HP 7000 Reference Guide

SROS Command Line Interface

Reference Guide

Software Version J.02.01 or Greater

April 2005 61195880L1-35B

This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of Hewlett-Packard.

Publication Number

5991-2114 January 2005

Applicable Products

ProCurve Secure Router 7102dl (J8752A) ProCurve Secure Router 7203dl (J8753A)

Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. CompactFlash is a U.S. registered trademark of the CompactFlash Association. AOL Instant Messenger (AIM) is a U.S. registered trademark of American Online, Inc. Quake is a U.S. registered trademark of id Software, Inc. ICQ is a U.S. registered trademark of ICQ, Inc. pcAnywhere is a U.S. trademark of Synamtec Corporation.

Disclaimer

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.

Warranty

See the Customer Support/Warranty booklet included with the product.

A copy of the specific warranty terms applicable to your HewlettPackard products and replacement parts can be obtained from your HP Sales and Service Office or authorized dealer.

SROS Command Line Interface Reference Guide

Table of Contents

Basic Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Enable Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Global Configuration Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

DHCP Pool Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

IKE Policy Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

IKE Policy Attributes Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

IKE Client Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392

Crypto Map IKE Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396

Crypto Map Manual Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405

Radius Group Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

CA Profile Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Certificate Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429

Ethernet Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433

DDS Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

Serial Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494

T1 Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

DSX-1 Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520

E1 Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530

G.703 Interface Configuration Command set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545

Modem Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552

BRI Interface Configuration Command set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556

Frame Relay Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567

Frame Relay Sub-Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587

ATM Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644

ATM Sub-Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647

ADSL Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701

BGP Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705

BGP Neighbor Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711

PPP Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 715

Tunnel Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 778

HDLC Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811

Loopback Interface Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847

Line (Console) Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876

Line (Telnet) Interface Config Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 887

Router (RIP) Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 894

Router (OSPF) Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 903

Quality of Service (QoS) Map Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917

Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 922

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 936

Command Reference Guide CLI Introduction

REFERENCE GUIDE INTRODUCTION

This manual provides information about the commands that are available with all of the ProCurve Secure routers.

If you are new to the Operating System’s Command Line Interface (CLI), take a few moments to review the information provided in the section which follows (CLI Introduction).

If you are already familiar with the CLI and you need information on a specific command or group of commands, proceed to Command Descriptions on page 9 of this guide.

CLI INTRODUCTION

This portion of the Command Reference Guide is designed to introduce you to the basic concepts and strategies associated with using the Operating System’s Command Line Interface (CLI).

Accessing the CLI from your PC

All products using the are initially accessed by connecting a VT100 terminal (or terminal emulator) to the

CONSOLE port located on the rear panel of the unit using a standard DB-9 (male) to DB-9 (female) serial

cable. Configure the VT100 terminal or terminal emulation software to the following settings:

• 9600 baud

• 8 data bits

• No parity

• 1 stop bit

• No flow control

Note

For more details on connecting to your unit, refer to the Quick Configuration Guides and Quick Start Guides located on the Secure Router OS Documentation CD provided with your unit.

Understanding Command Security Levels

The has two command security levels — Basic and Enable. Both levels support a specific set of commands. For example, all interface configuration commands are accessible only through the Enable security level. The following table contains a brief description of each level.

Level Access by... Prompt With this level you can...

Basic beginning an SROS session.

• display system information

• perform traceroute and ping functions

• open a Telnet session

Command Reference Guide Understanding Configuration Modes

Level Access by... Prompt With this level you can...

Enable

Note

entering Basic command security level as follows:

enable

while in the

To prevent unauthorized users from accessing the configuration functions of your product,

• manage the startup and running configurations

• use the debug commands

• enter any of the configuration modes

immediately install an Enable-level password. Refer to the Quick Configuration Guides and Quick Start Guides located on the Secure Router OS Documentation CD provided with your unit for more information on configuring a password.

Understanding Configuration Modes

The Secure Router OS has four configuration modes to organize the configuration commands – Global, Line, Router, and Interface. Each configuration mode supports a set of commands specific to the configurable parameters for the mode. For example, all Frame Relay configuration commands are accessible only through the Interface Configuration Mode (for the virtual Frame Relay interface). The following table contains a brief description of each level.

Mode Access by... Sample Prompt With this mode you

can...

Global

entering command security level prompt. For example:

config

while at the Enable

>enable

config term

(config)#

• set the system’s Enable-level password(s)

• configure the system global IP parameters

• configure the SNMP parameters

• enter any of the other configuration modes

Line specifying a line (console or Telnet)

while at the Global Configuration Mode prompt. For example:

(config-con0)#

>enable #config term (config)#

line console 0

• configure the console terminal settings (datarate, login password, etc.)

• create Telnet logins and specify their parameters (login password, etc.)

Command Reference Guide Using CLI Shortcuts

Mode Access by... Sample Prompt With this mode you

can...

Router

entering

router ospf

Configuration Mode prompt. For example:

router rip router or

while at the Global

>enable #config term (config)#

Interface specifying an interface (T1, Ethernet,

Frame Relay, ppp, etc.) while in the Global Configuration Mode. For example:

router rip

>enable

(config-rip)#

(config-eth 0/1)#

(The above prompt is for the Ethernet on the rear panel of the unit.)

LAN

interface located

• configure RIP or OSPF parameters

• suppress route updates

• redistribute information from outside routing sources (protocols)

•configure parameters for the available LAN and WAN interfaces

#config term (config)#

int eth 0/1

Using CLI Shortcuts

The provides several shortcuts which help you configure your Secure Router OS product more easily. See the following table for descriptions.

Shortcut Description

Up arrow key To re-display a previously entered command, use the up arrow key. Continuing to press

the up arrow key cycles through all commands entered starting with the most recent command.

Tab key Pressing the <Tab> key after entering a partial (but unique) command will complete the

command, display it on the command prompt line, and wait for further input.

? The CLI contains help to guide you through the configuration process. Using the question

mark, do any of the following:

• Display a list of all subcommands in the current mode. For example:

(config-t1 1/1)#

coding ?

ami - Alternate Mark Inversion b8zs - Bipolar Eight Zero Substitution

• Display a list of available commands beginning with certain letter(s). For example:

(config)#

ip d?

default-gateway dhcp-server domain-lookup domain-name domain-proxy

• Obtain syntax help for a specific command by entering the command, a space, and then a question mark (?). The CLI displays the range of values and a brief description of the next parameter expected for that particular command. For example:

(config-eth 0/1)#

mtu ?

<64-1500> - MTU (bytes)

Command Reference Guide Performing Common CLI Functions

Shortcut Description

<Ctrl> + A Jump to the beginning of the displayed command line. This shortcut is helpful when using

the

form of commands (when available). For example, pressing <Ctrl + A> at the

following prompt will place the cursor directly after the

(config-eth 0/1)#

<Ctrl> + E Jump to the end of the displayed command line. For example, pressing <Ctrl + E> at the

following prompt will place the cursor directly after the

(config-eth 0/1)#

<Ctrl> + U Clears the current displayed command line. The following provides an example of the <Ctrl

+ U> feature:

(config-eth 0/1)#

ip address 192.33.55.6

(Press <Ctrl + U> here)

(config-eth 0/1)#

auto finish You need only enter enough letters to identify a command as unique. For example,

entering configuration parameters for the specified T1 interface. Entering would work as well, but is not necessary.

int t1 1/1

at the Global configuration prompt provides you access to the

interface t1 1/1

Performing Common CLI Functions

The following table contains descriptions of common CLI commands.

Command Description

The do command provides a way to execute commands in other command sets without taking the time to exit the current and enter the desired one. The following example shows the interface configuration while currently in the T1 interface command set:

(config)#

command used to view the Frame Relay

interface t1 1/1

(config-t1 1/1)#

To undo an issued command or to disable a feature, enter

before the command.

For example:

no shutdown t1 1/1

copy running-config startup-config

When you are ready to save the changes made to the configuration, enter this command. This copies your changes to the unit’s nonvolatile random access memory (NVRAM). Once the save is complete, the changes are retained even if the unit is shut down or suffers a power outage.

do show interfaces fr 7

show running config

Displays the current configuration.

Command Reference Guide Understanding CLI Error Messages

Command Description

debug

undebug all

Caution

The overhead associated with the debug command takes up a large portion of your

Use the may be experiencing on your network. These commands provide additional information to help you better interpret possible problems. For information on specific debug commands, refer to the section

Set

To turn off any active debug commands, enter this command.

debug

on page 20.

command to troubleshoot problems you

Enable Mode Command

product’s resources and at times can halt other processes. It is best to only use the debug command during times when the network resources are in low demand (non-peak hours, weekends, etc.).

Understanding CLI Error Messages

The following table lists and defines some of the more common error messages given in the CLI.

Message Helpful Hints

%Ambiguous command %Unrecognized Command

The command may not be valid in the current command mode, or you may not have entered enough correct characters for the command to be recognized. Try using the “?” command to determine your error. See

CLI Shortcuts

on page 6 for more information.

Using

%Invalid or incomplete command

%Invalid input detected at “^" marker

The command may not be valid in the current command mode, or you may not have entered all of the pertinent information required to make the command valid. Try using the “?” command to determine your error. See

Using CLI Shortcuts

The error in command entry is located where the caret (^) mark appears. Enter a question mark at the prompt. The system will display a list of applicable commands or will give syntax information for the entry.

on page 6 for more information.

Command Reference Guide Command Descriptions

COMMAND DESCRIPTIONS

This portion of the guide provides a detailed listing of all available commands for the CLI (organized by command set). Each command listing contains pertinent information including the default value, a description of all sub-command parameters, functional notes for using the command, and a brief technology review. To search for a particular command alphabetically, use the Index. To search for information on a group of commands within a particular command set, use the linked references given below:

Basic Mode Command Set

on page 10

Enable Mode Command Set on page 20 Global Configuration Mode Command Set on page 200 DHCP Pool Command Set on page 355 IKE Policy Command Set on page 373 IKE Policy Attributes Command Set on page 386 IKE Client Command Set on page 392 Crypto Map IKE Command Set on page 396 Crypto Map Manual Command Set on page 405 Radius Group Command Set on page 416 CA Profile Configuration Command Set on page 418 Certificate Configuration Command Set on page 429 Ethernet Interface Configuration Command Set on page 433 DDS Interface Configuration Command Set on page 486 Serial Interface Configuration Command Set on page 494 T1 Interface Configuration Command Set on page 504 DSX-1 Interface Configuration Command Set on page 520 E1 Interface Configuration Command Set on page 530 G.703 Interface Configuration Command set on page 545 Modem Interface Configuration Command Set on page 552 BRI Interface Configuration Command set on page 556 Frame Relay Interface Config Command Set on page 567 Frame Relay Sub-Interface Config Command Set on page 587 ATM Interface Config Command Set on page 644 ATM Sub-Interface Config Command Set on page 647 ADSL Interface Config Command Set on page 701 BGP Configuration Command Set on page 705 BGP Neighbor Configuration Command Set on page 711 PPP Interface Configuration Command Set on page 715 Tunnel Configuration Command Set on page 778 HDLC Command Set on page 811 Loopback Interface Configuration Command Set on page 847 Line (Console) Interface Config Command Set on page 876 Line (Telnet) Interface Config Command Set on page 887 Router (RIP) Configuration Command Set on page 894 Router (OSPF) Configuration Command Set on page 903 Common Commands on page 922

SROS Command Line Interface Reference Guide Basic Mode Command Set

BASIC MODE COMMAND SET

To activate the Basic Mode, simply log in to the unit. After connecting the unit to a VT100 terminal (or terminal emulator) and activating a terminal session, the following prompt displays:

Router>

The following command is common to multiple command sets and is covered in a centralized section of this guide. For more information, refer to the section listed below:

exit on page 930

All other commands for this command set are described in this section in alphabetical order.

enable on page 11

logout on page 12

ping <address> on page 13

show clock on page 15

show snmp on page 16

show version on page 17

telnet <address> on page 18

traceroute <address> on page 19

SROS Command Line Interface Reference Guide Basic Mode Command Set

enable

Use the enable command (at the Basic Command Mode prompt) to enter the Enable Command Mode. Use the disable command to exit the Enable Command Mode. See the section enable on page 11 for more information.

Syntax Description

No subcommands.

Default Values

No default value necessary for this command.

Command Modes

> Basic Command Mode

Functional Notes

The Enable Command Mode provides access to operating and configuration parameters and should be password protected to prevent unauthorized use. Use the Configuration) to specify an Enable Command Mode password. If the password is set, access to the Enable Commands (and all other “privileged” commands) is only granted when the correct password is entered.

enable password

command (found in the Global

Usage Examples

The following example enters the Enable Command Mode and defines an Enable Command Mode password:

enable

configure terminal

(config)#

At the next login, the following sequence must occur:

enable

Password: #

enable password password

******

SROS Command Line Interface Reference Guide Basic Mode Command Set

logout

Use the logout command to terminate the current session and return to the login screen.

Syntax Description

No subcommands.

Default Values

No defaults necessary for this command.

Command Modes

> or # Basic or Enable Command Mode

Usage Examples

The following example shows the logout command being executed in the Basic Mode:

logout

Session now available

Press RETURN to get started.

SROS Command Line Interface Reference Guide Basic Mode Command Set

ping <address>

Use the ping command (at the Basic Command Mode prompt) to verify IP network connectivity.

Syntax Description

<address> Optional.

with no specified address prompts the user with parameters for a more detailed configuration. See

Specifies the IP address of the system to ping. Entering the

Functional Notes

(below) for more information.

ping

command

ping

Default Values

No default value necessary for this command.

Command Modes

> or # Basic or Enable Command Mode

Functional Notes

The

ping

command helps diagnose basic IP network connectivity using the Packet InterNet Groper program to repeatedly bounce Internet Control Message Protocol (ICMP) Echo_Request packets off a system (using a specified IP address). The Secure Router OS allows executing a standard address or provides a set of prompts to configure a more specific

The following is a list of output messages from the ! Success

Destination Host Unreachable $ Invalid Host Address X TTL Expired in Transit ? Unknown Host * Request Timed Out

ping

command:

ping

request to a specified IP

configuration.

The following is a list of available extended Target IP address: Specifies the IP address of the system to ping. Repeat Count: Number of ping packets to send to the system (valid range: 1 to 1000000). Datagram Size:

ping

fields with descriptions:

SROS Command Line Interface Reference Guide Basic Mode Command Set

Size (in bytes) of the ping packet (valid range: 1 to 1448). Timeout in Seconds:

If a ping response is not received within the timeout period, the ping is considered unsuccessful (valid range: 1 to 5 seconds).

Extended Commands:

Specifies whether additional commands are desired for more ping configuration parameters. Source Address (or interface): Specifies the IP address to use as the source address in the ECHO_REQ packets. Data Pattern: Specify an alphanumerical string to use (the ASCII equivalent) as the data pattern in the ECHO_REQ packets. Sweep Range of Sizes: Varies the sizes of the ECHO_REQ packets transmitted. Sweep Min Size: Specifies the minimum size of the ECHO_REQ packet (valid range: 0 to 1448). Sweep Max Size: Specifies the maximum size of the ECHO_REQ packet (valid range: Sweep Min Size to 1448). Sweep Interval: Specifies the interval used to determine packet size when performing the sweep (valid range: 1 to 1448). Verbose Output: Specifies an extended results output.

Usage Examples

The following is an example of a successful

ping

Target IP address: Repeat count[1-1000000]: Datagram Size [1-1000000]: Timeout in seconds [1-5]: Extended Commands? [y or n]:

192.168.0.30 5

100

Type CTRL+C to abort. Legend: '!' = Success '?' = Unknown host '$' = Invalid host address '*' = Request timed out '-' = Destination host unreachable 'x' = TTL expired in transit

Pinging 192.168.0.30 with 100 bytes of data: !!!!! Success rate is 100 percent (5/5) round-trip min/avg/max = 19/20.8/25 ms

ping

command:

SROS Command Line Interface Reference Guide Basic Mode Command Set

show clock

Use the show clock command to display the system time and date entered using the clock set command.

Syntax Description

No subcommands.

Default Values

No default value necessary for this command.

Command Modes

> or # Basic or Enable Command Mode

Usage Examples

The following example displays the current time and data from the system clock:

show clock

23:35:07 UTC Tue Aug 20 2002

SROS Command Line Interface Reference Guide Basic Mode Command Set

show snmp

Use the show snmp command to display the system Simple Network Management Protocol (SNMP) parameters and current status of SNMP communications.

Syntax Description

No subcommands.

Default Values

No default value necessary for this command.

Command Modes

> or # Basic or Enable Command Mode

Usage Examples

The following is an example output using the default Chassis and Contact parameters:

show snmp

Chassis: Chassis ID Contact: Customer Service 0 Rx SNMP packets 0 Bad community names 0 Bad community uses 0 Bad versions 0 Silent drops 0 Proxy drops 0 ASN parse errors

show snmp

command for a system with SNMP disabled and the

SROS Command Line Interface Reference Guide Basic Mode Command Set

show version

Use the show version command to display the current Secure Router OS version information.

Syntax Description

No subcommands.

Default Values

No default value necessary for this command.

Command Modes

> or # Basic or Enable Command Mode

Usage Examples

The following is a sample

show version

ProCurve Secure Router 7203dl SROS Version: J02.01.01 Checksum: 5509EBDC, built on: Mon Mar 21 14:48:04 2005 Boot ROM version J02.01.01 Checksum: 9C0F, built on: Mon Mar 21 14:48:24 2005 Copyright (c) 2005-2005, Hewlett-Packard, Co. Platform: ProCurve Secure Router 7203dl Serial number US449TS029 Flash: 33554432 bytes DRAM: 268435455 bytes

System uptime is 0 days, 21 hours, 27 minutes, 0 seconds

Current system image file is "CFLASH:/J02_01_01.biz" Boot system image file is "CFLASH:/J02_01_01.biz" Primary system configuration file is "startup-config" System booted up using configuration file: "startup-config"

show version

output:

SROS Command Line Interface Reference Guide Basic Mode Command Set

telnet <address>

Use the telnet command to open a Telnet session (through the Secure Router OS) to another system on the network.

Syntax Description

<address> Specifies the IP address of the remote system.

Default Values

No default value necessary for this command.

Command Modes

> or # Basic or Enable Command Mode

Usage Examples

The following example opens a Telnet session with a remote system (10.200.4.15):

telnet 10.200.4.15

User Access Login

Password:

SROS Command Line Interface Reference Guide Basic Mode Command Set

traceroute <address>

Use the traceroute command to display the IP routes a packet takes to reach the specified destination.

Syntax Description

<address> Specifies the IP address of the remote system to trace the routes to

Default Values

No default value necessary for this command.

Command Modes

> or # Basic or Enable Command Mode

Usage Examples

The following example performs a traceroute on the IP address 192.168.0.1:

traceroute 192.168.0.1

Type CTRL+C to abort. Tracing route to 192.168.0.1 over a maximum of 30 hops

1 22ms 20ms 20ms 192.168.0.65 2 23ms 20ms 20ms 192.168.0.1 #

SROS Command Line Interface Reference Guide Enable Mode Command Set

ENABLE MODE COMMAND SET

To activate the Enable Mode, enter the enable command at the Basic Mode prompt. (If an enable password has been configured, a password prompt will display.) For example:

Router>enable Password: XXXXXXX Router#

The following commands are common to multiple command sets and are covered in a centralized section of this guide. For more information, refer to the section listed below:

bind <#> <from interface> <slot/port> <tdm-group#> <to interface> <slot/port> on page 924

description on page 927

exit on page 930

ping <address> on page 931

show running-config on page 933

All other commands for this command set are described in this section in alphabetical order.

clear commands begin on page 22

clock auto-correct-dst on page 48

clock set <time> <day> <month> <year> on page 50

clock timezone <text> on page 51

configure on page 53

copy <source> <destination> on page 54

copy console <filename> on page 55

copy flash <destination> on page 56

copy <filename> interface <interface> <slot/port> on page 57

copy tftp <destination> on page 58

copy xmodem <destination> on page 59

debug commands begin on page 60

dir on page 98

disable on page 99

erase [<filename> | startup-config] on page 100

events on page 101

logout on page 102

reload [cancel | in <delay>] on page 103

show commands begin on page 104

telnet <address> on page 194

SROS Command Line Interface Reference Guide Enable Mode Command Set

terminal length <text> on page 195

traceroute <address> on page 196

undebug all on page 197

wall <message> on page 198

write [erase | memory | network | terminal] on page 199

SROS Command Line Interface Reference Guide Enable Mode Command Set

clear access-list <listname>

Use the clear access-list command to clear all counters associated with all access lists (or a specified access list).

Syntax Description

<listname> Optional. Specifies the name (label) of an access list

Default Values

No default value necessary for this command.

Command Modes

# Enable Command Mode

Usage Examples

The following example clears all counters for the access list labeled MatchAll:

>enable #clear access-list MatchAll

SROS Command Line Interface Reference Guide Enable Mode Command Set

clear arp-cache

Use the clear arp-cache command to remove all dynamic entries from the Address Resolution Protocol (ARP) cache table.

Syntax Description

No subcommands.

Default Values

No default value necessary for this command.

Command Modes

# Enable Command Mode

Usage Examples

The following example removes all dynamic entries from the ARP cache:

>enable #clear arp-cache

SROS Command Line Interface Reference Guide Enable Mode Command Set

clear arp-entry <address>

Use the clear arp-entry command to remove a single entry from the Address Resolution Protocol (ARP) cache.

Syntax Description

<address> Specifies the IP address of the entry to remove

Default Values

No default value necessary for this command.

Command Modes

# Enable Command Mode

Usage Examples

The following example removes the entry for 10.200.4.56 from the ARP cache:

>enable #clear arp-entry 10.200.4.56

SROS Command Line Interface Reference Guide Enable Mode Command Set

clear bridge <group#>

Use the clear bridge command to clear all counters associated with bridging (or for a specified bridge-group).

Syntax Description

<group#> Optional.

Specifies a single bridge group (1-255).

Default Values

No default value necessary for this command.

Command Modes

# Enable Command Mode

Usage Examples

The following example clears all counters for bridge group 17:

>enable #clear bridge 17

SROS Command Line Interface Reference Guide Enable Mode Command Set

clear buffers max-used

Use the clear buffers max-used command to clear the maximum-used statistics for buffers displayed in the show memory heap command.

Syntax Description

No subcommands.

Default Values

No default value necessary for this command.

Command Modes

# Enable Command Mode

Usage Examples

>enable #clear buffers max-used

SROS Command Line Interface Reference Guide Enable Mode Command Set

clear counters <interface>

Use the clear counters command to clear all interface counters (or the counters for a specified interface).

Default Values

No default value necessary for this command.

Command Modes

# Enable Command Mode

Usage Examples

The following example clears all counters associated with the Ethernet 0/1 interface:

>enable #clear counters ethernet 0/1

SROS Command Line Interface Reference Guide Enable Mode Command Set

clear crypto ike sa <policy priority>

Use the clear crypto ike sa command to clear existing IKE security associations (SAs), including active ones.

Syntax Description

<policy priority> Optional.

This number is assigned using the

Clear out all existing IKE SAs associated with the designated policy priority.

crypto ike policy

command.

Default Values

No default value necessary for this command.

Command Modes

# Enable Command Mode

Usage Examples

The following example clears the entire database of IKE SAs (including the active associations):

>enable #clear crypto ike sa

SROS Command Line Interface Reference Guide Enable Mode Command Set

clear crypto ipsec sa

Use the clear crypto ipsec sa command to clear existing IPSec security associations (SAs), including active ones.

Variations of this command include the following:

clear crypto ipsec sa clear crypto ipsec sa entry <ip address> ah <SPI> clear crypto ipsec sa entry <ip address> esp <SPI> clear crypto ipsec sa map <map name> clear crypto ipsec sa peer <ip address>

Syntax Description

entry

<SPI>

esp

<SPI>

map

peer

Clear only the SAs related to a certain destination IP address. Clear only a portion of the SAs by specifying the AH (authentication header)

protocol and a security parameter index (SPI). You can determine the correct SPI value using the show crypto ipsec sa command.

Clear only a portion of the SAs by specifying the ESP (encapsulating security payload) protocol and a security parameter index (SPI). You can determine the correct SPI value using the show crypto ipsec sa command.

Clear only the SAs associated with the crypto map name given. Clear only the SAs associated with the far-end peer IP address given.

Default Values

No default value necessary for this command.

Command Modes

# Enable Command Mode

SROS Command Line Interface Reference Guide Enable Mode Command Set

clear dump-core

The clear dump-core command clears diagnostic information appended to the output of the show version command. This information results from an unexpected unit reboot.

Syntax Description

No subcommands.

Default Values

No default value necessary for this command.

Command Modes

# Enable Command Mode

Usage Examples

The following example clears the entire database of IKE SAs (including the active associations):

>enable #clear dump-core

+ 911 hidden pages

HP 7000 Reference Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

CLI INTRODUCTION

Accessing the CLI from your PC

Understanding Command Security Levels

Understanding Configuration Modes

Using CLI Shortcuts

Performing Common CLI Functions

Understanding CLI Error Messages

COMMAND DESCRIPTIONS

SROS Command Line Interface Reference Guide Basic Mode Command Set

SROS Command Line Interface Reference Guide Enable Mode Command Set