Page 1 Reference for the Contivity VPN Switch Command Line Interface Version 3.5 Part No. 311645-A Rev 00 December 2000 600 Technology Park Drive Billerica, MA 01821-4130...
Page 2: Restricted Rights Legend
Nortel Networks NA Inc. does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3: Japan/Nippon Requirements Only
European Requirements Only EN 55 022 Statement This is to certify that the Nortel Networks Contivity Extranet Switch is shielded against the generation of radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application of EN 55 022 Class A (CISPR 22).
Page 4 Software is provided will be free from defects in materials and workmanship under normal use for a period of 90 days from the date Software is first shipped to Licensee. Nortel Networks will replace defective media at no charge if it is returned to Nortel Networks during the warranty period along with proof of the date of shipment.
Page 5 Licensee will immediately destroy or return to Nortel Networks the Software, user manuals, and all copies. Nortel Networks is not liable to Licensee for damages in any form solely by reason of the termination of this license. 8. Export and re-export. Licensee agrees not to export, directly or indirectly, the Software or related technical data or information without first obtaining any required export licenses or other governmental approvals.
Page 6 LICENSEE ACKNOWLEDGES THAT LICENSEE HAS READ THIS AGREEMENT, UNDERSTANDS IT, AND AGREES TO BE BOUND BY ITS TERMS AND CONDITIONS. LICENSEE FURTHER AGREES THAT THIS AGREEMENT IS THE ENTIRE AND EXCLUSIVE AGREEMENT BETWEEN NORTEL NETWORKS AND LICENSEE, WHICH SUPERSEDES ALL PRIOR ORAL AND WRITTEN AGREEMENTS AND COMMUNICATIONS BETWEEN THE PARTIES PERTAINING TO THE SUBJECT MATTER OF THIS AGREEMENT.
Page 7: Table Of Contents
Nortel Networks Customer Service ........
Page 8 Parameters ............43 Default .
Page 9 Example ............57 Reference for the Contivity VPN Switch Command Line Interface...
Page 10 enable password ........... . . 58 Syntax .
Page 11 Command mode ..........73 Reference for the Contivity VPN Switch Command Line Interface...
Page 12 Next command mode ..........73 Warnings .
Page 13 Warnings ............90 Reference for the Contivity VPN Switch Command Line Interface...
Page 14 Related commands ..........90 Examples .
Page 15 Parameters ........... . . 113 Reference for the Contivity VPN Switch Command Line Interface...
Page 16 Default ............113 Command mode .
Page 17 Command mode ..........129 Reference for the Contivity VPN Switch Command Line Interface...
Page 18 Response ............129 Next command mode .
Page 19 Command mode ..........144 Reference for the Contivity VPN Switch Command Line Interface...
Page 20 Response ............144 Next command mode .
Page 21 ..........165 Reference for the Contivity VPN Switch Command Line Interface...
Page 22 Syntax ............165 Parameters .
Page 23 Next command mode ..........179 Reference for the Contivity VPN Switch Command Line Interface...
Page 24 Warnings ............179 Related commands .
Page 25 Modify branch office group ......... 203 Contivity VPN Switch configuration commands ......206 Network definitions .
Page 26 26 Contents Required fields for user and branch records ......219 Group name syntax ..........220 Certificate Distinguished Name order .
Page 27: Preface
It provides reference information for each of the Web browser configuration screens. Conventions This guide refers to the Contivity VPN Switch as the switch.. This guide assumes that you are familiar with Web browsers and their general operation. Documentation This document uses the following conventions to distinguish among notes of varying importance.
Page 28: Related Publications
Related publications The following list shows the associated documentation that you will need to configure and manage the switch and describes the document’s objectives. • Contivity VPN Switch Release Notes provide the latest information, including known problems, workarounds, and special considerations.
Page 29 Example: If the command syntax is show ip {alerts|routes} show ip alerts or show ip routes both. Reference for the Contivity VPN Switch Command Line Interface show ip interface and as many ethernet/2/1 Set Trap Monitor Filters...
Page 30: Acronyms
Acronyms This guide uses the following acronyms: BootP CSMA/CD DLCMI HDLC ISDN ITU-T MDI-X NBMA OSPF SMDS SNMP 311645-A Rev 00 attachment unit interface Bootstrap Protocol basic rate interface carrier sense multiple access/collision detection Data Link Control Management Interface High-level Data Link Control Internet Protocol Integrated Services Digital Network International Organization for Standardization...
Page 31: Hard-Copy Technical Manuals
You can purchase selected documentation sets, CDs, and technical publications through the Internet at the You can purchase Nortel Networks documentation sets, CDs, and selected technical publications through the Nortel Networks Collateral Catalog. The catalog is located at support.baynetworks.com/catalog.html: •...
Page 32: Nortel Networks Customer Service
Nortel Networks Customer Service If you purchased a service contract for your Nortel Networks product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased a Nortel Networks service program, contact one of the following...
Page 33: Chapter 1 Introduction
Line Interface (CLI). Accessing the CLI Access from a Telnet session You access the CLI by starting a Telnet session to the switch’s Management IP Address, for example: telnet 10.0.16.247 You then log into the switch using an account with administrator privileges, for...
Page 34: Access From The Serial Port Menu
Access from the serial port menu You can access the CLI through the Serial Port menu if you have a serial port connection to the switch. Select L from the Serial Port menu, shown below, to access the CLI. Figure 1 Serial Port Menu Command modes The switch CLI has three command modes.
Page 35: User Exec Mode
User Exec Mode This is the initial command mode when the administrator first establishes a Telnet connection to the switch. It is also called Exec mode. This is a limited display mode. You cannot modify configuration parameters or view the configuration file.
Page 36 Display IP routing table Display IP route policies Display information on IP traffic to/ from switch Display IP VRRP settings Show details of pending switch reboot Show current switch sessions Show switch configuration and hardware Trace the route to a destination...
Page 37: Privileged Exec Mode
Reference for the Contivity VPN Switch Command Line Interface Description Clear ARP cache Clear event log Enter configuration mode Turn off privileged commands Display message about using help...
Page 38: Global Configuration Mode
Global Configuration Mode This mode allows the administrator to make changes to the switch running configuration. These changes are saved across reboots. This mode is also used to access other configuration modes (Router, and so on, to be supported in subsequent releases).
Page 39: Key Bindings
Key bindings You can use the Nortel Networks CLI (NNCLI) commands to edit command line text entries. Table 2 describes key bindings for NNCLI. Table 5 NNCLI key bindings Keys control-A control-B...
Page 40 Table 5 NNCLI key bindings Keys control-D control-E control-F control-H & control-I & control-K control-L & control-R control-N or down arrow next history command control-P or up arrow control-Q control-T control-U control-W control-X control-z esc-c & esc-u esc-l esc-b esc-d esc-f 311645-A Rev 00 Function...
Page 41: Chapter 2 Cli Command Summary
This command modifies the contents of the Address Resolution Protocol (ARP) cache. On the Contivity VPN Switch, only the no form of the de facto command is supported. There is no command to add a permanent entry to the ARP cache.
Page 42: Next Command Mode
Next command mode Global Configuration Related commands show arp clear arp-cache 311645-A Rev 00...
Page 43: Audible Alarm
This command enables and disables the audible alarm on the switch that is sounded under certain error conditions. Syntax audible alarm no audible alarm Parameters None Default Audible alarm is enabled. Command mode Global Configuration Next command mode...
Page 44: Clear Arp-Cache
clear arp-cache This command deletes all dynamic entries from the ARP cache, to clear the fast-switching cache, and to clear the IP route cache Syntax This command has no arguments or keywords. clear arp-cache Parameters None Default None Command mode Privileged Exec Next command mode Privileged Exec...
Page 45: Clear Ip Route
This command removes a route from the route table. Note that Static Routes are not removed from the switch browser interface by this command. This command is intended as a troubleshooting tool for use when routing problems are being caused by the presence of a wrong route.
Page 46: Related Commands
Related commands show ip route Example CES>clear ip route 10.11.0.12 311645-A Rev 00...
Page 47: Clear Logging Events
Next command mode Privileged Exec Related commands show logging events Example CES>clear logging events The example shows the command in use. This command does not give any feedback to the user. Reference for the Contivity VPN Switch Command Line Interface...
Page 48: Configure
configure This command puts the CLI into global configuration mode. This allows the administrator to access global configuration mode commands. To exit this mode, the user can enter [control]-Z, the exit command, or the end command. All global configuration commands are entered from the terminal. Syntax configure terminal Parameters...
Page 49: Console Mode
This command controls which menu items are visible on the serial port console for the switch, and what CLI commands can be used. When this command is used to set the switch in one of the two restricted modes, the only CLI commands that are available are:...
Page 50: Parameters
Parameters restricted1 restricted2 show Default The system boots in unrestricted mode, where all commands are enabled. Command mode Global configuration Next command mode Global configuration (console mode show) or Privileged Exec Related commands reload reload at reload in reload no-sessions Examples CES(config)#console mode show CONSOLE MODE is set to UNRESTRICTED...
Page 51 Stop and perform a cold restart. These examples show the default console mode setting, and how setting the console mode to restricted forces the user back to Privileged Exec mode and limits the available CLI commands. Reference for the Contivity VPN Switch Command Line Interface...
Page 52: Control
This command allows emulation of CLI commands available in earlier versions of the switch software. This command allows the administrator to create or delete control tunnels and to display the currently existing control tunnels. Control tunnels provide a secure means to manage the switch. Syntax control [ help...
Page 53: Examples
Chapter 2 CLI Command Summary 53 Examples CES(config)#control Help delete CES(config)#control create CES(config)#control show Reference for the Contivity VPN Switch Command Line Interface...
Page 54: Disable
disable This command makes the CLI parser exit from Privileged Exec mode and return to user Exec mode. Syntax disable Parameters None Default None Command mode Privileged Exec Next command mode User Exec 311645-A Rev 00...
Page 55: Related Commands
Related commands configure enable Example CES#disable CES> Reference for the Contivity VPN Switch Command Line Interface...
Page 56: Enable
enable This command puts the CLI parser into Privileged Exec mode, allowing the administrator to use additional CLI commands. The administrator is prompted for a case-sensitive password before they can enter privileged Exec mode. This password is created when the administrator user account is set up using the Web management pages.
Page 57: Related Commands
Related commands configure disable enable password Example CES>enable Password: fred (The password does not display.) CES#disable CES> Reference for the Contivity VPN Switch Command Line Interface...
Page 58: Enable Password
enable password This command allows the user to change the password used by the enable command to get into privileged Exec mode. This is the same password as set on the Profiles->Users Web page for the administator (user admin) account. If the new password is not different from the existing password, a warning message is generated.
Page 59: Related Commands
Exec mode. The administrator then changes the enable password and enters an incorrect one three times. The last example shows the error message displayed when the administrator tries to reuse the existing password. Reference for the Contivity VPN Switch Command Line Interface reenter the enable password.
Page 60: Exception Backup
This command allows the administrator to define backup FTP servers for the Contivity VPN Switch. A backup FTP server receives a copy of the LDAP database, configuration file, and other system files that have changed since the last backup.
Page 61: Command Mode
Command mode Global configuration Next command mode Global configuration Related commands show exception backup Example CES(config)#exception backup 1 12.0.44.129 interval 4 username BackupLogon password BackupPassword Reference for the Contivity VPN Switch Command Line Interface...
Page 62: Exit
exit This command allows the administrator to exit any configuration mode or to close an active Telnet session if they use the command when in User Exec mode. Syntax exit Parameters None Default None Command mode Available in all command modes Next command mode Either the lower level command mode, or none because the Telnet session is terminated...
Page 63: Related Commands
Related commands Example CES(config)#exit CES#exit CES> This example shows a user starting in Global configuration mode and using the exit command twice to end in User Exec mode. Reference for the Contivity VPN Switch Command Line Interface...
Page 64: Help
help This command displays a message about how to use the Help system. Syntax help Parameters None Command mode Available in all command modes Related commands None Example CES#help Help may be requested at any point in a command by entering a question mark (?). If nothing matches, the Help list is empty and you must back up until entering a question mark (?) shows the available options.
Page 65: Host Address
If the master server becomes unavailable, the switch attempts to use the slave LDAP servers. The switch reattempts connection to the master server every 15 minutes or upon a configuration change. The switch has read/write access to the master LDAP server. The slave servers are read-only.
Page 66: A Rev
bind_dn_value bind-password Default Defaults to a non-SSL connection made to port 389. If ssl-port is specified without providing a port number value, the SSL connection attempt is made to port 636. Command mode Global configuration Next command mode Global configuration Prerequisites None Related commands...
Page 67: Hostname
This command allows the administrator to specify the DNS host name for the switch. This name should correspond to the name in the DNS server to identify the management address of the switch that is located on the private network.
Page 68: Related Commands
Related commands no hostname ip domain-name ip name-server interface management Example CES(config)#hostname MarketingCES This example assigns the name MarketingCES to the switch. 311645-A Rev 00...
Page 69: Interface Management
Next command mode Interface configuration Warnings IP Address is already in use on switch for other purposes. The IP address that is used to connect to system services on the switch Reference for the Contivity VPN Switch Command Line Interface...
Page 70: Related Commands
Related commands ip http server Example CES(config)#interface management Router(config-if)#ip address 10.0.3.33 Router(config-if)#exit This command assigns the IP address 10.0.3.33 to the switch for HTTP, FTP, Telnet, and SNMP connections. 311645-A Rev 00...
Page 71: Ip Http Server
This command allows the administrator to enable or disable management of the switch using a Web browser. If HTTP management is disabled, the switch can still be managed using the Nortel Networks CLI. Syntax ip http server...
Page 72: Related Commands
Related commands interface loopback Example CES(config)#no ip http server This command disables management of the switch using a Web browser. The switch can still be configured using the CLI. 311645-A Rev 00...
Page 73: Kill
Parameters telnet_id Command mode Privileged Exec Next command mode Privileged Exec Warnings Invalid session ID. Session is not a Telnet session. Session ID of Telnet session to be terminated Reference for the Contivity VPN Switch Command Line Interface...
Page 74: Related Commands
CES# kill 213 CES# who 121: From 116.102.4.45 217: From 116.102.12.23 This example shows a series of Telnet sessions active on the switch. One is terminated using kill and the results are shown in the subsequent who command. 311645-A Rev 00...
Page 75: Ldap
This command allows the administrator to: • Start or stop the switch internal LDAP server • Export the LDAP database to an LDIF file on the switch • Import the LDAP database from an LDIF file on the switch •...
Page 76: Default
stop Default None Command mode Global configuration Next command mode Global configuration Warnings LDAP server is currently running. LDAP server is already running. LDAP server is already stopped. Invalid LDIF file name. LDIF file does not exist. Example CES(config)#ldap show CES(config)#ldap stop CES(config)#ldap export CES(config)#ldap start...
Page 77: Ldap-Server
This command is used to configure the settings for the LDAP server used by the switch to store the configuration settings that are not specific to an individual switch. The LDAP server can be internal to the switch being administered, or can be an external server that is shared by one or more Contivities.
Page 78: Related Commands
This example specifies the settings for a master LDAP server at IP address 122.33.102.44 port number nnn, with a bind DN and base DN. The domain delimiter is the character @ and the domain suffix is removed. The switch is set to use the external LDAP server.
Page 79: Ldap-Server Source
This command sets the source of the LDAP server used by the switch to either the internal LDAP server on the switch itself, or an external LDAP server that can be shared by one or more Contivities. Syntax...
Page 80: Warnings
Warnings External LDAP server not configured. Cannot reach external LDAP server. Related commands ldap-server show ldap-server Example See the example for the ldap-server command. 311645-A Rev 00...
Page 81: Load
This command allows the administrator to use the Bulk Load facility to Execute a command file that has been previously copied to the switch using FTP. The commands in the file can configure various settings on the switch. This facility is used to bulk configure the switch.
Page 82: A Rev
Prerequisites The LDAP server must be running. Related commands ldap Example CES(config)#load /ide0/system/test.cmd 311645-A Rev 00...
Page 83: Logging History
This is different from the IOS implementation, where this command only affects syslog messages. On the switch a warning is displayed if the level set with this command does not agree with the level required for syslog message forwarding (as set in the logging facility syslog command).
Page 84: Command Mode
Related commands show logging history logging facility syslog show logging syslog Example CES(config)#logging history errors This command sets the system logging on the switch to store emergency, alert, critical, and error condition messages in the system log. 311645-A Rev 00...
Page 85: Logout
This is a mini-CLI command to allow emulation of CLI commands available in earlier versions of the switch software. This command logs the administrator off the switch and terminates the Telnet session. It is equivalent to using the exit command in User Exec mode.
Page 86: More
EBCDIC mode. On the switch, this command is limited to files that are 10KB or smaller. If the user tries to use more on a file that is larger than 10KB, an error message is displayed.
Page 87: Command Mode
(.) in the ASCII part if the binary output format. Command mode Privileged Exec Next command mode Privileged Exec Warnings File not found. Cannot display a file that is larger that 10KB. Reference for the Contivity VPN Switch Command Line Interface...
Page 88: Example
Example CES#more disk0:system/config/CFG01022.DAT +AccessLst[abc] AccessLst[abc].Name=abc +AccessLst[abc].Rule[11.4.1.6:1.1.1.1:DENY] AccessLst[abc].Rule[11.4.1.6:1.1.1.1:DENY].Key=11.4.1.6:1.1.1.1:DENY AccessLst[abc].Rule[11.4.1.6:1.1.1.1:DENY].Protocol=IP AccessLst[abc].Rule[11.4.1.6:1.1.1.1:DENY].SourceAddr=11.4.1.6 AccessLst[abc].Rule[11.4.1.6:1.1.1.1:DENY].SourceWildcard=1.1.1.1 +AccessLst[abc].Rule[abdguiwfeh:255.255.0.0:Permit] AccessLst[abc].Rule[abdguiwfeh:255.255.0.0:Permit].Action=PERMIT AccessLst[abc].Rule[abdguiwfeh:255.255.0.0:Permit].Key=abdguiwfeh:255.255.0.0:Permit AccessLst[abc].Rule[abdguiwfeh:255.255.0.0:Permit].SourceWildcard=255.255.0.0 +AccessLst[abc].Rule[2.0.0.0:255.0.0.:Permit] AccessLst[abc].Rule[2.0.0.0:255.0.0.:Permit].Action=PERMIT AccessLst[abc].Rule[2.0.0.0:255.0.0.:Permit].Key=2.0.0.0:255.0.0.:Permit AccessLst[abc].Rule[2.0.0.0:255.0.0.:Permit].SourceAddr=2.0.0.0 +AccessLst[bar] AccessLst[bar].Name=bar +AccessLst[bar].Rule[1.2.0.0:255.255.0.0:0] AccessLst[bar].Rule[1.2.0.0:255.255.0.0:0].Key=1.2.0.0:255.255.0.0:0 CES# CES#more /binary disk0:system/config/CFG01022.DAT 00000000: 0A210A21 204C6173 7420636F 6E666967 00000010: 75726174 696F6E20 6368616E 67652061 00000020: 74203134 3A30333A 32322070 73742046 00000030: 72692041 75672032 37203139 39390A21 00000040:...
Page 89: Ping
User Exec Next command mode User Exec scr_host scr_address The IP address of system to ping The host name of system to ping The source host name The source IP address Reference for the Contivity VPN Switch Command Line Interface...
Page 90: Warnings
Warnings If the system cannot map an address for a host name, it returns a "%Unknown Host" error message. Related commands trace ip { host | address Examples CES>ping 122.104.11.112 PING 122.104.11.112: 56 data bytes 64 bytes from 122.104.11.112: icmp_seq=0. time= 16 ms 64 bytes from 122.104.11.112: icmp_seq=1.
Page 91: Reload
10 seconds. The Safe and Normal boot modes are used for secure management of the switch. In Normal mode, the switch operates normally. In Safe mode, the HTTP, or FTP traffic is allowed.
Page 92: Default
The switch should be rebooted with the latest configuration file. The switch should be rebooted with the reset configuration file. This file sets the switch to basic defaults. The contents of the LDAP database and other settings are still maintained.
Page 93: Next Command Mode
Any warnings cause the command to fail. The user must reenter the command after correcting the parameters in error. Configuration file does not exist. Related commands reload at reload cancel reload in reload no-sessions show reload Reference for the Contivity VPN Switch Command Line Interface...
Page 94: Example
Boot Drive: /ide0/ Proceed with reload? [confirm]y This reboots the switch from ide0, using the factory installed defaults and disabling logins after the reboot to allow for system maintenance. Reason is to "Upgrade software." The user must press [CR], or any subset of the string “yes”, to confirm that they want the reload to proceed.
Page 95: Reload At
This command sets a time in the future at which the switch will reboot. Options can be specified to determine whether the switch turns off or reboots, which configuration to use after a reboot, and other settings. The user is prompted to confirm that they want to continue with the reload. If they say yes and if the reload command is valid, the system reload will start at the specified time.
Page 96: Default
311645-A Rev 00 The switch should be rebooted with the reset configuration file. This file sets the switch to basic defaults, the contents of the LDAP database and other settings are still maintained. Name of previously saved configuration to use on reboot.
Page 97: Prerequisites
Any warnings cause the command to fail. The user must reenter the command after correcting the parameters in error. Configuration file does not exist. Related commands reload reload cancel reload in reload no-sessions show reload Reference for the Contivity VPN Switch Command Line Interface...
Page 98: Example
LDAP database." Comments After a successful reload at command, the switch will reboot at the time specified based on internal clock settings. For most Telnet client software, the reboot will cause the Telnet client to close the connection to the switch.
Page 99: Reload Cancel
When a reload has been canceled the details for the pending reload are displayed. Syntax reload cancel Parameters None Default None Command mode Privileged Exec Response The command will output a message giving details about the type of reload command that was canceled. Reference for the Contivity VPN Switch Command Line Interface...
Page 100: Next Command Mode
Next command mode Privileged ExecPrerequisites A reload must already have been scheduled. Warnings No currently scheduled reload operation. Related commands reload reload at reload in reload no-sessions show reload 311645-A Rev 00...
Page 101: Example
Config File: latest Boot Drive: /ide0/ This example schedules a reload command that would reboot the switch from ide0, using the latest configuration and disabling logins after the reboot to allow for system maintenance. Reason is to "Backup LDAP database." The reload is then canceled and the resulting output shows the original reload command.
Page 102: A Rev
This command sets a timer that causes the switch to reboot after a certain time has passed. Options can be specified to determine whether the switch turns off or reboots, which configuration to use after a reboot, and other settings.
Page 103: Default
The switch should be rebooted with the reset configuration file. This file sets the switch to basic defaults; the contents of the LDAP database and other settings are still maintained. config-name Name of the previously saved configuration to use on reboot.
Page 104: Prerequisites
Prerequisites A named configuration file can only be used after it has been created. Warnings Any warnings cause the command to fail. The user must reenter the command after correcting the parameters in error. Configuration file does not exist. Related commands reload reload cancel reload at...
Page 105: Example
Boot Drive: /ide1/ Proceed with reload? [confirm]y This example command powers down the switch in eight hours time. When the switch is powered up again it will reboot from ide1. Further logins are disabled until the switch has rebooted. Comments After a successful reload in command, the switch will reboot after the time specified has elapsed.
Page 106: Reload No-Sessions
This command causes the switch to reboot after there are no further logins. The reboot will start after all tunnels into the box, and all management sessions (Telnet, Web, etc.) have been closed. Options can be specified to determine whether the switch turns off or reboots, which configuration to use after a reboot and other settings.
Page 107: Default
The switch should be rebooted with the reset configuration file. This file sets the switch to basic defaults; the contents of the LDAP database and other settings are still maintained. config-name Name of previously saved configuration to use on reboot.
Page 108: Prerequisites
Prerequisites A named configuration file can only be used after it has been created. Warnings Any warnings cause the command to fail. The user must reenter the command after correcting the parameters in error. Configuration file does not exist. Related commands reload reload cancel reload at...
Page 109: Example
Boot Drive: /ide0/ Proceed with reload? [confirm]y This example reboots the switch from ide0, using the latest configuration when there are no sessions connected to the switch. New session connections have been disabled. Comments After a successful reload no-sessions the command, the switch reboots once all sessions on the switch have terminated.
Page 110: Server Backup
This command copies the current contents of the internal switch LDAP database into an LDIF file. The LDIF file can be saved off the switch for backup purposes. The internal LDAP server must be stopped before a backup command can be performed.
Page 111: Next Command Mode
The LDAP server must be stopped before performing a backup. Cannot backup LDAP server, backup in progress. Cannot backup LDAP server, restore in progress. Related commands ldap-server internal server restore server start server stop Reference for the Contivity VPN Switch Command Line Interface...
Page 112: Example
112 Chapter 2 CLI Command Summary Example CES(config)#ldap-server internal Router(config-ldap)#server stop Router(config-ldap)#server backup jan102000 Server backup started to file /ide0/system/slapd/ldif/jan102000 Server backup completed Router(config-ldap)#server start Router(config-ldap)#exit This example shows the internal LDAP server being stopped and the contents being backed up to a file called jan102000. After the backup has completed, the LDAP server is started again.
Page 113: Command Mode
The name of the LDIF file that should be restored into the LDAP database. The filename can have a maximum of 8 characters. The file is restored from the directory /ide0/system/slapd/ldif on the switch. Reference for the Contivity VPN Switch Command Line Interface...
Page 114: Next Command Mode
Next command mode LDAP server configuration Prerequisites The internal LDAP server must be stopped before a restore command can be performed. Warnings LDIF file “filename” not found. The LDAP server must be stopped before performing a restore. Cannot restore LDAP server, backup in progress. Cannot restore LDAP server, restore in progress.
Page 115: Example
This example shows the internal LDAP server being stopped and the contents being restored from the LDIF file called jan031999. After the restore has completed, the LDAP server is started again. Reference for the Contivity VPN Switch Command Line Interface...
Page 116: Next Command Mode
This command starts the internal switch LDAP server after it has been stopped. Syntax server start Parameters None Default None Command mode LDAP server configuration Response The switch outputs a confirmation message once the LDAP server has been restarted.
Page 117: Related Commands
This example shows the internal LDAP server being started. Comments For a large LDAP database, the start command can take some time to complete. server stop This command stops the internal switch LDAP server. Reference for the Contivity VPN Switch Command Line Interface...
Page 118: Next Command Mode
None Default None Command mode LDAP server configuration Response The switch outputs a confirmation message when the LDAP server has stopped. Next command mode LDAP server configuration Prerequisites The internal LDAP server must be running. Warnings The LDAP server is already stopped.
Page 119: Related Commands
This example shows the internal LDAP server being stopped. Comments Once the internal LDAP server has been stopped, the switch will not allow further login attempts to the switch because it cannot validate the user credentials. Reference for the Contivity VPN Switch Command Line Interface...
Page 120: Next Command Mode
show arp This command displays the entries in the ARP table. Syntax show arp Parameters None Default None Command mode Privileged Exec Next command mode Privileged Exec Related commands clear arp-cache Example CES# show arp LINK LEVEL ARP TABLE destination gateway flags Refcn Use 311645-A Rev 00 Interface...
Page 121: Command Mode
Parameters None Default None Command mode Global configuration Response This command outputs details of the current backup FTP servers that have been defined for the switch, if any. Reference for the Contivity VPN Switch Command Line Interface...
Page 122: Next Command Mode
Next command mode Global configuration Warnings No backup FTP servers defined Related commands exception backup 311645-A Rev 00...
Page 123: Example
(number 3) is removed from the list of available backup FTP servers and the second show exception command shows that details for this server have been removed from the switch configuration. Reference for the Contivity VPN Switch Command Line Interface 12.230.111.10 backupCES.internal.com...
Page 124: Next Command Mode
User Exec Next command mode User Exec Example CES>show file systems File Systems: Size(b) 1249280 1269760 This example shows the output for a switch that has two hard disk drives. 311645-A Rev 00 Free(b) Type Flags 262752 disk 1241752 disk...
Page 125: Parameters
This command shows the current settings that are in flash for the switch. This is equivalent to the Flash Contents button display on the Status->Statistics Web management page. Syntax show flash: contents Parameters None Default None Reference for the Contivity VPN Switch Command Line Interface...
Page 126: Next Command Mode
Command mode User Exec Next command mode User Exec Related commands show version 311645-A Rev 00...
Page 127: Xample
CES>show file: contents Flash Header - copyright: Nortel Networks, Copyright 1999, 2000 Flash Data - model number: Contivity1510D MAC address: 00-E0-7B-00-0D-30 serial number: 12192 feature keys: Maximum Ethernet ports: 2 Maximum T-1 ports: 1 Maximum T-3 ports: 0 Allow PPTP tunnels: True...
Page 128: Parameters
This command displays information about the overall health of the switch. It allows the administrator to check on areas that may cause problems in the future, as well as see where problems have been detected already.
Page 129: Next Command Mode
Warning: SNMP Servers. This example shows the type of output that is displayed when alerts and warning messages are requested by the show health command. Reference for the Contivity VPN Switch Command Line Interface Device fei1 down Can't backup to 12.33.44.123...
Page 130: Command Mode
show ip access-list This command displays the contents of all current IP access lists. The CLI accepts names up to 50 characters long. The maximum length of the CLI name is 50 characters, not 64 as it is in the browser-based GUI. Syntax show ip access-list Parameters...
Page 131: Next Command Mode
2.2.0.0, wildcard bits 255.255.0.0, exact Standard IP access list TEST1 deny 3.3.0.0, wildcard bits 255.255.0.0, exact This example shows the lists of all access lists created and the contents of it. Reference for the Contivity VPN Switch Command Line Interface...
Page 132: Next Command Mode
show ip ospf This command displays general information about OSPF routing and the state of OSPF routing processes. Syntax show ip ospf Parameters None Default None Command mode User Exec Response See the example for output from this command. Next command mode User Exec Related commands show ip ospf database...
Page 133: Example
Number of interfaces in this area = 0 SPF algorithm has Executed 37 times This example shows the state of OSPF routing process. Reference for the Contivity VPN Switch Command Line Interface (Same for all areas) Interval is 01H:00M (Same for all areas)
Page 134: Next Command Mode
This command displays information related to the OSPF database for the switch. It also delivers information about OSPF link state advertisements. Syntax show ip ospf database Parameters None Default None Command mode User Exec Response See the example for output from this command.
Page 135: Example
Link State ID Adv Router --------------- --------------- ----- ---------- -------- 15.62.0.0 15.62.250.250 This example lists the information related to the OSPF database. Reference for the Contivity VPN Switch Command Line Interface Seq Nbr CheckSum Links 1041 0x80000011 0xecf5 1001 0x8000001d 0xf39a...
Page 136: Next Command Mode
show ip ospf interface This command displays information about interfaces that are configured for OSPF routing. Syntax show ip ospf interface Parameters None Default None Command mode User Exec Response See the example for output from this command. Next command mode User Exec 311645-A Rev 00...
Page 137: Related Commands
CES>show ip ospf interface IP Address-CId Area ID Type 15.60.150.150-17 0.0.0.0 BCAST 15.63.150.150-74 0.0.0.0 PTPT This example displays OSPF related interface information. Reference for the Contivity VPN Switch Command Line Interface State Cost Priority Router 1 10.254.1.36 Other 1 0.0.0.0...
Page 138: Next Command Mode
show ip ospf neighbor This command displays information about OSPF neighbors on a per interface basis. Syntax show ip ospf neighbor Parameters None Default None Command mode User Exec Response See the example for output from this command. Next command mode User Exec Related commands show ip ospf...
Page 139: Example
OSPF Dynamic Neighbors RouterID -------------- 10.0.62.182 10.0.16.36 10.0.7.184 10.0.7.182 This example shows the IP address, router-id, and state of the neighbors. Reference for the Contivity VPN Switch Command Line Interface State Dead Time Address ------------- ------------- -------------- FULL/DR 00:00:20 2WAY...
Page 140: Parameters
show ip rip This command displays general information about RIP routing and the state of RIP routing process and status. Syntax show ip rip Parameters None Default None Command mode User Exec Response See the example for output from this command. 311645-A Rev 00...
Page 141: Next Command Mode
Node Wide Stats: rn_rtid: 0x00000000 rn_tics: 0, rn_num_circ: 0, rn_routes: 0 rn_udpInDatagrams: 0, rn_udpOutDatagrams: 1 rn_udpInErrors: 0, rn_udpNoPorts: 0 This example shows the state of RIP and the associated status information. Reference for the Contivity VPN Switch Command Line Interface...
Page 142: Command Mode
This command provides information related to the RIP database for the switch. It also delivers information about routes owned and imported by RIP. Syntax show ip rip database Parameters None Default None Command mode User Exec Response See the example for output from this command.
Page 143: Next Command Mode
Example CES>show ip rip database Table 6 Circuit Address 192.32.0.0 192.168.0.0 9.1.10.18 This example shows routes owned by an RIP database. Reference for the Contivity VPN Switch Command Line Interface Mask Owner Cost 255.255.0.0 255.255.0.0 255.255.255.255 Metric 10.0.234.230 10.0.234.230 10.0.234.230...
Page 144: Next Command Mode
show ip rip interface This command displays information about interfaces that are configured for RIP routing Syntax show ip rip interface Parameters None Default None Command mode User Exec Response See the example for output from this command. Next command mode User Exec Related commands show ip rip...
Page 145: Example
Ip: 10.0.15.146 IntfState: UP Cid: 1 PoisonRev: Enabled ExpSMetric: 1 This example shows the state of the configured interface. Reference for the Contivity VPN Switch Command Line Interface Subnet: 255.255.0.0 RipEnabled: Yes Auth: None Type: ETH RxMode: V2 TxMode: V2...
Page 146: Show Ip Route
show ip route This command displays the current contents of the RTM routing table. Each line of the output has the following format: TT a.a.a.a/n [ad/rm] via nh.nh.nh.nh, d hh:mm:ss, CircId nFormat CodeUsage P Authoring protocol TT Type a.a.a.a Address n Number of bits in the network mask ad Administrative distance (route preference) rm Route metric...
Page 147: Command Mode
Display a specific host a.a.a.a mask Display a specific route to address a.a.a.a net mask m.m.m.m Default None Command mode User Exec Reference for the Contivity VPN Switch Command Line Interface Meaning Derived Direct Derived Derived Static inter area route...
Page 148: Next Command Mode
Response See the example for output from this command. Next command mode User Exec Related commands clear ip route Example CES>show ip route 0.0.0.0/0 [6/10] via 10.0.0.10, 0 00:58:36, CircId 1 10.0.0.0/16 [0/0] via 10.0.4.41, 0 00:58:36, CircId 1 10.0.3.41/32 [0/0] via 127.0.0.1, 0 00:58:36, CircId 1 10.0.4.41/32 [0/0] via 127.0.0.1, 0 00:58:36, CircId 1 11.0.0.0/16 [0/0] via 11.0.4.41, 0 00:58:36, CircId 9 11.0.4.41/32 [0/0] via 127.0.0.1, 0 00:58:36, CircId 9...
Page 149: Command Mode
This command displays the contents of route policies in the routing protocol. Syntax show ip route-policies Parameters None Default None Command mode User Exec Response See the example for output from this command. Reference for the Contivity VPN Switch Command Line Interface...
Page 150: Next Command Mode
Next command mode User Exec Related commands show ip route Example CES>show ip route-policies ospf, 0, interface 10.0.3.41, distribute list in TEST This example shows the accept route policy in OSPF on the interface where TEST stands for the name of the access list. 311645-A Rev 00...
Page 151: Next Command Mode
This command displays statistics about IP traffic including packets sent and received, and various errors. Syntax show ip traffic Parameters None Default None Command mode User Exec Response See the example for output from this command. Next command mode User Exec Reference for the Contivity VPN Switch Command Line Interface...
Page 152: Example
Example CES>show ip traffic IP statistics: infragments fragdropped fragtimeout cantforward redirectsent unknownprotocol reassembled outfragments zero src addr src=dst addr src addr error dest addr error mgmt filterdrops 6127 intf filterdrops route filterdrops ICMP: 27 calls to icmp_error 0 error not generated because old message was icmp Output histogram: 0 message with bad code fields 0 message <...
Page 153 11825 segments updated rtt (of 11835 attempts) 0 retransmit timeout 0 connection dropped by rexmit timeout 0 persist timeout 0 keepalive timeout 0 keepalive probe sent 0 connection dropped by keepalive 0 pcb cache lookup failed Reference for the Contivity VPN Switch Command Line Interface...
Page 154: Parameters
show ip vrrp This command displays information about VRRP status. Syntax show ip vrrp [interface] Parameters interface Default None Command mode User Exec Response See the example for output from this command. Next command mode User Exec 311645-A Rev 00 Displays information about VRRP status of the specified interface.
Page 155: Example
Sent 7 advertisements, recv'd 426 No errors This example shows the command displaying the interfaces configured for VRRP, and then the more detailed output available with the optional interface parameter. Reference for the Contivity VPN Switch Command Line Interface Address Master 10.0.20.186 Backup 10.0.21.186...
Page 156: Show Ldap-Server
show ldap-server This command displays the configuration settings and state for the internal and external LDAP servers. Syntax show ldap-server [ Parameters external internal Default If no parameters are specified, then the configuration and state for all LDAP servers are displayed. This is equivalent to: show ldap-server all Command mode Global configuration...
Page 157: Warnings
The master server is being accessed using a non-encrypted connection. The slave1 server is being accessed via SSL with DES-56 and RC4-40 encryption. The slave1 server is not accessible. Reference for the Contivity VPN Switch Command Line Interface 11.122.12.200 cn=Marketing Base...
Page 158: Show Logging Config
Could indicate potential security or access problems. Also display normal events. Display events for use of Nortel Networks support personnel. Also display normal and urgent events. Display events for use of Nortel support personnel used for troubleshooting the switch.
Page 159: Related Commands
The display level defaults to normal. Command mode Privileged Exec Response See the example for output from this command. Next command mode Privileged Exec Related commands show logging events show logging security show logging syslog Reference for the Contivity VPN Switch Command Line Interface...
Page 160: Comments
Example CES#show logging config level urgent Config Log contents for Friday, July 30, 2000 *09:54:15 tRootTask 0 : Error in cfg file setting 'IpxIntfOmCls.IpxPrivateLANS[256].$ *09:54:15 tRootTask 0 : Error in cfg file setting 'IpxIntfOmCls.IPXPublicAddress=N/A$ CES# CES#show logging config Config Log contents for Friday, July 30, 2000 09:52:31 tHttpdTask 0 : Shutdown.Mode changed from 'NONE' to 'NOW' by user 'admin' $ 09:52:31 tHttpdTask 0 : Reboot[Scheduled Shutdown] created by user 'admin' @ '132.2$ *09:54:15 tRootTask 0 : Error in cfg file setting 'IpxIntfOmCls.IpxPrivateLANS[256].$...
Page 161: Syntax
The event log is maintained in switch memory with significant events being saved in the system log and written to disk. The event log retains approximately 2000 entries and discards old entries when it is refreshed.
Page 162: Warnings
Default Dropped IP and IPX packets are not tracked. Command mode Privileged Exec Response See the example for output from this command. Next command mode Privileged Exec Warnings If the user chooses to track dropped IP or IPX packets, a confirmation is requested due to the performance impact.
Page 163: Example
09/02/1999 12:02:20 0 PaceJob{0} [00] Calling 0x00ca012c, passing 011b7e88, 00000000$ 09/02/1999 12:03:59 0 Security [13] Management: Forced Admin User Off Due to Timeout$ 09/02/1999 12:04:00 0 Security [12] Session: LOCAL[admin]:2876 logged out Reference for the Contivity VPN Switch Command Line Interface...
Page 164 09/02/1999 12:04:00 0 Security [13] Management: Forcing admin to re-supply userid 09/02/1999 12:04:03 0 Security [11] Session: LOCAL[admin] attempting login 09/02/1999 12:04:03 0 Security [01] Session: LOCAL[admin] has no active sessions 09/02/1999 12:04:03 0 Security [01] Session: LOCAL[admin] admin has no active accoun$ 09/02/1999 12:04:03 0 Security [12] Session: LOCAL[admin]:2877 master admin authenti$ 09/02/1999 12:04:03 0 Security [11] Session: LOCAL[admin]:2877 server right: MANAGE 09/02/1999 12:04:03 0 Security [11] Session: LOCAL[admin]:2877 user/group right: MAN$...
Page 165: Parameters
This command displays the current logging history setting that is being used by the switch. Syntax show logging history Parameters None Default None Reference for the Contivity VPN Switch Command Line Interface...
Page 166: Next Command Mode
Example CES#show logging history Logging history level is errors This example shows the output for a switch where the logging history is still the default value. show logging security This command displays the contents of the security log. The security log records all events concerned with system or user security, including failures and successes.
Page 167: Command Mode
Could indicate potential security or access problems. Also, display normal events. detailed Display events for use of Nortel Networks support personnel. Also, display normal and urgent events. Display events for use of Nortel Networks support personnel used for troubleshooting the switch. Includes every event that the switch generates.
Page 168: Next Command Mode
Response See the example below for output from this command. Next command mode Privileged Exec Related commands show logging config show logging events show logging syslog Example CES#show logging security *09:54:26 tEvtLgMgr 0 : Security [13] Management: Request for manager.htm denied, re$ 09:54:29 tEvtLgMgr 0 : Security [12] Session: LOCAL[admin]:2873 master admin authen$ 09:54:30 tEvtLgMgr 0 : Security [12] Session: LOCAL[admin]:2873 Management: logged $ *11:05:38 tEvtLgMgr 0 : Security [13] Management: Forced Admin User Off Due to Timeo$...
Page 169: Parameters
The month for which the system log is to be displayed. The year for which the system log is to be displayed. A four-digit value. Display normal events, including user and system interactions, that indicate switch activity. Reference for the Contivity VPN Switch Command Line Interface...
Page 170: Next Command Mode
In the output, these events are marked with an asterisk. Could indicate potential security or access problems. Also display normal events. Display events for use of Nortel Networks support personnel. Also display normal and urgent events. Display events for use of Nortel Networks support personnel used for troubleshooting the switch.
Page 171: Related Commands
15:29:04 tEvtLgMgr 0 : Security [12] Session: LOCAL[admin]:2882 logged out This first example shows the system log output for normal messages. The second example shows the normal messages. The urgent messages are marked with an asterisk (*). Reference for the Contivity VPN Switch Command Line Interface...
Page 172: Command Mode
This command displays information about any pending shutdowns that are scheduled on the switch. This is the same information that is displayed on the Admin->Shutdown and Status->System Web management pages. Syntax...
Page 173: Next Command Mode
This example shows details about the currently scheduled reload. show sessions This command displays information about the current sessions connected to the switch. Load latest software patches Restart Enabled Disabled /ide0 latest Reference for the Contivity VPN Switch Command Line Interface...
Page 174: A Rev
Syntax show [branch-office] [ipsec] [pptp] [l2tp] [l2f] [admin] [all] sessions [detail] Parameters admin branch-office details ipsec l2tp pptp detail Default If no options are selected, this command shows summary and detailed information for all session types. This is the equivalent of the user entering: show all sessions detail Command mode User Exec...
Page 175: Next Command Mode
Related commands kill Example CES>show sessions This command shows the administrator connections currently made to the switch. Details include the number of current sessions as well as who is currently logged in to each session. show version This command displays the configuration of the system hardware, the software version, the names and locations of the config file, and the system up time.
Page 176: Related Commands
Default None Command mode User Exec Next command mode User Exec Related commands show flash: contents Example CES>show version Contivity VPN Client Software Software Version: V01_00.00 Software Build Date: Nov 18 2000, 11:31:50 System Serial Number: 12012 MAC Address: 00-E0-7B-00-00-C0 BIOS: 1.00.02.DI0 11/05/9612:40:54 bftarget uptime: 016 days, 01 hours, 14 minutes Current Configuration File: /ide0/system/config/CFG01022.DAT...
Page 177: Snmp-Server Contact
This command sets, or clears, the SysContact field in the MIB-II MIB. This field contains the name and contact information of the contact person for this switch. Syntax snmp-server contact text no snmp-server contact Parameters text Default None...
Page 178: Warnings
Warnings Contact string too long (must be 255 characters or less). Related commands snmp-server location text snmp-server name text Example CES(config)#snmp-server contact Dial John Connolly at 1-800-555-1212, x 123 This example sets the contact string to dial John Connolly at 1-800-555-1212, x 123.
Page 179: Warnings
Default None Command mode Global configuration Next command mode Global configuration Warnings Location string too long (must be 255 characters or less). String containing the physical location of the switch Reference for the Contivity VPN Switch Command Line Interface...
Page 180: Related Commands
Related commands snmp-server contact text snmp-server name text Example CS(config)#snmp-server location Building 400,4th Floor Closet A122 This example sets the location string to Building 400, 4th Floor Closet A122. 311645-A Rev 00...
Page 181: Command Mode
This command sets, or clears, the SysName field in the MIB-II MIB. This field contains an administratively assigned name for this switch. Syntax snmp-server name text no snmp-server name Parameters text Default None Command mode Global configuration String containing the switch name Reference for the Contivity VPN Switch Command Line Interface...
Page 182: Next Command Mode
Next command mode Global configuration Warnings Name string too long (must be 255 characters or less). Related commands snmp-server contact text snmp-server location text Example CES(config)#snmp-server name Contivity Chester, Group 1 This example sets the name string to Contivity Chester, Group 1. 311645-A Rev 00...
Page 183: Next Command Mode
This command is used when configuring the LDAP server for the switch. It allows the administrator to remove the domain name suffix from the user ID before sending the user ID to the LDAP server for authentication. Syntax...
Page 184: Example
184 Chapter 2 CLI Command Summary Example CES(config)#ldap-server internal Router(config-ldap)#no suffix remove Router(config-ldap)#domain-delimiter # suffix Router(config-ldap)#exit In this example the delimiter between the user ID and the domain name is set to the # character and the suffix is not removed before sending the user ID value to the LDAP server for authentication.
Page 185: Next Command Mode
The trace packets to the system identified by this host name. The trace packets to the system identified by this dotted IP address. Specify the maximum hops. Specify the wait timeout in seconds. Reference for the Contivity VPN Switch Command Line Interface...
Page 186: Related Commands
Warnings If the system cannot map an address for a host name, it returns an "%Unknown Host" error message. Related commands ping { host|address Example CES>trace 208.216.182.15 Tracing the route to amazon.com (208.216.182.15) 1 router-a.fred.corp.com (195.120.1.6) 1000 msec 8 msec 4 msec 2 filter-1.jane.fred.com (195.120.16.2) 8 msec 8 msec 8 msec 3 core2.seattle.cw.net (204.70.9.120) 8 msec 4 msec 4 msec 4 internap.seattle.cw.net (204.70.233.6) 8 msec 8 msec 8 msec...
Page 187: Next Command Mode
This command shows the active Telnet administration sessions on the switch with the IP address from which they are connected. The sessions are listed by session The session ID values are fixed for the life of a session. Syntax who [ip_address]...
Page 188: Related Commands
188 Chapter 2 CLI Command Summary Illegal IP address. Related commands kill show sessions 311645-A Rev 00...
Page 189: Chapter 3 Bulk Load Command
Contivity VPN Switch and have them executed in series. This command allows an administrator with many switches to configure them in bulk from a list of settings instead of having to configure each switch manually through the browser interface.
Page 190: Load Command
Components The bulk loading feature has two main components: the command file and the LOAD command. Load command The Load command is available only through the Telnet interface. Once executed, the command will load the specified command file, and execute the instructions it contains.
Page 191: File Format
TWO and command THREE. The 2.60 switch will recognize both command ONE and command TWO, but ignore command THREE. The 3.0 switch will recognize all three commands. If the command file is only being used on a 3.00 switch, the file format may be set to 1.0, 2.0, or 3.0.
Page 192: User Commands
User commands User commands allow an administrator to add or delete user records. They also allow an administrator to add or delete user groups. The supported user commands are: ADD_USER DELETE_USER RESET_USER_CERTS ADD_GROUP MODIFY_GROUP PURGE_GROUP DELETE_GROUP DELETE_ALL 311645-A Rev 00...
Page 193: Add User
IPSEC_TYPE: [Subject name type {Email/DNS/IP} - Required with certificates and IPSEC_ALTNAME] IPSEC_ISSUERCA: [Issuer certificate authority - Required with certificates] SERVER_CERT: [Server Certificate - Default: Inherit from group] RESTRICTED: [Control User Tunnel {True/False} - Default:False] Reference for the Contivity VPN Switch Command Line Interface...
Page 194: Modify Group
/Base group is assumed. COMMAND: DELETE_USER GROUP: [Group name] NAME: [User name - Required] Add Group The ADD_GROUP command is used to add a group to the switch database. COMMAND: ADD_GROUP Group name - Required GROUP: [ Modify Group The MODIFY_GROUP command is used to modify existing user groups.
Page 195 BW_EXCESS_ACTION: [EXCESS Rate Action {Drop/Mark}] // IPSEC Attributes DIG_SIG: [RSA Digital Signature {Enable/Disable}] UNAMEPW: [User Name/Password Authentication {Enable/Disable}] SERVER_CERT: [Default server certificate] ESP_3SHA1: [ESP - Triple DES with SHA1 Integrity {Enable/Disable}] Reference for the Contivity VPN Switch Command Line Interface...
Page 196 ESP_3MD5: [ESP - Triple DES with MD5 Integrity ESP_56SHA1: [ESP - 56-bit DES with SHA1 Integrity ESP_56MD5: [ESP - 56-bit DES with MD5 Integrity {Enable/Disable}] ESP_40SHA1: [ESP - 40-bit DES with SHA1 Integrity ESP_40MD5: [ESP - 40-bit DES with MD5 Integrity {Enable/Disable}] ESP_NULLSHA1: [ESP - NULL (Authentication Only) with SHA1 Integrity {Enable/Disable}]...
Page 197: Delete Group
/Base group. COMMAND: PURGE_GROUP GROUP: [Group name - Required] Delete Group The DELETE_GROUP command is used to delete a specified group and its users. COMMAND: DELETE_GROUP GROUP: [Group name - Required] Reference for the Contivity VPN Switch Command Line Interface...
Page 198: Branch Office Commands
Delete All The DELETE_ALL command deletes all users in the database. Caution: This command should only be executed by the switch administrator because all other accounts are removed. COMMAND: DELETE_ALL Branch office commands Branch office commands allow an administrator to add or delete branch office connections, including control tunnel connections.
Page 199: Add Branch Office Connection
TUNNEL: [Tunnel type {IPSEC,PPTP,L2TP} - Default:IPSEC] // Static Routing NET_NAME: [Local accessible network - Required for Static Routing] NAT_NAME: [NAT Translation (Optional for Static Routing)] SUBNET: [Remote Accessible Net Subnet - Required for Static Routing] Reference for the Contivity VPN Switch Command Line Interface...
Page 200 MASK: [Remote Accessible Net Subnet mask - Required for Static Routing] REM_NET_COST: [Remote network cost - Default:10] REM_NET_STATE: [Remote network state - {Enable/Disable} Default: Enable] // Dynamic Routing OSPF_STATE: [OSPF state {Enable/Disable} (Dynamic Routing) Default:Disable] AREA_ID: [Area ID (Dynamic Routing) - Default:0.0.0.0] OSPF_COST: [OSPF cost (Dynamic Routing) - Default:10] RIP_STATE: [Rip state {Enable/Disable} (Dynamic Routing) - Default: Disable]...
Page 201 {Enable/Disable} - (PPTP & L2TP tunnel types)] // L2TP specific authentication parameters CONCENTRATOR: [L2TP Concentrator (L2TP tunnel type)] L2TP_IPSEC_XPORT: [L2TP IPSEC Transport {None, 3DES, 56DES, 40DES, AH} - (L2TP tunnel type only)] Reference for the Contivity VPN Switch Command Line Interface...
Page 202: Modify Branch Office Connection
Modify branch office connection The MODIFY_CONNECTION command is used to add a new remote accessible network entry to an existing branch office connection. COMMAND: MODIFY_CONNECTION GROUP: [Branch Office group - Default:/Base] NAME: [Name of existing Branch Office connection to modify - Required] SUBNET: [Remote Network subnet - Required] MASK: [Remote Network subnet mask - Required]...
Page 203: Modify Branch Office Group
All values that are not specified will inherit values from its parent group. Note: All attributes accept the "inherited" value, which forces that attribute to inherit its value from its parent. Reference for the Contivity VPN Switch Command Line Interface...
Page 204 204 Chapter 3 Bulk Load Command NOTE: COMMAND: MODIFY_BRANCHGROUP GROUP: [Name of existing Branch Office group to modify -Required] //Connectivity Attributes CALL_PRI: [Call admission priority {Low/Medium/High/Highest}] FORWARD_PRI: [Forwarding priority {Low/Medium/High/Highest}] IDLE_TO: [Idle timeout period (hh:mm:ss format)] // Bandwidth Policy BW_COMMIT_RATE: [Committed Bandwidth Rate (bps)] BW_EXCESS_RATE: [EXCESS Bandwidth Rate (bps)] BW_EXCESS_ACTION: [EXCESS Rate Action {Drop/Mark}] // IPSEC Attributes...
Page 205 The following value does not accept the "INHERITED"keyword. The RIP_AUTH value will controlthe inheritance of this value. RIP authentication password RIP_PASS: [ // OSPF Attributes OSPF_PRI: [OSPF Priority] OSPF_DEAD_INT: [OSPF dead interval] OSPF_HELLO_INT: [OSPF hello interval] Reference for the Contivity VPN Switch Command Line Interface...
Page 206: Contivity Vpn Switch Configuration Commands
MD5_PASS: [OSPF MD5 password] MD5_KEY: [OSPF MD5 Key] Contivity VPN Switch configuration commands Switch configuration commands allow the administrator to configure switch attributes such as network definitions, NAT, address pools, filters, automatic backup, syslog forwarding, SNMP settings, and DHCP servers.
Page 207 Name of existing network to modify - Required NET_NAME: [ New IP address - Required SUBNET: [ New subnet mask - Required MASK: [ Three bulk load commands are used to configure NAT settings: CREATE_NAT, DELETE_NAT, and MODIFY_NAT. Reference for the Contivity VPN Switch Command Line Interface...
Page 208 The CREATE_NAT command is used to create a new NAT set. COMMAND: CREATE_NAT NAT_NAME: [ NAT_TYPE: [ IN_START_IP: [ IN_END_IP: [ EX_START_IP: [ EX_END_IP: [ NAT type The DELETE_NAT command is used to delete an existing NAT set. COMMAND: DELETE_NAT NAT_NAME: [Name of existing NAT set to delete - Required] 311645-A Rev 00 Name of new NAT set - Required...
Page 209: Address Pools
The CREATE_POOL command is used to create a new address pool. COMMAND: CREATE_POOL NAME: [Name of new address pool] IP_START: [Starting IP address - Required] IP_END: [Ending IP address - Required] MASK: [Subnet mask] Reference for the Contivity VPN Switch Command Line Interface...
Page 210: Filters
210 Chapter 3 Bulk Load Command The DELETE_POOL command is used to delete an existing address pool. COMMAND: DELETE_POOL IP_START: [Starting IP address - Required] IP_END: [Ending IP address - Required] Filters Several bulk load commands are used to create and configure filters and filter rules: CREATE_FILTER DELETE_FILTER...
Page 211 DHCP_SVR: [DHCP remote server {Enable/Disable}] RADIUS_SVR: [Radius remote server {Enable/Disable}] DNS_SVR: [DNS remote server {Enable/Disable}] The DELETE_FILTER command allows for the deletion of an existing filter. COMMAND: DELETE_FILTER FILT_NAME: [Filter name - Required] Reference for the Contivity VPN Switch Command Line Interface...
Page 212 212 Chapter 3 Bulk Load Command The ADD_RULE command allows an existing rule to be added to an existing filter. COMMAND: ADD_RULE FILT_NAME: [Filter name - Required] RULE_NAME: [Rule name - Required] The CREATE_RULE command allows for the creation of a new rule definition. COMMAND: CREATE_RULE RULE_NAME: [Rule name - Required] ADDR_NAME: [Address Name- Default:Any]...
Page 213: Automatic Backup
The CREATE_PORT command creates a new port definition to be used by a filter rule. COMMAND: CREATE_PORT PORT_NAME: [Port Name - Required] PORT: [Port number - Required] Automatic backup Two bulk load commands are available to configure the automatic backup feature: ADD_FTPSERVER DELETE_FTPSERVER. Reference for the Contivity VPN Switch Command Line Interface...
Page 214: Syslog Forwarding
214 Chapter 3 Bulk Load Command The ADD_FTPSERVER command is used to configure a new automatic backup server. COMMAND: ADD_FTPSERVER FTP_IP: [FTP host IP address - Required] FTP_UID: [User ID for FTP host - Required] FTP_ENABLE: [Enable Auto-backup Host - Default:Enable] FTP_PSW: [Password for FTP host - Default: ""...
Page 215: Snmp
Three bulk load commands are used to configure SNMP: ADD_SNMPHOST, DELETE_SNMPHOST, and CONFIG_TRAP. The ADD_SNMPHOST command is used to add and configure either SNMP-Get or Trap hosts. COMMAND: ADD_SNMPHOST SNMP_TYPE: [Get/Trap - Required] SNMP_IP: [SNMP host IP address - Required] Reference for the Contivity VPN Switch Command Line Interface...
Page 216 216 Chapter 3 Bulk Load Command SNMP_COMMUNITY: [SNMP Community name] SNMP_ENABLE: [Enable SNMP Host - Default:Enable] The DELETE_SNMPHOST command is used to remove an existing SNMP-Get or Trap host. COMMAND: DELETE_SNMPHOST SNMP_TYPE: [Get/Trap - Required] SNMP_IP: [SNMP host IP address - Required] 311645-A Rev 00...
Page 217: Dhcp
DHCP or Address Pools. COMMAND: CONFIG_REMOTE_POOL POOL_TYPE: [Pool type to use {DHCP/Address Pool} - Required] The CONFIG_DHCP command is used to setup the DHCP servers on the switch. COMMAND: CONFIG_DHCP DHCP_TYPE: [DHCP servers to use {Any/Specified}]...
Page 218: Licensing Commands
CACHE_SIZE: [DHCP cache size] IMMEDIATE_ADDR_REL: [Immediate address release {Enable/ Disable}] The DELETE_DHCP command is used to remote an existing DHCP server. COMMAND: DELETE_DHCP DHCP_SERVER: [Existing DHCP server to remove {Primary/ Secondary/Tertiary} - Required] Licensing commands Licensing of certain features will be supported in bulkload version 3.0. The following two commands allow the user to enable and disable a paid feature on the CES: ENABLE_PAID_FEATURE...
Page 219: Required Fields For User And Branch Records
Deletion of groups The DELETE_GROUP and DELETE_BRANCHGROUP commands can cause the LDAP server in use by the switch to become unreachable while the group is being deleted. This can happen if the group being deleted has a large number of users or Branch Office connections defined (for example, more than 50).
Page 220: Certificate Distinguished Name Order
Group name syntax For many of the User and Branch Office commands, you must specify the name of the group that you are manipulating. The syntax of the group name is very important. Group names are specified in Relative Distinguished Name (RDN) format, leaving out the '/Base' specifier.
Page 221: Index
86 ping 89 product support 32 publications hard copy 31 reload 91 reload at 95 reload cancel 99 reload in 102 reload no-sessions 106 Serial Port 34 server backup 110 Reference for the Contivity VPN Switch Command Line Interface...
Page 222: A Rev
172 show sessions 173 show version 175 snmp-server contact 177 snmp-server location 179 snmp-server name 181 suffix remove 183 support, Nortel Networks 32 311645-A Rev 00 technical publications 31 technical support 32 Telnet 33 text conventions 28 trace 185...

Nortel Contivity1510D Reference

Preface

Chapter 1 Introduction

Chapter 2 CLI Command Summary

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Nortel Contivity1510D

Summary of Contents for Nortel Contivity1510D