SCR1618-RDAC-5500464-CLI-Guide(RevB).pdf

Perle IOLAN SCR

CLI

Command Reference Guide

Modified May 2021

A1.05.17.2021

Document Part# 5500464-10 (Rev B)

This document must not be reproduced in any way whatsoever, either printed or electronically, without the consent of:

Perle Systems Limited,

60 Renfrew Drive

Markham, ON

Preface ...............................................................................16

About This Book ........................................................................ 16

Intended Audience..................................................................... 16

Typeface Conventions............................................................... 16

Setting up the IOLAN................................................................. 16

Chapter 2 User Exec Mode ...............................................29

clear ip dhcp binding................................................................. 29

enable.......................................................................................... 29

line-attach ................................................................................... 30

logout .......................................................................................... 30

ping ............................................................................................. 30

release......................................................................................... 31

renew........................................................................................... 32

show alarm ................................................................................. 33

show arp ..................................................................................... 34

show clock.................................................................................. 35

show crypto................................................................................ 35

show dot1x ................................................................................. 36

show eap..................................................................................... 37

show environment ..................................................................... 38

show facility-alarm..................................................................... 39

show flash: ................................................................................. 39

show hosts ................................................................................. 40

show ip arp ................................................................................. 41

show ip ddns .............................................................................. 41

Table of Contents

show ip dhcp .............................................................................. 42

show ip host-group.................................................................... 43

show ip http................................................................................ 43

show ip interface........................................................................ 44

show ip ssh ................................................................................ 45

show ipv6.................................................................................... 46

show ldap ................................................................................... 47

show line..................................................................................... 48

show lldp .................................................................................... 49

show mab ................................................................................... 49

show mac.................................................................................... 51

show ntp ..................................................................................... 52

show nvram:............................................................................... 53

show radius ................................................................................ 54

show snmp ................................................................................. 55

show ssh..................................................................................... 56

show tacacs................................................................................ 56

show terminal............................................................................. 57

show users ................................................................................. 57

show version .............................................................................. 58

ssh............................................................................................... 59

telnet ........................................................................................... 60

terminal ....................................................................................... 60

testemail ..................................................................................... 61

traceroute ................................................................................... 61

two-factor.................................................................................... 62

Chapter 3 Privileged EXEC mode ....................................64

archive ........................................................................................ 64

boot ............................................................................................. 67

cd................................................................................................. 68

clear aaa...................................................................................... 68

clear arp-cache........................................................................... 69

clear bridge................................................................................. 69

clear counters ............................................................................ 70

clear ip ........................................................................................ 70

clear ipv6 .................................................................................... 71

clear ldap .................................................................................... 72

clear line ..................................................................................... 72

clear lldp ..................................................................................... 73

clear logging............................................................................... 73

clear radius................................................................................. 74

clear tacacs ................................................................................ 74

clock............................................................................................ 75

configure..................................................................................... 76

copy............................................................................................. 77

debug .......................................................................................... 77

delete........................................................................................... 80

dir ................................................................................................ 81

disable......................................................................................... 81

disconnect .................................................................................. 82

dot1x ........................................................................................... 82

exit............................................................................................... 83

kill ................................................................................................ 83

line-attach ................................................................................... 84

logout .......................................................................................... 84

mkdir ........................................................................................... 85

more ............................................................................................ 85

password .................................................................................... 86

ping ............................................................................................. 87

pwd.............................................................................................. 88

release......................................................................................... 88

reload .......................................................................................... 88

rename ........................................................................................ 89

renew........................................................................................... 90

reset ............................................................................................ 90

rmdir............................................................................................ 90

serialt .......................................................................................... 91

show aaa..................................................................................... 92

show alarm ................................................................................. 93

show archive .............................................................................. 93

show arp ..................................................................................... 94

show bgp .................................................................................... 94

show bridge................................................................................ 96

show clock.................................................................................. 97

show crypto................................................................................ 97

show debugging ........................................................................ 97

show dhcp .................................................................................. 97

show dot1x ................................................................................. 98

show eap..................................................................................... 98

show eee..................................................................................... 98

show email................................................................................ 100

show environment ................................................................... 101

show facility-alarm................................................................... 101

show flash: ............................................................................... 101

show format.............................................................................. 101

show gnss ................................................................................ 102

show hosts ............................................................................... 102

show interfaces........................................................................ 102

show ip access-lists ................................................................ 104

show ip alg ............................................................................... 105

show ip arp ............................................................................... 105

show ip as-path-access-list .................................................... 106

show ip bgp .............................................................................. 106

show ip community-list ........................................................... 108

show ip ddns ............................................................................ 109

show ip dhcp ............................................................................ 109

show ip dns .............................................................................. 109

show ip extcommunity-list.......................................................110

show ip firewall .........................................................................110

show ip health ...........................................................................111

show ip host-group...................................................................113

show ip http...............................................................................113

show ip interface.......................................................................114

show ip nat ................................................................................114

show ip ospf ..............................................................................115

show ip prefix-list .....................................................................117

show ip rip .................................................................................117

show ip route.............................................................................118

show ip route-policy .................................................................119

show ip ssh ...............................................................................119

show ipv6.................................................................................. 120

show ldap ................................................................................. 120

show license............................................................................. 120

show line................................................................................... 121

show lldp .................................................................................. 122

show logging............................................................................ 122

show mab ................................................................................. 123

show mac.................................................................................. 123

show management-access ..................................................... 123

show nat66 ............................................................................... 124

show network-watchdog ......................................................... 125

show ntp ................................................................................... 126

show nvram:............................................................................. 126

show policy-map...................................................................... 126

show processes ....................................................................... 127

show radius .............................................................................. 128

show reload .............................................................................. 128

show rest-api............................................................................ 128

show route-map ....................................................................... 129

show running-config ............................................................... 130

show sdm ................................................................................. 131

show serial ............................................................................... 132

show snmp ............................................................................... 133

show ssh................................................................................... 134

show startup-config................................................................. 134

show system ............................................................................ 136

show tacacs.............................................................................. 137

show task-status...................................................................... 137

show tech-support................................................................... 138

show terminal........................................................................... 138

show username........................................................................ 138

show users ............................................................................... 139

show version ............................................................................ 139

show vrrp.................................................................................. 139

show wan.................................................................................. 140

show zone-policy ..................................................................... 141

shutdown .................................................................................. 142

ssh............................................................................................. 142

telnet ......................................................................................... 142

terminal ..................................................................................... 142

testemail ................................................................................... 142

traceroute ................................................................................. 142

undebug.................................................................................... 142

vrrp ............................................................................................ 144

Chapter 4 Global Configuration Mode...........................146

aaa ............................................................................................. 146

(config-sg-ldap) ................................................................... 149

(config-sg-radius)................................................................ 149

(config-sg-tacacs) ............................................................... 150

alarm ......................................................................................... 150

(config-alarm-profile)# ........................................................ 151

archive ...................................................................................... 152

(config-archive)# ................................................................. 152

arp ............................................................................................. 154

banner ....................................................................................... 154

boot ........................................................................................... 155

bridge ........................................................................................ 156

(config-st-bridge)#............................................................... 157

(config-st-bridge-mst-instance)# ....................................... 160

class-map ................................................................................. 161

(config-cmap)#..................................................................... 161

(config-cmap-match)#......................................................... 162

clock.......................................................................................... 165

crypto ........................................................................................ 166

(config-client)....................................................................... 171

(config-connection)............................................................. 173

(config-esp)#........................................................................ 176

(config-ike)# ......................................................................... 177

(config-12tp)......................................................................... 179

dot1x ............................................................................................. 180

(config-dot1x-creden) ......................................................... 181

eap............................................................................................. 181

(config-eap-profile).............................................................. 182

email.......................................................................................... 183

enable........................................................................................ 185

hostname .................................................................................. 185

interface .................................................................................... 185

ip access-list ............................................................................ 187

(config-std-nacl) .................................................................. 188

(config-ext-nacl) .................................................................. 188

ip alg.......................................................................................... 189

ip as-path .................................................................................. 189

ip community-list ..................................................................... 190

ip default-gateway.................................................................... 192

ip dhcp ...................................................................................... 192

(config-dhcp) ....................................................................... 193

ip dns ........................................................................................ 195

ip domain .................................................................................. 196

ip domain-name ....................................................................... 196

ip extcommunity-list ................................................................ 197

ip firewall .................................................................................. 198

(config-fw) ............................................................................ 200

(config-fw-rules) .................................................................. 201

ip ftp .......................................................................................... 204

ip health .................................................................................... 205

(config-health-prof) ............................................................. 205

ip host ....................................................................................... 206

ip host-group............................................................................ 206

(config-host-group) ............................................................. 207

ip http ........................................................................................ 207

ip name-server ......................................................................... 209

ip nat ......................................................................................... 209

ip prefix-list............................................................................... 210

ip radius .....................................................................................211

ip route...................................................................................... 212

ip route-policy .......................................................................... 213

(config-pbr) .......................................................................... 213

(config-pbr-rules) ................................................................ 214

ip scp......................................................................................... 216

ip sftp ........................................................................................ 217

ip ssh......................................................................................... 217

ip tacacs.................................................................................... 219

ip telnet ..................................................................................... 220

ipv6............................................................................................ 220

(config-ipv6-acl)................................................................... 222

(config-dhcpv6) ................................................................... 223

(config-fw6) .......................................................................... 224

(config-fw6-rules) ................................................................ 225

(config-pbr6) ........................................................................ 227

(config-pbr6-rules)# ............................................................ 228

key ............................................................................................. 230

(config-key) .......................................................................... 231

(config-keychain-key) ......................................................... 231

ldap............................................................................................ 232

(config-ldap-server)............................................................. 232

line............................................................................................. 234

lldp............................................................................................. 235

logging ...................................................................................... 237

mac............................................................................................ 240

(config-mac-acl)................................................................... 242

management-access................................................................ 243

(management-access-LAN) ................................................ 243

(management-access-WAN) ............................................... 244

nat66.......................................................................................... 245

network-watchdog ................................................................... 246

(config-network-watchdog) ................................................ 247

ntp ............................................................................................. 248

policy-map ................................................................................ 251

(config-pmap) ...................................................................... 252

(config-pmap-c) ................................................................... 253

(config-pmapRC) ................................................................. 255

(config-pmapPQ) ................................................................. 256

(config-pmapPQ-c) .............................................................. 257

(config-pmapTL) .................................................................. 259

(config-pmapTL-c)............................................................... 260

power-supply............................................................................ 261

radius ........................................................................................ 261

(config-radius-server) ......................................................... 262

radius-server ............................................................................ 262

remote-management................................................................ 263

(config-remote-mgmt) ......................................................... 264

route-map ................................................................................. 265

(config-route-map) .............................................................. 266

router......................................................................................... 268

(config-router)—BGP .......................................................... 270

(config-router-af) ................................................................. 279

(config-router)—OSPF ........................................................ 284

(config-router)—RIP ............................................................ 292

sdm............................................................................................ 293

serial.......................................................................................... 294

service....................................................................................... 296

snmp-server ............................................................................. 297

tacacs........................................................................................ 299

(config-tacacs-server)......................................................... 299

tacacs-server............................................................................ 300

tty............................................................................................... 301

username .................................................................................. 301

(config-user-serial).............................................................. 303

(config-user-2factor) ........................................................... 307

wan ............................................................................................ 307

(config-wan-failover) ........................................................... 309

(config-loadshare-rule) ....................................................... 310

zone............................................................................................311

(config-sec-zone)................................................................. 312

zone-pair ................................................................................... 313

Chapter 5 Interface configuration .................................314

Interface .................................................................................... 314

(config-if)#bvi....................................................................... 315

(config-if)#dialer .................................................................. 326

(config-if)ethernet#.............................................................. 334

(config-subif)# ..................................................................... 348

(config-if-range)#................................................................. 360

(config-if)#openvpn-tunnel................................................. 372

(config-if)#tunnel ................................................................. 380

(config-if-vrrp)#.................................................................... 390

Chapter 6 Interface line mode ........................................398

line............................................................................................. 398

(config-line)#console .......................................................... 398

(config-line)#tty ................................................................... 400

(config-line)#vty................................................................... 417

IOLAN SCR Command Line Reference Guide

Preface

About This Book

This guide provides the information you need to:

 configure the IOLAN using the Command Line Interface (CLI)

Intended Audience

This guide is for administrators who will be configuring the Perle IOLAN SCR1618

RDAC hereafter knows as the IOLAN.

Some prerequisite knowledge is needed to understand the concepts and examples in this

guide:

 If you are using an external authentication application(s), working knowledge of

the authentication application(s).

 Knowledge of the file transfer protocols the IOLAN uses.

Typeface Conventions

Most text is presented in the typeface used in this paragraph. Other typefaces are

used to help you identify certain types of information.

The other typefaces are:

Setting up the IOLAN

For information to set up your IOLAN for the first time, see your IOLAN1618

RDAC User’s Guide and your Quick Start Guide that came with your product.

Typeface Example Usage

clear {[ip dhcp binding]}

Commands are in bold blue text and keywords

for those command use bold green text.

<WORD> Arguments in which you supply the values are

in purple italics.

username

[nopassword] |

[privilege 1] | 15] | [secret 0

<cleartext-password>]

| [5

<hidden-user-secret> |

<cleartext-password>]

Square brackets means optional elements, but

not required to complete the command. Such as

command username does not require

nopassword, privilege or secret for completion.

Vertical bars within this example separate

alternative choices and can be viewed as an or

between parameters.

snmp-server {contact

<contact-name>

}

Curly braces surround the entire

keyword/optional commands.

IOLAN1618 RDAC User’s Guide This typeface indicates a book or document title.

See About This Book for more

information.

This indicates a cross-reference to another

chapter or section that you can click on to jump

to that section.

IOLAN SCR1618 RDAC Command Line Reference Guide

Using the Command-Line Interface

This book provides the command line interface (CLI) options available for the Perle

IOLAN SCR1618 RDAC. This chapter describes how to use the command-line interface

(CLI) to configure software features. Commands are grouped by Command modes. Some

CLI commands may not be applicable to your model or running software.

Command Modes

Each command is broken down into several categories:

 Description—Provides a brief explanation of how the command is used.

 Syntax—Shows the actual command line options. The options can be typed in

any order on the command line. The syntax explanation will use the following

command to break down the command syntax:

For example: telnet 172.16.4.92

This command opens a telnet session to the host with the

IP address of 172.16.4.92. If you use a name rather than

an IP address, you can use the /ipv4 option to force the

connection to use an IPv4 format for the network address.

For example: sdm [default|dual-ipv4-and-ipv6]

This command sdm has an option of either default or dual

ipv4 and ipv6. You can choose either option but not both.

Braces ({}) group required choices and vertical bars (|) separate the alternative choices.

Square brackets ([]) show the options that are available for the command. You can type a

command with each option individually, or string options together in any order you want.

Brace and vertical bars within square brackets {[]} means requires a choice within and

optional element. The pipe (|) within a square bracket means a choice between the

elements.

For example, valid values for (config)#ip

{community-list [expanded | standard]}. Valid

values are expanded or standard but you cannot select both at the same time.

Command Mode Prompt Exit Mode

Access Next

Mode

User EXEC mode PerleSCR> logout

command

enable

command

Privileged EXEC mode PerleSCR# disable

command

configure

command

Global configuration mode PerleSCR(config)# end or exit

command

interface

command

Interface configuration

mode

PerleSCR(config-if)#

PerleSCR(config-if-range)#

end command interface

command,

interface type,

interface

number

Line configuration mode PerleSCR(config-line)# end command interface

command,

interface type,

interface

number

IOLAN SCR1618 RDAC Command Line Reference Guide

 Options—Provides an explanation of each of the options for a command

and the default value if there is one. Some commands do not have any

options, so this category is absent.

 UP arrow—show a history of the previous commands entered.

Command Shortcuts

When you type a command, you can specify the shortest unique version of that

command or you can press the TAB key to complete the command. For example, the

following command:

PerleSCR(config)#service dhcp

can be typed as:

PerleSCR(config)#se d

or, you can use the TAB key to complete the lines as you go along:

se<TAB>d<TAB>

where the TAB key was pressed to complete the option as it was typed.

Command Options

When you are typing commands on the command line (while connected to the

IOLAN, you can view the options by typing a question mark (?), after any part of the

command to see what options are available/valid. For example:

IOLAN#terminal?

help

history

length

monitor

width

Common Commands

default

Use the default command to set a command back to it’s defaults.

disable

Use the disable command to de-elevate from Privilege EXEC mode to User Exec

mode.

do-exec

Run exec commands while in config mode.

enable

Use the enable command to elevate to Privilege EXEC mode from User Exec mode.

IOLAN SCR1618 RDAC Command Line Reference Guide

exit

The exit command in User EXEC mode logs you out of the IOLAN. In command

mode it takes you to down one level of authority.

help

The help command gives you full help or partial help depending on your needs.

Usage Guidelines

Help may be requested at any point in a command by entering a question

mark '?'. If nothing matches, the help list is empty and you must backup

until entering a '?' shows available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. show?.)

2. Partial help is provided when an abbreviated argument

and you want to know what arguments match the input

(e.g. 'show pr?'.)

Log into the IOLAN.

logout

Log out of the IOLAN.

Use the no command to negate a command.

IOLAN SCR1618 RDAC Command Line Reference Guide

PerleSCR>? (User EXEC mode)

User Exec Mode

Example:

PerleSCR>clear ip dhcp binding *

clear Reset functions

enable Switch to privilege mode

exit Exit from EXEC

help Description of the interactive help

line-attach Attach to a configured terminal line

logout Logout of current user

password Change your password

ping Send echo messages

release Release a resource

renew Renew a resource

show Display internal settings

ssh Open a secure shell client connection

telnet Open a telnet connection

terminal Set terminal characteristics

testemail Send a test email message

traceroute Trace route to destination

two-factor Change two factor settings

IOLAN SCR1618 RDAC Command Line Reference Guide

Privilege EXEC Mode

archive Manage archive files

boot Modify system boot parameters

cd Change current directory

clear Reset functions

clock Manage system clock

configure Switch to (config)#

copy Copy from one file to another

debug Debugging functions (see also ’undebug’)

delete Delete files

dir List files on a file system

disable Leave privileged mode

disconnect Disconnect an existing network connection

dot1x IEEE 802.1X Exec commands

exit Exit from the EXEC

help Description of interactive help

kill Reset the serial line

line-attach Attach to a configured terminal line

logout Logout of current user

mkdir Create a new directory

archive

{config |

download-sw [/force-reload] | [/no-version-check] | [/reload]

[flash:perle-image-name.img] |

[ftp:///[[username:password]@location]/directory]/perle-image-name.img] |

[http://[[username:password]@][hostname | host-ip] [directory] /perle-image-name.img]

[https://[[username:password]@][hostname | host-ip] [directory] /perle-image-

name.img]

[scp://[[username@location]/directory]/perle-image-name.img] |

[sftp://[[//username:password]@location]/directory]/perle-image-name.img] |

[tftp:[[//location]/directory]/perle-image-name.img]

[update-sw /force-reload] | [/reload | check] |

[[upload-sw flash:image-file] |

[ftp:[[//username[:password]@location]/directory]/perle-image-name.img] |

[http://[[username:password]@][hostname | host-ip [directory]

/perle-image-name.img

] |

[https://[[username:password]@][hostname | host-ip [directory] /perle-image-name.img]

[scp:[[username@location]/directory]/perle-image-name.img] |

[sftp:[[//username[:password]@location]/directory]/perle-image-name.img] |

[tftp:[[//location]/directory]/perle-image-name.img]}

Syntax Description archive

{config |

Archives the running configuration. This

configuration is saved to a predefined

location as specified in the archive

command. See (config-archive)# to set up

the path to where the configuration file is

stored.

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

download-sw |

[flash:perle-image-name.img] |

[ftp:///[[username:password]@l

ocation]/directory]/perle-

image-name.img] |

[http://[[username:password]@

][hostname | host-ip [directory]

/perle-image-name.img] |

[https://[[username:password]

@][hostname | host-ip

[directory] /perle-image-

name.img]

[scp://[[username:password@l

ocation]/directory]/perle-

image-name.img] |

[sftp://[[//username:password]

@location]/directory]/perle-

image-name.img] |

[tftp:[[//location]/directory]/per

le-image-name.img]

Downloads firmware to your IOLAN.

/force-reload—unconditionally forces a

system reload after successfully

downloading the software image.

/reload—reloads the system (if no unsaved

configuration changes have been made) after

a successful upgrade.

/no-version-check—download the software

without verifying it’s version compatibility

with the image running.

update-sw | /force-reload |

/reload | check

Checks if a software update is available.

/force-reload—unconditionally forces a

system reload after successfully

downloading the software image.

/reload—reloads the system (if no unsaved

configuration changes have been made) after

a successful upgrade.

check—check to see if a software update is

available.

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

[upload-sw flash:image-file] |

[ftp:[[//username[:password]@

location]/directory]/perle-

image-name.img] |

[http://[[username:password]@

][hostname

| host-ip [directory]

/perle-image-name.img] |

[https://[[username:password]

@][hostname

| host-ip

[directory] /perle-image-

name.img] |

[scp:[[username@location]/dir

ectory]/perle-image-name.img]

[sftp:[[//username[:password]

@location]/directory]/perle-

image-name.img] |

[tftp:[[//location]/directory]/per

le-image-name.img]

}

Uploads the firmware on the IOLAN to a

server.

Command Modes PerleSCR#archive

Usage Guidelines

Use this command to manage archive files.

Where a username or password is required it can be specified in the IOLAN

configuration using the "scp | ftp | sftp | http" command to configure the username

and password used instead of specifying it on the archive command.

flash:image-file

The syntax for FTP:

[ftp:///[[username:password]@location]/directory]/perle-image-name.img] |

The syntax for an HTTP server:

http://[[username:password]@][hostname | host-ip] [directory]/perle-image-

name.img

 The syntax for an HTTPS server:

https://[[username:password]@][hostname | host-ip [directory]/perle-image-

name.img

 The syntax for an SCP server:

[scp://[[username:password@location]/directory]/perle-image-name.img] |

 The syntax for an SFTP server:

[sftp://[[//username:password]@location]/directory]/perle-image-name.img] |

 The syntax for an TFTP server:

[tftp:[[//location]/directory]/perle-image-name.img]

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

boot

{system backup}

Examples

This example downloads software from a server with an IP address of 172.16.4.182

to your

IOLAN using secure HTTP (https) and certificate named apache.crt

Step 1) Download a secure certificate to theIOLAN.

PerleSCR#crypto pki import server apache pem url

tftp://172.16.4.182/apach.crt

Step 2)

Configure yourIOLAN with the certificate you just downloaded.

PerleSCR#ip http client secure-trustpoint apache

Step 3)

Set validation off if you do not want to valid the certificate. (You must have created

the certificate with validation if you want to valid the certificate)

PerleSCR#archive download-sw

https://172.16.4.182/public/IOLAN-software.fit

The software is download using secure https.

This example upload software from a server with an IP address of 172.16.4.92

using scp.

PerleSCR#archive upload-sw

scp://lyn:m[email protected]/public/IOLAN.img

Related Commands

show archive

(config-archive)#

Syntax Description boot

{system backup}

Boots the system with the backup image.

Command Modes PerleSCR#boot

Usage Guidelines

Use this command to boot the IOLAN using an older saved software version. Older

software versions are stored as backup software using the archive command.

Examples

This example sets your IOLAN to boot using the backup software.

PerleSCR#boot system backup

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

{flash: | nvram:}

clear aaa

{aaa local user [fail-attempts all | username <WORD>] | [lockout all | username

<WORD>]}

Syntax Description cd

{flash: | nvram:}

Change directory on flash: or nvram:

Command Modes PerlePerleSCR#cd

Usage Guidelines

Use this command to change directory within the flash or nvram file systems.

Examples

This example makes a directory under the flash file system, then changes to the new

directory.

PerleSCR#mkdir flash:testdir

Created directory name testdir.

PerleSCR#cd flash:/testdir

Related Commands

copy

boot

delete

pwd

mkdir

rename

Syntax Description clear aaa

{aaa local user [fail-attempts

all | username <WORD>] |

[lockout all | username

<WORD>]}

Resets a locked out user.

Resets this locked out user.

Resets all locked out users.

Resets this user using user name.

Command Modes PerleSCR#clear aaa

Usage Guidelines

Use this command to reset locked out users.

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

clear arp-cache

{<A.B.C.D> | bvi <1-9999> | dialer <0-15> | ethernet <1-18> . <1-4000> |

openvpn-tunnel <0-999> | tunnel <0-999>

}

clear bridge

{spanning-tree counters interface bvi <1-9999> | ethernet <1-18> . <1-4000>}

Examples

This example resets locked out user Marie.

PerleSCR#clear aaa local user lockout username Marie

Related Commands

username

Syntax Description clear arp-cache

{<A.B.C.D> | bvi <1-9999> |

dialer <0-15> | ethernet <1-

18> . <1-4000> | openvpn-

tunnel <0-999> | tunnel <0-

999>

}

Clears ARP cache on IP address or interface.

Command Modes PerleSCR#clear arp-cache

Usage Guidelines

Use this command to clear ARP entries from the ARP table.

Examples

This example clears all ARPs from the ARP table for Ethernet interface 1.

PerleSCR#clear arp-cache ethernet 1

Related Commands

show arp

arp

Syntax Description clear bridge

{spanning-tree counters

interface bvi <1-9999> |

ethernet <1-18> . <1-4000>

}

Clears spanning tree counters.

Command Modes PerleSCR#clear bridge

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

clear counters

{[bvi <1-9999>] | [ethernet <1-18> | [loopback] | [tunnel <0-999>]}

clear ip

{alg connections |

bgp * | [<1-4294967295>] | <A.B.C.D> | [<X:X:X:X::X:X>] | [external in | out |

soft]

dhcp binding <* | <A.B.C.D> |

firewall <WORD> |

route-policy name <WORD> counters | rule <1-9998> counters}

Usage Guidelines

Use this command to clear spanning tree counters.

Examples

This example clears spanning tree counters on Ethernet interface 1.

PerleSCR#clear spanning-tree counters interface ethernet 1

Related Commands

show bridge

bridge

Syntax Description clear counters

{[bvi <1-9999>] | [ethernet <1-

18> | [loopback] | [tunnel <0-

999>]

}

Clears counters on specified interface.

Command Modes PerleSCR#clear counters

Usage Guidelines

Use this command to clear counters back to zero on the specified interface.

Examples

This example clears all counters for Ethernet interface 1.

PerleSCR#clear counters ethernet 1

Clear "show interface" counters on this interface [confirm]

Syntax Description clear ip

{alg connections |

Clears ALG connections.

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

clear ipv6

{firewall name <WORD> |

neighbors <X:X:X:X::X:X> | [bvi <1-9999>] | [ [dialer <0-15>] | [ethernet <1-18>

. <1-4000>] [vrrp <1-255>] | [openvpn-tunnel <0-999>] | [tunnel <0-999>]

route-policy name <WORD> counters | rule}

bgp * | <1-4294967295> |

<A.B.C.D> | <X:X:X:X::X:X> |

[external in | out | soft] |

Type * to clear all BGP sessions or

connections.

Type the connection number, IPv4, or IPv6

address of the session or connection you want

to reset.

Configure whether it is an inbound or

outbound session. No in/out parameters clears

both in and outbound.

dhcp binding <* |

<A.B.C.D> |

Type * to clear all automatic client bindings

Type the ip address of the client you want to

clear the DHCP binding.

firewall <WORD>

Clears the specified firewall statistics.

route-policy name <WORD>

counters | rule <1-9998>

counters

}

Clears counters for route policies.

Command Modes PerleSCR#clear ip

Usage Guidelines

Use this command to clear IP connections and statistics.

You can clear all DHCP bindings using the * parameter or clear only the binding for

a specific IP address by entering in the IP address to clear.

You can also use this command to clear firewall statistics and counters for route

policies.

Examples

This example clears all DHCP ip bindings from your IOLAN table.

PerleSCR#clear ip dhcp bindings *

This example clears all BGP connections.

PerleSCR#clear ip bgp *

Syntax Description clear ipv6

{firewall name <WORD>|

Clears IPv6 firewalls.

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

clear ldap

{ldap statistics}

clear line

neighbors <X:X:X:X::X:X> |

[bvi <1-9999>] | [ [dialer <0-

15>] | [ethernet <1-18> . <1-

4000>] [vrrp <1-255>] |

[openvpn-tunnel <0-999>] |

[tunnel <0-999>]

Clears IPv6 neighbors.

route-policy name <WORD>

counters | rule

}

Clears IPv6 route policies.

Command Modes PerleSCR#clear ipv6

Usage Guidelines

Use this command to clear IPv6 entries for IPv6 firewalls, neighbors, and route

policies.

Examples

This example clears route policy warehouse.

PerleSCR#clear ipv6 route-policy warehouse

Related Commands

show ipv6

ipv6

Syntax Description clear ldap

{ldap statistics}

Clears LDAP statistic information.

Command Modes PerleSCR#clear ldap

Usage Guidelines

Use this command to clear LDAP statistic information.

Examples

This example clears LDAP statistics information on your IOLAN.

PerleSCR#clear ldap statistics

Related Commands

(config-ldap-server)

show ldap

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

{console 0-0 | vty <0-15 |tty <0-16>}

clear lldp

{counters | table}

clear logging

Syntax Description clear line

{console 0-0 | vty <0-15> tty

<0-16>

}

Clears the console, vty or tty sessions.

Command Modes PerleSCR#clear line

Usage Guidelines

Use this command to clear the console, vty, or tty session. The session is

disconnected and all statistics are cleared.

Examples

This example clears vty line 1.

PerleSCR#clear line vty 1

[confirm]

[Dec 9 16:14:20 %REQHANDLE-6: Cleared VTY1 session

OK]

Related Commands

(config-line)#console

(config-line)#vty

(config-line)#tty

Syntax Description clear lldp

{counters | table}

Clears LLDP counters or table.

Command Modes PerleSCR#clear lldp

Usage Guidelines

Use this command to clears LLDP counters and table.

Examples

This example clears the LLDP table.

PerleSCR#clear lldp table

Related Commands

show lldp

lldp

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

{logging}

clear radius

{radius statistics}

clear tacacs

{tacacs statistics}

Syntax Description clear logging

{logging}

Clears the logging buffer.

Command Modes PerleSCR#clear logging

Usage Guidelines

Use this command to clear logging buffer.

Examples

This example clears the logging buffer.

PerleSCR#clear logging

Clear logging buffer[confirm]

Related Commands

show logging

Syntax Description clear radius

{radius statistics}

Clears RADIUS statistics.

Command Modes PerleSCR#clear radius

Usage Guidelines

Use this command to clear RADIUS statistics.

Examples

This example clears RADIUS statistics.

PerleSCR#clear radius statistics

Related Commands

radius

radius-server

(config-radius-server)

ip radius

Syntax Description clear tacacs

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

clock

{set hh:mm:ss | 1-31 | month year 2001-2037}

Use the no form of this command to negate a command or set to defaults.

{tacacs statistics}

Clears TACACS+ statistics.

Command Modes PerleSCR#clear tacacs

Usage Guidelines

Use this command to clear TACACS+ statistics.

Examples

This example clears TACACS+ statistical information.

PerleSCR#clear tacacs statistics

Related Commands

tacacs

tacacs-server

ip tacacs

(config-tacacs-server)

Syntax Description clock

{set hh:mm:ss | 1-31 | month |

2001-2037

}

Configure the current time and date.

hh:mm:ss (hour, mins, secs)

Day of the month 1-31

Month is

 January

 February

 March,

 April

 May

 June

 July

 August

 September

 November,

 December

Year is 2001-2037

Command Modes PerleSCR#clock

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

configure

{confirm |

revert now | timer <1-120 > | idle <1-120> |

terminal lock | revert timer <1-120> | idle <1-120>}

Usage Guidelines

Use this command to configure the clock.

Examples

This example configures the clock to 5 hours off from UTC.

PerleSCR#clock set 12:30:10 28 jan 2020

Related Commands

show clock

Syntax Description configure

{confirm |

Cancels the revert timer.

revert now

| timer <1-120 > |

idle <1-120> |

Configure the parameters for reverting this

config using the rollback feature.

terminal lock | revert timer

<1-120> |

idle <1-120>}

Locks configuration mode. Revert timer.

Command Modes PerleSCR#configure

Usage Guidelines

Use this command to change from privileged level mode to configuration mode.

This command is also used to configure the parameters for the rollback and terminal

lock features.

Examples

This example changes the user from privileged level mode to terminal configuration

mode.

PerleSCR#configure

Configuring from terminal, memory, or network [terminal]?

PerleSCR(config)#

Related Commands

(config-archive)#

archive

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

copy

{flash:filename | ftp flash: | nvram: | running-config | startup-config :filename |

http: filename |

https:filename | nvram: filename | running-config filename | scp:

filename | sftp: filename | startup-config filename | tftp:filename

}

debug

{alarmmgr |

all

bridge spanning-tree packet

Syntax Description copy

{flash:filename | ftp flash: |

nvram: | running-config |

startup-config :filename |

http: filename |

https:filename

| nvram: filename | running-

config filename | scp: filename

| sftp: filename | startup-config

filename | tftp:filename

}

Copies from one file to another.

Command Modes PerleSCR#copy

Usage Guidelines

Use this command to copy a file from one location to another.

Examples

This example copies a file from the flash: directory to a TFTP server with an IPv4

address of 172.16.4.90.

PerleSCR#copy flash:running-config-save tftp:

Address or name of remote host[ ]?172.16.4.90

Destination filename [ ]?backup-running-config<cr>

4922 bytes copied in 0.013 seconds

Related Commands

copy

boot

delete

pwd

mkdir

rename

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

clpd |

dialer

dot1x-authenticator

dot1x-supplicant

drmgrd

init

dhcp client | relay-agent | server |

ip ospf events | ism | lsa | nsm | nssa | packets | rib

ip rip events | packets |rib]

ip-sec

kernel

lldp

logging

ntp

rest-api

snmp

trapmgr

tty

vrrp

vty

wan-highavail

wanifmgr

}

Use the no form of this command to negate this command.

Syntax Description debug

{alarmmgr |

Starts alarm manager debug logging

all

Starts all debugging logging. Setting all

debug On can seriously effect the speed of

your IOLAN.

bgp events | filters | fsm |

keepalives | messages | rib |

updates

Starts debug BGP messages.

bridge spanning-tree packet

Starts debug spanning-tree packets.

clpd

Starts debug clpd messages.

dialer

Starts debug Dial on Demand messages.

dot1x-authenticator

Starts debug dot1x authenticator mode

messages.

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

dot1x-supplicant |

Starts debug for dot1x supplicant mode

messages.

drmgrd

Starts debug device remote manager daemon

messages.

Starts debug email messages.

init

Starts debug init messages.

dhcp client | relay-agent |

server]

Starts debug dhcp client, relay agent and

server messages.

ip ospf events | ism | lsa | nsm |

nssa | packets | rib | rip events

| packets | rib

Starts debug OSPF messages.

ip rip events | packets | rib

Starts debug RIP messages.

ip-sec

Starts debug IPsec messages.

kernel

Starts debug kernel messages.

lldp

Starts debug for LLDP messages

logging

Starts debug logging messages.

ntp

Starts debug NTP messages.

rest-api

Starts debug RESTful-api logging.

snmp

Starts debug SNMP messages.

trapmgr

Starts debug trapmgr messages.

tty

Starts debug tty messages.

vrrp

Starts debug for VRRP messages.

vty

Starts debug for vty device messages.

wan-highavail

Starts debug for WAN high available

connections messages.

wanifmgr

}

Starts debug for our internal WAN manager

messages

Command Default All debug off

Command Modes PerleSCR#debug

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

delete

{flash: <filename>

nvram: <filename}

Usage Guidelines

Use this command to set debug On for features or functions. Setting debug On for all

features seriously impacts system performance.

Examples

This example sets debug on for NTP.

PerleSCR#debug ntp

This example sets debug on for dhcp server.

PerleSCR#debug ip dhcp server

Related Commands

ping

undebug

Syntax Description delete

{flash: <filename> |

Type the filename to delete on the flash: file

system.

nvram: <filename>

}

Type the filename to delete on the nvram file

system.

Command Modes PerleSCR#delete

Usage Guidelines

Use this command to delete a file on flash or the nvram file system.

Examples

This example deletes backup.config on flash.

PerleSCR#delete flash:backup.config

Related Commands

copy

boot

delete

pwd

mkdir

rename

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

dir

{flash: |

nvram:

}

disable

Syntax Description dir

flash:

Displays the contents of flash.

nvram:

}

Displays the contents of nvram.

Command Modes PerleSCR#dir

Usage Guidelines

Use this command to display the contents of a file system on flash or nvram.

Examples

PerleSCR#dir

34 -rw- 1992 Mar 25 2019 17:39 -04:00 running-config

39 -rw- 2016 Mar 27 2019 12:35 -04:00 -Mar-27-12-35-22-0

24 -rw- 896 Jan 4 2001 16:46 -04:00 backup.config

42 -rw- 2068 Mar 28 2019 15:33 -04:00 -Mar-28-15-33-44-3

41 -rw- 2047 Mar 27 2019 16:24 -04:00 -Mar-27-16-24-31-2

40 -rw- 2047 Mar 27 2019 16:24 -04:00 -Mar-27-16-24-26-1

Related Commands

copy

boot

delete

pwd

mkdir

Syntax Description disable

Command Modes PerleSCR#disable

Usage Guidelines

Use this command to leave privileged mode.

Examples

This example sets privileged level to user level.

PerleSCR#disable<cr>

PerleSCR>

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

disconnect

{ssh vty <0-15>}

dot1x

{initialize interface ethernet <1-18> |

re-authenticate interface ethernet <1-18>

test interface ethernet <1-18>}

Related Commands

enable

Syntax Description disconnect

Command Modes PerleSCR#disconnect

Usage Guidelines

Use this command to disconnect an active ssh session.

Examples

This example disconnects active ssh session vty 1.

PerleSCR#disconnect ssh vty 1

[confirm]

[OK]

Related Commands

line

Syntax Description dot1x

initialize interface ethernet

<1-18>

Devices connected on this Ethernet interface

are forced to authenticate. The connection is

secured.

re-authenticate interface

ethernet <1-18>

Devices connected on this Ethernet interface

are forced to re-authenticate.

test interface ethernet <1-

18>

}

Run a 802.1x readiness test to detect any

802.1x clients that are EAPoL capable.

Command Modes PerleSCR#dot1x

Usage Guidelines

Use this command to initialize, re-authenticate, and test connected dot1x devices.

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

exit

kill

{line tty <1-16>}

Examples

This example forces devices on Ethernet interface 9 to re-authenticate.

PerleSCR>enable

PerleSCR#dot1x re-authenticate interface eth 9

This example tests for EAPol capable devices.

PerleSCR>enable

PerleSCR#interface eth 9

PerleSCR(config-if)#exit

PerleSCRPerleSCR#dot1x test eapol-capable interface eth 9

#show logging

*Oct 18 02:41:15 %PORT-AUTH-6: eth2: STA 00:13:20:92:29:82 IEEE 802.1X:

INFO_EAPOL_PING_RESPONSE: The interface Ethernet1 has an 802.1x capable

client with MAC (00.13.20.92.29.82)

*Oct 18 01 02:41:15 %PORT-AUTH-6: eth2: STA 00:16:d3:2f:62:bb IEEE 802.1X:

INFO_EAPOL_PING_RESPONSE: The interface Ethernet1 has an 802.1x capable

client with MAC (00.16.d3.2f.62.bb)

Related Commands

dot1x

show dot1x

Syntax Description exit

Command Modes PerleSCR#exit

Usage Guidelines

Use this command to exit from EXEC mode.

Related Commands

disable

Syntax Description kill

{line tty <1-16>}

Resets the tty device.

Command Modes PerleSCR#kill line tty

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

line-attach

{tty <1-16> | <WORD>}

logout

Usage Guidelines

Use this command to kill a serial line session.

Killing a line resets that serial line and loads any newly configured parameters.

Examples

This example resets (kills) the line for tty 10. Any users connected are disconnected.

PerleSCR#kill line tty 10

Related Commands

line

Syntax Description line-attach

{tty <1-16> | <WORD>} Displays available serial ports

configured for ssh or telnet protocol.

If the user logs in, line access

privileges are based on this

authentication not the original

authentication request.

<WORD>SSH user name is

optional. If it is not entered, the

username which logged into the

IOLAN’s main session are used.

Command Modes PerleSCR#line-attach

Usage Guidelines

Use this command to connect to serial ports configured as Console Management

ports. The available ports for both Telnet and SSH are displayed.

Examples

This example allows a user to connect to serial port 2 using the SSH protocol and ssh

user sshlyn.

PerleSCR#line-attach tty 16 sshlyn

Related Command

(config-line)#tty

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

{logout}

mkdir

{flash:}

{/ascii | /binary | flash: | nvram: | running-config | startup-config |

Syntax Description logout

{logout} Logs you out of your IOLAN.

Command Modes PerleSCR#logout

Usage Guidelines

Use this command to log out of your IOLAN.

Syntax Description mkdir

{flash:}

Makes a directory on the flash file system.

Command Modes PerleSCR#mkdir

Usage Guidelines

Use this command to make a new directory on the flash file system.

Examples

This example makes a directory under the flash file system.

PerleSCR>enable<cr>

PerleSCR#mkdir flash:testing<cr>

PerleSCR#dir

Directory of flash:

130307 drwx 4096 Jan 2 2019 19:58 -05:00 testdir

130306 -rw- 1508 Jan 2 2019 17:46 -05:00 test-config

130308 drwx 4096 Jan 3 2019 18:49 -05:00 testing

Related Commands

copy

boot

delete

pwd

mkdir

Syntax Description more

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

password

{/ascii | /binary | flash: |

nvram: | running-config |

startup-config |

Forces the file type to display in ascii format.

Forces the file type to display binary format.

Displays the content of a file.

[<filter/redirection options>]} Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#more

Usage Guidelines

Use the more command to display a file contents. Specify whether to show the

contents in ascii or binary format.

Output modifiers (Pipe redirect)—allows you to pipe the output to the redirect

options as specified.

Examples

This example views the file contents of nvram.

PerleSCR#more nvram:no-default-config

interface BVI1

ip address 192.168.0.1 255.255.255.0

interface ethernet 2

ip address dhcp

interface ethernet 25

no ip address

bridge-group 1

interface ethernet 26

no ip address

bridge-group 1

no ip address

bridge-group 1

no ip address

bridge-group 1

interface ethernet 13

no ip address

bridge-group 1

interface ethernet 14

no ip address

bridge-group 1

interface ethernet 15

no ip address

bridge-group 1

Syntax Description password

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

ping

{<WORD> [data <HEX DIGITS>] | [repeat <1-2147483647>] | [size <36-

18024>]

}

password Changes password for current logged in user

Command Modes PerleSCR>>password

Usage Guidelines

Use this command to change the password for the current user.

Examples

This example changes the password for the current logged in user.

PerleSCR>password

Enter Old Password:

Enter New Password:

Re-Enter Password:

Password Changed Successfully

Syntax Description ping

{<WORD> [data <HEX

DIGITS>] | [repeat <1-

2147483647>] | [size <36-

18024>]

}

Host name must be predefined in the host

table.

Data hex pattern is from 1 to 32 hex

characters.

Repeat count is from 1–2147483647.

Datagram size is from 36–18024.

Command Modes PerleSCR#ping

Usage Guidelines

Use this command to ping a remote host.

Examples

This example pings a host with an ip address of 172.16.113.44 repeating the ping

request 10 times.

PerleSCR#ping 172.16.113.44 repeat 10

This example pings a host with an ip address of 172.16.113.44 with hex data pattern

of f1f1f1f1f1.

PerleSCR#ping perlehost data f1f1f1f1f1

This example pings a host with an ip address of 172.16.113.44 with a data packet

size of 4o bytes.

PerleSCR#ping perlehost size 40

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

pwd

release

See release

reload

{at hh:mm |

cancel | in mmm | [hh:mm]}

Related Commands

undebug

Syntax Description pwd

Command Modes PerleSCR#pwd

Usage Guidelines

Use this command to display your current file system.

Examples

This command displays the file system you are in.

PerleSCR#cd nvram:

PerleSCR#pwd<cr>

nvram:

Related Commands

copy

boot

delete

pwd

mkdir

rename

Syntax Description reload

{at hh:mm |

Configure at—the time in hours and minutes

when to reload the firmware on the IOLAN.

cancel

Configure cancel—any pending reload

commands.

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

rename

{flash: <WORD> | nvram: <WORD>}

in mmm | [hh:mm]}

Configure in—minutes 1-999 or hours

minutes when to reload the firmware on the

IOLAN.

Command Modes PerleSCR#reload

Usage Guidelines

Use this command to reload the IOLAN firmware. The IOLAN powers off and then

reboots. Any configuration not copied from running-config to startup-config is lost.

Examples

Reloads the firmware on the IOLAN in 10 hours and 20 mins.

PerleSCR#reload 10:20

Cancels the previous reload command.

PerleSCR#reload cancel

*****

***** ----SHUTDOWN ABORTED ---

******

Related Commands

show reload

Note:

Before reloading the IOLAN copy running config to startup config to save any changes that

you want permanently saved.

Syntax Description rename

{flash: <WORD> | nvram:

<WORD>

}

Renames the file.

Command Modes PerleSCR#rename

Usage Guidelines

Use this command to rename a file on flash or nvram.

Examples

This example rename a file on flash from testdir to newdir.

PerleSCR#rename flash:testdir flash:backup

Destination file name[backup]?

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

renew

See renew

reset

{factory}

rmdir

{flash: <WORD>}

Related Commands

copy

boot

delete

pwd

mkdir

rename

Syntax Description reset

{factory}

Resets the IOLAN to factory default—

removing all configuration files, certificates

and keys.

Command Modes PerleSCR#reset

Usage Guidelines

Use this command to set the IOLAN to factory defaults,

Related Commands

boot

Syntax Description rename

{flash: <WORD>}

Removes the directory on flash.

Command Modes PerleSCR#rmdir

Usage Guidelines

Use this command to remove a file on flash.

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

serialt

{<WORD> #[mask] [...] [-full] [-size=# [-show]}

Examples

This example removes a directoy on flash.

PerleSCR#rmdir flash:testit

Remove Directory name [testit]?

Related Commands

copy

boot

delete

pwd

renew

mkdir

Syntax Description serialt

{<WORD> #[mask] [...] [-full]

[-size=# [-show]}

Takes a serial line trace.

Command Modes PerleSCR#serialt

Usage Guidelines

Use this command to capture data on the serial line.

Examples

This example captures all data on serial port 1 and displays it to the screen.

PerleSCR#serialt 1 -show

Tracing port 1=rx+tx+signals+special

To stop the trace press Ctrl-C

Use the "Space Bar" and the keys 1,2,3,4 to control the scrolling speed.

Please press the "Space Bar" to continue...............

Use the "Space Bar" and the keys 1,2,3,4 to control the scrolling speed.

Please press the "Space Bar" to continue...............

Decode Complete... 0 entries processed

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

show aaa

{local user lockout |

[<filter/redirection options>]}

Related Commands

undebug

Syntax Description show aaa

{aaa local user lockout |

Displays users locked-out of the IOLAN.

[filter/redirection options>] Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show aaa

Usage Guidelines

Use this command to display the current locked-out users on the IOLAN.

Output modifiers (Pipe redirect)—allows you to pipe the output to the redirect

options as specified.

Examples

This example shows you the current locked out users on the IOLAN.

PerleSCR#show aaa local user lockout

Locked-out users: Lyn

Related Commands

aaa

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

show alarm

See show alarm

show archive

{config rollback timer |

update-sw |

[<filter/redirection options>]}

Syntax Description show archive

{config rollback timer |

Displays configuration rollback and timer

information.

update-sw

Displays the Check Software update option.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show archive

Usage Guidelines

Use this command to display config rollback and the update feature.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays the config for the rollback feature.

PerleSCR#show archive

The maximum archive configurations allowed is 14.

There are currently 9 archive configurations saved.

The next archive file is named flash:-<timestamp>-9

Archive # Name

1 flash:-May-19-14-14-16-0

2 flash:-May-19-14-17-50-1

3 flash:-May-1914-19-00-2 4 flash:-May-19-14-19-14-3

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

show arp

See show arp

show bgp

{community |

community-list <1-500 > | <WORD> exact-match |

filter-list <WORD> |

memory |

neighbors <A.B.C.D> | <X:X::X:X> |

prefix-list <WORD> |

regexp <LINE> |

route-map <LINE>|

[<filter/redirection options>]}

4 flash:-May-19-14-19-14-3

5 flash:-May-19-14-20-55-4

6 flash:-May-19-14-24-31-5

7 flash:-May-19-15-05-37-6

8 flash:-May-19-03-37-55-7

9 flash:-May-19-03-38-10-8 <- Most Recent

Related Commands

archive

Syntax Description show bgp

{bgp community |

Displays the routes matching the

communities.

community-list

<1-500 > |

<WORD> exact-match

Displays the routes matching the community

list.

filter-list <WORD>

Displays the routes conforming to the filter

list.

memory

Displays Global BGP memory statistics.

neighbors

<A.B.C.D> |

<X:X::X:X>

Detailed list for TCP and BGP neighbor

connections.

prefix-list <WORD>

Displays the routes matching the prefix-list.

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

regexp <LINE> |

Displays the routes matching the AS path

regular expression.

route-map <LINE>

Displays the routes matching the route-map.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show bgp

Usage Guidelines

Use this command to show BGP information.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays BGP neighbors.

PerleSCR#show bgp neighbors

BGP neighbor is 172.16.39.2, remote AS 65537, local AS 65536, external link

BGP version 4, remote router ID 172.16.39.2

BGP state = Established, up for 00:14:28

Last read 05:39:27, hold time is 180, keepalive interval is 60 seconds

Neighbor capabilities:

4 Byte AS: advertised and received

Route refresh: advertised and received(old & new)

Address family IPv4 Unicast: advertised and received

Message statistics:

Inq depth is 0

Outq depth is 0

Sent Rcvd

Opens: 1 0

Notifications: 0 0

Updates: 1 1

Keepalives: 16 15

Route Refresh: 0 0

Capability: 0 0

Total: 18 16

Minimum time between advertisement runs is 30 seconds

For address family: IPv4 Unicast

Community attribute sent to this neighbor(both)

1 accepted prefixes

Connections established 1; dropped 0

Last reset never

Local host: 172.16.39.1, Local port: 179

Foreign host: 172.16.39.2, Foreign port: 38216

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

show bridge

spanning-tree active | bridge | detail | interface ethernet <1-18> . <1-4000> | mst

<WORD> configuration | detail | interface <1-18> | root |

[<filter/redirection options>]}

Nexthop: 172.16.39.1

Nexthop global: 2011::2

Nexthop local: fe80::251:82ff:fe11:2201

BGP connection: non shared network

Read thread: on Write thread: off

Related Commands

router

Syntax Description show bridge

[spanning-tree

active | bridge |

detail | interface ethernet <1-

18> . <1-4000> | mst <WORD>

configuration | detail |

interface <1-18> | root

Shows list of bridges and spanning-tree

information.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show bridge

Usage Guidelines

Use this command to list bridge and spanning tree information.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays bridge information.

PerleSCR#show bridge

Bridge Name Bridge ID

br1 8000.00400298993b no eth10, eth11, eth12, eth13, eth14,

eth15, eth16, eth25, eth26, eth27, eth28, eth29, eth30, eth31, eth32, eth9

Related Commands

bridge

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

show clock

See show clock

show crypto

See show crypto

show debugging

{debugging |

[<filter/redirection options>]}

show dhcp

{lease |

[<filter/redirection options>]}

Syntax Description show debugging

{debugging |

Displays processes that are in debugging

mode.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show debugging

Usage Guidelines

Use this command to show which functions or commands have debug enabled.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays the debug command output.

PerleSCR#show debugging

BGP events debugging is on

NTP debugging is on

debug

Syntax Description show dhcp

{lease |

Displays current devices with leases.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show dhcp lease

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

show dot1x

See show dot1x

show eap

See show eap

show eee

{capabilities interface ethernet <1-18>

status interface ethernet <1-18> |

[<filter/redirection options>]}

Usage Guidelines

Use this command to display all client dhcp leases with configured options.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays all dhcp leases.

PerleSCR#show dhcp lease

dhcp-assigned-address 172.17.121.182

option subnet mask 255.255.0.0

option dhcp-lease time 86400 seconds

option dhcp-server-identifier 172.17.3.13

renew Mon Jan 01 08:44:00 EST 2021

rebind Mon Jan 01 19:02:16 EST 2021

expire Mon Jan 01 22:02:16 EST 2021

Related Commands

show ip dhcp

Syntax Description show eee

{eee capabilities interface

ethernet <1-18>

Displays whether the remote Ethernet

interface is capable of Energy Efficient

Ethernet (eee).

Privileged EXEC mode

IOLAN SCR1618 RDAC Command Line Reference Guide

status ethernet <1-18> |

Displays the current status.

 Disagree—the remote interface cannot

negotiate eee

 Link down—the remote interface is not

connected

 Operational—both sides have agreed on eee

capabilities

 Disabled—eee is disabled on this Ethernet

interface

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show eee

Usage Guidelines

Use this command to display Ethernet eee port capabilities.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Privileged EXEC mode

100

IOLAN SCR1618 RDAC Command Line Reference Guide

show email

[<filter/redirection options>]

}

Examples

This example displays eee capabilities on the Ethernet ports.

PerleSCR#show eee capabilites

Ethernet1

EEE: no

Ethernet2

EEE: no

Ethernet3

EEE: no

Ethernet4

EEE: no

Ethernet5

EEE: yes

Ethernet6

EEE: yes

Ethernet7

EEE: yes

Ethernet8

EEE: yes

Ethernet9

EEE:yes

Ethernet10

EEE:yes

Ethernet11

EEE:yes

Ethernet12

EEE:yes

Ethernet13

EEE:yes

Ethernet14

EEE:yes

Ethernet15

EEE:yes

Ethernet16

EEE:yes

Ethernet17

EEE:yes

Ethernet18

EEE:yes

Syntax Description show email

{email} |

Displays email configuration.

Privileged EXEC mode

101

IOLAN SCR1618 RDAC Command Line Reference Guide

show environment

See show environment

show facility-alarm

See show facility-alarm

show flash:

See show flash:

show format

[<filter/redirection options>]

}

[<filter/redirection options>]}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCRshow email

Usage Guidelines

Use this command to display configured email parameters.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays email configuration.

PerleSCR#show email

Email: Enabled

SMTP Server: 172.217.214.109:587

From: lfelton9[email protected]

Encryption: tls

Username: [email protected]

Password: OMQJdoll5ggbTzMI

Validate Certificate: Disabled

Email Notifications:

Recipient Notifications

Subject

[email protected] alarms authentication entity envmon snmp ipsec

Lyns events from IOLAN

Related Commands

Syntax Description show format

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Privileged EXEC mode

102

IOLAN SCR1618 RDAC Command Line Reference Guide

show gnss

show hosts

See show hosts

show interfaces

{interfaces bvi <1-9999> |

dialer <0-15> |

ethernet <1-18> [vrrp <1-255>] [description <WORD>] |

loopback counters | description | stats | summary |

openvpn-tunnel <0-999 |

tunnel <0-999 |

counters |

description |

stats |

summary |

vrrp <1-255> counters | description | stats | summary |

[<filter/redirection options>]}

Command Modes PerleSCR#format

Usage Guidelines

Use this command to list supported CLI show format commands.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays the supported CLI show format commands.

PerleSCR#show format

show aaa local user lockout

show alarm profile

show alarm profile %s

show alarm settings

show alarm settings enabled

show archive

show archive config rollback timer

show archive update-sw

show arp

show bgp memory

..........

Syntax Description show interfaces

{interfaces bvi <1-9999> |

Displays Bridge-Group Virtual interfaces.

Privileged EXEC mode

103

IOLAN SCR1618 RDAC Command Line Reference Guide

dialer <0-15> |

Displays Dialer interfaces.

ethernet <1-18> [vrrp <1-

255>] [description <WORD>]

<1-18>

Displays Ethernet interfaces.

loopback counters |

description | stats | summary

Displays loopback interface.

openvpn-tunnel <0-999>

Displays OpenVPN interfaces.

tunnel <0-999

Displays tunnels.

counters

Displays counters for all interfaces.

description

Displays descriptions for all interfaces.

stats

Displays stats for all interfaces.

summary

Displays summary for all interfaces.

vrrp <1-255> counters |

description | stats | summary

Displays summary for vrrp.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show interfaces

Usage Guidelines

Use this command to display interface details, including admin statuses, and link

statuses.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Privileged EXEC mode

104

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip access-lists

{extended <100-199> <2000-2699> | standard <1-99> <2000-2699> |

[<filter/redirection options>]

}

Examples

This example shows interface descriptions.

PerleSCR#show interfaces description

Related Commands

(config-if)#bvi

(config-if)#dialer

(config-if)ethernet#

(config-if)#tunnel

(config-if)#openvpn-tunnel

Syntax Description show ip access-lists

{extended <100-199> <2000-

2699>

| standard <1-99>

<2000-2699>

Displays Extended and standard IP access

lists.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip access-lists

Usage Guidelines

Use this command to display configured access lists.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Privileged EXEC mode

105

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip alg

show ip alg {table |

[<filter/redirection options>]}

show ip arp

show ip arp {<A.B.C.D> |

[<filter/redirection options>]}

Examples

PerleSCR#show ip access-lists

Extended IP access list 100

10 permit any any

Related Commands

ip access-list

Syntax Description show ip alg

{table |

Displays ALG entries.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip alg table

Usage Guidelines

Use this command to display Application Level Gateway (ALG) entries.

Output modifiers (Pipe redirect)—allows you to pipe the output to the redirect

options as specified.

Examples

This example displays ip alg table information.

PerleSCR#show ip alg table

Syntax Description show ip arp

Privileged EXEC mode

106

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip as-path-access-list

[<filter/redirection options>]

}

show ip bgp

{

<A.B.C.D>/nn <A.B.C.D> |

cidr-only |

{

<A.B.C.D> |

Displays the ARP entry for the specified

IPv4 address.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip arp

Usage Guidelines

Use this command to display ARP table details.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

PerleSCR#show ip arp

Address HWtype HWaddress Flags Mask Iface

172.16.113.20 ether 78:2B:cb:a5:b4:0c CM eth1

Syntax Description show ip as-path-access-list

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip as-path-access-list

Usage Guidelines

Use this command to show as-path access list.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays as-path access list.BGP neighbors.

PerleSCR#show as-path-access-list

AS path access JoeAS-Path

permit def

deny abc

Related Commands

ip as-path

Privileged EXEC mode

107

IOLAN SCR1618 RDAC Command Line Reference Guide

community |

community-info|

community-list <1-500> | <WORD> exact-match |

dampened-paths |

filter-list <WORD> |

flap-statistics |

ipv4 unicast |

neighbours <A.B.C.D> <X:X:X:X::X> | advertised-routes | dampened-routes |

flap-statistics | prefix-count | [received prefix-filter] | received-routers | routes

paths |

prefix-list <WORD> |

regexp <LINE> |

route-map <WORD> |

summary |

[<filter/redirection options>]}

Syntax Description show ip bgp

{<A.B.C.D>/nn <A.B.C.D> |

Displays BGP network routing table.

cidr-only

Displays only routes with non-natural

netmasks.

community

Displays routes matching the communities.

community-info

Displays all BGP community information.

community-list <1-500> |

<WORD> exact-match

Displays routes matching the community list.

dampened-paths

Displays paths suppressed due to dampening.

filter-list <WORD>

Displays routes conforming to the filter list.

flap-statistics

Displays flap statistics of routes.

ipv4 unicast

Displays address family.

neighbours <A.B.C.D>

<X:X:X:X::X> | advertised-

routes | dampened-routes |

flap-statistics | prefix-count |

[received prefix-filter] |

received-routers | routes

Displays detailed information on TCP and

BGP neighbor connections.

paths

Displays path information.

prefix-list

<WORD> |

Displays routes matching the prefix list.

Privileged EXEC mode

108

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip community-list

show ip community-list |

[<filter/redirection options>]}

regexp <LINE> |

Displays routes matching the AS path regular

expression.

route-map <WORD>

Displays routes matching the route map.

summary

Displays the summary of BGP neighbor

statuses.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip bgp

Usage Guidelines

Use this command to display BGP information.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays BGP information.

PerleSCR#show ip bgp

BGP table version is 0, local router ID is 172.16.113.215

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, R Removed

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 172.16.0.0 0.0.0.0 1 32768 i

Total number of prefixes 1

Related Commands

clear ip

Syntax Description show ip community-list

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip community-list

Privileged EXEC mode

109

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip ddns

See show ip ddns

show ip dhcp

See show ip dhcp

show ip dns

[<filter/redirection options>]

}

Usage Guidelines

Use this command to display IP community list information.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays the community lists.

PerleSCR#show ip community-list

Community (expanded) access list 100

permit 50

Related Commands

ip community-list

Syntax Description show ip dns

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip dns

Usage Guidelines

Use this command to display IP DNS configuration and information.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays all DNS

settings.

PerleSCR# show ip dns

Privileged EXEC mode

110

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip extcommunity-list

[<filter/redirection options>]

}

show ip firewall

show ip firewall {[<NAME>] |

[<filter/redirection options>]}

IP DNS

======

DNS Lookup Enabled

Listen Addresses:

192.168.0.1

Cache Size 10000

Ignore Host File Off

Negative TTL 3600

No Name Servers Configured

Related Commands

ip dns

Syntax Description show ip extcommunity-list

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip extcommunity-list

Usage Guidelines

Use this command to display configured ip extcommunity lists.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays extcommunity lists.

PerleSCR#show ip extcommunity-list

Extended community standard list 99

denyso0:0:1:30

Related Commands

ip community-list

Syntax Description show ip firewall

{[<NAME>]}

Displays firewall name.

Privileged EXEC mode

111

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip health

{[interfaces] |

[profiles] |

[status] |

[<filter/redirection options>]}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip firewall

Usage Guidelines

Use this command to display IP firewall configuration.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays active firewalls.

PerleSCR#show ip firewall

Active on

Rule Packets Bytes Action Proto Source Destination Rule Specs

----- ------- ------- ------- ------- ----------- ----------------- ---------------

10 0 0 accept ip 0.0.0.0/0 0.0.0.0/0

/* firewall1-10 */

10000 0 0 drop ip 0.0.0.0/0 0.0.0.0/0

/* firewall1-10000 default-action drop */

Related Commands

ip firewall

clear ip

Syntax Description show ip health

{[interfaces | profiles | status] |

Displays health profile configuration.

[profiles]

Displays health profile configuration.

[status]

Displays health interfaces runtime status.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip health

Privileged EXEC mode

112

IOLAN SCR1618 RDAC Command Line Reference Guide

Usage Guidelines

Use this command to display health status for interfaces.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays health information for configured interfaces.

PerleSCR#show ip health

IP Health Profiles and Tests Configuration:

===========================================

Profile Name : health-pro

Failure-count: 5

Success-count: 5

Test 10: Type: PING Response Timeout: 1

Target: 8.8.8.8

Profile Name : labhealth

Failure-count: 1

Success-count: 1

Profile Name : testit

Failure-count: 1

Success-count: 1

IP Interface Health-Profile Configuration:

==========================================

eth1 health-pro

IP Interfaces Health Status:

============================

Interface: eth1

Status: failed

Last Status Change: Sat Feb 20 08:05:12 2021

-Test: ping Target: 8.8.8.8

Last Interface Success: n/a

Last Interface Failure: 0s

# Interface Failure(s): 20178

Related Commands

(config-if)#dialer

(config-if)#bvi

(config-if)ethernet#

(config-if)#openvpn-tunnel

(config-if)#tunnel

Privileged EXEC mode

113

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip host-group

show ip host-group {[<WORD>] |

[<filter/redirection options>]}

show ip http

{[server status] |

[<filter/redirection options>]

}

Syntax Description show ip host-group

{[<WORD>] |

Displays IP host groups.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip host-group

Usage Guidelines

Use this command to display IP host groups.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays host group tables.

PerleSCR#show ip host-group test

Host list:

172.16.77.88

1:2:3:4::5

Related Commands

ip host-group

Syntax Description show ip http

{[server status] |

Displays HTTP server status.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip http

Usage Guidelines

Use this command to show status of HTTP server.

Output modifiers (Pipe redirect)—allows you to pipe the output to the redirect

options as specified.

Privileged EXEC mode

114

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip interface

See show ip interface

show ip nat

{statistics |

translations

[<filter/redirection options>]}

Examples

Shows status of HTTP server.

PerleSCR#show ip http

Http server status: Enabled

HTTP server port : 80

User session idle timeout: 1440 seconds

HTTP secure server status: Enabled

HTTP secure server port: 443

Related Commands

ip http

Syntax Description show ip nat

{statistics |

Displays the Network Address Translation

(NAT) source statistics table.

translations

Displays the pre-nat and post-nat

translations. table.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes

PerleSCR#show ip nat

Usage Guidelines

Use this command to display the IOLAN’s Network Address Translation Table

(NAT) statistics and translations.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Privileged EXEC mode

115

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip ospf

{[border-routers] |

[database] |

[interface] |

[neighbor] |

[route] |

[<filter/redirection options>]}

Example

This example displays IP NAT translations.

PerleSCR#show ip nat translations

Related Commands

ip nat

Syntax Description show ip ospf

{[border-routers] |

Displays border and boundary router

information.

[database]

Displays database summary.

[interface]

Displays interface information.

[neighbor]

Displays neighbor list.

Privileged EXEC mode

116

IOLAN SCR1618 RDAC Command Line Reference Guide

[neighbor] |

Displays OSFP routing table.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip ospf

Usage Guidelines

Use this command to show the IOLAN’s OSPF routing processes.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

PerleSCR#show ip ospf

OSPF Routing Process, Router ID: 172.16.39.2

Supports only single TOS (TOS0) routes

This implementation conforms to RFC2328

RFC1583Compatibility flag is disabled

Opaque Capability flag is disabled

Initial SPF scheduling delay 200 millisec(s)

Minimum hold time between consecutive SPFs 1000 millisec(s)

Maximum hold time between consecutive SPFs 10000 millisec(s)

Hold time multiplier is currently 1

SPF algorithm last executed 7m53s ago

SPF timer is inactive

Refresh timer 10 secs

Number of external LSA 0. Checksum Sum 0x00000000

Number of opaque AS LSA 0. Checksum Sum 0x00000000

Number of areas attached to this router: 1

Area ID: 0.0.0.0 (Backbone)

Number of interfaces in this area: Total: 1, Active: 1

Number of fully adjacent neighbors in this area: 0

Area has no authentication

SPF algorithm executed 1 times

Number of LSA 1

Number of router LSA 1. Checksum Sum 0x00001e7a

Number of network LSA 0. Checksum Sum 0x00000000

Number of summary LSA 0. Checksum Sum 0x00000000

Number of ASBR summary LSA 0. Checksum Sum 0x00000000

Number of NSSA LSA 0. Checksum Sum 0x00000000

Number of opaque link LSA 0. Checksum Sum 0x00000000

Number of opaque area LSA 0. Checksum Sum 0x00000000

Related Commands

router

Privileged EXEC mode

117

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip prefix-list

show ip prefix-list {[WORD] |

[<filter/redirection options>]}

show ip rip

show ip rip{[status] |

[<filter/redirection options>]}

Syntax Description show ip prefix-list

{[WORD] |

Displays prefix list name.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip prefix-list

Usage Guidelines

Use this command to display prefix list table.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example shows the ip prefix list.

PerleSCR#show ip prefix-list

ip prefix-list prefix-lab (for lab users)

seq 10 permit 172.17.0.0/16

Related Commands

ip prefix-list

Syntax Description show ip rip status

{[status] |

Displays RIP information.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip rip status

Usage Guidelines

Use this command to display rip status information.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Privileged EXEC mode

118

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip route

show ip route {[table <1-200>] |

[<filter/redirection options>]}

Examples

This example shows rip status information.

PerleSCR#show ip rip

Routing Protocol is "rip"

Sending updates every 30 seconds with +/-50%, next due in 30 seconds

Timeout after 180 seconds, garbage collect after 120 seconds

Outgoing update filter list for all interface is not set

Incoming update filter list for all interface is not set

Default redistribution metric is 1

Redistributing:

Default version control: send version 2, receive any version

Interface Send Recv Key-chain

Routing for Networks:

Routing Information Sources:

Gateway BadPackets BadRoutes Distance Last Update

Distance: (default is 120)

Syntax Description show ip route

{[table <1-200>] |

Displays ip routes or route table. Tables

must be pre-defined by the user.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Default None

Command Modes PerleSCR#show ip route

Usage Guidelines

Use this command to show configured tables for ip routing.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

Shows ip route table entries.

PerleSCR#show ip route

table:200

Related Commands

ip route

Privileged EXEC mode

119

IOLAN SCR1618 RDAC Command Line Reference Guide

show ip route-policy

show ip route-policy {[<NAME>] |

[<filter/redirection options>]}

show ip ssh

[<filter/redirection options>]

}

Syntax Description show ip route-policy

{[<NAME>] |

Show ip routes or route table. Tables must be

pre-defined by the user.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip route-policy

Usage Guidelines

Use this command to display configured routing policies.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

Shows ip route policies table.

PerleSCR#show ip route-policy

IPv4 Route-policy route1

Active on

Rule Packets Bytes Action Proto Source Destination Rule

Specs

----- ------- ------- ------- ------- -------------- -------------- ---------------

20 0 0 rtable-254 ip 0.0.0.0/0 0.0.0.0/0

/* route1-9999 */

10000 0 0 accept ip 0.0.0.0/0 0.0.0.0/0

/* route1-10000 default-action accept */

Related Commands

ip route-policy

Syntax Description show ip ssh

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show ip ssh

Privileged EXEC mode

120

IOLAN SCR1618 RDAC Command Line Reference Guide

show ipv6

See show ipv6

show ldap

See show ldap

show license

[<filter/redirection options>]

}

Usage Guidelines

Shows configuration for ssh.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example shows ip ssh configuration.

PerleSCR#show ip ssh

SSH version: 2

SSH server: Enabled

Authentication timeout: 120 seconds

Authentication retries: 3

SSH public key:

ssh-rsa

AAAAB3NzaC1yc2EAAAADAQABAAABAQCgAtvWaaM0CeMWoZV1H00sni2J8T

alvSyysQGyBDIOAydaaKv1+s1Imj00FL2Boi3ke/SoKhvuLJQ+bMVFXD7kXw2fk7

Mo8f8Dd/rOuuF4kE6hKV+LLl44kJKwCUC2w2m4L1lH8Zn8HuX89Qcv2oqPUdkBf

1nelU3gc6gN4v1ckC069Tgg9hrhghCiBECCCYxmAJUhIy4dQcPwO1DQ6Acp2p3

W2RYdgUvRAlr8oLiVdrEvT7zZECpYgCMYWmfsTtUhvv8yZpvNAhV9nRm5E93Yl

V2J15qlmIlSGKn0iiLRW42xjQ4MT5XmWdlXj+NpuMlQRtFzyYPkR2H

Related Commands

ip ssh

Syntax Description show ipv6

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and

Redirection

Command Modes PerleSCR#show license

Usage Guidelines

Use this command to shows license information.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Privileged EXEC mode

121

IOLAN SCR1618 RDAC Command Line Reference Guide

show line

{[console <0-0>] |

tty <1-16> [modbus statistics master-tcp | master-udp | slave-tcp | slave-udp] |

statistics | telnet-client | udp | vmodem]

[<filter/redirection options>]}

Syntax Description show line

{[console <0-0>] |

Displays configured console parameters.

tty <1-16> [modbus statistics

master-tcp | master-udp |

slave-tcp | slave-udp] |

multihost | packet-forwarding

| ppp | rlogin-client | settings |

slip | ssh-client | ssl | statistics |

telnet-client | udp | vmodem]

Displays statistics for tty lines.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show line

Usage Guidelines

Use this command to display line configurations.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Privileged EXEC mode

122

IOLAN SCR1618 RDAC Command Line Reference Guide

show lldp

See show lldp

show logging

[<filter/redirection options>]

}

Examples

Show line parameters for tty1.

PerleSCR#show line tty 1

Syntax Description show logging

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show logging

Privileged EXEC mode

123

IOLAN SCR1618 RDAC Command Line Reference Guide

show mab

See show mab

show mac

See show mac

show management-access

[<filter/redirection options>]

}

Usage Guidelines

Use this command to display the logging buffer.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example shows the logging buffer.

PerleSCR#show logging

Syslog logging: enabled (764643 messages processed, 0 messages rate-limited, 0

overruns)

Console logging: level debugging, 71 messages logged

Monitor logging: level debugging, 71 messages logged

Logging to:

Buffer logging: level debugging, 1344 messages logged

File logging: disabled

Trap logging: level informational

Logging Source-Interface:

Log Buffer (16384 bytes):

Sep 26 20:51:57 %REQHANDLERD-6: CONSOLE: initializing usb serial console

mode

Sep 26 20:52:02 %IPSEC_STARTER-6: Starting strongSwan 5.6.2 IPsec [starter]...

Sep 26 20:52:02 %IPSEC_STARTER-6: charon is already running

(/var/run/charon.pid exists) -- skipping daemon start

Related Commands

logging

Syntax Description show management-access

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show management-access

Privileged EXEC mode

124

IOLAN SCR1618 RDAC Command Line Reference Guide

show nat66

{prefix |

statistics |

[<filter/redirection options>]}

Usage Guidelines

Use this command to display management access and access restrictions from the

LAN and WAN side.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example shows management access methods for LAN/WAN and TRUSTED

interfaces.

PerleSCR#show management-accessManagement Access is enable

LAN: eth1 eth2 eth9 eth10 eth11 eth12 eth13 eth14 eth15 eth16 eth25

eth26 eth27 eth28 eth29 eth30 eth31 eth32 br1

HTTP HTTPS TELNET SSH SNMP

ENABLE ENABLE ENABLE ENABLE ENABLE

WAN:

HTTP HTTPS TELNET SSH SNMP

DISABLE DISABLE DISABLE DISABLE DISABLE

TRUSTED:

Related Commands

(management-access-LAN)

(management-access-WAN)

Syntax Description show nat66

{prefix |

Display NAT66 prefixes.

statistics

Display NAT66 statistics.

Privileged EXEC mode

125

IOLAN SCR1618 RDAC Command Line Reference Guide

show network-watchdog

[<filter/redirection options>]

}}

[<filter/redirection options>]}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show nat66

Usage Guidelines

Use this command to display Network Address Translations (NAT) for IPv6

networks.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example shows NAT66 statistics

PerleSCR#show nat66 statistics

Global Stats:

ID:0

Packets translated In -> Out

1290003

Packets translate Out -> In

1290003

Syntax Description show network-watchdog

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show network-watchdog

Usage Guidelines

Use this command to display network watchdog status and configuration.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example shows network-watchdog.

PerleSCR#show network-watchdog

Network Watchdog Configuration/Status:

===========================================

Privileged EXEC mode

126

IOLAN SCR1618 RDAC Command Line Reference Guide

show ntp

See show ntp

show nvram:

See show nvram:

show policy-map

{incoming |

queueing

[<filter/redirection options>]}

Network-watchdog Router

Configuration:

Watchdog: Enable

Target: 172.16.23.100

Interface: eth1

Interval: 1m

Threshold: 2

Ping Count: 1

Ping Timeout: 2s

Fail Action: notification-only

Test Status:

Total Success Count: 10 Since last reset Success Count: 9

Total Failed Count: 1 Failed Tests 1/2 Next Test 0:0 (Min:sec)

Reset Count: 1

Related Commands

network-watchdog

Syntax Description show ntp

{incoming |

Displays input-policy information.

queueing |

Displays queuing information.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show policy-map

Usage Guidelines

Use this command to display configured policy maps.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Privileged EXEC mode

127

IOLAN SCR1618 RDAC Command Line Reference Guide

show processes

[<filter/redirection options>]

}

Examples

PerleSCR#show policy-map incoming

Interface action Received Dropped Overlimit

eth0 limiter 32 10 0

eth2 redirect 64 0 0

Related Commands

policy-map

Syntax Description show processes

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show processes

Usage Guidelines

Use this command to display processes running on your IOLAN.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

PerleSCR#show processes

Privileged EXEC mode

128

IOLAN SCR1618 RDAC Command Line Reference Guide

show radius

See show radius

show reload

[<filter/redirection options>]

}

show rest-api

{jwt | server status |

[<filter/redirection options>]}

Syntax Description show reload

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes #show reload

Usage Guidelines

Use this command to display scheduled IOLAN reloads or reboots.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example show configured reloads.

PerleSCR#show reload

Reload scheduled for 18:00:00 EDT Oct 17 2019 (in 59 minutes)

Related Commands

reload

Syntax Description show reload

{jwt | server status |

Show RESTful API information.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes #show rest-api

Usage Guidelines

Use this command to display RESTful API information.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Privileged EXEC mode

129

IOLAN SCR1618 RDAC Command Line Reference Guide

show route-map

show route-map {[<WORD>] |

[<filter/redirection options>]}

Examples

This example displays RESTful API information.

PerleSCR#show rest-api server status

RESTful API HTTP server status: Disabled

RESTful API HTTP server port: 8080

Cookie maximum age timeout: 1440 seconds

RESTful API HTTPS server status: Disabled

RESTful API HTTPS server port: 8443

Related Commands

remote-management

Syntax Description show route-map

{<WORD> |

Displays specified route map.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show route-map

Usage Guidelines

Use this command to display route map information.

Output modifiers (Pipe redirect)—allows you to pipe the output to the redirect

options as specified.

Example

Shows route map details.

PerleSCR#show route-map route1

RIB:

route-map route1, permit, sequence 2

Match clauses:

Set clauses:

Call clause:

Action:

Exit routemap

RIP:

route-map route1, permit, sequence 2

Match clauses:

Set clauses:

Call clause:

Action:

Exit routemap

Privileged EXEC mode

130

IOLAN SCR1618 RDAC Command Line Reference Guide

show running-config

{[all] |

[<filter/redirection options>]}

RIPV6:

route-map route1, permit, sequence 2

Match clauses:

Set clauses:

Call clause:

Action:

Exit routemap

OSPF:

route-map route1, permit, sequence 2

Match clauses:

Set clauses:

Call clause:

Action:

Exit routemap

OSPF6:

route-map route1, permit, sequence 2

Match clauses:

Set clauses:

Call clause:

Action:

Exit routemap

BGP:

route-map route1, permit, since

Match clauses:

Set clauses:

Call clause:

Action: Exit routemap

Related Commands

router

Syntax Description show running-config

{[all] |

Displays all config including defaults.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show running-config

Privileged EXEC mode

131

IOLAN SCR1618 RDAC Command Line Reference Guide

show sdm

{prefer |

[<filter/redirection options>]

}

Usage Guidelines

Use this command to display the IOLAN’s current running config. To make this

configuration permanent you must copy running config to startup config.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays running config

PerleSCR#show running-config

Building running-config . . .

version 4.5.A12

sdm prefer dual-ipv4-and-ipv6 lt

service timestamps log datetime localtime show-timezone

tty 2 mode line

tty 3 mode line

tty 4 mode line

tty 5 mode line

tty 6 mode line

tty 7 mode line

tty 8 mode line

tty 9 mode line

tty 10 mode line

tty 11 mode line

tty 12 mode line

tty 13 mode line

tty 14 mode line

tty 16 mode line

hostname PerleSCR

radius server test

Related Commands

show startup-config

Syntax Description show sdm

Privileged EXEC mode

132

IOLAN SCR1618 RDAC Command Line Reference Guide

show serial

{advanced |

[modbus gateway] |

[port-buffering] |

[trueport remap]

[username] <WORD> |

[vmodem | vmodem-phone] |

[<filter/redirection options>]}

{

prefer |

Displays the value for sdm.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Default Both IPv4 and IPv6

Command Modes PerleSCR#show sdm

Usage Guidelines

Use this command to display IPv4/IPv6 protocols running on your IOLAN.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays the current value for sdm.

PerleSCR#show sdm prefer

The current template is ‘dual-ipv4-and-ipv6 default template

Related Command

sdm

Syntax Description show serial

{advanced |

Displays advanced configuration.

[modbus gateway]

Displays modbus configuration.

[port-buffering]

Displays port buffering information.

[trueport remap]

Displays Trueport configuration.

[username]

<WORD> |

Displays user configuration for serial port.

[vmodem |

vmodem-phone] |

Displays virtual modem phone number.

Privileged EXEC mode

133

IOLAN SCR1618 RDAC Command Line Reference Guide

show snmp

{community |

[contact] |

[engine-id] |

[group] |

[host] |

[location] |

[mib ifmib ifindex ] |

[user] |

[view] |

[<filter/redirection options>]}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show serial

Usage Guidelines

Use this command to view serial configuration.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays the advanced configuration for serial.

PerleSCR#show serial advanced

Process Break Signals off

Flush on Close off

Single Telnet off

Data Logging Buffer Size 4K

Monitor Connection Interval 180 Seconds

Monitor Connection Number of Retries 5

Monitor Connection Retry Timeout 5 Seconds

Related Command

serial

Syntax Description show snmp

{community |

Displays community name.

[contact]

Displays contact information

[engine-id]

Displays SNMP engine-id.

Privileged EXEC mode

134

IOLAN SCR1618 RDAC Command Line Reference Guide

show ssh

See show ssh

show startup-config

[<filter/redirection options>]

}

[group] |

Displays SNMP groups.

[host]

Displays host information

[location]

Displays location information.

[mib ifmib ifindex ]

Displays SNMP ifmib information.

[user]

Displays SNMP users.

[view]

Displays SNMP views.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show snmp

Usage Guidelines

Use this command to display SNMP configured options.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example show the configured options for SNMP.

PerleSCR#show snmp view

View name: IOLAN-view

include: iso, exclude

Related Commands

snmp-server

Syntax Description show startup-config

{[<filter/redirection options>]}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show startup-config

Usage Guidelines

Use this command to display IOLAN startup configuration.

Privileged EXEC mode

135

IOLAN SCR1618 RDAC Command Line Reference Guide

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example show current running configuration.

PerleSCR#show startup-config

version 4.1.S15

sdm prefer dual-ipv4-and-ipv6 default

service timestamps log datetime localtime

tty 2 mode line

hostname PerleSCR

enable secret 5

$1$aUfI$pN.R.tXeyhL4R9GkmXo5l0!

username lyn privilege 15 secret

$1$aUfI$pN.R.tXeyhL4R9GkmXo5l0!

username lyn privilege 15 secret

5$1$LrWp$K1Ug0Y6FHfjHdqcKRHA24/

aaa authentication login newlist none

clock timezone EST -5

clock summer-time EDT recurring

archive

update-sw check

path flash:

alarm profile defaultPort

alarm not-operating

syslog not-operating

notifies not-operating

alarm profile test

alarm not-operating

alarm contact A description AUX-IO: Digital Input A

alarm contact B description AUX-IO: Digital Input B

alarm profile test

alarm not-operating

alarm contact A description AUX-IO: Digital Input A

alarm contact B description AUX-IO: Digital Input B

alarm contact 1 description DC-POWER: IGN

alarm contact 2 description DC-POWER:

Privileged EXEC mode

136

IOLAN SCR1618 RDAC Command Line Reference Guide

show system

{[hardware] |

[statuses] |

[uptime] |

[versions] |

[<filter/redirection options>]}

Related Commands

show running-config

Syntax Description show system

{[hardware] |

Displays hardware details.

[statuses]

Displays system statuses for alarms, memory,

flash etc:

[uptime]

Displays IOLAN’s uptime.

[versions]

Displays IOLAN’s software versions.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show system

Usage Guidelines

Use this command to displays information about software versions.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

This example shows information about your

IOLAN.

PerleSCR#show system statuses

System Statuses:

System Up Time................................ 7

hours 26 minutes 4 seconds

System Date and Time (local time

zone)........ 2019-12-10 18:02:18

This example shows information about your IOLAN.

PerleSCR#show system statuses

System Statuses:

System Up Time................................ 7

Privileged EXEC mode

137

IOLAN SCR1618 RDAC Command Line Reference Guide

show tacacs

See show tacacs

show task-status

{[<filter/redirection options>]}

hours 26 minutes 4 seconds

System Date and Time (local time

zone)........ 2019-12-10 18:02:18

Startup-Configuration state................... In

Sync with

Running-configuration

Power Supply P1, State........................ Good

Power Supply P2, State........................ Absent

Last Alarm .................................... Link Fault

System Statuses:

System Up Time................................ 7 hours 26 minutes 4 seconds

System Date and Time (local time zone)........ 2019-12-10 18:02:18

Startup-Configuration state................... In Sync with

Running-configuration

CPU Utilization............................... 4.55

Memory (kBytes free).......................... 55420

Flashdisk (Mbytes free)....................... 1008

Syntax Description show task-status

{[<filter/redirection options>]}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show task-status

Usage Guidelines

Use this command to display system running tasks.

Output modifiers (Pipe redirect)—allows you to pipe the output to the redirect

options as specified.

Privileged EXEC mode

138

IOLAN SCR1618 RDAC Command Line Reference Guide

show tech-support

{[<filter/redirection options>]}

show terminal

See show terminal

show username

{[<WORD>] |

Examples

PerleSCR#show task-status

Syntax Description show tech-support

{[<filter/redirection options>]}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show tech-support

Usage Guidelines

Use this command to capture internal IOLAN information.

Output modifiers (Pipe redirect)—allows you to pipe the output to the redirect

options as specified.

Privileged EXEC mode

139

IOLAN SCR1618 RDAC Command Line Reference Guide

[<filter/redirection options>]}

show users

See show users

show version

See show version

show vrrp

{interface

[status] |

[<filter/redirection options>]}

Syntax Description show username

{[<WORD>] |

Type the username to display.IOLAN

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show username

Usage Guidelines

Use this command to display information about a user.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

PerleSC#show username lyn

username lyn

privilegeLevel 15

Password: ********

password created: Fri Sep 18 21:18:27 testtimezone 2020

Two Factor Disabled

Related Commands

username

show users

Syntax Description show vrrp

{[interface]

Displays VRRP information for specified

interface.

[status]

Displays VRRP statistics.

[<filter/redirection options>]

}

See Show Command Filtering and

Redirection

Privileged EXEC mode

140

IOLAN SCR1618 RDAC Command Line Reference Guide

show wan

{failover source-interface | status |wan-interface

high-availability |

load-sharing rules | status |

[<filter/redirection options>]}

Command Modes PerleSCR#show vrrp

Usage Guidelines

Use this command to display VVRP interface information and statistics.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays VRRP information on Ethernet interface 2.

PerleSCR#show vrrp interface 2

Interface: eth2

--------------

Group: 10

----------

State: FAULT

Last transition: 12m23s

Priority: 100

Advertisement interval: 1000 milli-sec

Preempt: enabled

VIP count: 1

172.16.44.55/16

Related Commands

vrrp

Syntax Description show wan

{failover source-interface |

status |wan-interface

Displays WAN source interface configuration

and status.

high-availability

Displays WAN management.

load-sharing rules | status

Displays load sharing configuration and

status.

[<filter/redirection options>]

}

Output modifiers see

Show Command Filtering and Redirection

Privileged EXEC mode

141

IOLAN SCR1618 RDAC Command Line Reference Guide

show zone-policy

{zone <WORD> |

[<filter/redirection options>]}

Command Modes PerleSCR#show wan

Usage Guidelines

Use this command to show wan configured features for fail over, high-availability

and load sharing.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Examples

This example displays WAN management.

PerleSCR#show wan high-availablity

WAN High Availability

=====================

Mode: DISABLED

WAN Failover Primary Active Interface:

======================================

DISABLED

WAN Load Failover Interfaces Health Status:

===========================================

DISABLED

WAN Load Share Global Settings:

===============================

Include Local Traffic: enabled

Source IP NAT: disabled

Track inbound Connections: enabled

Flush Connections on Failure: enabled

WAN Load Sharing Interfaces Health Status:

==========================================

DISABLED

Related Commands

wan

Syntax Description show zone-policy

{zone <WORD> |

Displays specified zone policy.

Privileged EXEC mode

142

IOLAN SCR1618 RDAC Command Line Reference Guide

shutdown

ssh

See ssh

telnet

See telnet

terminal

See terminal

testemail

See testemail

traceroute

See traceroute

undebug

{alarmgr |

all |

bgp |

bridge spanning-tree packet |

[<filter/redirection options>]}

Output modifiers see

Show Command Filtering and Redirection

Command Modes PerleSCR#show zone-policy

Usage Guidelines

Use this command to show zone policy for the specified zone.

Output modifiers (Pipe redirect)—allows you to redirect the output to the options as

specified.

Related Commands

zone-pair

Syntax Description shutdown

{shutdown}

Shutdown theIOLAN. The Reset

button brings system backup.

Command Modes PerleSCR#shutdown

Usage Guidelines

Use this command to shutdown the IOLAN.

Privileged EXEC mode

143

IOLAN SCR1618 RDAC Command Line Reference Guide

clpd |

dialer |

dot1x-authenticator |

dot11-supplicant |

drmgrd |

email |

init |

ip |

ipsec |

kernel |

lldp |

logging |

ntp |

rest-api |

snmp |

trapmgr |

tty |

vrrp |

vty |

wan-highavail |

wanifmgr

}

Syntax Description undebug

{alarmgr |

Turns off alarmgr debug.

all

Turns all debug off.

bgp

Turns off BGP debug.

bridge spanning-tree packet

Turns off bridge spanning-tree debug.

clpd

Turns off clpd debug.

dialer

Turns off dialer debug.

dot1x-authenticator

Turns off dot1x authenticator debug.

dot11-supplicant

Turns off dot1x debug.

drmgrd

Turns off drmgrd debug.

Turns off email debug.

init

Turns off init process debug.

Turns off ip process debug.

Privileged EXEC mode

144

IOLAN SCR1618 RDAC Command Line Reference Guide

vrrp

vrrp {restart}

ipsec |

Turns off IPsec debug.

kernel

Turns off kernel debug.

lldp

Turns off LLDP debug.

logging

Turns off logging debug.

ntp

Turns off NTP debug.

rest-api

Turns off RESTful API debug.

snmp

Turns off SNMP debug.

trapmgr

Turns off trapmgr debug.

tty

Turns off tty debug.

vrrp

Turns off VRRP debug.

vty

Turns off vty debug.

wan-highavail

Turns off wan-highavail debug.

wanifmgr

}

Turns off wanifmgr debug.

Command Modes PerleSCR#undebug

Usage Guidelines

Use this command to turn debugging mode off for a process.

Examples

This example turns off debugging for alarmmgr.

PerleSCR#undebug alarmgr

Alarm Manager debugging is off

Related Commands

debug

password

traceroute

Syntax Description vrrp

{restart}

Restart VRRP process.

Command Modes PerleSCR#vrrp

Privileged EXEC mode

145

IOLAN SCR1618 RDAC Command Line Reference Guide

Usage Guidelines

Use this command to restart VRRP.

Examples

This example restarts VRRP.

PerleSCR

#restart vrrp

Related Commands

show vrrp

vrrp

146

IOLAN SCR1618 RDAC Command Line Reference Guide

Global Configuration Mode Chapter 4

This chapter defines all the CLI commands in Global Configuration Mode. Some CLI

commands may not be applicable to your model or running software.

aaa

{[accounting dot1x default start-stop group <WORD> radius | tacacs] | [exec

authentication attempts login <1-25> | [dot1x default group <WORD> | radius] |

| [two-factor pin-attempts <1-

10> | pin-size <4-6> | pi n-tries <1-10> | [wan-only off | on]

authorization [console] | [exec <WORD> | group <WORD> if-authenticated | local |

none | radius | tacacs]

group server [ldap <WORD>] | [radius <WORD>] | [tacacs <WORD>] |

local [authentication attempts max-fail <1-65535>] | [username min-len <1-32>] |

[lockout-time <30-65535>]

password expiry <1-999> | pbkdf2 rounds <1000-100000000> | restriction enable |

group [lower-case <1-5> | numeric <1-5> | special | upper-case <1-5> | max-len <1-

128> | min-len <1-64> | reuse <1-32>]

}

Use the no form of this command to negate a command or set to defaults.

Syntax Description aaa

{[accounting dot1x default

start-stop group <WORD>

radius | tacacs] | [exec

<WORD> | default none |

start-stop broadcast | group

|radius | tacacs | stop-only

broadcast | group |radius |

tacacs] | [system default

none | start-stop]

When AAA accounting is enabled, theIOLAN

reports user activity to the TACACS+ or

RADIUS security server (depending on which

security method is selected) in the form of

accounting records.This allows the AAA

accounting feature to track the services that

users are accessing and the amount of network

resources that users are consuming. Each

accounting record contains accounting

attributes that are stored on the security server.

This data can then be analyzed for network

management, client billing, and auditing. If

using groups a pre-defined group must have

been previously created.

authentication

attempts

group <WORD> | radius] |

[login <WORD> group

<WORD> | ldap | local | none

| radius | tacacs | default

Configure authentication parameters.

Authentication verifies users before they are

allowed access to the network and network

services (which are verified with

authorization).

Global Configuration Mode

147

IOLAN SCR1618 RDAC Command Line Reference Guide

group <WORD> | group |

ldap local | none | radius |

tacacs]

| [two-factor pin-

attempts <1-10> | pin-size

<4-6> | pi n-tries <1-10> |

[wan-only off | on]

The default method list is automatically applied

to all interfaces except those that have a named

method list explicitly defined. A defined

method list overrides the default method

list.The first listed method is used. If it fails to

respond, the second one is used, and so on.

Two factor authentication parameters for pin

attempts, size, and retries.

WAN-only

Off— admin users tow-factor required for all

connections

On—Admin users two-factor only required for

WAN connections

authorization [console] |

[exec

<WORD> | group

<WORD> if-authenticated |

local | none | radius | tacacs]

Configure parameters for the authorization

EXEC command. This determines if the user is

allowed to run in EXEC mode. EXEC

authorization applies to vty and tty lines.The

first listed method is used. If it fails to respond,

the second one is used, and so on.

group server [ldap

<WORD>] | [radius

<WORD>] | [tacacs

<WORD>]

Configure a group server for LDAP, RADIUS

or TACACS+.

local [authentication

attempts max-fail

<1-

65535>]

| [username min-len

<1-32>] | [lockout-time <30-

65535>]

Configure local user failed authentication

attempts.

Value is 1–65535 attempts

Default is never lock the user out.

FN router the default is 5 attempts, then the

user is locked out for one hour.

Configure the minimum length for user names.

Values are 1 to 32

Default is minimum length of 1.

Lock out time is 30 to 65535 in minutes.

password expiry <1-999> |

pbkdf2 rounds <1000-

100000000> | restriction

enable | group [lower-case

<1-5> | numeric <1-5> |

special | upper-case <1-5> |

max-len <1-128> | min-len

<1-64> | reuse <1-32>]

}

Configure password restrictions.

 Password cannot be the same as User name

 Cannot have 3 consecutive characters in the

same password

 No password is not allowed

 Special character are any non alphanumeric

character

Global Configuration Mode

148

IOLAN SCR1618 RDAC Command Line Reference Guide

 Minimum number of lowercase characters

is 1–5

 Minimum number of lowercase numeric

numbers is 1–5

 Minimum number of special characters is

1–5

 Minimum number of uppercase characters

is 1–5

 Number of times a password can be

changed before it can be reused.

Value is 1–32 times

pbkdf2 round default is 100000

The larger number of rounds, the more secure

password hashing, however slower logins will

occurs.

Command Modes PerleSCR(config)#aaa

Usage Guidelines

Configure Authentication, Authorization, and Accounting parameters.

Examples

This example generates start and stop accounting records.

PerleSCR(config)#aaa accounting network default start-stop group radius

This example configures authentication and authorization to RADIUS as the first

method to authenticate/authorize, then local database as the second method for all

users.

PerleSCR(config)#aaa authentication login default group radius local

PerleSCR(config)#aaa authorization exec default group radius local

This example sets two-factor authentication attempts to 2.

PerleSCR(config)#aaa authentication two-factor pin-attempt 2

Related Commands

show aaa

clear aaa

(config-ldap-server)

clear ldap

(config-sg-radius)

clear radius

(config-sg-tacacs)

clear tacacs

(config-user-2factor)

Global Configuration Mode

149

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-sg-ldap)

{

server name <WORD>}

Use the no form of this command to negate a command or set to defaults.

(config-sg-radius)

{

server name <WORD>}

Use the no form of this command to negate a command or set to defaults.

Syntax Description (config-sg-ldap)#

{server name <WORD>}

Configure LDAP server name.

Command Modes PerleSCR(config-sg-ldap)#

Usage Guidelines

Use this command to configure LDAP server name.

Examples

This example configures the LDAP server name to LDAP1.

PerleSCR(config-sg-ldap)#server name ldap1

Related Commands

clear ldap

ldap

show ldap

Syntax Description (config-sg-radius)#

{server name <WORD>}

Configure RADIUS server name.

Command Modes PerleSCR(config-sg-radius)#

Usage Guidelines

Use this command to configure the RADIUS server name.

Examples

This example configures the RADIUS server name to RADIUS1.

PerleSCR(config-sg-radius)#server name radius1

Related Commands

clear radius

ip radius

show radius

(config-radius-server)

Global Configuration Mode

150

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-sg-tacacs)

{

server name <WORD>}

Use the no form of this command to negate a command or set to defaults.

alarm

[profile

<WORD>] |

facility power-supply rps [disable | notifies | syslog}

Use the no form of this command to negate a command or set to defaults.

Syntax Description (config-sg-tacacs)#

{server name <WORD>}

Configure TACACS+ server name.

Command Modes PerleSCR#(config-sg-tacacs)#

Usage Guidelines

Use this command to configure the TACACS+ server name.

Examples

This example configures the TACACS+ server name to TACACS1.

PerleSCR#(config-sg-radius)#server name tacacs1

Related Commands

ip tacacs

tacacs

clear tacacs

show tacacs

Syntax Description alarm

{contact <1-2> analog

[coefficient < -2147483.647 -

2147483.646>] | [offset < -

2147483.647 - 2147483.6476] |

[units <LINE>] | description

<LINE>] | [severity

major |

minor | none]

{<2> analog

coefficient < -2147483.647 -

2147483.646> | offset < -dry |

wet] | [trigger closed | open] |

[output sink] | [pulse-counter

mode pulses | transitions] |

[trigger open | closed] |

[severity

major | minor | none]

Configure the DC-Power alarm contact

settings <1-2>.

Configure the AUX-IO alarm contact

settings <A-B>.

Severity

 Major—immediate action needed

 Minor—minor warning condition.

Note: Relay Minor not available on the

IRG5410 model, Relay Minor only available

if GPIO is configured as an output.

Set the alarm trigger

closed— assert alarm with contact is closed

open—assert alarm when the contact is open

Global Configuration Mode

151

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-alarm-profile)#

{

alarm | link-fault | not-forwarding | not operating |

notifies | link-fault | not-forwarding | not operating |

syslog link-fault | not-forwarding | not operating}

Use the no form of this command to negate a command or set to defaults.

facility power-supply rps

[disable | notifies | syslog]

}

Configures parameters for the redundant

power supply.

profile

<WORD> |

See (config-alarm-profile)# for configuring

parameters.

Command Modes PerleSCR(config)#alarm

Usage Guidelines

Use this command to configure parameters for alarms.

Examples

This example enables syslog logger for redundant power supply messages.

PerleSCR(config)#alarm facility power-supply rps syslog<cr>

Related Commands

show alarm

(config-alarm-profile)#

Syntax Description

(config-alarm-profile)#

{

alarm | link-fault | not-

forwarding | not operating

Monitors for alarm type.

 link-fault

 port-not-forwarding

 port-not-operating

notifies

| link-fault | not

forwarding |

not operating |

Sends a trap/notification to the configured

SNMP host trap receivers on the triggering

and clearing of the alarms.

 link-fault

 port-not-forwarding

 port-not-operating

Global Configuration Mode

152

IOLAN SCR1618 RDAC Command Line Reference Guide

archive

(config-archive)#

{maximum 1-14 |

time-period <0-525600> |

update-sw check |

write-memory}

Use the no form of this command to negate a command or set to defaults.

syslog

link-fault | not-

forwarding |

not operating

Sends a syslog message to the configured

syslog host on the triggering and clearing of

these alarms.

 link-fault

 port-not-forwarding

 port-not-operating

Command Modes PerleSCR(config-alarm-profile)#

Usage Guidelines

Use this command to configure alarm profile parameters.

Examples

This example configures an alarm profile to monitor for link fault and send a syslog

message to the configured server.

PerleSCR(config))#alarm profile test-alarm

PerleSCR(config-alarm-profile)#alarm link-fault

PerleSCR(config-alarm-profile)#syslog link-fault

Related Commands

show alarm

Syntax Description

(config-archive)#

{

maximum 1-14 |

Configure the number of configuration

archives to keep in the archive list.

Archive list can contain between 1–14

configurations.

path flash: | ftp: | http: | https:

| scp: | sftp | tftp:

Configure the file system path for archived

configurations.

The path must exist.

time-period <0-525600>

Configure the time period to automatically

save the running configuration to an archive

file.

Global Configuration Mode

153

IOLAN SCR1618 RDAC Command Line Reference Guide

update-sw check |

Enables update-software check.

Default is Disabled

write-memory

}

Enables—saves the configuration to an

archive file each time you copy running-

config to start-up config.

Command Default no path

maximum 10

no time-period

no write-memory

Command Modes PerleSCR(config-archive)#archive

Usage Guidelines

Use this command to configure the full path to store archive configuration files.

flash:perle-image-name.img

ftp:[[//username[:password]@location]/directory]/perle-image-name.img

http://[[username:password]@][hostname | host-ip [directory] /perle-image-

name.img

https://[[username:password]@][hostname | host-ip [directory] /perle-image-

name.img |

scp:[[username@location]/directory]/perle-image-name.img |

sftp:[[//username[:password]@location]/directory]/perle-image-name.img |

tftp:[[//location]/directory]/perle-image-name.img

Examples

This example sets up an archive path for the write-memory command.

PerleSCR(config-archive)#path flash:

PerleSCR(config-archive)#write-memory

PerleSCR(config-archive)#exit

PerleSCR(config)#exit

If you do not supply a filename, then your running config is named with the current

date and time. See below.

PerleSCR#show flash:

Directory of flash:

78 -rw- 10764 Sep 22 2020 11:30 -06:00 -Sep-22-11-30-29-0130322 -rw-

5643 PerleSCR

Related Commands

show archive

(config-archive)#

archive

Global Configuration Mode

154

IOLAN SCR1618 RDAC Command Line Reference Guide

arp

{<A.B.C.D> <H.H.H> [bvi <1-9999>] | [dot11radio <0-4>] | [ethernet <1-18> .

<1-4000>]

}

Use the no form of this command to negate a command or set to defaults.

banner

{<LINE> |

motd <LINE> |

prompt-timeout}

Use the no form of this command to negate a command or set to defaults.

Syntax Description arp

{<A.B.C.D> <H.H.H> bvi <1-

9999>] | [dot11radio <0-4>] |

[ethernet <1-18> . <1-4000>]

}

Add static ARP entry to the ARP table.

Command Modes PerleSCR(config)#arp

Usage Guidelines

Use this command to add ARP entries to ARP table.

Examples

Add this ARP entry to the ARP table.

PerleSCR(config)#arp 172.16.44.55 1234.1234.1234 bvi 2

Related Commands

show arp

Syntax Description banner

{<LINE> |

Configure a delimiting character to indicate

the start and end of the message. It cannot be

a character that you use in the message. Do

not use " or % as a delimiting character. No

white space characters are allowed.

Configure the login banner.

motd <LINE>

Configure the message of the day (MOTD)

on login.

prompt-timeout <LINE>

}

Configure the message for login

authentication timeout.

Global Configuration Mode

155

IOLAN SCR1618 RDAC Command Line Reference Guide

boot

{host dhcp | [retry timeout <600-65535>]}

Use the no form of this command to negate a command or set to defaults.

Command Modes PerleSCR(config)#banner

Usage Guidelines

Use this command to configure a banner or message of the day to display to users.

delimiter character—indicates the start and end of the message and is not a

character that you use in the message. Do not use " or % as a delimiting character.

White space characters do not work.

banner text—the text is alphanumeric, case sensitive, and can contain special

characters. It cannot contain the delimiter character you have chosen. The text has a

maximum length of 80 characters and a maximum of 40 lines.

The banner has special macros that are inserted into the banner.

They are:

$(hostname) which is the hostname you configured on the switch and $(domain)

which is the domain name you configured on theIOLAN .

motd—set message of the day (motd)

prompt-timeout—login authentication timeout

Banner applies to all consoles and vty sessions.

Examples

Displays a message of the day at login.

PerleSCR(config)#banner motd line

Enter text message. End with the character ’l’

Good morning crew

Enter configuration commands, one per line. End with CNTL/Z

This example sets the domain name to be used in the banner, then set a banner of

Good morning and Welcome to your domain. Domain is replaced with the

domain name of MYTEST-DOMAIN.

PerleSCR(config)# ip domain-name MYTEST-DOMAIN

PerleSCR(config)#banner hGood morning and Welcome to your h

$(domain)

Related Commands

(config-line)#console

(config-line)#vty

Syntax Description boot

Global Configuration Mode

156

IOLAN SCR1618 RDAC Command Line Reference Guide

bridge

{bridge <1-4000> spanning-tree | protocol ieee |

spanning-tree logging

}

Use the no form of this command to negate a command or set to defaults.

{host dhcp | [retry timeout

<600-65535>]

}

Configure boot parameters.

host dhcp—enables Zero Touch provisioning

(ZTP). Download configuration via DHCP

server.

host retry timeout—sets the time in seconds

to wait for ZTP to complete (including time to

download config or software).

no boot host retry timeout—waits

indefinitely for ZTP to complete.

Command Modes PerleSCR(config)#boot

Usage Guidelines

Use this command to enable ZTP. This command allows you to download your

config and firmware via your DHCP server.

Examples

This example configures ZTP so that configuration and firmware files are

downloaded from your DHCP server.

PerleSCR(config)#boot host dhcp

Syntax Description spanning-tree

{bridge <1-4000> | spanning-

tree | protocol ieee

Configure the bridge range and spanning-

tree.

Values are 1 to 4000.

spanning-tree logging

}

Configure spanning tree logging.

Command Modes PerleSCR(config)#spanning-tree bridge

Usage Guidelines

Use this command to configure a bridge range and enable spanning tree sub-menu.

Spanning Tree Protocol (STP) is a loop free topology for an Ethernet local area

network. If loops are detected, the protocol blocks one of the paths to eliminate the

loop. STP prevents bridge loops and broadcast radiation. The spanning-tree protocol

is applied to previously defined bridge interfaces.

Examples

This example configures bridge 10 with spanning-tree.

PerleSCR(config)#bridge 10 spanning-tree

PerleSCR(config-st-bridge)#

Global Configuration Mode

157

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-st-bridge)#

{

aging -time <10-1000000> |

forward-time <4-30> |

hello-timer <1-10> |

loop-guard default |

max-age <10-1000000> |

max-hops <6-40> |

mode mstp | rstp | stp |

mst instance <0-4000> | name <WORD> revision <0-65535> |

port-fast disable | edge | network |

priority <0-61440> |

root |

transmit hold-count <1-10>}

Use the no form of this command to negate a command or set to defaults.

Related Commands

(config-st-bridge)#

Syntax Description

(config-st-bridge)#

{

aging -time <10-1000000> |

Configure the timeout period in seconds, for

aging out dynamically learned forwarding

information.

Values are 1 to 1000000 in seconds

Default is 300 seconds

forward-time <4-30>

Configure the forward delay timer. The

forward delay timer is the time interval

spent in the listening and learning state.

Values are 4 to 30 seconds

Default is 15 seconds.

hello-timer <1-10>

Configure the hello timer. The hello timer is

the time between each bridge protocol data

unit (BPDU) sent on a port.

Values are 1 to 10 seconds

Default is 2 seconds.

loopguard default

Configure the Spanning Tree Protocol (STP)

loop guard feature which provides

additional protection against Layer 2

forwarding loops (STP loops).

Global Configuration Mode

158

IOLAN SCR1618 RDAC Command Line Reference Guide

An STP loop is created when an STP

blocking port in a redundant topology

erroneously transitions to the forwarding

state.

Default is Disabled

max-age <10-1000000>

Configure the max age timer to control the

maximum length of time that passes before

a bridge port saves its configuration BPDU

information.

Value are 10 to 100000 seconds

Default is 20 seconds

max-hops <6-40>

Configure the number of possible hops in

the region before a bridge protocol data unit

(BPDU) is discarded.

Value are 6 to 40

Default is 20

mode mstp | rstp | stp

Set the spanning tree mode.

 Spanning Tree Protocol (STP)

 Rapid Spanning Tree Protocol (RSTP)

 Multiple Spanning Tree Protocol

(MSTP)

Default is RSTP

mst instance <0-4000> | name

<WORD> revision <0-65535> |

Configure MST instances for the region.

Each region can have multiple instances.

Map VLANs to an MST instance (0-63).

Instance 0 cannot be deleted and is used to

map/unmapped VLANs to instance 0. Each

instance has a VLAN or range of VLANs

which is associated with it.

Name—define the name of the region.

Revision—This setting must be the same for

all MSTP switches in the same MST region

port-fast disable | edge |

network

A spanning tree normal port is one that

functions in the default manner for spanning

tree. Under normal circumstances it will

transition from the Listening, Learning,

Forwarding stages based on the default

timers. PortFast causes a port to enter the

spanning tree forwarding state immediately,

bypassing the listening and learning states.

Global Configuration Mode

159

IOLAN SCR1618 RDAC Command Line Reference Guide

STP enabled ports that are connected to

devices such as a single switch, workstation,

or a server can access the network only after

passing all these STP states. Some

applications need to connect to the network

immediately, else they will timeout.

Disable—go through normal

learning/forwarding and blocking states.

Network—Interface goes into forward state

immediately. Portfast network protects

against loops by detecting unidirectional

links in the STP topology.

Edge—is used to configure a port on which

an end device is connected such as a PC. All

ports directly connected to end devices

cannot create bridging loops in the network.

Therefore, the edge port directly transitions

to the forwarding state, and skips the

listening and learning stages. However, the

specific command configures a port such

that if it receives a BPDU, it immediately

loses its edge port status and becomes a

normal spanning-tree port.

priority <0-61440>

Every IOLAN participating in a Spanning

Tree Protocol (STP) network is assigned

with a numerical number called a bridge

priority value. Priority values decide who

will be elected as root. You can set the

bridge priority in increments of 4096 only.

When you set the priority, valid values are

0, 4096, 8192, 12288, 16384, 20480, 24576,

28672, 32768, 36864, 40960, 45056, 49152,

53248, 57344, and 61440.

You set the priority value argument to 0 to

make the IOLAN root.

Default is 32768

root

Configure the root bridge.The root bridge is

the bridge with the smallest (lowest) bridge

ID.

transmit hold-count <1-10>}

Controls the number of BPDUs sent before

pausing for 1 second.

Range is 1 to 10 seconds

Default is 6 seconds

Command Modes (PerleSCRconfig-st-bridge)#

Global Configuration Mode

160

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-st-bridge-mst-instance)#

{

priority 0-61440> |

vlan <1-4000>}

Use the no form of this command to negate a command or set to defaults.

Usage Guidelines

Configures the parameters for Spanning Tree Protocol.

Examples

This example sets mode to MSTP.

PerleSCR(config-st-bridge)#spanning-tree mode mstp

Related Commands

(config-st-bridge)#

Syntax Description

(config-st-bridge-mst-instance)#

{

priority 0-61440> |

Every IOLAN participating in a Spanning

Tree Protocol (STP) network is assigned

with a numerical number called a bridge

priority value.

{priority 0-61440> |

Priority values decide who will be elected as

root. You can set the bridge priority in

increments of 4096 only.

When you set the priority, valid values are

0, 4096, 8192, 12288, 16384, 20480, 24576,

28672, 32768, 36864, 40960, 45056, 49152,

53248, 57344, and 61440.

You set the priority value argument to 0 to

make the IOLAN root.

Default is 32768

vlan <1-4000>

}

Configure the range of VLANs to add this

instance mapping

Command Modes (PerleSCRconfig-st-bridge-mst)#

Usage Guidelines

Configures the priority parameters for Multiple Spanning Tree Protocol (MST).

Examples

This example sets the bridge priority to 28672.

PerleSCR(config-st-bridge-mst)#priority 28672

Global Configuration Mode

161

IOLAN SCR1618 RDAC Command Line Reference Guide

class-map

class-map {<1-4094>}

Use the no form of this command to negate a command or set to defaults.

(config-cmap)#

{

description <LINE> |

match-name <NAME>

}

Use the no form of this command to negate a command or set to defaults.

Related Commands

(config-st-bridge)#

(config-if)ethernet#

Syntax Description class-map

{<1-4094>}

Configure a class-map number.

Priority queues can only use class 1–7.

Command Modes PerleSCR(config)#class-map

Usage Guidelines

Use this command to classify inbound network traffic destined to, or passing

through, the IOLAN based on a series of flow match criteria.The class map classifies

network traffic based on various match criteria configured within a class map. In

other words, it defines traffic classes. A class map can reference an ACL to be used

as the criteria or specific criteria is applied to the class map. Class maps in turn are

referenced by policy maps.

Examples

This example creates class map 1.

PerleSCR(config)#class-map 1

Related Commands

policy-map

Syntax Description

(config-cmap)#

{description <LINE> | Configure a class-map match-name

description.

match-name <NAME>

} Configure a name for this classification.

Command Modes PerleSCR(config-cmap)#

Global Configuration Mode

162

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-cmap-match)#

match ethernet destination <H.H.H> source type | type <0-65535> |

interface [bvi <1-9999>] | [ [dialer <0-15>] |ethernet<1-18>| [openvpn-tunnel <0-

999>] | [tunnel <0-999>]

ip [destination address <A.B.C.D> <A.B.C.D> | port <0-65535>] | [dscp <0-63> |

af11 | af12 | af13 | af21 | af22 | af23 | 31 | af32 | af33 | af41 | af42 | af43 |cs1 | cs2 |

cs3 | cs4 | cs5 | cs6 | cs7 | default | ef] | [max-length <0-65535>] |[ protocol <0-

255> | ah | dccp | dsr | egp | eigrp | encap | esp |etherip | ggp | gre | hmp | icmp |

<A,B.C.D> <A,B.C.D>] | [port <1-65535>] | [tcp-flags ack | syn]

ipv6 [destination <X:X:X:X::X>/<0-128> | port <0-65535>] | [dscp <0-63> | af11 |

af12 | af13 | af21 | af22 | af23 | 31 | af32 | af33 | af41 | af42 | af43 |cs1 | cs2 | cs3 |

cs4 | cs5 | cs6 | cs7 | default | ef] | [max-length <0-65535>] | [protocol <0-255> | ah

| dccp | dsr | egp | eigrp | encap | esp |etherip | ggp | gre | hmp | icmp | odpr | igmp

| [port <1-65535>] | [tcp-flags ack | syn]

mark <1-214748748364> |

vlan <1-4000>}

Use the no form of this command to negate a command or set to defaults.

Usage Guidelines

Use this command to create a classification. Classifications are separation of packets

into traffic classes. Configure the device to take a specific action on the specified

classified traffic, such as policing or marking down, or other actions.

Examples

In this example the name specified for this classification is match-icmp.

PerleSCR(config-cmap)#match-name match-icmp

Related Commands

(config-st-bridge-mst-instance)#

(config-cmap-match)#

policy-map

Syntax Description

(config-cmap-match)#

{description <LINE> | Description of class-map match-name.

match ethernet destination

<H.H.H> source type | type

<0-65535>

Match Ethernet header.

Global Configuration Mode

163

IOLAN SCR1618 RDAC Command Line Reference Guide

interface [bvi <1-9999>] |

[dialer <0-15>] |[ethernet<1-

18>| [openvpn-tunnel <0-999>]

| [tunnel <0-999>]

Match interface.

ip [destination address

<A.B.C.D> <A.B.C.D> | port

<0-65535>] | [dscp <0-63> |

af11 | af12 | af13 | af21 | af22 |

af23 | 31 | af32 | af33 | af41 |

af42 | af43 |cs1 | cs2 | cs3 | cs4 |

cs5 | cs6 | cs7 | default | ef] |

[max-length <0-65535>] |

[protocol <0-255> | ah | dccp |

dsr | egp | eigrp | encap | esp

|etherip | ggp | gre | hmp |

ipip | ipv6 | ipv6-frag | ipv6-

icmp | ipv6-nonxt | opts | ipv6-

route | isis | l2tp | manet |

mpls-in-ip | narp | osfo | pim |

Match IPv4 protocol header.

shim6 | skip | tcp | udp |

udplite | vrrp | xns-idp] |

[source address <A,B.C.D>

<A,B.C.D>] | [port <1-65535>]

| [tcp-flags ack | syn]

Global Configuration Mode

164

IOLAN SCR1618 RDAC Command Line Reference Guide

ipv6 [destination

<X:X:X:X::X>/<0-128> | port

<0-65535>] | [dscp <0-63> |

af11 | af12 | af13 | af21 | af22 |

af23 | 31 | af32 | af33 | af41 |

af42 | af43 |cs1 | cs2 | cs3 | cs4 |

cs5 | cs6 | cs7 | default | ef] |

[max-length <0-65535>] |

[protocol <0-255> | ah | dccp |

dsr | egp | eigrp | encap | esp

|etherip | ggp | gre | hmp |

ipip | ipv6 | ipv6-frag | ipv6-

icmp | ipv6-nonxt | opts | ipv6-

route | isis | l2tp | manet |

mpls-in-ip | narp | osfo | pim |

shim6 | skip | tcp | udp |

udplite | vrrp | xns-idp] |

[source address

<X:X:X:X::X/<0-128>] | [port

<1-65535>] | [tcp-flags ack |

syn] | udplite | vrrp | xns-idp |

source address

<X:X:X:X::X/<0-128> | port

<1-65535> | tcp-flags ack | syn

Match IPv6 protocol header.

mark <1-214748748364>

| Match on mark applied by policing routing.

vlan <1-4000>

} Match on VLAN ID

Command Modes PerleSCR(config-cmap-match)#

Usage Guidelines

Use the match command to configure "rules" or matches to apply to the class-map. If

the packet matches any of the criteria configured for this class map, then this class

map is applied to the packet.

Examples

PerleSCR

This example I have specified the name bridge-50-match and matched on

ip source address of 172.16.88.88.

PerleSCR(config-cmap)#match-name bridge50-map

PerleSCR(config-cmap-match))#match ip source address 172.16.88.88 icmp

Global Configuration Mode

165

IOLAN SCR1618 RDAC Command Line Reference Guide

clock

{summer-time <WORD > date <1-31> <MONTH > <hh:mm> <1-31>

<MONTH > < hh:mm > [<1-1440-in-minutes>] | [recurring [<1-4 >] [<FIRST >]

]

[<LAST>]

timezone <WORD> <-23 - 23> | [<0-59>]

}

Use the no form of this command to negate a command or set to defaults.

Related Commands

(config-cmap)#

(config-st-bridge-mst-instance)#

policy-map

Syntax Description clock

{summer-time <WORD > date

<1-31> <MONTH > <hh:mm>

<1-31>

<MONTH > < hh:mm > [<1-

1440-in-minutes>] | [recurring

<1-4 >]

[<FIRST >] [<LAST>]

Configure the name of the summer time zone

followed by start/end dates.

Configure start time:

 numeric value for the day of the month to

start summer timezone 1–31

 numeric value for the day of the month to

start summer timezone 1–31

 name of the month to start January,

February, March, April, May, June, July,

August, September, October, November,

December

 time to start in hours (24 hour clock) and

minutes

Configure end time:

 numeric value for the day of the month to

end summer timezone 1–31

 name of the month to end (January,

February, March, April, May, June, July,

August, September, October, November,

December)

 time to end in hours (24 hour clock)

offset in minutes 1–1440

timezone <WORD> <-23 - 23>

| [<0-59>]

}

Configure the timezone as hours/minutes

offset from Universal Time Clock (UTC).

Command Modes PerleSCR(config)#clock

Global Configuration Mode

166

IOLAN SCR1618 RDAC Command Line Reference Guide

crypto

{ipsec client <WORD> | enable | [esp-group <WORD>] | [ike-group <WORD>] |

[import ipsec.conf terminal | flash:filename] |

ftp:[[//username[:password]@location]/directory]/filename |

http://[[username:password]@][hostname | host-ip [directory] /filename |

https://[[username:password]@][hostname | host-ip [directory] /filename |

scp:[[username@location]/directory]/filename |

sftp:[[//username[:password]@location]/directory]/filename |

tftp:[[//location]/directory]/filename

l2tp |

nat-network

<A.B.C.D/N> |

nat-transversal

key [export password-cryptkey terminal] | [rsa public | terminal 3des <LINE> |

des <LINE> | flash:filename] |

ftp:[[//username[:password]@location]/directory]/filename |

http://[[username:password]@][hostname | host-ip [directory] /filename |

https://[[username:password]@][hostname | host-ip [directory] /filename |

scp:[[username@location]/directory]/filename |

sftp:[[//username[:password]@location]/directory]/filename |

tftp:[[//location]/directory]/filename |

generate [password-cryptkey] | rsa modulus <1024-4096> |

import [client rsa pem | pkcs12 terminal password <LINE> | url

flash:filename | ftp:[[//username[:password]@location]/directory]/filename |

http://[[username:password]@][hostname | host-ip [directory] /filename |

https://[[username:password]@][hostname | host-ip [directory] /filename |

scp:[[username@location]/directory]/filename |

sftp:[[//username[:password]@location]/directory]/filename |

tftp:[[//location]/directory]/filename] | [password-cryptkey terminal]

Usage Guidelines

Use this command to configure the clock.

Examples

This example configures the clock 6 hours off from UTC.

PerleSCR(config)#clock timezone ont-time-zone -6

Related Commands

show clock

Global Configuration Mode

167

IOLAN SCR1618 RDAC Command Line Reference Guide

ssh-host rsa terminal <LINE> | url

flash:filename | ftp:[[//username[:password]@location]/directory]/filename |

http://[[username:password]@][hostname | host-ip [directory] /filename |

https://[[username:password]@][hostname | host-ip [directory] /filename |

scp:[[username@location]/directory]/filename |

ctory]/filename | sftp:[[//username[:password]@location]/directory]/filename |

tftp:[[//location]/directory]/filename] |

[zeroize password-cryptkey | rsa

openvpn connection <WORD> | enable | [generate secret <name>] | [import ca

| secret <NAME> |

template <NAME>]

terminal | url flash:filename |

ftp:[[//username[:password]@location]/directory]/filename |

http://[[username:password]@][hostname | host-ip [directory] /filename |

https://[[username:password]@][hostname | host-ip [directory] /filename |

scp:[[username@location]/directory]/filename |

sftp:[[//username[:password]@location]/directory]/filename |

tftp:[[//location]/directory]/filename

} |

zeroize ca <NAME> | cert <NAME> | key <NAME>

pki import client | https pem | pkcs12} | {openvpn ca <NAME> | cert <NAME> |

key <NAME>} | {server test pem | pkcs12} terminal | url flash:filename |

ftp:[[//username[:password]@location]/directory]/filename |

http://[[username:password]@][hostname | host-ip [directory] /filename |

https://[[username:password]@][hostname | host-ip [directory] /filename |

scp:[[username@location]/directory]/filename |

sftp:[[//username[:password]@location]/directory]/filename |

tftp:[[//location]/directory]/filename |

zeroize [https] | [openserver ca <NAME> | cert <NAME> | key <NAME>] |

[server <WORD>]

ssl algorithm encryption suite-b-tls | tls-1.2}

Use the no form of this command to negate a command or set to defaults

Syntax Description crypto

Global Configuration Mode

168

IOLAN SCR1618 RDAC Command Line Reference Guide

{[ipsec client <WORD> |

enable | esp-group <WORD> |

ike-group <WORD>

| import

ipsec.conf terminal |

flash:filename |

ftp:[[//username[:password]@l

ocation]/directory]/filename |

http://[[username:password]@]

[hostname | host-ip [directory]

/filename

|https://[[username:password]

@][hostname | host-ip

[directory] /filename |

scp:[[username@location]/dire

ctory]/filename |

sftp:[[//username[:password]@

location]/directory]/filename |

tftp:[[//location]/directory]/file

name

l2tp |

nat-network

<A>B>C>D/N> |

nat-transversal

See (config-client) to configure

parameters.

Enables or restarts IPsec.

See (config-esp)# to configure

parameters.

See (config-ike)# to configure

parameters.

Configure Specify where to import the

ipcsec.conf file.

See (config-12tp) to configure

parameters.

Configure a permitted IPsec Network

Address Translation (NAT)

network/mask.

Enables Network Address Translation

(NAT) Transversal. NAT Transversal

allows traffic to get to the specified

destination when a device does not have

a public IP address.

This is usually the case if your ISP is

doing NAT, or the external interface of

your firewall is connected to a device that

has NAT enabled.

Global Configuration Mode

169

IOLAN SCR1618 RDAC Command Line Reference Guide

key [export password-

cryptkey terminal] | [rsa

public | terminal 3des <LINE>

| des <LINE> | flash:filename]

ftp:[[//username[:password]@l

ocation]/directory]/filename |

http://[[username:password]@]

[hostname | host-ip [directory]

/filename |

https://[[username:password]

@][hostname | host-ip

[directory] /filename |

scp:[[username@location]/dire

ctory]/filename |

sftp:[[//username[:password]@

location]/directory]/filename |

tftp:[[//location]/directory]/file

name |

generate [password-cryptkey]

| rsa modulus <1024-4096> |

[import [client rsa pem |

pkcs12 terminal password

<LINE> | url flash:filename |

ftp:[[//username[:password]@l

ocation]/directory]/filename |

http://[[username:password]@]

[hostname | host-ip [directory]

/filename |

https://[[username:password]

@][hostname | host-ip

[directory] /filename |

scp:[[username@location]/dire

ctory]/filename |

sftp:[[//username[:password]@

location]/directory]/filename |

tftp:[[//location]/directory]/file

name] | [password-cryptkey

terminal]

ssh-host rsa terminal <LINE>

| url

flash:filename |

Configure long term key operations.

Global Configuration Mode

170

IOLAN SCR1618 RDAC Command Line Reference Guide

ftp:[[//username[:password]@l

ocation]/directory]/filename |

http://[[username:password]@]

[hostname | host-ip [directory]

/filename |

https://[[username:password]

@][hostname | host-ip

[directory] /filename |

scp:[[username@location]/dire

ctory]/filename |

sftp:[[//username[:password]@

location]/directory]/filename |

tftp:[[//location]/directory]/file

name] |

[zeroize password-cryptkey |

rsa

openvpn connection <WORD>

| enable | generate secret

<NAME> | import ca

<NAME> | cert <NAME> |

{dh <WORD> | key <NAME>

| secret <NAME> |template

<NAME>terminal | url

flash:filename |

ftp:[[//username[:password]@l

ocation]/directory]/filename |

http://[[username:password]@]

[hostname | host-ip [directory]

/filename |

https://[[username:password]

@][hostname | host-ip

[directory] /filename |

scp:[[username@location]/dire

ctory]/filename |

sftp:[[//username[:password]@

location]/directory]/filename |

tftp:[[//location]/directory]/file

name

} |

zeroize ca <NAME> | cert

pki import client | https pem |

pkcs12} | {openvpn ca

<NAME> | cert <NAME> | key

<NAME>} | {server test pem |

pkcs12} terminal | url

See (config-connection) to configure

parameters.

Configure public key components.

Configure local key or certificate

filename.

Global Configuration Mode

171

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-client)

{

authentication identify <WORD> [pre-shared-key <WORD>] | [remote-identity

<WORD>] | [x509 <LINE> | trustpoint <CA-FILE>]

connection-type disable | initiate | respond] |

flash:filename |

ftp:[[//username[:password]@l

ocation]/directory]/filename |

http://[[username:password]@]

[hostname | host-ip [directory]

/filename |

https://[[username:password]

@][hostname | host-ip

[directory] /filename |

scp:[[username@location]/dire

ctory]/filename |

sftp:[[//username[:password]@

location]/directory]/filename |

tftp:[[//location]/directory]/file

name |

zeroize [https] | [openserver ca

<NAME> | cert <NAME> | key

<NAME>] | [server <WORD>]

ssl

algorithm encryption suite-

b-tls | tls-1.2

}

Configure the SSL encryption method.

Command Modes PerleSCRconfig)#crypto

Usage Guidelines

Use this command to configure parameters for IPsec configuration, key, OpenVPN

configuration, PKI, and SSL parameters.

Examples

This example exports the public key from the IOLAN to the terminal session.

PerleSCR(config)# crypto key export rsa public terminal

ssh-rsa

AAAAB3NzaC1yc2EAAAADAQABAAABAQDReknFjyYmPYATixxn1nGVe3xyncwk

hAbKO3JFUI5Vvnd50wT5gYNxd4vP4dJe4J5/mvzG7rcbZ4uCz/dX8xMs18xUzpoq

HbjOF5EUfBtPZzgI/IsDkwzfIaWj/Qznau6TemWnR72RpzKaDRdFy0j4ghzvfUdXWz/

EKPq/5EJ97sdU97RzURfL8j4lwThanpLVi8kP8guNioYJdFgdrgcerKg6aUTehU7C2

X9sai08e1WNcGA6Urmlzj4rtUsV0Enu+Tx47WM6kcPij423QlM0abnn4RWwRPnU4

qINKTvWR4gKZQUpYEFPvwtJgtpLGDOIYikMvZrc09X1D68Ttbx7

Related Commands

show crypto

Global Configuration Mode

172

IOLAN SCR1618 RDAC Command Line Reference Guide

ike-group <WORD> |

local-address [<A.B.C.D> | <X:X:X:X::X:X> | any]

tunnel <1-429467295> [esp-group <WORD>] | [local-address <A.B.C.D/N |

X:X:X:X::X/N>] | protocol <0-255> | [ah | all | ax.25 | dccp | ddp | egp | eigrp |

encap | exp | etherip | fc | ggp | gre | hip | hmp | hopopt | icmp | igp | ip | ipcomp |

pim | pup | rdp | rohc | rspf | rsvp | sctp | skip | st | tcp | tcp -udp | udp | udplite |

}

Use the no form of this command to negate a command or set to defaults.

Syntax Description

(config-client)

{authentication identify

<WORD> [pre-shared-key

<WORD>] | [remote-identity

<WORD>] | [x509 <LINE> |

trustpoint <CA-FILE>]

Configure the local authentication identity.

connection-type disable |

initiate | respond

Sets the connection type:

 initiate

 respond

 disable

ike-group <WORD> | Configure IPsec IKE configuration.

local-address [<A.B.C.D> |

<X:X:X:X::X:X> | any]

Configure the local address interface.

tunnel <1-429467295> [esp-

group <WORD>] | [local-

address <A.B.C.D/N |

X:X:X:X::X/N>] | protocol <0-

255> | [ah | all | ax.25 | dccp |

ddp | egp | eigrp | encap | exp |

etherip | fc | ggp | gre | hip |

hmp | hopopt | icmp | igp | ip |

ipcomp | ipencap | ipip isis |

iso--tp4 | l2tp | manet |

mobility-header | mpls-in-ip |

ospf | pim | pup | rdp | rohc |

| tcp -udp | udp | udplite |

[remote-address <A.B.C.D/N |

X:X:X:X::X/N>]

}

Configure the client tunnel parameters.

Command Modes PerleSCR(config-client)#

Global Configuration Mode

173

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-connection)

{

ca <WORD> |

cert <NAME>|

cbc | seed-cbc |

client |

client-to-client |

comp-lzo [adaptive | no | yes |

dev <0-999> |

dh <WORD> |

ifconfig <A.B.C.D> <WORD> <A.B.C.D><WORD>

keepalive <1-65535> <1-65535>

key <WORD> |

lport <1-65535> |

persist-tun

port <1-65535>

pull |

remote [<A.B.C.D> | <WORD> | <X:X:X:X::X> <1-65535>] | [tcp | udp]

remote-cert-tls client | server |

rport <1-65535> |

secret <NAME>

server <A.B.C.D> <A.B.C.D> [no pool]

Usage Guidelines

Use this command to configure IPSEC parameters.

Examples

This example sets client connection to initiate.

PerleSCR(config-client)#connection-type initiate

This example sets up the responder side of the connection.

PerleSCR(config)#crypto ipsec client @myx509

PerleSCR(config-client)#authentication x509 "C=CA, O=orgxdeb, CN=boxxdeb"

PerleSCR(config-client)#authentication x509 trustpoint "CACert.pem"

PerleSCR(config-client)# connection-type respond

PerleSCR(config-client)# tunnel 0 local-address 192.168.51.111/32

PerleSCR(config-client)# tunnel 0 remote-address 0.0.0.0/0crypto ipsec clinet

@myx509

Related Commands

show crypto

Global Configuration Mode

174

IOLAN SCR1618 RDAC Command Line Reference Guide

server-bridge <A.B.C.D> <A.B.C.D> <A.B.C.D> <A.B.C.D> |

server-ipv6 <X:X:X:X::X> |

template <WORD> |

tls-auth

tls-client |

tls-server

user-pass <WORD> <WORD> 0 | 7

user-pass -verify

verb <0-11>}

Use the no form of this command to negate a command or set to defaults.

Syntax Description

(config-connection)

{ca <WORD> |

Configure the PKI CA trustpoint name.

cert

<NAME> |

Configure the PKI certificate name.

cipher aes-128-cbc | aes-128-

gcm | aes-192-cbc | aes-192-

gcm | aes-256-cbc | aes-256-

gcm | bf-cbc | camellia-128-cbc

| camellia-192-cbc | camellia-

256-cbc | cast5-cbc | des-cbc |

des-ede-cbc | des-ede3-cbc |

des-cbc | rc2-40-cbc | rc2-64-

cbc | rc2-cbc | seed-cbc

Configure the cipher for this connection.

client | Enables client mode if TCP mode is used

with the remote command or if you receive

the OpenVPN message "Options error: --

proto tcp is ambiguous in this context. Please

specify --proto tcp-server or --proto tcp-client

client-to-client | Sets client to client mode for the connection.

This lets connected clients see each other, not

just the server.

comp-lzo [adaptive | no | yes] | Configure compression.

In cases where the OpenVPN server pushes

the request "comp-lzo no" to connecting

clients, the client side breaks with repeated

"write to TUN/TAP : Invalid argument

(code=22)" errors unless it too has already

specified "comp-lzo no.

If you are a client and are using `pull` to get

settings from the server, the connection may

fail with that same message. To overcome

this issue `comp-lzo no` must be defined in

your connection.

Global Configuration Mode

175

IOLAN SCR1618 RDAC Command Line Reference Guide

Note: the "no comp-lzo" (the default) turns

off the entire compression subsystem which

is required for connections not using

compression.

dev <0-999>

Configure the OpenVPN interface number.

dh <WORD>

Configure Diffie-Hellman parameters.

ifconfig <A.B.C.D> <WORD>

<A.B.C.D> <WORD>

Configure the local and the remote IP

addresses for each side of the connection.

Reverse the ip addresses when configuring

"the other end".

keepalive <1-65535> <1-

65535>

Configure the keepalive interval (in seconds)

and the keepalive timeout (in seconds).

key <WORD>

Configure the PKI private key.

lport <1-65535>

Configure the port on the local side.

Default is 1194

persist-tun

Keeps tun device between restarts.

port <1-65535>

Configure the port on both sides of the

connection.

pull

Downloads the configuration from the server.

remote [<A.B.C.D> | <WORD>

| <X:X:X:X::X> <1-65535>] |

[tcp | udp]

Configure the remote host for connection.

remote-cert-tls client | server

Configure peer certificate checking as client

or server.

When this is used with a TLS connection, the

peer's certificate credentials are validated

using the CA certificate referred to by the

"ca" command.

This is recommended to mitigate man-in-the-

middle attacks but can be left off if the

signing CA certificate is not currently

available.

rport <1-65535>

Configure the port on the remote side.

secret <NAME>

Configure the Pre-Shared secret key.

server <A.B.C.D> <A.B.C.D>

[no pool]

Configure OpenVPN IPv4 server parameters.

Global Configuration Mode

176

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-esp)#

{

compression |

lifetime <30-86400> |

mode transport | tunnel

pfs

proposal <1-65535> [encryption 3des | aes128 | aes128gcm182 | aes256 |

aes256gcm128 | chacha20poly1305] | [hash md5 | sha1 | sha256 | sha384 |

sha512]}

server-bridge <A.B.C.D>

<A.B.C.D> <A.B.C.D>

<A.B.C.D>

Configure the gateway and IP pool

addressing.

server-ipv6 <X:X:X:X::X>

Configure OpenVPN IPv6 server parameters.

template <WORD>

Configure the connection template.

tls-auth

Sets a PSK to use for TLS authentication.

The PSK previously defined via crypto

openvpn generate secret name will be used.

This can be used to add authentication to the

TLS control channel to help reduce the

chances of a DoS attack.

tls-client

Sets the IOLAN to act as a TLS client.

tls-server

Sets the IOLAN to act as a TLS server.

user-pass <WORD> <WORD>

0 | 7

Configure the remote user name and

password.

user-pass -verify

Enables or disables server username and

password verification.

verb <0-11>

}

Configure the verbosity level. (debug)

Command Modes PerleRoute(config-connection)#

Usage Guidelines

Use this command to configure parameters for OpenVPN connections.

Examples

Configure OpenVPN remote port to 1050.

PerleSCR(config-connection)#rport 1050

Related Commands

show crypto

Global Configuration Mode

177

IOLAN SCR1618 RDAC Command Line Reference Guide

Use the no form of this command to negate a command or set to defaults.

(config-ike)#

{

aggressive-mode |

ike-version ike | ikev1 | ikev2

lifetime <30-86400>

Syntax Description

(config-esp) #

{

compression |

Configure compression for the IPsec

connection.

lifetime <30-86400>

Configure tunnel expire timer after no

activity.

Range is 30 to 86400

Default is 1800 seconds

mode transport | tunnel

Configure the tunnel mode.

Transport mode—payload encrypted;

headers clear

Transport mode—both headers and

payload encrypted.

pfs

Configure PFS On to improve security by

forcing a new key exchange for each new

session. Both sides of the VPN tunnel must

be able to support this option. Enabling PFS

by renewing keys more often has

performance impact but provides further

security.

proposal <1-65535>

[encryption 3des | aes128 |

aes128gcm182 | aes256 |

aes256gcm128 | ch

}

Configure the IKE/ESP proposal.

Command Modes PerleSCR(config-esp)#

Usage Guidelines

Use this command to configure IPsec parameters.

Examples

Configure esp group mode to transport.

PerleSCR(config-esp)# mode transport

Related Commands

show crypto

Global Configuration Mode

178

IOLAN SCR1618 RDAC Command Line Reference Guide

proposal [dh-group 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26] |

chacha20poly1305] | [hash md5 | sha1 | sha256 | sha384 | sha512]

}

Use the no form of this command to negate a command or set to defaults.

Syntax Description

(config-ike) #

{

aggressive-mode |

Enables or disables aggressive mode.

Aggressive mode uses fewer packet

exchanges, therefore it is faster then main

mode. However, aggressive mode does not

give identity protection of the two IKE peers,

unless digital certificates are used.

This means VPN peers exchange their

identities without encryption (clear text). You

must use aggressive mode if one or both

peers have dynamic external IP addresses or

if you use Network Address Translation

Traversal (NAT-T)

Default is Off

dpd action clear | hold | restart

| interval

<2-86400> | timeout

<10-86400> |

Configure Dead Peer Detection (DPD). This

is a method of detecting a dead Internet Key

Exchange (IKE) peer. This method uses

IPsec traffic patterns to minimize the number

of messages required to confirm the

availability of a peer. DPD is used to reclaim

the lost resources in case a peer is found

dead.

 Clear—terminate the VPN connection

over the detection timeout. You must

manually re-initiate the VPN connection.

We recommend that you use Clear when

the remote peer uses dynamic IP address.

 Hold—traffic from your local network to

the remote network can trigger the IOLAN

to re-initiate the VPN connection over the

detection timeout. We recommend that you

use Hold when the remote peer uses a

static IP address

 Restart—re-initiate the VPN connection

for three times over the detection timeout.

Default Action is Hold

Interval is 30 seconds

Timeout is 120 seconds

Global Configuration Mode

179

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-12tp)

{

client-ip-pool <A.B.C.D> <A.B.C.D> |

dns-server <1-2> <A.B.C.D> |

outside-address <A.B.C.D> |

pre-shared-key <WORD> |

username <WORD> password <WORD>}

Use the no form of this command to negate a command or set to defaults.

ike-version ike | ikev1 | ikev2

Configure the IKE version. IKE uses IKEv2

but switches to IKEv1 depending on the peer.

Default is IKEv2

lifetime

<30-86400> |

Configure the connection keep alive timer.

Range is 30 to 86400

Default is 3600 seconds

proposal [dh-group 2 | 5 | 14 |

15 | 16 | 17 | 18 | 19 | 20 | 21 | 22

| 23 | 24 | 25 | 26] | [encryption

3des | aes128 | aes128gcm128 |

aes256 | aes256gcm256 |

Configure the IKE/ESP proposal.

Dh-default is 2

Encryption default is aes256

Hash default is SHA1

Command Modes PerleSCR(config-ike)#

Usage Guidelines

Use this command to configure IKE parameters.

Examples

Configures dead peer detection to restart.

PerleSCR(config-ike)# dpd action restart

Related Commands

show crypto

Syntax Description

(config-l2tp)

{client-ip-pool <A.B.C.D>

<A.B.C.D>

Configure L2TP client IP pool addresses to be

used by the clients.

dns-server <1-2> <A.B.C.D>

Configure L2TP DNS servers.

outside-address <A.B.C.D>

Configure the L2TP server remote address.

pre-shared-key <WORD>

Configure the given pre-shared secret.

Global Configuration Mode

180

IOLAN SCR1618 RDAC Command Line Reference Guide

dot1x

{credential <WORD> |

logging |

system-auth-control |

test timeout <1-65535>}

Use the no form of this command to negate a command or set to defaults.

username <WORD> password

<WORD>

}

Configure L2TP user name and password for

this connection.

Command Modes PerleSCR(config-l2tp)#

Usage Guidelines

Use this command to configure L2TP connection parameters.

Examples

Configure user name and password for L2TP connection.

PerleSCR(config-l2tp)#username lyn password test

Related Commands

show crypto

Syntax Description dot1x

{credential <WORD> | Configure a dot1x credential profile.

logging

| Logs dot1x messages

system-auth-control

| Enables dot1x system-auth-control fort

802.1x access control on any port on the

IOLAN. Set the port control command on

each specific port you want 802.1x access

control.

test timeout <1-65535>

} Use the readiness check before 802.1x is

enabled on the IOLAN. Configure the

EAPOL device timeout for the specified

time frame.

Command Modes PerleSCR(config)#dot1x

Usage Guidelines

Use this feature to determine if connected devices are 802.1x-capable.

Global Configuration Mode

181

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-dot1x-creden)

{

password 0 <LINE> | 7 <LINE> | <LINE> |

username <name>

}

Use the no form of this command to negate a command or set to defaults.

eap

{profile <WORD>}

Examples:

This example creates a credential profile testcrd, Enable dotx1 authentication on

Ethernet interfaces for multihost.

Note: You must enable system -auth-control if you want to authenticate dot1x

devices.

PerleSCR(config)#dot1x credential testcred

PerleSCR(config)#interface ethernet 1

PerleSCR(config-if)#authentication mult-auth

Related Commands

(config-dot1x-creden)

show eee

Syntax Description

(config-dot1x-creden)

{password < 0 > <LINE> |

<7> <LINE>

Configure a password.

0–specifies that an unencrypted password

follows.

7–specifies that an hidden password

follows.

username <WORD>

} Configure a user name.

Command Modes PerleSCR(config-dot1x-creden)#

Usage Guidelines

Use this command to configure dot1x credentials.

Examples

This example configures the password "testing" to an encrypted password.

PerleSCR(config)#dot1x credential testing

PerleSCR(config-dot1x-creden)# password 7 DB0UeI1lynwOKW/j1

Related Commands

dot1x

show eee

Global Configuration Mode

182

IOLAN SCR1618 RDAC Command Line Reference Guide

Use the no form of this command to negate a command or set to defaults.

(config-eap-profile)

{

eap-mschapv2 | mschap | mschapv2 | pap]

pki-trustpoint <WORD>}

Use the no form of this command to negate a command or set to defaults.

Syntax Description eap

{profile <WORD>}

Configure EAP profiles.

Command Modes PerleSCRconfig)#eap

Usage Guidelines

Use this command to create EAP profiles.

Related Commands

show eap

(config-eap-profile)

Syntax Description (config-eap-profile)

{method gtc | leap | md5 |

mschapv2 | peap | tls | [ttls

chap | eap-gtc | eap-md5 | eap-

mschapv2 | mschap |

mschapv2 | pap]

Configure the method of encapsulating

sensitive information such as passwords to be

authenticated from the IOLAN

The certificate authority you must trust. This

is a self-signed certificate that you create

here eap

pki-trustpoint <WORD>

} Configure the default pki trustpoint.

Command Modes PerleSCR(config-eap-profiles)#

Usage Guidelines

Use this command to configure parameters for EAP profiles.

EAP defines the transport and usage of identity credentials. EAP encapsulates the

user names, passwords, certificates, and tokens for client authentication.

A trustpoint is a certificate authority you trust. Your IOLANautomatically trusts any

other certificates signed with that trusted certificate

Create an eap profile before setting these parameters.

Examples

This example sets the method to gtc.

PerleSCR(config-eap-profiles)#method gtc

Global Configuration Mode

183

IOLAN SCR1618 RDAC Command Line Reference Guide

{enabled |

encryption none | ssl | tls |

from

<WORD> |

recipient <WORD> | enable notifications-subject <LINE> | notifications alarms |

update

smtp-server <WORD> | <A.B.C.D> | <X:X:X:X::X:X> |

username <WORD> | password 0 <LINE> | 7 <WORD> | <LINE> |

validate-certificate

}

Use the no form of this command to negate a command or set to defaults.

Related Commands

dot1x

show eap

Syntax Description email

{enabled |

Enables the email feature.

encryption

none | ssl | tls |

Configure encryption.

 none

 ssl

 tls

from

<WORD> |

Configure from parameter.

Format is user@company.com

Global Configuration Mode

184

IOLAN SCR1618 RDAC Command Line Reference Guide

recipient <WORD> | enable

notifications-subject <LINE> |

notifications alarms |

authentication | bgp | bridge |

cellular-gnss | cellular-lte |

dot11 | entity | envmon |

interface-ip | ipsec | lldp |

network-watchdog | openvpn |

osfp | smnp | software-update

Configure the recipient and receive

notifications

Format is: user@company.com

Specify the email notifications.

 alarms

 authentication

 bgp

 bridge

 entity

 envmon

 interface-ip

 ipsec

 lldp

 network-watchdog

 openvpn

 ospf

 snmp

 software-update

smtp-server

<WORD> |

<A.B.C.D> | <X:X:X:X::X:X>

Configure the SMNP server for mail requests.

username <WORD> |

password 0 <LINE> | 7

Configure the username for server

authentication.

validate-certificate

}

Configure the validation email certificate.

Command Modes PerleSCR(config)#email

Usage Guidelines

Use this command to configure email notification parameters.

Examples

This example enables the email feature and configures the smnp server for email

requests.

PerleSCR(config)#email enabled

PerleSCR(config)#email snmp-server 172.16.55.77

Related Commands

show email

Global Configuration Mode

185

IOLAN SCR1618 RDAC Command Line Reference Guide

enable

{secret 0 <LINE> | 5 <LINE> | <LINE>}

Use the no form of this command to negate enable secret.

hostname

hostname {<WORD>}

Use the no form of this command to negate a command or set to defaults.

interface

{bvi <1-9999> |

Syntax Description enable

{secret 0 <LINE> | 5 <LINE>

| <LINE>

}

Configure the enable password.

0—Specifies an unencrypted password to

5—Specifies a encrypted password to follow

LINE—the unencrypted (cleartext) secret

Command Modes PerleSCR(config)#enable

Usage Guidelines

Use this command to configure the password to be used to enable privilege mode.

Examples

This example configures a password for enable mode.

PerleSCR(config)#enable secret testsecret

Related Commands

username

Syntax Description hostname

{<WORD>} Configure the IOLANname.

Command Modes PerleSCR(config)#hostname

Usage Guidelines

Use this command to configure theIOLAN’s hostname.

Examples

This example configures the IOLAN’s to TestHost.

PerleSCR(config)#hostname TestHost

TestHost(config)#

Global Configuration Mode

186

IOLAN SCR1618 RDAC Command Line Reference Guide

dialer <0-15> |

ethernet <1-18> . <1-4000> |

openvpn-tunnel <0-999> tap | tun |

tunnel <0-999> |

range ethernet <1-18> , <1-18> }

Use the no form of this command to negate a command or set to defaults.

Syntax Description interface

{bvi <1-9999> |

Configure the bridge interface.

See (config-if)#bvi

dialer

<0-15> |

Configure the dialer interface.

See (config-if)#dialer

ethernet <1-18> . <1-4000>

Configure the Ethernet interface.

See (config-if)ethernet#

openvpn-tunnel <0-999> tap |

tun

Configure an OpenVPN tunnel.

See (config-if)#openvpn-tunnel

tunnel

<0-999> |

Configure the tunnel.

See (config-if)#tunnel

range ethernet

<1-18> , <1-

18>

}

Configure an Ethernet range.

See (config-if-range)#

Command Modes PerleSCR(config)#interface ethernet 1

PerleSCR(config-if)#

Usage Guidelines

Use this command to configure an interface.

Examples

This example configures parameters for Ethernet interface 1.

PerleSCR(config)#interface ethernet 1

Related Commands

(config-if)#bvi

(config-if)#dialer

(config-if)#openvpn-tunnel

(config-if)#tunnel

(config-if-range)#

(config-subif)#

(config-if-vrrp)#

Global Configuration Mode

187

IOLAN SCR1618 RDAC Command Line Reference Guide

ip access-list

ip access-list {extended <100-199> | <2000-2699> |

resequence extended <100-199><1-65535> | <2000-2699> <1-65535>] |

standard <1-99> | <1300-1999>

}

Use the no form of this command to negate enable.

Syntax Description ip access-list

{extended <100-199> | <2000-

2699>

Configure an IP access list number.

See (config-ext-nacl)

resequence extended <100-

199><1-65535> | <2000-2699>

<1-65535>] |

standard <1-99> <1-65535>

<1300-1999> <1-65535>

Configure resequence IP Access list. Entries

are numbered sequentially, starting from 10

and in intervals of 10.

standard <1-99> | <1300-

1999>

}

Configure an IP access list number.

See (config-std-nacl)

Command Modes PerleSCRconfig)#ip access-list

Usage Guidelines

Use IP Access Control Lists (ACLs) to define rules for controlling the network

traffic and reducing network attacks. You can filter traffic based on sets of rules

defined for the incoming traffic or outgoing traffic. Access lists look from the top list

entry to bottom list entry.. Be sure when creating access lists that the most important

entries are at the top of the list.

Examples

Displays ACL definitions. You will note that there is no available space to add an

entry within this list. Using the resequence command you can resequence these ACL

entries.

Standard IP access list Moo.

10 deny host 1.1.1.1

20 deny host 2.2.2.2

30 permit 3.3.3.3

40 permit 4.4.4.4

To resequence this ACL list to start at 20 and then resequence each entry by 20’s

use:

PerleSCR(config)#ip access-list resequence Moo 20 20

Standard IP access list Moo.

20 deny host 1.1.1.1

40 deny host 2.2.2.2

60 permit 3.3.3.3

80 permit 4.4.4.4

Global Configuration Mode

188

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-std-nacl)

{

<1-65535> deny | permit <A.B.C.D>/hostname> <A.B.C.D>/hostname> | any |

host <A.B.C.D>/hostname>

}

Use the no form of this command to negate a command or set to defaults.

(config-ext-nacl)

{

<1-65535> | {deny ip | permit ip <A.B.C.D>/hostname> <A.B.C.D>/hostname> |

any | host <A.B.C.D>/hostname>

}

Use the no form of this command to negate a command or set to defaults.

You now have space between the entries to add entries.

Note: Resequence numbering is lost on a reboot, therefore you must copy running-

config to startup-config for these changes to be permanently saved.

Related Commands

(config-std-nacl)

(config-ext-nacl)

Syntax Description

(config-std-nacl)

{

<1-2147483647> deny | permit

<A.B.C.D>/hostname>

<A.B.C.D>/hostname> | any |

host<A.B.C.D>/hostname>

}

Configure standard access lists.

Command Modes PerleSCR(config-std-nacl)#

Usage Guidelines

Configure packets to reject or accept.

Examples

This example permits packets from this host.

PerleSCR(config-std-nacl)#permit host 172.16.77.88

Syntax Description

(config-ext-nacl)

{

<1-65535> | {deny ip |

permit ip

<A.B.C.D>/hostname>

<A.B.C.D>/hostname> | any |

host <A.B.C.D>/hostname>

}

Configure sequence numbers and permits or

denies packets.

Command Modes PerleSCR(config-ext-nacl)#

Usage Guidelines

Configure sequence number and define packets to permit or deny.

Global Configuration Mode

189

IOLAN SCR1618 RDAC Command Line Reference Guide

ip alg

{modules ftp | gre | h323 | nfs | pptp | sip | sqlnet | tftp | disable}

Use the no form of this command to negate a command or set to defaults.

ip as-path

{access-list <WORD> <1-65535> deny | permit <LINE>}

Use the no form of this command to negate a command or set to defaults.

Examples

This example permits packets from source host 172.16.77.88 and destination host

any (host).

PerleSCR(config-ext-nacl)#permit ip host 172.16.77.88 any

Syntax Description ip alg

{alg modules ftp | gre | h323 |

disable

}

Configure Application Level Gateway (ALG)

modules.

Command Modes PerleSCR(config)#ip alg

Usage Guidelines

Use this command to configure client applications to communicate with known ports

used by server applications. ALG allows customized NAT traversal filters to be

plugged into the gateway to support address and port translation for protocols such

as FTP, BitTorrent, SIP, RTSP, and file transfer etc. In order for these protocols to

work through NAT or a firewall, either the application has to know about an

address/port number combination that allows incoming packets, or the NAT has to

monitor the control traffic and open up port mappings (firewall pinhole) dynamically

as required. Application data is passed through the security checks of the firewall or

NAT that would have otherwise been restricted. Without an ALG, the ports would

either get blocked, or the network administrator would need to open up a large

number of ports in the firewall, weakening the network and allowing potential

attacks on those ports.

By default all alg modules are enabled.

Examples

This example disables ALG module ftp.

PerleSCR(config)#no ip alg modules ftp disable

Syntax Description ip as-path

{as-path access-list <WORD>

<1-65535> deny | permit

<LINE>}

Configure access list parameters.

Global Configuration Mode

190

IOLAN SCR1618 RDAC Command Line Reference Guide

ip community-list

{expanded <100-500> <1-65535> deny <LINE> | permit <LINE> |

standard

<1-99> <1-65535> deny <1-4294967295> | internet | local-as |no-

advertise | no-export | permit

<1-4294967295> | internet | local-as | no-advertise |

no-export | permit

<LINE>}

Command Modes PerleSCR(config)#ip as-path

Usage Guidelines

Use this command to configure an access-list filters for Border Gateway Protocol

(BGP) autonomous system (AS) numbers. You can use AS Path filters, either

inbound or outbound, to filter either the routes you send or the routes you receive,

respectively. You must apply these filters to each peer separately. Regular

expressions are strings of special characters used to search and find character

patterns.

Regular expression for <LINE> include:

Examples

This example accepts prefixes that originated in AS 3299, all other prefixes won’t be

permitted.

PerleSCR(config)#ip as-path access-list 1 permit ^3299$

Related Commands

(config-remote-mgmt)

show ip as-path-access-list

Global Configuration Mode

191

IOLAN SCR1618 RDAC Command Line Reference Guide

Use the no form of this command to negate a command or set to defaults.

Syntax Description ip community-list

{expanded <100-500> <1-65535> deny

<LINE> | permit

<LINE> |

Configure an extended

community list.You can

configure up to 32

communities.

standard

<1-99> <1-65535> deny <1-

4294967295> | internet | local-as |no-advertise

| no-export | permit

<1-4294967295> | internet

| local-as | no-advertise | no-export | permit

<LINE>

Configure a standard

community list.

You can configure up to 16

communities.

Command Modes PerleSCR(config)#ip

community-list

Usage Guidelines

Use this command to configure a BGP community list and to control which routes

are permitted or denied based on their community values.

Standard community lists are used to configure well-known communities and

specific community numbers. You can pick more than one of the optional

community keywords.

Expanded community lists are used to filter communities using a regular expression.

Regular expressions are used to configure patterns to match community attributes

Global Configuration Mode

192

IOLAN SCR1618 RDAC Command Line Reference Guide

ip default-gateway

{default-gateway <A.B.C.D>}

Use the no form of this command to negate a command or set to defaults.

ip dhcp

{dhcp excluded-address<A.B.C.D> | pool <NAME> |

relay information hop-count <1-255> | packet-size <64-1400> | policy drop |

encapsulate | keep | replace | port <1-655535> | server <A.B.C.D>

}

Use the no form of this command to negate a command or set to defaults.

Examples

This example configures a standard community list that denies routes that carry

communities from network 40 in autonomous system 65540 and from network 60 in

autonomous system 65550. This example shows a logical AND condition; all

community values must match in order for the list to be processed

PerleSCR(config)#ip community-list standard test1 deny 65540:40 65550:60

Related Commands

router

Syntax Description ip default-gateway

{default-gateway <A.B.C.D>}

Configure the IP address of the default

gateway.

Command Modes PerleSCR(config)#ip default-gateway

Usage Guidelines

Use this command to configure a default gateway.

Examples

This example configures a gateway address of 172.16.1.1.

PerleSCR(config)#ip default-gateway 172.16.1.1

Syntax Description ip dhcp

{dhcp excluded-address <A.B.C.D> | pool

<NAME>

Configure Dynamic Host

Configuration Protocol

(DHCP) to exclude an

address range.

Configure DHCP pools.

Global Configuration Mode

193

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-dhcp)

{

address <A.B.C.D> hardware-address <H.H.H> |

authoritative enable |

bootfile <WORD> |

default-router <A.B.C.D>/hostname |

description <LINE> |

dns-server <A.B.C.D>/hostname |

domain-name <WORD> |

enable |

lease <0-365> <0-23> <0-59> | infinite |

network </nn | A.B.C.D> start <A.B.C.D> stop <A.B.C.D> |

option <1-254> ascii <LINE> | hex <hex-string> | ip <A.B.C.D>/hostname |

static-route <A.B.C.D> <A.B.C.D> <A.B.C.D>}

Use the no form of this command to negate a command or set to defaults.

relay information hop-count <1-255> | packet-

size <64-1400> | policy drop | encapsulate |

keep | replace | port <1-655535> | server

<A.B.C.D>

}

Configure Relay Agent

parameters.

Command Modes PerleSCR(config)#ip dhcp

Usage Guidelines

Use this command to have the DHCP server automatically assign an IP address and

other IP parameters to devices on your network.

Examples

This example excludes ip address 172.16.55.99 from the DHCP pool.

PerleSCR(config)#ip dhcp exclude address 172.16.55.99

Related Commands

(config-dhcp)

Syntax Description

(config-dhcp)

{

address <A.B.C.D>

hardware-address <H.H.H> |

Configure the IP address to reserve for this

client. This IP address is only assigned to the

client with this hardware address.

Global Configuration Mode

194

IOLAN SCR1618 RDAC Command Line Reference Guide

authoritative enable |

Configure the authoritative parameter. This

parameter must be set to enable if this is the

only DHCP server on your network.

Authoritative mode allows roaming clients to

get a new DHCP address even if their lease

has been assigned from another network and

is still valid (lease has not expired) This

prevents a client lock out situation.

bootfile <filename>

Configure the IP address or name of a TFTP

server and boot file name to allow client

auto-configuration.

default-router <A.B.C.D>

Configure the default router to use after a

DHCP client has booted. The IP address of

the default router should be on the same

subnet as the client.

description <pool-name>

Configure DHCP pool name description.

dns-server <A.B.C.D>

Configure a DNS server for use by clients

using this DHCP pool. A DNS server needs

to be specified if you want to browse the

Internet.

domain-name <A.B.C.D>

Configure a domain name.

enable

Enables this dhcp pool.

lease <0-365>

<0-23> <0-59> |

infinite

Configure a lease time for client connecting

using this DHCP pool. Typically 24 lease

times are suitable, however if your situation

is a public hotspot then shorter time be

warranted.

network </nn | A.B.C.D> start

<A.B.C.D> stop <A.B.C.D>

Configure the network, start and stop IP

addresses for DHCP lease ranges.

option ascii <string> | hex

<hex-string> | ip <A.B.C.D>

Configure DHCP options to send to the

client.

static-route

<A.B.C.D>

<A.B.C.D> <A.B.C.D>

}

Configure a static route.

Command Modes PerleSCR(config)#

Usage Guidelines

Use this command to configure DHCP parameters.

Global Configuration Mode

195

IOLAN SCR1618 RDAC Command Line Reference Guide

ip dns

{dns cache-size <1-10000> | domain <NAME> server <A.B.C.D> <X:X:X:X::X>

| ignore-hosts-file

| listen-address <A.B.C.D> | <X:X:X:X::X>

| negative-ttl <0-7200>}

Use the no form of this command to negate a command or set to defaults.

Examples

This example sets authoritative mode to enable.

PerleSCR(config-dhcp)#ip authoritative enable

Related Commands

ip dhcp

Syntax Description ip dns

{dns cache-size <1-10000> |

Configure the size of the DNS cache.

Values are 1 to 10000

Default is 10000

domain <NAME> server

<A.B.C.D> <X:X:X:X::X>

Configure the domain name to forward to a

custom DNS server.

ignore-hosts-file

Configure the parameter—Do not use the local

/etc/hosts file for name resolution.

listen-address <A.B.C.D>

<X:X:X:X::X>

Configure the parameter to listen for DNS

addresses on the following IP addresses.

negative-ttl <0-7200>

}

Configure the seconds to cache NXDOMAIN

entries.

Values are 0–7200 seconds

Default is 3600 seconds

Command Modes PerleSCR(config)#ip dns

Usage Guidelines

Use this command to configure parameters for DNS.

Examples

This example sets listen address to 172.16.77.88.

PerleSCR(config)#ip dns listen-address 172.16.77.88

Global Configuration Mode

196

IOLAN SCR1618 RDAC Command Line Reference Guide

ip domain

{domain lookup}

Use the no form of this command to negate a command or set to defaults.

ip domain-name

{domain-name <WORD>}

Use the no form of this command to negate a command or set to defaults.

Related Commands

ip domain

ip domain-name

Syntax Description ip domain

{domain lookup}

Enables DNS host name to IP address

translation.

Command Modes PerleSCR(config)#ip domain

Usage Guidelines

Use the ip domain-lookup command to enable DNS host name-to-IP address

translation on the IOLAN .

Examples

This example enables DNS host to IP address translation.

PerleSCR(config)#ip domain

Related Commands

ip domain-name

Syntax Description ip domain-name

{domain-name <WORD>}

Configure the domain name.

Command Modes PerleSCR(config)#ip domain-name

Usage Guidelines

Use this command to configure the default domain name.

Examples

This example sets domain name to testlab.

PerleSCR(config)#ip domain-name testlab

Global Configuration Mode

197

IOLAN SCR1618 RDAC Command Line Reference Guide

ip extcommunity-list

ip excommunity-list

{extcommunity-list expanded <100-500> <1-65535> deny <LINE> | permit

<LINE> |

standard <1-99> <1-65535> deny rt | soo | asn:nn}

Use the no form of this command to negate a command or set to defaults.

Related Commands

ip domain

Syntax Description ip extcommunity-list

{extcommunity-list expanded

<100-500> <1-65535> deny

<LINE> | permit

<LINE> |

Configure an extended community list

entry.

standard

<1-99> <1-65535>

deny rt | soo asn:nn}

Configure a standard community list

entry.

soo—The site-of-origin (SoO) extended

community is a BGP extended

community attribute used to identify

routes that have originated from a site so

that the readvertisement of that prefix

back to the source site is prevented. BGP

uses the SoO value associated with a

route to prevent routing loops.

rt—The route target BGP Extended

Community dictates the policies used by

the Virtual routing and forwarding

(VRF). The route target must be

configured to specify the routes, which

contain this specific route target value,

that are imported into the VRF, and the

route target that is added to the routes that

are exported from the (VRF).

Command Modes PerleSCR(config)#ip extcommunity-list

Usage Guidelines

This command defines a new standard extcommunity-list.

Examples

This example configures a standard community list where the routes with this

community are advertised to all peers (internal and external).

PerleSCR(config)#ip extcommunity-list

Global Configuration Mode

198

IOLAN SCR1618 RDAC Command Line Reference Guide

ip firewall

{firewall <WORD> |

all-ping enable |

broadcast-ping enable |

ip-src-route enable |

ipv6-receive-redirects enable |

ipv6-src-route

log-martians enable |

receive-redirects enable

send-redirects enable

source-validation disable | loose | strict |

state-policy established accept | drop | reject

invalid accept | drop | reject |

related action accept | drop | reject

syn-cookies enable |

twa-hazards-protection enable}

Use the no form of this command to negate a command or set to defaults.

Related Commands

show ip extcommunity-list

Syntax Description ip firewall

{firewall <WORD> |

Creates a firewall set of rules.

Firewall name cannot be the same as route-

policy name.

all-ping enable

Configure the handling of IPv4 ICMP Echo

requests.

Enable—system responses to IPv4 ICMP

Echo requests.

Disable—system does not respond to IPv4

ICMP Echo requests

Default is Disabled

broadcast-ping enable

Configure the handling of IPv4 ICMP echo and

timestamps requests.

Enable—system responses to broadcast IPv4

ICMP echo and timestamp requests Disable—

system does not respond to IPv4 echo and

timestamp requests

Default is Disabled

Global Configuration Mode

199

IOLAN SCR1618 RDAC Command Line Reference Guide

ip-src-route enable |

Configure the handing of IPv4 packets with

source route option.

Default is Disabled

ipv6-receive-redirects enable

Configure the handing of received IPv6 ICMP

redirect messages.

Default is Disabled

ipv6-src-route

Configure the handling of IPv6 packets with

routing extension header.

Default is Disabled

log-martians enable

Configure the handing of IPv6 packets with

routing extension header.

Default is Disabled

receive-redirects enable

Configure the handing of received IPv4 ICMP

redirect messages.

Permits or denies IPv4 ICMP redirect

messages.

Default is Disabled

send-redirects enable

Configure the sending of IPv4 only redirect

messages.

Default is enabled

source-validation disable |

loose | strict

Configure source validation (IPv4 only).

Disable—no source validation is performed

Loose—enable loose reverse path forwarding

as defined by RFC3704

Strict—enable strict reverse path forwarding

as defined in RFC3704

Default is Disabled

state-policy established accept

| drop | reject

invalid accept |

drop | reject |related action

accept | drop | reject

Configure the global firewall state policy for

both IPv4 and IPv6.

By default, the firewall is stateless, configuring

any of these options makes the firewall become

stateful.

 a firewall state policy is configured

state-policy established accept

| drop | reject

invalid accept |

drop | reject |related action

accept | drop | reject

 NAT is configured

 The transport web proxy service is enable

 A load-balancing configuration is enable

Default is none (not set)

syn-cookies enable

Configure the policy for using TCP SYN

cookies with IPv4.

Default is enabled

Global Configuration Mode

200

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-fw)

{

default-action accept | drop | reject |

description <LINE> |

enable default-log |

rule <1-9999>}

Use the no form of this command to negate a command or set to defaults.

twa-hazards-protection

enable

}

Configure for TCP TIME_WAIT assassination

hazards protection per RFC 1337.

Command Modes PerleSCR(config)#ip firewall

Usage Guidelines

Use this command to configure firewall global configuration parameters.

Examples

This example configures the IOLAN to answer all incoming ping requests.

PerleSCR(config)#ip firewall all-ping enable

Related Commands

show ip firewall

clear ip

show ipv6

Syntax Description

(config-fw)

{

default-action accept | drop |

reject

Configure the default action for the entire

firewall.

description <LINE>

Configure firewall rule description.

enable default-log

Enables log packets matching the default-

action

Note: To see logging, turn on kernel debug.

<config># debug kernel

rule <1-9999>

}

Configure the number for this rule, then enters

sub-menu. (config-fw-rules).

Command Modes PerleSCR(config-fw)#

Usage Guidelines

Creates a firewall set of rules with the given name.

Global Configuration Mode

201

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-fw-rules)

{

description <LINE> |

disable <LINE> |

log enabled |

match destination address <A.B.C.D> <A.B.C.D> | not <A.B.C.D> <A.B.C.D>

start <A.B.C.D> stop <A.B.C.D> port <A.B.C.D> <A.B.C.D> | not <A.B.C.D>

<A.B.C.D> start <A.B.C.D> stop <A.B.C.D> | fragment | non-fragment | icmp

type <0-255> code <0-255> | type-name tos-host-redirect | tos-network-redirect |

address-mask-reply | address-mask-request | communication-prohibited |

destination-unreachable | echo-reply | echo-request | fragmentation needed |

host-precedence-violation | host-redirect | host-unknown | host-unreachable |

network-redirect | network-unknown | parameter-problem | port-unreachable |

protocol-unreachable | redirect | required-option-missing | router-advertisement

dccp | dsr | egp | eigrp | encap | esp | etherip | ggp | gre | hmp | icmp | idpr | igmp |

tcp | udp | udplite | vrrp | xns-idp || recent count <1-255> | time <1-4294967295> |

source address <A.B.C.D> <A.B.C.D> not <A.B.C.D> <A.B.C.D> start

<A.B.C.D> stop <A.B.C.D> | mac-address <H.H.H> not <H.H.H> | port <1-

65535> not <1-65535> start <1-65535> stop <1-65535> | state established |

invalid | new | related | tcp-flags ack | all | fin | sh | rst | syn | urg | not

set action accept | drop | reject

time monthdays <1-31> not <1-31> | startdate january | february | march | april

day <1-31> year

Examples

This example configures the default log action to enable. See show logging for

output.

PerleSCR(config-fw)#enable-default-action

This example create rule 1, then enters sub-menu mode (config-fw-rules).

PerleSCR(config-fw)#rule 1

PerleSCR(config-fw-rules)#

Related Commands

show ip firewall

clear ip

show ipv6

show lldp

(config-fw-rules)

ip firewall

Global Configuration Mode

202

IOLAN SCR1618 RDAC Command Line Reference Guide

saturday | sunday

}

Use the no form of this command to negate a command or set to defaults.

Syntax Description

(config-fw-rules)

{

description <LINE> |

Configure a description for the policy rule.

disable <LINE>

Disables policy rule.

log enabled

Enables log packets matching the rule.

match destination address

<A.B.C.D> <A.B.C.D> | not

<A.B.C.D> <A.B.C.D> start

<A.B.C.D> stop <A.B.C.D>

port <A.B.C.D> <A.B.C.D> |

not <A.B.C.D> <A.B.C.D>

start <A.B.C.D> stop

<A.B.C.D> | fragment | non-

fragment | icmp type <0-255>

code <0-255> | type-name tos-

host-redirect | tos-network-

redirect | address-mask-reply

|address-mask-request |

communication-prohibited |

destination-unreachable |

echo-reply | echo-request |

fragmentation needed | host-

precedence-violation | host-

redirect | host-unknown | host-

unreachable | network-

redirect | network-unknown |

parameter-problem | port-

unreachable | protocol-

unreachable | redirect |

required-option-missing |

router-advertisement | router-

solicitation | source-quench |

source-route-failed | time-

exceeded | timestamp-reply |

timestamp-request | ipsec |

non-ipsec | protocol <0-255> |

ah | dccp | dsr | egp | eigrp |

encap | esp | etherip | ggp | gre

| ip | ipip | ipv6 | ipc6-frag |

ipv6-icmp | ipv6-nonxt | ipv6-

opts | ipv6-route | isis | l2tp |

Configure firewall rules to match conditions

for traffic and the action to be taken if the

match conditions are satisfied. Traffic

matches on a number of characteristics,

including source IP address, destination IP

address, source port, destination port, IP

protocol, and ICMP type. Rules are executed

in sequence, according to the rule number. If

the traffic matches the characteristics

specified by the rule, the rule’s action is

executed; if not, the system “falls through” to

the next rule.

Global Configuration Mode

203

IOLAN SCR1618 RDAC Command Line Reference Guide

manet | mpls-in-ip | narp | pim

| skip | tcp | udp | udplite |

vrrp | xns-idp || recent count

<1-255> | time <1-

4294967295> | source address

<A.B.C.D> <A.B.C.D> not

<A.B.C.D> <A.B.C.D> start

<A.B.C.D> stop <A.B.C.D> |

mac-address <H.H.H> not

<H.H.H> | port <1-65535> not

<1-65535> start <1-65535>

stop <1-65535> | state

estabished | invalid | new |

related | tcp-flags ack | all | fin

| sh | rst | syn | urg | not

set action accept | drop | reject Action for packets.

The action is one of the following:

 Accept—Traffic is allowed and

forwarded.

 Drop—Traffic is silently discarded.

 Reject—Traffic is discarded with an

ICMP “Port Unreachable” message.

 Inspect—Traffic is processed by the

intrusion protection system (IPS).

time monthdays <1-31> not

<1-31> | startdate january |

february | march | april | may |

june | july | august | september

| november | december

day

<1-31> year <2001-2037> |

starttime

<hh:mm:ss>|

stopdate

january | february |

march | april | may | june |

july | august | september

||november | december |

stoptime

<hh:mm:ss> | utc |

weekdays

monday | tuesday |

wednesday | thursday | friday

saturday | sunday | not

monday | tuesday | wednesday

| thursday | friday | saturday |

sunday|

Configure time schedule to match rules.

Command Modes PerleSCR(config-fw-rules)#

Global Configuration Mode

204

IOLAN SCR1618 RDAC Command Line Reference Guide

ip ftp

{ftp passive | password 0 <LINE> | 7 <WORD> | <LINE> | username <WORD>}

Use the no form of this command to negate a command or set to defaults.

Usage Guidelines

Use this command to create firewalls filter packets on interfaces.

There are two steps to create a firewall.

1. You define a firewall instance and save it under a name. A firewall instance is also

called a firewall rule set, where a rule set is just a series of firewall rules. You define

the firewall instance and configure the rules for its rule set in the firewall

configuration node.

2 After defining the instance and specifying the rules in the rule set, you apply the

instance to an interface or a zone. You do this by configuring the interface

configuration node for the interface or zone. Once the instance is applied to the

interface or zone, the rules in the instance begin filtering packets.

Examples

The example below applies firewall name set test to the inbound traffic on BV1

(bridging eth1 and eth2). This firewall drops all ICMP traffic (generated by ping

commands), but allows all other traffic such as TCP Web traffic) because the default

action is accept.

PerleSCR

(config)#ip firewall test

PerleSCR(config-fw)#default-action accept

PerleSCR(config-fw)#rule 1

PerleSCR(config-fw-rules)#set action drop

PerleSCR(config-fw-rules)#match protocol icmp

PerleSCR(config-fw)#rule 2

PerleSCR(config-fw-rules)#set action accept

PerleSCR(config-fw-rules)#match protocol tcp

PerleSCR(config)#interface ethernet 1

PerleSCR(config)#bridge-group 1

PerleSCR(config)#interface ethernet 2

PerleSCR(config)#bridge-group 1

Related Commands

show ip firewall

clear ip

show ipv6

(config-fw)

Syntax Description ip ftp

Global Configuration Mode

205

IOLAN SCR1618 RDAC Command Line Reference Guide

ip health

{profile <WORD>}

Use the no form of this command to negate a command or set to defaults.

(config-health-prof)

{

failure-count <1-10> | success-count | test <1-100> target <hostname X.X.X.X>

type ping response-timeout <1-30> | traceroute limit <1-254>

}

Use the no form of this command to negate a command or set to defaults.

{ftp passive | password 0

<LINE> | 7 <WORD> |

<LINE> | username

<WORD>

}

Configure File Transfer Protocol (FTP)

parameters.

Passive—indicates to the server that the

client is opening the file transfer session.

This option is used if the client is behind a

firewall.

Command Modes PerleSCR(config)#ip ftp

Usage Guidelines

Use this command to configure File Transfer Protocol (FTP) parameters.

Examples

This example set username to labuser.

PerleSCR(config)#ip ftp username labuser

Syntax Description ip health

{profile <WORD>}

Configure an IP Health Profile. See (config-

health-prof) for more information.

Command Modes PerleSCR(config)#ip health

Usage Guidelines

Use this command to create a health profile.

Examples

This example creates a health profile called labhealth.

PerleSCR(config)#ip health profile labhealth

Related Commands

(config-health-prof)

show ip health

Syntax Description

(config-health-prof)

Global Configuration Mode

206

IOLAN SCR1618 RDAC Command Line Reference Guide

ip host

{host <WORD> <A.B.C.D>}

Use the no form of this command to negate a command or set to defaults.

ip host-group

{host <WORD>}

{

failure-count <1-10> | success-count |

test target <hostname X.X.X.X> type

ping response-timeout <1-30> |

traceroute limit <1-254>

}

Test <1–100>—Prioritize heath

test 1=first.

 Failure test count before

marking failed

 Count failure before marking

as failed

 Count successes before

marking as active

 Configure a health test

Command Modes PerleSCR(config-health-prof)#

Usage Guidelines

Use this command to configure health tests.

Examples

This example creates a health test to ping host 172.16.77.4 10 times

PerleSCR(config-health-prof)#test target 10 172.16.77.4

Syntax Description ip host

{host <WORD> <A.B.C.D>}

Configure a host to add to the host table.

Command Modes PerleSCR(config)#ip host

Usage Guidelines

Use this command to add a host to the IOLAN internal host table.

Examples

This example adds host labhost with ip address of 172.16.99.10 to the host table.

PerleSCR(config)#ip host labhost 172.16.99.10

Related Commands

show hosts

Global Configuration Mode

207

IOLAN SCR1618 RDAC Command Line Reference Guide

Use the no form of this command to negate a command or set to defaults.

(config-host-group)

{

host <A.B.C.D> | <WORD> | <X:X:X:X::X>}

Use the no form of this command to negate a command or set to defaults.

ip http

{accounting exec <WORD> | default] |

authentication aaa login-authentication <WORD> | default] |

Syntax Description ip host-group

{host <WORD>}

Configure the host group name.

Command Modes PerleSCR(config)#ip host

Usage Guidelines

Use this command to create a host group. A host group is a list of hosts.

Examples

This example creates host group hosts_for_labs.

PerleSCR(config)#ip host-group hosts_for_labs

Related Commands

(config-host-group)

Syntax Description

(config-host-group)

{

host <A.B.C.D> | <WORD> |

<X:X:X:X::X>

}

Configure a host to add to the host

group.

Command Modes PerleSCR(config-host-group)#

Usage Guidelines

Use this command to add a host to the host group.

Examples

This example adds host 172.17.55.90 to host group.

PerleSCR(config-host-group)#host 172.17.55.90

Related Commands

ip host-group

Global Configuration Mode

208

IOLAN SCR1618 RDAC Command Line Reference Guide

client password 0 <LINE> | 7 <WORD> | <LINE> proxy-server <WORD> proxy-

port <1-65535> | secure-trust-point <WORD> | username <WORD> | verify-

server

local port 80 | <1025-65535> |

secure-port 443 | <1025-65535> |

secure-server |

server |

session-idle-timeout <1-1440>}

Use the no form of this command to negate a command or set to defaults.

Syntax Description ip http

{accounting exec <WORD> |

default]

Configure HTTP server accounting

parameters.

authentication aaa login-

authentication <WORD> |

default]

Configure HTTP server authentication

method.

client password 0 <LINE> | 7

<WORD> | <LINE> proxy-

server <WORD> proxy-port

<1-65535> | secure-trust-point

<WORD> | username

<WORD> | verify-server]

Configure HTTP client certificate secure

trustpoint.

local port 80 | <1025-65535>

Configure a HTTP server local port number

for listening.

Values are 1025 to 65535

Default is 80

secure-port 443 | <1025-65535>

Configure a HTTPS server port for

listening.

Values are 1025 to 65535

Default is 4430

secure-server

Enable HTTP secure server.

server

Enable HTTP server.

session-idle-timeout <1-1440>

}

Configure a HTTP server session idle

timeout.

Default session idle timeout is 1440

seconds.

Command Modes PerleSCR(config)#ip http

Usage Guidelines

Use this command to configure HTTP/S server parameters.

Global Configuration Mode

209

IOLAN SCR1618 RDAC Command Line Reference Guide

ip name-server

{name-server <A.B.C.D>}

Use the no form of this command to negate a command or set to defaults.

ip nat

{nat inside source any | list <1-199> interface bvi <1-9999> | dialer <0-15>

ethernet <1-18> openvpn <0-999> | tunnel <0-999> | over load | no-strict | static

tcp | tcp+udp | udp <A.B.C.D> <1-65535> inbound-interface bvi <1-9999> |

dialer <0-15> ethernet <1-18> openvpn <0-999> | tunnel <0-999> <1-65535>

<A.B.C.D> <A.B.C.D>

pool <WORD> <A.B.C.D> <A.B.C.D> netmask <A.B.C.D>}

Use the no form of this command to negate a command or set to defaults.

Examples

This example enables HTTP secure server.

PerleSCRip http secure-server

Related Commands

show ip http

Syntax Description ip name-server

{name-server <A.B.C.D>}

Configure the address of the name server.

Command Modes PerleSCR(config)#ip name-server

Usage Guidelines

Use this command to configure the nameserver. Nameserver is a server that handles

queries regarding the location of a domain name’s various services such as website,

emails and so on. It is also a part of the Domain Name System (DNS) which

maintains a directory of domain names and translate them to IP addresses. When you

visit a domain, a DNS lookup first checks its name servers and reviews the DNS

records for that domain accordingly.

Examples

This example set name-server to 172.16.44.55.

PerleSCR(config)#ip name-server 172.16.44.55

Syntax Description ip nat

Global Configuration Mode

210

IOLAN SCR1618 RDAC Command Line Reference Guide

ip prefix-list

{<WORD> deny <A.B.C.D> </n | A.B.C.D> ge | le <1-32> | description <LINE> |

permit <A.B.C.D> </n | A.B.C.D> ge | le <1-32> | seq <1-65535> deny <A.B.C.D>

</n | A.B.C.D> ge | le <1-32> | permit <A.B.C.D> </n | A.B.C.D> ge | le <1-32>

}

{

nat inside source any | list

<1-199> interface bvi <1-

9999> | dialer <0-15> ethernet

<1-18> openvpn <0-999> |

tunnel <0-999> | over load |

no-strict | static tcp |tcp+udp |

udp <A.B.C.D> <1-65535>

inbound-interface bvi <1-

9999> | dialer <0-15> ethernet

<1-18> openvpn <0-999> |

tunnel <0-999> <1-65535>

<A.B.C.D> <A.B.C.D>

Configure Network Address Translation

(NAT).

Use NAT when your IOLAN is on a private

network and your internal PCs want to browse

the Internet.

No—strict–do not turn on firewall to drop

invalid connections

pool <WORD> <A.B.C.D>

<A.B.C.D> netmask

<A.B.C.D>

}

Define DHCP address pool.

Command Modes PerleSCR(config)#ip nat

Usage Guidelines

Use this command when you want NAT to remap one IP address space into another.

NAT modifies the network address information in the IP header of packets while

they are in transit across a traffic routing device. NAT allows you to use these private

IP address on the internal network. Your private networks can assign a unique IP

address to all your computers, servers and other IP driven resources, usually via

DHCP.

These are known as private internal networks. When a host on your internal private

network needs to communicate outside it's private network, it uses the public IP

address on the network's gateway to identify itself to the rest of the world, and this

translation of converting a private IP address to public is done by NAT.

Examples

This example allows all local traffic to the Internet through ethernet port 1. First you

need to create an access-list.

PerleSCR(config)#ip access-list standard 1

PerleSCR(config-std-nacl)#permit any

PerleSCR(config)#ip nat inside source list 1 interface ethernet 1 overload

Related Commands

show ip nat

Global Configuration Mode

211

IOLAN SCR1618 RDAC Command Line Reference Guide

Use the no form of this command to negate or set to defaults.

ip radius

{source-interface [bvi <1-9999>] | | [dialer <0-15>] | | [ethernet <1-5 . <1-4000>]

| [openvpn-tunnel <0-999>] | [tunnel <0-999>]

}

Use the no form of this command to negate or set to defaults.

Syntax Description ip prefix-list

{<WORD> deny <A.B.C.D>

</n | A.B.C.D> ge | le <1-32> |

description <LINE> | permit

<A.B.C.D> </n | A.B.C.D> ge |

le <1-32> | seq <1-65535> deny

<A.B.C.D> </n | A.B.C.D> ge |

le <1-32> | permit <A.B.C.D>

</n | A.B.C.D> ge | le <1-32>

}

Configure prefix-list filter.

ge value (optional) Specifies a prefix length

greater than or equal to the value. It is the

lowest value of a range of the length (the

"from" portion of the length range)

le value (optional) Specifiers a prefix length

less then or equal to the value. It is the highest

value of a range of the length (the "to" portion

of the length range.

Command Modes PerleSCR(config)#ip prefix-list

Usage Guidelines

Use this command to create prefix lists Prefix lists are used in route maps and route

filtering operations.The can be used as an alternative to access lists in many routing

filtering commands. The most important difference is that a prefix-list allows you to

filter networks based on their subnet mask.

Examples

This example shows how to accept a mask length of up to 24 bits in routes with the

prefix 172.20.10.171/16.

PerleSCR(config)#ip prefix list1 permit 172.20.10.171 /16 le 24

This example shows how to permit the prefix 172.17.0.0/16.

PerleSCR(config)#ip prefix list2 permit 172.17.0.0 255.255.0.0

Related Commands

show ip access-lists

Syntax Description ip radius

{source-interface [bvi <1-

9999>] | | [dialer <0-15>] | |

[ethernet <1-5 . <1-4000>] |

[openvpn-tunnel <0-999>] |

[tunnel <0-999>]

}

Configure an interface as the source IP address

from which the RADIUS client sends

RADIUS requests or receives responses.

Global Configuration Mode

212

IOLAN SCR1618 RDAC Command Line Reference Guide

ip route

{< A.B.C.D> <A.B.C.D> < A.B.C.D> <1-255> | [bvi <1-9999>] | | [ethernet <1-5>

<1-255> dhcp | vrrp <1-255> | null <1-255>] | [table <1-200> <A.B.C.D>

255> | dhcp]

}

Use the no form of this command to negate or set to defaults.

Command Modes PerleSCR(config)#ip radius

Usage Guidelines

Use this command to configure Remote Authentication Dial-In User Service

(RADIUS) authentication. RADIUS authenticates local and remote users on a

company network. RADIUS is a client/server system that keeps the authentication

information for users, remote access servers, VPN gateways, and other resources in

one central database.

Examples

This example configures the source-interface as ethernet 2

PerleSCR(config)#ip radius source-interface ethernet 2

Related Commands

clear radius

show radius

Syntax Description ip route

< A.B.C.D> <A.B.C.D> <

A.B.C.D> <1-255> | [bvi <1-

9999>] | | [ethernet <1-5> <1-

255> dhcp | vrrp <1-255> |

null <1-255>] | [table <1-200>

<A.B.C.D> <A.B.C.D> <

A.B.C.D>] | [bvi <1-9999>] | |

[dialer <0-15>] | | [ethernet

<1-18> dhcp

Configure static routes.

Prefix—specifies the IP route prefix for the

destination

mask—specifies the prefix mask for the

destination

ip-address—specifies the IP address of the

next hop used to reach that network

metric—specifies the metric of the route.

interface—apply this route to this interface

dhcp—default gateway obtained from

DHCP

| vrrp <1-255> | null <1-255>]

| [openvpn <0-999>] | [tunnel

<0-999> | <1-255> | dhcp]

}

Command Modes PerleSCR(config)#ip route

Global Configuration Mode

213

IOLAN SCR1618 RDAC Command Line Reference Guide

ip route-policy

{route-policy <WORD}

Use the no form of this command to negate or set to defaults.

(config-pbr)

{

description <LINE>

| enable-default-log

| rule <1-9998>

}

Use the no form of this command to negate a command or set to defaults.

Usage Guidelines

Use this command to configure a static route.

Examples

This example routes packets from network 172.16.1.7 to a router at 172.17.23.20.

PerleSCR(config)#ip route 172.16.1.7 255.255.0.0 172.17.23.20

Related Commands

ip route-policy

Syntax Description ip route-policy

{route-policy <WORD}

Configure a route policy. See

(config-pbr-rules) for more information.

Command Modes PerleSCR(config)#ip route-policy

Usage Guidelines

Use this command to create a route policy name.

Examples

This example creates route policy testlab.

PerleSCR(config)#ip route-policy testlab

Related Commands

(config-pbr-rules)

Syntax Description

(config-pbr)

{

description <LINE> |

Configure a policy rule.

enable-default-log

Configure default log.

Global Configuration Mode

214

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-pbr-rules)

{

description <LINE> |

log-enable |

match [destination address <A.B.C.D> <A.B.C.D> | not <A.B.C.D> <A.B.C.D> |

start <A.B.C.D> stop <A.B.C.D>] | [port <1-65535>| not <1-65535> | start <1-

65535> stop<1-65535>] | [fragment | fragment | non-fragment] | [icmp type <0-

egp | eigrp | encap | esp | esp | etherip | ggp | gre | hmp | icmp | idpr | igmp | igp |

4294967295>] | [source address <A.B.C.D> <A.B.C.D> | not <A.B.C.D> | start

<A.B.C.D> stop <A.B.C.D> | mac-address <H.H.H> | not <A.B.C.D> | [state

related tcp-flags ack | all | fin | psh | rst | syn | urg | not

set action drop | [dscp af11 | af12 | af13 |af 21 | af22 | af 23 | af31 | af33 | af41 |

af42 | af43 | cs1 | cs2 |cs3 | cs4 | cs5 | cs6 cs7 ef] | mark <1-2147483647> | [routing-

table <1-200> | main] | tcp-mss <500-1460> | pmtu | <500-1460>

time monthdays <1-31> | not <1-31> | startdate month <WORD> <1-31> <2001-

2037>|

[starttime <hh:mm:ss>] | stopdate month <WORD> <1-31> <2001-2037>

| stoptime <hh:mm:ss> | utc | weekedays <DAY> | not <DAY>}

Use the no form of this command to negate a command or set to defaults.

rule <1-9998>

}

Configure rule number.

Command Modes PerleSCR(config-pbr)#

Usage Guidelines

Use this command to create a policy rule.

Examples

This example configures rule number 10, then enter sub menu mode.

PerleSCR(config-pbr)#rule 10

PerleSCR(config-pbr-rules)#

Syntax Description

(config-pbr-rules)

{

description <LINE> |

Configure policy rule description.

log-enable

Logs packet matching the rule.

Global Configuration Mode

215

IOLAN SCR1618 RDAC Command Line Reference Guide

match [destination address

<A.B.C.D> <A.B.C.D> | not

<A.B.C.D> <A.B.C.D> | start

<A.B.C.D> stop <A.B.C.D>] |

[port <1-65535>| not <1-

65535> | start <1-65535> stop

<1-65535>] | [fragment |

fragment | non-fragment] |

[icmp type <0-255> code <0-

255>] | [ipsec ipsec |non-ipsec]

| [protocol <0-255> ah | dccp |

dsr | egp | eigrp | encap | esp |

esp | etherip | ggp | gre | hmp |

ipip | ipv6 | ipv6-frag | ipc6-

icmp | ipv6-nonxt | ipv6-opts |

Configure match values as define to the

routing table.

ipv6-route | isis | l2tp | manet |

mpls-in-ip | narp | not | osfp |

udplite | xns-idp] | [recent

count <1-255> | time <1-

4294967295>] | [source

address <A.B.C.D> <A.B.C.D>

| not <A.B.C.D> | start

<A.B.C.D> stop <A.B.C.D> |

mac-address <H.H.H> | not

<A.B.C.D> | [state established

disable | enable] | [invalid

disable | enable] | [new disable

| enable] | related tcp-flags ack

| all | fin | psh | rst | syn | urg |

not

set action drop | [dscp af11 |

af12 | af13 | af21 | af22 | af23 |

af31 | af32 | af33 | af41 | af42 |

af43 cs1 | cws2 | cs3 | cs4 | cs5 |

cs6 | cs7 ef] | mark <1-

2147483647> | [routing-table

<1-200> | main] | tcp-mss

<500-1460> | pmtu | <500-

1460>

Sets action for policy rules.

Global Configuration Mode

216

IOLAN SCR1618 RDAC Command Line Reference Guide

ip scp

{password 0 <LINE> | 7 <WORD> | <LINE> | username <WORD>}

Use the no form of this command to negate or set to defaults.

time monthdays <1-31> | not

<1-31>] | startdate month

<WORD>

<1-31> <2001-

2037> |

[starttime

<hh:mm:ss>] | stopdate month

<WORD>

<1-31> <2001-

2037>

| stoptime <hh:mm:ss> |

utc | weekedays <DAY> | not

<DAY>

}

Configure the time to match the rules.

Command Modes PerleSCR(config-pbr-rules)#

Usage Guidelines

Use these commands to set policy rules.

Examples

This example sets the action for the packets that match defined rule.

PerleSCR(config-prb-rules)# set action drop

This example uses policy-based routing to route all HTTP traffic protocol tcp,

destination port 80 through a policy route called http-firewall.

PerleSCR(config)# ip route 0.0.0.0 0.0.0.0 10.10.200.9

PerleSCR(config)#i p route table 2 0.0.0.0 0.0.0.0 172.16.0.8

PerleSCR(config-prb)# ip route-policy http-firewall

PerleSCR(config-prb))# rule 2

PerleSCR(config-prb-rules)# set routing-table 2

PerleSCR(config-prb-rules)# match protocol tcp

PerleSCR(config-prb-rules)# match destination port 80

PerleSCR(config)# interface ethernet 2

PerleSCR(config)# ip address 192.168.2.1 255.255.255.0

PerleSCR(config)# ip policy route-policy http-firewall

Syntax Description ip scp

{scp password 0 <LINE> | 7

<WORD> | <LINE> |

username <WORD>

}

Configure SCP password and username.

Command Modes PerleSCR(config)#ip scp

Global Configuration Mode

217

IOLAN SCR1618 RDAC Command Line Reference Guide

ip sftp

{

username <WORD> | password <0 <LINE> | 7 <LINE> | <LINE>}

Use the no form of this command to negate or set to defaults.

ip ssh

{authentication-retries <0-5> |

client algorithms mac hmac hmac-sha1 | [email protected] | hmac-

sha2-256 | [email protected] | hmac-sha2-512 | hmac-sha2-512 -

[email protected] | [email protected] | [email protected] |

[email protected] | [email protected]

pubkey-chain |

server algorithm encryption 3des-cbc | aes128-cbc | aes128-ctr | aes128-

cbc | [email protected] | rijndael-cbc@lysator.liu.se | mac hamc-

md5 | hmac-md5-96 | [email protected] | hmac-md5-

[email protected] | hmac-ripemd160 | [email protected] |

hmac-sha1 | hmac-sha2-256 | hm[email protected] |hmac-sha2-512

Usage Guidelines

Use this command to configure the username and password to enable the IOLAN to

securely copy files from a remote workstation.

Examples

This example configures the username for a connection to a remote host.

PerleSCR(config)#ip scp username lynlab

Syntax Description ip sftp

{username <WORD> |

password

<0 <LINE> | 7

}

SFTP configuration commands.

Command Modes PerleSCRr(config)#ip stfp

Usage Guidelines

Use this command to create a SFTP secure connection to a remote host.

Examples

This example configures a username fred.

PerleSCR(config)#ip sftp username fred

Global Configuration Mode

218

IOLAN SCR1618 RDAC Command Line Reference Guide

| [email protected] | [email protected] | umac-

[email protected] | [email protected] | [email protected]

stricthostkeycheck |

time-out <120>}

Use the no form of this command to negate or set to defaults.

Syntax Description ip ssh

{authentication-retries <0-5>

Configure ssh authentication retires.

Values are 1 to 5

Default is 3

client algorithms mac hmac

hmac-sha1 | hmac-sha1-

[email protected] | hmac-

sha2-256 | hmac-sha2-256-

[email protected] | hmac-

sha2-512 | hmac-sha2-512 -

[email protected] | umac-

[email protected] |

umac-128@openssh.com | 64-

[email protected] | umac-

[email protected]

Configure the SSH client parameters.

pubkey-chain

Configure to use a public key-chain.

server algorithm encryption

3des-cbc | aes128-cbc | aes128-

ctr | aes128-

[email protected] | aes192-

cbc | aes192-ctr | aes256-cbc |

aes256-ctr | aes256-

[email protected] | arcfour |

arcfour128 | arcfour256 |

blowfish-cbc | cast128-cbc |

chacha2--

[email protected] |

rijndael-cbc@lysator.liu.se |

mac hamc-md5 | hmac-md5-

96 | hmac-md5-96-

[email protected] | hmac-

md5-etm@openssh.com |

hmac-ripemd160 | hmac-

[email protected]

| hmac-sha1 | hmac-sha2-256 |

hmac-sha2-256-

[email protected] |hmac-

sha2-512 | hmac2-512-

Global Configuration Mode

219

IOLAN SCR1618 RDAC Command Line Reference Guide

ip tacacs

{tacacs source-interface bvi <1-9999> | | dialer <0-15> | | ethernet <1-18> . <1-

4000> | openvpn-tunnel <0-999> | tunnel <0-999>

}

Use the no form of this command to negate or set to defaults.

[email protected] | umac-

[email protected] |

umac-128@openssh.com |

[email protected]om |

umac-64@openssh.com

Configure the SSH server parameters.

stricthostkeycheck

Enables SSH server authentication.

time-out <120> Configure SSH login time out interval.

Values are 1 to 120 seconds.

Default is 20 seconds

Command Modes PerleSCR(config)#ip ssh

Usage Guidelines

The SSH protocol enables you to set up SSH connections. Your IOLAN supports

both client and server modes.

Examples

This example sets server mode for encryption hmac-md5.

PerleSCR(config)#ip ssh server algorithm mac hmac-md5

Related Commands

telnet

ip ssh

show ssh

Syntax Description ip tacacs

{tacacs source-interface bvi

<0-9999> | | dialer <0-15> | |

ethernet <1-18> . <1-4000> |

openvpn-tunnel <0-999> |

tunnel <0-999>

}

Configure the source interface for TACACS+

requests.

Command Modes PerleSCR(config)#ip tacacs

Usage Guidelines

Use this command to configure for Terminal Access Controller Access Control

System (TACACS+) authentication.

Global Configuration Mode

220

IOLAN SCR1618 RDAC Command Line Reference Guide

ip telnet

{server}

Use the no form of this command to negate or set to defaults.

ipv6

{access-list <WORD>

dhcp pool <WORD> |

dns domain <WORD> server <X:X:X:X::X> | listen-address <X:X:X:X::X>

firewall <WORD> | ipv6-receive-redirects enable | ipv6-src-route enable | state-

reject] | [related accept | drop | reject]

host <WORD> | <X:X:X:X::X> |

name-server <X:X:X:X::X> |

prefix-list <WORD> |

Examples

This example configures the source-interface as ethernet 2

PerleSCR(config)#ip tacacs source-interface ethernet 2

Related Commands

clear tacacs

tacacs

Syntax Description ip telnet

{server}

Enables Telnet server.

Command Modes PerleSCR(config)#ip telnet

Usage Guidelines

Use this command to config Telnet as the protocol to use for connections to a host.

Telnet allows a user at one site to establish a TCP connection to a login server at

another site and then pass the keystrokes from one device to the other.

Examples

This example enables telnet server.

PerleSCR(config)#ip telnet server

Related Commands

telnet

show management-access

(management-access-LAN)

(management-access-WAN)

Global Configuration Mode

221

IOLAN SCR1618 RDAC Command Line Reference Guide

radius source-interface bvi <1-9999> | dialer <0-15>| ethernet <1-18> . <1-

4000> openvpn-tunnel <0-999> tunnel <0-999>

route <A.B.C.D> <A.B.C.D> | bvi <1-9999> dialer <0-15> | ethernet <1-18> .

<1-4000>

| open-vpn-tunnel <0-999> | tunnel <0-999> <X:X:x:X::X <1-255> |

table <1-200> X:X:X:X::X/<0-128> bvi <1-9999> | dialer

<0-15> | ethernet <1-

18> . <1-4000>

| null | open-vpn-tunnel <0-999> | tunnel <0-999> <X:X:x:X::X

<1-255>

route-policy <WORD> |

router osfp | rip |

tacacs source-interface bvi <1-9999> | dialer <0-15> | ethernet <1-18> . <1-

4000> openvpn-tunnel <0-999> tunnel <0-999>

unicast-routing}

Use the no form of this command to negate a command or set to defaults.

Syntax Description ipv6

{access-list <WORD>

Configure access list name.

dhcp pool <WORD>

Configure the dhcp pool name.

dns domain <WORD> server

<X:X:X:X::X> | listen-address

<X:X:X:X::X>

Configure DNS domain parameters.

firewall <WORD> | ipv6-

receive-redirects enable |

ipv6-src-route enable | state-

policy [established action

accept | drop | reject] | [invalid

action accept | drop | reject] |

[related accept | drop | reject]

Configure firewall options.

host

<WORD> |

<X:X:X:X::X>

Configure static host names.

name-server <X:X:X:X::X>

Configure the address of the name server.

prefix-list <WORD>

Configure a prefix-list filter.

radius source-interface bvi <1-

9999> | | | dialer <0-15> |

ethernet <1-18> . <1-4000>

openvpn-tunnel <0-999>

tunnel <0-999>

Configure RADIUS configuration parameters.

Global Configuration Mode

222

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-ipv6-acl)

{<1-65535> |

deny | <X:X:X:X::X/0-128 |any> |

permit <X:X:X:X::X/0-128 | any>}

Use the no form of this command to negate a command or set to defaults.

route

<A.B.C.D> <A.B.C.D> |

bvi <1-9999> | dialer

<0-15> |

ethernet <1-18> . <1-4000>

open-vpn-tunnel

<0-999> |

tunnel <0-999> <X:X:x:X::X

<1-255> | table <1-200>

Configure static routes.

route-policy <WORD>

Configure IPv6 route policy name.

router osfp | rip

Enablea IPv6 routing process.

tacacs source-interface bvi <1-

9999> | | | dialer <0-15> |

ethernet <1-18> . <1-4000>

openvpn-tunnel <0-999>

tunnel <0-999>

Configure TACACS+ configuration

parameters.

unicast-routing} Enables unicast routing.

Command Modes PerleSCR(config)#ipv6

Usage Guidelines

Use this command to configure IPv6 parameters.

Examples

This example configures the DHCP pool name.

PerleSCR(config)#ipv6 dhcp pool ipv6pool1

Related Commands

show ipv6

Syntax Description

(config-ipv6-acl)

{<1-65535> |

Configure the sequence number.

deny <X:X:X:X::X/0-128 |

any> exact-match

Configure to deny specified packets.

permit <X:X:X:X::X/0-128 |

any> exact-match

}

Configure to permit specified packets.

Global Configuration Mode

223

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-dhcpv6)

{

address prefix <X:X:X:X::X/0-128> |

dns-server <X:X:X:X::X> |

domain-name <WORD> |

host <WORD> |

lifetime default <0-4294967294> maximum <0-4294967294> minimum <0-

4294967294>

nis address <X:X:X:X::X> | domain-name <WORD> |

nisp address <X:X:X:X::X> | domain-name <WORD> |

sip address <X:X:X:X::X> | domain-name <WORD> |

sntp address <X:X:X:X::X> |

subnet <X:X:X:X::X/<1-128>}

Use the no form of this command to negate a command or set to defaults.

Command Modes

PerleSCR(config-ipv6-acl)#

Usage Guidelines

Use this command to configure network packets to deny or permit using Access

Control Lists (ACLs).

Examples

This example denies packets from this network.

PerleSCR(config-ipv6-acl)# deny 172.16.0.0/16 exact-match

Related Commands

show ipv6

Syntax Description

(config-dhcpv6)

{

address prefix

<X:X:X:X::X/0-128 |

Configure the IPv6 address prefix.

dns-server <X:X:X:X::X>

Configure a DNS server for use by clients

using this DHCP pool. A DNS server needs

to be specified if you want to browse the

Internet.

domain-name <WORD>

Configure a domain name.

host <WORD>

Configure the host name.

Global Configuration Mode

224

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-fw6)

{

default-action accept | drop | reject |

description <LINE> |

enable-default-logfile |

rule <1-9999>}

Use the no form of this command to negate a command or set to defaults.

lifetime default <0-

4294967294> maximum <0-

4294967294> minimum <0-

4294967294>

Configure IPv6 DHCP parameters.

Value is 0 to 4294967294

Max value is 0 to 4294967294

Min value is 0 to 4294967294

nis address

<X:X:X:X::X> |

domain-name <WORD>

Configure the address and domain name of

your nis server.

nisp address

<X:X:X:X::X> |

domain-name <WORD>

Configure the address and domain name of

your nisp server.

sip address

<X:X:X:X::X> |

domain-name <WORD>

Configure the address and domain name of

your sip server.

sntp address <X:X:X:X::X>

Configure the address of your SNTP server.

subnet

<X:X:X:X::X/<1-128>}

Configure the subnet.

Command Modes PerleSCR(config)#

Usage Guidelines

Use this command to configure IPv6 DHCP parameters.

Examples

This example sets the dns-server address to 1:2:3:4:5::6.

PerleSCR(dhcpv6-config)#dns-server 1:2:3:4:5::6

Related Commands

show ipv6

Syntax Description

(config-fw6)

{

default-action accept | drop |

reject

Configure default action for firewall rules.

description <LINE>

Configure firewall rules description.

enable-default-logfile

Logs packets matching default action.

Global Configuration Mode

225

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-fw6-rules)

{

description <WORD> |

disable |

log-enable

match destination [address <X:X:X::X/0-128> | not <X:X:X::X/0-128> | start

<X:X:X::X> stop <X:X:X::X>] | port <1-65535> not <X:X:X::X/0-128> | start

<X:X:X::X> stop <X:X:X::X>] | [fragment fragment | non-fragment] | icmp type

<0-255> code <0-255> | typenane address-unreachable | bad-header |

communication-prohibited | destination-unreachable | echo-reply | echo-request

parameter-problem | port-unreachable | route-advertisement | router-

solicitation | time-exceeded | ttl-zero-during-reassembly | ttl-zero-during-transit |

unknown-header-type | unknown-option] | ipsec ipsec | non-ipsec | [protocol <0-

255> | ah |dccp |dsr | egp | eigrp | encap | esp | etherip |

ggp | gre | hmp | icmp |

255> | time <1-4294967295>] | source address <X:X:X::X/0-128> | not

<X:X:X::X/0-128> | start <X:X:X::X> stop <X:X:X::X>] | [mac-address <H.H.H>

not <H.H.H>] | [port <1-65535> | not <1-65535> | start <1-65535> | stop <1-

enable | disable] | [related disable | enable] | tcp-flags ack | all | fin | psh | rst | syn

|urg | not ack | all | fin | psh | rst | syn | urg]

set action drop | accept | reject |

time monthdays <1-31> | not <1-31>] | startdate <MONTH> <1-31> <2001-

2037> | stopdate <MONTH> <1-31> <2001-2037>| starttime <hh:mm:ss> |

stoptime <hh:mm:ss> | utc | weekdays <DAY> | not <DAY>

]}

rule <1-9999>}

Creates rule number, then goes into sub menu

mode.

Command Modes PerleSCR(config-fw6)#

Usage Guidelines

Use this command to configure IPv6 firewall options.

Examples

This example sets the default action for firewall rules.

PerleSCR(config-fw6)# default-action drop

Related Commands

show ipv6

Global Configuration Mode

226

IOLAN SCR1618 RDAC Command Line Reference Guide

Use the no form of this command to negate a command or set to defaults.

Syntax Description

(config-fw6-rules)

{

description <WORD> |

Configure a description for the policy rule.

disable

Disables the policy rule.

log-enable

Logs packet matching the rule.

match destination [address

<X:X:X::X/0-128> | not

<X:X:X::X/0-128> | start

<X:X:X::X> stop <X:X:X::X>]

| port <1-65535> not

Configure match values as define to the

routing table.

<X:X:X::X/0-128> | start

<X:X:X::X> stop <X:X:X::X>]

| [fragment fragment | non-

fragment] | icmp type <0-255>

code <0-255> | typenane

address-unreachable | bad-

header | communication-

prohibited | destination-

unreachable | echo-reply |

echo-request | neighbour-

advertisement | neighbour-

solicitation | no-route | packet-

too-big | parameter-problem |

port-unreachable | route-

advertisement | router-

solicitation | time-exceeded |

ttl-zero-during-reassembly |

ttl-zero-during-transit |

unknown-header-type |

unknown-option] | ipsec ipsec |

non-ipsec | [protocol <0-255> |

ah |dccp |dsr | egp | eigrp |

encap | esp | etherip |

ggp | gre

| p | ipip | ipv6 | ipv6-frag |

ipv6-icmp | ipv6-nonxt | ipv6-

opts | ipv6-route | isis | l2tp |

manet | mpls-in-ip | narp | not

udp | udplite | vrrp | xnc-idp]

recent count <1-255> | time

<1-4294967295>] | source

address <X:X:X::X/0-128> |

not <X:X:X::X/0-128> | start

Global Configuration Mode

227

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-pbr6)

{

description <LINE> |

enable-default-logfile |

rule <1-9998>}

Use the no form of this command to negate a command or set to defaults.

<X:X:X::X> stop <X:X:X::X>]

| [mac-address <H.H.H> not

<H.H.H>] | [port <1-65535> |

not <1-65535> | start <1-

65535> | stop <1-65535>] |

state [established disable |

enable] | [invalid disable |

enable] | [new enable | disable]

| [related disable | enable] |

tcp-flags ack | all | fin | psh |

rst | syn |urg | not ack | all | fin

| psh | rst | syn | urg]

Configure match values as define to the

routing table.

set

action drop | accept | reject

Configure packet modifications.

time monthdays <1-31> | not

<1-31>] | startdate <MONTH>

<1-31> <2001-2037> | stopdate

<MONTH> <1-31> <2001-

2037>| starttime <hh:mm:ss>

| stoptime <hh:mm:ss> | utc |

weekdays <DAY> | not

<DAY>

]}

Configure time parameters.

Command Modes PerleSCR(config-fw6-rules)#

Usage Guidelines

Use this command to configure firewall rules for IPv6.

Examples

This example sets the action for matched packets.

PerleSCR(config-fw6-rules)# set action accept

Related Commands

show ipv6

Syntax Description

(config-pbr6)

description <LINE> |

Configure firewall rules description.

Global Configuration Mode

228

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-pbr6-rules)#

{

description <LINE> |

log-enable |

match [destination address <A.B.C.D> <A.B.C.D> | not <A.B.C.D> <A.B.C.D> |

start <A.B.C.D> stop <A.B.C.D>] | [port <1-65535>| not <1-65535> | start <1-

65535> stop<1-65535>] | [fragment | fragment | non-fragment] | [icmp type <0-

egp | eigrp | encap | esp | esp | etherip | ggp | gre | hmp | icmp | idpr | igmp | igp |

<1-4294967295>] | [source address <A.B.C.D> <A.B.C.D> | not <A.B.C.D> | start

<A.B.C.D> stop <A.B.C.D> | mac-address <H.H.H> | not <A.B.C.D> | [state

related tcp-flags ack | all | fin | psh | rst | syn | urg | not

set action drop | [dscp af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 |

af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | |cs7 ef] | mark <1-2147483647> |

[routing-table <1-200> | main] | tcp-mss <500-1460> | pmtu | <500-1460>

time monthdays <1-31> | not <1-31> | startdate month <WORD> <1-31> <2001-

2037>|

[starttime <hh:mm:ss>] | stopdate month <WORD> <1-31> <2001-2037>

| stoptime <hh:mm:ss> | utc | weekedays <DAY> | not <DAY>}

Use the no form of this command to negate a command or set to defaults.

enable-default-logfile

Logs packets matching default action.

rule <1-9998>

}

Creates rule number, then goes into sub menu

mode.

Command Modes PerleSCR(config-pbr6)#

Usage Guidelines

Use this command to configure IPv6 firewall options.

Examples

This example sets the default action for firewall rules.

PerleSCR(config-fw6)# default-action drop

Related Commands

show ipv6

Syntax Description

(config-pbr6-rules)#

{

description <LINE> |

Configure policy rule description.

log-enable

Logs packet matching the rule.

Global Configuration Mode

229

IOLAN SCR1618 RDAC Command Line Reference Guide

match [destination address

<A.B.C.D> <A.B.C.D> | not

<A.B.C.D> <A.B.C.D> | start

<A.B.C.D> stop <A.B.C.D>] |

[port <1-65535>| not <1-

65535> | start <1-65535>

stop<1-65535>] | [fragment |

fragment | non-fragment] |

Configure match values as define to the

routing table.

[icmp type <0-255> code <0-

255>] | [ipsec ipsec |non-ipsec]

| [protocol <0-255> ah | dccp |

dsr | egp | eigrp | encap | esp |

esp | etherip | ggp | gre | hmp |

ipip | ipv6 | ipv6-frag | ipc6-

icmp | ipv6-nonxt | ipv6-opts |

ipv6-route | isis | l2tp | manet |

mpls-in-ip | narp | not | osfp |

udplite | vrrp | xns-idp] |

[recent count <1-255> | time

<1-4294967295>] | [source

address <A.B.C.D> <A.B.C.D>

| not <A.B.C.D> | start

<A.B.C.D> stop <A.B.C.D> |

mac-address <H.H.H> | not

<A.B.C.D> | [state established

disable | enable] | [invalid

disable | enable] | [new disable

| enable] | related tcp-flags ack

| all | fin | psh | rst | syn | urg |

not

set action drop | [dscp af11 |

af12 | af13 | af21 | af22 | af23 |

af31 | af32 | af33 | af41 | af42 |

af43 cs1 | cws2 | cs3 | cs4 | cs5 |

cs6 | cs7 ef] | mark <1-

2147483647> | [routing-table

<1-200> | main] | tcp-mss

<500-1460> pmtu | <500-

1460>

Sets action for policy rules.

Global Configuration Mode

230

IOLAN SCR1618 RDAC Command Line Reference Guide

key

{chain < WORD>}

Use the no form of this command to negate a command or set to defaults.

time monthdays <1-31> | not

<1-31> | startdate month

<WORD>

<1-31> <2001-

2037>|

[starttime

<hh:mm:ss>] | stopdate

month<WORD>

<1-31>

<2001-2037>

| stoptime

<hh:mm:ss> | utc | weekedays

}

Configure the time to match the rules.

Command Modes PerleSCR(config-pbr-rules)#

Usage Guidelines

Use this command to set IPv6 routing rules.

Examples

This example sets rule to match icmp type 80 code 80.

PerleSCR(config-prb-rules)#match icmp type 80 code 80.

Related Commands

show ipv6

Syntax Description key

{chain < WORD>} Configure keychain management.

Command Modes PerleSCR(config)#key

Usage Guidelines

Use this command to create a keychain. Keychain management allows you to create

and maintain keychains, which are sequences of keys (sometimes called shared

secrets). You can use keychains with features that secure communications with other

devicesby using key-based authentication.

Examples

This example create key chain 1, then go into sub menu key.

PerleSCR(config)#key chain key1

Global Configuration Mode

231

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-key)

{

key <1-2147483647>}

Use the no form of this command to negate a command or set to defaults.

(config-keychain-key)

{

string 0 <WORD> | 7 <WORD> | <WORD>}

Use the no form of this command to negate a command or set to defaults.

Related Commands

(config-keychain-key)

Syntax Description

(config-key)

{

key <1-2147483647>}

Configure a number for this key.

Command Modes PerleSCR#(config-key)#

Usage Guidelines

Use this command in conjunction with (config-keychain-key) to set a key number.

Examples

Configures a key number.

PerleSCR(config-key)# key 250

Related Commands

(config-pbr6-rules)#

(config-keychain-key)

Syntax Description

(config-keychain-key)

{

string 0 <WORD> | 7 <WORD> |

<WORD>

}

Configure the key chain.

0–specifies an unencrypted

password

7–specifies a hidden password

with follow

WORD–the unencrypted

(cleartext) user password.

Command Modes PerleSCR(config-keychain-key)

Usage Guidelines

Use this command to configure a password for key chain.

Global Configuration Mode

232

IOLAN SCR1618 RDAC Command Line Reference Guide

ldap

{server <WORD>}

Use the no form of this command to negate a command or set to defaults.

(config-ldap-server)

{

base-dn <WORD> |

bind authenticate root-dn <WORD> password 0 <WORD> | 7 <WORD> |

<WORD> |

ipv4 <WORD> | <A.B.C.D> |

ipv6 <WORD> | <X:X:X:X::X:X> |

mode server |

search-filter <WORD> |

secure cipher | transport port <1-65535> | trustpoint <WORD> |

timeout retransmission <1-65535>

transport port <1-65535>

user-attribute other <WORD> | samaccountname | uid}

Examples

Configure a password for key chain.

PerleSCR(config-keychain-key)# string password123

Related Commands

(config-pbr6-rules)#

Syntax Description ldap

{server <WORD>} Configure LDAP server name.

Command Modes PerleSCR(config)#ldap

Usage Guidelines

Use this command configure an LDAP server.

Examples

This example configures a LDAP server name.

PerleSCR(config)# ldap server testldap

Related Commands

(config-ldap-server)

clear ldap

show ldap

Global Configuration Mode

233

IOLAN SCR1618 RDAC Command Line Reference Guide

Use the no form of this command to negate a command or set to defaults.

Syntax Description

(config-ldap-server)

{

base-dn <WORD> |

Configure the Base DN for LDAP. The Base

DN is the starting point an LDAP server uses

when searching for user authentication

within your Directory.

bind authenticate root-dn

<WORD> password 0

<WORD> |

Configure

 An authenticated bind is performed when

a root distinguished name (DN) and

password are available

 In the absence of a root DN and password,

an anonymous bind is performed

ipv4 <WORD> | <A.B.C.D>

Configure the IPv4 address of LDAP server.

ipv6 <WORD> |

<X:X:X:X::X:X>

Configure the IPv6 address of LDAP server.

mode secure

Set the server mode.

 secure – configures the LDAP to initiate

the transport layer security (TLS)

connection and specifies the secure mode

 non-secure

Default is non-secure

search-filter <WORD>

Configure a search filter The search filter

operation must be supported on the LDAP

server. Filters are to restrict the numbers of

users or groups that are permitted to access

an application. In essence, the filter limits

what part of the LDAP tree the application

syncs from.

A filter can and should be written for both

user and group membership. This ensures

that you are not flooding your application

with users and groups that do not need

access.

secure cipher | transport port

<1-65535> | trustpoint

<WORD>

Configure

 ciphers—adh, dh, dss, edh, high,

medium, rsa, sslv3

 transport—listening port for secure

connections

 trustpoint

Default listening port for secure transfer

connections is 636

Global Configuration Mode

234

IOLAN SCR1618 RDAC Command Line Reference Guide

line

{console <0-0 >

tty < 1-16>

vty <0-15>}

timeout retransmission <1-

65535>

Configure the timeout for retransmissions.

Values are 1 to 65535

Default is 30 seconds

transport port <1-65535> Configure the listening port for unsecured

connections.

Default port is 389

user-attribute other <WORD> |

samaccountname | uid}

Configure the user attribute.

 other—configure custom usr attibute

 sAMAccountName— Microsoft Active

Directory

 uid—OpenLDAP

Command Modes PerleSCR(config-ldap-server)#

Usage Guidelines

Use this command to configure LDAP server parameters.

Examples

Search filter for LDAP

For example, if your users are distinguished by having two objectClass attributes

(one equal to 'person' and another to 'user'), this is the command to match for it.

PerleSCR(config-ldap-server) #search-filter

(&(objectClass=person)(objectClass=user))

Search filter for Microsoft Active Directory

This only synchronize users in the 'Warehouse' group—this should be applied to the

User Object Filter:

PerleSCR(config-ldap-server) #search-filter

(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=CaptainPlanet,o

u=users,dc=company,dc=com))

Related Commands

aaa

show ldap

clear ldap

ldap

(config-sg-ldap)

Global Configuration Mode

235

IOLAN SCR1618 RDAC Command Line Reference Guide

Use the no form of this command to negate a command or set to defaults.

lldp

{hold-mult <2-10>

logging |

notification-interval

optional-tlv port-info

reinit <1-10> |

run

timer

tvl-select mac-phy-cfg| managemnt-address <A.B.C.D> | <X:X:X:X:X>| max-

frame-size | port-description | system capabilities | system description | system-

name

tx-delay}

Syntax Description line

{console <0-0>

Primary terminal line. See (config-

line)#console

Terminal/serial. See (config-line)#tty

vty <0-15>} Virtual terminal. See (config-line)#vty

Command Modes PerleSCR(config)#line

Usage Guidelines

Use this command to change to line mode configuration.

Examples

Go into line configuration mode for tty 2.

PerleSCR(config)# tty 2

Related Commands

(config-line)#console

(config-line)#tty

(config-line)#vty

Syntax Description lldp

{hold-mult <2-10>

Configure a value for the LLDP hold

multiplier. This is the time to cache learned

LLDP information before discarding,

measured in multiples of the timer

parameter.

Global Configuration Mode

236

IOLAN SCR1618 RDAC Command Line Reference Guide

For example, if the Timer is 30 seconds, and

the Hold Multiplier is 4, then the LLDP

packets are discarded after 120 seconds.

Default is 4

Values are 2 to 10

logging

Configure logging for LLDP neighbor

discovery.

Default is off.

notification-interval

Configure the minimum interval between

LLDP SNMP notifications.

Default is 5 seconds

Value is 5 to 3600 seconds

optional-tlv port-info

Reverts to the previous setting of providing

the interface name.

reinit <1-10>

Configure the delay (in sec) for LLDP

initializations on any interface.

Default is 2 seconds

Values are 1 to 10 seconds

run

Enables LLDP.

LLDP Disabled by default.

timer

Configure the rate at which LLDP packets

are sent.

This parameter is used with the TX Hold

multiplier parameter to determine when

LLDP packets are discarded.

Default is 30 seconds

Values are 5 to 32768 seconds

tvl-select mac-phy-cfg |

managemnt-address

<A.B.C.D> | <X:X:X:X:X> |

max-frame-size | port-

description | system

capabilities | system

description | system-name

Configure the LLDP TLVs to send.

Default is all TLVs are sent.

Maximum management addresses are 8.

Default management addressees are

automatically selected by LLDP.

tx-delay} Configure the amount of time in seconds

that passes between successive LLDP frame

transmissions due to changes in the LLDP

local systems MIB.

Default is 30 seconds

Values are 1 to 8192 seconds

Command Modes PerleSCR(config)#

lldp

Global Configuration Mode

237

IOLAN SCR1618 RDAC Command Line Reference Guide

logging

{

<hostname> | <A.B.C.D> |

alarm <2-3> | major | minor |

errors | informational | notifications | warnings

informational | notifications | warnings

delimiter tcp |

| local6 | local7 | lpr | mail | news | sys10 | sys11 | sys12 | sys13 | sys14 | sys9 |

syslog | user | ucp

emergencies | errors | informational | notifications | warnings

host <A.B.C.D> transport tcp port <1-65535> | udp port <1-65535> |

| informational | notifications | warnings

on |

origin-id hostname | ip | ipv6 | string

emergencies | errors | informational | notifications | warnings

source interface bvi <1-9999> | | ethernet <1-18> | openvpn-tunnel <0-999> |

tunnel

<0-999> |

informational | notifications | warnings

}

Usage Guidelines

Use this command to configure Link Layer Discovery Protocol (LLDP) parameters.,

LLDP allows network devices to advertise their identity and capabilities on a LAN.

LLDP specifically defines a standard method for Ethernet network devices such as

switches, routers, and wireless LAN access points to advertise information about

themselves to other nodes on the network and store the information they discover.

LLDP should be enabled in a multi-vendor network.

Examples

This example enables LLDP.

PerleSCR(config)#lldp run

Related Commands

clear lldp

show lldp

Global Configuration Mode

238

IOLAN SCR1618 RDAC Command Line Reference Guide

Use the no form of this command to negate a command or set to defaults.

Syntax Description logging

{<hostname> | <A.B.C.D> |

Configure the address of the logging host.

alarm

<2-3> | major | minor |

Sets the severity alarm level.

major—immediate action needed (severity 2)

minor—minor warning conditions (severity

buffered <0-7> | <4096-32768>

| alert | critical] | debugging |

emergencies | errors |

informational | notifications |

warnings

Configure buffered logging parameters.

console <0-7> | <4096-32768>

alert | critical] | debugging |

emergencies | errors |

informational | notifications |

warnings

Configure console logging parameters.

delimiter tcp

Appends delimiter to syslog messages.

facility auth | cron | daemon |

kern | local0 | local1 | local2 |

local3 | local4 | local5 | local6 |

local7 | lpr | mail | news | sys10

| sys11 | sys12 | sys13 | sys14 |

sys9 | syslog | user | ucp

Configure facility parameter for syslog

messages.

file flash: <filename> <0-7> |

<4096-32768> | alert | critical |

debugging | emergencies |

errors | informational |

notifications | warnings

Configure file logging parameters.

host <A.B.C.D>

transport tcp

port

<1-65535> | udp port <1-

65535>

Configure the syslog server IP address and

parameters.

monitor <0-7> | <4096-32768>

| alert | critical] | debugging |

emergencies | errors |

informational | notifications |

warnings

Configure terminal line (monitor) logging

parameters.

Enables logging to all enabled destinations.

Global Configuration Mode

239

IOLAN SCR1618 RDAC Command Line Reference Guide

{on-failure every <1-65535> | log every <1-65535>| trap every <1-65535> | [on-

success every <1-65535> | log every <1-65535>| trap every <1-65535>]

}

origin-id hostname | ip | ipv6 |

string

Adds origin ID to syslog messages.

rate-limit <1-10000> except

<0-7> | <4096-32768>

| alert |

critical] | debugging |

emergencies | errors |

informational | notifications |

warnings

Configure message per second limit.

source interface bvi <1-9999> |

| ethernet

<1-18> | openvpn-

tunnel

<0-999> | tunnel <0-

999>

Configure the interface for source address in

logging transactions.

trap <0-7> | <4096-32768>

alert | critical] | debugging |

emergencies | errors |

informational | notifications |

warnings

}

Configure syslog server logging level.

Command Default logging buffered 4096 debugging

logging console debugging

logging monitor debugging

Command Modes PerleSCRconfig)#logging

Usage Guidelines

Use this command to enable logging settings.

Examples

This example enables logging to host 172.16.55.88.

PerleSCR(config)#logging 172.16.55.88

Related Commands

show lldp

Syntax Description login

Global Configuration Mode

240

IOLAN SCR1618 RDAC Command Line Reference Guide

mac

{

access-list <WORD> |

import <WORD> interface bvi <1-9999> | | ethernet <1-18> . <1-4000> | url

}

Use the no form of this command to negate a command or set to defaults.

{on-failure every <1-65535> |

log every <1-65535>| trap

every <1-65535>

Configure options for failed login attempt.

[on-success every <1-65535> |

log every <1-65535>| trap

every <1-65535>]

}

Configure options for successful login

attempt.

Command Modes

PerleSCR(config)#login

Usage Guidelines

Use this command to set parameters for users log in attempts.

Examples

This example logs failed login attempts.

PerleSCR(config)#login on-failure

Related Commands

logging

Syntax Description mac access-list

{access-list <WORD> |

Configure a MAC access list name.

export <WORD> url flash: |

ftp: | http: | https: | scp: | sftp:

| tftp:

Exports MAC access list to a server.

import <WORD> interface bvi

<1-9999> | dot11radio <1-4> |

ethernet <1-18> . <1-4000> |

url flash: | ftp: | http: | https: |

scp: | stfp: | tftp:

}

Import formats are;

 xxxx.xxxx.xxxx—Cisco format where

xxxx is 1-4 digits

 xx:xx:xx:xx:xx:xx—where xx is 1-2 digits

 aabbccddeeff

 Import from supported interface

 ethernet interfaces

 sub-ethernet (VLANs) interfaces

 bridge interfaces

Global Configuration Mode

241

IOLAN SCR1618 RDAC Command Line Reference Guide

Command Default Notes:

 There are no defaults when configuring

the MAC access-group and policy, but the

no/default policy after initial

configuration, is Disabled

 No and default commands operate the

same for all interface types

 If there is no MAC access-group

specified, the no/default command

REMOVES the MAC access-group and

policy

 If a MAC access-group is specified the

default policy: disabled is configured and

applied

Command Modes PerleSCR(config)#mac

Usage Guidelines

Use this command to create a host MAC address list.

Policy descriptions

Permit—allow all MAC addresses in this MAC access list, deny all MAC

addressees not in this list.

Deny—deny all MAC addresses in this MAC access list, allow all others not in the

list

Disable—not active

MAC address list can also be created by importing CSV files.

Examples

This example assigns access-list eth4-macs to interface ethernet 4 with all addresses

within the eth4-macs policy to be accepted or permitted on this interface.

PerleSCR#interface ethernet 4

PerleSCR#mac-access-list eth4-macs-static

PerleSCR#

Global Configuration Mode

242

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-mac-acl)

{

description <LINE> |

host src-mac-address <H.H.H>}

Use the no form of this command to negate a command or set to defaults.

This example imports a <mac-list-csv.txt> file from host 172.16.4.182 using http

protocol.

#mac access-list import <mac-list-csv.txt> url http://172.16.4.182/pub/<mac-list-

csv.txt>

Connected to 172.16.4.182.

59 bytes copied in 0.009 seconds (6319 bytes/sec)

Waiting for download to complete . . .

% Successfully processed 4 properly formatted MAC addresses

This example exports a <mac-list-csv.txt> file tot 172.16.4.182 using tftp protocol.

PerleSCR#mac access-list export <mac-list-csv.txt> url tftp://172.16.4.182/<mac-list-

csv.txt>

Accessing tftp://172.16.4.182//<macs-export-file>

60 bytes copied in 0.003 seconds (21030 bytes/sec)

This example imports and permits MAC addresses from BVI interface 10 into

bridge-mac-list.

PerleSCR#mac access-list import bridge-mac-list interface bvi 10

PerleSCR#interface bvi 10

PerleSCR(config-if)#mac access-group bridge-mac-list permit

Related Commands

show mac

(config-mac-acl)

Syntax Description (config-mac-acl)#

{description <LINE> |

Configure a MAC access-list description.

host src-mac-address

<H.H.H>

}

Configure the source address of the host

you want to add to this list.

Command Modes PerleSCR(config-mac-acl)#

Usage Guidelines

Use this command to enter MAC address to this MAC address list.

Examples

This example adds hsot mac address aaaa.bbbb.cccc to the list.

PerleSCR#host src-mac-addr aaaa.bbbb.cccc

Global Configuration Mode

243

IOLAN SCR1618 RDAC Command Line Reference Guide

management-access

management-access {enable | from-lan | from-wan}

Use the no form of this command to negate a command or set to defaults.

(management-access-LAN)

{

http enable |

Related Commands

show mac

Syntax Description management-access

{enable |

Enables management access.

Default is enabled

from-lan

Allows management access from LAN

devices.

from-wan

Allows management access from WAN

devices.

Command Default LAN—all protocols enabled except SNMP

WAN—all protocols are disabled.

Command Modes PerleSCR(config)#management-access

Usage Guidelines

Use this command to set management access methods per interface.

Management Methods are:

 Enable—All management Access methods for this interface

 HTTP—Enable HTTP (Web) management Access for this interface

 HTTPS—Enable HTTPS (Web) management access for this interface

 Telnet—Enable Telnet management access for this interface

 SSH—Enable SSH management access for this interface

 SNMP—Enable SNMP management access for this interface

Examples

This example sets management access HTTPS off for interface Ethernet 1.

PerleSCR>enable

PerleSCR#config

PerleSCR#management-access from-LAN

Related Commands

(management-access-LAN)

(management-access-WAN)

Global Configuration Mode

244

IOLAN SCR1618 RDAC Command Line Reference Guide

https enable |

snmp enable

ssh enable

telnet enable

}

Use the no form of this command to negate a command or set to defaults.

(management-access-WAN)

{

http enable |

https enable

Syntax Description

(management-access-LAN)

{http enable |

Enables devices connected from the LAN

side with Role set to LAN to use HTTP to

connect to the IOLAN .

https enable

Enables devices connected from the LAN

side with Role set to LAN to use HTTPS to

connect to theIOLAN .

snmp enable

Enables devices connected from the LAN

side with Role set to LAN to use HTTPS to

connect to the IOLAN.

ssh enable

Enables devices connected from the LAN

side with Role set to LAN to use ssh to

connect to the IOLAN.

telnet enable

}

Enables devices connected from the LAN

side with Role set to LAN to use telnet to

connect to the IOLAN.

Command Default All methods are enabled on the LAN side. All

methods are disabled on the WAN side.

Command Modes PerleSCR#management-access-lan

Usage Guidelines

Use this comment to set protocols to allow entry from the LAN side to manage the

IOLAN.

Examples

This example sets management access telnet for LAN devices.

PerleSCR(config)#management-access-lan

PerleSCR(management-access-lan)#telnet enable

Related Commands

(management-access-LAN)

(management-access-WAN)

Global Configuration Mode

245

IOLAN SCR1618 RDAC Command Line Reference Guide

snmp enable |

ssh enable

telnet enable

}

Use the no form of this command to negate a command or set to defaults.

nat66

{prefix outside <X:X:X:X::X:X>/<0-128> any inside <X:X:X:X::X:X>/<0-128>

outside-interface | no-strict

}

Syntax Description

(management-access-WAN)

{http enable |

Enable devices connected from the WAN

side with Role set to WAN to use HTTP to

connect to the IOLAN.

https enable

Enables devices connected from the WAN

side with Role set to WAN to use HTTPS to

connect to the IOLAN.

snmp enable

Enables devices connected from the WAN

side with Role set to WAN to use SNMP to

connect to the IOLAN .

ssh enable

Enables devices connected from the WAN

side with Role set to WAN to use ssh to

connect to the IOLAN.

telnet enable

}

Enables devices connected from the WAN

side with Role set to WAN to use telnet to

connect to the IOLAN.

Command Default All protocols are disabled.

Command Modes

PerleSCR(config)#management-

accessfrom-lan

Usage Guide

Use this command to set protocols to allow entry from the LAN side to manage the

IOLAN.

Examples

Configure management access for wan devices using ssh.

PerleSCR(config)# management-access from-wan

PerleSCR(config-management-access-WAN)# ssh enable

Related Commands

(config-mac-acl)

Global Configuration Mode

246

IOLAN SCR1618 RDAC Command Line Reference Guide

Use the no form of this command to negate a command or set to defaults.

network-watchdog

{router}

Use the no form of this command to negate a command or set to defaults.

Syntax Description nat66

{prefix outside

<X:X:X:X::X:X>/<0-128> any

inside <X:X:X:X::X:X>

/<0-

128> outside-interface | no-

strict

}

Configure parameters for NAT66.

Command Modes PerleSCR(config)#

nat66

Usage Guidelines

Use this command to configure NAT66 parameters. In its simplest form, a NAT66

device is attached to two network links, one of which is an "internal" network link

and the other of which is an "external" network with connectivity to the global

Internet. All of the hosts on the internal network use addresses from a single, locally-

routed prefix, and those addresses are translated to/from addresses in a globally-

route-able prefix as IP packets transit the NAT66 device.

Examples

This example sets any outside packets with an IPv6 header of 2001:db8:0:2::/64 to

be converted to an IPv6 header of 2001:db8:0:12::/64 on outbound interface cellular

PerleSCR(config)#nat66 prefix outside 2001:db8:0:2::/64 inside 2001:db8:0:12::/64

interface cellular 0

Related Commands

show nat66

Syntax Description network-watchdog

{router}

Configure the watchdog timer.

Command Modes PerleSCR(config)#network watchdog

Usage Guidelines

Use this command to enter sub-menu mode for watch dog timer.

Examples

This example takes you to sub-menu mode for watchdog timer feature.

PerleSCR(config)#network-watchdog router

Global Configuration Mode

247

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-network-watchdog)

{

count <1-10> | enable | [fail-action notifications-only | notifications-reset] |

interval <1-180> | response <1-3600> | source-interface [bvi <1-9999>] | [dialer

<A.B.C.D> | <WORD> | <X:X:X:X::X>] | [threshold-count <1-30>]

}

Use the no form of this command to negate a command or set to defaults.

Related Commands

(config-network-watchdog)

Syntax Description

(config-network-watchdog)

{

count <1-10> | enable | [fail-

action notifications-only |

notifications-reset] | interval

<1-180> | response <1-3600> |

source-interface [bvi <1-

9999>] | [dialer <0-15>] | [ |

ethernet <1-18> | [open-tunnel

<0-999>] | [tunnel <0-999>] |

[target <A.B.C.D> | <WORD> |

<X:X:X:X::X>] | [threshold-

count <1-30>]

}

Configure parameters for network

watchdog.

Fail-action

 notify only

 notify and reboot

Interval to wait between tests.

Values are 1 to 180 minutes.

Default: IOLAN is 20 minutes.

Interval to wait between tests.

Values are 1 to 180 minutes.

Default IOLAN is 20 minutes.

Response—Time to wait for a response to

the ping request.

Values are 1 to 3600 seconds.

Default is 5 seconds.

Source-interface—Specify the interface to

send the ping request on (optional).

Values are:

 BVI 1–9999

 dialer 1–15

 ethernet 1–18

 openvpn 0–999

 tunnel 0–999

Target—Enter the target host IPv4, IPv6 or

hostname address.

Threshold count—The consecutive failed

test count to trigger an Fail-action.

Value is 1 to 30

Command Modes PerleSCR(config-network-watchdog)#

Global Configuration Mode

248

IOLAN SCR1618 RDAC Command Line Reference Guide

ntp

{authentication |

authentication-key <1-65534> md5

<WORD> 0 | 7 |

broadcastdelay <1-999999>

logging |

master <1-15> | peer <A.B.C.D> <WORD> <X:X:X:X::X> ip <hostname-of-

peer>

ipv6 <hostname-of-peer> | key <1-65534> | maxpoll <4-17> | minpoll <4-

17> | prefer

| version <1-4> |

server <A.B.C.D> <WORD> <X:X:X:X::X> ip <hostname-of-peer> ipv6

version <1-4> |

trusted-key 1-65534

}

Use the no form of this command to negate a command or set to defaults.

Usage Guidelines

Use this command to configure the Network Watchdog timeout action When

configured, the watchdog feature runs continuous ping tests. Each ping test is be

comprised of one or more ping attempts. If all of the pings in a test fail, the test has

failed, if one ping test passes, the test is considered to have passed.

The watchdog feature is triggered after a successful connection, which is defined as

one successful test. After which your tests will run as defined..

If any of the ping test fail, the IOLAN notifies the user and/or can reset the IOLAN

Examples

This example configures the watchdog timer on Ethernet interface 2 to ping target

host 172.16.1.1 with a count of 10.

(config-network-watchdog)#count 10

(config-network-watchdog)#target 172.16.1.1

PerleSCR(config-network-watchdog)#source interface ethernet 2

PerleSCR(config-network-watchdog)#source interface-interface ethernet 2

Related Commands

show network-watchdog

Syntax Description ntp

{authentication |

Configure authentication of time sources. The

time sources must authenticate with each

other before synchronizing clock time.

Global Configuration Mode

249

IOLAN SCR1618 RDAC Command Line Reference Guide

authentication-key <1-65534>

md5

<WORD> <0 | 7> |

Configure the authentication key to be

exchanged between time sources before clock

synchronizing begins.

0—unencrypted key

7—encrypted key

broadcastdelay <1-999999>

Configure the broadcast delay timer. By

default, the IOLAN sets broadcast delay to

Auto-negotiate. Select the auto-negotiate

broadcast delay off if you wish to set your

own broadcast delay time in microseconds.

Broadcast delay time is the estimated round-

trip delay between the broadcast NTP server

and the IOLAN.

logging

Logs NTP messages to the IOLAN’s internal

log.

master <1-15> | peer

<A.B.C.D> <WORD>

<X:X:X:X::X>

ip <WORD>

ipv6 <WORD>> | key <1-

65534> |

maxpoll <4-17> |

minpoll <4-17> | prefer

version <1-4> |

Configure master or peer as the source clock.

The stratum defines how far away the clock

is away from the Authoritative Time Source.

The highest stratum is 1. It is reserved for

atomic clocks, GPS clocks or radio clock

which generates a very accurate time. This

type of time source is defined as the

“Authoritative time source”. The stratum

defines how many hops a node is from the

“authoritative time source”. Stratum x nodes

are synchronized to stratum x‐1

nodes.Stratum numbers range from 1 to 15.

Configure the IPv4/IPv6 address or hostname

of the NTP peer that you are getting the clock

from. Select prefer to use this NTP source

over another.

A preferred peer's responses are discarded

only if they vary greatly from the other time

sources. Otherwise, the preferred peer is used

for synchronization without consideration of

the other time sources.

Global Configuration Mode

250

IOLAN SCR1618 RDAC Command Line Reference Guide

server <A.B.C.D> <WORD>

<X:X:X:X::X>

ip <WORD>

ipv6 <WORD>> | key <1-

65534> |

maxpoll <4-17> |

minpoll <4-17> | prefer

version <1-4> |

Configure the IPv4/IPv6 address or hostname

of the NTP peer that you are getting the clock

from. Select prefer to use this NTP source

over another. A preferred server’s responses

are discarded only if they vary greatly from

the other time sources. Otherwise, the

preferred server is used for synchronization

without consideration of the other time

sources.

Changes to the polling interval is not

recommended and is discouraged. NTP

dynamically selects the optimal poll interval

between the values of minpoll and maxpoll,

which defaults to 64 and 1024 seconds

respectively and are correct for most

environments.

Shorter values are used to correct large errors

and larger values are to refine accuracy.

Default is minimum poll 64.

Versions 1 to 4 are supported

trusted-key 1-65534

}

Configure a trusted key to be used for trusted

time sources.

Command Modes PerleSCR(config)#ntp

Usage Guidelines

Use this command to distribute and maintain synchronization of time information

between nodes in a network. NTP server uses UTC (Universal Coordinated Time).

When initially launched, it can take NTP as much as 5 minutes to obtain an accurate

time.This is due to the algorithm used to determine what NTP master(s) the IOLAN

should synchronize with. NTP will not synchronize with nodes whose time is

significantly off even if its stratum is lower. During this “settling” period, the

IOLAN may not have the correct time. NTP can usually achieve time

synchronization between two systems in the order of a few milliseconds. This is

achieved with a time transmission rate of as little as one packet per minute.

Examples

PerleSCR(config)#ntp server 172.16.4.181

23:40:31: %NTPD-5: ntpd [email protected] Wed May 18 14:33:49 UTC 2016

(10): Starting

23:40:31: %NTPD-6: Command line: ntpd -n -g

23:40:31: %RSYSLOGD-6:LOGGINGHOST_STARTSTOP: Logging to UDP host

Global Configuration Mode

251

IOLAN SCR1618 RDAC Command Line Reference Guide

policy-map

{

<WORD> |

priority-queue <WORD> |

rate-control <WORD> bandwidth <1-2000000> |

traffic-limit <1-2000000>}

Use the no form of this command to negate a command or set to defaults.

172.16.55.88 port 514 started

23:40:31: %NTPD-6: proto: precision = 3.840 usec (-18)

23:40:31: %NTPD-6: Listen and drop on 0 v6wildcard [::]:123

23:40:31: %NTPD-6: Listen and drop on 1 v4wildcard 0.0.0.0:123

23:40:31: %NTPD-6: Listen normally on 2 lo 127.0.0.1:123

23:40:31: %NTPD-6: Listen normally on 3 Vl1 172.16.113.77:123

23:40:31: %NTPD-6: Listen normally on 4 lo [::1]:123

23:40:31: %NTPD-6: Listen normally on 5 Gi2 [fe80::6ac9:bff:fec1:58da%4]:123

23:40:31: %NTPD-6: Listen normally on 6 Gi1 [fe80::6ac9:bff:fec1:58d9%3]:123

23:40:31: %NTPD-6: Listen normally on 7 eth0 [fe80::6ac9:bff:fec1:58d8%2]:123

23:40:31: %NTPD-6: Listening on routing socket on fd #38 for interface updates

23:40:31: %NTPD-3: Unable to listen for broadcasts, no broadcast interfaces

available

23:40:31: %NTPD-6: 0.0.0.0 c01d 0d kern kernel time sync enabled

23:40:31: %NTPD-6: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM

23:40:31: %NTPD-6: 0.0.0.0 c011 01 freq_not_set

23:40:31: %NTPD-6: 0.0.0.0 c016 06 restart

PerleSCR(config)#ntp status

Clock is synchronized, stratum 12, reference is 172.16.4.180

Precision is 2**-18 s

Reference time is dae84dc5.33013328 (Thu, May 19 2016 10:35:49.199)

Clock offset is 7.595002 msec, root delay is 0.439 msec

Root dispersion is 7956.293 msec

Related Commands

show ntp

Syntax Description policy-map

{<WORD> |

Specifies the name of the policy map to be

created or modified.

priority-queue <WORD>

Configure priority-queue policy-map. See

(config-pmapPQ)

rate-control

<WORD>

bandwidth

<1-2000000> |

Configure rate-control policy-map.

See (config-pmapRC)

traffic-limit

<1-2000000>}

Configure traffic-limit policy-map.

See ((config-pmapTL)

Global Configuration Mode

252

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-pmap)

{

bandwidth <1-2000000> |

class <1-4094> | default |

description <LINE>}

Use the no form of this command to negate a command or set to defaults.

Command Modes PerleSCR(config)#policy-map

Usage Guidelines

Use this command to create a policy-map. A policy map references class maps and

identifies a series of actions to perform based on the traffic match criteria. A policy

map essentially defines a policy stating what happens to traffic that has been

classified using class maps and ACLs.

Your IOLAN provides you with three mechanisms for configuring Quality of Service

(QOS).

1) Priority-queuing—packets are placed in queues, high priority packets are sent

first.

2) Rate-control—rate control is a classless policy that limits the packet flow to a set

rate. Traffic is filtered based on the expenditure of tokens. Tokens roughly

correspond to bytes. Short bursts can be allowed to exceed the limit. On creation, the

Rate-Control traffic is stocked with tokens which correspond to the amount of traffic

that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full.

3) Traffic-limiting—traffic limiting is a mechanism that can be used to "police"

incoming traffic. The mechanism assign each traffic flow a bandwidth limit. All

incoming traffic within a flow in excess of the bandwidth is dropped.This policy can

be applied to both ingress and egress packets.

Examples

Creates a policy-map called test-policy.

PerleSCR(config)# policy-map test-policy

PerleSCR(config-pmap

Related Commands

(config-pmap)

(config-pmap-c)

(config-pmapRC)

(config-pmapPQ)

(config-pmapPQ-c)

(config-pmapTL)

Syntax Description

(config-pmap)

{

bandwidth <1-2000000> |

Configure the available bandwidth in Kbps

for this policy.

Default is to match interface speed.

Global Configuration Mode

253

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-pmap-c)

{bandwidth <1-2000000> | percent <1-100> |

burst <1-20000> |

ceiling <1-2000000> | percent <1-100>

codel-flows <1-4294967295> |

codel-interval <1-4294967295> |

codel-quantum <1-4294967295> |

codel-target <1-4294967295> |

description <LINE> |

queue-limit <1-4294967295> |

queue-type <1-4294967295> |

set-dscp <0-63>}

Use the no form of this command to negate a command or set to defaults.

class

<1-4094> | default |

Configure a class identifier.

Values are 1–4094

description <LINE>

}

Configure policy map description.

Command Modes PerleSCR(config-pmap)#

Usage Guidelines

Configure parameters for his policy map.

Examples

Configures class identifier as 10.

PerleSCR(config-pmap)#class 10

PerleSCR(config-pmap-c)#

Related Commands

policy-map

(config-pmap-c)

Syntax Description

(config-pmap-c)

{

bandwidth <1-2000000> |

Configure the base guaranteed bandwidth for

this traffic class

(in Kbps or in percent). Bandwidth must be

below the entire bandwidth set for this policy.

burst <1-20000>

Configure the burst size for this class.

Values are 1 to 20000 in Kbytes

Default is 15 Kbytes

Global Configuration Mode

254

IOLAN SCR1618 RDAC Command Line Reference Guide

ceiling <1-2000000> | percent

<1-100>

Configure a bandwidth ceiling for a traffic

class in Kbps.

 Percentage based on interface physical

rate

 Must be equal or greater then specified

bandwidth

Default is 100 percent of bandwidth if no

ceiling specified.

codel-flows <1-4294967295>

Configure the number of flows into which the

incoming packets are classified.

Values are 1 to 4294967295

Default is 1024

codel-interval <1-

4294967295>

Configure the interval to the measured

minimum delay as not to become stale. It

should be set on the order of the worst-case

round trip time (RTT) through the bottleneck

to give endpoints sufficient time to react.

Values are 1 to 4294967295 milliseconds.

Default is 100 milliseconds.

codel-quantum <1-

4294967295>

Configure the maximum amount of bytes

dequeued from a queue at once.

Values are 1 to 4294967295

Default is 1514

codel-target <1-4294967295>

Configure the minimum standing/persistent

queue delay.

Values are 1 to 4294967295 milliseconds

Default is 5 milliseconds

description <LINE>

Configure a description for this traffic class.

queue-limit <1-4294967295>

Configure the maximum size for this traffic

class.

Values are 1 to 4294967295 milliseconds

Default is none

queue-type

Configure the type of queuing to use for this

traffic class.

 fq-code1

 fair-queue

 drop-tail

 priority

 random-detect

Default is fair-queue

Global Configuration Mode

255

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-pmapRC)

{bandwidth <1-2000000> |

burst <1-20000> |

description <LINE>

latency <1-5000>}

Use the no form of this command to negate a command or set to defaults.

set-dscp <0-63>

}

Rewrites the DSCP field in packets in this

traffic class to the specified value.

Values are 0–63

Default is none

Command Modes PerleSCR(config-pmap)#

Usage Guidelines

Use this command to specify the Quality of Service (QoS) settings applied to the

default class. You configure your default traffic in the same way you do with a class.

Default is considered a class as it behaves like that. It contains any traffic that did not

match any of the defined classes, so it is like an open class, a class without matching

filters.

Examples

Set the queue type for this traffic class to random-detect.

PerleSCR(config-pmap)#class 10

PerleSCR(config-pmap-c)#queue-type random-detect

Related Commands

policy-map

(config-pmap)

Syntax Description

(config-pmapRC)

Global Configuration Mode

256

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-pmapPQ)

{

class <1-7> | default |

description <LINE>}

Use the no form of this command to negate a command or set to defaults.

{bandwidth <1-2000000> | Changes configured bandwidth limit.

burst <1-20000> | Configure a burst size in kbytes.

Default is 15Kbps

description <LINE>

Configure a Policy-Map Rate-Control

description.

latency <1-5000>

}

Configure the limit on queue size. This is the

maximum amount of time a packet can sit in

the Token Bucket Filter. Packets with more

latency then this value will be dropped since

they are no longer considered useful.

Value is 1 to 500 milliseconds

Default is 50 milliseconds

Command Modes PerleSCR(config-pmapRC#

Usage Guidelines

Use this command to configure parameters for Rate-control policy. This policy is

egress only.

Rate Control is a classless policy that limits the packet flow to a set rate. It provides

queuing on the Token Bucket filter algorithm. This algorithm only passes packets

arriving at a rate which does not exceed an administratively set rate. Traffic is

filtered based on the expenditure of these tokens.

Tokens roughly correspond to bytes. Short bursts can be allowed to exceed the limit.

Once created, the rate control traffic is stocked with tokens which correspond to the

amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the

bucket is full—newly arriving tokens are discarded. To send a packet, the regulator

must remove from the bucket a number of tokens equal in representation to the

packet size.

Examples

Set the latency for this rate-control policy to 100 milliseconds.

PerleSCR(config)#policy-map rate-control factory-RC bandwidth 2000

PerleSCR(config-pmapRC)#latency 100

Related Commands

policy-map

Syntax Description

(config-pmapPQ)

Global Configuration Mode

257

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-pmapPQ-c)

{codel-flows <1-4294967295> |

codel-interval <1-4294967295> |

codel-quantum <1-4294967295> |

codel-target <1-4294967295> |

description <LINE> |

queue-limit <1-4294967295> |

set-dscp <0-63>

}

Use the no form of this command to negate a command or set to defaults.

{class <1-7> | default |

Configure a priority queue class identifier.

description <LINE>

}

Configure the description of this Priority

Queue policy-map.

Command Modes PerleSCR(config-pmapPQ#

Usage Guidelines

Use this command to create a Priority-Queue Policy map. This policy is egress only.

Your IOLAN has four types of outbound traffic queues based on priority: low,

normal, medium, and high. These outbound traffic queues are divided into seven

priority queues (see table below). The queue priority determines the order of exit for

packets in the queue. For example, the packets in a high priority (6–7) queue leave

the IOLAN before packets in other queues. If packets continually fill the higher

priority queues, those waiting in lower priority queues will not be serviced until the

higher priority traffics load finishes.

Examples

This example creates a priority queue called important with a class identifier of 7.

PerleSCR(config)#policy-map priority-queue priority

PerleSCR(config-pmapPQ)class 7trricky sok

Related Commands

policy-map

(config-pmapPQ-c)

Syntax Description

(config-pmapPQ-c)

Global Configuration Mode

258

IOLAN SCR1618 RDAC Command Line Reference Guide

{codel-flows <1-4294967295> | Configure the number of flows into which

the incoming packets are classified.

Values are 1 to 4294967295

Default is 1024

codel-interval <1-

4294967295> |

Configure the interval to the measured

minimum delay so as not to become stale. It

should be set on the order of the worst-case

round trip time (RTT) through the

bottleneck to give endpoints sufficient time

to react.

Values are 1 to 4294967295 milliseconds.

Default is 100 milliseconds.

codel-quantum <1-

4294967295> |

Configure the maximum amount of bytes

dequeued from a queue at once.

Values are 1 to 4294967295

Default is 1514

codel-target <1-4294967295> | Configure the minimum standing/persistent

queue delay.

Values are 1–4294967295 milliseconds

Default is 5 milliseconds

description <LINE> | Configure a policy map class description.

queue-limit <1-4294967295> | Configure maximum queue size in packets.

queue-type drop-tail | fair-

queue | fq-code1 | priority |

random-detect |

Specifies the type of queuing to use for this

traffic class.

 Drop Tail

 Fair-queuing

 fqcode1

 priority

 random-detect

Global Configuration Mode

259

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-pmapTL)

{

class <1-4094> bandwidth <1-2000000> | default |

description

<LINE>}

Use the no form of this command to negate a command or set to defaults.

set-dscp <0-63>

}

Rewrites the DSCP field in packets in this

traffic class to the specified value.

Values are 0–63

Default is none

Command Modes PerleSCR(config-pmapPQ-c)#

Usage Guide

Use this command to set parameters for your defined priority queue policy map.

Examples

This example sets the queue-type to fair-queue.

PerleSCR(config)#policy-map priority-queue priority-voice

PerleSCR(config-pmapPQ)#class 1

Related Commands

policy-map

Syntax Description

(config-pmapTL)

{

class <1-4094> | default |

Configure a priority queue class identifier or

default.

description <LINE>

}

Configure the description of this Traffic

Limiting policy-map.

Global Configuration Mode

260

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-pmapTL-c)

{

class <1-4094> bandwidth <1-2000000> | default |

description

<LINE>}

Use the no form of this command to negate a command or set to defaults.

Command Modes PerleSCR(config-pmapTL)#

Usage Guidelines

Use this command to configure the parameters for policy map.This traffic policy

mechanism is to "police" in coming traffic. The mechanism assign each traffic flow a

bandwidth limit. All incoming traffic within a flow in excess of the bandwidth is

dropped.This policy can be applied to both ingress and egress packets.

Examples

Creates a policy-map called test-policy.

PerleSCR(config)# policy-map test-policy

PerleSCR(config-pmap

Related Commands

policy-map

Syntax Description

(config-pmapTL-c)

{

bandwidth <1-2000000> |

Specifies the base guaranteed

bandwidth for this traffic class

(in Kbps or in percent).

Bandwidth must be below the

entire bandwidth set for this

policy.

burst <1-20000>

Configure the burst size for this

class.

Values are 1 to 20000 in Kbytes

Default is 15 Kbytes

description

Configure the description of this

Traffic Limiting policy-map.

priority

Specifies the order of evaluation

of matching rules (the higher the

value, the lower the priority).

Values are 0 to 20

Default is 20

Command Modes PerleSCR(config-pmapTL-c)#

Global Configuration Mode

261

IOLAN SCR1618 RDAC Command Line Reference Guide

power-supply

power {dual}

Use the no form of this command to negate a command or set to defaults.

radius

{server <WORD>}

Use the no form of this command to negate a command or set to defaults.

Examples

This example sets the bandwidth to 20000 for this traffic class.

PerleSCR(config)#policy-map traffic-class test-traffic

PerleSCR(config-pmapTL-c)#class 10

PerleSCR(config-pmapTL-c)#bandwidth 20000

Related Commands

policy-map

Syntax Description power-supply

{dual}

Enables the monitoring of both power

supplies.

Command Modes PerleSCR(config)#power-supply dual

Examples

This example shows you how to configure to monitor for both power supplies.

PerleSCR(config)# power-supply dual

Related Commands

show environment

Syntax Description radius

{server <WORD>}

Configure RADIUS server name.

Command Modes PerleSCR(config)#radius

Usage Guidelines

Use this command to configure the RADUIS server name.

Examples

This example configures the RADIUS server name.

PerleSCR(config)#radius server testrad

Global Configuration Mode

262

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-radius-server)

{

address ipv4 <A.B.C.D> | acct-port <0-65536> | auth-port <0-65536> |

key 0 <WORD> | 7 <WORD> | <WORD> |

retransmit <1-100> |

timeout <1-1000>}

Use the no form of this command to negate a command or set to defaults.

radius-server

radius {deadtime <1-1440> |

key 0 <WORD>7 <WORD> | <WORD>

Related Commands

clear radius

show radius

Syntax Description

(config-radius-server)

{

address ipv4 <A.B.C.D>

acct-port <0-65536> | auth-

port <0-65536>

Configure the RADIUS server address.

Default port for authentication is 1812

Default port for accounting is 1813

key 0 <WORD> | 7 <WORD> |

<WORD>

Configure an encryption key to be shared

with the RADIUS servers.

retransmit <1-100>

Configure the number of retries to the active

RADIUS server.

Values are

timeout <1-1000>

}

Configure the time to wait for the RADIUS

server to reply.

Values are 1–1000

Default is 5 seconds

Command Modes PerleSCR(config-radius-server)#

Usage Guidelines

Use this command to configure RADUIS parameters.

Examples

This example sets the timeout to 30 seconds to wait for a reply from a RADIUS

server.

PerleSCR(config-radius-server)#timeout 5

Related Commands

clear radius

show radius

Global Configuration Mode

263

IOLAN SCR1618 RDAC Command Line Reference Guide

retransmit <1-100> |

timeout <1-1000>}

Use the no form of this command to negate a command or set to defaults.

remote-management

Syntax Description radius-server

{deadtime <1-1440> |

Sets the time the IOLAN ignores

unresponsive RADIUS servers.

key 0 <WORD>7 <WORD> |

<WORD>

Configure an encryption key to be shared

with the RADIUS servers.

retransmit <1-100>

Configure the number of retries to the

active RADIUS server.

timeout <1-1000> Configure the time to wait for the RADIUS

server to reply.

Command Modes PerleSCR(config)#radius-server

Usage Guidelines

Use this command to configure RADUIS server parameters.

Examples

This example sets the radius server name.

PerleSCR(config)#radius-server

Related Commands

clear radius

show radius

Syntax Description remote-management

Command Modes PerleSCR(config)#remote-management

Usage Guidelines

Use this command to enter sub-command mode for remote management

configuration.

Examples

This example enables remote management config mode.

PerleSCR(config)#remote-management

PerleSCR(config-remote-mgmt)#

Global Configuration Mode

264

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-remote-mgmt)

{

restful-api cookie-max-age |

http local-port <80, 1025-65535>

https local-port <443, 1025-65535>

jwt [claims aud <WORD> | exp <1-3153600> | iat <WORD> | iss <WORD> | jti

es512 | hs256 | hs356 | hs512 | ps256 | ps 384 | ps512 | rs256 | rs384 | rs512 | none]

| key import terminal

}

Use the no form of this command to negate a command or set to defaults.

Related Commands

(config-remote-mgmt)

Syntax Description

(config-remote-mgmt)

{

restful-api cookie-max-age |

Enables set-cookie based authentication.

Values are 1 to 20160 (14 days)

Default is 1440 minutes (24 hours)

http local-port

If enabled, the IOLAN accepts and

responds to HTTP Restful client requests.

Values for local port are 80, 1025 to 65535

Default local port is 8080

Default is Disabled

https local-port

If enabled, the IOLAN accepts and

responds to HTTPS Restful client requests.

Values for the local port are 443, 1025 to

65535

Default is Disabled

jwt [claims aud <WORD> |

exp <1-3153600> | iat

<WORD> | iss <WORD> | jti

<WORD> | nbf <1-31336000> |

sub <WORD>] | jws algorithm

es256 | es384 | es512 | hs256 |

hs384 | hs512 | ps256 | ps 384 |

ps512 | rs256 | rs384 | rs512 |

none] | key import terminal

}

Claim sets:

aud: audience—identifies the recipients

that the JWT is intended for. This tends to

be the "client id" or "client key" of the

application that the JWT is intended to be

used by. It allows the client to verify that

the JWT was sent by someone who actually

knows who they are.

exp: expiration time—identifies the

expiration time on and after which the JWT

must not be accepted for processing

Values are 1–3153600 seconds

Default is 3153600 seconds

Global Configuration Mode

265

IOLAN SCR1618 RDAC Command Line Reference Guide

route-map

{<WORD> <1-65535> [deny <1-65535> | permit <1-65535>]}

iat: issued at—identifies the time on which

the JWT will start to be accepted for

processing

iss: issuer—identifies principal that issued

the JWT

jti: JWT ID—case sensitive unique

identifier of the token

nbf: not before—JWT will start to be

accepted for processing at this time

Values are 1–3156000 seconds

sub: subject—identifies the subject of the

JWT

Algorithm types:

 es256

 es384

 es512

 hs256

 hs384

 hs512

 ps256

 ps384

 ps512

 none

key—import the key via the terminal

screen. To end entry type "quit" on a blank

line by itself.

Command Modes

PerleSCR(config-remote-mgmt)#

Usage Guidelines

Use this command to configure RESTful API options.

JSON Web Token (JWS) is an Internet standard way to securely transfer information

between devices as a JSON object. This information can be verified and trusted

because it is digitally signed. JSON Web Tokens (JWTs) can be signed using an

algorithm or a public/private key pair.

Examples

This example sets the local port for HTTPS to 1025.

PerleSCR(config-remote-mgmt)#restful-api https local-port 1025

Global Configuration Mode

266

IOLAN SCR1618 RDAC Command Line Reference Guide

Use the no form of this command to negate a command or set to defaults.

(config-route-map)

{

call <WORD> |

continue <1-65535> |

description <LINE> |

match | [as-path <WORD>] | [community <1-500>] | [extcommunity <1-500>] |

[openvpn-tunnel <0-999>] | [tunnel <0-999>] | [ip address <1-199> | <1300-2699>

| igp | unknown] | [peer <A.B.C.D>] | [tag <1-65535>]

on-match goto <1-65535> | next |

set aggregator as <1-4294967295> <A.B.C.D>] | [as-path exclude <1-

4294967295> | prepend <1-4294967295>] | [atomic-aggregate] | comm-list <1-

advertise | no export] | [ext-community rt <AA:NN> | soo <AA:NN>] | [ip

nexthop <A.B.C.D>] | [ipv6 nexthop global <X:X:X:X::X> | local <X:X:X:X::X>]

| local-preference <0-4294967295> | metric <1-4294967295> | [metric-type <type-

1> | <type-2>] | [origin epg | igp | unknown] | [originator-id <A.B.C.D>] | [src

<A.B.C.D>] | [tag <1-65535>] | [weight <0-4294967295>]

}

Use the no form of this command to negate a command or set to defaults.

Syntax Description route-map

{<WORD> <1-65535> [deny

<1-65535> | permit <1-

65535>]

}

Insert, delete, deny, or permit from existing

route map table.

Command Modes

PerleSCRconfig)#route-map

Usage Guidelines

Use this command to create route maps or enter route map command mode.

Examples

This example creates a route map called test-route.

PerleSCR(config)#route-map test-route

Related Commands

show route-map

(config-route-map)

Syntax Description

(config-route-map)

Global Configuration Mode

267

IOLAN SCR1618 RDAC Command Line Reference Guide

{call <WORD> |

Calls to another route map.

continue <1-65535>

Calls to another rule within the current

route map. The new route map rules is

called after all set actions specified in the

route map rule have been performed.

description <LINE>

Configure a route map description.

match

| [as-path <WORD>] |

[community <1-500>] |

[extcommunity <1-500>] |

[interface bvi <1-9999>] | [|

[dialer <0-15>] | [ | [ethernet

<1-18> . <1-4000>] |

[openvpn-tunnel <0-999>] |

[tunnel <0-999>] | [ip address

<1-199> | <1300-2699> |

prefix-list] | [ipv6 <WORD> |

prefix-list] | [metric <1-

4294967295>] | [origin egp |

igp | unknown] | [peer

<A.B.C.D>] | [tag <1-65535>]

Defines a match condition based on

parameter.

on-match goto <1-65535> |

Specifies an alternative exit policy for a

route map.

set aggregator as <1-

4294967295> <A.B.C.D>] | [as-

path exclude <1-4294967295>

| prepend <1-4294967295>] |

[atomic-aggregate] | comm-list

<1-500> delete] | [community

<1-4294967295> | <AA:NN> |

internet | local-as | no-

advertise | no export] | [ext-

community rt <AA:NN> | soo

<AA:NN>] | [ip nexthop

<A.B.C.D>] | [ipv6 nexthop

global <X:X:X:X::X> | local

<X:X:X:X::X>] | local-

preference <0-4294967295> |

metric <1-4294967295> |

[metric-type <type-1> | <type-

2>] | [origin epg | igp |

unknown] | [originator-id

<A.B.C.D>] | [src <A.B.C.D>] |

[tag <1-65535>] | [weight <0-

4294967295>]

}

Configure values in destination routing

protocol.

aggregator—modifies the BGP

aggregator attribute of a route. Specify the

ASN number or the IP address of the

aggregator.

as-path—excludes—removes the AS

path from a BGP AS-path attribute (up to

10 numbers)

as-path—prepend—prepends to the AS

path of the route (up to 10 numbers)

atomic-aggregate—sets the atomic

aggregate attribute in a route

comm-list—set the BGP community list

for deletion

community—

community number—configure the

community number or AA:NN

Global Configuration Mode

268

IOLAN SCR1618 RDAC Command Line Reference Guide

router

{bgp <1-4294967295> |

ospf

rip

}

internet—internet (well know

community)

local-AS—do not send outside local AS

no-advertise—do not advertise to any peer

no-export—do not export to next AS

ip—modifies the next hop destination of a

route

ipv6—modifies the IPv6 next-hop

destination of a route.

ocal-preference—modifies the BGP

local-pref attribute in a route

metric—modifies the metric of a route

metric-type—specifies the OSPF external

metric-type for a route

origin—modifies the BGP origin code of

a route

originator-id—modifies the BGP

originator ID attribute of a route

src—modifies th BGP source address for

the route

tag—modifies the OSPF tag value of a

route

weight—modifies the BGP weight of a

route

Command Modes

PerleSCR(config-route-map)#

Usage Guidelines

Use this command to configure route map parameters.

Examples

This rule defines a match rule for community list BGP 50.

PerleSCR(config-route-map)#match community 50

Related Commands

show route-map

Global Configuration Mode

269

IOLAN SCR1618 RDAC Command Line Reference Guide

Use the no form of this command to negate a command or set to defaults.

Syntax Description router

{bgp <1-4294967295> |

Configures Broader Gateway Protocol (BGP)

routing protocol on the IOLAN. If using your

router to connect to the Internet, BGP should

be enabled.

Configure the autonomous system number

(ASN) is a unique number that's available

globally to identify an autonomous system

and which enables that system to exchange

exterior routing information with other

neighboring autonomous systems.

Your service provider will assign you the first

three digit for ASN, the last two digits should

be unique.

Values are 1–4294967295

ospf

Configure OSPF routing protocol on

theIOLAN.

Open Shortest Path First (ospf) is a protocol

used to find the best paths for packets as they

pass through a set of connected networks.

OSFP was designed to replace the RIP

protocol as it optimizes the updating up of the

routing table. OSPF should be enabled on

your IOLAN.

rip

}

Configure RIP routing protocol on the

IOLAN.

Routing Information Protocol (rip). Older

protocol for finding the shortest path for

routing information using a routing

metric/hop count algorithm. RIP should be

enabled on your IOLAN if there are older

routers on your network that need to use RIP.

Command Modes PerleSCR(config)#router

Usage Guidelines

Use this command to select the routing protocol for your IOLAN.

Examples

This example sets the routing protocol to BGP.

PerleSCR(config)#router bgp 10

Global Configuration Mode

270

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-router)—BGP

{

bgp address-family ipv4 | ipv6 unicast |

aggregate address <A.B.C.D> <A.B.C.D> as-set | summary-only |

bgp always-compare-med | [bestpath as-path | confed | ignore] | [compare-

router-id | [med confed | missing-as-worst] | [client-to-client reflection] | [cluster-

id <1-4294967295> <A.B.C.D>] | [confederation identifier <1-4294967295> |

peers <1-4294967295> <1-4294967295>] | [dampening <1-45> | <1-20000> | <1-

20000> | <1-255>] | [deterministic-med] | [enforce-first-as] | [fast-external-

failover] | [graceful-restart stalepath-time <1-3600>] | [log-neighbor-changes] |

[network import-check] | [router-id <A.B.C.D>] | [scan-time <5-60>] |

distance <1-255> <A.B.C.D> <A.B.C.D/nn> | bgp distance <1-255> <1-255> <1-

255> |

maximum-paths <1-64> ibgp <1-64> |

neighbour <A.B.C.D> <X:X:X:X::X> advertisement-interval <0-600> | allowas-

[capability dynamic | orf prefix-list both | receive | send] | [default originate

route-map <NAME>] | [description <LINE>] | [disable-connected-check |

[distributed-list <1-99> in | out <1300-2699> in | out] | [dont’t-capability-

negotiate] | [ebgp-multihop <1-255>] | [filter-list <WORD>] | [local-as <1-

4294967295> no-prepend] | [maximum-prefix <1-4294967295>] | [next-hop-self]

[prefix-list <WORD>] | [remote-as <1-4294967295>] | remove-private-as | [route-

map <WORD> in | out] | [route-reflector -client] | [route-server-client] | [send-

[strict-capability-match] | [timers <0-65535> <0-65535> | connect <0-65335>] |

[ttl-security] | [unsuppress-map <WORD>] | update-source interface bvi <1-

999> | tunnel <0-999> | <X:X:X:X::X>] | weight <1-65335>

network <A.B.C.D> <A.B.C.D> | backdoor | route-map <WORD> |

timers bgp <0-65535> <0-65335>

}

Use the no form of this command to negate a command or set to defaults.

Related Commands

show ip ospf

show ip rip

Syntax Description

(config-router)

{

bgp address-family ipv4 |

ipv6 unicast

Enters address family mode.

Global Configuration Mode

271

IOLAN SCR1618 RDAC Command Line Reference Guide

aggregate address <A.B.C.D>

<A.B.C.D> as-set | summary-

only

Specifies the block of addresses to be

aggregated.

as-set—specifies that the routes resulting

from the aggregation include the AS-set.

summary-only—specifies that aggregated

routes are summarized. These routes will

not be advertised.

Global Configuration Mode

272

IOLAN SCR1618 RDAC Command Line Reference Guide

bgp always-compare-med |

[bestpath as-path confed |

ignore] | [compare-router-id] |

[med confed | missing-as-

worst] | [client-to-client

reflection] | [cluster-id <1-

4294967295> <A.B.C.D>] |

[confederation identifier <1-

4294967295> | peers <1-

4294967295> <1-

4294967295>] | [dampening

<1-45> | <1-20000> | <1-

20000> | <1-255>] |

[deterministic-med] | [enforce-

first-as] | [fast-external-

failover] | [graceful-restart

stalepath-time <1-3600>] |

[log-neighbor-changes |

network import-check |

[router-id <A.B.C.D>] | [scan-

time <5-60>] |

Configure BGP parameters.

always-compare—directs the IOLAN to

compare the MED for paths from

neighbors in different autonomous

systems.

Default is disabled

best-path

as-path [confed | ignore]—directs the

IOLAN to compare the AS paths during

best-path selection

Default is does not compare

compare-router-id—directs the IOLAN

to compare identical routes received from

different external peers during best path

selection

Default is does not compare

med confed | missing-as-worst—direct the

IOLAN to compare the Multi Exit

Discriminator (MED) among paths learned

from confederation peers during best path

selection

client-to-client reflection—enables or

disables route reflection from a BGP route

reflector to clients.

Default is disabled

cluster-id—sets the cluster ID for a BGP

route reflection cluster as a 32 bit number

Values are 1–4294967295 or IP address

Default is none

confederation identifier | peers—Defines

a BGP confederation.

Values are AS number 1–4294967295

Peers range from 1–4294967295 to 1–

4294967295

Values are 128 peers

dampening—enables or disables route

dampening and sets IOLAN dampening

value.

half-life—1 to 45 mins

Default is 15 mins

reusing-route—1 to 20000

Default is 750

start-suppress-time—to 20000

Default is 20000

Global Configuration Mode

273

IOLAN SCR1618 RDAC Command Line Reference Guide

max-suppress-time—1 to 255

Default is 4 x of half life

deterministic-med—enables of disables

enforcing of deterministic MED

enforce first-as—forces eBGP peers to list

AS number at the beginning of the

AS_path attribute in coming updates

Default is disabled

fast-external-failover —immediately reset

session if a link to a directly connected

external peer goes down

Default is disabled

graceful-restart—enables or disables

grateful restart of the BGP process

Default is enabled

Grateful stale-time is 1-3600 seconds

Graceful stale time default is 360 seconds

log-neighbor-changes—log neighbor

up/down and reset reason

Default is disable

network import-check—check BGP

network route exists in IGP

Default is enabled

router-id—configure a fixed BGP router

ID for the router, overriding the automate

ID selection process

Default automatically selected by BGP

scan-time—-configure the scanning

interval for the IOLAN

Values 5 to 60

Default is 60 seconds

Global Configuration Mode

274

IOLAN SCR1618 RDAC Command Line Reference Guide

distance <1-255> <A.B.C.D>

<A.B.C.D/nn> | bgp distance

<1-255> <1-255> <1-255> |

Enter an Administrative Distance.

(AD) is a value that yourIOLAN uses to

select the best path when there are two or

more different routes to the same

destination from two different routing

protocols. Administrative distance is the

reliability of a routing protocol. A static

route is normally set too 1. The smaller the

administrative distance value, the more

reliable the protocol. Administrative

Distance is locally significant, it is not

advertised to the network.

Range is 1-255 (with 1 being the most

reliable) and 255 is route not used or

unknown

Configure a source IP prefix address and

mask.

BGP distance

Distance for external router to AS

Values are 1 to 255

Default 20

Distance for internal outer to AS

Values 1 to 255

Default is 200

Distance for local router

Value 1 to 255

Default 200

maximum-paths <1-64> ibgp

<1-64> |

Configure the maximum number of

eBGP/iBGP paths to a destination.

ebgp values are 1 to 255

Default is 1

ibgp values are 1 to 255

Default is 1

Global Configuration Mode

275

IOLAN SCR1618 RDAC Command Line Reference Guide

neighbour <A.B.C.D>

<X:X:X:X::X>

[advertisement-interval <0-

600>] | [allowas-in <1-10>] |

asoverride | [attribute-

unchanged as-path | med |

next-hop] | [capability

dynamic | orf prefix-list both |

receive | send] | [default

originate route-map

<NAME>] | [description

<LINE>] | [disable-connected-

check] | [distributed-list <1-

99> in | out <1300-2699> in |

out] | [dont’t-capability-

negotiate] | [ebgp-multihop

<1-255>] | [filter-list

<WORD>] | [local-as <1-

4294967295> no-prepend] |

[maximum-prefix <1-

4294967295>] | [next-hop-self]

| [override-capability] |

[passive] | [password <LINE>]

| [port <1-65535>] | [prefix-list

<WORD> in | out] | [remote-as

<1-4294967295>] | [remove-

private-as] | [route-map

<WORD> in | out] | [route-

reflector -client] | [route-

server-client] | [send-

community both | extended |

standard] | [shutdown] | [soft-

reconfiguration] | [strict-

capability-match] | timers <0-

65535> <0-65535> | connect

<0-65535>] | [ttl-security hops

<1-254> | [unsuppress-map

<WORD> | update-source

interface bvi <1-9999> | |

dialer <0-15> | | ethernet <1-

18> . <1-4000> | openvpn-

tunnel <0-999> | tunnel <0-

999> | <X:X:X:X::X>] |

[weight <1-65335>]

Configure neighbor configuration.

neighbor address—specify an IPv4 or

IPv6 address.

advertisement-interval—configure the

minimum interval between sending BGP

routing updates.

Values 0 to 600

Default eBGP is 30 secs

Default iBGP peers is 5 seconds

allowas-in—allows or disallows receiving

BGP advertisements containing the AS

path of the local router.

Default readvertisement is disabled.

Default is 3

as-override—override ASN’s in outbound

updates if AS–path equals remote–AS.

Only applies to eBGP neighbor.

Default is disable

attribute-unchange—allows the IOLAN

to send updates to a neighbor with

unchanged attributes.

Value is on for all if no option provided

Default is disabled

capability—advertise dynamic capability

to this neighbor.

Default is session is brought up with

minimal capability on both sides

capability orf prefix-list [both | receive |

send]—advertises support for Outbound

Route Filtering (OFR) for updating BGP

capabilities advertised and received from

this neighbor.

Default is the session is brought up with

minimal capability on both sides.

default-originate—enables or disables

forwarding of the default route to a BGP

neighbor.

Default is disabled

Description—provide a description for a

BGP neighbor.

disable-connected-check—Enables a

directly connected eBGP neighbor to peer

using a loopback address without adjusting

the default TTL of 1.

Default is off

Global Configuration Mode

276

IOLAN SCR1618 RDAC Command Line Reference Guide

distributed-list—applies an access list to

filter inbound/outbound routing updates

from this neighbor.

Default is none

dont’t capability-negotiate—disables

BGP capability negotiation

Default is capability negotiation is

performed.

ebgp-mulihop—Allows you to establish

eBGP peer relationships between routers

that aren’t directly connected to one

another.

Default is only directly connected

neighbors are allowed

filter-list—applies an AS–path list to

routing updates to this neighbor

Default is none

local-as—defines a local autonomous

system number for eBGP peering

Default is none

maximum-prefixes—configure the

maximum number of prefixes to accept

from this neighbor before that neighbor is

taken down.

Values are 1–4294967295

Default is none

next-hop-self—sets the local router as the

next ho for this neighbor

Default is disable

over-ride-capability—overrides capability

negotiation to allow a peering session to be

established with a neighbor that does not

support capabilities negotiation

Default is a session cant be established if

the neighbor does not support capability

negotiation

passive—directs the router not to initiate

connections with this neighbor

password—Configure a BGP MD5

password

Default is none

port—specifies the port on which the

neighbor is listening for BGP signals

Values are 1 to 65535

Default port is 179

Global Configuration Mode

277

IOLAN SCR1618 RDAC Command Line Reference Guide

prefix-list- applies this prefix list filter

updates to/from this neighbor

Default is none

remote-as—Configure the autonomous

system number of the neighbor.

Default is none

remove-private-as—directs the IOLAN to

remove private AS numbers from updates

sent to this neighbor (eBGP only)

Default is disable (do not remove)

route-map—applies a route map to filter

updates to/from this neighbor

Default is none

route-reflector—specify this neighbor as

a route reflector client (iBGP only)

Default is disabled

route-server-client—specify this neighbor

as a route server client

Default is disable

send-community—enables or disables the

sending of community attributes to the

specified neighbor

Value— no type specified send standard

attributes

Default is both

shutdown—administratively shuts down a

BGP neighbor

Default is disabled

soft-reconfiguration—directs the IOLAN

to store received routing updates

strict-capability-match—directs the

router to strictly match the capabilities of

the neighbor

Default is disable

timers—

keepalive interval

Values are 0–-65535

Default is 60 seconds

holdtime

Value are 0-65535

Default is 180 seconds

connect

Values are 0-65535

Default is 120 seconds

Global Configuration Mode

278

IOLAN SCR1618 RDAC Command Line Reference Guide

ttl-security—Configure the time-to-live

(ttl) security hop count. This option and

ebgp-multihop cannot be set at the same

time

Values are 1 to 254 hops

Default is 1

unsupress-map—directs the IOLAN to

selectively advertise routes suppressed by

aggregating addresses, based on a route

map

Value specify a router map

update-source—specifies the source ip

address or interface for routing updates

Default is none

weight—defines a default weight for

routes from this neighbor

Values are 1-65335

Default is routes learned from a BGP

neighbor have a weight of 0. Routes

sourced by the local router have a weight

of 32768

network <A.B.C.D>

<A.B.C.D> | backdoor | route-

map <WORD> |

Configure a network to be advertised by

the BGP routing process.

Backdoor—indicates that this network is

reachable by a backdoor rote. A backdoor

network is considered to be like a local

network but is not advertised.

Route-map—specifies a configured route

map to be used when advertising the

network

Default is none

redistribute connected | kernel

| ospf | rip | static | metric <1-

4294967295> | route-map

<WORD> |

Select route type for redistribution.

BGP.

Connected (directly attached subnet or

host)

 Kernel

 OSPF

 RIPng

 Static

Select a router map from the drop-down

list.

Global Configuration Mode

279

IOLAN SCR1618 RDAC Command Line Reference Guide

(config-router-af)

{aggregate-address <A.B.C.D> <A.B.C.D> as-set summary-only |

exit-address-family |

maximum-path <1-255> | ibgp <1-255> |