Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
and
No. 16, Jiuxing Avenue Hi-tech Park Chengdu, Sichuan Province Peoples Republic of China - 610041 Tel: (86) 28-85148850, 85148041 Fax: (86) 28-85148948, 85148139 URL: http:// www.maipu.com Email: overseas@maipu.com
Page 1 of 138
All rights reserved. Printed in the Peoples Republic of China. No part of this document may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise without the prior written consent of Maipu Communication Technology Co., Ltd. Maipu makes no representations or warranties with respect to this document contents and specifically disclaims any implied warranties of merchantability or fitness for any specific purpose. Further, Maipu reserves the right to revise this document and to make changes from time to time in its content without being obligated to notify any person of such revisions or changes. Maipu values and appreciates comments you may have concerning our products or this document. Please address comments to: No. 16, Jiuxing Avenue Hi-tech Park Chengdu, Sichuan Province Peoples Republic of China - 610041 Tel: (86) 28-85148850, 85148041 Fax: (86) 28-85148948, 85148139 URL: http:// www.maipu.com Email: overseas@maipu.com
All other products or services mentioned herein may be registered trademarks, trademarks, or service marks of their respective manufacturers, companies, or organizations.
Page 2 of 138
Presentation: (Introductions, procedures, illustrations, completeness, arrangement, appearance) Good Fair Average Poor Accessibility: (Contents, index, headings, numbering) Good Fair Average Poor Editorial: (Language, vocabulary, readability, clarity, technical accuracy, content) Good Fair Average Poor
Please check suggestions to improve this document: Improve introduction Make more concise Improve Contents Add more step-by-step procedures/tutorials Improve arrangement Add more technical information Include images Make it less technical Add more detail Improve index
If you wish to be contacted, complete the following: Name Postcode Telephone Company Address E-mail
Page 3 of 138
Contents
Overview.....................................................................................................7 System Configuration.................................................................................8
Configure System Name .........................................................................................8 Configure System Time...........................................................................................8 Configure Login Security Service..............................................................................9
Page 4 of 138
System Log Function............................................................................................. 75 View CPU Utilization .............................................................................................. 78 Set CPU and Environment Alarm Temperature ........................................................ 82 Set SIU Display Language ..................................................................................... 83 Set System Alarm Parameters ............................................................................... 83 Configure Rollback Function................................................................................... 84 Pagination Display Function ................................................................................... 85
SSH..................................................................................................................... 88
Page 5 of 138
RMON..................................................................................................... 134
Introduction to RMON ......................................................................................... 134 Basic Commands of RMON .................................................................................. 135 Application Example............................................................................................ 137 Monitoring and Debugging................................................................................... 137
Monitoring Commands.........................................................................................................137 Monitoring Command Examples...........................................................................................137
Page 6 of 138
Overview
The manual mainly describes the basic configurations and managements of Maipu routers, including the commands for configuring the system, managing the user name and password, configuring the environment parameters, managing the files, and viewing the system information.
Main contents: Configure the system Manage the system Manage system authorization System tools Remote login service of the system System information unit (SIU) (currently, it is only for MP7500 router) Embedded Event Platform (EEP) Configure SNMP proxy server Configure RMON authentication and command hierarchical
Page 7 of 138
System Configuration
In Maipu router, the main tasks of the system configuration include: Configure the system name Configure the system time Configure the login security service of the system
hostname
The following command is used to change the system name from router to router_1. The operation steps are as follows:
Command router#configure terminal router(config)#hostname Description To execute the command configure terminal in the privileged user mode to enter the global configuration mode To execute the command hostname and take the parameter router_1 in the global configuration mode to change the system name The new system command takes effect in the displaying of the next system prompt
router_1
router_1(config)#
MP7500 system, so the system clock is not re-configured when the system restarts after power-off. You can configure the router clock via the following two methods: 1. Configure the NTP service to make the system obtain the present time automatically after startup. (For using of NTP, please refer to the chapter of configuring SNTP). 2. Use the command clock to configure the present time of the system, which comprises year, month, date, hour, minute and second. The configuration command is as follows:
Command clock year month day hour minute second Description * To configure the system clock Configuration Mode enable
The following example configures the system time as 09:36:10, November 15, 2006 by the command clock.
Command router#clock 2006 11 15 9 36 10 router#show clock UTC: THU NOV 09:36:15 2006 15 Description In the privileged user mode, to execute the command to configure the time of the system calendar as 09:36:10, November 15, 2006 To display the present calendar time of the system. The present time is 09:36:10, November 15, 2006, Thursday; By default, the time zone of the system is UTC.
The function of preventing the fast connection is to prevent the illegal users from initiating a lot of login requests to the router in a short period, which occupies a lot of system and network resources. If the times of repeatedly logging into a router from a user reaches the configured times,
Page 9 of 138
the system forbids the login connection requests from that IP address in a given period.
The commands for configuring the login security service are as follows:
Command service login-secure Description To enable the system security service To configure the interval for the login security service clearing the aged login authentication failures and the fast connection information. The default value is 60 minutes. To configure the time for the login security service forbidding the illegal IP address to log in. 10 minutes by default. To configure the maximum authentication failure times for continued login after the login security service takes effect. The default value is 5 times. To configure the time for the login security service aging the login authentication failure and the fast connection information. The default value is 15 minutes. To configure the maximum connection times of the preventing fast connection function. The default value is 20 times. To configure the minimum interval time between two connections of the preventing fast connection function. The default value is 30s. To configure the forbidding time for the illegal IP address to log in after the preventing quickconnection function takes effect. The default value is 20 minutes. To view the login authentication failure records of the login security service To view the quick-connection records of the login security service enable config Configuration Mode config config
forbid<10m-
config
record<15m-
config
config
login-secure quickconnect restrictinterval <10s-600s> login-secure quickconnect unrestrictinterval <10m1440m> show login-secure information show login-secure quick-connect
config
config
enable
Default status By default, the login security service is enabled when the system starts up
Page 10 of 138
Note Execute the command no service login-secure to disable the login security service. Meanwhile, clear up all login connection records.
Page 11 of 138
System Management
Main contents: Overview Manage the file system Manage the configuration file
Overview
This chapter mainly describes the related contents of the system management, including managing the file system, configuring the file management, system authentication and command hierarchical authorization.
Page 12 of 138
FLASH: used to store the application programs, configuration files and BootROM programs etc; EEPROM: used to store the configuration files and the user information that are often changed; CF card and USB: used to store the user data;
Maipu routers manage the following files: BootROM fileit is used to store the basic data initialized by the system; Application program of the router it is used to transmit routes, manage files and manage system etc Configuration fileIt is used to store the system parameters configured by users; Log fileit is used to store the log information of the system; Other files such as the files in which the dialup tone of the secondary dialup is stored; Maipu routers construct one or several DOS-based file systems for storing the information that rarely needs to be changed, such as the application programs (protocol software and driver etc.) and BootROM programs of a router. The file system is called TFFS (True Flash File System) (for example, construct two TFFS on MP7500. One device name is /system, which is used to store the system images by default; the other device name is /flash, which is used to store the key data such as the system configuration). Besides, the Maipu router provides the CF card and USB interface, which are used to store the user data.
For the Maipu router that has the master/salve control card (such as MP7500), if the system is in the master/salve mode and has the slave control card, the system has two kinds of file systems (modes). The file system on the master control card is called master file system. You can enter into the master file system mode via the filesystem command in the privilege mode; correspondingly, the file system on the slave control card is called slave file system. You can enter into the slave file system mode via the filesystem slave command in the privilege mode. In this way, you can operate the commands of the file system on the slave control card. If the current system does not have the slave control card or does not work in the master/slave mode, you cannot enter into the slave file system mode via the filesystem slave command.
Page 13 of 138
location show filesystem show file loction [peer] boot-loader [finename] show boot-loader
The file system management of a router refers to two aspects, that is, file management and directory management. Except the command for copying files, the using of all other commands in the file management are consistent in the master and slave file systems.
Page 14 of 138
Application example: In the configuration mode of the file system, execute the volume command, or execute the show filesystem command in the enable command mode:
router(config-fs)#volume
0x2cfa968
cache block I/O descriptor ptr (cbio): 0x2cfaa40 auto disk check on mount: NOT ENABLED 22
max # of simultaneously open files: file descriptors in use: # of different files in use: # of descriptors for deleted files: # of obsolete descriptors: 0 0 0 0
NO LABEL ; (in boot sector: ) 0x0 5,213 /* sectors of the /* bytes of each /* sectors of each
512
- # of reserved sectors:
reserved sectors */
/*
the
number
of
the
FAT16
- # of hidden sectors:
- Update last access date for open-read-close = FALSE - directory structure: VFAT /* directory structure */
Page 15 of 138
/* the start sector of root /* the sectors occupied by root /* the maximum number of
15
240
1 clusters
2,641,920 bytes
router(config-fs)#
File Management
By using the file manage commands in the configuration mode of the file system, users can operate all files in the master and slave file systems, including: List files (directory) Copy files Delete files View file contents The following are the examples of application examples of the file management commands.
Master file mode: router(config-fs)#dir size -------1930 date -----time -----name --------
4 3160 3160
Slave file mode: router(config-slave-fs)#dir size -------2048 102360 10234 1580 date -----time -----name -------<DIR>
JAN-01-1980 00:25:04 mpssh JAN-01-1980 01:22:58 logging JAN-01-1980 01:03:42 history JAN-01-1980 01:22:38 startup
2. Copy files The file copy command can be used to copy files in the FLASH file system, FTP server, TFTP server, startup configuration and running configuration. When the source or destination of the file copy command is file-system and there is no path information before the file name, the system uses the default path to operate by default (when using the filesystem command to enter into the operation mode f the file system, the default path is /flash; you can use the cd command to change the default path); if there is device name and path name before the file name, the system uses the specified path to operate. The following describes each kind of copy in detail.
A.
Command format:
copy file-system source-filename file-system dest-filename (copy from master file system to master file system)
The operations of the following two commands are the same in the master and slave file systems:
copy file-system source-filename slave-file-system dest-filename (copy from the master file system to the slave file system) copy slave-file-system source-filename file-system dest-filename (copy from the slave file system to the master file system)
Page 17 of 138
Application example: Copy from the master file system to the master file system:
router(config-fs)#copy file-system test file-system abc Copying... Completed router(config-fs)#dir size -------2048 4 4567 4567 date -----time -----name -------<DIR>
JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:24 random JAN-01-1980 00:00:24 test JAN-01-1980 00:10:16 abc
B.
Copy from the master file system to the slave file system:
router(config-fs)#copy file-system abc slave-file-system abc Do you want to copy master:/flash/abc to slave:/flash/abc?(y/n)y ##!!! !!! TRANSFER OK!
Page 18 of 138
123 4567
C.
Copy from the slave file system to the master file system:
JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:24 random JAN-01-1980 00:10:16 abc JAN-01-1980 00:00:24 test
router(config-fs)#copy slave-file-system 123 file-system 321 Do you want to copy slave:/flash/123 to master:/flash/321? (y/n)y ######## !!! TRANSFER OK!
JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:24 random JAN-01-1980 00:10:16 abc JAN-01-1980 00:36:51 321
copy file-system source-filename ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password dest-filename (copy from the master file system to the FTP server) copy slave-file-system source-filename ftp [vrf vrf-name] dest-ipaddress ftpusername ftp-password dest-filename (copy from the file system to the FTP server; the command can be used in both master file mode and the slave file mode)
Application examples:
Page 19 of 138
JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:24 random JAN-01-1980 00:08:26 startup JAN-01-1980 00:09:10 abc
router(config-fs)#
router(config-slave-fs)#copy slave-file-system abc ftp 128.255.40.33 h01 h01 test Do you want to copy slave:/flash/abc to FTP:test? (y/n)y ######## Copying!!!!! Total 4567 bytes copying completed.
E.
Command format:
Page 20 of 138
copy file-system source-filename tftp [vrf vrf-name] dest-ipaddress dest-filename (copy from master file system to TFTP server) copy slave-file-system source-filename tftp [vrf vrf-name] dest-ipaddress destfilename (copy from the slave file system to TFTP server; the command can be used in both master file system mode and the slave file system mode)
Application example: Copy from the master file system to the TFTP server:
JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 00:08:26 startup JAN-01-1980 00:09:10 abc
router(config-fs)#
router(config-slave-fs)#copy slave-file-system abc tftp 128.255.40.33 test Do you want to copy slave:/flash/abc to TFTP:test? (y/n)y######## Copying Translating "128.255.40.33"!!!!!!!!! Total 4567 bytes copying completed!
Page 21 of 138
F.
Command format:
Application example:
router(config-fs)#copy file-system abc startup-config Copying... Completed router(config-fs)#dir size -------2048 4 510 510 date -----time -----name -------<DIR>
JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 00:05:46 startup JAN-01-1980 00:05:16 abc
router(config-fs)#
Application example:
Page 22 of 138
Copying... Completed router(config-fs)#dir size -------2048 4 510 510 date -----time -----name -------<DIR>
JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 00:09:40 startup JAN-01-1980 00:17:08 abc
router(config-fs)#
Application example:
router(config-fs)#copy startup-config ftp 128.255.42.180 123 123 test Copying!Total 510 bytes copying completed.
I.
Command format:
Application example:
J.
Command format:
Page 23 of 138
Application example:
router(config-fs)#copy running-config file-system abc Copying... Completed router(config-fs)#dir size -------2048 4 510 date -----time -----name -------<DIR>
router(config-fs)#
K.
Command format:
Application example:
router(config-fs)#copy running-config ftp 128.255.42.180 123 123 test Copying!Total 510 bytes copying completed.
L.
Command format:
Completed!
M. Copy running configuration as startup configuration Command format:
Application example:
router(config-fs)#copy running-config startup-config Building Configuration...done router(config-fs)#dir size -------2048 4 495 date -----time -----name -------<DIR>
router(config-fs)#
copy ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password source-filename file-system dest-filename (copy from the ftp server to the master file system) Same as the ftpcopy command
copy ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password source-filename slave-file-system dest-filename (copy from the ftp server to the slave file system; the command can be used in both master file system mode and the slave file system mode)
Page 25 of 138
Application example:
router(config-fs)#copy ftp 128.255.42.180 123 123 test.bin file-system abc Downloading#########################OK! router(config-fs)#dir size -------2048 4 11577 date -----time -----name -------<DIR>
router(config-fs)#
Application example:
router(config-fs)#copy ftp 128.255.42.180 123 123 test startup-config Downloading##OK! router(config-fs)#dir size date time name
Page 26 of 138
-------2048 4 495
------
------
-------<DIR>
router(config-fs)#
P.
Command format:
copy tftp [vrf vrf-name] dest-ipaddress source-filename file-system dest-filename (copy from TFTP server to the master file system)
Note: same as the command tftpcopy
copy tftp [vrf vrf-name] dest-ipaddress source-filename slave-file-system destfilename (copy from the TFTP server to the slave file system; the command can be used in both master file system mode and the slave file system mode)TFTP)
Application example:
router(config-fs)#copy tftp 128.255.42.180 test file-system abc Downloading##OK! router(config-fs)#dir size -------2048 4 495 date -----time -----name -------<DIR>
router(config-fs)#
Page 27 of 138
Application example:
router(config-fs)#copy tftp 128.255.42.180 test startup-config Downloading##OK! router(config-fs)#dir size -------2048 4 495 date -----time -----name -------<DIR>
router(config-fs)#
R.
Copy files to file system by using xmodem protocol via Console port
Command format:
Application example:
Page 28 of 138
router(config-fs)#xmodemcopy abc 9600 Now ready to receive file.Please send file with XMODEM protocol.If you want to cancel in progress,press CTL+C key...
router(config-fs)#
delete filename
Application example:
router(config-fs)#delete abc WARNING: The Data of this file will be lost! if OS is deleted,the system will hangup!
-------2048 4
------
------
-------<DIR>
router(config-fs)#
type filename
Application example:
router(confgi-fs)#type startup The contexts of file startup hostname router user maipu password 0 maipu 1 enable password OW encrypt enable timeout 0 no service password-encrypt interface loopback0 exit interface fastethernet0 ip address 129.255.222.26 255.255.0.0 no ip redirects exit interface serial1/0 physical-layer sync clock rate 64000 tx-on dsr encapsulation ppp ip address 10.1.1.1 255.0.0.0 exit
Directory Management
The directory management of the file system in the router comprises: Print the path where the system is located;
Maipu Confidential & Proprietary Information Page 30 of 138
Change the current path; Create a directory; Delete a directory; The examples of applying the commands of directory management are as follows. 1. Print path where system is located Command format:
pwd
Application example:
mkdir dir-name
Application example:
router(config-fs)#mkdir maipu router(config-fs)#dir size -------1930 4 3160 512 3160 date -----time -----name --------
JAN-01-1980 00:00:00 logging JAN-01-1980 00:00:00 random JAN-01-1980 00:00:00 startup JAN-01-1980 00:00:00 maipu JAN-01-1980 00:00:00 script <DIR>
cd dest-dirname
Page 31 of 138
Application example:
rmdir dir-name
Application example:
router(config-fs)#cd /flash router(config-fs)#rmdir maipu WARNING: The Data of this dir will be lost! if OS is deleted,the system will hangup!
JAN-01-1980 00:00:00 LOGGING JAN-01-1980 00:00:00 RANDOM JAN-01-1980 00:00:00 STARTUP JAN-01-1980 00:00:00 SCRIPT
The high-end routers of Maipu (such as MP7500) can store the file system to the extended storage devices such as CF card can USB device. To facilitate the user to configure the storage location (device) of the system
Maipu Confidential & Proprietary Information Page 32 of 138
files (such as application program, configuration file, and log file), the system provides the shell command to modify the storage location (device) of the system files. In the master/slave file system mode:
location image|configuration|logging|other_PHYDEVICE_ Reverse command: no location image|configuration|logging|other Viewing commands (in enable mode): show file loction show file location peer
Here: _PHYDEVICE_depends on the existing physical device in the system. For example, insert the CF card into the master MPU and the system prompts:
router(config-fs)#location logging ? /system /flash /cfcard Physical device: /system Physical device: /flash Physical device: /cfcard
Use the command in the slave file system mode and the system prompts:
router(config-slave-fs)#location logging ? /system /flash Physical device: /system on peer MPU Physical device: /flash on peer MPU
Application examples: 1. The CF card is inserted into the system, but the storage device of the system files is not configured. View the storage information of the current system files:
router#show file location Current system files default device list: OS image Configuration Logging Other files : /system : /flash : /flash : /flash
Page 33 of 138
Configurated system files default device list: OS image Configuration Logging Other files : /system : /flash : /flash : /flash
2. Configure the default storage location of the log files as the CF card:
3. When viewing the storage location of the system files after the configuration, you can find that the configuration takes effect and a new log file named logging is generated in the device /cfcard.
router#show file location Current system files default device list: OS image Configuration Logging Other files : /system : /flash : /cfcard : /flash
Configurated system files default device list: OS image Configuration Logging Other files : /system : /flash : /cfcard : /flash
4. When pulling out the CF card, the system prompts that the storage device of the log file is modified to /flash. View the storage location of the system files via the viewing command:
Current system files default device list: OS image Configuration Logging Other files : /system : /flash : /flash : /flash
Configurated system files default device list: OS image Configuration Logging Other files : /system : /flash : /cfcard : /flash
5. Insert the CF card again and the system prompts that the storage location of the log file is modified to /cfcard. You can view it as follows:
router#show file location Current system files default device list: OS image Configuration Logging Other files : /system : /flash : /cfcard : /flash
Configurated system files default device list: OS image Configuration Logging Other files : /system : /flash : /cfcard : /flash
6. In the slave file system, you can also perform the above operations to modify the storage location of the log file and other kinds of system files.
Note: 1. After modifying the storage location of the application program (image), you need to upgrade the system via the system upgrade command or modify the boot parameter via the command of loading the file when the system starts so that the system can
Page 35 of 138
start via the image file in the storage device by configuring the application program. 2. After modifying the storage location of the configuration file (configuration) and if the new device does not have the configuration file (startup), you need to use the saving or copying command of the configuration file to generate a configuration file (startup) so that the system can load the configuration when starting next time. 3. When modifying the storage location of the log file (logging), it takes effect at once. If the new device does not have the log file, create a new log file; if the new device has the existing old log file (logging), the future log information is recorded at the end of the file. 4. The modifications for the locations of all system files (including configuration and hot-swap of the device) are recorded in the log file.
Configuration Parameters
Command format:
Command
of
System
Boot
Specify the IOS file used when the system starts next time.
boot-loader [filename]
Application example:
Displaying Parameters
Command format:
Command
of
System
Boot
show boot-loader
Application example:
router(config-fs)#show boot-loader The app to boot at the next time is: dc0: rp7-g-6.0.7(h01-m14-e).bin The app to boot at the this time is: dc0: rp7-g-6.0.7(h01-m14-e).bin
Page 36 of 138
The following is one example of Maipu router configuration file (the detailed meaning of the information is introduced in the following chapters):
Page 37 of 138
!software version 6.0.2(j)(integrity) !software image file rpl-i-6.0.2(j).bin !compiled on Jun 26 2006, 17:41:22
x25 routing
frame-relay switching
interface loopback2
Maipu Confidential & Proprietary Information Page 38 of 138
interface serial1/0 physical-layer sync clock rate 128000 encapsulation x25 dce ip address 200.200.200.2 255.255.255.0 exit
interface serial3/0 physical-layer sync encapsulation frame-relay frame-relay lmi-type ansi frame-relay intf-type dce frame-relay interface-dlci 50 x25-profile 1 exit ip address 200.200.202.1 255.255.255.0 exit
router ospf 64 log-adjacency-changes network 2.2.2.1 0.0.0.0 area 9 network 2.2.2.2 0.0.0.0 area 9
Maipu Confidential & Proprietary Information Page 39 of 138
!end
router(config-fs)#ftpcopy A.B.C.D
router(config-fs)#dir
Page 40 of 138
date ------
time ------
name --------
JAN-01-1980 00:00:00 logging JAN-01-1980 00:00:00 random JAN-01-1980 00:00:00 startup JAN-01-1980 00:00:00 script
Downloading the configuration file via TFTP is similar to downloading via FTP. The only difference between them is that the computer needs to run TFTP SERVER. Step 4: Restart the router, execute the configuration file-startup and modify the system configurations.
The following command can be executed to save the running configuration into the startup configuration file (STARTUP):
router#write startup-config
router#write
The following command can be executed to save the running configuration into the remote host via TFTP:
Page 41 of 138
The following command can be executed to save the startup configuration file into the remote host via TFTP:
Basic Commands
The commands are as follows:
Command ftp enable ftp disable ftp timeout ftp max-user-num Description To enable the ftp server To disable the ftp server To set the timeout of the FTP connection To configure the maximum number of users permitted to login Config mode 1. 2. config config config config
Note Before a user logs into the file system of a router via ftp mode, the user name and password need to be configured on the router.
ftp enable
Page 42 of 138
ftp enable
ftp disable
The command is used to disable the FTP service on the device.
ftp disable
ftp timeout
The command is used to set the timeout of the FTP connection.
value
ftp max-user-num
The command is used to set the maximum number of the users permitted to log in at the same time.
number
Application Example
The example of configuring Maipu router as the FTP server:
Command router#configure terminal router(config)#ftp enable router(config)#ftp max-user-num 2 router(config)#user maipu password 0 maipu Description To enable the ftp sever To configure the maximum number of users permitted to login as 2 To configure the user name and password for login as maipu
Debugging Command
Command Description
Page 43 of 138
Page 44 of 138
Overview
In order to enhance the operation security of a router, Maipu series routers provide various authentication managements (including AAA. Please refer to the chapter of configuring AAA) when users log in or perform the enable operation. Only the users who have the corresponding rights can log in or operate enable successfully.
In order to authorize different level of users with the executable commands with different levels, the commands of maipu router are graded from level 0-15. Here, the level 0 has the lowest right, while the level 15 has the highest.
Page 45 of 138
Basic Commands
Command enable user-level privilege MODE level 0 15 all | command LINE no privilege MODE {CR | level 015 { CR |all | command LINE } } enable password level 115 0|7 string enable password [0 | level ] string no enable password [0| level 1~15|STRING] <CR> user string password 0 LINE user string nopassword user string privilege 0-15 user string autocommand <LINE> user string autocommand-option nohangup|delay <0_120> Description To modify the user level To modify the command level Configuration Mode router> enable config
config
To set the enable password To set the enable password To delete the enable password To set the user password To set that a user can log in without password authentication To set the authorized level of a user To set the authorized auto-execute command of a user To set the option of a user executing the autocommand; nohangup means the connection is not disconnected after the auto-command is executed; delay means after how many seconds delayed the auto-command is executed. To set the callback number of a user
config
Note
Page 46 of 138
1. Specify a user level 0-15 after enable and enter into the corresponding level. By default, the level is 15 if not specified. 2. If the level of a user is higher than the user level which he is going to enter, he can enter into the related level directly without any authentication. If the user is going to enter a level which is higher than his, the user needs to pass the authentication according to the current configuration, and the authentication method is selected according to the configuration. 3. If the enable password of the corresponding level is configured (configured via the command enable password level) and if the enable authentication of AAA is not configured or the enable authentication of AAA uses the enable method, the password can be used to authenticate. 4. If the enable password of the corresponding level is not configured, but the enable authentication uses the local enable password to authenticate, there are two kinds of situations: A. If it is a telnet user, the authentication fails. % No password set is prompted if aaa is not configured; % Error in authentication is prompted if aaa is configured; If is a console port user and the aaa is configured, the enable login tries to use the enable password to authenticate at first. If there is no enable password, use the none authentication, which means that the authentication is passed by default. If the aaa is not configure, % No password set is prompted and the authentication fails.
B.
5. If the enable authentication is passed, the user enters into the specified user level and the user possesses the corresponding level. The command show privilege can be used to view the user level. 6. If aaa authentication enable default method is configured, use the corresponding method list to perform the enable authentication, and the corresponding methods need to be used for authenticating, as follows: A. B. If aaa authentication enable default none is configured, no password is needed If aaa authentication enable default line is configured and the line password is configured, use the password. Otherwise, % Error in authentication is prompted and the authentication fails. If aaa authentication enable default radius is configured, use the radius authentication. Note that the user name of radius enable authentication is fixed, that is, $enab+level$. Level is a number of 1-15, that is, the level the user is going to enter. Because radius uses the user name of the fixed rule, users do not need to input the user name when authenticating, and just input the password to pass. If the password of the
Page 47 of 138
C.
user name with corresponding level is configured on the radius sever, input the corresponding password to log in successfully. Otherwise, the authentication fails. For example, execute the command enable 10, use the fixed user name $enab10$; if the user name exists on the radius sever, input the user name and corresponding password to pass the authentication. If aaa authentication enable default tacacs is configured, use the tacacs authentication. If there is a user name when logging in, users can use the user name and input the enable password of the user name to log in; otherwise, users need to input a user name and the enable password of it. If the input user name exists on the tacacs sever, and the enable password of tacacs is configured (notice: the corresponding enable password needs to be set for users on the tacacs sever), the authentication is passed. Otherwise, the authentication fails.
The above enable authentication methods can be combined to use. Please refer to the chapter of Configuring AAA.
Users can only execute the commands whose levels are equal to or lower than the levels of themselves. For example, if a user whose user level is 12, he can only execute the commands of level 0-level 12.
Note 1. When a user executes a command, whether the user has the corresponding level right depends on the configuration.
Page 48 of 138
2. When executing show run or show startup, whether the present user has the level right for configuring a script depends on the configuration. 3. The input command character string follows the rule of match most, which means the input character string can be found and the result is only it. But in the script, it completes the character string as a full command. 4. The command no can be used to recover the command level of the corresponding command set to the default level.
Page 49 of 138
password
no enable password [level {1-15}]
and the password is plaintext. To cancel the configuration of the enable password of a level
config
Note 1. When executing the command show run, the displayed password is cryptograph, that is, with seven key words. 2. Now there are two kinds of encryption methods, that is, new/old encryption methods. The command service new-encrypt or the command no can be used to switch between the new and the old encryption methods.
user-name password
user
user user-name nopassword user user-name privilege {0-15} user user-name command-line autocommand
callback-
config config
disable
3.
configuser configuser
password 0 password
4.
Page 50 of 138
To enter the configuration mode of remote authorization To set the ip address or the address pool information of a user; pl_name is the name of the address pool To configure the dns information of a user. Here, the paddr_1 is the primary dns ip address of the user and ipaddr_2 is the secondary dns ip address of the user To configure the wins information of a user. Here, the ipaddr_1 is the primary wins ip address of the user and ipaddr_2 is the secondary wins ip address of the user To set the name of the usergroup and enter the user-group configuration mode To set the user user-name as a member of the user group
config-user config-user-rset
config-user-rset
config-user-rset
config config-ugroup
Note Each command has the corresponding no command; the no command can be used to cancel the corresponding configuration. The user configured by the command user user-name type xauth can only be the user of the IKE extended authentication, but not the login user, also the related commands of user-group take effect only on the user of IKE extended authentication.
Page 51 of 138
autocommand command-line
{nohangup
permitted for login user. Notice, if it is configured as 0, it means the time is not limited. The default value is 0. When 5 seconds before the time runs out, there is a prompt: Line timeout expired To configure the authorized level of a login user. By default, it is 1 To configure the command executed automatically after a user logs in successfully. Note that the executed command is often in the privileged user mode. By default, no command is executed. To set the option of a user executing auto-command. Nohangup means the connection is not disconnected after the auto-command is executed. By default, the connection is disconnected after the command is executed. Delay means after how many seconds delayed the auto-command is executed. By default, the delay is 0 second, which means no delay. Note that the command takes effect only after autocommand is configured. To configure the idle timeout to exit. Note that if the configuration is 0, it means no idle timeout to exit. By default, it is 5 minutes. To configure the line password To configure the login authentication mode. Here, login CR uses the line password to authenticate; Login authentication uses AAA authentication mode. No login means that users can log in without authentication (this can be used only when AAA is not configured). For common telnet, it is login by default; for ssh, it is login local by default. To configure the authentication mode and the accounting mode, if the aaa is enabled (the command aaa new-model), you can specify the
config-line config-line
config-line
config-line
password 0 password
config-line config-line
config-line
level
Page 52 of 138
level
authentication and accounting mode of exec and commands for each line. Please refer to the chapter of configuring AAA. To enable the mode function of console interface To configure the timeout of waiting for a user to input the user name and password; it is 30 seconds by default. config-line config-line
Note Except the first command, others have their corresponding no commands, which are used to cancel the corresponding configurations or recover to the default configurations.
For example, configure the idle timeout of a telnet user as 5 minutes, the absolute timeout as 20 minutes, login timeout as 60 seconds, right level as 14, to execute the command show memory when 5 seconds delayed after login, and not to exit after the command is executed:
Command router(config)#line vty 0 2 router(config-line)#exc-timeout 5 0 router(config-line)#absolute-timeout 20 router(config-line)#timeout login respond 60 router(config-line)#privilege level 14 router(config-line)#autocommand show memory router(config-line)# autocommand-option delay 5 nohangup router(config-line)# password 0 vty router(config-line)#exit Description To enter the line configuration mode of telnet user To configure the idle timeout as 5 minutes To configure the total configuration time permitted for a user as 20 minutes To configure the login timeout for a user as 60 second To configure the authorized level of a user as 14 To configure to execute the command show memory automatically after a user logs in successfully To configure to execute the command automatically after 5 seconds delayed and the connection is not disconnected To configure the password of line as vty To exit the line configuration mode
After configuring the above commands, users should be authorized with the following line attributes after logging into the device via telnet:
The debug information is as follows (by executing the command debug author exec):
AUTHOR/EXEC/LINE (6): processing AV priv-lvl=14 AUTHOR/EXEC/LINE (6): processing AV autocmd=show mem AUTHOR/EXEC/LINE (6): processing AV nohangup=TRUE
Maipu Confidential & Proprietary Information Page 53 of 138
show privilege
Execute in the normal user mode (STD) or the privileged user mode (EN). Note: by default, the level of the command is 1. So the user whose level is 0 cannot execute the command. For example:
Page 54 of 138
System Tools
To facilitate the user to plan and manage the slots and components of the device, setting the description information of the slots and components is supported. Set the description of the slots/components
Command system description { mpu <0~1> | lpu <0~7> | siu | power <0~2> | fan <0~1> } descriptionDescription To set the description information about the slots of the cards in the system and the components such as SIU, power, and fan Configuration mode config
information
Page 55 of 138
interface hosts arp ip startup-config about Version system {chassis | vender | mpu | lpu | siu | power | fan }
physical and logical devices in the system To display the information about the network interface of the system To display the information about the internal host table in the system To display the information about the ARP table of the system To display the statistics information of IP layer (include TCP and UDP) To display the contents of the startup configuration file in the system To display the information about the system copyright To display the information about the versions of the hardware and software in the system To display the information bout the components such as cards, SIU, power supply, and fan
Take MP7508 as an example and some information is displayed as follows: Display the system stack
---------- ------------ -------- ----- ----- ----- -----tExcTask tLogTask 0x000014abc8 3fab488 7984 224 488 7496 0x0000150f1c 3fa8b00 4984 216 280 4704
tExcTrace 0x00000144f8 3540ed0 4984 320 552 4432 tShell1 tSysLog tSccTx1 tPPPExe tPPPSig tNetTask tSysTimer tSysSig tSccRx1 tModDet1 tUartRx0 tUartRx1 tUartRx2 tUartRx3 0x000002b254 27b1b18 20472 9696 13168 7304 0x00002032cc 2b298c0 5112 216 1084 4028 0x0000316acc 2b66380 3992 160 428 3564 0x00002d415c 35e29d8 10232 160 1580 8652 0x00002d4258 35dffc0 3416 192 1000 2416 0x00001d1364 2c769e8 9984 184 1188 8796 0x0000026ba0 2c74080 10224 152 296 9928 0x0000026bc8 2c71598 3416 240 1048 2368 0x0000316a50 2b67920 4992 152 644 4348 0x000030d1bc 2b651c8 3984 184 448 3536 0x000025e968 2b61030 4984 240 304 4680 0x000025e968 2b5e3e0 4984 240 304 4680 0x000025e968 2b5b790 4984 240 304 4680 0x000025e968 2b58b40 4984 240 304 4680
Page 56 of 138
0x000025e968 2b55ef0 4984 240 304 4680 0x000025e968 2b532a0 4984 240 304 4680 0x000025e968 2b50650 4984 240 304 4680 0x000025e968 2b4da00 4984 240 304 4680 0x000025e968 2b4adb0 4984 240 304 4680 0x000025e968 2b48160 4984 240 304 4680
tUartRx10 0x000025e968 2b45510 4984 240 304 4680 tUartRx11 0x000025e968 2b428c0 4984 240 304 4680
tUartRx12 0x000025e968 2b3fc70 4984 240 304 4680 tUartRx13 0x000025e968 2b3d020 4984 240 304 4680 tUartRx14 0x000025e968 2b3a3d0 4984 240 304 4680 tUartRx15 0x000025e968 2b37780 4984 200 1020 3964 tActive tSysTask tTermSo tTermCore tMpDlc tRtBak 0x0000306c74 2b14660 3992 240 384 3608 0x000029f4d0 351d648 9984 176 240 9744 0x0000351800 2b0b920 7992 360 1420 6572 0x0000352028 2b097c8 7984 184 976 7008 0x00004b9790 2afffb0 3992 160 472 3520 0x00002ee874 2c6e880 16376 952 1096 15280
tInfoGuide 0x00000cd65c 2afedf8 101712 600 2748 98964 tFecDetect 0x000026c86c 2b700b0 4984 184 916 4068 tTffsPTask 0x00003b2dbc 3fa4eb8 2032 136 404 1628 httpInit tTelnetd 0x000037fc7c 28843e8 4984 368 592 4392 0x00003455e4 2b134a8 4080 496 720 3360 5000 0 1036 3964
INTERRUPT
router#show memory SUMMARY ------Type ---Used bytes ---------Free bytes Total bytes Used percent
----------
-----------
Page 57 of 138
Note: The space of all such memory types exclude CODE is part of the HEAP's
STATISTICS ---------Used bytes ---------22670472 Free bytes ---------Total bytes Used percent
-----------
-----------33.78%
44433360
67103832
Use the command show memory to set different parameters to realize various functions: show memory FPSS|HEAP|MBUF|SLAB: display the memory using condition of different memory management mechanisms show memory FPSS|MBUF|SLAB _POOLNAME_: display the using condition of one memory pool in a memory management mechanism show memory detail: display the detailed using condition of the system memory show memory detail FPSS|HEAP|MBUF|SLAB: display the detailed memory using condition of different memory management mechanisms show memory detail FPSS|HEAP|MBUF|SLAB _POOLNAME_: display the detailed using condition of one memory pool in a memory management mechanism
RTABLE : HTABLE : ATABLE : SONAME : ZOMBIE : SOOPTS : FTABLE : RIGHTS : IFADDR : CONTROL : OOBDATA : IPMOPTS : IPMADDR : IFMADDR : MRTABLE : DRVSCC : DRV8SA : DRV8S : DRV16A : DRV4M336:
TOTAL : 50000 number of mbufs: 50000 number of times failed to find space: 0 number of times waited for space: 0 number of times drained protocols for space: 0
Maipu Confidential & Proprietary Information Page 59 of 138
__________________ CLUSTER POOL TABLE ____________________________________________________________________ ___________ size clusters free usage
------------------------------------------------------------------------------64 128 256 512 1024 2048 6000 36000 3200 3200 180 400 5966 35933 3198 3191 180 400 34124 351874 3711 37 0 0
Driver pool
RTABLE : HTABLE : ATABLE : SONAME : ZOMBIE : SOOPTS : FTABLE : RIGHTS : IFADDR : CONTROL : OOBDATA : IPMOPTS :
IPMADDR : IFMADDR : MRTABLE : DRVSCC : DRV8SA : DRV8S : DRV16A : DRV4M336: DRVEXTSCC: DRVQMC : MPLSINFO:
0 0 0 0 0 0 0 0 0 0 0
TOTAL : 6000 number of mbufs: 6000 number of times failed to find space: 0 number of times waited for space: 0 number of times drained protocols for space: 0 __________________ CLUSTER POOL TABLE ____________________________________________________________________ ___________ size clusters free usage
Page 61 of 138
router#show interface loopback0: Flags: (0x4080e9) UP LOOPBACK MULTICAST RUNNING GWUP Type: SOFTWARE_LOOPBACK Internet address: 1.1.1.1/32 Queue strategy: FIFO , Output queue: 0/1 (current/max packets)(0) Metric: 0, MTU: 32768, BW: 8000000 Kbps, DLY: 5000 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received 0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped multilink0: Flags: (0x408070) DOWN POINT-TO-POINT MULTICAST ARP RUNNING GWUP Type: MULTILINK Internet address: 2.0.0.2/24 Destination Internet address: 0.0.0.0 Queue strategy: FIFO , Output queue: 0/1 (current/max packets)(0) Metric: 0, MTU: 1500, BW: 100000 Kbps, DLY: 100000 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 5 minutes input rate 0 bits/sec, 0 packets/sec
Page 62 of 138
5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received 0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped gigaethernet0: Flags: (0x408062) DOWN BROADCAST MULTICAST ARP RUNNING GWUP Type: ETHERNET_CSMACD Internet address: 128.255.40.77/22 Broadcast address: 128.255.43.255 Queue strategy: FIFO , Output queue: 0/256 (current/max packets)(0) Metric: 0, MTU: 1500, BW: 1000000 Kbps, DLY: 10 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 Ethernet address is 0000.0000.0000 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received 0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped gigaethernet1: Flags: (0x408062) DOWN BROADCAST MULTICAST ARP RUNNING GWUP Type: ETHERNET_CSMACD Internet address: 11.11.11.1/24 Broadcast address: 11.11.11.255 Queue strategy: FIFO , Output queue: 0/256 (current/max packets)(0) Metric: 0, MTU: 1500, BW: 1000000 Kbps, DLY: 10 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 Ethernet address is 0000.0000.0000 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received
Maipu Confidential & Proprietary Information Page 63 of 138
0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped gigaethernet2: Flags: (0x408062) DOWN BROADCAST MULTICAST ARP RUNNING GWUP Type: ETHERNET_CSMACD Queue strategy: FIFO , Output queue: 0/256 (current/max packets)(0) Metric: 0, MTU: 1500, BW: 1000000 Kbps, DLY: 10 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 Ethernet address is 0000.0000.0000 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received 0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped gigaethernet3: Flags: (0x408062) DOWN BROADCAST MULTICAST ARP RUNNING GWUP Type: ETHERNET_CSMACD Queue strategy: FIFO , Output queue: 0/256 (current/max packets)(0) Metric: 0, MTU: 1500, BW: 1000000 Kbps, DLY: 10 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 Ethernet address is 0000.0000.0000 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received 0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped lo0: Flags: (0xc080e9) UP LOOPBACK MULTICAST RUNNING GWUP Type: SOFTWARE_LOOPBACK Internet address: 127.0.0.1/8
Maipu Confidential & Proprietary Information Page 64 of 138
Queue strategy: FIFO , Output queue: 0/1 (current/max packets)(0) Metric: 0, MTU: 32768, BW: 8000000 Kbps, DLY: 5000 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received 0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped dc0: Flags: (0x40408063) UP BROADCAST MULTICAST ARP RUNNING GWUP MANAGE Type: ETHERNET_CSMACD Queue strategy: FIFO , Output queue: 0/1 (current/max packets)(0) Metric: 0, MTU: 1500, BW: 100000 Kbps, DLY: 100 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 Ethernet address is 0000.0000.0000 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 292 packets received; 0 packets sent 292 multicast packets received 0 multicast packets sent 2 input errors; 0 output errors 0 collisions; 0 dropped
router#show version MyPower (R) Operating System Software MP7500 system image file (dc0: rp7-g-6.0.7(h01-m14-e).bin), version 6.0.7(h01m14-e)(integrity), Compiled on Jun 18 2007, 08:53:40 Copyright (C) 1999 Maipu (Sichuan) Communication Technology Co., Ltd. All Rights Reserved.
Page 65 of 138
: 010(Hotswap Supported)
Software Version : 6.0.7(h01-m14-e)(integrity) Software Image File : dc0: rp7-g-6.0.7(h01-m14-e).bin Compiled : Jun 18 2007, 08:53:40
router#show about MP7500 series modular architecture can incessantly offer clients as many flexible solutions as possible when new services and applications come into exsistence. With full support of the MyPower (R) Operating System Software,MP7500 series modular architecture will support the following applications: General Internet/intranet access LAN-to-LAN/LAN Internetwork Secure Internet/intranet access Multiservice voice/data integration Analog and digital dial access services Virtual Private Network (VPN) access Interconnecting with IBM SNA Network
Copyright (C) 1999 Maipu (Sichuan) Communication Technology Co., Ltd. All Rights Reserved.
Display the status information of the components such as cards, SIU, power supply, and fan The show system command can be used to display the information about the running status of the components such as cards, SIU, power supply and fans.
Page 66 of 138
router#show system System Chassis Information (ID=00 - ONLINE) ---------------------------------------------------------------Device ID: Vender ID: Serial No.: 0005 0003 00000006 00017a016666
Chassis-MAC-Group-0:
System Card Information(UNIT=20 - ONLINE) ---------------------------------------------------------------Type: MPU_RM7A_MPU408_4GE Status: Start Ok Last-Alarm: 0000 Card-Port-Num: 0 Card-SubSlot-Num: 2 Power-INTF-Status: 0003 Power-Card-Status: On Serial No.: 00000000 Card-Name: <NULL> Description: <NULL> Power-RT-Infomation: Voltage-In: 11.63 V Hardware-Information: HW-State: 0000
Page 67 of 138
PCB-Version: H01 CPLD-Version: 43 Software-Information: Monitor-Version: 1.14 Software-Version: 6.0.5(h01-b12-p)(integrity) Temperature-Information: Temperature-State: Temperature = 27. Last-Alarm = 0. CPU-On-Card-Information: < 1 CPUs> CPU-Idx: 00 Status: 0000 Core-Num: 0004 Core-State: Core-Idx-00 Core-Status: 0000 Core-Utilization: 0% Core-Idx-01 Core-Status: 0000 Core-Utilization: 0% Core-Idx-02 Core-Status: 0000 Core-Utilization: 0% Core-Idx-03 Core-Status: 0000 Core-Utilization: 0% Temperature: Temperature-State: Temperature = 43. Last-Alarm = 0. MEM-On-Card-Information: <1 MEMs> MEM-Idx: 00 MEM-State: BytesFree = 494829816 bytes BytesAlloc = 42035960 bytes BlocksFree = BlocksAlloc =
Maipu Confidential & Proprietary Information
MaxBlockSizeFree = 197052064 bytes DISK-On-Card-Information: <3 DISKs> DISK-Idx: 00 Type: Flash Status: Online Last-Alarm: 0000 DISK-State: SizeTotal = 33554432 bytes SizeFree = 16666624 bytes DISK-Idx: 01 Type: Unknown Status: Offline Last-Alarm: 0000 DISK-Idx: 02 Type: Unknown Status: Offline Last-Alarm: 0000 CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.8 Software-Version: 1.1.6 ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR
System Card Information(UNIT=20,SLOT=00 - ONLINE) ---------------------------------------------------------------Type: LGU_RM7A_MPU408_4GE_DC Status: Init Last-Alarm: 0000 Card-Port-Num: 1 Card-SubSlot-Num: 0 Power-INTF-Status: 0000 Power-Card-Status: On ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR
Page 69 of 138
System Card Information(UNIT=20,SLOT=01 - ONLINE) ---------------------------------------------------------------Type: LGU_RM7A_MPU408_4GE_GE Status: Init Last-Alarm: 0000 Card-Port-Num: 4 Card-SubSlot-Num: 0 Power-INTF-Status: 0000 Power-Card-Status: On ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR
System Card Information(UNIT=01 - ONLINE) ---------------------------------------------------------------Type: LPU_RM7B_1ATM_OC3H Status: Start Ok Last-Alarm: 0000 Card-Port-Num: 1 Card-SubSlot-Num: 0 Power-INTF-Status: 0000 Power-Card-Status: On Serial No.: ffffffff Card-Name: 1ATM Description: <NULL> Power-RT-Infomation:
Maipu Confidential & Proprietary Information Page 70 of 138
Voltage-In: 0.00 V Hardware-Information: HW-State: 0000 PCB-Version: H01 CPLD-Version: 42 SFP-On-Card-Information: <1 SFPs> SFP-Idx: 00 Type: 0000 Status: Online Info-Struct: id = 0003 connectorType = 07 bitRate = 01 sonetCompatibility = 02 gigaCompatibility = 00 linkLength = 0f960000 serial-no. = 842043908064 version = 10 vendor-name = FIBERXON INC. vendor-part-num = FTM-3001C-S15 CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.7 Software-Version: 1.1.6 ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR
Page 71 of 138
System Power Information(ID=30 - ONLINE) ---------------------------------------------------------------Status: Abnormal Last-Alarm: 0000 Serial No.: <NULL> Description: <NULL> Power-RT-Information: Fan-Status: Abnormal Type-In: AC Voltage-In: 0.00 V Current-In: 0.00 A CMM-Information: Hardware-Type: 0000 Monitor-Version: <NULL> Software-Version: <NULL> ---------------------------------------------------------------Maipu Confidential & Proprietary Information Page 72 of 138
STATISTICS:
System FAN Information(ID=41 - ONLINE) ---------------------------------------------------------------Status: Offline Last-Alarm: 0000 Serial No.: <NULL> Description: <NULL> ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR
System SIU Information(ID=28 - ONLINE) ---------------------------------------------------------------Type: 0000 Status: Online Last-Alarm: 0000 Serial No.: 00000000 Description: <NULL> Hardware-Information: PCB-Version: H01
Maipu Confidential & Proprietary Information Page 73 of 138
CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.8 Software-Version: 1.1.6 ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR
router#
Note The show system command can be used to display the information about the running status of the corresponding component by setting different parameters: show system mpu {local | peer}: display the information about the running status of the local/peer MPU card; show system lpu <0~7>: display the information about the running status of the LPU card in the slot of the device; show system siu: display the information about the running status of the SIU; show system power <0~2>: display the information about the running status of the power components; show system fan <0~1>: display the information about the running status of the fan components;
Protocol Debugging
The system provides the debugging switches for various protocols, including IP, PPP, HDLC, OSPF, FR, and X25. The following example briefly explains the enabling and disabling of the debugging switch.
Enable the protocol debugging switch Enable the packet debugging switch of IP protocol access list:
Page 74 of 138
Enable the debugging switch of the PPP protocol (on interface s1/0):
Debug frame-relay lmi [interface/<CR>] Debug frame-relay log [interface/<CR>] Debug frame-relay packet [interface/<CR>]
The specific protocol debugging corresponding chapters in detail. switches are described in the
Disable the protocol debugging switch In order to disable the protocol debugging switch, users only need to add a command word no before the command to disable the related switch; or use the command no debug all to disable all debug switches.
formats, including printing to the console port, printing to the telnet terminal via switch, writing to the memory file, writing to the flash file, and sending to the log sever.
level color
logginglogging-
config
config config
level
config config
logging-level
config
config config
file-size
level
logging-
logging trap logging log-server [vrf vrf-name] startlevel [end-level] logging source-ip
config config
config
source-address
Page 76 of 138
logging-level
logging facility type service timestamps log | debug [datetime [msec] | uptime] service taskname [log | debug] clear logging [buffer | file] show logging [file | buffer] terminal monitor
To configure the executed shell commands to be sent to the log server To enable the function of outputting the log information to the telnet and SSH terminals. The corresponding command no logging monitor can be executed to disable the function. By default, the function is enabled. To configure allowing the information whose level is higher than one level to be output to the telnet and SSH terminals; the default level is debugging, that is, the information of level 0-7 can be output to the telnet and SSH terminals. To configure the types of the log information sent to the log sever. The types include auth, cron, daemon, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, news, sys10, sys11, sys12, sys13, sys14, sys9, syslog, user, and uucp. By default, the type is local7. To configure the time stamp option of the log message header: local time (datetime) or the enabling time of the system (uptime). The parameter debug means the message output to the terminal; the parameter log means the message recorded to the log file. To configure to add the task name in the log message header; log means adding the task name to the message header written to the log file; debug means adding the task name to the message header written to the terminal To clear the log contents of the memory or flash file; if the type is not specified, clear up the log files of the memory and flash To display the log contents of the memory or flash file; if the type is not specified, display only the log contents of the flash To enable the switch of printing the log information on the telnet and SSH terminals; the log information can be printed on the telnet and SSH terminals only by executing the command.
config config
config
config
config
config
Note Except the show and clear commands, the above commands have the corresponding no commands. You can use the no commands to delete the corresponding configurations, cancel the corresponding function or recover the default value.
The log messages are graded from level 0 to level 7 according to the severity levels. Level 0 means the message level is the most severe. By default, the information of level 0 -7 is all printed to the console interface; if the terminal monitor command is configured on the telnet terminal; the information of level 0-5 is written to the memory file; the information of level 0-4 are written into the flash file; the information of level 0-5 is sent to the log server.
Page 77 of 138
Meanwhile, the commands for modifying the level range are provided. The related commands are logging console levellogging monitor level logging buffer levellogging file leveland logging ip-address level. If one level is configured as level, it means the level range is 0- level.
For example, the command of configuring the level of the log information recorded to the flash is as follows:
router(config)#logging file ? <0-7> alerts critical debugging emergencies errors informational notifications warnings <CR>
The information levels are defined as follows:
Level 0 1 2 3 4 5 6 7 Key Word emergencies alerts critical errors warnings notifications informational debugging Description The system is unusable. You need to take action at once. The critical statue The error statue The warning status Normal status, but needs to be noticed The informational messages The debugging information
Logging severity level Immediate action needed Critical conditions Debugging messages System is unusable Error conditions Informational messages (severity=1) (severity=2) (severity=7) (severity=0) (severity=3) (severity=6)
Page 78 of 138
Description To enable the switch for monitoring cpu and start to collect the data of cpu utilization To disable the switch for monitoring cpu and stop collecting the data of cpu utilization. The default status is disable. To set the time interval for refreshing the current cpu utilization. By default, it is 2 seconds. Whether to display in the simple mode, which means only to display the task which uses CPU. By default, the simple mode is disabled. To view the present parameters and status of check cpu, such as whether to enable the monitoring switch. To enable the switch for monitoring CPU, and start to monitor the CPU using condition of each task To disable the switch for monitoring CPU, and stop monitoring the CPU using condition of each task To enable the switch for monitoring CPU, and start to monitor the total using condition of the CPU in a period To disable the switch for monitoring CPU, and stop monitoring the total using condition of the CPU in a period To display the CPU using condition of each task To display the total using condition of the CPU in a period
Configuration Mode config config config config config enable enable enable enable enable enable
value
check cpu view [simple] check cpu parameter spy cpu no spy cpu monitor cpu no monitor cpu show cpu show cpu monitor
Example: In the privileged user mode, use the command spy cpu at first to monitor the CPU using condition of each task, and then use the command show cpu to display the CPU using condition of each task.
ENTRY --------
0)
0% ( 0% ( 0% (
0% ( 0% ( 0% (
0% ( 0% ( 0% (
tLocalStat tPPPExe tFRExe tMFRExe systimerhigh tNetTask tFwdTask tEthTx0 tSccRx2 tSccTx2 tModDet2 tHdlcTim tSccRx3 tSccTx3 tModDet3 tRtrSched tRtrIcmpRcv tRtrJitter tRtrWdog tConMSig tActive tSysTask tAaaRecv tPFAFPSS systimer tGTL tLogHash tELD tInfoguide tFecDetect tEnetDet0 tTffsPTask tStaticRt tRtrSta tAclTask tPmtud tTelnetd
34ff8b8 45 353a910 50 35379a0 50 3531998 50 34083a8 50 2def410 50 2dec8a8 50 2cfe140 50 2ced828 50 2cec048 50 2cea868 50 2ce9258 50 2ce0828 50 2cdf048 50 2cdd868 50 2c6a968 50 2c67bf8 50 2c64e88 50 2c620a8 50 2d404e0 55 2b3a650 55 3411928 60 2c46f80 80 3502220 90 3409cf8 90 2de7c00 90 2d9d7e0 90 2c4be58 90 2bebda8 90 2d17c50 95 2cface8 95 3f97478 100 2dc8c70 100 2c5ede0 100 2d6eb60 110 2df1dc0 120 2b39258 120
0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% (
0)
0% (
0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0)
Page 80 of 138
0) 0% ( 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% (
0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% (
0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% (
0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% (
tTelnetd6 tFmmDtct tDcacheUpd tTunnel tLFree tIdle KERNEL INTERRUPT IDLE TOTAL
2b35448 120 2c50d98 220 34a8138 250 34035d8 250 340ed40 255 3f8f268 255
0% ( 0% ( 0% ( 0% ( 0% (
0)
0% (
0) 0) 0) 0) 0) 0) 0) 0) 13) 13)
0) 0% ( 0) 0) 0) 0% (
0% ( 0% (
0% ( 0% ( 0% (
1) 1) 0)
0% ( 0% ( 0% (
99% ( 99% (
In privileged user mode, first use the monitor cpu command to monitor the total utilization of CPU in some periods, and then use the show cpu monitor command to display the total utilization of CPU in some periods.
router#monitor cpu router#show cpu monitor CPU utilization for five seconds: 2%; one minute: 1%; five minutes: 1%
0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0%
1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 2% 1% 1% 1% 1% 1% 2% - - - - - - - - - - - - - - - - - - -
1% - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - -
- - - - -
The above three data tables respectively display the cpu using condition of each second in the past 60 seconds, each minutes in the past 60 minutes and each quarter in the past 96 quarters. (- means the moment that does not come).
Note When the function of monitoring the CPU using condition is enabled, the task tCheckCpu collects the cup data ceaselessly (by default, the interval is 2 seconds), which occupies some resources of cpu. Therefore, if it is unnecessary to diagnose the CUP utilization of each task, you had better not enable the function of monitoring the CPU using condition.
Page 82 of 138
temperature
shieldTime
shield
time
Note: The parameters of shielding system alarms are saved in the shelf and are not related to the configuration file. Therefore, the parameters need to be displayed via the following command.
Page 83 of 138
3. Restore the rescue configuration: If the rescue configuration file is saved (the configuration file may be the most stable and most reliable configuration which is used and verified by the user for a long time), any onsite person (even without technical background) can use the rescue configuration to perform the fast and safe rescue configuration rollback. This is used in case of emergency.
enable
write [rescue]
enable
enable enable
Page 84 of 138
auto-rollback-file ]
displayed. It is the number of the valid rollback configuration displayed according to the current generated configuration file automatically. If the number is not specified, display the current startup file by default; Rescue: to display the contents of the rescue configuration; confirmed-status: to display the status of the rollback confirming (whether it is still in the rollback confirming state; auto-rollback-file: the automatically rolled back configuration script file in the rollback confirmed state.
Note 1. The interfaces become up/down during the rollback. Currently, the operation of configuring rollback is to first clear the current script, and then configure the configuration file to be rolled back. There is an operation of clearing the current configuration, so it results in the up/down of the interfaces and the up/down of the dynamic route neighbor. 2. There are some risks. For example, if operating on telnet, clearing the configuration causes that the telnet cannot be connected. If the interface address is modified, the telnet cannot be connected forever.
Besides, the extended output function is provided, that is, filter the displayed output contents or directly input to other medium. For example, filter and display according to the specified character string, save the displayed contents to other files, and transmit to the FTP server via FTP.
Command
| {begin _LINE_ | include [context] _LINE_ | exclude _LINE_ | redirect {file filename | ftp [vrf vrf-name] host usr pwd filename } }
Description To set the more switch, the number of the lines displayed on each screen, and the help information of displaying more; On: to open the switch of the more function; by default, it is opened; Off: to shut down the switch of the more function. The displayed contents are first re-directed and output to the temporary file. However, they are directly output, but not output in the format when being output. displine num: to set the number of the lines to be displayed on each screen. The default value is 24 lines. The value range is 5-50 lines. If the number of the characters on one line is larger than 80, it is regarded as two lines. Help: to display the using of some keystrokes of the more function. The extended subcommand is registered after the display command of the module. | more: the ID of the extended subcommand; begin _LINE_: to display starting from the specified character string; Include [context] _LINE_: only to display the contents that contain the specified character string; if the context is added, the context of the specified contents are also be displayed; exclude _LINE_: to display the contents that exclude the specified character string; redirect file filename: to copy the displayed contents to the specified file (file name); redirect ftp [vrf vrf-name] host usr pwd filename: to transmit the displayed contents to the FTP server via ftp.
Configuration Mode
enable
enable
Note The more output extended command is registered by the display command of the module and serves as the subcommand of the display command of the module. Currently, only the display commands of some modules register the more extended subcommand.
Page 86 of 138
telnet
Overview
MP routers provide telnet server/client function (the default service port is 23). Users can telnet to the router to operate via LAN or WAN. Up to 16 telnet users can be online at the same time. Users can configure the attributes of the telnet login via the command line vty.
Meanwhile, MP routers provide the commands of the telnet client. In the common user mode and the privileged user mode, users can execute the following command to telnet to a device.
Basic Commands
The client command is as follows:
Command telnet Description To log into the specified remote host or device Configuration Mode enable config
telnet
The router can serve as the telnet client and can log into other devices that provide the telnet service remotely to perform operations.
Page 87 of 138
ipv6
source-interface
interface
If hostname uses the domain name, use the corresponding ipv6 address of the domain name first. To specify the telnet source address to adopt the address of the specified interface The specified source interface
SSH
MP routers provide a much more secure remote login service-SSH service (the service port is 22). It permits that at most 16 SSH login users at the same time. Users can configure the attributes of the ssh login via the command line ssh-vty.
Page 88 of 138
Operation Methods
System Information Unit (SIU) has five keystrokes, including up, down, right, left, and confirm. SIU has two modes to display information, including idle mode and menu mode. In idle mode, display the system information circularly. In menu mode, you can use the keystrokes on SIU to query various kinds of system information. In idle mode, you can press any key to enter into the menu mode; in menu mode, if there is no keystroke for 30 seconds or press the left key from the last-level menu, you can return to the idle mode.
Note After pressing the keystroke every time, the background light is on for 10 seconds. If there is no keystroke to be pressed for 10 seconds, the background light turns off.
Page 89 of 138
View Information
Idle Mode
In idle mode, display various kinds of system information circularly according to the specified order. During displaying, refresh the information every two seconds. The time for displaying the information varies with importance of the information.
MPU information
LPU information
Routine information
Note If the above information cannot be displayed on one screen, it is displayed on several screens.
Menu Mode
In menu mode, you can use the keystrokes to select the menu to display various contents. During displaying, refresh the information every two seconds. If it is found that the menu does not exist during refreshing, exit to an existing menu. In menu mode, the displayed contents are as follows:
Page 90 of 138
Menu Name
System Menu
MPU list
Displayed Contents MPU information LPU information SIU information Fan information Power information Alarm information Log information Clear logs Routine information MPU list (MPU not work) The MPU card is not used! (MPU is in the working state) MPU working mode Managed slot list CPU utilization CPU temperature CPU status MPU card temperature MPU temperature status Memory size Memory utilization Flash size Flash utilization Input voltage Serial number Hardware version CPLD version Software version CMM version (No LPU) No LPU information (has LPU) LPU list LPU register status Input voltage Serial number Hardware version CPLD version CMM version SIU register status Serial number Hardware version CMM version (no fan shelf) No fan shelf (has fan shelf) Fan shelf list Fan status Fan working status List the power modules Power module type Input voltage Input current Serial number Hardware version CMM version (No alarm information)
Menu Level
Level-one menu
Level-two menu
MPU information
Level-three menu
LPU list
Level-two menu
LPU information
Level-three menu
SIU information
Level-two menu
Level-two menu
Level-three menu
Level-two menu
Page 91 of 138
information
Log list
information
No alarm information (Has alarm information) All alarm information (No log information) No log information (Has log information) Log information list Display the specified log information (Up to 20 recent logs can be saved and are lost after restarting) Confirm Cancel (Confirm or cancel and exit to the system menu) Device type Company address Contact phone number Company website
Level-two menu
Level-two menu
Note In menu mode, if there are selectable menus, you can roll the menus circularly. If no selectable menus and only display data, you cannot roll circularly.
When SIU receives alarm information, use the lowest line on the screen to display the real-time information. Move one word to the left every 0.6 second until all information are moved out of the screen.
Note 1. When displaying the real-time information, the data at the lowest line of the displayed contents is blocked. 2. When displaying the information, clear the log and stop displaying the information immediately.
Page 92 of 138
Embedded (EEP)
Main contents: Introduction to EEP Basic commands of EEP
Event
Platform
Introduction to EEP
Embedded Event Platform (EEP) is one extendable event detection and processing mechanism, which is provided directly in the device and can be customized by the user. EEP provides a method for the user to monitor specified event, get the information and set the action when the event happens.
The tracing and management of the event is executed outside the network devices traditionally. EEP provides a capability of performing the event management actively and directly, which is very useful. The communication between the device and the exterior network management device may fail, so not all event management can be done outside the device. When the event happens, take the restoring action immediately, collect the information and analyze the essential reason, which is very valuable for processing the fault. If the auto-restoring action of the device can be complete without restarting the device, the usability of the network is improved correspondingly.
EEP comprises three parts, including event detection layer, event message receiving and processing layer, and policy layer. The event detection layer filters and matches the set events in the policy and sends out event messages; the event message processing layer completes the corresponding processing according to the event type; the policy layer
Maipu Confidential & Proprietary Information Page 93 of 138
completes the logical processing of the policy and executes the action specified by the policy.
EEP policy:
EEP policy is an entity and includes all actions that need be executed when the event is triggered and event happens.
EEP event:
Currently, EEP supports none event and timer event. The other events can be extended in the structure. None event means that the policy needs to trigger the event by running the event platform run command manually. Timer event can set four kinds of timer events as follows. Countdown: The event happens when counting down the set time to 0. The event is triggered for only once. The set time cannot be re-set. The minimum unit is second. Watchdog: The event happens when counting down the set time to 0. The event can be triggered many times. When the set time becomes 0, it is re-set to the initial value. The minimum unit is second. Absolute: The event happens when the absolute calendar time reaches. The minimum unit is minute. Calendar: The event happens when the set date and moment reach. The event can happen many times according to the set period. The minimum unit is minute.
EEP action
Currently, EEP supports the actions, including cli-command, reload, forceswitchover, and syslog. cli-command: Execute the commands of the command line interface (CLI); Reload: Restart the control card (MPU) of the device; Master: restart the master MPU; Slave: restart the slave MPU. Do not carry the optional parameters (restart master and slave MPU).
Page 94 of 138
force-switchover: perform the master/slave switch of the device. Syslog: writ the message to syslog.
Note When the device does not have the corresponding slave card or does not support the set action, the CLI prompts not to support the action.
The EEP configuration includes the following three parts: Configure policy; Configure the event of triggering policy; Configure the policy action;
Basic Commands
Command event platform applet policy-name event none event timer { countdown time-value | watchdog time-value | absolute year month day time | calendar { permonth day time | per-week wday time | per-day time | per-hour minute }} Description *To create the EEP policy or modify the EEP policy *To configure the none event *To configure the timer event Configuration Mode config config-eep config-eep
action number cli-command cli-string action number force-switchover action number reload [ master | slave ] action number syslog [ priority priority-level ] msg msg-text event platform run policy-name event
*The action is to execute the specified CLI command. *The action is to perform the master/slave MPU switch. *The action is to reload. The action is to write the message to syslog. *To run the specified policy manually *To stop executing all policies or one policy
policy-name]
platform
suspend
[policy
Note The symbol * before the command description means that there is the configuration example to describe the command in details later.
Page 95 of 138
policy-name
event none
The command is used to specify that the configured policy can run manually and does not need the event triggering. The no format of the command is used to delete the none event.
event timer
The command is used to set the triggered event of the EEP policy as the set timer event. The no format of the command is used to delete the timer event.
event timer { countdown time-value | watchdog time-value | absolute year month day time | calendar { per-month day time | per-week wday time | per-day time | perhour minute }} no event timer
Syntax countdown Description To set one event happens when counting down the set time to 0; the time cannot be re-set. time-value specify the interval before the event happens; the unit is second To set one event happens when counting down the set time to 0. The event can be triggered many times. When the set time becomes 0, it is re-set to the initial value. time-value specify the interval before the event happens; the unit is second To specify the absolute calendar time when one event happens year the year in which the event happens; the value range is 2000-2100; month the month in which the event happens; the value range is January to December; day the day when the event happens; the value range is 1-31; time the time when the event happens; the format is hh:mm[:ss], that is,
watchdog
absolute
Page 96 of 138
calendar
hour:minute [:second]; the value range of the hour, minute and second is 059. To specify that one event is triggered when the specified date and moment reach; the time set by the command is the calendar time; the minimum unit is minute. per-month day time The event happens in the specified month; the event can be triggered once or many times in one month. The value range of Day is 1-31 and the format can be 1-5, 9, and 13; per-week wday time The event happens in the specified weekday; the event can be triggered once or many times in one week. The value range of Day is 06; the Sunday is 0; the format can be 1-3 and 5-6; per-day time The event happens in a specified moment of one day; the format is hh:mm[:ss], that is, hour:minute [:second]; the value range of the hour, minute and second is 0-59 per-hour minute The event happens at the specified moment of each hour; the value range is 0-59.
action cli-command
The command is used to specify the action of executing the CLI command when the event is triggered. The no format of the command is used to delete the action.
number cli-string
action force-switchover
The command is used to specify one action as the switchover of the master/slave MPU during policy triggering. The no format of the command is used to delete the action.
number
Page 97 of 138
For the single-system device, the command is unavailable. The command is available on the device with the master/slave MPU switchover function.
action reload
The command is used to specify one action as the reload operation during the policy triggering. The no format of the command is used to delete the action.
number
master Slave
Do not Restart all MPU cards; if it is the single-system device, restart the device. specify optional commands
Default statusNot defined Note For the single-system device, the optional commands master and slave are unavailable. But on the device with master/slave MPU, the optional commands are available.
action syslog
The command is used to specify to execute the action of writing the message to syslog during the policy triggering. The no format of the command is used to delete the action.
number
priority
Page 98 of 138
Msg
{3 | errors}error statue {4 | warnings}warning status {5 | notifications}normal, but need notice {6 | informational}only the informational message; it is the default level {7 | debugging}debugging information To specify the messages that need to be logged 2. msg-textthe text character string
event platform suspend [policy policy-name] no event platform suspend [policy policy-name]
Default statusNot defined
Application Examples
Application Example 1
Create the policy of triggering one timer event. After the event is triggered, execute the CLI command. Related configurations:
Command router(config)#event platform applet aa router(config-eep)#event timer calendar per-week 56 8:00 router(config-eep)#action 10 cli-command ip route 11.0.0.0 255.0.0.0 45.0.0.1 Maipu Confidential & Proprietary Information Description To create the policy aa To configure the timer as 8:oo of every Friday and Saturday to trigger the event When the event happens, add one route 11.0.0.0/8 45.0.0.1 Page 99 of 138
When the event happens, add the second route 12.0.0.0/8 46.0.0.1 To exit the configuration of the policy
Application Example 2
Create the policy of triggering one timer event. After the event is triggered, execute the reload slave action. Related configurations:
Command router(config)#event platform applet bb router(config-eep)#event timer calendar per-week 6 22:00 router(config-eep)#action 11 reload slave router(config-eep)#exit router(config)#event platform suspend policy bb Description To create the policy bb To configure the timer as 22:00 of every Saturday to trigger the event When the event happens, the executed action is to restart slave MPU To exit the configuration of the policy When you do not want the policy to execute, suspend the policy.
Application Example 3
Create the policy of one none event; the policy action is to perform the master/slave MPU switchover. Run the policy manually. Related configuration:
Commands router(config)#event platform applet cc router(config-eep)#event none router(config-eep)#action 10 forceswitchover router(config-eep)#exit router(config)#event platform run policy cc Description To create the policy cc The policy does not have event. You can run the policy only manually. When the event happens, perform the master/slave MPU switchover. To exit the configuration of the policy Run the policy cc manually
Displayed result:
PID
event timer calendar per-week 5-6 08:00 action 10 cli-command ip route 11.0.0.0 255.0.0.0 45.0.0.1, result: OK action 20 cli-command ip route 12.0.0.0 255.0.0.0 46.0.0.1, result: OK state: Pending, state: Pending,
Suspend
Timer
Running
bb
event timer calendar per-week 6 22:00 action 11 reload slave, state: Pending, result: OK
None
cc
Description and analysis: EEP state: Running It is the EEP status. When the policy is not ever configured, the status is Init-finished and the resources of EEP such as tasks are not distributed. After configuring the policy, enable the resources such as tasks, and the status turns to Running. After configuring the event platform suspend command, the EEP status is Suspend. PID It is the ID of the policy, which is the natural number distributed by the system. PolicyState It is the policy status. The default status is Running. After configuring the suspend policy, the policy status is Suspend.
EventType It is the event type, such as None event and Timer event. EventState It is the event status. When the event is Timer, display the timer status. When the timer is running, the status is Running. After the timer finishes, the status is Finished. When the timer fails to start or is not started, the status is Nostart. ActNum It is the total number of the actions of the policy. Name It is the name of the policy. event It is the event configuration of the policy. action It is the configurations of the action, and the status and execution result of the action.
Debugging Command
Command (no) debug eep Description To enable/disable EEP debugging switch; The notice of triggering the event and the execution result of the action can be displayed.
Server
Introduction to SNMP
SNMP (Simple Network Management Protocol) is a standard protocol to manage the Internet. Its purpose is to assure that the management information can be transmitted between the Network Management Station and the managed equipmentagent. It is convenient for the system manager to manage the network system.
SNMP adopts the tree labeling method to number each managed element and ensures that the number is exclusive. About the detailed information on SNMP protocol, refer to the materials about the TCP/IP protocol.
snmp-server context snmp-server enable traps snmp [authentication | coldstart | warmstart | linkup | linkdown | [enterprise [rmon-falling | rmon-rising | snmp-agent-up | snmp-agentdown ] ] ] snmp-server host ip[traps] address/host-name [community community-name] [version {1|2}] [vrf vrf-name] snmp-server enable keepalive[IPsec|sync-config] snmp-server location <LINE> snmp-server view view-name oid-string {include|exclude} snmp-server AddressParam [address-name | paramIn] v3 user-name {noauth|authnopriv |authpriv} snmp-server TargetAddress
To set V3 context *To enable the configuration of the snmp TRAP parameter
config config
* To set the host name or host address for receiving SNMP trap To enable snmp keepalive packet To set the location of the device * To set the network management view * To set the address parameter
config
* To set the parameters of the destination address *To set the local and remote SNMPv3 entity engine To set engine group To set the source address of sending trap To test sending a notify to the network management station * To set the user group
config
snmp-server engineID {local engine-id} | {remote ip-address port-num [vrf vrf-name] engine-id [engineGroup]} snmp-server engineGroup groupname usrname {noauth | authnopriv | authpriv} snmp-server trap-source ip-
config
address
snmp-server send snmp-server group group-name v3 {noauth|authnopriv|authpriv} [notify notify-view] [read readview] [write write-view] snmp-server user user-name group-name [remote ip-address portnum] v3 [auth {md5|sha} password [encrypt des password]] snmp-server notify notify notify-name taglist inform snmp-server notify filter filtername oid-subtree {exclude | include} snmp-server notify profile
config
*To set the notify table *To set the notify filtering table *To set the notify filtering address mapping table To set the source address of sending notify To set the proxy forwarding
filter-name address-param
snmp-server
address
ip-source
ip-
engineId addr
address-param
target-
Note
Maipu Confidential & Proprietary Information Page 104 of 138
The symbol * before the command description means that there is the configuration example to describe the command in detail later.
snmp-server start
The command is used to enable the SNMP proxy to make the router be managed by the network management workstation. The no format of the command is used to disable the SNMP proxy.
snmp-server contact
The command is used to configure the contact of the device manager. The no format of the command is used to recover the default contact of the device manager.
<LINE>
snmp-server location
The command is used to set the location of the device. The no format of the command is used to restore the default location of the device.
<LINE>
Default status No.16, Jiuxing Avenue, High-tech Park, Chengdu, P.R.China 610041 Caution 1. To facilitate the management of a router, the above two commands can be configured on a router to make the network management station get the information about the router manager and the exact location of the router. By default, they are the full name and the address of the routers manufactory. 2. The above two parameters can be displayed in the configuration script and show command only when they are modified and different from the default values.
snmp-server view
The command is used to configure the view of the SNMP proxy. The no format of the command is used to delete the view.
oid-string
{include|exclude}
Default statussnmp-server view default 1.3.6.1 include Caution An initial view default is configured when SNMP proxy is enabled. The OID is: 1.3.6.1; Include means all objects in the 1.3.6.1 sub-tree of MIB library are included; exclude means all objects except the 1.3.6.1 subtree of MIB library are excluded.
snmp-server community
The command is used to configure the community name of the SNMP proxy. The no format of the command is used to delete the community name.
snmp-server community community-name [view view-name] {ro | rw} [access-list] no snmp-server community community-name
Syntax community Description community- To set the community name
name view view-name {ro | rw} To specify the view of the community name To specify the operation right of the community name Ro: read-only; Rw: write and read To specify the access control list or name of the community name
access-list
Default statussnmp-server community public view default ro Caution 1. The parameter community-name is used to specify the name of the community which the router is going to add into. Usually, the community name should be the same as the community name configured on the network management station. Otherwise, the network management station cannot perform any operation on the router. 2. The parameter { ro | rw} is used to set the right of the network management station for operating the router. The parameter ro means read-only and rw means reading/writing. 3. The parameter view is used to specify the view range for the community. For Maipu routers, the parameter view does not need to be configured (just use the default value). 4. The parameter access-list is used to control the access of a host in a community name via the access control list; so only the hosts whose community names are the same as the router and permitted by the access control list of the router can manage the router (for details, refer to the Maipu router access control module).
snmp-server host
The command is used to configure destination address and the related parameters of the SNMP proxy sending TRAP.
snmp-server host ip-address/host-name [traps] [community community-name] [version {1|2}] [vrf vrf-name] no snmp-server host ip-address/host-name
Syntax host ip-address/host-name Description To specify the IP address or name of the management workstation To specify the sending type as traps To specify the community name To specify the version number of the trap packet To specify the VRF name of sending trap
1. The parameter ip-address/host-name represents the name or IP address of the destination to which the traps message is sent. Usually, it is the IP address or name of the host on which the network management program is installed. Note that the trap message is the message the router forwardly sends to the host on which the network management program is installed. 2. If the parameters after host are not configured, such as traps, community-name and version, the system adopts the default configuration: typetraps, community-namepublic and version 2.
snmp-server trap-source
The command is used to configure the source address of sending the trap packet.
ip-address
Default statusNo Caution The configured IP address must be the existing interface IP address in the system. Otherwise, the configuration fails.
snmp-server enable traps snmp [authentication | coldstart | warmstart | linkup | linkdown | [enterprise [rmon-falling | rmon-rising | snmp-agent-up | snmp-agentdown ] ] ] no snmp-server enable traps snmp [authentication | coldstart | warmstart | linkup | linkdown | [enterprise [rmon-falling | rmon-rising | snmp-agent-up | snmpagent-down ] ] ]
Syntax snmp authentication coldstart warmstart Description Toe enable/disable sending all TRAP of SNMP To enable/disable sending the failure trap of the SNMP authentication To enable/disable sending the cold-start trap of the SNMP proxy; usually, it is because of restarting the device To enable/disable sending the hot-start TRAP of the SNMP proxy;
here, the device is not restarted. linkup linkdown enterprise rmon-failling rmon-rising snmp-agent-up snmp-agent-down To enable/disable sending UP TRAP of the interface link To enable/disable sending DOWN TRAP of the interface link To enable/disable sending all private TRAP defined by Maipu To enable/disable sending RMON declining threshold TRAP To enable/disable sending RMON increasing threshold TRAP To enable/disable sending the starting TRAP of the SNMP proxy To enable/disable sending the shutdown TRAP of the SNMP proxy
snmp-server enable keep-alive [IPsec | sync-config] ip_addr port interval no snmp-server enable keep-alive [IPsec | sync-config] ip_addr port
Syntax IPSec sync-config Description The keep-alive configuration used by the IPSec module To configure the keep-alive configuration used synchronously The destination IP address The destination UDP port The interval of sending the keep-alive packets
Default statusNo Caution 1. Keep-alive of IPsec is used by IPsec module to inform the network management server of IPsec information. If the network management server is not used, the command is invalid. 2. Keep-alive of Sync-config is used to detect the keep-alive between network management servers. The command forces the device and network management server to keep the communication. If they cannot communicate with each other normally, the system is re-started. Therefore, do not use the command if unnecessary.
snmp-server engineID
The command is used to configure the engine ID of the local or remote SNMPv3 entity.
snmp-server engineID local engine-id snmp-server engineID remote ip-address port-num [vrf vrf-name] engine-id
Maipu Confidential & Proprietary Information Page 109 of 138
ip-address port-num
vrf vrf-name
engine-group
Default statusNo Caution When configuring automatic proxy forwarding, users may not know the IP address of the proxy device. Here, users can just input 0.0.0.0 at the location of ip-address. Moreover, the automatic proxy forwarding cannot work without the keepalive mechanism.
snmp-server engineGroup
The command is used to configure the SNMPv3 engine group.
username
noauth | authnopriv | The security level of the user: no-authentication and no encryption, authentication but no encryption, authentication and authpriv encryption.
Default statusNo Caution The foregoing command is used to configure the automatic proxy forwarding. Before the command is configured, username needs to be configured in advance. The function of the command is to associate several engines (SNMPv3 entities) to an engine group. One user can be specified for each engine group. In this way, the username can be used to access any engine of the engine group. The parameter {noauth|authnopriv|authpriv} is used to explain the security level of the username, and should be consistent with the username.
snmp-server group
snmp-server group group-name v3 {noauth|authnopriv|authpriv} [notify notifyview] [read read-view] [write write-view]
Syntax group group-name v3 Description The group name
The security model of the group is SNMPv3. Currently, only the SNMPv3 security model is supported. noauth | authnopriv | The security level of the group: no-authentication and no encryption, authentication but no encryption, authentication and authpriv encryption. notify notify-view To configure the notify-view of the group. read read-view write write-view To configure the read-view of the group. To configure the write-view of the group.
Default statusNo Caution In the SNMPv3, map a group-name, security information and message type (read, write or notify) into a MIB view. A given MIB view can determine whether a managed object can be accessed. At the same time, several SNMPv3 users can be associated to the group. The configuration of the group can strengthen the SNMPv3 access control.
snmp-server user
The command is used to configure the SNMPv3 user.
snmp-server user user-name group-name [remote ip-address portnum] v3 [auth {md5|sha} password [encrypt des password]]
Syntax user user-name group-name v3 Description The user name The name of the group to which the user belongs The security model of the user is v3
remote ip-address portnum The IP address and port-number of the remote user auth {md5|sha} password To configure the authentication protocol of the user as MD5 or SHA, and specify the password. encrypt des password To configure the encryption protocol of the user as DES, and specify the password.
Default statusNo Caution 1. Configure an USM-based (User security mode) SNMPv3 user, and save the identification and encryption information of each user. Note that the encryption protocol cannot be configured until the authentication protocol is configured. For a remote user (Remote is relative to the local SNMPv3 entity. If the local SNMPv3 entity
Maipu Confidential & Proprietary Information Page 111 of 138
wants to communicate with another snmpv3 entity, another snmpv3 entity is called remote snmpv3 entity. This is involved in Notify and Proxy), the IP address and UDP port-number of the remote user still need to be specified. 2. When configuring the remote user, you should configure the engineID of the remote SNMP entity of the user at first. Moreover, each user should correspond to a group. Only in this way, can a security model and security name be mapped into a group name by means of the view-based access control. 3. When configuring automatic proxy forwarding, users may not know IP address of the proxy device. Here, users can just input 0.0.0.0 at the location of ip-address. Moreover, the automatic proxy forwarding cannot work without the keepalive mechanism.
snmp-server context
The command is used to configure the SNMPv3 proxy to forward the context environment name.
context-name
Default statusNo Caution The context environment name is used only in the proxy forwarding. It does not need to be configured on the proxy device, but only needs to be configured on the surrogated device. However, configuring the context environment name on the surrogated device is not mandatory. If the context environment name is configured on the surrogated device, you need to specify the context environment name in the proxy forwarding configuration of the proxy device.
snmp-server AddressParam
The command is used to specify the SNMP parameters used when generating a notification message to the destination address, such as security model and security level.
snmp-server
AddressParam
[address-name
|paramIn]
v3
user-name
Syntax
Description
name
v3
addressparam paramIn
user-name
noauth | authnopriv | To specify the security level of the user, including noauthpriv authentication and no-encryption, authentication but noencryption, and authentication and encryption.
Default statusNo Caution Some MIB tables are defined in SNMPv3 to configure the destination to which the notify-message is sent. The address parameter table defines the SNMP parameters that should be used when a message (notification) is generated. These parameters include message processing model, security model, security level, and security name.
snmp-server TargetAddress
The command is used to specify the destination address used when generating the SNMP notification message.
Default statusNo Caution 1. The destination address table is used to specify the destination that is used when the SNMP message is generated. (Note that TargetAddress and AddrssParam cannot be configured until the local SNMPv3 entity accesses the other (remote) SNMPv3 entity). 2. address-param is the address parameter name that is configured in the address parameter table; taglist, which can be configured with multiple values spaced by commas, is used to identify the
destination address to which the notification is sent and the message is forwarded.
Default statusNo Caution In SNMPv3, the destination address needs to be specified when a notification is sent. Whether the notification message is sent to a destination address depends on whether the created filter contains the destination address.
filter-name oid-subtree
{exclude | include}
Default statusNo Caution The notification filtering table defines a filter that can determine whether a message should be sent to one destination address.
filter-name address-param
Default statusNo Caution The notification configuration table is used to relate the address parameter table to the notification filtering table. If both a notification filtering table and a notification configuration table are defined, the SNMP proxy can detect the object OID when sending a notification. If the object OID is contained in the defined MIB sub-tree, the notification is sent. Otherwise, the notification cannot be sent.
snmp-server ip-source
The command is used to configure the source address of the SNMPv3 notification.
ip-address
Default statusNo Caution The configured notification source address must be the existing interface IP address.
snmp-server proxy
The command is used to configure the SNMPv3 forwarding proxy. The purpose of SNMP proxy forwarding is to forward the SNMP request to other SNMP entity. To do it, it may be necessary to convert one version to another version or convert one transmission domain to another transmission domain. The SNMP on Maipu device can realize nothing but the v3-to-v3 forwarding, which is applied to the conversion from one transmission domain to another transmission domain.
snmp-server proxy proxyname {inform | trap | read | write} engineId addressparam target-addr
Syntax Description The name of the forwarding configuration
proxyname
{inform | trap |read | The packet attribute that needs to be matched write}
The engine ID that needs to be matched The name of the address parameter that needs to be matched The name of the destination address for forwarding
Default statusNo Caution In the above table, the trap and inform of the packet attributes are not supported.
Application Examples
Configure SNMPv1/v2
PC
ROUTER
SNMPv1/v2 configuration Illustration The PC in the network management workstation uses the SNMPv1/v2 to access the router; the address of the PC in the network management workstation is 128.255.40.33; the address of the router is 128.255.40.32.
test
1.3.6.1.2
router(config)#snmp-server version 1
host
192.168.0.1
128.255.40.33
which receives the version 1 TRAP To configure the host with the destination address as 128.255.40.33, which receives the version 2 TRAP To enable all TRAP sending of SNMP
After the configurations, the network management workstation can use the SNMPv1 or v2 to access and set the device. The workstation 192.168.0.1 and 128.255.40.33 can receive the v1 and v2 TRAP from the device.
Configure SNMPv3
SNMPv3 configuration Illustration The PC in the network management workstation uses the SNMPv3 to access the router; the address of the PC in the network management workstation is 128.255.40.33; the address of the router is 128.255.40.32.
router(config)#snmp-server user user1 maipu v3 auth md5 123456 encrypt des 123456
After the above configurations, the network management workstation can use the SNMPv3 to access and set the device.
SNMPv3 notification configuration Illustration Configure the SNMPv3 notification parameters on the router; use the network management workstation to receive the SNMPv3 notification message from the router. The address of the PC in the network management workstation is 128.255.40.33; the address of the router is 128.255.40.32.
Compared with the SNMP TRAP configuration, the SNMPv3 notification configuration is a little complicated. Configure the router as follows:
Command router(config)#snmp-server start router(config)#snmp-server engineID aa12345678 router(config)#snmp-server engineID 128.255.40.33 162 bb87654321 Description To enable the SNMP proxy server To configure the engine ID of the local SNMPv3 entity as aa12345678 To configure one remote engine ID; the destination address is 128.255.40.33/162 To configure one SNMPv3 entity group; the name is maipu; the security model is v3; the authentication and encryption are needed; the read, write and notify views are default To configure one local user, the name is user1; the user belongs to the group maipu; the security model is v3; the authentication algorithm is MD5; the password is 123456; the encryption algorithm is DES; the password is 123456 To configure one remote user; the name is re-user; the user belongs to the group maipu; the security model is v3; the authentication algorithm is MD5; the password is 123456; the encryption algorithm is DES; the password is 123456 To configure one notification named maipu and the tag list as tag1 To configure one address parameter; the name is mp-param; the security model is v3; the authentication and encryption are needed
local remote
router(config)#snmp-server group maipu v3 authpriv read default write default notify default
router(config)#snmp-server user user1 maipu v3 auth md5 123456 encrypt des 123456
router(config)#snmp-server user re-user maipu remote 128.255.40.33 162 v3 auth md5 123456 encrypt des 123456
router(config)#snmp-server notify notify maipu tag1 inform router(config)#snmp-server AddressParam mpparam v3 re-user authpriv
mp-
router(config)# snmp-server notify filter mp-filter 1.3.6.1.3 exclude router(config)#snmp-server notify profile mp-filter mp-param
To configure one destination address; the name is mp-target; the destination address is 128.255.40.33/162; the corresponding address parameter is mp-param; the timeout re-transmission interval is 10 seconds; the retransmission times is three. To configure one notify filter named mp-filter and exclude the notifications of all objects in the node 1.3.6.1.3 To configure the notification configuration table; associate the notification filtering table with the address parameter
SNMPv3 proxy forwarding configuration Illustration Router 1 is the proxy forwarding device; the surrogated forwarding device is router 2; use the proxy forwarding function of the proxy device router 1 to get the device information of the surrogated forwarding device router 2; the address of the PC in the network management workstation is 128.255.40.33; the address of router 1 is 128.255.44.23; the address of router 2 is 128.255.40.32.
authentication algorithm is MD5; the password is maipu; the encryption algorithm is DES; the password is maipu To configure the context environment name
local remote
router(config)# snmp-server view internet 1.3.6.1 include router(config)#snmp-server group maipu v3 noauth read internet write internet notify internet
router(config)#snmp-server group mp2692 authpriv read default write default notify default
v3
router(config)#snmp-server user u2692 mp2692 remote 128.255.40.32 161 v3 auth md5 maipu encrypt des maipu
router(config)#snmp-server AddressParam pmaipu v3 maipu noauth router(config)#snmp-server AddressParam p2692 v3 u2692 authpriv
t2692
router(config)#snmp-server context mp2692 router(config)#snmp-server proxy prox2692 ffff2692 pmaipu t2692 mp2692 READ
To configure the context environment name To configure the proxy forwarding; the name is prox2692; the operation is read; the specified remote engine ID is fff92f; use the address parameter pmaipu; the context environment name is mp2692
Caution 1. The surrogated device monitors packets at the UDP port 161, so the proxy forwarding configuration is different from the notification configuration. The port should be specified as 161. 2. In the remote user configuration of the proxy forwarding, the group attribute, security model, and the authentication and encryption algorithm should be consistent with the local user of the surrogated device.
To display the notification table configured in the router To display the notification filtering table configured in the router To display the notification configuration table configured in the router To display the engine group configured in the router
show snmp-server context show snmp-server contact show snmp-server location show snmp-server proxy show snmp-server reg-list
To display the context parameters configured in the router To display the contacts of the router manager To display the physical location of the router To display the proxy forwarding table configured in the router To display the modules that register the MIB in the router
Displayed result:
0 SNMP packets input: 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 2 SNMP packets output: 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 2 Trap PDUs 0 SNMPv3 Reports: 0 Unknown Security Models 0 Invalid Msgs 0 Unknown PDUHandlers 0 Unavailable Contexts 0 Unknown Contexts 0 Unsupported SecLevels
0 Not In TimeWindows 0 Unknown UserNames 0 Unknown EngineIDs 0 Wrong Digests 0 Decryption Errors
Description and analysis: The above information shows that the router does not receive the SNMP packets, two SNMP packets are sent and the sent are the trap packets. The information described by SNMPv3 Reports is the error information statistics when processing the SNMPv3 packets.
router# show snmp-server community Displayed result: Community Name public private 1 1 Relating View Index Read-Only Read-Write Access Right ACL-name
Description and analysis: Community Name: the name of the community to which the router is added; Relating View Index: the related view index; Access Right: the operation authority of the corresponding community for the router; ACL-name: the corresponding access control list name of the community; The above information shows that the router is added into the public and private communities. The view index of the public community is 1. The operation authority of the network management workstation that is added into the public community for the router is read-only. The view index of the private community is also 1; the operation authority of the network management workstation that is added into the private community for the router is read and write. The two communities are not configured with the access control.
Maipu Communications
Description and analysis: The displayed information shows that the device is not configured with the new contact of the manager and still adopts the default configuration of the system.
ON
Description and analysis: The displayed information shows that the router is configured with the destinations of two trap messages, that is, 128.255.254.55 and mp-12434.
SNMP View List: View Name View index default 1 view operator subtree filter oids 1.3.6.1
include
Description and analysis: The displayed information shows that the router is configured with one view. The view name is default; the view index is 1. It contains all nodes in the sub tree 1.3.6.1 (the view is the default configuration of the routers SNMP proxy).
Local engine ID: 12345678 IPAddress: 1.1.1.1.0.162 remote engine ID: abcdef1234
Description and analysis: The displayed information shows that the router is configured with two engine IDs. One is the local engine ID and the other is the remote engine ID.
Description and analysis: The displayed information shows that the router is configured with two users, the security level is authentication and encryption, and the corresponding engine IDs are 12345678 and abcdef1234. It shows that user1 is the local user and user2 is the remote user.
Description and analysis: The displayed information shows that the router is configured with the address parameter named addparam1, the corresponding user is user2, the message processing model is v3, the security model is USM, and the security level is authentication and encryption.
Address: 1.1.1.1.0.162 ParamName: addparam1 TagList: tag1 tag2 TimeOut(sec) :2 RetryCount :2 ===================================================
Description and analysis: The displayed information shows that the router is configured with the destination address named target1, the destination address is 1.1.1.1, the UDP port number is 162, the tag list is tag1 and tag2; the timeout is 2 seconds, and the retransmission times is 2.
========================================================
Maipu Confidential & Proprietary Information Page 126 of 138
notify1
tag1
inform
Description and analysis: The displayed information shows that the router is configured with one notification named notify1, the corresponding tag is tag1, and the message type is inform.
Description and analysis: The displayed information shows that the router is configured with one notification filtering named filter1, which contains all nodes in the MIB sub tree 1.3.6.1.
Description and analysis: The displayed information shows that the notification filter named filter1 is associated to the address parameter named addparam1.
NAT QoS ModemControl ModemControl ModemControl backup DDR MULTILINK DLSw QLLC NIA Bridge SNTP snmpProxy snmpTargetAddr TaskMib sysMemoryMib Mib2If Mib2Sys Mib2IpATran Mib2Ip Mib2Icmp Mib2TCP Mib2UDP Mib2Snmp PanelTableMib cE1TimeslotsMib MPFileTableMib MPFileVersionMib MpSnmpAgentMib RtrCommand RmonAlarm RmonEvent RmonLog MpSysCpu ifXTable MPIfStatByPriority
Maipu Confidential & Proprietary Information Page 128 of 138
Description and analysis: The displayed information shows that the MIB module is registered in the system.
Debugging Commands
Command (no) debug snmp-server all (no) debug snmp-server groupget (no) debug snmp-server groupset (no) debug snmp-server tblgetnext (no) debug snmp-server tblset (no) debug snmp-server response (no) debug snmp-server trap (no)debug snmp-server proxy Description To enable/disable all debugging switches of the SNMP proxy To enable/disable the operation debugging switch of the simple variable GET of the SNMP proxy To enable/disable the operation debugging switch of the simple variable SET of the SNMP proxy To enable/disable the operation debugging switch of the table variable GET/NEXT of the SNMP proxy To enable/disable the operation debugging switch of the table variable SET of the SNMP proxy To enable/disable the response debugging switch of the SNMP proxy To enable/disable the debugging switch for sending TRAP of the SNMP proxy To enable/disable the forwarding debugging switch of the SNMP proxy
00:32:35: [tSnmpd]SNMP v3 decode: input engineID is NULL, report local engineID! 00:32:35: [tSnmpd]SNMP:Oid num:1 00:32:35: [tSnmpd]SNMP: to 128.255.40.33,End:117318,Lasted:0
[tSnmpd]SNMP:from 128.255.40.33,Begin:117320 [tSnmpd]SNMP:Oid num:1 [tSnmpd]SNMP:SCALAR variables GET request [tSnmpd]SNMP:receive OID: system.1.0
00:32:35: [tSnmpd]SNMP:response: 00:32:35: [tSnmpd] STRING:MyPower (R) Operating System Software MP7500 version 6.0.6(h01-m7-u)(integrity), compiled on Apr 25 2007, 08:10:05 Copyright (C) 1999 Maipu (Sichuan) Communication Technology Co., Ltd. All Rights Reserved. 00:32:35: [tSnmpd]SNMP: to 128.255.40.33,End:117320,Lasted:0
management workstation wants to get is mib2.system.1.0 (sysDescr) The SNMP proxy sends the response packet and displays the contents of the returned character string, that is, the description information of the system.
B.
Enable the command debug snmp tblgetnext and debug snmp response
00:40:42: [tSnmpd]SNMP v3 decode: input engineID is NULL, report local engineID! 00:40:42: [tSnmpd]SNMP:Oid num:1 00:40:42: [tSnmpd]SNMP: to 128.255.40.33,End:146525,Lasted:0
00:40:42: [tSnmpd]SNMP:from 128.255.40.33,Begin:146528 00:40:42: [tSnmpd]SNMP:Oid num:22 00:40:42: [tSnmpd]SNMP:TABULAR variables GET-NEXT request 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.1.1 [tSnmpd]SNMP:response: [tSnmpd] INTEGER:1 [tSnmpd]SNMP:receive OID: ifEntry.2.1 [tSnmpd]SNMP:response: [tSnmpd] STRING:gigaethernet0 [tSnmpd]SNMP:receive OID: ifEntry.3.1 [tSnmpd]SNMP:response: [tSnmpd] INTEGER:6 [tSnmpd]SNMP:receive OID: ifEntry.4.1 [tSnmpd]SNMP:response: [tSnmpd] INTEGER:1500 [tSnmpd]SNMP:receive OID: ifEntry.5.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:1000000000 [tSnmpd]SNMP:receive OID: ifEntry.6.1 [tSnmpd]SNMP:response: [tSnmpd] IFPHYADDR:00:11:00:02:00:03 [tSnmpd]SNMP:receive OID: ifEntry.7.1 [tSnmpd]SNMP:response: [tSnmpd] INTEGER:1 [tSnmpd]SNMP:receive OID: ifEntry.8.1 [tSnmpd]SNMP:response: [tSnmpd] INTEGER:1 [tSnmpd]SNMP:receive OID: ifEntry.9.1
00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42:
[tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.10.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:51414 [tSnmpd]SNMP:receive OID: ifEntry.11.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:11 [tSnmpd]SNMP:receive OID: ifEntry.12.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:634 [tSnmpd]SNMP:receive OID: ifEntry.13.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.14.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.15.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.16.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:168 [tSnmpd]SNMP:receive OID: ifEntry.17.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:4 [tSnmpd]SNMP:receive OID: ifEntry.18.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.19.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.20.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.21.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.22.1 [tSnmpd]SNMP:response: [tSnmpd] OBJECT:0.0 [tSnmpd]SNMP: to 128.255.40.33,End:146528,Lasted:0
2. View the debugging information of reading the simple MIB objects via the network management workstation by using the command debug snmp groupsetdebug snmp-server tblset, and debug snmp response. A. Enable the command debug snmp groupset and debug snmp response.
00:50:35: [tSnmpd]SNMP v3 decode: input engineID is NULL, report local engineID! 00:50:35: [tSnmpd]SNMP:Oid num:1 00:50:35: [tSnmpd]SNMP: to 128.255.40.33,End:182134,Lasted:0
00:50:35: [tSnmpd]SNMP:from 128.255.40.33,Begin:182136 00:50:35: [tSnmpd]SNMP:Oid num:1 00:50:35: [tSnmpd] Set STRING: Maipu(Sichuan) Communication Technology Co. Ltd. 00:50:35: [tSnmpd]SNMP:TABULAR variables SET request 00:50:35: [tSnmpd]SNMP:receive OID: system.4.0 00:50:35: [tSnmpd]SNMP: to 128.255.40.33,End:182136,Lasted:0
128.255.40.33 The received is SNMPv3 request packet; begin to process the engine ID discovery packet; return the local engine ID of the device to the workstation. To receive a simple variable SET request from 128.255.40.33; the set object is system.4.0(sysContact); the set contents is a character string: Maipu(Sichuan) Communication Technology Co. Ltd.
B.
Enable the command debug snmp tblset and debug snmp response.
01:05:37: [tSnmpd]SNMP v3 decode: input engineID is NULL, report local engineID! 01:05:37: [tSnmpd]SNMP:Oid num:1 01:05:37: [tSnmpd]SNMP: to 128.255.40.33,End:236249,Lasted:0
[tSnmpd]SNMP:from 128.255.40.33,Begin:236251 [tSnmpd]SNMP:Oid num:1 [tSnmpd]SNMP:TABULAR variables SET request [tSnmpd]SNMP:receive OID: ifEntry.7.2 [tSnmpd]SNMP: to 128.255.40.33,End:236252,Lasted:1
3. View the debugging information of the SNMP proxy sending TRAP via the command debug snmp trap. Enable the command debug snmp trap.
community:private
host
community name as private to the workstation with address as 128.255.40.33 To send a trap with the community name as public to the workstation with address as 192.168.0.1
RMON
Main contents: Introduction to RMON Basic commands of RMON Configuration examples of RMON
Introduction to RMON
RMON defines a set of MIB which is used to define standard network monitoring functions and interfaces, so that the SNMP-based management terminal can communicate with the remote monitor. Besides lightening the burden of managing terminal and other proxies, RMON provides an effective method to monitor the behaviors within the subnet range.
RMON MIB has 10 groups: statistics: maintain the low utilization and error statistics for the subnets monitored by each proxy history: record the samples of the periodical statistics information that is taken out from the statistics group alarm: Permit the administration Console user to configure the sampling interval and alarm when the values of any counters or integers (recorded by the RMON proxy) exceed the threshold value. host: include the input/output traffics of various types of hosts adhering to the subnet hostTopN: include the stored statistic information of hosts, some parameters in the host tables of these hosts are the highest matrix: show error and utilization information in the form of matrix, so that the operator can use any address pair to search information
filter: permit the monitor to monitor the packets matched with the filter capture: manage how to send the data to the administration console platform event: present the table of all events generated by the RMON proxy tokenRing: maintain the statistic and configuration information of a subnet which is a token ring
Note Currently, all routers support alarm (alarm group) and event (event group). Besides, MP7500 supports history (history group) and statistics (statistics group) of the Ethernet interface.
rmon alarm rmon alarm alarm-num OID interval {absolute|delta} risingthreshold risingthreshold rising-event fallingthreshold falling-threshold falling-event
Syntax Description The serial number of the alarm The object instance that needs to be monitored remotely; currently, only the interface table ifEntry.[10-21] in MIB-2 is supported (the index needs to be added after the object oid) The time interval for sampling the value of parameter <OID>; the unit is second; the value range is 1-65536 The sampling type is absolute value/relative value
risingthreshold
fallingthreshold falling-event
rmon event rmon event event-num description event-description log max-num owner owner trap community
Syntax Description The serial number of the event The event description To record in the log, and set the maximum number of the items to be recorded The event owner To send the trap information to the remote destination and specify the community name
event-num
description event-description log max-num owner owner trap community
Description The serial number of the alarm The object instance that needs to be monitored remotely; currently, only the interface table ifEntry.[10-21] in MIB-2 is supported (the index needs to be added after the object oid) To configure the owner of the statistics group
rmon history rmon history control history-num OID buckets-num [interval intervaIlI] [owner owner]
Syntax Description The serial number of the history group The object instance that needs to be monitored remotely; currently, only the interface table ifEntry.[10-21] in MIB-2 is supported (the index needs to be added after the object oid) The time interval for sampling the value of parameter <OID>; the unit is second; the value range is 1-3600; the default value is 1800 To configure the owner of the history group
history-num OID
interval interval
owner owner
Application Example
On the router, perform RMON on the interface fastethernet0 of the OID object 1.3.6.1.2.1.2.2.1.10 (suppose that the interface index of the interface g0 is 1 and the object instance is 1.3.6.1.2.1.2.2.1.10.1).
It is required to sample the absolute value of the object instance every 5 seconds. The rising threshold value and the falling threshold value are 5000. If the sampled result triggers the threshold value, send the trap information to the community public. Meanwhile, record in the log of the router. At most 100 items can be recorded. The detailed configurations are:
Command router#configure terminal router(config)#rmon router(config)#rmon alarm 1 1.3.6.1.2.1.2.2.1.10.1 5 absolute risingthreshold 5000 1 fallingthreshold 5000 1 router(config)#rmon event 1 description gigaethernet0_in_octes log 100 trap public Description To enter into the configuration mode To enable the RMON To configure the alarm examples To configure the triggering event
Alarm 1 is active, owned by config Monitoring variable: ifEntry.10.1 , Sample interval: 5 second(s)
Taking samples type: absolute, last value was 10714 Rising threshold : 5000, Falling threshold : 5000,
Description and analysis:
The above information shows the configuration of the RMON alarm. The index is 1; the monitored MIB object is ifTable.ifEntry.ifInOctes.1; the sampling type is absolute; the latest value of the object is 10714; the set rising threshold is 5000; the falling threshold is 5000; both are specified to trigger the event 1.
Event 1 is active, owned by config Description : gigaethernet0_in_octes Event firing causes: log and trap, last fired at 00:26:36
Description and analysis: The above information shows the configuration of the RMON event. One RMON event is configured; the index is 1; the description information is gigaethernet0_in_octes; record the log and send TRAP when the event is triggered; the latest event is triggered at 26 minutes and 36 seconds after the system is started; the current log shows that the event is triggered for three times.
MP7500#show rmon alarm supportVariable Currently support MIB object: (NOTE:be sure to add the index after OID)
ifEntry.[10-21]
Description and analysis:
The above information shows the alarm monitoring object supported by RMON. The ifEntry.[10-21] in the interface table of MIB-2 is supported.