System Configuration and Management

Maipu Confidential & Proprietary Information of 138

System Configuration and Management

Maipu Communication Technology Co., Ltd No. 16, Jiuxing Avenue Hi-tech Park Chengdu, Sichuan Province People’s Republic of China - 610041 Tel: (86) 28-85148850, 85148041 Fax: (86) 28-85148948, 85148139 URL: http:// www.maipu.com Email: [email protected]

http://www.maipu.com/

mailto:[email protected]



All rights reserved. Printed in the People’s Republic of China. No part of this document may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise without the prior written consent of Maipu Communication Technology Co., Ltd. Maipu makes no representations or warranties with respect to this document contents and specifically disclaims any implied warranties of merchantability or fitness for any specific purpose. Further, Maipu reserves the right to revise this document and to make changes from time to time in its content without being obligated to notify any person of such revisions or changes. Maipu values and appreciates comments you may have concerning our products or this document. Please address comments to: Maipu Communication Technology Co., Ltd No. 16, Jiuxing Avenue Hi-tech Park Chengdu, Sichuan Province People’s Republic of China - 610041 Tel: (86) 28-85148850, 85148041 Fax: (86) 28-85148948, 85148139 URL: http:// www.maipu.com Email: [email protected] All other products or services mentioned herein may be registered trademarks, trademarks, or service marks of their respective manufacturers, companies, or organizations.

http://www.maipu.com/




Maipu Feedback Form Your opinion helps us improve the quality of our product documentation and offer better services. Please fax your comments and suggestions to (86) 28-85148948, 85148139 or email to [email protected].

Document Title SYSTEM CONFIGURATION AND MANAGEMENT

Product Version

Document Revision Number

1.0

Presentation: (Introductions, procedures, illustrations, completeness, arrangement, appearance)

Good Fair Average Poor

Accessibility: (Contents, index, headings, numbering)


Evaluate this document

Editorial: (Language, vocabulary, readability, clarity, technical accuracy, content)


Your suggestions to improve the document

Please check suggestions to improve this document: Improve introduction Make more concise Improve Contents Add more step-by-step procedures/tutorials Improve arrangement Add more technical information Include images Make it less technical Add more detail Improve index

If you wish to be contacted, complete the following:

Name Company

Postcode Address

Telephone E-mail




Contents

Overview.....................................................................................................7

System Configuration.................................................................................8 Configure System Name .........................................................................................8 Configure System Time...........................................................................................8 Configure Login Security Service..............................................................................9

System Management .............................................................................. 12

Overview .............................................................................................................12 Manage File System..............................................................................................12

Introduction to File System....................................................................................................12 Commands of File System .....................................................................................................14 Application Examples of Commands.......................................................................................14

Manage Configuration Files of Router......................................................................37 Contents of Formats of Configuration Files..............................................................................37 Load Configuration File ..........................................................................................................40 Save Current System Configuration........................................................................................41 View Current Running Configuration of Router ........................................................................42 Configure Router to Serve as FTP Server ................................................................................42

Manage System Authentication & Command Hierarchical Authorization................................................................................................................. 45

Overview .............................................................................................................45 Basic Commands..................................................................................................46 Modify User Level .................................................................................................46 Modify Command Level.........................................................................................48 Example of Modifying Command Level ...................................................................49 Set Enable Password.............................................................................................49 Configure User and Related Attributes ....................................................................50 Set Line Attributes ................................................................................................51 View Present User Level ........................................................................................54

System Tools ........................................................................................... 55 Device Information of System................................................................................55 Protocol Debugging...............................................................................................74 Network Troubleshooting Tools ..............................................................................75



System Log Function.............................................................................................75 View CPU Utilization..............................................................................................78 Set CPU and Environment Alarm Temperature ........................................................82 Set SIU Display Language .....................................................................................83 Set System Alarm Parameters ...............................................................................83 Configure Rollback Function...................................................................................84 Pagination Display Function ...................................................................................85

Remote Login Service ............................................................................. 87

telnet...................................................................................................................87 Overview ..............................................................................................................................87 Basic Commands...................................................................................................................87

SSH.....................................................................................................................88

System Information Unit (SIU).............................................................. 89

Operation Methods ...............................................................................................89 View Information..................................................................................................90

Idle Mode..............................................................................................................................90 Menu Mode...........................................................................................................................90 Display Real-time Information................................................................................................92

Embedded Event Platform (EEP)............................................................ 93 Introduction to EEP...............................................................................................93

Basic Commands...................................................................................................................95 Application Examples ............................................................................................99

Application Example 1 ...........................................................................................................99 Application Example 2 .........................................................................................................100 Application Example 3 .........................................................................................................100

Monitoring and Debugging................................................................................... 100 Monitoring Command..........................................................................................................100 Monitoring Command Example ............................................................................................101 Debugging Command..........................................................................................................102

SNMP Proxy Server Configuration........................................................ 103

Introduction to SNMP.......................................................................................... 103 Basic Commands of SNMP................................................................................... 103 Application Examples .......................................................................................... 116

Configure SNMPv1/v2..........................................................................................................116 Configure SNMPv3...............................................................................................................117 Configure SNMPv3 Notification.............................................................................................118 Configure SNMPv3 Proxy Forwarding....................................................................................119

Monitoring and Debugging................................................................................... 121 Monitoring Command..........................................................................................................121 Monitoring Command Example ............................................................................................122



Debugging Commands........................................................................................................129 Debugging Command Examples ..........................................................................................129

RMON..................................................................................................... 134

Introduction to RMON ......................................................................................... 134 Basic Commands of RMON .................................................................................. 135 Application Example............................................................................................ 137 Monitoring and Debugging................................................................................... 137

Monitoring Commands.........................................................................................................137 Monitoring Command Examples...........................................................................................137



Overview

The manual mainly describes the basic configurations and managements of Maipu routers, including the commands for configuring the system, managing the user name and password, configuring the environment parameters, managing the files, and viewing the system information.

Main contents:

Configure the system

Manage the system

Manage system authentication and command hierarchical authorization

System tools

Remote login service of the system

System information unit (SIU) (currently, it is only for MP7500 router)

Embedded Event Platform (EEP)

Configure SNMP proxy server

Configure RMON



System Configuration

In Maipu router, the main tasks of the system configuration include:

Configure the system name

Configure the system time

Configure the login security service of the system

Configure System Name When the router leaves the factory, its default system name is router. Users can change the system name by desires. This change takes effect immediately and the new system name appears in the displaying of the next system prompt. The command for configuring the router system name is as follows:

Command Description Configuration Mode hostname

hostname * To configure the router

name config

The following command is used to change the system name from “router” to “router_1”.

The operation steps are as follows:

Command Description

router#configure terminal To execute the command configure terminal in the privileged user mode to enter the global configuration mode

router(config)#hostname router_1

To execute the command hostname and take the parameter “router_1” in the global configuration mode to change the system name

router_1(config)# The new system command takes effect in the displaying of the next system prompt

Configure System Time There is an independent clock system installed in the router to record the present time of the system. There is the real time clock only in the



MP7500 system, so the system clock is not re-configured when the system restarts after power-off. You can configure the router clock via the following two methods:

1. Configure the NTP service to make the system obtain the present time automatically after startup. (For using of NTP, please refer to the chapter of configuring SNTP).

2. Use the command clock to configure the present time of the system, which comprises year, month, date, hour, minute and second. The configuration command is as follows:

Command Description Configuration Mode clock year

month day hour minute second

* To configure the system clock enable

The following example configures the system time as 09:36:10, November 15, 2006 by the command clock.

Command Description router#clock 2006 11 15 9 36 10

In the privileged user mode, to execute the command to configure the time of the system calendar as 09:36:10, November 15, 2006

router#show clock UTC: THU NOV 15 09:36:15 2006

To display the present calendar time of the system. The present time is 09:36:10, November 15, 2006, Thursday; By default, the time zone of the system is UTC.

Configure Login Security Service In order to enhance the system security, Maipu routers provide the login security service function. Main functions are as follows:

Prevent the brute-force attack on user login password

Prevent the fast connection

The function of preventing the brute-force attack on user login password is to prevent the illegal users from cracking the user name and password used for logging into the Maipu router. When the system finds that the authentication failure times of continuous login from a user reaches the specified times, the system forbids the login connection from that IP address in a given period.

The function of preventing the fast connection is to prevent the illegal users from initiating a lot of login requests to the router in a short period, which occupies a lot of system and network resources. If the times of repeatedly logging into a router from a user reaches the configured times,



the system forbids the login connection requests from that IP address in a given period.

The commands for configuring the login security service are as follows:

Command Description Configuration Mode

service login-secure To enable the system security service

config

login-secure check-record-interval <30m-14400m>

To configure the interval for the login security service clearing the aged login authentication failures and the fast connection information. The default value is 60 minutes.

config

login-secure forbid-time <10m-144000m>

To configure the time for the login security service forbidding the illegal IP address to log in. 10 minutes by default.

config

login-secure max-try-time <1-20>

To configure the maximum authentication failure times for continued login after the login security service takes effect. The default value is 5 times.

config

login-secure record-aging-time <15m-1440m>

To configure the time for the login security service aging the login authentication failure and the fast connection information. The default value is 15 minutes.

config

login-secure quick-connect max-times <10-10000>

To configure the maximum connection times of the preventing fast connection function. The default value is 20 times.

config

login-secure quick-connect restrict-interval <10s-600s>

To configure the minimum interval time between two connections of the preventing fast connection function. The default value is 30s.

config

login-secure quick-connect unrestrict-interval <10m-1440m>

To configure the forbidding time for the illegal IP address to log in after the preventing quick-connection function takes effect. The default value is 20 minutes.

config

show login-secure information

To view the login authentication failure records of the login security service

enable

show login-secure quick-connect

To view the quick-connection records of the login security service

enable

【Default status】 By default, the login security service is enabled when the system starts up



Note

Execute the command no service login-secure to disable the login security service. Meanwhile, clear up all login connection records.



System Management

Main contents:

Overview

Manage the file system

Manage the configuration file

Overview This chapter mainly describes the related contents of the system management, including managing the file system, configuring the file management, system authentication and command hierarchical authorization.

Manage File System Main contents:

Introduction to the file system

Commands of the file system

Examples of applying the commands

Introduction to File System Maipu routers have the following storage mediums. Their functions are as follows:

SDRAM: used as the space for a router executing the application programs;



FLASH: used to store the application programs, configuration files and BootROM programs etc;

EEPROM: used to store the configuration files and the user information that are often changed;

CF card and USB: used to store the user data;

Maipu routers manage the following files:

BootROM file——it is used to store the basic data initialized by the system;

Application program of the router—— it is used to transmit routes, manage files and manage system etc；

Configuration file——It is used to store the system parameters configured by users;

Log file——it is used to store the log information of the system;

Other files —— such as the files in which the dialup tone of the secondary dialup is stored;

Maipu routers construct one or several DOS-based file systems for storing the information that rarely needs to be changed, such as the application programs (protocol software and driver etc.) and BootROM programs of a router. The file system is called TFFS (True Flash File System) (for example, construct two TFFS on MP7500. One device name is “/system”, which is used to store the system images by default; the other device name is “/flash”, which is used to store the key data such as the system configuration). Besides, the Maipu router provides the CF card and USB interface, which are used to store the user data.

For the Maipu router that has the master/salve control card (such as MP7500), if the system is in the master/salve mode and has the slave control card, the system has two kinds of file systems (modes). The file system on the master control card is called master file system. You can enter into the master file system mode via the filesystem command in the privilege mode; correspondingly, the file system on the slave control card is called slave file system. You can enter into the slave file system mode via the filesystem slave command in the privilege mode. In this way, you can operate the commands of the file system on the slave control card. If the current system does not have the slave control card or does not work in the master/slave mode, you cannot enter into the slave file system mode via the filesystem slave command.



Commands of File System In the configuration mode of the file system, the system provides a whole set of commands for managing the file system for the user, as follows:

Command Command Function Run Mode

filesystem To enter into the (master) file system mode enable / config-slave-fs

filesystem slave To enter into the slave file system mode enable / config-fs

copy To copy a file config-fs / config-slave-fs ftpcopy To copy files via the FTP server config-fs / config-slave-fs tftpcopy To copy files via the TFTP server config-fs / config-slave-fs

xmodemcopy To copy files by using XMODEM protocol via the console port config-fs / config-slave-fs

delete To delete files config-fs / config-slave-fs type To view the contents of a file config-fs / config-slave-fs dir To view a directory or file config-fs / config-slave-fs cd To change the present path config-fs / config-slave-fs mkdir To create a directory config-fs / config-slave-fs rmdir To delete a directory config-fs / config-slave-fs pwd To display the current path config-fs / config-slave-fs

volume To view the information about a file device config-fs / config-slave-fs

config-file To execute a configuration file in the master file system config-fs

location

To modify the storage location of the system file (application program, configuration file, log file and so on) config-fs / config-slave-fs

show filesystem To view the information about the file device enable

show file loction [peer]

To view the storage location of the system files of the local or peer device enable

boot-loader [finename] To set the boot parameters of the system config-fs

show boot-loader To display the information about the boot parameters of the system config-fs

The file system management of a router refers to two aspects, that is, file management and directory management. Except the command for copying files, the using of all other commands in the file management are consistent in the master and slave file systems.

Application Examples of Commands View Informat ion about Fi le Device The file system of a router is based on the flash physical device. Users can

get the basic information about the FLASH file system (TFFS) via the

following commands:



Application example:

In the configuration mode of the file system, execute the volume command, or execute the show filesystem command in the enable command mode:

router(config-fs)#volume

volume descriptor ptr (pVolDesc): 0x2cfa968

cache block I/O descriptor ptr (cbio): 0x2cfaa40

auto disk check on mount: NOT ENABLED

max # of simultaneously open files: 22

file descriptors in use: 0

# of different files in use: 0

# of descriptors for deleted files: 0

# of obsolete descriptors: 0

current volume configuration:

- volume label: NO LABEL ; (in boot sector: )

- volume Id: 0x0

- total number of sectors: 5,213 /* sectors of the

file system */

- bytes per sector: 512 /* bytes of each

sector */

- # of sectors per cluster: 4 /* sectors of each

cluster */

- # of reserved sectors: 1 /* the number of the

reserved sectors */

- FAT entry size: FAT16 /* size of FAT sector */

- # of sectors per FAT copy: 4 /* the sectors

occupied by each FAT sector */

- # of FAT table copies: 2 /* copies of FAT

table */

- # of hidden sectors: 1 /* hidden sectors */

- first cluster is in sector # 24 /* the

location of the first cluster in sector */

- Update last access date for open-read-close = FALSE

- directory structure: VFAT /* directory structure */



- root dir start sector: 9 /* the start sector of root

directory */

- # of sectors per root: 15 /* the sectors occupied by root

directory */

- max # of entries in root: 240 /* the maximum number of

entries in root directory */

FAT handler information:

------------------------

- allocation group size: 1 clusters /* the size of the unit can

be allocated */

- free space on volume: 2,641,920 bytes /* the size of the free

space in the file system */

router(config-fs)#

Fi le Management By using the file manage commands in the configuration mode of the file system, users can operate all files in the master and slave file systems, including:

List files (directory)

Copy files

Delete files

View file contents

The following are the examples of application examples of the file management commands.

1. List files (directory)


Master file mode:

router(config-fs)#dir

size date time name

-------- ------ ------ --------

1930 JAN-01-1980 00:00:00 LOGGING



4 JAN-01-1980 00:00:00 RANDOM

3160 JAN-01-1980 00:00:00 STARTUP

3160 JAN-01-1980 00:00:00 SCRIPT

Slave file mode:

router(config-slave-fs)#dir

size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:25:04 mpssh <DIR>

102360 JAN-01-1980 01:22:58 logging

10234 JAN-01-1980 01:03:42 history

1580 JAN-01-1980 01:22:38 startup

2. Copy files

The file copy command can be used to copy files in the FLASH file system, FTP server, TFTP server, startup configuration and running configuration. When the source or destination of the file copy command is file-system and there is no path information before the file name, the system uses the default path to operate by default (when using the filesystem command to enter into the operation mode f the file system, the default path is “/flash”; you can use the cd command to change the default path); if there is device name and path name before the file name, the system uses the specified path to operate.

The following describes each kind of copy in detail.

A. Copy files from file system to file system

Command format:

copy file-system source-filename file-system dest-filename (copy from master

file system to master file system)

The operations of the following two commands are the same in the master and slave file systems:

copy file-system source-filename slave-file-system dest-filename (copy from the

master file system to the slave file system)

copy slave-file-system source-filename file-system dest-filename (copy from the

slave file system to the master file system)




Copy from the master file system to the master file system:


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:24 random

4567 JAN-01-1980 00:00:24 test

router(config-fs)#copy file-system test file-system abc

Copying... Completed


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:24 random

4567 JAN-01-1980 00:00:24 test

4567 JAN-01-1980 00:10:16 abc

B. Copy from the master file system to the slave file system:


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:40 mpssh <DIR>

123 JAN-01-1980 00:30:14 123

router(config-fs)#copy file-system abc slave-file-system abc

Do you want to copy master:/flash/abc to slave:/flash/abc?(y/n)y

##!!!

!!! TRANSFER OK!


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:40 mpssh <DIR>



123 JAN-01-1980 00:30:14 123

4567 JAN-01-1980 00:32:28 abc

C. Copy from the slave file system to the master file system:


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:24 random

4567 JAN-01-1980 00:10:16 abc

4567 JAN-01-1980 00:00:24 test

router(config-fs)#copy slave-file-system 123 file-system 321

Do you want to copy slave:/flash/123 to master:/flash/321? (y/n)y

########

!!! TRANSFER OK!


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:24 random

4567 JAN-01-1980 00:10:16 abc

123 JAN-01-1980 00:36:51 321

D. Copy files from file system to FTP server

Command format:

copy file-system source-filename ftp [vrf vrf-name] dest-ipaddress ftp-username

ftp-password dest-filename (copy from the master file system to the FTP server)

copy slave-file-system source-filename ftp [vrf vrf-name] dest-ipaddress ftp-

username ftp-password dest-filename (copy from the file system to the FTP server; the

command can be used in both master file mode and the slave file mode)

Application examples:



Copy from the master file system to the FTP server:


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:24 random

510 JAN-01-1980 00:08:26 startup

4567 JAN-01-1980 00:09:10 abc

router(config-fs)#copy file-system abc ftp 128.255.42.180 maipu maipu test

Copying!!!!!!!!Total 4567 bytes copying completed.

router(config-fs)#

Copy from the file system to the FTP server:


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:40 mpssh <DIR>

123 JAN-01-1980 00:30:14 123

4567 JAN-01-1980 00:32:28 abc

router(config-slave-fs)#copy slave-file-system abc ftp 128.255.40.33 h01 h01 test

Do you want to copy slave:/flash/abc to FTP:test? (y/n)y

########

Copying!!!!!

Total 4567 bytes copying completed.

FTP transmit slave mpu flash file /flash/abc OK!

router(config-slave-fs)#

E. Copy files from file system to TFTP server

Command format:



copy file-system source-filename tftp [vrf vrf-name] dest-ipaddress dest-filename

(copy from master file system to TFTP server)

copy slave-file-system source-filename tftp [vrf vrf-name] dest-ipaddress dest-

filename (copy from the slave file system to TFTP server; the command can be used in

both master file system mode and the slave file system mode)


Copy from the master file system to the TFTP server:


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

510 JAN-01-1980 00:08:26 startup

4567 JAN-01-1980 00:09:10 abc

router(config-fs)#copy file-system abc tftp 128.255.42.180 test

Completed!

router(config-fs)#

Copy from the file system to the TFTP server:


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:40 mpssh <DIR>

123 JAN-01-1980 00:30:14 123

4567 JAN-01-1980 00:32:28 abc

router(config-slave-fs)#copy slave-file-system abc tftp 128.255.40.33 test

Do you want to copy slave:/flash/abc to TFTP:test? (y/n)y########

Copying

Translating "128.255.40.33"!!!!!!!!!

Total 4567 bytes copying completed!



FTP transmit slave mpu flash file /flash/abc OK!

router(config-slave-fs)#

F. Copy a file in the file system as Startup configuration file

Command format:

copy file-system source-filename startup-config



size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

510 JAN-01-1980 00:05:16 abc

router(config-fs)#copy file-system abc startup-config



size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

510 JAN-01-1980 00:05:46 startup

510 JAN-01-1980 00:05:16 abc

router(config-fs)#

G. Copy Startup configuration as one file in file system

Command format:

copy startup-config file-system dest-filename


router(config-fs)#copy startup-config file-system abc





size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

510 JAN-01-1980 00:09:40 startup

510 JAN-01-1980 00:17:08 abc

router(config-fs)#

H. Copy startup configuration to host via FTP

Command format:

copy startup-config ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password

dest-filename


router(config-fs)#copy startup-config ftp 128.255.42.180 123 123 test

Copying!Total 510 bytes copying completed.

I. Copy startup configuration to host via TFTP

Command format:

copy startup-config tftp [vrf vrf-name] dest-ipaddress dest-filename


router(config-fs)#copy startup-config tftp 128.255.42.180 test

Completed!

J. Copy running configuration as one file in file system

Command format:

copy running-config file-system dest-filename





size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

router(config-fs)#copy running-config file-system abc



size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

510 JAN-01-1980 00:17:08 abc

router(config-fs)#

K. Copy running configuration to host via FTP

Command format:

copy running-config ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password

dest-filename


router(config-fs)#copy running-config ftp 128.255.42.180 123 123 test

Copying!Total 510 bytes copying completed.

L. Copy running configuration to host via TFTP

Command format:

copy running-config tftp [vrf vrf-name] dest-ipaddress dest-filename


router(config-fs)#copy running-config tftp 128.255.42.180 test



Completed!

M. Copy running configuration as startup configuration

Command format:

copy running-config startup-config



size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

router(config-fs)#copy running-config startup-config

Building Configuration...done


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

495 JAN-01-1980 00:33:28 startup

router(config-fs)#

N. Copy files from ftp server to file system

Command format:

copy ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password source-filename

file-system dest-filename (copy from the ftp server to the master file system)

Same as the ftpcopy command


slave-file-system dest-filename (copy from the ftp server to the slave file system; the

command can be used in both master file system mode and the slave file system mode)





size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:24 random

router(config-fs)#copy ftp 128.255.42.180 123 123 test.bin file-system abc

Downloading#########################OK!


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:24 random

11577 JAN-01-1980 00:09:10 abc

router(config-fs)#

O. Copy from FTP server to startup configuration file

Command format:


startup-config



size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

router(config-fs)#copy ftp 128.255.42.180 123 123 test startup-config

Downloading##OK!


size date time name



-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

495 JAN-01-1980 00:58:02 startup

router(config-fs)#

P. Copy files from TFTP server to file system

Command format:

copy tftp [vrf vrf-name] dest-ipaddress source-filename file-system dest-filename

(copy from TFTP server to the master file system)

Note: same as the command tftpcopy

copy tftp [vrf vrf-name] dest-ipaddress source-filename slave-file-system dest-

filename (copy from the TFTP server to the slave file system; the command can be used

in both master file system mode and the slave file system mode)TFTP)



size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

router(config-fs)#copy tftp 128.255.42.180 test file-system abc

Downloading##OK!


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

495 JAN-01-1980 01:01:00 abc

router(config-fs)#



Q. Copy from TFTP server to startup configuration file

Command format:

copy tftp [vrf vrf-name] dest-ipaddress source-filename startup-config



size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

router(config-fs)#copy tftp 128.255.42.180 test startup-config

Downloading##OK!


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

495 JAN-01-1980 01:03:28 startup

router(config-fs)#

R. Copy files to file system by using xmodem protocol via Console port

Command format:

xmodemcopy dest-filename trans-baudrate



size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random



router(config-fs)#xmodemcopy abc 9600

Now ready to receive file.Please send file with XMODEM protocol.If you want to

cancel in progress,press CTL+C key...

Receive file successfully!!


size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

512 JAN-01-1980 01:30:32 abc

router(config-fs)#

3. Delete files

Command format:

delete filename



size date time name

-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

512 JAN-01-1980 01:30:32 abc

router(config-fs)#delete abc

WARNING:

The Data of this file will be lost! if OS is deleted,the system will hangup!

Please confirm to continue?(Yes/No)y


size date time name



-------- ------ ------ --------

2048 JAN-01-1980 00:00:30 mpssh <DIR>

4 JAN-01-1980 00:00:26 random

router(config-fs)#

4. View file contents

Command format:

type filename


router(confgi-fs)#type startup View the contents of the startup file

The contexts of file startup

hostname router

user maipu password 0 maipu 1

enable password OW encrypt

enable timeout 0

no service password-encrypt

interface loopback0

exit

interface fastethernet0

ip address 129.255.222.26 255.255.0.0

no ip redirects

exit

interface serial1/0

physical-layer sync

clock rate 64000

tx-on dsr

encapsulation ppp

ip address 10.1.1.1 255.0.0.0

exit

Directory Management The directory management of the file system in the router comprises:

Print the path where the system is located;



Change the current path;

Create a directory;

Delete a directory;

The examples of applying the commands of directory management are as follows.

1. Print path where system is located

Command format:

pwd


router(config-fs)#pwd

/flash

router(config-fs)#

The above displaying indicates that currently the system is located in /flash directory.

2. Create directory

Command format:

mkdir dir-name


router(config-fs)#mkdir maipu


size date time name

-------- ------ ------ --------

1930 JAN-01-1980 00:00:00 logging

4 JAN-01-1980 00:00:00 random

3160 JAN-01-1980 00:00:00 startup

512 JAN-01-1980 00:00:00 maipu <DIR>

3160 JAN-01-1980 00:00:00 script

3. Change path where system is located

Command format:

cd dest-dirname




router(config-fs)#cd maipu

router(config-fs)#pwd

/flash/maipu

The above displaying indicates that the current system is located in

the directory /flash/Maipu.

4. Delete directory

Command format:

rmdir dir-name


router(config-fs)#cd /flash

router(config-fs)#rmdir maipu

WARNING:

The Data of this dir will be lost! if OS is deleted,the system will hangup!

Please confirm to continue?(Yes/No)y


size date time name

-------- ------ ------ --------

1930 JAN-01-1980 00:00:00 LOGGING

4 JAN-01-1980 00:00:00 RANDOM

3160 JAN-01-1980 00:00:00 STARTUP

3160 JAN-01-1980 00:00:00 SCRIPT

Manage Storage Locat ion of System Fi le By default, the system files (such as application program, configuration file, and log file) are stored in the fixed device of the file system. For example, in MP7500, the configuration file is stored in /flash of the device; the application program is saved in /system of the device.

The high-end routers of Maipu (such as MP7500) can store the file system to the extended storage devices such as CF card can USB device. To facilitate the user to configure the storage location (device) of the system



files (such as application program, configuration file, and log file), the system provides the shell command to modify the storage location (device) of the system files.

In the master/slave file system mode:

location ｛image|configuration|logging|other｝_PHYDEVICE_

Reverse command:

no location ｛image|configuration|logging|other｝

Viewing commands (in enable mode):

show file loction

show file location peer

Here:

_PHYDEVICE_depends on the existing physical device in the system. For example, insert the CF card into the master MPU and the system prompts:

router(config-fs)#location logging ?

/system Physical device: /system

/flash Physical device: /flash

/cfcard Physical device: /cfcard

Use the command in the slave file system mode and the system prompts:

router(config-slave-fs)#location logging ?

/system Physical device: /system on peer MPU

/flash Physical device: /flash on peer MPU

Application examples:

1. The CF card is inserted into the system, but the storage device of the system files is not configured. View the storage information of the current system files:

router#show file location

Current system files default device list:

OS image : /system

Configuration : /flash

Logging : /flash

Other files : /flash



Configurated system files default device list:

OS image : /system


Logging : /flash


2. Configure the default storage location of the log files as the CF card:

router(config-fs)#location logging /cfcard

3. When viewing the storage location of the system files after the configuration, you can find that the configuration takes effect and a new log file named logging is generated in the device /cfcard.



OS image : /system


Logging : /cfcard



OS image : /system


Logging : /cfcard


router(config-fs)#cd /cfcard


size date time name

-------- ------ ------ --------

30 JAN-01-1980 00:40:23 LOGGING

4. When pulling out the CF card, the system prompts that the storage device of the log file is modified to /flash. View the storage location of the system files via the viewing command:





OS image : /system


Logging : /flash



OS image : /system


Logging : /cfcard


5. Insert the CF card again and the system prompts that the storage location of the log file is modified to /cfcard. You can view it as follows:



OS image : /system


Logging : /cfcard



OS image : /system


Logging : /cfcard


6. In the slave file system, you can also perform the above operations to modify the storage location of the log file and other kinds of system files.

Note:

1. After modifying the storage location of the application program (image), you need to upgrade the system via the system upgrade command or modify the boot parameter via the command of loading the file when the system starts so that the system can



start via the image file in the storage device by configuring the application program.

2. After modifying the storage location of the configuration file (configuration) and if the new device does not have the configuration file (startup), you need to use the saving or copying command of the configuration file to generate a configuration file (startup) so that the system can load the configuration when starting next time.

3. When modifying the storage location of the log file (logging), it takes effect at once. If the new device does not have the log file, create a new log file; if the new device has the existing old log file (logging), the future log information is recorded at the end of the file.

4. The modifications for the locations of all system files (including configuration and hot-swap of the device) are recorded in the log file.

Conf igurat ion Command of System Boot Parameters Specify the IOS file used when the system starts next time.

Command format:

boot-loader [filename]


router(config-fs)# boot-loader rp7-g-6.0.7(h01-m14-e).bin

Displaying Command of System Boot Parameters Command format:

show boot-loader


router(config-fs)#show boot-loader

The app to boot at the next time is: dc0: rp7-g-6.0.7(h01-m14-e).bin

The app to boot at the this time is: dc0: rp7-g-6.0.7(h01-m14-e).bin



Manage Configuration Files of Router Contents of Formats of Configuration Files The configuration file exists in the file system in the text file format. The format is as follows:

1. Exist in the format of the configuration command;

2. In order to save the storage space of flash device, only the

commands in the configuration mode (including the global

configuration mode, the configuration mode of the interface, the

configuration mode of the file system, the configuration mode of

the access list, and the configuration mode of the routing protocol)

are saved;

3. The organization of commands takes the command mode as the

standard. All commands in the same mode are organized together

to form a paragraph;

4. Paragraphs are arranged in a certain order: the global

configuration mode, the interface configuration mode, and the

route configuration mode;

5. Sort commands according to the relationships among them. All

related commands are grouped together and a blank line is used to

separate groups.

The following is one example of Maipu router configuration file (the detailed meaning of the information is introduced in the following chapters):

router#show run

Building Configuration...done

!

! Last configuration change at UTC THU JAN 01 06:20:31 1970

!



!software version 6.0.2(j)(integrity)

!software image file rpl-i-6.0.2(j).bin

!compiled on Jun 26 2006, 17:41:22

hostname B

no service password-encrypt

no service new-encrypt

service login-secure

enable password OW encrypt

x25 routing

x25 profile 1 dce

exit

frame-relay switching

interface loopback0

ip address 2.2.2.1 255.255.255.255

exit

interface loopback1

ip address 2.2.2.2 255.255.255.255

exit

interface loopback2



ip address 2.2.2.3 255.255.255.255

exit

interface loopback3

ip address 2.2.2.4 255.255.255.255

exit

interface fastethernet0

ip address 129.255.19.20 255.255.0.0

exit

interface serial1/0

physical-layer sync

clock rate 128000

encapsulation x25 dce

ip address 200.200.200.2 255.255.255.0

exit

interface serial3/0

physical-layer sync

encapsulation frame-relay

frame-relay lmi-type ansi

frame-relay intf-type dce

frame-relay interface-dlci 50

x25-profile 1

exit

ip address 200.200.202.1 255.255.255.0

exit

router ospf 64

log-adjacency-changes

network 2.2.2.1 0.0.0.0 area 9

network 2.2.2.2 0.0.0.0 area 9



network 129.255.19.0 0.0.0.255 area 0

exit

line con 0

exec-timeout 0 0

line vty 0 15

exec-timeout 0 0

no login

exit

!end

Load Configuration File The configuration file of a Maipu router can be edited in a text editor (such as WordPad) according to the format prescribed in the above section, and can be downloaded to a router via FTP or TFTP. This operation can be used by terminal users or via Telnet remote login.

The following example is given to explain how to download the router configuration file via FTP:

Step 1: Edit the configuration file named config on a PC

Step 2: Enable the FTP SERVER on the PC;

Step 3: Execute the command ftpcopy in the file configuration mode of the router to download the configuration file from the PC;

As follows:

router(config-fs)#ftpcopy A.B.C.D router router1 config startup

PC address, user name, password, file name, local file name

The above command is to download the configuration file config from the PC whose address is A.B.C.D to the router and write into the current directory of the router TFFS with the name startup.

Here, execute the command dir, and you can see a new file-startup is added into the directory.




size date time name

-------- ------ ------ --------

1930 JAN-01-1980 00:00:00 logging

4 JAN-01-1980 00:00:00 random

3160 JAN-01-1980 00:00:00 startup

3160 JAN-01-1980 00:00:00 script

Downloading the configuration file via TFTP is similar to downloading via FTP. The only difference between them is that the computer needs to run TFTP SERVER.

Step 4: Restart the router, execute the configuration file-startup and modify the system configurations.

Save Current System Configuration After validating that the modified system configurations are correct, users can save the configurations to be treated as configuration parameters for the next startup.

The following command can be executed to save the running configuration into the startup configuration file (STARTUP):

router (config-fs)# copy running-config startup-config

or use the command:

router#write startup-config

or use the command:

router#write

The following command can be executed to save the running configuration into the remote host via TFTP:

router#copy running-config tftp A.B.C.D WORD

Remote host name saved file name



The following command can be executed to save the startup configuration file into the remote host via TFTP:

router#copy startup-config tftp A.B.C.D WORD

The following command can be executed to save the configuration files WORD of the remote host into the startup configuration file (STARTUP) of the router via TFTP:

router#copy tftp A.B.C.D WORD startup-config

View Current Running Configuration of Router

router#show running-config

Configure Router to Serve as FTP Server Overview Maipu routers can be used as the ftp servers. When a router serves as an ftp server, it permits the user to access the file system of the router via ftp mode.

Basic Commands The commands are as follows:

Command Description Config mode ftp enable

To enable the ftp server 1. config

ftp disable To disable the ftp server 2. config

ftp timeout To set the timeout of the FTP connection

config

ftp max-user-num To configure the maximum number of users permitted to login

config

Note

Before a user logs into the file system of a router via ftp mode, the user name and password need to be configured on the router.

ftp enable



The command is used to enable the FTP service on the device.

ftp enable

ftp disable

The command is used to disable the FTP service on the device.

ftp disable

ftp timeout

The command is used to set the timeout of the FTP connection.

ftp timeout value

Syntax Description

value To configure the FTP timeout; the unit is second

【Default status】 The default value is 300s.

ftp max-user-num

The command is used to set the maximum number of the users permitted to log in at the same time.

ftp max-user-num number

Syntax Description

number To set the maximum number of the users permitted to log in at the same time

【Default status】 The default value is one.

Appl icat ion Example The example of configuring Maipu router as the FTP server:

Command Description router#configure terminal router(config)#ftp enable To enable the ftp sever router(config)#ftp max-user-num 2 To configure the maximum number of

users permitted to login as 2 router(config)#user maipu password 0 maipu To configure the user name and

password for login as maipu

Debugging Command Command Description



(no) debug ftpserver To enable/disable the debugging switch of the FTP server



Manage System Authentication & Command Hierarchical Authorization

Main contents:

Overview

Basic commands

Modify user level

Modify command level

Set enable password

Configure user and related attributes

Set line attributes

View user level

Overview In order to enhance the operation security of a router, Maipu series routers provide various authentication managements (including AAA. Please refer to the chapter of configuring AAA) when users log in or perform the enable operation. Only the users who have the corresponding rights can log in or operate enable successfully.

In order to authorize different level of users with the executable commands with different levels, the commands of maipu router are graded from level 0-15. Here, the level 0 has the lowest right, while the level 15 has the highest.



Basic Commands Command Description Configuration

Mode

enable user-level To modify the user level router> enable

privilege MODE level 0 ～ 15 all | command LINE

To modify the command level config

no privilege MODE {CR | level 0～15 { CR |all | command LINE } }

To recover a command to the default level config

enable password level 1～15 0|7 string

To set the enable password config

enable password [0 | level ] string

To set the enable password config

no enable password [0| level 1~15|STRING] <CR>

To delete the enable password config

user string password 0 LINE

To set the user password config

user string nopassword

To set that a user can log in without password authentication

config

user string privilege 0-15

To set the authorized level of a user config

user string autocommand <LINE>

To set the authorized auto-execute command of a user

config

user string autocommand-option nohangup|delay <0_120>

To set the option of a user executing the auto-command; nohangup means the connection is not disconnected after the auto-command is executed; delay means after how many seconds delayed the auto-command is executed.

config

user string callback-dialstring string

To set the callback number of a user config

Modify User Level If the user passwords of the corresponding levels are configured, users can use the command enable level （ 0 ～ 15 ） and input the correct password to enter into the corresponding user-level. Meanwhile, they get the executing right whose level is lower than or equal to the corresponding command-level.

The command is as follows:


enable {0-15 | _CR_} To modify the user level router> enable

Note



1. Specify a user level 0-15 after enable and enter into the corresponding level. By default, the level is 15 if not specified.

2. If the level of a user is higher than the user level which he is going to enter, he can enter into the related level directly without any authentication. If the user is going to enter a level which is higher than his, the user needs to pass the authentication according to the current configuration, and the authentication method is selected according to the configuration.

3. If the enable password of the corresponding level is configured (configured via the command enable password level) and if the enable authentication of AAA is not configured or the enable authentication of AAA uses the enable method, the password can be used to authenticate.

4. If the enable password of the corresponding level is not configured, but the enable authentication uses the local enable password to authenticate, there are two kinds of situations:

A. If it is a telnet user, the authentication fails. “% No password set” is prompted if aaa is not configured; “% Error in authentication” is prompted if aaa is configured;

B. If is a console port user and the aaa is configured, the enable login tries to use the enable password to authenticate at first. If there is no enable password, use the none authentication, which means that the authentication is passed by default. If the aaa is not configure, “% No password set” is prompted and the authentication fails.

5. If the enable authentication is passed, the user enters into the specified user level and the user possesses the corresponding level. The command show privilege can be used to view the user level.

6. If aaa authentication enable default method is configured, use the corresponding method list to perform the enable authentication, and the corresponding methods need to be used for authenticating, as follows:

A. If aaa authentication enable default none is configured, no password is needed

B. If aaa authentication enable default line is configured and the line password is configured, use the password. Otherwise, “% Error in authentication” is prompted and the authentication fails.

C. If aaa authentication enable default radius is configured, use the radius authentication. Note that the user name of radius enable authentication is fixed, that is, $enab+level$. Level is a number of 1-15, that is, the level the user is going to enter. Because radius uses the user name of the fixed rule, users do not need to input the user name when authenticating, and just input the password to pass. If the password of the



user name with corresponding level is configured on the radius sever, input the corresponding password to log in successfully. Otherwise, the authentication fails. For example, execute the command enable 10, use the fixed user name $enab10$; if the user name exists on the radius sever, input the user name and corresponding password to pass the authentication.

If aaa authentication enable default tacacs is configured, use the tacacs authentication. If there is a user name when logging in, users can use the user name and input the enable password of the user name to log in; otherwise, users need to input a user name and the enable password of it. If the input user name exists on the tacacs sever, and the enable password of tacacs is configured (notice: the corresponding enable password needs to be set for users on the tacacs sever), the authentication is passed. Otherwise, the authentication fails.

The above enable authentication methods can be combined to use. Please refer to the chapter of Configuring AAA.

Modify Command Level Every shell command of Maipu router IOS has its default level. However, the command privileged can be used to modify the default level.

Users can only execute the commands whose levels are equal to or lower than the levels of themselves. For example, if a user whose user level is 12, he can only execute the commands of level 0-level 12.

The commands for modifying command level are as follows:


privilege MODE [level {0-15} [all | command LINE]] To modify the command level config

no privilege MODE [level {0-15} [all | command LINE]}

To cancel the configuration of the command level

config

Note

1. When a user executes a command, whether the user has the corresponding level right depends on the configuration.



2. When executing show run or show startup, whether the present user has the level right for configuring a script depends on the configuration.

3. The input command character string follows the rule of “match most”, which means the input character string can be found and the result is only it. But in the script, it completes the character string as a full command.

4. The command no can be used to recover the command level of the corresponding command set to the default level.

privilege MODE [level {0-15} [all | command LINE]]

Syntax Description

MODE MODE means the mode that the command needs to be configured in, including all modes of the present system.

level {0-15} Parameter 0-15 is a level specified for a command

request To configure as the responder

all To specify all commands in the present mode as a level

command You can input some keywords that a command starts with; all sub-commands that start with the specified keywords also belong to the configured level

Example of Modifying Command Level Configure the level of all sub-commands starting with interface as 2.

Command Description router#configure terminal router(config)# privilege CONF level 2 command interface

To modify the level of the command interface as 2

Set Enable Password To set the local enable password for entering each user-level.

The commands are as follows:

Command Description Configuration mode

enable password [level {1-15}] [0] To specify the level and password, config



password and the password is plaintext.

no enable password [level {1-15}] To cancel the configuration of the enable password of a level

config

Note

1. When executing the command show run, the displayed password is cryptograph, that is, with seven key words.

2. Now there are two kinds of encryption methods, that is, new/old encryption methods. The command service new-encrypt or the command no can be used to switch between the new and the old encryption methods.

Configure User and Related Attributes Use the command user to configure the local user and the related authority attributes. The commands are as follows:


user user-name password 0 password To set the user password config

user user-name nopassword To set that a user can log in without password authentication

config

user user-name privilege {0-15} To configure the authorized level of the user

config

user user-name autocommand command-line

To configure the authorized auto-execute command of the user

config

user user-name autocommand-option {nohangup | delay} [0_120]

To set the option of a user executing the auto-command. Nohangup means the connection is not disconnected after the command is executed. Delay means after how many seconds delayed the command is executed.

config

user user-name callback-dialstring dial-string

To set the callback number of a user

config

user user-name type xauth

To set the user user-name as the IKE extended authentication user and enter the configuration mode of IKE extended authentication user

config

disable To screen the IKE extended user 3. config-

user

password 0 password To set the password of a IKE extended user

4. config-user



remote-settings To enter the configuration mode of remote authorization

config-user

ip {address ip_addr [mask] | pool pl_name}

To set the ip address or the address pool information of a user; pl_name is the name of the address pool

config-user-rset

dns ip_addr1 [ip_addr2]

To configure the dns information of a user. Here, the paddr_1 is the primary dns ip address of the user and ipaddr_2 is the secondary dns ip address of the user

config-user-rset

wins ip_addr1 [ip_addr2]

To configure the wins information of a user. Here, the ipaddr_1 is the primary wins ip address of the user and ipaddr_2 is the secondary wins ip address of the user

config-user-rset

user-group usergroup To set the name of the user-group and enter the user-group configuration mode

config

user user-name To set the user user-name as a member of the user group

config-ugroup

Note

Each command has the corresponding no command; the no command can be used to cancel the corresponding configuration. The user configured by the command user user-name type xauth can only be the user of the IKE extended authentication, but not the login user, also the related commands of user-group take effect only on the user of IKE extended authentication.

Set Line Attributes Maipu series routers support that one console user, up to16 telnet users, and 16 ssh users can log into the device at the same time. The line command can be used to set different attributes for these logins, such as authentications and authorizations.

The commands are as follows:


line con 0 To enter the line configuration mode of the console interface

config

line vty {0-15} {0-15} To enter the line configuration mode of telnet user

config

line ssh-vty {0-15} {0-15} To enter the line configuration mode of SSH user

config

absolute-timeout {0-10000} The total operation time config-line



permitted for login user. Notice, if it is configured as 0, it means the time is not limited. The default value is 0. When 5 seconds before the time runs out, there is a prompt: Line timeout expired

privilege level {0-15} To configure the authorized level of a login user. By default, it is 1

config-line

autocommand command-line

To configure the command executed automatically after a user logs in successfully. Note that the executed command is often in the privileged user mode. By default, no command is executed.

config-line

autocommand-option {nohangup | delay} {0-120}

To set the option of a user executing auto-command. Nohangup means the connection is not disconnected after the auto-command is executed. By default, the connection is disconnected after the command is executed. Delay means after how many seconds delayed the auto-command is executed. By default, the delay is 0 second, which means no delay. Note that the command takes effect only after autocommand is configured.

config-line

exec-timeout {0_35791} [0_2147483]

To configure the idle timeout to exit. Note that if the configuration is 0, it means no idle timeout to exit. By default, it is 5 minutes.

config-line

password 0 password To configure the line password config-line

login [local | authencation]

To configure the login authentication mode. Here, login CR uses the line password to authenticate; Login authentication uses AAA authentication mode. No login means that users can log in without authentication (this can be used only when AAA is not configured). For common telnet, it is login by default; for ssh, it is login local by default.

config-line

authorization exec {default | word}

authorization commands level {default | word}

accounting exec {default|word}

To configure the authentication mode and the accounting mode, if the aaa is enabled (the command aaa new-model), you can specify the

config-line



accounting commands level {default | word}

authentication and accounting mode of exec and commands for each line. Please refer to the chapter of configuring AAA.

modem auto-detection To enable the mode function of console interface

config-line

timeout login respond {1-300}

To configure the timeout of waiting for a user to input the user name and password; it is 30 seconds by default.

config-line

Note

Except the first command, others have their corresponding no commands, which are used to cancel the corresponding configurations or recover to the default configurations.

For example, configure the idle timeout of a telnet user as 5 minutes, the absolute timeout as 20 minutes, login timeout as 60 seconds, right level as 14, to execute the command show memory when 5 seconds delayed after login, and not to exit after the command is executed:

Command Description

router(config)#line vty 0 2 To enter the line configuration mode of telnet user

router(config-line)#exc-timeout 5 0 To configure the idle timeout as 5 minutes

router(config-line)#absolute-timeout 20 To configure the total configuration time permitted for a user as 20 minutes

router(config-line)#timeout login respond 60 To configure the login timeout for a user as 60 second

router(config-line)#privilege level 14 To configure the authorized level of a user as 14

router(config-line)#autocommand show memory To configure to execute the command show memory automatically after a user logs in successfully

router(config-line)# autocommand-option delay 5 nohangup

To configure to execute the command automatically after 5 seconds delayed and the connection is not disconnected

router(config-line)# password 0 vty To configure the password of line as vty

router(config-line)#exit To exit the line configuration mode

After configuring the above commands, users should be authorized with the following line attributes after logging into the device via telnet:

The debug information is as follows (by executing the command debug author exec):

AUTHOR/EXEC/LINE (6): processing AV priv-lvl=14

AUTHOR/EXEC/LINE (6): processing AV autocmd=show mem

AUTHOR/EXEC/LINE (6): processing AV nohangup=TRUE



AUTHOR/EXEC/LINE (6): processing AV timeout=120

View Present User Level The level of the present user can be viewed via a command:

The command is as follows:

show privilege

Execute in the normal user mode (STD) or the privileged user mode (EN).

Note: by default, the level of the command is 1. So the user whose level is 0 cannot execute the command.

For example:

router#show privilege

Current privilege level is 15



System Tools

Device Information of System The device information of the system can be viewed via the command show. The types of the information that can be viewed are as follows:

The information about the software and hardware resources of the system

The basic information of the system

The configuration information of the system

The statistics information of the system

To facilitate the user to plan and manage the slots and components of the device, setting the description information of the slots and components is supported.

Set the description of the slots/components


system description { mpu <0~1> | lpu <0~7> | siu | power <0~2> | fan <0~1> } description-information

To set the description information about the slots of the cards in the system and the components such as SIU, power, and fan

config

The show commands of the system


stack To display the using condition of each task stack in the system

Enable

memory To display the information about the memory of the system

Enable

mbuf To display the information about the buffer of the system

Enable

process To display the information about the task/process of the system

Enable

device To display the information about the Enable



physical and logical devices in the system

interface To display the information about the network interface of the system

Enable

hosts To display the information about the internal host table in the system

Enable

arp To display the information about the ARP table of the system

Enable

ip To display the statistics information of IP layer (include TCP and UDP)

Enable

startup-config To display the contents of the startup configuration file in the system

Enable

about To display the information about the system copyright

Enable

Version To display the information about the versions of the hardware and software in the system

Enable

system {chassis | vender | mpu | lpu | siu | power | fan }

To display the information bout the components such as cards, SIU, power supply, and fan

Enable

Take MP7508 as an example and some information is displayed as follows:

Display the system stack

router#show stack

NAME ENTRY TID SIZE CUR HIGH MARGIN

---------- ------------ -------- ----- ----- ----- ------

tExcTask 0x000014abc8 3fab488 7984 224 488 7496

tLogTask 0x0000150f1c 3fa8b00 4984 216 280 4704

tExcTrace 0x00000144f8 3540ed0 4984 320 552 4432

tShell1 0x000002b254 27b1b18 20472 9696 13168 7304

tSysLog 0x00002032cc 2b298c0 5112 216 1084 4028

tSccTx1 0x0000316acc 2b66380 3992 160 428 3564

tPPPExe 0x00002d415c 35e29d8 10232 160 1580 8652

tPPPSig 0x00002d4258 35dffc0 3416 192 1000 2416

tNetTask 0x00001d1364 2c769e8 9984 184 1188 8796

tSysTimer 0x0000026ba0 2c74080 10224 152 296 9928

tSysSig 0x0000026bc8 2c71598 3416 240 1048 2368

tSccRx1 0x0000316a50 2b67920 4992 152 644 4348

tModDet1 0x000030d1bc 2b651c8 3984 184 448 3536

tUartRx0 0x000025e968 2b61030 4984 240 304 4680

tUartRx1 0x000025e968 2b5e3e0 4984 240 304 4680

tUartRx2 0x000025e968 2b5b790 4984 240 304 4680

tUartRx3 0x000025e968 2b58b40 4984 240 304 4680



tUartRx4 0x000025e968 2b55ef0 4984 240 304 4680

tUartRx5 0x000025e968 2b532a0 4984 240 304 4680

tUartRx6 0x000025e968 2b50650 4984 240 304 4680

tUartRx7 0x000025e968 2b4da00 4984 240 304 4680

tUartRx8 0x000025e968 2b4adb0 4984 240 304 4680

tUartRx9 0x000025e968 2b48160 4984 240 304 4680

tUartRx10 0x000025e968 2b45510 4984 240 304 4680

tUartRx11 0x000025e968 2b428c0 4984 240 304 4680

tUartRx12 0x000025e968 2b3fc70 4984 240 304 4680

tUartRx13 0x000025e968 2b3d020 4984 240 304 4680

tUartRx14 0x000025e968 2b3a3d0 4984 240 304 4680

tUartRx15 0x000025e968 2b37780 4984 200 1020 3964

tActive 0x0000306c74 2b14660 3992 240 384 3608

tSysTask 0x000029f4d0 351d648 9984 176 240 9744

tTermSo 0x0000351800 2b0b920 7992 360 1420 6572

tTermCore 0x0000352028 2b097c8 7984 184 976 7008

tMpDlc 0x00004b9790 2afffb0 3992 160 472 3520

tRtBak 0x00002ee874 2c6e880 16376 952 1096 15280

tInfoGuide 0x00000cd65c 2afedf8 101712 600 2748 98964

tFecDetect 0x000026c86c 2b700b0 4984 184 916 4068

tTffsPTask 0x00003b2dbc 3fa4eb8 2032 136 404 1628

httpInit 0x000037fc7c 28843e8 4984 368 592 4392

tTelnetd 0x00003455e4 2b134a8 4080 496 720 3360

INTERRUPT 5000 0 1036 3964

Display the using condition of the system memory

router#show memory

SUMMARY

-------

Type Used bytes Free bytes Total bytes Used percent

---- ---------- ---------- ----------- ------------

HEAP 21291496 28001744 49293240 43.19%

CODE 17810592 / 17810592 /

SLAB 539040 349792 888832 60.65%

MBUF 755936 16081824 16837760 4.49%



Note:

The space of all such memory types exclude CODE is part of the HEAP's

used memory,for example:MBUF,SLAB,and FPSS if exists.

STATISTICS

----------

Used bytes Free bytes Total bytes Used percent

---------- ---------- ----------- ------------

22670472 44433360 67103832 33.78%

Note

The meanings of each item:

HEAP Heap memory (the most basic memory area in the system); other secondary allocation management mechanisms are separated from the area

CODE Code Snippets memory; it is used to store the code snippets for system running

SLAB

A kind of management mechanism for memory secondary allocation

MBUF A kind of management mechanism for memory secondary allocation FPSS A kind of management mechanism for memory secondary allocation,

only existing on MP3700 and MP7200

Use the command show memory to set different parameters to realize various functions:

show memory FPSS|HEAP|MBUF|SLAB: display the memory using condition of different memory management mechanisms

show memory FPSS|MBUF|SLAB _POOLNAME_: display the using condition of one memory pool in a memory management mechanism

show memory detail: display the detailed using condition of the system memory

show memory detail FPSS|HEAP|MBUF|SLAB: display the detailed memory using condition of different memory management mechanisms

show memory detail FPSS|HEAP|MBUF|SLAB _POOLNAME_: display the detailed using condition of one memory pool in a memory management mechanism

Display the using condition of the system buffer

router# show pool detail

Data pool



Statistics for the network stack mbuf

type number

--------- ------

FREE : 49887

DATA : 1

HEADER : 1

SOCKET : 9

PCB : 12

RTABLE : 54

HTABLE : 0

ATABLE : 0

SONAME : 0

ZOMBIE : 1

SOOPTS : 0

FTABLE : 0

RIGHTS : 0

IFADDR : 20

CONTROL : 0

OOBDATA : 0

IPMOPTS : 2

IPMADDR : 11

IFMADDR : 0

MRTABLE : 0

DRVSCC : 0

DRV8SA : 0

DRV8S : 0

DRV16A : 0

DRV4M336: 0

DRVEXTSCC: 0

DRVQMC : 0

MPLSINFO: 2

TOTAL : 50000

number of mbufs: 50000

number of times failed to find space: 0

number of times waited for space: 0

number of times drained protocols for space: 0



__________________

CLUSTER POOL TABLE

____________________________________________________________________

___________

size clusters free usage

-------------------------------------------------------------------------------

64 6000 5966 34124

128 36000 35933 351874

256 3200 3198 3711

512 3200 3191 37

1024 180 180 0

2048 400 400 0

-------------------------------------------------------------------------------

Size: 12416400 bytes

Driver pool

Statistics for the network stack mbuf

type number

--------- ------

FREE : 5990

DATA : 10

HEADER : 0

SOCKET : 0

PCB : 0

RTABLE : 0

HTABLE : 0

ATABLE : 0

SONAME : 0

ZOMBIE : 0

SOOPTS : 0

FTABLE : 0

RIGHTS : 0

IFADDR : 0

CONTROL : 0

OOBDATA : 0

IPMOPTS : 0



IPMADDR : 0

IFMADDR : 0

MRTABLE : 0

DRVSCC : 0

DRV8SA : 0

DRV8S : 0

DRV16A : 0

DRV4M336: 0

DRVEXTSCC: 0

DRVQMC : 0

MPLSINFO: 0

TOTAL : 6000

number of mbufs: 6000

number of times failed to find space: 0

number of times waited for space: 0

number of times drained protocols for space: 0

__________________

CLUSTER POOL TABLE

____________________________________________________________________

___________

size clusters free usage

-------------------------------------------------------------------------------

1596 6000 5632 1119414

-------------------------------------------------------------------------------

Size: 10056000 bytes

All MBUF pool size : 22472400 bytes

Display the information about the system device

router#show device

drv name

0 /null

1 /tyCo/0

1 /tyCo/1

1 /tyCo/2

1 /tyCo/3



3 /system

3 /flash

3 /hsconfig

2 /pipe/temp

3 /config

3 /more

3 /log

3 /hafile

2 /pipe/sshd

Display the information about the status of all system interfaces

router#show interface

loopback0:

Flags: (0x4080e9) UP LOOPBACK MULTICAST RUNNING GWUP

Type: SOFTWARE_LOOPBACK

Internet address: 1.1.1.1/32

Queue strategy: FIFO , Output queue: 0/1 (current/max packets)(0)

Metric: 0, MTU: 32768, BW: 8000000 Kbps, DLY: 5000 usec, VRF: global

Reliability 255/255, Txload 1/255, Rxload 1/255

5 minutes input rate 0 bits/sec, 0 packets/sec

5 minutes output rate 0 bits/sec, 0 packets/sec

0 packets received; 0 packets sent

0 multicast packets received

0 multicast packets sent

0 input errors; 0 output errors

0 collisions; 0 dropped

multilink0:

Flags: (0x408070) DOWN POINT-TO-POINT MULTICAST ARP RUNNING

GWUP

Type: MULTILINK


Destination Internet address: 0.0.0.0













gigaethernet0:

Flags: (0x408062) DOWN BROADCAST MULTICAST ARP RUNNING

GWUP

Type: ETHERNET_CSMACD


Broadcast address: 128.255.43.255




Ethernet address is 0000.0000.0000








gigaethernet1:


GWUP



Broadcast address: 11.11.11.255














gigaethernet2:


GWUP













gigaethernet3:


GWUP













lo0:

Flags: (0xc080e9) UP LOOPBACK MULTICAST RUNNING GWUP

Type: SOFTWARE_LOOPBACK














dc0:

Flags: (0x40408063) UP BROADCAST MULTICAST ARP RUNNING GWUP

MANAGE













Display the information about the system version

router#show version

MyPower (R) Operating System Software

MP7500 system image file (dc0: rp7-g-6.0.7(h01-m14-e).bin), version 6.0.7(h01-

m14-e)(integrity), Compiled on Jun 18 2007, 08:53:40

Copyright (C) 1999 Maipu (Sichuan) Communication Technology Co., Ltd. All

Rights Reserved.

MP7500 Version Information

System ID : 350000163234



Hardware Model : RM7A-MPU408-4GE with 512 MBytes DDR SDRAM,

32 MBytes flash

Hardware Version : 010(Hotswap Supported)

MPU CPLD Version : 43

Monitor Version : 1.19

Software Version : 6.0.7(h01-m14-e)(integrity)

Software Image File : dc0: rp7-g-6.0.7(h01-m14-e).bin

Compiled : Jun 18 2007, 08:53:40

System Uptime is 0 hour 10 minutes 17 seconds

Display the information about the system copyright

router#show about

MP7500 series modular architecture can incessantly offer clients as many

flexible solutions as possible when new services and applications come

into exsistence. With full support of the MyPower (R) Operating System

Software,MP7500

series modular architecture will support the following applications:

General Internet/intranet access

LAN-to-LAN/LAN Internetwork

Secure Internet/intranet access

Multiservice voice/data integration

Analog and digital dial access services

Virtual Private Network (VPN) access

Interconnecting with IBM SNA Network

MP7500 modular architecture include the following optional modules:

Copyright (C) 1999 Maipu (Sichuan) Communication Technology Co., Ltd. All

Rights Reserved.

Display the status information of the components such as cards, SIU, power supply, and fan

The show system command can be used to display the information about the running status of the components such as cards, SIU, power supply and fans.



The command displaying example is as follows:

router#show system

System Chassis Information (ID=00 - ONLINE)

----------------------------------------------------------------

Device ID: 0005

Vender ID: 0003

Serial No.: 00000006

Chassis-MAC-Group-0: 00017a016666

00017a016667

00017a016668

00017a016669

00017a01666a

Chassis-MAC-Group-1: 00017a01666b

00017a01666c

00017a01666d

00017a01666e

00017a01666f

----------------------------------------------------------------

STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR

System Card Information(UNIT=20 - ONLINE)

----------------------------------------------------------------

Type: MPU_RM7A_MPU408_4GE

Status: Start Ok

Last-Alarm: 0000

Card-Port-Num: 0

Card-SubSlot-Num: 2

Power-INTF-Status: 0003

Power-Card-Status: On


Card-Name: <NULL>

Description: <NULL>

Power-RT-Infomation:

Voltage-In: 11.63 V

Hardware-Information:

HW-State: 0000



PCB-Version: H01

CPLD-Version: 43

Software-Information:

Monitor-Version: 1.14

Software-Version: 6.0.5(h01-b12-p)(integrity)

Temperature-Information:

Temperature-State:

Temperature = 27.

Last-Alarm = 0.

CPU-On-Card-Information: < 1 CPUs>

CPU-Idx: 00

Status: 0000

Core-Num: 0004

Core-State:

Core-Idx-00

Core-Status: 0000

Core-Utilization: 0%

Core-Idx-01

Core-Status: 0000


Core-Idx-02

Core-Status: 0000


Core-Idx-03

Core-Status: 0000


Temperature:

Temperature-State:

Temperature = 43.

Last-Alarm = 0.

MEM-On-Card-Information: <1 MEMs>

MEM-Idx: 00

MEM-State:

BytesFree = 494829816 bytes

BytesAlloc = 42035960 bytes

BlocksFree = 119 blocks

BlocksAlloc = 17044 blocks



MaxBlockSizeFree = 197052064 bytes

DISK-On-Card-Information: <3 DISKs>

DISK-Idx: 00

Type: Flash

Status: Online

Last-Alarm: 0000

DISK-State:

SizeTotal = 33554432 bytes

SizeFree = 16666624 bytes

DISK-Idx: 01

Type: Unknown

Status: Offline

Last-Alarm: 0000

DISK-Idx: 02

Type: Unknown

Status: Offline

Last-Alarm: 0000

CMM-Information:

Hardware-Type: 0000

Monitor-Version: 1.0.8

Software-Version: 1.1.6

----------------------------------------------------------------


System Card Information(UNIT=20,SLOT=00 - ONLINE)

----------------------------------------------------------------

Type: LGU_RM7A_MPU408_4GE_DC

Status: Init

Last-Alarm: 0000

Card-Port-Num: 1

Card-SubSlot-Num: 0



----------------------------------------------------------------




System Card Information(UNIT=20,SLOT=01 - ONLINE)

----------------------------------------------------------------

Type: LGU_RM7A_MPU408_4GE_GE

Status: Init

Last-Alarm: 0000

Card-Port-Num: 4

Card-SubSlot-Num: 0



----------------------------------------------------------------


System Card Information(UNIT=21 - OFFLINE)

----------------------------------------------------------------



----------------------------------------------------------------


System Card Information(UNIT=01 - ONLINE)

----------------------------------------------------------------

Type: LPU_RM7B_1ATM_OC3H

Status: Start Ok

Last-Alarm: 0000

Card-Port-Num: 1

Card-SubSlot-Num: 0



Serial No.: ffffffff

Card-Name: 1ATM

Description: <NULL>

Power-RT-Infomation:



Voltage-In: 0.00 V


HW-State: 0000

PCB-Version: H01

CPLD-Version: 42

SFP-On-Card-Information: <1 SFPs>

SFP-Idx: 00

Type: 0000

Status: Online

Info-Struct:

id = 0003

connectorType = 07

bitRate = 01

sonetCompatibility = 02

gigaCompatibility = 00

linkLength = 0f960000

serial-no. = 842043908064

version = 10

vendor-name = FIBERXON INC.

vendor-part-num = FTM-3001C-S15

CMM-Information:

Hardware-Type: 0000



----------------------------------------------------------------



----------------------------------------------------------------



----------------------------------------------------------------





----------------------------------------------------------------



----------------------------------------------------------------



----------------------------------------------------------------



----------------------------------------------------------------


System Power Information(ID=30 - ONLINE)

----------------------------------------------------------------

Status: Abnormal

Last-Alarm: 0000

Serial No.: <NULL>

Description: <NULL>

Power-RT-Information:

Fan-Status: Abnormal

Type-In: AC

Voltage-In: 0.00 V

Current-In: 0.00 A

CMM-Information:

Hardware-Type: 0000

Monitor-Version: <NULL>

Software-Version: <NULL>

----------------------------------------------------------------




System Power Information(ID=31 - OFFLINE)

----------------------------------------------------------------


System Power Information(ID=32 - OFFLINE)

----------------------------------------------------------------


System FAN Information(ID=40 - OFFLINE)

----------------------------------------------------------------


System FAN Information(ID=41 - ONLINE)

----------------------------------------------------------------

Status: Offline

Last-Alarm: 0000

Serial No.: <NULL>

Description: <NULL>

----------------------------------------------------------------


System SIU Information(ID=28 - ONLINE)

----------------------------------------------------------------

Type: 0000

Status: Online

Last-Alarm: 0000


Description: <NULL>


PCB-Version: H01



CMM-Information:

Hardware-Type: 0000



----------------------------------------------------------------


router#

Note

The show system command can be used to display the information about the running status of the corresponding component by setting different parameters:

show system mpu {local | peer}: display the information about the running status of the local/peer MPU card;

show system lpu <0~7>: display the information about the running status of the LPU card in the slot of the device;

show system siu: display the information about the running status of the SIU;

show system power <0~2>: display the information about the running status of the power components;

show system fan <0~1>: display the information about the running status of the fan components;

Protocol Debugging The system provides the debugging switches for various protocols, including IP, PPP, HDLC, OSPF, FR, and X25. The following example briefly explains the enabling and disabling of the debugging switch.

Enable the protocol debugging switch

Enable the packet debugging switch of IP protocol access list:

router#debug ip packet access-list



Enable the debugging switch of the RIP protocol:

router#debug ip rip events

Enable the debugging switch of the PPP protocol (on interface s1/0):

router#debug ppp negotiation s1/0

Enable the debugging switch of the HDLC protocol:

router#debug hdlc s1/0

FR has many protocol debugging switches, including:

Debug frame-relay lmi [interface/<CR>]

Debug frame-relay log [interface/<CR>]

Debug frame-relay packet [interface/<CR>]

……

The specific protocol debugging switches are described in the corresponding chapters in detail.

Disable the protocol debugging switch

In order to disable the protocol debugging switch, users only need to add a command word no before the command to disable the related switch; or use the command no debug all to disable all debug switches.

Network Troubleshooting Tools For details, refer to the chapter of Network Test and Troubleshooting.

System Log Function System log function comprises two aspects. One is to add some header information for the printed log messages, such as time stamp and task name. The other is to output and store the log messages in different



formats, including printing to the console port, printing to the telnet terminal via switch, writing to the memory file, writing to the flash file, and sending to the log sever.

The commands of the system log function are as follows:


logging enable

To enable the log function; the command no logging enable can be used to disable the log function

config

logging color logging-level logging-color

To configure the colors when the log information with different levels are displayed on the command-line terminal; the configured levels include Emergency, Alert, Critical, Error, Warn, Notify, Information, and Debugging; the corresponding levels are 0-7. The configured colors include blue, brown, cyan, green, purple, red, and white.

config

logging buffer

To enable recording log information in the memory buffer; the name of the memory file is /log/logging; the corresponding command no logging buffer can be executed to disable the function

config

logging buffer max-size buffer-size

To configure the size of the memory buffer which is used to record the log information; the value range is 4096-409600 bytes; the default value is 100K

config

logging buffer logging-level

To configure the information whose level is higher than one level to be recorded in the memory buffer; the default level is notify, that is, the information of level 0-5 is recorded to the memory buffer

config

logging console

To enable the function of outputting the log information to the console port; the no logging console command can be used to disable the function

config

logging console logging-level

To configure the information whose level is higher than one level to be output to the console port; the default level is debugging, that is, all information of level 0-7 needs to be output to the console port

config

logging file

To enable the function of recording the log information to the flash file system; the file name is /flash/logging. The corresponding command no logging file can be executed to disable the function

config

logging file max-size file-size

To configure the size of the log file in the flash file system; the value range is 4096-1048576 bytes. The default value is 100K

config

logging file logging-level

To configure the information whose level is higher than one level to be recorded to the flash log file; the default level is warn, that is, the information of level 0-4 is recorded to the flash log file.

config

logging trap

To enable the function of sending the log information to the specified log sever. The command no logging trap can be used to disable the function.

config

logging log-server [vrf vrf-name] start-level [end-level]

To configure the host name or IP address of the log sever and the information level that needs to be sent to the log sever. You can specify the VRF name to send the information out via VRF. By default, the log server is not configured; the level of the information sent to the log server is 0-4.

config

logging source-ip source-address

To configure the source address used for sending the information to the log server

config



logging event

To configure the executed shell commands to be sent to the log server

config

logging monitor

To enable the function of outputting the log information to the telnet and SSH terminals. The corresponding command no logging monitor can be executed to disable the function. By default, the function is enabled.

config

logging monitor logging-level

To configure allowing the information whose level is higher than one level to be output to the telnet and SSH terminals; the default level is debugging, that is, the information of level 0-7 can be output to the telnet and SSH terminals.

config

logging facility type

To configure the types of the log information sent to the log sever. The types include auth, cron, daemon, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, news, sys10, sys11, sys12, sys13, sys14, sys9, syslog, user, and uucp. By default, the type is local7.

config

service timestamps log | debug [datetime [msec] | uptime]

To configure the time stamp option of the log message header: local time (datetime) or the enabling time of the system (uptime). The parameter debug means the message output to the terminal; the parameter log means the message recorded to the log file.

config

service taskname [log | debug]

To configure to add the task name in the log message header; log means adding the task name to the message header written to the log file; debug means adding the task name to the message header written to the terminal

config

clear logging [buffer | file]

To clear the log contents of the memory or flash file; if the type is not specified, clear up the log files of the memory and flash

enable

show logging [file | buffer]

To display the log contents of the memory or flash file; if the type is not specified, display only the log contents of the flash

enable

terminal monitor

To enable the switch of printing the log information on the telnet and SSH terminals; the log information can be printed on the telnet and SSH terminals only by executing the command.

enable

Note

Except the show and clear commands, the above commands have the corresponding no commands. You can use the no commands to delete the corresponding configurations, cancel the corresponding function or recover the default value.

The log messages are graded from level 0 to level 7 according to the severity levels. Level 0 means the message level is the most severe. By default, the information of level 0 -7 is all printed to the console interface; if the terminal monitor command is configured on the telnet terminal; the information of level 0-5 is written to the memory file; the information of level 0-4 are written into the flash file; the information of level 0-5 is sent to the log server.



Meanwhile, the commands for modifying the level range are provided. The related commands are logging console level，logging monitor level，logging buffer level，logging file level，and logging ip-address level. If one level is configured as level, it means the level range is 0- level.

For example, the command of configuring the level of the log information recorded to the flash is as follows:

router(config)#logging file ?

<0-7> Logging severity level

alerts Immediate action needed (severity=1)

critical Critical conditions (severity=2)

debugging Debugging messages (severity=7)

emergencies System is unusable (severity=0)

errors Error conditions (severity=3)

informational Informational messages (severity=6)

notifications Normal but significant conditions (severity=5)

warnings Warning conditions (severity=4)

<CR>

The information levels are defined as follows:

Level Key Word Description 0 emergencies The system is unusable. 1 alerts You need to take action at

once. 2 critical The critical statue 3 errors The error statue 4 warnings The warning status 5 notifications Normal status, but needs to

be noticed 6 informational The informational messages 7 debugging The debugging information

View CPU Utilization Maipu routers provide the tools for viewing the CPU utilization, that is, after enabling the switch for monitoring CPU, users can view the CPU using condition of each task in a period and the total using condition of CPU in a period.

The related commands are as follows:




check cpu enable

To enable the switch for monitoring cpu and start to collect the data of cpu utilization

config

check cpu disable

To disable the switch for monitoring cpu and stop collecting the data of cpu utilization. The default status is disable.

config

check cpu time-interval value

To set the time interval for refreshing the current cpu utilization. By default, it is 2 seconds.

config

check cpu view [simple]

Whether to display in the simple mode, which means only to display the task which uses CPU. By default, the simple mode is disabled.

config

check cpu parameter

To view the present parameters and status of check cpu, such as whether to enable the monitoring switch.

config

spy cpu To enable the switch for monitoring CPU, and start to monitor the CPU using condition of each task

enable

no spy cpu To disable the switch for monitoring CPU, and stop monitoring the CPU using condition of each task

enable

monitor cpu To enable the switch for monitoring CPU, and start to monitor the total using condition of the CPU in a period

enable

no monitor cpu

To disable the switch for monitoring CPU, and stop monitoring the total using condition of the CPU in a period

enable

show cpu To display the CPU using condition of each task enable show cpu monitor

To display the total using condition of the CPU in a period enable

Example:

In the privileged user mode, use the command spy cpu at first to monitor the CPU using condition of each task, and then use the command show cpu to display the CPU using condition of each task.

router#spy cpu

router#show cpu

System monitor result:

NAME ENTRY TID PRI total % (ticks) delta % (ticks)

-------- -------- ----- --- --------------- ---------------

tExcTask 3f9bb68 0 0% ( 0) 0% ( 0)

tLogTask 3f98f90 0 0% ( 0) 0% ( 0)

tRlimit 353bf80 5 0% ( 0) 0% ( 0)

tKmemReapd 3f742a0 10 0% ( 0) 0% ( 0)

tExcTrace 3555e30 10 0% ( 0) 0% ( 0)

tFmmHdle 2c56238 10 0% ( 0) 0% ( 0)

tCPUMonitor 3f90ac0 10 0% ( 0) 0% ( 0)

tShell1 2b41248 20 0% ( 1) 0% ( 0)

tMbufTask 2e047b0 40 0% ( 0) 0% ( 0)

tSysLog 2cb67c8 40 0% ( 0) 0% ( 0)



tLocalStat 34ff8b8 45 0% ( 0) 0% ( 0)

tPPPExe 353a910 50 0% ( 0) 0% ( 0)

tFRExe 35379a0 50 0% ( 0) 0% ( 0)

tMFRExe 3531998 50 0% ( 0) 0% ( 0)

systimerhigh 34083a8 50 0% ( 0) 0% ( 0)

tNetTask 2def410 50 0% ( 0) 0% ( 0)

tFwdTask 2dec8a8 50 0% ( 0) 0% ( 0)

tEthTx0 2cfe140 50 0% ( 0) 0% ( 0)

tSccRx2 2ced828 50 0% ( 0) 0% ( 0)

tSccTx2 2cec048 50 0% ( 0) 0% ( 0)

tModDet2 2cea868 50 0% ( 0) 0% ( 0)

tHdlcTim 2ce9258 50 0% ( 0) 0% ( 0)

tSccRx3 2ce0828 50 0% ( 0) 0% ( 0)

tSccTx3 2cdf048 50 0% ( 0) 0% ( 0)

tModDet3 2cdd868 50 0% ( 0) 0% ( 0)

tRtrSched 2c6a968 50 0% ( 0) 0% ( 0)

tRtrIcmpRcv 2c67bf8 50 0% ( 0) 0% ( 0)

tRtrJitter 2c64e88 50 0% ( 0) 0% ( 0)

tRtrWdog 2c620a8 50 0% ( 0) 0% ( 0)

tConMSig 2d404e0 55 0% ( 0) 0% ( 0)

tActive 2b3a650 55 0% ( 0) 0% ( 0)

tSysTask 3411928 60 0% ( 0) 0% ( 0)

tAaaRecv 2c46f80 80 0% ( 0) 0% ( 0)

tPFAFPSS 3502220 90 0% ( 0) 0% ( 0)

systimer 3409cf8 90 0% ( 0) 0% ( 0)

tGTL 2de7c00 90 0% ( 0) 0% ( 0)

tLogHash 2d9d7e0 90 0% ( 0) 0% ( 0)

tELD 2c4be58 90 0% ( 0) 0% ( 0)

tInfoguide 2bebda8 90 0% ( 0) 0% ( 0)

tFecDetect 2d17c50 95 0% ( 0) 0% ( 0)

tEnetDet0 2cface8 95 0% ( 0) 0% ( 0)

tTffsPTask 3f97478 100 0% ( 0) 0% ( 0)

tStaticRt 2dc8c70 100 0% ( 0) 0% ( 0)

tRtrSta 2c5ede0 100 0% ( 0) 0% ( 0)

tAclTask 2d6eb60 110 0% ( 0) 0% ( 0)

tPmtud 2df1dc0 120 0% ( 0) 0% ( 0)

tTelnetd 2b39258 120 0% ( 0) 0% ( 0)



tTelnetd6 2b35448 120 0% ( 0) 0% ( 0)

tFmmDtct 2c50d98 220 0% ( 0) 0% ( 0)

tDcacheUpd 34a8138 250 0% ( 0) 0% ( 0)

tTunnel 34035d8 250 0% ( 0) 0% ( 0)

tLFree 340ed40 255 0% ( 0) 0% ( 0)

tIdle 3f8f268 255 0% ( 1) 0% ( 0)

KERNEL 0% ( 1) 0% ( 0)

INTERRUPT 0% ( 0) 0% ( 0)

IDLE 99% ( 447) 100% ( 13)

TOTAL 99% ( 450) 100% ( 13)

In privileged user mode, first use the monitor cpu command to monitor the total utilization of CPU in some periods, and then use the show cpu monitor command to display the total utilization of CPU in some periods.

router#monitor cpu

router#show cpu monitor

CPU utilization for five seconds: 2%; one minute: 1%; five minutes: 1%

CPU utilization per second in the past 60 seconds:

0% 0% 0% 9% 0% 0% 0% 0% 0% 0%

0% 0% 0% 9% 0% 0% 0% 0% 0% 0%

0% 0% 0% 9% 0% 0% 0% 0% 0% 0%

0% 0% 0% 9% 0% 0% 0% 0% 0% 0%

0% 0% 0% 9% 0% 0% 0% 0% 0% 0%

0% 0% 0% 9% 0% 0% 0% 0% 0% 0%

CPU utilization per minute in the past 60 minutes:

1% 1% 1% 1% 1% 1% 1% 1% 1% 1%

1% 1% 1% 1% 1% 1% 1% 1% 1% 1%

1% 2% 1% 1% 1% 1% 1% 2% - -

- - - - - - - - - -

- - - - - - - - - -

- - - - - - - - - -

CPU utilization per quarter in the past 96 quarters:



1% - - - - - - -

- - - - - - - -

- - - - - - - -

- - - - - - - -

- - - - - - - -

- - - - - - - -

- - - - - - - -

- - - - - - - -

- - - - - - - -

- - - - - - - -

- - - - - - - -

- - - - - - - -

- - - - - - - -

The above three data tables respectively display the cpu using condition of each second in the past 60 seconds, each minutes in the past 60 minutes and each quarter in the past 96 quarters. (“-“ means the moment that does not come).

Note

When the function of monitoring the CPU using condition is enabled, the task tCheckCpu collects the cup data ceaselessly (by default, the interval is 2 seconds), which occupies some resources of cpu. Therefore, if it is unnecessary to diagnose the CUP utilization of each task, you had better not enable the function of monitoring the CPU using condition.

Set CPU and Environment Alarm Temperature MP7500 router supports configuring the system CPU and environment alarm temperature. When CPU or MPU card environment temperature reaches the threshold value, the log appears and the trap is sent (trap needs to be configured). Meanwhile, the trap is sent to the SIU to display. The default threshold of the CPU and environment alarm temperature is 70℃.



Command Description Configuration Mode alarm temperature {cpu| environment } temperature

To configure the threshold of the local MPU card temperature

CONFIG

Set SIU Display Language MP7500 router supports configuring the SIU display language. By default, the SIU display language is English. You can configure it to Chinese.

Command Description Configuration Mode siu language {English |Chinese }

To configure the SIU language display

CONFIG

Set System Alarm Parameters MP7500 router supports configuring the parameters of the system alarm, including the shielding for the fault alarm of a level and un-shielding, as well as the alarm shielding time after pressing the button for clearing up the alarms.


sysAlarm shield time shieldTime

To configure the time for shielding the alarms of the system

CONFIG

sysAlarm shield type {minor|major|critical|all}

To configure the type of the shielded alarm

CONFIG

Note: The parameters of shielding system alarms are saved in the shelf and are not related to the configuration file. Therefore, the parameters need to be displayed via the following command.

show sysAlarm shield [time|type|CR]


time To display the time for shielding the alarms of the system

ENABLE

type To configure the type of the shielded alarm

ENABLE



Configure Rollback Function Configuring the rollback function means to restore the configuration to one backup configuration. The main functions are as follows:

1. Restore immediately when abnormality appears: After modifying some configurations, the user finds that some functions become abnormal, but do not know the reasons and which configuration causes the abnormality. Here, the user can perform the rollback operation to restore the configuration to the status before the problem appears. Compared with canceling a single command, using the rollback function to restore the previous configuration is faster and easier.

2. Return to the previous configuration: You can restore the configuration to the last running environment.

3. Restore the rescue configuration: If the rescue configuration file is saved (the configuration file may be the most stable and most reliable configuration which is used and verified by the user for a long time), any onsite person (even without technical background) can use the rescue configuration to perform the fast and safe rescue configuration rollback. This is used in case of emergency.

The configuration commands are as follows:


rollback [number|rescue] [confirmed [time] ]

To configure the rollback Number: It is the number of the configuration file to be rolled back. It is the number of the valid rollback configuration displayed according to the current generated configuration file automatically; Rescue: Roll back to the rescue configuration; Confirmed time: It means that you need to wait for confirming after rollback. If it is not confirmed, it restores automatically after 10 minutes.

enable

write [rescue]

To save the current configuration; the previous startup files are reserved as the rollback configuration files, that is, the backup startup files. Rescue means to save the current configuration as the rescue configuration.

enable

rollback-confirmed To confirm the rollback enable show rollback [ number | rescue | confirmed-status |

To display the rollback file Number: It is the number of the rollback configuration file to be

enable



auto-rollback-file ]

displayed. It is the number of the valid rollback configuration displayed according to the current generated configuration file automatically. If the number is not specified, display the current startup file by default; Rescue: to display the contents of the rescue configuration; confirmed-status: to display the status of the rollback confirming (whether it is still in the rollback confirming state; auto-rollback-file: the automatically rolled back configuration script file in the rollback confirmed state.

Note

1. The interfaces become up/down during the rollback. Currently, the operation of configuring rollback is to first clear the current script, and then configure the configuration file to be rolled back. There is an operation of clearing the current configuration, so it results in the up/down of the interfaces and the up/down of the dynamic route neighbor.

2. There are some risks. For example, if operating on telnet, clearing the configuration causes that the telnet cannot be connected. If the interface address is modified, the telnet cannot be connected forever.

Pagination Display Function When the device outputs the information, such as route table information, there may be much information. If it is not controlled, the device may output the information for a long time and cannot do other things. The pagination display function is to output only one page every time, and after inputting one control character (such as space), output the next page, that is, the information output can be controlled.

Besides, the extended output function is provided, that is, filter the displayed output contents or directly input to other medium. For example, filter and display according to the specified character string, save the displayed contents to other files, and transmit to the FTP server via FTP.

The related commands are as follows:




more { on | off | displine [num] | help }

To set the more switch, the number of the lines displayed on each screen, and the help information of displaying more; On: to open the switch of the more function; by default, it is opened; Off: to shut down the switch of the more function. The displayed contents are first re-directed and output to the temporary file. However, they are directly output, but not output in the format when being output. displine num: to set the number of the lines to be displayed on each screen. The default value is 24 lines. The value range is 5-50 lines. If the number of the characters on one line is larger than 80, it is regarded as two lines. Help: to display the using of some keystrokes of the more function.

enable

| {begin _LINE_ | include [context] _LINE_ | exclude _LINE_ | redirect {file filename | ftp [vrf vrf-name] host usr pwd filename } }

The extended subcommand is registered after the display command of the module. | more: the ID of the extended subcommand; begin _LINE_: to display starting from the specified character string;

Include [context] _LINE_: only to display the contents that contain the specified character string; if the context is added, the context of the specified contents are also be displayed; exclude _LINE_: to display the contents that exclude the specified character string; redirect file filename: to copy the displayed contents to the specified file (file name); redirect ftp [vrf vrf-name] host usr pwd filename: to transmit the displayed contents to the FTP server via ftp.

enable

Note

The more output extended command is registered by the display command of the module and serves as the subcommand of the display command of the module. Currently, only the display commands of some modules register the more extended subcommand.



Remote Login Service

telnet Overview MP routers provide telnet server/client function (the default service port is 23). Users can telnet to the router to operate via LAN or WAN. Up to 16 telnet users can be online at the same time. Users can configure the attributes of the telnet login via the command line vty.

Meanwhile, MP routers provide the commands of the telnet client. In the common user mode and the privileged user mode, users can execute the following command to telnet to a device.

Basic Commands The client command is as follows:


telnet To log into the specified remote host or device

enable config

telnet

The router can serve as the telnet client and can log into other devices that provide the telnet service remotely to perform operations.

telnet [vrf vrf-name] hostname/ip-address [port-number] [ipv4 | ipv6] [source-interface

interface]

Syntax Description

vrf-name To specify the VRF name

hostname/ip-address To specify the peer address

port-number To specify the peer port number

ipv4 If hostname uses the domain name, use the corresponding ipv4 address of the domain name first.



ipv6 If hostname uses the domain name, use the corresponding ipv6 address of the domain name first.

source-interface To specify the telnet source address to adopt the address of the specified interface

interface The specified source interface

【Default status】The default telnet service port is 23.

SSH MP routers provide a much more secure remote login service-SSH service (the service port is 22). It permits that at most 16 SSH login users at the same time. Users can configure the attributes of the ssh login via the command line ssh-vty.

Relate commands are as follows:


sshkeygen To generate a new SSH key-pair enable config

ip ssh server To enable the SSH service config

no ip ssh server To disable the SSH service config

show fingerprint To display the SSH key-pair enable



System Information Unit (SIU)

In Maipu routers, the main tasks of system information unit are:

Display the system information circularly in the idle mode

Query the system information in menu mode

Print real-time information in real time

Operation Methods System Information Unit (SIU) has five keystrokes, including up, down, right, left, and confirm. SIU has two modes to display information, including idle mode and menu mode. In idle mode, display the system information circularly. In menu mode, you can use the keystrokes on SIU to query various kinds of system information. In idle mode, you can press any key to enter into the menu mode; in menu mode, if there is no keystroke for 30 seconds or press the left key from the last-level menu, you can return to the idle mode.

The functions of the keystrokes in menu mode are as follows:

Keystroke Function Up Roll upward: select other menu or view other contents Down Roll downward: select other menu or view other contents

Left In the highest menu, exit the menu mode and enter into the idle mode; otherwise, exit to the upper-level menu.

Right Enter into the next-level menu. If there is no next-level menu, the right keystroke is unavailable.

Confirm The function is the same as the right keystroke.

Note

After pressing the keystroke every time, the background light is on for 10 seconds. If there is no keystroke to be pressed for 10 seconds, the background light turns off.



View Information Idle Mode In idle mode, display various kinds of system information circularly according to the specified order. During displaying, refresh the information every two seconds. The time for displaying the information varies with importance of the information.

In the idle mode, the displayed contents are as follows:

Name of Displayed Information

Displayed Contents

(MPU not work) MPU？？ Not used

MPU information (MPU is working) Master/slave mode of MPU CPU utilization of MPU CPU nucleus temperature of MPU Normal state of the CPU temperature of MPU (LPU at place, but cannot be identified) LPU？？unknown

LPU information (LPU at place and can be identified) LPU？？type LPU？？ Register status

Fan shelf information

Fan shelf？？ Fan shelf？？status

Power module information

Power module？？ Status Input voltage Input current

Routine information

Router type Company address Contact phone number Company website

Note

If the above information cannot be displayed on one screen, it is displayed on several screens.

Menu Mode In menu mode, you can use the keystrokes to select the menu to display various contents. During displaying, refresh the information every two seconds. If it is found that the menu does not exist during refreshing, exit to an existing menu.

In menu mode, the displayed contents are as follows:



Menu Name Displayed Contents Menu Level

System Menu

MPU information LPU information SIU information Fan information Power information Alarm information Log information Clear logs Routine information

Level-one menu

MPU list MPU list Level-two menu

(MPU not work) The MPU card is not used!

MPU information

(MPU is in the working state) MPU working mode Managed slot list CPU utilization CPU temperature CPU status MPU card temperature MPU temperature status Memory size Memory utilization Flash size Flash utilization Input voltage Serial number Hardware version CPLD version Software version CMM version

Level-three menu

(No LPU) No LPU information LPU list (has LPU) LPU list

Level-two menu

LPU information

LPU register status Input voltage Serial number Hardware version CPLD version CMM version

Level-three menu

SIU information

SIU register status Serial number Hardware version CMM version

Level-two menu

(no fan shelf) No fan shelf Fan shelf list (has fan shelf) Fan shelf list

Level-two menu

Fan shelf status Fan status Fan working status Level-three menu

Power module list

List the power modules Level-two menu

Power module information

Power module type Input voltage Input current Serial number Hardware version CMM version

Level-three menu

Alarm (No alarm information) Level-two menu



No alarm information information (Has alarm information)

All alarm information (No log information) No log information Log information

list (Has log information) Log information list

Level-two menu

Log information Display the specified log information (Up to 20 recent logs can be saved and are lost after restarting)

Level-three menu

Delete logs Confirm Cancel (Confirm or cancel and exit to the system menu)

Level-two menu

Routine information

Device type Company address Contact phone number Company website

Level-two menu

Note

In menu mode, if there are selectable menus, you can roll the menus circularly. If no selectable menus and only display data, you cannot roll circularly.

Display Real-time Information When the router runs and if there is real-time information to prompt the user, the SIU module can be used to prompt.

When SIU receives alarm information, use the lowest line on the screen to display the real-time information. Move one word to the left every 0.6 second until all information are moved out of the screen.

The SIU saves the real-time information as the log.

Note

1. When displaying the real-time information, the data at the lowest line of the displayed contents is blocked.

2. When displaying the information, clear the log and stop displaying the information immediately.



Embedded Event Platform (EEP)

Main contents:

Introduction to EEP

Basic commands of EEP

Application examples of EEP

Monitoring and debugging of EEP

Introduction to EEP Embedded Event Platform (EEP) is one extendable event detection and processing mechanism, which is provided directly in the device and can be customized by the user. EEP provides a method for the user to monitor specified event, get the information and set the action when the event happens.

The tracing and management of the event is executed outside the network devices traditionally. EEP provides a capability of performing the event management actively and directly, which is very useful. The communication between the device and the exterior network management device may fail, so not all event management can be done outside the device. When the event happens, take the restoring action immediately, collect the information and analyze the essential reason, which is very valuable for processing the fault. If the auto-restoring action of the device can be complete without restarting the device, the usability of the network is improved correspondingly.

EEP comprises three parts, including event detection layer, event message receiving and processing layer, and policy layer. The event detection layer filters and matches the set events in the policy and sends out event messages; the event message processing layer completes the corresponding processing according to the event type; the policy layer



completes the logical processing of the policy and executes the action specified by the policy.

EEP policy:

EEP policy is an entity and includes all actions that need be executed when the event is triggered and event happens.

EEP event:

Currently, EEP supports none event and timer event. The other events can be extended in the structure.

None event means that the policy needs to trigger the event by running the event platform run command manually.

Timer event can set four kinds of timer events as follows.

Countdown: The event happens when counting down the set time to 0. The event is triggered for only once. The set time cannot be re-set. The minimum unit is second.

Watchdog: The event happens when counting down the set time to 0. The event can be triggered many times. When the set time becomes 0, it is re-set to the initial value. The minimum unit is second.

Absolute: The event happens when the absolute calendar time reaches. The minimum unit is minute.

Calendar: The event happens when the set date and moment reach. The event can happen many times according to the set period. The minimum unit is minute.

EEP action

Currently, EEP supports the actions, including cli-command, reload, force-switchover, and syslog.

cli-command: Execute the commands of the command line interface (CLI);

Reload: Restart the control card (MPU) of the device;

Master: restart the master MPU;

Slave: restart the slave MPU.

Do not carry the optional parameters (restart master and slave MPU).



force-switchover: perform the master/slave switch of the device.

Syslog: writ the message to syslog.

Note

When the device does not have the corresponding slave card or does not support the set action, the CLI prompts not to support the action.

The EEP configuration includes the following three parts:

Configure policy;

Configure the event of triggering policy;

Configure the policy action;

Basic Commands Command Description Configuration

Mode event platform applet policy-name *To create the EEP policy or

modify the EEP policy config

event none *To configure the none event config-eep event timer { countdown time-value | watchdog time-value | absolute year month day time | calendar { per-month day time | per-week wday time | per-day time | per-hour minute }}

*To configure the timer event config-eep

action number cli-command cli-string *The action is to execute the specified CLI command.

config-eep

action number force-switchover *The action is to perform the master/slave MPU switch.

config-eep

action number reload [ master | slave ]

*The action is to reload. config-eep

action number syslog [ priority priority-level ] msg msg-text

The action is to write the message to syslog.

config-eep

event platform run policy-name *To run the specified policy manually

config

event platform suspend [policy policy-name]

*To stop executing all policies or one policy

config

Note

The symbol “*” before the command description means that there is the configuration example to describe the command in details later.



event platform applet

The command is used to create the EEP policy or enter into the EEP mode to modify the policy. The no format of the command is used to delete the EEP policy.

event platform applet policy-name

no event platform applet policy-name

Syntax Description

policy-name The policy name, comprising up to 31 characters.

【Default status】Not defined

event none

The command is used to specify that the configured policy can run manually and does not need the event triggering. The no format of the command is used to delete the none event.

event none

no event none


event timer

The command is used to set the triggered event of the EEP policy as the set timer event. The no format of the command is used to delete the timer event.

event timer { countdown time-value | watchdog time-value | absolute year month

day time | calendar { per-month day time | per-week wday time | per-day time | per-

hour minute }}

no event timer

Syntax Description

countdown To set one event happens when counting down the set time to 0; the time cannot be re-set. time-value —specify the interval before the event happens; the unit is second

watchdog To set one event happens when counting down the set time to 0. The event can be triggered many times. When the set time becomes 0, it is re-set to the initial value. time-value —specify the interval before the event happens; the unit is second

absolute To specify the absolute calendar time when one event happens year – the year in which the event happens; the value range is 2000-2100; month – the month in which the event happens; the value range is January to December; day – the day when the event happens; the value range is 1-31; time – the time when the event happens; the format is hh:mm[:ss], that is,



hour:minute [:second]; the value range of the hour, minute and second is 0-59.

calendar To specify that one event is triggered when the specified date and moment reach; the time set by the command is the calendar time; the minimum unit is minute. per-month day time –The event happens in the specified month; the event can be triggered once or many times in one month. The value range of Day is 1-31 and the format can be 1-5, 9, and 13; per-week wday time –The event happens in the specified weekday; the event can be triggered once or many times in one week. The value range of Day is 0-6; the Sunday is 0; the format can be 1-3 and 5-6; per-day time –The event happens in a specified moment of one day; the format is hh:mm[:ss], that is, hour:minute [:second]; the value range of the hour, minute and second is 0-59 per-hour minute –The event happens at the specified moment of each hour; the value range is 0-59.


action cli-command

The command is used to specify the action of executing the CLI command when the event is triggered. The no format of the command is used to delete the action.

action number cli-command cli-string

no action number

Syntax Description

number The serial number of the action; the policy actions are arranged and executed by ascending.

cli-string The executed CLI command; the first CLI command of one policy is executed in the config mode.


action force-switchover

The command is used to specify one action as the switchover of the master/slave MPU during policy triggering. The no format of the command is used to delete the action.

action number force-switchover

no action number

Syntax Description



Note



For the single-system device, the command is unavailable. The command is available on the device with the master/slave MPU switchover function.

action reload

The command is used to specify one action as the reload operation during the policy triggering. The no format of the command is used to delete the action.

action number reload [ master | slave ]

no action number

Syntax Description


master Only restart the master MPU card

Slave Only restart the slave MPU card

Do not specify optional commands

Restart all MPU cards; if it is the single-system device, restart the device.


Note

For the single-system device, the optional commands master and slave are unavailable. But on the device with master/slave MPU, the optional commands are available.

action syslog

The command is used to specify to execute the action of writing the message to syslog during the policy triggering. The no format of the command is used to delete the action.

action number syslog [ priority priority-level ] msg msg-text

no action number

Syntax Description


priority (Optional) to specify the priority of the syslog message. If the key word is selected, the priority needs to be specified later; if the key word is not selected, the default priority is informational.

1. priority-level— the number of the priorities or the name of the priority.

The value can be:

{0 | emergencies}—the system is unavailable; {1 | alerts}—need to take action immediately; {2 | critical}—critical statue



{3 | errors}—error statue {4 | warnings}—warning status {5 | notifications}—normal, but need notice {6 | informational}—only the informational message; it is the default level {7 | debugging}—debugging information

Msg To specify the messages that need to be logged 2. msg-text—the text character string


event platform run

The command is used to trigger the running policy manually and the policy event is the none event. The command does not have the no format.

event platform run policy-name


event platform suspend

The command is used to suspend all policies or one policy, that is, after the event is triggered, do not execute the specified action. The no format of the command is used to re-awaken the policy.

event platform suspend [policy policy-name]

no event platform suspend [policy policy-name]


Application Examples Application Example 1 Create the policy of triggering one timer event. After the event is triggered, execute the CLI command.

Related configurations:

Command Description router(config)#event platform applet aa To create the policy aa router(config-eep)#event timer calendar per-week 5-6 8:00

To configure the timer as 8:oo of every Friday and Saturday to trigger the event

router(config-eep)#action 10 cli-command ip route 11.0.0.0 255.0.0.0 45.0.0.1

When the event happens, add one route 11.0.0.0/8 45.0.0.1



router(config-eep)#action 20 cli-command ip route 12.0.0.0 255.0.0.0 46.0.0.1

When the event happens, add the second route 12.0.0.0/8 46.0.0.1

router(config-eep)#exit To exit the configuration of the policy

Application Example 2 Create the policy of triggering one timer event. After the event is triggered, execute the reload slave action.

Related configurations:

Command Description router(config)#event platform applet bb To create the policy bb router(config-eep)#event timer calendar per-week 6 22:00

To configure the timer as 22:00 of every Saturday to trigger the event

router(config-eep)#action 11 reload slave When the event happens, the executed action is to restart slave MPU

router(config-eep)#exit To exit the configuration of the policy router(config)#event platform suspend policy bb When you do not want the policy to

execute, suspend the policy.

Application Example 3 Create the policy of one none event; the policy action is to perform the master/slave MPU switchover. Run the policy manually.

Related configuration:

Commands Description router(config)#event platform applet cc To create the policy cc router(config-eep)#event none The policy does not have event. You can run the

policy only manually. router(config-eep)#action 10 force-switchover

When the event happens, perform the master/slave MPU switchover.

router(config-eep)#exit To exit the configuration of the policy router(config)#event platform run policy cc

Run the policy cc manually

Monitoring and Debugging Monitoring Command Command Description show eep policy registered [detail | INEXIST-EVENT [detail] | NONE-EVENT [detail] | TIMER-EVENT [detail]]

To display the EEP policy



Monitoring Command Example The configurations are the same as the application examples.

router# show eep policy registered

Displayed result:

EEP state: Running

PID PolicyState EventType EventState ActNum Name

============================================================

1 Running Timer Running 2 aa

event timer calendar per-week 5-6 08:00

action 10 cli-command ip route 11.0.0.0 255.0.0.0 45.0.0.1, state: Pending,

result: OK

action 20 cli-command ip route 12.0.0.0 255.0.0.0 46.0.0.1, state: Pending,

result: OK

2 Suspend Timer Running 1 bb

event timer calendar per-week 6 22:00

action 11 reload slave, state: Pending, result: OK

3 Running None 1 cc

event none

action 10 force-switchover, state: Pending, result: OK

router#

Description and analysis:

EEP state: Running –It is the EEP status. When the policy is not ever configured, the status is Init-finished and the resources of EEP such as tasks are not distributed. After configuring the policy, enable the resources such as tasks, and the status turns to Running. After configuring the event platform suspend command, the EEP status is Suspend.

PID –It is the ID of the policy, which is the natural number distributed by the system.

PolicyState –It is the policy status. The default status is Running. After configuring the suspend policy, the policy status is Suspend.



EventType –It is the event type, such as None event and Timer event.

EventState –It is the event status. When the event is Timer, display the timer status. When the timer is running, the status is Running. After the timer finishes, the status is Finished. When the timer fails to start or is not started, the status is Nostart.

ActNum –It is the total number of the actions of the policy.

Name –It is the name of the policy.

event –It is the event configuration of the policy.

action –It is the configurations of the action, and the status and execution result of the action.

Debugging Command Command Description (no) debug eep To enable/disable EEP debugging switch; The notice of

triggering the event and the execution result of the action can be displayed.



SNMP Proxy Server Configuration

Main contents:

Introduction to SNMP

Basic commands of SNMP

Configuration examples of SNMP

Introduction to SNMP SNMP (Simple Network Management Protocol) is a standard protocol to manage the Internet. Its purpose is to assure that the management information can be transmitted between the Network Management Station and the managed equipment——agent. It is convenient for the system manager to manage the network system.

SNMP adopts the tree labeling method to number each managed element and ensures that the number is exclusive. About the detailed information on SNMP protocol, refer to the materials about the TCP/IP protocol.

Basic Commands of SNMP Command Description Configuration

mode snmp-server start *To activate the SNMP network

management config

snmp-server community community-name [view view-name] {ro | rw} [access-list]

* To set the SNMP community name

config

snmp-server contact <LINE> To set the contact of the device manager

config



snmp-server context To set V3 context config snmp-server enable traps snmp [authentication | coldstart | warmstart | linkup | linkdown | [enterprise [rmon-falling | rmon-rising | snmp-agent-up | snmp-agent-down ] ] ]

*To enable the configuration of the snmp TRAP parameter

config

snmp-server host ip-address/host-name [traps] [community community-name] [version {1|2}] [vrf vrf-name]

* To set the host name or host address for receiving SNMP trap

config

snmp-server enable keepalive[IPsec|sync-config]

To enable snmp keepalive packet config

snmp-server location <LINE> To set the location of the device config snmp-server view view-name oid-string {include|exclude}

* To set the network management view

config

snmp-server AddressParam [address-name | paramIn] v3 user-name {noauth|authnopriv |authpriv}

* To set the address parameter config

snmp-server TargetAddress target-name ip-address port-num address-param taglist time-out retry-num

* To set the parameters of the destination address

config

snmp-server engineID {local engine-id} | {remote ip-address port-num [vrf vrf-name] engine-id [engineGroup]}

*To set the local and remote SNMPv3 entity engine

config

snmp-server engineGroup groupname usrname {noauth | authnopriv | authpriv}

To set engine group config

snmp-server trap-source ip-address

To set the source address of sending trap

config

snmp-server send To test sending a notify to the network management station

config

snmp-server group group-name v3 {noauth|authnopriv|authpriv} [notify notify-view] [read read-view] [write write-view]

* To set the user group config

snmp-server user user-name group-name [remote ip-address portnum] v3 [auth {md5|sha} password [encrypt des password]]

* To set the user config

snmp-server notify notify notify-name taglist inform

*To set the notify table config

snmp-server notify filter filter-name oid-subtree {exclude | include}

*To set the notify filtering table config

snmp-server notify profile filter-name address-param

*To set the notify filtering address mapping table

config

snmp-server ip-source ip-address

To set the source address of sending notify

config

snmp-server proxy proxyname {inform | trap | read | write} engineId address-param target-addr

To set the proxy forwarding config

Note



The symbol “*” before the command description means that there is the configuration example to describe the command in detail later.

snmp-server start

The command is used to enable the SNMP proxy to make the router be managed by the network management workstation. The no format of the command is used to disable the SNMP proxy.

snmp-server start

no snmp-server start

【Default status】The SNMP proxy is disabled.

Caution

1. After starting the device, the SNMP proxy server is disabled by default. Users have to use the command to enable the SNMP proxy.

2. When SNMP proxy is enabled, an initial view default and an initial community name public are configured.

snmp-server contact

The command is used to configure the contact of the device manager. The no format of the command is used to recover the default contact of the device manager.

snmp-server contact <LINE>

no snmp-server contact

Syntax Description <LINE> The contact mode of the device manager, which comprises up

to 255 characters

【Default status】Maipu Communications

snmp-server location

The command is used to set the location of the device. The no format of the command is used to restore the default location of the device.

snmp-server location <LINE>

no snmp-server location

Syntax Description <LINE> The location of the device, which comprises up to 255

characters



【 Default status 】 No.16, Jiuxing Avenue, High-tech Park, Chengdu, P.R.China 610041

Caution

1. To facilitate the management of a router, the above two commands can be configured on a router to make the network management station get the information about the router manager and the exact location of the router. By default, they are the full name and the address of the router’s manufactory.

2. The above two parameters can be displayed in the configuration script and show command only when they are modified and different from the default values.

snmp-server view

The command is used to configure the view of the SNMP proxy. The no format of the command is used to delete the view.

snmp-server view view-name oid-string {include|exclude}

no snmp-server view view-name oid-string

Syntax Description

view view-name To configure the name of the view

oid-string To specify the OID of the view

{include|exclude} To specify the attributes of the view Include: It means including all objects of the node; Exclude: It means excluding all objects of the node.

【Default status】snmp-server view default 1.3.6.1 include

Caution

An initial view default is configured when SNMP proxy is enabled. The OID is: 1.3.6.1; Include means all objects in the 1.3.6.1 sub-tree of MIB library are included; exclude means all objects except the 1.3.6.1 sub-tree of MIB library are excluded.

snmp-server community

The command is used to configure the community name of the SNMP proxy. The no format of the command is used to delete the community name.

snmp-server community community-name [view view-name] {ro | rw} [access-list]

no snmp-server community community-name

Syntax Description

community community- To set the community name



name

view view-name To specify the view of the community name

{ro | rw} To specify the operation right of the community name Ro: read-only; Rw: write and read

access-list To specify the access control list or name of the community name

【Default status】snmp-server community public view default ro

Caution

1. The parameter community-name is used to specify the name of the community which the router is going to add into. Usually, the community name should be the same as the community name configured on the network management station. Otherwise, the network management station cannot perform any operation on the router.

2. The parameter { ro | rw} is used to set the right of the network management station for operating the router. The parameter ro means read-only and rw means reading/writing.

3. The parameter view is used to specify the view range for the community. For Maipu routers, the parameter view does not need to be configured (just use the default value).

4. The parameter access-list is used to control the access of a host in a community name via the access control list; so only the hosts whose community names are the same as the router and permitted by the access control list of the router can manage the router (for details, refer to the Maipu router access control module).

snmp-server host

The command is used to configure destination address and the related parameters of the SNMP proxy sending TRAP.

snmp-server host ip-address/host-name [traps] [community community-name]

[version {1|2}] [vrf vrf-name]

no snmp-server host ip-address/host-name

Syntax Description

host ip-address/host-name To specify the IP address or name of the management workstation

traps To specify the sending type as traps community community-name To specify the community name version {1|2} To specify the version number of the trap packet vrf vrf-anme To specify the VRF name of sending trap

【Default status】No

Caution



1. The parameter ip-address/host-name represents the name or IP address of the destination to which the traps message is sent. Usually, it is the IP address or name of the host on which the network management program is installed. Note that the trap message is the message the router forwardly sends to the host on which the network management program is installed.

2. If the parameters after host are not configured, such as traps, community-name and version, the system adopts the default configuration: type—traps, community-name—public and version—2.

snmp-server trap-source

The command is used to configure the source address of sending the trap packet.

snmp-server trap-source ip-address

no snmp-server trap-source

Syntax Description

ip-address To specify the source ip address of sending the trap packet


Caution

The configured IP address must be the existing interface IP address in the system. Otherwise, the configuration fails.

snmp-server enable traps

The command is used to enable or disable the SNMP proxy to send trap.

snmp-server enable traps snmp [authentication | coldstart | warmstart | linkup |

linkdown | [enterprise [rmon-falling | rmon-rising | snmp-agent-up | snmp-agent-

down ] ] ]

no snmp-server enable traps snmp [authentication | coldstart | warmstart |

linkup | linkdown | [enterprise [rmon-falling | rmon-rising | snmp-agent-up | snmp-

agent-down ] ] ]

Syntax Description

snmp Toe enable/disable sending all TRAP of SNMP

authentication To enable/disable sending the failure trap of the SNMP authentication

coldstart To enable/disable sending the cold-start trap of the SNMP proxy; usually, it is because of restarting the device

warmstart To enable/disable sending the hot-start TRAP of the SNMP proxy;



here, the device is not restarted.

linkup To enable/disable sending UP TRAP of the interface link

linkdown To enable/disable sending DOWN TRAP of the interface link

enterprise To enable/disable sending all private TRAP defined by Maipu

rmon-failling To enable/disable sending RMON declining threshold TRAP

rmon-rising To enable/disable sending RMON increasing threshold TRAP

snmp-agent-up To enable/disable sending the starting TRAP of the SNMP proxy

snmp-agent-down To enable/disable sending the shutdown TRAP of the SNMP proxy

【Default status】All TRAP sending are disabled.

snmp-server enable keep-alive

The command is used to configure the router to send the configurations of the keep-alive information.

snmp-server enable keep-alive [IPsec | sync-config] ip_addr port interval

no snmp-server enable keep-alive [IPsec | sync-config] ip_addr port

Syntax Description

IPSec The keep-alive configuration used by the IPSec module

sync-config To configure the keep-alive configuration used synchronously

ip_addr The destination IP address

port The destination UDP port

interval The interval of sending the keep-alive packets


Caution

1. Keep-alive of IPsec is used by IPsec module to inform the network management server of IPsec information. If the network management server is not used, the command is invalid.

2. Keep-alive of Sync-config is used to detect the keep-alive between network management servers. The command forces the device and network management server to keep the communication. If they cannot communicate with each other normally, the system is re-started. Therefore, do not use the command if unnecessary.

snmp-server engineID

The command is used to configure the engine ID of the local or remote SNMPv3 entity.

snmp-server engineID local engine-id

snmp-server engineID remote ip-address port-num [vrf vrf-name] engine-id



no snmp-server engineID local

no snmp-server engineID remote ip-address port-num [engine-group]

Syntax Description

local engine-id The engine ID of the local SNMPv3 entity

remote The engine ID of the remote SNMPv3 entity, used for sending the notification

ip-address The IP address of the remote SNMPv3 entity

port-num The UDP port of the remote SNMPv3 entity

vrf vrf-name To specify the VRF name of the device sending packets to the destination entity

engine-group To specify the engine group to which the remote entity belongs, which is used to configure the auto-forwarding proxy


Caution

When configuring automatic proxy forwarding, users may not know the IP address of the proxy device. Here, users can just input 0.0.0.0 at the location of ip-address. Moreover, the automatic proxy forwarding cannot work without the keepalive mechanism.

snmp-server engineGroup

The command is used to configure the SNMPv3 engine group.

snmp-server engineGroup groupname usrname {noauth | authnopriv | authpriv}

Syntax Description

groupname The name of the engine group

username The user name

noauth | authnopriv | authpriv

The security level of the user: no-authentication and no encryption, authentication but no encryption, authentication and encryption.


Caution

The foregoing command is used to configure the automatic proxy forwarding. Before the command is configured, username needs to be configured in advance. The function of the command is to associate several engines (SNMPv3 entities) to an engine group. One user can be specified for each engine group. In this way, the username can be used to access any engine of the engine group. The parameter {noauth|authnopriv|authpriv} is used to explain the security level of the username, and should be consistent with the username.

snmp-server group



The command is used to configure the SNMPv3 group.

snmp-server group group-name v3 {noauth|authnopriv|authpriv} [notify notify-

view] [read read-view] [write write-view]

Syntax Description

group group-name The group name

v3 The security model of the group is SNMPv3. Currently, only the SNMPv3 security model is supported.


The security level of the group: no-authentication and no encryption, authentication but no encryption, authentication and encryption.

notify notify-view To configure the notify-view of the group.

read read-view To configure the read-view of the group.

write write-view To configure the write-view of the group.


Caution

In the SNMPv3, map a group-name, security information and message type (read, write or notify) into a MIB view. A given MIB view can determine whether a managed object can be accessed. At the same time, several SNMPv3 users can be associated to the group. The configuration of the group can strengthen the SNMPv3 access control.

snmp-server user

The command is used to configure the SNMPv3 user.

snmp-server user user-name group-name [remote ip-address portnum] v3 [auth

{md5|sha} password [encrypt des password]]

Syntax Description

user user-name The user name

group-name The name of the group to which the user belongs

remote ip-address portnum The IP address and port-number of the remote user

v3 The security model of the user is v3

auth {md5|sha} password To configure the authentication protocol of the user as MD5 or SHA, and specify the password.

encrypt des password To configure the encryption protocol of the user as DES, and specify the password.


Caution

1. Configure an USM-based (User security mode) SNMPv3 user, and save the identification and encryption information of each user. Note that the encryption protocol cannot be configured until the authentication protocol is configured. For a remote user (‘Remote’ is relative to the local SNMPv3 entity. If the local SNMPv3 entity



wants to communicate with another snmpv3 entity, another snmpv3 entity is called ‘remote’ snmpv3 entity. This is involved in Notify and Proxy), the IP address and UDP port-number of the remote user still need to be specified.

2. When configuring the remote user, you should configure the engineID of the remote SNMP entity of the user at first. Moreover, each user should correspond to a group. Only in this way, can a security model and security name be mapped into a group name by means of the view-based access control.

3. When configuring automatic proxy forwarding, users may not know IP address of the proxy device. Here, users can just input 0.0.0.0 at the location of ip-address. Moreover, the automatic proxy forwarding cannot work without the keepalive mechanism.

snmp-server context

The command is used to configure the SNMPv3 proxy to forward the context environment name.

snmp-server context context－name

Syntax Description

context-name The character string of the SNMPv3 context envrionment


Caution

The context environment name is used only in the proxy forwarding. It does not need to be configured on the proxy device, but only needs to be configured on the surrogated device. However, configuring the context environment name on the surrogated device is not mandatory. If the context environment name is configured on the surrogated device, you need to specify the context environment name in the proxy forwarding configuration of the proxy device.

snmp-server AddressParam

The command is used to specify the SNMP parameters used when generating a notification message to the destination address, such as security model and security level.

snmp-server AddressParam [address-name |paramIn] v3 user-name

{noauth|authnopriv |authpriv}

no snmp-server AddressParam address-name



Syntax Description

addressparam address-name

The name of the address parameter

paramIn To configure dynamic proxy forwarding

v3 The security model of the message processing is v3 when generating the SNMP messages.

user-name The user name corresponding to the address parameter


To specify the security level of the user, including no-authentication and no-encryption, authentication but no-encryption, and authentication and encryption.


Caution

Some MIB tables are defined in SNMPv3 to configure the destination to which the notify-message is sent. The address parameter table defines the SNMP parameters that should be used when a message (notification) is generated. These parameters include message processing model, security model, security level, and security name.

snmp-server TargetAddress

The command is used to specify the destination address used when generating the SNMP notification message.

snmp-server TargetAddress target-name ip-address port-num address-param

taglist time-out retry-num

Syntax Description

TargetAddress target-name

The name of the notification destination address

ip-address The IP address of the notification destination entity

port-num The UDP port number of the destination entity

address-param The name of the corresponding address parameter

taglist The list of the notification tags

time-out The timeout for waiting the response after sending out the notification

retry-time The retransmission times after the notification times out


Caution

1. The destination address table is used to specify the destination that is used when the SNMP message is generated. (Note that TargetAddress and AddrssParam cannot be configured until the local SNMPv3 entity accesses the other (remote) SNMPv3 entity).

2. address-param is the address parameter name that is configured in the address parameter table; taglist, which can be configured with multiple values spaced by commas, is used to identify the



destination address to which the notification is sent and the message is forwarded.

snmp-server notify notify

The command is used to configure the SNMPv3 notification table.

snmp-server notify notify notify-name taglist inform

Syntax Description

notify-name The notification name, which is the unique identifier of the notification table

taglist The tag value, corresponding to the tag list configured in the address table.

inform To specify the type of the notification message as inform


Caution

In SNMPv3, the destination address needs to be specified when a notification is sent. Whether the notification message is sent to a destination address depends on whether the created filter contains the destination address.

snmp-server notify filter

The command is used to configure the SNMPv3 notification filtering table.

snmp-server notify filter filter-name oid-subtree {exclude | include}

Syntax Description

filter-name The name of the notification filtering

oid-subtree The OID of the MIB sub tree

{exclude | include} Whether the object under the MIB sub-tree can send the notification: exclude: not send the notification; include: send the notification;


Caution

The notification filtering table defines a filter that can determine whether a message should be sent to one destination address.

snmp-server notify profile

The command is used to configure the SNMPv3 notification filtering address mapping table.



snmp-server notify profile filter-name address-param

Syntax Description

filter-name The name of the notification filter

address-param The address parameter name


Caution

The notification configuration table is used to relate the address parameter table to the notification filtering table. If both a notification filtering table and a notification configuration table are defined, the SNMP proxy can detect the object OID when sending a notification. If the object OID is contained in the defined MIB sub-tree, the notification is sent. Otherwise, the notification cannot be sent.

snmp-server ip-source

The command is used to configure the source address of the SNMPv3 notification.

snmp-server ip-source ip-address

Syntax Description

ip-address The specified source address of the SNMPv3 notification


Caution

The configured notification source address must be the existing interface IP address.

snmp-server proxy

The command is used to configure the SNMPv3 forwarding proxy. The purpose of SNMP proxy forwarding is to forward the SNMP request to other SNMP entity. To do it, it may be necessary to convert one version to another version or convert one transmission domain to another transmission domain. The SNMP on Maipu device can realize nothing but the v3-to-v3 forwarding, which is applied to the conversion from one transmission domain to another transmission domain.

snmp-server proxy proxyname {inform | trap | read | write} engineId address-

param target-addr

Syntax Description

proxyname The name of the forwarding configuration

{inform | trap |read | write}

The packet attribute that needs to be matched



engineId The engine ID that needs to be matched

address-param The name of the address parameter that needs to be matched

target-addr The name of the destination address for forwarding


Caution

In the above table, the trap and inform of the packet attributes are not supported.

Application Examples Configure SNMPv1/v2

ROUTERPC

SNMPv1/v2 configuration

Illustration

The PC in the network management workstation uses the SNMPv1/v2 to access the router; the address of the PC in the network management workstation is 128.255.40.33; the address of the router is 128.255.40.32.

Configure the router as follows:

Command Description router(config)#snmp-server start To enable the SNMP proxy server router(config)#snmp-server view test 1.3.6.1.2 include

To configure a view named test; the view contains the node 1.3.6.1.2; when the SNMP proxy is enabled, the system initiates one default view named default, which contains the node 1.3.6.1

router(config)#snmp-server community private rw To configure the community name named private, which can be read and write; after the SNMP proxy is enabled, the system initiates a read-only communicaty name named public

router(config)#snmp-server host 192.168.0.1 version 1

To configure the host with the destination address as 192.168.0.1,



which receives the version 1 TRAP router(config)#snmp-server host 128.255.40.33 traps community private version 2

To configure the host with the destination address as 128.255.40.33, which receives the version 2 TRAP

router(config)#snmp-server enable traps snmp To enable all TRAP sending of SNMP

After the configurations, the network management workstation can use the SNMPv1 or v2 to access and set the device. The workstation 192.168.0.1 and 128.255.40.33 can receive the v1 and v2 TRAP from the device.

Configure SNMPv3

SNMPv3 configuration

Illustration

The PC in the network management workstation uses the SNMPv3 to access the router; the address of the PC in the network management workstation is 128.255.40.33; the address of the router is 128.255.40.32.

Configure the router as follows:

Command Description router(config)#snmp-server start To enable the SNMP proxy server router(config)#snmp-server engineID local aa12345678

To configure the engine ID of the local SNMPv3 entity as aa12345678

router(config)#snmp-server group maipu v3 authpriv read default write default notify default

To configure one SNMPv3 entity group; the name is maipu; the security model is v3; the authentication and encryption are needed; the read, write and notify views are default.

router(config)#snmp-server user user1 maipu v3 auth md5 123456 encrypt des 123456

To configure one user, the name is user1; the user belongs to the group maipu; the security model is v3; the authentication algorithm is MD5; the password is 123456; the encryption algorithm is DES; the password is 123456

After the above configurations, the network management workstation can use the SNMPv3 to access and set the device.



Configure SNMPv3 Notification

SNMPv3 notification configuration

Illustration

Configure the SNMPv3 notification parameters on the router; use the network management workstation to receive the SNMPv3 notification message from the router. The address of the PC in the network management workstation is 128.255.40.33; the address of the router is 128.255.40.32.

Compared with the SNMP TRAP configuration, the SNMPv3 notification configuration is a little complicated. Configure the router as follows:



router(config)#snmp-server engineID remote 128.255.40.33 162 bb87654321

To configure one remote engine ID; the destination address is 128.255.40.33/162

router(config)#snmp-server group maipu v3 authpriv read default write default notify default

To configure one SNMPv3 entity group; the name is maipu; the security model is v3; the authentication and encryption are needed; the read, write and notify views are default

router(config)#snmp-server user user1 maipu v3 auth md5 123456 encrypt des 123456

To configure one local user, the name is user1; the user belongs to the group maipu; the security model is v3; the authentication algorithm is MD5; the password is 123456; the encryption algorithm is DES; the password is 123456

router(config)#snmp-server user re-user maipu remote 128.255.40.33 162 v3 auth md5 123456 encrypt des 123456

To configure one remote user; the name is re-user; the user belongs to the group maipu; the security model is v3; the authentication algorithm is MD5; the password is 123456; the encryption algorithm is DES; the password is 123456

router(config)#snmp-server notify notify maipu tag1 inform

To configure one notification named maipu and the tag list as tag1

router(config)#snmp-server AddressParam mp-param v3 re-user authpriv

To configure one address parameter; the name is mp-param; the security model is v3; the authentication and encryption are needed



router(config)#snmp-server TargetAddress mp-target 128.255.40.33 162 mp-param tag1 10 3

To configure one destination address; the name is mp-target; the destination address is 128.255.40.33/162; the corresponding address parameter is mp-param; the timeout re-transmission interval is 10 seconds; the re-transmission times is three.

router(config)# snmp-server notify filter mp-filter 1.3.6.1.3 exclude

To configure one notify filter named mp-filter and exclude the notifications of all objects in the node 1.3.6.1.3

router(config)#snmp-server notify profile mp-filter mp-param

To configure the notification configuration table; associate the notification filtering table with the address parameter

Configure SNMPv3 Proxy Forwarding

SNMPv3 proxy forwarding configuration

Illustration

Router 1 is the proxy forwarding device; the surrogated forwarding device is router 2; use the proxy forwarding function of the proxy device router 1 to get the device information of the surrogated forwarding device router 2; the address of the PC in the network management workstation is 128.255.40.33; the address of router 1 is 128.255.44.23; the address of router 2 is 128.255.40.32.

Configure the surrogated device router 2 as follows:

Command Description router(config)#snmp-server start To enable the SNMP proxy server router(config)# snmp-server engineID local ffff2692 To configure the engine ID of the local

SNMPv3 entity as ffff2692 router(config)# snmp-server view internet 1.3.6.1 include

To configure the internet view

router(config)#snmp-server group g1 v3 authpriv read internet write internet notify internet

To configure one SNMPv3 entity group; the name is g1; the security model is v3; the authentication and encryption are needed; the read, write and notify views are internet.

router(config)#snmp-server user u2692 g1 v3 auth md5 maipu encrypt des maipu

To configure one user, the name is u2692; the user belongs to the group g1; the security model is v3; the



authentication algorithm is MD5; the password is maipu; the encryption algorithm is DES; the password is maipu

router(config)#snmp-server context mp2692 To configure the context environment name

Configure the proxy device router 1 as follows:



router(config)#snmp-server engineID remote 128.255.40.32 161 ffff2692

To configure one remote engine ID; the destination address is 128.255.40.32/161

router(config)# snmp-server view internet 1.3.6.1 include

To configure the internet view

router(config)#snmp-server group maipu v3 noauth read internet write internet notify internet

To configure one SNMPv3 entity group, which is used for the local user; the name is maipu; the security model is v3; the authentication is needed, but no encryption; the read, write and notify views are internet

router(config)#snmp-server group mp2692 v3 authpriv read default write default notify default

To configure one SNMPv3 entity group, which is used for the remote user; the name is mp2692; the security model is v3; the authentication and encryption are needed; the read, write and notify views are default

router(config)#snmp-server user maipu maipu v3 To configure one local user; the name is maipu; the user belongs to the group maipu; the security model is v3; no authentication and no encryption

router(config)#snmp-server user u2692 mp2692 remote 128.255.40.32 161 v3 auth md5 maipu encrypt des maipu

To configure one remote user; the name is u2692; the user belongs to the group mp2692; the security model is v3; the authentication algorithm is MD5; the password is maipu; the encryption algorithm is DES; the password is maipu

router(config)#snmp-server AddressParam pmaipu v3 maipu noauth

To configure one local address parameter; the security model is v3; the specified user is the local user maipu

router(config)#snmp-server AddressParam p2692 v3 u2692 authpriv

To configure one remote address parameter; the name is u2692; the security model is v3; the authentication and encryption are needed; specify the remote user u2692

router(config)#snmp-server TargetAddress t2692 128.255.40.32 161 p2692 tag2692 10 2

To configure one destination address; the name is t2692; the destination address is 128.255.40.32/161; the corresponding address parameter is p2692; the timeout re-transmission interval is 10 seconds; the re-transmission times is two.



router(config)#snmp-server context mp2692 To configure the context environment name

router(config)#snmp-server proxy prox2692 READ ffff2692 pmaipu t2692 mp2692

To configure the proxy forwarding; the name is prox2692; the operation is read; the specified remote engine ID is fff92f; use the address parameter pmaipu; the context environment name is mp2692

Caution

1. The surrogated device monitors packets at the UDP port 161, so the proxy forwarding configuration is different from the notification configuration. The port should be specified as 161.

2. In the remote user configuration of the proxy forwarding, the group attribute, security model, and the authentication and encryption algorithm should be consistent with the local user of the surrogated device.

Monitoring and Debugging Monitoring Command Command Description show snmp-server To display some statistics information about the network

management proxy of the router show snmp-server community

To display the information about the community into which the router is added

show snmp-server host To display the information about the destination of sending the traps information set on the router

show snmp-server view To display the view set on the router (usually, the view comprises several sub tree nodes)

show snmp-server engineID

To display the engine IDs configured in the router, including remote and local engine IDs

show snmp-server group To display the SNMPv3 user group configured in the router

show snmp-server user To display the SNMPv3 users configured in the router

show snmp-server AddressParams

To display the notification address parameter table configured in the router

show snmp-server TargetAddress

To display the notification destination address table configured in the router

show snmp-server notify notify To display the notification table configured in the router

show snmp-server notify filter

To display the notification filtering table configured in the router

show snmp-server notify profile

To display the notification configuration table configured in the router

show snmp-server engineGroup To display the engine group configured in the router



show snmp-server context To display the context parameters configured in the router

show snmp-server contact To display the contacts of the router manager

show snmp-server location To display the physical location of the router

show snmp-server proxy To display the proxy forwarding table configured in the router

show snmp-server reg-list To display the modules that register the MIB in the router

Monitoring Command Example router# show snmp-server

Displayed result:

0 SNMP packets input:

0 Bad SNMP version errors

0 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Set-request PDUs

2 SNMP packets output:

0 Too big errors

0 No such name errors

0 Bad values errors

0 General errors

0 Response PDUs

2 Trap PDUs

0 SNMPv3 Reports:

0 Unknown Security Models

0 Invalid Msgs

0 Unknown PDUHandlers

0 Unavailable Contexts

0 Unknown Contexts

0 Unsupported SecLevels



0 Not In TimeWindows

0 Unknown UserNames

0 Unknown EngineIDs

0 Wrong Digests

0 Decryption Errors


The above information shows that the router does not receive the SNMP packets, two SNMP packets are sent and the sent are the trap packets. The information described by SNMPv3 Reports is the error information statistics when processing the SNMPv3 packets.

router# show snmp-server community

Displayed result:

Community Name Relating View Index Access Right ACL-name

public 1 Read-Only

private 1 Read-Write


Community Name: the name of the community to which the router is added;

Relating View Index: the related view index;

Access Right: the operation authority of the corresponding community for the router;

ACL-name: the corresponding access control list name of the community;

The above information shows that the router is added into the public and private communities. The view index of the public community is 1. The operation authority of the network management workstation that is added into the public community for the router is read-only. The view index of the private community is also 1; the operation authority of the network management workstation that is added into the private community for the router is read and write. The two communities are not configured with the access control.

router# show snmp-server contact

Displayed result:

Maipu Communications




The displayed information shows that the device is not configured with the new contact of the manager and still adopts the default configuration of the system.

router# show snmp-server location

Displayed result:

No.16, Jiuxing Avenue, High-tech Park, Chengdu, P.R.China 610041


The displayed information shows that the device is not configured with the new contact of the manager and still adopts the default configuration of the system.

router# show snmp-server host

Displayed result:

Trap destination Community Trap-Switch Informs-Switch Version

128.255.254.55 public ON OFF Ver 2

mp-12434 public ON OFF Ver 2


The displayed information shows that the router is configured with the destinations of two trap messages, that is, 128.255.254.55 and mp-12434.

router#show snmp-server view

Displayed result:

SNMP View List:

View Name View index view operator subtree filter oids

default 1 include 1.3.6.1


The displayed information shows that the router is configured with one view. The view name is default; the view index is 1. It contains all nodes in the sub tree 1.3.6.1 (the view is the default configuration of the router’s SNMP proxy).



router#show snmp-server engineID

Displayed result:

Local engine ID: 12345678

IPAddress: 1.1.1.1.0.162 remote engine ID: abcdef1234


The displayed information shows that the router is configured with two engine IDs. One is the local engine ID and the other is the remote engine ID.

router#show snmp-server group

Displayed result:

GroupName: group1 SecModel:v3,SecLevel:authpriv

Read View: readview

Write View: writeview

Notify View: notifyview


The displayed information shows that the router is configured with one group, the group name is group1, the security model is v3, the security level is authentication and encryption, the read view is readview, the write view is writeview, and the notify view is notifyview.

router#show snmp-server user

Displayed result:

SNMP User List:

User Name SecLevel Status EngineID

===========================================================

user1 AuthPriv active 12345678

user2 AuthPriv active abcdef1234


The displayed information shows that the router is configured with two users, the security level is authentication and encryption, and the corresponding engine IDs are 12345678 and abcdef1234. It shows that user1 is the local user and user2 is the remote user.



router#show snmp-server AddressParams

Displayed result:

SNMP TargetAddressParam List:

ParamName User Name MP_model SecurityModel SecurityLevel

============================================================

======

addparam1 user2 v3 USM authpriv


The displayed information shows that the router is configured with the address parameter named addparam1, the corresponding user is user2, the message processing model is v3, the security model is USM, and the security level is authentication and encryption.

router#show snmp-server TargetAddress

Displayed result:

TargetAddressList:

===================================================

Name: target1

Address: 1.1.1.1.0.162

ParamName: addparam1

TagList: tag1 tag2

TimeOut(sec) :2

RetryCount :2

===================================================


The displayed information shows that the router is configured with the destination address named target1, the destination address is 1.1.1.1, the UDP port number is 162, the tag list is tag1 and tag2; the timeout is 2 seconds, and the retransmission times is 2.

router#show snmp-server notify notify

Displayed result:

SNMP Notify List:

Name Tag Type

========================================================



notify1 tag1 inform


The displayed information shows that the router is configured with one notification named notify1, the corresponding tag is tag1, and the message type is inform.

router#show snmp-server notify filter

Displayed result:

SNMP Notify Filter List:

Name FilterSubtree Type

============================================================

=

filter1 1.3.6.1 include


The displayed information shows that the router is configured with one notification filtering named filter1, which contains all nodes in the MIB sub tree 1.3.6.1.

router#show snmp-server notify profile

Displayed result:

SNMP Notify Profile List:

Name ParamName Status

============================================================

=

filter1 addparam1 Active


The displayed information shows that the notification filter named filter1 is associated to the address parameter named addparam1.

router#show snmp-server reg-list

Displayed result:

VPDN

secondary IP Address



NAT

QoS

ModemControl

ModemControl

ModemControl

backup

DDR

MULTILINK

DLSw

QLLC

NIA

Bridge

SNTP

snmpProxy

snmpTargetAddr

TaskMib

sysMemoryMib

Mib2If

Mib2Sys

Mib2IpATran

Mib2Ip

Mib2Icmp

Mib2TCP

Mib2UDP

Mib2Snmp

PanelTableMib

cE1TimeslotsMib

MPFileTableMib

MPFileVersionMib

MpSnmpAgentMib

RtrCommand

RmonAlarm

RmonEvent

RmonLog

MpSysCpu

ifXTable

MPIfStatByPriority




The displayed information shows that the MIB module is registered in the system.

Debugging Commands Command Description (no) debug snmp-server all To enable/disable all debugging switches of the SNMP proxy (no) debug snmp-server groupget

To enable/disable the operation debugging switch of the simple variable GET of the SNMP proxy

(no) debug snmp-server groupset

To enable/disable the operation debugging switch of the simple variable SET of the SNMP proxy

(no) debug snmp-server tblgetnext

To enable/disable the operation debugging switch of the table variable GET/NEXT of the SNMP proxy

(no) debug snmp-server tblset

To enable/disable the operation debugging switch of the table variable SET of the SNMP proxy

(no) debug snmp-server response

To enable/disable the response debugging switch of the SNMP proxy

(no) debug snmp-server trap

To enable/disable the debugging switch for sending TRAP of the SNMP proxy

(no)debug snmp-server proxy

To enable/disable the forwarding debugging switch of the SNMP proxy

Debugging Command Examples 1. View the debugging information of reading the simple MIB objects via

the network management workstation by using the command debug snmp groupget, debug snmp-server tblgetnext, and debug snmp response:

A. Enable the command debug snmp groupget and debug snmp response.

router#debug snmp-server groupget

router#debug snmp-server response

Displayed Result Analysis 00:32:35: [tSnmpd]SNMP:from 128.255.40.33,Begin:117318 To receive the network

management request from the workstation 128.255.40.33

00:32:35: [tSnmpd]SNMP v3 decode: input engineID is NULL, report local engineID! 00:32:35: [tSnmpd]SNMP:Oid num:1 00:32:35: [tSnmpd]SNMP: to 128.255.40.33,End:117318,Lasted:0

The received is SNMPv3 request packet; begin to process the engine ID discovery packet; return the local engine ID of the device to the workstation.

00:32:35: [tSnmpd]SNMP:from 128.255.40.33,Begin:117320 00:32:35: [tSnmpd]SNMP:Oid num:1 00:32:35: [tSnmpd]SNMP:SCALAR variables GET request

To receive a simple variable GET request from 128.255.40.33

00:32:35: [tSnmpd]SNMP:receive OID: system.1.0 The object that network



management workstation wants to get is mib-2.system.1.0 (sysDescr)

00:32:35: [tSnmpd]SNMP:response: 00:32:35: [tSnmpd] STRING:MyPower (R) Operating System Software MP7500 version 6.0.6(h01-m7-u)(integrity), compiled on Apr 25 2007, 08:10:05 Copyright (C) 1999 Maipu (Sichuan) Communication Technology Co., Ltd. All Rights Reserved. 00:32:35: [tSnmpd]SNMP: to 128.255.40.33,End:117320,Lasted:0

The SNMP proxy sends the response packet and displays the contents of the returned character string, that is, the description information of the system.

B. Enable the command debug snmp tblgetnext and debug snmp response

router#debug snmp-server tblgetnext






00:40:42: [tSnmpd]SNMP:from 128.255.40.33,Begin:146528 00:40:42: [tSnmpd]SNMP:Oid num:22 00:40:42: [tSnmpd]SNMP:TABULAR variables GET-NEXT request

To receive the table variable GET-NEXT request from 128.255.40.33

00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.1.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] INTEGER:1 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.2.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] STRING:gigaethernet0 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.3.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] INTEGER:6 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.4.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] INTEGER:1500 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.5.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:1000000000 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.6.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] IFPHYADDR:00:11:00:02:00:03 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.7.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] INTEGER:1 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.8.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] INTEGER:1 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.9.1

The received request object; the table is mib-2.interfaces.iftable. The SNMP proxy sends the response packet and displays the returned data type and contents.



00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:0 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.10.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:51414 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.11.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:11 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.12.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:634 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.13.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:0 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.14.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:0 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.15.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:0 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.16.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:168 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.17.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:4 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.18.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:0 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.19.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:0 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.20.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:0 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.21.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] Counter:0 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.22.1 00:40:42: [tSnmpd]SNMP:response: 00:40:42: [tSnmpd] OBJECT:0.0 00:40:42: [tSnmpd]SNMP: to 128.255.40.33,End:146528,Lasted:0

2. View the debugging information of reading the simple MIB objects via the network management workstation by using the command debug snmp groupset，debug snmp-server tblset, and debug snmp response.

A. Enable the command debug snmp groupset and debug snmp response.

router#debug snmp-server groupset



management request from the workstation



128.255.40.33 00:50:35: [tSnmpd]SNMP v3 decode: input engineID is NULL, report local engineID! 00:50:35: [tSnmpd]SNMP:Oid num:1 00:50:35: [tSnmpd]SNMP: to 128.255.40.33,End:182134,Lasted:0


00:50:35: [tSnmpd]SNMP:from 128.255.40.33,Begin:182136 00:50:35: [tSnmpd]SNMP:Oid num:1 00:50:35: [tSnmpd] Set STRING: Maipu(Sichuan) Communication Technology Co. Ltd. 00:50:35: [tSnmpd]SNMP:TABULAR variables SET request 00:50:35: [tSnmpd]SNMP:receive OID: system.4.0 00:50:35: [tSnmpd]SNMP: to 128.255.40.33,End:182136,Lasted:0

To receive a simple variable SET request from 128.255.40.33; the set object is system.4.0(sysContact); the set contents is a character string: Maipu(Sichuan) Communication Technology Co. Ltd.

B. Enable the command debug snmp tblset and debug snmp response.

router#debug snmp-server groupset






01:05:37: [tSnmpd]SNMP:from 128.255.40.33,Begin:236251 01:05:37: [tSnmpd]SNMP:Oid num:1 01:05:37: [tSnmpd]SNMP:TABULAR variables SET request 01:05:37: [tSnmpd]SNMP:receive OID: ifEntry.7.2 01:05:37: [tSnmpd]SNMP: to 128.255.40.33,End:236252,Lasted:1

To receive a table variable SET request from 128.255.40.33; the set object is ifEntry.7.2 (ifAdminStatus)

3. View the debugging information of the SNMP proxy sending TRAP via the command debug snmp trap.

Enable the command debug snmp trap.

router#debug snmp-server trap

Displayed Result Analysis 01:12:11: [tSnmpd] Notify has sent to 128.255.40.33 port:162 from 0.0.0.0 port:161

To send a SNMP v3 notification to the workstation with address as 128.255.40.33 and port number as 162

01:12:11: [tSnmpd]SNMP:Trap send to host 128.255.40.33, host To send a trap with the



community:private community name as private to the workstation with address as 128.255.40.33

01:12:11: [tSnmpd]SNMP:Trap send to host 192.168.0.1, host community:public

To send a trap with

the community name as

public to the

workstation with address

as 192.168.0.1



RMON

Main contents:

Introduction to RMON

Basic commands of RMON

Configuration examples of RMON

Introduction to RMON RMON defines a set of MIB which is used to define standard network monitoring functions and interfaces, so that the SNMP-based management terminal can communicate with the remote monitor. Besides lightening the burden of managing terminal and other proxies, RMON provides an effective method to monitor the behaviors within the subnet range.

RMON MIB has 10 groups:

statistics: maintain the low utilization and error statistics for the subnets monitored by each proxy

history: record the samples of the periodical statistics information that is taken out from the statistics group

alarm: Permit the administration Console user to configure the sampling interval and alarm when the values of any counters or integers (recorded by the RMON proxy) exceed the threshold value.

host: include the input/output traffics of various types of hosts adhering to the subnet

hostTopN: include the stored statistic information of hosts, some parameters in the host tables of these hosts are the highest

matrix: show error and utilization information in the form of matrix, so that the operator can use any address pair to search information



filter: permit the monitor to monitor the packets matched with the filter

capture: manage how to send the data to the administration console platform

event: present the table of all events generated by the RMON proxy

tokenRing: maintain the statistic and configuration information of a subnet which is a token ring

Note

Currently, all routers support alarm (alarm group) and event (event group). Besides, MP7500 supports history (history group) and statistics (statistics group) of the Ethernet interface.

Basic Commands of RMON Command Description Confoguration Modermon To activate the RMON tasks config no rmon To cancel the RMON tasks config rmon alarm To configure the RMON alarms config rmon event To configure the RMON event config rmon history To configure the RMON history group config rmon statistics To configure the RMON statistics group config

rmon alarm

rmon alarm alarm-num OID interval {absolute|delta} risingthreshold rising-

threshold rising-event fallingthreshold falling-threshold falling-event

Syntax Description alarm-num The serial number of the alarm

OID The object instance that needs to be monitored remotely; currently, only the interface table ifEntry.[10-21] in MIB-2 is supported (the index needs to be added after the object oid)

interval The time interval for sampling the value of parameter <OID>; the unit is second; the value range is 1-65536

absolute | delta The sampling type is absolute value/relative value

risingthreshold rising-threshold

The rising threshold; the value range is 0-2147483647

rising-event The serial number of the event that is going to take place when the rising threshold is triggered (the default value is 1)

fallingthreshold falling-threshold

The falling threshold ; the value range is 0-2147483647

falling-event The serial number of the event that is going to take place



when the falling threshold is triggered (the default value is 1)

rmon event

rmon event event-num description event-description log max-num owner owner

trap community

Syntax Description event-num The serial number of the event

description event-description The event description

log max-num To record in the log, and set the maximum number of the items to be recorded

owner owner The event owner

trap community To send the trap information to the remote destination and specify the community name

rmon statistics

rmon statistics ethernet statistics-num OID [owner owner]

Syntax Description statistics -num The serial number of the alarm


owner owner To configure the owner of the statistics group

rmon history

rmon history control history-num OID buckets-num [interval intervaIlI] [owner

owner]

Syntax Description history-num The serial number of the history group


interval interval The time interval for sampling the value of parameter <OID>; the unit is second; the value range is 1-3600; the default value is 1800

owner owner To configure the owner of the history group



Application Example On the router, perform RMON on the interface fastethernet0 of the OID object 1.3.6.1.2.1.2.2.1.10 (suppose that the interface index of the interface g0 is 1 and the object instance is 1.3.6.1.2.1.2.2.1.10.1).

It is required to sample the absolute value of the object instance every 5 seconds. The rising threshold value and the falling threshold value are 5000. If the sampled result triggers the threshold value, send the trap information to the community public. Meanwhile, record in the log of the router. At most 100 items can be recorded. The detailed configurations are:

Command Description router#configure terminal To enter into the configuration mode router(config)#rmon To enable the RMON router(config)#rmon alarm 1 1.3.6.1.2.1.2.2.1.10.1 5 absolute risingthreshold 5000 1 fallingthreshold 5000 1

To configure the alarm examples

router(config)#rmon event 1 description gigaethernet0_in_octes log 100 trap public

To configure the triggering event

Monitoring and Debugging Monitoring Commands Command Description show rmon alarm To display the configured RMON alarms in the router

show rmon event To display the configured RMON event in the router

show rmon alarm supportVariable

To display the monitoring object supported by the router RMON

Monitoring Command Examples router#show rmon alarm

Displayed result:

Alarm 1 is active, owned by config

Monitoring variable: ifEntry.10.1 , Sample interval: 5 second(s)

Taking samples type: absolute, last value was 10714

Rising threshold : 5000, assigned to event: 1

Falling threshold : 5000, assigned to event: 1




The above information shows the configuration of the RMON alarm. The index is 1; the monitored MIB object is ifTable.ifEntry.ifInOctes.1; the sampling type is absolute; the latest value of the object is 10714; the set rising threshold is 5000; the falling threshold is 5000; both are specified to trigger the event 1.

router#show rmon event

Displayed result:

Event 1 is active, owned by config

Description : gigaethernet0_in_octes

Event firing causes: log and trap, last fired at 00:26:36

Current log entries:

logIndex logTime Description

----------------------------------------------------------------

1 00:26:26 gigaethernet0_in_octes




The above information shows the configuration of the RMON event. One RMON event is configured; the index is 1; the description information is gigaethernet0_in_octes; record the log and send TRAP when the event is triggered; the latest event is triggered at 26 minutes and 36 seconds after the system is started; the current log shows that the event is triggered for three times.

router#show rmon alarm supportVariable

Displayed result:

MP7500#show rmon alarm supportVariable

Currently support MIB object: (NOTE:be sure to add the index after OID)

ifEntry.[10-21] MIB-II interface table entry


The above information shows the alarm monitoring object supported by RMON. The ifEntry.[10-21] in the interface table of MIB-2 is supported.

System Configuration and Management

Documents

Transcript of System Configuration and Management