|
|
The Command Line Manager features text-based configuration and allows you to configure and manage the device and perform various network diagnostic functions.
Sessions can be established by directly attaching a terminal or a computer running terminal emulation software to the system Console port. This connection is at 9600 Baud, 8 bits, and no parity.
Sessions can also be established by connecting via telnet to an IP address of the device. See the Installation Guide for your device for more information.
Both methods of establishing a session require that the system passwords be entered before any commands can be entered.
The default passwords as shipped from the factory are letmein. It is strongly recommended that the password be changed using the General section. Once the passwords are set, the same passwords are used by VPN 5000 Manager.
There are two modes of operation in the Command Line interface, enabled and normal modes.
All operations that do not modify the system configuration or display critical (security related) information are permitted in normal mode. This mode of operation is protected by the password. In normal mode, the command prompt ends in a ">".
enabled mode is protected with the enable password. If no enable password has been configured, then the regular password will be used. There are two ways to enter enabled mode. If a privileged command is entered, the user will be prompted for the enable password, and if successful, the user will be in enabled mode. The other way is to use the enable command (see enable, disable). The command prompt for enabled mode ends with a "#". If there is no activity for 5 minutes, enabled mode will time out.
There are two basic types of commands, configuration commands and management commands.
 |
Note Some of the commands described in this manual may not exist on every system. Some of the commands are hardware-specific; if the hardware platform has no WAN interfaces, commands that are WAN-specific will not exist. Other commands are related to software features such as bridging that may not be available with all releases. |
Table 1 and Table 2 show how the commands and configuration sections are grouped within this manual.
The following table lists configuration comamnds. A text-based configuration is a collection of section headings followed by keywords or other data which define device settings. The configuration commands allow you to edit, create and manage these sections.
| Command | Sections | |
|---|---|---|
configure | This command enters the configuration editor which allows you to add or modify configuration variables using keyword and value pairs and ensures that they are syntactically correct. As an added benefit, within the configuration editor, all of the management commands are still available. The following sections are configured using the configure command: | |
| AppleTalk | IPX |
edit config | This two-word command allows you to create and manage complex lists such as filter rules. These special sections do not have keyword and value pairs. The edit config command can also be used as a line editor for the entire configuration. The list that follows includes sections which are configured using the edit config command. Some of these sections can also be configured using the edit command (see the edit section under Management Commands). | |
| AppleTalk Filter | IPX Filter |
The following table lists management commands, which allow you to perform a variety of diagnostic and management operations.
| Management Commands | Description |
|---|---|
| Miscellaneous | Miscellaneous management commands. |
| Applies the configuration without restarting |
| Restarts the device |
| Creates and edit protocol filter sections |
| Enables or disables privileged commands |
| Exits the command loop parser |
| Displays context-sensitive online help info |
| Sets current interface |
| Pings a remote machine over ipx |
| Enables OSPF |
| Pings a remote machine |
| Saves the edited configuration |
| Various system related commands |
| Allows TFTP connections |
| Route tracing to remote machine |
| Establishes or tears down a LAN-to-LAN tunnel. |
| Writes the configuration to Flash memory |
| add | Runtime commands to add IP entries. |
| Adds a static IP ARP cache entry |
| Adds a static IP route |
| certificate | Commands to import and manage certificates. |
| Creates a root or server certificate, or a certificate request |
| Imports a certificate |
| Removes all certificates |
| Approves or deny a certificate request |
| Checks that the server certificate is valid |
| reset | Commands to delete items from tables and simple lists, and commands to manage configurations and statistics kept by the system. |
| Resets AppleTalk statistics and tables |
| Deletes ARP table entries |
| Restores flash configuration deleting any changes |
| Resets IP statistics and tables |
| Delete sentries from IPX tables |
| Resets OSPF adjacency with a neighbor |
| Clears restart event information |
| Resets SecurID secret |
| Resets statistics |
| set | Commands to set certain runtime configuration parameters. |
| Sets bridge configuration parameters |
| Sets PPP protocol settings |
| Enables or disables SMDS keepalive |
| Sets system parameters |
| Sets Terminal parameters |
| Sets WAN and AUX port hardware parameters |
| show | Commands to display tables and configuration parameters. |
| Completes configuration |
| Shows AppleTalk configuration, status and statistics |
| Shows the ARP table |
| Shows bridge configuration, status and statistics |
| Shows certificate text or details |
| Shows device configuration |
| Shows Ethernet information |
| Shows Frame Relay configuration and statistics |
| Shows command history |
| Shows IP configuration and statistics |
| Shows runtime IP route filters |
| Shows IPX configuration and routing |
| Shows runtime IPX route filters |
| Shows runtime IPX SAP filters |
| Shows NAT configuration and statistics |
| Shows operating system information |
| Shows OSPF configuration and statistics |
| Shows PPP information |
| Shows RADIUS configuration and statistics |
| Shows routing tables |
| Shows SecurID statistics and servers |
| Shows SMDS configuration and statistics |
| Shows statistics |
| Shows general system information |
| Shows general device information |
| Shows VPN configuration and statistics |
| Shows WAN port information |
Configuration modification is a privileged operation that requires the user to be in enabled mode. After a command modifies a configuration, subsequent command prompts will be preceded by a star (*).
Most commands that modify configurations only modify a local configuration buffer which must be saved using the save command. The effects of the few commands which can modify a runtime system configuration will only be remembered until the system is restarted. There are some runtime commands which do not have equivalent permanent configurations.
Because there is only one configuration buffer for the system, only one person can modify a configuration at any time. The second person who tries will get a message letting them know this and they will not be able to edit. If a telnet session is disconnected, it is possible to attach to the modified configuration using the sys attach command.
All sections are uniquely identified by their section name. All section names begin with a fixed string. However, some section names also have variable portions.
The sections which expect names require a character string to uniquely identify the object being defined in that section. The name must be between one and 16 alphanumeric characters, including any spaces. If the name includes spaces or special characters, it must be enclosed in quotes (""). Section names are not case-specific.
Within the device's configuration, a complete section name, including the variable portion, must be unique. Duplicate section names are ignored by the device and only the first occurrence is used.
There are three types of sections: port-specific sections, general sections, and special sections.
Port-specific sections of the device's configuration are used to configure parameters for a specific interface (e.g., WAN 0, Ethernet 0, STEP 0, etc.) or type of interface if using the device's hierarchical parsing capabilities (e.g., WAN, Ethernet, STEP, AppleTalk, etc.). For more information on hierarchical parsing, see Appendix , "Default Sections and Default Values." If the device is a multislot product, both the slot number and the interface number must be given, separated by a colon (e.g., Ethernet 0:0 indicates Slot 0, Ethernet 0, while Ethernet 0:1 indicates Slot 0, Ethernet 1). If no slot number is indicated, then Slot 0 is assumed.
All port-specific sections require you to identify the port as part of the section name. The data in port-specific sections is made up of keyword and value pairs. The device uses hierarchical parsing.
Special sections of the device's configuration are different from the other two types of sections in that they have no keyword and value pairs. These sections are configured using the edit config command instead of the configure command. The data portion of a special section is unique to each section type. The manual page for each of these sections describes the syntax of the data in the section and its usage. Special sections generally are filter lists or other databases that don't lend themselves to the constraints of the keyword and value pairs.
Each manual page of a port-specific or general section contains a brief description of the section as a whole, followed by a list of all of the keywords that are valid in that section.
The keywords are paired up with a value, usually on a single line of the configuration. Some keywords want specific values (i.e., labels); others want arbitrary text strings as values. Keywords are separated from their values by an equal sign (=).
Keyword = Some Value
On each manual page describing keywords, the keyword is in bold and the type of value that it expects is listed. Arbitrary text strings are in italics.
IPAddress = IP_Address
The keyword and value pair is followed by a description of the keyword's function.
Cisco Systems products use Flash ROM technology to store their operating software and configuration parameters. Flash ROMs can be rewritten tens of thousands of times and will maintain the information which has been written in them regardless of whether they are powered on or not.
Once a configuration is complete, the save command is needed to save the new or modified configuration from the configuration buffer to Flash ROM and restart the device to have the new configuration take effect.
|
Note Turning off a device in the middle of a save/restart will cause it to lose its operating software. Please wait at least 5 minutes before deciding that the save command has failed. |
All devices support a secure TFTP mechanism to transfer configuration files to and from the device. TFTP is disabled on the device by default and must be enabled using the tftp command from a console or telnet session. Transfer configuration files to and from the device using an ASCII mode transfer.
It is also possible to create a text-based configuration file and use VPN 5000 Manager to transfer the file to and from the device. This method uses a secure transfer mechanism, preventing the configuration from being observed while it is in transit to the device. See the Cisco VPN 5000 Manager Software Reference Guide for more information.
Posted: Wed Sep 27 10:23:38 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.