Sei sulla pagina 1di 138

System Configuration Management

and

No. 16, Jiuxing Avenue Hi-tech Park Chengdu, Sichuan Province Peoples Republic of China - 610041 Tel: (86) 28-85148850, 85148041 Fax: (86) 28-85148948, 85148139 URL: http:// www.maipu.com Email: overseas@maipu.com

Maipu Communication Technology Co., Ltd

Maipu Confidential & Proprietary Information

Page 1 of 138

System Configuration and Management

All rights reserved. Printed in the Peoples Republic of China. No part of this document may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise without the prior written consent of Maipu Communication Technology Co., Ltd. Maipu makes no representations or warranties with respect to this document contents and specifically disclaims any implied warranties of merchantability or fitness for any specific purpose. Further, Maipu reserves the right to revise this document and to make changes from time to time in its content without being obligated to notify any person of such revisions or changes. Maipu values and appreciates comments you may have concerning our products or this document. Please address comments to: No. 16, Jiuxing Avenue Hi-tech Park Chengdu, Sichuan Province Peoples Republic of China - 610041 Tel: (86) 28-85148850, 85148041 Fax: (86) 28-85148948, 85148139 URL: http:// www.maipu.com Email: overseas@maipu.com

Maipu Communication Technology Co., Ltd

All other products or services mentioned herein may be registered trademarks, trademarks, or service marks of their respective manufacturers, companies, or organizations.

Maipu Confidential & Proprietary Information

Page 2 of 138

System Configuration and Management

Maipu Feedback Form


Your opinion helps us improve the quality of our product documentation and offer better services. Please fax your comments and suggestions to (86) 28-85148948, 85148139 or email to overseas@maipu.com.
Document Title Product Version Evaluate this document SYSTEM CONFIGURATION AND MANAGEMENT Document Revision Number 1.0

Presentation: (Introductions, procedures, illustrations, completeness, arrangement, appearance) Good Fair Average Poor Accessibility: (Contents, index, headings, numbering) Good Fair Average Poor Editorial: (Language, vocabulary, readability, clarity, technical accuracy, content) Good Fair Average Poor

Your suggestions to improve the document

Please check suggestions to improve this document: Improve introduction Make more concise Improve Contents Add more step-by-step procedures/tutorials Improve arrangement Add more technical information Include images Make it less technical Add more detail Improve index

If you wish to be contacted, complete the following: Name Postcode Telephone Company Address E-mail

Maipu Confidential & Proprietary Information

Page 3 of 138

System Configuration and Management

Contents
Overview.....................................................................................................7 System Configuration.................................................................................8
Configure System Name .........................................................................................8 Configure System Time...........................................................................................8 Configure Login Security Service..............................................................................9

System Management .............................................................................. 12


Overview ............................................................................................................. 12 Manage File System.............................................................................................. 12
Introduction to File System ....................................................................................................12 Commands of File System .....................................................................................................14 Application Examples of Commands.......................................................................................14

Manage Configuration Files of Router...................................................................... 37


Contents of Formats of Configuration Files..............................................................................37 Load Configuration File ..........................................................................................................40 Save Current System Configuration........................................................................................41 View Current Running Configuration of Router ........................................................................42 Configure Router to Serve as FTP Server ................................................................................42

Manage System Authentication & Command Hierarchical Authorization ................................................................................................................. 45


Overview ............................................................................................................. 45 Basic Commands.................................................................................................. 46 Modify User Level ................................................................................................. 46 Modify Command Level......................................................................................... 48 Example of Modifying Command Level ................................................................... 49 Set Enable Password............................................................................................. 49 Configure User and Related Attributes .................................................................... 50 Set Line Attributes ................................................................................................ 51 View Present User Level ........................................................................................ 54

System Tools ........................................................................................... 55


Device Information of System................................................................................ 55 Protocol Debugging............................................................................................... 74 Network Troubleshooting Tools .............................................................................. 75

Maipu Confidential & Proprietary Information

Page 4 of 138

System Configuration and Management

System Log Function............................................................................................. 75 View CPU Utilization .............................................................................................. 78 Set CPU and Environment Alarm Temperature ........................................................ 82 Set SIU Display Language ..................................................................................... 83 Set System Alarm Parameters ............................................................................... 83 Configure Rollback Function................................................................................... 84 Pagination Display Function ................................................................................... 85

Remote Login Service ............................................................................. 87


telnet................................................................................................................... 87
Overview ..............................................................................................................................87 Basic Commands...................................................................................................................87

SSH..................................................................................................................... 88

System Information Unit (SIU) .............................................................. 89


Operation Methods ............................................................................................... 89 View Information .................................................................................................. 90
Idle Mode..............................................................................................................................90 Menu Mode ...........................................................................................................................90 Display Real-time Information................................................................................................92

Embedded Event Platform (EEP)............................................................ 93


Introduction to EEP ............................................................................................... 93
Basic Commands...................................................................................................................95

Application Examples ............................................................................................ 99


Application Example 1 ...........................................................................................................99 Application Example 2 .........................................................................................................100 Application Example 3 .........................................................................................................100

Monitoring and Debugging................................................................................... 100


Monitoring Command ..........................................................................................................100 Monitoring Command Example ............................................................................................101 Debugging Command..........................................................................................................102

SNMP Proxy Server Configuration........................................................ 103


Introduction to SNMP .......................................................................................... 103 Basic Commands of SNMP................................................................................... 103 Application Examples .......................................................................................... 116
Configure SNMPv1/v2..........................................................................................................116 Configure SNMPv3...............................................................................................................117 Configure SNMPv3 Notification .............................................................................................118 Configure SNMPv3 Proxy Forwarding....................................................................................119

Monitoring and Debugging................................................................................... 121


Monitoring Command ..........................................................................................................121 Monitoring Command Example ............................................................................................122

Maipu Confidential & Proprietary Information

Page 5 of 138

System Configuration and Management

Debugging Commands ........................................................................................................129 Debugging Command Examples ..........................................................................................129

RMON..................................................................................................... 134
Introduction to RMON ......................................................................................... 134 Basic Commands of RMON .................................................................................. 135 Application Example............................................................................................ 137 Monitoring and Debugging................................................................................... 137
Monitoring Commands.........................................................................................................137 Monitoring Command Examples...........................................................................................137

Maipu Confidential & Proprietary Information

Page 6 of 138

System Configuration and Management

Overview
The manual mainly describes the basic configurations and managements of Maipu routers, including the commands for configuring the system, managing the user name and password, configuring the environment parameters, managing the files, and viewing the system information.

Main contents: Configure the system Manage the system Manage system authorization System tools Remote login service of the system System information unit (SIU) (currently, it is only for MP7500 router) Embedded Event Platform (EEP) Configure SNMP proxy server Configure RMON authentication and command hierarchical

Maipu Confidential & Proprietary Information

Page 7 of 138

System Configuration and Management

System Configuration
In Maipu router, the main tasks of the system configuration include: Configure the system name Configure the system time Configure the login security service of the system

Configure System Name


When the router leaves the factory, its default system name is router. Users can change the system name by desires. This change takes effect immediately and the new system name appears in the displaying of the next system prompt. The command for configuring the router system name is as follows:
Command hostname Description * To configure the router name Configuration Mode config

hostname

The following command is used to change the system name from router to router_1. The operation steps are as follows:
Command router#configure terminal router(config)#hostname Description To execute the command configure terminal in the privileged user mode to enter the global configuration mode To execute the command hostname and take the parameter router_1 in the global configuration mode to change the system name The new system command takes effect in the displaying of the next system prompt

router_1

router_1(config)#

Configure System Time


There is an independent clock system installed in the router to record the present time of the system. There is the real time clock only in the
Maipu Confidential & Proprietary Information Page 8 of 138

System Configuration and Management

MP7500 system, so the system clock is not re-configured when the system restarts after power-off. You can configure the router clock via the following two methods: 1. Configure the NTP service to make the system obtain the present time automatically after startup. (For using of NTP, please refer to the chapter of configuring SNTP). 2. Use the command clock to configure the present time of the system, which comprises year, month, date, hour, minute and second. The configuration command is as follows:
Command clock year month day hour minute second Description * To configure the system clock Configuration Mode enable

The following example configures the system time as 09:36:10, November 15, 2006 by the command clock.
Command router#clock 2006 11 15 9 36 10 router#show clock UTC: THU NOV 09:36:15 2006 15 Description In the privileged user mode, to execute the command to configure the time of the system calendar as 09:36:10, November 15, 2006 To display the present calendar time of the system. The present time is 09:36:10, November 15, 2006, Thursday; By default, the time zone of the system is UTC.

Configure Login Security Service


In order to enhance the system security, Maipu routers provide the login security service function. Main functions are as follows: Prevent the brute-force attack on user login password Prevent the fast connection The function of preventing the brute-force attack on user login password is to prevent the illegal users from cracking the user name and password used for logging into the Maipu router. When the system finds that the authentication failure times of continuous login from a user reaches the specified times, the system forbids the login connection from that IP address in a given period.

The function of preventing the fast connection is to prevent the illegal users from initiating a lot of login requests to the router in a short period, which occupies a lot of system and network resources. If the times of repeatedly logging into a router from a user reaches the configured times,

Maipu Confidential & Proprietary Information

Page 9 of 138

System Configuration and Management

the system forbids the login connection requests from that IP address in a given period.

The commands for configuring the login security service are as follows:
Command service login-secure Description To enable the system security service To configure the interval for the login security service clearing the aged login authentication failures and the fast connection information. The default value is 60 minutes. To configure the time for the login security service forbidding the illegal IP address to log in. 10 minutes by default. To configure the maximum authentication failure times for continued login after the login security service takes effect. The default value is 5 times. To configure the time for the login security service aging the login authentication failure and the fast connection information. The default value is 15 minutes. To configure the maximum connection times of the preventing fast connection function. The default value is 20 times. To configure the minimum interval time between two connections of the preventing fast connection function. The default value is 30s. To configure the forbidding time for the illegal IP address to log in after the preventing quickconnection function takes effect. The default value is 20 minutes. To view the login authentication failure records of the login security service To view the quick-connection records of the login security service enable config Configuration Mode config config

login-secure checkrecord-interval <30m-14400m>

login-secure time 144000m>

forbid<10m-

config

login-secure max-trytime <1-20>

login-secure aging-time 1440m>

record<15m-

config

login-secure quickconnect max-times <10-10000>

config

login-secure quickconnect restrictinterval <10s-600s> login-secure quickconnect unrestrictinterval <10m1440m> show login-secure information show login-secure quick-connect

config

config

enable

Default status By default, the login security service is enabled when the system starts up

Maipu Confidential & Proprietary Information

Page 10 of 138

System Configuration and Management

Note Execute the command no service login-secure to disable the login security service. Meanwhile, clear up all login connection records.

Maipu Confidential & Proprietary Information

Page 11 of 138

System Configuration and Management

System Management
Main contents: Overview Manage the file system Manage the configuration file

Overview
This chapter mainly describes the related contents of the system management, including managing the file system, configuring the file management, system authentication and command hierarchical authorization.

Manage File System


Main contents: Introduction to the file system Commands of the file system Examples of applying the commands

Introduction to File System


Maipu routers have the following storage mediums. Their functions are as follows: SDRAM: used as the space for a router executing the application programs;

Maipu Confidential & Proprietary Information

Page 12 of 138

System Configuration and Management

FLASH: used to store the application programs, configuration files and BootROM programs etc; EEPROM: used to store the configuration files and the user information that are often changed; CF card and USB: used to store the user data;

Maipu routers manage the following files: BootROM fileit is used to store the basic data initialized by the system; Application program of the router it is used to transmit routes, manage files and manage system etc Configuration fileIt is used to store the system parameters configured by users; Log fileit is used to store the log information of the system; Other files such as the files in which the dialup tone of the secondary dialup is stored; Maipu routers construct one or several DOS-based file systems for storing the information that rarely needs to be changed, such as the application programs (protocol software and driver etc.) and BootROM programs of a router. The file system is called TFFS (True Flash File System) (for example, construct two TFFS on MP7500. One device name is /system, which is used to store the system images by default; the other device name is /flash, which is used to store the key data such as the system configuration). Besides, the Maipu router provides the CF card and USB interface, which are used to store the user data.

For the Maipu router that has the master/salve control card (such as MP7500), if the system is in the master/salve mode and has the slave control card, the system has two kinds of file systems (modes). The file system on the master control card is called master file system. You can enter into the master file system mode via the filesystem command in the privilege mode; correspondingly, the file system on the slave control card is called slave file system. You can enter into the slave file system mode via the filesystem slave command in the privilege mode. In this way, you can operate the commands of the file system on the slave control card. If the current system does not have the slave control card or does not work in the master/slave mode, you cannot enter into the slave file system mode via the filesystem slave command.

Maipu Confidential & Proprietary Information

Page 13 of 138

System Configuration and Management

Commands of File System


In the configuration mode of the file system, the system provides a whole set of commands for managing the file system for the user, as follows:
Command filesystem filesystem slave copy ftpcopy tftpcopy xmodemcopy delete type dir cd mkdir rmdir pwd volume config-file Command Function To enter into the (master) file system mode To enter into the slave file system mode To copy a file To copy files via the FTP server To copy files via the TFTP server To copy files by using XMODEM protocol via the console port To delete files To view the contents of a file To view a directory or file To change the present path To create a directory To delete a directory To display the current path To view the information about a file device To execute a configuration file in the master file system To modify the storage location of the system file (application program, configuration file, log file and so on) To view the information about the file device To view the storage location of the system files of the local or peer device To set the boot parameters of the system To display the information about the boot parameters of the system Run Mode enable / config-slave-fs enable / config-fs config-fs / config-slave-fs config-fs / config-slave-fs config-fs / config-slave-fs config-fs / config-slave-fs config-fs / config-slave-fs config-fs / config-slave-fs config-fs / config-slave-fs config-fs / config-slave-fs config-fs / config-slave-fs config-fs / config-slave-fs config-fs / config-slave-fs config-fs / config-slave-fs config-fs

location show filesystem show file loction [peer] boot-loader [finename] show boot-loader

config-fs / config-slave-fs enable enable config-fs config-fs

The file system management of a router refers to two aspects, that is, file management and directory management. Except the command for copying files, the using of all other commands in the file management are consistent in the master and slave file systems.

Application Examples of Commands


View Informati on about File Device
The file system of a router is based on the flash physical device. Users can get the basic information about the FLASH file system (TFFS) via the following commands:

Maipu Confidential & Proprietary Information

Page 14 of 138

System Configuration and Management

Application example: In the configuration mode of the file system, execute the volume command, or execute the show filesystem command in the enable command mode:

router(config-fs)#volume

volume descriptor ptr (pVolDesc):

0x2cfa968

cache block I/O descriptor ptr (cbio): 0x2cfaa40 auto disk check on mount: NOT ENABLED 22

max # of simultaneously open files: file descriptors in use: # of different files in use: # of descriptors for deleted files: # of obsolete descriptors: 0 0 0 0

current volume configuration: - volume label: - volume Id:


file system */

NO LABEL ; (in boot sector: ) 0x0 5,213 /* sectors of the /* bytes of each /* sectors of each

- total number of sectors:

- bytes per sector:


sector */

512

- # of sectors per cluster: 4


cluster */

- # of reserved sectors:
reserved sectors */

/*

the

number

of

the

- FAT entry size:

FAT16

/* size of FAT sector */ /* the


sectors

- # of sectors per FAT copy: 4


occupied by each FAT sector */

- # of FAT table copies:


table */

/* copies of FAT /* hidden sectors */ /*


the

- # of hidden sectors:

- first cluster is in sector # 24


location of the first cluster in sector */

- Update last access date for open-read-close = FALSE - directory structure: VFAT /* directory structure */

Maipu Confidential & Proprietary Information

Page 15 of 138

System Configuration and Management

- root dir start sector:


directory */

/* the start sector of root /* the sectors occupied by root /* the maximum number of

- # of sectors per root:


directory */

15

- max # of entries in root:


entries in root directory */

240

FAT handler information: ------------------------ allocation group size:


be allocated */

1 clusters

/* the size of the unit can /* the size of the free

- free space on volume:


space in the file system */

2,641,920 bytes

router(config-fs)#

File Management
By using the file manage commands in the configuration mode of the file system, users can operate all files in the master and slave file systems, including: List files (directory) Copy files Delete files View file contents The following are the examples of application examples of the file management commands.

1. List files (directory) Application example:

Master file mode: router(config-fs)#dir size -------1930 date -----time -----name --------

JAN-01-1980 00:00:00 LOGGING


Page 16 of 138

Maipu Confidential & Proprietary Information

System Configuration and Management

4 3160 3160

JAN-01-1980 00:00:00 RANDOM JAN-01-1980 00:00:00 STARTUP JAN-01-1980 00:00:00 SCRIPT

Slave file mode: router(config-slave-fs)#dir size -------2048 102360 10234 1580 date -----time -----name -------<DIR>

JAN-01-1980 00:25:04 mpssh JAN-01-1980 01:22:58 logging JAN-01-1980 01:03:42 history JAN-01-1980 01:22:38 startup

2. Copy files The file copy command can be used to copy files in the FLASH file system, FTP server, TFTP server, startup configuration and running configuration. When the source or destination of the file copy command is file-system and there is no path information before the file name, the system uses the default path to operate by default (when using the filesystem command to enter into the operation mode f the file system, the default path is /flash; you can use the cd command to change the default path); if there is device name and path name before the file name, the system uses the specified path to operate. The following describes each kind of copy in detail.

A.

Copy files from file system to file system

Command format:

copy file-system source-filename file-system dest-filename (copy from master file system to master file system)

The operations of the following two commands are the same in the master and slave file systems:

copy file-system source-filename slave-file-system dest-filename (copy from the master file system to the slave file system) copy slave-file-system source-filename file-system dest-filename (copy from the slave file system to the master file system)

Maipu Confidential & Proprietary Information

Page 17 of 138

System Configuration and Management

Application example: Copy from the master file system to the master file system:

router(config-fs)#dir size -------2048 4 4567 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:24 random JAN-01-1980 00:00:24 test

router(config-fs)#copy file-system test file-system abc Copying... Completed router(config-fs)#dir size -------2048 4 4567 4567 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:24 random JAN-01-1980 00:00:24 test JAN-01-1980 00:10:16 abc

B.

Copy from the master file system to the slave file system:

router(config-slave-fs)#dir size -------2048 123 date -----time -----name -------<DIR>

JAN-01-1980 00:00:40 mpssh JAN-01-1980 00:30:14 123

router(config-fs)#copy file-system abc slave-file-system abc Do you want to copy master:/flash/abc to slave:/flash/abc?(y/n)y ##!!! !!! TRANSFER OK!

router(config-slave-fs)#dir size -------2048 date -----time -----name -------<DIR>

JAN-01-1980 00:00:40 mpssh

Maipu Confidential & Proprietary Information

Page 18 of 138

System Configuration and Management

123 4567

JAN-01-1980 00:30:14 123 JAN-01-1980 00:32:28 abc

C.

Copy from the slave file system to the master file system:

router(config-fs)#dir size -------2048 4 4567 4567 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:24 random JAN-01-1980 00:10:16 abc JAN-01-1980 00:00:24 test

router(config-fs)#copy slave-file-system 123 file-system 321 Do you want to copy slave:/flash/123 to master:/flash/321? (y/n)y ######## !!! TRANSFER OK!

router(config-fs)#dir size -------2048 4 4567 123 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:24 random JAN-01-1980 00:10:16 abc JAN-01-1980 00:36:51 321

D. Copy files from file system to FTP server Command format:

copy file-system source-filename ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password dest-filename (copy from the master file system to the FTP server) copy slave-file-system source-filename ftp [vrf vrf-name] dest-ipaddress ftpusername ftp-password dest-filename (copy from the file system to the FTP server; the command can be used in both master file mode and the slave file mode)

Application examples:

Maipu Confidential & Proprietary Information

Page 19 of 138

System Configuration and Management

Copy from the master file system to the FTP server:

router(config-fs)#dir size -------2048 4 510 4567 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:24 random JAN-01-1980 00:08:26 startup JAN-01-1980 00:09:10 abc

router(config-fs)#copy file-system abc ftp 128.255.42.180 maipu maipu test

Copying!!!!!!!!Total 4567 bytes copying completed.

router(config-fs)#

Copy from the file system to the FTP server:

router(config-slave-fs)#dir size -------2048 123 4567 date -----time -----name -------<DIR>

JAN-01-1980 00:00:40 mpssh JAN-01-1980 00:30:14 123 JAN-01-1980 00:32:28 abc

router(config-slave-fs)#copy slave-file-system abc ftp 128.255.40.33 h01 h01 test Do you want to copy slave:/flash/abc to FTP:test? (y/n)y ######## Copying!!!!! Total 4567 bytes copying completed.

FTP transmit slave mpu flash file /flash/abc OK! router(config-slave-fs)#

E.

Copy files from file system to TFTP server

Command format:

Maipu Confidential & Proprietary Information

Page 20 of 138

System Configuration and Management

copy file-system source-filename tftp [vrf vrf-name] dest-ipaddress dest-filename (copy from master file system to TFTP server) copy slave-file-system source-filename tftp [vrf vrf-name] dest-ipaddress destfilename (copy from the slave file system to TFTP server; the command can be used in both master file system mode and the slave file system mode)

Application example: Copy from the master file system to the TFTP server:

router(config-fs)#dir size -------2048 4 510 4567 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 00:08:26 startup JAN-01-1980 00:09:10 abc

router(config-fs)#copy file-system abc tftp 128.255.42.180 test Completed!

router(config-fs)#

Copy from the file system to the TFTP server:

router(config-slave-fs)#dir size -------2048 123 4567 date -----time -----name -------<DIR>

JAN-01-1980 00:00:40 mpssh JAN-01-1980 00:30:14 123 JAN-01-1980 00:32:28 abc

router(config-slave-fs)#copy slave-file-system abc tftp 128.255.40.33 test Do you want to copy slave:/flash/abc to TFTP:test? (y/n)y######## Copying Translating "128.255.40.33"!!!!!!!!! Total 4567 bytes copying completed!

Maipu Confidential & Proprietary Information

Page 21 of 138

System Configuration and Management

FTP transmit slave mpu flash file /flash/abc OK! router(config-slave-fs)#

F.

Copy a file in the file system as Startup configuration file

Command format:

copy file-system source-filename startup-config

Application example:

router(config-fs)#dir size -------2048 4 510 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 00:05:16 abc

router(config-fs)#copy file-system abc startup-config Copying... Completed router(config-fs)#dir size -------2048 4 510 510 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 00:05:46 startup JAN-01-1980 00:05:16 abc

router(config-fs)#

G. Copy Startup configuration as one file in file system Command format:

copy startup-config file-system dest-filename

Application example:

router(config-fs)#copy startup-config file-system abc

Maipu Confidential & Proprietary Information

Page 22 of 138

System Configuration and Management

Copying... Completed router(config-fs)#dir size -------2048 4 510 510 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 00:09:40 startup JAN-01-1980 00:17:08 abc

router(config-fs)#

H. Copy startup configuration to host via FTP Command format:

copy startup-config ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password dest-filename

Application example:

router(config-fs)#copy startup-config ftp 128.255.42.180 123 123 test Copying!Total 510 bytes copying completed.

I.

Copy startup configuration to host via TFTP

Command format:

copy startup-config tftp [vrf vrf-name] dest-ipaddress dest-filename

Application example:

router(config-fs)#copy startup-config tftp 128.255.42.180 test Completed!

J.

Copy running configuration as one file in file system

Command format:

copy running-config file-system dest-filename

Maipu Confidential & Proprietary Information

Page 23 of 138

System Configuration and Management

Application example:

router(config-fs)#dir size -------2048 4 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random

router(config-fs)#copy running-config file-system abc Copying... Completed router(config-fs)#dir size -------2048 4 510 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 00:17:08 abc

router(config-fs)#

K.

Copy running configuration to host via FTP

Command format:

copy running-config ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password dest-filename

Application example:

router(config-fs)#copy running-config ftp 128.255.42.180 123 123 test Copying!Total 510 bytes copying completed.

L.

Copy running configuration to host via TFTP

Command format:

copy running-config tftp [vrf vrf-name] dest-ipaddress dest-filename


Application example:

router(config-fs)#copy running-config tftp 128.255.42.180 test


Maipu Confidential & Proprietary Information Page 24 of 138

System Configuration and Management

Completed!
M. Copy running configuration as startup configuration Command format:

copy running-config startup-config

Application example:

router(config-fs)#dir size -------2048 4 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random

router(config-fs)#copy running-config startup-config Building Configuration...done router(config-fs)#dir size -------2048 4 495 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 00:33:28 startup

router(config-fs)#

N. Copy files from ftp server to file system Command format:

copy ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password source-filename file-system dest-filename (copy from the ftp server to the master file system) Same as the ftpcopy command

copy ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password source-filename slave-file-system dest-filename (copy from the ftp server to the slave file system; the command can be used in both master file system mode and the slave file system mode)

Maipu Confidential & Proprietary Information

Page 25 of 138

System Configuration and Management

Application example:

router(config-fs)#dir size -------2048 4 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:24 random

router(config-fs)#copy ftp 128.255.42.180 123 123 test.bin file-system abc Downloading#########################OK! router(config-fs)#dir size -------2048 4 11577 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:24 random JAN-01-1980 00:09:10 abc

router(config-fs)#

O. Copy from FTP server to startup configuration file Command format:

copy ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password source-filename startup-config

Application example:

router(config-fs)#dir size -------2048 4 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random

router(config-fs)#copy ftp 128.255.42.180 123 123 test startup-config Downloading##OK! router(config-fs)#dir size date time name

Maipu Confidential & Proprietary Information

Page 26 of 138

System Configuration and Management

-------2048 4 495

------

------

-------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 00:58:02 startup

router(config-fs)#

P.

Copy files from TFTP server to file system

Command format:

copy tftp [vrf vrf-name] dest-ipaddress source-filename file-system dest-filename (copy from TFTP server to the master file system)
Note: same as the command tftpcopy

copy tftp [vrf vrf-name] dest-ipaddress source-filename slave-file-system destfilename (copy from the TFTP server to the slave file system; the command can be used in both master file system mode and the slave file system mode)TFTP)

Application example:

router(config-fs)#dir size -------2048 4 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random

router(config-fs)#copy tftp 128.255.42.180 test file-system abc Downloading##OK! router(config-fs)#dir size -------2048 4 495 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 01:01:00 abc

router(config-fs)#

Maipu Confidential & Proprietary Information

Page 27 of 138

System Configuration and Management

Q. Copy from TFTP server to startup configuration file Command format:

copy tftp [vrf vrf-name] dest-ipaddress source-filename startup-config

Application example:

router(config-fs)#dir size -------2048 4 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random

router(config-fs)#copy tftp 128.255.42.180 test startup-config Downloading##OK! router(config-fs)#dir size -------2048 4 495 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 01:03:28 startup

router(config-fs)#

R.

Copy files to file system by using xmodem protocol via Console port

Command format:

xmodemcopy dest-filename trans-baudrate

Application example:

router(config-fs)#dir size -------2048 4 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random

Maipu Confidential & Proprietary Information

Page 28 of 138

System Configuration and Management

router(config-fs)#xmodemcopy abc 9600 Now ready to receive file.Please send file with XMODEM protocol.If you want to cancel in progress,press CTL+C key...

Receive file successfully!!

router(config-fs)#dir size -------2048 4 512 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 01:30:32 abc

router(config-fs)#

3. Delete files Command format:

delete filename

Application example:

router(config-fs)#dir size -------2048 4 512 date -----time -----name -------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random JAN-01-1980 01:30:32 abc

router(config-fs)#delete abc WARNING: The Data of this file will be lost! if OS is deleted,the system will hangup!

Please confirm to continue?(Yes/No)y router(config-fs)#dir size date time name


Page 29 of 138

Maipu Confidential & Proprietary Information

System Configuration and Management

-------2048 4

------

------

-------<DIR>

JAN-01-1980 00:00:30 mpssh JAN-01-1980 00:00:26 random

router(config-fs)#

4. View file contents Command format:

type filename

Application example:

router(confgi-fs)#type startup The contexts of file startup hostname router user maipu password 0 maipu 1 enable password OW encrypt enable timeout 0 no service password-encrypt interface loopback0 exit interface fastethernet0 ip address 129.255.222.26 255.255.0.0 no ip redirects exit interface serial1/0 physical-layer sync clock rate 64000 tx-on dsr encapsulation ppp ip address 10.1.1.1 255.0.0.0 exit

View the contents of the startup file

Directory Management
The directory management of the file system in the router comprises: Print the path where the system is located;
Maipu Confidential & Proprietary Information Page 30 of 138

System Configuration and Management

Change the current path; Create a directory; Delete a directory; The examples of applying the commands of directory management are as follows. 1. Print path where system is located Command format:

pwd
Application example:

router(config-fs)#pwd /flash router(config-fs)#


The above displaying indicates that currently the system is located in /flash directory.

2. Create directory Command format:

mkdir dir-name
Application example:

router(config-fs)#mkdir maipu router(config-fs)#dir size -------1930 4 3160 512 3160 date -----time -----name --------

JAN-01-1980 00:00:00 logging JAN-01-1980 00:00:00 random JAN-01-1980 00:00:00 startup JAN-01-1980 00:00:00 maipu JAN-01-1980 00:00:00 script <DIR>

3. Change path where system is located Command format:

cd dest-dirname

Maipu Confidential & Proprietary Information

Page 31 of 138

System Configuration and Management

Application example:

router(config-fs)#cd maipu router(config-fs)#pwd /flash/maipu


The above displaying indicates that the current system is located in the directory /flash/Maipu.

4. Delete directory Command format:

rmdir dir-name
Application example:

router(config-fs)#cd /flash router(config-fs)#rmdir maipu WARNING: The Data of this dir will be lost! if OS is deleted,the system will hangup!

Please confirm to continue?(Yes/No)y

router(config-fs)#dir size -------1930 4 3160 3160 date -----time -----name --------

JAN-01-1980 00:00:00 LOGGING JAN-01-1980 00:00:00 RANDOM JAN-01-1980 00:00:00 STARTUP JAN-01-1980 00:00:00 SCRIPT

Manage Storage Location of System File


By default, the system files (such as application program, configuration file, and log file) are stored in the fixed device of the file system. For example, in MP7500, the configuration file is stored in /flash of the device; the application program is saved in /system of the device.

The high-end routers of Maipu (such as MP7500) can store the file system to the extended storage devices such as CF card can USB device. To facilitate the user to configure the storage location (device) of the system
Maipu Confidential & Proprietary Information Page 32 of 138

System Configuration and Management

files (such as application program, configuration file, and log file), the system provides the shell command to modify the storage location (device) of the system files. In the master/slave file system mode:

location image|configuration|logging|other_PHYDEVICE_ Reverse command: no location image|configuration|logging|other Viewing commands (in enable mode): show file loction show file location peer

Here: _PHYDEVICE_depends on the existing physical device in the system. For example, insert the CF card into the master MPU and the system prompts:

router(config-fs)#location logging ? /system /flash /cfcard Physical device: /system Physical device: /flash Physical device: /cfcard

Use the command in the slave file system mode and the system prompts:

router(config-slave-fs)#location logging ? /system /flash Physical device: /system on peer MPU Physical device: /flash on peer MPU

Application examples: 1. The CF card is inserted into the system, but the storage device of the system files is not configured. View the storage information of the current system files:

router#show file location Current system files default device list: OS image Configuration Logging Other files : /system : /flash : /flash : /flash

Maipu Confidential & Proprietary Information

Page 33 of 138

System Configuration and Management

Configurated system files default device list: OS image Configuration Logging Other files : /system : /flash : /flash : /flash

2. Configure the default storage location of the log files as the CF card:

router(config-fs)#location logging /cfcard

3. When viewing the storage location of the system files after the configuration, you can find that the configuration takes effect and a new log file named logging is generated in the device /cfcard.

router#show file location Current system files default device list: OS image Configuration Logging Other files : /system : /flash : /cfcard : /flash

Configurated system files default device list: OS image Configuration Logging Other files : /system : /flash : /cfcard : /flash

router(config-fs)#cd /cfcard router(config-fs)#dir size -------30 date -----time -----name --------

JAN-01-1980 00:40:23 LOGGING

4. When pulling out the CF card, the system prompts that the storage device of the log file is modified to /flash. View the storage location of the system files via the viewing command:

router#show file location


Maipu Confidential & Proprietary Information Page 34 of 138

System Configuration and Management

Current system files default device list: OS image Configuration Logging Other files : /system : /flash : /flash : /flash

Configurated system files default device list: OS image Configuration Logging Other files : /system : /flash : /cfcard : /flash

5. Insert the CF card again and the system prompts that the storage location of the log file is modified to /cfcard. You can view it as follows:

router#show file location Current system files default device list: OS image Configuration Logging Other files : /system : /flash : /cfcard : /flash

Configurated system files default device list: OS image Configuration Logging Other files : /system : /flash : /cfcard : /flash

6. In the slave file system, you can also perform the above operations to modify the storage location of the log file and other kinds of system files.

Note: 1. After modifying the storage location of the application program (image), you need to upgrade the system via the system upgrade command or modify the boot parameter via the command of loading the file when the system starts so that the system can

Maipu Confidential & Proprietary Information

Page 35 of 138

System Configuration and Management

start via the image file in the storage device by configuring the application program. 2. After modifying the storage location of the configuration file (configuration) and if the new device does not have the configuration file (startup), you need to use the saving or copying command of the configuration file to generate a configuration file (startup) so that the system can load the configuration when starting next time. 3. When modifying the storage location of the log file (logging), it takes effect at once. If the new device does not have the log file, create a new log file; if the new device has the existing old log file (logging), the future log information is recorded at the end of the file. 4. The modifications for the locations of all system files (including configuration and hot-swap of the device) are recorded in the log file.

Configuration Parameters
Command format:

Command

of

System

Boot

Specify the IOS file used when the system starts next time.

boot-loader [filename]

Application example:

router(config-fs)# boot-loader rp7-g-6.0.7(h01-m14-e).bin

Displaying Parameters
Command format:

Command

of

System

Boot

show boot-loader

Application example:

router(config-fs)#show boot-loader The app to boot at the next time is: dc0: rp7-g-6.0.7(h01-m14-e).bin The app to boot at the this time is: dc0: rp7-g-6.0.7(h01-m14-e).bin

Maipu Confidential & Proprietary Information

Page 36 of 138

System Configuration and Management

Manage Configuration Files of Router


Contents of Formats of Configuration Files
The configuration file exists in the file system in the text file format. The format is as follows: 1. Exist in the format of the configuration command; 2. In order to save the storage space of flash device, only the commands in the configuration mode (including the global configuration mode, the configuration mode of the interface, the configuration mode of the file system, the configuration mode of the access list, and the configuration mode of the routing protocol) are saved; 3. The organization of commands takes the command mode as the standard. All commands in the same mode are organized together to form a paragraph; 4. Paragraphs are arranged in a certain order: the global configuration mode, the interface configuration mode, and the route configuration mode; 5. Sort commands according to the relationships among them. All related commands are grouped together and a blank line is used to separate groups.

The following is one example of Maipu router configuration file (the detailed meaning of the information is introduced in the following chapters):

router#show run Building Configuration...done

! ! Last configuration change at UTC THU JAN 01 06:20:31 1970 !

Maipu Confidential & Proprietary Information

Page 37 of 138

System Configuration and Management

!software version 6.0.2(j)(integrity) !software image file rpl-i-6.0.2(j).bin !compiled on Jun 26 2006, 17:41:22

hostname B no service password-encrypt no service new-encrypt service login-secure

enable password OW encrypt

x25 routing

x25 profile 1 dce exit

frame-relay switching

interface loopback0 ip address 2.2.2.1 255.255.255.255 exit

interface loopback1 ip address 2.2.2.2 255.255.255.255 exit

interface loopback2
Maipu Confidential & Proprietary Information Page 38 of 138

System Configuration and Management

ip address 2.2.2.3 255.255.255.255 exit

interface loopback3 ip address 2.2.2.4 255.255.255.255 exit

interface fastethernet0 ip address 129.255.19.20 255.255.0.0 exit

interface serial1/0 physical-layer sync clock rate 128000 encapsulation x25 dce ip address 200.200.200.2 255.255.255.0 exit

interface serial3/0 physical-layer sync encapsulation frame-relay frame-relay lmi-type ansi frame-relay intf-type dce frame-relay interface-dlci 50 x25-profile 1 exit ip address 200.200.202.1 255.255.255.0 exit

router ospf 64 log-adjacency-changes network 2.2.2.1 0.0.0.0 area 9 network 2.2.2.2 0.0.0.0 area 9
Maipu Confidential & Proprietary Information Page 39 of 138

System Configuration and Management

network 129.255.19.0 0.0.0.255 area 0 exit

line con 0 exec-timeout 0 0

line vty 0 15 exec-timeout 0 0 no login exit

!end

Load Configuration File


The configuration file of a Maipu router can be edited in a text editor (such as WordPad) according to the format prescribed in the above section, and can be downloaded to a router via FTP or TFTP. This operation can be used by terminal users or via Telnet remote login. The following example is given to explain how to download the router configuration file via FTP: Step 1: Edit the configuration file named config on a PC Step 2: Enable the FTP SERVER on the PC; Step 3: Execute the command ftpcopy in the file configuration mode of the router to download the configuration file from the PC; As follows:

router(config-fs)#ftpcopy A.B.C.D

router router1 config startup

PC address, user name, password, file name, local file name


The above command is to download the configuration file config from the PC whose address is A.B.C.D to the router and write into the current directory of the router TFFS with the name startup. Here, execute the command dir, and you can see a new file-startup is added into the directory.

router(config-fs)#dir

Maipu Confidential & Proprietary Information

Page 40 of 138

System Configuration and Management

size -------1930 4 3160 3160

date ------

time ------

name --------

JAN-01-1980 00:00:00 logging JAN-01-1980 00:00:00 random JAN-01-1980 00:00:00 startup JAN-01-1980 00:00:00 script

Downloading the configuration file via TFTP is similar to downloading via FTP. The only difference between them is that the computer needs to run TFTP SERVER. Step 4: Restart the router, execute the configuration file-startup and modify the system configurations.

Save Current System Configuration


After validating that the modified system configurations are correct, users can save the configurations to be treated as configuration parameters for the next startup.

The following command can be executed to save the running configuration into the startup configuration file (STARTUP):

router (config-fs)# copy running-config startup-config

or use the command:

router#write startup-config

or use the command:

router#write

The following command can be executed to save the running configuration into the remote host via TFTP:

router#copy running-config tftp A.B.C.D WORD


Remote host name saved file name

Maipu Confidential & Proprietary Information

Page 41 of 138

System Configuration and Management

The following command can be executed to save the startup configuration file into the remote host via TFTP:

router#copy startup-config tftp A.B.C.D WORD


The following command can be executed to save the configuration files WORD of the remote host into the startup configuration file (STARTUP) of the router via TFTP:

router#copy tftp A.B.C.D WORD startup-config

View Current Running Configuration of Router


router#show running-config

Configure Router to Serve as FTP Server


Overview
Maipu routers can be used as the ftp servers. When a router serves as an ftp server, it permits the user to access the file system of the router via ftp mode.

Basic Commands
The commands are as follows:
Command ftp enable ftp disable ftp timeout ftp max-user-num Description To enable the ftp server To disable the ftp server To set the timeout of the FTP connection To configure the maximum number of users permitted to login Config mode 1. 2. config config config config

Note Before a user logs into the file system of a router via ftp mode, the user name and password need to be configured on the router.

ftp enable

Maipu Confidential & Proprietary Information

Page 42 of 138

System Configuration and Management

The command is used to enable the FTP service on the device.

ftp enable

ftp disable
The command is used to disable the FTP service on the device.

ftp disable

ftp timeout
The command is used to set the timeout of the FTP connection.

ftp timeout value


Syntax Description To configure the FTP timeout; the unit is second

value

Default status The default value is 300s.

ftp max-user-num
The command is used to set the maximum number of the users permitted to log in at the same time.

ftp max-user-num number


Syntax Description To set the maximum number of the users permitted to log in at the same time

number

Default status The default value is one.

Application Example
The example of configuring Maipu router as the FTP server:
Command router#configure terminal router(config)#ftp enable router(config)#ftp max-user-num 2 router(config)#user maipu password 0 maipu Description To enable the ftp sever To configure the maximum number of users permitted to login as 2 To configure the user name and password for login as maipu

Debugging Command
Command Description

Maipu Confidential & Proprietary Information

Page 43 of 138

System Configuration and Management

(no) debug ftpserver

To enable/disable the debugging switch of the FTP server

Maipu Confidential & Proprietary Information

Page 44 of 138

System Configuration and Management

Manage System Authentication & Command Hierarchical Authorization


Main contents: Overview Basic commands Modify user level Modify command level Set enable password Configure user and related attributes Set line attributes View user level

Overview
In order to enhance the operation security of a router, Maipu series routers provide various authentication managements (including AAA. Please refer to the chapter of configuring AAA) when users log in or perform the enable operation. Only the users who have the corresponding rights can log in or operate enable successfully.

In order to authorize different level of users with the executable commands with different levels, the commands of maipu router are graded from level 0-15. Here, the level 0 has the lowest right, while the level 15 has the highest.

Maipu Confidential & Proprietary Information

Page 45 of 138

System Configuration and Management

Basic Commands
Command enable user-level privilege MODE level 0 15 all | command LINE no privilege MODE {CR | level 015 { CR |all | command LINE } } enable password level 115 0|7 string enable password [0 | level ] string no enable password [0| level 1~15|STRING] <CR> user string password 0 LINE user string nopassword user string privilege 0-15 user string autocommand <LINE> user string autocommand-option nohangup|delay <0_120> Description To modify the user level To modify the command level Configuration Mode router> enable config

To recover a command to the default level

config

To set the enable password To set the enable password To delete the enable password To set the user password To set that a user can log in without password authentication To set the authorized level of a user To set the authorized auto-execute command of a user To set the option of a user executing the autocommand; nohangup means the connection is not disconnected after the auto-command is executed; delay means after how many seconds delayed the auto-command is executed. To set the callback number of a user

config config config config config config config config

user string callback-dialstring string

config

Modify User Level


If the user passwords of the corresponding levels are configured, users can use the command enable level 0 15 and input the correct password to enter into the corresponding user-level. Meanwhile, they get the executing right whose level is lower than or equal to the corresponding command-level. The command is as follows:
Command enable {0-15 | _CR_} Description To modify the user level Configuration Mode router> enable

Note

Maipu Confidential & Proprietary Information

Page 46 of 138

System Configuration and Management

1. Specify a user level 0-15 after enable and enter into the corresponding level. By default, the level is 15 if not specified. 2. If the level of a user is higher than the user level which he is going to enter, he can enter into the related level directly without any authentication. If the user is going to enter a level which is higher than his, the user needs to pass the authentication according to the current configuration, and the authentication method is selected according to the configuration. 3. If the enable password of the corresponding level is configured (configured via the command enable password level) and if the enable authentication of AAA is not configured or the enable authentication of AAA uses the enable method, the password can be used to authenticate. 4. If the enable password of the corresponding level is not configured, but the enable authentication uses the local enable password to authenticate, there are two kinds of situations: A. If it is a telnet user, the authentication fails. % No password set is prompted if aaa is not configured; % Error in authentication is prompted if aaa is configured; If is a console port user and the aaa is configured, the enable login tries to use the enable password to authenticate at first. If there is no enable password, use the none authentication, which means that the authentication is passed by default. If the aaa is not configure, % No password set is prompted and the authentication fails.

B.

5. If the enable authentication is passed, the user enters into the specified user level and the user possesses the corresponding level. The command show privilege can be used to view the user level. 6. If aaa authentication enable default method is configured, use the corresponding method list to perform the enable authentication, and the corresponding methods need to be used for authenticating, as follows: A. B. If aaa authentication enable default none is configured, no password is needed If aaa authentication enable default line is configured and the line password is configured, use the password. Otherwise, % Error in authentication is prompted and the authentication fails. If aaa authentication enable default radius is configured, use the radius authentication. Note that the user name of radius enable authentication is fixed, that is, $enab+level$. Level is a number of 1-15, that is, the level the user is going to enter. Because radius uses the user name of the fixed rule, users do not need to input the user name when authenticating, and just input the password to pass. If the password of the
Page 47 of 138

C.

Maipu Confidential & Proprietary Information

System Configuration and Management

user name with corresponding level is configured on the radius sever, input the corresponding password to log in successfully. Otherwise, the authentication fails. For example, execute the command enable 10, use the fixed user name $enab10$; if the user name exists on the radius sever, input the user name and corresponding password to pass the authentication. If aaa authentication enable default tacacs is configured, use the tacacs authentication. If there is a user name when logging in, users can use the user name and input the enable password of the user name to log in; otherwise, users need to input a user name and the enable password of it. If the input user name exists on the tacacs sever, and the enable password of tacacs is configured (notice: the corresponding enable password needs to be set for users on the tacacs sever), the authentication is passed. Otherwise, the authentication fails.

The above enable authentication methods can be combined to use. Please refer to the chapter of Configuring AAA.

Modify Command Level


Every shell command of Maipu router IOS has its default level. However, the command privileged can be used to modify the default level.

Users can only execute the commands whose levels are equal to or lower than the levels of themselves. For example, if a user whose user level is 12, he can only execute the commands of level 0-level 12.

The commands for modifying command level are as follows:


Command privilege MODE [level {0-15} [all | command LINE]] no privilege MODE [level {0-15} [all | command LINE]} Description To modify the command level To cancel the configuration of the command level Configuration Mode config config

Note 1. When a user executes a command, whether the user has the corresponding level right depends on the configuration.

Maipu Confidential & Proprietary Information

Page 48 of 138

System Configuration and Management

2. When executing show run or show startup, whether the present user has the level right for configuring a script depends on the configuration. 3. The input command character string follows the rule of match most, which means the input character string can be found and the result is only it. But in the script, it completes the character string as a full command. 4. The command no can be used to recover the command level of the corresponding command set to the default level.

privilege MODE [level {0-15} [all | command LINE]]


Syntax MODE level {0-15} request all command Description configured in, including all modes of the present system. Parameter 0-15 is a level specified for a command To configure as the responder To specify all commands in the present mode as a level You can input some keywords that a command starts with; all sub-commands that start with the specified keywords also belong to the configured level

MODE means the mode that the command needs to be

Example of Modifying Command Level


Configure the level of all sub-commands starting with interface as 2.
Command router#configure terminal router(config)# privilege interface Description CONF level 2 command To modify the level command interface as 2 of the

Set Enable Password


To set the local enable password for entering each user-level. The commands are as follows:
Command enable password [level {1-15}] [0] Description To specify the level and password, Configuration mode config

Maipu Confidential & Proprietary Information

Page 49 of 138

System Configuration and Management

password
no enable password [level {1-15}]

and the password is plaintext. To cancel the configuration of the enable password of a level

config

Note 1. When executing the command show run, the displayed password is cryptograph, that is, with seven key words. 2. Now there are two kinds of encryption methods, that is, new/old encryption methods. The command service new-encrypt or the command no can be used to switch between the new and the old encryption methods.

Configure User and Related Attributes


Use the command user to configure the local user and the related authority attributes. The commands are as follows:
Command Description password 0 To set the user password To set that a user can log in without password authentication To configure the authorized level of the user To configure the authorized auto-execute command of the user To set the option of a user executing the auto-command. Nohangup means the connection is not disconnected after the command is executed. Delay means after how many seconds delayed the command is executed. To set the callback number of a user To set the user user-name as the IKE extended authentication user and enter the configuration mode of IKE extended authentication user To screen the IKE extended user Configuration mode config config config config config

user-name password
user

user user-name nopassword user user-name privilege {0-15} user user-name command-line autocommand

user user-name autocommandoption {nohangup | delay} [0_120]

user user-name dialstring dial-string user user-name type xauth

callback-

config config

disable

3.

configuser configuser

password 0 password

To set the password of a IKE extended user

4.

Maipu Confidential & Proprietary Information

Page 50 of 138

System Configuration and Management

remote-settings ip {address ip_addr [mask] | pool pl_name}

dns ip_addr1 [ip_addr2]

wins ip_addr1 [ip_addr2]

user-group usergroup user user-name

To enter the configuration mode of remote authorization To set the ip address or the address pool information of a user; pl_name is the name of the address pool To configure the dns information of a user. Here, the paddr_1 is the primary dns ip address of the user and ipaddr_2 is the secondary dns ip address of the user To configure the wins information of a user. Here, the ipaddr_1 is the primary wins ip address of the user and ipaddr_2 is the secondary wins ip address of the user To set the name of the usergroup and enter the user-group configuration mode To set the user user-name as a member of the user group

config-user config-user-rset

config-user-rset

config-user-rset

config config-ugroup

Note Each command has the corresponding no command; the no command can be used to cancel the corresponding configuration. The user configured by the command user user-name type xauth can only be the user of the IKE extended authentication, but not the login user, also the related commands of user-group take effect only on the user of IKE extended authentication.

Set Line Attributes


Maipu series routers support that one console user, up to16 telnet users, and 16 ssh users can log into the device at the same time. The line command can be used to set different attributes for these logins, such as authentications and authorizations.

The commands are as follows:


Command line con 0 line vty {0-15} {0-15} line ssh-vty {0-15} {0-15} absolute-timeout {0-10000} Description To enter the line configuration mode of the console interface To enter the line configuration mode of telnet user To enter the line configuration mode of SSH user The total operation time Configuration mode config config config config-line

Maipu Confidential & Proprietary Information

Page 51 of 138

System Configuration and Management

privilege level {0-15}

autocommand command-line

autocommand-option delay} {0-120}

{nohangup

permitted for login user. Notice, if it is configured as 0, it means the time is not limited. The default value is 0. When 5 seconds before the time runs out, there is a prompt: Line timeout expired To configure the authorized level of a login user. By default, it is 1 To configure the command executed automatically after a user logs in successfully. Note that the executed command is often in the privileged user mode. By default, no command is executed. To set the option of a user executing auto-command. Nohangup means the connection is not disconnected after the auto-command is executed. By default, the connection is disconnected after the command is executed. Delay means after how many seconds delayed the auto-command is executed. By default, the delay is 0 second, which means no delay. Note that the command takes effect only after autocommand is configured. To configure the idle timeout to exit. Note that if the configuration is 0, it means no idle timeout to exit. By default, it is 5 minutes. To configure the line password To configure the login authentication mode. Here, login CR uses the line password to authenticate; Login authentication uses AAA authentication mode. No login means that users can log in without authentication (this can be used only when AAA is not configured). For common telnet, it is login by default; for ssh, it is login local by default. To configure the authentication mode and the accounting mode, if the aaa is enabled (the command aaa new-model), you can specify the

config-line config-line

config-line

config-line

exec-timeout {0_35791} [0_2147483]

password 0 password

config-line config-line

login [local | authencation]

authorization exec {default | word} authorization commands {default | word}

config-line

level

accounting exec {default|word}

Maipu Confidential & Proprietary Information

Page 52 of 138

System Configuration and Management

accounting commands {default | word}

level

authentication and accounting mode of exec and commands for each line. Please refer to the chapter of configuring AAA. To enable the mode function of console interface To configure the timeout of waiting for a user to input the user name and password; it is 30 seconds by default. config-line config-line

modem auto-detection timeout login respond {1-300}

Note Except the first command, others have their corresponding no commands, which are used to cancel the corresponding configurations or recover to the default configurations.

For example, configure the idle timeout of a telnet user as 5 minutes, the absolute timeout as 20 minutes, login timeout as 60 seconds, right level as 14, to execute the command show memory when 5 seconds delayed after login, and not to exit after the command is executed:
Command router(config)#line vty 0 2 router(config-line)#exc-timeout 5 0 router(config-line)#absolute-timeout 20 router(config-line)#timeout login respond 60 router(config-line)#privilege level 14 router(config-line)#autocommand show memory router(config-line)# autocommand-option delay 5 nohangup router(config-line)# password 0 vty router(config-line)#exit Description To enter the line configuration mode of telnet user To configure the idle timeout as 5 minutes To configure the total configuration time permitted for a user as 20 minutes To configure the login timeout for a user as 60 second To configure the authorized level of a user as 14 To configure to execute the command show memory automatically after a user logs in successfully To configure to execute the command automatically after 5 seconds delayed and the connection is not disconnected To configure the password of line as vty To exit the line configuration mode

After configuring the above commands, users should be authorized with the following line attributes after logging into the device via telnet:

The debug information is as follows (by executing the command debug author exec):

AUTHOR/EXEC/LINE (6): processing AV priv-lvl=14 AUTHOR/EXEC/LINE (6): processing AV autocmd=show mem AUTHOR/EXEC/LINE (6): processing AV nohangup=TRUE
Maipu Confidential & Proprietary Information Page 53 of 138

System Configuration and Management

AUTHOR/EXEC/LINE (6): processing AV timeout=120

View Present User Level


The level of the present user can be viewed via a command: The command is as follows:

show privilege

Execute in the normal user mode (STD) or the privileged user mode (EN). Note: by default, the level of the command is 1. So the user whose level is 0 cannot execute the command. For example:

router#show privilege Current privilege level is 15

Maipu Confidential & Proprietary Information

Page 54 of 138

System Configuration and Management

System Tools

Device Information of System


The device information of the system can be viewed via the command show. The types of the information that can be viewed are as follows: The information about the software and hardware resources of the system The basic information of the system The configuration information of the system The statistics information of the system

To facilitate the user to plan and manage the slots and components of the device, setting the description information of the slots and components is supported. Set the description of the slots/components
Command system description { mpu <0~1> | lpu <0~7> | siu | power <0~2> | fan <0~1> } descriptionDescription To set the description information about the slots of the cards in the system and the components such as SIU, power, and fan Configuration mode config

information

The show commands of the system


Command stack memory mbuf process device Description To display the using condition of each task stack in the system To display the information about the memory of the system To display the information about the buffer of the system To display the information about the task/process of the system To display the information about the Configuration mode Enable Enable Enable Enable Enable

Maipu Confidential & Proprietary Information

Page 55 of 138

System Configuration and Management

interface hosts arp ip startup-config about Version system {chassis | vender | mpu | lpu | siu | power | fan }

physical and logical devices in the system To display the information about the network interface of the system To display the information about the internal host table in the system To display the information about the ARP table of the system To display the statistics information of IP layer (include TCP and UDP) To display the contents of the startup configuration file in the system To display the information about the system copyright To display the information about the versions of the hardware and software in the system To display the information bout the components such as cards, SIU, power supply, and fan

Enable Enable Enable Enable Enable Enable Enable Enable

Take MP7508 as an example and some information is displayed as follows: Display the system stack

router#show stack NAME ENTRY TID SIZE CUR HIGH MARGIN

---------- ------------ -------- ----- ----- ----- -----tExcTask tLogTask 0x000014abc8 3fab488 7984 224 488 7496 0x0000150f1c 3fa8b00 4984 216 280 4704

tExcTrace 0x00000144f8 3540ed0 4984 320 552 4432 tShell1 tSysLog tSccTx1 tPPPExe tPPPSig tNetTask tSysTimer tSysSig tSccRx1 tModDet1 tUartRx0 tUartRx1 tUartRx2 tUartRx3 0x000002b254 27b1b18 20472 9696 13168 7304 0x00002032cc 2b298c0 5112 216 1084 4028 0x0000316acc 2b66380 3992 160 428 3564 0x00002d415c 35e29d8 10232 160 1580 8652 0x00002d4258 35dffc0 3416 192 1000 2416 0x00001d1364 2c769e8 9984 184 1188 8796 0x0000026ba0 2c74080 10224 152 296 9928 0x0000026bc8 2c71598 3416 240 1048 2368 0x0000316a50 2b67920 4992 152 644 4348 0x000030d1bc 2b651c8 3984 184 448 3536 0x000025e968 2b61030 4984 240 304 4680 0x000025e968 2b5e3e0 4984 240 304 4680 0x000025e968 2b5b790 4984 240 304 4680 0x000025e968 2b58b40 4984 240 304 4680
Page 56 of 138

Maipu Confidential & Proprietary Information

System Configuration and Management

tUartRx4 tUartRx5 tUartRx6 tUartRx7 tUartRx8 tUartRx9

0x000025e968 2b55ef0 4984 240 304 4680 0x000025e968 2b532a0 4984 240 304 4680 0x000025e968 2b50650 4984 240 304 4680 0x000025e968 2b4da00 4984 240 304 4680 0x000025e968 2b4adb0 4984 240 304 4680 0x000025e968 2b48160 4984 240 304 4680

tUartRx10 0x000025e968 2b45510 4984 240 304 4680 tUartRx11 0x000025e968 2b428c0 4984 240 304 4680

tUartRx12 0x000025e968 2b3fc70 4984 240 304 4680 tUartRx13 0x000025e968 2b3d020 4984 240 304 4680 tUartRx14 0x000025e968 2b3a3d0 4984 240 304 4680 tUartRx15 0x000025e968 2b37780 4984 200 1020 3964 tActive tSysTask tTermSo tTermCore tMpDlc tRtBak 0x0000306c74 2b14660 3992 240 384 3608 0x000029f4d0 351d648 9984 176 240 9744 0x0000351800 2b0b920 7992 360 1420 6572 0x0000352028 2b097c8 7984 184 976 7008 0x00004b9790 2afffb0 3992 160 472 3520 0x00002ee874 2c6e880 16376 952 1096 15280

tInfoGuide 0x00000cd65c 2afedf8 101712 600 2748 98964 tFecDetect 0x000026c86c 2b700b0 4984 184 916 4068 tTffsPTask 0x00003b2dbc 3fa4eb8 2032 136 404 1628 httpInit tTelnetd 0x000037fc7c 28843e8 4984 368 592 4392 0x00003455e4 2b134a8 4080 496 720 3360 5000 0 1036 3964

INTERRUPT

Display the using condition of the system memory

router#show memory SUMMARY ------Type ---Used bytes ---------Free bytes Total bytes Used percent

----------

-----------

-----------43.19% / 60.65% 4.49%

HEAP 21291496 CODE 17810592 SLAB 539040 MBUF 755936

28001744 / 349792 16081824

49293240 17810592 888832 16837760

Maipu Confidential & Proprietary Information

Page 57 of 138

System Configuration and Management

Note: The space of all such memory types exclude CODE is part of the HEAP's

used memory,for example:MBUF,SLAB,and FPSS if exists.

STATISTICS ---------Used bytes ---------22670472 Free bytes ---------Total bytes Used percent

-----------

-----------33.78%

44433360

67103832

Note The meanings of each item:


HEAP CODE SLAB MBUF FPSS Heap memory (the most basic memory area in the system); other secondary allocation management mechanisms are separated from the area Code Snippets memory; it is used to store the code snippets for system running A kind of management mechanism for memory secondary allocation A kind of management mechanism for memory secondary allocation A kind of management mechanism for memory secondary allocation, only existing on MP3700 and MP7200

Use the command show memory to set different parameters to realize various functions: show memory FPSS|HEAP|MBUF|SLAB: display the memory using condition of different memory management mechanisms show memory FPSS|MBUF|SLAB _POOLNAME_: display the using condition of one memory pool in a memory management mechanism show memory detail: display the detailed using condition of the system memory show memory detail FPSS|HEAP|MBUF|SLAB: display the detailed memory using condition of different memory management mechanisms show memory detail FPSS|HEAP|MBUF|SLAB _POOLNAME_: display the detailed using condition of one memory pool in a memory management mechanism

Display the using condition of the system buffer

router# show pool detail Data pool


Maipu Confidential & Proprietary Information Page 58 of 138

System Configuration and Management

Statistics for the network stack mbuf type number

--------- -----FREE : DATA : HEADER : SOCKET : PCB : 12 54 0 0 0 1 0 0 0 20 0 0 2 11 0 0 0 0 0 0 0 0 0 2 49887 1 1 9

RTABLE : HTABLE : ATABLE : SONAME : ZOMBIE : SOOPTS : FTABLE : RIGHTS : IFADDR : CONTROL : OOBDATA : IPMOPTS : IPMADDR : IFMADDR : MRTABLE : DRVSCC : DRV8SA : DRV8S : DRV16A : DRV4M336:

DRVEXTSCC: DRVQMC : MPLSINFO:

TOTAL : 50000 number of mbufs: 50000 number of times failed to find space: 0 number of times waited for space: 0 number of times drained protocols for space: 0
Maipu Confidential & Proprietary Information Page 59 of 138

System Configuration and Management

__________________ CLUSTER POOL TABLE ____________________________________________________________________ ___________ size clusters free usage

------------------------------------------------------------------------------64 128 256 512 1024 2048 6000 36000 3200 3200 180 400 5966 35933 3198 3191 180 400 34124 351874 3711 37 0 0

------------------------------------------------------------------------------Size: 12416400 bytes

Driver pool

Statistics for the network stack mbuf type number

--------- -----FREE : 5990 10 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0


Page 60 of 138

DATA : HEADER : SOCKET : PCB :

RTABLE : HTABLE : ATABLE : SONAME : ZOMBIE : SOOPTS : FTABLE : RIGHTS : IFADDR : CONTROL : OOBDATA : IPMOPTS :

Maipu Confidential & Proprietary Information

System Configuration and Management

IPMADDR : IFMADDR : MRTABLE : DRVSCC : DRV8SA : DRV8S : DRV16A : DRV4M336: DRVEXTSCC: DRVQMC : MPLSINFO:

0 0 0 0 0 0 0 0 0 0 0

TOTAL : 6000 number of mbufs: 6000 number of times failed to find space: 0 number of times waited for space: 0 number of times drained protocols for space: 0 __________________ CLUSTER POOL TABLE ____________________________________________________________________ ___________ size clusters free usage

------------------------------------------------------------------------------1596 6000 5632 1119414

------------------------------------------------------------------------------Size: 10056000 bytes

All MBUF pool size : 22472400 bytes

Display the information about the system device

router#show device drv name 0 /null 1 /tyCo/0 1 /tyCo/1 1 /tyCo/2 1 /tyCo/3

Maipu Confidential & Proprietary Information

Page 61 of 138

System Configuration and Management

3 /system 3 /flash 3 /hsconfig 2 /pipe/temp 3 /config 3 /more 3 /log 3 /hafile 2 /pipe/sshd

Display the information about the status of all system interfaces

router#show interface loopback0: Flags: (0x4080e9) UP LOOPBACK MULTICAST RUNNING GWUP Type: SOFTWARE_LOOPBACK Internet address: 1.1.1.1/32 Queue strategy: FIFO , Output queue: 0/1 (current/max packets)(0) Metric: 0, MTU: 32768, BW: 8000000 Kbps, DLY: 5000 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received 0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped multilink0: Flags: (0x408070) DOWN POINT-TO-POINT MULTICAST ARP RUNNING GWUP Type: MULTILINK Internet address: 2.0.0.2/24 Destination Internet address: 0.0.0.0 Queue strategy: FIFO , Output queue: 0/1 (current/max packets)(0) Metric: 0, MTU: 1500, BW: 100000 Kbps, DLY: 100000 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 5 minutes input rate 0 bits/sec, 0 packets/sec

Maipu Confidential & Proprietary Information

Page 62 of 138

System Configuration and Management

5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received 0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped gigaethernet0: Flags: (0x408062) DOWN BROADCAST MULTICAST ARP RUNNING GWUP Type: ETHERNET_CSMACD Internet address: 128.255.40.77/22 Broadcast address: 128.255.43.255 Queue strategy: FIFO , Output queue: 0/256 (current/max packets)(0) Metric: 0, MTU: 1500, BW: 1000000 Kbps, DLY: 10 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 Ethernet address is 0000.0000.0000 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received 0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped gigaethernet1: Flags: (0x408062) DOWN BROADCAST MULTICAST ARP RUNNING GWUP Type: ETHERNET_CSMACD Internet address: 11.11.11.1/24 Broadcast address: 11.11.11.255 Queue strategy: FIFO , Output queue: 0/256 (current/max packets)(0) Metric: 0, MTU: 1500, BW: 1000000 Kbps, DLY: 10 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 Ethernet address is 0000.0000.0000 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received
Maipu Confidential & Proprietary Information Page 63 of 138

System Configuration and Management

0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped gigaethernet2: Flags: (0x408062) DOWN BROADCAST MULTICAST ARP RUNNING GWUP Type: ETHERNET_CSMACD Queue strategy: FIFO , Output queue: 0/256 (current/max packets)(0) Metric: 0, MTU: 1500, BW: 1000000 Kbps, DLY: 10 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 Ethernet address is 0000.0000.0000 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received 0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped gigaethernet3: Flags: (0x408062) DOWN BROADCAST MULTICAST ARP RUNNING GWUP Type: ETHERNET_CSMACD Queue strategy: FIFO , Output queue: 0/256 (current/max packets)(0) Metric: 0, MTU: 1500, BW: 1000000 Kbps, DLY: 10 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 Ethernet address is 0000.0000.0000 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received 0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped lo0: Flags: (0xc080e9) UP LOOPBACK MULTICAST RUNNING GWUP Type: SOFTWARE_LOOPBACK Internet address: 127.0.0.1/8
Maipu Confidential & Proprietary Information Page 64 of 138

System Configuration and Management

Queue strategy: FIFO , Output queue: 0/1 (current/max packets)(0) Metric: 0, MTU: 32768, BW: 8000000 Kbps, DLY: 5000 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets received; 0 packets sent 0 multicast packets received 0 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped dc0: Flags: (0x40408063) UP BROADCAST MULTICAST ARP RUNNING GWUP MANAGE Type: ETHERNET_CSMACD Queue strategy: FIFO , Output queue: 0/1 (current/max packets)(0) Metric: 0, MTU: 1500, BW: 100000 Kbps, DLY: 100 usec, VRF: global Reliability 255/255, Txload 1/255, Rxload 1/255 Ethernet address is 0000.0000.0000 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 292 packets received; 0 packets sent 292 multicast packets received 0 multicast packets sent 2 input errors; 0 output errors 0 collisions; 0 dropped

Display the information about the system version

router#show version MyPower (R) Operating System Software MP7500 system image file (dc0: rp7-g-6.0.7(h01-m14-e).bin), version 6.0.7(h01m14-e)(integrity), Compiled on Jun 18 2007, 08:53:40 Copyright (C) 1999 Maipu (Sichuan) Communication Technology Co., Ltd. All Rights Reserved.

MP7500 Version Information System ID : 350000163234

Maipu Confidential & Proprietary Information

Page 65 of 138

System Configuration and Management

Hardware Model 32 MBytes flash Hardware Version

: RM7A-MPU408-4GE with 512 MBytes DDR SDRAM,

: 010(Hotswap Supported)

MPU CPLD Version : 43 Monitor Version : 1.19

Software Version : 6.0.7(h01-m14-e)(integrity) Software Image File : dc0: rp7-g-6.0.7(h01-m14-e).bin Compiled : Jun 18 2007, 08:53:40

System Uptime is 0 hour 10 minutes 17 seconds

Display the information about the system copyright

router#show about MP7500 series modular architecture can incessantly offer clients as many flexible solutions as possible when new services and applications come into exsistence. With full support of the MyPower (R) Operating System Software,MP7500 series modular architecture will support the following applications: General Internet/intranet access LAN-to-LAN/LAN Internetwork Secure Internet/intranet access Multiservice voice/data integration Analog and digital dial access services Virtual Private Network (VPN) access Interconnecting with IBM SNA Network

MP7500 modular architecture include the following optional modules:

Copyright (C) 1999 Maipu (Sichuan) Communication Technology Co., Ltd. All Rights Reserved.

Display the status information of the components such as cards, SIU, power supply, and fan The show system command can be used to display the information about the running status of the components such as cards, SIU, power supply and fans.

Maipu Confidential & Proprietary Information

Page 66 of 138

System Configuration and Management

The command displaying example is as follows:

router#show system System Chassis Information (ID=00 - ONLINE) ---------------------------------------------------------------Device ID: Vender ID: Serial No.: 0005 0003 00000006 00017a016666

Chassis-MAC-Group-0:

00017a016667 00017a016668 00017a016669 00017a01666a Chassis-MAC-Group-1: 00017a01666b

00017a01666c 00017a01666d 00017a01666e 00017a01666f ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR

System Card Information(UNIT=20 - ONLINE) ---------------------------------------------------------------Type: MPU_RM7A_MPU408_4GE Status: Start Ok Last-Alarm: 0000 Card-Port-Num: 0 Card-SubSlot-Num: 2 Power-INTF-Status: 0003 Power-Card-Status: On Serial No.: 00000000 Card-Name: <NULL> Description: <NULL> Power-RT-Infomation: Voltage-In: 11.63 V Hardware-Information: HW-State: 0000

Maipu Confidential & Proprietary Information

Page 67 of 138

System Configuration and Management

PCB-Version: H01 CPLD-Version: 43 Software-Information: Monitor-Version: 1.14 Software-Version: 6.0.5(h01-b12-p)(integrity) Temperature-Information: Temperature-State: Temperature = 27. Last-Alarm = 0. CPU-On-Card-Information: < 1 CPUs> CPU-Idx: 00 Status: 0000 Core-Num: 0004 Core-State: Core-Idx-00 Core-Status: 0000 Core-Utilization: 0% Core-Idx-01 Core-Status: 0000 Core-Utilization: 0% Core-Idx-02 Core-Status: 0000 Core-Utilization: 0% Core-Idx-03 Core-Status: 0000 Core-Utilization: 0% Temperature: Temperature-State: Temperature = 43. Last-Alarm = 0. MEM-On-Card-Information: <1 MEMs> MEM-Idx: 00 MEM-State: BytesFree = 494829816 bytes BytesAlloc = 42035960 bytes BlocksFree = BlocksAlloc =
Maipu Confidential & Proprietary Information

119 blocks 17044 blocks


Page 68 of 138

System Configuration and Management

MaxBlockSizeFree = 197052064 bytes DISK-On-Card-Information: <3 DISKs> DISK-Idx: 00 Type: Flash Status: Online Last-Alarm: 0000 DISK-State: SizeTotal = 33554432 bytes SizeFree = 16666624 bytes DISK-Idx: 01 Type: Unknown Status: Offline Last-Alarm: 0000 DISK-Idx: 02 Type: Unknown Status: Offline Last-Alarm: 0000 CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.8 Software-Version: 1.1.6 ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR

System Card Information(UNIT=20,SLOT=00 - ONLINE) ---------------------------------------------------------------Type: LGU_RM7A_MPU408_4GE_DC Status: Init Last-Alarm: 0000 Card-Port-Num: 1 Card-SubSlot-Num: 0 Power-INTF-Status: 0000 Power-Card-Status: On ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR

Maipu Confidential & Proprietary Information

Page 69 of 138

System Configuration and Management

System Card Information(UNIT=20,SLOT=01 - ONLINE) ---------------------------------------------------------------Type: LGU_RM7A_MPU408_4GE_GE Status: Init Last-Alarm: 0000 Card-Port-Num: 4 Card-SubSlot-Num: 0 Power-INTF-Status: 0000 Power-Card-Status: On ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR

System Card Information(UNIT=21 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR

System Card Information(UNIT=00 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR

System Card Information(UNIT=01 - ONLINE) ---------------------------------------------------------------Type: LPU_RM7B_1ATM_OC3H Status: Start Ok Last-Alarm: 0000 Card-Port-Num: 1 Card-SubSlot-Num: 0 Power-INTF-Status: 0000 Power-Card-Status: On Serial No.: ffffffff Card-Name: 1ATM Description: <NULL> Power-RT-Infomation:
Maipu Confidential & Proprietary Information Page 70 of 138

System Configuration and Management

Voltage-In: 0.00 V Hardware-Information: HW-State: 0000 PCB-Version: H01 CPLD-Version: 42 SFP-On-Card-Information: <1 SFPs> SFP-Idx: 00 Type: 0000 Status: Online Info-Struct: id = 0003 connectorType = 07 bitRate = 01 sonetCompatibility = 02 gigaCompatibility = 00 linkLength = 0f960000 serial-no. = 842043908064 version = 10 vendor-name = FIBERXON INC. vendor-part-num = FTM-3001C-S15 CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.7 Software-Version: 1.1.6 ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR

System Card Information(UNIT=02 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR

System Card Information(UNIT=03 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR

Maipu Confidential & Proprietary Information

Page 71 of 138

System Configuration and Management

System Card Information(UNIT=04 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR

System Card Information(UNIT=05 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR

System Card Information(UNIT=06 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR

System Card Information(UNIT=07 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR

System Power Information(ID=30 - ONLINE) ---------------------------------------------------------------Status: Abnormal Last-Alarm: 0000 Serial No.: <NULL> Description: <NULL> Power-RT-Information: Fan-Status: Abnormal Type-In: AC Voltage-In: 0.00 V Current-In: 0.00 A CMM-Information: Hardware-Type: 0000 Monitor-Version: <NULL> Software-Version: <NULL> ---------------------------------------------------------------Maipu Confidential & Proprietary Information Page 72 of 138

System Configuration and Management

STATISTICS:

1 IN, 0 OUT, 0 IERR, 0 OERR

System Power Information(ID=31 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR

System Power Information(ID=32 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR

System FAN Information(ID=40 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR

System FAN Information(ID=41 - ONLINE) ---------------------------------------------------------------Status: Offline Last-Alarm: 0000 Serial No.: <NULL> Description: <NULL> ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR

System SIU Information(ID=28 - ONLINE) ---------------------------------------------------------------Type: 0000 Status: Online Last-Alarm: 0000 Serial No.: 00000000 Description: <NULL> Hardware-Information: PCB-Version: H01
Maipu Confidential & Proprietary Information Page 73 of 138

System Configuration and Management

CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.8 Software-Version: 1.1.6 ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR

router#

Note The show system command can be used to display the information about the running status of the corresponding component by setting different parameters: show system mpu {local | peer}: display the information about the running status of the local/peer MPU card; show system lpu <0~7>: display the information about the running status of the LPU card in the slot of the device; show system siu: display the information about the running status of the SIU; show system power <0~2>: display the information about the running status of the power components; show system fan <0~1>: display the information about the running status of the fan components;

Protocol Debugging
The system provides the debugging switches for various protocols, including IP, PPP, HDLC, OSPF, FR, and X25. The following example briefly explains the enabling and disabling of the debugging switch.

Enable the protocol debugging switch Enable the packet debugging switch of IP protocol access list:

router#debug ip packet access-list

Maipu Confidential & Proprietary Information

Page 74 of 138

System Configuration and Management

Enable the debugging switch of the RIP protocol:

router#debug ip rip events

Enable the debugging switch of the PPP protocol (on interface s1/0):

router#debug ppp negotiation s1/0

Enable the debugging switch of the HDLC protocol:

router#debug hdlc s1/0

FR has many protocol debugging switches, including:

Debug frame-relay lmi [interface/<CR>] Debug frame-relay log [interface/<CR>] Debug frame-relay packet [interface/<CR>]
The specific protocol debugging corresponding chapters in detail. switches are described in the

Disable the protocol debugging switch In order to disable the protocol debugging switch, users only need to add a command word no before the command to disable the related switch; or use the command no debug all to disable all debug switches.

Network Troubleshooting Tools


For details, refer to the chapter of Network Test and Troubleshooting.

System Log Function


System log function comprises two aspects. One is to add some header information for the printed log messages, such as time stamp and task name. The other is to output and store the log messages in different
Maipu Confidential & Proprietary Information Page 75 of 138

System Configuration and Management

formats, including printing to the console port, printing to the telnet terminal via switch, writing to the memory file, writing to the flash file, and sending to the log sever.

The commands of the system log function are as follows:


Command logging enable logging color Description To enable the log function; the command no logging enable can be used to disable the log function To configure the colors when the log information with different levels are displayed on the command-line terminal; the configured levels include Emergency, Alert, Critical, Error, Warn, Notify, Information, and Debugging; the corresponding levels are 0-7. The configured colors include blue, brown, cyan, green, purple, red, and white. To enable recording log information in the memory buffer; the name of the memory file is /log/logging; the corresponding command no logging buffer can be executed to disable the function To configure the size of the memory buffer which is used to record the log information; the value range is 4096409600 bytes; the default value is 100K To configure the information whose level is higher than one level to be recorded in the memory buffer; the default level is notify, that is, the information of level 0-5 is recorded to the memory buffer To enable the function of outputting the log information to the console port; the no logging console command can be used to disable the function To configure the information whose level is higher than one level to be output to the console port; the default level is debugging, that is, all information of level 0-7 needs to be output to the console port To enable the function of recording the log information to the flash file system; the file name is /flash/logging. The corresponding command no logging file can be executed to disable the function To configure the size of the log file in the flash file system; the value range is 4096-1048576 bytes. The default value is 100K To configure the information whose level is higher than one level to be recorded to the flash log file; the default level is warn, that is, the information of level 0-4 is recorded to the flash log file. To enable the function of sending the log information to the specified log sever. The command no logging trap can be used to disable the function. To configure the host name or IP address of the log sever and the information level that needs to be sent to the log sever. You can specify the VRF name to send the information out via VRF. By default, the log server is not configured; the level of the information sent to the log server is 0-4. To configure the source address used for sending the information to the log server Configuration Mode config config

level color

logginglogging-

logging buffer logging buffer maxsize buffer-size logging buffer logging-

config

config config

level

logging console logging console

config config

logging-level

logging file file logging max-size logging file

config

config config

file-size

level

logging-

logging trap logging log-server [vrf vrf-name] startlevel [end-level] logging source-ip

config config

config

source-address

Maipu Confidential & Proprietary Information

Page 76 of 138

System Configuration and Management

logging event logging monitor logging monitor

logging-level

logging facility type service timestamps log | debug [datetime [msec] | uptime] service taskname [log | debug] clear logging [buffer | file] show logging [file | buffer] terminal monitor

To configure the executed shell commands to be sent to the log server To enable the function of outputting the log information to the telnet and SSH terminals. The corresponding command no logging monitor can be executed to disable the function. By default, the function is enabled. To configure allowing the information whose level is higher than one level to be output to the telnet and SSH terminals; the default level is debugging, that is, the information of level 0-7 can be output to the telnet and SSH terminals. To configure the types of the log information sent to the log sever. The types include auth, cron, daemon, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, news, sys10, sys11, sys12, sys13, sys14, sys9, syslog, user, and uucp. By default, the type is local7. To configure the time stamp option of the log message header: local time (datetime) or the enabling time of the system (uptime). The parameter debug means the message output to the terminal; the parameter log means the message recorded to the log file. To configure to add the task name in the log message header; log means adding the task name to the message header written to the log file; debug means adding the task name to the message header written to the terminal To clear the log contents of the memory or flash file; if the type is not specified, clear up the log files of the memory and flash To display the log contents of the memory or flash file; if the type is not specified, display only the log contents of the flash To enable the switch of printing the log information on the telnet and SSH terminals; the log information can be printed on the telnet and SSH terminals only by executing the command.

config config

config

config

config

config

enable enable enable

Note Except the show and clear commands, the above commands have the corresponding no commands. You can use the no commands to delete the corresponding configurations, cancel the corresponding function or recover the default value.

The log messages are graded from level 0 to level 7 according to the severity levels. Level 0 means the message level is the most severe. By default, the information of level 0 -7 is all printed to the console interface; if the terminal monitor command is configured on the telnet terminal; the information of level 0-5 is written to the memory file; the information of level 0-4 are written into the flash file; the information of level 0-5 is sent to the log server.

Maipu Confidential & Proprietary Information

Page 77 of 138

System Configuration and Management

Meanwhile, the commands for modifying the level range are provided. The related commands are logging console levellogging monitor level logging buffer levellogging file leveland logging ip-address level. If one level is configured as level, it means the level range is 0- level.

For example, the command of configuring the level of the log information recorded to the flash is as follows:

router(config)#logging file ? <0-7> alerts critical debugging emergencies errors informational notifications warnings <CR>
The information levels are defined as follows:
Level 0 1 2 3 4 5 6 7 Key Word emergencies alerts critical errors warnings notifications informational debugging Description The system is unusable. You need to take action at once. The critical statue The error statue The warning status Normal status, but needs to be noticed The informational messages The debugging information

Logging severity level Immediate action needed Critical conditions Debugging messages System is unusable Error conditions Informational messages (severity=1) (severity=2) (severity=7) (severity=0) (severity=3) (severity=6)

Normal but significant conditions (severity=5) Warning conditions (severity=4)

View CPU Utilization


Maipu routers provide the tools for viewing the CPU utilization, that is, after enabling the switch for monitoring CPU, users can view the CPU using condition of each task in a period and the total using condition of CPU in a period.

The related commands are as follows:

Maipu Confidential & Proprietary Information

Page 78 of 138

System Configuration and Management

Command check enable check disable cpu cpu

Description To enable the switch for monitoring cpu and start to collect the data of cpu utilization To disable the switch for monitoring cpu and stop collecting the data of cpu utilization. The default status is disable. To set the time interval for refreshing the current cpu utilization. By default, it is 2 seconds. Whether to display in the simple mode, which means only to display the task which uses CPU. By default, the simple mode is disabled. To view the present parameters and status of check cpu, such as whether to enable the monitoring switch. To enable the switch for monitoring CPU, and start to monitor the CPU using condition of each task To disable the switch for monitoring CPU, and stop monitoring the CPU using condition of each task To enable the switch for monitoring CPU, and start to monitor the total using condition of the CPU in a period To disable the switch for monitoring CPU, and stop monitoring the total using condition of the CPU in a period To display the CPU using condition of each task To display the total using condition of the CPU in a period

Configuration Mode config config config config config enable enable enable enable enable enable

check cpu time-interval

value

check cpu view [simple] check cpu parameter spy cpu no spy cpu monitor cpu no monitor cpu show cpu show cpu monitor

Example: In the privileged user mode, use the command spy cpu at first to monitor the CPU using condition of each task, and then use the command show cpu to display the CPU using condition of each task.

router#spy cpu router#show cpu

System monitor result:

NAME -------tExcTask tLogTask tRlimit

ENTRY --------

TID PRI total % (ticks) delta % (ticks)

----- --- --------------- --------------3f9bb68 3f98f90 353bf80 5 0 0 0% ( 0% ( 0% ( 0) 0) 0) 0% ( 0% ( 0% ( 0% ( 1) 0) 0) 0) 0) 0) 0% ( 0% ( 0% ( 0) 0) 0) 0) 0% ( 0) 0) 0) 0) 0) 0)


Page 79 of 138

tKmemReapd tExcTrace tFmmHdle tCPUMonitor tShell1 tMbufTask tSysLog

3f742a0 10 3555e30 10 2c56238 10 3f90ac0 10 2b41248 20 2e047b0 40 2cb67c8 40

0)

0% ( 0% ( 0% (

0% ( 0% ( 0% (

0% ( 0% ( 0% (

Maipu Confidential & Proprietary Information

System Configuration and Management

tLocalStat tPPPExe tFRExe tMFRExe systimerhigh tNetTask tFwdTask tEthTx0 tSccRx2 tSccTx2 tModDet2 tHdlcTim tSccRx3 tSccTx3 tModDet3 tRtrSched tRtrIcmpRcv tRtrJitter tRtrWdog tConMSig tActive tSysTask tAaaRecv tPFAFPSS systimer tGTL tLogHash tELD tInfoguide tFecDetect tEnetDet0 tTffsPTask tStaticRt tRtrSta tAclTask tPmtud tTelnetd

34ff8b8 45 353a910 50 35379a0 50 3531998 50 34083a8 50 2def410 50 2dec8a8 50 2cfe140 50 2ced828 50 2cec048 50 2cea868 50 2ce9258 50 2ce0828 50 2cdf048 50 2cdd868 50 2c6a968 50 2c67bf8 50 2c64e88 50 2c620a8 50 2d404e0 55 2b3a650 55 3411928 60 2c46f80 80 3502220 90 3409cf8 90 2de7c00 90 2d9d7e0 90 2c4be58 90 2bebda8 90 2d17c50 95 2cface8 95 3f97478 100 2dc8c70 100 2c5ede0 100 2d6eb60 110 2df1dc0 120 2b39258 120

0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% (

0)

0% (

0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0)
Page 80 of 138

0) 0% ( 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0) 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% (

0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% (

0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% (

0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% ( 0% (

Maipu Confidential & Proprietary Information

System Configuration and Management

tTelnetd6 tFmmDtct tDcacheUpd tTunnel tLFree tIdle KERNEL INTERRUPT IDLE TOTAL

2b35448 120 2c50d98 220 34a8138 250 34035d8 250 340ed40 255 3f8f268 255

0% ( 0% ( 0% ( 0% ( 0% (

0)

0% (

0) 0) 0) 0) 0) 0) 0) 0) 13) 13)

0) 0% ( 0) 0) 0) 0% (

0% ( 0% (

0% ( 0% ( 0% (

1) 1) 0)

0% ( 0% ( 0% (

99% ( 99% (

447) 100% ( 450) 100% (

In privileged user mode, first use the monitor cpu command to monitor the total utilization of CPU in some periods, and then use the show cpu monitor command to display the total utilization of CPU in some periods.

router#monitor cpu router#show cpu monitor CPU utilization for five seconds: 2%; one minute: 1%; five minutes: 1%

CPU utilization per second in the past 60 seconds:

0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0%

CPU utilization per minute in the past 60 minutes:

1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 2% 1% 1% 1% 1% 1% 2% - - - - - - - - - - - - - - - - - - -

CPU utilization per quarter in the past 96 quarters:


Maipu Confidential & Proprietary Information Page 81 of 138

System Configuration and Management

1% - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - -

- - - - -

The above three data tables respectively display the cpu using condition of each second in the past 60 seconds, each minutes in the past 60 minutes and each quarter in the past 96 quarters. (- means the moment that does not come).

Note When the function of monitoring the CPU using condition is enabled, the task tCheckCpu collects the cup data ceaselessly (by default, the interval is 2 seconds), which occupies some resources of cpu. Therefore, if it is unnecessary to diagnose the CUP utilization of each task, you had better not enable the function of monitoring the CPU using condition.

Set CPU and Environment Alarm Temperature


MP7500 router supports configuring the system CPU and environment alarm temperature. When CPU or MPU card environment temperature reaches the threshold value, the log appears and the trap is sent (trap needs to be configured). Meanwhile, the trap is sent to the SIU to display. The default threshold of the CPU and environment alarm temperature is 70 .

Maipu Confidential & Proprietary Information

Page 82 of 138

System Configuration and Management

Command alarm temperature {cpu| environment }

Description To configure the threshold of the local MPU card temperature

Configuration Mode CONFIG

temperature

Set SIU Display Language


MP7500 router supports configuring the SIU display language. By default, the SIU display language is English. You can configure it to Chinese.
Command siu language {English |Chinese } Description To configure the SIU language display Configuration Mode CONFIG

Set System Alarm Parameters


MP7500 router supports configuring the parameters of the system alarm, including the shielding for the fault alarm of a level and un-shielding, as well as the alarm shielding time after pressing the button for clearing up the alarms.
Command sysAlarm Description To configure the time for shielding the alarms of the system To configure the type of the shielded alarm Configuration Mode CONFIG CONFIG

shieldTime

shield

time

sysAlarm shield type {minor|major|critical|all}

Note: The parameters of shielding system alarms are saved in the shelf and are not related to the configuration file. Therefore, the parameters need to be displayed via the following command.

show sysAlarm shield [time|type|CR]


Command time type Description To display the time for shielding the alarms of the system To configure the type of the shielded alarm Configuration Mode ENABLE ENABLE

Maipu Confidential & Proprietary Information

Page 83 of 138

System Configuration and Management

Configure Rollback Function


Configuring the rollback function means to restore the configuration to one backup configuration. The main functions are as follows: 1. Restore immediately when abnormality appears: After modifying some configurations, the user finds that some functions become abnormal, but do not know the reasons and which configuration causes the abnormality. Here, the user can perform the rollback operation to restore the configuration to the status before the problem appears. Compared with canceling a single command, using the rollback function to restore the previous configuration is faster and easier. 2. Return to the previous configuration: You configuration to the last running environment. can restore the

3. Restore the rescue configuration: If the rescue configuration file is saved (the configuration file may be the most stable and most reliable configuration which is used and verified by the user for a long time), any onsite person (even without technical background) can use the rescue configuration to perform the fast and safe rescue configuration rollback. This is used in case of emergency.

The configuration commands are as follows:


Command Description To configure the rollback Number: It is the number of the configuration file to be rolled back. It is the number of the valid rollback configuration displayed according to the current generated configuration file automatically; Rescue: Roll back to the rescue configuration; Confirmed time: It means that you need to wait for confirming after rollback. If it is not confirmed, it restores automatically after 10 minutes. To save the current configuration; the previous startup files are reserved as the rollback configuration files, that is, the backup startup files. Rescue means to save the current configuration as the rescue configuration. To confirm the rollback To display the rollback file Number: It is the number of the rollback configuration file to be Configuration Mode

rollback [number|rescue] [confirmed [time] ]

enable

write [rescue]

enable

rollback-confirmed show rollback [ number | rescue | confirmed-status |

enable enable

Maipu Confidential & Proprietary Information

Page 84 of 138

System Configuration and Management

auto-rollback-file ]

displayed. It is the number of the valid rollback configuration displayed according to the current generated configuration file automatically. If the number is not specified, display the current startup file by default; Rescue: to display the contents of the rescue configuration; confirmed-status: to display the status of the rollback confirming (whether it is still in the rollback confirming state; auto-rollback-file: the automatically rolled back configuration script file in the rollback confirmed state.

Note 1. The interfaces become up/down during the rollback. Currently, the operation of configuring rollback is to first clear the current script, and then configure the configuration file to be rolled back. There is an operation of clearing the current configuration, so it results in the up/down of the interfaces and the up/down of the dynamic route neighbor. 2. There are some risks. For example, if operating on telnet, clearing the configuration causes that the telnet cannot be connected. If the interface address is modified, the telnet cannot be connected forever.

Pagination Display Function


When the device outputs the information, such as route table information, there may be much information. If it is not controlled, the device may output the information for a long time and cannot do other things. The pagination display function is to output only one page every time, and after inputting one control character (such as space), output the next page, that is, the information output can be controlled.

Besides, the extended output function is provided, that is, filter the displayed output contents or directly input to other medium. For example, filter and display according to the specified character string, save the displayed contents to other files, and transmit to the FTP server via FTP.

The related commands are as follows:


Maipu Confidential & Proprietary Information Page 85 of 138

System Configuration and Management

Command

more { on | off | | displine [num] help }

| {begin _LINE_ | include [context] _LINE_ | exclude _LINE_ | redirect {file filename | ftp [vrf vrf-name] host usr pwd filename } }

Description To set the more switch, the number of the lines displayed on each screen, and the help information of displaying more; On: to open the switch of the more function; by default, it is opened; Off: to shut down the switch of the more function. The displayed contents are first re-directed and output to the temporary file. However, they are directly output, but not output in the format when being output. displine num: to set the number of the lines to be displayed on each screen. The default value is 24 lines. The value range is 5-50 lines. If the number of the characters on one line is larger than 80, it is regarded as two lines. Help: to display the using of some keystrokes of the more function. The extended subcommand is registered after the display command of the module. | more: the ID of the extended subcommand; begin _LINE_: to display starting from the specified character string; Include [context] _LINE_: only to display the contents that contain the specified character string; if the context is added, the context of the specified contents are also be displayed; exclude _LINE_: to display the contents that exclude the specified character string; redirect file filename: to copy the displayed contents to the specified file (file name); redirect ftp [vrf vrf-name] host usr pwd filename: to transmit the displayed contents to the FTP server via ftp.

Configuration Mode

enable

enable

Note The more output extended command is registered by the display command of the module and serves as the subcommand of the display command of the module. Currently, only the display commands of some modules register the more extended subcommand.

Maipu Confidential & Proprietary Information

Page 86 of 138

System Configuration and Management

Remote Login Service

telnet
Overview
MP routers provide telnet server/client function (the default service port is 23). Users can telnet to the router to operate via LAN or WAN. Up to 16 telnet users can be online at the same time. Users can configure the attributes of the telnet login via the command line vty.

Meanwhile, MP routers provide the commands of the telnet client. In the common user mode and the privileged user mode, users can execute the following command to telnet to a device.

Basic Commands
The client command is as follows:
Command telnet Description To log into the specified remote host or device Configuration Mode enable config

telnet
The router can serve as the telnet client and can log into other devices that provide the telnet service remotely to perform operations.

telnet [vrf vrf-name] hostname/ip-address [port-number] [ipv4 | ipv6] [source-interface interface]


Syntax Description To specify the VRF name To specify the peer address To specify the peer port number If hostname uses the domain name, use the corresponding ipv4 address of the domain name first.

vrf-name hostname/ip-address port-number


ipv4

Maipu Confidential & Proprietary Information

Page 87 of 138

System Configuration and Management

ipv6

source-interface

interface

If hostname uses the domain name, use the corresponding ipv6 address of the domain name first. To specify the telnet source address to adopt the address of the specified interface The specified source interface

Default statusThe default telnet service port is 23.

SSH
MP routers provide a much more secure remote login service-SSH service (the service port is 22). It permits that at most 16 SSH login users at the same time. Users can configure the attributes of the ssh login via the command line ssh-vty.

Relate commands are as follows:


Command sshkeygen ip ssh server no ip ssh server show fingerprint Description To generate a new SSH key-pair To enable the SSH service To disable the SSH service To display the SSH key-pair Configuration Mode enable config config config enable

Maipu Confidential & Proprietary Information

Page 88 of 138

System Configuration and Management

System Information Unit (SIU)


In Maipu routers, the main tasks of system information unit are: Display the system information circularly in the idle mode Query the system information in menu mode Print real-time information in real time

Operation Methods
System Information Unit (SIU) has five keystrokes, including up, down, right, left, and confirm. SIU has two modes to display information, including idle mode and menu mode. In idle mode, display the system information circularly. In menu mode, you can use the keystrokes on SIU to query various kinds of system information. In idle mode, you can press any key to enter into the menu mode; in menu mode, if there is no keystroke for 30 seconds or press the left key from the last-level menu, you can return to the idle mode.

The functions of the keystrokes in menu mode are as follows:


Keystroke Up Down Left Right Confirm Function Roll upward: select other menu or view other contents Roll downward: select other menu or view other contents In the highest menu, exit the menu mode and enter into the idle mode; otherwise, exit to the upper-level menu. Enter into the next-level menu. If there is no next-level menu, the right keystroke is unavailable. The function is the same as the right keystroke.

Note After pressing the keystroke every time, the background light is on for 10 seconds. If there is no keystroke to be pressed for 10 seconds, the background light turns off.

Maipu Confidential & Proprietary Information

Page 89 of 138

System Configuration and Management

View Information
Idle Mode
In idle mode, display various kinds of system information circularly according to the specified order. During displaying, refresh the information every two seconds. The time for displaying the information varies with importance of the information.

In the idle mode, the displayed contents are as follows:


Name of Displayed Information Displayed Contents (MPU not work) MPU Not used (MPU is working) Master/slave mode of MPU CPU utilization of MPU CPU nucleus temperature of MPU Normal state of the CPU temperature of MPU (LPU at place, but cannot be identified) LPUunknown (LPU at place and can be identified) LPUtype LPU Register status Fan shelf Fan shelfstatus Power module Status Input voltage Input current Router type Company address Contact phone number Company website

MPU information

LPU information

Fan shelf information Power module information

Routine information

Note If the above information cannot be displayed on one screen, it is displayed on several screens.

Menu Mode
In menu mode, you can use the keystrokes to select the menu to display various contents. During displaying, refresh the information every two seconds. If it is found that the menu does not exist during refreshing, exit to an existing menu. In menu mode, the displayed contents are as follows:

Maipu Confidential & Proprietary Information

Page 90 of 138

System Configuration and Management

Menu Name

System Menu

MPU list

Displayed Contents MPU information LPU information SIU information Fan information Power information Alarm information Log information Clear logs Routine information MPU list (MPU not work) The MPU card is not used! (MPU is in the working state) MPU working mode Managed slot list CPU utilization CPU temperature CPU status MPU card temperature MPU temperature status Memory size Memory utilization Flash size Flash utilization Input voltage Serial number Hardware version CPLD version Software version CMM version (No LPU) No LPU information (has LPU) LPU list LPU register status Input voltage Serial number Hardware version CPLD version CMM version SIU register status Serial number Hardware version CMM version (no fan shelf) No fan shelf (has fan shelf) Fan shelf list Fan status Fan working status List the power modules Power module type Input voltage Input current Serial number Hardware version CMM version (No alarm information)

Menu Level

Level-one menu

Level-two menu

MPU information

Level-three menu

LPU list

Level-two menu

LPU information

Level-three menu

SIU information

Level-two menu

Fan shelf list

Level-two menu

Fan shelf status Power list module

Level-three menu Level-two menu

Power module information Alarm

Level-three menu

Level-two menu

Maipu Confidential & Proprietary Information

Page 91 of 138

System Configuration and Management

information

Log list

information

Log information Delete logs Routine information

No alarm information (Has alarm information) All alarm information (No log information) No log information (Has log information) Log information list Display the specified log information (Up to 20 recent logs can be saved and are lost after restarting) Confirm Cancel (Confirm or cancel and exit to the system menu) Device type Company address Contact phone number Company website

Level-two menu

Level-three menu Level-two menu

Level-two menu

Note In menu mode, if there are selectable menus, you can roll the menus circularly. If no selectable menus and only display data, you cannot roll circularly.

Display Real-time Information


When the router runs and if there is real-time information to prompt the user, the SIU module can be used to prompt.

When SIU receives alarm information, use the lowest line on the screen to display the real-time information. Move one word to the left every 0.6 second until all information are moved out of the screen.

The SIU saves the real-time information as the log.

Note 1. When displaying the real-time information, the data at the lowest line of the displayed contents is blocked. 2. When displaying the information, clear the log and stop displaying the information immediately.

Maipu Confidential & Proprietary Information

Page 92 of 138

System Configuration and Management

Embedded (EEP)
Main contents: Introduction to EEP Basic commands of EEP

Event

Platform

Application examples of EEP Monitoring and debugging of EEP

Introduction to EEP
Embedded Event Platform (EEP) is one extendable event detection and processing mechanism, which is provided directly in the device and can be customized by the user. EEP provides a method for the user to monitor specified event, get the information and set the action when the event happens.

The tracing and management of the event is executed outside the network devices traditionally. EEP provides a capability of performing the event management actively and directly, which is very useful. The communication between the device and the exterior network management device may fail, so not all event management can be done outside the device. When the event happens, take the restoring action immediately, collect the information and analyze the essential reason, which is very valuable for processing the fault. If the auto-restoring action of the device can be complete without restarting the device, the usability of the network is improved correspondingly.

EEP comprises three parts, including event detection layer, event message receiving and processing layer, and policy layer. The event detection layer filters and matches the set events in the policy and sends out event messages; the event message processing layer completes the corresponding processing according to the event type; the policy layer
Maipu Confidential & Proprietary Information Page 93 of 138

System Configuration and Management

completes the logical processing of the policy and executes the action specified by the policy.

EEP policy:
EEP policy is an entity and includes all actions that need be executed when the event is triggered and event happens.

EEP event:
Currently, EEP supports none event and timer event. The other events can be extended in the structure. None event means that the policy needs to trigger the event by running the event platform run command manually. Timer event can set four kinds of timer events as follows. Countdown: The event happens when counting down the set time to 0. The event is triggered for only once. The set time cannot be re-set. The minimum unit is second. Watchdog: The event happens when counting down the set time to 0. The event can be triggered many times. When the set time becomes 0, it is re-set to the initial value. The minimum unit is second. Absolute: The event happens when the absolute calendar time reaches. The minimum unit is minute. Calendar: The event happens when the set date and moment reach. The event can happen many times according to the set period. The minimum unit is minute.

EEP action
Currently, EEP supports the actions, including cli-command, reload, forceswitchover, and syslog. cli-command: Execute the commands of the command line interface (CLI); Reload: Restart the control card (MPU) of the device; Master: restart the master MPU; Slave: restart the slave MPU. Do not carry the optional parameters (restart master and slave MPU).

Maipu Confidential & Proprietary Information

Page 94 of 138

System Configuration and Management

force-switchover: perform the master/slave switch of the device. Syslog: writ the message to syslog.

Note When the device does not have the corresponding slave card or does not support the set action, the CLI prompts not to support the action.

The EEP configuration includes the following three parts: Configure policy; Configure the event of triggering policy; Configure the policy action;

Basic Commands
Command event platform applet policy-name event none event timer { countdown time-value | watchdog time-value | absolute year month day time | calendar { permonth day time | per-week wday time | per-day time | per-hour minute }} Description *To create the EEP policy or modify the EEP policy *To configure the none event *To configure the timer event Configuration Mode config config-eep config-eep

action number cli-command cli-string action number force-switchover action number reload [ master | slave ] action number syslog [ priority priority-level ] msg msg-text event platform run policy-name event

*The action is to execute the specified CLI command. *The action is to perform the master/slave MPU switch. *The action is to reload. The action is to write the message to syslog. *To run the specified policy manually *To stop executing all policies or one policy

config-eep config-eep config-eep config-eep config config

policy-name]

platform

suspend

[policy

Note The symbol * before the command description means that there is the configuration example to describe the command in details later.

Maipu Confidential & Proprietary Information

Page 95 of 138

System Configuration and Management

event platform applet


The command is used to create the EEP policy or enter into the EEP mode to modify the policy. The no format of the command is used to delete the EEP policy.

event platform applet policy-name no event platform applet policy-name


Syntax Description The policy name, comprising up to 31 characters.

policy-name

Default statusNot defined

event none
The command is used to specify that the configured policy can run manually and does not need the event triggering. The no format of the command is used to delete the none event.

event none no event none


Default statusNot defined

event timer
The command is used to set the triggered event of the EEP policy as the set timer event. The no format of the command is used to delete the timer event.

event timer { countdown time-value | watchdog time-value | absolute year month day time | calendar { per-month day time | per-week wday time | per-day time | perhour minute }} no event timer
Syntax countdown Description To set one event happens when counting down the set time to 0; the time cannot be re-set. time-value specify the interval before the event happens; the unit is second To set one event happens when counting down the set time to 0. The event can be triggered many times. When the set time becomes 0, it is re-set to the initial value. time-value specify the interval before the event happens; the unit is second To specify the absolute calendar time when one event happens year the year in which the event happens; the value range is 2000-2100; month the month in which the event happens; the value range is January to December; day the day when the event happens; the value range is 1-31; time the time when the event happens; the format is hh:mm[:ss], that is,

watchdog

absolute

Maipu Confidential & Proprietary Information

Page 96 of 138

System Configuration and Management

calendar

hour:minute [:second]; the value range of the hour, minute and second is 059. To specify that one event is triggered when the specified date and moment reach; the time set by the command is the calendar time; the minimum unit is minute. per-month day time The event happens in the specified month; the event can be triggered once or many times in one month. The value range of Day is 1-31 and the format can be 1-5, 9, and 13; per-week wday time The event happens in the specified weekday; the event can be triggered once or many times in one week. The value range of Day is 06; the Sunday is 0; the format can be 1-3 and 5-6; per-day time The event happens in a specified moment of one day; the format is hh:mm[:ss], that is, hour:minute [:second]; the value range of the hour, minute and second is 0-59 per-hour minute The event happens at the specified moment of each hour; the value range is 0-59.

Default statusNot defined

action cli-command
The command is used to specify the action of executing the CLI command when the event is triggered. The no format of the command is used to delete the action.

action number cli-command cli-string no action number


Syntax Description The serial number of the action; the policy actions are arranged and executed by ascending. The executed CLI command; the first CLI command of one policy is executed in the config mode.

number cli-string

Default statusNot defined

action force-switchover
The command is used to specify one action as the switchover of the master/slave MPU during policy triggering. The no format of the command is used to delete the action.

action number force-switchover no action number


Syntax Description The serial number of the action; the policy actions are arranged and executed by ascending.

number

Default statusNot defined Note

Maipu Confidential & Proprietary Information

Page 97 of 138

System Configuration and Management

For the single-system device, the command is unavailable. The command is available on the device with the master/slave MPU switchover function.

action reload
The command is used to specify one action as the reload operation during the policy triggering. The no format of the command is used to delete the action.

action number reload [ master | slave ] no action number


Syntax Description The serial number of the action; the policy actions are arranged and executed by ascending. Only restart the master MPU card Only restart the slave MPU card

number
master Slave

Do not Restart all MPU cards; if it is the single-system device, restart the device. specify optional commands

Default statusNot defined Note For the single-system device, the optional commands master and slave are unavailable. But on the device with master/slave MPU, the optional commands are available.

action syslog
The command is used to specify to execute the action of writing the message to syslog during the policy triggering. The no format of the command is used to delete the action.

action number syslog [ priority priority-level ] msg msg-text no action number


Syntax Description The serial number of the action; the policy actions are arranged and executed by ascending. (Optional) to specify the priority of the syslog message. If the key word is selected, the priority needs to be specified later; if the key word is not selected, the default priority is informational. 1. priority-level the number of the priorities or the name of the priority. The value can be: {0 | emergencies}the system is unavailable; {1 | alerts}need to take action immediately; {2 | critical}critical statue

number
priority

Maipu Confidential & Proprietary Information

Page 98 of 138

System Configuration and Management

Msg

{3 | errors}error statue {4 | warnings}warning status {5 | notifications}normal, but need notice {6 | informational}only the informational message; it is the default level {7 | debugging}debugging information To specify the messages that need to be logged 2. msg-textthe text character string

Default statusNot defined

event platform run


The command is used to trigger the running policy manually and the policy event is the none event. The command does not have the no format.

event platform run policy-name


Default statusNot defined

event platform suspend


The command is used to suspend all policies or one policy, that is, after the event is triggered, do not execute the specified action. The no format of the command is used to re-awaken the policy.

event platform suspend [policy policy-name] no event platform suspend [policy policy-name]
Default statusNot defined

Application Examples
Application Example 1
Create the policy of triggering one timer event. After the event is triggered, execute the CLI command. Related configurations:
Command router(config)#event platform applet aa router(config-eep)#event timer calendar per-week 56 8:00 router(config-eep)#action 10 cli-command ip route 11.0.0.0 255.0.0.0 45.0.0.1 Maipu Confidential & Proprietary Information Description To create the policy aa To configure the timer as 8:oo of every Friday and Saturday to trigger the event When the event happens, add one route 11.0.0.0/8 45.0.0.1 Page 99 of 138

System Configuration and Management

router(config-eep)#action 20 cli-command ip route 12.0.0.0 255.0.0.0 46.0.0.1 router(config-eep)#exit

When the event happens, add the second route 12.0.0.0/8 46.0.0.1 To exit the configuration of the policy

Application Example 2
Create the policy of triggering one timer event. After the event is triggered, execute the reload slave action. Related configurations:
Command router(config)#event platform applet bb router(config-eep)#event timer calendar per-week 6 22:00 router(config-eep)#action 11 reload slave router(config-eep)#exit router(config)#event platform suspend policy bb Description To create the policy bb To configure the timer as 22:00 of every Saturday to trigger the event When the event happens, the executed action is to restart slave MPU To exit the configuration of the policy When you do not want the policy to execute, suspend the policy.

Application Example 3
Create the policy of one none event; the policy action is to perform the master/slave MPU switchover. Run the policy manually. Related configuration:
Commands router(config)#event platform applet cc router(config-eep)#event none router(config-eep)#action 10 forceswitchover router(config-eep)#exit router(config)#event platform run policy cc Description To create the policy cc The policy does not have event. You can run the policy only manually. When the event happens, perform the master/slave MPU switchover. To exit the configuration of the policy Run the policy cc manually

Monitoring and Debugging


Monitoring Command
Command show eep policy registered [detail | INEXIST-EVENT [detail] | NONE-EVENT [detail] | TIMEREVENT [detail]] Description To display the EEP policy

Maipu Confidential & Proprietary Information

Page 100 of 138

System Configuration and Management

Monitoring Command Example


The configurations are the same as the application examples.

router# show eep policy registered

Displayed result:

EEP state: Running

PID

PolicyState EventType EventState ActNum Name

============================================================ 1 Running Timer Running 2 aa

event timer calendar per-week 5-6 08:00 action 10 cli-command ip route 11.0.0.0 255.0.0.0 45.0.0.1, result: OK action 20 cli-command ip route 12.0.0.0 255.0.0.0 46.0.0.1, result: OK state: Pending, state: Pending,

Suspend

Timer

Running

bb

event timer calendar per-week 6 22:00 action 11 reload slave, state: Pending, result: OK

Running event none

None

cc

action 10 force-switchover, router#

state: Pending, result: OK

Description and analysis: EEP state: Running It is the EEP status. When the policy is not ever configured, the status is Init-finished and the resources of EEP such as tasks are not distributed. After configuring the policy, enable the resources such as tasks, and the status turns to Running. After configuring the event platform suspend command, the EEP status is Suspend. PID It is the ID of the policy, which is the natural number distributed by the system. PolicyState It is the policy status. The default status is Running. After configuring the suspend policy, the policy status is Suspend.

Maipu Confidential & Proprietary Information

Page 101 of 138

System Configuration and Management

EventType It is the event type, such as None event and Timer event. EventState It is the event status. When the event is Timer, display the timer status. When the timer is running, the status is Running. After the timer finishes, the status is Finished. When the timer fails to start or is not started, the status is Nostart. ActNum It is the total number of the actions of the policy. Name It is the name of the policy. event It is the event configuration of the policy. action It is the configurations of the action, and the status and execution result of the action.

Debugging Command
Command (no) debug eep Description To enable/disable EEP debugging switch; The notice of triggering the event and the execution result of the action can be displayed.

Maipu Confidential & Proprietary Information

Page 102 of 138

System Configuration and Management

SNMP Proxy Configuration


Main contents: Introduction to SNMP Basic commands of SNMP Configuration examples of SNMP

Server

Introduction to SNMP
SNMP (Simple Network Management Protocol) is a standard protocol to manage the Internet. Its purpose is to assure that the management information can be transmitted between the Network Management Station and the managed equipmentagent. It is convenient for the system manager to manage the network system.

SNMP adopts the tree labeling method to number each managed element and ensures that the number is exclusive. About the detailed information on SNMP protocol, refer to the materials about the TCP/IP protocol.

Basic Commands of SNMP


Command snmp-server start Description *To activate the SNMP network management * To set the SNMP community name To set the contact of the device manager Configuration mode config config config snmp-server community

community-name [view viewname] {ro | rw} [access-list] snmp-server contact <LINE>

Maipu Confidential & Proprietary Information

Page 103 of 138

System Configuration and Management

snmp-server context snmp-server enable traps snmp [authentication | coldstart | warmstart | linkup | linkdown | [enterprise [rmon-falling | rmon-rising | snmp-agent-up | snmp-agentdown ] ] ] snmp-server host ip[traps] address/host-name [community community-name] [version {1|2}] [vrf vrf-name] snmp-server enable keepalive[IPsec|sync-config] snmp-server location <LINE> snmp-server view view-name oid-string {include|exclude} snmp-server AddressParam [address-name | paramIn] v3 user-name {noauth|authnopriv |authpriv} snmp-server TargetAddress

To set V3 context *To enable the configuration of the snmp TRAP parameter

config config

* To set the host name or host address for receiving SNMP trap To enable snmp keepalive packet To set the location of the device * To set the network management view * To set the address parameter

config

config config config config

target-name ip-address port-num address-param taglist time-out retry-num

* To set the parameters of the destination address *To set the local and remote SNMPv3 entity engine To set engine group To set the source address of sending trap To test sending a notify to the network management station * To set the user group

config

snmp-server engineID {local engine-id} | {remote ip-address port-num [vrf vrf-name] engine-id [engineGroup]} snmp-server engineGroup groupname usrname {noauth | authnopriv | authpriv} snmp-server trap-source ip-

config

config config config config

address

snmp-server send snmp-server group group-name v3 {noauth|authnopriv|authpriv} [notify notify-view] [read readview] [write write-view] snmp-server user user-name group-name [remote ip-address portnum] v3 [auth {md5|sha} password [encrypt des password]] snmp-server notify notify notify-name taglist inform snmp-server notify filter filtername oid-subtree {exclude | include} snmp-server notify profile

* To set the user

config

*To set the notify table *To set the notify filtering table *To set the notify filtering address mapping table To set the source address of sending notify To set the proxy forwarding

config config config config config

filter-name address-param
snmp-server

address

ip-source

ip-

snmp-server proxy proxyname {inform | trap | read | write}

engineId addr

address-param

target-

Note
Maipu Confidential & Proprietary Information Page 104 of 138

System Configuration and Management

The symbol * before the command description means that there is the configuration example to describe the command in detail later.

snmp-server start
The command is used to enable the SNMP proxy to make the router be managed by the network management workstation. The no format of the command is used to disable the SNMP proxy.

snmp-server start no snmp-server start


Default statusThe SNMP proxy is disabled. Caution 1. After starting the device, the SNMP proxy server is disabled by default. Users have to use the command to enable the SNMP proxy. 2. When SNMP proxy is enabled, an initial view default and an initial community name public are configured.

snmp-server contact
The command is used to configure the contact of the device manager. The no format of the command is used to recover the default contact of the device manager.

snmp-server contact <LINE> no snmp-server contact


Syntax Description The contact mode of the device manager, which comprises up to 255 characters

<LINE>

Default statusMaipu Communications

snmp-server location
The command is used to set the location of the device. The no format of the command is used to restore the default location of the device.

snmp-server location <LINE> no snmp-server location


Syntax Description The location of the device, which comprises up to 255 characters

<LINE>

Maipu Confidential & Proprietary Information

Page 105 of 138

System Configuration and Management

Default status No.16, Jiuxing Avenue, High-tech Park, Chengdu, P.R.China 610041 Caution 1. To facilitate the management of a router, the above two commands can be configured on a router to make the network management station get the information about the router manager and the exact location of the router. By default, they are the full name and the address of the routers manufactory. 2. The above two parameters can be displayed in the configuration script and show command only when they are modified and different from the default values.

snmp-server view
The command is used to configure the view of the SNMP proxy. The no format of the command is used to delete the view.

snmp-server view view-name oid-string {include|exclude} no snmp-server view view-name oid-string


Syntax view view-name Description To configure the name of the view To specify the OID of the view To specify the attributes of the view Include: It means including all objects of the node; Exclude: It means excluding all objects of the node.

oid-string
{include|exclude}

Default statussnmp-server view default 1.3.6.1 include Caution An initial view default is configured when SNMP proxy is enabled. The OID is: 1.3.6.1; Include means all objects in the 1.3.6.1 sub-tree of MIB library are included; exclude means all objects except the 1.3.6.1 subtree of MIB library are excluded.

snmp-server community
The command is used to configure the community name of the SNMP proxy. The no format of the command is used to delete the community name.

snmp-server community community-name [view view-name] {ro | rw} [access-list] no snmp-server community community-name
Syntax community Description community- To set the community name

Maipu Confidential & Proprietary Information

Page 106 of 138

System Configuration and Management

name view view-name {ro | rw} To specify the view of the community name To specify the operation right of the community name Ro: read-only; Rw: write and read To specify the access control list or name of the community name

access-list

Default statussnmp-server community public view default ro Caution 1. The parameter community-name is used to specify the name of the community which the router is going to add into. Usually, the community name should be the same as the community name configured on the network management station. Otherwise, the network management station cannot perform any operation on the router. 2. The parameter { ro | rw} is used to set the right of the network management station for operating the router. The parameter ro means read-only and rw means reading/writing. 3. The parameter view is used to specify the view range for the community. For Maipu routers, the parameter view does not need to be configured (just use the default value). 4. The parameter access-list is used to control the access of a host in a community name via the access control list; so only the hosts whose community names are the same as the router and permitted by the access control list of the router can manage the router (for details, refer to the Maipu router access control module).

snmp-server host
The command is used to configure destination address and the related parameters of the SNMP proxy sending TRAP.

snmp-server host ip-address/host-name [traps] [community community-name] [version {1|2}] [vrf vrf-name] no snmp-server host ip-address/host-name
Syntax host ip-address/host-name Description To specify the IP address or name of the management workstation To specify the sending type as traps To specify the community name To specify the version number of the trap packet To specify the VRF name of sending trap

traps community community-name version {1|2} vrf vrf-anme

Default statusNo Caution


Maipu Confidential & Proprietary Information Page 107 of 138

System Configuration and Management

1. The parameter ip-address/host-name represents the name or IP address of the destination to which the traps message is sent. Usually, it is the IP address or name of the host on which the network management program is installed. Note that the trap message is the message the router forwardly sends to the host on which the network management program is installed. 2. If the parameters after host are not configured, such as traps, community-name and version, the system adopts the default configuration: typetraps, community-namepublic and version 2.

snmp-server trap-source
The command is used to configure the source address of sending the trap packet.

snmp-server trap-source ip-address no snmp-server trap-source


Syntax Description To specify the source ip address of sending the trap packet

ip-address

Default statusNo Caution The configured IP address must be the existing interface IP address in the system. Otherwise, the configuration fails.

snmp-server enable traps


The command is used to enable or disable the SNMP proxy to send trap.

snmp-server enable traps snmp [authentication | coldstart | warmstart | linkup | linkdown | [enterprise [rmon-falling | rmon-rising | snmp-agent-up | snmp-agentdown ] ] ] no snmp-server enable traps snmp [authentication | coldstart | warmstart | linkup | linkdown | [enterprise [rmon-falling | rmon-rising | snmp-agent-up | snmpagent-down ] ] ]
Syntax snmp authentication coldstart warmstart Description Toe enable/disable sending all TRAP of SNMP To enable/disable sending the failure trap of the SNMP authentication To enable/disable sending the cold-start trap of the SNMP proxy; usually, it is because of restarting the device To enable/disable sending the hot-start TRAP of the SNMP proxy;

Maipu Confidential & Proprietary Information

Page 108 of 138

System Configuration and Management

here, the device is not restarted. linkup linkdown enterprise rmon-failling rmon-rising snmp-agent-up snmp-agent-down To enable/disable sending UP TRAP of the interface link To enable/disable sending DOWN TRAP of the interface link To enable/disable sending all private TRAP defined by Maipu To enable/disable sending RMON declining threshold TRAP To enable/disable sending RMON increasing threshold TRAP To enable/disable sending the starting TRAP of the SNMP proxy To enable/disable sending the shutdown TRAP of the SNMP proxy

Default statusAll TRAP sending are disabled.

snmp-server enable keep-alive


The command is used to configure the router to send the configurations of the keep-alive information.

snmp-server enable keep-alive [IPsec | sync-config] ip_addr port interval no snmp-server enable keep-alive [IPsec | sync-config] ip_addr port
Syntax IPSec sync-config Description The keep-alive configuration used by the IPSec module To configure the keep-alive configuration used synchronously The destination IP address The destination UDP port The interval of sending the keep-alive packets

ip_addr port interval

Default statusNo Caution 1. Keep-alive of IPsec is used by IPsec module to inform the network management server of IPsec information. If the network management server is not used, the command is invalid. 2. Keep-alive of Sync-config is used to detect the keep-alive between network management servers. The command forces the device and network management server to keep the communication. If they cannot communicate with each other normally, the system is re-started. Therefore, do not use the command if unnecessary.

snmp-server engineID
The command is used to configure the engine ID of the local or remote SNMPv3 entity.

snmp-server engineID local engine-id snmp-server engineID remote ip-address port-num [vrf vrf-name] engine-id
Maipu Confidential & Proprietary Information Page 109 of 138

System Configuration and Management

no snmp-server engineID local no snmp-server engineID remote ip-address port-num [engine-group]


Syntax local engine-id remote Description The engine ID of the local SNMPv3 entity The engine ID of the remote SNMPv3 entity, used for sending the notification The IP address of the remote SNMPv3 entity The UDP port of the remote SNMPv3 entity To specify the VRF name of the device sending packets to the destination entity To specify the engine group to which the remote entity belongs, which is used to configure the auto-forwarding proxy

ip-address port-num
vrf vrf-name

engine-group

Default statusNo Caution When configuring automatic proxy forwarding, users may not know the IP address of the proxy device. Here, users can just input 0.0.0.0 at the location of ip-address. Moreover, the automatic proxy forwarding cannot work without the keepalive mechanism.

snmp-server engineGroup
The command is used to configure the SNMPv3 engine group.

snmp-server engineGroup groupname usrname {noauth | authnopriv | authpriv}


Syntax groupname Description The name of the engine group The user name

username

noauth | authnopriv | The security level of the user: no-authentication and no encryption, authentication but no encryption, authentication and authpriv encryption.

Default statusNo Caution The foregoing command is used to configure the automatic proxy forwarding. Before the command is configured, username needs to be configured in advance. The function of the command is to associate several engines (SNMPv3 entities) to an engine group. One user can be specified for each engine group. In this way, the username can be used to access any engine of the engine group. The parameter {noauth|authnopriv|authpriv} is used to explain the security level of the username, and should be consistent with the username.

snmp-server group

Maipu Confidential & Proprietary Information

Page 110 of 138

System Configuration and Management

The command is used to configure the SNMPv3 group.

snmp-server group group-name v3 {noauth|authnopriv|authpriv} [notify notifyview] [read read-view] [write write-view]
Syntax group group-name v3 Description The group name

The security model of the group is SNMPv3. Currently, only the SNMPv3 security model is supported. noauth | authnopriv | The security level of the group: no-authentication and no encryption, authentication but no encryption, authentication and authpriv encryption. notify notify-view To configure the notify-view of the group. read read-view write write-view To configure the read-view of the group. To configure the write-view of the group.

Default statusNo Caution In the SNMPv3, map a group-name, security information and message type (read, write or notify) into a MIB view. A given MIB view can determine whether a managed object can be accessed. At the same time, several SNMPv3 users can be associated to the group. The configuration of the group can strengthen the SNMPv3 access control.

snmp-server user
The command is used to configure the SNMPv3 user.

snmp-server user user-name group-name [remote ip-address portnum] v3 [auth {md5|sha} password [encrypt des password]]
Syntax user user-name group-name v3 Description The user name The name of the group to which the user belongs The security model of the user is v3

remote ip-address portnum The IP address and port-number of the remote user auth {md5|sha} password To configure the authentication protocol of the user as MD5 or SHA, and specify the password. encrypt des password To configure the encryption protocol of the user as DES, and specify the password.

Default statusNo Caution 1. Configure an USM-based (User security mode) SNMPv3 user, and save the identification and encryption information of each user. Note that the encryption protocol cannot be configured until the authentication protocol is configured. For a remote user (Remote is relative to the local SNMPv3 entity. If the local SNMPv3 entity
Maipu Confidential & Proprietary Information Page 111 of 138

System Configuration and Management

wants to communicate with another snmpv3 entity, another snmpv3 entity is called remote snmpv3 entity. This is involved in Notify and Proxy), the IP address and UDP port-number of the remote user still need to be specified. 2. When configuring the remote user, you should configure the engineID of the remote SNMP entity of the user at first. Moreover, each user should correspond to a group. Only in this way, can a security model and security name be mapped into a group name by means of the view-based access control. 3. When configuring automatic proxy forwarding, users may not know IP address of the proxy device. Here, users can just input 0.0.0.0 at the location of ip-address. Moreover, the automatic proxy forwarding cannot work without the keepalive mechanism.

snmp-server context
The command is used to configure the SNMPv3 proxy to forward the context environment name.

snmp-server context contextname


Syntax Description The character string of the SNMPv3 context envrionment

context-name

Default statusNo Caution The context environment name is used only in the proxy forwarding. It does not need to be configured on the proxy device, but only needs to be configured on the surrogated device. However, configuring the context environment name on the surrogated device is not mandatory. If the context environment name is configured on the surrogated device, you need to specify the context environment name in the proxy forwarding configuration of the proxy device.

snmp-server AddressParam
The command is used to specify the SNMP parameters used when generating a notification message to the destination address, such as security model and security level.

snmp-server

AddressParam

[address-name

|paramIn]

v3

user-name

{noauth|authnopriv |authpriv} no snmp-server AddressParam address-name

Maipu Confidential & Proprietary Information

Page 112 of 138

System Configuration and Management

Syntax

Description

name
v3

addressparam paramIn

address- The name of the address parameter


To configure dynamic proxy forwarding The security model of the message processing is v3 when generating the SNMP messages. The user name corresponding to the address parameter

user-name

noauth | authnopriv | To specify the security level of the user, including noauthpriv authentication and no-encryption, authentication but noencryption, and authentication and encryption.

Default statusNo Caution Some MIB tables are defined in SNMPv3 to configure the destination to which the notify-message is sent. The address parameter table defines the SNMP parameters that should be used when a message (notification) is generated. These parameters include message processing model, security model, security level, and security name.

snmp-server TargetAddress
The command is used to specify the destination address used when generating the SNMP notification message.

snmp-server TargetAddress target-name ip-address port-num address-param taglist time-out retry-num


Syntax TargetAddress Description

name ip-address port-num

target- The name of the notification destination address


The IP address of the notification destination entity The UDP port number of the destination entity The name of the corresponding address parameter The list of the notification tags The timeout for waiting the response after sending out the notification The retransmission times after the notification times out

address-param taglist time-out retry-time

Default statusNo Caution 1. The destination address table is used to specify the destination that is used when the SNMP message is generated. (Note that TargetAddress and AddrssParam cannot be configured until the local SNMPv3 entity accesses the other (remote) SNMPv3 entity). 2. address-param is the address parameter name that is configured in the address parameter table; taglist, which can be configured with multiple values spaced by commas, is used to identify the

Maipu Confidential & Proprietary Information

Page 113 of 138

System Configuration and Management

destination address to which the notification is sent and the message is forwarded.

snmp-server notify notify


The command is used to configure the SNMPv3 notification table.

snmp-server notify notify notify-name taglist inform


Syntax Description The notification name, which is the unique identifier of the notification table The tag value, corresponding to the tag list configured in the address table. To specify the type of the notification message as inform

notify-name taglist inform

Default statusNo Caution In SNMPv3, the destination address needs to be specified when a notification is sent. Whether the notification message is sent to a destination address depends on whether the created filter contains the destination address.

snmp-server notify filter


The command is used to configure the SNMPv3 notification filtering table.

snmp-server notify filter filter-name oid-subtree {exclude | include}


Syntax Description The name of the notification filtering The OID of the MIB sub tree Whether the object under the MIB sub-tree can send the notification: exclude: not send the notification; include: send the notification;

filter-name oid-subtree
{exclude | include}

Default statusNo Caution The notification filtering table defines a filter that can determine whether a message should be sent to one destination address.

snmp-server notify profile


The command is used to configure the SNMPv3 notification filtering address mapping table.

Maipu Confidential & Proprietary Information

Page 114 of 138

System Configuration and Management

snmp-server notify profile filter-name address-param


Syntax Description The name of the notification filter The address parameter name

filter-name address-param

Default statusNo Caution The notification configuration table is used to relate the address parameter table to the notification filtering table. If both a notification filtering table and a notification configuration table are defined, the SNMP proxy can detect the object OID when sending a notification. If the object OID is contained in the defined MIB sub-tree, the notification is sent. Otherwise, the notification cannot be sent.

snmp-server ip-source
The command is used to configure the source address of the SNMPv3 notification.

snmp-server ip-source ip-address


Syntax Description The specified source address of the SNMPv3 notification

ip-address

Default statusNo Caution The configured notification source address must be the existing interface IP address.

snmp-server proxy
The command is used to configure the SNMPv3 forwarding proxy. The purpose of SNMP proxy forwarding is to forward the SNMP request to other SNMP entity. To do it, it may be necessary to convert one version to another version or convert one transmission domain to another transmission domain. The SNMP on Maipu device can realize nothing but the v3-to-v3 forwarding, which is applied to the conversion from one transmission domain to another transmission domain.

snmp-server proxy proxyname {inform | trap | read | write} engineId addressparam target-addr
Syntax Description The name of the forwarding configuration

proxyname

{inform | trap |read | The packet attribute that needs to be matched write}

Maipu Confidential & Proprietary Information

Page 115 of 138

System Configuration and Management

engineId address-param target-addr

The engine ID that needs to be matched The name of the address parameter that needs to be matched The name of the destination address for forwarding

Default statusNo Caution In the above table, the trap and inform of the packet attributes are not supported.

Application Examples
Configure SNMPv1/v2

PC

ROUTER

SNMPv1/v2 configuration Illustration The PC in the network management workstation uses the SNMPv1/v2 to access the router; the address of the PC in the network management workstation is 128.255.40.33; the address of the router is 128.255.40.32.

Configure the router as follows:


Command router(config)#snmp-server start router(config)#snmp-server view include Description To enable the SNMP proxy server To configure a view named test; the view contains the node 1.3.6.1.2; when the SNMP proxy is enabled, the system initiates one default view named default, which contains the node 1.3.6.1 To configure the community name named private, which can be read and write; after the SNMP proxy is enabled, the system initiates a read-only communicaty name named public To configure the host with the destination address as 192.168.0.1,

test

1.3.6.1.2

router(config)#snmp-server community private rw

router(config)#snmp-server version 1

host

192.168.0.1

Maipu Confidential & Proprietary Information

Page 116 of 138

System Configuration and Management

router(config)#snmp-server host traps community private version 2

128.255.40.33

router(config)#snmp-server enable traps snmp

which receives the version 1 TRAP To configure the host with the destination address as 128.255.40.33, which receives the version 2 TRAP To enable all TRAP sending of SNMP

After the configurations, the network management workstation can use the SNMPv1 or v2 to access and set the device. The workstation 192.168.0.1 and 128.255.40.33 can receive the v1 and v2 TRAP from the device.

Configure SNMPv3

SNMPv3 configuration Illustration The PC in the network management workstation uses the SNMPv3 to access the router; the address of the PC in the network management workstation is 128.255.40.33; the address of the router is 128.255.40.32.

Configure the router as follows:


Command router(config)#snmp-server start router(config)#snmp-server engineID local aa12345678 router(config)#snmp-server group maipu v3 authpriv read default write default notify default Description To enable the SNMP proxy server To configure the engine ID of the local SNMPv3 entity as aa12345678 To configure one SNMPv3 entity group; the name is maipu; the security model is v3; the authentication and encryption are needed; the read, write and notify views are default. To configure one user, the name is user1; the user belongs to the group maipu; the security model is v3; the authentication algorithm is MD5; the password is 123456; the encryption algorithm is DES; the password is 123456

router(config)#snmp-server user user1 maipu v3 auth md5 123456 encrypt des 123456

After the above configurations, the network management workstation can use the SNMPv3 to access and set the device.

Maipu Confidential & Proprietary Information

Page 117 of 138

System Configuration and Management

Configure SNMPv3 Notification

SNMPv3 notification configuration Illustration Configure the SNMPv3 notification parameters on the router; use the network management workstation to receive the SNMPv3 notification message from the router. The address of the PC in the network management workstation is 128.255.40.33; the address of the router is 128.255.40.32.

Compared with the SNMP TRAP configuration, the SNMPv3 notification configuration is a little complicated. Configure the router as follows:
Command router(config)#snmp-server start router(config)#snmp-server engineID aa12345678 router(config)#snmp-server engineID 128.255.40.33 162 bb87654321 Description To enable the SNMP proxy server To configure the engine ID of the local SNMPv3 entity as aa12345678 To configure one remote engine ID; the destination address is 128.255.40.33/162 To configure one SNMPv3 entity group; the name is maipu; the security model is v3; the authentication and encryption are needed; the read, write and notify views are default To configure one local user, the name is user1; the user belongs to the group maipu; the security model is v3; the authentication algorithm is MD5; the password is 123456; the encryption algorithm is DES; the password is 123456 To configure one remote user; the name is re-user; the user belongs to the group maipu; the security model is v3; the authentication algorithm is MD5; the password is 123456; the encryption algorithm is DES; the password is 123456 To configure one notification named maipu and the tag list as tag1 To configure one address parameter; the name is mp-param; the security model is v3; the authentication and encryption are needed

local remote

router(config)#snmp-server group maipu v3 authpriv read default write default notify default

router(config)#snmp-server user user1 maipu v3 auth md5 123456 encrypt des 123456

router(config)#snmp-server user re-user maipu remote 128.255.40.33 162 v3 auth md5 123456 encrypt des 123456

router(config)#snmp-server notify notify maipu tag1 inform router(config)#snmp-server AddressParam mpparam v3 re-user authpriv

Maipu Confidential & Proprietary Information

Page 118 of 138

System Configuration and Management

router(config)#snmp-server TargetAddress target 128.255.40.33 162 mp-param tag1 10 3

mp-

router(config)# snmp-server notify filter mp-filter 1.3.6.1.3 exclude router(config)#snmp-server notify profile mp-filter mp-param

To configure one destination address; the name is mp-target; the destination address is 128.255.40.33/162; the corresponding address parameter is mp-param; the timeout re-transmission interval is 10 seconds; the retransmission times is three. To configure one notify filter named mp-filter and exclude the notifications of all objects in the node 1.3.6.1.3 To configure the notification configuration table; associate the notification filtering table with the address parameter

Configure SNMPv3 Proxy Forwarding

SNMPv3 proxy forwarding configuration Illustration Router 1 is the proxy forwarding device; the surrogated forwarding device is router 2; use the proxy forwarding function of the proxy device router 1 to get the device information of the surrogated forwarding device router 2; the address of the PC in the network management workstation is 128.255.40.33; the address of router 1 is 128.255.44.23; the address of router 2 is 128.255.40.32.

Configure the surrogated device router 2 as follows:


Command router(config)#snmp-server start router(config)# snmp-server engineID local ffff2692 router(config)# snmp-server view internet 1.3.6.1 include router(config)#snmp-server group g1 v3 authpriv read internet write internet notify internet Description To enable the SNMP proxy server To configure the engine ID of the local SNMPv3 entity as ffff2692 To configure the internet view To configure one SNMPv3 entity group; the name is g1; the security model is v3; the authentication and encryption are needed; the read, write and notify views are internet. To configure one user, the name is u2692; the user belongs to the group g1; the security model is v3; the

router(config)#snmp-server user u2692 g1 v3 auth md5 maipu encrypt des maipu

Maipu Confidential & Proprietary Information

Page 119 of 138

System Configuration and Management

router(config)#snmp-server context mp2692

authentication algorithm is MD5; the password is maipu; the encryption algorithm is DES; the password is maipu To configure the context environment name

Configure the proxy device router 1 as follows:


Command router(config)#snmp-server start router(config)#snmp-server engineID aa12345678 router(config)#snmp-server engineID 128.255.40.32 161 ffff2692 Description To enable the SNMP proxy server To configure the engine ID of the local SNMPv3 entity as aa12345678 To configure one remote engine ID; the destination address is 128.255.40.32/161 To configure the internet view To configure one SNMPv3 entity group, which is used for the local user; the name is maipu; the security model is v3; the authentication is needed, but no encryption; the read, write and notify views are internet To configure one SNMPv3 entity group, which is used for the remote user; the name is mp2692; the security model is v3; the authentication and encryption are needed; the read, write and notify views are default To configure one local user; the name is maipu; the user belongs to the group maipu; the security model is v3; no authentication and no encryption To configure one remote user; the name is u2692; the user belongs to the group mp2692; the security model is v3; the authentication algorithm is MD5; the password is maipu; the encryption algorithm is DES; the password is maipu To configure one local address parameter; the security model is v3; the specified user is the local user maipu To configure one remote address parameter; the name is u2692; the security model is v3; the authentication and encryption are needed; specify the remote user u2692 To configure one destination address; the name is t2692; the destination address is 128.255.40.32/161; the corresponding address parameter is p2692; the timeout re-transmission interval is 10 seconds; the retransmission times is two.

local remote

router(config)# snmp-server view internet 1.3.6.1 include router(config)#snmp-server group maipu v3 noauth read internet write internet notify internet

router(config)#snmp-server group mp2692 authpriv read default write default notify default

v3

router(config)#snmp-server user maipu maipu v3

router(config)#snmp-server user u2692 mp2692 remote 128.255.40.32 161 v3 auth md5 maipu encrypt des maipu

router(config)#snmp-server AddressParam pmaipu v3 maipu noauth router(config)#snmp-server AddressParam p2692 v3 u2692 authpriv

router(config)#snmp-server TargetAddress 128.255.40.32 161 p2692 tag2692 10 2

t2692

Maipu Confidential & Proprietary Information

Page 120 of 138

System Configuration and Management

router(config)#snmp-server context mp2692 router(config)#snmp-server proxy prox2692 ffff2692 pmaipu t2692 mp2692 READ

To configure the context environment name To configure the proxy forwarding; the name is prox2692; the operation is read; the specified remote engine ID is fff92f; use the address parameter pmaipu; the context environment name is mp2692

Caution 1. The surrogated device monitors packets at the UDP port 161, so the proxy forwarding configuration is different from the notification configuration. The port should be specified as 161. 2. In the remote user configuration of the proxy forwarding, the group attribute, security model, and the authentication and encryption algorithm should be consistent with the local user of the surrogated device.

Monitoring and Debugging


Monitoring Command
Command show snmp-server show snmp-server community show snmp-server host show snmp-server view show snmp-server engineID show snmp-server group show snmp-server user show snmp-server AddressParams show snmp-server TargetAddress show snmp-server notify notify show snmp-server notify filter show snmp-server notify profile show snmp-server engineGroup Description To display some statistics information about the network management proxy of the router To display the information about the community into which the router is added To display the information about the destination of sending the traps information set on the router To display the view set on the router (usually, the view comprises several sub tree nodes) To display the engine IDs configured in the router, including remote and local engine IDs To display the SNMPv3 user group configured in the router To display the SNMPv3 users configured in the router To display configured in To display configured in the notification address parameter the router the notification destination address the router table table

To display the notification table configured in the router To display the notification filtering table configured in the router To display the notification configuration table configured in the router To display the engine group configured in the router

Maipu Confidential & Proprietary Information

Page 121 of 138

System Configuration and Management

show snmp-server context show snmp-server contact show snmp-server location show snmp-server proxy show snmp-server reg-list

To display the context parameters configured in the router To display the contacts of the router manager To display the physical location of the router To display the proxy forwarding table configured in the router To display the modules that register the MIB in the router

Monitoring Command Example


router# show snmp-server

Displayed result:

0 SNMP packets input: 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 2 SNMP packets output: 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 2 Trap PDUs 0 SNMPv3 Reports: 0 Unknown Security Models 0 Invalid Msgs 0 Unknown PDUHandlers 0 Unavailable Contexts 0 Unknown Contexts 0 Unsupported SecLevels

Maipu Confidential & Proprietary Information

Page 122 of 138

System Configuration and Management

0 Not In TimeWindows 0 Unknown UserNames 0 Unknown EngineIDs 0 Wrong Digests 0 Decryption Errors

Description and analysis: The above information shows that the router does not receive the SNMP packets, two SNMP packets are sent and the sent are the trap packets. The information described by SNMPv3 Reports is the error information statistics when processing the SNMPv3 packets.

router# show snmp-server community Displayed result: Community Name public private 1 1 Relating View Index Read-Only Read-Write Access Right ACL-name

Description and analysis: Community Name: the name of the community to which the router is added; Relating View Index: the related view index; Access Right: the operation authority of the corresponding community for the router; ACL-name: the corresponding access control list name of the community; The above information shows that the router is added into the public and private communities. The view index of the public community is 1. The operation authority of the network management workstation that is added into the public community for the router is read-only. The view index of the private community is also 1; the operation authority of the network management workstation that is added into the private community for the router is read and write. The two communities are not configured with the access control.

router# show snmp-server contact


Displayed result:

Maipu Communications

Maipu Confidential & Proprietary Information

Page 123 of 138

System Configuration and Management

Description and analysis: The displayed information shows that the device is not configured with the new contact of the manager and still adopts the default configuration of the system.

router# show snmp-server location


Displayed result:

No.16, Jiuxing Avenue, High-tech Park, Chengdu, P.R.China 610041


Description and analysis: The displayed information shows that the device is not configured with the new contact of the manager and still adopts the default configuration of the system.

router# show snmp-server host


Displayed result:

Trap destination 128.255.254.55 mp-12434

Community public public

Trap-Switch ON OFF OFF

Informs-Switch Version Ver 2 Ver 2

ON

Description and analysis: The displayed information shows that the router is configured with the destinations of two trap messages, that is, 128.255.254.55 and mp-12434.

router#show snmp-server view


Displayed result:

SNMP View List: View Name View index default 1 view operator subtree filter oids 1.3.6.1

include

Description and analysis: The displayed information shows that the router is configured with one view. The view name is default; the view index is 1. It contains all nodes in the sub tree 1.3.6.1 (the view is the default configuration of the routers SNMP proxy).

Maipu Confidential & Proprietary Information

Page 124 of 138

System Configuration and Management

router#show snmp-server engineID


Displayed result:

Local engine ID: 12345678 IPAddress: 1.1.1.1.0.162 remote engine ID: abcdef1234
Description and analysis: The displayed information shows that the router is configured with two engine IDs. One is the local engine ID and the other is the remote engine ID.

router#show snmp-server group


Displayed result:

GroupName: group1 SecModel:v3,SecLevel:authpriv Read View: readview

Write View: writeview Notify View: notifyview


Description and analysis: The displayed information shows that the router is configured with one group, the group name is group1, the security model is v3, the security level is authentication and encryption, the read view is readview, the write view is writeview, and the notify view is notifyview.

router#show snmp-server user


Displayed result:

SNMP User List: User Name SecLevel Status EngineID

=========================================================== user1 user2 AuthPriv active AuthPriv active 12345678 abcdef1234

Description and analysis: The displayed information shows that the router is configured with two users, the security level is authentication and encryption, and the corresponding engine IDs are 12345678 and abcdef1234. It shows that user1 is the local user and user2 is the remote user.

Maipu Confidential & Proprietary Information

Page 125 of 138

System Configuration and Management

router#show snmp-server AddressParams


Displayed result:

SNMP TargetAddressParam List: ParamName User Name MP_model SecurityModel SecurityLevel

============================================================ ====== addparam1 user2 v3 USM authpriv

Description and analysis: The displayed information shows that the router is configured with the address parameter named addparam1, the corresponding user is user2, the message processing model is v3, the security model is USM, and the security level is authentication and encryption.

router#show snmp-server TargetAddress


Displayed result:

TargetAddressList: =================================================== Name: target1

Address: 1.1.1.1.0.162 ParamName: addparam1 TagList: tag1 tag2 TimeOut(sec) :2 RetryCount :2 ===================================================
Description and analysis: The displayed information shows that the router is configured with the destination address named target1, the destination address is 1.1.1.1, the UDP port number is 162, the tag list is tag1 and tag2; the timeout is 2 seconds, and the retransmission times is 2.

router#show snmp-server notify notify


Displayed result:

SNMP Notify List: Name Tag Type

========================================================
Maipu Confidential & Proprietary Information Page 126 of 138

System Configuration and Management

notify1

tag1

inform

Description and analysis: The displayed information shows that the router is configured with one notification named notify1, the corresponding tag is tag1, and the message type is inform.

router#show snmp-server notify filter


Displayed result:

SNMP Notify Filter List: Name FilterSubtree Type

============================================================ = filter1 1.3.6.1 include

Description and analysis: The displayed information shows that the router is configured with one notification filtering named filter1, which contains all nodes in the MIB sub tree 1.3.6.1.

router#show snmp-server notify profile


Displayed result:

SNMP Notify Profile List: Name ParamName Status

============================================================ = filter1 addparam1 Active

Description and analysis: The displayed information shows that the notification filter named filter1 is associated to the address parameter named addparam1.

router#show snmp-server reg-list


Displayed result:

VPDN secondary IP Address

Maipu Confidential & Proprietary Information

Page 127 of 138

System Configuration and Management

NAT QoS ModemControl ModemControl ModemControl backup DDR MULTILINK DLSw QLLC NIA Bridge SNTP snmpProxy snmpTargetAddr TaskMib sysMemoryMib Mib2If Mib2Sys Mib2IpATran Mib2Ip Mib2Icmp Mib2TCP Mib2UDP Mib2Snmp PanelTableMib cE1TimeslotsMib MPFileTableMib MPFileVersionMib MpSnmpAgentMib RtrCommand RmonAlarm RmonEvent RmonLog MpSysCpu ifXTable MPIfStatByPriority
Maipu Confidential & Proprietary Information Page 128 of 138

System Configuration and Management

Description and analysis: The displayed information shows that the MIB module is registered in the system.

Debugging Commands
Command (no) debug snmp-server all (no) debug snmp-server groupget (no) debug snmp-server groupset (no) debug snmp-server tblgetnext (no) debug snmp-server tblset (no) debug snmp-server response (no) debug snmp-server trap (no)debug snmp-server proxy Description To enable/disable all debugging switches of the SNMP proxy To enable/disable the operation debugging switch of the simple variable GET of the SNMP proxy To enable/disable the operation debugging switch of the simple variable SET of the SNMP proxy To enable/disable the operation debugging switch of the table variable GET/NEXT of the SNMP proxy To enable/disable the operation debugging switch of the table variable SET of the SNMP proxy To enable/disable the response debugging switch of the SNMP proxy To enable/disable the debugging switch for sending TRAP of the SNMP proxy To enable/disable the forwarding debugging switch of the SNMP proxy

Debugging Command Examples


1. View the debugging information of reading the simple MIB objects via the network management workstation by using the command debug snmp groupget, debug snmp-server tblgetnext, and debug snmp response: A. Enable the command debug snmp groupget and debug snmp response.

router#debug snmp-server groupget router#debug snmp-server response


Displayed Result 00:32:35: [tSnmpd]SNMP:from 128.255.40.33,Begin:117318 Analysis To receive the network management request from the workstation 128.255.40.33 The received is SNMPv3 request packet; begin to process the engine ID discovery packet; return the local engine ID of the device to the workstation. To receive a simple variable GET request from 128.255.40.33 The object that network

00:32:35: [tSnmpd]SNMP v3 decode: input engineID is NULL, report local engineID! 00:32:35: [tSnmpd]SNMP:Oid num:1 00:32:35: [tSnmpd]SNMP: to 128.255.40.33,End:117318,Lasted:0

00:32:35: 00:32:35: 00:32:35: 00:32:35:

[tSnmpd]SNMP:from 128.255.40.33,Begin:117320 [tSnmpd]SNMP:Oid num:1 [tSnmpd]SNMP:SCALAR variables GET request [tSnmpd]SNMP:receive OID: system.1.0

Maipu Confidential & Proprietary Information

Page 129 of 138

System Configuration and Management

00:32:35: [tSnmpd]SNMP:response: 00:32:35: [tSnmpd] STRING:MyPower (R) Operating System Software MP7500 version 6.0.6(h01-m7-u)(integrity), compiled on Apr 25 2007, 08:10:05 Copyright (C) 1999 Maipu (Sichuan) Communication Technology Co., Ltd. All Rights Reserved. 00:32:35: [tSnmpd]SNMP: to 128.255.40.33,End:117320,Lasted:0

management workstation wants to get is mib2.system.1.0 (sysDescr) The SNMP proxy sends the response packet and displays the contents of the returned character string, that is, the description information of the system.

B.

Enable the command debug snmp tblgetnext and debug snmp response

router#debug snmp-server tblgetnext router#debug snmp-server response


Displayed Result 00:40:42: [tSnmpd]SNMP:from 128.255.40.33,Begin:146525 Analysis To receive the network management request from the workstation 128.255.40.33 The received is SNMPv3 request packet; begin to process the engine ID discovery packet; return the local engine ID of the device to the workstation. To receive the table variable GET-NEXT request from 128.255.40.33 The received request object; the table is mib2.interfaces.iftable. The SNMP proxy sends the response packet and displays the returned data type and contents.

00:40:42: [tSnmpd]SNMP v3 decode: input engineID is NULL, report local engineID! 00:40:42: [tSnmpd]SNMP:Oid num:1 00:40:42: [tSnmpd]SNMP: to 128.255.40.33,End:146525,Lasted:0

00:40:42: [tSnmpd]SNMP:from 128.255.40.33,Begin:146528 00:40:42: [tSnmpd]SNMP:Oid num:22 00:40:42: [tSnmpd]SNMP:TABULAR variables GET-NEXT request 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: [tSnmpd]SNMP:receive OID: ifEntry.1.1 [tSnmpd]SNMP:response: [tSnmpd] INTEGER:1 [tSnmpd]SNMP:receive OID: ifEntry.2.1 [tSnmpd]SNMP:response: [tSnmpd] STRING:gigaethernet0 [tSnmpd]SNMP:receive OID: ifEntry.3.1 [tSnmpd]SNMP:response: [tSnmpd] INTEGER:6 [tSnmpd]SNMP:receive OID: ifEntry.4.1 [tSnmpd]SNMP:response: [tSnmpd] INTEGER:1500 [tSnmpd]SNMP:receive OID: ifEntry.5.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:1000000000 [tSnmpd]SNMP:receive OID: ifEntry.6.1 [tSnmpd]SNMP:response: [tSnmpd] IFPHYADDR:00:11:00:02:00:03 [tSnmpd]SNMP:receive OID: ifEntry.7.1 [tSnmpd]SNMP:response: [tSnmpd] INTEGER:1 [tSnmpd]SNMP:receive OID: ifEntry.8.1 [tSnmpd]SNMP:response: [tSnmpd] INTEGER:1 [tSnmpd]SNMP:receive OID: ifEntry.9.1

Maipu Confidential & Proprietary Information

Page 130 of 138

System Configuration and Management

00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42: 00:40:42:

[tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.10.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:51414 [tSnmpd]SNMP:receive OID: ifEntry.11.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:11 [tSnmpd]SNMP:receive OID: ifEntry.12.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:634 [tSnmpd]SNMP:receive OID: ifEntry.13.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.14.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.15.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.16.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:168 [tSnmpd]SNMP:receive OID: ifEntry.17.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:4 [tSnmpd]SNMP:receive OID: ifEntry.18.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.19.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.20.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.21.1 [tSnmpd]SNMP:response: [tSnmpd] Counter:0 [tSnmpd]SNMP:receive OID: ifEntry.22.1 [tSnmpd]SNMP:response: [tSnmpd] OBJECT:0.0 [tSnmpd]SNMP: to 128.255.40.33,End:146528,Lasted:0

2. View the debugging information of reading the simple MIB objects via the network management workstation by using the command debug snmp groupsetdebug snmp-server tblset, and debug snmp response. A. Enable the command debug snmp groupset and debug snmp response.

router#debug snmp-server groupset router#debug snmp-server response


Displayed Result 00:50:35: [tSnmpd]SNMP:from 128.255.40.33,Begin:182134 Analysis To receive the network management request from the workstation

Maipu Confidential & Proprietary Information

Page 131 of 138

System Configuration and Management

00:50:35: [tSnmpd]SNMP v3 decode: input engineID is NULL, report local engineID! 00:50:35: [tSnmpd]SNMP:Oid num:1 00:50:35: [tSnmpd]SNMP: to 128.255.40.33,End:182134,Lasted:0

00:50:35: [tSnmpd]SNMP:from 128.255.40.33,Begin:182136 00:50:35: [tSnmpd]SNMP:Oid num:1 00:50:35: [tSnmpd] Set STRING: Maipu(Sichuan) Communication Technology Co. Ltd. 00:50:35: [tSnmpd]SNMP:TABULAR variables SET request 00:50:35: [tSnmpd]SNMP:receive OID: system.4.0 00:50:35: [tSnmpd]SNMP: to 128.255.40.33,End:182136,Lasted:0

128.255.40.33 The received is SNMPv3 request packet; begin to process the engine ID discovery packet; return the local engine ID of the device to the workstation. To receive a simple variable SET request from 128.255.40.33; the set object is system.4.0(sysContact); the set contents is a character string: Maipu(Sichuan) Communication Technology Co. Ltd.

B.

Enable the command debug snmp tblset and debug snmp response.

router#debug snmp-server groupset router#debug snmp-server response


Displayed Result 01:05:37: [tSnmpd]SNMP:from 128.255.40.33,Begin:236249 Analysis To receive the network management request from the workstation 128.255.40.33 The received is SNMPv3 request packet; begin to process the engine ID discovery packet; return the local engine ID of the device to the workstation. To receive a table variable SET request from 128.255.40.33; the set object is ifEntry.7.2 (ifAdminStatus)

01:05:37: [tSnmpd]SNMP v3 decode: input engineID is NULL, report local engineID! 01:05:37: [tSnmpd]SNMP:Oid num:1 01:05:37: [tSnmpd]SNMP: to 128.255.40.33,End:236249,Lasted:0

01:05:37: 01:05:37: 01:05:37: 01:05:37: 01:05:37:

[tSnmpd]SNMP:from 128.255.40.33,Begin:236251 [tSnmpd]SNMP:Oid num:1 [tSnmpd]SNMP:TABULAR variables SET request [tSnmpd]SNMP:receive OID: ifEntry.7.2 [tSnmpd]SNMP: to 128.255.40.33,End:236252,Lasted:1

3. View the debugging information of the SNMP proxy sending TRAP via the command debug snmp trap. Enable the command debug snmp trap.

router#debug snmp-server trap


Displayed Result 01:12:11: [tSnmpd] Notify has sent to from 0.0.0.0 port:161 128.255.40.33 port:162 Analysis To send a SNMP v3 notification to the workstation with address as 128.255.40.33 and port number as 162 To send a trap with the

01:12:11: [tSnmpd]SNMP:Trap send to host 128.255.40.33, host

Maipu Confidential & Proprietary Information

Page 132 of 138

System Configuration and Management

community:private

01:12:11: [tSnmpd]SNMP:Trap send to host 192.168.0.1, community:public

host

community name as private to the workstation with address as 128.255.40.33 To send a trap with the community name as public to the workstation with address as 192.168.0.1

Maipu Confidential & Proprietary Information

Page 133 of 138

System Configuration and Management

RMON
Main contents: Introduction to RMON Basic commands of RMON Configuration examples of RMON

Introduction to RMON
RMON defines a set of MIB which is used to define standard network monitoring functions and interfaces, so that the SNMP-based management terminal can communicate with the remote monitor. Besides lightening the burden of managing terminal and other proxies, RMON provides an effective method to monitor the behaviors within the subnet range.

RMON MIB has 10 groups: statistics: maintain the low utilization and error statistics for the subnets monitored by each proxy history: record the samples of the periodical statistics information that is taken out from the statistics group alarm: Permit the administration Console user to configure the sampling interval and alarm when the values of any counters or integers (recorded by the RMON proxy) exceed the threshold value. host: include the input/output traffics of various types of hosts adhering to the subnet hostTopN: include the stored statistic information of hosts, some parameters in the host tables of these hosts are the highest matrix: show error and utilization information in the form of matrix, so that the operator can use any address pair to search information

Maipu Confidential & Proprietary Information

Page 134 of 138

System Configuration and Management

filter: permit the monitor to monitor the packets matched with the filter capture: manage how to send the data to the administration console platform event: present the table of all events generated by the RMON proxy tokenRing: maintain the statistic and configuration information of a subnet which is a token ring

Note Currently, all routers support alarm (alarm group) and event (event group). Besides, MP7500 supports history (history group) and statistics (statistics group) of the Ethernet interface.

Basic Commands of RMON


Command rmon no rmon rmon alarm rmon event rmon history rmon statistics Description To activate the RMON tasks To cancel the RMON tasks To configure the RMON alarms To configure the RMON event To configure the RMON history group To configure the RMON statistics group Confoguration Mode config config config config config config

rmon alarm rmon alarm alarm-num OID interval {absolute|delta} risingthreshold risingthreshold rising-event fallingthreshold falling-threshold falling-event
Syntax Description The serial number of the alarm The object instance that needs to be monitored remotely; currently, only the interface table ifEntry.[10-21] in MIB-2 is supported (the index needs to be added after the object oid) The time interval for sampling the value of parameter <OID>; the unit is second; the value range is 1-65536 The sampling type is absolute value/relative value

alarm-num OID interval


absolute | delta

threshold rising-event threshold

risingthreshold

rising- The rising threshold; the value range is 0-2147483647


The serial number of the event that is going to take place when the rising threshold is triggered (the default value is 1) falling- The falling threshold ; the value range is 0-2147483647 The serial number of the event that is going to take place

fallingthreshold falling-event

Maipu Confidential & Proprietary Information

Page 135 of 138

System Configuration and Management

when the falling threshold is triggered (the default value is 1)

rmon event rmon event event-num description event-description log max-num owner owner trap community
Syntax Description The serial number of the event The event description To record in the log, and set the maximum number of the items to be recorded The event owner To send the trap information to the remote destination and specify the community name

event-num
description event-description log max-num owner owner trap community

rmon statistics rmon statistics ethernet statistics-num OID [owner owner]


Syntax

statistics -num OID


owner owner

Description The serial number of the alarm The object instance that needs to be monitored remotely; currently, only the interface table ifEntry.[10-21] in MIB-2 is supported (the index needs to be added after the object oid) To configure the owner of the statistics group

rmon history rmon history control history-num OID buckets-num [interval intervaIlI] [owner owner]
Syntax Description The serial number of the history group The object instance that needs to be monitored remotely; currently, only the interface table ifEntry.[10-21] in MIB-2 is supported (the index needs to be added after the object oid) The time interval for sampling the value of parameter <OID>; the unit is second; the value range is 1-3600; the default value is 1800 To configure the owner of the history group

history-num OID
interval interval

owner owner

Maipu Confidential & Proprietary Information

Page 136 of 138

System Configuration and Management

Application Example
On the router, perform RMON on the interface fastethernet0 of the OID object 1.3.6.1.2.1.2.2.1.10 (suppose that the interface index of the interface g0 is 1 and the object instance is 1.3.6.1.2.1.2.2.1.10.1).

It is required to sample the absolute value of the object instance every 5 seconds. The rising threshold value and the falling threshold value are 5000. If the sampled result triggers the threshold value, send the trap information to the community public. Meanwhile, record in the log of the router. At most 100 items can be recorded. The detailed configurations are:
Command router#configure terminal router(config)#rmon router(config)#rmon alarm 1 1.3.6.1.2.1.2.2.1.10.1 5 absolute risingthreshold 5000 1 fallingthreshold 5000 1 router(config)#rmon event 1 description gigaethernet0_in_octes log 100 trap public Description To enter into the configuration mode To enable the RMON To configure the alarm examples To configure the triggering event

Monitoring and Debugging


Monitoring Commands
Command show rmon alarm show rmon event show rmon supportVariable alarm Description To display the configured RMON alarms in the router To display the configured RMON event in the router To display the monitoring object supported by the router RMON

Monitoring Command Examples


router#show rmon alarm
Displayed result:

Alarm 1 is active, owned by config Monitoring variable: ifEntry.10.1 , Sample interval: 5 second(s)

Taking samples type: absolute, last value was 10714 Rising threshold : 5000, Falling threshold : 5000,
Description and analysis:

assigned to event: 1 assigned to event: 1

Maipu Confidential & Proprietary Information

Page 137 of 138

System Configuration and Management

The above information shows the configuration of the RMON alarm. The index is 1; the monitored MIB object is ifTable.ifEntry.ifInOctes.1; the sampling type is absolute; the latest value of the object is 10714; the set rising threshold is 5000; the falling threshold is 5000; both are specified to trigger the event 1.

router#show rmon event


Displayed result:

Event 1 is active, owned by config Description : gigaethernet0_in_octes Event firing causes: log and trap, last fired at 00:26:36

Current log entries: logIndex logTime Description

---------------------------------------------------------------1 2 3 00:26:26 00:26:31 00:26:36 gigaethernet0_in_octes gigaethernet0_in_octes gigaethernet0_in_octes

Description and analysis: The above information shows the configuration of the RMON event. One RMON event is configured; the index is 1; the description information is gigaethernet0_in_octes; record the log and send TRAP when the event is triggered; the latest event is triggered at 26 minutes and 36 seconds after the system is started; the current log shows that the event is triggered for three times.

router#show rmon alarm supportVariable


Displayed result:

MP7500#show rmon alarm supportVariable Currently support MIB object: (NOTE:be sure to add the index after OID)

ifEntry.[10-21]
Description and analysis:

MIB-II interface table entry

The above information shows the alarm monitoring object supported by RMON. The ifEntry.[10-21] in the interface table of MIB-2 is supported.

Maipu Confidential & Proprietary Information

Page 138 of 138

Potrebbero piacerti anche