Cisco SCE 2000 and SCE 1000 Software
Configuration Guide
Release 3.5.5
June 15, 2009
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-7827-12
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCSI, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect
Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are
service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without
Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study,
IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar,
PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath,
WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0903R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
© 2009 Cisco Systems, Inc. All rights reserved.
, Cisco Stackpower, Cisco StadiumVision,
CONTENTS
About this Guide xxxi
Introduction 3-xxxi
Document Revision History xxxi
Organization xxxiv
Related Publications xxxvi
Conventions xxxvii
Obtaining Documentation and Submitting a Service Request xxxviii
CHAPTER
CHAPTER
1 Cisco Service Control Overview 1-1
Introduction 1-1
Cisco Service Control Solution 1-1
Service Control for Broadband Service Providers 1-2
Cisco Service Control Capabilities 1-2
SCE Platform Description 1-3
Management and Collection 1-4
Network Management 1-5
Subscriber Management 1-5
Service Configuration Management 1-6
Data Collection 1-6
2 Command Line Interface 2-1
Introduction 2-1
Authorization and Command Levels (Hierarchy) 2-2
CLI Authorization Levels 2-2
CLI Command Mode Hierarchy 2-3
Prompt Indications 2-6
Navigating Between Authorization Levels and Command Modes 2-7
Configuring the Physical Ports 2-9
CLI Help Features 2-9
Partial Help 2-9
Argument Help 2-10
Navigational and Shortcut Features 2-11
Command History 2-11
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
i
Contents
Keyboard Shortcuts 2-12
Auto-Completion 2-13
FTP User Name and Password 2-13
The "do" Command: Executing Commands Without Exiting 2-14
Managing Command Output 2-14
Scrolling the Screen Display 2-15
Filtering Command Output 2-15
Redirecting Command Output to a File 2-15
Creating a CLI Script 2-16
CHAPTER
3 Operations 3-1
Introduction 3-1
Managing Configurations 3-1
Viewing Configurations 3-2
Viewing Configurations: Example 3-3
Removing the Configuration 3-3
Saving the Configuration Settings 3-4
Saving the Configuration Settings: Example 3-4
Restoring a Previous Configuration 3-5
Restoring a Previous Configuration: Example 3-6
Backing Up Configuration Files 3-6
Options 3-6
How to Create a Backup Configuration File 3-7
How to Upload a Backup Configuration File 3-7
Upgrading the SCE Platform Firmware 3-7
Upgrading SCE Platform Firmware: Example 3-8
Downgrading the SCE Platform to a Previous Version 3-8
Managing Application Files 3-9
Configuring Applications 3-9
Managing Application Files 3-9
How to Display Information about an Application File 3-10
How to Install an Application 3-10
How to Uninstall an Application 3-10
How to Upgrade an Application 3-11
How to Undo an Upgrade of an Application 3-11
How to Display the Last pqi File that was Installed 3-11
Monitoring the Operational Status of the SCE Platform 3-12
How to Display the Current Operational Status of the SCE Platform 3-13
Displaying the Current Operational Status of the SCE Platform: Example 3-13
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
ii
OL-7827-12
Displaying the SCE Platform Version Information 3-13
Displaying the SCE Platform Version Information: Example 3-13
Displaying the SCE Platform Inventory 3-14
Displaying the SCE Platform Inventory: Example 3-14
Displaying the System Uptime 3-15
Displaying the System Uptime: Example 3-15
Rebooting and Shutting Down the SCE Platform 3-15
Rebooting the SCE Platform 3-15
Rebooting the SCE Platform: Example 3-15
Shutting Down the SCE Platform 3-16
Shutting Down the SCE Platform: Examples 3-16
Contents
CHAPTER
4 Utilities 4-1
Introduction 4-1
The Setup Command 4-1
Setup Command Parameters 4-1
Entering the Setup Command 4-4
Defining Lists in the Setup Utility 4-4
Working with SCE Platform Files 4-5
Working with Directories 4-5
Working with Files 4-7
Multiple entry parameters (Lists) 4-4
How to Create a Directory 4-5
How to Delete a Directory 4-6
How to Change Directories 4-6
How to Display your Working Directory 4-6
How to List the Files in a Directory 4-6
How to Rename a File 4-7
How to Delete a File 4-7
Copying Files 4-8
How to Display File Contents 4-8
How to Unzip a File 4-9
The User Log 4-9
The Logging System 4-9
Copying the User Log 4-9
Enabling and Disabling the User Log 4-10
Viewing the User Log Counters 4-10
Viewing the User Log 4-11
Clearing the User Log 4-11
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
iii
Contents
Generating a File for Technical Support 4-11
Generating a File for Technical Support: Example 4-11
Flow Capture 4-12
Limitations 4-12
The Flow Capture Process 4-12
Configuring a Flow Capture Traffic Rule 4-13
Configuring the Flow Capture Settings 4-13
Performing the Flow Capture 4-14
Monitoring the Flow Capture 4-15
CHAPTER
5 Configuring the Management Interface and Security 5-1
Introduction 5-1
About Management Interface and Security 5-2
Configuring the Management Ports 5-2
Entering Management Interface Configuration Mode 5-3
Configuring the Management Port Physical Parameters 5-3
Setting the IP Address and Subnet Mask of the Management Interface 5-4
Options 5-4
Setting the IP Address and Subnet Mask of the Management Interface: Example 5-4
Configuring the Management Interface Speed and Duplex Parameters 5-5
Interface State Relationship to Speed and Duplex 5-5
How to Configure the Speed of the Management Interface 5-5
How to Configure the Duplex Operation of the Management Interface 5-6
Specifying the Active Management Port 5-6
Options 5-7
Specifying the Active Management Port: Example 5-7
Configuring Management Interface Redundancy 5-7
About Management Port Redundancy 5-7
How to Configure the Management Ports for Redundancy 5-8
Configuring the Fail-Over Mode 5-8
Options 5-8
How to Enable Automatic Fail-Over Mode 5-8
How to Disable Automatic Fail-Over Mode 5-9
Configuring Management Interface Security 5-9
Configuring the IP Fragment Filter 5-9
Options 5-9
How to Enable the IP Fragment Filter 5-10
How to Disable the IP Fragment Filter 5-10
Configuring the Permitted and Not-permitted IP Address Monitor 5-10
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
iv
OL-7827-12
Options 5-10
Monitoring Management Interface IP Filtering 5-11
Configuring the Available Interfaces 5-11
Configuring TACACS+ Authentication, Authorization, and Accounting 5-11
Information About TACACS+ Authentication, Authorization, and Accounting 5-12
Configuring the SCE Platform TACACS+ Client 5-15
How to Manage the User Database 5-19
Configuring AAA Login Authentication 5-22
Configuring AAA Privilege Level Authorization Methods 5-24
Configuring AAA Accounting 5-25
Monitoring TACACS+ Servers 5-25
Monitoring TACACS+ Users 5-26
Configuring Access Control Lists (ACLs) 5-26
Options 5-27
How to Add Entries to an ACL 5-28
How to Remove an ACL 5-28
How to Define a Global ACL 5-28
Configuring the Telnet Interface 5-28
How to Prevent Telnet Access 5-29
How to Assign an ACL to the Telnet Interface 5-29
How to Configure the Telnet Timeout 5-30
Configuring the SSH Server 5-30
Information About the SSH Server 5-30
Managing the SSH Server 5-31
How to Monitor the Status of the SSH Server 5-32
Enabling the SNMP Interface 5-33
How to Enable the SNMP Interface 5-33
How to Disable the SNMP Interface 5-33
Contents
Configuring and Managing the SNMP Interface 5-33
Information About the SNMP Interface 5-33
The SNMP Interface 5-34
SNMP Protocol 5-34
Security Considerations 5-35
CLI 5-35
MIBs 5-36
Configuration via SNMP 5-41
Configuring SNMP Community Strings 5-42
How to Define a Community String 5-42
How to Remove a Community String 5-43
How to Display the Configured Community Strings 5-43
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
v
Contents
Configuring SNMP Notifications 5-43
About SNMP Notifications 5-43
How to Define SNMP Hosts 5-44
Managing Passwords 5-46
About Passwords 5-47
Changing Your Password 5-47
How to Change Your Password 5-48
Verifying that the Password has been Successfully Changed 5-48
Password Encryption 5-49
How to Enable Password Encryption 5-49
How to Disable Password Encryption 5-49
Password Recovery 5-49
How to Recover the Passwords: SCOS versions before 2.5.5 5-49
How to Recover the Passwords: SCOS versions 2.5.5 or later 5-52
IP Configuration 5-52
Configuring the IP Routing Table 5-53
How to Configure the Default Gateway 5-53
How to Add an Entry to the IP Routing Table 5-54
Displaying the IP Routing Table 5-54
IP Advertising 5-55
Configuring IP Advertising 5-55
How to Display the Current IP Advertising Configuration 5-56
Configuring the IP Address of the Management Interface 5-57
Options 5-57
Configuring the IP Address of the Management Interface: Example 5-57
Configuring Time Clocks and Time Zone 5-58
How to Display the System Time 5-58
Displaying the System Time: Example 5-58
How to Display the Calendar Time 5-59
Displaying the Calendar Time: Example 5-59
How to Set the System Clock 5-59
Options 5-59
Setting the System Clock: Example 5-59
How to Set the Calendar 5-59
Options 5-60
Setting the Calendar: Example 5-60
How to Set the Time Zone 5-60
Options 5-60
Setting the Time Zone: Example 5-61
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
vi
OL-7827-12
How to Remove the Current Time Zone Setting 5-61
Configuring Daylight Saving Time 5-61
Options 5-61
Guidelines 5-62
How to Define Recurring Daylight Saving Time Transitions 5-63
How to Define Non-Recurring Daylight Saving Time Transitions 5-63
How to Cancel the Daylight Saving Time Configuration 5-63
How to Display the Current Daylight Saving Time Configuration 5-64
Configure SNTP 5-64
How to Enable the SNTP Multicast Client 5-64
How to Disable the SNTP Multicast Client 5-65
How to Enable the SNTP Unicast Client 5-65
Options 5-65
Enabling SNTP Unicast Client: Example 5-65
How to Disable the SNTP Unicast Client 5-65
How to Disable the SNTP Unicast Client and Remove All Servers 5-65
How to Remove One SNTP Server 5-66
How to Define the SNTP Unicast Update Interval 5-66
Options 5-66
Defining the SNTP Unicast Update Interval: Example 5-66
How to Display SNTP Information 5-66
Displaying SNTP Information: Example 5-67
Contents
Configuring Domain Name Server (DNS) Settings 5-67
Configuring DNS Lookup 5-67
How to Enable DNS Lookup 5-68
How to Disable DNS Lookup 5-68
Configuring Name Servers 5-68
Options 5-68
How to Define Domain Name Servers 5-68
How to Remove a Domain Name Server 5-69
How to Remove All Domain Name Servers 5-69
Adding a Host to the Host Table 5-69
Options 5-69
Adding Hosts to Removing them from the Host Table: Examples 5-69
How to Display Current DNS Settings 5-70
Displaying Current DNS Settings: Example 5-70
Configuring the Management Port Physical Parameters 5-70
Configuring the Management Interface Speed and Duplex Parameters 5-70
How to Configure the Duplex Operation of the Management Interface 5-71
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
vii
Contents
How to Configure the Speed of the Management Interface 5-71
Monitoring the Management Interface 5-72
CHAPTER
6 Configuring the Line Interface 6-1
Introduction 6-1
Line Interfaces 6-1
Flow Control and Bandwidth Considerations 6-2
Configuring the Gigabit Ethernet Line Interfaces 6-2
How to Configure a Specific Gigabit Ethernet Line Interface 6-2
How to Configure a Range of Gigabit Ethernet Line Interfaces 6-3
Tunneling Protocols 6-3
Managed VPNs 6-5
Selecting the Tunneling Mode 6-6
Configuring L2TP IP Tunnels 6-7
IPinIP Tunneling 6-7
Configuring DSCP Marking for IPinIP Tunnels 6-9
Configuring the VLAN Environment 6-10
Configuring the MPLS Environment 6-11
Configuring the L2TP Environment 6-12
Asymmetric L2 Support 6-13
Displaying the Tunneling Configuration 6-13
How to Display the IPinIP Configuration 6-14
How to Display the Logged-in VPNs 6-14
Options 6-14
How to Display the Asymmetric L2 Support Mode 6-14
Configuring VLAN Translation 6-14
VLAN Translation Features and Limitations 6-15
Setting the VLAN Translation Constant 6-16
Options 6-16
Setting the VLAN Translation Constant: Example 6-16
How to Disable VLAN Translation 6-17
How to Monitor VLAN Translation 6-17
Configuring Traffic Rules and Counters 6-17
Information About Traffic Rules and Counters 6-17
What are Traffic Rules and Counters? 6-18
Traffic Rules 6-18
Traffic Counters 6-19
Configuring Traffic Counters 6-19
How to Create a Traffic Counter 6-20
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
viii
OL-7827-12
How to Delete a Traffic Counter 6-20
How to Delete all Existing Traffic Counters 6-20
Configuring Traffic Rules 6-20
How to Create a Traffic Rule 6-20
How to Delete a Traffic Rule 6-24
How to Delete all Traffic Rules 6-24
How to Delete All Flow Control Traffic Rules 6-24
Managing Traffic Rules and Counters 6-25
How to View a Specified Traffic Rule 6-25
How to View all Traffic Rules 6-25
How to View a Specified Traffic Counter 6-25
How to View all Traffic Counters 6-26
How to Reset a Specified Traffic Counter 6-26
How to Reset all Traffic Counters 6-26
TOS Marking 6-26
How to Display the TOS Marking Configuration 6-27
Contents
CHAPTER
Counting Dropped Packets 6-27
Configuring the Hardware Packet Drop 6-27
How to Disable the Hardware Packet Drop 6-27
How to Enable the Hardware Packet Drop 6-28
7 Configuring the Connection 7-1
Introduction 7-1
Configuring the Connection Mode 7-1
Options 7-2
Configuring the Connection Mode: Examples 7-3
Monitoring the Connection Mode and Related Parameters 7-3
How to View the Current Connection Mode 7-3
How to View the SCE-ID 7-4
How to View the Current Redundancy Status of the SCE Platform 7-4
How to View Information about the Peer SCE Platform 7-5
How to View the Current Connection Status of the SCE Platform 7-5
How to Configure the Link Mode 7-5
About the Link Mode 7-6
Options 7-6
Configuring Asymmetric Routing Topology 7-7
Asymmetric Routing and Other Service Control Capabilities 7-8
Enabling Asymmetric Routing 7-8
How to Monitor Asymmetric Routing 7-8
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
ix
Contents
Monitoring Asymmetric Routing: Example 7-9
Configuring a Forced Failure 7-9
How to Force a Virtual Failure 7-9
How to Exit from a Virtual Failure 7-9
Configuring the Failure Recovery Mode 7-9
Options 7-10
Configure the Failure Recovery Mode: Examples 7-10
Example 1 7-10
Example 2 7-10
Configuring the SCE Platform/SM Connection 7-10
Configuring the Behavior of the SCE Platform in Case of Failure of the SM 7-11
Options 7-11
Configuring the SM-SCE Platform Connection Timeout 7-11
Options 7-11
Enabling and Disabling Link Failure Reflection 7-12
How to Enable Link Failure Reflection 7-12
How to Disable Link Failure Reflection 7-12
Enabling and Disabling Link Failure Reflection on All Ports 7-12
Options 7-13
How to Enable Link Failure Reflection on All Ports 7-13
How to Disable Link Failure Reflection on All Ports 7-13
Configuring Link Failure Reflection in Linecard-Aware Mode (SCE 2000 only) 7-13
How to Enable Linecard-Aware Mode 7-14
How to Disable Linecard-Aware Mode 7-14
CHAPTER
8 Raw Data Formatting: The RDR Formatter and NetFlow Exporting 8-1
Introduction 8-1
Information About the RDR Formatter and NetFlow Exporting Support 8-1
The RDR Formatter 8-2
NetFlow 8-2
NetFlow Terminology 8-2
NetFlow Exporting Support 8-3
Data Destinations 8-3
Categories 8-4
Priority 8-5
Setting DSCP for NetFlow 8-5
Forwarding Modes 8-5
Protocol 8-6
Transport Type 8-6
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
x
OL-7827-12
Configuring Data Destinations and Categories 8-6
Configuring a Data Destination 8-6
Options 8-7
Configuring the Data Destinations: Examples 8-7
Configuring the Data Categories 8-8
How to Configure a Destination and Assign Categories 8-8
Configuring the Forwarding Mode 8-12
Options 8-13
Configuring the Forwarding Mode: Example 8-13
Configuring the RDR Formatter 8-13
Options 8-13
How to Enable the RDR Formatter 8-13
How to Disable the RDR Formatter 8-14
How to Configure the Size of the RDR Formatter History Buffer 8-14
Options 8-14
Contents
Configuring the NetFlow Exporting Support 8-14
Options 8-14
How to Configure a DSCP Value for NetFlow 8-15
Options 8-15
How to Configure the Template Refresh Interval 8-15
Options 8-15
Configuring Dynamic Mapping of RDRs to Categories 8-15
How to Configuring Mappings 8-16
Options 8-16
How to Add a Mapping to a Category 8-16
How to Remove a Mapping from a Category 8-16
How to Restore the Default Mapping for a Specified RDR Tag 8-16
Displaying Data Destination Configuration and Statistics 8-17
How to the Display the Current RDR Formatter Configuration 8-17
Displaying the RDR Formatter Configuration: Example 8-17
How to the Display the Current RDR Formatter Statistics 8-18
Displaying the Current RDR Formatter Statistics: Example 8-18
Disabling the Linecard from Sending RDRs 8-19
How to Disable the Linecard from Sending RDRs 8-19
How to Enable the Linecard to Send RDRs 8-19
CHAPTER
9 Managing Subscribers 9-1
Introduction 9-1
Information About Subscribers 9-1
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xi
Contents
What is a Subscriber? 9-2
Subscriber Modes in Service Control Solutions 9-3
Subscriber Database: Capacity and Limits 9-4
Working with Large Numbers of Subscribers 9-4
Actual Maximum Number of Subscribers 9-4
Subscriber Mapping Limits 9-5
Aging Subscribers 9-5
VPN-Based Subscribers 9-5
Automatic VLAN VPNs 9-5
Synchronizing Subscriber Information in a Cascade System 9-6
Anonymous Groups and Subscriber Templates 9-7
Information About Subscriber Files 9-7
Subscriber Files 9-7
Subscriber default csv file format 9-8
Subscriber anonymous groups csv file format 9-8
Importing and Exporting Subscriber Information 9-9
Options 9-9
How to Import Subscriber Information 9-9
How to Export Subscriber Information 9-10
How to Import a Subscriber Template 9-10
How to Export a Subscriber Template 9-10
Removing Subscribers and Templates 9-10
How to Remove a Specific Subscriber 9-11
Options 9-11
How to Remove All Introduced Subscribers 9-11
How to Remove a Specific Anonymous Subscriber Group 9-12
Options 9-12
How to Remove All Anonymous Subscriber Groups 9-12
How to Remove All Anonymous Subscribers 9-12
How to Remove All Subscriber Templates 9-12
About VPN-based Subscribers 9-13
How to Remove Subscribers by Device 9-13
How to Remove Subscribers from the SM 9-13
How to Remove Subscribers from a Specified SCMP Peer Device 9-13
Creating Anonymous Groups 9-14
Defining Anonymous Groups 9-14
How to Define an Anonymous Group 9-14
Importing and Exporting Anonymous Groups 9-14
How to Import Anonymous Groups 9-15
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xii
OL-7827-12
How to Export Anonymous Groups 9-15
Monitoring Subscribers 9-15
How to Monitor the Subscriber Database 9-16
How to Display the Subscriber Database Counters 9-17
Clearing the Subscriber Database Counters 9-18
Displaying Subscribers 9-18
Displaying Subscribers: All Current Subscriber Names 9-19
Displaying Subscribers: By Subscriber Property or Prefix 9-19
Displaying Subscribers: By Mapping (IP Address, VPN, VLAN ID, or MPLS/VPN) 9-21
Displaying Subscriber Information 9-23
How to display a listing of subscriber properties 9-24
How to display complete information for a specified subscriber 9-24
How to display values of subscriber properties for a specified subscriber 9-24
How to display mappings for a specified subscriber 9-25
How to display OS counters for a specified subscriber 9-25
Displaying Anonymous Subscriber Information 9-25
How to display currently configured anonymous groups 9-26
How to display currently configured templates for anonymous groups 9-26
How to display current configuration for a specified anonymous group 9-26
How to display subscribers in a specified anonymous group 9-26
How to display all subscribers currently in anonymous groups 9-26
How to display the number of subscribers in a specified anonymous group 9-27
How to display the total number of subscribers in all anonymous groups 9-27
Managing VPNs and VPN Subscriber Mappings 9-27
How to Display VPN-related Mappings 9-27
How to Clear Upstream MPLS/VPN Mappings 9-28
How to Clear Automatic VPNs 9-29
Contents
Subscriber Traffic Processor IP Ranges 9-29
Information About Traffic Processor IP Ranges 9-29
Subscriber Mapping Modes 9-30
Subscriber Mapping Conflicts 9-30
Subscriber Rules for TIRs 9-31
How to Reserve Rules for TIRs 9-31
Options 9-31
How to Configure TIRs 9-31
Options 9-32
How to Create or Update a TIR 9-32
How to update a TIR even if subscriber mappings exist 9-32
How to Remove TIRs and Subscriber Mappings 9-32
How to Remove a Specified TIR 9-33
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xiii
Contents
How to Remove All TIRs 9-33
How to Remove Mappings from a Specified TIR 9-33
How to Remove Mappings from a Specified IP Range 9-34
How to Import and Export TIRs 9-34
About TIR csv Files 9-34
Options 9-34
How to Import TIRs from a csv File 9-35
How to Export TIRs to a csv File 9-35
How to Monitor TIRs 9-35
How to Display Traffic Processor Mappings State 9-36
How to Display Configuration of a Specified TIR 9-36
How to Display Configuration of All TIRs 9-36
How to Display Mappings Related to a Specified TIR 9-36
How to Display the Number of Subscribers with Mappings Related to a Specified TIR 9-36
How to Display Complete Subscriber Information 9-36
How to Display All Subscribers Mapped to a Specified IP Range 9-37
How to Display the Number of Subscribers Mapped to a Specified IP Range 9-37
Configuring the Actual Maximum Number of Subscribers 9-37
How to Override the Configured Capacity Option 9-37
How to Restore the Configured Capacity Option 9-38
How to Monitor the Maximum Number of Subscribers 9-38
Configuring Subscriber Aging 9-38
How to Enable Aging for Anonymous Group Subscribers 9-38
How to Enable Aging for Introduced Subscribers 9-39
How to Disable Aging for Anonymous Group Subscribers 9-39
How to Disable Aging for Introduced Subscribers 9-39
How to Set the Aging Timeout Period for Anonymous Group Subscribers 9-39
Options 9-39
How to Set the Aging Timeout Period for Introduced Subscribers 9-40
Options 9-40
How to Display Aging for Anonymous Group Subscribers 9-40
How to Display Aging for Introduced Subscribers 9-40
Configuring the SCE Platform/SM Connection 9-40
Options 9-41
Configuring the Behavior of the SCE Platform in Case of Failure of the SM 9-41
Options 9-41
Configuring the SM-SCE Platform Connection Timeout 9-42
Options 9-42
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xiv
OL-7827-12
Contents
CHAPTER
10 Redundancy and Fail-Over 10-1
Introduction 10-1
Information About Redundancy and Fail-Over 10-1
Terminology and Definitions 10-2
Redundant Topologies 10-2
In-line Dual Link Redundant Topology 10-3
Failure Detection 10-4
Link Failure Reflection 10-4
How to Configure Forced Failure 10-5
How to Force a Virtual Failure Condition 10-5
How to Exit a Virtual Failure Condition 10-5
Hot Standby and Fail-over 10-5
Hot Standby 10-5
Fail-over 10-6
Failure in the Cascade Connection 10-7
Installing a Cascaded System 10-7
Recovery 10-8
Replacing the SCE platform (manual recovery) 10-9
Manual steps: 10-9
Automatic steps (in parallel with the manual steps, requires no user intervention): 10-9
Reboot only (fully automatic recovery) 10-9
CHAPTER
CLI Commands for Cascaded Systems 10-10
Topology-Related Parameters for Redundant Topologies 10-10
Configuring the Connection Mode 10-10
Examples 10-11
Monitoring a Cascaded System 10-11
How to View the Current Connection Mode 10-11
How to View the Current Link Mode 10-11
How to View Current Link Mappings 10-11
System Upgrades 10-12
Firmware Upgrade (package installation) 10-12
Application Upgrade 10-13
Simultaneous Upgrade of Firmware and Application 10-13
11 Identifying and Preventing Distributed-Denial-Of-Service Attacks 11-1
Introduction 11-1
Attack Filtering and Attack Detection 11-1
Attack Filtering 11-2
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xv
Contents
Specific Attack Filtering 11-2
Attack Detection 11-3
Attack Detection Thresholds 11-4
Attack Handling 11-5
Subscriber Notification 11-5
Hardware Filtering 11-6
Configuring Attack Detectors 11-7
How to Enable Specific-IP Detection 11-9
Options 11-9
How to Enable Specific-IP Detection 11-9
How to Enable Specific-IP Detection for the TCP Protocol Only for all Attack Directions 11-9
How to Enable Specific-IP Detection for the TCP Protocol for Port-based Detections Only for
Dual-sided Attacks 11-10
How to Disable Specific-IP Detection for Protocols Other than TCP, UDP, and ICMP for all Attack
Directions 11-10
How to Disable Specific-IP Detection for ICMP for Single-sided Attacks Defined by the Source
IP 11-10
How to Configure the Default Attack Detector 11-10
Options 11-11
How to Define the Default Action and Optionally the Default Thresholds 11-11
How to Reinstate the System Defaults for a Selected Set of Attack Types 11-12
How to Reinstate the System Defaults for All Attack Types 11-12
Specific Attack Detectors 11-13
Options 11-13
How to Enable a Specific Attack Detector and Assign it an ACL 11-14
How to Define the Action and Optionally the Thresholds for a Specific Attack Detector 11-14
How to Define the Subscriber Notification Setting for a Specific Attack Detector 11-15
How to Define the SNMP Trap Setting for a Specific Attack Detector 11-15
How to Define the List of Destination Ports for TCP or UDP Protocols for a Specific Attack
Detector 11-15
How to Delete User-Defined Values 11-16
How to Disable a Specific Attack Detector 11-16
How to Disable All Non-default Attack Detectors 11-16
How to Disable All Attack Detectors 11-16
Sample Attack Detector Configuration 11-17
Configuring Subscriber Notifications 11-18
How to Configure the Subscriber Notification Port 11-18
Options 11-18
How to Remove the Subscriber Notification Port 11-18
Preventing and Forcing Attack Detection 11-19
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xvi
OL-7827-12
Options 11-19
Preventing Attack Filtering 11-20
How to Configure a dont-filter Setting for a Specified Situation 11-20
How to Remove a dont-filter Setting from a Specified Situation 11-20
How to Remove All dont-filter Settings 11-20
Forcing Attack Filtering 11-20
How to Configure a force-filter Setting for a Specified Situation 11-21
How to Remove a force-filter Setting from a Specified Situation 11-21
How to Remove All force-filter Settings 11-21
Monitoring Attack Filtering 11-21
Monitoring Attack Filtering Using SNMP Traps 11-21
Monitoring Attack Filtering Using CLI Commands 11-23
How to display a specified attack detector configuration 11-24
How to display the default attack detector configuration 11-25
How to display all attack detector configurations 11-26
How to display filter state (enabled or disabled) 11-26
How to display configured threshold values and actions 11-26
How to display the current counters 11-28
How to display all currently handled attacks 11-28
How to display all existing force-filter settings 11-28
How to display all existing don't-filter settings 11-28
How to display the list of ports selected for subscriber notification 11-29
How to find out whether hardware attack filtering has been activated 11-29
The Attack Log 11-29
How to View the Attack Log 11-30
How to Copy the Attack Log to a File 11-30
Contents
CHAPTER
12 Value Added Services (VAS) Traffic Forwarding 12-1
Introduction 12-1
Information About VAS Traffic Forwarding 12-1
VAS Service Goals 12-2
How VAS Traffic Forwarding Works 12-2
Requirements for VAS Servers 12-4
VAS Traffic Forwarding and SCA BB 12-5
VLAN Tags for VAS Traffic Forwarding 12-5
Service Flow 12-6
Data Flow 12-6
Non-VAS Data Flow 12-7
VAS Data Flow 12-8
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xvii
Contents
Load Balancing 12-8
Load Balancing and Subscribers 12-9
Load Balancing and Subscriber Mode 12-9
VAS Redundancy 12-9
VAS Server Failure 12-10
VAS Server Group Failure 12-10
Ethernet Switch Failure 12-10
Disabling a VAS Server 12-11
VAS Status and VAS Health Check 12-11
VAS Server States 12-12
VAS Traffic Forwarding Topologies 12-12
Single SCE Platform, Multiple VAS Servers 12-12
Data Flow 12-13
Multiple SCE Platforms, Multiple VAS Servers 12-14
SNMP Support for VAS 12-15
Interactions Between VAS Traffic Forwarding and Other SCE Platform Features 12-15
Incompatible SCE Platform Features 12-15
VAS Traffic Forwarding and DDoS Processing 12-15
Specific IP DDoS Attack Detection 12-15
Specific IP Attack filter 12-16
VAS Traffic Forwarding and Bandwidth Management 12-16
Global Controllers and VAS flows 12-16
Configuring VAS Traffic Forwarding 12-16
Configuring VAS Traffic Forwarding from the SCA BB Console 12-17
Global Options 12-17
Enabling VAS Traffic Forwarding 12-18
Options 12-18
Disabling VAS Traffic Forwarding 12-18
How to Configure the VAS Traffic Link 12-19
Options 12-19
How to Select the Link for VAS Traffic 12-19
How to Revert to the Default Link for VAS Traffic 12-19
How to Configure a VAS Server 12-20
Options 12-20
How to Enable a VAS Server 12-20
How to Disable a VAS Server 12-21
How to Restore all VAS Server Properties to Default 12-21
How to Assign a VLAN ID to a VAS Server 12-21
Options 12-21
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xviii
OL-7827-12
How to Configure the VLAN Tag Number for a Specified VAS Server 12-21
How to Remove the VLAN Tag Number from a Specified VAS Server 12-22
How to Configure the Health Check 12-22
How to Configure Pseudo IP Addresses for the Health Check Packets 12-23
How to Configure a VAS Server Group 12-25
About VAS Server Groups 12-25
How to Add and Remove Servers 12-25
How to Configure VAS Server Group Failure Parameters 12-26
Monitoring VAS Traffic Forwarding 12-28
How to Display Global VAS Status and Configuration 12-28
Example 12-28
How to Display Operational and Configuration Information for a Specific VAS Server Group 12-29
Example 12-29
How to Display Operational and Configuration Information for All VAS Server Groups 12-29
How to Display Operational and Configuration Information for a Specific VAS Server 12-29
Example 12-29
How to Display Operational and Configuration Information for All VAS Servers 12-30
How to Display the VAS Servers Used by a Specified Subscriber 12-30
How to Display Health Check Counters for a Specified VAS Server 12-30
Example 12-30
How to Display Health Check Counters for All VAS Servers 12-31
How to Clear the Health Check Counters for a Specified VAS Server 12-31
How to Clear the Health Check Counters for All VAS Servers 12-31
How to Display Bandwidth per VAS Server and VAS Direction 12-31
Example 12-31
Contents
VAS over 10G 12-32
About VAS over 10G 12-32
Data Flow in VAS over 10G Topology 12-33
VAS Data Flow: To the VAS Server 12-35
VAS Data Flow: From the VAS Server 12-36
Failover Support 12-37
Health Check in VAS over 10G Topology 12-39
Configuring VAS over 10G: General Guidelines 12-40
Configuring the 7600/6500 for VAS over 10G 12-40
Configuring VAS over 10G 12-41
How to Configure the VAS Traffic Link Auto-Select Parameters (VAS over 10G) 12-41
How to Configure the Minimum Time between Link Switches 12-42
How to Set the Active VAS Link 12-43
How to Configure Health Check for VAS over 10G 12-43
How to Configure the Health Check IP Address 12-43
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xix
Contents
How to Remove the IP Address Configuration 12-44
How to Enable the Health Check for VAS over 10G Topology 12-45
Options 12-45
How to Enable Health Check Compatibility for VAS over 10G (MGSCP) 12-45
How to Remove the Health Check Compatibility Configuration 12-45
VAS Over 10G Sample Configuration 12-46
Intelligent Traffic Mirroring 12-47
Behavioral Targeting Use Case 12-47
Traffic Mirroring and SCA BB 12-48
Mirroring Termination 12-48
Mirroring Exceptions 12-49
SCE Connectivity 12-49
Configuring Traffic Mirroring 12-50
Monitoring Traffic Mirroring 12-51
Traffic Mirroring Sample Configuration 12-52
CHAPTER
13 MPLS/VPN Support 13-1
Introduction 13-1
Service Control in the MPLS/VPN Environment 13-1
Definitions and Acronyms 13-2
What are the Challenges for Service Control for MPLS/VPN Support? 13-3
How MPLS/VPN Support Works 13-3
Flow Detection 13-3
VPN Detection 13-4
Subscriber Detection 13-4
What is an MPLS/VPN-based Subscriber? 13-4
Private IP Subscriber Support 13-5
How the Service Control MPLS/VPN Solution Works 13-5
How the Service Control MPLS/VPN Solution Works: A Summary 13-5
SCE Platform Tasks in the MPLS/VPN Solution 13-5
BGP LEG Tasks in the MPLS/VPN Solution 13-6
SM Tasks in the MPLS/VPN Solution 13-6
Service Control MPLS/VPN Concepts 13-6
Non-VPN-Based Subscribers 13-6
Bypassing Unknown VPNs 13-7
Additional MPLS Pattern Support 13-7
VPN Identifier (RD or RT) 13-8
Service Control MPLS/VPN Requirements 13-8
Topology 13-8
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xx
OL-7827-12
Capacity 13-9
Limitations 13-10
Backwards Compatibility 13-11
Configuring MPLS/VPN Support 13-11
Configuring the MPLS Environment 13-11
How to Check the Running Configuration 13-11
How to Configure the MPLS Environment 13-12
Configuring the SCE Platform for MPLS/VPN Support 13-12
Defining the PE Routers 13-12
Configuring the MAC Resolver 13-14
Monitoring the MAC Resolver 13-15
Configuring the SM for MPLS/VPN Support 13-16
how to Configure the SM for MPLS/VPN Support 13-16
How to Edit the SM Configuration File 13-16
How to Configure the SM to Allow IP Ranges 13-17
Contents
CHAPTER
Managing MPLS/VPN Support 13-17
Managing MPLS/VPN Support via SNMP 13-17
MPLS/VPN MIB Objects 13-18
MPLS/VPN Traps 13-18
Monitoring MPLS/VPN Support via SCE Platform CLI 13-18
Displaying VPN-related Mappings 13-18
Clearing Upstream VPN Mappings 13-21
Monitoring Subscriber Counters 13-22
Monitoring MPLS/VPN Counters 13-23
Monitoring the PE Routers 13-23
Monitoring Bypassed VPNs 13-24
Monitoring Non-VPN Mappings 13-24
Managing MPLS/VPN Support via SM CLU 13-24
Managing VPNs 13-25
How to Add Mappings to VPN-based Subscribers 13-27
How to Remove VPN Mappings from Subscribers 13-28
How to Monitor Subscriber MPLS/VPN Mappings 13-29
14 Managing the SCMP 14-1
Introduction 14-1
About SCMP 14-1
SCMP Terminology 14-2
Deployment Scenarios 14-3
Single ISG Router with a Single SCE Platform (1xISG – 1xSCE) 14-3
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxi
Contents
Single ISG Router with Two Cascaded SCE Platforms (1xISG – 2xSCE) 14-4
Multiple ISG Routers with Two Cascaded SCE Platforms (NxISG – 2xSCE) 14-5
Multiple ISG Routers with Multiple SCE Platforms via Load Balancing (NxISG – MxSCE) 14-6
SCMP Peer Devices 14-7
Connection Management 14-7
SCMP Subscriber Management 14-8
GUID and Subscriber ID 14-8
Configuring the SCMP 14-8
Configuring SCMP Parameters 14-9
How to Enable the SCMP 14-9
How to Disable the SCMP 14-9
Configuring the SCMP Peer Device to Push Sessions 14-9
Configuring the SCMP Peer Device to Force Each Subscriber to Single SCE Platform 14-10
How to Define the Keep-alive Interval Parameter 14-11
How to Define the Reconnect Interval Parameter 14-11
How to Define the Loss-of-Sync Timeout Parameter 14-11
Adding an SCMP Peer Device 14-12
How to Define an SCMP Peer Device 14-12
Assigning the SCMP Peer Device to an Anonymous Group 14-13
Deleting Subscribers Managed by an SCMP Peer Device 14-13
Options 14-13
Deleting an SCMP Peer Device 14-14
Defining the Subscriber ID 14-14
Options 14-15
Configuring the RADIUS Client 14-15
Options 14-16
Monitoring the SCMP Environment 14-16
Monitoring the SCMP 14-16
Options 14-16
How to display the general SCMP configuration 14-17
How to display the configuration all currently defined SCMP peer devices 14-17
How to display the configuration for a specified SCMP peer device 14-17
How to display the statistics for all SCMP peer devices 14-17
How to display the statistics for a specified SCMP peer device 14-18
Monitoring the RADIUS Client 14-18
APPENDIX
A Monitoring SCE Platform Utilization A-1
Introduction A-1
SCE Platform Utilization Indicators A-2
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxii
OL-7827-12
CPU Utilization A-2
Flows Capacity A-2
Subscribers Capacity A-2
Service Loss A-3
Monitoring Service Loss A-3
Contents
APPENDIX
B Proprietary MIB Reference B-1
Introduction B-1
pcube Enterprise MIB B-2
Application MIB Integration B-3
Application and Subscriber groups B-4
The Engage MIB (pcubeEngageMIB) B-5
MIB Updates B-5
tpServiceLoss B-6
Using this Reference B-6
pcubeModules (1.3.6.1.4.1.5655.2) B-6
pcubeSeMIB (1.3.6.1.4.1.5655.2.3) B-6
pcubeSeMIB Object Groups (1.3.6.1.4.1.5655.2.3.1.1) B-7
pcubeCompliances (1.3.6.1.4.1.5655.2.3.1.2) B-15
pcubeWorkgroup (1.3.6.1.4.1.5655.4) B-16
Notification Types B-17
operationalStatusOperationalTrap (1.3.6.1.4.1.5655.4.0.1) B-19
operationalStatusWarningTrap (1.3.6.1.4.1.5655.4.0.2) B-19
operationalStatusFailureTrap (1.3.6.1.4.1.5655.4.0.3) B-19
systemResetTrap (1.3.6.1.4.1.5655.4.0.4) B-19
chassisTempAlarmOnTrap (1.3.6.1.4.1.5655.4.0.5) B-19
chassisTempAlarmOffTrap (1.3.6.1.4.1.5655.4.0.6) B-19
chassisVoltageAlarmOnTrap (1.3.6.1.4.1.5655.4.0.7) B-20
chassisFansAlarmOnTrap (1.3.6.1.4.1.5655.4.0.8) B-20
chassisPowerSupplyAlarmOnTrap (1.3.6.1.4.1.5655.4.0.9) B-20
rdrActiveConnectionTrap (1.3.6.1.4.1.5655.4.0.10) B-20
rdrNoActiveConnectionTrap (1.3.6.1.4.1.5655.4.0.11) B-20
rdrConnectionUpTrap (1.3.6.1.4.1.5655.4.0.12) B-20
rdrConnectionDownTrap (1.3.6.1.4.1.5655.4.0.13) B-20
loggerUserLogIsFullTrap (1.3.6.1.4.1.5655.4.0.18) B-20
sntpClockDriftWarnTrap (1.3.6.1.4.1.5655.4.0.19) B-20
linkModeBypassTrap (1.3.6.1.4.1.5655.4.0.20) B-20
linkModeForwardingTrap (1.3.6.1.4.1.5655.4.0.21) B-21
linkModeCutoffTrap (1.3.6.1.4.1.5655.4.0.22) B-21
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxiii
Contents
moduleAttackFilterActivatedTrap (1.3.6.1.4.1.5655.4.0.25) B-21
moduleAttackFilterDeactivatedTrap (1.3.6.1.4.1.5655.4.0.26) B-22
moduleEmAgentGenericTrap (1.3.6.1.4.1.5655.4.0.27) B-22
linkModeSniffingTrap (1.3.6.1.4.1.5655.4.0.28) B-22
moduleRedundancyReadyTrap (1.3.6.1.4.1.5655.4.0.29) B-22
moduleRedundantConfigurationMismatchTrap (1.3.6.1.4.1.5655.4.0.30) B-22
moduleLostRedundancyTrap (1.3.6.1.4.1.5655.4.0.31) B-22
moduleSmConnectionDownTrap (1.3.6.1.4.1.5655.4.0.32) B-23
moduleSmConnectionUpTrap (1.3.6.1.4.1.5655.4.0.33) B-23
moduleOperStatusChangeTrap (1.3.6.1.4.1.5655.4.0.34) B-23
portOperStatusChangeTrap (1.3.6.1.4.1.5655.4.0.35) B-23
chassisLineFeedAlarmOnTrap (1.3.6.1.4.1.5655.4.0.36) B-23
rdrFormatterCategoryDiscardingReportsTrap (1.3.6.1.4.1.5655.4.0.37) B-23
rdrFormatterCategoryStoppedDiscardingReportsTrap (1.3.6.1.4.1.5655.4.0.38) B-23
sessionStartedTrap (1.3.6.1.4.1.5655.4.0.39) B-23
sessionEndedTrap (1.3.6.1.4.1.5655.4.0.40) B-23
sessionDeniedAccessTrap (1.3.6.1.4.1.5655.4.0.41) B-23
sessionBadLoginTrap (1.3.6.1.4.1.5655.4.0.42) B-24
illegalSubscriberMappingTrap (1.3.6.1.4.1.5655.4.0.43) B-24
loggerLineAttackLogFullTrap (1.3.6.1.4.1.5655.4.0.44) B-24
vasServerOperationalStatusChangeTrap (1.3.6.1.4.1.5655.4.0.45) B-24
pullRequestNumber (1.3.6.1.4.1.5655.4.0.46) B-24
pullRequestRetryFailedTrap (1.3.6.1.4.1.5655.4.0.47) B-24
mplsVpnTotalHWMappingsThresholdExceededTrap (1.3.6.1.4.1.5655.4.0.48) B-24
pcubeSe Objects B-25
sysOperationalStatus (1.3.6.1.4.1.5655.4.1.1.1) B-31
sysFailureRecovery (1.3.6.1.4.1.5655.4.1.1.2) B-31
sysVersion (1.3.6.1.4.1.5655.4.1.1.3) B-32
pchassisSysType (1.3.6.1.4.1.5655.4.1.2.1) B-32
pchassisPowerSupplyAlarm (1.3.6.1.4.1.5655.4.1.2.2) B-32
pchassisFansAlarm (1.3.6.1.4.1.5655.4.1.2.3) B-32
pchassisTempAlarm (1.3.6.1.4.1.5655.4.1.2.4) B-33
pchassisVoltageAlarm (1.3.6.1.4.1.5655.4.1.2.5) B-33
pchassisNumSlots (1.3.6.1.4.1.5655.4.1.2.6) B-33
pchassisSlotConfig (1.3.6.1.4.1.5655.4.1.2.7) B-34
pchassisPsuType (1.3.6.1.4.1.5655.4.1.2.8) B-34
pchassisLineFeedAlarm (1.3.6.1.4.1.5655.4.1.2.9) B-34
pmoduleTable (1.3.6.1.4.1.5655.4.1.3.1) B-35
pmoduleEntry (1.3.6.1.4.1.5655.4.1.3.1.1) B-35
pmoduleIndex (1.3.6.1.4.1.5655.4.1.3.1.1.1) B-35
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxiv
OL-7827-12
pmoduleType (1.3.6.1.4.1.5655.4.1.3.1.1.2) B-36
pmoduleNumTrafficProcessors (1.3.6.1.4.1.5655.4.1.3.1.1.3) B-36
pmoduleSlotNum (1.3.6.1.4.1.5655.4.1.3.1.1.4) B-36
pmoduleHwVersion (1.3.6.1.4.1.5655.4.1.3.1.1.5) B-36
pmoduleNumPorts (1.3.6.1.4.1.5655.4.1.3.1.1.6) B-37
pmoduleNumLinks (1.3.6.1.4.1.5655.4.1.3.1.1.7) B-37
pmoduleConnectionMode (1.3.6.1.4.1.5655.4.1.3.1.1.8) B-37
pmoduleSerialNumber (1.3.6.1.4.1.5655.4.1.3.1.1.9) B-37
pmoduleUpStreamAttackFilteringTime (1.3.6.1.4.1.5655.4.1.3.1.1.10) B-38
pmoduleUpStreamLastAttackFilteringTime (1.3.6.1.4.1.5655.4.1.3.1.1.11) B-38
pmoduleDownStreamAttackFilteringTime (1.3.6.1.4.1.5655.4.1.3.1.1.12) B-38
pmoduleDownStreamLastAttackFilteringTime (1.3.6.1.4.1.5655.4.1.3.1.1.13) B-38
pmoduleAttackObjectsClearTime (1.3.6.1.4.1.5655.4.1.3.1.1.14) B-39
pmoduleAdminStatus (1.3.6.1.4.1.5655.4.1.3.1.1.15) B-39
pmoduleOperStatus (1.3.6.1.4.1.5655.4.1.3.1.1.16) B-39
linkTable (1.3.6.1.4.1.5655.4.1.4.1) B-39
linkEntry (1.3.6.1.4.1.5655.4.1.4.1.1) B-40
linkModuleIndex (1.3.6.1.4.1.5655.4.1.4.1.1.1) B-40
linkIndex (1.3.6.1.4.1.5655.4.1.4.1.1.2) B-40
linkAdminModeOnActive (1.3.6.1.4.1.5655.4.1.4.1.1.3) B-41
linkAdminModeOnFailure (1.3.6.1.4.1.5655.4.1.4.1.1.4) B-41
linkOperMode (1.3.6.1.4.1.5655.4.1.4.1.1.5) B-41
linkStatusReflectionEnable (1.3.6.1.4.1.5655.4.1.4.1.1.6) B-42
linkSubscriberSidePortIndex (1.3.6.1.4.1.5655.4.1.4.1.1.7) B-42
linkNetworkSidePortIndex (1.3.6.1.4.1.5655.4.1.4.1.1.8) B-42
diskNumUsedBytes (1.3.6.1.4.1.5655.4.1.5.1) B-42
diskNumFreeBytes (1.3.6.1.4.1.5655.4.1.5.2) B-43
rdrFormatterEnable (1.3.6.1.4.1.5655.4.1.6.1) B-43
rdrFormatterDestTable (1.3.6.1.4.1.5655.4.1.6.2) B-43
rdrFormatterDestEntry (1.3.6.1.4.1.5655.4.1.6.2.1) B-44
rdrFormatterDestIPAddr (1.3.6.1.4.1.5655.4.1.6.2.1.1) B-44
rdrFormatterDestPort (1.3.6.1.4.1.5655.4.1.6.2.1.2) B-44
rdrFormatterDestPriority (1.3.6.1.4.1.5655.4.1.6.2.1.3) B-44
rdrFormatterDestStatus (1.3.6.1.4.1.5655.4.1.6.2.1.4) B-45
rdrFormatterDestConnectionStatus (1.3.6.1.4.1.5655.4.1.6.2.1.5) B-45
rdrFormatterDestNumReportsSent (1.3.6.1.4.1.5655.4.1.6.2.1.6) B-45
rdrFormatterDestNumReportsDiscarded (1.3.6.1.4.1.5655.4.1.6.2.1.7) B-45
rdrFormatterDestReportRate (1.3.6.1.4.1.5655.4.1.6.2.1.8) B-46
rdrFormatterDestReportRatePeak (1.3.6.1.4.1.5655.4.1.6.2.1.9) B-46
rdrFormatterDestReportRatePeakTime (1.3.6.1.4.1.5655.4.1.6.2.1.10) B-46
Contents
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxv
Contents
rdrFormatterNumReportsSent (1.3.6.1.4.1.5655.4.1.6.3) B-46
rdrFormatterNumReportsDiscarded (1.3.6.1.4.1.5655.4.1.6.4) B-47
rdrFormatterClearCountersTime (1.3.6.1.4.1.5655.4.1.6.5) B-47
rdrFormatterReportRate (1.3.6.1.4.1.5655.4.1.6.6) B-47
rdrFormatterReportRatePeak (1.3.6.1.4.1.5655.4.1.6.7) B-47
rdrFormatterReportRatePeakTime (1.3.6.1.4.1.5655.4.1.6.8) B-48
rdrFormatterProtocol (1.3.6.1.4.1.5655.4.1.6.9) B-48
rdrFormatterForwardingMode (1.3.6.1.4.1.5655.4.1.6.10) B-48
rdrFormatterCategoryTable (1.3.6.1.4.1.5655.4.1.6.11) B-48
rdrFormatterCategoryEntry (1.3.6.1.4.1.5655.4.1.6.11.1) B-49
rdrFormatterCategoryIndex (1.3.6.1.4.1.5655.4.1.6.11.1.1) B-49
rdrFormatterCategoryName (1.3.6.1.4.1.5655.4.1.6.11.1.2) B-49
rdrFormatterCategoryNumReportsSent (1.3.6.1.4.1.5655.4.1.6.11.1.3) B-49
rdrFormatterCategoryNumReportsDiscarded (1.3.6.1.4.1.5655.4.1.6.11.1.4) B-50
rdrFormatterCategoryReportRate (1.3.6.1.4.1.5655.4.1.6.11.1.5) B-50
rdrFormatterCategoryReportRatePeak (1.3.6.1.4.1.5655.4.1.6.11.1.6) B-50
rdrFormatterCategoryReportRatePeakTime (1.3.6.1.4.1.5655.4.1.6.11.1.7) B-50
rdrFormatterCategoryNumReportsQueued (1.3.6.1.4.1.5655.4.1.6.11.1.8) B-51
rdrFormatterCategoryDestTable (1.3.6.1.4.1.5655.4.1.6.12) B-51
rdrFormatterCategoryDestEntry (1.3.6.1.4.1.5655.4.1.6.12.1) B-51
rdrFormatterCategoryDestPriority (1.3.6.1.4.1.5655.4.1.6.12.1.1) B-51
rdrFormatterCategoryDestStatus (1.3.6.1.4.1.5655.4.1.6.12.1.2) B-52
loggerUserLogEnable (1.3.6.1.4.1.5655.4.1.7.1) B-52
loggerUserLogNumInfo (1.3.6.1.4.1.5655.4.1.7.2) B-52
loggerUserLogNumWarning (1.3.6.1.4.1.5655.4.1.7.3) B-52
loggerUserLogNumError (1.3.6.1.4.1.5655.4.1.7.4) B-53
loggerUserLogNumFatal (1.3.6.1.4.1.5655.4.1.7.5) B-53
loggerUserLogClearCountersTime (1.3.6.1.4.1.5655.4.1.7.6) B-53
subscribersInfoTable (1.3.6.1.4.1.5655.4.1.8.1) B-53
subscribersInfoEntry (1.3.6.1.4.1.5655.4.1.8.1.1) B-54
subscribersNumIntroduced (1.3.6.1.4.1.5655.4.1.8.1.1.1) B-54
subscribersNumFree (1.3.6.1.4.1.5655.4.1.8.1.1.2) B-54
subscribersNumIpAddrMappings (1.3.6.1.4.1.5655.4.1.8.1.1.3) B-54
subscribersNumIpAddrMappingsFree (1.3.6.1.4.1.5655.4.1.8.1.1.4) B-55
subscribersNumIpRangeMappings (1.3.6.1.4.1.5655.4.1.8.1.1.5) B-55
subscribersNumIpRangeMappingsFree (1.3.6.1.4.1.5655.4.1.8.1.1.6) B-55
subscribersNumVlanMappings (1.3.6.1.4.1.5655.4.1.8.1.1.7) B-55
subscribersNumVlanMappingsFree (1.3.6.1.4.1.5655.4.1.8.1.1.8) B-56
subscribersNumActive (1.3.6.1.4.1.5655.4.1.8.1.1.9) B-56
subscribersNumActivePeak (1.3.6.1.4.1.5655.4.1.8.1.1.10) B-56
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxvi
OL-7827-12
subscribersNumActivePeakTime (1.3.6.1.4.1.5655.4.1.8.1.1.11) B-56
subscribersNumUpdates (1.3.6.1.4.1.5655.4.1.8.1.1.12) B-57
subscribersCountersClearTime (1.3.6.1.4.1.5655.4.1.8.1.1.13) B-57
subscribersNumTpIpRangeMappings (1.3.6.1.4.1.5655.4.1.8.1.1.14) B-57
subscribersNumTpIpRangeMappingsFree (1.3.6.1.4.1.5655.4.1.8.1.1.15) B-57
subscribersNumAnonymous (1.3.6.1.4.1.5655.4.1.8.1.1.16) B-58
subscribersNumWithSessions (1.3.6.1.4.1.5655.4.1.8.1.1.17) B-58
subscribersPropertiesTable (1.3.6.1.4.1.5655.4.1.8.2) B-58
subscribersPropertiesEntry (1.3.6.1.4.1.5655.4.1.8.2.1) B-58
spIndex (1.3.6.1.4.1.5655.4.1.8.2.1.1) B-59
spName (1.3.6.1.4.1.5655.4.1.8.2.1.2) B-59
spType (1.3.6.1.4.1.5655.4.1.8.2.1.3) B-59
subscriberPropertiesValuesTable (1.3.6.1.4.1.5655.4.1.8.3) B-60
subscriberPropertiesValueEntry (1.3.6.1.4.1.5655.4.1.8.3.1) B-60
spvIndex (1.3.6.1.4.1.5655.4.1.8.3.1.1) B-60
spvSubName (1.3.6.1.4.1.5655.4.1.8.3.1.2) B-61
spvPropertyName (1.3.6.1.4.1.5655.4.1.8.3.1.3) B-61
spvRowStatus (1.3.6.1.4.1.5655.4.1.8.3.1.4) B-61
spvPropertyStringValue (1.3.6.1.4.1.5655.4.1.8.3.1.5) B-61
spvPropertyUintValue (1.3.6.1.4.1.5655.4.1.8.3.1.6) B-62
spvPropertyCounter64Value (1.3.6.1.4.1.5655.4.1.8.3.1.7) B-62
tpInfoTable (1.3.6.1.4.1.5655.4.1.9.1) B-62
tpInfoEntry (1.3.6.1.4.1.5655.4.1.9.1.1) B-63
tpModuleIndex (1.3.6.1.4.1.5655.4.1.9.1.1.1) B-63
tpIndex (1.3.6.1.4.1.5655.4.1.9.1.1.2) B-63
tpTotalNumHandledPackets (1.3.6.1.4.1.5655.4.1.9.1.1.3) B-64
tpTotalNumHandledFlows (1.3.6.1.4.1.5655.4.1.9.1.1.4) B-64
tpNumActiveFlows (1.3.6.1.4.1.5655.4.1.9.1.1.5) B-64
tpNumActiveFlowsPeak (1.3.6.1.4.1.5655.4.1.9.1.1.6) B-64
tpNumActiveFlowsPeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.7) B-65
tpNumTcpActiveFlows (1.3.6.1.4.1.5655.4.1.9.1.1.8) B-65
TpNumTcpActiveFlowsPeak (1.3.6.1.4.1.5655.4.1.9.1.1.9) B-65
tpNumTcpActiveFlowsPeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.10) B-65
tpNumUdpActiveFlows (1.3.6.1.4.1.5655.4.1.9.1.1.11) B-66
tpNumUdpActiveFlowsPeak (1.3.6.1.4.1.5655.4.1.9.1.1.12) B-66
tpNumUdpActiveFlowsPeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.13) B-66
tpNumNonTcpUdpActiveFlows (1.3.6.1.4.1.5655.4.1.9.1.1.14) B-66
tpNumNonTcpUdpActiveFlowsPeak (1.3.6.1.4.1.5655.4.1.9.1.1.15) B-67
tpNumNonTcpUdpActiveFlowsPeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.16) B-67
tpTotalNumBlockedPackets (1.3.6.1.4.1.5655.4.1.9.1.1.17) B-67
Contents
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxvii
Contents
tpTotalNumBlockedFlows (1.3.6.1.4.1.5655.4.1.9.1.1.18) B-67
tpTotalNumDiscardedPacketsDueToBwLimit (1.3.6.1.4.1.5655.4.1.9.1.1.19) B-68
tpTotalNumWredDiscardedPackets (1.3.6.1.4.1.5655.4.1.9.1.1.20) B-68
tpTotalNumFragments (1.3.6.1.4.1.5655.4.1.9.1.1.21) B-68
tpTotalNumNonIpPackets (1.3.6.1.4.1.5655.4.1.9.1.1.22) B-68
tpTotalNumIpCrcErrPackets (1.3.6.1.4.1.5655.4.1.9.1.1.23) B-69
tpTotalNumIpLengthErrPackets (1.3.6.1.4.1.5655.4.1.9.1.1.24) B-69
tpTotalNumIpBroadcastPackets (1.3.6.1.4.1.5655.4.1.9.1.1.25) B-69
tpTotalNumTtlErrPackets (1.3.6.1.4.1.5655.4.1.9.1.1.26) B-69
tpTotalNumTcpUdpCrcErrPackets (1.3.6.1.4.1.5655.4.1.9.1.1.27) B-70
tpClearCountersTime (1.3.6.1.4.1.5655.4.1.9.1.1.28) B-70
tpHandledPacketsRate (1.3.6.1.4.1.5655.4.1.9.1.1.29) B-70
tpHandledPacketsRatePeak (1.3.6.1.4.1.5655.4.1.9.1.1.30) B-70
tpHandledPacketsRatePeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.31) B-71
tpHandledFlowsRate (1.3.6.1.4.1.5655.4.1.9.1.1.32) B-71
tpHandledFlowsRatePeak (1.3.6.1.4.1.5655.4.1.9.1.1.33) B-71
tpHandledFlowsRatePeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.34) B-71
tpCpuUtilization (1.3.6.1.4.1.5655.4.1.9.1.1.35) B-72
tpCpuUtilizationPeak (1.3.6.1.4.1.5655.4.1.9.1.1.36) B-72
tpCpuUtilizationPeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.37) B-72
tpFlowsCapacityUtilization (1.3.6.1.4.1.5655.4.1.9.1.1.38) B-72
tpFlowsCapacityUtilizationPeak (1.3.6.1.4.1.5655.4.1.9.1.1.39) B-73
tpFlowsCapacityUtilizationPeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.40) B-73
tpServiceLoss (1.3.6.1.4.1.5655.4.1.9.1.1.41) B-73
pportTable (1.3.6.1.4.1.5655.4.1.10.1) B-73
pportEntry (1.3.6.1.4.1.5655.4.1.10.1.1) B-74
pportModuleIndex (1.3.6.1.4.1.5655.4.1.10.1.1.1) B-74
pportIndex (1.3.6.1.4.1.5655.4.1.10.1.1.2) B-74
pportType (1.3.6.1.4.1.5655.4.1.10.1.1.3) B-74
pportNumTxQueues (1.3.6.1.4.1.5655.4.1.10.1.1.4) B-75
pportIfIndex (1.3.6.1.4.1.5655.4.1.10.1.1.5) B-75
pportAdminSpeed (1.3.6.1.4.1.5655.4.1.10.1.1.6) B-75
pportAdminDuplex (1.3.6.1.4.1.5655.4.1.10.1.1.7) B-75
pportOperDuplex (1.3.6.1.4.1.5655.4.1.10.1.1.8) B-76
pportLinkIndex (1.3.6.1.4.1.5655.4.1.10.1.1.9) B-76
pportOperStatus (1.3.6.1.4.1.5655.4.1.10.1.1.10) B-76
txQueuesTable (1.3.6.1.4.1.5655.4.1.11.1) B-76
txQueuesEntry (1.3.6.1.4.1.5655.4.1.11.1.1) B-77
txQueuesModuleIndex (1.3.6.1.4.1.5655.4.1.11.1.1.1) B-77
txQueuesPortIndex (1.3.6.1.4.1.5655.4.1.11.1.1.2) B-77
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxviii
OL-7827-12
txQueuesQueueIndex (1.3.6.1.4.1.5655.4.1.11.1.1.3) B-77
txQueuesDescription (1.3.6.1.4.1.5655.4.1.11.1.1.4) B-78
txQueuesBandwidth (1.3.6.1.4.1.5655.4.1.11.1.1.5) B-78
txQueuesUtilization (1.3.6.1.4.1.5655.4.1.11.1.1.6) B-78
txQueuesUtilizationPeak (1.3.6.1.4.1.5655.4.1.11.1.1.7) B-78
txQueuesUtilizationPeakTime (1.3.6.1.4.1.5655.4.1.11.1.1.8) B-79
txQueuesClearCountersTime (1.3.6.1.4.1.5655.4.1.11.1.1.9) B-79
txQueuesDroppedBytes (1.3.6.1.4.1.5655.4.1.11.1.1.10) B-79
globalControllersTable (1.3.6.1.4.1.5655.4.1.12.1) B-79
globalControllersEntry (1.3.6.1.4.1.5655.4.1.12.1.1) B-80
globalControllersModuleIndex (1.3.6.1.4.1.5655.4.1.12.1.1.1) B-80
globalControllersPortIndex (1.3.6.1.4.1.5655.4.1.12.1.1.2) B-80
globalControllersIndex (1.3.6.1.4.1.5655.4.1.12.1.1.3) B-80
globalControllersDescription (1.3.6.1.4.1.5655.4.1.12.1.1.4) B-81
globalControllersBandwidth (1.3.6.1.4.1.5655.4.1.12.1.1.5) B-81
globalControllersUtilization (1.3.6.1.4.1.5655.4.1.12.1.1.6) B-81
globalControllersUtilizationPeak (1.3.6.1.4.1.5655.4.1.12.1.1.7) B-81
globalControllersUtilizationPeakTime (1.3.6.1.4.1.5655.4.1.12.1.1.8) B-82
globalControllersClearCountersTime (1.3.6.1.4.1.5655.4.1.12.1.1.9) B-82
globalControllersDroppedBytes (1.3.6.1.4.1.5655.4.1.12.1.1.10) B-82
appInfoTable (1.3.6.1.4.1.5655.4.1.13.1) B-82
appInfoEntry (1.3.6.1.4.1.5655.4.1.13.1.1) B-83
appName (1.3.6.1.4.1.5655.4.1.13.1.1.1) B-83
appDescription (1.3.6.1.4.1.5655.4.1.13.1.1.2) B-83
appVersion (1.3.6.1.4.1.5655.4.1.13.1.1.3) B-83
appPropertiesTable (1.3.6.1.4.1.5655.4.1.13.2) B-84
appPropertiesEntry (1.3.6.1.4.1.5655.4.1.13.2.1) B-84
apIndex (1.3.6.1.4.1.5655.4.1.13.2.1.1) B-84
apName (1.3.6.1.4.1.5655.4.1.13.2.1.2) B-84
apType (1.3.6.1.4.1.5655.4.1.13.2.1.3) B-85
appPropertiesValuesTable (1.3.6.1.4.1.5655.4.1.13.3) B-85
appPropertiesValueEntry (1.3.6.1.4.1.5655.4.1.13.3.1) B-85
apvIndex (1.3.6.1.4.1.5655.4.1.13.3.1.1) B-86
apvPropertyName (1.3.6.1.4.1.5655.4.1.13.3.1.2) B-86
apvRowStatus (1.3.6.1.4.1.5655.4.1.13.3.1.3) B-86
apvPropertyStringValue (1.3.6.1.4.1.5655.4.1.13.3.1.4) B-86
apvPropertyUintValue (1.3.6.1.4.1.5655.4.1.13.3.1.5) B-87
apvPropertyCounter64Value (1.3.6.1.4.1.5655.4.1.13.3.1.6) B-87
trafficCountersTable (1.3.6.1.4.1.5655.4.1.14.1) B-87
trafficCountersEntry (1.3.6.1.4.1.5655.4.1.14.1.1) B-87
Contents
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxix
Contents
trafficCounterIndex (1.3.6.1.4.1.5655.4.1.14.1.1.1) B-88
trafficCounterValue (1.3.6.1.4.1.5655.4.1.14.1.1.2) B-88
trafficCounterName (1.3.6.1.4.1.5655.4.1.14.1.1.3) B-88
trafficCounterType (1.3.6.1.4.1.5655.4.1.14.1.1.4) B-88
attackTypeTable (1.3.6.1.4.1.5655.4.1.15.1) B-89
attackTypeEntry (1.3.6.1.4.1.5655.4.1.15.1.1) B-89
attackTypeIndex (1.3.6.1.4.1.5655.4.1.15.1.1.1) B-89
attackTypeName (1.3.6.1.4.1.5655.4.1.15.1.1.2) B-89
attackTypeCurrentNumAttacks (1.3.6.1.4.1.5655.4.1.15.1.1.3) B-90
attackTypeTotalNumAttacks (1.3.6.1.4.1.5655.4.1.15.1.1.4) B-90
attackTypeTotalNumFlows (1.3.6.1.4.1.5655.4.1.15.1.1.5) B-90
attackTypeTotalNumSeconds (1.3.6.1.4.1.5655.4.1.15.1.1.6) B-90
vasServersTable (1.3.6.1.4.1.5655.4.1.16.1) B-91
vasServerEntry (1.3.6.1.4.1.5655.4.1.16.1.1) B-91
vasServerIndex (1.3.6.1.4.1.5655.4.1.16.1.1.1) B-91
vasServerId (1.3.6.1.4.1.5655.4.1.16.1.1.2) B-91
vasServerAdminStatus (1.3.6.1.4.1.5655.4.1.16.1.1.3) B-92
vasServerOperStatus (1.3.6.1.4.1.5655.4.1.16.1.1.4) B-92
mplsVpnSoftwareCountersTable (1.3.6.1.4.1.5655.4.1.17.1) B-92
mplsVpnSoftwareCountersEntry (1.3.6.1.4.1.5655.4.1.17.1.1) B-92
mplsVpnMaxHWMappings (1.3.6.1.4.1.5655.4.1.17.1.1.1) B-93
mplsVpnCurrentHWMappings (1.3.6.1.4.1.5655.4.1.17.1.1.2) B-93
Supported Standards B-94
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxx
OL-7827-12
About this Guide
Revised: June 15, 2009, OL-7827-12
Introduction
This preface describes who should read the Cisco SCE2000 and SCE1000 Software Configuration
Guide, how it is organized, and its document conventions.
This guide is for experienced network administrators who are responsible for configuring and
maintaining the SCE platform.
Note This guide applies to the Cisco SCE 2000 and the Cisco SCE1000 platforms. For information concerning
configuring the Cisco SCE8000 platform, refer to the Cisco SCE8000 10GBE Software Configuration
Guide or the Cisco SCE8000 GBE Software Configuration Guide.
Document Revision History
OL-7827-12
The Document Revision History below records changes to this document.
Table 1 Document Revision History
Cisco Service Control
Revision
OL-7827-12 3.5.5
OL-7827-11 3.5.0
Release and Date Change Summary
Added information regarding the following:
June, 2009
February, 2009
• New format of the connection-mode command and
new related show commands (see Configuring the
Connection, page 7-1)
• New show commands related to to the cascade
functionality (see CLI Commands for Cascaded
Systems, page 10-10)
Changed the title to Cisco SCE 2000 and SCE 1000
Software Configuration Guide to clarify that this guide
does not apply to the SCE8000 platform.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxxi
Introduction
Table 1 Document Revision History (continued)
Cisco Service Control
Revision
OL-7827-10 3.5.0
Release and Date Change Summary
Added the following features:
January, 2009
• Flow Capture, page 4-12
• Intelligent Traffic Mirroring, page 12-47
• Subscriber Database: Capacity and Limits, page 9-4
• Configuring the Actual Maximum Number of
Subscribers, page 9-37
OL-7827-09 3.1.6
May, 2008
OL-7827-08 3.1.5
November, 2007
Added the following new features
• IPinIP tunneling option
• Asymmetric L2 mode
• Running only SSHv2 (by disabling SSHv1)
The following chapter was updated to describe updated
VPN functionality:
• Managing Subscribers
Various minor corrections
OL-7827-07 3.1.5 LA
August, 2007
The following chapters were updated to describe the
updated VPN functionality:
About this Guide
OL-7827-06 3.1.0
May, 2007
• Configuring the Line Interface (How to Configure
Tunneling Protocols)
• Managing Subscribers
• MPLS/VPN Support
The following chapter was updated to describe the
updated TOS marking functionality:
• Configuring the Line Interface
Minor changes were made in the following chapters to
clarify certain topics and issues:
• Configuring the Line Interface: Hardware packet
drops
• Value Added Services (VAS) Traffic Forwarding:
Requirements for VAS Servers
• Redundancy and Fail-Over: Emphasize L1
connection of cascade ports.
• Proprietary MIB Reference
Added the following new feature:
• Asymmetric Routing Topology
The following chapter was updated to include the
NetflowV9 protocol option:
• Raw Data Formatting: The RDR Formatter and
NetFlow Exporting
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxxii
OL-7827-12
About this Guide
Table 1 Document Revision History (continued)
Cisco Service Control
Revision
OL-7827-05 3.0.5
Release and Date Change Summary
Added the following new feature:
November, 2006
• Managing the SCMP
The following sections were added or updated to explain
various CLI commands that had not previously appeared
in this guide:
• Monitoring the Operational Status of the SCE
Platform
• Monitoring the Connection Mode
• Link Failure Reflection in Linecard-Aware Mode
(SCE 2000 only)
• Removing Subscribers with Tunnel Mappings
• Traffic Rules
OL-7827-04 3.0.3
May, 2006
Added the following new features:
• MPLS/VPN Support (including MPLS/VPN-related
changes in Managing Subscribers and Configuring
Tunneling Protocols).
• Configuring VLAN Translation
Introduction
OL-7827-03 3.0
December, 2005
OL-7827-02 2.5.7
August, 2005
• VAS over 10G
The Proprietary MIB Reference was reorganized to reflect
reorganization of the pcube Enterprise MIB
Added the following new features:
• Value Added Services (VAS)
• Traffic Forwarding
• Monitoring SCE Platform Utilization
• Configuring the Management Ports for Redundancy
• Management Interface Security
• TACACS+ Authentication, Authorization and
Accounting
• Dynamic Mapping of RDRs to Categories
Complete reorganization and revision of product
documentation.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxxiii
Introduction
Organization
This guide contains the following sections:
Table 2 Document Organization
Section Title Description
1 Cisco Service Control Overview,
2 Command Line Interface, page 2-1 Detailed explanation of how to use the Cisco SCE
3 Operations, page 3-1 Explanation of how to manage configurations,
4 Utilities, page 4-1 Explanation of the setup wizard and the user log,
5 Configuring the Management
6 Configuring the Line Interface,
7 Configuring the Connection, page 7-1 Explanation of how to configure the connection
8 Raw Data Formatting: The RDR
9 Managing Subscribers, page 9-1 Explanation of how to import and export
10 Redundancy and Fail-Over, page 10-1 Explanation of how to configure and manage a
page 1-1
Interface and Security, page 5-1
page 6-1
Formatter and NetFlow Exporting,
page 8-1
About this Guide
Overview of SCE platform management.
Command-line Interface.
install applications and upgrade the system
software.
as well as of file operations.
Explanation of how to configure the various
management options: Telnet, SSH, and SNMP.
Also how to configure the system time, Domain
Name Settings, management IP address, and
passwords.
Explanation of how to configure tunneling, TOS
marking, and traffic rules.
mode, link mode, and failure behaviors
Explanation of how to configure the connection
mode, link mode, and failure behaviors.
subscriber information and how to monitor
subscribers.
redundant system.
11 Identifying and Preventing
Distributed-Denial-Of-Service
Attacks, page 11-1
12 Value Added Services (VAS) Traffic
Forwarding, page 12-1
13 MPLS/VPN Support, page 13-1 Explanation of MPLS/VPN support, and how to
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxxiv
This chapter applies only to the SCE 2000
platform
Explanation of how to configure attack filtering
Explanation of Value Added Services (VAS) and
how to configure VAS traffic forwarding
configure and monitor MPLS/VPN subscribers
and support
OL-7827-12
About this Guide
Introduction
Table 2 Document Organization (continued)
Section Title Description
14 Managing the SCMP, page 14-1 Explanation of Service Control Management
Protocol (SCMP), which is a protocol that
integrates the SCE platform and the ISG
(Intelligent Service Gateway) functionality of the
Cisco routers. It also explains how to configure
and manage SCMP, SCMP peer devices and the
RADIUS client.
A Monitoring SCE Platform Utilization,
page A-1
Explanation of how to monitor SCE platforms that
are installed in real traffic.
B Proprietary MIB Reference, page B-1 Definition of the proprietary Service Control
Enterprise MIB
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxxv
Introduction
Related Publications
Your SCE platform and the software running on it contain extensive features and functionality, which
are documented in the following resources:
• For further information regarding the Service Control CLI and a complete listing of all CLI
commands, refer to the Cisco SCE 2000 and SCE 1000 CLI Command Reference
• For information regarding configuring the Cisco SCE8000 platform, refer to thethe Cisco SCE8000
10GBE Software Configuration Guide or the Cisco SCE8000 GBE Software Configuration Guide.
• For complete installation information, including initial configuration, refer to the relevant
installation guide:
–
Cisco SCE 2000 4xGBE Installation and Configuration Guide
–
Cisco SCE 2000 4/8xFE Installation and Configuration Guide
–
Cisco SCE 1000 2xGBE Installation and Configuration Guide
• For initial installation and startup information, refer to the relevant quick start guide:
–
Cisco SCE 2000 4xGBE Quick Start Guide
About this Guide
–
Cisco SCE 2000 4/8xFE Quick Start Guide
–
Cisco SCE 1000 2xGBE Quick Start Guide
• For international agency compliance, safety, and statutory information for wide-area network
(WAN) interfaces for the SCE 2000 platform, refer to the regulatory and safety information
document:
–
Regulatory Compliance and Safety Information for Cisco Service Control Engine (SCE).
• For installation and configuration of the other components of the Service Control Management Suite
refer to:
–
Cisco SCMS Subscriber Management User Guide
–
Cisco SCMS Collection Manager User Guide
–
Cisco Service Control Application for Broadband User Guide
–
Cisco Service Control Application Reporter User Guide
• To view Cisco documentation or obtain general information about the documentation, refer to the
following sources:
–
Obtaining Documentation and Submitting a Service Request, page -xxxviii
–
The Cisco Information Packet that shipped with your SCE 2000 platform.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxxvi
OL-7827-12
About this Guide
Conventions
This document uses the following conventions:
Table 3 Conventions
Introduction
Convention Indication
bold font Commands and keywords and user-entered text appear in bold font.
italic font Document titles, new or emphasized terms, and arguments for which you supply
values are in italic font.
[ ] Elements in square brackets are optional.
{x | y | z } Required alternative keywords are grouped in braces and separated by
vertical bars.
[ x | y | z ] Optional alternative keywords are grouped in brackets and separated by
vertical bars.
string A nonquoted set of characters. Do not use quotation marks around the string or
the string will include the quotation marks.
courier font Terminal sessions and information the system displays appear in courier font.
< > Nonprinting characters such as passwords are in angle brackets.
[ ] Default responses to system prompts are in square brackets.
!, # An exclamation point (!) or a pound sign (#) at the beginning of a line of code
indicates a comment line.
Note Means reader take note.
Tip Means the following information will help you solve a problem.
Caution Means reader be careful. In this situation, you might perform an action that could result in equipment
damage or loss of data.
Timesaver Means the described action saves time. You can save time by performing the action described in
the paragraph.
Warning
Means reader be warned. In this situation, you might perform an action that could result in
bodily injury.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxxvii
About this Guide
Introduction
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly What's New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS)
feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds
are a free service and Cisco currently supports RSS version 2.0.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
xxxviii
OL-7827-12
Introduction
CHAPTER
1
Cisco Service Control Overview
Revised: June 15, 2009, OL-7827-12
This chapter provides a general overview of the Cisco Service Control solution. It introduces the Cisco
service control concept and capabilities.
It also briefly describes the hardware capabilities of the service control engine (SCE) platform and the
Cisco specific applications that together compose the total Cisco service control solution.
• Cisco Service Control Solution, page 1-1
• Cisco Service Control Capabilities, page 1-2
• SCE Platform Description, page 1-3
• Management and Collection, page 1-4
Cisco Service Control Solution
The Cisco service control solution is delivered through a combination of hardware and specific software
solutions that address various service control challenges. Service providers can use the SCE platform to
support classification, analysis, and control of Internet and IP traffic.
Service control enables service providers to:
• Capitalize on existing infrastructure.
• Analyze, charge for, and control IP network traffic at multigigabit wire line speeds.
• Identify and target high-margin content-based services and enable their delivery.
As the downturn in the telecommunications industry has shown, IP service providers’ business models
need to be reworked to make them profitable. Having spent billions of dollars to build ever larger data
links, providers have incurred massive debts and faced rising costs. At the same time, access and
bandwidth have become commodities where prices continually fall and profits disappear. Service
providers have realized that they must offer value-added services to derive more revenue from the traffic
and services running on their networks.
Cisco service control solutions allow the service provider to capture profits from IP services through
detailed monitoring, precise, real-time control, and awareness of services as they are delivered.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
1-1
Cisco Service Control Capabilities
Service Control for Broadband Service Providers
Service providers of any access technology (DSL, cable, mobile, and so on) targeting residential and
business consumers must find new ways to get maximum leverage from their existing infrastructure,
while differentiating their offerings with enhanced IP services.
The Cisco service control application for broadband adds a layer of service intelligence and control to
existing networks that can:
• Report and analyze network traffic at subscriber and aggregate level for capacity planning
• Provide customer-intuitive tiered application services and guarantee application service level
agreements (SLAs)
• Implement different service levels for different types of customers, content, or applications
• Identify network abusers who are violating the acceptable use policy (AUP)
• Identify and manage peer-to-peer traffic, NNTP (news) traffic, and spam abusers
• Enforce the AUP
• Integrate Service Control solutions easily with existing network elements and business support
systems (BSS) and operational support systems (OSS)
Chapter 1 Cisco Service Control Overview
Cisco Service Control Capabilities
The core of the Cisco service control solution is the network hardware device: the Service control engine
(SCE). The core capabilities of the SCE platform, which support a wide range of applications for
delivering service control solutions, include:
• Subscriber and application awareness—Application-level drilling into IP traffic for real-time
understanding and controlling of usage and content at the granularity of a specific subscriber.
–
Subscriber awareness—The ability to map between IP flows and a specific subscriber to
maintain the state of each subscriber transmitting traffic through the SCE platform and to
enforce the appropriate policy on this subscriber’s traffic.
Subscriber awareness is achieved either through dedicated integrations with subscriber
management repositories, such as a DHCP or a RADIUS server, or through sniffing of RADIUS
or DHCP traffic.
–
Application awareness—The ability to understand and analyze traffic up to the application
protocol layer (Layer 7).
For application protocols implemented using bundled flows (such as FTP, which is implemented
using Control and Data flows), the SCE platform understands the bundling connection between
the flows and treats them accordingly.
• Application-layer, stateful, real-time traffic control—The ability to perform advanced control
functions, including granular bandwidth (BW) metering and shaping, quota management, and
redirection, using application-layer, stateful, real-time traffic transaction processing. This requires
highly adaptive protocol and application-level intelligence.
• Programmability—The ability to quickly add new protocols and adapt to new services and
applications in the service provider environment. Programmability is achieved using the Cisco
Service Modeling Language (SML).
Programmability allows new services to be deployed quickly and provides an easy upgrade path for
network, application, or service growth.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
1-2
OL-7827-12
Chapter 1 Cisco Service Control Overview
• Robust and flexible back-office integration—The ability to integrate with existing third-party
systems at the service provider, including provisioning systems, subscriber repositories, billing
systems, and OSS systems. The SCE provides a set of open and well-documented APIs that allows
a quick integration process.
• Scalable high-performance service engines—The ability to perform all of these operations at wire
speed.
SCE Platform Description
The SCE family of programmable network devices performs application-layer stateful-flow inspection
of IP traffic, and controls the traffic based on configurable rules. The SCE platform is a network device
that uses ASIC components and reduced instruction set computer (RISC) processors to exceed beyond
packet counting and expand into the contents of network traffic. Providing programmable, stateful
inspection of bidirectional traffic flows, and mapping these flows with user ownership, SCE platforms
provide real-time classification of network use. The classification provides the basis of the SCE platform
advanced traffic-control and bandwidth-shaping functionality. Where most bandwidth shaper
functionality ends, the SCE platform provides further control and shaping options, including:
• Layer 7 stateful wire-speed packet inspection and classification
• Robust support for more than 600 protocols and applications, including:
SCE Platform Description
–
General—HTTP, HTTPS, FTP, Telnet, Network News Transfer Protocol (NNTP), Simple Mail
Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), Internet Message Access Protocol
(IMAP), Wireless Application Protocol (WAP), and others
–
Peer-to-Peer (P2P) file sharing—FastTrack-KazaA, Gnutella, BitTorrent, Winny, Hotline,
eDonkey, DirectConnect, Piolet, and others
–
P2P VoIP—Skype, Skinny, DingoTel, and others
–
Streaming and Multimedia—Real Time Streaming Protocol (RTSP), Session Initiation Protocol
(SIP), HTTP streaming, Real Time Protocol (RTP) and Real Time Control Protocol (RTCP), and
others
• Programmable system core for flexible reporting and bandwidth control
• Transparent network and BSS and OSS integration into existing networks
• Subscriber awareness that relates traffic and usage to specific customers
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
1-3
Management and Collection
L
IN
K
R
X
C
i
s
c
o
S
C
E
2
0
0
0
S
e
r
i
e
s
4
x
G
B
E
T
X
R
X
M
M
T
X
L
I
N
K
R
X
T
X
R
X
M
M
T
X
L
I
N
K
R
X
T
X
R
X
M
M
T
X
L
I
N
K
R
X
T
X
R
X
M
M
T
X
G
B
E
-
1
S
U
B
L
I
N
E
N
E
T
P
W
R
B
S
T
A
T
U
S
P
W
R
A
B
Y
P
A
S
S
1
0
/
1
0
0
/
1
0
0
0
L
I
N
K
/
A
C
T
I
V
E
1
0
/
1
0
0
/
1
0
0
0
L
I
N
K
/
A
C
T
I
V
E
G
B
E
-
2
S
U
B
L
I
N
E
/C
A
S
C
A
D
E
N
E
T
A
U
X
CO
N
SO
LE
M
N
G
2
M
N
G
1
UsersCorporate
Aggregation
device
DSL
CMTS
SCE platform
Provider
network
Peer network
& Internet
92764
Figure 1-1 illustrates a common deployment of an SCE platform in a network.
Figure 1-1 SCE Platform in the Network
Chapter 1 Cisco Service Control Overview
Management and Collection
The Cisco service control solution includes a complete management infrastructure that provides the
following management components to manage all aspects of the solution:
• Network management
• Subscriber management
• Service Control management
These management interfaces are designed to comply with common management standards and to
integrate easily with existing OSS infrastructure (Figure 1-2).
1-4
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 1 Cisco Service Control Overview
L
IN
K
R
X
C
is
c
o
S
C
E
2
0
0
0
S
e
r
i
e
s
4
x
G
B
E
T
X
R
X
M
M
T
X
L
I
N
K
R
X
T
X
R
X
M
M
T
X
L
I
N
K
R
X
T
X
R
X
M
M
T
X
L
I
N
K
R
X
T
X
R
X
M
M
T
X
G
B
E
-1
S
U
B
L
I
N
E
N
E
T
P
W
R
B
S
T
A
T
U
S
P
W
R
A
B
Y
P
A
S
S
1
0
/
1
0
0
/
1
0
0
0
L
I
N
K
/
A
C
T
I
V
E
1
0
/
1
0
0
/
1
0
0
0
L
I
N
K
/
A
C
T
I
V
E
G
B
E
-
2
S
U
B
L
IN
E
/
C
A
S
C
A
D
E
N
E
T
A
U
X
C
ON
SO
L
E
M
N
G
2
M
N
G
1
92763
Aggregation
device
SCE platform
RDRs
CLI and SNMP
XML/RPC
Subscriber info
Router
DHCP
or RADIUS
Subscriber
Manager
Provisioning
system
Service
policy and quota
management
Network
management
Collection
Manager
Figure 1-2 Service Control Management Infrastructure
Management and Collection
Network Management
The Cisco service control solution provides complete network Fault, Configuration, Accounting,
Performance, Security (FCAPS) Management.
Two interfaces provide network management:
• Command-line interface (CLI)—Accessible through the Console port or through a Telnet
connection, the CLI is used for configuration and security functions.
• SNMP—Provides fault management (through SNMP traps) and performance-monitoring
functionality.
Subscriber Management
Where the Cisco service control application for broadband (SCA BB) enforces policies on different
subscribers and tracks usage on an individual subscriber basis, the Cisco service control management
suite (SCMS) subscriber manager (SM) may be used as middleware software for bridging between OSS
and SCE platforms. Subscriber information is stored in the SM database and can be distributed between
multiple platforms according to actual subscriber placement.
The SM provides subscriber awareness by mapping network IDs to subscriber IDs. It can obtain
subscriber information using dedicated integration modules that integrate with AAA devices, such as
RADIUS or DHCP servers.
OL-7827-12
Subscriber information may be obtained in one of two ways:
• Push Mode—The SM pushes subscriber information to the SCE platform automatically upon logon
• Pull Mode—The SM sends subscriber information to the SCE platform in response to a query from
of a subscriber.
the SCE platform.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
1-5
Management and Collection
Service Configuration Management
Service configuration management is the ability to configure the general service definitions of a service
control application. A service configuration file containing settings for traffic classification, accounting
and reporting, and control is created and applied to an SCE platform. The SCA BB application provides
tools to automate the distribution of these configuration files to SCE platforms. This standards-based
approach makes it easy to manage multiple devices in a large network.
Service Control provides a GUI to edit and create these files and a complete set of APIs to automate their
creation.
Data Collection
Data collection occurs as follows:
1. All analysis and data processing functions of the SCE platform result in the generation of Raw Data
Records (RDRs), which the SCE platform forwards using a simple TCP-based protocol
(RDR-Protocol).
2. RDRs are processed by the Cisco service control management suite collection manager.
Chapter 1 Cisco Service Control Overview
3. The collection manager software is an implementation of a collection system that receives RDRs
from one or more SCE platforms. It collects these records and processes them in one of its adapters.
Each adapter performs a specific action on the RDR.
RDRs contain a variety of information and statistics, depending on the configuration of the system.
Three main categories of RDRs include:
• Transaction RDRs—Records generated for each transaction, where a transaction is a single event
detected in network traffic. The identification of a transaction depends on the particular application
and protocol.
• Subscriber Usage RDRs—Records generated per subscriber, describing the traffic generated by that
subscriber for a defined interval.
• Link RDRs—Records generated per link, describing the traffic carried on the link for a defined
interval.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
1-6
OL-7827-12
Introduction
CHAPTER
2
Command Line Interface
Revised: June 15, 2009, OL-7827-12
This chapter describes how to use the SCE platform Command-Line Interface (CLI), its hierarchical
structure, authorization levels and its help features. The Command-Line Interface is one of the SCE
platform management interfaces.
The CLI is accessed through a Telnet session or directly via the console port on the front panel of the
SCE platform. When you enter a Telnet session, you enter as the simplest level of user, in the User Exec
mode.
The SCE platform supports up to eleven concurrent CLI sessions; five sessions initiated by Telnet
connection, five sessions by SSH connection, and one session on the console port.
• Authorization and Command Levels (Hierarchy), page 2-2
• CLI Help Features, page 2-9
• Navigational and Shortcut Features, page 2-11
• Managing Command Output, page 2-14
• Creating a CLI Script, page 2-16
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-1
Authorization and Command Levels (Hierarchy)
Authorization and Command Levels (Hierarchy)
• CLI Command Mode Hierarchy, page 2-3
• Prompt Indications, page 2-6
• Navigating Between Authorization Levels and Command Modes, page 2-7
When using the CLI there are two important concepts that you must understand to navigate:
• Authorization Level — Indicates the level of commands you can execute. A user with a simple
authorization level can only view some information in the system, while a higher level administrator
can actually make changes to configuration.
This manual documents commands at the user exec, privileged exec, and admin authorization levels.
• Command Hierarchy Level — Provides you with a context for initiating commands. Commands are
broken down into categories and you can only execute each command within the context of its
category. For example, to configure parameters related to the Line Card, you need to be within the
Linecard Interface Configuration Mode. CLI Command Mode Hierarchy, page 2-3
The following sections describe the available Authorization and Command Hierarchy Levels and how to
maneuver within them.
The on-screen prompt indicates both your authorization level and your command hierarchy level, as well
as the assigned host name.
Chapter 2 Command Line Interface
Note Throughout the manual, SCE is used as the sample host name.
CLI Authorization Levels
The SCE platform has four authorization levels, which represent the user access permissions. When you
initially connect to the SCE platform, you automatically have the most basic authorization level, that is
User, which allows minimum functionality.
To monitor the system, you must have Viewer authorization, while to perform administrative functions
on the SCE platform, you must have Admin or Root authorization. A higher level of authorization is
accessed by logging in with appropriate password, as described in the procedures below.
In each authorization level, all the commands of the lower authorization layers are available in addition
to commands that are authorized only to the current level.
The following CLI commands are related to authorization levels:
• enable
• disable
Each authorization level has a value (number) corresponding to it. When using the CLI commands, use
the values, not the name of the level, as shown in Tab le 2-1 .
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-2
OL-7827-12
Chapter 2 Command Line Interface
Table 2-1 Authorization Levels
Level Description Value Prompt
User Password required. This level enables basic operational functionality. 0
Viewer Password required. This level enables monitoring functionality. All show
commands are available to the Viewer authorization level, with the exception
of those that display password information.
Admin Password required. For use by general administrators, the Admin
authorization level enables configuration and management of the SCE
platform.
Root Password required. For use by technical field engineers, the Root
authorization level enables configuration of all advanced settings, such as
debug and disaster recovery. The Root level is used by technical engineers
only.
CLI Command Mode Hierarchy
Authorization and Command Levels (Hierarchy)
>
5 >
10 #
15
#>
The set of all CLI commands is grouped in hierarchical order, according to the type of the commands.
The first two levels in the hierarchy are the User Exec and Privileged Exec modes. These are
non-configuration modes in which the set of available commands enables the monitoring of the SCE
platform, file system operations, and other operations that cannot alter the configuration of the SCE
platform.
The next levels in the hierarchy are the Global and Interface configuration modes, which hold a set of
commands that control the global configuration of the SCE platform and its interfaces. Any of the
parameters set by the commands in these modes should be saved in the startup configuration, such that
in the case of a reboot, the SCE platform restores the saved configuration.
Table 2-2 shows the available CLI modes.
Table 2-2 CLI Modes
Mode Description Level Prompt indication
User Exec Initial mode. Also allows
User/Viewer
SCE >
monitoring of the system (show
commands).
Privileged Exec General administration; file
system manipulations and
control of basic parameters that
• Admin
• Root
• SCE #
• SCE #>
do not change the configuration
of the SCE platform.
Global Configuration Configuration of general system
parameters, such as DNS, host
name, and time zone.
• Admin
• Root
• SCE (config)#
• SCE (config)# >
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-3
Authorization and Command Levels (Hierarchy)
Table 2-2 CLI Modes (continued)
Mode Description Level Prompt indication
Interface Configuration Configuration of specific system
Interface Range
Configuration
Line Configuration Configuration of Telnet lines,
When you login to the system, you have the User authorization level and enter User Exec mode.
Changing the authorization level to Viewer does not change the mode. Changing the authorization level
to Admin automatically moves you to Privileged Exec mode. To move to any of the configuration modes,
you must enter commands specific to that mode.
interface parameters, for the
following interface modes.
• linecard interface
• management interface
• specific traffic interface
Configuration of a range of
traffic interfaces.
such as an access-list.
• Admin
• Root
• Admin
• Root
• Admin
• Root
Chapter 2 Command Line Interface
• SCE(config if)#
• SCE(config if)#>
• SCE(config if range)#
• SCE(config if range)#>
• SCE (config-line)#
• SCE (config-line)#>
The list of available commands in each mode can be viewed using the question mark ‘?’ at the end of the
prompt.
Figure 2-1 illustrates the hierarchical structure of the CLI modes, and the CLI commands used to enter
and exit a mode.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-4
OL-7827-12
Chapter 2 Command Line Interface
ExitE5ExitExitE1 ExitE2 ExitE3 E4
Interface
Range
Configuration
Mode
Line
Configuration
Mode
Interface
Configuration
Mode
(Traffic)
Management
Interface
Configuration
Mode
Interface Configuration Mode
Line Card
Interface
Configuration
Mode
Privileged Exec Mode
Global Configuration Mode
ExitConfigure
User Exec Mode
DisableEnable
210640
Figure 2-1 CLI Command Modes
Authorization and Command Levels (Hierarchy)
The following commands are used to enter the different configure interface modes and the Line
Configuration Mode:
• E1 interface Linecard 0
• E2 interface Mng 0/1 or 0/2 (management port, all platforms)
• E3:
• E4:
–
SCE 1000: interface GigabitEthernet 0/1 or 0/2
–
SCE 2000: interface TenGigabitEthernet 0/1, 0/2, 0/3, or 0/4
–
SCE 1000: interface range GigabitEthernet 0/1-2
–
SCE 2000: interface range TenGigabitEthernet 0/<port-range (any range between 1 and
4)>
• E5 line vty 0
Note Although the system supports up to five concurrent Telnet connections, you cannot configure them
separately. This means that any number you enter in the line vty command (0, 1, 2, 3 or 4 ) will act as a
0 and configure all five connections together.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-5
Authorization and Command Levels (Hierarchy)
Note In order for the auto-completion feature to work, when you move from one interface configuration mode
to another, you must first exit the current interface configuration mode (as illustrated in the above
figure).
Example:
This example illustrates moving into and out of configuration modes as follows:
• Enter global configuration mode
• Configure the SCE platform time zone
• Enter Mng Interface configuration mode for Mng port 1
• Configure the speed of the management interface
• Exit the Mng Interface configuration mode to the global configuration mode
• Enter the Linecard Interface configuration
• Define the link mode
• Exit Linecard Interface configuration mode to the global configuration mode
• Exit global configuration mode
SCE#configure
SCE(config)#clock timezone PST -10
SCE(config)#interface Mng 0/1
SCE(config if)#speed 100
SCE(config if)#exit
SCE(config)#interface Linecard 0
SCE(config if)#link mode all-links forwarding
SCE(config if)#exit
SCE(config)#exit
sce#
Chapter 2 Command Line Interface
Prompt Indications
The on-screen prompt indicates your authorization level, your command hierarchy level, and the
assigned host name. The structure of the prompt is:
<hostname (mode-indication) level-indication>
Authorization levels are indicated as shown in Tab le 2 -3.
Table 2-3 Prompt Indications: Authorization Levels
This prompt... Indicates this...
> User and Viewer levels
# Admin level
#> Root level
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-6
OL-7827-12
Chapter 2 Command Line Interface
Command hierarchy levels are indicated as shown in Table 2 -4.
Table 2-4 Prompt Indications: Command Mode Levels
This command hierarchy... Is indicated as...
User Exec SCE>
Privileged Exec sce#
Global Configuration SCE (config)#
Interface Configuration SCE (config if)#
Interface Range Configuration SCE (config if range)#
Line Configuration SCE (config-line)#
Example:
The prompt SCE1(config if)# indicates:
• The name of the SCE platform is SCE1
• The current CLI mode is Interface configuration mode
• The user has Admin authorization level
Authorization and Command Levels (Hierarchy)
Navigating Between Authorization Levels and Command Modes
The authorization levels and command modes function together in one hierarchy. The User and Viewer
authorization levels have only a single command mode. When you enter either the Admin or Root
authorization level (which function in parallel), you enter the Privileged Exec command mode. From
this command mode you can access the other command modes.
• User Exec authorization level
• Viewer authorization level
• Privileged Exec command mode (you are now in either Admin or Root authorization level)
• Global Configuration command mode
From this command mode, the following Interface Command Modes can be accessed:
–
Management Interface Configuration
–
Linecard Interface Configuration
–
GigabitEthernet Interface Configuration (GBE traffic interfaces)
–
Interface Range Configuration (range of traffic interfaces)
–
Line Configuration
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-7
Authorization and Command Levels (Hierarchy)
Table 2-5 summarizes how to navigate the CLI command hierarchy.
Table 2-5 CLI Command Hierarchy
Chapter 2 Command Line Interface
Authorization Level or
Command Mode Use this command to access
Use this command to
exit
User Exec Not applicable logout or exit (exits the
current CLI session)
Viewer enable 5 disable
Privileged Exec enable 10 or enable 15 (accesses root level) disable
Global Configuration configure exit (exits to Privileged
Exec)
end (exits to User Exec)
Management Interface
Configuration
(management)
Linecard Interface
Configuration
interface Mng 0/1 or 0/2 exit (exits to Global
Configuration)
end (exits to User Exec)
interface linecard 0 exit (exits to Global
Configuration)
end (exits to User Exec)
GigabitEthernet Interface
Configuration (traffic)
SCE 2000: interface gigabitethernet 0/1, 0/2,
0/3, or 0/4
SCE 1000: interface gigabitethernet 0/1 or
exit (exits to Global
Configuration)
end (exits to User Exec)
0/2
OR
SCE 2000: interface range gigabitethernet
0/<port-range (any range between 1 and 4)
2-8
SCE 1000: interface range gigabitethernet
0/1-2
Line Configuration line vty 0 exit (exits to Global
Configuration)
end (exits to User Exec)
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 2 Command Line Interface
Configuring the Physical Ports
The SCE platform contains the following physical port interfaces:
• Management:
The following commands are used to configure the management port:
–
ip address
–
duplex
–
speed
–
active-port
–
auto-fail-over
• Gigabit Ethernet
The following commands are used to configure the Gigabit Ethernet line ports. These are the
commands for which the range interface mode is relevant; use the range interface command to
configure more than one interface at a time if you are configuring them to identical values.
–
auto-negotiate
–
bandwidth
–
queue
CLI Help Features
CLI Help Features
CLI provides context sensitive help. Two types of context sensitive help are supported:
• Partial Help, page 2-9
• Argument Help, page 2-10
Partial Help
To obtain a list of commands that begin with a particular character string, enter the abbreviated command
entry immediately followed by a question mark (?). This form of help is called partial help, because it
lists only the keywords or arguments that begin with the abbreviation you entered.
Example:
The following example illustrates how typing c? displays all available arguments that start with the letter
c.
SCE(config)#snmp-server c?
Community contact
SCE(config)#snmp-server c
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-9
CLI Help Features
Argument Help
Chapter 2 Command Line Interface
To obtain a list of command’s associated keywords or parameters, type a question mark (?) in place of a
keyword or parameter on the command line.
Note that if <Enter> is acceptable input, the symbol <cr> represents the Enter key.
Example:
The following example illustrates how to get a list of all arguments or keywords expected after the
command snmp-server.
SCE(config)#snmp-server ?
community Define community string
contact Set system contact
enable Enable the SNMP agent
host Set traps destination
interface Set interface parameters
SCE(config)# snmp-server
When asking for help on particular parameter, the system informs you of the type of data that is an
accepted legal value. The types of parameters supported are:
STRING: When a String is expected, you can enter any set of characters or digits. If the string has
a space as one of its characters, use double-quote (“) marks to enclose the string.
DECIMAL: Any decimal number. Positive number is assumed, for negative numbers use the “–”
symbol.
HEX: A hexadecimal number; must start with either 0x or 0X.
Example:
The following example illustrates the use of ? to get help on commands syntax. In this example, you can
enter either the word running-config, or any name of a file, after the word copy.
SCE#copy ?
running-config Copy running configuration file
startup-config Backup the startup-config to a specified destination
STRING Source file
SCE#copy
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-10
OL-7827-12
Chapter 2 Command Line Interface
Table 2-6 summarizes the CLI help features.
Table 2-6 Getting Help
Command Purpose
? List all commands available for a particular
<abbreviated-command-entry>?
Example:
c?
calendar cd clear clock configure
copy copy-passive
<abbreviated-command-entry><Tab>
Example:
en <Tab>
enable
<command>? List the keywords associated with the specified
<command keyword> ?
Example:
show ?
access-lists Show all access-lists
Navigational and Shortcut Features
command mode
Obtain a list of commands that begin with a
particular character string.
(Do not leave a space between the command and
question mark.)
Complete a partial command name.
command.
List the arguments associated with the specified
keyword.
Leave a space between the keyword and question
mark
Navigational and Shortcut Features
• Command History, page 2-11
• Keyboard Shortcuts, page 2-12
• Auto-Completion, page 2-13
• FTP User Name and Password, page 2-13
• The "do" Command: Executing Commands Without Exiting, page 2-14
Command History
CLI maintains a history buffer of the most recent commands you used in the current CLI session for
quick retrieval. Using the keyboard, you can navigate through your last commands, one by one, or all
commands that start with a given prefix. By default, the system saves the last 30 commands you typed.
You can change the number of commands remembered using the history size command.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-11
Navigational and Shortcut Features
To use the history functions, use the keys shown in Table 2 -7.
Table 2-7 Keyboard Shortcuts for History Functions
Arrow Shortcut Description
Up arrow Ctrl-P Move cursor to the previous command with the same prefix.
Down arrow Ctrl-N Moves the cursor to the next command with the same prefix
Keyboard Shortcuts
The SCE platform has several keyboard shortcuts that make it easier to navigate and use the system.
Table 2-8 shows the keyboard shortcuts available.
You can get a display the keyboard shortcuts at any time by typing help bindings.
Ctrl-L
Ctrl-R
Chapter 2 Command Line Interface
as original.
Re-display the current command line.
Table 2-8 Keyboard Shortcuts
Description Shortcut key
Navigational shortcuts
Move cursor one character to the right. CTRL-F /->
Move cursor one character to the left. CTRL-B /<-
Move cursor one word to the right (forward). ESC-F
Move cursor one word to the left (backward). ESC-B
Move cursor to the start of the line. CTRL-A
Move cursor to the end of the line. CTRL-E
Editing shortcuts
Delete the character where the cursor is located. CTRL-D
Delete from the cursor position to the end of the word. ESC-d
Delete the character before the current location of the cursor. Backspace
Delete the character before the current location of the cursor. CTRL-H
Deletes from the cursor position to the end of the line CTRL-K
Deletes all characters from the cursor to the beginning of the line CTRL-U
Delete the word to the left of the cursor. CTRL-W
Recall the last item deleted. CTRL-Y
Completes the word when there is only one possible completion. <Tab>
Completes the word when there is only one possible completion. (Same
CTRL-I
functionality as <Tab>.)
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-12
OL-7827-12
Chapter 2 Command Line Interface
Auto-Completion
The CLI interface features tab completion. When you type in the first letters of a command and type
<Tab>, the system automatically fills in the rest of the command or keyword. This feature works only
when there is one command that could be possible using the starting letters.
Example 1
The letters snm followed by <Tab> will be completed to the command snmp-server.
SCE(config)#snm <Tab>
SCE(config)#snmp-server
If you type <Enter> instead of <Tab>, and there is no ambiguity, the system actually carries out the
command that is the result of the auto-completion.
Example 2
The following example displays how the system completes a partial (unique) command for the enable
command. The system carries out the command using the default authorization level (10) when you press
Enter.
SCE>en <Enter>
Password:
sce#
Navigational and Shortcut Features
Example 3
The following example illustrates how to use the completion feature with a non-default value for the
argument. In this example, the enable command is completed using the specified value (15) for the
authorization level.
SCE>en 15 <Enter>
Password:
sce#
FTP User Name and Password
CLI enables saving FTP user name and password to be used in FTP operations—download and upload,
per session.
These settings are effective during the current CLI session.
The following example illustrates how to set FTP password and user name and the use in these settings
for getting a file named config.tmp from a remote station using FTP protocol.
sce#ip FTP password 1234
sce#ip FTP username cisco
sce#copy ftp://@10.10.10.10/h:/config.tmp myconf.txt
connecting 10.1.1.253 (user name cisco password 1234) to retrieve config.tmp
sce#
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-13
Managing Command Output
The "do" Command: Executing Commands Without Exiting
There are four configuration command modes:
• Global configuration mode
• Management interface configuration mode
• Interface configuration mode
• Line configuration mode
When you are in one of these configuration modes, it is possible to execute an EXEC mode command
(such as a show command) or a privileged EXEC (such as show running-config ) without exiting to the
relevant command mode. Use the 'do' command for this purpose.
How to execute an exec mode command from a configuration command mode
Step 1 At the SCE(config)# (or SCE(config if)# ) prompt, type do <command>.
The specified command executes without exiting to the appropriate exec command mode.
Chapter 2 Command Line Interface
The following example shows how to display the running configuration while in interface configuration
mode.
SCE(config if#) do show running-config
Managing Command Output
• Scrolling the Screen Display, page 2-15
• Filtering Command Output, page 2-15
• Redirecting Command Output to a File, page 2-15
Some commands, such as many show commands, may have many lines of output. There are several ways
of managing the command output:
• Scrolling options — When the command output is too large to be displayed all at once, you can
control whether the display scrolls line by line or refreshes the entire screen.
• Filtering options — You can filter the output so that output lines are displayed only if they include
or exclude a specified expression.
• Redirecting to a file — You can send the output to a specified file.
Note that by default, the show commands act the same as the more commands; that is, the output is
displayed interactively a single screen at a time. Use the no more (on page ) command to disable this
feature so that show commands display the complete output all at one time.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-14
OL-7827-12
Chapter 2 Command Line Interface
Scrolling the Screen Display
The output of some show and dir commands is quite lengthy and cannot all be displayed on the screen
at one time. Commands with many lines of output are displayed in chunks of 24 lines. You can choose
to scroll the display line by line or refresh the entire screen. At the prompt after any line, you can type
one of the following keys for the desired action:
• <Enter>- Show one more line
• <Space>- Show 24 more lines (a new chunk)
• <g>- Stop prompting for more
• <?>- Display a help string showing possible options
• Any other key- Quit showing the file
Filtering Command Output
You can filter the output of certain commands, such as show, more, and dir, so that output lines are
displayed only if they include or exclude a specified expression. The filtering options are as follows:
• include — Shows all lines that include the specified text.
Managing Command Output
• exclude — Does not show any lines that include the specified text.
• begin — Finds the first line that includes the specified text, and shows all lines starting from that
line. All previous lines are excluded.
The syntax of filtered commands is as follows:
• <command>| include <expression>
• <command>| exclude <expression>
• <command>| begin <expression>
Following is an example of how to filter the show version command to display only the last part of the
output, beginning with the version information.
sce# show version | begin revision
Redirecting Command Output to a File
You can redirect the output of commands, such as show, more, and dir, to a file. When writing the output
of these commands to a file, you can specify either of the following options:
• redirect — The new output of the command will overwrite the existing contents of the file.
• append — The new output of the command will be appended to the existing contents of the file.
The syntax of redirection commands is as follows:
• <command>| redirect <file-name>
• <command>| append <file-name>
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-15
Creating a CLI Script
Following is an example of how to do the following:
• Filter the more command to display from a csv subscriber file only the gold package subscribers.
• Redirect that output to a file named current_gold_subscribers. The output should not overwrite
existing entries in the file, but should be appended to the end of the file.
sce# more subscribers_10.10.2004 include gold | append current_gold_subscribers
Creating a CLI Script
The CLI scripts feature allows you to record several CLI commands together as a script and play it back.
This is useful for saving repeatable sequence of commands, such as software upgrade. For example, if
you are configuring a group of SCE platforms and you want to run the same configuration commands on
each platform, you could create a script on one platform and run it on all the other SCE platforms. The
available script commands are:
• script capture
• script stop
• script print
• script run
Chapter 2 Command Line Interface
Step 1 At the sce# prompt, type script capture sample1.scr where sample1.scr is the name of the script.
Step 2 Perform the actions you want to be included in the script.
Step 3 Type script stop.
The system saves the script.
The following is an example of recording a script for upgrading software.
SCE#script capture upgrade.scr
sce#configure
SCE(config)#boot system new.pkg
Verifying package file...
Package file verified OK.
SCE(config)#exit
sce#copy running-config startup-config
Writing general configuration file to temporary location...
Extracting files from ‘/tffs0/images/new.pkg’...
Verifying package file...
Package file verified OK.
Device ‘/tffs0/’ has 81154048 bytes free, 21447973 bytes are needed for extraction, all is
well.
Extracting files to temp locations...
Renaming temp files...
Extracted OK.
Backing-up general configuration file...
Copy temporary file to final location...
sce#script stop
sce#
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
2-16
OL-7827-12
Introduction
CHAPTER
3
Operations
Revised: June 15, 2009, OL-7827-12
This module describes basic operations necessary for managing the SCE platform.
• Managing Configurations, page 3-1
• Upgrading the SCE Platform Firmware, page 3-7
• Downgrading the SCE Platform to a Previous Version, page 3-8
• Managing Application Files, page 3-9
• Monitoring the Operational Status of the SCE Platform, page 3-12
• Displaying the SCE Platform Version Information, page 3-13
• Displaying the SCE Platform Inventory, page 3-14
• Displaying the System Uptime, page 3-15
• Rebooting and Shutting Down the SCE Platform, page 3-15
Managing Configurations
This section explains how to view, save, and recover configuration files, as well as how to create a
backup configuration file.
• Viewing Configurations, page 3-2
• Removing the Configuration, page 3-3
• Saving the Configuration Settings, page 3-4
• Restoring a Previous Configuration, page 3-5
• Backing Up Configuration Files, page 3-6
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-1
Managing Configurations
The SCE platform uses two configuration files:
• Startup configuration — This file contains the non-default configuration as saved by the user. The
startup-config file is loaded each time the SCE platform reboots.
• Running configuration — This file contains results of configuration commands entered by the user.
The running-config file is saved in the SCE platform volatile memory and is effective only as long
as the SCE platform is up and running.
Use the following commands to view and save the configuration files.
You can also recover a previous configuration from a saved configuration file, as well as completely
remove all current user configuration.
Viewing Configurations
When you enter configuration commands, it immediately effects the SCE platform operation and
configuration. This configuration, referred to as the running-config, is saved in the SCE platform
volatile memory and is effective while the SCE platform is up. After reboot, the SCE platform loads the
startup-config, which includes the non-default configuration as saved by the user, into the
running-config.
Chapter 3 Operations
The SCE platform provides commands for:
• Viewing the running configuration
• Viewing the startup configuration
After configuring the SCE platform, you may query for the running configuration using the command
show running-config. This command displays the non-default running configuration. To view all SCE
platform running configuration, whether it is the default or not, you may use the option all-data in the
show running-config command.
Step 1 At the SCE# prompt, type show running-config and press Enter.
The specified configuration file is displayed.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-2
OL-7827-12
Chapter 3 Operations
Viewing Configurations: Example
This example shows how to view the running configuration.
SCE#show running-config
#This is a general configuration file (running-config).
#Created on 15:50:56 CET MON December 11 2006
#cli-type 1
#version 1
clock timezone CET 1
snmp-server community “public” ro
snmp-server host 10.1.1.253 traps version 1 “public”
interface LineCard 0
connection-mode active
no silent
no shutdown
flow-aging default-timeout UDP 60
interface FastEthernet 0/0
ip address 10.1.5.109 255.255.0.0
interface FastEthernet 0/1
interface FastEthernet 0/2
exit
line vty 0 4
no timeout
exit
sce#
Managing Configurations
Removing the Configuration
You can completely remove all current configuration by removing all configuration files. The following
data is deleted by this command:
• General configuration files
• Application configuration files
• Static party DB files
• Management agent installed MBeans
The following data is not deleted by this command:
• Network configuration (IP address and default gateway configuration)
Note After using this command, the SCE platform should be reloaded immediately to ensure that it returns to
the 'factory default' state.
Step 1 At the SCE(config)# prompt, type erase startup-config-all and press Enter.
All configuration files are removed, including configuration files not explicitly managed by the user, as
listed above.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-3
Managing Configurations
Saving the Configuration Settings
When you make changes to the current running configuration and you want those changes to continue
to be valid when the system restarts, you must save the changes before leaving the management session,
that is, you must save the running configuration to the startup configuration file.
For backup purposes, the old startup-config file is saved under the directory: tffs0:system/prevconf.
Refer to Restoring a Previous Configuration, page 3-5 for an explanation of how to recover a previous
configuration.
The SCE platform provides multiple interfaces for the purpose of configuration and management. All
interfaces supply an API to the same database of the SCE platform, so that any configuration change
made through one interface is reflected through all interfaces. Furthermore, when saving the running
configuration to the startup configuration from any management interface, all configuration settings are
saved regardless of the management interface used to set the configuration.
Step 1 At the SCE# prompt, type show running-config and press Enter.
Displays the running configuration.
Step 2 Check the displayed configuration to make sure that all parameters are set to the desired values. If not,
make the changes you want before saving.
Refer to the relevant sections of this guide for more information regarding specific configuration
parameters.
Step 3 At the SCE# prompt, type copy running-config startup-config and press Enter.
Chapter 3 Operations
The system saves all running configuration information to the configuration file, which is used when the
system reboots.
The configuration file holds all information that is different from the system default in a file called
config.txt located in the directory: tffs0:system.
Saving the Configuration Settings: Example
The following example shows how to review and then save the running configuration file.
SCE#show running-config
#This is a general configuration file (running-config).
#Created on 15:50:56 CET MON February 11 2006
#cli-type 1
#version 1
clock timezone CET 1
snmp-server community “public” ro
snmp-server host 10.1.1.253 traps version 1 “public”
interface LineCard 0
connection-mode active
no silent
no shutdown
flow-aging default-timeout UDP 60
interface FastEthernet 0/0
ip address 10.1.5.109 255.255.0.0
interface FastEthernet 0/1
interface FastEthernet 0/2
exit
line vty 0 4
no timeout
exit
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-4
OL-7827-12
Chapter 3 Operations
SCE#
SCE#copy running-config startup-config
Writing general configuration file to temporary location...
Backing-up general configuration file...
Copy temporary file to final location...
sce#
To remove a configuration command from the running-config, use the no form of the command.
The following example illustrates how to remove all DNS settings from the running configuration.
SCE(config)#no ip name-server
Restoring a Previous Configuration
When you save a new configuration, the system automatically backs up the old configuration in the
directory tffs0:system/prevconf/. Up to nine versions of the startup configuration file are saved, namely
config.tx1-config.tx9, where config.tx1 is the most recently saved file.
Use the CLI command more to view the old startup configuration files. See How to Display File
Contents, page 4-8
Managing Configurations
Restoring a previous startup configuration means renaming the file so it overwrites the startup
configuration (config.txt ) file.
Since the restore operation overwrites the current configuration file, you cannot undo the configuration
restore operation. It is recommended to always backup the current configuration file first.
Step 1 At the SCE# prompt, type more tffs0:system/prevconf/filename and press Enter.
Displays the contents of the specified backup configuration file. Backup configuration filenames are
config.tx1-config.tx9.
Step 2 Read the configuration information to make sure it is the configuration you want to restore.
Be sure that you are restoring the proper configuration file, since the restore operation is not reversible.
It is recommended to always backup the current configuration file first.
Step 3 At the SCE# prompt, type copy tffs0:system/prevconf/filename tffs0:system/filename and press Enter.
Overwrites the current startup configuration file with the contents of the specified backup configuration
file.
Backup configuration filenames are config.tx1-config.tx9.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-5
Managing Configurations
Restoring a Previous Configuration: Example
The following example displays a saved configuration file and then restores the file to overwrite the
current configuration.
SCE#more tffs0:system/prevconf/config.tx1
#This is a general configuration file (running-config).
#Created on 19:36:07 UTC THU February 14 2006
#cli-type 1
#version 1
interface LineCard 0
no silent
no shutdown
interface FastEthernet 0/0
ip address 10.1.5.109 255.255.0.0
interface FastEthernet 0/1
interface FastEthernet 0/2
exit
line vty 0 4
exit
SCE#copy tffs0:system/prevconf/config.tx1 tffs0:system/config.txt
sce#
Chapter 3 Operations
Backing Up Configuration Files
• Options, page 3-6
• How to Create a Backup Configuration File, page 3-7
• How to Upload a Backup Configuration File, page 3-7
Although a backup of the configuration file is created automatically under certain circumstances, it is
useful to be able to explicitly create a backup configuration file.
For example, it can be used in a cascaded solution to copy the configuration from one SCE platform to
the other, as follows:
1. To create a backup configuration file, execute this command on the first SCE platform, specifying
an FTP backup file:
copy startup-config backup-file
2. To upload the backup configuration file to the cascaded SCE platform, execute this command on that
SCE platform, specifying the previously created backup file:
copy backup-file startup-config
Options
The following option is available:
• backup-file — The name of the backup configuration file to be created. The file name should be in
8.3 format, that is, there are a maximum of 8 characters before the period and three characters
following it.
The backup file may be created via FTP or it may be a local file, as shown in the following examples:
–
via FTP: ftp://user:pass@host/drive:/dir/bckupcfg.txt
–
local: /tffs0/bckupcfg.txt
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-6
OL-7827-12
Chapter 3 Operations
How to Create a Backup Configuration File
Step 1 At the SCE# prompt, type copy startup-config backup-file and press Enter.
Backs up the startup-config file to the specified file.
How to Upload a Backup Configuration File
Step 1 At the SCE# prompt, type copy backup-file startup-config and press Enter.
Copying a Backup Configuration File to a Different SCE Platform: Example
This example shows how to copy the configuration from one SCE platform to another.
On the first SCE platform, enter the following command:
SCE1#copy startup-config ftp://adminuser:mypassword@10.10.10.10/c:/config/bckupcfg.txt
SCE1#
On the second SCE platform, enter the following command:
SCE2#copy ftp://adminuser:mypassword@10.10.10.10/c:/config/bckupcfg.txt startup-config
SCE2#
Upgrading the SCE Platform Firmware
Upgrading the SCE Platform Firmware
Cisco distributes upgrades to the software and firmware on the SCE platform. Cisco distributes upgrade
software as a file with the extension.pkg that is installed directly from the ftp site without being copied
to the disk. This procedure walks you through installation and rebooting of the SCE platform with the
new firmware.
Step 1 At the command prompt, type configure and press Enter.
Enters Global Configuration mode.
Step 2 Type boot system ftp://user:password @host /drive:dir /seNum.pkg, where seNum.pkg is the file name
on the ftp site.
The boot command verifies that the package is a legal, appropriate update for the SCE platform and that
the file was not corrupted. It does not perform an upgrade, but does keep in the system memory that a
pkg file is available.
Step 3 Type exit.
Exits Global Configuration mode.
Step 4 Type copy running-config startup-config.
This command re-verifies that the package is valid, and extracts the upgrade to the Flash file system.
The system notifies you that it is performing the extraction as follows:
Backing–up configuration file…
Writing configuration file…
Extracting new system image…
Extracted OK.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-7
Downgrading the SCE Platform to a Previous Version
Step 5 Type reload.
Reboots the system.
The system first prompts you for confirmation:
Are you sure?
Step 6 Type Y and press Enter.
The system sends the following message and reboots.
The system is about to reboot, this will end your CLI session
Upgrading SCE Platform Firmware: Example
The following example shows the full procedure for performing a firmware update.
SCE#configure
SCE(config)# boot system ftp://vk:vk@10.1.1.230/downloads/SE2000.pkg
SCE(config)#exit
SCE#copy running-config startup-config
Backing–up configuration file…
Writing configuration file…
Extracting new system image…
Extracted OK.
SCE#>reload
Are you sure? y
the system is about to reboot, this will end your CLI session
Chapter 3 Operations
Downgrading the SCE Platform to a Previous Version
Note To downgrade a cascaded system, follow the procedure described in Simultaneous Upgrade of Firmware
and Application, page 10-13, using the relevant downgrade files rather than upgrade files.
To downgrade the SCE platform to a previous release, complete the following steps
Step 1 Uninstall the current application.
Use the pqi uninstall file command (see How to Uninstall an Application, page 3-10).
Step 2 Install the desired firmware version.
Use the procedure described in Upgrading the SCE Platform Firmware, page 3-7.
Step 3 Install the desired application version.
Use the pqi install file command (see How to Install an Application, page 3-10).
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-8
OL-7827-12
Chapter 3 Operations
Managing Application Files
This module explains how to install and upgrade application files.
• Configuring Applications, page 3-9
• Managing Application Files, page 3-9
• How to Display Information about an Application File, page 3-10
• How to Install an Application, page 3-10
• How to Uninstall an Application, page 3-10
• How to Upgrade an Application, page 3-11
• How to Undo an Upgrade of an Application, page 3-11
• How to Display the Last pqi File that was Installed, page 3-11
Configuring Applications
The SCE platform can be configured to run with different Service Control applications by installing the
appropriate file. All SCE platform application files are pqi files, that is, the filename must end with the
pqi extension.
Managing Application Files
Once a specific Service Control application is installed it can be configured by applying a configuration
file. The configuration file is application-specific, and is produced by application-specific means, not
covered in this documentation. Configuration files have no specific extension.
Note These configuration changes are automatically saved to the start-up configuration after execution, and
therefore do not appear when the running configuration is displayed (more running-config command).
Note These configurations cannot be manipulated by changing the system/config.txt file
Managing Application Files
Use the following commands to install, uninstall, and upgrade an application. You can use the show pqi
file info command before installing or upgrading an application to display the options that are available
when installing the pqi file. These options can then be specified in the install or upgrade command as
needed.
The documentation of the application will tell the user whether the application is stand-alone (in which
case install should be used), or an upgrade to an existing application that is assumed to be installed
already (in this case upgrade should be used).
You should always run the pqi uninstall command before installing a new pqi file. This prevents old
files from accumulating on the disk.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-9
Managing Application Files
The following commands are relevant for installing and uninstalling an application:
• pqi install file (interface linecard configuration mode)
• pqi uninstall file (interface linecard configuration mode)
• pqi upgrade file (interface linecard configuration mode)
• pqi rollback file (interface linecard configuration mode)
• show pqi file info (viewer mode)
• show pqi last-installed (viewer mode)
How to Display Information about an Application File
Step 1 From the SCE> prompt, type show pqi file filename info and press Enter.
Displays installation options available for this application file, if any.
Chapter 3 Operations
How to Install an Application
Step 1 From the SCE(config if)# prompt, type pqi install file filename [options] and press Enter.
Installs the specified pqi file, using the installation options specified (if any). Use the show pqi file
filename info command to display installation options available for the application file. (See How to
Display Information about an Application File, page 3-10.)
Note that this may take up to five minutes.
Note Always run the pqi uninstall command before installing a new pqi file. (See How to Uninstall an
Application, page 3-10.)
How to Uninstall an Application
Step 1 From the SCE(config if)# prompt, type pqi uninstall file filename and press Enter.
Uninstalls the specified pqi file.
You must specify the last pqi file that was installed.
Note that this may take up to five minutes.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-10
OL-7827-12
Chapter 3 Operations
How to Upgrade an Application
Step 1 From the SCE(config if)# prompt, type pqi upgrade file filename [options] and press Enter.
Upgrades the current application with the specified pqi file using the installation options specified (if
any). Use the show pqi file filename info command to display installation options available for the
application file. (See How to Display Information about an Application File, page 3-10.)
Note that this may take up to five minutes.
How to Undo an Upgrade of an Application
Step 1 From the SCE(config if)# prompt, type pqi rollback file filename and press Enter.
Undoes the upgrade of the specified pqi file.
Note that this may take up to five minutes.
Managing Application Files
How to Display the Last pqi File that was Installed
Step 1 From the SCE> prompt, type pqi last-installed and press Enter
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-11
Chapter 3 Operations
Monitoring the Operational Status of the SCE Platform
Monitoring the Operational Status of the SCE Platform
• How to Display the Current Operational Status of the SCE Platform, page 3-13
• Displaying the Current Operational Status of the SCE Platform: Example, page 3-13
Table 3-1 the operational states of the SCE platform. You can monitor the operational status of the SCE
platform via:
• The Status LED on the SCE platform front panel
• The show system operation-status CLI command
Table 3-1 SCE Platform Operational States
SCE platform
Operational Status Description
Status LED
State
Booting Initial state after reset Orange
Operational SCE platform becomes operational after completing the
Flashing green
following process:
• Boot is completed
• Power self-tests are completed without failure
• Platform configuration is applied
Warning SCE platform is fully operational (as above) but one of the
Flashing orange
following occurred:
• Link on one of the line ports is down
• Management port link is down
• Temperature raised above threshold
• Voltage not in required range
• Fans problem
• Power supply problem
• Insufficient space on the disk
Note: If the condition that caused the SCE platform to be in
Warning state is resolved (for example, link is up) the SCE
platform reverts to Operational state.
Failure System is in Failure state after Boot due to one of the following
Red
conditions:
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-12
• Power on test failure
• Three abnormal reboots in less than 20 minutes
• Platform configured to enter Failure mode consequent to
failure-induced reboot (this is configurable using CLI
command)
Note: Depending on the cause of failure, the management
interface and the platform configuration may or may not be
active/available.
OL-7827-12
Chapter 3 Operations
Displaying the SCE Platform Version Information
How to Display the Current Operational Status of the SCE Platform
Step 1 From the SCE> prompt, type show system operation-status and press Enter
Displaying the Current Operational Status of the SCE Platform: Example
This example shows how to display the current operational status of the SCE platform.
SCE>show system operation-status
System Operation status is Operational
Displaying the SCE Platform Version Information
Use this command to display global static information on the SCE platform, such as software and
hardware version, image build time, system uptime, last open packages names and information on the
SLI application assigned.
Step 1 From the SCE> prompt, type show version and press Enter
Displaying the SCE Platform Version Information: Example
This example shows how to display the SCE platform version information.
SCE>show version
System version: Version 3.0.0 Build 240
Build time: Jan 11 2006, 07:34:47
Software version is: Version 2.5.2 Build 240
Hardware information is:
rx : 0x0075
dp : 0x1808
tx : 0x1708
ff : 0x0077
cls : 0x1721
cpld : 0x0025
Lic : 0x0176
rev : G001
Bootrom : 2.1.0
L2 cache : Samsung 0.5
lic type : MFE
optic mode : MM
Product S/N : CAT093604K3
Product ID : SCE2020-4XGBE-MM
Version ID : V01
Deviation :
Part number : 800-26601-01
Revision : B0
Software revision : G001
LineCard S/N : CAT09370L1Q
Power Supply type : AC
SML Application information is:
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-13
Displaying the SCE Platform Inventory
Application file: /tffs0/temp.sli
Application name:
Application help:
Original source file: H:\work\Emb\jrt\V2.5\sml\actions\drop\drop_basic_anyflow.san
Compilation date: Wed, November 12 2006 at 21:25:21
Compiler version: SANc v2.50 Build 32 gcc_codelets=true built on: Tue September 23 2006
09:51:57 AM.;SME plugin v1.1
Default capacity option used.
Logger status: Enabled
Platform: SCE 2000 - 4xGBE
Management agent interface version: SCE Agent 3.0.5 Build 18
Software package file: ftp://vk:vk@10.1.8.22/P:/EMB/LatestVersion/3.0.5/se1000.pkg
SCE 2000 uptime is 21 minutes, 37 seconds
SCE>
Displaying the SCE Platform Inventory
Unique Device Identification (UDI) is a Cisco baseline feature that is supported by all Cisco platforms.
This feature allows network administrators to remotely manage the assets in their network by tracing
specific devices through either CLI or SNMP. The user can display inventory information for a remote
device via either:
• Entity MIB (see ENTITY-MIB, page 5-38)
• CLI show inventory command
Chapter 3 Operations
The show inventory CLI command displays the following information:
• Device name
• Description
• Product identifier
• Version identifier
• Serial number
Step 1 From the SCE> prompt, type show inventory and press Enter
Displaying the SCE Platform Inventory: Example
This example shows how to display the inventory (UDI) of the SCE platform.
SCE>show inventory
NAME: "Chassis",
DESCR: "Cisco SCE 2020 Service Control Engine, Multi Mode, 4-port GE"
PID: SCE2020-4XGBE-MM , VID: V01, SN: CAT093604K3
SCE>
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-14
OL-7827-12
Chapter 3 Operations
Displaying the System Uptime
Use this command to see how long the system has been running since the last reboot.
Step 1 From the SCE> prompt, type show system-uptime and press Enter
Displaying the System Uptime: Example
SCE>show system-uptime
SCE uptime is 21 minutes, 37 seconds
SCE>
Rebooting and Shutting Down the SCE Platform
• Rebooting the SCE Platform, page 3-15
Displaying the System Uptime
• Shutting Down the SCE Platform, page 3-16
Rebooting the SCE Platform
Rebooting the SCE platform is required after installing a new firmware, in order for that firmware to take
effect. There might be other occasions where rebooting the SCE platform is necessary.
Note When the SCE restarts, it loads the startup configuration, so all changes made in the running
configuration will be lost. You are advised to save the running configuration before performing reload,
as described in Saving the Configuration Settings, page 3-4.
Step 1 From the SCE# prompt, type reload and press Enter
A confirmation message appears.
Step 2 Type Y to confirm the reboot request and press Enter.
Rebooting the SCE Platform: Example
SCE# reload
Are you sure? y
the system is about to reboot, this will end your CLI session
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-15
Rebooting and Shutting Down the SCE Platform
Shutting Down the SCE Platform
Shutting down the SCE platform is required before turning the power off. This helps to ensure that
non-volatile memory devices in the SCE platform are properly flushed in an orderly manner.
Note When the SCE platform restarts, it loads the startup configuration, so all changes made in the running
configuration will be lost. You are advised to save the running configuration before performing reload,
as described in. Saving the Configuration Settings, page 3-4
Step 1 Connect to the serial console port (The CON connector on the SCE platform front panel, 9600 baud).
Provides connection to a local terminal for restarting the SCE platform.
Step 2 From the SCE# prompt, type reload shutdown and press Enter.
A confirmation message appears.
Step 3 Type Y to confirm the shutdown request and press Enter.
Performs the shutdown operation.
Chapter 3 Operations
Shutting Down the SCE Platform: Examples
The following example shows the commands for system shutdown.
SCE#reload shutdown
You are about to shut down the system.
The only way to resume system operation after this
is to cycle the power off, and then back on.
Continue?
y
IT IS NOW SAFE TO TURN THE POWER OFF.
Note Since the SCE platform can recover from the power-down state only by being physically turned off (or
cycling the power), this command can only be executed from the serial CLI console. This limitation
helps prevent situations in which a user issues this command from a Telnet session, and then realizes that
he or she has no physical access to the SCE platform.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
3-16
OL-7827-12
Utilities
Revised: June 15, 2009, OL-7827-12
Introduction
This module describes the following utilities:
• Setup utility command
• File operation utility commands
• User log utility commands
The Setup Command
CHAPTER
4
• Setup Command Parameters, page 4-1
• Entering the Setup Command, page 4-4
• Defining Lists in the Setup Utility, page 4-4
Setup Command Parameters
The setup utility is an interactive wizard that guides the user through the basic configuration process.
This utility runs automatically upon initial connection to the local terminal. It may also be invoked
explicitly via Telnet or via the local terminal to make changes to the system configuration.
Table 4-1 lists all the command parameters for the setup utility.
Table 4-1 Setup Command Parameters
Parameter Definition
IP address IP address of the SCE platform.
subnet mask Subnet mask of the SCE platform.
default gateway Default gateway.
hostname Character string used to identify the SCE platform. Maximum
length is 20 characters.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-1
The Setup Command
Chapter 4 Utilities
Table 4-1 Setup Command Parameters (continued)
Parameter Definition
admin password Admin level password
Character string from 4-100 characters beginning with an alpha
character.
.root password Root level password.
Character string from 4-100 characters beginning with an alpha
character.
password encryption status Enable or disable password encryption?
Time Settings
time zone name and offset Standard time zone abbreviation and minutes offset from UTC.
local time and date Current local time and date. Use the format:
00:00:00 1 January 2007
SNTP Configuration
broadcast client status Sets the status of the SNTP broadcast client.
If enabled, the SCE will synchronize its local time with updates
received from SNTP broadcast servers.
unicast query interval Interval in seconds between unicast requests for update (64 – 1024)
unicast server IP address IP address of the SNTP unicast server.
DNS Configuration
DNS lookup status Enable or disable IP DNS-based hostname translation.
default domain name Default domain name to be used for completing unqualified host
names
IP address IP address of domain name server. (maximum of three servers)
RDR Formatter Destination Configuration
IP address IP address of the RDR-formatter destination
TCP port number TCP port number of the RDR-formatter destination
Access Control Lists
Access Control List number How many ACLs will be necessary? What IP addresses will be
permitted/denied access for each management interface? You may
want ACLs for the following:
• Any IP access
• Telnet access
• SNMP GET access
• SNMP SET access
list entries (maximum 20 per list) IP address, and whether permitted or denied access.
IP access ACL ID number of the ACL controlling IP access.
telnet ACL ID number of the ACL controlling telnet access.
SNMP Configuration
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-2
OL-7827-12
Chapter 4 Utilities
The Setup Command
Table 4-1 Setup Command Parameters (continued)
Parameter Definition
SNMP agent status SNMP agent status Enable or disable SNMP management.
GET community names Community strings to allow GET access and associated ACLs
(maximum 20).
SET community names Community strings to allow SET access and associated ACLs
(maximum 20).
trap managers (maximum 20) Trap manager IP address, community string, and SNMP version.
Authentication Failure trap
Sets the status of the Authentication Failure traps.
status
enterprise traps status Sets the status of the enterprise traps.
system administrator Name of the system administrator.
Topology Configuration (All Platforms)
connection mode Is the SCE platform installed in bump-in-the-wire topology (inline)
or out of line using an optical splitter or external switch
(receive-only)?
Admin status of the SCE
platform after abnormal boot
After a reboot due to a failure, should the SCE platform remain in a
Failure status or move to operational status provided no other
problem was detected?
Topology Configuration (SCE 1000)
link bypass mode on operational
When the SCE 1000 is operational, should it bypass traffic or not?
status
redundant SCE 1000 platform? Is there a redundant SCE 1000 installed as a backup?
link bypass mode on
non-operational status
When the SCE 1000 is not operational, should it bypass traffic or
cut it off?
Topology Configuration (SCE 2000)
type of deployment Is this a cascade topology, with two SCE platforms connected via
the cascade ports? Or is this a single platform topology?
physically connected link
(cascade topology only)
In a cascade deployment this parameter sets the index for the link
that this SCE 2000 is deployed on. The options for the SCE 2000
are link-0 or link-1.
In a single-SCE 2000 Platform deployment this parameter is not
relevant since one SCE 2000 is deployed on both links. In this case
the link connected to port1-port2 is by default link-0 and the link
connected to port3-port4 is by default link-1.
priority (cascade topology only) If this is a cascaded topology, is this SCE 2000 the primary or
secondary SCE 2000?
on-failure behavior (inline
connection mode only)
If this SCE 2000 is deployed inline, should the failure behavior be
bypass or cutoff of the link?
Information regarding these parameters can be found in the appropriate sections throughout this guide.
For more information regarding SCE platform topology, and for a step-by-step description of the setup
utility, see the Cisco SCE 2000/SCE 1000 Installation and Configuration Guides.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-3
The Setup Command
Entering the Setup Command
Step 1 From the SCE# prompt, type setup and press Enter.
The following dialog appears:
--- System Configuration Dialog --At any point you may enter a question mark ‘?’ followed by ‘Enter’ for help.
Use ctrl-C to abort configuration dialog at any prompt.
Use ctrl-Z to jump to the end of the configuration dialog at any prompt.
Default settings are in square brackets ‘[]’.
Would you like to continue with the System Configuration Dialog? [yes/no]: y
system configuration dialog begins.
Defining Lists in the Setup Utility
Multiple entry parameters (Lists)
Chapter 4 Utilities
When explicitly invoked, the setup utility offers the option of multiple entries (lists) for certain
parameters.
Several parameters, such as the Access Control Lists, are actually lists containing several entries. If these
lists are empty (initial configuration) or contain only one entry, they act the same as any scalar parameter,
except that you are given the option of adding additional entries to the list.
If these lists already contain more than one entry, the entire list is displayed, and you are then presented
with several options. Following is an excerpt from the SNMP trap manager menu, illustrating how to
configure list entries.
Step 1 The entries in the list are displayed.
There are 2 SNMP trap managers in the current configuration as follows:
IP address: 10.10.10.10 Community: privateVersion: 1
IP address: 10.11.10.1 Community: pcubeVersion: 2c
Step 2 Three options are presented.
Note If only one entry exists in the table, it is displayed as the default [ ] to be either accepted or changed. The
three list options are not displayed.
Please choose one of the following options:
1. Leave the running configuration unchanged.
2. Clear the existing lists and configure new ones.
3. Add new entries.
Enter your choice:
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-4
OL-7827-12
Chapter 4 Utilities
Step 3 You are prompted to continue the setup, depending on the choice you entered:
Working with SCE Platform Files
• 1. Leave the running configuration unchanged:
The dialog proceeds to the next question. The list remains unchanged.
• 2. Clear the existing entries and configure new ones:
The dialog prompts you for a new entry in the list.
After completing the first entry, you are asked whether you would like to add another new entry.
Would you like to add another SNMP trap manager? [no]: y
Since the list was empty, you may enter the maximum number of entries.
• 3. Add new entries:
The dialog prompts you for a new entry in the list.
After the completing one entry, you are asked whether you would like add another new entry.
Would you like to add another SNMP trap manager? [no]: y
You may enter only enough additional entries to reach the maximum number
Working with SCE Platform Files
The CLI commands include a complete range of file management commands. These commands allow
you to create, delete, copy, and display both files and directories
Note Regarding disk capacity: While performing disk operations, the user should take care that the addition
of new files that are stored on the SCE disk do not cause the disk to exceed 70%.
• Working with Directories, page 4-5
• Working with Files, page 4-7
Working with Directories
• How to Create a Directory, page 4-5
• How to Delete a Directory, page 4-6
• How to Change Directories, page 4-6
• How to Display your Working Directory, page 4-6
• How to List the Files in a Directory, page 4-6
How to Create a Directory
Step 1 From the SCE# prompt, type mkdir directory-name and press Enter.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-5
Working with SCE Platform Files
How to Delete a Directory
There are two different commands for deleting a directory, depending on whether the directory is empty
or not.
• How to Delete a Directory and All its Files, page 4-6
• How to Delete an Empty Directory, page 4-6
How to Delete a Directory and All its Files
Step 1 From the SCE# prompt, type delete directory-name /recursive and press Enter.
The recursive flag deletes all files and sub-directories contained in the specified directory.
How to Delete an Empty Directory
Step 1 From the SCE# prompt, type rmdir directory-name and press Enter.
Chapter 4 Utilities
Use this command only for an empty directory.
How to Change Directories
Use this command to change the path of the current working directory.
Step 1 From the SCE# prompt, type cd new path and press Enter.
How to Display your Working Directory
Step 1 From the SCE# prompt, type pwd and press Enter.
How to List the Files in a Directory
You can display a listing of all files in the current working directory. This list may be filtered to include
only application files. The listing may also be expanded to include all files in any sub-directories.
• How to List the Files in the Current Directory, page 4-7
• How to List the Applications in the Current Directory, page 4-7
• How to Include Files in Sub-Directories in the Directory Files List, page 4-7
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-6
OL-7827-12
Chapter 4 Utilities
Step 1 From the SCE# prompt, type dir and press Enter.
Step 1 From the SCE# prompt, type dir applications and press Enter.
Step 1 From the SCE# prompt, type dir -r and press Enter.
Working with SCE Platform Files
How to List the Files in the Current Directory
How to List the Applications in the Current Directory
How to Include Files in Sub-Directories in the Directory Files List
Working with Files
• How to Rename a File, page 4-7
• How to Delete a File, page 4-7
• Copying Files, page 4-8
• How to Display File Contents, page 4-8
• How to Unzip a File, page 4-9
How to Rename a File
Step 1 From the SCE# prompt, type rename current-file-name new-file-name and press Enter.
How to Delete a File
Step 1 From the SCE# prompt, type delete file-name and press Enter.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-7
Working with SCE Platform Files
Copying Files
Step 1 From the SCE# prompt, type copy source-file-name destination-file-name and press Enter.
Chapter 4 Utilities
You can copy a file from the current directory to a different directory. You can also copy a file
(upload/download) to or from an FTP site.
To copy a file using passive FTP, use the copy-passive command.
• How to Copy a File, page 4-8
• How to Download a File from an FTP Site, page 4-8
• How to Upload a File to a Passive FTP Site, page 4-8
How to Copy a File
Copying a File: Example
The following example copies the local analysis.sli file located in the root directory to the applications
directory.
SCE#copy analysis.sli applications/analysis.sli
sce#
How to Download a File from an FTP Site
Use the copy command to upload and download commands from and FTP site. In this case, either the
source or destination filename must begin with ftp://.
Step 1 From the SCE# prompt, type copy ftp://source destination-file-name and press Enter.
To upload a file to an FTP site, specify the FTP site as the destination (ftp://destination)
How to Upload a File to a Passive FTP Site
Step 1 From the SCE# prompt, type copy-passive source-file-name ftp://destination and press Enter.
To download a file from a passive FTP site, specify the FTP site as the source (ftp://source)
Uploading a File to a Passive FTP Site: Example
The following example uploads the analysis.sli file located on the local flash file system to the host
10.1.1.105, specifying Passive FTP.
SCE#copy-passive /appli/analysis.sli ftp://myname:mypw@10.1.1.105/p:/appli/analysis.sli
sce#
How to Display File Contents
Step 1 From the SCE# prompt, type more file-name and press Enter.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-8
OL-7827-12
Chapter 4 Utilities
How to Unzip a File
Step 1 From the SCE# prompt, type unzip file-name and press Enter.
The User Log
The user log is an ASCII file that can be viewed in any editor. It contains a record of system events,
including startup, shutdown and errors. You can use the Logger to view the user log to determine whether
or not the system is functioning properly, as well as for technical support purposes.
• The Logging System, page 4-9
• Generating a File for Technical Support, page 4-11
The Logging System
The User Log
• Copying the User Log, page 4-9
• Enabling and Disabling the User Log, page 4-10
• Viewing the User Log Counters, page 4-10
• Viewing the User Log, page 4-11
• Clearing the User Log, page 4-11
Events are logged to one of two log files. After a file reaches maximum capacity, the events logged in
that file are then temporarily archived. New events are then automatically logged to the alternate log file.
When the second log file reaches maximum capacity, the system then reverts to logging events to the
first log file, thus overwriting the temporarily archived information stored in that file.
Basic operations include:
• Copying the User Log to an external source
• Viewing the User Log
• Clearing the User Log
• Viewing/clearing the User Log counters
Copying the User Log
You can view the log file by copying it to an external source or to disk. This command copies both log
files to the local SCE platform disk or any external host running a FTP server.
• Copying the User Log to an External Source, page 4-10
• Copying the User Log to an Internal Source, page 4-10
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-9
The User Log
Copying the User Log to an External Source
Step 1 From the SCE# prompt, type logger get user-log file-name ftp://username:password@ipaddress/path
and press Enter.
Copying the User Log to an Internal Source
Step 1 From the SCE# prompt, type logger get user-log file-name target-filename and press Enter.
Enabling and Disabling the User Log
By default, the user log is enabled. You can disable the user log by configuring the status of the logger.
Disabling the User Log
Chapter 4 Utilities
Step 1 From the SCE# prompt, type configure and press Enter.
Step 2 From the SCE (config)# prompt, type logger device User-File-Log disabled and press Enter.
Enabling the User Log
Step 1 From the SCE# prompt, type configure and press Enter.
Step 2 From the SCE (config)# prompt, type logger device User-File-Log enabled and press Enter.
Viewing the User Log Counters
• Viewing the user log counters for the current session, page 4-10
• Viewing the non-volatile logger counters for both the user log file and the debug log file, page 4-11
• Viewing the non-volatile counter for the user-file-log only, page 4-11
There are two types of log counters:
• User log counters — count the number of system events logged from the SCE platform last reboot.
• Non-volatile counters — are not cleared during boot time
Viewing the user log counters for the current session
Step 1 From the SCE# prompt, type show logger device user-file-log counters and press Enter.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-10
OL-7827-12
Chapter 4 Utilities
Viewing the non-volatile logger counters for both the user log file and the debug log file
Step 1 From the SCE# prompt, type show logger nv-counters and press Enter.
Viewing the non-volatile counter for the user-file-log only
Step 1 From the SCE# prompt, type show logger device user-file-log nv-counters and press Enter.
Viewing the User Log
Note This command is not recommended when the user log is large. Copy a large log to a file to view it (see
Copying the User Log, page 4-9)
The User Log
Step 1 From the SCE# prompt, type more user-log and press Enter.
Clearing the User Log
Step 1 From the SCE# prompt, type clear logger device user-file-log and press Enter.
Step 2 The system asks Are you sure?
Step 3 Type Y and press Enter.
Generating a File for Technical Support
In order for technical support to be most effective, the user should provide them with the information
contained in the system logs. Use the logger get support-file command to generate a support file via FTP
for the use of Cisco technical support staff.
Step 1 From the SCE# prompt, type logger get support-file filename and press Enter.
The support information file is created using the specified filename. The specified file must be a file
located on an FTP site, not on the local file system.
This operation may take some time.
Generating a File for Technical Support: Example
SCE# logger get support-file ftp://user:1234@10.10.10.10/c:/support.zip
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-11
Flow Capture
Flow Capture
• Limitations, page 4-12
• The Flow Capture Process, page 4-12
The flow capture utility is a CLI-controlled utility used to capture traffic according to layer 4 attributes.
Traffic captured by this utility is accumulated in a cap format file. Traffic that is identified by the capture
mechanism is not available for traffic control or any service for the duration of the capture. At the
completion of the capture, the normal service to all traffic is resumed.
The recorded data is sent online to a distant location using FTP. The data is sent in a standard format and
may have an unlimited size on the SCE 2000.
Limitations
Note the following known limitations of the flow capture utility:
• The actual capture starts only for newly opened flows. Therefore, already opened flows cannot be
Chapter 4 Utilities
captured by this utility.
• The termination of a capture flow is verified for every new relevant packet that is being captured.
As long as no packets matching the capturing attributes arrives after the time is exceeded, the
capturing is not stopped and must be stopped manually.
• Capture may end prematurely due to a shortage event on the SCE platform.
• Capturing throughput is limited by the following:
–
system architectural limitations
–
line capacity to the remote FTP destination (for non-Linux platforms only, such as the SCE 2000
platform).
The approximated throughput on a live setup is 2Mbps. When this throughput is exceeded, packets
are absent from the cap file and the appropriate field in the consequent captured packet is updated
to note the number of lost packets. The maximum allowed number of sequential lost packets is
configurable by a const DB.
The Flow Capture Process
There are three main steps in the overall flow capture process:
1. Configure the traffic rules to define the traffic to be captured. (Configuring a Flow Capture Traffic
Rule, page 4-13)
2. Configure the flow capture settings. (Optional) (Configuring the Flow Capture Settings, page 4-13)
3. Perform the actual flow capture. (Performing the Flow Capture, page 4-14)
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-12
OL-7827-12
Chapter 4 Utilities
Configuring a Flow Capture Traffic Rule
The flow capture traffic rules define the traffic to be captured. You can configure a flow capture traffic
rule by specifying the flow-capture action for the relevant flows.
For example, in order to capture all the traffic sent to or coming from subscribers whose IP addresses
are in the range.2.3.0-1.2.3.255, define a traffic rule as follows:
SCE(config if)# traffic-rule name flowcapturerule IP-addresses subscriber-side 1.2.3.0/24
network-side all protocol all direction both traffic-counter none action flow-capture
Multiple rules can be configured, but note that all configured flow capture rules are in effect during the
flow capture process. It is not possible to apply only a subset of the configured rules.
For more information regarding configuring traffic rules, see Configuring Traffic Rules and Counters,
page 6-17.
Configuring the Flow Capture Settings
The flow capture settings control aspects of the flow capture process, as opposed to defining the flow to
be captured. These settings limit the scope of the process to maximize the recorded information while
minimizing the effect on traffic.
• Maximum duration of the capture: By limiting the duration of the capture, you can limit the effect
of the capture on live traffic.
You can stop the capture at any time before the maximum duration has been reached.
Flow Capture
• Maximum length of the L4 payload of each captured packet: If you want to capture mainly the L2-L4
headers, you need only a small portion of the payload of each packet. Setting a limit on the length
of the payload makes the capture more efficient, as it allows more packets to be captured within a
given time frame and for a given throughput.
Guidelines and Information:
–
If maximum L4 payload length is not configured, all bytes of each captured packet are recorded.
–
If maximum L4 payload length is configured, each captured packet will contain the entireL2/
L3/L4 headers and no more than the configured maximum bytes of L4 payload.
–
Only one maximum L4 payload length value can be configured. This value applies to all
recorded packets.
–
If the maximum L4 payload length value is changed while recording is performed, it will not
take effect until the next recording session.
–
The cap file contains marking for packets which had TCP or UDP checksum error when
received in the SCE platform, since the validity of the TCP and UDP checksum cannot be
checked for the captured packets due to missing bytes.
–
The cap file contains the information to retrieve the original length of each packet that was
truncated.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-13
Flow Capture
How to Configure the Maximum Flow Capture Duration
The following options are available:
• duration — the maximum duration of the flow capture in seconds.
Default = 3600 seconds
• unlimited — there is no time limit to the flow capture, and it will continue until stopped by the
operator.
Step 1 From the SCE(config if)# prompt, type flow-capture controllers time (duration | unlimited) and press
Enter.
How to Configure the Maximum Length of the L4 Payload
The following options are available:
• length — the maximum number of L4 payload bytes to capture from each packet.
• unlimited — there is no limit on the number of L4 payload bytes. (Default)
Chapter 4 Utilities
Step 1 From the SCE(config if)# prompt, type flow-capture controllers max-l4-payload-length (length |
unlimited) and press Enter.
How to Restore the Default Flow Capture Settings
Step 1 From the SCE(config if)# prompt, type default flow-capture controllers (time |
max-l4-payload-length) and press Enter.
Performing the Flow Capture
The flow capture begins when you execute the flow-capture command. You can stop the capture at any
time. If the capture is not stopped, it continues for the configured maximum duration (Configuring the
Flow Capture Settings, page 4-13).
How to Start a Flow Capture
The following option is available:
• filename — name and FTP location to which to record the flow capture data in the format
ftp://<username>:<password>@<IP_address>/<path>/<file_name>.
Step 1 From the SCE(config if)# prompt, type flow-capture start format cap filename and press Enter.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-14
OL-7827-12
Chapter 4 Utilities
How to Stop a Flow Capture
Step 1 From the SCE(config if)# prompt, type flow-capture stop and press Enter.
Monitoring the Flow Capture
Use the following command to monitor the flow capture process. It displays the following information:
• status of the recording process
• current target file size
• number of packets captured
• number of packets lost
• configured values of the different controllers
How to Monitor the Flow Capture
Flow Capture
Step 1 From the SCE> prompt, type show interface linecard 0 flow-capture and press Enter.
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-15
Flow Capture
Chapter 4 Utilities
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
4-16
OL-7827-12
Introduction
CHAPTER
5
Configuring the Management Interface and
Security
Revised: June 15, 2009, OL-7827-12
This module describes how to configure the physical management interfaces (ports) as well as the
various management interface applications, such as SNMP, SSH, and TACACS+. It also explains how to
configure users, passwords, IP configuration, clock and time zone, and domain name settings.
• About Management Interface and Security, page 5-2
• Configuring the Management Ports, page 5-2
• Entering Management Interface Configuration Mode, page 5-3
• Configuring the Management Port Physical Parameters, page 5-3
• Configuring Management Interface Redundancy, page 5-7
OL-7827-12
• Configuring Management Interface Security, page 5-9
• Configuring the Available Interfaces, page 5-11
• Configuring and Managing the SNMP Interface, page 5-33
• Managing Passwords, page 5-46
• IP Configuration, page 5-52
• Configuring Time Clocks and Time Zone, page 5-58
• Configure SNTP, page 5-64
• Configuring Domain Name Server (DNS) Settings, page 5-67
• Configuring the Management Port Physical Parameters, page 5-70
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
5-1
Chapter 5 Configuring the Management Interface and Security
About Management Interface and Security
About Management Interface and Security
The SCE platform is equipped with two RJ-45 management (MNG) ports. These ports provide access
from a remote management console to the SCE platform via a LAN.
The two management ports support management interface redundancy, providing the possibility for a
backup management link.
In addition to the Layer 1 security of a backup management link, the Service Control platform provides
a further management interface security feature; an IP filter that monitors for various types of TCP/IP
attacks. This filter can be configured with thresholds rates both for defining an attack and defining the
end of an attack.
Note The second management port is reflected in all objects related to it in the SNMP interface.
Perform the following tasks to configure the management interface and management interface security:
• Configure the management port:
–
Physical parameters
–
Specify active port (if not redundant installation)
–
Redundancy (if redundant installation)
• Configure management interface security
–
Enable IP fragment filtering
–
Configure the permitted and not-permitted IP address monitor
Configuring the Management Ports
Perform the following tasks to configure the management ports:
• Configure the IP address and subnet mask (only one IP address for the management interface, not
one IP address per port).
• Configure physical parameters:
–
Duplex
–
Speed
• Configure redundant management interface behavior (optional):
–
Fail-over mode
• If fail-over mode is disabled, specify the active port (optional).
To configure the system with management interface redundancy, see Configuring Management Interface
Redundancy, page 5-7 Configuring the Management Ports for Redundancy.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
5-2
OL-7827-12
Chapter 5 Configuring the Management Interface and Security
Entering Management Interface Configuration Mode
Step 1 Cable the desired management port, connecting it to the remote management console via the LAN.
Step 2 Disable the automatic fail-over mode. (See How to Disable Automatic Fail-Over Mode, page 5-9.)
Step 3 Configure the management port physical parameters. (See Configuring the Management Port Physical
Parameters, page 5-3.)
Entering Management Interface Configuration Mode
When entering Management Interface Configuration Mode, you must indicate the number of the
management port to be configured:
• 0/1 — Mng port 1
• 0/2 — Mng port 2
The following Management Interface commands are applied only to the port specified when entering
Management Interface Configuration Mode. Therefore, each port must be configured separately:
• speed
• duplex
The following Management Interface commands are applied to both management ports, regardless of
which port had been specified when entering Management Interface Configuration Mode. Therefore,
both ports are configured with one command:
• ip address
• auto-fail-over
Step 1 Type configure and press Enter.
Enables Global Configuration mode.
The command prompt changes to SCE(config)#.
Step 2 Type interface Mng {0/1|0/2} and press Enter.
Enables Management Interface Configuration mode.
The command prompt changes to SCE(config if)#
Configuring the Management Port Physical Parameters
This interface has a transmission rate of 10 or 100 Mbps and is used for management operations and for
transmitting RDRs, which are the output of traffic analysis and management operations.
• Setting the IP Address and Subnet Mask of the Management Interface, page 5-4
• Configuring the Management Interface Speed and Duplex Parameters, page 5-5
• Specifying the Active Management Port, page 5-6
OL-7827-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
5-3
Chapter 5 Configuring the Management Interface and Security
Configuring the Management Port Physical Parameters
Setting the IP Address and Subnet Mask of the Management Interface
• Options, page 5-4
• Setting the IP Address and Subnet Mask of the Management Interface: Example, page 5-4
The user must define the IP address of the management interface.
When both management ports are connected, providing a redundant management port, this IP address
always acts as a virtual IP address for the currently active management port, regardless of which port is
the active port.
Options
The following options are available:
• IP address — The IP address of the management interface.
If both management ports are connected, so that a backup management link is available, this IP
address will be act as a virtual IP address for the currently active management port, regardless of
which physical port is currently active.
• subnet mask — subnet mask of the management interface.
Step 1 From the SCE(config if)# prompt, type ip address ip-address subnet-mask and press Enter.
The command might fail if there is a routing table entry that is not part of the new subnet defined by the
new IP address and subnet mask.
Note Changing the IP address of the management interface via telnet will result in loss of the telnet connection
and inability to reconnect with the interface.
Note After changing the IP address, you must reload the SCE platform so that the change will take effect
properly in all internal and external components of the SCE platform. (See Rebooting and Shutting
Down the SCE Platform, page 3-15.)
Setting the IP Address and Subnet Mask of the Management Interface: Example
The following example shows how to set the IP address of the SCE platform to 10.1.1.1 and the subnet
mask to 255.255.0.0.
SCE(config if)#ip address 10.1.1.1 255.255.0.0
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
5-4
OL-7827-12
Chapter 5 Configuring the Management Interface and Security
Configuring the Management Port Physical Parameters
Configuring the Management Interface Speed and Duplex Parameters
This section presents sample procedures that describe how to configure the speed and the duplex of the
Management Interface.
Both these parameters must be configured separately for each port.
• Interface State Relationship to Speed and Duplex, page 5-5
• How to Configure the Speed of the Management Interface, page 5-5
• How to Configure the Duplex Operation of the Management Interface, page 5-6
Interface State Relationship to Speed and Duplex
Table 5-1 summarizes the relationship between the interface state and speed and duplex.
Table 5-1 Interface State Relationship to Speed and Duplex
Speed Duplex Actual FE Interface State
Auto Auto Auto negotiation
Auto Full Auto negotiation
Auto Half Auto negotiation
10 Auto Auto-negotiation (duplex only)
10 Full 10 Mbps and full duplex
10 Half 10 Mbps and half duplex
100 Auto Auto-negotiation (speed only)
100 Full 100 Mbps and full duplex
100 Half 100 Mbps and half duplex
How to Configure the Speed of the Management Interface
• Options, page 5-5
• Configuring the Speed of the Management Interface: Example, page 5-6
Options
The following options are available:
• speed — speed in Mbps of the currently selected management port (0/1 or 0/2):
–
10
–
100
–
auto (default) — auto-negotiation (do not force speed on the link)
If the duplex parameter is configured to auto, changing the speed parameter has no effect (see ).
Step 1 From the SCE(config if)# prompt, type speed 10|100|auto and press Enter.
Specify the desired speed option.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
5-5
Chapter 5 Configuring the Management Interface and Security
Configuring the Management Port Physical Parameters
Configuring the Speed of the Management Interface: Example
The following example shows how to use this command to configure the Management port to 100 Mbps
speed.
SCE(config if)#speed 100
How to Configure the Duplex Operation of the Management Interface
• Options, page 5-6
• Configuring the Duplex Operation of the Management Interface: Example, page 5-6
Options
The following options are available:
• duplex — duplex operation of the currently selected management port (0/1 or 0/2):
–
full
–
half
–
auto (default) — auto-negotiation (do not force duplex on the link)
If the speed parameter is configured to auto, changing the duplex parameter has no effect (see ).
Step 1 From the SCE(config if)# prompt, type duplex auto|full|half and press Enter.
Specify the desired duplex option.
Configuring the Duplex Operation of the Management Interface: Example
The following example shows how to use this command to configure a management port to half duplex
mode.
SCE(config if)#duplex half
Specifying the Active Management Port
• Options, page 5-7
• Specifying the Active Management Port: Example, page 5-7
This command explicitly specifies which management port is currently active. Its use varies slightly,
depending on whether the management interface is configured as a redundant interface (auto fail-over
enabled) or not (auto fail-over disabled).
• auto fail-over enabled (automatic mode) — the specified port becomes the currently active port, in
effect forcing a fail-over action even if a failure has not occurred.
• auto fail-over disabled (manual mode) — the specified port should correspond to the cabled Mng
port, which is the only functional port and therefore must be and remain the active management port.
Note This command is a Privileged Exec command, unlike the other commands in this section, which are Mng
Interface Configuration commands. If in Mng interface configuration mode, you must exit to the
privileged exec mode and see the SCE# prompt displayed.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
5-6
OL-7827-12
Loading...