec modedescribed, 1-14functions, 1-12initial command mode, 2-3

FFrame Relay profile configuration mode, described, 1-14Frame Relay PVC configuration mode, described, 1-14Frame Relay PVCs

bulkstats schema profile variables, 10-16FTP (File Transfer Protocol)

bulkstats collection file transfers, 10-2downloading file from a remote server, 3-3

Gglobal configuration mode, described, 1-14GRE peer configuration mode, described, 1-14GRE tunnel configuration mode, described, 1-14

Hhelp, obtaining

for current command or option, 2-5for the ? option, 2-5

Iinterface configuration mode, described, 1-14interfaces

configuring attributesbinding bridged interface, 7-5described, 7-4DF flag, 7-4ICMP packet-too-big messages, 7-4IP addresses, 7-5MTU IP packet size, 7-5

creating or modifying, 7-4

LL2TP (Layer 2 Tunneling Protocol)

enabling license, 5-4L2TP group configuration mode, described, 1-14L2TP peer configuration mode, described, 1-14link group configuration mode, described, 1-15link PVC configuration mode, described, 1-15local context, defined, 6-2logging

active log buffer, 11-1configuration examples, 11-3configuring context-specific attributes

filtering debug messages for valid circuits only, 11-3filtering information, 11-3sending messages to console, 11-3sending messages to file, 11-3sending messages to remote syslog server, 11-3

configuring global attributesdisplaying millisecond resolution timestamp, 11-2sending messages to active controller, 11-3sending messages to standby controller, 11-2storing debug messages in log buffer, 11-3

event severity levels, 11-2inactive log buffer, 11-1on to the system, 2-3syslog facility, 11-2

Mmacro configuration mode, described, 1-15management port

binding, creating, 4-3configuring attributes

context, 4-3IP address, 4-3

creating an interface, 4-3enabling operations, 4-4selecting, 4-3

messages, event severity levels, 11-2


MIBs (Management Information Bases), supportedstandard, A-1

mode access commands and prompts, 1-14monitor duration, setting, example, 9-3MPLS (multiprotocol label switching), enabling license, 5-4multiple contexts, defined, 6-2

NNetOp configuration mode, described, 1-15network management system, communicating, 9-1network management system, enabling communication,

example, 9-3no, form of a command

described, 1-16using, 2-2

Oonline navigation aids, in this guide, xviiiorganization, of this guide, xv

Ppasswords

enabling software license, 5-3encryption, 2-3logging on to the system, 2-3

port configuration mode, described, 1-15ports, in the SmartEdge OS, 1-7POS (Packet over SONET/SDH) ports

bulkstats schema profile variables, 10-14process management parameters, setting, example, 9-3publications, related to this guide, xiii

RRCP (Remote Copy Protocol), 3-3RMON (Remote Monitoring), creating

alarm entry, 12-6event entry, 12-6

SSCP (Secured Copy Protocol), 3-3sessions

changingconfiguration modes, 2-4modes, 2-4privilege level, 2-4

configuring timeouts forCLI session, 4-5log on, 4-5

ending, 2-4restoring privilege level, 2-4returning to exec mode, 2-4starting configuration, 2-4

SFTP (Secured File Transfer Protocol), 3-3shortcuts, for commands and keywords, 2-2SmartEdge OS

applications, 1-4architecture, described, 1-2concepts, 1-5performance, 1-1

SNMP server configuration mode, described, 1-15SNMPv1 (Simple Network Management Protocol,

Version 1)configuring

target management station, 12-5creating

additional views, 12-5communities, 12-5

enablingnotifications, 12-5server, 12-5

SNMPv2c (Simple Network Management Protocol, Version 2c)

configuringtarget management station, 12-5

creatingadditional views, 12-5communities, 12-5

enablingnotifications, 12-5server, 12-5

SNMPv3 (Simple Network Management Protocol, Version 3)

configuringtarget management station, 12-6

creatingadditional views, 12-6groups, 12-6users, 12-6

enabling notifications, 12-6enabling server, 12-6security, 12-5specifying engine ID, 12-6

software license configuration mode, described, 1-15software licensing

enabling, 5-3L2TP, 5-4MPLS, 5-4subscriber features and functions, 5-4

special characters, in command syntax, xviSSH (Secure Shell)

configuring, 4-4configuring attributes

concurrent sessions, 4-4drop rate, 4-4maximum sessions, 4-4

DES encryption, 4-4

Index 5

server attributes, 4-4using to log on, 2-3

STM-1 configuration mode, described, 1-15subscriber configuration mode, described, 1-15subscribers

bulkstats schema profile variables, 10-13configuring attributes

ATM shaping profile, 8-4browser URL, 8-5bulkstats schema profile, 8-4IP address, 8-4IP address spoofing, 8-4IP static routes, 8-4maximum number of sessions, 8-4MOTM, 8-5named profile, 8-4NBNS server, 8-4passwords, 8-5PPP MTU, 8-5session timeouts, 8-4

creatingdefault profile, 8-4named profiles, 8-4record, 8-4

enabling the software license, 5-4excluding header data from statistics collection, 8-3statistics collection, 8-3

system access, enabling application protocols, 5-3system clock, configuring attributes

automatic daylight savings time switching, 5-4clock source, 5-4clock zones, 5-4timing interface, 5-4

system configurationchanging

configuration, 3-3intereactively, 3-2

system hostname, required for remote log on, 2-3system identity, configuring attributes

system confirmations context, 5-2system contact, 5-2system hostname, 5-3system location, 5-3

system monitoringapplying global bulkstats schema profile, 10-4bulkstats schema profile variables, 10-12core dump files, uploading, 9-2enabling

DRAM crash dumps, 9-2NetOp communications, 9-2

monitoring process duration, 9-2system monitoring processes, setting, 9-2system recovery, enabling automatic reload, 5-3system-wide management features, configuring, 9-2

Ttab key, using to complete CLI commands, 2-6task tables, described, xviiTelnet, using to log on, 2-3terminal, CLI pagination, 2-6terminology, in command syntax, xvitext formats, in command syntax, xviiTFTP (Trivial File Transfer Protocol), 3-3traffic cards

configuring attributesautomatic reload of PPAs, 5-3

trapswith SNMP, 12-3

tunnel map configuration mode, described, 1-15

Commands 1

Commands

Symbols?, 2-10

Aabort, 2-12administrator, 6-8advertise, 9-4alias, 5-9

Bbanner exec, 4-7banner login, 4-9banner motd, 4-11boot configuration, 3-5bulkstats policy, 10-7bulkstats schema, 10-8bulkstats schema profile, 10-10

Ccollection, 10-18comment, 2-13commit, 2-14configure

entering global configuration mode, 5-11using existing configuration file, 3-7

context, 6-10context vpn-rd, 6-12count exclude subscriber, 8-8

Ddescription

interfaces, 7-7disable, 2-16domain

subscribers, 6-14

Eenable, 2-17

enable authentication, 6-15enable encrypted, 6-17enable password, 6-19end, 2-19exit, 2-20

Ffull-name, 6-21

Hheader format, 10-20help, 2-21

Iinterface, 7-8ip address

interfaces, 7-11subscribers, 8-9

ip clear-df, 7-16ip icmp, 7-17ip mtu, 7-18ip pool

contexts, 6-22interfaces, 7-19

ip source-address, 7-22ip source-validation, 8-12ip subscriber route, 8-13ip unnumbered, 7-25ipv6 address interfaces, 7-14

Ll2tp, 5-12limit, 10-22localdir, 10-24logging active, 11-5logging cct-valid, 11-6logging console, 11-7logging debug, 11-8


logging file, 11-9logging filter, 11-10logging standby, 11-12logging syslog, 11-13logging timestamp millisecond, 11-14

Mmacro, 5-13monitor duration, 9-6mpls, 5-15

Nnbns, 8-15netop, 9-7

Ppassword, 8-17port-limit, 8-18privilege, 5-16privilege max, 6-24privilege start, 6-25profile, 8-19public-key, 6-26

Rreceiver, 10-25remotefile, 10-27rmon alarm, 12-9rmon event, 12-11

Ssample-interval, 10-29save configuration, 3-10schema, 10-30schema-dump, 10-32seq, 5-18service, 5-20service auto-system-recovery, 5-22service card-auto-reload, 5-23service console-break, 5-24service crash-dump-dram, 9-8service multiple-contexts, 6-29service upload-coredump, 9-9shaping-profile, 8-20snmp community, 12-12snmp engine-id, 12-14snmp group, 12-16snmp notify, 12-18snmp notify-filter, 12-19snmp notify-target, 12-21snmp server, 12-23snmp target, 12-25

snmp target-parameters, 12-27snmp user, 12-29snmp version, 9-11snmp view, 12-31software license, 5-26ssh server full-drop, 4-12ssh server rate-drop, 4-14ssh server start-drop, 4-15stats-collection, 8-21subscriber

creating record or profile, 8-22licensing, 5-27

system clock-source, 5-30system clock-source external, 5-32system clock-source timing-type, 5-34system clock summer-time, 5-35system clock timezone, 5-38system confirmations context, 5-40system contact, 5-41system hostname, 5-42system location, 5-43

Ttimeout

subscriber sessions, 8-24timeout login, 4-16timeout session

default for all administrators, 4-17for specific administrator, 6-30

transfer-interval, 10-33traps

any channelized port or channel, 12-33

Modes 1

Modes

Aadministrator configuration mode

full-name, 6-21privilege max, 6-24privilege start, 6-25public-key, 6-26timeout session, 6-30

all configuration modesabort, 2-12comment, 2-13end, 2-19

all modes?, 2-10commit, 2-14exit, 2-20help, 2-21

ATM DS-3 configuration modebulkstats schema, 10-8

ATM OC configuration modebulkstats schema, 10-8

ATM profile configuration modebulkstats schema, 10-8

Bbulkstats configuration mode

header format, 10-20limit, 10-22localdir, 10-24receiver, 10-25remotefile, 10-27sample-interval, 10-29schema, 10-30schema-dump, 10-32transfer-interval, 10-33

Ccontext configuration mode

administrator, 6-8bulkstats policy, 10-7

bulkstats schema, 10-8collection, 10-18domain, 6-14enable authentication, 6-15enable encrypted, 6-17enable password, 6-19interface, 7-8ip pool, 6-22logging console, 11-7logging file, 11-9logging filter, 11-10logging syslog, 11-13service, 5-20subscriber, 8-22

Ddot1q profile configuration mode

bulkstats schema, 10-8DS-0 group configuration mode

bulkstats schema, 10-8DS-1 configuration mode

bulkstats schema, 10-8DS-3 configuration mode

bulkstats schema, 10-8

EE1 configuration mode

bulkstats schema, 10-8E3 configuration mode

bulkstats schema, 10-8exec mode

configureto enter global configuration mode, 5-11to use existing configuration file, 3-7

disable, 2-16enable, 2-17save configuration, 3-10


FFrame Relay profile configuration mode


Gglobal configuration mode

alias, 5-9banner exec, 4-7banner login, 4-9banner motd, 4-11boot configuration, 3-5bulkstats schema profile, 10-10context, 6-10context vpn-rd, 6-12logging active, 11-5logging cct-valid, 11-6logging debug, 11-8logging standby, 11-12logging timestamp millisecond, 11-14macro, 5-13monitor duration, 9-6netop, 9-7privilege, 5-16rmon alarm, 12-9rmon event, 12-11service auto-system-recovery, 5-22service card-auto-reload, 5-23service console-break, 5-24service crash-dump-dram, 9-8service multiple-contexts, 6-29service upload-coredump, 9-9snmp community, 12-12snmp engine-id, 12-14snmp group, 12-16snmp notify, 12-18snmp notify-filter, 12-19snmp notify-target, 12-21snmp server, 12-23snmp target, 12-25snmp target-parameters, 12-27snmp user, 12-29snmp view, 12-31software license, 5-26ssh server full-drop, 4-12ssh server rate-drop, 4-14ssh server start-drop, 4-15stats-collection, 8-21system clock-source, 5-30system clock-source external, 5-32system clock-source timing-type, 5-34system clock summer-time, 5-35system clock timezone, 5-38system confirmations context, 5-40

system contact, 5-41system hostname, 5-42system location, 5-43timeout login, 4-16timeout session, 4-17

Iinterface configuration mode

description, 7-7ip address, 7-11ip clear-df, 7-16ip icmp, 7-17ip mtu, 7-18ip pool, 7-19ip source-address, 7-22ip unnumbered, 7-25ipv6 address, 7-14

Mmacro configuration mode

seq, 5-18

NNetOp configuration mode

advertise, 9-4snmp version, 9-11

Pport configuration mode


SSNMP server configuration mode

traps, 12-33software license configuration mode

l2tp, 5-12mpls, 5-15subscriber, 5-27

stats collection configuration modecount exclude subscriber, 8-8

STM-1 configuration modebulkstats schema, 10-8

subscriber configuration modebulkstats schema, 10-8ip address, 8-9ip source-validation, 8-12ip subscriber route, 8-13nbns, 8-15password, 8-17port-limit, 8-18profile, 8-19shaping-profile, 8-20

Modes 3

timeout, 8-24

Basic Guide Redback

Documents

Transcript of Basic Guide Redback