Nortel Networks Contivity1510D User's Manual
Contents
1. Warning Slavel cannot be reached This example shows the output where the internal LDAP server is being used There is configuration information for an external master and slavel LDAP server The master server is being accessed using a non encrypted connection The slavel server is being accessed via SSL with DES 56 and RC4 40 encryption The slavel server 1s not accessible Reference for the Contivity VPN Switch Command Line Interface 158 Chapter 2 CLI Command Summary show logging config This command displays the contents of the configuration log This log tracks all changes to the configuration of the switch Syntax show logging config date day month year month day year normal urgent detailedlal1 Parameters date The date for which the configuration log is to be displayed day The day of the month for which the configuration log is to be displayed month The month for which the configuration log is to be displayed year The year for which the configuration log is to be displayed A four digit value normal Display normal events including user and system interactions that indicate switch activity urgent Display events that an administrator should be aware of immediately In the output these events are marked with an asterisk Could indicate potential security or access problems Also display normal events detailed Display events for use of Nortel Networks support personnel Also display normal and2. 00 tEvtLgMgr 0 Security 13 Management Forcing admin to re supply userid 03 tEvtLgMgr 0 Security 2 Session LOCAL admin 2877 master admin authen 04 tEvtLgMgr 0 Security 12 Session LOCAL admin 2877 Management logged 15 tEvtLgMgr 0 Security 2 Session LOCAL admin 2878 master admin authen 16 tEvtLgMgr 0 Security 2 Session LOCAL admin 2878 FTP logged in from 06 tEvtLgMgr 0 Security 12 Session LOCAL admin 2878 FTP Get filename s 49 tEvtLgMgr 0 Security 2 Session LOCAL admin 2878 FTP Get filename s 311645 A Rev 00 Chapter 2 CLI Command Summary 169 This example shows the security log output for normal messages The urgent messages are marked with an asterisk character Comments The amount of output from this command can be substantial It is automatically paginated on display so that the user can see one page of output at a time The user can go through the output one screen at a time or quit and abandon the remainder of the output show logging syslog This command displays the contents of the system log The system log contains all system events that are considered significant enough to be written to disk including those displayed in the security and configuration logs Syntax show logging syslog date day month year lmonth day year normallurgentldetailedlall Parameters date Specify the date for which the system log is to be displayed day The day of
3. 40DES AH L2TP tunnel type only END Reference for the Contivity VPN Switch Command Line Interface 202 Chapter 3 Bulk Load Command Modify branch office connection The MODIFY_CONNECTION command is used to add a new remote accessible network entry to an existing branch office connection COMMAND MODIFY CONNECTION GROUP Branch Office group Default Base NAME Name of existing Branch Office connection to modify Required SUBNET Remote Network subnet Required MAS K Remote Network subnet mask Required REM_NET_COST Remote network cost Default 10 REM_NET_STATE Remote network state Enable Disable Default Enable END Delete branch office connection The DELETE_CONNECTION command deletes the specified connection from the branch office group COM NAM GRO AND DELETE CONNECTION E Connection name Required UP Group name Default Base 311645 A Rev 00 Chapter 3 Bulk Load Command 203 Add branch office group The ADD_BRANCHGROUP command creates a branch office group as specified A group name is required COMMAND ADD_BRANCHGROUP GROUP Group name Required END Modify branch office group The MODIFY_BRANCHGROUP command is used to modify existing branch office groups All values that are not specified will inherit values from its parent group Note All attributes accept the in
4. Invalid session ID Session is not a Telnet session Reference for the Contivity VPN Switch Command Line Interface 74 Chapter 2 CLI Command Summary Related commands who show sessions Example CES who 121 From 116 102 4 45 213 From 116 102 12 23 ZU ELEO 116 LO2 12323 CES kill 213 CES who 121 From 116 102 4 45 217 From 116 102 12 23 This example shows a series of Telnet sessions active on the switch One is terminated using kill and the results are shown in the subsequent who command 311645 A Rev 00 Idap Chapter 2 CLI Command Summary 75 This is a mini CLI command to allow emulation of CLI commands available in versions of the switch software earlier than Release 3 0 This command allows the administrator to e Start or stop the switch internal LDAP server e Export the LDAP database to an LDIF file on the switch e Import the LDAP database from an LDIF file on the switch e Show the current LDAP server status Syntax ldap help export import show start stop Parameters help export import show start If present the ldap command is not Executed but some Help about the command is displayed on the terminal Export the contents of the LDAP database to the named LDIF file The LDAP server must be stopped before an Idap export can be performed Import the contents of the LDAP database from the named LDIF file The current LDAP database contents are replaced The LD
5. Required END Reference for the Contivity VPN Switch Command Line Interface 198 Chapter 3 Bulk Load Co Delete All mmand The DELETE_ALL command deletes all users in the database administrator because all other accounts are removed a Caution This command should only be executed by the switch COMMAND D END ELETE_ALL Branch office commands Branch office commands allow an administrator to add or delete branch office connections including control tunnel connections These commands also allow administrators to add and delete branch office groups The supported branch office commands are ADD_CONNECT ION DELETE_CONN ECTION ADD_BRANCHGROUP MODIFY_BRANCHGROUP PURGE_BRANCHGROUP DELETE_BRANCHGROUP DELETE_ALLBRANCH 311645 A Rev 00 Chapter 3 Bulk Load Command 199 Add branch office connection The ADD_ CONNECTION command defines a branch office control connection with specific attributes The connection must contain authentication information before it is created Once a connection is created with the required attributes it is automatically enabled This command has been modified for the Contivity VPN Switch Version 3 0 COMMAND ADD_CONNECTION GROUP Group name NAME Connection name Required SYSTEM_IP Contivity management IP address Required for Restricted tunnel
6. show Idap server This command displays the configuration settings and state for the internal and external LDAP servers Syntax show Idap server a11 external internal Parameters all Displays configuration and state for the internal and the external LDAP servers external Displays configuration and state for the external LDAP servers internal Displays configuration and state for the internal LDAP server Default If no parameters are specified then the configuration and state for all LDAP servers are displayed This is equivalent to show Idap server all Command mode Global configuration Response See the example for output from this command Next command mode Global configuration 311645 A Rev 00 Chapter 2 CLI Command Summary 157 Warnings No external LDAP servers configured Related commands Idap server Idap server source Example CES config show ldap server Current LDAP server is Internal LDAP server is started Internal LDAP Server settings Suffix remove Yes External LDAP Server settings Suffix remove No aster Host Address T1122 12 200 aster Host Port 389 aster Host Bind DN cn Marketing Base aster Host Base DN ou Marketing o Nortel c US aster Host SSL Encrypt None Slavel Host Address 16 211 17 100 Slavel Host SSL Port 636 Slavel Host Bind DN cn Marketing Slavel Host Base DN ou Marketing o Nortel c US Slavel Host SSL Encrypt DES 56 RC4 40
7. 311645 A Rev 00 Chapter 2 CLI Command Summary 61 Command mode Global configuration Next command mode Global configuration Related commands show exception backup Example CES config exception backup 1 12 0 44 129 interval 4 username BackupLogon password BackupPassword Reference for the Contivity VPN Switch Command Line Interface 62 Chapter 2 CLI Command Summary exit This command allows the administrator to exit any configuration mode or to close an active Telnet session if they use the command when in User Exec mode Syntax exit Parameters None Default None Command mode Available in all command modes Next command mode Either the lower level command mode or none because the Telnet session is terminated 311645 A Rev 00 Chapter 2 CLI Command Summary 63 Related commands end Example CES config exit CES exit CES gt This example shows a user starting in Global configuration mode and using the exit command twice to end in User Exec mode Reference for the Contivity VPN Switch Command Line Interface 64 Chapter 2 CLI Command Summary help This command displays a message about how to use the Help system Syntax help Parameters None Command mode Available in all command modes Related commands None Example CES help Help may be requested at any point in a command by entering a question mark If nothing matches the Help list is empty and you mu
8. In a domestic environment this product may cause radio interference in which case the user may be required to take appropriate measures Achtung Dieses ist ein Ger t der Funkst rgrenzwertklasse A In Wohnbereichen k nnen bei Betrieb dieses Ger tes Rundfunkst rungen auftreten in welchen Fallen der Benutzer fiir entsprechende Gegenma nahmen verantwortlich ist Attention Ceci est un produit de Classe A Dans un environnement domestique ce produit risque de cr er des interf rences radio lectriques il appartiendra alors l utilisateur de prendre les mesures sp cifiques appropri es EC Declaration of Conformity This product conforms or these products conform to the provisions of Council Directive 89 336 EEC and 73 23 EEC Go to http Nibra2 corpwest baynetworks com cgi bin ndCGI exe DocView on the Nortel Networks World Wide Web site for a copy of the Declaration of Conformity Japan Nippon Requirements Only Voluntary Control Council for Interference VCCI Statement CORB HHUBZESERRESERMBRS VCCI OFM KED VISA AMBER CT TOHE AKERE A LB GEES ARIOTCEMHVET TOBARRA RAS ZLDBRENSZTEMHBVET Canada Requirements Only Canadian Department of Communications Radio Interference Regulations This digital apparatus Contivity Extranet Switch does not exceed the Class A limits for radio noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications Refere
9. and command TWO but ignore command THREE The 3 0 switch will recognize all three commands If the command file is only being used on a 3 00 switch the file format may be set to 1 0 2 0 or 3 0 Reference for the Contivity VPN Switch Command Line Interface 192 Chapter 3 Bulk Load Command User commands User commands allow an administrator to add or delete user records They also allow an administrator to add or delete user groups The supported user commands are ADD_USER DELETE_USER RESET_USER_CERTS ADD_GROUP MODIFY GROUP PURGE_GROUP DELETE_GROUP DELETE_ALL 311645 A Rev 00 Chapter 3 Bulk Load Command 193 Add User ADD_USER adds a user or user group A user record must contain authentication credentials such as UID and Password DN and so forth before the user is added to the database COMMAND ADD_USER GROUP Group name NAME Gl User name Required STATIC_ADDR_IP Static IP address STATIC_ADDR_MASK Static IP address mask IPSEC_UID IPSec User ID Required if not using certificates IPSEC_PSW IPSec password Required if not using certificates IPSEC_SUBJECTDN Subject distinguished name Required if using certificates and not IPSEC_ALTNAME IPSEC_ALTNAME Subject alternative nam Required if using certificates and not IPSEC_SUBJECTDN IPSEC_TYPE Subject name ty
10. pptp 12tp 12f admin all sessions detail Parameters admin Show information for administrator connections all Show information for all connection types branch office Show information for branch office connections details Show detailed information for the connections ipsec Show information for IPSec connections Df Show information for L2F connections 12tp Show information for L2TP connections pptp Show information for PPTP connections detail Give detailed output for the specified session types Default If no options are selected this command shows summary and detailed information for all session types This is the equivalent of the user entering show all sessions detail Command mode User Exec 311645 A Rev 00 Chapter 2 CLI Command Summary 175 Response See the example for output from this command Next command mode User Exec Related commands who kill Example CES gt show sessions This command shows the administrator connections currently made to the switch Details include the number of current sessions as well as who is currently logged in to each session show version This command displays the configuration of the system hardware the software version the names and locations of the config file and the system up time Syntax show version Parameters None Reference for the Contivity VPN Switch Command Line Interface 176 Chapter 2 CLI Command Summary Default
11. 00000000 0A210A21 204C6173 7420636F 6E666967 Las t co nfig 00000010 75726174 696F6E20 6368616E 67652061 urat ion chan ge a 00000020 74203134 3A30333A 32322070 73742046 t 14 03 22 p st F 00000030 72692041 75672032 37203139 39390A21 ri Aug 2 7 19 99 00000040 204E5652 414D2063 6F6E6669 67206C61 NVR AM c onfi g la 00000050 73742075 70646174 65642061 74203134 st u pdat edat 14 00000060 3A30393A 30392070 73742046 72692041 09 09 p st F ri A 00000070 75672032 37203139 39390A21 0A766572 ug 2 7 19 99 ver 00000080 73696F6E 2031322E 300A7365 72766963 sion 12 0 se rvic This first example of using more to display the contents of a config file in ASCII mode The second example with bogus file contents of the binary output format 311645 A Rev 00 Chapter 2 CLI Command Summary 89 ping The ping packet internet groper function command provides a basic ping facility It sends three 100 byte ping packets The ping command does not recognize DNS names with hyphens Syntax ping host address scr_host scr_address Parameters address The IP address of system to ping host The host name of system to ping scr_host The source host name scr_address The source IP address Default None Command mode User Exec Next command mode User Exec Reference for the Contivity VPN Switch Command Line Interface 90 Chapter 2 CLI Command Summary Warnings If the system cannot map an address for a host name it returns a
12. 09 02 1999 12 26 19 0 tHttpdTask 35 DbEventLog FltVerbose changed from FALSE to 09 02 1999 12 26 20 0 IPvfy 03739424 Prv 00 Mgmt filter drop src 0x841c090a dst 09 02 1999 12 26 20 0 IPvfy 03739424 Prv 00 Pkt 01 20 45 00 00 ca b4 59 00 00 05 09 02 1999 12 26 20 0 IPvfy 03739424 Prv 00 Pkt 21 40 00 8a 00 8a 00 b6 52 31 11 09 02 1999 12 26 21 0 IPvfy 03739424 Prv 00 Mgmt filter drop src 0x841c090a dst 09 02 1999 12 26 21 0 IPvfy 03739424 Prv 00 Pkt 01 20 45 00 00 4e b4 5d 00 00 05 09 02 1999 12 26 21 0 IPvfy 03739424 Prv 00 Pkt 21 40 00 89 00 89 00 3a 80 78 d7 09 02 1999 12 26 22 0 IPvfy 03739424 Prv 00 Mgmt filter drop src 0x841c090a dst 09 02 1999 12 26 22 0 IPvfy 03739424 Prv 00 Pkt 01 20 45 00 00 4e b4 5f 00 00 05 311645 A Rev 00 09 02 1999 12 26 22 0 09 02 1999 12 26 23 0 09 02 1999 12 26 23 0 09 02 1999 12 26 23 0 CES CES show logging events IPvfy 03739424 Prv IPvfy 03739424 Prv IPvfy 03739424 Prv IPvfy 03739424 Prv ip drops none clear Chapter 2 CLI Command Summary 165 Pkt 21 40 00 89 00 89 00 3a 80 78 d7 Mgmt filter drop src 0x841c090a dst Pkt 01 20 45 00 00 4e b4 66 00 00 05 Pkt 21 40 00 89 00 89 00 3a 80 78 d7 This long example shows the amount of detail that is output by this command depending on the options chosen The second to last command disables tracking of IP drops and clears the event log so that no output results from the final command Comments
13. 12 04 03 0 Security 1 Session LOCAL admin 2877 server right MANAGE 09 02 1999 12 04 03 0 Security 1 Session LOCAL admin 2877 user group right MANS 09 02 1999 12 04 04 0 Security 12 Session LOCAL admin 2877 Management logged in 09 02 1999 12 07 36 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7b24 00000000 09 02 1999 12 07 36 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7e88 00000000 09 02 1999 12 12 44 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7b24 00000000 09 02 1999 12 12 44 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7e88 00000000 09 02 1999 12 17 00 0 DCLog 00 DCManager flushing data to stat file 19990902 DC 09 02 1999 12 17 50 0 tHttpdTask 35 DbEventLog IpVerbose changed from FALSE to 09 02 1999 12 17 52 0 IPvfy 03739424 Prv 00 Mgmt filter drop src 0x8f0f010a dst 09 02 1999 12 17 54 0 IPvfy 03739424 Prv 00 Mgmt filter drop src 0x8c10000a dst 09 02 1999 12 17 57 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7b24 00000000 09 02 1999 12 17 57 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7e88 00000000 09 02 1999 12 17 59 0 IPvfy 03739424 Prv 00 Mgmt filter drop src 0xe6ea000a dst CES CES show logging events ip drops all filtered 09 02 1999 12 26 17 0 IPvfy 03739424 Prv 00 Mgmt filter drop src 0x2810000a dst 09 02 1999 12 26 17 0 IPvfy 03739424 Prv 00 Mgmt filter drop src 0x2810000a dst 09 02 1999 12 26 18 0 IPvfy 03739424 Prv 00 Mgmt filter drop src 0x850a090a dst
14. 12 44 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7b24 00000000 09 02 1999 12 12 44 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7e88 00000000 09 02 1999 12 17 00 0 DCLog 00 DCManager flushing data to stat file 19990902 DC CES CES show logging events ip drops al 09 02 1999 11 57 12 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7e88 00000000 09 02 1999 12 01 52 0 FTP Backup 13 Redundant Disk is not available 09 02 1999 12 01 52 FTP Backup 13 Update completed 09 02 1999 12 02 00 DCLog 00 DCManager flushing data to stat file 19990902 DC 09 02 1999 12 02 20 PaceJob 0 00 Calling 0x00ca012c passing 011b7b24 00000000 09 02 1999 12 02 20 PaceJob 0 00 Calling 0x00ca012c passing 011b7e88 00000000 09 02 1999 12 03 59 Security 13 Management Forced Admin User Off Due to Timeout 09 02 1999 12 04 00 Security 12 Session LOCAL admin 2876 logged out Reference for the Contivity VPN Switch Command Line Interface 164 Chapter 2 CLI Command Summary 09 02 1999 12 04 00 0 Security 13 Management Forcing admin to re supply userid 09 02 1999 12 04 03 0 Security 1 Session LOCAL admin attempting login 09 02 1999 12 04 03 0 Security 0 Session LOCAL admin has no active sessions 09 02 1999 12 04 03 0 Security 0 Session LOCAL admin admin has no active accoun 09 02 1999 12 04 03 0 Security 12 Session LOCAL admin 2877 master admin authenti 09 02 1999
15. 3 Bulk Load Command CACHE_SIZE DHCP cache size IMMEDIATE_ADDR_REL Immediate address release Enable Disable END The DELETE_DHCP command is used to remote an existing DHCP server COMMAND DELETE_DHCP DHCP_SERVER Existing DHCP server to remove Primary Secondary Tertiary Required END Licensing commands Licensing of certain features will be supported in bulkload version 3 0 The following two commands allow the user to enable and disable a paid feature on the CES ENABLE_PAID_FEATURE DISABLE_PAID_FEATURE The ENABLE_PAID_FEATURE command allows a user to specify the licensing key to enable a paid feature on the CES COMMAND ENABLE _PAID_FEATURE PAID_KEY Licensing key for the feature to be enabled END The DISABLE_PAID_FEATURE command allows a user to specify the licensing key to disable a paid feature on the CES COMMAND DISABLE_PAID_FEATURE 311645 A Rev 00 Chapter 3 Bulk Load Command 219 PAID_KEY Licensing key for the feature to be disabled END Usage notes Deletion of groups The DELETE_GROUP and DELETE_BRANCHGROUP commands can cause the LDAP server in use by the switch to become unreachable while the group is being deleted This can happen if the group being deleted has a large number of users or Branch Office connections defined for example more than 50 Deleting
16. Authentication None Simple MD5 NOTE The following values do not accept the INHERITED keyword The OSPF_AUTH value will control the inheritance of these values OSPF_PASS OSPF Authentication Password D5_PASS OSPF MD5 password D5_KEY OSPF MD5 Key END Contivity VPN Switch configuration commands Switch configuration commands allow the administrator to configure switch attributes such as network definitions NAT address pools filters automatic backup syslog forwarding SNMP settings and DHCP servers Network definitions Three bulk load commands are used to manage network definitions CREATE_NETWORK DELETE_NETWORK MODIFY_NETWORK 311645 A Rev 00 NAT Chapter 3 Bulk Load Command 207 The CREATE_NETWORK command is used to add a new network definition COMMAND CREATE_NETWORK NET_NAME Name of new network definition Required SUBNET New IP address Required MASK New subnet mask Required END The DELETE_NETWORK command is used to delete an existing network definition COMMAND DELETE_NETWORK NET_NAME Name of existing network to delete Required END The MODIFY_NETWORK command is used to add new subnets to an existing network definition COMMAND MODIFY_NETWORK NET_NAME Name of existing network to modify Required SUBNET New IP address Requi
17. Department of Defense or their successors whichever is applicable 6 Use of software in the European Community This provision applies to all Software acquired for use within the European Community If Licensee uses the Software within a country in the European Community the Software Directive enacted by the Council of European Communities Directive dated 14 May 1991 will apply to the examination of the Software to facilitate interoperability Licensee agrees to notify Nortel Networks of any such intended examination of the Software and may procure support and assistance from Nortel Networks 7 Term and termination This license is effective until terminated however all of the restrictions with respect to Nortel Networks copyright in the Software and user manuals will cease being effective at the date of expiration of the Nortel Networks copyright those restrictions relating to use and disclosure of Nortel Networks confidential information shall continue in effect Licensee may terminate this license at any time The license will automatically terminate if Licensee fails to comply with any of the terms and conditions of the license Upon termination for any reason Licensee will immediately destroy or return to Nortel Networks the Software user manuals and all copies Nortel Networks is not liable to Licensee for damages in any form solely by reason of the termination of this license 8 Export and re export Licensee agrees not to export
18. ESOS cv NEAR 186 WO AAA E DA AAA A 187 o re Ra Sats AA AEA E A dh ia aap ag began a ak EA EAE CE 187 PEIES lt a roban e 187 A A A AI 187 Command Made oscar 187 Next command Made ccripia ar sud adda wy eekadeeedeeews RAR 187 311645 A Rev 00 Contents 25 A he RATER AH RG RTS Bh sd dk Rhee es Soh ahi ge HRW Rd 187 Pee O S serra meen dea eaters 188 Chapter 3 Balk Load CG ommand 2 2 dectcocucteucveswergierieiveckouduee 189 COMPONGME coin A ORES EAA ROR S WERE ee 190 BM ONE ito ae a Dee Ba Dias dodo 190 Command TIE ocaveceskheec dees Geckos A Ree dee Beda dees 190 Fie ONAL yr A a SAGs Ek ee AA d de 191 Ser COMMMNOS ales rcida rn APRA 192 PAG 0 a AE AA AAA ARA A 193 e a deca eae thar hnel ce ated Rs a ae aes arte hacia dh Beda as a 194 A agendas ts oueeuakanaesen 194 MOGI GOD O SEO eeeeeE 194 PIS EU curra dead A a Sa cel ae as Bod 197 Delete GOUD arar A A RA A il ce ees 197 DASS ar AAA AAA AA AAA 198 Bramon oce cOmO ccaanceredion di AAA ie 198 Add branch office connection ics ccdeew ee sectors dd s 199 Modify branch office connection cion circa eee dee we kee 202 Delete branch office connection 0 cee eee 202 Add bianch office QIGUD o224s2ecrcc nase lt dios dea et ae AAA 203 ny branch office ROU pda ed ei a dd ce dl ce a ede 203 Contivity VPN Switch configuration commands 00000 ce eee eens 206 Network OSURIIONS sos oho whet geeky AAA NASA a ng eios 206 A A seb teemeed on tieees 207 BOTES POOS
19. IPSEC_SUBJECTDN Subject distinguished nam Required if using certificates and not IPSEC_ALTNAME IPSEC_ALTNAME Subject alternative nam Required if using certificates and not IPSEC_SUBJECTDN IPSEC_TYPE Subject name type Email DNS IP Required with certificates and IPSEC_ALTNAME IPSEC_ISSUERCA Issuer certificate authority Required with certificates SERVER_CERT Server Certificate Required with certificates SERVER_ALTNAME Server Certificate Alternate name PPTP L2TP Authentication TUNNEL_AUTH MSChap V2 Authentication RC4 128 RC4 40 Unencrypt PPTP amp L2TP tunnel types J 311645 A Rev 00 Chapter 3 Bulk Load Command 201 LOCAL_UID Tunnel authentication local user ID PPTP L2TP tunnel types Required for PPTP L2TP PEER_UID Tunnel authentication peer user ID PPTP L2TP tunnel types Required for PPTP L2TP PEER_PSW Tunnel authentication peer password PPTP L2TP tunnel types COMPRESSION PPTP amp L2TP compression Enable Disable PPTP L2TP tunnel types ENC_STATE_MODE PPTP amp L2TP Compression Encryption stateless mode Enable Disable PPTP amp L2TP tunnel types L2TP specific authentication parameters CONCENTRATOR L2TP Concentrator L2TP tunnel type L2TP_IPSEC_XPORT L2TP IPSEC Transport None 3DES 56DES
20. Note Using a SYSTEM _IP value other than the actual management IP address will create a NAT SET for the Management IP Gl LOCAL_ENDPOINT Local interface IP address Required T REMOTE_ENDPOINT Remote interface IP address Required RESTRICTED Control Tunnel True False Default False FILT_ NAME Tunnel filter nam Required ROUTING Routing type Static Dynamic Default Static TUNNEL Tunnel type IPSEC PPTP L2TP Default IPSEC Static Routing NET_NAME Local accessible network Required for Static Routing NAT_NAME NAT Translation Optional for Static Routing SUBNET Remote Accessible Net Subnet Required for Static Routing Reference for the Contivity VPN Switch Command Line Interface 200 Chapter 3 Bulk Load Command MASK Remote Accessible Net Subnet mask Required for Static Routing REM_NET_COST Remote network cost Default 10 REM_NET_STATE Remote network state Enable Disable Default Enable Dynamic Routing E OSPF_STATE OSPF state Enable Disable Dynamic Routing Default Disable AREA_ID Area ID Dynamic Routing Default 0 0 0 0 OSPF_COST OSPF cost Dynamic Routing Default 10 RIP_STATE Rip state Enable Disable Dynamic Routing Default Disable IPSec Authentication IPSEC_PSW IPSec password Required if not using certificates
21. POS liar bbees 156 RESPONSE rai hos dee Pewee a A A ne ARR Ke aR ES 156 Next command MORO ccc snc ccd dee a road SAREE ADRES ERE OR RRER EMER ES 156 VAMOS lt nerarernro rara tras E AAA A ARA 157 RASO SOMOS sitas dic de a a ok Ay ace aid 157 EA O ee ee ee ee ee er ee ee ee ee ee eee 157 Show boong Coni ess A ARA RARA AA AAA 158 OE cies oe Oe ete Rid doe te dE Sone dca ketene 158 PEIES 245624 08 66 ceed deka AREER ADEE DERE AA AAA 158 STAI is aie 2 SBA piece hing th eke CA pee O 159 Command Mode escocia adri 159 PIESDOMSS cosorarascnr enn REA REA Re RE 159 Next command MODE soii da a kA eee Se A cd a 159 Related COMMA OS sorna ias porra 159 RAIS er EL HYD EERE RT REL ERM HHI 160 MIS a ds dia 160 Show logging Ovens occiso a a ds es 161 A ROA 161 Parameters corria radar ibarra 161 De asistan barriadas da ias 162 a A A A A adnan AA 162 o soniri carike ENANTIR RR heute ede eee ae xeeeees 162 Nexicommand MOOS 245 bse hie ees dada diene ded AAA 162 A cae ct elias ch i oad cA to ee na Os Tac dp eget EEE 162 Related COMMANGS 26 60 0644 dhscebkarceeeeereeceveseesecakanae hans 162 EXE eera erar AAA RAR ARA 163 COM EENE EET EEE EE E TE EE A EAEE E ET EEE EET T EEEE E 165 show logging FUSIONA usos e ss ceded debe o A dee as 165 Reference for the Contivity VPN Switch Command Line Interface 22 Contents e chante et de te ghar rpredagh A e aa tare ge a de baa wpe 165 A bas 165 Deal lt n2cc deere cee ei dee ay eRe ad Reee Meee sees SEE Se R
22. Rhone dee RRS TEER pane ee 62 Command ModE 6 62600cd4 noone pedenhenin arar node doa 62 NEXECOMIMADO MOOS aig ic di do deals le ahs Acasa ee 62 Related cammed cu5 beh i cede de eee ceded o a Soha ORSON CRS kE Rae 63 EXA oh hs AR ERE AAA A CAPEK RES AREAS 63 MER anciano cee aran bn kage awenaecatseees ce ehsgeweddamelnnens 64 A thes au sedasersaibaeteeeardes AE eeeadeeane 64 A tans sled eens dele Seed A aed le 64 Command Mode asroicarrar da es dde 64 Retaled Commas siii rra Ad 64 A A Re ERTL OM rear O me a ae Re ee AA ene as 64 MOST oho irritar AAA ARALAR E EE AAA 65 e O WH Soar Sool A E 65 Parone Fersan cena pate bee eeusade beeudeed beat a N 65 Sic EE ee eee ee ee eee ee eee Te ee eee ee eee ee eee eee Cee ET 66 311645 A Rev 00 Contents 11 Command A 66 Next command MOUE vacunar 66 PIETEQUISITOS occ oni ceteeee dake een e es A 66 Related COMMANGS wis hci dad eK aed a Pees hw Oh ee oe ee 66 EXI icasdrisesscrita raras sprint 66 COSITA AAA AAA 67 A A O A E AE 67 A eRe ae KOR ES OER OLER Tere dee ES 67 Dea 424 ade d Hee dda PRA aa Aed Ap OR EE ORES DAS ee RRR SOS RIG SRG HS 67 Command mode siria iras ra as 67 NEA command MOE senora praia aida da AAA 67 o A Sg ode Be nade ede a haloes a 67 o An deer cionabwmiudedshpyseedessuueudeamesaues 67 Felted Commands 244423545 44 Pah e hae Sed ed SORE POR EGY REE TORTS 68 NS kG E adh ee AG ae ee dias 68 internace MANAGSINEM ciccececeervurerevtevureered deve revadeevaceee ae 69 UMN 6240
23. Shutdown after all users log off Reload Explanation Shutdown after all users log off After Shutdown Restart Disable New Logins Yes Disable Logins after Restart No Boot Mode Normal Config File latest Boot Drive ide0 Proceed with reload confirm ly This example reboots the switch from ide0 using the latest configuration when there are no sessions connected to the switch New session connections have been disabled Comments After a successful reload no sessions the command the switch reboots once all sessions on the switch have terminated This includes Web and CLI management sessions If there are any outstanding reboot commands they will be canceled There can be only be one reboot scheduled at any time Reference for the Contivity VPN Switch Command Line Interface 110 Chapter 2 CLI Command Summary server backup This command copies the current contents of the internal switch LDAP database into an LDIF file The LDIF file can be saved off the switch for backup purposes The internal LDAP server must be stopped before a backup command can be performed Syntax server backup filename Parameters filename The filename to which the LDAP database will be backed up The filename can have a maximum of 8 characters The file is stored in the directory ide0 system slapd Idif on the switch Default None Command mode LDAP server configuration Response The backup can take a considerable amount
24. The amount of output from this command can be substantial It is automatically paginated on display so that the user can see one page of output at a time The user can go through the output one screen at a time or quit and abandon the remainder of the output show logging history This command displays the current logging history setting that is being used by the switch Syntax show logging history Parameters None Default None Reference for the Contivity VPN Switch Command Line Interface 166 Chapter 2 CLI Command Summary Command mode Privileged Exec Response See the example for output from this command Next command mode Privileged Exec Related commands logging history Example CES show logging history Logging history level is errors This example shows the output for a switch where the logging history is still the default value show logging security This command displays the contents of the security log The security log records all events concerned with system or user security including failures and successes Syntax show logging security date day month year month day year normal urgent detailed ail 311645 A Rev 00 Parameters date day month year normal urgent detailed all Default Chapter 2 CLI Command Summary 167 Specify the date for which the security log is to be displayed The day of the month for which the security log is to be disp
25. Unknown Host error message Related commands trace ip host address Examples CES gt ping 122 104 11 112 PING 122 104 11 112 56 data bytes 64 bytes from 122 104 11 112 icmp_seg 0 time 16 ms 64 bytes from 122 104 11 112 icmp_seg 1 time lt 16 ms 64 bytes from 122 104 11 112 icmp_seg 2 time lt 16 ms 122 104 11 112 PING Statistics 3 packets transmitted 3 packets received 0 packet loss round trip ms min avg max lt 16 lt 16 16 CES gt ping badaddress com ping unknown host baddaddress com CES gt ping 10 0 4 44 PING 10 0 4 44 56 data bytes ping timeout no answer from 10 0 4 44 The examples show a successful ping command an attempt to ping an unknown host address and an attempt to ping an unreachable IP address 311645 A Rev 00 Chapter 2 CLI Command Summary 91 reload This command forces the switch to reboot immediately Options can be specified to determine whether the switch turns off or reboots which configuration to use after a reboot and other settings The user is prompted to confirm that they want to continue with the reload If they say yes and if the reload command is valid the system reload commences in approximately 10 seconds The Safe and Normal boot modes are used for secure management of the switch In Normal mode the switch operates normally In Safe mode the HTTP or FTP traffic is allowed No other VPN traffic is allowed through the secure managem
26. aa aA a A bles 119 IAN occa rr rr O ARE ed 120 OU ee A sea aa aA aaa eee ees 120 st A eee ieee ease dee ee sees aeees 120 311645 A Rev 00 Contents 17 A cbx cae bebe ha PARSER RSA APRE REL ARR DR REPRE aA Ts 120 Command Made sda cudtciudecialedaddeadhetaudeeedawenaes eaeass 120 NeXt COMMANG INGE ccacedaxckeeddeed deea debe GER EROS Cee ee eR ERS 120 RAAEd COMMANGS visi dad ew ated a Paes hw Oh ee a 120 See cali 120 SHOW okcephon DECKUG cis 54 ci ncecan ed sees dau rgd PALE HERA Meo M NBER oe 121 A A lin ie eh ee A a eee A 121 Pamele cccc4eeh lt doses Bees lia HOR EH AR TER ds 121 Deal RA 121 Command Mode Vascriaidcaiac sa riadas oe antes denen 121 gc 62k a ee ee ee ee ARA 121 PE command MOOS ag xc cg ik alae heen de Mende Be RU he adm a acia de cia dec 122 WANIRDS east dara debi Gee ewes 122 Retaied Commands 6 64 2Gh4 0 fa4u AAA ARS 122 IM is Scalers E a Sect Aree te Ae A ct eh car de ace Soak Bde 123 Show file SYHOMS o cc cnt ieeere eet oe sare REK IEE ARSENO A Ea 124 DUI eiii ARE A ada LORE dd Osea eae od 124 PLATOS rd DAI A AAA A doe kk aches 124 Deal 222 O 124 Command Mode cosacos 124 Next command MORO rs sses crsrsddrttEn EKER DM ERE NAERAA a 124 EXI iria AAA AAA a GES 124 SOTA Ne hehe sori cae tay cea ar ed i eho Sak le ala 125 OVMAK ckecikeed dkeesaee deeds RRR ERead dopa a HORS eRe d de eS 125 POEMAS A ARA Sa EEE AA 125 A A E C28 Kae wedd Ke bavene 125 COMODO NWS 224600 2ncaunataneeraadtiad atanedhs epee eeead
27. aha nc i a ela ge wh A 92 NEXT GOMMANG MOJO sc cece ica a siere Heo AR ERR we AER SO 93 PET UISIES a nod 655 bes teed oe tek e AAA 93 o oo peu asd Scene nie taaugne ete eandacd ime eeehe ong eas 93 Rees COMMANGS 24 6020644 660 ce bea Rh eee eee ei SEES ORE RE RES S 93 A A at iarlaet ce accede ke lance ae deed hated A deities hls 94 AAA dse needa iad eeneeusad eee GGGGndsesGeeeasee sess 94 AAA A SON PAL ORs Reda pene bd EAE SOR RENEE AA 95 IS tek tian et SAR ida ce ini at Gaga ta ae A ewe oi 95 E ARGeR ADCS 2 DERE IE ER CASERA LEER R EERE 95 Dea ae othe chasing pho diane TO 96 Command Mode icedcshee wads awed a ees deuweds aehede a da 96 NE COMMANG ModE isror vee oboe eh eee dhe ee eed AAA 96 PIC UGNSe cria chee eee de Cee ea eee dicta 97 MUM A ded nde Chae ORTE EETAS EILEAR ERANT EE 97 Related commands 2 5 0 025560R eek en he Rew eee eo ERE AA 97 E n etek age els ad hn Saige cheat acto ona kat tk Sn cate onal ede 98 o o EL SOE Looe dee EET IETS EATI AE ae yeeu deers ehedadeeese 98 GOs CANEE AAA deh A ARA ea ra AA AAA 99 SUMAS forrada rastas d 99 Paral separar arbitra ida 99 A EA EOE E SE E EA E E Y EE TE POEET EE 99 Command ModE sepia oda is E EE RAAE RAE A 99 RESPONSE sas A RA AAA A 99 Next command MODE cora a a a Ad ee ee Ad 100 WISITIOOS lt ccerirarn iaa a A E AAA AAA 100 Related commands esrsirrirorir 4 RaW aOR AAA A 100 Erle A seca cae eeuer ere Re wares ceed Re ead Re eee eae eees 101 o ae ee See ee eee en Chee ee eee r
28. assign to the switch This name can have up to 64 characters Default None Command mode Global configuration Next command mode Global configuration Prerequisites At least one DNS server should be specified Warnings Validate against DNS server Reference for the Contivity VPN Switch Command Line Interface 68 Chapter 2 CLI Command Summary Related commands no hostname ip domain name lp name server interface management Example CES config hostname MarketingCES This example assigns the name MarketingCES to the switch 311645 A Rev 00 Chapter 2 CLI Command Summary 69 interface management This command is used to specify the IP address that is used to connect to systemfor the services such as HTTP FTP SNMP and Telnet The IP address cannot be used for any other purpose Syntax interface management ip address address exit Parameters address The IP address that is used to connect to system services on the switch Command mode Global configuration Next command mode Interface configuration Warnings IP Address is already in use on switch for other purposes Reference for the Contivity VPN Switch Command Line Interface 70 Chapter 2 CLI Command Summary Related commands lp http server Example CES config interface management Router config 1f tip address 10 0 3 33 Router config if exit This command assigns the IP address 10 0 3 33 to the switch
29. bad length Input histogram echo reply 10 echo 3 3 message responses generated UDP 311645 A Rev 00 TCP Chapter 2 CLI Command Summary 153 49825 total packets 49807 input packets 18 output packets O incomplete header 0 bad data length field 0 bad checksum 22277 broadcasts received with no ports O full socket 59 pcb cache lookups failed 27 pcb hash lookups failed 16085 packets sent 15226 data packets 2336894 bytes O data packet 0 byte retransmitted 778 ack only packets 504 delayed 0 URG only packet 0 window probe packet 3 window update packets 78 control packets 15898 packets received 11943 acks for 2334342 bytes 124 duplicate acks 0 ack for unsent data 14578 packets 1713926 bytes received in sequenc 0 completely duplicate packet 0 byte O packet with some dup data 0 byte duped 117 out of order packets 0 byte O packet 0 byte of data after window window probe window update packets packet received after clos discarded for bad checksum discarded for bad header offset field O discarded because packet too short 4 connection requests 138 connection accepts 142 connections established including accepts 140 connections closed including 14 drops 0 embryonic connection dropped 11825 segments updated rtt of 11835 attempts 0 retransmit timeout OOO fON Oo 0 connection dropped by rexmit timeout O persist timeout O keepalive timeout 0 keepali
30. clear the fast switching cache and to clear the IP route cache Syntax This command has no arguments or keywords clear arp cache Parameters None Default None Command mode Privileged Exec Next command mode Privileged Exec Related commands arp show arp 311645 A Rev 00 Chapter 2 CLI Command Summary 45 clear ip route This command removes a route from the route table Note that Static Routes are not removed from the switch browser interface by this command This command is intended as a troubleshooting tool for use when routing problems are being caused by the presence of a wrong route Syntax clear ip route address mask Parameters address The address of the network to remove from route table mask The mask associated with the address to remove Default The mask defaults to 255 255 255 255 Command mode User Exec Next command mode User Exec Warnings Address not found in route table Reference for the Contivity VPN Switch Command Line Interface 46 Chapter 2 CLI Command Summary Related commands show ip route Example CES gt clear ip route 10 11 0 12 311645 A Rev 00 Chapter 2 CLI Command Summary 47 clear logging events This command is used to clear the contents of the system events log Syntax clear logging events Parameters None Default None Command mode Privileged Exec Next command mode Privileged Exec Related commands show logging ev
31. d ad Oh he RR ed Ade aS a ee YOR da ERS eh ees 69 PARAME adri A dice deere A shee bade ae 69 COMMEN MOR 6 05 nk heed recados be Reseed bee ae 69 Next command NGS sc ick eww dk Coca ae eee kA ee A ee 69 Wake of donee het E NAAT Rie ede keene Chedenetaee Ramen NREN TANER 69 Related commands 2 5 00d54008 pode de Rew eo ea oR a 70 E a a a dd 70 ID ANP SCONE ci cccee eee ee dee es cees denen A e 71 e TO RAS 71 A kissed seceded at E NA TSEAN EEO ESENES ES 71 DEG 22ic4teradantw seeass arc abarragtaatetedebe Lae eanetaaneeana 7A Command MOUS irssi rpad AA sa ode kia ado a A oe a hd 71 Next command MOUE Vesomerprri arar q HAB Commas indir AAA AAA 72 EXI tie dd diia E se ech nd Al O ok ge ore dd bi 72 Rae eee ee ee ee EE eae EE E ee ee ee ee E ee eee es A ET eee eee TO A ceresna ade 4 de II O abies eR 73 E A aa N aa 73 CUADO MOOS corp area 73 Reference for the Contivity VPN Switch Command Line Interface 12 Contents Next command MODA iosiaro criada T3 VO IA E o Do iaaa aeae 73 ROSE GOMmMANGS sccororinrca ara ad CRS aL eRe RES 74 EX a Shee he ener eed ie ek DiS ee kee de 74 IGG cadet dana rider aia 75 TIE earan ARA AAA AR e 75 TEET E A a ETENEE borg he EN E EEE E EE eh O EE 75 De ascii EN E I E lira ARA T T 76 COMMEnd Mode 1510000 0 dra 76 Next command MOUE ceinaccari na rra Es 76 WANS 252 certian rece rete Ghee ARA AAA AAA AA 76 A se anne a tarlaet hc Be occa Be a ae aaa ade ake htetioas Ay declined 76 MB errar 77 A nase ee ch
32. directly or indirectly the Software or related technical data or information without first obtaining any required export licenses or other governmental approvals Without limiting the foregoing Licensee on behalf of itself and its subsidiaries and affiliates agrees that it will not without first obtaining all export licenses and approvals required by the U S Government i export re export transfer or divert any such Software or technical data or any direct product thereof to any country to which such exports or re exports are restricted or embargoed under United States export control laws and regulations or to any national or resident of such restricted or embargoed countries or ii provide the Software or related technical data or information to any military end user or for any military end use including the design development or production of any chemical nuclear or biological weapons 9 General If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction the remainder of the provisions of this Agreement shall remain in full force and effect This Agreement will be governed by the laws of the state of California Should you have any questions concerning this Agreement contact Nortel Networks 4401 Great America Parkway P O Box 58185 Santa Clara California 95054 8185 Reference for the Contivity VPN Switch Command Line Interface LICENSEE ACKNOWLEDGES THAT LICENSEE HAS RE
33. each user or Branch Office connection individually using the DELETE_USER or DELETE_CONNECTION command lessens the load on the LDAP server but it may increase the time required to execute the commands Required fields for user and branch records You must specify an authentication method and details when using the ADD_CONNECTION and ADD_USER commands Valid authentication information can be specified using any one of the following combinations of attributes Text Password e Subject Distinguished Name DN a valid issuer certificate authority CA and a valid server certificate e Subject Alternative Name Subject Alternative Name Type a valid issuer certificate authority CA and a valid server certificate Note Server certificates may be inherited from a user s group for ADD_USER Reference for the Contivity VPN Switch Command Line Interface 220 Chapter 3 Bulk Load Command Group name syntax For many of the User and Branch Office commands you must specify the name of the group that you are manipulating The syntax of the group name is very important Group names are specified in Relative Distinguished Name RDN format leaving out the Base specifier For example Base Engineering is specified as Group ou Engineering Base Engineering Software is specified as Group ou Software ou Engineering Base Field Boston Sales is specified as Group ou Sales ou Boston ou Field Certificate Distinguis
34. eens 126 PCT MOOG ic rerai anpa al ep ion eed en a Rae aie acted Sac 126 Related commands bodcukewirnadouebat scars aden RE OEE REA ERRARE 126 MOMS God etta HANS AAA 127 re WN ais EE oie AEE ee a a ge ee a EEA a 128 A caper edhe eeeadiasdenirrareageticakasamads 128 PAFARICIGIS sc8 seed eh nab eR ie GRAN ORI PARR ERR EERE Ee ORE OHS 128 Bet PO Ged tbe 129 Command MOTE a 2kccudced sica a 129 Reference for the Contivity VPN Switch Command Line Interface 18 Contents POPON estat rra AREA 129 Next Camana MOUE acudir riada 129 REE COMMANGS ccccee de cheek Robe rad SERS ae Ea RS 129 AIM ita ir mee ee E ii ae ae eee 129 Sw ALCOR IST esos erriten Raker Lak ERahewe Ghee dasee Rhenw ainia 130 o ch gue hhh decd A Mice rath sth ance GBR ae kA Sk GRA ae een ah Aon eA wba A 130 A aaah Shia Need chek eh oe ned da 130 A saGud I E O eae eae S LAT E EET be ees 130 GOMA MOJE 15720 di er AR 130 Mopo carne AAA APA A 130 NE command MOS sica raras rara tasca 131 A ads Seca tar huet ce accede dea ae arte hacia dhs as aecdeindey sh 131 SO SS noise den dada 132 STE Una AAA 132 PE ai a EEE a aie acd oh dee te AR ee Ada eh do 132 A 6425 eeee a etea sera ee Gia sheessdee scare inen ches ed ake aceras 132 Command Mode A itir Shh deedew ede thewedhre bays weekend 132 Po PONI irritada oan dikes heads A ie 132 Neki command MOOG 2063 rca A dhe eee AAA 132 Rented COMMAD S e in dd AA AA A a AAA 132 Pete errare rrenaren ENAN porras 133 show ip ospi database 0 mi
35. for HTTP FTP Telnet and SNMP connections 311645 A Rev 00 Chapter 2 CLI Command Summary 71 ip http server This command allows the administrator to enable or disable management of the switch using a Web browser If HTTP management is disabled the switch can still be managed using the Nortel Networks CLI Syntax ip http server no ip http server Parameters None Default This feature is enabled by default on the switch Command mode Global configuration Next command mode Global configuration Reference for the Contivity VPN Switch Command Line Interface 72 Chapter 2 CLI Command Summary Related commands interface loopback Example CES config no ip http server This command disables management of the switch using a Web browser The switch can still be configured using the CLI 311645 A Rev 00 kill Chapter 2 CLI Command Summary 73 This command terminates an identified Telnet session The Telnet session ID can be obtained using the who command Any in progress session commands are completed and the session is then terminated without any warning or message to the Telnet user If the session ID given by the administrator is not valid or is not for a Telnet session the command displays an error message and does nothing Syntax kill telnet_id Parameters telnet_id Session ID of Telnet session to be terminated Command mode Privileged Exec Next command mode Privileged Exec Warnings
36. in the future as well as see where problems have been detected already Syntax show health alertslwarningsldisabledlall Parameters alerts Causes conditions to be shown that require immediate administrator attention warnings Causes conditions to be shown that need to be fixed to avoid an alert condition It also shows alert conditions disabled Causes conditions to be shown that need to be fixed to avoid an alert condition It also shows warning and alert conditions all Causes all conditions to be shown including those that are operating correctly 311645 A Rev 00 Chapter 2 CLI Command Summary 129 Default If a warning level is not given then only alert and warning problems are shown equivalent to show health warnings Command mode Privileged Exec Response See the example for output from this command Next command mode Privileged Exec Related commands audible alarm Example CES show health warnings Alert LAN on slot 2 Interface 1 Device feil down Alert Auto backup servers Can t backup to 12 33 44 123 Alert Voltage 2 5 VA Voltage out of range Alert Chassis Fan Fan not functioning Warning Hard Disk 1 Device idel not available Warning SNMP Servers Server not configured This example shows the type of output that is displayed when alerts and warning messages are requested by the show health command Reference for the Contivity VPN Switch Command Line Interface 130 C
37. is being used by a filter COMMAND DELETE_RULE RULE_NAME Rule name Required END 311645 A Rev 00 Chapter 3 Bulk Load Command 213 The CREATE_ADDRESS command creates a new address definition to be used by a filter rule COMMAND CREATE_ADDRESS ADDR_NAME Address Name Required IP_ADDR IP Address Required ASK Address mask Required END The CREATE_PORT command creates a new port definition to be used by a filter rule COMMAND CREATE_PORT PORT_NAME Port Name Required PORT Port number Required Automatic backup Two bulk load commands are available to configure the automatic backup feature ADD_FTPSERVER DELETE_FTPSERVER Reference for the Contivity VPN Switch Command Line Interface 214 Chapter 3 Bulk Load Command The ADD_FTPSERVER command is used to configure a new automatic backup server COMMAND ADD_FTPSERVER FTP_IP FTP host IP address Required FTP_UID User ID for FTP host Required FTP_ENABLE Enable Auto backup Host Default Enable FTP_PSW Password for FTP host Default FTP_INTERVAL Time between backups hours Default 5 FTP_PATH Path where files are stored Default A FTP_SERVER FTP Server 1 2 3 Default 1 E ND The DELETE_FTPSERVER command is used to re
38. of time to complete depending on the size of the LDAP database The user sees a message once the backup task has been completed 311645 A Rev 00 Chapter 2 CLI Command Summary 111 Next command mode LDAP server configuration Prerequisites The internal LDAP server must be stopped before a backup command can be performed Warnings LDIF File xxxxxxxx already exists The LDAP server must be stopped before performing a backup Cannot backup LDAP server backup in progress Cannot backup LDAP server restore in progress Related commands ldap server internal server restore server start server stop Reference for the Contivity VPN Switch Command Line Interface 112 Chapter 2 CLI Command Summary Example CES config ldap server internal Router config 1dap server stop Router config ldap server backup jan102000 Server backup started to file ide0 system slapd 1dif jan102000 Server backup completed Router config ldap server start Router config Idap texit This example shows the internal LDAP server being stopped and the contents being backed up to a file called jan102000 After the backup has completed the LDAP server is started again 311645 A Rev 00 Chapter 2 CLI Command Summary 113 server restore This command replaces the current contents of the internal LDAP database with an LDIF file possibly created by a server backup operation or some script The internal LDAP server must be s
39. reboot latest The switch should be rebooted with the latest configuration file 311645 A Rev 00 Chapter 2 CLI Command Summary 103 factory The switch should be rebooted with the reset configuration file This file sets the switch to basic defaults the contents of the LDAP database and other settings are still maintained config name Name of the previously saved configuration to use on reboot disable logins No more logins should be permitted before the reboot occurs disable after restart Logins should not be permitted after the reboot This is intended to support system maintenance tasks after a reboot text If present this explains the reason for a reload command This reason will be displayed on the Admin gt Shutdown and Status gt System Web management pages If the value for the text parameter contains spaces it may be enclosed in double quotes so that it has a single parameter value Default The default settings for this command are determined by any previous reload command For the first reload command the following defaults apply restart boot drive ide0 config file latest Command mode Privileged Exec Next command mode Privileged Exec Reference for the Contivity VPN Switch Command Line Interface 104 Chapter 2 CLI Command Summary Prerequisites A named configuration file can only be used after it has been created Warnings Any warnings cause the command to fail The user must reente
40. security 26 tEvtLgMgr 0 Security 3 Management Request for manager htm denied re 29 tEvtLgMgr 0 Security 2 Session LOCAL admin 2873 master admin authen 30 tEvtLgMgr 0 Security 2 Session LOCAL admin 2873 Management logged 38 tEvtLgMgr 0 Security 3 Management Forced Admin User Off Due to Timeo 39 tEvtLgMgr 0 Security 2 Session LOCAL admin 2873 logged out 39 tEvtLgMgr 0 Security 3 Management Forcing admin to re supply userid 40 tEvtLgMgr 0 Security 2 Session LOCAL admin 2874 master admin authen 41 tEvtLgMgr 0 Security 2 Session LOCAL admin 2874 Management logged 08 tEvtLgMgr 0 Security 3 Management Forced Admin User Off Due to Timeo 09 tEvtLgMgr 0 Security 2 Session LOCAL admin 2874 logged out 09 tEvtLgMgr 0 Security 3 Management Forcing admin to re supply userid 11 tEvtLgMgr 0 Security 2 Session LOCAL admin 2875 master admin authen 11 tEvtLgMgr 0 Security 2 Session LOCAL admin 2875 Management logged 39 tEvtLgMgr 0 Security 3 Management Forced Admin User Off Due to Timeo 40 tEvtLgMgr 0 Security 2 Session LOCAL admin 2875 logged out 40 tEvtLgMgr 0 Security 3 Management Forcing admin to re supply userid 41 tEvtLgMgr 0 Security 2 Session LOCAL admin 2876 master admin authen 42 tEvtLgMgr 0 Security 2 Session LOCAL admin 2876 Management logged 59 tEvtLgMgr 0 Security 3 Management Forced Admin User Off Due to Timeo 00 tEvtLgMgr 0 Security 2 Session LOCAL admin 2876 logged out
41. show logging events 09 02 1999 11 57 12 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7e88 00000000 09 02 1999 12 01 52 0 FTP Backup 13 Redundant Disk is not available 09 02 1999 12 01 52 0 FTP Backup 13 Update completed 09 02 1999 12 02 00 0 DCLog 00 DCManager flushing data to stat file 19990902 DC 09 02 1999 12 02 20 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7b24 00000000 09 02 1999 12 02 20 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7e88 00000000 09 02 1999 12 03 59 0 Security 13 Management Forced Admin User Off Due to Timeout 09 02 1999 12 04 00 0 Security 12 Session LOCAL admin 2876 logged out 09 02 1999 12 04 00 0 Security 13 Management Forcing admin to re supply userid 09 02 1999 12 04 03 0 Security 1 Session LOCAL admin attempting login 09 02 1999 12 04 03 0 Security 0 Session LOCAL admin has no active sessions 09 02 1999 12 04 03 0 Security 0 Session LOCAL admin admin has no active accoun 09 02 1999 12 04 03 0 Security 12 Session LOCAL admin 2877 master admin authenti 09 02 1999 12 04 03 0 Security 1 Session LOCAL admin 2877 server right MANAGE 09 02 1999 12 04 03 0 Security 1 Session LOCAL admin 2877 user group right MANS 09 02 1999 12 04 04 0 Security 12 Session LOCAL admin 2877 Management logged in 09 02 1999 12 07 36 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7b24 00000000 09 02 1999 12 07 36 0 PaceJob 0 00 Calling 0x00ca012c passing 011b7e88 00000000 09 02 1999 12
42. shows the current backup FTP servers that are defined for the switch Syntax show exception backup Parameters None Default None Command mode Global configuration Response This command outputs details of the current backup FTP servers that have been defined for the switch if any Reference for the Contivity VPN Switch Command Line Interface 122 Chapter 2 CLI Command Summary Next command mode Global configuration Warnings No backup FTP servers defined Related commands exception backup 311645 A Rev 00 Example CES config show exception Backup FTP Server 1 Chapter 2 CLI Command Summary 123 backup Server Address 12 230 111 10 Backup Filepath dev1 C ES Backup Backup Interval 12 hours Server Username ContivityAdmin Backup FTP Server 3 Server Address backupC ES internal com Backup Interval 168 hours Server Username ContivityMainAdmin CES config show exception Backup FTP Server 1 CES config tno exception backup 3 backup Server Address 12 230 111 10 Backup Filepath dev1 C ES Backup Backup Interval 12 hours Server Username ContivityAdmin This example shows the output when two backup FTP servers have been defined There is no backup file path defined for the second server The second server number 3 is removed from the list of available backup FTP servers and the second show exception command shows that de
43. support of authorized use of the Software and c to use and copy the associated user manual solely in support of authorized use of the Software by Licensee This license applies to the Software only and does not extend to Nortel Networks Agent software or other Nortel Networks software products Nortel Networks Agent software or other Nortel Networks software products are licensed for use under the terms of the applicable Nortel Networks NA Inc Software License Agreement that accompanies such software and upon payment by the end user of the applicable license fees for such software 2 Restrictions on use reservation of rights The Software and user manuals are protected under copyright laws Nortel Networks and or its licensors retain all title and ownership in both the Software and user manuals including any revisions made by Nortel Networks or its licensors The copyright notice must be reproduced and included with any copy of any portion of the Software or user manuals Licensee may not modify translate decompile disassemble use for any competitive analysis reverse engineer distribute or create derivative works from the Software or user manuals or any copy in whole or in part Except as expressly provided in this Agreement Licensee may not copy or transfer the Software or user manuals in whole or in part The Software and user manuals embody Nortel Networks and its licensors confidential and proprietary intellectual property Licensee s
44. with MD5 Integrity e Enable Disable ESP_NULLSHA1 ESP NULL Authentication Only with SHA1 Enable Disable poem Integrity ESP_NULLMD5 ESP NULL Authentication Only with MD5 Integrity Enable Disable AH_SHA1 AH Authentication Only HMAC SHA1 a Enable Disable AH_MD5 AH Authentication Only HMAC MD5 Enable Disable SCRSVR_PSW Client screen saver password required Enable Disable SCRSVR_INT Client screen saver interval PSW_ON_CLI Allow password storage on client Enable Disable PFS Perfect forward security Enable Disable COMPRESSION Compression Enable Disable REKEY_TO Rekey timeout hh mm ss format 311645 A Rev 00 Chapter 3 Bulk Load Command 197 REKEY_DATACNT Rekey datacount in KB DOMAIN Domain name PRI_DNS Primary DNS address PRI_WINS Primary WINS address n EC_DNS Secondary DNS address n EC_WINS Secondary WINS address END Purge Group The PURGE_GROUP command is used to delete all users in a specified group If you do not specify a group the command purges all users in the Base group COMMAND PURGE_GROUP GROUP Group name Required END Delete Group The DELETE_GROUP command is used to delete a specified group and its users COMMAND DELETE_GROUP GROUP Group name
45. 250 250 15 62 250 250 1041 0x80000011 Oxecf5 3 10 254 1 36 10 254 1 36 1001 0x8000001d 0Oxf39a 6 Displaying Summary Link States Area 0 0 0 0 Link State ID Adv Router Age Seg Nbr CheckSum 15 62 0 0 15 62 250 250 798 0x80000006 Oxdede This example lists the information related to the OSPF database Reference for the Contivity VPN Switch Command Line Interface 136 Chapter 2 CLI Command Summary show ip ospf interface This command displays information about interfaces that are configured for OSPF routing Syntax show ip ospf interface Parameters None Default None Command mode User Exec Response See the example for output from this command Next command mode User Exec 311645 A Rev 00 Chapter 2 CLI Command Summary 137 Related commands show ip ospf show ip ospf database show ip ospf neighbor Example CES gt show ip ospf interface IP Address Cld Area ID Type State Cost Priority Router 15 60 150 150 17 0 0 0 0 BCAST DR 1 1 10 254 1 36 15 63 150 150 74 0 0 0 0 PTPT Other 100 1 0 0 0 0 This example displays OSPF related interface information Reference for the Contivity VPN Switch Command Line Interface 138 Chapter 2 CLI Command Summary show ip ospf neighbor This command displays information about OSPF neighbors on a per interface basis Syntax show ip ospf neighbor Parameters None Default None Command mode User Exec Response See the example for output from this comman
46. 251 66i ce se wee AAA A RONDE AAA aeons 209 A arse sie te detec ecg A Pare hh lec chs deere BCA E A 210 a sc cieeetoura hens d oka Aed Ob been ead eee eee ee 213 EE sirasi pede AL back POLS ERA eo ade Pee eR eR 214 US aac aid alec chs Acc da des oy tap hace gu ah a kn ron Ades 215 DHCP cgactasaccateaner cede ee ameeareiesaenitdareaneesaebadwnses 217 LESS commands crio AAA RARA 218 ta A o ou eRerun cess eeewdeeseeeerdeawedeas 219 Deletion Of GrOuUpS cc cs eeew a cake denen Keke A eee Ree w RR Ew ee 219 Reference for the Contivity VPN Switch Command Line Interface 26 Contents Required fields for user and branch records oooococcccococo ooo Group name SIMS descarnada cdi 311645 A Rev 00 27 Preface This book is intended for Nortel Networks Contivity VPN Switch managers and administrators It provides reference information for each of the Web browser configuration screens Conventions This guide refers to the Contivity VPN Switch as the switch This guide assumes that you are familiar with Web browsers and their general operation Documentation This document uses the following conventions to distinguish among notes of varying importance Note Take notice Notes contain helpful suggestions or references to materials contained in this document Caution Be careful In this situation you might do something that could result in damage to the equipment or loss of data Warnin
47. 311645 A Rev 00 41 Chapter 2 CLI Command Summary arp This chapter provides a summary of all CLI commands The Commands are listed in alphabetical order This command modifies the contents of the Address Resolution Protocol ARP cache On the Contivity VPN Switch only the no form of the de facto command is supported There is no command to add a permanent entry to the ARP cache Syntax no arp ip address Parameters ip address The IP address to be removed from the ARP cache Default None Command mode Global Configuration Reference for the Contivity VPN Switch Command Line Interface 42 Chapter 2 CLI Command Summary Next command mode Global Configuration Related commands show arp clear arp cache 311645 A Rev 00 Chapter 2 CLI Command Summary 43 audible alarm This command enables and disables the audible alarm on the switch that is sounded under certain error conditions Syntax audible alarm no audible alarm Parameters None Default Audible alarm is enabled Command mode Global Configuration Next command mode Global Configuration Related commands show health Example CES config no audible alarm This example shows the audible alarm being switched off for the switch Reference for the Contivity VPN Switch Command Line Interface 44 Chapter 2 CLI Command Summary clear arp cache This command deletes all dynamic entries from the ARP cache to
48. 9 Reference for the Contivity VPN Switch Command Line Interface 24 Contents WANNA er ee ee er ee ee ee A T eee 179 Related commands vestir rara ida 180 EXAMP 2 0b da debe deeds Kee edehew Rake dddeu PERE W EEN CROW REE RS 180 CHIME Seer NOME cas rae ha oN A ae Pee A Ra gS led 181 e E ewes Coober ASEE TATS EE easi eens 181 A O O KDORRESALAe SERS HERE TO 181 O tc les NS tn aed sat esha oe les Meld eked a Perth ee EE eds do a ed 181 CUMMING MOTE 6 vs can tes Sees AoE ER ea POSE aende REENE EES 181 Nexicommand MOOS errada EMSS ee eee AR 182 WUC air arrasada ECR REY COKE Dae eR a 182 Relea COMMANGS 2600204042660 debe Ghee e eee teehee shee cabana aees 182 O a A 182 SITICIONDIO ssipurrian radares 183 e O Pohad eR Pednpedu dees Ieee Rees 183 PETEERE a ol eR ard ha i ad E A a 183 DTS 24240554 4a06i2eea ee Pika chee S Agee scare tines chee EE E E 183 Command MOOS sciare ead sa cden edb diode eed A CEES RE OARS p ae 183 Next command MOTO ecc eden dake deus a dos 183 Relaed commands scrisorii dreri rpad ibaa dhe EE Re beh ER TAS ed HERS 183 E AA cao eae a as deer deen ae Seal aera ao esas we Beas nae ae neler 184 ACES e Ada Eee ERK Re Lee AAA 185 o dae ee ce ee ee ee rn ee eee ee re ere ee ee Sn eee eee 185 A a eave ard noes Ae abe eee ake acl ied is a da ae 185 DOM lt a seed dee Rs Reece AA AA AAA 185 COMMA MOTE drive ad AA 185 Nexi command MORO ecinisuaca dana ridad 185 VANIS 2 00r adie ra A AA AR AAA 186 lea AA O A A d etalon Sk 186
49. AD THIS AGREEMENT UNDERSTANDS IT AND AGREES TO BE BOUND BY ITS TERMS AND CONDITIONS LICENSEE FURTHER AGREES THAT THIS AGREEMENT IS THE ENTIRE AND EXCLUSIVE AGREEMENT BETWEEN NORTEL NETWORKS AND LICENSEE WHICH SUPERSEDES ALL PRIOR ORAL AND WRITTEN AGREEMENTS AND COMMUNICATIONS BETWEEN THE PARTIES PERTAINING TO THE SUBJECT MATTER OF THIS AGREEMENT NO DIFFERENT OR ADDITIONAL TERMS WILL BE ENFORCEABLE AGAINST NORTEL NETWORKS UNLESS NORTEL NETWORKS GIVES ITS EXPRESS WRITTEN CONSENT INCLUDING AN EXPRESS WAIVER OF THE TERMS OF THIS AGREEMENT 311645 A Rev 00 Contents 7 Contents ih oe ee ee ere er ee re ee ee ere ere re ee 27 COMENTAS os keene eek oh A eee a SLR AE ASA ha 27 DOCUMBIERON espriscicii aid AAA 27 Related PUDICALONS rostro A AAA ae HERS Wado 28 A O A 28 POMAR A Re Res 30 Hardcopy technical Manuals oia dd AA A 31 User interface help DUNO ccccccccccaedgeea Dede ae eee AEREA ERA REE 31 Nortel Networks Customer Service 000 cece teens 32 Chapter 1 aus Ma 2 6086 Sano tt cu A A 33 as MECL cae hain eee hd Sed a CAG hen Aaa malas decades 33 Access from a Telnet SESSION ccosrciarnirarrioa ria A AA 33 Access from the serial port menu ooooocooocororocrrao 34 Command MODOS vicsori ddr 34 User EC QUe ts ccs beeen deca oa AAA FORRES 35 Privileged Exec MODE ons suka oe ea eee e a dew a or Global Configuration Mode c ccccceaeteduceedaaye sarna rra rias 38 Poy PIRMOS rr daria AA A AAA A 39 Chapter 2 CLI Command Su
50. AP server must be stopped before an ldap import can be performed Display the status of the LDAP server Start the LDAP server running This command cannot be performed while the LDAP server is performing an export or import command This command cannot be Executed unless the LDAP server is actually stopped Reference for the Contivity VPN Switch Command Line Interface 76 Chapter 2 CLI Command Summary stop Defaul Stop the LDAP server running This command cannot be Executed unless the LDAP server is actually running t None Command mode Global configuration Next command mode Global configuration Warnings LDAP server is currently running LDAP server is already running LDAP server is already stopped Invalid LDIF file name LDIF file does not exist Example Cc ES config ldap ES config ldap ES config ldap ES config ldap show stop export start 311645 A Rev 00 Chapter 2 CLI Command Summary 77 Idap server This command is used to configure the settings for the LDAP server used by the switch to store the configuration settings that are not specific to an individual switch The LDAP server can be internal to the switch being administered or can be an external server that is shared by one or more Contivities Syntax ldap server internal external Parameters internal Enter LDAP server configuration mode for the internal LDAP server external Ent
51. AR PURPOSE In addition the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure that may incorporate by reference certain limitations and notices imposed by third parties USA Requirements Only 311645 A Rev 00 Federal Communications Commission FCC Compliance Notice Radio Frequency Notice Note This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy If it is not installed and used in accordance with the instruction manual it may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case users will be required to take whatever measures may be necessary to correct the interference at their own expense European Requirements Only EN 55 022 Statement This is to certify that the Nortel Networks Contivity Extranet Switch is shielded against the generation of radio interference in accordance with the application of Council Directive 89 336 EEC Article 4a Conformity is declared by the application of EN 55 022 Class A CISPR 22 Warning This is a Class A product
52. D Vendor ID Enable Disable 311645 A Rev 00 Chapter 3 Bulk Load Command 205 PFS Perfect forward security Enable Disable COMPRESSION Compression Enable Disable REKEY_TO Rekey timeout hh mm ss format REKEY_DATACNT Rekey datacount in KB RIP Attributes RIP_TRANSMIT Rip Transmit OFF V1 V2 RIP_RECEIVE Rip Receive OFF V1 V2 IMPORT_DEF_ROUTE Import Default Route Enable Disable EXPORT_DEF_ROUTE Export default routes metric Enable Disable EXPORT_STATIC_ROUTE Export static routes metric Enable Disable EXPORT_BO_STATIC_ROUTE Export branch office static routes metric Enable Disable EXPORT_OSPF_ROUTE Export OSPF e static routes metric Disable 1 15 POISON_REV Poison Reverse Enable Disable RIP_AUTH Rip Authentication None Simple MD5 Note The following value does not accept the gt INHERITED keyword The RIP_AUTH value will controlthe inheritance of this value RIP_PASS RIP authentication password OSPF Attributes OSPF_PRI OSPF Priority OSPF_DEAD_INT OSPF dead interval OSPF_HELLO_INT OSPF hello interval Reference for the Contivity VPN Switch Command Line Interface 206 Chapter 3 Bulk Load Command OSPF_REXMIT_INT OSPF retransmit interval OSPF_XMIT_DELAY OSPF transmission delay OSPF_AUTH OSPF
53. D Address pools Two bulk load commands are used to configure address pools CREATE_POOL and DELETE_POOL The CREATE_POOL command is used to create a new address pool COMMAND CREATE_POOL NAME Name of new address pool IP_START Starting IP address Required IP_END Ending IP address Required ASK Subnet mask Reference for the Contivity VPN Switch Command Line Interface 210 Chapter 3 Bulk Load Command The DELETE_POOL command is used to delete an existing address pool COMMAND DELETE_POOL IP_START Starting IP address Required IP_END Ending IP address Required END Filters Several bulk load commands are used to create and configure filters and filter rules CREATE_FILTER D _FILTER ADD_RULE CREA RU DELETE_RULE CREATE_ADDRESS CREATE_PORT 311645 A Rev 00 Chapter 3 Bulk Load Command 211 The CREATE_FILTER command allows for the creation of a new named filter The filter may be created to allow or disallow certain management traffic These fields are not required COMMAND CREATE_FILTER FILT_ NAME Filter nam Required Allow management traffic for HTTP_SVC HTTP local service Enable Disable SNMP_SVC SNMP local service Enable Disable FTP_SVC FTP local service Enable Disable TELNET _SVC TELNET l
54. Dial John Connolly at 1 800 555 1212 x 123 This example sets the contact string to dial John Connolly at 1 800 555 1212 x 123 311645 A Rev 00 Chapter 2 CLI Command Summary 179 snmp server location This command sets or clears the SysLocation field in the MIB II MIB This field contains the physical location for this switch Syntax snmp server location text no snmp server location Parameters text String containing the physical location of the switch Default None Command mode Global configuration Next command mode Global configuration Warnings Location string too long must be 255 characters or less Reference for the Contivity VPN Switch Command Line Interface 180 Chapter 2 CLI Command Summary Related commands snmp server contact text snmp server name text Example CS config snmp server location Building 400 4th Floor Closet A122 This example sets the location string to Building 400 4th Floor Closet A122 311645 A Rev 00 Chapter 2 CLI Command Summary 181 snmp server name This command sets or clears the SysName field in the MIB II MIB This field contains an administratively assigned name for this switch Syntax snmp server name text no snmp server name Parameters text String containing the switch name Default None Command mode Global configuration Reference for the Contivity VPN Switch Command Line Interface 182 Chapter 2 CLI Comman
55. E AA ARA AR ToL ELA 54 Es A a de i cA ig oc Sn he a dy aid ec 54 Neki command INOS ccd cede recs deed spinde A ROSE Ree Ede RSs 54 Retsies commande sasaran oe hehe PRR ARA CAPS GSE E POM Ce VES OE TRH 55 Eclectic 55 A 42 4 c0e ceereddh cw ae enn eta pear addi daseredrdhe Reece E 56 e oka ea Where USE ped teat cA ign nda ee ph ee a chsh A O 56 PALMS pidiera 56 E 56 Command mode 0 ccc eee nee eee 56 NEM command MOTOS lt lt cc cer cdeecebee ed tee sent ecaraesebecakauaneaes 56 A OO 56 Related Comunas ascii criada id 57 EXIME errira EEN A 57 Reference for the Contivity VPN Switch Command Line Interface 10 Contents SOME PASSION AA 58 SUIS salvia ia 58 PU AMES cusclrcran ar 58 A gee oie Fad a ae cs aged ac hs AP ees adie Wee oak ded la les 58 Command A hee AAEREN AERA 58 Next command MOUS 2035502h50 9245 renier ai i t ORS A 58 A scat eE A R uscd 58 Relaled commands accord 59 BRANES 0 AAA A AA ALS AAA 59 RCO DOCU s2xcuddedan rada Far A 60 o II ete sees ecanrsameede 60 Pae EIE a fat di ces ea ee ie a ban lc he eR eae ae ey eno ordered 60 PO A nie E EE T EAEE EET EAE E E T EAEE ET EE 60 COMMEN NGOS 4 4444 sends iaa AI A a peRaey 61 Next command MOTO coi rc a A eee 61 Related commands 22 00 2080 re e RA A A AREA 61 EXE 00 th 6 eee cre th rh OR EERE AAA AAA SY HERR EES 61 OAL daa AAA ca 62 DUMAS 2 a da PoP ee Meese bees He 62 PROV dicint es 2h chk nee a dal cee aps Lee ha ce ee Seda 62 DOA ccc popu eee Shad a Rae hd REO
56. EO 46 BRAINS A e809 RAPD ERE EARAEREK A RE AE RRE ADRES HED LE 46 ACASO Sls a wack ieee eed a a ee ik Ain aie eee ed 47 A scaceeel kee stor ei EEN RES ees Ud Soe SERS SERS Cee TERE SS 47 POCI N A AR ARA SA SIRES PON Se OOS FE 47 DOU A E A 47 e A deibac de eadgeence 47 PCT IM MOOG hic aie ek es ale Reina deed ei a A led ag 47 Related commands 26d ukewrnndovedat Aaa 47 lt eiar a AA A RRA ee ere eee ARAS 47 COMES met id deh ac een Bl as dai estan o es aes dee ea 48 A cease dadeagereeadias eae erar sage tecabaaaegeae 48 A A 48 PI dedn deeded aeien aed ca bacere 48 Command MOUE pre 48 311645 A Rev 00 Contents 9 Next command MODA hs coos eee deed an a AAA AAA 48 Related commands seria iaa ona 48 EXSIMOIES errian setrit eiee eee RRR EWE SE RH CREME ER EMS 48 CONS OE A saat eek CAS REE OE ee hades 49 DPC sie tiRAiGae LE TASEA TAEAE dee naman edaenas 49 PaaS veritas bho A a LAR e RN AA 50 A UU bch le a Sec nso E A ed a ea 50 COMMANA MOE vacias bear Rees ia dhe we sa deca ee 50 Next command GE errada AAA ARA 50 Related commands cc cidade od SER Hw rada 50 EXAMP 220 occ rand RA E RA eRe me A RES 50 A A E Ade a eee 52 E ae PP EEEE AS EE ETT EEEE E E EE ETT EE E T 52 a raan aaa aa PO aaa a TA A ETO 52 Command mode iccrccrirno ora a 52 Next COMMANG Made cocer oe ada AR A RA ARA 52 Related commands ividrcirsirrrrarta AAA 52 EUA ta 53 ab EA EEN S E a Hee perras a a 54 o cosa ita AEA E EAA A aia EE 54 Paeis corria dar ir EA 54 STA sn d
57. EO RARA HAE dade ERE RH 113 Ce O 113 Paame 0er A A ARS 113 Reference for the Contivity VPN Switch Command Line Interface 16 Contents O A A 113 Command Mode sorna iras 113 Response e cceee echoed ewes can E A AREER RRR EE ee 113 Next command Milde co cc sosa a a ek ae oe ee 114 PrETOQUISITES c6ecscaciaaekedeesakemasaadakend het arenwaseneieeee 114 ANSIA rr Raley Dh ASA GS RRNA Aa SBA PRR A Sd gon sesh sow weasel aon 114 RASO COMMAS uu db di is ce Gola cha ia nda ah ged ii ges de ale ded 114 Example cc cs che nw PPP 115 EVEN p55 42a Sad HOA Ree ERA ewe gt Kea Toa KOR AA 116 o aetna eeuaed hase weed ageee eGR Oeeueaaeedanacasshedaees 116 PATOS sacnecdnsace set ieke rain es ai 116 AA a E EA 116 Command Mode cesos 116 RESPONSES a AAA A RATA AAA 116 Next command MOTE coi rc a A eee A 116 PIETOQUISITOS coros RR RY 116 ANTI A AE GEE S TEN 117 Related commands veda dacwu dd dnddana AA a 117 EXIME sc coser or BEA RAE 117 COMMEN a de AE AAA 117 Sero SOD sisi rn AA AAA en EE AARAA 117 DUMAS erarrirr rra RA a wus eed 118 A A A ied ig a ats ed 118 DOUE acct ceeh shed dd ee Rs eee dese Gece AAA 118 SOMA MOTE strain 118 POPON ccndhedscce dade iria recae 118 Next COMMANG INOUE o ceriar air bora aida a da 118 A A a EP 118 ATAU e EIEEE TENTA E Bandra dee Bice driach ald S Raa a eae hae ach aed ees 118 Related Commands i 60d aus oon ee we aek tee aar SES eo ERS ETAN 119 EXIME iz dz are daa dio me try e illo ne ae dos 119 COMO 2 eaaa a a aaa
58. ES Cee e Rees 165 Command mode 22 56 cic cee eee ke a 166 ROSPOINSE andes rinda ARA EA A 166 Next command MODE es pricirr caca A 166 Rented CO I MAN di ii ia a A a de aa ek 166 EXIME lt 0 is occurred A EA A eee ee 166 Showy DOGNI SEGUN A AAA AAA AAA 166 A chaadaneoasieedsne waded eseecdihedanenseenaanee add he tacos 166 le e A o shatiekes ghee cabanas as 167 O a bea E cdo ap te aie 167 Command Mode auspicia tania iras 167 o E E 168 Next command Mod cours a A A 168 Relates COMMANGS soria re e a dn A A A A 168 EXA 2 corr rt RA AAA AAA 168 COMME A A dados 169 show booing SUSTO cusiicia a AA RA AA deees 169 o A II aa gh a sas 169 Pareles caked ade Sh Ad EE RHE KEE TERS AES EAED RES TEER PARES 169 De veer ceed ded daphadey ees hens Raw AR AREER A 170 Command Mde ia da a dido 170 Respons eososurssssierirrecr ree A WEE eS 170 Nexicommand MOOS croacia AAA 170 Related COMMANDOS decirnos rara 171 EXAMP ee ee a AA A 171 COMES O A A a A 172 SUOMI ainia 172 Nine eraan aA A bod ed bese badd dee eee 172 Pea SN E eh cake pr Se de hi BS ed de ene de age Aaa ae de ne a av ae 172 DOW caritas sare sar dia obrera ARA ae 172 Command ModE conomeiarberiar dae deeds AAA A eHared 172 El on o A ere Rewer dees eRe eed eeeee denne eee 172 Next command MOJO gc 4 eed e chee santas eeu d odin we ekade eed A RAR 173 311645 A Rev 00 Contents 23 WII 655 553 ae ead D rar A o 173 Related COMMONS veria ida 173 gt 14 a N PPP 173 A O 173
59. IESDOMSE cososarascrro sar REA REA ee maRe 140 Next command MODE o ica di a a KA eee See A ol 141 Related commands serranas pon ERA 141 Show p rip dalabaso ocio rr ARA ARANA 142 US da a dd is ne 142 PAM cs cl aire cede deeee Ge ead dese eo e e 142 Dea x4 AA RRA OR AR SO REE PON AAA 142 Command A i dstre taeeae hase s eS hae eeds cme k Rea 142 Responso ee A AR AA 142 Nextcommand MOOG ic aa ek de A ed ae ae ea ie A ai 143 Related commands socia A WR eed ERE SEES amp ROEE 143 EXA id a BSR teh ih SE ed Bek SOK FAS ORGS 143 show a cae at eee rutiin eee headed oda eine ddan 144 OPUGN lt atkeeeniiarce sere tedia eeeeadeiecgerigcar ea E EE E 144 PUTAS cds oe ed deh a eR ie GRAN ORE A EERE EERE ARA ORS 144 Pe A ON 144 Command MOTE sorasdel sica as 144 Reference for the Contivity VPN Switch Command Line Interface 20 Contents PESOS sisirorriricrr cria ARMAR AR 144 Next command MOUE acudir 144 Pees COMMANGS socorrer ad SER Se E aR RS 144 Ela e Gras O Sine EEE aie Sard ae ag Sk Dae eae lene Ade 145 Cay BO OO 6 enki elena d sea RE ee LAR ERGeDe Re eecaee Rhea aden SARE 146 o 0 4 Siw eA RRA Miny e Ava G RPK ehh hee FRAC AR ee dane AeA a eA 147 Pe sae hase ae le A et hae need dae 147 De esconde EA A ARA do ews 147 COMMEN MOJE xica dd er ira 147 o cianceactstasdens ccd anace sist Pheer asic dineeencehs deus 148 Next command MOTE citrato ar 148 Reed ITN PAN Ls ji dci in ban de BR eae ok de diia 148 ESOS errada radios 148 Show p route Pol
60. None Command mode User Exec Next command mode User Exec Related commands show flash contents Example CES gt show version Contivity VPN Client Software Software Version V01_00 00 Software Build Date Nov 18 2000 11 31 50 System Serial Number 12012 MAC Address 00 E0 7B 00 00 CO BIOS 1 00 02 DI0 11 05 9612 40 54 bftarget uptime 016 days 01 hours 14 minutes Current Configuration File ide0 system config CFG01022 DAT Processor 1 Pentium Pro 200 Mhz L1D Cache 8K L1I Cache 8K 12 Cache 512K Memory 23 MB Free 64 MB Total Hard Disk 1 198 MB Free 1220 MB Total Diskette 3 5 Inch This example displays the basic information for this system 311645 A Rev 00 Chapter 2 CLI Command Summary 177 snmp server contact This command sets or clears the SysContact field in the MIB II MIB This field contains the name and contact information of the contact person for this switch Syntax snmp server contact text no snmp server contact Parameters text String containing the contact name and the location Default None Command mode Global configuration Next command mode Global configuration Reference for the Contivity VPN Switch Command Line Interface 178 Chapter 2 CLI Command Summary Warnings Contact string too long must be 255 characters or less Related commands snmp server location text snmp server name text Example CES config snmp server contact
61. Options can be specified to determine whether the switch turns off or reboots which configuration to use after a reboot and other settings The user is prompted to confirm that they want to continue with the reload If they say yes and if the reload command is valid the system reload will start a short time after all sessions tunnels and administrative have disconnected Syntax reload no sessions power off restart boot safe boot safel boot drive fide0 ide1 config file latest factory config name disable logins disable after restartl text Parameters no sessions Indicates the reboot will start once there are no more sessions connected to the switch power off If present the switch will power down after it has completed shutdown restart If present the switch restarts after it has completed shutdown boot safe If present switch restarts in safe boot mode boot normal If present switch restarts in normal boot mode boot drive Specify the drive from which the switch will reboot ideOlide1 Disk drive from which the bootable image will be loaded config file Specify which configuration should be used after a reboot latest The switch should be rebooted with the latest configuration file 311645 A Rev 00 factory config name disable logins Chapter 2 CLI Command Summary 107 The switch should be rebooted with the reset configuration file This file sets the switch to basic defaults the conte
62. P_COMMUNITY SNMP Community name SNMP_ENABLE Enable SNMP Host Default Enablel END The DELETE_SNMPHOST command is used to remove an existing SNMP Get or Trap host COMMAND DELE H E_SNMPHOST SNMP_TYPE Get Trap Required SNMP_IP SNMP host IP address Required eal zZ J 311645 A Rev 00 Chapter 3 Bulk Load Command 217 The CONFIG_TRAP command is used to configure which conditions will cause traps COMMAND CONFIG_TRAP TRAP_DESCRIPTION Trap Description Required TRAP_INTERVAL Time between trap checks hh mm ss TRAP_ENABLE Enable SNMP Trap Default Enable END DHCP Three bulk load commands are used to configure DHCP e CONFIG_REMOTE_POOL e CONFIG_DHCP e DELETE_DHCP The CONFIG_REMOTE_POOL command is used to set the type of remote pool used by the switch either DHCP or Address Pools COMMAND CONFIG_REMOTE_POOL POOL_TYPE Pool type to use DHCP Address Pool Required END The CONFIG_DHCP command is used to setup the DHCP servers on the switch COMMAND CONFIG_DHCP DHCP_TYPE DHCP servers to use Any Specified DHCP_IP DHCP server IP address Required if DHCP_SERVER is specified DHCP_SERVER Specified DHCP server to modify Primary Secondary Tertiary Default Primary Reference for the Contivity VPN Switch Command Line Interface 218 Chapter
63. TP Backup 13 Update completed 15 01 52 tEvtLgMgr 0 FTP Backup 13 Redundant Disk is not available 15 01 52 tEvtLgMgr 0 FTP Backup 13 Update completed 15 09 09 tEvtLgMgr 0 Security 3 Management Forced Admin User Off Due to Timeo 5 09 09 tEvtLgMgr 0 Security 2 Session LOCAL admin 2879 logged out 15 09 09 tEvtLgMgr 0 Security 3 Management Forcing admin to re supply userid 5 09 11 tEvtLgMgr 0 Security 2 Session LOCAL admin 2880 master admin authen 5 09 12 tEvtLgMgr 0 Security 2 Session LOCAL admin 2880 Management logged 15 27 33 tEvtLgMgr 0 Security 3 Management Forced Admin User Off Due to Timeo 5 27 33 tEvtLgMgr 0 Security 2 Session LOCAL admin 2880 logged out 15 27 37 tEvtLgMgr 0 Security 3 Management Request for manager htm denied re 5 27 39 tEvtLgMgr 0 Security 2 Session LOCAL admin 2881 master admin authen 5 27 40 tEvtLgMgr 0 Security 2 Session LOCAL admin 2881 Management logged 5 27 57 tHttpdTask 0 DbSysLog CaptureLevel changed from NORMAL to ALL by use 5 28 54 tHttpdTask 0 DbSysLog CaptureLevel changed from URGENT to NORMAL by 5 29 04 tEvtLgMgr 0 Security 12 Session LOCAL admin 2882 logged out This first example shows the system log output for normal messages The second example shows the normal messages The urgent messages are marked with an asterisk Reference for the Contivity VPN Switch Command Line Interface 172 C
64. Version 3 5 Part No 311645 A Rev 00 December 2000 600 Technology Park Drive Billerica MA 01821 4130 Reference for the Contivity VPN Switch Command Line Interface NORTEL NETWORKS Copyright O 2000 Nortel Networks All rights reserved December 2000 The information in this document is subject to change without notice The statements configurations technical data and recommendations in this document are believed to be accurate and reliable but are presented without express or implied warranty Users must take full responsibility for their applications of any products specified in this document The information in this document is proprietary to Nortel Networks NA Inc Trademarks NORTEL NETWORKS is a trademark of Nortel Networks Bay Networks Nortel Networks Extranet Switch 1500 Contivity Extranet Ready Personal Extranets and Infrastructure for Extranets are trademarks of Nortel Networks Microsoft MS MS DOS Win32 Windows and Windows NT are registered trademarks of Microsoft Corporation All other trademarks and registered trademarks are the property of their respective owners Restricted Rights Legend Use duplication or disclosure by the United States Government is subject to restrictions as set forth in subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 Notwithstanding any other license agreement that may pertain to or accompany the delivery of this c
65. a the telnet interface by using the LOAD command The LOAD command has the following syntax LOAD name of file As the command executes any errors encountered will be displayed on the screen Most errors are reported in the following format Error error message at line number 1ine number END The line number refers to the END label of the command in error If errors occur during the execution of a command they are displayed Non error status information is not displayed during the execution of the commands Once a command has been executed its results can be verified by viewing the command s corresponding Ul page Note A Bulk load file can contain a maximum of 40 000 lines including blank lines Reference for the Contivity VPN Switch Command Line Interface 190 Chapter 3 Bulk Load Command Components The bulk loading feature has two main components the command file and the LOAD command Load command The Load command is available only through the Telnet interface Once executed the command will load the specified command file and execute the instructions it contains When completed the command file will be deleted Following is the syntax of the Load command LOAD command file Command file The command file is a text file containing a sequence of commands that are to be executed The file is located in SYSTEM COMMAND directory on the boot disk The command file has the following characteristi
66. an unknown host address 311645 A Rev 00 Chapter 2 CLI Command Summary 187 who This command shows the active Telnet administration sessions on the switch with the IP address from which they are connected The sessions are listed by session ID The session ID values are fixed for the life of a session Syntax who ip_address Parameters ip_address A dotted IP address If present limits the output to Telnet sessions that are connected from the specified IP address if any If this argument is not specified then all Telnet sessions are displayed Default None Command mode User Exec Next command mode User Exec Warnings No Telnet sessions from specified IP address Reference for the Contivity VPN Switch Command Line Interface 188 Chapter 2 CLI Command Summary Illegal IP address Related commands kill show sessions 311645 A Rev 00 189 Chapter 3 Bulk Load Command The bulk load command allows an administrator to send a list of commands and parameters to a Contivity VPN Switch and have them executed in series This command allows an administrator with many switches to configure them in bulk from a list of settings instead of having to configure each switch manually through the browser interface The bulk load command allows an administrator to configure several different aspects of the switch such as users branch office connections tunnel types and so forth The bulk load command is executed vi
67. and return to user Exec mode Syntax disable Parameters None Default None Command mode Privileged Exec Next command mode User Exec 311645 A Rev 00 Chapter 2 CLI Command Summary 55 Related commands configure enable end Example C C ES disable ES gt Reference for the Contivity VPN Switch Command Line Interface 56 Chapter 2 CLI Command Summary enable This command puts the CLI parser into Privileged Exec mode allowing the administrator to use additional CLI commands The administrator is prompted for a case sensitive password before they can enter privileged Exec mode This password is created when the administrator user account is set up using the Web management pages The user gets three attempts to enter the password After the third incorrect attempt an error message is displayed Bad secrets and the User Exec prompt is redisplayed Syntax enable Parameters None Default None Command mode User Exec Next command mode Privileged Exec Warnings Bad secrets 311645 A Rev 00 Chapter 2 CLI Command Summary 57 Related commands configure disable enable password Example C ES gt enable Password fred The password does not display C C ES disable ES gt Reference for the Contivity VPN Switch Command Line Interface 58 Chapter 2 CLI Command Summary enable password This command allows the user to change the passwor
68. cs The command file must conform to the 8 3 eight character prefix the character suffix naming convention Each command file begins with the string FILE_FORMAT format Each command is initiated with the string COMMAND xxxx Each command is terminated with the string END Each command accepts a number of qualifiers Each qualifier is defined by TYPE VALUE pairs for example NAME is the field type and Joe is the field value The comment character is The command file must end with a blank line A command file may contain an unlimited number of commands When all commands have been executed the command file is automatically deleted 311645 A Rev 00 Chapter 3 Bulk Load Command 191 File format The FILE_FORMAT command defines what versions of the bulk load commands are contained in the command file In this release bulk loading file formats 1 0 2 0 and 3 0 are supported The FILE_FORMAT command is useful if a bulk load script is to be used on several switches with different releases installed For example the following command file may be executed on a switch installed with versions 2 50 2 60 and 3 00 FILE_FORMAT 1 0 COMMAND ONE fede END FILE_FORMAT 2 0 COMMAND TWO END FILE_FORMAT 3 0 COMMAND THREE eae END The 2 50 switch will recognize and execute command ONE and ignore command TWO and command THREE The 2 60 switch will recognize both command ONE
69. d Next command mode User Exec Related commands show ip ospf show ip ospf database show ip ospf interface 311645 A Rev 00 Chapter 2 CLI Command Summary 139 Example CES gt show ip ospf neighbor OSPF Dynamic Neighbors RouterID Pri State Dead Time Address Interface 10 0 62 182 1 FULL DR 00 00 20 10 0 62 182 10 0 4 41 10 0 16 36 1 2WAY 00 00 34 10 0 16 36 10 0 4 41 10 0 7 184 1 FULL BDR 00 00 37 10 0 60 182 10 0 4 41 10 0 7 182 1 2WAY 00 00 40 10 0 61 182 10 0 4 41 This example shows the IP address router id and state of the neighbors Reference for the Contivity VPN Switch Command Line Interface 140 Chapter 2 CLI Command Summary show ip rip This command displays general information about RIP routing and the state of RIP routing process and status Syntax show ip rip Parameters None Default None Command mode User Exec Response See the example for output from this command 311645 A Rev 00 Chapter 2 CLI Command Summary 141 Next command mode User Exec Related commands Example CES gt show ip rip Global Rip Status Enabled Trusted Neighbor Disabled Rip Domain 0 Triggered Update Off RouteChange 0x0 Query 0x0 Local Net 0x00000000 Mask 0x00000000 ClassMask 0x00000000 LocalCircuit 1 ode Wide Stats rn_rtid 0x00000000 rn tics 0 rn_num_circ 0 rn_routes 0 rn_udpInDatagrams 0 rn_udpOutDatagrams 1 rn_udpInErrors 0 rn_udpNoPorts 0 Th
70. d Summary Next command mode Global configuration Warnings Name string too long must be 255 characters or less Related commands snmp server contact text snmp server location text Example CES config snmp server name Contivity Chester Group 1 This example sets the name string to Contivity Chester Group 1 311645 A Rev 00 Chapter 2 CLI Command Summary 183 suffix remove This command is used when configuring the LDAP server for the switch It allows the administrator to remove the domain name suffix from the user ID before sending the user ID to the LDAP server for authentication Syntax suffix remove no suffix remove Parameters None Default suffix remove Command mode LDAP server configuration Next command mode LDAP server configuration Related commands ldap server show ldap server Reference for the Contivity VPN Switch Command Line Interface 184 Chapter 2 CLI Command Summary Example CES config ldap server internal Router config 1dap no suffix remove Router config 1dap domain delimiter suffix Router config 1dap exit In this example the delimiter between the user ID and the domain name is set to the character and the suffix is not removed before sending the user ID value to the LDAP server for authentication 311645 A Rev 00 Chapter 2 CLI Command Summary 185 trace The trace command allows the administrator to determine the route that pac
71. d used by the enable command to get into privileged Exec mode This is the same password as set on the Profiles gt Users Web page for the administator user admin account If the new password is not different from the existing password a warning message is generated Syntax enable password password Parameters password The password is defined that the administrator types to enter enable mode This password is case sensitive Default The default password is defined when the administrator user admin account is created on the Profiles gt Users Web management page Command mode Global configuration Next command mode Global configuration Warnings New password is same as current one 311645 A Rev 00 Chapter 2 CLI Command Summary 59 Related commands configure disable enable Examples CES config enable password fred CES config exit CES disable CES gt enable Password fred CES configure CES config enable password jane CES config exit CES disable CES gt enable Password fred Password joan Password charles o Bad secrets CES gt enable Password jane CES configure CES config enable password jane The enable password you have chosen is the same as your current password his is not recommended reenter th nable password This first example shows the password being set in global configuration mode and then asked for when the administrator tries to go f
72. ds in the file can configure various settings on the switch This facility is used to bulk configure the switch Syntax load filename Parameters filename The name of the file on the switch that contains the bulk load commands Default None Command mode Global configuration Next command mode Global configuration Reference for the Contivity VPN Switch Command Line Interface 82 Chapter 2 CLI Command Summary Prerequisites The LDAP server must be running Related commands Idap Example CES config load ide0 system test cmd 311645 A Rev 00 Chapter 2 CLI Command Summary 83 logging history This command determines what types of messages are stored in the system logs Once the message type level has been established future messages stored in the system logs must be at or above this level for them to be saved This is different from the IOS implementation where this command only affects syslog messages On the switch a warning is displayed if the level set with this command does not agree with the level required for syslog message forwarding as set in the logging facility syslog command Syntax logging history alerts errors notifications debugging default logging history Parameters alerts Log all emergency and alert messages errors Previous level plus critical and error conditions notifications Previous level and warnings and notifications debugging All message levels default Sets logg
73. e Clear ARP cache clear logging events Clear event log configure Enter configuration mode disable Turn off privileged commands help Display message about using help kill Terminate a Telnet session more Display the contents of a named file reload Reboot switch immediately reload at Schedule a switch reboot reload cancel Cancel pending reboot reload in Schedule a switch reboot reload no sessions Schedule switch reboot when no more sessions show arp Show ARP cache contents show health Show overall system health show logging config Show configuration log contents Reference for the Contivity VPN Switch Command Line Interface 38 Chapter 1 Introduction Table 3 Privileged Exec Mode commands Command Description show logging events Show event log contents show logging history Show the logging history setting show logging security Show security log contents show logging syslog Show system log contents Global Configuration Mode This mode allows the administrator to make changes to the switch running configuration These changes are saved across reboots This mode is also used to access other configuration modes Router and so on to be supported in subsequent releases The administrator enters this mode from Privileged Exec mode using the configure command To leave this mode and return to Privileged Exec mode the user en
74. e CLI via a Telnet connection Use the Services gt Available screen to enable the Telnet management protocol Note The Telnet protocol must be enabled on the switch in order to use gt Reference for the Contivity VPN Switch Command Line Interface 34 Chapter 1 Introduction Access from the serial port menu You can access the CLI through the Serial Port menu if you have a serial port connection to the switch Select L from the Serial Port menu shown below to access the CLI CES HyperTerminal AE File Edit View Call Transfer Help Please enter the administrator s user name admin Please enter the administrator s password Main Menu System is currently in NORMAL mode Interfaces Administrator Default Private Route bl Default Public Route Men Create A User Control Tunnel IPsec Profile Restricted Management Mode Allow HTTP Management TRUE Check Point Firewall Options Shutdown System Boot Options Configure Serial Port Controlled Crash Command Line Interface Reset System to Factory Defaults Exit Save and Invoke Changes Please select a menu choice 1 9 B P C L R E Connected 0 00 13 Auto detect 36008 N 1 SCROLL CAPS NUM Capture Print echo Figure 1 Serial Port Menu Command modes The switch CLI has three command modes e User Exec Mode Privileged Exec Mode Global Configuration Mode 311645 A Rev 00 Chapter 1 Introduction 35 Table 1 CLI Modes Prompts a
75. e Cane ea eee eae eas we ee eee ewe ee ee 102 311645 A Rev 00 Contents 15 A ee eee eee ee ee ee ee eet ee eee ee ee eee eee eee eT ee eee eee 102 o O a aED ENO 102 DEUN Sn dcoco cl screen AREA Aa 103 Command mode cossrinian rr a a 103 Next command MORO ccc cccvadecdakenadcadabeeaddee dheeeadee NI 103 PICVSQUIBNES capo acts rt SSA LRA PRAHA CRR ERA HED OE WERE 104 ANAIS it An Sa ci Ai cis en ag nh edt teh da aa Aiea ie 104 Related commands socios bebe rikaa dee ee aaa BEER Rew de ees 104 EXA os a od Hed AA a A ad oe ARS sd 105 LOIS capacita caida dias 105 usd MOSES ctra rdrs ada aa titi Aa 106 A A Ia ied a cia Aadays See alee 106 Parone cursada iia 106 A E A rA a a a 107 Command Mode 6 ons kde eee Ae adana a a 107 Nextcommaid Made s cote cece eke diterusna ar AA RA A 107 PIEPEQUISITES 2 24 5 criar AAA 108 ANITA circadiano 108 Relaled COMMAS 4ccs ae cad arca A A AAA 108 EX 3 iia dio amp dE Ae di 109 LOIS aliarse ide ds 109 Soar D si cka ec cele k RNa HR Ree Rdg RRL he de dR eg Ras 110 UI ia big herd hee a ia a 110 PAME E deeds ceded wees Geead doses Sha ee Sed a dO ERS 110 Dea 20 AA Reh eR AR Ok REE PON Ge RES EES 110 Command A aes Chae Ends eae haees EAE BENTSEN EAER 110 Responso ee ee ee ee ee 110 Mexi command A A dd ioe A acted dem Tii Eraro OOS parida ERA EAER 111 WRUNG 70 AAA A AAA 111 Related commands aiii a a ee a RA ee he ed 111 EXSNIG cc cack rnd ee reek eden eRe ee RR Re a eR Rk eR Re 112 Server TOSS air rd ar EN
76. ecific route to address a a a a net mask m m m m Default None Command mode User Exec Reference for the Contivity VPN Switch Command Line Interface 148 Chapter 2 CLI Command Summary Response See the example for output from this command Next command mode User Exec Related commands clear ip route Example CES gt show ip route S 0 0 0 0 0 6 10 via 10 0 0 10 0 00 58 36 Circld 1 D 10 0 0 0 16 0 0 via 10 0 4 41 0 00 58 36 Circld 1 D 10 0 3 41 32 0 0 via 127 0 0 1 0 00 58 36 Circld 1 D 10 0 4 41 32 0 0 via 127 0 0 1 0 00 58 36 Circld 1 D 11 0 0 0 16 0 0 via 11 0 4 41 0 00 58 36 Circld 9 D 11 0 4 41 32 0 0 via 127 0 0 1 0 00 58 36 Circld 9 CES gt show ip route 10 0 3 41 Routing Entry for 10 0 3 41 mask 255 255 255 255 Known via Direct distance 0 metric 0 Last update from 127 0 0 1 on CirclId 1 0 01 09 52 CES gt show ip route 10 0 0 0 255 255 0 0 Routing Entry for 10 0 0 0 mask 255 255 0 0 Known via Direct distance 0 metric 0 Last update from 10 0 4 41 on Cireld 1 0 01 15 28 311645 A Rev 00 Chapter 2 CLI Command Summary 149 show ip route policies This command displays the contents of route policies in the routing protocol Syntax show ip route policies Parameters None Default None Command mode User Exec Response See the example for output from this command Reference for the Contivity VPN Switch Command Line Interface 150 Chapter 2 CLI Command Summar
77. ent tunnel or the switch Syntax reload power offlrestart boot safelboot normal boot drive ideOlide config file latestlfactorylconfig name disable logins disable after restart text Parameters power off If present the switch powers down after it has completed shutdown restart If present the switch restarts after it has completed shutdown boot safe If present switch restarts in safe boot mode boot normal If present switch restarts in normal boot mode boot drive Specify the drive from which the switch will reboot ideOlide1 Disk drive from which bootable image will be loaded config file Specify which configuration should be used after a reboot Reference for the Contivity VPN Switch Command Line Interface 92 Chapter 2 CLI Command Summary latest The switch should be rebooted with the latest configuration file factory The switch should be rebooted with the reset configuration file This file sets the switch to basic defaults The contents of the LDAP database and other settings are still maintained config name Name of previously saved configuration to use on reboot disable logins No more logins should be permitted before the reboot occurs disable after restart Logins should not be permitted after the reboot This is intended to support system maintenance tasks after a reboot text If present this explains the reason for a reload command This reason will be displayed on the Admin gt Shu
78. ents Example CES gt clear logging events The example shows the command in use This command does not give any feedback to the user Reference for the Contivity VPN Switch Command Line Interface 48 Chapter 2 CLI Command Summary configure This command puts the CLI into global configuration mode This allows the administrator to access global configuration mode commands To exit this mode the user can enter control Z the exit command or the end command All global configuration commands are entered from the terminal Syntax configure terminal Parameters None Default None Command mode Privileged Exec Next command mode Global configuration Related commands disable enable end Examples CES configure CES config end 311645 A Rev 00 Chapter 2 CLI Command Summary 49 console mode Note You must have a control tunnel established before you can set this command This is a mini CLI command that allows emulation of CLI commands available in earlier versions of the Contivity VPN Switch software This command controls which menu items are visible on the serial port console for the switch and what CLI commands can be used When this command is used to set the switch in one of the two restricted modes the only CLI commands that are available are disable enable exit reload reload at reload in reload no sessions Because none of the Global Configuratio
79. er LDAP server configuration mode for an external LDAP server Default When initially configured the switch has an internal LDAP server Command mode Global configuration Next command mode LDAP server configuration Reference for the Contivity VPN Switch Command Line Interface 78 Chapter 2 CLI Command Summary Related commands Idap server source show Idap server Example CES config ldap server source internal CES config ldap server internal Router config 1dap server stop Router config ldap server backup bk0901 Router config ldap server start Router config 1dap exit This example sets the switch to use the internal LDAP server stops the server and backs up the current server database to an LDIF file named ide0 system slapd Idif bk0901 The prompt returns after the backup is completed then the administrator restarts the LDAP server CES config ldap server external Router config 1dap domain delimiter suffix Router config 1dap suffix remove Router config ldap host 122 33 102 44 master bind dn cn Management bind password myPas4wd Router config 1dap base dn ou engineering o Nortel Networks c US Router config 1dap exit CES config ldap server source external This example specifies the settings for a master LDAP server at IP address 122 33 102 44 port number nnn with a bind DN and base DN The domain delimiter is the character and the domain suffix i
80. es 2i643eh50 Saha seedy Sehnn pode ioe 49 EN NGO ea ekod 149 O a are 149 Panels ess cote ci ceek eke e RA DEER DASERA LORE ERS 149 A ss ie 2 38 pce O 149 Command Mode cc codeuiheeea de anddens dd baa houses lr 149 PGSOONSE c2cken kee ba eed CEES OREM EA 149 Next command MODE sica Caceres ce eee KA Ree SR A 150 Related commands 26 oc chee eee Kha porra 150 RAIS fear p eke he Rho GRAPHER AAA oI 150 QUO AU ad iaa da ii 151 A ckccieegd oes deeds eeedd bee eed ad a eed aRE SE 151 PONS A ROA OR AR AAA So MOO FERS 151 DOU A E athederd O28 Kae wede Ke bawEwe 151 COMMODO MOUE 2 46 0 n eunatarbarsadtiad a aa a 151 A E OEP dal ce 151 Nexi command MOUE e ccscecvededveedak edad ben eRe edd Ree EEE ob aROS 151 EXA ee AAA A RA AAA ee ee 152 A apie oh cp na O 154 o 2ccccneeiice ca ceee adhe eeeeadiesedenierareagetscakacamees 154 PAVARICIGIS cbs oes eh pa bei GRAM ORI EARNER DEERE RARA eS 154 BO 22025 pie atrop he ead ae od eer ea eee Goede tel aes 154 Command MOTE aoc teudded aoheedautaseeudadiusehtadepeterenes een 3 154 311645 A Rev 00 Contents 21 POSPONE 2 4 cca 4 Gerda tr RAR 154 Next Comma MOUE escurrir adidas 154 EXA 2c cescew naui eed e cen A SRE EN RRR wR EE Me 155 show A Se oone eke el ce eee EME EEA Vhs hore dee oe eee 156 e See eee ee eee ee ee eae eee eee ee eee ee ere ee eee ee ee eee TET 156 PAAR siekd oe bahay diode dee A LaLa EAR A 156 A kc ace Ma cS E sla dik ash les eed chek a Perham anand aoa 156 Comand MOTE Cade Sees pesca
81. f of the date of shipment This warranty does not apply if the media has been damaged as a result of accident misuse or abuse The Licensee assumes all responsibility for selection of the Software to achieve Licensee s intended results and for the installation use and results obtained from the Software Nortel Networks does not warrant a that the functions contained in the software will meet the Licensee s requirements b that the Software will operate in the hardware or software combinations that the Licensee may select c that the operation of the Software will be uninterrupted or error free or d that all defects in the operation of the Software will be corrected Nortel Networks is not obligated to remedy any Software defect 311645 A Rev 00 that cannot be reproduced with the latest Software release These warranties do not apply to the Software if it has been i altered except by Nortel Networks or in accordance with its instructions ii used in conjunction with another vendor s product resulting in the defect or iii damaged by improper environment abuse misuse accident or negligence THE FOREGOING WARRANTIES AND LIMITATIONS ARE EXCLUSIVE REMEDIES AND ARE IN LIEU OF ALL OTHER WARRANTIES EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE Licensee is responsible for the security of its own data and information and for maintaining adequate procedures apart from t
82. g Danger You are in a situation that could cause bodily injury A Before working on equipment beware of the hazards involved with electrical circuitry and standard practices for preventing accidents such as disconnecting equipment from its power source Reference for the Contivity VPN Switch Command Line Interface 28 Preface Related publications The following list shows the associated documentation that you will need to configure and manage the switch and describes the document s objectives e Contivity VPN Switch Release Notes provide the latest information including known problems workarounds and special considerations e Configuring the Contivity VPN Switch included on the CD provides complete details to configure monitor and troubleshoot the switch e Reference for the Contivity VPN Switch provides reference information for each of the Web browser configuration screens Text This guide uses the following text conventions angle brackets lt gt bold Courier text braces Indicate that you choose the text to enter based on the description inside the brackets Do not type the brackets when entering the command Example If the command syntax is ping lt ip_address gt you enter ping 192 32 10 12 Indicates command names options and text that you need to enter Example Use the dinfo command Example Enter show ip alerts routes Indicate required elements in syntax descriptio
83. gh Highest FORWARD_PRI Forwarding priority Low Medium NUM_LOGINS Number of logins High Highest STATIC_ADDR Static addresses Enable Disable IDLE_TO Idle timeout period hh mm ss format FORCED_LO_TIME Forced logout timeout hh mm SPLIT_TUN Split tunneling Enable Disable SPLI UN_NET Split tunnel network name ss format ADDR_POOL Address pool name or Default for default pool Bandwidth Policy BW_COMMIT_RATE Committed Bandwidth Rate bps BW_EXCESS_RA T EXCESS Bandwidth Rate bps BW_EXCESS_ACTION EXCESS Rate Action Drop Mark IPSEC Attributes DIG_SIG RSA Digital Signature Enable Disable UNAMEPW User Name Password Authentication 1 SERVER_CERT Default server certificate e Enable Disable Enable Disable ESP_3SHAl ESP Triple DES with SHAl Integrity Reference for the Contivity VPN Switch Command Line Interface 196 Chapter 3 Bulk Load Command ESP_3MD5 ESP Triple DES with MD5 Integrity a Enable Disable ESP_56SHA1 ESP 56 bit DES with SHAl Integrity e Enable Disable ESP_56MD5 ESP 56 bit DES with MD5 Integrity a Enable Disable ESP_40SHA1 ESP 40 bit DES with SHA1 Integrity Enable Disable ESP_40MD5 ESP 40 bit DES
84. hall not sublicense assign or otherwise disclose to any third party the Software or any information about the operation design performance or implementation of the Software and user manuals that is confidential to Nortel Networks and its licensors however Licensee may grant permission to its consultants subcontractors and agents to use the Software at Licensee s facility provided they have agreed to use the Software only in accordance with the terms of this license 3 Limited warranty Nortel Networks warrants each item of Software as delivered by Nortel Networks and properly installed and operated on Nortel Networks hardware or other equipment it is originally licensed for to function substantially as described in its accompanying user manual during its warranty period which begins on the date Software is first shipped to Licensee If any item of Software fails to so function during its warranty period as the sole remedy Nortel Networks will at its discretion provide a suitable fix patch or workaround for the problem that may be included in a future Software release Nortel Networks further warrants to Licensee that the media on which the Software is provided will be free from defects in materials and workmanship under normal use for a period of 90 days from the date Software is first shipped to Licensee Nortel Networks will replace defective media at no charge if it is returned to Nortel Networks during the warranty period along with proo
85. hapter 2 CLI Command Summary show ip access list This command displays the contents of all current IP access lists The CLI accepts names up to 50 characters long The maximum length of the CLI name is 50 characters not 64 as it is in the browser based GUI Syntax show ip access list Parameters access list The access list name Optional parameter Default None Command mode User Exec Response See the example for output from this command 311645 A Rev 00 Chapter 2 CLI Command Summary 131 Next command mode User Exec Example Q ES gt show ip access list name tandard IP access list TES permit 2 2 0 0 wildcard bits 255 255 0 0 exact Standard IP access list TEST1 deny 3 3 0 0 wildcard bits 255 255 0 0 exact n This example shows the lists of all access lists created and the contents of it Reference for the Contivity VPN Switch Command Line Interface 132 Chapter 2 CLI Command Summary show ip ospf This command displays general information about OSPF routing and the state of OSPF routing processes Syntax show ip ospf Parameters None Default None Command mode User Exec Response See the example for output from this command Next command mode User Exec Related commands show ip ospf database show ip ospf interface show ip ospf neighbor 311645 A Rev 00 Chapter 2 CLI Command Summary 133 Example CES gt show ip ospf Router id is 10 254 1 36 Ro
86. hapter 2 CLI Command Summary Comments The amount of output from this command can be substantial It is automatically paginated on display so that the user can see one page of output at a time The user can go through the output one screen at a time or quit and abandon the remainder of the output show reload This command displays information about any pending shutdowns that are scheduled on the switch This is the same information that is displayed on the Admin gt Shutdown and Status gt System Web management pages Syntax show reload Parameters None Default None Command mode User Exec Response See the example for output from this command 311645 A Rev 00 Chapter 2 CLI Command Summary 173 Next command mode User Exec Warnings No reload currently scheduled Related commands reload cancel reload reload at reload in reload no sessions Example CES gt show reload Reload scheduled in 1 hour 45 minutes Explanation Load latest software patches After shutdown Restart Current logins Enabled Reboot logins Disabled Boot drive ide0 Config file latest This example shows details about the currently scheduled reload show sessions This command displays information about the current sessions connected to the switch Reference for the Contivity VPN Switch Command Line Interface 174 Chapter 2 CLI Command Summary Syntax show branch office ipsec
87. he Software to reconstruct lost or altered files data or programs 4 Limitation of liability IN NO EVENT WILL NORTEL NETWORKS OR ITS LICENSORS BE LIABLE FOR ANY COST OF SUBSTITUTE PROCUREMENT SPECIAL INDIRECT INCIDENTAL OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES RESULTING FROM INACCURATE OR LOST DATA OR LOSS OF USE OR PROFITS ARISING OUT OF OR IN CONNECTION WITH THE PERFORMANCE OF THE SOFTWARE EVEN IF NORTEL NETWORKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN NO EVENT SHALL THE LIABILITY OF NORTEL NETWORKS RELATING TO THE SOFTWARE OR THIS AGREEMENT EXCEED THE PRICE PAID TO NORTEL NETWORKS FOR THE SOFTWARE LICENSE 5 Government licensees This provision applies to all Software and documentation acquired directly or indirectly by or on behalf of the United States Government The Software and documentation are commercial products licensed on the open market at market prices and were developed entirely at private expense and without the use of any U S Government funds The license to the U S Government is granted only with restricted rights and use duplication or disclosure by the U S Government is subject to the restrictions set forth in subparagraph c 1 of the Commercial Computer Software Restricted Rights clause of FAR 52 227 19 and the limitations set out in this license for civilian agencies and subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause of DFARS 252 227 7013 for agencies of the
88. he user can use the pagination keys to see the next screen or line in the file or to quit from the display It differs from the de facto standard in that it cannot be used to display a file on a remote file system It also does not support the ebcdic output switch that causes the file to be printed in EBCDIC mode On the switch this command is limited to files that are 10KB or smaller If the user tries to use more on a file that is larger than 10KB an error message is displayed Syntax more ascii binary file Parameters lascil Display file in ASCII binary Display file in binary file Fully qualified name of the switch file to display The name has the format diskn directory file ext where diskn is either diskO or disk1 there are zero or more directory names and there is a file name Default The default depends on the type of file If the file contains non printable characters it defaults to binary output otherwise it defaults to ASCII output You cannot print a binary file in ASCII format output If you attempt to print a binary file in ASCII output format the switch is ignored 311645 A Rev 00 Chapter 2 CLI Command Summary 87 Printable characters are characters whose character codes are in the range decimal 32 space to decimal 126 inclusive plus the characters t decimal 9 n decimal 10 and W decimal 13 Non printable characters are represented by a period in the ASCII part if the binary output for
89. hed Name order The Distinguished Name for certificates must be entered in the same order as they appear in the certificate For Example cn Joe ou My Org Unit o Some Org c US is not the same as cn Joe o Some Org ou My Org Unit c US 311645 A Rev 00 Index A acronyms 30 administrator privileges 33 arp 41 C clear arp cache 44 clear ip route 45 clear logging events 47 configure 48 console mode 49 control 52 conventions 28 conventions text 28 customer support 32 D DHCP 217 disable 54 documentation map 28 E enable 56 enable password 58 exception backup 60 exit 62 H help 64 host address 65 hostname 67 Index 221 interface management 69 ip http server 71 K kill 71 L ldap 75 ldap server 77 ldap server source 79 load 81 logging history 83 logout 85 Management IP Address 33 more 86 P ping 89 product support 32 publications hard copy 31 R reload 91 reload at 95 reload cancel 99 reload in 102 reload no sessions 106 S Serial Port 34 server backup 110 Reference for the Contivity VPN Switch Command Line Interface 222 Index server restore 113 server start 116 server stop 117 show arp 120 show exception backup 121 show file systems 124 show flash contents 125 show health 128 show ip access list 130 show ip ospf 132 show ip ospf database 134 show ip ospf interface 136 show ip ospf neighbor 138 show ip rip 140 s
90. hem can significantly impact performance of the switch Once you set these options they remain on until cleared by a subsequent show logging events command Syntax show logging events ip drops all filtered filtered none ipx drops all none Parameters ip drops all filtered none ipx drops Specify the type of dropped IP packets to track in the events log Specify that all dropped IP packets are to be tracked For each dropped packet the source and destination address are kept in the event log for display Specify that IP packets dropped due to filter rules are to be tracked For each packet dropped due to filtering the packet contents are kept in the event log for display Specify that dropped IP packets are not to be tracked Specify the type of dropped IPX packets to track in the events log Reference for the Contivity VPN Switch Command Line Interface 162 Chapter 2 CLI Command Summary Default Dropped IP and IPX packets are not tracked Command mode Privileged Exec Response See the example for output from this command Next command mode Privileged Exec Warnings If the user chooses to track dropped IP or IPX packets a confirmation is requested due to the performance impact Related commands clear logging events show logging config show logging security show logging syslog 311645 A Rev 00 Chapter 2 CLI Command Summary 163 Example CES
91. herited value which forces that attribute to inherit its value from its parent Reference for the Contivity VPN Switch Command Line Interface 204 Chapter 3 Bulk Load Command NOTE COMMAND MODIFY_BRANCHGROUP GROUP Name of existing Branch Office group to modify Required Connectivity Attributes CALL_PRI Call admission priority Low Medium High Highest FORWARD_PRI Forwarding priority Low Medium High Highest IDLE_TO Idle timeout period hh mm ss format Bandwidth Policy BW_COMMIT_RATE Committed Bandwidth Rate bps BW_EXCESS_RATE EXCESS Bandwidth Rate bps BW_EXCESS_ACTION EXCESS Rate Action Drop Mark IPSEC Attributes ESP_3SHA1 ESP Triple DES with SHA1 Integrity Enable Disable ESP_3MD5 ESP Triple DES with MD5 Integrity Enable Disable ESP_56SHA1 ESP 56 bit DES with SHA1 Integrity Enable Disable ESP_56MD5 ESP 56 bit DES with MD5 Integrity Enable Disable ESP_40SHA1 ESP 40 bit DES with SHA1 Integrity Enable Disable ESP_40MD5 ESP 40 bit DES with MD5 Integrity Enable Disable ESP_NULLSHA1 ESP NULL Authentication Only with SHA1 Integrity Enable Disable ESP_NULLMD5 ESP NULL Authentication Only with MD5 Integrity Enable Disable AH_SHA1 AH Authentication Only HMAC SHA1 Enable Disable AH_MD5 AH Authentication Only HMAC MD5 Enable Disable VEND_I
92. how ip rip database 142 show ip rip interface 144 show ip route 146 show ip route policies 149 show ip traffic 151 show ip vrrp 154 show Idap server 156 show logging config 158 show logging events 161 show logging history 165 show logging security 166 show logging syslog 169 show reload 172 show sessions 173 show version 175 snmp server contact 177 snmp server location 179 snmp server name 181 suffix remove 183 support Nortel Networks 32 T technical publications 31 technical support 32 Telnet 33 text conventions 28 trace 185 U user interface 31 311645 A Rev 00
93. i sh ee eek dad HOR E EA 77 Pee ad iain a RE arden ei aie acd hb E A EEE 77 DOW lt gt rra ER Agee scare ines chee edi akwacaghas T Command A A 77 a de edauu dicen dauwedd bu GEEET REREN RRN T7 Relaed commands cion era e A AAA RA 78 Ee 625 dista doi E dE Cae eee tinte 78 BAG OUEN sopor re EA AA 79 A perarakan a a ee Rawal ick ora a de bi dow aegiba A 79 A A thc ied say ds la 79 DOW 2xcca bees heed deeds Sake AA dees oese EP eE TRS eE doe hes 79 MIME MOS auth in bade A AAA daw dee desu 79 Nexi command MOUS sc chvke dace OL dee eee ae ARR diras da 79 PISTEQUISITOS coca ccers caren neta stera AAA A 79 A Mee Si Snes sa ot celui ata heh cee Ae oa donk OET 80 Related commands seoiunra a A SNR Ree ERE Hho EOE 80 EXA 00 A A AAA RRA er ee re ee eee 80 A A ee eins Ee a ee aa aa dente 81 o 2dcc eeetece cece tideagereeacdies deaterareagetecabasamesas 81 A eh ab eR ie GRAM ORI eERR EERE ERR De ORE eR HR 81 A aouudde beeen deen beeudadi beet arden bands 81 CUOMIMANA MOUE prado 81 311645 A Rev 00 Contents 13 Next command NOES s0oscarorror dara AAA rd HOR 81 Pro arias bread 82 Related COMMANGS sirororirrrca rara rad SER SeORESE CRS e LE RER ES 82 EXI oh Sinan tes whee eee id Pine Uae lee 82 LOGO MO cuicos ria ricerca aia ria 83 O 83 A A a de he EE O AO 83 DEMI us cinta BESS ira ARA A 83 GOMA MOS 150000 daier iad arar 84 Next command MORO cscsrccariida rra a 84 WANS cerati tras ARA ARA AAA AAA 84 RASO OVINOS sidra dl de A i alae d
94. ine Interface 118 Chapter 2 CLI Command Summary Syntax server stop Parameters None Default None Command mode LDAP server configuration Response The switch outputs a confirmation message when the LDAP server has stopped Next command mode LDAP server configuration Prerequisites The internal LDAP server must be running Warnings The LDAP server is already stopped 311645 A Rev 00 Related commands ldap server internal server backup server restore server start Example C ES config ldap server internal Router config ldap server stop The LDAP server has stopped Router config 1dap exit Chapter 2 CLI Command Summary 119 This example shows the internal LDAP server being stopped Comments Once the internal LDAP server has been stopped the switch will not allow further login attempts to the switch because it cannot validate the user credentials Reference for the Contivity VPN Switch Command Line Interface 120 Chapter 2 CLI Command Summary show arp This command displays the entries in the ARP table Syntax show arp Parameters None Default None Command mode Privileged Exec Next command mode Privileged Exec Related commands clear arp cache Example CES show arp LINK LEVEL ARP TABLE destination gateway flags Refcn Us Interfac 311645 A Rev 00 Chapter 2 CLI Command Summary 121 show exception backup This command
95. ing level back to alerts for future messages Default Defaults to a logging level of alerts The default logging history command sets the level to errors for future messages Reference for the Contivity VPN Switch Command Line Interface 84 Chapter 2 CLI Command Summary Command mode Global configuration Next command mode Global configuration Warnings Does not agree with syslog forwarding settings Related commands show logging history logging facility syslog show logging syslog Example CES config logging history errors This command sets the system logging on the switch to store emergency alert critical and error condition messages in the system log 311645 A Rev 00 Chapter 2 CLI Command Summary 85 logout This is a mini CLI command to allow emulation of CLI commands available in earlier versions of the switch software This command logs the administrator off the switch and terminates the Telnet session It is equivalent to using the exit command in User Exec mode Syntax logout Parameters None Command mode Global configuration Next command mode Global configuration Related commands exit Example CES config logout This example disconnects the session Reference for the Contivity VPN Switch Command Line Interface 86 Chapter 2 CLI Command Summary more This command displays a readable file on the switch The file is displayed on Telnet screen at a time T
96. is example shows the state of RIP and the associated status information Reference for the Contivity VPN Switch Command Line Interface 142 Chapter 2 CLI Command Summary show ip rip database This command provides information related to the RIP database for the switch It also delivers information about routes owned and imported by RIP Syntax show ip rip database Parameters None Default None Command mode User Exec Response See the example for output from this command 311645 A Rev 00 Next command mode User Exec Related commands show ip rip show ip rip interface show ip rip database Example CES gt show ip rip database Chapter 2 CLI Command Summary 143 Table 6 Circuit Address Mask Owner Cost Metric GW 1 192 32 0 0 255 255 0 0 RIP 5 5 10 0 234 230 1 192 168 0 0 255 255 0 0 RIP 5 5 10 0 234 230 1 9 1 10 18 255 255 255 255 RIP 5 5 10 0 234 230 This example shows routes owned by an RIP database Reference for the Contivity VPN Switch Command Line Interface 144 Chapter 2 CLI Command Summary show ip rip interface This command displays information about interfaces that are configured for RIP routing Syntax show ip rip interface Parameters None Default None Command mode User Exec Response See the example for output from this command Next command mode User Exec Related commands show ip rip show ip rip database sh
97. isable Turn off privileged commands enable Turn on privileged commands exit Exit the Telnet session reload Stop and perform a cold restart These examples show the default console mode setting and how setting the console mode to restricted forces the user back to Privileged Exec mode and limits the available CLI commands Reference for the Contivity VPN Switch Command Line Interface 52 Chapter 2 CLI Command Summary control This command allows emulation of CLI commands available in earlier versions of the switch software This command allows the administrator to create or delete control tunnels and to display the currently existing control tunnels Control tunnels provide a secure means to manage the switch Syntax control help create delete show Parameters help If present the control command is not Executed but some Help about the command is displayed create Create control tunnels delete Delete control tunnels show Display the current control tunnels Command mode Global configuration Next command mode Global configuration Related commands None 311645 A Rev 00 Chapter 2 CLI Command Summary 53 Examples CES config control Help delete CES config control create CES config control show Reference for the Contivity VPN Switch Command Line Interface 54 Chapter 2 CLI Command Summary disable This command makes the CLI parser exit from Privileged Exec mode
98. kets use when traveling to their destination It is commonly used as a diagnostic command traceroute on most systems The trace command does not recognize DNS names with hyphens Syntax trace ip host address hops number wait timeout Parameters host The trace packets to the system identified by this host name address The trace packets to the system identified by this dotted IP address hops number Specify the maximum hops wait timeout Specify the wait timeout in seconds Default The wait timeout defaults to 5 seconds The maximum hops defaults to 30 Command mode User Exec Next command mode User Exec Reference for the Contivity VPN Switch Command Line Interface 186 Chapter 2 CLI Command Summary Warnings If the system cannot map an address for a host name it returns an Unknown Host error message Related commands ping host address Example CES gt trace 208 216 182 15 Tracing the route to amazon com 208 216 182 15 router a fred corp com 195 120 1 6 1000 msec 8 msec 4 msec filter 1 jane fred com 195 120 16 2 8 msec 8 msec 8 msec core2 seattle cw net 204 70 9 120 8 msec 4 msec 4 msec internap seattle cw net 204 70 233 6 8 msec 8 msec 8 msec amazon com 208 216 182 15 216 msec 120 msec 132 msec Ds 0 NP CES gt trace badaddress com trace unknown host baddaddress com The examples show a successful trace command and an attempt to trace the path to
99. layed The month for which the security log is to be displayed The year for which the security log is to be displayed A four digit value Display normal events including user and system interactions that indicate switch activity Display events that an administrator should be aware of immediately In the output these events are marked with an asterisk Could indicate potential security or access problems Also display normal events Display events for use of Nortel Networks support personnel Also display normal and urgent events Display events for use of Nortel Networks support personnel used for troubleshooting the switch Includes every event that the switch generates In addition display detailed normal and urgent events The date value defaults to today If the year portion of the date is omitted it defaults to the current year The display level defaults to normal Command mode Privileged Exec Reference for the Contivity VPN Switch Command Line Interface 168 Chapter 2 CLI Command Summary CES show 093 54 09 54 09 54 11505 09 11 05 EOS 05 113263 226 11 26 26 26 11 48 48 11 548x 48 48 12 03 2 04 12 04 2 04 12 04 2 18 2518 12 19 Zo LO Response See the example below for output from this command Next command mode Privileged Exec Related commands show logging config show logging events show logging syslog Example logging
100. m maintenance Reason is to Upgrade software The user must press CR or any subset of the string yes to confirm that they want the reload to proceed Comments After a successful reload command the switch will reboot in approximately 10 seconds For most Telnet client software the reboot will cause the Telnet client to close the connection to the switch If there are any outstanding reboot commands they will be canceled There can only be one reboot scheduled at any time 311645 A Rev 00 Chapter 2 CLI Command Summary 95 reload at This command sets a time in the future at which the switch will reboot Options can be specified to determine whether the switch turns off or reboots which configuration to use after a reboot and other settings The user is prompted to confirm that they want to continue with the reload If they say yes and if the reload command is valid the system reload will start at the specified time Syntax reload at hh mm power off restart boot safe boot normal boot drive ide0O idel config file latest factory config name disable logins disable after restart text Parameters hh mm The time at which the shutdown will commence Values are based on a 24 hour clock If this time has already passed today then the reload will occur at this time tomorrow power off If present the switch will power down after it has completed shutdown restart If present the switch restar
101. mMMalY o cooooooncorcancainna rca 41 AID creek added AAA ANA AAA KO 41 O lt cccimeetidnce ghee eusedeeeusecdbeeteeeerdeeteeeaeeeeadeeeae 41 Parmele arar de das ls ia ee aa 41 O A E aka hades 41 a A dds teeen dad bd Shee edd bee eee aes Se 41 Next command MODE o cia a dc a a A Meee de hee ek lila de 42 Relies COMMANGS sio rindo 42 PUIG MIG aio d ccc ee dancer r et brad pe CRORES eee E ede EE ORE REARS 43 Ole aaea satan ene a eu een nea aaa Eee 43 Reference for the Contivity VPN Switch Command Line Interface 8 Contents A A 43 A A A E E EE E E AN T EEEE EE AET EE T 43 CUADO MOUE roce raro cada AD A 43 Next command MOTO o inn ova a eae a a 43 Related commands 2ccedeeeeadeahakecadeadabesadsed saeeeadeetdnneas 43 BRAINS cr FOALS E LR A LYRA EDERE SIAR HELS HERR KS 43 a A ote tinea ed A de Deere Ae a 44 A Eee rare Eaa CREE Chee eRe E dees ee 44 PAM 26 849 SSSR AAA SORES DAE COREG SHS eI SRG RE 44 DOAN ccm eile cece tbaden Bade ENIAN ROE peris 44 COMON MMOS i dctacer ere E 44 PE UIT AN TRE soii i li A idm dea cion de i bd 44 Redated COMManas seria ria A dada 44 Car Pe AAA Ee Paha ped HAE RUSE ee Rete eR KS 45 o a pei oe at SAI hk ein ad Goku a ade Ae eNO aaa eke a em 45 Panels sche ot ceea eee AREER AGES 2 SSRE DEER CASERA KORDA EERE 45 A A A ehaes 45 Command Mode saciar dd dida 45 Neki GCOMMANG MODO 232067 ca A A AAA AAA 45 AMINO ic a e rd iia e anal do 45 Related COMMA OS xc hc ince RHEE ERR TEERS ARES AAR RES TEER PARES
102. maintenance Reason is to Backup LDAP database The reload is then canceled and the resulting output shows the original reload command Reference for the Contivity VPN Switch Command Line Interface 102 Chapter 2 CLI Command Summary reload in This command sets a timer that causes the switch to reboot after a certain time has passed Options can be specified to determine whether the switch turns off or reboots which configuration to use after a reboot and other settings The user is prompted to confirm that they want to continue with the reload If they say yes and if the reload command is valid the system reload will start at the specified time Syntax reload in hh mm power off restart boot safe boot normal boot drive ide0 ide1 config file latest factory config name disable logins disable after restart text Parameters hh mm The hours and minutes that must pass before the shutdown will start The allowed range is 00 01 to 24 00 power off If present the switch will power down after it has completed shutdown restart If present the switch restarts after it has completed shutdown boot safe If present switch restarts in safe boot mode boot normal If present switch restarts in normal boot mode boot drive Specify the drive from which the switch will reboot ideOlide1 Disk drive from which that bootable image will be loaded config file Specify which configuration should be used after a
103. mat Command mode Privileged Exec Next command mode Privileged Exec Warnings File not found Cannot display a file that is larger that 10KB Reference for the Contivity VPN Switch Command Line Interface 88 Chapter 2 CLI Command Summary Example CES more disk0 system config CFG01022 DAT AccessLst abc AccessLst abc Name abc AccessLst abc Rule 11 4 1 6 1 1 1 1 DENY AccessLst abc Rule 1 DENY Key 11 4 1 6 1 1 1 1 DENY AccessLst abc Rule 1 DENY Protocol IP AccessLst abc Rule 1 DENY SourceAddr 11 4 1 6 AccessLst abc Rule 1 DENY SourceWildcard 1 1 1 1 AccessLst abc Rule abdguiwfeh 255 255 0 0 Permit AccessLst abc Rule abdguiwfeh 255 255 0 0 Permit Action PERMIT AccessLst abc Rule abdguiwfeh 255 255 0 0 Permit Key abdguiwfeh 255 255 0 0 Permit AccessLst abc Rule abdguiwfeh 255 255 0 0 Permit SourceWildcard 255 255 0 0 AccessLst abc Rule 2 0 0 0 255 0 0 Permit AccessLst abc Rule 2 0 0 0 255 0 0 Permit Action PERMIT AccessLst abc Rule 2 0 0 0 255 0 0 Permit Key 2 0 0 0 255 0 0 Permit AccessLst abc Rule 2 0 0 0 255 0 0 Permit SourceAddr 2 0 0 0 AccessLst bar AccessLst bar Name bar AccessLst bar Rule 1 2 0 0 255 255 0 0 0 AccessLst bar Rule 1 2 0 0 255 255 0 0 0 Key 1 2 0 0 255 255 0 0 0 bere ES ber DIDO ber beer les legal led Soo des CES CES more binary disk0 system config CFG01022 DAT
104. minUid changed from admin to sysadmin by use 09 54 31 tSerialConfig 0 Flash AdminPassword changed by user 09 54 31 tSerialConfig 0 DirBackup PrimaryHost changed from 11 33 55 66 to 11 09 54 31 tSerialConfig 0 DirBackup PrimaryUsername changed from bernard to sys 09 54 50 tObjMgr 0 ObjMgrCls WriteConfigFile new configuration file config CFG This example shows the output from the configuration log with the urgent messages displayed followed by example where the normal messages are displayed Comments The amount of output from this command can be substantial It is automatically paginated on display so that the user can see one page of output at a time The user can go through the output one screen at a time or quit and abandon the remainder of the output 311645 A Rev 00 Chapter 2 CLI Command Summary 161 show logging events This command displays the contents of the event log The event log is a detailed recording of all events that take place on the system The event log is maintained in switch memory with significant events being saved in the system log and written to disk The event log retains approximately 2000 entries and discards old entries when it is refreshed This command also allows the administrator to log details about packets that have been dropped by the switch including packets that are dropped due to filtering rules These options should only be used for troubleshooting as using t
105. mote an existing automatic backup server COMMAND DELETE_FTPSERVER FTP_SERVER Existing FTP Server 1 2 3 Required END SYSLOG forwarding Two bulk load commands are available to configure the syslog forwarding feature ADD_SYSLOG DELE H E_SYSLOG 311645 A Rev 00 Chapter 3 Bulk Load Command 215 The ADD_SYSLOG command is used to setup a system log forwarding server COMMAND ADD_SYSLOG SLOG_IP Host IP address Required SLOG_MSGLEVEL Urgent Normal Detailed All Default Normal SLOG_FACILITY Syslog Facility KERN LOCAL 0 7 Default KERN SLOG_PORT Syslog port Default 514 SLOG_ENABLE Enable Syslog Server Default Enable SLOG_SERVER Syslog Server 1 2 3 4 Default 1 END The DELETE_SYSLOG command is used to remove an existing system log forwarding server COMMAND DELETE_SYSLOG SLOG_SERVER Existing Syslog Server 1 2 3 4 Required END SNMP Three bulk load commands are used to configure SNMP ADD_SNMPHOST DELETE_SNMPHOST and CONFIG_TRAP The ADD_SNMPHOST command is used to add and configure either SNMP Get or Trap hosts COMMAND ADD_SNMPHOST SNMP_TYPE Get Trap Required SNMP_IP SNMP host IP address Required Reference for the Contivity VPN Switch Command Line Interface 216 Chapter 3 Bulk Load Command SNM
106. n 1 length PLL count 15 Contivity1510D 00 E0 7B 00 0D 30 12192 feature keys Maximum Ethernet ports 2 Maximum T 1 ports 1 Maximum T 3 ports 0 Allow PPTP tunnels True Allow L2F tunnels True Allow L2TP tunnels True Allow IPsec tunnels True Allow QoS internal True Allow QoS admission True Allow RSVP True Allow RADIUS authentication True Allow LDAP authentication True Allow NT Domain authentication True Allow RSA encryption True Allow SSL True Allow X 509 certificates True Allow RADIUS accounting True CPU clock rate 400 MHz CPU cache size 0 KB Number of CPUs supported 1 Allow IPX True Allow NA rue Allow FW 1 True Require FW 1 False Firewall Disabled Maximum Hifn 7751 Accelerators 0 FIPS Mode Allow Safe Mode Boot False feature mask Flash Revision 1 key length Boot Device maximum concurrent sessions 128 ide0 False 100 Reference for the Contivity VPN Switch Command Line Interface 128 Chapter 2 CLI Command Summary system IP address 10 211 4 42 system IP netmask 255 255 0 0 system default gateway 10 0 0 10 checksum 56091 This example shows the flash settings for a Contivity VPN Switch1510D The output differs depending on the type of switch being using show health This command displays information about the overall health of the switch It allows the administrator to check on areas that may cause problems
107. n mode commands are allowed setting the switch into a restricted mode causes the CLI to return to Privileged Exec mode on the Telnet session where the command is issued Other Telnet sessions will not be forced back to Privileged Exec mode but they will only support the above CLI command set The switch can be set back to an unrestricted mode on the System gt Settings Web management page Syntax console mode restricted1 restricted2 show Reference for the Contivity VPN Switch Command Line Interface 50 Chapter 2 CLI Command Summary Parameters restricted 1 restricted2 show Default The system boots in unrestricted mode where all commands are enabled The system reset and reload commands to change the IP interface address and mask are enabled Only the system reload commands are enabled The reload command in the CLI only supports the boot safe and boot normal parameters Display the current console mode setting Command mode Global configuration Next command mode Global configuration console mode show or Privileged Exec Related commands reload reload at reload in reload no sessions Examples CES config Hconsole mode show CONSOLE MODE is set to UNR ESTRICTE 311645 A Rev 00 Chapter 2 CLI Command Summary 51 CES config console mode restricted1 CONSOLE MODE has been set to RESTRICTED CES Exec commands d
108. nce for the Contivity VPN Switch Command Line Interface 4 Reglement sur le brouillage radio lectrique du ministere des Communications Cet appareil num rique Contivity Extranet Switch respecte les limites de bruits radio lectriques visant les appareils num riques de classe A prescrites dans le R glement sur le brouillage radio lectrique du minist re des Communications du Canada Nortel Networks NA Inc Software License Agreement NOTICE Please carefully read this license agreement before copying or using the accompanying software or installing the hardware unit with pre enabled software each of which is referred to as Software in this Agreement BY COPYING OR USING THE SOFTWARE YOU ACCEPT ALL OF THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT THE TERMS EXPRESSED IN THIS AGREEMENT ARE THE ONLY TERMS UNDER WHICH NORTEL NETWORKS WILL PERMIT YOU TO USE THE SOFTWARE If you do not accept these terms and conditions return the product unused and in the original shipping container within 30 days of purchase to obtain a credit for the full purchase price 1 License grant Nortel Networks NA Inc Nortel Networks grants the end user of the Software Licensee a personal nonexclusive nontransferable license a to use the Software either on a single computer or if applicable on a single authorized device identified by host ID for which it was originally acquired b to copy the Software solely for backup purposes in
109. nceled There can be only be one reboot scheduled at any time 311645 A Rev 00 Chapter 2 CLI Command Summary 99 reload cancel This command cancels any pending reload command There can only be one pending reload at any given time When a reload has been canceled the details for the pending reload are displayed Syntax reload cancel Parameters None Default None Command mode Privileged Exec Response The command will output a message giving details about the type of reload command that was canceled Reference for the Contivity VPN Switch Command Line Interface 100 Chapter 2 CLI Command Summary Next command mode Privileged ExecPrerequisites A reload must already have been scheduled Warnings No currently scheduled reload operation Related commands reload reload at reload in reload no sessions show reload 311645 A Rev 00 Chapter 2 CLI Command Summary 101 Example CES reload at 22 00 restart boot drive ideO disable after restart Backup LDAP database CES reload cancel Reload Scheduled Shutdown at 22 00 00 has been canceled Reload Explanation Backup LDAP database After Shutdown Restart Disable New Logins No Disable Logins after Restart Yes Boot Mode Normal Config File latest Boot Drive ide0 This example schedules a reload command that would reboot the switch from ideO using the latest configuration and disabling logins after the reboot to allow for system
110. nd Access Mode Prompt Access User Exec Mode CES gt Login via Telnet with administrator name and password Privileged Exec Mode CES Enter the command enable at the User Exec Mode prompt Global Config Mode CES config Enter the command configure terminal at the Privileged Exec Mode prompt User Exec Mode This is the initial command mode when the administrator first establishes a Telnet connection to the switch It is also called Exec mode This is a limited display mode You cannot modify configuration parameters or view the configuration file User Exec Mode prompt CES gt User Exec Mode commands The following table summarizes the User Exec Mode commands Table 2 User Exec Mode Commands Command Description clear ip route Remove a route from the route table enable Enable privileged commands exit Exit the Telnet session help Display message about using help ping Send ping message to a destination show file systems List available file systems show flash contents Display flash settings Reference for the Contivity VPN Switch Command Line Interface 36 Chapter 1 Introduction Table 2 User Exec Mode Commands Command Description show ip access list show ip ospf Display IP access lists Display IP OSPF routing details show ip ospf database Display IP OSPF database summary show ip ospf interface sho
111. ngs are for the slave 2 LDAP server The port number that connects to the LDAP server The port number to connect to the LDAP server when using SSL In addition the SSL encryption settings must be se The port number to connect to on the LDAP server If present the distinguished name used to connect to the LDAP server Reference for the Contivity VPN Switch Command Line Interface 66 Chapter 2 CLI Command Summary bind_dn value The bind distinguished name DN used to connect to the LDAP server This is the equivalent of a user ID for an LDAP server It can be omitted for an LDAP server that allows anonymous access bind password A password must be used during connection to the FTP server Default Defaults to a non SSL connection made to port 389 If ssl port is specified without providing a port number value the SSL connection attempt is made to port 636 Command mode Global configuration Next command mode Global configuration Prerequisites None Related commands Idap server show Idap server Example See the example for the Idap server command 311645 A Rev 00 Chapter 2 CLI Command Summary 67 hostname This command allows the administrator to specify the DNS host name for the switch This name should correspond to the name in the DNS server to identify the management address of the switch that is located on the private network Syntax hostname string Parameters string The DNS name to
112. nly one of the choices Do not type the vertical line when entering the command Example If the command syntax is show ip alerts routes you enter either show ip alerts or show ip routes but not both Reference for the Contivity VPN Switch Command Line Interface 30 Preface Acronyms This guide uses the following acronyms AUI BootP BRI CSMA CD DLCMI HDLC IP ISDN ISO ITU T MAC MAU MDI X NBMA OSPF PPP SMDS SNMP STP TPE attachment unit interface Bootstrap Protocol basic rate interface catrier sense multiple access collision detection Data Link Control Management Interface High level Data Link Control Internet Protocol Integrated Services Digital Network International Organization for Standardization International Telecommunication Union Telecommunication Standardization Sector formerly CCITT media accountants control media access unit medium dependent interface crossover nonbroadcast multi access Open Shortest Path First Point to Point Protocol Switched Multimegabit Data Service Simple Network Management Protocol shielded twisted pair twisted pair Ethernet 311645 A Rev 00 Preface 31 Hard copy technical manuals You can print selected technical manuals and release notes free directly from the Internet Go to the www25 nortelnetworks com library tpubs URL Find the product for which you need documentation Then locate the specific category and model or version for
113. ns where there is more than one option You must choose only one of the options Do not type the braces when entering the command Example If the command syntax is show ip alerts routes you must enter either show ip alertsorshow ip routes but not both 311645 A Rev 00 brackets ellipsis points italic text plain Courier text separator gt vertical line Preface 29 Indicate optional elements in syntax descriptions Do not type the brackets when entering the command Example If the command syntax is show ip interface alerts you can enter either show ip interface or show ip interface alerts Indicate that you repeat the last element of the command as needed Example If the command syntax is ethernet 2 1 lt parameter gt lt value gt you enter ethernet 2 1 and as many parameter value pairs as needed Indicates new terms book titles and variables in command syntax descriptions Where a variable is two or more words the words are connected by an underscore Example If the command syntax is show at lt valid_route gt valid_route is one variable and you substitute one value for it Indicates command syntax and system output for example prompts and system messages Example Set Trap Monitor Filters Shows menu paths Example Protocols gt IP identifies the IP option on the Protocols menu Separates choices for command keywords and arguments Enter o
114. nts of the LDAP database and other settings are still maintained Name of previously saved configuration to use on reboot No more logins should be permitted before the reboot occurs disable after restartLogins should not be permitted after the reboot This is text Default intended to support system maintenance tasks after a reboot If present this explains the reason for a reload command This reason will be displayed on the Admin gt Shutdown and Status gt System Web management pages If the value for the text parameter contains spaces 1t may be enclosed in double quotes so that it has a single parameter value The default settings for this command are determined by any previous reload command For the first reload command the following defaults apply restart boot drive ideO config file latest Command mode Privileged Exec Next command mode Privileged Exec Reference for the Contivity VPN Switch Command Line Interface 108 Chapter 2 CLI Command Summary Prerequisites A named configuration file can only be used after it has been created Warnings Any warnings cause the command to fail The user must reenter the command after correcting the parameters in error Configuration file does not exist Related commands reload reload cancel reload at reload in show reload 311645 A Rev 00 Chapter 2 CLI Command Summary 109 Example CES reload no sessions restart disable logins Reload
115. o EALE TIA TSS E TERES TEENE EE LEAST E EEEREN 174 PAAR veritas r Re A LAR A A SPRL SERS AS wos 174 O case E EEE E FEE S fae Sle Beeld ees a eh ee nee sed dae 174 CURAN MOTE cope Sees est POSH a tated bees 174 POSTON S ini AA e A A AA A 175 Next command MOUE icnaccariina rra ara 175 Pehed commands socararatsata anar dei AE AA 175 E ARN aetna A ce accede ta ade athe beatae a e a 175 SO VISION ch Gest aerawhacaudernedecud ed dddeidadsseumedded ebaks 175 SUI oia a 175 PARAMS a a RE ad ad E A de 175 DEUI lt gt iria iar ee Gia chess aa aa ES 176 Command Mode A A eee da ed OoEwEaRR ROARS p a 176 Next command MOUE ccsiecwnde as A dub eee dos 176 Relaed commands scrisori eee A dhe EE Re beh eR Teed FeeR 176 EL ee cy on un adieaie de Seal aera ao ache esis ae Bsr nae ae ees 176 BHIMNP SS Ver CONS sc ccc chad Ra EAE eR TATRA LES AHRES CERES AAA 177 LN 1d ere ard a bard Raye wide A aoe tank de AR ei 177 A r a a a a A a a ied ie a a eel 177 DIET cid 177 COMMA MOTE adorada ad a 177 Nexi command MORO yc duke dace diana rra 177 VANIS cineca rats ra A AA AR A A 178 ae A O sa hn ge laced a a 178 BeOS icc ieaurn EE NEE EET TE heuer eae eee ae TEES 178 SNe Sever OCHO sii 179 o tet AE E cet 2 ad oneal A deta aap arg Eaten AA EAE EEE E 179 PAAMGIONS caccicdr oa cesar adiadeeear dee eereececeagesacakanee bar 179 A seb aie ager Shea PPR Loe GWA PR AI 179 Command made 63 cccaidueaunechadedassddd bedded E E 179 Next COMMANG Made cerca ira de ewd a ai a deen 17
116. ocal service Enable Disable PING_SVC Ping local service Enable Disable RADIUS_SVC Radius local service Enable Disable FIREWALL SVC Firewall local service Enable Disable FTP_SVR FTP remote server Enable Disable DHCP_SVR DHCP remote server Enable Disable RADIUS_SVR Radius remote server Enable Disable DNS_SVR DNS remote server Enable Disable END The DELETE_FILTER command allows for the deletion of an existing filter COMMAND DELETE_FILTER T FILT_NAME Filter nam Required END Reference for the Contivity VPN Switch Command Line Interface 212 Chapter 3 Bulk Load Command The ADD_RULE command allows an existing rule to be added to an existing filter COMMAND ADD_RULI El FILT_ NAME Filter nam Required RULE_NAME Rule nam Required END The CREATE_RULE command allows for the creation of a new rule definition COMMAND CREATE_RULE RULE_NAME Rule nam Required ADDR_NAME Address Name Default Any ACTION Rule action Permit Deny Default Deny DIRECTION Direction Inbound Outbound Default Inboundl PROTOCOL Protocol Name Default Ip SRC_PORT Source Port Name Default Anyl U EST_PORT Destination Port Name Default Any END The DELETE_RULE command deletes an existing rule definition This command will fail 1f the rule
117. oe di dd 84 EMS criada rre 84 LOGO eis EIA A TR ARANA A EEA 85 IS teh odpm E di rea add Gut a a eee eee 85 PAME 22552 cat 6i Aeon ce Pika e A deen chee ei AAA AREA 85 Commmand MOS cipreses iedhoes 85 Next command MOUS ecards a da 85 Relled commands occa ca cu x aer A AAA ARE 85 EXIME dra dra de E in Be ee 85 MO a arriero e EE E ERA AATA EEEE TAT 86 UTN estira rara e A RR de 86 A deal Indl a ie av ac aes Acca be ena dees cba ied isa das pe eo 86 DAU ee eee eee ee eee ee eee eee eee Oe eee AAA AD 86 SORIA MOTE dd A AAA daw dee deen 87 Nexi command MOUS c judo kaa Odean ds Enr ceded AES a 87 WANS 2c or cai ar AA AA ARAS 87 A em E P T AE S TO E Pn er ea T 88 PINE a AE eee es 89 A Ast nbeeod bento dee higeay sods dade baa eee e Peds Pde eee ae 89 N ae adora Sec de che Br Need ed Scans e Age pe Ae eas a dc ct AR A ho ews 89 DOW cacctnteitanoate bas dade heer cteeaeeeeteraagebacakanaesade 89 Command Mode 5 455 c4dar oer wpb ad a i rara 89 fs AA dubuieecleate ded eu dakss 89 ptes dpi qlo 2c ceakd debe eR EPS OL RRREE RLU a eha CERRO ARERR ARETE R EER SS 90 Reference for the Contivity VPN Switch Command Line Interface 14 Contents Related commands eirsirrrraio ari AA 90 ele a ee re ee eee ee ee ee ee ETETE eee 90 o ee ee eee eee es ee ee eee eee ee eee ee eee ae ee eee ee ee ee ee ee ee 91 UM ida rv snag aa ae AD A aes Sino a e ag lg ae deca 91 CAICOS casicadeteineun danita arrastrarla barri 91 A A O ets 92 As A nyd ada A ga AD Aa
118. omputer software the rights of the United States Government regarding its use reproduction and disclosure are as set forth in the Commercial Computer Software Restricted Rights clause at FAR 52 227 19 Statement of Conditions In the interest of improving internal design operational function and or reliability Nortel Networks NA Inc reserves the right to make changes to the products described in this document without notice Nortel Networks NA Inc does not assume any liability that may occur due to the use or application of the product s or circuit layout s described herein Portions of the code in this software product may be Copyright 1988 Regents of the University of California All rights reserved Redistribution and use in source and binary forms of such portions are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation advertising materials and other materials related to such distribution and use acknowledge that such portions of the software were developed by the University of California Berkeley The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICUL
119. ow ip rip interface 311645 A Rev 00 Chapter 2 CLI Command Summary 145 Example CES gt show ip rip interface Ip 10 0 15 146 Subnet 255 255 0 0 RipEnabled Yes IntfState UP Auth None Type ETH Cid 1 RxMode V2 TxMode V2 PoisonRev Enabled ImpDRoute Disabled ExpTSMetric 1 ExpSMetric 1 ExpDMetric 0 ExpOspfMetric 0 This example shows the state of the configured interface Reference for the Contivity VPN Switch Command Line Interface 146 Chapter 2 CLI Command Summary show ip route This command displays the current contents of the RTM routing table Each line of the output has the following format P TT a a a a n ad rm via nh nh nh nh d hh mm ss CircId nFormat CodeUsage P Authoring protocol TT Type a a a a Address n Number of bits in the network mask ad Administrative distance route preference rm Route metric nh nh nh nh Next hop address 311645 A Rev 00 Chapter 2 CLI Command Summary 147 The meaning of the authoring protocol codes shown for each line of the output is shown below Table 7 Code Meaning BBGP Derived D Direct OOSPF Derived RRIP Derived S Static IAOSPF inter area route E1OSPF external type 1 route E20SPF external type 2 route Syntax show ip route address mask Parameters If no parameters are specified all of the current contents are displayed address Display a specific host a a a a mask Display a sp
120. p server start Router config 1dap exit This example shows the internal LDAP server being stopped and the contents being restored from the LDIF file called jan031999 After the restore has completed the LDAP server is started again Reference for the Contivity VPN Switch Command Line Interface 116 Chapter 2 CLI Command Summary server start This command starts the internal switch LDAP server after it has been stopped Syntax server start Parameters None Default None Command mode LDAP server configuration Response The switch outputs a confirmation message once the LDAP server has been restarted Next command mode LDAP server configuration Prerequisites The internal LDAP server must have been previously stopped 311645 A Rev 00 Chapter 2 CLI Command Summary 117 Warnings The LDAP server is already started Cannot start LDAP server backup in progress Cannot start LDAP server restore in progress Related commands ldap server internal server backup server restore server stop Example CES config ldap server internal Router config ldap server start The LDAP server has started Router config 1dap exit This example shows the internal LDAP server being started Comments For a large LDAP database the start command can take some time to complete server stop This command stops the internal switch LDAP server Reference for the Contivity VPN Switch Command L
121. pe Email DNS IP Required with certificates and IPSEC_ALTNAME IPSEC_ISSUERCA Issuer certificate authority Required with certificates SERVER_CERT Server Certificate Default Inherit from group RESTRICTED Control User Tunnel True False Default False END Reference for the Contivity VPN Switch Command Line Interface 194 Chapter 3 Bulk Load Command Delete User The DELETE_USER command is used to delete a specified user record from the database You must include a user name and if you do not specify a group then the Base group is assumed COMMAND DELETE_USER GROUP Group name NAME User nam Required END Add Group The ADD_GROUP command is used to add a group to the switch database COMMAND ADD_GROUP GROUP Group name Required END Modify Group The MODIFY_GROUP command is used to modify existing user groups Any set of these attributes may be included in this command Any attribute not specified will inherit the value from its parent group Note All attributes accept the inherited value which for switch that attribute to inherit the values of its parent 311645 A Rev 00 Chapter 3 COMMAND MODIFY_GROUP GROUP Group name Required Connectivity Attributes FILT_NAME Name of existing filter Bulk Load Command 195 CALL_PRI Call admission priority Low Medium Hi
122. r the command after correcting the parameters in error Configuration file does not exist Related commands reload reload cancel reload at reload no sessions show reload 311645 A Rev 00 Chapter 2 CLI Command Summary 105 Example CES reload in 8 00 restart boot drive idel power off disable logins Reload Scheduled Shutdown in 480 minutes Reload Explanation Scheduled Shutdown in 480 minutes After Shutdown Powerdown Disable New Logins Yes Disable Logins after Restart No Boot Mode Normal Config File latest Boot Drive idel Proceed with reload confirm y This example command powers down the switch in eight hours time When the switch is powered up again it will reboot from idel Further logins are disabled until the switch has rebooted Comments After a successful reload in command the switch will reboot after the time specified has elapsed For most Telnet client software the reboot will cause the Telnet client to close the connection to the switch If there are any outstanding reboot commands they will be canceled There can be only be one reboot scheduled at any time Reference for the Contivity VPN Switch Command Line Interface 106 Chapter 2 CLI Command Summary reload no sessions This command causes the switch to reboot after there are no further logins The reboot will start after all tunnels into the box and all management sessions Telnet Web etc have been closed
123. red ASK New subnet mask Required END Three bulk load commands are used to configure NAT settings CREATE_NAT DELETE_NAT and MODIFY_NAT Reference for the Contivity VPN Switch Command Line Interface 208 Chapter 3 Bulk Load Command The CREATE_NAT command is used to create a new NAT set COMMAND CREATE_NAT NAT_NAME Name of new NAT set Required NAT_TYPE Translation Type Static Pooled Port Required IN_START_IP Internal starting IP address Required IN_END_IP Internal ending IP address Required EX_START_IP External starting IP address Required EX_END_IP External ending IP address Required for Pooled NAT type END The DELETE_NAT command is used to delete an existing NAT set COMMAND DELETE_NAT NAT_NAME Name of existing NAT set to delete Required END 311645 A Rev 00 Chapter 3 Bulk Load Command 209 The MODIFY_NAT command is used to add a new rule to an existing NAT set COMMAND MODIFY_NAT NAT_NA E Name of existing NAT set to modify Required NAT_TYPE E Translation Type Static Pooled Port Required IN_START_IP Internal starting IP address Required IN_END_IP Internal ending IP address Required EX_START_IP External starting IP address Required EX_END_IP External ending IP address Required for Pooled NAT type EN
124. rom user Exec mode back to privileged Exec mode The administrator then changes the enable password and enters an incorrect one three times The last example shows the error message displayed when the administrator tries to reuse the existing password Reference for the Contivity VPN Switch Command Line Interface 60 Chapter 2 CLI Command Summary exception backup This command allows the administrator to define backup FTP servers for the Contivity VPN Switch A backup FTP server receives a copy of the LDAP database configuration file and other system files that have changed since the last backup A switch supports up to three backup FTP servers Syntax exception backup 1 2 3 backup ip add backup filepath interval hours username user_name password userpassword no exception backup 1 2 3 default exception backup Parameters 11213 backup_ip_add backup_file_path hours user_name user_password Default The number of backup FTP servers being modified defined undefined The IP address for backup server If present specifies the file path on the backup server where the files should be written The time interval in hours between backups range is 1 to 8064 hours The user name that the switch uses to establish the FTP connection to the backup server The user password that the switch uses to establish the FTP connection to the backup server Defaults to 5 hours if the interval is omitted
125. rra ARA E E a 134 US y ci da da a a a aid 134 sl e ceded weed Feead dese S Hohe eS ee GRSe e 134 Dea x4 AT RRA eR AR Ok REE PON te MSS eee 134 Command ModE 05 oe clita eaiee cha taeeaekaees eS hae eeds cme eRe 134 Responso ee ee eee 134 PE OCT NG MOOG acc ade Gk de gs ale eda eee ed a le ea ie ated 134 Related commands sonia A AE ADEE RELA EREDE 134 EXA a a RA AA A 135 Show ip AS DTIMIS MAS sei A E aod tudes 136 o iedeaLCePeadeiegerieinr se TE EE E 136 PAVARICIGIS s 325 445d aoe bei GRE ORE A EERE ERR a A 136 O PP de beeeausdeen betwee beaie aed ea haus 136 Command MOUE ae orudted ach endawtareredadiusehbadepeterenes ess 136 311645 A Rev 00 Contents 19 PESOS 24 2544 Gente dis A Soe HOS ase AR 136 Next command MORE cuidara adidas 136 Pees COMMANGS second ad SERS e ORES CRS e ARE RS 137 S UN he se hh a tas Bac O 137 show IB CSP IGIQNOO cides fake Hees dhe tnd ET dados 138 PRT O D Ae PAA dh E doh aon ge hao wea dela 138 PARAMS si das ba a Sle Need chek a eh che EE eds de a 138 De acca Y EST E o RSS eee SAE EA HOR ES ARA do ees 138 COMMEnd MOJE xisco sehen boi ira 138 ROSPUNSS espro rica Pheer ease dinecencchs ances 138 Next command MOS lt co caters ekacehee thea eeatdidhee eee caeandnees 138 Reed eomma esas Sac dci in ban hc ee a Re te Dae oc ay eon ahs 138 A ee ee ere 139 APIO a ee ai AAA A 140 US ida a ead ds adidas 140 PEIES cerrar ESA e RA Ad A A AA 140 A A O ee Ce O 140 Command Mode o2coca whee onde dnddens dia lr 140 P
126. s removed The switch is set to use the external LDAP server 311645 A Rev 00 Chapter 2 CLI Command Summary 79 Idap server source This command sets the source of the LDAP server used by the switch to either the internal LDAP server on the switch itself or an external LDAP server that can be shared by one or more Contivities Syntax Idap server source internallexternal Parameters internal Use the internal LDAP server for switch configuration data external Use the external LDAP server for switch configuration data Default When initially configured the switch has an internal LDAP server Command mode Global configuration Next command mode Global configuration Prerequisites If setting to an external LDAP server the settings must already have been configured for the LDAP server Reference for the Contivity VPN Switch Command Line Interface 80 Chapter 2 CLI Command Summary Warnings External LDAP server not configured Cannot reach external LDAP server Related commands ldap server show ldap server Example See the example for the Idap server command 311645 A Rev 00 Chapter 2 CLI Command Summary 81 load This is a mini CLI command to allow emulation of CLI commands available in earlier versions of the switch software This command allows the administrator to use the Bulk Load facility to Execute a command file that has been previously copied to the switch using FTP The comman
127. st back up until entering a question mark shows the available options Two styles of Help are provided 1 Full Help is available when you are ready to enter a command argument for example show and describes each possible argument 2 Partial Help is provided when an abbreviated argument is entered and you want to know what arguments match the input for example show arp 311645 A Rev 00 host address Chapter 2 CLI Command Summary 65 This command establishes the IP address port bind DN and bind password settings for the external master and slave LDAP servers The master server is the primary server to process queries If the master server becomes unavailable the switch attempts to use the slave LDAP servers The switch reattempts connection to the master server every 15 minutes or upon a configuration change The switch has read write access to the master LDAP server The slave servers are read only Syntax host address masterlslave llslave2 portlssl port port_number bind dn bind_dn_value bind password bind_password no host masterlslave1 lslave2 Parameters address master slavel slave2 port ssl port port_number bind dn The IP address for the LDAP server Can be a dotted IP address or a host name The host name does not have to be fully qualified if it is in the same domain as the switch The settings for the master LDAP server The settings for the slave 1 LDAP server The setti
128. tails for this server have been removed from the switch configuration Reference for the Contivity VPN Switch Command Line Interface 124 Chapter 2 CLI Command Summary show file systems This command shows the available file systems on the switch including device size and details of available space remaining Syntax show file systems Parameters None Default None Command mode User Exec Next command mode User Exec Example CES gt show file systems File Systems Size b Free b Type Flags Prefixes 1249280 262752 disk rw ide0 1269760 1241752 disk rw idel This example shows the output for a switch that has two hard disk drives 311645 A Rev 00 Chapter 2 CLI Command Summary 125 show flash contents This command shows the current settings that are in flash for the switch This is equivalent to the Flash Contents button display on the Status gt Statistics Web management page Syntax show flash contents Parameters None Default None Reference for the Contivity VPN Switch Command Line Interface 126 Chapter 2 CLI Command Summary Command mode User Exec Next command mode User Exec Related commands show version 311645 A Rev 00 xample CES gt show file Flash Header Flash Data model number Chapter 2 CLI Command Summary 127 MAC address serial number contents copyright Nortel Networks Copyright 1999 2000 tag NOC versio
129. tart boot drive ide0 config file latest Command mode Privileged Exec Next command mode Privileged Exec 311645 A Rev 00 Chapter 2 CLI Command Summary 97 Prerequisites A named configuration file can only be used after it has been created Warnings Any warnings cause the command to fail The user must reenter the command after correcting the parameters in error Configuration file does not exist Related commands reload reload cancel reload in reload no sessions show reload Reference for the Contivity VPN Switch Command Line Interface 98 Chapter 2 CLI Command Summary Example CES reload at 22 00 restart boot drive ide0 disable after restart Backup LDAP database Reload Scheduled Shutdown at 22 00 00 Reload Explanation Backup LDAP database After Shutdown Restart Disable New Logins No Disable Logins after Restart Yes Boot Mode Normal Config File latest Boot Drive ide0 Proceed with reload confirm y This reboots the switch from ide0 using the latest configuration and disabling logins after the reboot to allow for system maintenance Reason is to Backup LDAP database Comments After a successful reload at command the switch will reboot at the time specified based on internal clock settings For most Telnet client software the reboot will cause the Telnet client to close the connection to the switch If there are any outstanding reboot commands they will be ca
130. tdown and Status gt System Web management pages If the value for the text parameter contains spaces it may be enclosed in double quotes so that it has a single parameter value Default The default settings for this command are determined by any previous reload command For the first reload command the following defaults apply restart boot drive ide0 config file latest Command mode Privileged Exec 311645 A Rev 00 Chapter 2 CLI Command Summary 93 Next command mode Privileged Exec Prerequisites A named configuration file can only be used after it has been created Warnings Any warnings cause the command to fail The user must reenter the command after correcting the parameters in error Configuration file does not exist Related commands reload at reload cancel reload in reload no sessions show reload Reference for the Contivity VPN Switch Command Line Interface 94 Chapter 2 CLI Command Summary Example CES reload restart boot drive ide0 config file factory disable after restart Upgrade software Reload Scheduled Shutdown Reload Explanation Upgrade software After Shutdown Restart Disable New Logins No Disable Logins after Restart Yes Boot Mode Normal Config File Reset Config File Boot Drive ide0 Proceed with reload confirm ly This reboots the switch from ide0 using the factory installed defaults and disabling logins after the reboot to allow for syste
131. ters Ctrl Z Global Configuration Mode prompt CES config Global Configuration Mode commands The following table summarizes the Global Configuration Mode commands Table 4 Global Configuration Mode commands Command Description arp Delete ARP cache entries audible alarm Enable audible alarm console mode Set administration console mode Mini CLI control Maintain control tunnel connections Mini CLI default logging history Set logging history level to default value enable password Assign privileged level password end Exit from configure mode 311645 A Rev 00 Chapter 1 Introduction 39 Table 4 Global Configuration Mode commands Command Description exit Exit from configure mode help Display message about using help ip http server Enable disable HTTP management Idap Control LDAP server Mini CL load Bulk load configuration commands Mini CLl logging history Control system logging level restore system logout Exit the Telnet session Mini CLI reset Set switch system boot mode Mini CLl restore flash Restore factory default switch flash settings Restore factory default switch configuration restrict Restrict management access to Mini CLI save current_boot Save current boot config Mini CLI shutdown Shutdown the switch Mini CLl snmp server contact Set the contact details for the switch snmp ser
132. the month for which the system log is to be displayed month The month for which the system log is to be displayed year The year for which the system log is to be displayed A four digit value normal Display normal events including user and system interactions that indicate switch activity Reference for the Contivity VPN Switch Command Line Interface 170 Chapter 2 CLI Command Summary urgent Display events that an administrator should be aware of immediately In the output these events are marked with an asterisk Could indicate potential security or access problems Also display normal events detailed Display events for use of Nortel Networks support personnel Also display normal and urgent events all Display events for use of Nortel Networks support personnel used for troubleshooting the switch Includes every event that the switch generates Also display detailed normal and urgent events Default The date value defaults to today If the year portion of the date is omitted it defaults to the current year The display level defaults to normal Command mode Privileged Exec Response See the example for output from this command Next command mode Privileged Exec 311645 A Rev 00 Chapter 2 CLI Command Summary 171 Related commands logging history logging facility syslog show logging config show logging events show logging security Example CES show logging syslog 14 01 52 tEvtLgMgr 0 F
133. topped before a restore command can be performed The previous contents of the LDAP database is lost Syntax server restore filename Parameters filename The name of the LDIF file that should be restored into the LDAP database The filename can have a maximum of 8 characters The file is restored from the directory ideO system slapd Idif on the switch Default None Command mode LDAP server configuration Response The restore can take a considerable amount of time to complete depending on the size of the LDIF file The user sees a message once the restore task has been completed Reference for the Contivity VPN Switch Command Line Interface 114 Chapter 2 CLI Command Summary Next command mode LDAP server configuration Prerequisites The internal LDAP server must be stopped before a restore command can be performed Warnings LDIF file filename not found The LDAP server must be stopped before performing a restore Cannot restore LDAP server backup in progress Cannot restore LDAP server restore in progress Related commands Idap server internal server backup server start server stop 311645 A Rev 00 Chapter 2 CLI Command Summary 115 Example CES config ldap server internal Router config 1dap server stop Router config ldap server restore jan031999 Server restore started from file ide0 system slapd ldif jan031999 Server restore completed Router config lda
134. ts after it has completed shutdown boot safe If present switch restarts in safe boot mode boot normal If present switch restarts in normal boot mode boot drive Specify the drive from which the switch will reboot ideOlide1 Disk drive from which bootable image will be loaded config file Specify which configuration should be used after a reboot latest The switch should be rebooted with the latest configuration file Reference for the Contivity VPN Switch Command Line Interface 96 Chapter 2 CLI Command Summary factory The switch should be rebooted with the reset configuration file This file sets the switch to basic defaults the contents of the LDAP database and other settings are still maintained config name Name of previously saved configuration to use on reboot disable logins No more logins should be permitted before the reboot occurs disable after restart Logins should not be permitted after the reboot This is intended to support system maintenance tasks after a reboot text If present this gives the reason for a reload command This reason will be displayed on the Admin gt Shutdown and Status gt System Web management pages If the value for the text parameter contains spaces it may be enclosed in double quotes so that it has a single parameter value Default The default settings for this command are determined by any previous reload command For the first reload command the following defaults apply res
135. urgent events all Display events for use of Nortel support personnel used for troubleshooting the switch Includes every event that the switch generates Also display detailed normal and urgent events 311645 A Rev 00 Chapter 2 CLI Command Summary 159 Default The date value defaults to today If the year portion of the date is omitted it defaults to the current year The display level defaults to normal Command mode Privileged Exec Response See the example for output from this command Next command mode Privileged Exec Related commands show logging events show logging security show logging syslog Reference for the Contivity VPN Switch Command Line Interface 160 Chapter 2 CLI Command Summary Example CES show logging config level urgent Config Log contents for Friday July 30 2000 09 54 15 tRootTask 0 Error in cfg file setting IpxIntfOmCls IpxPrivateLANS 256 09 54 15 tRootTask 0 Error in cfg file setting IpxIntfOmCls IPXPublicAddress N AS CES CES show logging config Config Log contents for Friday July 30 2000 09 52 31 tHttpdTask 0 Shutdown Mode changed from NONE to NOW by user admin 09 52 31 tHttpdTask 0 Reboot Scheduled Shutdown created by user admin 132 2 09 54 15 tRootTask 0 Error in cfg file setting IpxIntfOmCls IpxPrivateLANS 256 09 54 15 tRootTask 0 Error in cfg file setting IpxIntfOmCls IPXPublicAddress N A 09 54 31 tSerialConfig 0 Flash Ad
136. uter State is Up Supports TOS 0 route SPF schedule delay 3 secs Hold time between two SPFs 3 secs inimum LSA interval 5 secs Minimum LSA arrival 1 secs umber of external LSA O Link State Update Interval is 00H 30M Same for all areas Link State Age Interval is 01H 00M Same for all areas umber of Areas in this router is 3 3 Normal 0 Stub 0 nssa Area 0 0 0 0 Number of interfaces in this area 2 SPF algorithm has Executed 37 times Area 1 1 1 1 Number of interfaces in this area 0 SPF algorithm has Executed 37 times Area 2 2 2 2 Number of interfaces in this area 0 SPF algorithm has Executed 37 times This example shows the state of OSPF routing process Reference for the Contivity VPN Switch Command Line Interface 134 Chapter 2 CLI Command Summary show ip ospf database This command displays information related to the OSPF database for the switch It also delivers information about OSPF link state advertisements Syntax show ip ospf database Parameters None Default None Command mode User Exec Response See the example for output from this command Next command mode User Exec Related commands show ip ospf show ip ospf interface show ip ospf neighbor 311645 A Rev 00 Chapter 2 CLI Command Summary 135 Example CES gt show ip ospf database CES gt show ip ospf database Displaying Router Link States Area 0 0 0 0 Link State ID Adv Router Age Seg Nbr CheckSum Links 15 62
137. utor or authorized reseller contact the technical support staff for that distributor or reseller for assistance If you purchased a Nortel Networks service program contact one of the following Nortel Networks Technical Solutions Centers Technical Solutions Center Telephone 33 4 92 966 968 North America 800 2LANWAN or 800 252 6926 Asia Pacific 61 2 9927 8800 800 EMEA 800 810 5000 China An Express Routing Code ERC is available for many Nortel Networks products and services When you use an ERC your call is routed to a technical support person who specializes in supporting that product or service To locate an ERC for your product or service go to the www12 nortelnetworks com URL and click ERC at the bottom of the page 311645 A Rev 00 33 Chapter 1 Introduction This chapter provides an introduction to the Contivity VPN Switch Command Line Interface CLI Accessing the CLI Access from a Telnet session You access the CLI by starting a Telnet session to the switch s Management IP Address for example telnet 10 0 16 247 You then log into the switch using an account with administrator privileges for example Login admin Password 22 3 Upon login the CLI prompt appears indicating that you are in the CLI User Exec Mode You can execute any User Exec Mode commands or change the command mode in order to execute other commands th
138. ve probe sent 0 connection dropped by keepaliv 0 pcb cache lookup failed Reference for the Contivity VPN Switch Command Line Interface 154 Chapter 2 CLI Command Summary show ip vrrp This command displays information about VRRP status Syntax show ip vrrp interface Parameters interface Displays information about VRRP status of the specified interface Default None Command mode User Exec Response See the example for output from this command Next command mode User Exec 311645 A Rev 00 Chapter 2 CLI Command Summary 155 Example CES gt show ip vrrp Slot Intf VRID Prio State Address 0 1 1 255 Master 10 0 20 186 0 1 2 100 Backup 10 0 21 186 CES gt show ip vrrp interface Slot 0 Interface 1 Virtual router 1 Current state is Master priority 255 may not preempt Advertisement interval 1 IP Address 10 0 20 186 Became master 1 times sent 0 Zero prio pkts recv d 0 Sent 436 advertisements recv d 0 No errors Virtual router 2 Current state is Backup priority 100 may not preempt Advertisement interval 1 IP Address 10 0 21 186 Became master 1 times sent 0 Zero prio pkts recv d 0 Sent 7 advertisements recv d 426 No errors This example shows the command displaying the interfaces configured for VRRP and then the more detailed output available with the optional interface parameter Reference for the Contivity VPN Switch Command Line Interface 156 Chapter 2 CLI Command Summary
139. ver location Set the locations details for the switch snmp server name Set the administrative name for the switch Key bindings You can use the Nortel Networks CLI NNCLD commands to edit command line text entries Table 2 describes key bindings for NNCLI Table 5 NNCLI key bindings Keys Function control A start of line control B back 1 character control C abort command Reference for the Contivity VPN Switch Command Line Interface 40 Chapter 1 Introduction Table 5 NNCLI key bindings Keys Function control D delete 1 character control E end of line control F forward 1 character control H amp delete character left of cursor control I command parameter completion control K delete all characters after cursor control L amp control R re display line control N or down arrow next history command control P or up arrow control Q control T control U control W control X control z esc c amp esc u previous history command escape sequence for unprintables transpose characters delete entire line delete word left of cursor delete all characters before cursor delete character at cursor end out of config mode context sensitive help capitalize character at cursor esc l convert character at cursor to lowercase esc b backward 1 word esc d delete 1 word to the right esc f forward 1 word
140. w ip ospf neighbor Display IP OSPF interfaces Display IP OSPF neighbor list show ip rip Display IP RIP details show ip rip database Display info about routes owned and imported by RIP show ip rip interface Display info about interfaces configured for RIP show ip route Display IP routing table show ip route policies show ip traffic Display IP route policies Display information on IP traffic to from switch show ip vrrp show reload Display IP VRRP settings Show details of pending switch reboot show sessions Show current switch sessions show version Show switch configuration and hardware trace Trace the route to a destination who Display active Telnet sessions on switch 311645 A Rev 00 Privileged Exec Mode Chapter 1 Introduction 37 This command mode is entered from User Exec mode with the enable command The administrator can exit from this mode with the disable command they will be returned to User Exec mode This is a full display and configuration mode it enables additional commands to those in User Exec mode Exec commands are typically one time commands for example show commands and clear commands Privileged Exec Mode prompt CES Privileged Exec Mode commands The following table summarizes the Privileged Exec Mode commands Table 3 Privileged Exec Mode commands Command Description clear arp cach
141. y Next command mode User Exec Related commands show ip route Example CES gt show ip route policies ospf 0 interface 10 0 3 41 distribute list in TEST This example shows the accept route policy in OSPF on the interface where TEST stands for the name of the access list 311645 A Rev 00 Chapter 2 CLI Command Summary 151 show ip traffic This command displays statistics about IP traffic including packets sent and received and various errors Syntax show ip traffic Parameters None Default None Command mode User Exec Response See the example for output from this command Next command mode User Exec Reference for the Contivity VPN Switch Command Line Interface 152 Chapter 2 CLI Command Summary Example Q ES gt show ip traffic P statistics total 282511 badsum tooshort toosmall badhlen badlen infragments fragdropped fragtimeout forward cantforward redirectsent unknownprotocol nobuffers reassembled outfragments noroute badoptions badversion zero src addr src dst addr src addr error dest addr error mgmt filterdrops 612 intf filterdrops route filterdrops gosdrops H hb m N DO Dnia S G WUG O U a o OO S D O O OO GO ICMP 27 calls to icmp_error 0 error not generated becaus Output histogram echo reply 3 old messag destination unreachable 0 message with bad code fields 0 message lt minimum length 0 bad checksum 0 message with
142. your hardware or software product Use Adobe Acrobat Reader to open the manuals and release notes search for the sections you need and print them on most standard printers Go to Adobe Systems at the www adobe com URL to download a free copy of the Adobe Acrobat Reader You can purchase selected documentation sets CDs and technical publications through the Internet at the www1 fatbrain com documentation nortel URL You can purchase Nortel Networks documentation sets CDs and selected technical publications through the Nortel Networks Collateral Catalog The catalog is located at support baynetworks com catalog html e The CD ROMs section lists available CDs e The Guides Books section lists books on technical topics e The Technical Manuals section lists available printed documentation sets Make a note of the part numbers and prices of the items that you want to order Use the Marketing Collateral Catalog description link to place an order and to print the order form User interface help button Click the Help button that is located in the upper right of displays to learn about fields on a given page Where appropriate the information provides cause and effect of an action otherwise it might offer troubleshoot Reference for the Contivity VPN Switch Command Line Interface 32 Preface Nortel Networks Customer Service If you purchased a service contract for your Nortel Networks product from a distrib
Download Pdf Manuals
Related Search