SROS Command Line Interface
Reference Guide
Software Version J.02.01 or Greater
April 2005
61195880L1-35B
© Copyright 2005 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without
notice.
This document contains proprietary information, which is protected by
copyright. No part of this document may be photocopied, reproduced,
or translated into another language without the prior written consent of
Hewlett-Packard.
Publication Number
5991-2114
January 2005
Applicable Products
ProCurve Secure Router 7102dl (J8752A)
ProCurve Secure Router 7203dl (J8753A)
Microsoft and Windows are U.S. registered trademarks of Microsoft
Corporation. CompactFlash is a U.S. registered trademark of the
CompactFlash Association. AOL Instant Messenger (AIM) is a U.S.
registered trademark of American Online, Inc. Quake is a U.S.
registered trademark of id Software, Inc. ICQ is a U.S. registered
trademark of ICQ, Inc. pcAnywhere is a U.S. trademark of Synamtec
Corporation.
Disclaimer
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF
ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. Hewlett-Packard shall not be liable for errors contained
herein or for incidental or consequential damages in connection with
the furnishing, performance, or use of this material.
The only warranties for HP products and services are set forth in the
express warranty statements accompanying such products and services.
Nothing herein should be construed as constituting an additional
warranty. HP shall not be liable for technical or editorial errors or
omissions contained herein.
Hewlett-Packard assumes no responsibility for the use or reliability of
its software on equipment that is not furnished by Hewlett-Packard.
Warranty
See the Customer Support/Warranty booklet included with the product.
A copy of the specific warranty terms applicable to your HewlettPackard products and replacement parts can be obtained from your HP
Sales and Service Office or authorized dealer.
SROS Command Line Interface Reference Guide
Table of Contents
Basic Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Enable Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Global Configuration Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
DHCP Pool Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
IKE Policy Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
IKE Policy Attributes Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
IKE Client Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Crypto Map IKE Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Crypto Map Manual Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Radius Group Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
CA Profile Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Certificate Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Ethernet Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
DDS Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
Serial Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
T1 Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
DSX-1 Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
E1 Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
G.703 Interface Configuration Command set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Modem Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
BRI Interface Configuration Command set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
Frame Relay Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
Frame Relay Sub-Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587
ATM Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
ATM Sub-Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
ADSL Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701
BGP Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
BGP Neighbor Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711
PPP Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 715
Tunnel Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 778
HDLC Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811
Loopback Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847
Line (Console) Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876
Line (Telnet) Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 887
Router (RIP) Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 894
Router (OSPF) Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 903
Quality of Service (QoS) Map Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917
Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 922
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 936
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 3
Command Reference Guide CLI Introduction
REFERENCE GUIDE INTRODUCTION
This manual provides information about the commands that are available with all of the ProCurve Secure
routers.
If you are new to the Operating System’s Command Line Interface (CLI), take a few moments to review
the information provided in the section which follows (CLI Introduction).
If you are already familiar with the CLI and you need information on a specific command or group of
commands, proceed to Command Descriptions on page 9 of this guide.
CLI INTRODUCTION
This portion of the Command Reference Guide is designed to introduce you to the basic concepts and
strategies associated with using the Operating System’s Command Line Interface (CLI).
Accessing the CLI from your PC
All products using the are initially accessed by connecting a VT100 terminal (or terminal emulator) to the
CONSOLE port located on the rear panel of the unit using a standard DB-9 (male) to DB-9 (female) serial
cable. Configure the VT100 terminal or terminal emulation software to the following settings:
• 9600 baud
• 8 data bits
• No parity
• 1 stop bit
• No flow control
Note
For more details on connecting to your unit, refer to the Quick Configuration Guides and
Quick Start Guides located on the Secure Router OS Documentation CD provided with
your unit.
Understanding Command Security Levels
The has two command security levels — Basic and Enable. Both levels support a specific set of
commands. For example, all interface configuration commands are accessible only through the Enable
security level. The following table contains a brief description of each level.
Level Access by... Prompt With this level you can...
Basic beginning an SROS session.
>
• display system information
• perform traceroute and ping
functions
• open a Telnet session
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 4
Command Reference Guide Understanding Configuration Modes
Level Access by... Prompt With this level you can...
Enable
Note
entering
Basic command security level
as follows:
>
enable
enable
while in the
#
To prevent unauthorized users from accessing the configuration functions of your product,
• manage the startup and running
configurations
• use the debug commands
• enter any of the configuration modes
immediately install an Enable-level password. Refer to the Quick Configuration Guides
and Quick Start Guides located on the Secure Router OS Documentation CD provided
with your unit for more information on configuring a password.
Understanding Configuration Modes
The Secure Router OS has four configuration modes to organize the configuration commands – Global,
Line, Router, and Interface. Each configuration mode supports a set of commands specific to the
configurable parameters for the mode. For example, all Frame Relay configuration commands are
accessible only through the Interface Configuration Mode (for the virtual Frame Relay interface). The
following table contains a brief description of each level.
Mode Access by... Sample Prompt With this mode you
can...
Global
entering
command security level prompt.
For example:
config
while at the Enable
>enable
config term
#
(config)#
• set the system’s
Enable-level
password(s)
• configure the
system global IP
parameters
• configure the SNMP
parameters
• enter any of the
other configuration
modes
Line specifying a line (console or Telnet)
while at the Global Configuration Mode
prompt.
For example:
(config-con0)#
>enable
#config term
(config)#
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 5
line console 0
• configure the
console terminal
settings (datarate,
login password,
etc.)
• create Telnet logins
and specify their
parameters (login
password, etc.)
Command Reference Guide Using CLI Shortcuts
Mode Access by... Sample Prompt With this mode you
can...
Router
entering
router ospf
Configuration Mode prompt.
For example:
router rip router or
while at the Global
>enable
#config term
(config)#
Interface specifying an interface (T1, Ethernet,
Frame Relay, ppp, etc.) while in the
Global Configuration Mode.
For example:
router rip
>enable
(config-rip)#
(config-eth 0/1)#
(The above prompt is for the
Ethernet
on the rear panel of the unit.)
LAN
interface located
• configure RIP or
OSPF parameters
• suppress route
updates
• redistribute
information from
outside routing
sources (protocols)
•configure
parameters for the
available LAN and
WAN interfaces
#config term
(config)#
int eth 0/1
Using CLI Shortcuts
The provides several shortcuts which help you configure your Secure Router OS product more easily. See
the following table for descriptions.
Shortcut Description
Up arrow key To re-display a previously entered command, use the up arrow key. Continuing to press
the up arrow key cycles through all commands entered starting with the most recent
command.
Tab key Pressing the <Tab> key after entering a partial (but unique) command will complete the
command, display it on the command prompt line, and wait for further input.
? The CLI contains help to guide you through the configuration process. Using the question
mark, do any of the following:
• Display a list of all subcommands in the current mode. For example:
(config-t1 1/1)#
coding ?
ami - Alternate Mark Inversion
b8zs - Bipolar Eight Zero Substitution
• Display a list of available commands beginning with certain letter(s). For example:
(config)#
ip d?
default-gateway dhcp-server domain-lookup domain-name
domain-proxy
• Obtain syntax help for a specific command by entering the command, a space, and
then a question mark (?). The CLI displays the range of values and a brief
description of the next parameter expected for that particular command. For
example:
(config-eth 0/1)#
mtu ?
<64-1500> - MTU (bytes)
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 6
Command Reference Guide Performing Common CLI Functions
Shortcut Description
<Ctrl> + A Jump to the beginning of the displayed command line. This shortcut is helpful when using
the
no
form of commands (when available). For example, pressing <Ctrl + A> at the
following prompt will place the cursor directly after the
(config-eth 0/1)#
<Ctrl> + E Jump to the end of the displayed command line. For example, pressing <Ctrl + E> at the
following prompt will place the cursor directly after the
(config-eth 0/1)#
<Ctrl> + U Clears the current displayed command line. The following provides an example of the <Ctrl
+ U> feature:
(config-eth 0/1)#
ip address 192.33.55.6
ip address 192.33.55.6
ip address 192.33.55.6
#
:
6
:
(Press <Ctrl + U> here)
(config-eth 0/1)#
auto finish You need only enter enough letters to identify a command as unique. For example,
entering
configuration parameters for the specified T1 interface. Entering
would work as well, but is not necessary.
int t1 1/1
at the Global configuration prompt provides you access to the
interface t1 1/1
Performing Common CLI Functions
The following table contains descriptions of common CLI commands.
Command Description
do
The do command provides a way to execute commands in
other command sets without taking the time to exit the
current and enter the desired one. The following example
shows the
interface configuration while currently in the T1 interface
command set:
(config)#
do
command used to view the Frame Relay
interface t1 1/1
(config-t1 1/1)#
no
To undo an issued command or to disable a feature, enter
no
before the command.
For example:
no shutdown t1 1/1
copy running-config startup-config
When you are ready to save the changes made to the
configuration, enter this command. This copies your
changes to the unit’s nonvolatile random access memory
(NVRAM). Once the save is complete, the changes are
retained even if the unit is shut down or suffers a power
outage.
do show interfaces fr 7
show running config
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 7
Displays the current configuration.
Command Reference Guide Understanding CLI Error Messages
Command Description
debug
undebug all
Caution
The overhead associated with the debug command takes up a large portion of your
Use the
may be experiencing on your network. These commands
provide additional information to help you better interpret
possible problems. For information on specific debug
commands, refer to the section
Set
To turn off any active debug commands, enter this
command.
debug
on page 20.
command to troubleshoot problems you
Enable Mode Command
product’s resources and at times can halt other processes. It is best to only use the debug
command during times when the network resources are in low demand (non-peak hours,
weekends, etc.).
Understanding CLI Error Messages
The following table lists and defines some of the more common error messages given in the CLI.
Message Helpful Hints
%Ambiguous command
%Unrecognized Command
The command may not be valid in the current command mode, or you may
not have entered enough correct characters for the command to be
recognized. Try using the “?” command to determine your error. See
CLI Shortcuts
on page 6 for more information.
Using
%Invalid or incomplete
command
%Invalid input
detected at “^" marker
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 8
The command may not be valid in the current command mode, or you may
not have entered all of the pertinent information required to make the
command valid. Try using the “?” command to determine your error. See
Using CLI Shortcuts
The error in command entry is located where the caret (^) mark appears.
Enter a question mark at the prompt. The system will display a list of
applicable commands or will give syntax information for the entry.
on page 6 for more information.
Command Reference Guide Command Descriptions
COMMAND DESCRIPTIONS
This portion of the guide provides a detailed listing of all available commands for the CLI (organized by
command set). Each command listing contains pertinent information including the default value, a
description of all sub-command parameters, functional notes for using the command, and a brief
technology review. To search for a particular command alphabetically, use the Index. To search for
information on a group of commands within a particular command set, use the linked references given
below:
Basic Mode Command Set
on page 10
Enable Mode Command Set on page 20
Global Configuration Mode Command Set on page 200
DHCP Pool Command Set on page 355
IKE Policy Command Set on page 373
IKE Policy Attributes Command Set on page 386
IKE Client Command Set on page 392
Crypto Map IKE Command Set on page 396
Crypto Map Manual Command Set on page 405
Radius Group Command Set on page 416
CA Profile Configuration Command Set on page 418
Certificate Configuration Command Set on page 429
Ethernet Interface Configuration Command Set on page 433
DDS Interface Configuration Command Set on page 486
Serial Interface Configuration Command Set on page 494
T1 Interface Configuration Command Set on page 504
DSX-1 Interface Configuration Command Set on page 520
E1 Interface Configuration Command Set on page 530
G.703 Interface Configuration Command set on page 545
Modem Interface Configuration Command Set on page 552
BRI Interface Configuration Command set on page 556
Frame Relay Interface Config Command Set on page 567
Frame Relay Sub-Interface Config Command Set on page 587
ATM Interface Config Command Set on page 644
ATM Sub-Interface Config Command Set on page 647
ADSL Interface Config Command Set on page 701
BGP Configuration Command Set on page 705
BGP Neighbor Configuration Command Set on page 711
PPP Interface Configuration Command Set on page 715
Tunnel Configuration Command Set on page 778
HDLC Command Set on page 811
Loopback Interface Configuration Command Set on page 847
Line (Console) Interface Config Command Set on page 876
Line (Telnet) Interface Config Command Set on page 887
Router (RIP) Configuration Command Set on page 894
Router (OSPF) Configuration Command Set on page 903
Common Commands on page 922
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 9
SROS Command Line Interface Reference Guide Basic Mode Command Set
BASIC MODE COMMAND SET
To activate the Basic Mode, simply log in to the unit. After connecting the unit to a VT100 terminal (or
terminal emulator) and activating a terminal session, the following prompt displays:
Router>
The following command is common to multiple command sets and is covered in a centralized section of
this guide. For more information, refer to the section listed below:
exit on page 930
All other commands for this command set are described in this section in alphabetical order.
enable on page 11
logout on page 12
ping <address> on page 13
show clock on page 15
show snmp on page 16
show version on page 17
telnet <address> on page 18
traceroute <address> on page 19
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 10
SROS Command Line Interface Reference Guide Basic Mode Command Set
enable
Use the enable command (at the Basic Command Mode prompt) to enter the Enable Command Mode. Use
the disable command to exit the Enable Command Mode. See the section enable on page 11 for more
information.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
> Basic Command Mode
Functional Notes
The Enable Command Mode provides access to operating and configuration parameters and should be
password protected to prevent unauthorized use. Use the
Configuration) to specify an Enable Command Mode password. If the password is set, access to the Enable
Commands (and all other “privileged” commands) is only granted when the correct password is entered.
enable password
command (found in the Global
Usage Examples
The following example enters the Enable Command Mode and defines an Enable Command Mode password:
>
enable
#
configure terminal
(config)#
At the next login, the following sequence must occur:
>
enable
Password:
#
enable password password
******
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 11
SROS Command Line Interface Reference Guide Basic Mode Command Set
logout
Use the logout command to terminate the current session and return to the login screen.
Syntax Description
No subcommands.
Default Values
No defaults necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Usage Examples
The following example shows the logout command being executed in the Basic Mode:
>
logout
Session now available
Press RETURN to get started.
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 12
SROS Command Line Interface Reference Guide Basic Mode Command Set
ping <address>
Use the ping command (at the Basic Command Mode prompt) to verify IP network connectivity.
Syntax Description
<address> Optional.
with no specified address prompts the user with parameters for a more detailed
configuration. See
Specifies the IP address of the system to ping. Entering the
Functional Notes
(below) for more information.
ping
command
ping
Default Values
No default value necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Functional Notes
The
ping
command helps diagnose basic IP network connectivity using the Packet InterNet Groper program to
repeatedly bounce Internet Control Message Protocol (ICMP) Echo_Request packets off a system (using a
specified IP address). The Secure Router OS allows executing a standard
address or provides a set of prompts to configure a more specific
The following is a list of output messages from the
!
Success
Destination Host Unreachable
$
Invalid Host Address
X
TTL Expired in Transit
?
Unknown Host
*
Request Timed Out
ping
command:
ping
ping
request to a specified IP
configuration.
The following is a list of available extended
Target IP address:
Specifies the IP address of the system to ping.
Repeat Count:
Number of ping packets to send to the system (valid range: 1 to 1000000).
Datagram Size:
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 13
ping
fields with descriptions:
SROS Command Line Interface Reference Guide Basic Mode Command Set
Size (in bytes) of the ping packet (valid range: 1 to 1448).
Timeout in Seconds:
If a ping response is not received within the timeout period, the ping is considered unsuccessful (valid range: 1
to 5 seconds).
Extended Commands:
Specifies whether additional commands are desired for more ping configuration parameters.
Source Address (or interface):
Specifies the IP address to use as the source address in the ECHO_REQ packets.
Data Pattern:
Specify an alphanumerical string to use (the ASCII equivalent) as the data pattern in the ECHO_REQ packets.
Sweep Range of Sizes:
Varies the sizes of the ECHO_REQ packets transmitted.
Sweep Min Size:
Specifies the minimum size of the ECHO_REQ packet (valid range: 0 to 1448).
Sweep Max Size:
Specifies the maximum size of the ECHO_REQ packet (valid range: Sweep Min Size to 1448).
Sweep Interval:
Specifies the interval used to determine packet size when performing the sweep (valid range: 1 to 1448).
Verbose Output:
Specifies an extended results output.
Usage Examples
The following is an example of a successful
>
ping
Target IP address:
Repeat count[1-1000000]:
Datagram Size [1-1000000]:
Timeout in seconds [1-5]:
Extended Commands? [y or n]:
192.168.0.30
5
100
2
n
Type CTRL+C to abort.
Legend: '!' = Success '?' = Unknown host '$' = Invalid host address
'*' = Request timed out '-' = Destination host unreachable
'x' = TTL expired in transit
Pinging 192.168.0.30 with 100 bytes of data:
!!!!!
Success rate is 100 percent (5/5) round-trip min/avg/max = 19/20.8/25 ms
ping
command:
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 14
SROS Command Line Interface Reference Guide Basic Mode Command Set
show clock
Use the show clock command to display the system time and date entered using the clock set command.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Usage Examples
The following example displays the current time and data from the system clock:
>
show clock
23:35:07 UTC Tue Aug 20 2002
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 15
SROS Command Line Interface Reference Guide Basic Mode Command Set
show snmp
Use the show snmp command to display the system Simple Network Management Protocol (SNMP)
parameters and current status of SNMP communications.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Usage Examples
The following is an example output using the
default Chassis and Contact parameters:
>
show snmp
Chassis: Chassis ID
Contact: Customer Service
0 Rx SNMP packets
0 Bad community names
0 Bad community uses
0 Bad versions
0 Silent drops
0 Proxy drops
0 ASN parse errors
show snmp
command for a system with SNMP disabled and the
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 16
SROS Command Line Interface Reference Guide Basic Mode Command Set
show version
Use the show version command to display the current Secure Router OS version information.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Usage Examples
The following is a sample
>
show version
ProCurve Secure Router 7203dl
SROS Version: J02.01.01
Checksum: 5509EBDC, built on: Mon Mar 21 14:48:04 2005
Boot ROM version J02.01.01
Checksum: 9C0F, built on: Mon Mar 21 14:48:24 2005
Copyright (c) 2005-2005, Hewlett-Packard, Co.
Platform: ProCurve Secure Router 7203dl
Serial number US449TS029
Flash: 33554432 bytes DRAM: 268435455 bytes
System uptime is 0 days, 21 hours, 27 minutes, 0 seconds
Current system image file is "CFLASH:/J02_01_01.biz"
Boot system image file is "CFLASH:/J02_01_01.biz"
Primary system configuration file is "startup-config"
System booted up using configuration file: "startup-config"
show version
output:
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 17
SROS Command Line Interface Reference Guide Basic Mode Command Set
telnet <address>
Use the telnet command to open a Telnet session (through the Secure Router OS) to another system on the
network.
Syntax Description
<address> Specifies the IP address of the remote system.
Default Values
No default value necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Usage Examples
The following example opens a Telnet session with a remote system (10.200.4.15):
>
telnet 10.200.4.15
User Access Login
Password:
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 18
SROS Command Line Interface Reference Guide Basic Mode Command Set
traceroute <address>
Use the traceroute command to display the IP routes a packet takes to reach the specified destination.
Syntax Description
<address> Specifies the IP address of the remote system to trace the routes to
Default Values
No default value necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Usage Examples
The following example performs a traceroute on the IP address 192.168.0.1:
#
traceroute 192.168.0.1
Type CTRL+C to abort.
Tracing route to 192.168.0.1 over a maximum of 30 hops
1 22ms 20ms 20ms 192.168.0.65
2 23ms 20ms 20ms 192.168.0.1
#
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 19
SROS Command Line Interface Reference Guide Enable Mode Command Set
ENABLE MODE COMMAND SET
To activate the Enable Mode, enter the enable command at the Basic Mode prompt. (If an enable password
has been configured, a password prompt will display.) For example:
Router>enable
Password: XXXXXXX
Router#
The following commands are common to multiple command sets and are covered in a centralized section
of this guide. For more information, refer to the section listed below:
bind <#> <from interface> <slot/port> <tdm-group#> <to interface> <slot/port> on page 924
description on page 927
exit on page 930
ping <address> on page 931
show running-config on page 933
All other commands for this command set are described in this section in alphabetical order.
clear commands begin on page 22
clock auto-correct-dst on page 48
clock set <time> <day> <month> <year> on page 50
clock timezone <text> on page 51
configure on page 53
copy <source> <destination> on page 54
copy console <filename> on page 55
copy flash <destination> on page 56
copy <filename> interface <interface> <slot/port> on page 57
copy tftp <destination> on page 58
copy xmodem <destination> on page 59
debug commands begin on page 60
dir on page 98
disable on page 99
erase [<filename> | startup-config] on page 100
events on page 101
logout on page 102
reload [cancel | in <delay>] on page 103
show commands begin on page 104
telnet <address> on page 194
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 20
SROS Command Line Interface Reference Guide Enable Mode Command Set
terminal length <text> on page 195
traceroute <address> on page 196
undebug all on page 197
wall <message> on page 198
write [erase | memory | network | terminal] on page 199
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 21
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear access-list <listname>
Use the clear access-list command to clear all counters associated with all access lists (or a specified
access list).
Syntax Description
<listname> Optional. Specifies the name (label) of an access list
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears all counters for the access list labeled MatchAll:
>enable
#clear access-list MatchAll
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 22
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear arp-cache
Use the clear arp-cache command to remove all dynamic entries from the Address Resolution Protocol
(ARP) cache table.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example removes all dynamic entries from the ARP cache:
>enable
#clear arp-cache
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 23
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear arp-entry <address>
Use the clear arp-entry command to remove a single entry from the Address Resolution Protocol (ARP)
cache.
Syntax Description
<address> Specifies the IP address of the entry to remove
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example removes the entry for 10.200.4.56 from the ARP cache:
>enable
#clear arp-entry 10.200.4.56
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 24
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear bridge <group#>
Use the clear bridge command to clear all counters associated with bridging (or for a specified
bridge-group).
Syntax Description
<group#> Optional.
Specifies a single bridge group (1-255).
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears all counters for bridge group 17:
>enable
#clear bridge 17
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 25
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear buffers max-used
Use the clear buffers max-used command to clear the maximum-used statistics for buffers displayed in
the show memory heap command.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
>enable
#clear buffers max-used
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 26
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear counters <interface>
Use the clear counters command to clear all interface counters (or the counters for a specified interface).
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears all counters associated with the Ethernet 0/1 interface:
>enable
#clear counters ethernet 0/1
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 27
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear crypto ike sa <policy priority>
Use the clear crypto ike sa command to clear existing IKE security associations (SAs), including active
ones.
Syntax Description
<policy priority> Optional.
This number is assigned using the
Clear out all existing IKE SAs associated with the designated policy priority.
crypto ike policy
command.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears the entire database of IKE SAs (including the active associations):
>enable
#clear crypto ike sa
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 28
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear crypto ipsec sa
Use the clear crypto ipsec sa command to clear existing IPSec security associations (SAs), including
active ones.
Variations of this command include the following:
clear crypto ipsec sa
clear crypto ipsec sa entry <ip address> ah <SPI>
clear crypto ipsec sa entry <ip address> esp <SPI>
clear crypto ipsec sa map <map name>
clear crypto ipsec sa peer <ip address>
Syntax Description
entry
<ip address>
ah
<SPI>
esp
<SPI>
map
<map name>
peer
<ip address>
Clear only the SAs related to a certain destination IP address.
Clear only a portion of the SAs by specifying the AH (authentication header)
protocol and a security parameter index (SPI). You can determine the correct SPI
value using the show crypto ipsec sa command.
Clear only a portion of the SAs by specifying the ESP (encapsulating security
payload) protocol and a security parameter index (SPI). You can determine the
correct SPI value using the show crypto ipsec sa command.
Clear only the SAs associated with the crypto map name given.
Clear only the SAs associated with the far-end peer IP address given.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 29
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear dump-core
The clear dump-core command clears diagnostic information appended to the output of the show version
command. This information results from an unexpected unit reboot.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears the entire database of IKE SAs (including the active associations):
>enable
#clear dump-core
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 30
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear event-history
Use the clear event-history command to clear all messages logged to the local event-history.
Warning
Messages cleared from the local event-history (using the clear event-history command)
are no longer accessible.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears all local event-history messages:
>enable
#clear event-history
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 31
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear ip bgp [* | <as-number> | <ip address>] [in | out | soft]
Use the clear ip bgp command to clear BGP neighbors as specified.
Syntax Description
* Clears all BGP neighbors.
<as-number> Clears all BGP neighbors with the specified AS number. Range is 1 to 65,535.
<ip address> Clears the BGP neighbor with the specified IP address.
in Causes a “soft” reset inbound with a neighbor, reprocessing routes advertised by
that neighbor.
out Causes a “soft” reset outbound with a neighbor, re-sending advertised routes to
that neighbor.
soft Causes a “soft” reset both inbound and outbound.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Functional Notes
The clear ip bgp command must be issued to re-initialize the BGP process between the peers matching
the given arguments. Most neighbor changes, including changes to prefix-list filters, do not take effect until
the clear command is issued. A hard reset clears the TCP connection with the specified peers which
results in clearing the table. This method of clearing is disruptive and causes peer routers to record a route
flap for each route.
The out version of this command provides a soft reset out to occur by causing all routes to be re-sent to
the specified peer(s). TCP connections are not torn down so this method is less disruptive. Output
filters/policies are re-applied before sending the update.
The in version of this command provides a soft reset in to occur by allowing the router to receive an
updated table from a peer without tearing down the TCP connection. This method is less disruptive and
does not count as a route flap. Currently all of the peer's routes are stored permanently, even if they are
filtered by a prefix list. The command causes the peer's routes to be reprocessed with any new
parameters.
Usage Examples
The following example causes a hard reset with peers with an AS number of 101:
#clear ip bgp 101
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 32
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear ip igmp group [<group-address> | <interface>]
Use the clear ip igmp group command to clear entries from the Internet Group Management Protocol
(IGMP) tables. If no address or interface is specified, all non-static IGMP groups are cleared with this
command.
Syntax Description
<group-address> Optional.
<interface> Optional.
type slot/port
Specifies the multicast IP address of the multicast group.
Designates the clearing of parameters for a specific interface (in the format
). For example: eth 0/1.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example shows output for the show igmp groups command before and after a
clear ip igmp group command is issued. This example clears the IGMP entry that was registered
dynamically by a host. Interfaces that are statically joined are not cleared:
#show ip igmp groups
IGMP Connected Group Membership
Group Address
Interface
Uptime
Expires
Last Reporter
172.0.1.50
Loopback100
01:22:59
00:02:46
172.23.23.1
172.1.1.1
Ethernet0/1
00:00:14
00:02:45
1.1.1.2
172.1.1.1
Loopback100
01:22:59
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 33
SROS Command Line Interface Reference Guide Enable Mode Command Set
00:02:46
172.23.23.1
#clear ip igmp group
#show ip igmp groups
IGMP Connected Group Membership
Group Address
Interface
Uptime
Expires
Last Reporter
This version of the command clears all dynamic groups that have the specified output interface (Ethernet
0/1):
#clear ip igmp group ethernet 0/1
This version of the command clears the specified group on all interfaces where it is dynamically registered:
#clear ip igmp group 172.1.1.1
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 34
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear ip policy-sessions
Use the clear ip policy-sessions command to clear policy class sessions. You may clear all the sessions or
a specific session. Refer to the show ip policy-sessions for a current session listing. The following lists the
complete syntax for the clear ip policy-sessions commands:
clear ip policy-sessions
clear ip policy-sessions <classname> [ahp | esp | gre | icmp | tcp | udp | <protocol>] <source ip>
<source port><dest ip><dest port>
clear ip policy-sessions <classname> [ahp | esp | gre | icmp | tcp | udp | <protocol>] <source ip>
<source port><dest ip><dest port> [destination | source] <nat ip><nat port>
Syntax Description
<classname> Alphanumeric descriptor for identifying the configured access policy (access
policy descriptors are not case-sensitive).
<protocol> A specific protocol (valid range: 0-255).
<source ip> Specifies the source IP address (format is A.B.C.D).
<source port> Specifies the source port (in hexadecimal format for ahp, esp, and gre; decimal for
all other protocols).
<dest ip> Specifies the destination IP address (format is A.B.C.D).
<dest port> Specifies the destination port (in hex format for ahp, esp, and gre; decimal for all
other protocols).
[destination | source] For NAT sessions, this specifies whether to select a NAT source or NAT
destination session.
<nat ip> For NAT sessions, this specifies the NAT IP address (format is A.B.C.D).
<nat port> For NAT sessions, this specifies the NAT port (in hex format for ahp, esp, and gre;
decimal for all other protocols).
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Functional Notes
The second half of this command, beginning with the source IP address may be copied and pasted from a
row in the show ip policy-sessions table for easier use.
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 35
SROS Command Line Interface Reference Guide Enable Mode Command Set
Usage Examples
The following example clears the Telnet association (TCP port 23) for policy class "pclass1" with source IP
address 192.22.71.50 and destination 192.22.71.130:
>enable
#clear ip policy-sessions pclass1 tcp 192.22.71.50 23 192.22.71.130 23
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 36
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear ip policy-stats <classname> entry <policy class #>
Use the clear ip policy-stats command to clear statistical counters for policy classes
Syntax Description
<classname> Optional.
are cleared for all policies.
entry Optional. Use this optional keyword to clear statistics of a specific policy class
entry
<policy class #> Optional. Specifies the policy class entry number.
Specifies the policy class to clear. If no policy class is specified, statistics
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears statistical counters for all policy classes:
>enable
#clear ip policy-stats
The following example clears statistical counters for the policy class MatchALL:
>enable
#clear ip policy-stats MatchALL
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 37
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear ip prefix-list <listname>
Use the clear ip prefix-list command to clear the IP prefix list hit count shown in the show ip prefix-list
detail output.
Syntax Description
<listname> Specifies of the IP prefix list to clear.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears the hit count statistics for prefix list test:
>enable
#clear ip prefix-list test
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 38
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear ip route
Use the clear ip route command to remove all learned routes from the IP route table. Static and connected
routes are not cleared by this command.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example removes all learned routes from the route table:
>enable
#clear ip route *
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 39
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear lldp counters
Use the clear lldp counters command to reset all LLDP packet counters to 0 on all interfaces.
Syntax Description
No subcommands.
Default Values
There are no default settings for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example resets all LLDP counters:
>enable
#clear lldp counters
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 40
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear lldp counters interface <interface>
Use the clear lldp counters interface command to reset all LLDP packet counters to 0 for a specified
interface.
Syntax Description
<interface> Clears the information for the specified interface. Type clear lldp counters
interface ? for a complete list of applicable interfaces.
Default Values
No default values are necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example resets the counters on a PPP interface:
>enable
#clear lldp counters interface ppp 1
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 41
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear lldp neighbors
Use the clear lldp neighbors command to remove all neighbors from this unit’s database. As new LLDP
packets are received, the database will contain information about neighbors included in those frames.
Syntax Description
No subcommands.
Default Values
There are no default settings for this command.
Command Modes
# Enable Command Mode
Functional Notes
This command generates output indicating the names of any neighbors deleted from the database and the
name of the interface on which the neighbor was learned.
Usage Examples
The following example clears LLDP neighbor Switch_1 from the Ethernet interface 0/1:
>enable
#clear lldp neighbors
LLDP: Deleted neighbor “Switch_1” on interface eth 0/1
#
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 42
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear pppoe <interface id>
Use the clear pppoe command to terminate the current PPPoE client session and cause the Secure Router
OS to try and re-establish the session.
Syntax Description
<interface id> PPP interface number.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example ends the current PPPoE client session for ppp 1:
>enable
#clear pppoe 1
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 43
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear process cpu max
Use the clear process cpu max command to clear the maximum CPU usage statistic which is visible in the
show process cpu command.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example resets the CPU maximum usage statistics:
>enable
#clear process cpu max
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 44
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear qos map
Use the clear qos map command to clear the statistics for all defined QoS maps or to view detailed
information for maps meeting user-configured specifications.
Variations of this command include the following:
clear qos map <map name>
clear qos map <map name> <sequence number>
clear qos map <interface>
Syntax Description
<map name> Enter the name of a defined QoS map.
<sequence number> Enter one of the map’s defined sequence numbers.
<interface> Specify an interface to clear QoS map statistics for just that interface (e.g.,
frame-relay, ppp).
Default Values
No default value necessary for this command.
Command Modes
# Enable mode
Usage Examples
clears statistics for all defined QoS map:
#clear qos map
clears statistics for all entries in the “priority” QoS map:
#clear qos map priority
clears statistics in entry “10” of the “priority” QoS map:
#clear qos map priority 10
clears QoS statistics for a specified interface:
#clear qos map interface frame-relay 1
Note
The clear counters command clears ALL interface statistics (including QoS map interface
statistics).
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 45
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear spanning-tree counters [interface <interface>]
The clear spanning-tree counters command clears the following counts: BPDU transmit, BPDU receive,
and number of transitions to forwarding state.
Syntax Description
interface <interface> Optional.
complete list of interfaces.
Specifies a single interface. Enter
clear spanning-tree counters ?
Default Values
No default value necessary for this command.
Command Modes
# Enable mode
Usage Examples
The following example clears the spanning tree counters for Ethernet 0/1:
>enable
#clear spanning-tree counters interface eth 0/1
for a
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 46
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear spanning-tree detected-protocols [interface ethernet
<interface id>]
Use the clear spanning-tree detected-protocols command to restart the protocol migration process.
Syntax Description
interface Optional.
<interface id> Optional.
Choose the
Enter a valid interface ID (e.g.,
ethernet
interface.
0/1
for Ethernet 0/1).
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Functional Notes
The ProCurve Secure Router has the ability to operate using the rapid spanning-tree protocol or the legacy
802.1D version of spanning-tree. When a BPDU (bridge protocol data unit) of the legacy version is
detected on an interface, the ProCurve Secure Router automatically regresses to using the 802.1D
spanning-tree protocol for that interface. Issue the clear spanning-tree detected-protocols command to
return to rapid spanning-tree operation.
Usage Examples
The following example re-initiates the protocol migration process on eth 0/2:
>enable
#clear spanning-tree detected-protocols interface ethernet 0/2
The following example re-initiates the protocol migration process on all interfaces:
>enable
#clear spanning-tree detected-protocols
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 47
SROS Command Line Interface Reference Guide Enable Mode Command Set
clock auto-correct-dst
The clock auto-correct-dst command allows the automatic one-hour correction for Daylight Saving Time
(DST). Use the clock no-auto-correct-dst command to disable this feature.
Syntax Description
No subcommands.
Default Values
By default this command is enabled.
Command Modes
# Enable mode
Usage Examples
The following example allows for automatic DST correction:
>enable
#clock auto-correct-DST
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 48
SROS Command Line Interface Reference Guide Enable Mode Command Set
clock no-auto-correct-dst
The clock no-auto-correct-dst command allows you to override the automatic one-hour correction for
Daylight Saving Time (DST).
Syntax Description
No subcommands.
Default Values
No default value is necessary for this command.
Command Modes
# Enable mode
Functional Notes
Many time zones include an automatic one-hour correction for daylight saving time at the appropriate time.
You may override it at your location using this command.
Usage Examples
The following example overrides the one-hour offset for DST:
>enable
#clock no-auto-correct-DST
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 49
SROS Command Line Interface Reference Guide Enable Mode Command Set
clock set <time> <day> <month> <year>
Use the clock set command to configure the system software clock. For the command to be valid, all fields
must be entered. See the Usage Example below for an example.
Syntax Description
<time> Sets the time of the system software clock in the format HH:MM:SS
(hours:minutes:seconds).
<day> Sets the current day of the month (valid range: 1 to 31).
<month> Sets the current month (valid range: January to December). You need only enter
enough characters to make the entry unique. This entry is not case-sensitive.
<year> Sets the current year (valid range: 2000 to 2100).
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example sets the system software clock for 3:42 pm, August 22 2004:
>enable
#clock set 03:42:00 22 Au 2004
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 50
SROS Command Line Interface Reference Guide Enable Mode Command Set
clock timezone <text>
The clock timezone command sets the unit’s internal clock to the timezone of your choice. This setting is
based on the difference in time (in hours) between Greenwich Mean Time (GMT) or Central Standard
Time (CST) and the timezone for which you are setting up the unit. Use the no form of this command to
disable this feature.
Syntax Description
<text> Specifies the difference in time (in hours) between Greenwich Mean Time (GMT)
or Central Standard Time (CST) and the timezone for which you are setting up the
unit.
Default Values
No default value is necessary for this command.
Command Modes
# Enable mode
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 51
SROS Command Line Interface Reference Guide Enable Mode Command Set
Functional Notes
The following list shows sample cities and their timezone codes.
clock timezone +1-Amsterdam
clock timezone +1-Belgrade
clock timezone +1-Brussels
clock timezone +1-Sarajevo
clock timezone +1-West-Africa
clock timezone +10-Brisbane
clock timezone +10-Canberra
clock timezone +10-Guam
clock timezone +10-Hobart
clock timezone +10-Vladivostok
clock timezone +11
clock timezone +12-Auckland
clock timezone +12-Fiji
clock timezone +13
clock timezone +2-Athens
clock timezone +2-Bucharest
clock timezone +2-Cairo
clock timezone +2-Harare
clock timezone +2-Helsinki
clock timezone +2-Jerusalem
clock timezone +3-Baghdad
clock timezone +3-Kuwait
clock timezone +3-Moscow
clock timezone +3-Nairobi
clock timezone +3:30
clock timezone +4-Abu-Dhabi
clock timezone +4-Baku
clock timezone +4:30
clock timezone +5-Ekaterinburg
clock timezone +5-Islamabad
clock timezone +5:30
clock timezone +5:45
clock timezone +6-Almaty
clock timezone +6-Astana
clock timezone +6-Sri-Jay
clock timezone +6:30
clock timezone +7-Bangkok
clock timezone +7-Kranoyarsk
clock timezone +8-Bejing
clock timezone +8-Irkutsk
clock timezone +8-Kuala-Lumpur
clock timezone +8-Perth
clock timezone +8-Taipei
clock timezone +9-Osaka
clock timezone +9-Seoul
clock timezone +9-Yakutsk
clock timezone +9:30-Adelaide
clock timezone +9:30-Darwin
clock timezone -1-Azores
clock timezone -1-Cape-Verde
clock timezone -10
clock timezone -11
clock timezone -12
clock timezone -2
clock timezone -3-Brasilia
clock timezone -3-Buenos-Aires
clock timezone -3-Greenland
clock timezone -3:30
clock timezone -4-Atlantic-Time
clock timezone -4-Caracus
Usage Examples
The following example sets the timezone for Santiago, Chile.
>enable
#clock timezone -4-Santiago
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 52
SROS Command Line Interface Reference Guide Enable Mode Command Set
configure
Use the configure command to enter the Global Configuration Mode or to configure the system from
memory. See Global Configuration Mode Command Set on page 200 for more information.
Syntax Description
terminal Enter the Global Configuration Mode.
memory Configure the active system with the commands located in the default
configuration file stored in NVRAM.
network Configure the system from a TFTP network host.
overwrite-network Overwrite NVRAM memory from a TFTP network host.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example enters the Global Configuration Mode from the Enable Command Mode:
>enable
#configure terminal
(config)#
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 53
SROS Command Line Interface Reference Guide Enable Mode Command Set
copy <source> <destination>
Use the copy command to copy any file from a specified source to a specified destination.
Syntax Description
<source> Specifies the current location of the file.
Valid sources include: running-config (current running configuration file),
startup-config (configuration file located in NVRAM), or a filename (located in
FLASH memory).
<destination> Specifies the destination of the copied file.
Valid destinations include: running-config (current running configuration file),
startup-config (configuration file located in NVRAM), or a filename (located in
FLASH memory).
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following provides various sample copy commands:
>enable
Creates a copy of the file myfile.biz (located in FLASH memory) and names it newfile.biz:
#copy myfile.biz newfile.biz
Creates a backup copy of the startup configuration file (and places in FLASH memory):
#copy startup-config backup.bak
Copies the current running-configuration file to the startup configuration file located in NVRAM:
#copy running-config startup-config
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 54
SROS Command Line Interface Reference Guide Enable Mode Command Set
copy console <filename>
Use the copy console command to copy the console’s input to a text file. To end copying to the text file,
type <Ctrl+D>. The file will be saved in the SROS root directory.
Syntax Description
<filename> Specify destination file for console input.
Default Values
No default is necessary for this command.
Command Modes
# Enable Command Mode
Functional Notes
The copy console command works much like a line editor. Prior to pressing <Enter>, changes can be
made to the text on the line. Changes can be made using <Delete> and <Backspace> keys. The text can
be traversed using the arrow keys, <Ctrl+A> (to go to the beginning of a line), and <Ctrl+E> (to go to the
end of a line). To end copying to the text file, type <Ctrl+D>. The file will be saved in the Secure Router OS
root directory. Use the dir command to see a list of files in the root directory.
Usage Examples
The following example copies the console input into the file config, located in the Secure Router OS root
directory:
>enable
#copy console config
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 55
SROS Command Line Interface Reference Guide Enable Mode Command Set
copy flash <destination>
Use the copy flash command to copy a file located in flash memory to a specified destination.
Syntax Description
<destination> Specifies the destination of the copied file. Valid destinations include tftp and
xmodem.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example copies the contents of the unit’s flash memory to a TFTP server:
>enable
#copy flash tftp
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 56
SROS Command Line Interface Reference Guide Enable Mode Command Set
copy <filename> interface <interface> <slot/port>
Use the copy interface command to copy a file to a specified interface.
Syntax Description
<filename> Specify file name of source file.
<interface> Specify interface to be upgraded.
<slot/port> Specify slot and port number of interface
Default Values
No default is necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example upgrades the ADSL interface with the firmware file configfile:
>enable
#copy configfile interface adsl 0/1
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 57
SROS Command Line Interface Reference Guide Enable Mode Command Set
copy tftp <destination>
Use the copy tftp command to copy a file located on a network Trivial File Transfer Protocol (TFTP)
server to a specified destination.
Syntax Description
<destination> Specifies the destination of the file copied from the TFTP server.
Valid destinations include: flash (FLASH memory), startup-config (the
configuration file stored in NVRAM), or running-config (the current running
configuration file).
After entering copy tftp and specifying a destination, the Secure Router OS
prompts for the following information:
Address of remote host: IP address of the TFTP server.
Source filename: Name of the file to copy from the TFTP server.
Destination filename: Specifies the filename to use when storing the copied file to FLASH memory.
(Valid only for the copy tftp flash command.)
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example copies myfile.biz from the TFTP server (10.200.2.4) to flash memory and labels it
newfile.biz:
#copy tftp flash
Address of remote host?10.200.2.4
Source filename myfile.biz
Destination filename newfile.biz
Initiating TFTP transfer...
Received 45647 bytes.
Transfer Complete!
#
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 58
SROS Command Line Interface Reference Guide Enable Mode Command Set
copy xmodem <destination>
Use the copy xmodem command to copy a file (using the XMODEM protocol) to a specified destination.
XMODEM capability is provided in terminal emulation software such as HyperTerminal™.
Syntax Description
<destination> Specifies the destination of the copied file.
Valid destinations include: flash (FLASH memory), startup-config (the
configuration file stored in NVRAM), or running-config (the current running
configuration file).
After entering copy xmodem and specifying a destination, the Secure Router OS
prompts for the following information:
Destination filename: Specifies the filename to use when storing the copied file to FLASH memory.
(Valid only for the copy flash command.)
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example copies a .biz file to flash memory and labels it newfile.biz:
#copy xmodem flash
Destination filename newfile.biz
Begin the Xmodem transfer now...
Press CTRL+X twice to cancel
CCCCCC
The Secure Router OS is now ready to accept the file on the CONSOLE port (using the XMODEM
protocol). The next step in the process may differ depending on the type of terminal emulation software
you are using. For HyperTerminal, you will now select Transfer > Send File and browse to the file you
wish to copy. Once the transfer is complete, information similar to the following is displayed:
Received 231424 bytes.
Transfer complete.
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 59
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug aaa
Use the debug aaa command to activate debug messages associated with authentication from the AAA
subsystem. Debug messages are displayed (real-time) on the terminal (or Telnet) screen. Use the no form
of this command to disable the debug messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the SROS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
The debug aaa events include connection notices, login attempts, and session tracking.
Usage Examples
The following is sample output for this command:
>enable
#debug aaa
AAA: New Session on portal 'TELNET 0 (172.22.12.60:4867)'.
AAA: No list mapped to 'TELNET 0'. Using 'default'.
AAA: Attempting authentication (username/password).
AAA: RADIUS authentication failed.
AAA: Authentication failed.
AAA: Closing Session on portal 'TELNET 0 (172.22.12.60:4867)'.
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 60
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug access-list <listname>
Use the debug access-list command to activate debug messages (for a specified list) associated with access
list operation. Debug messages are displayed (real-time) on the terminal (or Telnet) screen. Use the no
form of this command to disable the debug messages.
Syntax Description
<listname> Specifies a configured access list
Default Values
By default, all debug messages in the SROS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
The debug access-list command provides debug messages to aid in troubleshooting access list issues.
Usage Examples
The following example activates debug messages for the access list labeled MatchAll:
>enable
#debug access-list MatchAll
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 61
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug atm events
Use the debug atm events command to display events on all ATM ports and all virtual circuits. Debug
messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to
disable debug messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates ATM event messages:
>enable
#debug atm events
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 62
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug atm oam <vcd> loopback [end-to-end | segment] <LLID>
Use the debug atm oam command to display Operation, Administration, and Maintenance (OAM) packets
for a ATM virtual circuit descriptor (VCD). Debug messages are displayed (real-time) to the terminal (or
Telnet) screen. Use the no form of this command to disable debug messages.
Variations of this command include the following:
debug atm oam <vcd>
debug atm oam <vcd> loopback [end-to-end | segment]
debug atm oam <vcd> loopback [end-to-end | segment] <LLID>
Syntax Description
<vcd> Shows OAM packets for a specific VCD.
loopback Configures an OAM loopback.
end-to-end Configures an end-to-end OAM loopback.
segment Configures a segment loopback.
<LLID> Specifies 16 byte OAM loopback location ID (LLID).
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates ATM OAM debug messages for VCD 1:
>enable
#debug atm oam 1
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 63
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug atm packet [interface atm | vc] < ATM port | VPI/VCI> vcd <vcd
number>
Use the debug atm packet command to activate debug messages associated with packets on ATM ports
and virtual circuits. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the
no form of this command to disable the debug messages.
Variations of this command include the following:
debug atm packet .
debug atm packet [interface atm | vc] <port id>
debug atm packet interface atm <port id> vcd <port>
Syntax Description
interface atm Shows packets on a specific ATM port and on all virtual circuits.
vc Shows packets on a specific virtual circuit.
<ATM port> Specifies ATM port number.
<VPI/VCI> Specifies virtual path identifier and virtual channel identifier (VPI/VCI).
vcd Shows packets on specific virtual circuit descriptors (VCD).
<vcd number> Specifies a VCD port number.
Default Values
By default, all debug messages in the SROS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates debug ATM packet debug messages on ATM port 1:
>enable
#debug atm packet interface atm 1
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 64
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug bridge
Use the debug bridge command to display messages associated with bridge events. Debug messages are
displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable debug
messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates bridge debug messages:
#debug bridge
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 65
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug crypto [ike | ike negotiation | ike client authentication |
ike client configuration | ipsec | pki]
Use the debug crypto command to activate debug messages associated with IKE and IPSec functions.
Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this
command to disable the debug messages.
Syntax Description
ike Displays all IKE debug messages.
ike negotiation Displays only IKE key management debug messages (e.g., handshaking).
ike client authenticationDisplays IKE client authentication messages as they occur.
ike client configurationDisplays mode-config exchanges as they take place over the IKE SA. It is
enabled independently from the ike negotiation debug described previously.
ipsec Displays all IPSec debug messages.
pki Displays all PKI (public key infrastructure) debug messages.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates the IPSec debug messages:
>enable
#debug crypto ipsec
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 66
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug backup
Use the debug backup command to activate debug messages associated with backup operation. Debug
messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to
disable the debug messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
The debug backup command activates debug messages to aid in the troubleshooting of backup links.
Usage Examples
The following example activates debug messages for backup operation:
>enable
#debug backup
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 67
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug dialup-interfaces
Use the debug dialup-interfaces command to generate debug messages used to aid in troubleshooting
problems with all dialup interfaces such as the modem or the BRI cards. Use the no version of this
command to disable it.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
When enabled, these messages provide status information on incoming calls, dialing and answering
progress, etc. These messages also give information on why certain calls are dropped or rejected. It is
beneficial to use this command when troubleshooting backup (in addition to the debug backup
command).
Usage Examples
The following example activates the debug messages for dialup interfaces:
>enable
#debug dialup-interfaces
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 68
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug dynamic-dns [verbose]
Use the debug dynamic-dns command to display debug messages associated with dynamic DNS. Debug
messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to
disable the debug messages.
Syntax Description
verbose Turns on verbose messaging.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates dynamic DNS debug messages:
>enable
#debug dynamic-dns verbose
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 69
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug firewall
Use the debug firewall command to activate debug messages associated with the Secure Router OS
firewall operation. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no
form of this command to disable the debug messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
The debug firewall command activates debug messages to provide real-time information about the
Secure Router OS stateful inspection firewall operation.
Usage Examples
The following example activates the debug messages for the Secure Router OS stateful inspection
firewall:
>enable
#debug firewall
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 70
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug frame-relay [events | llc2 | lmi]
Use the debug frame-relay command to activate debug messages associated with the Frame Relay
operation. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of
this command to disable the debug messages.
Syntax Description
events Activates debug messages for generic Frame Relay events (such as Frame Relay
interface state)
llc2 Activates debug messages for the logical link control layer
lmi Activates debug messages for the local management interface (such as DLCI
status signaling state, etc.)
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
The debug frame-relay command activates debug messages to aid in the troubleshooting of Frame Relay
links.
Usage Examples
The following example activates all possible debug messages associated with Frame Relay operation:
>enable
#debug frame-relay events
#debug frame-relay llc2
#debug frame-relay lmi
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 71
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug frame-relay multilink <interface>
Use the debug frame-relay multilink command to activate debug messages associated with Frame Relay
multilink operation. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the
no form of this command to disable the debug messages.
Syntax Description
<interface> Optional. Activates debug messages for the specified interface. Type debug
frame-relay multilink ? for a complete list of applicable interfaces.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates debug messages associated with multilink operation for all Frame Relay
interfaces:
>enable
#debug frame-relay multilnk
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 72
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug hdlc [errors | verbose]
Use the debug hdlc command to activate debug messages associated with the HDLC interface. Debug
messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to
disable the debug messages.
Syntax Description
errors Enables protocol error and statistic messages.
verbose Enables detailed debug messages.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates detailed debug messages associated with the HDLC interface:
>enable
#debug hdlc verbose
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 73
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug interface < interface >
Use the debug interface command to activate debug messages associated with the specified interface.
Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this
command to disable the debug messages.
Syntax Description
< interface > Activates debug messages for the specified interface. Type debug interface ? for
a complete list of applicable interfaces.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
The debug interface command activates debug messages to aid in the troubleshooting of physical
interfaces.
Usage Examples
The following example activates all possible debug messages associated with the Ethernet port:
>enable
#debug interface ethernet
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 74
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug interface adsl events
Use the debug interface adsl events command to activate debug messages associated with ADSL events.
Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this
command to disable the debug messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates debug messages for ADSL events:
>enable
#debug interface adsl events
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 75
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ip bgp [events | in | out | keepalives | updates]
Use the debug ip bgp command to activate debug messages associated with IP BGP. Debug messages are
displayed (real time) on the terminal (or Telnet) screen. Use the no form of this command to disable the
debug messages.
Syntax Description
events Displays significant BGP events such as a neighbor state change.
in/out Displays the same information as debug ip bgp, but limits messages to the
specified direction (in or out).
keepalives Displays BGP keepalive packets.
updates Displays BGP updates for all neighbors.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
If no arguments are given, the debug ip bgp command displays general BGP events such as
sent/received message summaries, route processing actions, and results. Keepalive packets are not
debugged with this command.
Usage Examples
The following example enables debug messages on general outbound BGP messages and events:
#debug ip bgp out
#07:42:39: BGP OUT 10.15.240.1[2]: Transmitting msg, type=UPDATE (2), len=142
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 76
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ip dhcp-client
Use the debug ip dhcp-client command to activate debug messages associated with DHCP client
operation in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet)
screen. Use the no form of this command to disable the debug messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
The debug ip dhcp-client command activates debug messages to provide information on DHCP client
activity in the Secure Router OS. The Secure Router OS DHCP client capability allows interfaces to
dynamically obtain an IP address from a network DHCP server.
Usage Examples
The following example activates debug messages associated with DHCP client activity:
>enable
#debug ip dhcp-client
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 77
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ip dhcp-server
Use the debug ip dhcp-server command to activate debug messages associated with DHCP server
operation in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet)
screen. Use the no form of this command to disable the debug messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
The debug ip dhcp-server command activates debug messages to provide information on DHCP server
activity in the Secure Router OS. The Secure Router OS DHCP server capability allows the Secure Router
OS to dynamically assign IP addresses to hosts on the network.
Usage Examples
The following example activates debug messages associated with DHCP server activity:
>enable
#debug ip dhcp-server
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 78
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ip dns-client
Use the debug ip dns-client command to activate debug messages associated with DNS (domain naming
system) client operation in the Secure Router OS. Debug messages are displayed (real-time) to the terminal
(or Telnet) screen. Use the no form of this command to disable the debug messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
The debug ip dns-client command activates debug messages to provide information on DNS client
activity in the Secure Router OS. The IP DNS capability allows for DNS-based host translation
(name-to-address).
Usage Examples
The following example activates debug messages associated with DNS client activity:
>enable
#debug ip dns-client
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 79
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ip dns-proxy
Use the debug ip dns-proxy command to activate debug messages associated with DNS (domain naming
system) proxy operation in the Secure Router OS. Debug messages are displayed (real-time) to the
terminal (or Telnet) screen. Use the no form of this command to disable the debug messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
The debug ip dns-proxy command activates debug messages to provide information on DNS proxy
activity in the Secure Router OS. The IP DNS capability allows for DNS-based host translation
(name-to-address).
Usage Examples
The following example activates debug messages associated with DNS proxy activity:
>enable
#debug ip dns-proxy
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 80
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ip icmp [send | recv]
Use the debug ip icmp command to show all ICMP messages as they come into the router or are
originated by the router. If an optional keyword (send or recv) is not used, all results are displayed. Use the
no form of this command to disable the debug messages.
Syntax Description
send
recv
Optional keyword which allows you to only display ICMP messages sent by the router.
Optional keyword which allows you to only display ICMP messages received by the
router.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates the debug ip icmp send and receive messages for the Secure Router
OS:
>enable
#debug ip icmp
ICMP SEND: From (0.0.0.0) to (172.22.14.229) Type=8 Code=0 Length=72 Details:echo request
ICMP RECV: From (172.22.14.229) to (10.100.23.19) Type=0 Code=0 Length=72 Details:echo reply
ICMP SEND: From (0.0.0.0) to (172.22.14.229) Type=8 Code=0 Length=72 Details:echo request
ICMP RECV: From (172.22.14.229) to (10.100.23.19) Type=0 Code=0 Length=72 Details:echo reply
ICMP RECV: From (172.22.255.200) to (10.100.23.19) Type=11 Code=0 Length=36 Details:TTL equals 0
during transit
ICMP RECV: From (172.22.14.229) to (10.100.23.19) Type=3 Code=3 Length=36 Details:port
unreachable
ICMP RECV: From (172.22.14.229) to (10.100.23.19) Type=3 Code=3 Length=36 Details:port
unreachable
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 81
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ip igmp <group-address>
Use the debug ip igmp command to enable debug messages for IGMP transactions (including helper
activity).
Syntax Description
<group-address> Optional.
IP address of a multicast group.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example enables IGMP debug messages for the specified multicast group:
>enable
#debug ip igmp 224.1.1.1
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 82
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ip ospf
Use the debug ip ospf command to activate debug messages associated with OSPF routing operations.
Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this
command to disable the debug messages.
Syntax Description
adj Display OSPF adjacency events
database-timer Display OSPF database timer
events Display OSPF events
flood Display OSPF flooding
hello Display OSPF hello events
lsa-generation Display OSPF link state advertisement generation
packet Display OSPF packets
retransmission Display OSPF retransmission events
spf Display OSPF shortest-path-first calculations
tree Display OSPF database tree
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 83
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ip rip [events]
Use the debug ip rip command to activate debug messages associated with Routing Information Protocol
(RIP) operation in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or
Telnet) screen. Use the no form of this command to disable the debug messages.
Syntax Description
events Optional.
Use this optional keyword to display only RIP protocol events.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Functional Notes
The debug ip rip command activates debug messages to provide information on Routing Information
Protocol (RIP) activity in the Secure Router OS. RIP allows hosts and routers on a network to exchange
information about routes.
Usage Examples
The following example activates debug messages associated with RIP activity:
>enable
#debug ip rip
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 84
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ip tcp events
Use the debug ip tcp events command to activate debug messages associated with significant TCP events
such as state changes, retransmissions, session aborts, etc., in the Secure Router OS. Debug messages are
displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the
debug messages.
Note
These debug events are logged for packets that are sent or received from the router.
Forwarded TCP packets are not included.
Syntax Description
No default value necessary for this command.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
In the debug ip tcp events information, TCB stands for TCP task control block. The numbers which
sometimes appear next to TCB (e.g., TCB5 in the following example) represent the TCP session number.
This allows you to differentiate debug messages for multiple TCP sessions.
Usage Examples
The following is sample output for this command:
>enable
#debug ip tcp events
2003.02.17 07:40:56 IP.TCP EVENTS TCP: Allocating block 5
2003.02.17 07:40:56 IP.TCP EVENTS TCB5: state change: FREE->SYNRCVD
2003.02.17 07:40:56 IP.TCP EVENTS TCB5: new connection from 172.22.75.246:3473 to
10.200.2.201:23
2003.02.17 07:40:56 IP.TCP EVENTS TCB5: state change: SYNRCVD->ESTABLISHED
[172.22.75.246:3473]
2003.02.17 07:41:06 IP.TCP EVENTS TCB5: Connection aborted -- error = RESET
2003.02.17 07:41:06 IP.TCP EVENTS TCB5: De-allocating tcb
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 85
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ip tcp md5
Use the debug ip tcp md5 command to activate debug messages that detail the results of each incoming
TCP packet’s MD5 authentication with an internal route in the Secure Router OS. Debug messages are
displayed (real time) to the terminal (or Telnet) screen. Use the no form of this command to disable debug
messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
Debug messages will only be generated for TCP ports that have MD5 authentication enabled.
Usage Examples
The following example activates the display of these debug messages:
#debug ip tcp md5
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 86
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ip udp
Use the debug ip udp command to activate debug messages associated with UDP send and receive events
in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use
the no form of this command to disable the debug messages.
Note
These debug events are logged for packets that are sent or received from the router.
Forwarded UDP packets are not included.
Caution
The overhead associated with this command takes up a large portion of your router’s
resources and at times can halt other router processes. It is best to only use the command
during times when the network resources are in low demand (non-peak hours, weekends,
etc.).
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
In the debug ip udp information, the message no listener means that there is no service listening on this
UDP port (i.e., the data is discarded).
Usage Examples
The following is sample output for this command:
>enable
#debug ip udp
2003.02.17 07:38:48 IP.UDP RX: src=10.200.3.236:138, dst=10.200.255.255:138, 229 bytes, no listener
2003.02.17 07:38:48 IP.UDP RX: src=10.200.2.7:138, dst=10.200.255.255:138, 227 bytes, no listener
2003.02.17 07:38:48 IP.UDP RX: src=10.200.201.240:138, dst=10.200.255.255:138, 215 bytes, no
listener
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 87
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug isdn events
Use the debug isdn events command to activate debug messages associated with ISDN events in the
Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no
form of this command to disable the debug messages.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Mode
Functional Notes
The debug ip rip command activates debug messages to provide information on Routing Information
Protocol (RIP) activity in the Secure Router OS. RIP allows hosts and routers on a network to exchange
information about routes.
Usage Examples
The following example activates debug messages associated with ISDN activity:
>enable
#debug isdn events
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 88
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug lldp [rx | tx] verbose
Use the debug lldp command to display debug output for all LLDP receive and transmit packets.
Syntax Description
rx Shows information about received packets.
tx Shows information about transmitted packets.
verbose Shows detailed debugging information.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates all possible debug messages associated with LLDP operation:
#debug lldp rx
#debug lldp tx
#debug lldp verbose
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 89
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug port-auth [general | packet [both | rx | tx] | supp-sm]
Use the debug port-auth command to generate debug messages used to aid in troubleshooting problems
during the port authentication process. Use the no version of this command to disable the messages.
Syntax Description
general Optional. Displays configuration changes to the port authentication system.
packet Optional. Displays information for packet exchange in transmit-only, receive-only
or both directions.
both Optional. Displays packet exchange information in both receive and transmit
directions.
rx Optional. Displays packet exchange information in the receive-only direction.
tx Optional. Displays packet exchange information in the transmit-only direction.
supp-sm Optional. Displays information pertaining to the supplicant state machine.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates port authentication debug information on received packets:
>enable
#debug port-auth packet rx
Received EAPOL Start for session 1 on interface eth 0/2
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 90
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug ppp [authentication | errors | negotiation | verbose]
Use the debug ppp command to activate debug messages associated with point-to-point protocol (PPP)
operation in the Secure Router OS. Debug messages are displayed (real-time) to the terminal (or Telnet)
screen. Use the no form of this command to disable the debug messages.
Syntax Description
authentication Activates debug messages pertaining to PPP authentication (CHAP, PAP, EAP,
etc.).
errors Activates debug messages that indicate a PPP error was detected (mismatch in
negotiation authentication, etc.).
negotiation Activates debug messages associated with PPP negotiation.
verbose Activates detailed debug messages for PPP operation.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Functional Notes
The debug ppp command activates debug messages to provide information on PPP activity in the system.
PPP debug messages can be used to aid in troubleshooting PPP links.
Usage Examples
The following example activates debug messages associated with PPP authentication activity:
>enable
#debug ppp authentication
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 91
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug pppoe client
Use the debug pppoe client command to activate debug messages associated with point-to-point protocol
over Ethernet (PPPoE) operation in the Secure Router OS. Debug messages are displayed (real-time) to
the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Mode
Functional Notes
The debug ip rip command activates debug messages to provide information on Routing Information
Protocol (RIP) activity in the Secure Router OS. RIP allows hosts and routers on a network to exchange
information about routes.
Usage Examples
The following example activates debug messages associated with PPPoE activity:
>enable
#debug pppoe client
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 92
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug radius
Use the debug radius command to enable debug messages from the RADIUS subsystem. Debug messages
are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this command to disable the
debug messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
The debug radius messages show the communication process with the remote RADIUS servers.
Usage Examples
The following is an example output for the debug radius command:
>enable
#debug radius
RADIUS AUTHENTICATION: Sending packet to 172.22.48.1 (1645).
RADIUS AUTHENTICATION: Received response from 172.22.48.1.
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 93
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug sntp
Use the debug sntp command to enable debug messages associated with the Simple Network Time
Protocol (SNTP). All SNTP Packet Exchanges and time decisions are displayed with these debugging
events enabled. Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no
form of this command to disable the debug messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Functional Notes
The debug sntp command activates debug messages to aid in troubleshooting SNTP protocol issues.
Usage Examples
The following is an example output for the debug sntp command:
>enable
#debug sntp
#config term
(config)#sntp server timeserver.localdomain
2002.12.11 15:06:37 SNTP.CLIENT sent Version 1 SNTP time request to 63.97.45.57
2002.12.11 15:06:37 SNTP.CLIENT received SNTP reply packet from 63.97.45.57
2002.12.11 15:06:37 SNTP.CLIENT setting time to 12-11-2002 15:06:02 UTC
2002.12.11 15:06:37 SNTP.CLIENT waiting for 86400 seconds for the next poll interval
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 94
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug spanning-tree [config | events | general | root]
Use the debug spanning-tree command to enable the display of spanning-tree debug messages.
Syntax Description
config Enables the display of spanning-tree debug messages when configuration
changes occur.
events Enables the display of debug messages when spanning-tree protocol events
occur.
general Enables the display of general spanning-tree debug messages.
root Enables the display of debug messages related to the spanning-tree root.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example enables the display of general spanning-tree debug messages:
>enable
#debug spanning-tree general
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 95
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug spanning-tree bpdu [receive | transmit | all]
Use the debug spanning-tree bpdu command to display BPDU (bridge protocol data unit) debug
messages. When enabled, a debug message is displayed for each BPDU packet that is transmitted or
received by the unit.
Syntax Description
receive Displays debug messages for BPDU packets received by the unit.
transmit Displays debug messages for BPDU packets transmitted by the unit.
all Displays debug messages for BPDU packets that are transmitted and received by
the unit.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example displays debug messages for BPDU packets that are transmitted and received by
the unit:
>enable
#debug spanning-tree bpdu all
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 96
SROS Command Line Interface Reference Guide Enable Mode Command Set
debug system
Use the debug system command to enable debug messages associated with system events (i.e., login,
logouts, etc.). Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form
of this command to disable the debug messages.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in the Secure Router OS are disabled.
Command Modes
# Enable Command Mode
Usage Examples
The following example activates debug messages associated with system information:
>enable
#debug system
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 97
SROS Command Line Interface Reference Guide Enable Mode Command Set
dir
Use the dir command to display a directory list of files on the system.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following is sample output from the dir command:
>enable
#dir
4206603 HP7203A-08-00-23b-HP1-E.biz
3818 startup-config
3850 startup-config.bak
284007 HP7203B-boot-08-01-01-HP.biz
4234845 HP7203A-08-01-01-HP-E.biz
284238 HP7203B-boot-08-01-02-HPatp.biz
4038590 HP7203A-08-01-02-HPatp-E.biz
285416 J01_01_02-boot.biz
4039977 J01_01_02.biz
4043024 J01_01_03.biz
2649600 ericcode.biz
2896 EUT2bindcfg.txt
24208408 bytes used, 4915176 available, 29123584 total
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 98
SROS Command Line Interface Reference Guide Enable Mode Command Set
disable
Use the disable command to exit the Enable Command Mode and enter the Basic Command Mode.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example exits the Enable Command Mode and enters the Basic Command Mode:
#disable
>
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 99
SROS Command Line Interface Reference Guide Enable Mode Command Set
erase [<filename> | startup-config]
Use the erase command to erase the specified file.
Syntax Description
<filename>
startup-config Erases the startup configuration file stored in NVRAM.
Specifies the name of the file (located in FLASH memory) to erase.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example erases the startup configuration file stored in NVRAM:
>enable
#erase startup-config
If a new startup-configuration file is not specified before power-cycling the unit, the Secure Router OS will
initialize using a default configuration.
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 100
Loading...