HP 7000 Reference Guide

SROS Command Line Interface
Reference Guide
Software Version J.02.01 or Greater
April 2005 61195880L1-35B
© Copyright 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Publication Number
5991-2114 January 2005
Applicable Products
ProCurve Secure Router 7102dl (J8752A) ProCurve Secure Router 7203dl (J8753A)
Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. CompactFlash is a U.S. registered trademark of the CompactFlash Association. AOL Instant Messenger (AIM) is a U.S. registered trademark of American Online, Inc. Quake is a U.S. registered trademark of id Software, Inc. ICQ is a U.S. registered trademark of ICQ, Inc. pcAnywhere is a U.S. trademark of Synamtec Corporation.
Disclaimer
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.
Warranty
See the Customer Support/Warranty booklet included with the product.
A copy of the specific warranty terms applicable to your Hewlett­Packard products and replacement parts can be obtained from your HP Sales and Service Office or authorized dealer.
SROS Command Line Interface Reference Guide
Table of Contents
Basic Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Enable Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Global Configuration Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
DHCP Pool Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
IKE Policy Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
IKE Policy Attributes Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
IKE Client Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Crypto Map IKE Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Crypto Map Manual Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Radius Group Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
CA Profile Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Certificate Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Ethernet Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
DDS Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
Serial Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
T1 Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
DSX-1 Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
E1 Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
G.703 Interface Configuration Command set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Modem Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
BRI Interface Configuration Command set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
Frame Relay Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
Frame Relay Sub-Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587
ATM Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
ATM Sub-Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
ADSL Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701
BGP Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
BGP Neighbor Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711
PPP Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 715
Tunnel Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 778
HDLC Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811
Loopback Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847
Line (Console) Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876
Line (Telnet) Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 887
Router (RIP) Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 894
Router (OSPF) Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 903
Quality of Service (QoS) Map Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917
Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 922
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 936
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 3
Command Reference Guide CLI Introduction
REFERENCE GUIDE INTRODUCTION
This manual provides information about the commands that are available with all of the ProCurve Secure routers.
If you are new to the Operating System’s Command Line Interface (CLI), take a few moments to review the information provided in the section which follows (CLI Introduction).
If you are already familiar with the CLI and you need information on a specific command or group of commands, proceed to Command Descriptions on page 9 of this guide.

CLI INTRODUCTION

This portion of the Command Reference Guide is designed to introduce you to the basic concepts and strategies associated with using the Operating System’s Command Line Interface (CLI).

Accessing the CLI from your PC

All products using the are initially accessed by connecting a VT100 terminal (or terminal emulator) to the
CONSOLE port located on the rear panel of the unit using a standard DB-9 (male) to DB-9 (female) serial
cable. Configure the VT100 terminal or terminal emulation software to the following settings:
9600 baud
8 data bits
No parity
1 stop bit
No flow control
Note
For more details on connecting to your unit, refer to the Quick Configuration Guides and Quick Start Guides located on the Secure Router OS Documentation CD provided with your unit.

Understanding Command Security Levels

The has two command security levels — Basic and Enable. Both levels support a specific set of commands. For example, all interface configuration commands are accessible only through the Enable security level. The following table contains a brief description of each level.
Level Access by... Prompt With this level you can...
Basic beginning an SROS session.
>
display system information
perform traceroute and ping functions
open a Telnet session
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 4
Command Reference Guide Understanding Configuration Modes
Level Access by... Prompt With this level you can...
Enable
Note
entering Basic command security level as follows:
>
enable
enable
while in the
#
To prevent unauthorized users from accessing the configuration functions of your product,
manage the startup and running configurations
use the debug commands
enter any of the configuration modes
immediately install an Enable-level password. Refer to the Quick Configuration Guides and Quick Start Guides located on the Secure Router OS Documentation CD provided with your unit for more information on configuring a password.

Understanding Configuration Modes

The Secure Router OS has four configuration modes to organize the configuration commands – Global, Line, Router, and Interface. Each configuration mode supports a set of commands specific to the configurable parameters for the mode. For example, all Frame Relay configuration commands are accessible only through the Interface Configuration Mode (for the virtual Frame Relay interface). The following table contains a brief description of each level.
Mode Access by... Sample Prompt With this mode you
can...
Global
entering command security level prompt. For example:
config
while at the Enable
>enable
config term
#
(config)#
set the system’s Enable-level password(s)
configure the system global IP parameters
configure the SNMP parameters
enter any of the other configuration modes
Line specifying a line (console or Telnet)
while at the Global Configuration Mode prompt. For example:
(config-con0)#
>enable #config term (config)#
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 5
line console 0
configure the console terminal settings (datarate, login password, etc.)
create Telnet logins and specify their parameters (login password, etc.)
Command Reference Guide Using CLI Shortcuts
Mode Access by... Sample Prompt With this mode you
can...
Router
entering
router ospf
Configuration Mode prompt. For example:
router rip router or
while at the Global
>enable #config term (config)#
Interface specifying an interface (T1, Ethernet,
Frame Relay, ppp, etc.) while in the Global Configuration Mode. For example:
router rip
>enable
(config-rip)#
(config-eth 0/1)#
(The above prompt is for the Ethernet on the rear panel of the unit.)
LAN
interface located
configure RIP or OSPF parameters
suppress route updates
redistribute information from outside routing sources (protocols)
•configure parameters for the available LAN and WAN interfaces
#config term (config)#
int eth 0/1

Using CLI Shortcuts

The provides several shortcuts which help you configure your Secure Router OS product more easily. See the following table for descriptions.
Shortcut Description
Up arrow key To re-display a previously entered command, use the up arrow key. Continuing to press
the up arrow key cycles through all commands entered starting with the most recent command.
Tab key Pressing the <Tab> key after entering a partial (but unique) command will complete the
command, display it on the command prompt line, and wait for further input.
? The CLI contains help to guide you through the configuration process. Using the question
mark, do any of the following:
Display a list of all subcommands in the current mode. For example:
(config-t1 1/1)#
coding ?
ami - Alternate Mark Inversion b8zs - Bipolar Eight Zero Substitution
Display a list of available commands beginning with certain letter(s). For example:
(config)#
ip d?
default-gateway dhcp-server domain-lookup domain-name domain-proxy
Obtain syntax help for a specific command by entering the command, a space, and then a question mark (?). The CLI displays the range of values and a brief description of the next parameter expected for that particular command. For example:
(config-eth 0/1)#
mtu ?
<64-1500> - MTU (bytes)
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 6
Command Reference Guide Performing Common CLI Functions
Shortcut Description
<Ctrl> + A Jump to the beginning of the displayed command line. This shortcut is helpful when using
the
no
form of commands (when available). For example, pressing <Ctrl + A> at the
following prompt will place the cursor directly after the
(config-eth 0/1)#
<Ctrl> + E Jump to the end of the displayed command line. For example, pressing <Ctrl + E> at the
following prompt will place the cursor directly after the
(config-eth 0/1)#
<Ctrl> + U Clears the current displayed command line. The following provides an example of the <Ctrl
+ U> feature:
(config-eth 0/1)#
ip address 192.33.55.6
ip address 192.33.55.6
ip address 192.33.55.6
#
:
6
:
(Press <Ctrl + U> here)
(config-eth 0/1)#
auto finish You need only enter enough letters to identify a command as unique. For example,
entering configuration parameters for the specified T1 interface. Entering would work as well, but is not necessary.
int t1 1/1
at the Global configuration prompt provides you access to the
interface t1 1/1

Performing Common CLI Functions

The following table contains descriptions of common CLI commands.
Command Description
do
The do command provides a way to execute commands in other command sets without taking the time to exit the current and enter the desired one. The following example shows the interface configuration while currently in the T1 interface command set:
(config)#
do
command used to view the Frame Relay
interface t1 1/1
(config-t1 1/1)#
no
To undo an issued command or to disable a feature, enter
no
before the command.
For example:
no shutdown t1 1/1
copy running-config startup-config
When you are ready to save the changes made to the configuration, enter this command. This copies your changes to the unit’s nonvolatile random access memory (NVRAM). Once the save is complete, the changes are retained even if the unit is shut down or suffers a power outage.
do show interfaces fr 7
show running config
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 7
Displays the current configuration.
Command Reference Guide Understanding CLI Error Messages
Command Description
debug
undebug all
Caution
The overhead associated with the debug command takes up a large portion of your
Use the may be experiencing on your network. These commands provide additional information to help you better interpret possible problems. For information on specific debug commands, refer to the section
Set
To turn off any active debug commands, enter this command.
debug
on page 20.
command to troubleshoot problems you
Enable Mode Command
product’s resources and at times can halt other processes. It is best to only use the debug command during times when the network resources are in low demand (non-peak hours, weekends, etc.).

Understanding CLI Error Messages

The following table lists and defines some of the more common error messages given in the CLI.
Message Helpful Hints
%Ambiguous command %Unrecognized Command
The command may not be valid in the current command mode, or you may not have entered enough correct characters for the command to be recognized. Try using the “?” command to determine your error. See
CLI Shortcuts
on page 6 for more information.
Using
%Invalid or incomplete command
%Invalid input detected at “^" marker
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 8
The command may not be valid in the current command mode, or you may not have entered all of the pertinent information required to make the command valid. Try using the “?” command to determine your error. See
Using CLI Shortcuts
The error in command entry is located where the caret (^) mark appears. Enter a question mark at the prompt. The system will display a list of applicable commands or will give syntax information for the entry.
on page 6 for more information.
Command Reference Guide Command Descriptions

COMMAND DESCRIPTIONS

This portion of the guide provides a detailed listing of all available commands for the CLI (organized by command set). Each command listing contains pertinent information including the default value, a description of all sub-command parameters, functional notes for using the command, and a brief technology review. To search for a particular command alphabetically, use the Index. To search for information on a group of commands within a particular command set, use the linked references given below:
Basic Mode Command Set
on page 10
Enable Mode Command Set on page 20 Global Configuration Mode Command Set on page 200 DHCP Pool Command Set on page 355 IKE Policy Command Set on page 373 IKE Policy Attributes Command Set on page 386 IKE Client Command Set on page 392 Crypto Map IKE Command Set on page 396 Crypto Map Manual Command Set on page 405 Radius Group Command Set on page 416 CA Profile Configuration Command Set on page 418 Certificate Configuration Command Set on page 429 Ethernet Interface Configuration Command Set on page 433 DDS Interface Configuration Command Set on page 486 Serial Interface Configuration Command Set on page 494 T1 Interface Configuration Command Set on page 504 DSX-1 Interface Configuration Command Set on page 520 E1 Interface Configuration Command Set on page 530 G.703 Interface Configuration Command set on page 545 Modem Interface Configuration Command Set on page 552 BRI Interface Configuration Command set on page 556 Frame Relay Interface Config Command Set on page 567 Frame Relay Sub-Interface Config Command Set on page 587 ATM Interface Config Command Set on page 644 ATM Sub-Interface Config Command Set on page 647 ADSL Interface Config Command Set on page 701 BGP Configuration Command Set on page 705 BGP Neighbor Configuration Command Set on page 711 PPP Interface Configuration Command Set on page 715 Tunnel Configuration Command Set on page 778 HDLC Command Set on page 811 Loopback Interface Configuration Command Set on page 847 Line (Console) Interface Config Command Set on page 876 Line (Telnet) Interface Config Command Set on page 887 Router (RIP) Configuration Command Set on page 894 Router (OSPF) Configuration Command Set on page 903 Common Commands on page 922
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 9

SROS Command Line Interface Reference Guide Basic Mode Command Set

BASIC MODE COMMAND SET
To activate the Basic Mode, simply log in to the unit. After connecting the unit to a VT100 terminal (or terminal emulator) and activating a terminal session, the following prompt displays:
Router>
The following command is common to multiple command sets and is covered in a centralized section of this guide. For more information, refer to the section listed below:
exit on page 930
All other commands for this command set are described in this section in alphabetical order.
enable on page 11
logout on page 12
ping <address> on page 13
show clock on page 15
show snmp on page 16
show version on page 17
telnet <address> on page 18
traceroute <address> on page 19
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 10
SROS Command Line Interface Reference Guide Basic Mode Command Set
enable
Use the enable command (at the Basic Command Mode prompt) to enter the Enable Command Mode. Use the disable command to exit the Enable Command Mode. See the section enable on page 11 for more information.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
> Basic Command Mode
Functional Notes
The Enable Command Mode provides access to operating and configuration parameters and should be password protected to prevent unauthorized use. Use the Configuration) to specify an Enable Command Mode password. If the password is set, access to the Enable Commands (and all other “privileged” commands) is only granted when the correct password is entered.
enable password
command (found in the Global
Usage Examples
The following example enters the Enable Command Mode and defines an Enable Command Mode password:
>
enable
#
configure terminal
(config)#
At the next login, the following sequence must occur:
>
enable
Password: #
enable password password
******
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 11
SROS Command Line Interface Reference Guide Basic Mode Command Set
logout
Use the logout command to terminate the current session and return to the login screen.
Syntax Description
No subcommands.
Default Values
No defaults necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Usage Examples
The following example shows the logout command being executed in the Basic Mode:
>
logout
Session now available
Press RETURN to get started.
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 12
SROS Command Line Interface Reference Guide Basic Mode Command Set
ping <address>
Use the ping command (at the Basic Command Mode prompt) to verify IP network connectivity.
Syntax Description
<address> Optional.
with no specified address prompts the user with parameters for a more detailed configuration. See
Specifies the IP address of the system to ping. Entering the
Functional Notes
(below) for more information.
ping
command
ping
Default Values
No default value necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Functional Notes
The
ping
command helps diagnose basic IP network connectivity using the Packet InterNet Groper program to repeatedly bounce Internet Control Message Protocol (ICMP) Echo_Request packets off a system (using a specified IP address). The Secure Router OS allows executing a standard address or provides a set of prompts to configure a more specific
The following is a list of output messages from the ! Success
­Destination Host Unreachable $ Invalid Host Address X TTL Expired in Transit ? Unknown Host * Request Timed Out
ping
command:
ping
ping
request to a specified IP
configuration.
The following is a list of available extended Target IP address: Specifies the IP address of the system to ping. Repeat Count: Number of ping packets to send to the system (valid range: 1 to 1000000). Datagram Size:
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 13
ping
fields with descriptions:
SROS Command Line Interface Reference Guide Basic Mode Command Set
Size (in bytes) of the ping packet (valid range: 1 to 1448). Timeout in Seconds:
If a ping response is not received within the timeout period, the ping is considered unsuccessful (valid range: 1 to 5 seconds).
Extended Commands:
Specifies whether additional commands are desired for more ping configuration parameters. Source Address (or interface): Specifies the IP address to use as the source address in the ECHO_REQ packets. Data Pattern: Specify an alphanumerical string to use (the ASCII equivalent) as the data pattern in the ECHO_REQ packets. Sweep Range of Sizes: Varies the sizes of the ECHO_REQ packets transmitted. Sweep Min Size: Specifies the minimum size of the ECHO_REQ packet (valid range: 0 to 1448). Sweep Max Size: Specifies the maximum size of the ECHO_REQ packet (valid range: Sweep Min Size to 1448). Sweep Interval: Specifies the interval used to determine packet size when performing the sweep (valid range: 1 to 1448). Verbose Output: Specifies an extended results output.
Usage Examples
The following is an example of a successful
>
ping
Target IP address: Repeat count[1-1000000]: Datagram Size [1-1000000]: Timeout in seconds [1-5]: Extended Commands? [y or n]:
192.168.0.30 5
100
2
n
Type CTRL+C to abort. Legend: '!' = Success '?' = Unknown host '$' = Invalid host address '*' = Request timed out '-' = Destination host unreachable 'x' = TTL expired in transit
Pinging 192.168.0.30 with 100 bytes of data: !!!!! Success rate is 100 percent (5/5) round-trip min/avg/max = 19/20.8/25 ms
ping
command:
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 14
SROS Command Line Interface Reference Guide Basic Mode Command Set
show clock
Use the show clock command to display the system time and date entered using the clock set command.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Usage Examples
The following example displays the current time and data from the system clock:
>
show clock
23:35:07 UTC Tue Aug 20 2002
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 15
SROS Command Line Interface Reference Guide Basic Mode Command Set
show snmp
Use the show snmp command to display the system Simple Network Management Protocol (SNMP) parameters and current status of SNMP communications.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Usage Examples
The following is an example output using the default Chassis and Contact parameters:
>
show snmp
Chassis: Chassis ID Contact: Customer Service 0 Rx SNMP packets 0 Bad community names 0 Bad community uses 0 Bad versions 0 Silent drops 0 Proxy drops 0 ASN parse errors
show snmp
command for a system with SNMP disabled and the
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 16
SROS Command Line Interface Reference Guide Basic Mode Command Set
show version
Use the show version command to display the current Secure Router OS version information.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Usage Examples
The following is a sample
>
show version
ProCurve Secure Router 7203dl SROS Version: J02.01.01 Checksum: 5509EBDC, built on: Mon Mar 21 14:48:04 2005 Boot ROM version J02.01.01 Checksum: 9C0F, built on: Mon Mar 21 14:48:24 2005 Copyright (c) 2005-2005, Hewlett-Packard, Co. Platform: ProCurve Secure Router 7203dl Serial number US449TS029 Flash: 33554432 bytes DRAM: 268435455 bytes
System uptime is 0 days, 21 hours, 27 minutes, 0 seconds
Current system image file is "CFLASH:/J02_01_01.biz" Boot system image file is "CFLASH:/J02_01_01.biz" Primary system configuration file is "startup-config" System booted up using configuration file: "startup-config"
show version
output:
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 17
SROS Command Line Interface Reference Guide Basic Mode Command Set
telnet <address>
Use the telnet command to open a Telnet session (through the Secure Router OS) to another system on the network.
Syntax Description
<address> Specifies the IP address of the remote system.
Default Values
No default value necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Usage Examples
The following example opens a Telnet session with a remote system (10.200.4.15):
>
telnet 10.200.4.15
User Access Login
Password:
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 18
SROS Command Line Interface Reference Guide Basic Mode Command Set
traceroute <address>
Use the traceroute command to display the IP routes a packet takes to reach the specified destination.
Syntax Description
<address> Specifies the IP address of the remote system to trace the routes to
Default Values
No default value necessary for this command.
Command Modes
> or # Basic or Enable Command Mode
Usage Examples
The following example performs a traceroute on the IP address 192.168.0.1:
#
traceroute 192.168.0.1
Type CTRL+C to abort. Tracing route to 192.168.0.1 over a maximum of 30 hops
1 22ms 20ms 20ms 192.168.0.65 2 23ms 20ms 20ms 192.168.0.1 #
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 19

SROS Command Line Interface Reference Guide Enable Mode Command Set

ENABLE MODE COMMAND SET
To activate the Enable Mode, enter the enable command at the Basic Mode prompt. (If an enable password has been configured, a password prompt will display.) For example:
Router>enable Password: XXXXXXX Router#
The following commands are common to multiple command sets and are covered in a centralized section of this guide. For more information, refer to the section listed below:
bind <#> <from interface> <slot/port> <tdm-group#> <to interface> <slot/port> on page 924
description on page 927
exit on page 930
ping <address> on page 931
show running-config on page 933
All other commands for this command set are described in this section in alphabetical order.
clear commands begin on page 22
clock auto-correct-dst on page 48
clock set <time> <day> <month> <year> on page 50
clock timezone <text> on page 51
configure on page 53
copy <source> <destination> on page 54
copy console <filename> on page 55
copy flash <destination> on page 56
copy <filename> interface <interface> <slot/port> on page 57
copy tftp <destination> on page 58
copy xmodem <destination> on page 59
debug commands begin on page 60
dir on page 98
disable on page 99
erase [<filename> | startup-config] on page 100
events on page 101
logout on page 102
reload [cancel | in <delay>] on page 103
show commands begin on page 104
telnet <address> on page 194
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 20
SROS Command Line Interface Reference Guide Enable Mode Command Set
terminal length <text> on page 195
traceroute <address> on page 196
undebug all on page 197
wall <message> on page 198
write [erase | memory | network | terminal] on page 199
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 21
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear access-list <listname>
Use the clear access-list command to clear all counters associated with all access lists (or a specified access list).
Syntax Description
<listname> Optional. Specifies the name (label) of an access list
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears all counters for the access list labeled MatchAll:
>enable #clear access-list MatchAll
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 22
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear arp-cache
Use the clear arp-cache command to remove all dynamic entries from the Address Resolution Protocol (ARP) cache table.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example removes all dynamic entries from the ARP cache:
>enable #clear arp-cache
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 23
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear arp-entry <address>
Use the clear arp-entry command to remove a single entry from the Address Resolution Protocol (ARP) cache.
Syntax Description
<address> Specifies the IP address of the entry to remove
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example removes the entry for 10.200.4.56 from the ARP cache:
>enable #clear arp-entry 10.200.4.56
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 24
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear bridge <group#>
Use the clear bridge command to clear all counters associated with bridging (or for a specified bridge-group).
Syntax Description
<group#> Optional.
Specifies a single bridge group (1-255).
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears all counters for bridge group 17:
>enable #clear bridge 17
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 25
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear buffers max-used
Use the clear buffers max-used command to clear the maximum-used statistics for buffers displayed in the show memory heap command.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
>enable #clear buffers max-used
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 26
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear counters <interface>
Use the clear counters command to clear all interface counters (or the counters for a specified interface).
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears all counters associated with the Ethernet 0/1 interface:
>enable #clear counters ethernet 0/1
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 27
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear crypto ike sa <policy priority>
Use the clear crypto ike sa command to clear existing IKE security associations (SAs), including active ones.
Syntax Description
<policy priority> Optional.
This number is assigned using the
Clear out all existing IKE SAs associated with the designated policy priority.
crypto ike policy
command.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears the entire database of IKE SAs (including the active associations):
>enable #clear crypto ike sa
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 28
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear crypto ipsec sa
Use the clear crypto ipsec sa command to clear existing IPSec security associations (SAs), including active ones.
Variations of this command include the following:
clear crypto ipsec sa clear crypto ipsec sa entry <ip address> ah <SPI> clear crypto ipsec sa entry <ip address> esp <SPI> clear crypto ipsec sa map <map name> clear crypto ipsec sa peer <ip address>
Syntax Description
entry
<ip address>
ah
<SPI>
esp
<SPI>
map
<map name>
peer
<ip address>
Clear only the SAs related to a certain destination IP address. Clear only a portion of the SAs by specifying the AH (authentication header)
protocol and a security parameter index (SPI). You can determine the correct SPI value using the show crypto ipsec sa command.
Clear only a portion of the SAs by specifying the ESP (encapsulating security payload) protocol and a security parameter index (SPI). You can determine the correct SPI value using the show crypto ipsec sa command.
Clear only the SAs associated with the crypto map name given. Clear only the SAs associated with the far-end peer IP address given.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 29
SROS Command Line Interface Reference Guide Enable Mode Command Set
clear dump-core
The clear dump-core command clears diagnostic information appended to the output of the show version command. This information results from an unexpected unit reboot.
Syntax Description
No subcommands.
Default Values
No default value necessary for this command.
Command Modes
# Enable Command Mode
Usage Examples
The following example clears the entire database of IKE SAs (including the active associations):
>enable #clear dump-core
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 30
Loading...
+ 911 hidden pages