|
|
This chapter contains an alphabetical listing of the Cisco 6510 Service Selection Gateway (Cisco 6510) commands. The description of each command includes a brief description of its use, command syntax, and usage guidelines.
Commands can be entered directly at the command-line prompt. These commands are not case sensitive.
The config set commands support pattern matching. For example, if you enter config set fei, you will be prompted to configure the following parameters:
Carriage Return to Skip; '.' to quit; 'c' to clear --> FEI0_InetAddr: <10.10.10.1>: FEI0_Mask: <255.255.0.0>: FEI0_InetGateway: <>: FEI0_InetName: <Hosts>: FEI1_InetAddr: <171.69.255.54>: FEI1_Mask: <255.255.255.240>: FEI1_InetGateway: <171.69.255.49>: FEI1_InetName: <UCPcard>: FEI2_InetAddr: <171.69.255.21>: FEI2_Mask: <255.255.255.248>: FEI2_InetGateway: <171.69.255.22>: FEI2_InetName: <ISPcard>:
| TimeSaver To configure all parameters for a first-time configuration, enter config set without any parameters. |
Table 4-1 lists configuration commands by Cisco 6510 features.
| Feature | Command |
|---|---|
Configuration Management
|
config set config show reboot config save |
Help
|
help command ? |
Network Interfaces
| |
Security
|
secret dashboardpassword secret aaapassword |
Logging
|
logtarget |
Debugging
|
debug |
System Upgrade
|
burnimg |
Failover
|
failover |
Next Hop Gateway
|
nhgtable |
Transparent Passthrough Filtering
|
tptfilter |
Telnet
|
passwd telnet show telnet disconnect |
The following pages contain sections on each of the Cisco 6510 commands.
This command sets accounting timeouts and retries.
accountingparam [-t timeout] [-r retries]timeout | Sets how long (in seconds) the Cisco 6510 will wait before resending an accounting packet to a Remote Access Dial-In User Service (RADIUS) accounting server (default: 10). |
retries | Sets the number of times the Cisco 6510 will retry an accounting packet to a RADIUS accounting server (default: 5). |
Use the accountingparam command to set accounting timeouts and retries. Entering accountingparam by itself displays the current settings.
Parameters set with the accountingparam command do not take effect until the Cisco 6510 is rebooted.
SSG > accountingparam -t 20 -r 10
AccountingParam: <Timeout: 20 Seconds>
<Retries: 10 times>
This command can be used to write an image of the Cisco 6510 software to Flash memory or update the ROM BIOS. When the unit is rebooted, the system will display the new version of the software.
burnimg -f /fd0/filename [-t bios | img]filename | Filename of the configuration file to read. |
bios | With the -t parameter, specifies writing the configuration to the ROM BIOS. |
img | With the -t parameter, specifies writing the configuration file to the software image maintained in Flash memory (default). |
Use the burnimg command to update the Cisco 6510 software and write the new version to the system's Flash memory from disk.
To use the default target for the image file, enter burnimg -f /fd0/filename, where filename is the filename of the image file.
When you enter the burnimg command, specify the filename and location of the update file with the -f parameter.
Next, specify where to write the software image. To update the Cisco 6510's BIOS chip with a new ROM BIOS image, specify bios with the -t parameter. To update the auxiliary chips on the Cisco 6510 with the new software image, specify img with the -t command.
SSG > burnimg -f /fd0/csco6510 -t img
Reading file /fd0/csco6510 ... Reading file is done. Burning image /fd0/csco6510 to flash memory ... Burning Image is Done!
This command clears configuration settings for the selected parameter.
config clear parm_nameparm_name | Cisco 6510 configuration parameter name. |
Use the config clear command to clear settings for a Cisco 6510 configuration parameter. It can clear any parameter in "Configuration Reference."
SSG > config clear AccountingIP2
Cleared AccountingIP2. SSG > config clear inet
Cleared FEI0_InetAddr. Cleared FEI0_InetGateway. Cleared FEI0_InetName. Cleared FEI1_InetAddr. Cleared FEI1_InetGateway. Cleared FEI1_InetName. Cleared FEI2_InetAddr. Cleared FEI2_InetGateway. Cleared FEI2_InetName.
This command loads the settings of a Cisco 6510 configuration file from a floppy disk to RAM.
config load -f /fd0/filenamefilename | Name of the configuration file (maximum 8 characters). |
Use the config load command to load the settings of a Cisco 6510 configuration file from a floppy disk to RAM. After loading the configuration and making any changes, use the config save command to save the configuration to memory.
SSG > config load -f /fd0/6510cfg
config load -f /fd0/sample1.cfg
Reading file /fd0/sample1.cfg ...
Reading file is done.
Load from Configuration File (/fd0/sample1.cfg) Done.
Reconfiguring Network Interface 0:
IP=192.168.2.2, Mask=255.255.255.0, GW=192.168.2.1, Name=Host
Reconfiguring Network Interface 1:
IP=192.168.100.122, Mask=255.255.255.0, GW=, Name=Management
Reconfiguring Network Interface 2:
IP=192.168.12.3, Mask=255.255.255.0, GW=192.168.12.1, Name=SP
Updating dhcp remote port to 67
DHCPRemotePort = <67>
Updating dns remote port to 53
DNSRemotePort = <53>
Updating radius remote port to 1645
RadiusRemotePort = <1645>
Updating l2f remote port to 1701
L2FRemotePort = <1701>
Updating accounting remote port to 1646
AccountingRemotePort = <1646>
Updating ARP parameters: timeout=0 msec, retries=1
arpParam: <Timeout: 0 milliSeconds ( == 0 ticks)> <Retries: 1 times>
Updating Accounting parameters: timeout=10 sec, retries=5
AccountingParam: <Timeout: 10 Seconds>
<Retries: 5 times>
This command writes the current Cisco 6510 configuration settings to Flash memory or floppy disk.
config save [-f /fd0/filename]filename | Name of the configuration file (8.3 format). |
Use the config save command to save changes to the Cisco 6510 configuration parameter or back up the configuration file to disk.
Using config save without a switch causes the Cisco 6510 to save configuration changes to memory.
Using config save with the -f /fd0 switch causes the Cisco 6510 to save the configuration to floppy disk using the name specified in filename.
SSG > config save
Save to Flash Done. SSG > config save -f /fd0/6510cfg
Writing file /fd0/sample1.cfg ... Writing file is done. Save to Configuration File (/fd0/sample1.cfg) Done.
This command sets Cisco 6510 configuration parameters.
config set parm_name parm_valuesparm_name | Cisco 6510 configuration parameter name (supports pattern matching). |
parm_value | Parameter value. |
Use the config set command to set configuration parameters. The syntax used with the parm_value varies depending on which parameter is set.
SSG > config set AccountingRemotePort 1848
SSG > config set AAIP1 171.69.73.151
SSG > config set fei
Carriage Return to Skip; '.' to quit; 'c' to clear --> FEI0_InetAddr: <10.10.10.1>: FEI0_Mask: <255.255.0.0>: FEI0_InetGateway: <>: FEI0_InetName: <Hosts>: FEI1_InetAddr: <171.69.255.54>: FEI1_Mask: <255.255.255.240>: FEI1_InetGateway: <171.69.255.49>: FEI1_InetName: <UCPcard>: FEI2_InetAddr: <171.69.255.21>: FEI2_Mask: <255.255.255.248>: FEI2_InetGateway: <171.69.255.22>: FEI2_InetName: <ISPcard>:
This command sets the Cisco 6510's network settings to their default values.
config setdefaultUse this command to set the Cisco 6510's network configuration settings to their default values. This command is useful if you have changed the configuration and need to reset it to default settings.
Table 4-2 indicates the default configuration settings for the Cisco 6510.
| Parameter | Default Setting |
|---|---|
AAAClientIF | 0 |
AAFTCheckThreshold | 60 |
AAFTCheckInterval | 0.1 |
AAIP1 | 0.0.0.0 |
AAIP2 | 0.0.0.0 |
AAAPassword | secret |
AccountingIP1 | 0.0.0.0 |
AccountingIP2 | 0.0.0.0 |
ACCOUNTINGRemotePort | 1646 |
ACCTRetryCount | 5 |
ACCTTimeout | 10 |
ARPRetryCount | 1 |
ARPTimeOut | 0 |
DashBoardPassword | secret |
DebugACCTHandler | 0 |
DebugACCTLevel | 0 |
DebugDHCPHandler | 0 |
DebugDHCPLevel | 0 |
DebugDNSHandler | 0 |
DebugDNSLevel | 0 |
DebugFOVERHandler | 0 |
DebugFOVERLevel | 0 |
DebugL2FHandler | 0 |
DebugL2FLevel | 0 |
DebugNATHandler | 0 |
DebugNATLevel | 0 |
DebugPPPHandler | 0 |
DebugPPPLevel | 0 |
DebugRADIUSHandler | 0 |
DebugRADIUSLevel | 0 |
DebugSystem | 0 |
DebugSystemLevel | 0 |
DefaultServerIF | 2 |
DefaultServerIP | 0.0.0.0 |
DefaultServerIPMask | 255.255.255.255 |
DefaultServerIP2 | 0.0.0.0 |
DefaultServerIP2Mask | 255.255.255.255 |
DHCPIP | 0.0.0.0 |
DHCPRelayEnable | 0 |
DHCPRemotePort | 67 |
DNSFTCheckInterval | 60 |
DNSFTCheckThreshold | 0.1 |
DNSRemotePort | 53 |
FailoverActiveIP0 | 0.0.0.0 |
FailoverActiveIP1 | 0.0.0.0 |
FailoverActiveIP2 | 0.0.0.0 |
FailoverActiveMac0 |
|
FailoverActiveMac1 |
|
FailoverActiveMac2 |
|
FailOverActiveState | 1 |
FailoverEnable | 0 |
FailoverStandbyIP0 | 0.0.0.0 |
FailoverStandbyIP1 | 0.0.0.0 |
FailoverStandbyIP2 | 0.0.0.0 |
FailoverStandbyMac0 |
|
FailoverStandbyMac1 |
|
FailoverStandbyMac2 |
|
FEI0_InetAddr |
|
FEI0_InetGateway |
|
FEI0_InetName |
|
FEI0_Mask | 0.0.0.0 |
FEI1_InetAddr |
|
FEI1_InetGateway |
|
FEI1_InetName |
|
FEI1_Mask | 0.0.0.0 |
FEI2_InetAddr |
|
FEI2_InetGateway |
|
FEI2_InetName |
|
FEI2_Mask | 0.0.0.0 |
IGMPHelperEnable | 0 |
L2FRemotePort | 1701 |
LogFacility | 0 |
LogTarget0 | 0 |
MachineName | ssg |
MaxServicePerHost | 10 |
MulticastEnable | 0 |
NATFTPCleanupInternal | 300 |
NATFTPConnTimeout | 14400 |
NATFTPFinConnTimeOut | 1 |
NHGTableProfile | NHGTableProfile |
RADIUSRemotePort | 1645 |
SNMPIP | 0.0.0.0 |
SNMPRemotePort | 162 |
SNMPRetryCount | 0 |
TPTEnable | 0 |
TPTFilter | TPTFilterProfile |
ServicePassword | secret |
TunnelTimeout | 60 |
SSG > config setDefault
This command displays the current setting for all configuration parameters or a specified configuration parameter.
config show [parm_name]parm_name | Configuration parameter whose setting you want to show. If parm_name is not specified, all parameters are shown. This parameter supports pattern matching. |
Use the conifg show command to display the current setting for all configuration parameters or a specified configuration parameter.
SSG > config show AAIP
AAIP1: <0.0.0.0> AAIP2: <0.0.0.0> SSG > config show Password
DashboardPassword: <secret> AAAPassword: <secret> ServicePassword: <secret>
This command enables or disables debugging for a specified debug handler at a specified level.
debug {enable | disable} [-h handler] [-l level]handler | You can enable or disable the following debug handlers: system---System debug handler. dhcp---Dynamic Host Configuration Protocol (DHCP) handler. dns---Domain Name System (DNS) handler. l2f---Layer 2 Forwarding (L2F) handler. radius---Remote Access Dial-In User Service (RADIUS) handler. accounting---Accounting protocol handler. nat---Network address translation handler. failover---Failover handler. ppp---Point-to-Point Protocol handler. |
level | You can set the following debug levels: error---Display error messages. info---Display informational messages. verbose---Display the long form of messages. packet---Output the contents of each packet that is received and transmitted. all---Display error, informational, and packet messages, in verbose form. |
Use the debug command to enable or disable debugging for a specific debug handler. To enable a debug handler, enter debug enable followed by -h and the name of the handler to enable, -l, and the level of debugging. To disable a debug handler, enter debug disable followed by -h and the name of the handler to disable. If you are disabling a debug handler, you do not need to specify a debug level.
To disable all debugging levels without changing setting levels, enter debug disable. To restore these levels to their previous settings, enter debug enable.
When the handler is enabled, debug messages are output to the device(s) specified by the logtarget command. This can be the terminal device to which the Cisco 6510 is connected or a UNIX syslog server.
SSG > debug enable -h dhcp -l error
Debug DHCP: Enabled [Active Level: ERROR] SSG > debug enable -h l2f -l all
Debug L2F: Enabled [Active Level: ERROR INFO VERBOSE PACKET] SSG > debug disable -h radius
Debug RADIUS: Disabled [Active Level: ERROR ] SSG > debug disable
Debug DHCP: Disabled [Active Level: ERROR ] Debug DNS: Disabled [Active Level: ERROR ] Debug L2F: Disabled [Active Level: ERROR ] Debug PPP: Disabled [Active Level: ERROR ] Debug RADIUS: Disabled [Active Level: ERROR ] Debug ACCOUNTING: Disabled [Active Level: ERROR INFO VERBOSE PACKET ] Debug NAT: Disabled [Active Level: ERROR ] Debug FAILOVER: Disabled [Active Level: ERROR ] Debug SYSTEM: Disabled [Active Level: ERROR ]
| TimeSaver To quickly specify all debug levels for a debug handler, use a numeric value between 0 and 15. |
To determine the numeric value, use Table 4-3. The value "1" indicates the debug level is enabled and "0" indicates the debug level is disabled.
No. | Packet | Verbose | Info | Error |
|---|---|---|---|---|
0 | 0 | 0 | 0 | 0 |
1 | 0 | 0 | 0 | 1 |
2 | 0 | 0 | 1 | 0 |
3 | 0 | 0 | 1 | 1 |
4 | 0 | 1 | 0 | 0 |
5 | 0 | 1 | 0 | 1 |
6 | 0 | 1 | 1 | 0 |
7 | 0 | 1 | 1 | 1 |
8 | 1 | 0 | 0 | 0 |
9 | 1 | 0 | 0 | 1 |
10 | 1 | 0 | 1 | 0 |
11 | 1 | 0 | 1 | 1 |
12 | 1 | 1 | 0 | 0 |
13 | 1 | 1 | 0 | 1 |
14 | 1 | 1 | 1 | 0 |
15 | 1 | 1 | 1 | 1 |
To enable error-level debugging for all handlers, enter the following:
SSG > config set level
Carriage Return to Skip; '.' to quit; 'c' to clear --> DebugDHCPLevel: <7>:1
DebugDNSLevel: <1>:1
DebugL2FLevel: <1>:1
DebugPPPLevel: <1>:1
DebugRADIUSLevel: <1>:1
DebugACCTLevel: <1>:1
DebugNATLevel: <1>:1
DebugFOVERLevel: <1>:1
DebugSystemLevel: <1>:1
Configuration Transferred to STANDBY
This command displays the current debug settings.
debug showUse the debug show command to display the current debug settings.
SSG > debug show
Debug DHCP: Disabled [Active Level: (None)] Debug DNS: Disabled [Active Level: (None)] Debug L2F: Disabled [Active Level: (None)] Debug PPP: Disabled [Active Level: (None)] Debug RADIUS: Enabled [Active Level: ERROR ] Debug ACCOUNTING: Disabled [Active Level: (None)] Debug NAT: Disabled [Active Level: (None)] Debug FAILOVER: Disabled [Active Level: (None)] Debug SYSTEM: Enabled [Active Level: ERROR ]
This command enables or disables the failover feature for the Cisco 6510.
failover {enable | disable}enable | Enables the failover feature. |
disable | Disables the failover feature. |
Use the failover command to enable or disable the Cisco 6510's failover feature. For detailed information on how the failover feature works, see the "Failover Mechanism" section.
SSG > failover enable
SSG > failover disable
This command resets the failover mechanism for the Cisco 6510.
failover resetUse the failover reset command to reset the failover mechanism for the Cisco 6510. It is necessary to enter this command to activate failover without rebooting, when a serious error is reported for either unit, or in the event that the failover cable becomes disconnected.
To use failover reset, first enter the command on the standby unit. Then, enter the command on the primary unit.
If you are activating failover for the first time, you must first enter the failover enable command described in the "failover" section.
SSG > failover reset
Failover::Init: Initialize failover service hot... Failover Reset started. SSG>Failover::Init: Waiting for failover to initialize (COUNTDOWN: 10) Failover::Init: Waiting for failover to initialize (COUNTDOWN: 9) Failover::Init: Waiting for failover to initialize (COUNTDOWN: 8) FAILOVER: %%%%%%%%%%%%%SWITCHING INTERFACES to STANDBY %%%%%%%%%%%%%%%% FAILOVER: (failSwitch) unit(0): Switching to MAC(00:a0:c9:76:9c:a4) FAILOVER: (failSwitch) unit(0): Switching to IP... FAILOVER: (SwitchIP) Switching unit(0) to IP=<10.10.10.2>, mask=<255.255.0.0>, GW=<>, name=<host> FAILOVER: %%%%%%%%%%%%%SWITCHING INTERFACES to STANDBY %%%%%%%%%%%%%%%% FAILOVER: (failSwitch) unit(1): Switching to MAC(00:a0:c9:76:9c:38) FAILOVER: (failSwitch) unit(1): Switching to IP... FAILOVER: (SwitchIP) Switching unit(1) to IP=<171.69.255.20>, mask=<255.255.255.248>, GW=<171.69.255.18>, name=<ncp/isp> FAILOVER: %%%%%%%%%%%%%SWITCHING INTERFACES to STANDBY %%%%%%%%%%%%%%%% FAILOVER: (failSwitch) unit(2): Switching to MAC(00:a0:c9:76:9c:42) FAILOVER: (failSwitch) unit(2): Switching to IP... FAILOVER: (SwitchIP) Switching unit(1) to IP=<171.52.255.20>, mask=<255.255.255.248>, GW=<171.52.255.18>, name=<mgmt> Failover::Init: Waiting for failover to initialize (COUNTDOWN: 7) Failover::Init: Initialization Done!
Use the failover set command to set the IP addresses of the active and standby units.
SSG > failover set
FailoverActiveIP0 <198.46.3.2>: FailoverActiveIP1 <198.46.4.2>: FailoverActiveIP2 <198.46.5.2>: FailoverStandbyIP0 <0.0.0.0>: 198.46.6.2
FailoverStandbyIP1 <0.0.0.0>: 198.46.7.2
FailoverStandbyIP2 <0.0.0.0>: 198.46.8.2
IP | Displays the IP addresses of the active and standby units. |
stats | Displays status information of the active and standby units. |
Use the failover show command to display information about the active and standby units.
If you enter failover show, the console displays information about whether failover is enabled and the processing status. If you enter failover show IP, the console displays the IP addresses of the active and standby units. If you enter failover show stats, the console displays failover realtime status information.
For detailed information on how the failover feature works, see the "Failover Mechanism" section.
SSG > failover show
Failover Feature <Enabled>: SSG Processing <ON> SSG > failover show stats
---------------- Failover module real-time status -------------------- PRIMARY: Failover Monitor Enabled: ACTIVE (Peer Unit: STANDBY) 0: 10.10.10.1 (00:a0:c9:9b:7c:bf) LINK = up 1: 171.69.255.19 (00:a0:c9:9b:82:28) LINK = up 2: 171.52.255.19 (00:a0:c9:9b:82:42) LINK = up Logical information: Interface fei2: READY Interface fei1: READY Interface fei0: READY Total Number of Switchover Taken Place: 1
This command switches the Cisco 6510 to either active or standby status.
failover switchover {active | standby}active | Makes the unit the active unit. |
standby | Makes the unit the standby unit. |
Use the failover switchover command to switch the Cisco 6510 to active or standby. For detailed information on how the failover feature works, see the "Failover Mechanism" section.
SSG > failover switchover active
SSG > failover switchover standby
This command tests the failover feature for the Cisco 6510.
failover testUse the failover test command to test the Cisco 6510's failover feature. For detailed information on how the failover feature works, see the "Failover Mechanism" section.
SSG > failover test
---------------- Failover module Self Test -------------------- FAILOVER: (selfTest) tNetTask OK. FAILOVER: (selfTest) Cable OK. FAILOVER: (selfTest) Ethernet(2) OK. FAILOVER: (selfTest) Ethernet(1) OK. FAILOVER: (selfTest) Ethernet(0) OK. FAILOVER: (selfTest) Succeeded: Passed All Tests.
This command displays the hardware configuration of the Cisco 6510.
hardwareUse the hardware command to display the hardware configuration of the Cisco 6510.
SSG > hardware
INTEL Processor: <GenuineIntel> OEM: Pentium II processor, model 3, 300 MHz Total Memory: 402649 Kbytes Performing Failover Cable Loopback Test... loopback test: Tx/Rx 128 characters were dropped Result = FAILED Ethernet Cards: SSG diagnostics: Intel 82557 #0 found at pciDevice number 13 *** 82557(0): Intel EtherExpress Pro 10/100 at 0xfcc0 00:A0:C9:CA:AF:04 CSR mem base address = feaff000, Flash mem base address = fed00000 PCI bus no. = 0, device no. = d, function no. = 0, IRQ = 11 Board assembly 689661-003, Physical connectors present: RJ45 Primary interface chip unknown PHY #1. General self-test: passed. Serial sub-system self-test: passed. Internal registers self-test: passed. ROM checksum self-test: passed (0x24c9f043). *** SSG diagnostics: Intel 82557 #1 found at pciDevice number 14 *** 82557(1): Intel EtherExpress Pro 10/100 at 0xfca0 00:A0:C9:CC:31:17 CSR mem base address = feafe000, Flash mem base address = fec00000 PCI bus no. = 0, device no. = e, function no. = 0, IRQ = 10 Board assembly 689661-003, Physical connectors present: RJ45 Primary interface chip unknown PHY #1. General self-test: passed. Serial sub-system self-test: passed. Internal registers self-test: passed. ROM checksum self-test: passed (0x24c9f043).
*** SSG diagnostics: Intel 82557 #2 found at pciDevice number 15 *** 82557(2): Intel EtherExpress Pro 10/100 at 0xfc60 00:A0:C9:CC:31:91 CSR mem base address = feafd000, Flash mem base address = feb00000 PCI bus no. = 0, device no. = f, function no. = 0, IRQ = 15 Board assembly 689661-003, Physical connectors present: RJ45 Primary interface chip unknown PHY #1. General self-test: passed. Serial sub-system self-test: passed. Internal registers self-test: passed. ROM checksum self-test: passed (0x24c9f043).
This command configures a Cisco 6510 interface card.
ifconfig -u unit -a inetadrs -m netmask [-g inetgateway] [-n inetname]unit | Card number of the interface card (card number 0, 1, or 2). |
inetadrs | IP address assigned to the interface card. |
netmask | Subnet mask assigned to the interface card. |
inetgateway | Default gateway (optional). |
inetname | String identifying the interface card (optional). |
Use the ifconfig command to configure an interface card installed in the Cisco 6510. All cards in the Cisco 6510 should be assigned an IP address and subnet mask.
SSG > ifconfig -u 0 -a 198.46.3.2 -m 255.255.255.0
SSG > ifconfig -u 1 -a 198.46.4.2 -m 255.255.255.0 -n UCPcard
SSG > ifconfig -u 2 -a 198.46.5.2 -m 255.255.255.0 -g 198.46.5.1
The logtarget command specifies where to log debugging messages.
logtarget -t output_type [-d ip_address]output_type | Output device where messages are sent. You can specify the following devices: tty--- Messages sent to the terminal console connected to the Cisco 6510 syslog---Messages sent to the syslog file for the system with the IP address specified with the -d parameter. |
ip_address | If you specify syslog for the output_type parameter, this parameter specifies the IP address of the syslog server to which you want to output logging information. |
The output devices can include the console device connected to the Cisco 6510 and a syslog file on a system connected to the Cisco 6510.
If you specify syslog for the output_type parameter, you must specify the IP address of the system with the ip_address parameter. For information on how to specify the syslog facility, see the "logtarget facility" section.
SSG > logtarget -t syslog -d 192.168.100.22
Target0: 192.168.100.22 Log Facility: LOCAL2 SSG > logtarget -t tty
Target0: TTY Log Facility: LOCAL2
Specifies the UNIX syslog facility used to monitor debug messages.
logtarget facility {local0... | local7}local0...|local7 | Syslog facility to receive debug messages. |
Use the logtarget facility command to specify the local device to which the Cisco 6510 writes syslog facility messages.
SSG > logtarget facility local0
Target0: 192.168.100.24 Log Facility: LOCAL0
Displays the logging targets currently configured for the Cisco 6510.
logtarget showUse the logtarget show command to display a list of log targets where the Cisco 6510 sends logging information.
SSG > logtarget show
Target0: 192.168.100.22 Log Facility: LOCAL2
This command clears the next hop gateway table profile settings.
nhgtable clearUse the nhgtable clear command to clear the next hop gateway table profile settings.
SSG > nhgtable clear
Because multiple Cisco 6510s might access services from different networks, each service profile specifies a next hop key rather than a next hop IP address. For each Cisco 6510 to determine the IP address of the next hop, each Cisco 6510 downloads its own next hop gateway table that associates keys with IP addresses.
This command downloads next hop table settings from the AAA server.
nhgtable download [profile]profile | Name of the RADIUS profile that contains the NHG table for this Cisco 6510. Note If the NHGTableProfile parameter is set, the profile switch is optional. For more information, see the "NHGTableProfile" section in the "Configuration Reference" chapter. |
Use the nhgtable download command to download next hop gateway table profile. If you do not specify profile, the Cisco 6510 will use the profile specified in the NHGTableProfile parameter. For more information, see the "NHGTableProfile" section.
SSG > nhgtable download SSG_1
Downloading NHGTable from Profile (SSG_1)... NHGTable: Profile SSG_1 is downloaded!
This command displays the next hop gateway table profile settings.
nhgtable showUse the nhgtable show command to display the next hop gateway table profile settings.
SSG > nhgtable show
Next Hop Gateway Table Loaded from Profile: steve-nhg Key: ISP-1 ip: 192.168.12.1 Key: ISP-3 ip: 192.168.12.2 Key: ISP-2 ip: 192.168.12.3 Key: ISP-9 ip: 192.168.12.4 Key: ISP-8 ip: 192.168.12.5 Key: ISP-10 ip: 192.168.12.6 Key: ISP-5 ip: 192.168.12.7 Key: ISP-4 ip: 192.168.12.8 Key: ISP-7 ip: 192.168.12.9 Key: ISP-6 ip: 192.168.12.10
This command changes the password used to access the Cisco 6510 through a Telnet connection.
passwdUse the passwd command to change the password used to access the Cisco 6510 through a Telnet connection (default: admin).
SSG > passwd
Old Password: *****
New Password: *****
Re-enter New Password: *****
Password changed.
This command resets the password used to access the Cisco 6510 through a Telnet connection.
passwd resetIf you forget the Telnet password, use passwd reset to restore the Telnet password to the default setting (default: admin).
SSG > passwd reset
This command causes the Cisco 6510 to shut down and reboot using the configuration stored in Flash memory.
rebootEnter the reboot command to reboot the Cisco 6510 using the configuration stored in Flash memory.
SSG > reboot
System configuration has been modified. Save? [y/n]: y
Proceed with reboot? [y/n]: y
This command specifies the ports the Cisco 6510 uses to communicate with services.
remoteport set -h service -p portservice | Select from the following services: dhcp--- Dynamic Host Configuration Protocol service. dns--- Domain Name System service. radius---Remote Access Dial-In User Service. l2f---Layer 2 Forwarding service. accounting---RADIUS accounting service. snmp---Simple Network Management Protocol service. |
port | Port used for the specified service. |
Use the remoteport set command to specify the ports the Cisco 6510 uses to receive packets from services.
SSG > remoteport set -h dhcp -p 67
DHCPRemotePort = <67>
This command displays the port setting for a specified service.
remoteport show [-h service]service | You can view the port setting for the following services: dhcp--- Dynamic Host Configuration Protocol service. dns--- Domain Name System service. radius---Remote Access Dial-In User service. l2f---Layer 2 Forwarding service. accounting---RADIUS accounting service. snmp---Simple Network Management Protocol service. |
SSG > remoteport show -h dhcp
DHCPRemotePort = <67> SSG > remoteport show
DHCPRemotePort = <67> DNSRemotePort = <53> RadiusRemotePort = <1645> L2FRemotePort = <1701> AccountingRemotePort = <1646>
This command specifies the shared secret used for RADIUS communication between the Cisco 6510 and the AA server.
secret aaapassword secret_stringsecret_string | Text string containing the shared secret. |
Use the secret aaapassword command to specify the shared secret used for RADIUS communication between the Cisco 6510 and the AA server.
SSG > secret aaapassword secret2
This command specifies the shared secret used for RADIUS communication between the Cisco 6510 and the Cisco SSD.
secret dashboardpassword secret_stringsecret_string | Text string containing the shared secret. |
Use the secret dashboardpassword command to specify the shared secret used for the RADIUS communication between the Cisco 6510 and the Cisco SSD.
SSG > secret dashboardpassword secret1
This command sets IP addresses for servers which communicate with the Cisco 6510.
server [name [ip_address]]name | Name of the server. These include: defaultserverip---Cisco SSD aaip1---first AA authentication and authorization service. aaip2---second AA authentication and authorization service. accountingip1---first AAA accounting service. accountingip2---second AAA accounting service. dhcpip---DHCP server. snmpip---SNMP server. |
ip_address | IP address of the server or service. |
If you enter server by itself, the Cisco 6510 will prompt you to enter each IP address. If you enter server followed by the name of the service, the Cisco 6510 will prompt you to enter the IP address for that service.
SSG > server dhcpip 136.123.56.57
SSG > server
DefaultServerIP: <0.0.0.0>: 192.168.1.2
AAIP1: <0.0.0.0>: 171.69.73.151
AAIP2: <0.0.0.0>: 171.69.73.152
AccountingIP1: <0.0.0.0>: 175.63.73.250
AccountingIP2: <0.0.0.0>: 175.63.73.251
DHCPIP: <0.0.0.0>: 136.123.56.57
SNMPIP: <0.0.0.0>: 136.123.56.59
This command shows the IP addresses for the default server, RADIUS services, and the DHCP server.
server showUse the server show command to show the IP addresses for the default server, RADIUS services, and the DHCP server.
SSG > server show
DefaultServerIP: <192.168.100.24> (Interface: Network) AAIP1: <192.168.100.22> AAIP2: <0.0.0.0> AccountingIP1: <192.168.100.22> AccountingIP2: <0.0.0.0> DHCPIP: <192.168.100.11> SNMPIP: <136.123.56.59>
This command terminates the Telnet session to the Cisco 6510.
telnet disconnectTo determine whether there is an active Telnet session to the Cisco 6510, use the telnet show command. To terminate the session, use the telnet disconnect command.
This command can only be entered from the Cisco 6510 terminal interface.
SSG > telnet disconnect
This command shows whether there is an active Telnet session to the Cisco 6510.
telnet showUse the telnet show command to show whether there is an active Telnet session to the Cisco 6510. If there is, you can terminate the session by using the telnet disconnect command.
This command can only be entered from the Cisco 6510 terminal interface.
SSG > telnet show
This command clears the transparent passthrough filter settings.
tptfilter clearUse the tptfilter clear command to clear the transparent passthrough filter settings.
SSG > tptfilter clear
Transparent Passthrough service filter is cleared
This command downloads transparent passthrough filter settings from the AAA server.
tptfilter download profilenameprofilename | Name of the Internet filter. |
Transparent passthrough is designed to allow unauthenticated traffic (users or network devices that have not logged in to the Cisco 6510 through the Cisco SSD) to pass through the SSG (usually to the Internet).
Use the tptfilter download command to download transparent passthrough filter settings. This filter is downloaded from the AAA server and contains filter statements that describe which IP address ranges are permitted and denied.
The filter list is processed from beginning to end until an explicit match is found or until the end of the list is reached. Because there is an implicit deny for the list, the packet will be denied if no IP match is found.
SSG > tptfilter download PF1
Downloading TPTFilter from Profile (PF1)... TPTFilter: Profile PF1 is downloaded!
This command displays the transparent passthrough filter settings.
tptfilter showUse the tptfilter show command to display the transparent passthrough filter settings.
SSG > tptfilter show
*** Transparent Passthrough Filter Information ***
Filter info downloaded from Service PF1
5 Filter(s) in the current profile
Filter flag is Src_Dst Permit, Filter_ID is 1
1.1.1.1/255.255.255.0:20,21
2.2.101.2/255.255.255.0;0-9999
Filter flag is Src_Dst Permit, Filter_ID is 2
1.1.2.1/255.255.255.0:20,21
2.2.102.2/255.255.255.0:0-9999
Filter flag is Src_Dst Permit, Filter_ID is 3
1.1.3.1/255.255.255.0:20,21
2.2.103.2/255.255.255.0:0-9999
Filter flag is Src_Dst Deny, Filter_ID is 4
1.1.4.1/255.255.255.0:20,21
2.2.104.2/255.255.255.0:0-9999
Filter flag is Src_Dst Deny, Filter_ID is 5
1.1.5.1/255.255.255.0:20,21
2.2.105.2/255.255.255.0:0-9999
This command displays the version of the software installed in the Cisco 6510.
versionUse the version command to display the version of the currently installed firmware.
SSG > version
Service Selection Gateway Version 1.1(0) Build 75, Aug 18 1998, 17:58:57 Copyright (c) 1998 by Cisco Systems, Inc. Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause as FAR sec. 32.227-19 and subparagraph (c) (i) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706
|
|