Page 1
For final production, import color definitions from
\\daldoc01\docteam\templates\framemaker\book-template\color-defs\ production-colors.fm.
OmniAccess 700 CLI
Configuration Guide
1
Notes on numbered items on banner & legal pages
1
US Customer Support—(800) 995-2696
Release 2.2
Man26801 West Agoura Road
Calabasas, CA 91301
(818) 880-3500
FAX (818) 880-3505
support@ind.alcatel.com
2
International Customer Support—(818) 878-4507
Beta
Internet—service.esd.alcatel-lucent.com
Website: www.alcatel-lucent.com
Part No: 060223-00, Rev A
Page 2
3
4
5
Copyright
The Specifications And Information regarding the products in this manual are subject to change without
notice. All statements, information, and recommendations in this manual are believed to be accurate
but are presented without warranty of any kind, express or implied. Users must take full responsibility
for their application of any products.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET
FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED
HEREIN BY THIS REFERENCE.
This equipment has been tested and found to comply within the limits pursuant to the (Centre for
Telecom) rules. These limits are designed to provide protection against harmful interference when the
equipment is operated in a commercial environment.
The following information is for the Users of the OmniAccess 700: If it is not installed in accordance with
the installation instructions, it may not function exactly to the said specifications. Modifyi ng the
equipment without Alcatel-Lucent’s written authorization may result in the equipment no longer
complying with the said dimensions.
Copyright © 2007, Alcatel-Lucent. All rights reserved. Alcatel-Lucent and Alcatel-Lucent logo are
registered trademarks of Alcatel-Lucent. The contents or specifications contained within this document
are subject to change without notice.
Not withstanding any other warranty herein, all hardware and software are provided "as is" with all
faults. Alcatel-Lucent disclaim all warranties, expressed or implied, including, without limitation, those
of merchantability, fitness for a particular purpose and non-infringement or arising from a course of
dealing, usage, or trade practice. In no event shall Alcatel-Lucent be liable for any indirect, special,
consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data
arising out of the use or inability to u se this manual, even if Alcatel-Lucent h ave been advised of the
possibility of such damages.
Page 3
Table of Contents
1 Preface.............................................................................................................1
About This Guide ......................................................................................................................1
Audience...................................................................................................................................1
Organization..............................................................................................................................2
Part I - Introduction.............................................................................................................2
Part II - LAN Interfaces.......................................................................................................2
Part III- WAN Interfaces......................................................................................................3
Part IV - Packet Classification ............................................................................................4
Part V - Routing Protocols..................................................................................................4
Part VI - Network Security CLI............................................................................................5
Part VII - Quality Of Service ...............................................................................................5
Part VIII - TCP/IP Services.................................................................................................6
Part IX - Lifeline (Dedicated Management Framework) .....................................................6
Document Conventions.............................................................................................................7
Obtaining Documentation..........................................................................................................8
Reference Publications.............................................................................................................8
Obtaining Technical Assistance................................................................................................9
Documentation Feedback.........................................................................................................9
Part 1: Introduction
2 The Command Line Interface......................................................................13
CLI Overview...........................................................................................................................13
Introduction to CLI Modes.......................................................................................................14
CLI User Mode .................................................................................................................14
CLI Configuration Mode....................................................................................................14
CLI Sub-Configuration Mode (SCM).................................................................................14
CLI Modes...............................................................................................................................15
User Mode (UM)...............................................................................................................17
Super User Mode (SUM)..................................................................................................18
Example............................................................................................................................18
Configuration Mode (CM).................................................................................................20
Interface Configuration Mode (ICM).................................................................................23
Sub-Interface Configuration Mode (S-ICM)......................................................................24
Router Configuration Mode (RCM)...................................................................................25
Exiting Configuration Modes.............................................................................................25
Initial Setup.......................................................................................................................26
Using the Command Line Interface.........................................................................................27
CLI Help............................................................................................................................27
Partial Help.......................................................................................................................30
Partial Commands............................................................................................................30
Command Line Editing.....................................................................................................31
Page 4
Command History.............................................................................................................33
Configuring Interfaces.............................................................................................................34
Interface Configuration Commands..................................................................................34
Interface Types and Limitations........................................................................................34
Common Interface Configuration Commands..................................................................34
Interface Show Commands..............................................................................................35
Clear Interface Commands...............................................................................................39
Shutting Down and Bring Up an Interface........................................................................39
Backup Interface...............................................................................................................40
3 System Configuration and Monitoring.......................................................43
System Configuration and Monitoring Tasks..........................................................................43
Chapter Conventions........................................................................................................43
Management Plane Overview.................................................................................................44
Out of Band Management (Console or Modem)...............................................................44
Inband Management (SSH and Telnet)............................................................................46
Idle Timeout......................................................................................................................48
Example............................................................................................................................48
Ping ..................................................................................................................................49
Example............................................................................................................................49
Traceroute........................................................................................................................52
Example............................................................................................................................52
Terminal Settings....................................................................................................................55
Example..................................................................................................................................55
System Name..........................................................................................................................55
Example..................................................................................................................................55
AAA Configuration on OA-700................................................................................................56
To Enable AAA Services..................................................................................................56
Example............................................................................................................................56
Authentication Commands ...............................................................................................57
Show Commands.............................................................................................................73
Setting and Displaying the System Time and Date.................................................................75
Clock Set..........................................................................................................................76
Example............................................................................................................................76
Clock Synchronize............................................................................................................77
Example............................................................................................................................77
System Logging and Debugging.............................................................................................78
Example............................................................................................................................79
Example 1.........................................................................................................................80
Example 2.........................................................................................................................81
Example 3.........................................................................................................................81
Example 4.........................................................................................................................81
Rate Limiting in Statlog...........................................................................................................82
Example 1.........................................................................................................................83
Example 2.........................................................................................................................83
Example 3.........................................................................................................................83
Page 5
Saving Log Messages.............................................................................................................84
Example............................................................................................................................84
Viewing Tech Support ......................................................................................................85
Example............................................................................................................................85
The File System......................................................................................................................86
Example 1.........................................................................................................................86
Example 2.........................................................................................................................87
Copying Files....................................................................................................................87
Example............................................................................................................................87
Deleting Files....................................................................................................................88
Example............................................................................................................................88
Configuration File Management .......................................................................................88
Software Package Management.............................................................................................97
Package Types.................................................................................................................97
Reloading the System...........................................................................................................102
Example................................................................................................................................102
Managing Individual Slots...............................................................................................103
Example..........................................................................................................................103
System Monitoring and Troubleshooting...............................................................................104
Environmental Information..............................................................................................104
Example..........................................................................................................................104
System Hardware Information........................................................................................106
Example..........................................................................................................................106
System Status ................................................................................................................108
Example..........................................................................................................................108
To View the Current State Of LEDs................................................................................109
Example..........................................................................................................................109
To View Process Information..........................................................................................110
Example..........................................................................................................................110
Memory Information........................................................................................................111
Example..........................................................................................................................111
SNMP (Simple Network Management Protocol)...................................................................112
SNMP Basics..................................................................................................................112
SNMP Agent and Manager.............................................................................................113
Example..........................................................................................................................115
SNMP Version................................................................................................................116
Example..........................................................................................................................116
SNMP Show Commands................................................................................................117
SNMP MIB CLI...............................................................................................................118
SNMP MIB GUI ..............................................................................................................119
4 Virtual Router Redundancy Protocol........................................................121
Chapter Organization .....................................................................................................121
Chapter Conventions......................................................................................................121
VRRP Overview....................................................................................................................122
VRRP Configuration..............................................................................................................123
Page 6
VRRP Configuration Steps.............................................................................................123
VRRP Configuration Flow...............................................................................................124
VRRP CLI Commands....................................................................................................125
Modify Global VRRP Group Parameters........................................................................128
Monitor and Debug VRRP..............................................................................................132
VRRP Interface Tracking ......................................................................................................134
Alcatel-Lucent's Interface Tracking Design ....................................................................134
VRRP Configuration Scenario using OA-700........................................................................136
Procedure.......................................................................................................................136
VRRP Configuration .......................................................................................................137
Part 2: LAN Interfaces and Configuration
5 Ethernet Interfaces on SE..........................................................................141
Chapter Conventions......................................................................................................141
Ethernet Overview.................................................................................................................142
Ethernet Basics ..............................................................................................................142
Ethernet Terminologies ..................................................................................................143
Switched Ethernet ..........................................................................................................144
Full-duplex Ethernet .......................................................................................................144
Alcatel-Lucent Specific Overview on Ethernet Interfaces...............................................144
Ethernet Configuration..........................................................................................................145
Ethernet Interface Configuration Steps ..........................................................................145
Ethernet Interface Configuration Flow............................................................................146
Ethernet Interface Configuration Commands.................................................................147
Ethernet Interface Show Commands..............................................................................149
Ethernet Interface Clear Commands..............................................................................152
6 Layer 2 Switching Configuration ..............................................................153
Chapter Conventions......................................................................................................153
Switching Overview...............................................................................................................154
Alcatel-Lucent Specific Overview on Switching..............................................................156
L2 Switching Configuration...................................................................................................158
L2 Switching Configuration Steps...................................................................................158
L2 Switching Configuration Flow....................................................................................160
L2 Switching Commands................................................................................................161
L2 Switching Show Commands......................................................................................164
L2 Switching Clear Commands ......................................................................................169
Switching Configuration using OA-700.................................................................................170
OA-700 as a Switch with no VLANs ...............................................................................170
OA-700 as a Switch with VLANs ....................................................................................171
7 Per VLAN Spanning Tree +........................................................................175
Chapter Conventions......................................................................................................175
Page 7
Per VLAN Spanning Tree (PVST+) Overview.......................................................................176
PVST+ Configuration............................................................................................................177
PVST+ Configuration Steps............................................................................................177
PVST+ Configuration Flow.............................................................................................178
PVST+ Configuration Commands ..................................................................................179
Show Commands in PVST+...........................................................................................183
PVST+ Configuration Examples ...........................................................................................187
Example 1.......................................................................................................................187
Example 2.......................................................................................................................189
Topology.........................................................................................................................189
Procedure.......................................................................................................................190
8 Integrated Routing and Bridging ..............................................................193
Chapter Conventions......................................................................................................193
Integrated Routing and Bridging Overvie w ...........................................................................194
Alcatel-Lucent Specific IRB Overview............................................................................194
IRB Configuration..................................................................................................................195
IRB Configuration Steps.................................................................................................195
IRB Commands..............................................................................................................196
IRB Configuration using OA-700...........................................................................................197
Topology for IRB Configuration on OA-700....................................................................197
9 802.1X Port-Based Authentication............................................................199
Chapter Conventions......................................................................................................199
802.1X Overview...................................................................................................................200
Generic terms used in 802.1X........................................................................................201
Using 802.1X with VLAN Assignment ............................................................................203
Alcatel-Lucent Specific Overview...................................................................................203
802.1X Configuration ............................................................................................................204
802.1X Configuration Steps............................................................................................204
802.1X Configuration Flow.............................................................................................207
802.1X Configuration Commands ..................................................................................208
802.1X Show Commands...............................................................................................214
802.1X Configuration Example .............................................................................................216
10 Port Monitoring...........................................................................................221
Chapter Conventions......................................................................................................221
Port Monitoring Overview......................................................................................................222
Port Monitoring Configuration...............................................................................................223
Port Monitoring Configuration Steps...............................................................................223
Port Monitoring Commands............................................................................................224
Port Monitoring Configuration on OA-700.............................................................................225
Page 8
Part 3: WAN Interfaces and Protocols
11 T1E1 Line Card ...........................................................................................229
Chapter Organization .....................................................................................................229
Chapter Conventions......................................................................................................229
T1 and E1 Overview..............................................................................................................230
E1 Interface Overview...........................................................................................................231
E1 Timeslot Functionalities.............................................................................................231
Mechanisms Supported by the E1 interface...................................................................232
E1 Modes of Operation...................................................................................................233
Alcatel-Lucent Specific Overview...................................................................................233
E1 Configuration ...................................................................................................................234
E1 Configuration Steps...................................................................................................234
E1 Configuration Flow....................................................................................................236
E1 Configuration Commands .........................................................................................237
E1 Show Commands......................................................................................................245
Troubleshooting E1 Lines...............................................................................................247
T1 Interface Overview...........................................................................................................248
Frame Formats Used in T1 Cards..................................................................................248
T1 Modes of Operation...................................................................................................249
T1 Configuration....................................................................................................................250
T1 Configuration Steps ...................................................................................................250
T1 Configuration Flow ....................................................................................................252
T1 Configuration Commands..........................................................................................253
T1 Show Commands......................................................................................................261
Troubleshooting T1 Lines...............................................................................................263
12 Serial Line Cards........................................................................................265
Chapter Organization .....................................................................................................265
Chapter Conventions......................................................................................................266
Serial Line Card (V.35/X.21) Overview.................................................................................267
Alcatel-Lucent Specific Overview..........................................................................................268
V.35/X.21 Configuration........................................................................................................269
V.35/X.21 Interface Configuration Steps........................................................................269
V.35/X.21 Configuration Flow.........................................................................................270
V.35/X.21 Configuration Commands..............................................................................271
V.35/X.21 DTE and DCE CLI Configuration Commands................................................272
13 High-level Data Link Control .....................................................................277
Chapter Conventions......................................................................................................277
HDLC Overview ....................................................................................................................278
HDLC Frame Structure...................................................................................................278
HDLC Frame Formats....................................................................................................279
HDLC Protocol Operation...............................................................................................279
HDLC Configuration..............................................................................................................280
Page 9
HDLC Configuration Steps .............................................................................................281
HDLC Configuration Flow...............................................................................................283
HDLC Configuration Commands....................................................................................284
14 Frame Relay ................................................................................................289
Chapter Conventions......................................................................................................289
Frame Relay Overview..........................................................................................................290
Frame Relay Devices .....................................................................................................290
Frame Relay Virtual Circuits...........................................................................................290
Frame Relay Network Deployments...............................................................................291
Frame Relay Configuration...................................................................................................292
Frame Relay Configuration Steps ..................................................................................293
Frame Relay Configuration Flow....................................................................................295
Frame Relay Commands................................................................................................296
15 Point-to-Point Protocol ..............................................................................305
Chapter Conventions......................................................................................................305
PPP Overview.......................................................................................................................306
PPP Components...........................................................................................................306
PPP Operation................................................................................................................306
PPP Configuration.................................................................................................................307
PPP Configuration Steps................................................................................................308
PPP Configuration Flow .................................................................................................310
PPP Configuration Commands.......................................................................................311
PPP Optional Parameters ..............................................................................................312
PPP Show Commands...................................................................................................320
PPP Debug Commands .................................................................................................327
16 Multilink Point to Point Protocol...............................................................329
Chapter Conventions......................................................................................................329
MLPPP Overview..................................................................................................................330
MLPPP Components......................................................................................................331
MLPPP Operation...........................................................................................................331
Alcatel-Lucent Specific Overview on MLPPP Features..................................................332
MLPPP Configuration............................................................................................................333
MLPPP Configuration Steps...........................................................................................334
MLPPP Configuration Flow ............................................................................................336
MLPPP Configuration Commands..................................................................................337
MLPPP Show Commands..............................................................................................339
MLPPP Configuration Example.............................................................................................340
17 Multilink Frame Relay.................................................................................343
Chapter Conventions......................................................................................................343
MLFR Overview ....................................................................................................................344
MLFR Components ........................................................................................................344
Page 10
MLFR Operation.............................................................................................................344
Alcatel-Lucent Specific Overview on MLFR features .....................................................346
MLFR Configuration..............................................................................................................346
MLFR Configuration Steps.............................................................................................347
MLFR Configuration Flow ...............................................................................................350
MLFR Configuration Commands....................................................................................351
MLFR Show Commands ................................................................................................355
Part 4: Common Classification
18 Common Classifiers ...................................................................................359
Chapter Conventions......................................................................................................359
CC Overview.........................................................................................................................360
Benefits of Alcatel-Lucent Devices Common Classifiers................................................361
CC Architecture..............................................................................................................361
Before you Configure CC ...............................................................................................362
CC Configuration...................................................................................................................363
CC Configuration Steps..................................................................................................363
Elements Used in Configuring CC..................................................................................364
To Configure a Match-list ...............................................................................................367
Example..........................................................................................................................367
Rules within Match-lists..................................................................................................367
To Configure Rules Using the Protocol Numbers...........................................................373
Lists in CC......................................................................................................................374
Nesting Of Match-lists ....................................................................................................376
Show commands in CC..................................................................................................378
Deletion Commands in CC.............................................................................................381
Sample examples on the usage of CC across applications..................................................383
Example 1.......................................................................................................................383
Example 2.......................................................................................................................384
Example 3.......................................................................................................................385
Part 5: Routing Protocols
19 Protocol Independent Features.................................................................389
Protocol Independent Features Configuration......................................................................389
Chapter Conventions......................................................................................................389
Protocol-Independent Configuration...............................................................................390
Protocol-Independent Configuration Commands ...........................................................391
20 Routing Information Protocol....................................................................417
Chapter Conventions......................................................................................................417
RIP Overview........................................................................................................................418
Page 11
RIP Configuration..................................................................................................................419
RIP Configuration Steps.................................................................................................420
RIP Configuration Flow...................................................................................................422
RIP Configuration Commands........................................................................................423
RIP Optional Parameters................................................................................................424
RIP Show Commands ....................................................................................................436
RIP Clear Commands.....................................................................................................440
21 Border Gateway Protocol ..........................................................................441
Chapter Conventions......................................................................................................441
BGP Overview.......................................................................................................................442
BGP Configuration................................................................................................................443
BGP Configuration Steps ...............................................................................................443
BGP Configuration Flow.................................................................................................445
BGP Configuration Commands......................................................................................446
BGP Show Commands...................................................................................................448
BGP Clear Commands...................................................................................................451
A Typical BGP Example Using OA-700................................................................................454
22 Open Shortest Path First...........................................................................457
Chapter Conventions......................................................................................................457
OSPF Overview ....................................................................................................................458
OSPF Configuration..............................................................................................................459
OSPF Configuration Steps .............................................................................................459
OSFP Configuration Flow...............................................................................................461
OSPF Configuration Commands....................................................................................462
OSPF Optional Parameters............................................................................................463
Show Commands in OSPF.............................................................................................481
Clear Commands in OSPF.............................................................................................490
OSPF Configuration on OA-700............................................................................................491
Example 1.......................................................................................................................491
23 Multicast Routing .......................................................................................493
Chapter Conventions......................................................................................................493
Multicast Overview................................................................................................................494
Protocol Independent Multicast (PIM) ............................................................................494
Internet Group Management Protocol (IGMP)................................................................495
RFCs ..............................................................................................................................496
PIM Configuration .................................................................................................................497
PIM Configuration Steps.................................................................................................497
PIM Configuration Flow..................................................................................................499
PIM Configuration Commands .......................................................................................500
Show Commands in PIM................................................................................................505
Clear Commands in PIM ................................................................................................508
IGMP Configuration...............................................................................................................509
Page 12
IGMP Configuration Steps..............................................................................................509
IGMP Configuration Flow ...............................................................................................511
IGMP Configuration Commands.....................................................................................512
Show Commands in IGMP.............................................................................................516
Show Commands in Multicast........................................................................................517
Clear Commands in Multicast.........................................................................................518
Multicast Configuration on OA-700.......................................................................................519
Example 1.......................................................................................................................519
Verifying Multicast Routing.............................................................................................523
24 Policy Based Routing.................................................................................525
Chapter Conventions......................................................................................................525
PBR Overview.......................................................................................................................526
Alcatel-Lucent Specific Overview...................................................................................526
PBR Configuration................................................................................................................527
PBR Configuration Steps................................................................................................527
PBR Configuration Flow.................................................................................................529
PBR Configuration Commands ......................................................................................530
Show Commands in PBR...............................................................................................533
Clear Commands............................................................................................................534
PBR Configuration Example.................................................................................................535
Configuration Steps........................................................................................................535
Show Commands...........................................................................................................536
Part 6: Network Security
25 Network Address Translation....................................................................539
Chapter Conventions......................................................................................................539
NAT Overview.......................................................................................................................540
Types of NAT..................................................................................................................540
Benefits of NAT ..............................................................................................................542
Before You Configure NAT.............................................................................................542
Alcatel-Lucent Specific Overview...................................................................................542
Source NAT Configuration ....................................................................................................543
SNAT Configuration Steps .............................................................................................544
SNAT Configuration Flow...............................................................................................546
SNAT Configuration Commands....................................................................................547
Sample Configurations of SNAT on OA-700..................................................................553
Destination NAT Configuration..............................................................................................554
DNAT Configuration Steps.............................................................................................555
DNAT Configuration Flow...............................................................................................557
DNAT Configuration Commands....................................................................................558
Sample Configuration Example of DNAT on OA-700.....................................................561
Bypass IPsec Traffic.......................................................................................................562
NAT Show Commands...................................................................................................563
Page 13
NAT Clear Commands ...................................................................................................565
NAT Debug Commands .................................................................................................566
Modifying NAT Configuration................................................................................................567
Insertions........................................................................................................................567
Updations .......................................................................................................................568
NAT Deletion Commands...............................................................................................570
26 Filter and Firewall.......................................................................................573
Chapter Conventions......................................................................................................573
Network Security - An overview ............................................................................................574
Network Security Terminologies.....................................................................................575
Firewall Mechanisms......................................................................................................576
Before You Configure Filters and Firewalls....................................................................577
OA-700 Specific Overview..............................................................................................577
Filter Configuration................................................................................................................578
Filter Configuration Steps ...............................................................................................578
Filter Configuration Flow.................................................................................................580
Filter Configuration Commands......................................................................................581
Filter Show Commands ..................................................................................................585
Filter Deletion Commands..............................................................................................587
Filter Clear Commands...................................................................................................588
Filter Debug Commands.................................................................................................589
Sample Examples of Configuring Filters on OA-700......................................................590
Managing Security Configuration..........................................................................................591
Insertions........................................................................................................................591
Updations .......................................................................................................................592
Network Attacks - An Overview.............................................................................................594
Types of Network Attacks...............................................................................................594
Default Attacks (Rate-limiting / Stateful).........................................................................595
Default Attacks (Non-rate Limiting / Stateless)...............................................................597
Optional Attacks .............................................................................................................599
Network Attack Prevention Configuration.............................................................................601
Network Attack Prevention Configuration Steps.............................................................601
Network Attack Prevention Configuration Flow ..............................................................603
Network Attack Prevention Configuration Commands ...................................................604
Firewall Show Commands..............................................................................................614
Firewall Debug Commands ............................................................................................620
Sample Firewall Policy Configurations on OA-700.........................................................621
Zone Configuration................................................................................................................623
Trusted Zone Configuration............................................................................................623
Untrusted Zone Configuration ........................................................................................623
Semi-trusted Zone or Demilitarized Zone.......................................................................624
Three Zone Firewall Example.........................................................................................625
Example 2: Simple Zone Configuration in OA-700.........................................................633
Time-range/Timer Configuration...........................................................................................635
Time-range Configuration Commands ...........................................................................635
Page 14
Time-range Show Command..........................................................................................636
ALGs Supported in OA-700..................................................................................................637
ALG Configuration Commands.......................................................................................639
Customized-service Rule Based ALG Configuration ............................................................646
Customizing ALG Commands........................................................................................646
UA ALG Configuration...........................................................................................................649
UA ALG Commands.......................................................................................................649
Typical Rule Based ALG and DNAT Example Using OA-700...............................................652
Security - Best Practices.......................................................................................................654
Rules for Configuring Packet Filters...............................................................................654
27 IP Security - Virtual Private Network ........................................................659
Chapter Conventions......................................................................................................660
IPsec VPN Overview.............................................................................................................661
IPsec Enabled VPN........................................................................................................663
IPsec Connection Types.................................................................................................663
IPsec Concepts ..............................................................................................................665
Benefits of IPsec Enabled VPN......................................................................................670
Default Configuration Setting on OA-700.......................................................................671
IPsec VPN Configuration......................................................................................................672
IPsec VPN Configuration Steps......................................................................................672
IPsec VPN Configuration Flow.......................................................................................674
IPsec Configuration Commands.....................................................................................675
To Configure the Match-lists...........................................................................................675
IPsec Configuration with Pre-shared Key.......................................................................675
Example..........................................................................................................................675
IPsec Configuration with X.509 Certificates ...................................................................676
To Import a RSA Key......................................................................................................676
Example..........................................................................................................................676
Example..........................................................................................................................677
To Export RSA Keys.......................................................................................................683
Example..........................................................................................................................683
To Delete a CA Certificate..............................................................................................683
Example..........................................................................................................................683
To Delete a Signed Certificate........................................................................................684
Example..........................................................................................................................684
To Delete a Peer Certificate ...........................................................................................684
Example..........................................................................................................................684
To Delete an RSA Key Pair............................................................................................684
Example..........................................................................................................................684
Internet Key Exchange (IKE) Policy ...............................................................................685
To Configure Transform-set in IPsec..............................................................................689
To Configure IPsec Crypto Map.....................................................................................691
Example..........................................................................................................................691
To Attach Crypto Map to an Interface.............................................................................695
Dead Peer Detection (DPD)...........................................................................................696
Page 15
IPsec VPN Show Commands.........................................................................................698
Clear Commands in IPsec..............................................................................................714
IPsec Scenarios on OA-700..................................................................................................715
Best Practices For Deploying IPsec VPN .............................................................................718
Identity............................................................................................................................718
IPsec Access Control .....................................................................................................719
IPsec...............................................................................................................................719
Network Address Translation .........................................................................................720
Network Access Control.................................................................................................720
Interoperability................................................................................................................720
Routing Entry..................................................................................................................721
IPsec NAT-Traversal .............................................................................................................722
Scenarios Depicting IPsec Nat-traversal...............................................................................723
IPsec Tunnel Interface..........................................................................................................725
Before You Configure IPsec Tunnel Interface................................................................725
Default Configuration......................................................................................................726
IPsec Tunnel Interface Configuration....................................................................................727
IPsec Tunnel Interface Configuration Steps...................................................................727
IPsec Tunnel Interface Configuration Flow.....................................................................729
IPsec Tunnel Interface Configuration Commands..........................................................730
IPsec Tunnel Configuration Scenarios using OA-700...........................................................737
28 Generic Routing Encapsulation ................................................................739
Chapter Organization .....................................................................................................739
Chapter Conventions......................................................................................................739
GRE Overview ......................................................................................................................740
GRE Tunnel Setup .........................................................................................................740
GRE Tunnel Features.....................................................................................................741
Summary........................................................................................................................742
Alcatel-Lucent Specific Overview...................................................................................742
GRE Tunnel Configuration....................................................................................................743
GRE Configuration Steps ...............................................................................................743
GRE Configuration Flow.................................................................................................745
GRE CLI Commands......................................................................................................746
GRE Configuration Scenarios using OA-700........................................................................749
1. GRE Configuration .....................................................................................................749
2. GRE + IP Filters + DoS Configuration......................................................................752
3. GRE over IPsec Configuration .................................................................................754
29 Transparent Firewall ..................................................................................757
Chapter Conventions......................................................................................................757
TF Overview..........................................................................................................................758
OA-700 Specific Overview..............................................................................................758
TF Configuration...................................................................................................................759
TF Configuration Steps...................................................................................................759
TF Configuration Flow....................................................................................................760
Page 16
TF Configuration Commands .........................................................................................761
Show Commands in TF..................................................................................................763
Clear Commands............................................................................................................764
TF Configuration on OA-700.................................................................................................765
Configuration Steps........................................................................................................765
Show Commands...........................................................................................................765
Part 7: Quality of Service
30 Quality of Service.......................................................................................769
Chapter Conventions......................................................................................................769
QoS Overview.......................................................................................................................770
Generic terms used in QoS............................................................................................770
Alcatel-Lucent Specific Overview on QoS......................................................................772
Traffic Without Policing and Shaping..............................................................................774
Traffic with Policing.........................................................................................................775
Traffic with Shaping........................................................................................................776
Hierarchical Queuing......................................................................................................777
Bandwidth Sharing in Tunnels........................................................................................779
QoS Configuration.................................................................................................................780
QoS Configuration Steps................................................................................................780
QoS Configuration Flow .................................................................................................783
QoS Configuration Commands.......................................................................................785
Class Map Configuration................................................................................................785
Policy Map Configuration................................................................................................786
Attaching a Policy Map to an Interface...........................................................................789
Traffic Class Attributes Configuration.............................................................................790
Auto QoS Configuration..................................................................................................798
Hierarchical Policy Configuration....................................................................................800
QoS over Tunnel Interface .............................................................................................805
Example..........................................................................................................................805
QoS Show Commands...................................................................................................806
QoS Clear Commands ...................................................................................................815
QoS Test Scenarios on OA-780............................................................................................816
Traffic Shaping ...............................................................................................................816
Priority Queuing..............................................................................................................817
31 Intrusion Detection System.......................................................................819
Chapter Conventions......................................................................................................819
IDS Overview........................................................................................................................820
Alcatel-Lucent Specific Overview...................................................................................820
IDS Configuration..................................................................................................................820
IDS Configuration Steps.................................................................................................821
IDS Configuration Flow...................................................................................................823
IDS Configuration Commands........................................................................................824
Page 17
IDS Show Commands....................................................................................................830
IDS Clear Commands.....................................................................................................835
IDS Debug Commands...................................................................................................836
IDS Configuration Scenario Using OA-700...........................................................................837
Configuration Steps........................................................................................................837
Show Commands...........................................................................................................837
IDS Topology..................................................................................................................838
Part 8: TCP/IP Services
32 DHCP (Dynamic Host Configuration Protocol) Server............................841
Chapter Conventions......................................................................................................841
DHCP Server Overview ........................................................................................................842
Alcatel-Lucent Specific Overview...................................................................................842
DHCP Server Configuration..................................................................................................843
DHCP Server Configuration Steps.................................................................................843
DHCP Server Configuration Flow...................................................................................845
DHCP Server Configuration Commands........................................................................846
DHCP Server Show Commands ....................................................................................853
DHCP Server Test Scenarios using OA-780 ........................................................................856
Configuration Steps........................................................................................................857
33 TFTP (Trivial File Transfer Protocol) Server............................................859
Chapter Conventions......................................................................................................859
TFTP Server Overview..........................................................................................................860
Alcatel-Lucent Specific Overview...................................................................................860
TFTP Server Configuration...................................................................................................861
TFTP Configuration Steps..............................................................................................861
TFTP Configuration Flow................................................................................................862
TFTP Configuration Commands.....................................................................................863
TFTP Show Commands.................................................................................................864
34 DHCP (Dynamic Host Configuration Protocol) Relay .............................865
Chapter Conventions......................................................................................................865
DHCP Relay Overview..........................................................................................................866
Alcatel-Lucent Specific Overview...................................................................................866
DHCP Relay Configuration ...................................................................................................867
DHCP Relay Configuration Steps...................................................................................867
DHCP Relay Configuration Flow ....................................................................................868
DHCP Relay Configuration Commands .........................................................................869
DHCP Relay Test Scenarios using OA-780..........................................................................871
Configuration Steps........................................................................................................871
Page 18
35 DNS (Domain Name Service) Client..........................................................873
Chapter Conventions......................................................................................................873
DNS Client Overview ............................................................................................................874
DNS Client Configuration......................................................................................................874
DNS Client Configuration Steps.....................................................................................875
DNS Client Configuration Flow.......................................................................................876
DNS Client Configuration Commands............................................................................877
DNS Client Test Scenario using OA-780..............................................................................881
Configuration Steps........................................................................................................881
Part 9: Lifeline (Dedicated Management Framework)
36 Lifeline .........................................................................................................885
Chapter Conventions......................................................................................................886
Lifeline Overview............................................................................................................887
Lifeline Features.............................................................................................................888
Failure Modes supported by Lifeline...............................................................................890
Failure Detection ............................................................................................................891
Failure Notification..........................................................................................................892
Interface Cards that are Currently Supported.................................................................892
Functionality Available in Lifeline Mode..........................................................................892
Routing Considerations in Lifeline Mode........................................................................893
Operation of OA-780 in Lifeline Mode............................................................................893
CLI Commands...............................................................................................................894
Recovery from Lifeline Mode to Normal Mode...............................................................897
Lifeline Configuration Scenario.............................................................................................898
Part 10: Appendices
A Well Defined Port Numbers for Services......................................................3
B RFCs Supported by OA-700 ........................................................................11
AAA Authentication.................................................................................................................11
SNMP......................................................................................................................................11
Management...........................................................................................................................11
VRRP......................................................................................................................................11
LAN.........................................................................................................................................12
WAN........................................................................................................................................12
Layer-2 protocols ....................................................................................................................12
Routing....................................................................................................................................12
IPsec VPN...............................................................................................................................13
GRE ........................................................................................................................................14
QoS.........................................................................................................................................14
Page 19
C Failure Scenarios While Installing OA-700 Software Package.................15
Failure Scenarios While Installing...........................................................................................15
D QoS Values and Mnemonics .......................................................................17
Default Values for Random-detect ip-precedence............................................................17
Default Values for Random-detect ip-dscp.......................................................................17
IP-DSCP Mnemonics........................................................................................................20
IP-precedence Mnemonics...............................................................................................21
ToS Mnemonics................................................................................................................21
E IP Security Interoperability of OA-700........................................................23
Configuring IPsec Tunnel Between OA-700 and Cisco 2621.................................................23
Configuration....................................................................................................................24
Verification........................................................................................................................28
Configuring IPsec between OA-700 and Sonicwall (PRO 3060)............................................29
Configuration....................................................................................................................30
Configuring Sonicwall (PRO 3060)...................................................................................32
Verifying the Configuration...............................................................................................36
F Software Licenses and Acknowledgements..............................................37
Linux Kernel......................................................................................................................38
Intel Linux Device Driver Software ...................................................................................38
PMC-Sierra Linux Device Driver Software .......................................................................38
Mindspeed Linux Device Driver Software.........................................................................39
eCos .................................................................................................................................39
U-Boot ..............................................................................................................................40
Linux STP.........................................................................................................................40
Paul's PPP Package.........................................................................................................40
DHCP ...............................................................................................................................42
tftp-hpa .............................................................................................................................43
Net-SNMP ........................................................................................................................44
OpenSSH .........................................................................................................................46
ZEBRA CLI ......................................................................................................................48
GNU Pth - The GNU Portable Threads ............................................................................49
TCP Proxy and Reassembly ............................................................................................49
Strongswan IKE................................................................................................................50
FreeBSD Crypto Library ...................................................................................................50
Snort.................................................................................................................................51
Mbedthis AppWeb ............................................................................................................51
libxslt.................................................................................................................................52
BusyBox ...........................................................................................................................53
iputils ................................................................................................................................53
e2fsprogs..........................................................................................................................55
InetUtils, gawk, GDB ........................................................................................................55
cURL.................................................................................................................................56
Page 20
PCRE................................................................................................................................56
MD5..................................................................................................................................57
GNU General Public License............................................................................................58
GNU Lesser General Public License................................................................................64
Page 21
List of Figures
Configuration Modes 15
VRRP Configuration Flow 124
VRRP Topology 136
Ethernet Network 143
Ethernet Interface Configuration Flow 146
Layer 2 Switching 155
L2-GE Front Panel View of the RJ-45 Connector 156
L2 Switching Configuration Flow 160
Switching with no VLANs 170
Switching with VLAN 171
PVST+ Configuration Flow 178
PVST+ Topology 187
PVST+ Topology on OA-700 189
IRB Topology 197
802.1X Deployment Scenario 200
Message Exchange 202
802.1X Configuration Flow 207
802.1X Topology 216
Port Monitoring Topology 225
The OA-700 T1E1 Line Card 230
E1 Frame Structure 231
E1 Configuration Flow 236
T1 Configuration Flow 252
Serial Line Card (V.35/X.21) 268
V.35/X.21 Configuration Flow 270
An HDLC frame with an information field 278
HDLC Configuration Flow 283
FR Configuration Flow 295
PPP Configuration Flow 310
Sample Deployment Scenario for MLPPP 330
MLPPP Header in Long Sequence Number Format 331
MLPPP Header in Short Sequence Number Format 332
MLPPP Configuration Flow 336
MLFR frame format for data packets 345
MLFR frame format for control packet s 345
MLFR Configuration Flow 350
Depicting Alcatel-Lucent’s Common Classification 360
Elements in Common Classifiers 361
RIP Configuration Flow 422
BGP Configuration Flow 445
BGP Configuration Scenario 454
OSPF Configuration Flow 461
OSPF Configuration Scenario 491
PIM Configuration Flow 499
IGMP Configuration Flow 511
Multicast Configuration Scenario 519
PBR Configuration Flow 529
SNAT Configuration Flow 546
DNAT Configuration Flow 557
Depicting ALG Scenario 575
Filter Configuration Flow 580
Page 22
Network Attack Prevention Flowchart 603
Figure Depicting Three Zones 623
Three - Zone Network Topology 624
Three Zone Firewall Network Topology 625
ALG Configuration Scenario 652
General VPN Usage 661
A General Scenario of IPsec - VPN 664
Tunnel Mode 665
Phase 1 Negotiation - Main Mode 668
Phase 2 Negotiation - Quick Mode 669
IPsec Configuration Flowchart 674
IPsec Scenario with NAT-Traversal 723
IPsec Tunnel Interface Configuration Flowchart 729
IPsec Tunnel Interface Configuration Topology 737
GRE Configuration Flow 745
GRE Configuration Topology 749
GRE+ IP Filters + DoS Configuration Topology 752
GRE + IPsec Configuration Topology 754
TF Configuration Flow 760
Data Traffic before Policing And Shaping 774
Data Traffic with Policing 775
Data Traffic with Shaping 776
Link Sharing Requirement Example 777
Link Sharing Solution 778
Link Bandwidth sharing requirements over VPN tunnels 779
QoS Configuration Flow - Auto QoS Procedure 783
QoS Configuration Flow - Standard Procedure 784
QoS Traffic Shaping Using OA-780 816
QoS Priority Queuing Using OA-780 817
IDS Configuration Flow 823
IDS Topology 838
DHCP Server Configuration Flow 845
DHCP Server Test Scenario using OA-780 856
TFTP Configuration Flow 862
DHCP Relay Configuration Flow 868
DHCP Relay Test Scenario using OA-780 871
DNS Client Configuration Flow 876
DNS Client Test Scenario using OA-780 881
Separate Management Plane 888
N+1 Redundant Management Architecture 889
Uninterrupted Access to System Management 890
Lifeline Configuration Scenario 898
IPsec Interoperability Between OA-700 and Cisco 2621 23
IPsec Interoperability Between OA-700 and Sonicwall PRO 3060 29
Configuring Local network behind Sonicwall 32
Configuring External IP Address for Sonicwall 33
Configuring IPsec Policy and Destination Network 34
Configuring IPsec Phase 1 and Phase 2 Proposals 35
Page 23
CHAPTER 1 PREFACE
ABOUT THIS GUIDE
This guide describes the CLI commands used to configure different services
available in the OmniAccess 700 (OA-700). It focuses on accessing the
OmniAccess 700 by using the Command Line Interface (CLI). In addition to
showing how to configure each feature, this guide also provides background on
why user might need the service and how it works.
The following list is a sampling of what is found in this guide:
• Getting efficient use of network resources.
• Configuring the LAN and WAN interfaces effectively .
• Optimizing routing services to enhance network scalability.
• Integrating networks with different routing protocols.
• Adding intelligence and flexibility to use the ACLs across applications using the
Common Classifiers.
• Setting improved security policies on the network for users and their services.
• Extending the network to new places, such as Internet, securely.
• Protecting information and network resources.
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Preface
AUDIENCE
This guide is intended for networking professionals who are responsible for
designing, implementing, and managing enterprise networks. This guide aims to
provide unique technologies and effective practices that not only deliver value on
the networking perspective but also provides an opportunity for professional
growth.
CLI Configuration Guide
Alcatel-Lucent
1
Beta Beta
Page 24
Left running head:
Chapter name (automatic)
CLI Configuration Guide
ORGANIZATION
The chapters in the CLI Configuration Guide are organized into seven parts.
PART I - INTRODUCTION
The first part provides an introduction to CLI, “The Command Line Interface” in
Chapter 2. This is a preparatory chapter that describes the CLI configuration
considerations, tools required, an overview of the Command Line Interface and
procedures that should be performed before the actual configuration.
Chapter 3 “System Configuration and Monitoring” provides an overview of the
system level commands required to troubleshoot, monitor, connect the system to
the network. This chapter also includes commands for Inband and Out-of-band
management, setting system parameters, software management, configuration
management, AAA services, SNMP, etc. The various commands described
include SSH, Telnet, show version, update, show environment, show mem, show
proc, etc.
Chapter 4 “Virtual Router Redundancy Protocol” details a study on VRRP
implementation on the OA-700. It is a method of providing nonstop path
redundancy and gateway redundancy for an enterprise network by sharing
protocol and Media Access Control (MAC) addresses between redundant
gateways.
PART II - LAN INTERFACES
This part introduces the commands and steps to configure the LAN interfaces. It
gives a succinct overview on the Ethernet Interface configuration in Chapter 5
“Ethernet Interfaces on SE”.
The Bridging configuration in Chapter 6 “Layer 2 Switching Configuration”
deals with the L2 switching Configuration on the OA-700. The chapter is
organized with the L2 switching overview, configuration details in the first few
sections and the configuration scenario in the end to give a real time example for
configuring switching.
Chapter 7 “Per VLAN Spanning Tree +” details the VLAN commands in
switching.
Chapter 8 “Integrated Routing and Bridging” deals with Switching
configuration integrated with routing.
Chapter 9 “802.1X Port-Based Authentication” describes how to configure
IEEE 802.1X port-based authentication on the OA-700.
Alcatel-Lucent
2
CLI Configuration Guide
Beta Beta
Page 25
Chapter 10 “Port Monitoring” chapter details the commands used to configure
Port Monitoring on the OA-700.
PART III- WAN INTERFACES
This part introduces the commands and step s to configure a T1 or an E1 in terface
in Chapter 1 1 “T 1E1 Line Card”. The different encapsulation that can be applied
on an interface are described in the subsequent chapters.
Chapter 12 “Serial Line Cards” provides the configuration steps and commands
to configure Serial interface (V.35/ X.21). The different encapsulation that can be
applied on an interface are described in the subsequent chapters.
Chapter 13 “High-level Data Link Control” provides the configuration steps and
commands to configure an High-level Data Link Control (HDLC) en cap sulation on
an interface.
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Organization
Chapter 14 “Frame Relay” provides the configuration steps and commands fo r
Frame Relay (FR) encapsulation on an interface. It includes the configuration
commands for LMI, DLCI and FR fragmentation.
Chapter 15 “Point-to-Point Protocol” provides the configuration commands for
Point-to-point (PPP) encapsulation on an interface. It includes CLI commands for
configuring LCP, IPCP, Counters and Timers, Authentication, etc.
Chapter 16 “Multilink Point to Point Protocol” provides the configuration
commands for Multilink Point-to-Point (MLPPP) encapsulation on an interface. It
includes CLI commands for configuring a multi-link bundle interface and member
link configuration.
Chapter 17 “Multilink Frame Relay” provides the configuration commands for
Multilink Frame Relay (MLFR) encapsulation on an interface. It includes CLI
commands for configuring a multi-link bundle interface and member link
configuration.
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
3
Page 26
Left running head:
Chapter name (automatic)
CLI Configuration Guide
PART IV - PACKET CLASSIFICATION
This part consists of Chapter 18 “Common Classifiers” that focuses on
configuring the Common Classifier commands. These commands are generic
across all applications. You are required to have a thorough knowledge of this
chapter before you proceed to configure the NATs, Filters, etc. This chapter
provides a concise overview on the concepts of creating rules, match-lists, lists,
etc.
PART V - ROUTING PROTOCOLS
The aim of the fourth part is to get the most out of addressing and routing. The
routing function moves data through the network efficiently and finds new paths
when network changes occur. Routing also affects how large the network can
grow - that is, the complexity of the topology and the stability of the network as it
expands.
All the chapters in this part focus on configuring the routing services.
Chapter 19 “Protocol Independent Features” provides commands that are
generic across all routing protocols. You are required to have a thorough
knowledge of this chapter before you proceed to configure the routing protocols.
Chapter 20 “Routing In formation Protocol” and Chapter 21 “Border Gateway
Protocol” and Chapter 22 “Open Shortest Path First” provides configuration
commands for configuring RIP, BGP and OSPF routing protocols.
Chapter 23 “Multicast Routing” provides Multicast routing configuration on the
OA-700.
Chapter 24 “Policy Based Routing” covers the Policy Based Routing (PBR)
configuration on the OA-700.
Alcatel-Lucent
4
CLI Configuration Guide
Beta Beta
Page 27
PART VI - NETWORK SECURITY CLI
This part deals with the methodologies to secure the network, protect data and
users, and extend connectivity with confidence. Security services protect the
confidentiality and integrity of information on the network. You are required to
have a complete knowledge in configuring the match-lists (access lists) before
you proceed to configure the Filters, NATs, Firewalls, and IPsecs.
Chapter 25 “Network Address Translation” covers the configuration of NATs
(SNAT and DNAT configuration).
Chapter 26 “Filter and Firewall” progresses logically from basic network
security, starting with filters to more sophisticated topics such as Firewall policies
and Zone configuration. The “T ime-range CLI” includes com mands and procedure
to configure scheduling in different applications, such as Firewall.
Chapter 27 “IP Security - Virtual Private Network” begins a survey of
advanced security services and provides details about IPsec - a leading
technology for building VPNs. IPsec building blocks include IKE, Transform Sets,
Security Associations, Modes, Authentication Header (AH), Encapsulating
Security Payload (ESP), and basic cryptography.
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Organization
Chapter 28 “Intrusion Detection System” comprehends the commands to
configure Intrusion Detection and Intrusion Prevention on the OA-700.
Chapter 29 “Generic Routing Encap sulation” provides the commands for GRE
(Generic Routing Encapsulation) configuration.
Chapter 30 “Transparent Firewall” covers the Transparent Firewall (TF)
configuration on the OA-700.
PART VII - QUALITY OF SERVICE
Quality of Service (QoS) refers to a broad collection of shaping technologies/
techniques. QoS is an increasingly important area of research and development
in computer networking. It is especially important for the new generation of
internet applications such as video-on-demand and other consumer services.
QoS tools help in alleviating most congestion problems especially when there is
too much traffic and a network monitoring system becomes a must.
Chapter 31 “Quality of Service” provides the configuration commands for QoS.
It includes CLI commands for configuring policing, shaping, queueing network
traffic, auto Qos, etc.
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
5
Page 28
Left running head:
Chapter name (automatic)
CLI Configuration Guide
PART VIII - TCP/IP SERVICES
This part consists of Chapter 32 “DHCP (Dynamic Host Configuration
Protocol) Server” that focuses on DHCP Server configuration, and Chapter 33
“TFTP (Trivial File Transfer Protocol) Server” that documents the TFTP Server
configuration commands.
Chapter 34 “DHCP (Dynamic Host Configuration Protoc ol) Relay” focuses on
DHCP Relay configuration.
and Chapter 35 “DNS (Domain Name Service) Client” documents the DNS
Client configuration commands.
PART IX - LIFELINE (DEDICATED MANAGEMENT FRAMEWORK)
This part consists of Chapter 36 “Lifeline” that describes the Lifeline
management framework, which is a key architectural aspect of the OA-780.
Alcatel-Lucent
6
CLI Configuration Guide
Beta Beta
Page 29
DOCUMENT CONVENTIONS
The following table describes the do cument conventions used with the commands
in this document:
Convention Description
Bold Indicates commands and keywords
Italics Indicates arguments/command input supplied by you.
[ ] Square brackets enclose an optional element (keyword
or argument)
< > Braces enclose a mandatory element (keyword or
argument).
| Line indicates an optional choice.
[x | y] Square brackets enclosing keywords or arguments
separated by a vertical line indicates an optional
choice.
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Document Conventions
{x | y} Braces enclosing keywords or arguments separated by
a vertical line indicate a required choice. You must
select one.
[w {x|y}............] Nested sets of square brackets or braces indicate
optional or required choices within the optiona l or
required elements.
{x|y}... OR
[x|y]...
Courier font Examples of information displayed on the screen.
< > Angle brackets enclose text that is not printed on the
“no” form of the
commands
[ ^ ] [ ^ ] in the command indicate negation.
Braces enclosing keywords or arguments with ‘...’
indicate that the element within the brace can be
repeated.
screen such as passwords.
The 'no' form of a command is issued to either set it to
its default value or to negate it.
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
7
Page 30
Left running head:
Chapter name (automatic)
CLI Configuration Guide
The following conventions are used to attract the attention of the reader:
Note: A note contains helpful suggestions or information that may be easily overlooked.
Caution: Indicates a situation where the reader needs to be careful. Failure to observe the
cautionary note could result in equipment damage or loss of data.
Warning: Warning is used in similar cases as caution. This also indicates a situation where the
reader needs to pay extra attention to avoid hazardous situations.
OBTAINING DOCUMENTATION
Alcatel-Lucent provides several ways to obtain technical assistance and other
technical resources. Documents can be downloaded from our support site
service.esd.alcatel-lucent.com.
REFERENCE PUBLICATIONS
The following publications are part of the Alcatel-Lucent documentation suite:
• OmniAccess 700 CLI Command Reference Guide (Release 2.2)
• OmniAccess 700 Web GUI Users Guide (Release 2.2)
• OmniAccess 700 Getting Started Guide (Release 2.2)
• OmniAccess 780 Hardware Users Guide (Release 2.2)
• OmniAccess 740 Hardware Users Guide (Release 2.2)
Alcatel-Lucent
8
CLI Configuration Guide
Beta Beta
Page 31
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
OBTAINING TECHNICAL ASSISTANCE
For all customers, partners, resellers, and distributors who hold valid AlcatelLucent service contracts, the Alcatel-Lucent Technical Support Team provides 24hour-a-day, technical support services online and over the phone.
For Customer issues and help, contact:
Alcatel-Lucent
US Customer Support: (800) 995-2696
International Customer Support: (818) 878-4507
E-mail: support@ind.alcatel.com
Website: service.esd.alcatel-lucent.com
DOCUMENTATION FEEDBACK
Obtaining Technical Assistance
We value your comments and suggestions about our documentation. If you have
any comments about this guide, please enter them through the Fee dback link on
the Alcatel-Lucent website. We will use your feedback to improve the
documentation.
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
9
Page 32
Left running head:
Chapter name (automatic)
CLI Configuration Guide
10
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 33
For final production, import color definitions from
For final production, import color definitions from
\\daldoc01\docteam\templates\framemaker\book-template\color-defs\ production-colors.fm.
\\daldoc01\docteam\templates\framemaker\book-template\color-defs\ production-colors.fm.
Do not import other template elements such as page layout.
Do not import other template elements such as page layout.
To return to the draft version, import color def’ns from draft-colors.fm.
To return to the draft version, import color def’ns from draft-colors.fm.
To switch to the beta version, import color def’ns from beta-colors.fm
To switch to the beta version, import color def’ns from beta-colors.fm
Optional footer:
Manual title (to set,
redefine ManualTitle
variable)
Part 1 Introduction
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Beta Beta
Pagination:
Numeric &
continuous
with
preceding
11
section of
book
Page 34
Left running head:
Chapter name (automatic)
12
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 35
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
The Command Line Interface
CHAPTER 2 THE COMMAND LINE INTERFACE
CLI OVERVIEW
The Command Line Interface (CLI) is the primary interface to access the OA-700.
The CLI is the interface for console and connections via SSH, Telnet, and Modem.
The CLI, which automatically starts once the required processes on the Switch
Card are up provides commands that you can use to perform various tasks,
including configuring the OA-700, monitoring and troubleshooting the system,
enabling network connectivity, and verifying the system hardware.
This chapter provides an overview of the CLI. For more detailed information on
the CLI syntax and a description on its p arameters, refe r to the OmniAcces s 700
CLI Command Reference Guide.
The following topics are discussed in this chapter:
• “Introduction to CLI Modes” on page 14
• “CLI Modes” on page 15
• “Initial Setup” on page 26
• “Using the Command Line Interface” on page 27
• “Configuring Interfaces” on page 34
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
13
Page 36
Left running head:
Chapter name (automatic)
The Command Line Interface
INTRODUCTION TO CLI MODES
There are several modes in the CLI, and in each mode, you can perform specific
tasks. The CLI modes can be grouped under three main modes:
• CLI User Mode
• CLI Configuration Mode
• CLI Sub-Configuration Mode (SCM)
CLI USER MODE
In the CLI User Mode, you can enter commands to monitor and troubleshoot the
system, network connectivity, clearing of processes, and routers. At this level,
there are several broad groups of CLI commands. The two main administrative
modes are User Mode (UM) and Super User Mode (SUM). When you log in to
the OA-700 and the start the CLI session, you are at the top level of the CLI User
Mode which is the User Mode (UM).
CLI CONFIGURATION MODE
In the configuration mode, you can configure the OA-700 by creating a hierarchy
of configuration statements by using the CLI or by creating a text (ASCII) file that
contains the statement hierarchy. (The statement hierarchy is identical in both the
CLI and text configuration file).
You can configure all applications of the OA-700 including interfaces, general
routing information, routing protocols, configuring NAT, configuring firewall, VPN,
QoS, and user access as well as several system hardware parameters.
In the configuration mode, you can configure different ap plications run ning on the
OA-700. It has four different configuration modes. They are: Configurat ion Mode
(CM), Interfac e Configuration Mode (ICM), Router Configur ation Mode (RCM)
and Sub-Configuration Mode (SCM).
CLI SUB-CONFIGURATION MODE (SCM)
From configuration modes, you can enter configuration sub-modes. The subconfiguration modes are used for the configuration of specific features within the
scope of a given configuration mode.
Alcatel-Lucent
14
Beta Beta
CLI Configuration Guide
Page 37
CLI MODES
e
r
e
(
RCM)
e
(
)
(S
)
Each mode has a specific set of commands and you can navig at e between the
modes using a specific set of commands.
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
CLI Modes
LOGIN
End / Ctrl-Z
UserMode(UM )
Router>
Sup
User Mode (SUM)
Router#
Router>en
•Show Commands
•Monitor Command
•Ping and ssh
•Enter SUM
•Reset Counters
•Clear Commands
•Debug Commands
•Enter Config-mode
Router# Config t
Exit
Router Configuration Mod
Configuration Mode (CM)
Router(Config)#
Application
Interfa c e
Interface Configuration Mod
ICM
End / Ctrl-Z
Exit
End / Ctrl-Z
This mode is accessed from
the C M. Ente rs into a sp e c ific
application. For ex: BGP, RIP,
OSPF , F ir e wall, Filter, NAT ,
IPSec, Time-R an ge etc.
This mode is accessed from
the CM. Many features are
enabled on a per-interface
bas is . IC M commands modify
the operation of an interface.
Exit
Sub-Interface Configuration
Mode
-ICM
This mode is accessed from
Interface Configuration Mode
This is a sub-mode of the ICM.
Figure 1: Configuration Modes
Alcatel-Lucent
CLI Configuration Guide
15
Beta Beta
Page 38
Left running head:
Chapter name (automatic)
The Command Line Interface
ODES
CLI M
The different CLI modes are:
• “User Mode (UM)”
• “Super User Mode (SUM)”
• “Configuration Mode (CM)”
• “Interface Configuration Mode (ICM)”
• “Sub-Interface Configuration Mode (S-ICM)”
• “Router Configuration Mode (RCM)”
The flowchart above depicts the flow and command structure to be used to enter
into the different modes of configuration accordingly.
After you successfully log into the system, you will enter the User Mode. At this
mode, you can view only a few global show commands and have access to ping
and SSH. There is no access to edit or update the configuration in this mode.
The next level is the Super User Mode. You can enter this mode by typing in the
“enable” command. At this mode, you are given the flexibility to use the debug,
reset, and clear commands. Even here you have no access to either insert,
delete, or modify the configuration.
Type the “config terminal” command to enter the Configuration Mode. This
mode is used to configure the system globally, or to enter specific configuration
modes to configure specific elements such as interfaces or protocols.
In the Application Configuration Mode, you can enter into a specific application
by entering the corresponding name such as: router OSPF, BGP, RIP, IP NAT, IP
filter, firewall, etc.
By entering the interface type, slot-number, port-number , and other p aram eters of
the interface, you will enter the Interface Configuration Mode. The interface
configuration mode can be accessed from the configur ation mode or also from the
application configuration mode. After configuring an interface, you can configure a
sub-interface either from the ICM or directly from the configuration mode itself.
The reverse flow is also depicted with the help of the “Exit” and “End / Ctrl-Z”
commands. These commands allow you to go back to the previous mode or to
exit totally out of the configuration and go to the super user mode. The command
“top” is used to jump to configuration mode from which ever mode you are in.
16
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 39
USER MODE (UM)
You can start the CLI session from a console, SSH or a Telnet connection. When
you start the CLI session, you are prompted for a user name / password
combination. When you enter the user name and password correctly, you will
automatically enter the UM. If you enter an incorrect password three consecutive
times, the CLI session will be closed.
Since UM is the basic administrative level, only a limited set of commands like
basic diagnostics, monitoring commands, ping, and ssh are available. The UM
command set is a subset of the SUM command set. UM is also the starting point
for accessing the SUM command set.
U
SER MODE COMMAND SET
Command (in UM) Description
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
CLI Modes
clear Reset functions
enable Turn on privileged comma nds
exit Exit from current mode
help Description of the interactive help system
logout Exit from the EXEC
mping Multicast Ping
mtrace Trace reverse multicast path from destination to
source
no Negate a command or set its defaults
nslookup Translate a DNS name to an IP address or vice-
versa
ping Send echo messages
quit Quit this session
service Set terminal line parameters
show Show running system information
ssh Open a SSH connection
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
17
Page 40
Left running head:
Chapter name (automatic)
The Command Line Interface
SUPER USER MODE (SUM)
To access the SUM, enter the ‘enable’ command in the UM mode. SUM is a
superset of the UM command set and allows you to perform tasks like process
reset, clearing counters, debugging, and entering conf iguration modes.
Command (in UM) Description
enable Enables SUM.
EXAMPLE
ALU> enable
ALU#
Notes:
• As the SUM command set contains all of the commands available in UM,
some commands can be entered in either mode.
• It is recommend that you set up password authentication for users who
need to access the SUM command set.
SUM C
The SUM mode prompt consists of the host name of the device followed by a
pound sign (#) or if no host name is configured, the prompt is displayed as ‘ALU#’.
OMMAND SET
Command (in SUM) Description
clear Reset functions
clock System Clock
configure Enter configuration mode
copy Copy from one file to another
crypto IPsec VPN Module
debug Debugging functions
delete Delete a file
dir List files on a filesystem
disable Turn off privileged commands.Exit s from
the SUM to the UM mode.
18
erase Erase a filesystem
exit Exit from current mode
help Description of the interactive help
system
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 41
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
CLI Modes
Command (in SUM) Description
list Listing files
load Load dynamically loadable resources
Loading the configuration file
logging Modify message logging facilities
logout Exit from the EXEC
mkdir Create directory
modem Configure the Modem
nslookup Translate a DNS name to an IP address
or vice-versa
package Package Manipulation
ping Send echo messages
power Control power on specified line card
quit Quit this session
reload Reboot the Chassis
rmdir Delete directory
save Saving the configuration file
service Set terminal line parameters
show Show running system information
ssh Open a ssh connection
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
undebug Disable debugging functions
write Write running configuration to memory,
network, or terminal
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
19
Page 42
Left running head:
Chapter name (automatic)
The Command Line Interface
CONFIGURATION MODE (CM)
From SUM, you can enter the Configuration Mode (CM). The CM is used to
configure the system globally to enter specific configuration modes or to configure
specific elements such as interfaces or protocols.
In this mode, you can enter commands that configure general system
characteristics. CM allows you to make changes to the running configuration. If
you later save the configuration, these commands are stored across router
reboots. To access CM, enter the following command in SUM:
Command (in SUM) Description
configure terminal Enters Configuration Mode
E
XAMPLE
ALU#configure terminal
ALU(config)#
Enter configuration commands, one per line. End with CNTL/Z.
CM C
To exit the Configuration Mode and return to the SUM, enter the Control-Z
command.
ALU(config)#^Z
ALU#
OMMAND SET
Command (in CM) Description
aaa Authentication, Authorization, and
Accounting
access-list Add an access list entry
arp ARP setting
auto Create Auto-QoS template
banner Define a login banner
class-map Set QoS Class Map.
clear Terminating the Session
20
clock System clock settings
controller Select a controller to configure
crypto IPSEC VPN module
customized-service Customize services
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 43
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
CLI Modes
Command (in CM) Description
debug Debugging functions (see also
'undebug')
dialer-list Specify dialer list
dot1x 802.1X authentication settings
enable Modify enable secret parameters
end Exit from configure mode
firewall Firewall configuration mode
gre-keep-alive-interval GRE Keep Alive interval
gre-keep-alive-max-tries GRE Keep Alive maximum try count
hostname Set system's network name
http HTTP Web server
https Secure HTTP
interface Select an interface to configure
ip Global IP configuration sub commands
ip-policy Define/Modify PBR policy
key-chain Key management
license License operations
line Configure a terminal line
list Define a new list/Modify an existing list
liveness Define behavior in case of liveness test
failures
logging Modify message logging facilities
mac-address-table Configure the mac address table
match-list Define/Modify a match-list
no Negate a command or set its defaults
package Package Manipulation
policy-map Add a Policy-Map
radius-server Modify RADIUS query parameters
route-map Create route-map or enter route-map
router Enable a routing process
service Modify use of network based services
CLI Configuration Guide
Beta Beta
command mode
Alcatel-Lucent
21
Page 44
Left running head:
Chapter name (automatic)
The Command Line Interface
show Show running system information
snmp Configure SNMP parameters
spanning-tree spanning-tree configurations
ssh SSH service
tacacs-server Modify TACACS+ query parameters
telnet Te lnet servic e
tftp-server To Provide TFTP service for file requests
time-range Define/Modify a time range object
top Enter top level configuration mode
transparent-forward Define/Modify transparent-forward policy
Command (in CM) Description
undebug Debugging functions (see also
'undebug')
up Go up one mode
username Establish User Name Authentication
22
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 45
INTERFACE CONFIGURATION MODE (ICM)
One of the modes that you can access from CM is the Interface Configuration
Mode (ICM). Many features are enabled on a per-interface basis. Interface
configuration commands modify the operation of an interface such as Gigabit
Ethernet, T1 or E1, etc.
Command (in CM) Description
interface <name> <slot/port> This command enables you to configure
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
CLI Modes
virtual interfaces such as Gigabit
Ethernet, Serial (V.35/X.21), and
Switchport (L2GE).
E
XAMPLE
interface <name> <interfacenumber>
controller <slot/port> This command enables you to T1 or an
interface Serial <slot/
port:channel>
The following command configures a Gigabit Ethernet interface:
ALU(config)#interface GigabitEthernet 7/0
ALU(config-if GigabitEthernet7/0)#
The following command configures a loopback interface:
ALU(config)#interface loopback 1
ALU(config-if loopback1)#
The following command configures a MLFR bundle interface:
ALU(config)# interface mlfr 100
ALU(config-if mlfr100)#
This command enables you to configure
logical interfaces such as tunnel
interface, loopback, VLAN, Multilink
Frame Relay , and Multilink Point-to-Point
protocol.
E1 interface. This enters Controller
mode.
This command enables you to configure
a channelized serial interface in the
specific slot or port of the T1 or an E1
interface.
The following command configures a E1 controller and channelized serial interface:
ALU(config)# controller E1 0/0
ALU(config-controller E1)#
ALU(config-controller E1)# exit
ALU(config)#
ALU(config)#interface Serial 0/0:0
ALU(config-if Serial0/0:0)#
To exit the ICM and return to the CM, enter the Exit command.
ALU(config-if GigabitEthernet7/0)# exit
ALU(config)#
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
23
Page 46
Left running head:
Chapter name (automatic)
The Command Line Interface
SUB-INTERFACE CONFIGURATION MODE (S-ICM)
From the CM, you can enter Sub-Interface Configuration Mode (S-ICM), which is
a sub-mode of the ICM.
Command (in CM) Description
E
XAMPLE
interface <name> <slot/port:
channel>
interface <name> <slot/
port>.subchannel
interface Serial <slot/
port:channel.subchannel>
The following command configures a sub-interface on Gigabit Ethernet interface:
ALU(config)# interface GigabitEthernet 7/0:1
ALU(config-subif GigabitEthernet7/0:1)#
The following command configures a sub-interface on a serial (v.35/X.21)
interface:
ALU(config)# interface Serial0/0.1
ALU(config-if Serial0/0.1)#
This command enables you to configure
a sub-interface on a Gigabit Ethernet
interface. This enters the S-ICM.
This command enables you to configure
a sub-interface on a Serial (V.35/X.21)
interface. This enters the S-ICM.
Note: This is valid only if Frame
Relay encapsulation is set
on the main interface.
This command enables you to configure
a sub-interface on a channelized Serial
interface. This enters the S-ICM.
24
The following command configures a sub-interface on a channelized serial
interface:
ALU(config)# interface Serial 0/0:0.1
ALU(config-if Serial0/0:0.1)#
To exit from the S-ICM and return to the ICM, use the Exit command. To end your
configuration session and return to SUM mode, press Ctrl-Z or enter the End
command.
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 47
ROUTER CONFIGURATION MODE (RCM)
From the CM, you can enter the Router Configuration Mode (ACM). In this mode,
you can enter into any specific application by entering the corresponding name
such as OSPF, BGP, RIP, IP NAT, IP filter, firewall, etc.
Router configuration mode is used for configuring all the routing protocols.
Command (in CM) Description
router bgp <1-65535> Enters BGP router configuration mode.
router ospf <1-65535> Enters OSPF router configuration mode.
router rip Enters RIP router configuration mode.
ip filter <name> Enters Filter configuration mode.
ip nat <name> Enters NAT configuration mode.
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
CLI Modes
E
XAMPLE
ALU(config)# router ospf 42
ALU(config-router ospf 42)#
EXITING CONFIGURATION MODES
Command (in CM) Description
end
or
^Z
^C
exit Exits the current configuration mode and returns to the
top This command enables you to go one step above from the
Ends the current configuration session (from any
configuration mode) and returns to SUM.
preceding mode. For example, you can enter this
command to exit from CM to SUM or from ICM to CM.
mode you are currently in. For example, if th is co mmand is
entered in the ICM, control moves to the CM.
You can exit from the current configuration session by typing End, Ctrl-C, Ctrl-Z
and return to the UM/SUM mode. You can use the Exit command in any
configuration mode to return to the previous configuration mode.
E
XAMPLE
ALU# configure
Enter configuration commands, one per line. End with CNTL/Z.
ALU(config)# interface GigabitEthernet 7/0
ALU(config-if GigabitEthernet7/0)# ^Z
ALU#
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
25
Page 48
Left running head:
Chapter name (automatic)
The Command Line Interface
ALU# configure
Enter configuration commands, one per line. End with CNTL/Z.
ALU(config)# interface GigabitEthernet 7/0
ALU(config-if GigabitEthernet7/0)# end
ALU#
ALU# configure
Enter configuration commands, one per line. End with CNTL/Z.
ALU(config)# interface GigabitEthernet 7/0
ALU(config-if GigabitEthernet7/0)# ^C
ALU#
ALU# configure
Enter configuration commands, one per line. End with CNTL/Z.
ALU(config)# interface GigabitEthernet 7/0
ALU(config-if GigabitEthernet7/0)# exit
ALU(config)#
ALU# configure
Enter configuration commands, one per line. End with CNTL/Z.
ALU(config)# interface GigabitEthernet 7/0
ALU(config-if GigabitEthernet7/0)# top
ALU(config)#
INITIAL SETUP
Whenever the system configuration is empty, you are automatically entered into
the initial setup program, which takes you through the basic configuration steps.
26
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 49
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
USING THE COMMAND LINE INTERFACE
The following topics are described in this section:
• “CLI Help”
• “Partial Help”
• “Partial Commands”
• “Command Line Editing”
• “Command History”
CLI HELP
Extensive help is available in the CLI for all commands in each mode. To see a list
of commands in each mode, enter a question mark (?) at the CLI prompt. You can
also get a list of keywords and argument s associa ted with any command by using
the context-sensitive help feature.
E
NABLE CLI HELP
Using the Command Line Interface
EXAMPLE
Command (in CM) Description
service completion spacebar-complete Enable Spacebar completion
no service completion spacebar-
complete
service completion tab-complete Enable Tab completion
no service completion tab-complete Disable Tab completion
ALU(config)# service completion spacebar-complete
ALU(config)# no service completion spacebar-complete
ALU(config)# service completion tab-complete
ALU(config)# no service completion tab-complete
Disable Spacebar completion
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
27
Page 50
Left running head:
Chapter name (automatic)
The Command Line Interface
For specific context sensitive help related to a particular mode, command,
keyword, or argument, enter one of the following commands:
(prompt)# help Displays a brief description of the help
Command (in CM) Description
system.
W
ORD HELP
E
XAMPLE
(prompt)# abbreviated-commandentry?
(prompt)# abbreviated-commandentry <Tab>
(prompt)# ? Lists all commands available in the
(prompt)# command? Lists the available syntax options
(prompt)# command keyword? Lists the next available syntax option for
To view the list of commands that begin with a specific set of characters, enter the
characters immediately followed by the question mark (? ). Do not include a sp ace.
This type of Help is called the Word Help.
ALU(config)# show i?
** PRIVILEGE COMMANDS **
inband inband
interfaces Display information for all interfaces
internal Internal info
ip IP information
ip-policy ip-policy keyword
ipx IPX protocol
Lists commands in the current mode that
begin with a particular character string.
Completes a partial command name.
command mode.
(arguments and keywords) for the
command.
the command.
28
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 51
COMMAND SYNTAX HELP
To view a list of keywords or arguments, enter a question mark (?) in the place of
a keyword or argument. Include a space before the ‘?’. This type of help is called
the Command Syntax Help as the keywords / arguments associated with the
command already entered are displayed.
E
XAMPLE
ALU(config)# show ip
** PRIVILEGE COMMANDS **
access-lists List IP access lists
as-path-access-list List AS path access lists
community-list List community-list
dhcp Dynamic Host Configuration Protocol commands
filter filter details
mroute Multicast
multicast Multicast
nat NAT keyword
prefix-list List IP prefix Lists
rpf Show RPF information for multicast source
** BASIC COMMANDS **
bgp BGP information
fib IP FIB Table Statistics
igmp IGMP information
interface Interface (slot/port:channel.subchannel - chan
& subchan optional)
ospf OSPF information
pim PIM information
protocols IP routing protocol process parameters and
statistics
rip IP RIP show commands
route IP routing table
traffic IP Traffic Statistics
vrf VPN Routing/Forwarding instance information
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Using the Command Line Interface
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
29
Page 52
Left running head:
Chapter name (automatic)
The Command Line Interface
PARTIAL HELP
When you enter a partial command (part of a command) and press the TAB or
SPACE key, the command line parser completes the command if the string
entered is unique to the command mode. For this to happen, service completion
should have been enabled for the key.
For example, if you enter conf in the SUM mode, this entry is associated with the
configure command.
E
XAMPLE
ALU# conf <Tab>
ALU# configure
When you use the command completion feature the CLI displays the full
command name. The command is not executed until you use the Return or Enter
key . T his way you can modify the com mand if the full comma nd was not what you
intended by the abbreviation.
If the CLI cannot complete the command, it displays the list of commands that
begin with that set of characters.
For example, typing show ip i<tab> will list all commands, which start with "show
ip i" in the current command mode:
ALU(config)# show ip i<tab>
igmp interface
ALU(config)# show ip i"
Note: Characters you enter before the question mark are reprinted to the screen to allow
you to complete the command entry.
PARTIAL COMMANDS
When you enter a partial command (par t o f a comma nd ) and p ress the En te r key,
the CLI executes the best matched command.
E
XAMPLE
ALU(config)# sh ip int br
Interface IP Address Admin State Oper State
GigabitEthernet3/0 unassigned up down
GigabitEthernet3/1 10.91.1.146 up up
30
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 53
COMMAND LINE EDITING
MOVING THE CURSOR
Keystrokes Function Summary Function Details
Left Arrow or Ctrl-B Back character Moves the cursor one character to
Right Arrow or Ctrl-F Forward character Moves the cursor one character to
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Using the Command Line Interface
the left.
When you enter a command that
extends beyond a single line, you can
press the Left Arrow or Ctrl-B keys
repeatedly to scroll back toward the
system prompt and verify the
beginning of the command entry, or
you can press the Ctrl-A key
combination.
the right.
Esc, B Back word Moves the cursor back one word.
Esc, F Forward word Moves the cursor forward one word.
Ctrl-A Beginning of line Moves the cursor to the beginning of
the line.
Ctrl-E End of line Moves the cursor to the end of the
command line.
Ctrl-P or the Up
Arrow key.
Ctrl-N or the Down
Arrow key.
Ctrl-I Tab Complete command.
History This gives the list of all commands
Previous command Recalls commands in the history
buffer, beginning with the most recent
command. Repeat the key sequence
to recall successively older
commands.
Next command Returns to more recent commands in
the history buffer after recalling
commands with Ctrl-P or the Up
Arrow key. Repeat the key sequence
to recall successively more recent
commands.
entered in the present session.
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
31
Page 54
Left running head:
Chapter name (automatic)
The Command Line Interface
ELETING ENTRIES
D
Keystrokes Function Details
Backspace Deletes the character to the left of the cursor.
Ctrl-K Deletes all characters from the cursor to the end
Esc, D Deletes from the cursor to the end of the word.
RECALLING DELETED ENTRIES
Keystrokes Function Details
Ctrl-Y Recalls the most recent entry in the buffer
of the command line.
(press keys simultaneously).
TRANSPOSING MISTYPED CHARACTERS
Keystrokes Function Details
Ctrl-T Transposes the character to the left of
CONTROLLING CAPITALIZATION
Keystrokes Function Details
Esc, C Capitalizes the letter at the cursor.
Esc, L Changes the letter s from the cursor to
Esc, U Capitalizes letters from the cursor to the
the cursor with the character located at
the cursor.
the end of the word to lowercase.
end of the word.
32
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 55
COMMAND HISTORY
Keystrokes Function Summary Function Details
History This gives the list of all commands
EXAMPLE
ALU(config)# show history
1: enable
2: disable
3: en
4: disable
5: enable
6: configure t
7: interface GigabitEthernet 7/0
8: exit
9: interface GigabitEthernet 7/0
10: ip address 10.91.0.24/24
11: top
12: configure t
13: interface GigabitEthernet 7/05B
14: interface GigabitEthernet 7/0.1
15: interface GigabitEthernet 7/0:3.1
16: service completion spacebar-complete
17: no service completion spacebar-complete
18: no service completion
19: show history
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Using the Command Line Interface
entered in the present session.
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
33
Page 56
Left running head:
Chapter name (automatic)
The Command Line Interface
CONFIGURING INTERFACES
This section describes the following:
• “Interface Configuration Commands”
• “Interface Types and Limitations”
• “Common Interface Configuration Commands”
• “Interface Show Commands”
• “Clear Interface Commands”
• “Backup Interface”
INTERFACE CONFIGURATION COMMANDS
This section contains the very basics for interface configuration in general and
Ethernet interface configuration in particular. More information will be added later.
INTERFACE TYPES AND LIMITATIONS
Physical interface types are obviously decided by the hardware. In addition,
certain physical interface types support sub-interfaces. For example, for 802.1Q
VLANs and for Frame Relay (6-1007) DLCIs.
The sub-interfaces for 802.1Q should be in the range from 1 to 4096 as per the
IEEE specification and 4096 sub-interfaces should be allowed (though not
necessarily a good idea) for every physical interface. For Frame Relay, the
number of DLCIs allowed per interface is decided by how many bi ts you choose to
use for the DLCI.
COMMON INTERFACE CONFIGURATION COMMANDS
Command (in ICM) Description
description <line> Adds a comment to help identify an
mtu <64-1500> Adjusts the maximum packet size or
INTERFACE IP CONFIGURATION
interface.
MTU size.
34
Command (in ICM) Description
ip address {<ip-address
subnet-mask>|<ip-address/
prefix-length>}
Alcatel-Lucent
Assigns an IP address and subnet mask
to the interface.
CLI Configuration Guide
Beta Beta
Page 57
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
INTERFACE SHOW COMMANDS
TO VIEW THE DETAILS OF ALL INTERFACES OR A SPECIFIC INTERFACE
Command (in SUM) Description
Configuring Interfaces
EXAMPLE 1
show interfaces [<name> <slot/
port:channel.subchannel>]
show interfaces brief This command displays information of all
ALU# show interfaces GigabitEthernet 7/0
GigabitEthernet7/0 is up, line protocol is down
Hardware is Intel 82546, address is 0011.8b00.86a8
(0011.8b00.86a8)
Internet address is 172.16.2.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 0 usec,
reliability 0/255, txload 0/255, rxload 0/255
Loopback not set
Encapsulation ARPA, keepalive not set
Auto-duplex(Unknown), Auto(Unknown), 1000BaseTx/Fx
ARP type: ARPA, ARP Timeout never
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/0 (size/max), 0 drops; Input queue 0/0 (size/
max), 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer copied, 0 interrupts, 0 failures
This command displays the information
of all the interfaces configured.
This command displays information for a
specific interface.
the IP and non-IP interfaces configured.
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
35
Page 58
Left running head:
Chapter name (automatic)
The Command Line Interface
XAMPLE 2
E
ALU# show interfaces loopback 1
loopback1 is up, line protocol is up
Hardware is Loopback
Internet address not set
MTU 1500 bytes, BW 1000000 Kbit, DLY 0 usec,
reliability 0/255, txload 0/255, rxload 0/255
Encapsulation LOOPBACK, loopback not set
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/0/0/0 (size/max/drops/flushes); Total output
drops: (null)
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
E
XAMPLE 3
36
ALU# show interfaces
loopback1 is up, line protocol is up
Hardware is Loopback
Internet address not set
MTU 1500 bytes, BW 1000000 Kbit, DLY 0 usec,
reliability 0/255, txload 0/255, rxload 0/255
Encapsulation LOOPBACK, loopback not set
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/0/0/0 (size/max/drops/flushes); Total output
drops: (null)
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Tunnel0 is up, line protocol is down
Internet address is 192.168.1.2/30
MTU 1476 bytes, BW 1000000 Kbit, DLY 0 usec,
reliability 255/255, txload 0/255, rxload 0/255
Loopback not set
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 59
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Configuring Interfaces
Tunnel Specific Parameters:
Configured Source IP address 202.202.202.2,
Destination 201.201.201.2,
Key 0, Sequencing disabled, Checksum disabled,
df-bit reset, mode GRE
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue: 0/0 (size/max) 0 drops; Input queue: 0/0 (size/
max) 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0
abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Tunnel1 is up, line protocol is down
Internet address not set
MTU 1476 bytes, BW 1000000 Kbit, DLY 0 usec,
--More--
E
XAMPLE 4
ALU#show interfaces brief
Interface Status Protocol
switchport1/0 Down Down
switchport1/1 Down Down
switchport1/2 Down Down
switchport1/3 Down Down
switchport1/4 Down Down
switchport1/5 Down Down
switchport1/6 Down Down
switchport1/7 Down Down
GigabitEthernet7/0 up Down
GigabitEthernet7/1 up Down
Tunnel0 up Down
Tunnel1 up Down
Tunnel3 up Down
Tunnel5 up Down
mlppp1 Down Down
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
37
Page 60
Left running head:
Chapter name (automatic)
The Command Line Interface
O VIEW BRIEF DETAILS OF IP INTERFACES
T
Command (in CM) Description
show ip interface brief This command displays information
EXAMPLE
ALU# show ip interface brief
Interface IP Address Admin State Oper State
atm0/0 unassigned down down
atm0/1 unassigned down down
GigabitEthernet1/0 unassigned down down
GigabitEthernet1/1 unassigned down down
Vlan213 2.2.2.2 down down
4.4.4.4 (s)
Loopback222 3.3.3.3 up up
Loopback2 9.9.9.9 up up
1.1.1.1 (s)
7.7.7.7 (s)
Loopback1 unassigned up up
about IP interfaces only.
38
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 61
CLEAR INTERFACE COMMANDS
Command (in UM) Description
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Configuring Interfaces
clear counters [<interface-
name> <slot/
port:channel.subchannel>]
EXAMPLE
ALU#(config)# clear counters GigabitEthernet 7/0
Clears interface counters for specific port in
specific slot.
SHUTTING DOWN AND BRING UP AN INTERFACE
Command in (ICM) Description
shutdown This is entered in the Interface Configuration
Mode. This command administratively brings
down the interface.
no shutdown This is entered in the Interface Configuration
Mode. This command administratively brings
up the interface.
EXAMPLE
ALU(config-if GigabitEthernet7/0)# shutdown
ALU(config-if GigabitEthernet7/0)# no shutdown
CLI Configuration Guide
Alcatel-Lucent
39
Beta Beta
Page 62
Left running head:
Chapter name (automatic)
The Command Line Interface
BACKUP INTERFACE
When a primary interface goes down, an alternate interface in lieu of this primary
interface can be brought up with the backup interface support.
The backup interface is more useful for the W AN interfaces wh en compared to the
LAN interfaces. Most of the times, the dial on demand interfaces (like ISDN
interfaces) act like backup interfaces for the regular WAN interfaces (like Serial/T1
or E1). But, technically nothing stops in utilizing one interface as backup to
another interface with the exception of Loopback interfaces and bridged
interfaces.
Usually the primary interface and the backup interface belong to the same subnet
(they can have the same IP address) so that when the primary interface goes
down, the same connected route gets added to routing table on the backup
interface because of which static routes, routing protocols, etc., would work as is
without any human intervention. But the features like firewall, policies, etc., that
are applied on the primary interface would not be automatically applied to the
backup interfaces. In typical scenarios, these feature configurations are also
duplicated on to the backup interfaces.
The backup interface backs up only one primary interface. When an interface is
specified as backup interface, it cannot be used for regular packet forwarding till
the primary interface goes down. The state of a backup interface is 'standby' as
long as primary interface is up.
T
O CONFIGURE A BACKUP INTERFACE
Command (in ICM) Description
backup interface <interfacename>
EXAMPLE
ALU(config-if GigabitEthernet7/0)# backup interface Serial1/0:0
Enter this command in the Interface
Configuration mode.
This command is used to configure the
an interface as a backup interface.
40
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 63
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Configuring Interfaces
TO VIEW BACKUP INTERFACE DETAILS
Command (in ICM) Description
show This command displays the information
of the backup interface.
XAMPLE
E
ALU(config-if GigabitEthernet7/0)# show
GigabitEthernet7/0 is up, line protocol is up
Hardware is Intel 82546, address is 0011.8b00.2712 (0011.8b00.2712)
Internet address not set
/*Interface Serial1/0:0 is backup interface*/
MTU 1500 bytes, BW 10000 Kbit, DLY 0 usec,
reliability 0/255, txload 0/255, rxload 0/255
Loopback not set
Encapsulation ARPA, keepalive not set
Auto-duplex(Half), Auto(10), 1000BaseTx/Fx
ARP type: ARPA, ARP Timeout never
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/0 (size/max), 0 drops; Input queue 0/0 (size/max), 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
10 packets input, 7468 bytes, 0 no buffer
Received 7 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer copied, 0 interrupts, 0 failures
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
41
Page 64
Left running head:
Chapter name (automatic)
The Command Line Interface
ALU(config-if Serial1/0:0)# show
Serial1/0:0 is Standby, line protocol is down
Internet address not set
/*Interface is backing GigabitEthernet7/0 interface*/
MTU 1500 bytes, BW 1536 Kbit, DLY 0 usec,
reliability 255/255, txload 0/255, rxload 0/255
Loopback not set
Encapsulation hdlc, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue: 0/0 (size/max) 0 drops; Input queue: 0/0 (size/max) 0 drops
Conversations: 0/0/0/0 (active/max active/max total)
Reserved Conversations: 0/0 (allocated/max allocated)
Available Bandwidth 1536 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Timeslot(s) Used:1-24 (64Kbps each), Transmitter delay is 0 flags
42
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 65
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
System Configuration and Monitoring
CHAPTER 3 SYSTEM CONFIGURATION AND MONITORING
SYSTEM CONFIGURATION AND MONITORING TASKS
There are several mandatory and optional configuration options available to
configure the OA-700. To get a clear insight on them, refer to the following
sections:
• “Management Plane Overview”
• “Terminal Settings”
• “System Name”
• “AAA Configuration on OA-700”
• “Setting and Displaying the System Time and Date”
• “System Logging and Debugging”
• “Rate Limiting in Statlog”
• “Saving Log Messages”
• “The File System”
• “Configuration File Management”
• “Software Package Management”
• “Reloading the System”
• “System Monitoring and Troubleshooting”
• “SNMP (Simple Network Management Protocol)”
CHAPTER CONVENTIONS
Acronym Description
AAA Authentication, Authorization and Accounting
CM Configuration Mode - ALU (config)#
ICM Interface Configuration Mode - ALU (config-if)#
MIB Management Information Base
UDP User Datagram Protocol
SUM Super User Mode - ALU#
SNMP Simple Network Management Protocol
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
43
Page 66
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
MANAGEMENT PLANE OVERVIEW
The OA-700 extends the approach of contro l/data plane sep aration by introducing
a management plane. This separa tio n is re fl e cted in the actu al architectu re of th e
system on a number of different levels including hardware and software. The
management plane, as the name implies, handles all the aspects of managing the
system.
The management functions of most of the network devices are directly accessible
through the network that the router is connected to and through dedicated
management ports. Managing the router, through any of the network interfaces, is
called 'in-band' management. Contrarily, management through any of the
dedicated management ports, such as console or modem, are commonly referred
to as 'out-of-band' management.
OUT OF BAND MANAGEMENT (CONSOLE OR MODEM)
CONSOLE ACCESS
XAMPLE
E
The console port is located in the front panel of the OA-700. The co ns ole
parameters can be set with the commands given below.
Command (in CM) Description
[no] line console exec-timeout
<0-35791> [<0-60>]
line console baudrate
{115200|19200|2400|
38400|4800|57600|9600}
ALU(config)# line console exec-timeout 0
ALU(config)# line console exec-timeout 45 15
This command is used to configure the
timeout (in minutes or seconds) for
console session. The console CLI
session closes if it is idle for the specified
time.
The default timeout is 20 minutes.
A zero input specifies that the console
CLI should never exit when left idle.
This command is used to configure baud
rate.
Default baudrate is 9600.
44
ALU(config)# no line console exec-timeout
ALU(config)# line console baudrate 19200
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 67
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Management Plane Overview
MODEM ACCESS
The OA-700 can be managed using the modem port on its front panel.
Command (in SUM) Description
modem {enable|disable} This command is used to enable or
disable the modem port.
Use enable keyword to enable the
modem port on the front panel.
Use disable keyword to disable the
accessibility to the OA-700 system via
the modem.
Note: AAA services has to be enabled before accessing OA-700 via a modem. For more
information on this, refer to “AAA Configuration on OA-700” on page 56 section in this
chapter.
XAMPLE
E
ALU(config)# modem enable
ALU(config)# modem disable
Note: (For more information on connecting the system to the external network (console and
modem), refer to “Connecting the System to the Network” section in the OA-780/OA-
740 Hardware Users Guide).
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
45
Page 68
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
INBAND MANAGEMENT (SSH AND TELNET)
SSH (SECURE SHELL)
SSH is a program that enables logging into a remote machine, and provides
secure communication between two systems.
• Inbound SSH access to the system is disabled by default. It is mandatory to have
a user account configured for this. (See “AAA Configuration on OA-700” on
page 56)
.
• Outbound SSH access is allowed for the user once the user has been
authenticated. SSH access from the system is always enabled.
Command (in UM) Description
ssh {enable|disable} Use this command to enable/disable the
SSH service.
E
XAMPLE
ssh {<ip-address>|<hostname>}
<user-name> [version {1|2}]
ALU(config)# ssh enable
ALU(config)# ssh 172.25.19.1
WORD User name
ALU(config)# ssh 172.25.19.1 root
<cr>
ALU(config)# ssh 172.25.19.1 root
The authenticity of host '172.25.19.1(172.25.19.1)' can't be
established.
RSA key fingerprint is
b5:b8:c9:6b:0e:28:df:a8:b0:06:7a:23:7f:03:96:6b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.19.1' (RSA) to the list of
known hosts.
root@172.25.19.1's password:
Last login: Mon Dec 6 17:34:48 2004
[root@linux-sw root]# exit
logout
Connection to 172.25.19.1 closed.
Use this command to access a remote
computer by SSH.
46
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 69
TELNET
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Management Plane Overview
Telnet is a user command with an underlying TCP/IP protocol for accessing
remote computers. Telnet is a program that enables connection to foreign or
remote host computers.
Telnet is not secure like SSH, but Telnet is supported on almost all Operating
Systems.
• Inbound Telnet access to the system is disabled by default. It is mandatory to
have a user account configured for this. (See “AAA Configuration on OA-700” on
page 56)
.
• Outbound Telnet access is allowed for the user once the user has been
authenticated. Telnet access from the system is always enabled.
Command (in UM) Description
telnet {enable|disable} Use this command to enable/disable the
Te lnet servic e.
telnet {<ip-address>
|<hostname>}
E
XAMPLE
ALU(config)# telnet enable
ALU(config) telnet 10.91.0.1
Note: For more information on connecting the system to the internal network, refer to the
“Connecting the System to the Network” section in the OA-780 Hardware Users
Guide.
There is a limit on the number of non-console CLI sessions, using SSH, telnet, and
modem. For OA-780, the limit is four sessions and for OA-740, i t is two sessions. Th is
excludes the console session.
HTTP (H
YPER TEXT TRANSFER PROTOCOL)
HTTP is the primary protocol used for the transfer of files over the World Wide
Web. You can access the OA-700 using HTTP through a web browser after being
authenticated. By default, the access is disabled.
This command starts a telnet connection
to a remote computer.
http {enable|disable} Use this command to enable/disable the
E
XAMPLE
ALU(config)# http enable
CLI Configuration Guide
Beta Beta
Command (in UM) Description
HTTP service.
Alcatel-Lucent
47
Page 70
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
HTTPS (H
XAMPLE
E
O VIEW ACCESS SERVER STATUS
T
EXAMPLE
YPER TEXT TRANSFER PROTOCOL SECURE)
HTTPS, in addition to the normal HTTP uses SSL encryption for secure
transmission of files.
Command (in UM) Description
https {enable|disable} Use this command to enable/disable the
ALU(config)# https enable
Command (in UM) Description
show access-server status Use this command to see the list of
ALU(config)# show access-server status
http enable
https enable
ssh enable
HTTPS service.
inband-management services that are
currently enabled.
IDLE TIMEOUT
The idle timeout for SSH, Telnet and Modem CLI sessions can be set by using the
following command:
[no] line vty exec-timeout
<0-35791> [<0-60>]
EXAMPLE
ALU(config)# line vty exec-timeout 0
ALU(config)# line vty exec-timeout 45 15
ALU(config)# no line vty exec-timeout
48
Command (in CM) Description
This command is used to configure the
timeout (in minutes or seconds) for SSH,
Telnet, and Modem CLI sessions. These
sessions close if they are idle for the
specified time.
The default timeout is 20 minutes.
A zero input specifies that the SSH,
Telnet and Modem CLI sessions should
never exit when left idle.
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 71
PING
EXAMPLE
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Management Plane Overview
The ping command is used to check the connectivity to a specific host using the
IP address/host name of that host.
Command (in UM) Description
ping {<ip-address>|<hostname>} Use this command to check the
connectivity between the OA-700 and
any remote machine.
ALU> ping 192.168.10.121
Sending 5,64-byte ICMP Echos to 192.168.10.121,
timeout is 10 seconds
!!!!!
Success rate is 100 percent (5/5),
round-trip min/avg/max = 0.124/0.191/0.356 ms
E
XTENDED PING
When a normal ping command is sent from a OA-700, the source address of the
ping is the IP address of the interface that the packet uses to exit the router. If an
extended ping command is used, the source IP address can be changed to any IP
address on the OA-700. The extended ping is used to perform a more advanced
check of host reachability and network connectivity.
In order to use this feature, enter ‘ping’ and press Enter. You are prompted for the
fields as described below.
Field Description
Enter the packet size[64]: Specify the size (in bytes) of the ping
packets that is to be sent out.
The range being 44-18032.
Default is 64 bytes.
Enter the number of
packets[5]:
Enter the Target ip-address: IP address to which the ping packets
Number of ping packets (ICMP echo
requests) to be sent. Default is 5 packet s
and is the same as in normal ping.
have to be sent.
Enter the Source IP Address: Source IP address can be any IP
CLI Configuration Guide
Beta Beta
address on the OA-700.
If source IP address does not belong to
OA-700, an error "Source IP Address
does not belong to the box.Ping may not
be successful" is thrown but still ping
proceeds.
Alcatel-Lucent
49
Page 72
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
Enter the source interface: Interface through which the ping packet s
Enter the TOS value[0]: Specify the Type of Service (ToS) value
Enter the Time out value[2]: Specify the timeout interval in the range
Field Description
(ICMP echo requests) are to be sent out.
If none is entered, out interface is
chosen depending on the Target IP
address.
in the range 0-255. The requested ToS is
placed in each probe, but there is no
guarantee that all routers process the
ToS. It is the Internet service's quality
selection.
The default is 0.
1-3600.
The ping is declared successful only if
the ECHO REPLY packet is received
before this time interval.
Default is 2 seconds.
Set the df-bit value[n]: Specify whether or not the Don't
Fragment (DF) bit is to be set on the ping
packet.
If yes is specified, the Don't Fragment
option does not allow this packet to be
fragmented when it has to go through a
segment with a smaller maximum
transmission unit (MTU), and you will
receive an error message from the
device that wanted to fragment the
packet. This is useful for determining the
smallest MTU in the path to a
destination. The default is no.
Set the ttl value[64]: Specify the Time to live (ttl) value in the
range 1-255. The number of hops a
packet can have before it is discarded in
the network.
Each router reduces the ttl value by one
before forwarding it. It is a way of making
sure that the packets destined to nonexisting targets die out eventually.
Default is 64.
50
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 73
E
XAMPLE
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Management Plane Overview
Once the above fields are entered and ping is initiated, you will see the following
output:
!!!!! : Each exclamation point (!) denotes receipt of a reply. A
period (.) denotes that the network server has timed out while
waiting for a reply.
Success rate is 100 percent: Percentage of packets successfully
echoed back to the router. Anything less than 80 percent is
usually considered problematic.
round-trip min/avg/max = 2/4/5 ms: Round-trip travel time
intervals for the protocol echo packets, including minimum/
average/maximum (in milliseconds).
The following is an example of "extended ping" command:
ALU# ping
Enter the packet size[64]:100
Enter the number of packets[5] :7
Enter the Target ip-address:2.2.2.12
Enter the Source IP Address:
Enter the source interface:
Enter the TOS value[0]:
Enter the Time out value[2]:
Set the df-bit value[n]:
Set the ttl value[64]:
Press ^C to Stop..
Sending 7,92-byte ICMP Echos to 2.2.2.12,timeout is 2 seconds
!!!!!!!
Success rate is 100 percent (7/7),round-trip min/avg/max =
3.499/3.833/3.915 ms
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
51
Page 74
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
TRACEROUTE
The traceroute utility displays the route used by IP packets on their way to a
specified network/host, across a TCP/IP network. It displays the IP number and
host name of the machines along that route. It is used as a network debugging
tool. If there are network connectivity problems, it will show the origin of the
trouble along the route.
Traceroute is also a troubleshooting utility like ping, which gives you the
information about the exact hops taken by a packet to reach its destination.
Command (in UM) Description
traceroute {<ip-address>
|<hostname>}
EXAMPLE
ALU> traceroute 10.91.10.178
traceroute to (10.91.10.178), 30 hops max, 38 byte packets.
1 10.91.0.1 (10.91.0.1) 0.700 ms 0.703 ms 0.621 ms
2 10.91.10.178 (10.91.10.178) 0.951 ms 0.961 ms 0.960 ms
E
XTENDED TRACEROUTE
The extended traceroute command is a variation of the traceroute command. An
extended traceroute command can be used to see what path packets take in
order to get to a destination. The command can also be used to check routing at
the same time. This is helpful for troubleshooting routing loops, or to determine
where packets are getting lost. You can use the extended ping command in order
to determine the type of connectivity problem, and then use the extended
traceroute command in order to narro w do wn wh er e th e pr ob lem occurs.
A "time exceeded" error message indicates that an intermediate communication
server has seen and discarded the packet. A "destination unreachable" error
message indicates that the destination node has received the probe and
discarded it because it could not deliver the packet. If the timer goes off before a
response comes in, trace prints an asterisk(*). The command terminates when
any of these happens:
• the destination responds
• the maximum TTL is exceeded
• the user interrupts the trace with the escape sequence.
This command displays the route taken
by IP packets.
52
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 75
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Management Plane Overview
The following table lists the traceroute command field descriptions:
Field Description
Enter the Target IP address: Enter an IP address. There is no default.
Enter the Source IP Address: The interface or IP address of the OA-
700 to be used as a source address for
the probes. If source IP address is not
specified, the router normally picks the
IP address of the outbound interface to
use.
Enter the source interface: Specify the outbound interface to send
the trace packets through. Is useful
when there are two routes for a
destination. Trace packets will have the
interface's IP address as source IP
address.
Enter the Datagram Size[38]: Specify the ICMP p ayload size (in bytes)
in the range 36-18024.
Default size is 38 bytes.
Enter the Timeout value[2]: Enter the number of seconds to wait for
a response to a probe the packet.
The range being 1-3600 (in seconds).
The default is 2 seconds.
Enter the Probecount[3]: Enter the number of probes to be sent at
each TTL level in the range 1-10.
The default count is 3.
Enter the Minimum TTL[1]: The TTL value for the first probe in the
range 1-255.
The default is 1, but it can be set to a
higher value to suppress the display of
known hops.
Enter the Max TTL[30]: The largest TTL value that can be used
in the range 1-255. The traceroute
command terminates when the
destination is reached or when this value
is reached.
The default is 30.
The maximum TTL value should be
greater than the minimum TTL value.
Enter the Destination
Port[33434]:
CLI Configuration Guide
Beta Beta
The destination port to be used by the
UDP probe messages. Port number to
be between 1-65535.
The default is 33434.
Alcatel-Lucent
53
Page 76
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
Enter the TOS value[0]: Specify the Type of Service (ToS) value
Set the df-bit value[n]: Specify whether or not the Don't
Field Description
in the range 0-255.
The requested ToS is placed in each
probe, but there is no guarantee that all
routers process the ToS. It is the Internet
service's quality selection.
The default is 0.
Fragment (DF) bit is to be set on the ping
packet.
If yes is specified, the Don't Fragment
option does not allow this packet to be
fragmented when it has to go through a
segment with a smaller maximum
transmission unit (MTU), and you will
receive an error message from the
device that wanted to fragment the
packet. This is useful for determining the
smallest MTU in the path to a
destination. The default is no.
E
XAMPLE
ALU(config)# traceroute
Enter the Target IP address:2.2.2.12
Enter the Source IP Address:
Enter the source interface:
Enter the Datagram Size[38]:
Enter the Timeout value[2]:
Enter the Probecount[3]:
Enter the Minimum TTL[1]:
Enter the Max TTL[30]:
Enter the Destination Port[33434]:
Enter the TOS value[0x0]:
Set the df-bit value[n]:
traceroute to 2.2.2.12 (2.2.2.12), 30 hops max, 38 byte
packets.
1 2.2.2.12 (2.2.2.12) 3.151 ms * 2.2.2.12 (2.2.2.12)
4.089 ms
54
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 77
TERMINAL SETTINGS
Command (in CM) Description
terminal length <0-512> Sets the terminal length for the session.
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Terminal Settings
terminal monitor [priority <07>]
EXAMPLE
ALU(config)# terminal length 10
ALU(config)# terminal monitor
SYSTEM NAME
By default, the System name is “ALU”. To give the system a more informative
name, use the ‘hostname’ command. The host na me shows up in the CLI prompt.
hostname <name> To configure the system name.
This command is used to display the log
messages of specified and lower
(numerically higher) priorities in the
terminal window. This terminal could be
launched through SSH or Telnet.
Command (in CM) Description
EXAMPLE
ALU(config)# hostname ALU
CLI Configuration Guide
Alcatel-Lucent
55
Beta Beta
Page 78
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
AAA CONFIGURATION ON OA-700
The OA-700 is targeted at the edge of enterprises that have a good deal of
valuable data in their networks.
It is important to ensure that the customer has knowledge and control over the
following: Who can access, manage or use the system? What these users are
allowed to do to the system, or through the system? What was done to the system
by these users? Where the above information is stored or retrieved from?
AAA (Authentication, Authorization, and Accounting) is a system in IP-based
networking to control the resources that users have access to and to keep track of
the user activity over a network.
• Authentication is the process of identifying an individual, usually based on a user
name and password. Authentication is based on the idea tha t each individual user
will have some unique information, that sets the user apart from others.
• Authorization is the process of granting or deny in g a us er acce ss to netw or k
resources once the user has been authenticated. The amount of information and
the type of services the user has access to depends on the user's authorization
level.
• Accounting is the process of keeping track of a user's activity while accessin g the
network resources including the amount of time spent in the network, the services
accessed and the amount of data transfe rred during the session. Accou nting dat a
is used for trend analysis, capacity planning, billing, auditing, and cost allocation.
AAA services often require a server that is dedicated to providing these three
services. RADIUS, DIAMETER, TACACS, and TACACS+ are some often used
AAA protocols.
TO ENABLE AAA SERVICES
Command (in CM) Description
aaa services This command is used to enable the
no aaa services This command is used to disable the
EXAMPLE
ALU(config)# aaa services
ALU(config)# no aaa services
AAA services.
AAA services.
56
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 79
AUTHENTICATION COMMANDS
Authentication is the process of validating the user, on the basis of some
differentiating private informat ion. It verifies that the user is who the user claims to
be.
There are various authentication methods that are supported:
• Local Authentication
• RADIUS Server Group
• TACACS+ Server Group
OCAL AUTHENTICATION METHOD
L
TO CONFIGURE USER ACCOUNT
Command (in CM) Description
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
AAA Configuration on OA-700
username <user-name> {password
[5] <password>
|nopassword|secret [5]
<password>}
no username <user-name> The ‘no’ command deletes the
EXAMPLE
ALU(config)# username ALU1 password pass1
ALU(config)# username ALU1 nopassword
ALU(config)# username ALU1 secret pass2
This command is used to create a new
user account and user password. The
User-accounts configured using this
command will form a part of the local
database.
5: If this keyword is used, then enter
the password in an encrypted format.
nopassword: This indicates that no
password is required for this user to log
in.
secret: Stores the user password in an
encrypted format.
specified user account.
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
57
Page 80
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
RADIUS S
ERVER GROUP CONFIGURATION
A RADIUS server group is a list of radius servers, which can be used as an
authentication method in a method-list. The servers are approached in the order
they are specified for authentication information.
T
O CONFIGURE A RADIUS SERVER GROUP
Command (in CM) Description
aaa server-group radius
<name>
no aaa server-group radius
<name>
This command is used to configure a
RADIUS server group.
Note: You cannot enter a RADIUS
server group as ‘local’ as it is a
reserved keyword for a predefined authentication method.
This command enters the RADIUS ServerGroup mode.
This command deletes the specified RADIUS
server group.
You cannot delete a RADIUS server group if
it is associated to any method list.
EXAMPLE
ALU(config)# aaa server-group radius rad1
ALU(config-srv-grp-rad1)#
The following error is displayed if you try to configure a RADIUS server group with
the name ‘local’:
ALU(config)# aaa server-group radius local
The name of the Group is reserved
ALU(config)# no aaa server-group radius rad1
58
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 81
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
TO ADD A RADIUS SERVER TO THE RADIUS SERVER GROUP
AAA Configuration on OA-700
Command (in RADIUS Server
Group CM)
radius-server <ip-address>
[{auth-port <1-6000>
|deadtime <1-1440>|key {5
[string]|<string>}|retrans
mit <1-100>|timeout <1-
1000>}]
no radius-server <ipaddress>
XAMPLE
E
ALU(config-srv-grp-rad1)# radius-server 1.1.1.1
ALU(config-srv-grp-rad1)# no radius-server 1.1.1.1
T
O CONFIGURE RADIUS SERVER GROUP GLOBAL OPTIONS
Note: In the Configuration mode, you can configure RADIUS server global options like
timeout, key, and authentication port. You can also configure these values on a per
server basis. Per-server values should be entered in the RADIUS Server Group
Configuration Mode.
This command is used to add the RADIUS
server of the specified IP address into
RADIUS server group.
You can also specify the server specific
parameters like auth-port port-number, dead
time, key string, etc.
This command removes the RADIUS Server
from the server group.
Description
The per-server parameters override the global ones, in case both are configured.
Default global values for these parameters exist that will come into effect if neither perserver nor global values are configured explicitly.
The following are the RADIUS server options:
• Authentication Port (auth-port): This is the destination port on which the RADIUS
server is listening.
• Deadtime: The time (in minutes) that should elapse , before you again try to
connect to a non-responding server.
• Key: This is the encryption key between the OA-700 and the RADIUS server.
• Timeout: This determines the number of seconds that the OA-700 should wait for
a reply from the RADIUS server before retrying.
• Retransmit: The number of retries after each “timeout” interval, before giving up
on the server.
CLI Configuration Guide
Alcatel-Lucent
59
Beta Beta
Page 82
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
Command (in CM) Description
[no] radius-server authport <1-6000>
[no] radius-server deadtime
<1-1440>
[no] radius-server key {5
[<string>]|<string>}
This command is used to specify a global
authentication port that will be applied to all
the RADIUS Server Groups (provided there is
no server specific port configured).
The default authentication port is 1812.
The ‘no’ command deletes the global
RADIUS auth-port from the configuration,
and resets it to default (for all servers that do
not have a server specific port).
This command is used to specify a global
deadtime value that will be applied to all the
RADIUS Server Groups (provided there is n o
server specific deadtime configured.)
The default deadtime value is 5 minutes.
The ‘no’ command deletes the global
RADIUS deadtime value from the
configuration, and resets it to default (for all
servers that do not have a server specific
deadtime value).
This command is used to specify a global key
that will be applied to all the RADIUS Groups
(provided there is no server specific key
configured).
If ‘5’ option is used, then enter the key string
in an encrypted format.
The default key is “” (empty string).
The ‘no’ command deletes the global
RADIUS key from the configuration, and
resets it to default (for all servers that do not
have a server specific key).
60
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 83
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
AAA Configuration on OA-700
Command (in CM) Description
[no] radius-server
retransmit <1-100>
[no] radius-server timeout
<1-1000>
EXAMPLE
ALU(config)# radius-server auth-port 1800
This command is used to specify a global
retransmit value that will be applied to all the
RADIUS Groups (provided there is no server
specific retrasmit value configured).
The default retrasmit value is 3.
The ‘no’ command deletes the global
RADIUS retrasmit value from the
configuration, and resets it to default (for all
servers that do not have a server specific
retrasmit value).
This command is used to specify a global
timeout value that will be applied to all the
RADIUS Groups (provided there is no server
specific timeout value configured).
The default timeout value is 5 seconds.
The ‘no’ command deletes the global
RADIUS timeout value from the
configuration, and resets it to default (for all
servers that do not have a server specific
timeout value).
ALU(config)# radius-server deadtime 10
ALU(config)# radius-server key test
ALU(config)# radius-server retransmit 5
ALU(config)# radius-server timeout 10
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
61
Page 84
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
TACACS+ S
ERVER GROUP CONFIGURATION
A TACACS+ server group is a list of TACACS+ servers, which can be used as an
authentication method in a method-list. The servers are approached in the order
they are specified for authentication information.
T
O CONFIGURE A TACACS+ SERVER GROUP
Command (in CM) Description
aaa server-group tacacs
<name>
no aaa server-group tacacs
<name>
This command is used to configure a
TACACS+ server group.
Note: You cannot enter a TACACS+
server group as ‘local’ as it is a
reserved keyword for a predefined authentication method.
This command enters the TACACS+ ServerGroup mode.
This command deletes the specified
TACACS+ server group.
You cannot delete a TACACS+ server group
if it is associated to any method list.
EXAMPLE
ALU(config)# aaa server-group tacacs tac1
ALU(config-srv-grp-tac1)#
The following error is displayed if you try to configure a TACACS+ server group
with the name ‘local’’:
ALU(config)# aaa server-group tacacs local
The Name of the Group is reserved
ALU(config)# no aaa server-group tacacs tac1
62
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 85
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
AAA Configuration on OA-700
TO ADD A TACACS+ SERVER TO THE TACACS+ SERVER GROUP
Command (in TACACS+ Server
Group CM)
tacacs-server <ip-address>
[{auth-port < 1-1000>|key { 5
[<string>]|<string>}
|timeout <1-1000>}]
no tacacs-server <ipaddress>
EXAMPLE
ALU(config-srv-grp-tac1)# tacacs-server 1.1.1.2
ALU(config-srv-grp-tac1)# no tacacs-server 1.1.1.2
T
O CONFIGURE TACACS+ SERVER GROUP GLOBAL OPTIONS
Note: In the Configuration Mode, you can configure TA CACS+ server global options like
timeout, key, and authentication port. You can also configure these values on a per
server basis. Per-server values should be entered in the TACACS+ Server Group
Configuration Mode.
This command is used to add the TACACS+
server of the specified IP address into the
TACACS+ server group.
You can also specify the server specific
parameters like auth-port port-number, timeout, and key string.
This command removes a TACACS+ Server
from the server group.
Description
The per-server parameters override the global ones, in case both are configured.
Default global values for these parameters exist that will come into effect if neither perserver nor global values are configured explicitly.
The following are the TACACS+ server options:
• Authentication Port (auth-port): This is the destination port on which TACACS+
server is listening.
• Key: This is the encryption key between the OA-700 and the TACACS+ server.
• Timeout: This determines the number of seconds that the OA-700 should wait for
a reply from the TACACS+ server before retrying.
CLI Configuration Guide
Alcatel-Lucent
63
Beta Beta
Page 86
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
Command (in CM) Description
[no] tacacs-server authport <1-1000>
[no] tacacs-server key {5
[<string>]|<string>}
[no] tacacs-server timeout
<1-1000>
This command is used to specify a global
authentication port that will be applied to all
the TACACS+ Server Groups (provided there
is no server specific port configured).
The default authentication port is 49.
The ‘no’ command deletes the global
TACACS+ auth-port from the configuration,
and resets it to default (for all servers that do
not have a server specific port).
This command is used to specify a global key
that will be applied to all the TACACS+
Groups (provided there is no server specific
key configured).
If ‘5’ option is used, then enter the key string
in an encrypted format.
The default key is “” (empty string).
The ‘no’ command deletes the global
TACACS+ key from the configuration, and
resets it to default (for all servers that do not
have a server specific key).
This command is used to specify a global
timeout value that will be applied to all the
TACACS+ Groups (provided there is no
server specific timeout value configured).
The default timeout value is 5 seconds.
The ‘no’ command deletes the global
TACACS timeout value from the
configuration, and resets it to default (for all
servers that do not have a server specific
timeout value).
64
E
XAMPLE
ALU(config)# tacacs-server auth-port 100
ALU(config)# tacacs-server key test1
ALU(config)# tacacs-server timeout 10
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 87
ENABLE AUTHENTICATION
An extra layer of security is provided by enable-authentication. If configured, it
enquires the user for a password, before granting entry into Super User Mode
through CLI. If enable authentication is not configured, a user gaining CLI access
through console is granted access into Super User Mode without being asked for
any password. However, users logging in through remote CLI sessions (SSH,
telnet and modem) are not allowed privileged access without enable
authentication configuration. If an authentication method requiring user-name
(RADIUS and TACACS+ server-groups), is associated with enable-authentication,
then a default user name of $enab15$ is used.
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
AAA Configuration on OA-700
Command (in CM) Description
enable {secret|password} [5]
<password>
no enable-authentication The ‘no’ command deletes the existing
Sets the password to grant access to
the privileged mode.
secret: The password is stored in an
encrypted format.
“5” specifies that the password is
already given in an encrypted format.
Note: The password cannot
contain '!' character, since
it marks the beginning of a
comment.
enable-password configuration,
thereby disabling enableauthentication.
Note: As a result, console clients
will be granted access to
the enable-mode without
being prompted the
password.
E
XAMPLE
ALU(config)# enable secret test
Secret for level 15 is set
CLI Configuration Guide
Beta Beta
Remote clients will be
denied access with the
message 'No password
Set'.
This is the default
behavior.
Alcatel-Lucent
65
Page 88
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
ETHOD-LIST CONFIGURATION
M
A method-list is a list of authentication methods. It specifies the sequence of
authentication methods to be approached for authentication. The methods are
queried in the order in which they are specified.
Possible authentication methods include a pre-defined RADIUS server group,
TACACS+ server group, and local authentication.
A method-list needs to be associated with a particular type of client. Whenever a
user tries to login through that type of client, the list is traversed in the order in
which the methods are specified. That is to say, the first method is queried first.
Now if the first method authenticates the user, the user is allowed access. If it
says that the user is not authenticated, then the user is denied access. But, if
there is an error in the query, then the second method in the list is approached
and similar steps are repeated, until the end of the list is reached. If there are
errors in queries to all the methods, then the user is denied access.
T
O CONFIGURE A METHOD-LIST
Command (in CM) Description
aaa method-list <name>
<methods>...
no aaa method-list <name> This command deletes the specified method-
EXAMPLE
ALU(config)# aaa method-list m1 rad1 tac1 local
The following example shows that you cannot configure a method-list with an
invalid method:
ALU(config)# aaa method-list m1 tac2
One of the Specified Groups doesn't have any server in it
ALU(config)# no aaa method-list m1
This command is used to configure a
method-list.
A method list can be successfully configured
only if the lists do not contain any invalid
method like – empty radius/TACACS+
groups, etc.
list.
You cannot delete a method list if it is
associated to any client-type.
66
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 89
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
AAA Configuration on OA-700
ASSOCIATING METHOD-LIST WITH A CLIENT-TYPE
The different client-types to which clients can belong are:
• Console
• Remote-Login
• Web (HTTP)
• dot1X (802.1X)
• Enable
Note: The Client Type 'Remote-Login' is a reference to SSH and TELNET clients.
'Enable' is the type associated with clients seeking access into Super User Mode
(SUM).
You can associate only one method-list to a client-type.
Command (in CM) Description
[no] aaa authentication
console <method-list-name>
[no] aaa authentication
dot1x <method-list-name>
[no] aaa authentication
enable <method-list-name>
This command associates an already
configured method-list with the dot1X clienttype.
The ‘no’ command removes the associated
method-list from the console client-type.
This command associates an already
configured method-list with dot.1X clienttype.
Note: The method-list to be associated
with dot1x clients should contai n
only RADIUS server groups as
its methods.
The ‘no’ command removes the associated
method-list from the 802.1x client-type.
This command associates an already
configured method-list with clients seeking
access to Super User Mode.
The 'no' command removes the associated
method list from the enable client-type.
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
67
Page 90
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
AAA Configuration on OA-700
Command (in CM) Description
[no] aaa authentication
remotelogin <method-list-
name>
[no] aaa authentication web
<method-list-name>
EXAMPLE
ALU(config)# aaa authentication console m1
ALU(config)# aaa authentication dot1x m2
ALU(config)# aaa authentication enable m1
This command associates an already
configured method-list with remote login
client-type.
Note: The client-type 'Remote-Login' is
a reference to SSH and TELNET
clients.
The ‘no’ command removes the associated
method list from the remote login client-type.
This command associates an already
configured method-list with the web clienttype (HTTP clients).
The ‘no’ command removes the associated
method-list from the web client-type.
ALU(config)# aaa authentication remotelogin m1
ALU(config)# aaa authentication web m1
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
68
Page 91
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
AAA S
E
XAMPLE
69
PECIAL USERS
The system will always contain a default user called ‘’superadmin”. You will be
asked to configure the password for superadmin, when the OA System boots up
for the first time, or when there is no start-up configuration, in the following wa y:
Enter the new password for the superadmin:
Retype the new paasword:
Superadmin password updated...
In case of accidental loss of superadmin's password, you will be able to reset (but
not recover,) the password as long as you have the physical access to the device
over the console. For this purpose, there is a special user defined in the system
called "recovery". This user login is valid only over the console. The default (non
editable) password for this login would be the chassis ID, which is displayed as
part of chassis information, both in CLI and Device Manager. The serial-number of
the back panel is considered to be the chassis ID. It could be obtained through
"show chassis" in this way:
ALU(config)# show chassis
Physical inventory at Tue Oct 30 06:33:47 2007
System started approximately Tue Oct 30 06:30:26 2007
Uptime is 0 days 0 hours 4 minutes 20 seconds
L2 - 8-port copper GigE (active)
Slot number: 0
Part number: 902603-90
Manufacturer: ALU
Description: 8-port copper GigE
Serial number: DD0512560340
Version: 00
Revision: 01
Deviation: 0000
Loader version: 2.27
ALU-OS version: 2.2.52
MDC
Serial number: WL0534000127
Deviation: 0001
Revision: A1
Version: 01
SE - Service engine (active)
Slot number: 3
Part number: 902601-90
Manufacturer: ALU
Description: Service engine
Serial number: DD0538002048
Version: 01
Revision: 04
Deviation: 0001
CPU Version: 1 (Low Power Opteron)
Opteron CPU Version: 1
Opteron CPU Frequency: 2193 MHz
Loader version: 2.30
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 92
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
ALU-OS version: 2.2.64
MDC
Serial number: WL0529000008
Deviation: 0002
Revision: 05
Version: 01
PB - Power tray (passive)
Slot number: 22
Part number: 902612-90
Manufacturer: ALU
Description: Power tray
Serial number: DD0536004050
Version: 00
Revision: 01
Deviation: 0000
SC - Switch card (active)
Slot number: 24
Part number: 902613-90
Manufacturer: ALU
Description: Switch card
Serial number: DD0536054350
Version: 00
Revision: 54
Deviation: aaaa
LoL firmware version: 2.2.56
Loader version: 2.29
ALU-OS version: 2.2.52
FP - Fan tray (passive)
Slot number: 26
Part number: 902614-90
Manufacturer: ALU
Description: Fan tray
Serial number: DD0545027001
Version: 00
Revision: 01
Deviation: 0000
BP - ALU OA780 chassis (passive)
Slot number: 29
Part number: 902611-90
Manufacturer: ALU
Description: ALU OA780 chassis
Serial number: DD0546005005
Version: 00
Revision: 01
Deviation: 0000
Base MAC: 00:11:8b:00:72:00
AAA Configuration on OA-700
You are expected to either remember the chassis ID (the one in bold font in th e
Show Chassis output given above) or should have access to the shipment
details. When you login with this user ID, the only allowed operati on is to reset the
superadmin password and exit from the CLI. You can then login using the newly
configured superadmin password.
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
70
Page 93
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
AAA M
ISCELLANEOUS COMMANDS
Command (in CM) Description
[no] aaa authentication
banner <delimiter><multi-
lined string><delimiter>
[no] aaa authentication
success-message
<delimiter><multi-lined
string> <delimiter>
This command is used to enter a descriptive
message to be displayed before the user is
asked for user-name and password
credentials.
Enter a delimiting character to start the
message. This character should not appear
in the message to be displayed. Enter the
message and end it with the delimiting
character used. (You can enter a multi-lined
descriptive message).
This command is used to enter a descriptive
message to be displayed after a successfully
authenticated login.
Enter a delimiting character to start the
message. This character should not appear
in the message to be displayed. Enter the
message and end it with the delimiting
character used. (You can enter a multi-lined
descriptive message).
[no] aaa authentication
fail-message <delimiter><
multi-lined string>
<delimiter>
[no] aaa authentication
username-prompt <prompt-
text>
[no] aaa authentication
password-prompt <prompt-
text>
This command is used to enter a descriptive
message to be displayed after a failed login
attempt.
Enter a delimiting character to start the
message. This character should not appear
in the message to be displayed. Enter the
message and end it with the delimiting
character used. (You can enter a multi-lined
descriptive message).
This command is used to customize the text,
which is displayed to request the user trying
to log in, to enter his user name. The default
user name-prompt is "Username:".
The 'no' command brings the default back
into effect.
This command is used to customize the text,
which is displayed to request the user trying
to log in, to enter his password. The default
password-prompt is "Password:".
The 'no' command brings the default back
into effect.
71
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 94
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
AAA Configuration on OA-700
EXAMPLE
ALU(config)# aaa authentication banner @Only authorized access
permitted.@
ALU(config)# aaa authentication success-message $Login attempt
successfull.$
ALU(config)# aaa authentication fail-message $Login failed!$
ALU(config)# aaa authentication username-prompt u1
ALU(config)# aaa authentication password-prompt p1
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
72
Page 95
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
SHOW COMMANDS
AUTHENTICATION SHOW COMMANDS
TO VIEW LOCAL USERS DETAILS
Command (in SUM/CM) Description
show aaa-local-usersdetails
EXAMPLE
ALU(config)# show aaa-local-users-details
username recovery password 5 790649743532a8280244f482f6199744
username superadmin password 5 d41d8cd98f00b204e9800998ecf8427e
T
O VIEW CONFIGURED METHOD LISTS
Command (in SUM/CM) Description
show aaa-methodlists This command displays all the configured
EXAMPLE
ALU(config)# show aaa-methodlists
aaa method-list m1 rad1 tac1 local
aaa method-list m2 tac1
This command displays the details of all the
locally configured users on the system.
method-lists on the system.
73
T
O VIEW METHOD-LISTS ASSOCIATED WITH THE CLIENT-TYPE
Command (in SUM/CM) Description
show aaa-client-methodlistassociations
EXAMPLE
ALU(config)# show aaa-client-methodlist-associations
aaa authentication remotelogin m2
aaa authentication web m1
Alcatel-Lucent
This command displays the associations
between client types and method-lists.
CLI Configuration Guide
Beta Beta
Page 96
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
AAA Configuration on OA-700
TO VIEW RADIUS SERVER GROUP CONFIGURATION
Command (in SUM/CM) Description
show aaa-radius This command shows the details of th e
RADIUS Server Groups configured.
EXAMPLE
ALU(config)# show aaa-radius
!
aaa server-group radius rad1
radius-server 1.1.1.1
!
!
aaa server-group radius rad3
radius-server 1.1.1.1 auth-port 300
!
T
O VIEW TACACS+ SERVER GROUP CONFIGURATION
Command (in SUM/CM) Description
show aaa-tacacs This command shows the details of all the
TACACS+ Server Groups configured.
EXAMPLE
ALU(config)# show aaa-tacacs
!
aaa server-group tacacs tac1
tacacs-server 12.34.42.2
tacacs-server 23.4.2.232 auth-port 2050 key some
!
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
74
Page 97
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
SETTING AND DISPLAYING THE SYSTEM TIME AND DATE
The clock set command sets the RTC ( Real Time Clock) as well as the system’s
operational time and date. The RTC is set to the correct value during
manufacturing, and it can be manually set very rarely. The clock’s value is always
set and maintained as UTC (Universal Time Coordinated) and therefore valid
anywhere in the world.
The show clock command will display the setting of the RTC, the system clock
and how the system clock is being synchronized with an external, trusted time
source.
The RTC is battery powered only when the chassis is powered down, it will
maintain time with reasonable accuracy even if the chassis is powered down.
Typically, the RTC is only read during power up in order to initialize the system
clock. However, it may be used as a trusted time source and read periodically to
adjust the system time.
The system time is the time coordinated among the various processors in the
chassis. It is this time that may be synchronized with an external source.
However, if the system is configured to coordinate its system time with a trusted
external source (e.g., NTP), the system time and the RTC may not match. The
system time and the RTC can be set to the same time by either setting the clock
(see clock set description) or by reloading the system.
Note: The failure of the RTC to maintain the correct time after a power cycle may be a
symptom of a discharged battery. The internal battery is not a field serviceable.
Contact Services & Support for chassis replacement instructions.
75
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 98
CLOCK SET
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Setting and Displaying the System Time and Date
The following commands are used to set the system clock and to view the system
clock:
Command (in SUM) Description
EXAMPLE
clock set <hh:mm:ss> <mm/
dd/yyyy>
show clock This command displays the system’s
ALU# clock set 17:59:20 09/25/2007
The system clock is changed.
Current setting is Tue Sep 25 17:59:20 2007
ALU# show clock
RTC set to Tue Sep 25 18:00:06 2007
System time is Tue Sep 25 18:00:06 2007
Not synchronized with external source
This command allows you to set the RTC as
well as the system’s clock - date and time.
The time must be specified as GMT.
The year range is between 2000 - 2036.
operational date and time.
CLI Configuration Guide
Beta Beta
Alcatel-Lucent
76
Page 99
Left running head:
Chapter name (automatic)
System Configuration and Monitoring
CLOCK SYNCHRONIZE
The clock synchronize command establishes how, from where, and how often the
chassis should synchronize its time with an external source.
There are three elements to the specification:
• Protocol
This is the protocol to be used. Most common is the NTP protocol. Another
option is the more basic rdate. It is desirable to synchronize the system time
from the RTC.
• Server
The address of the server that is used as the external time source. This is
valid only for NTP and RDATE protocols.
• Rate
The rate at which the synchronization should be performed. Typically, the
settings are in the multi-hour range. The default value for the rate is every 12
hours.
EXAMPLE
Command (in SUM) Description
clock synchronize [{using
{ntp|rdate|rtc}] [server
<name>] [every <number>
{hours|minutes}]
Note:
1. Server name is mandatory for ntp and rdate protocols.
2. The parameter “number” depicts the number of minutes or hours between
updates.
3. The server name can be specified either in dotted numeric or domain name
format.
ALU(config)# clock synchronize using ntp server 10.91.2.87
every 2 hours
This command has no output. To verify the settings, use the ‘show clock’
command described in this section.
This command establishes how the
chassis should synchronize its time with
an external source.
77
Alcatel-Lucent
CLI Configuration Guide
Beta Beta
Page 100
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
SYSTEM LOGGING AND DEBUGGING
The OA-700 can be configured for logging , based on seve rity of the message and
module. The severity of the log messages are indicated by the priority, which
varies from 0-7. Lower the numerical value of priority, higher is the criticality of the
message.
0 - emergency
1 - alert
2 - critical
3 - errors
4 - warnings
5 - notifications
6 - informational
7 - debugging
System Logging and Debugging
The logging information can further be directed to the logging buffer, console,
terminal, or remote Syslog server. By default, logging to the console and buffer
logging is “ON”.
Command (in CM) Description
[no] logging on This command is used to enable logging
of messages.
By default, logging of messages is
enabled.
The ‘no’ command disables logging.
[no] logging buffered
[priority <0-7>|size <4-
16384>]
[no] logging remote <ip-
address> [port <0-65535>
priority <0-7>]
This command is used to store the log
information in the memory buffer. If a
priority value is given, messages of that
priority and higher (numerically lower)
will be buffered. Size denotes the buffer
size in kilobytes and can vary from 4 16384 kilobytes.
This command is used to configure an
external server to store log messages.
The default port is 514 and default
priority level is 7.
[no] logging console priority
<0-7>
[no] logging system This command is used to log all the
CLI Configuration Guide
Beta Beta
This command is used to display the log
messages of the specified priority and
higher on the console.
Kernel messages.
By default, messages with a priority of 5
and lower will be logged.
Alcatel-Lucent
78
Loading...