Cisco SCE2020-4XGBE-SM Configuration Manual

Software configuration guide

page of 512

/ 512
Contents
Table of Contents
Bookmarks

Quick Links

Download this manual

Cisco SCE 2000 and SCE 1000 Software

Configuration Guide

Release 3.5.5

June 15, 2009

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Text Part Number: OL-7827-12

Table of Contents

Related Manuals for Cisco SCE2020-4XGBE-SM

Controller Cisco SCE 2000 Installation And Configuration Manual
4xgbe (144 pages)
Engine Cisco SCE 1000 Installation And Configuration Manual
2xgbe (140 pages)
Network Hardware Cisco SCE 1000 Installation And Configuration Manual
(131 pages)
Network Hardware Cisco SCE 2000 4/8xFE Quick Start Manual
Cisco systems sce 2000 platform quick start guide (59 pages)
Controller Cisco SCE 1000 Quick Start Manual
Service control engine 1000 2xgbe (49 pages)
Server Cisco SCE8000 GBE Installation And Configuration Manual
(176 pages)
Server Cisco UCS C220 M3 Installation And Service Manual
(134 pages)
Server Cisco UCS C240 M5 Installation And Service Manual
(168 pages)

Server Cisco ASR 5000 Series Administration Manual
(117 pages)
Server Cisco UCS C210 Installation And Service Manual
Generations m1 and m2 (124 pages)
Server Cisco UCS C220 M4 Installation And Service Manual
(134 pages)
Server Cisco UCS 6454 Installation Manual
Fabric interconnect hardware (68 pages)
Server Cisco SE-CL-L3 Installation Manual
Application services engine hardware (106 pages)
Server Cisco UCS C260 Installation And Service Manual
(114 pages)
Server Cisco UCS C210 Installation And Service Manual
C-series rack-mount servers generations m1 and m2 (104 pages)
Server Cisco UCS C240 M3 User Manual
High-density rack server (small form factor disk drive model) (64 pages)

Summary of Contents for Cisco SCE2020-4XGBE-SM

Page 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide Release 3.5.5 June 15, 2009 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-7827-12...
Page 2 OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
Page 3: Table Of Contents
CLI Command Mode Hierarchy Prompt Indications Navigating Between Authorization Levels and Command Modes Configuring the Physical Ports CLI Help Features Partial Help Argument Help 2-10 Navigational and Shortcut Features 2-11 Command History 2-11 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 4 Monitoring the Operational Status of the SCE Platform 3-12 How to Display the Current Operational Status of the SCE Platform 3-13 Displaying the Current Operational Status of the SCE Platform: Example 3-13 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 5 The Logging System Copying the User Log Enabling and Disabling the User Log 4-10 Viewing the User Log Counters 4-10 Viewing the User Log 4-11 Clearing the User Log 4-11 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 6 Configuring the IP Fragment Filter Options How to Enable the IP Fragment Filter 5-10 How to Disable the IP Fragment Filter 5-10 Configuring the Permitted and Not-permitted IP Address Monitor 5-10 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 7 Configuration via SNMP 5-41 Configuring SNMP Community Strings 5-42 How to Define a Community String 5-42 How to Remove a Community String 5-43 How to Display the Configured Community Strings 5-43 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 8 Setting the System Clock: Example 5-59 How to Set the Calendar 5-59 Options 5-60 Setting the Calendar: Example 5-60 How to Set the Time Zone 5-60 Options 5-60 Setting the Time Zone: Example 5-61 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 9 Displaying Current DNS Settings: Example 5-70 Configuring the Management Port Physical Parameters 5-70 Configuring the Management Interface Speed and Duplex Parameters 5-70 How to Configure the Duplex Operation of the Management Interface 5-71 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 10 Information About Traffic Rules and Counters 6-17 What are Traffic Rules and Counters? 6-18 Traffic Rules 6-18 Traffic Counters 6-19 Configuring Traffic Counters 6-19 How to Create a Traffic Counter 6-20 Cisco SCE 2000 and SCE 1000 Software Configuration Guide viii OL-7827-12...
Page 11 How to Configure the Link Mode About the Link Mode Options Configuring Asymmetric Routing Topology Asymmetric Routing and Other Service Control Capabilities Enabling Asymmetric Routing How to Monitor Asymmetric Routing Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 12 Information About the RDR Formatter and NetFlow Exporting Support The RDR Formatter NetFlow NetFlow Terminology NetFlow Exporting Support Data Destinations Categories Priority Setting DSCP for NetFlow Forwarding Modes Protocol Transport Type Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 13 How to Disable the Linecard from Sending RDRs 8-19 How to Enable the Linecard to Send RDRs 8-19 Managing Subscribers C H A P T E R Introduction Information About Subscribers Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 14 How to Remove Subscribers from a Specified SCMP Peer Device 9-13 Creating Anonymous Groups 9-14 Defining Anonymous Groups 9-14 How to Define an Anonymous Group 9-14 Importing and Exporting Anonymous Groups 9-14 How to Import Anonymous Groups 9-15 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 15 How to Create or Update a TIR 9-32 How to update a TIR even if subscriber mappings exist 9-32 How to Remove TIRs and Subscriber Mappings 9-32 How to Remove a Specified TIR 9-33 Cisco SCE 2000 and SCE 1000 Software Configuration Guide xiii OL-7827-12...
Page 16 Configuring the SCE Platform/SM Connection 9-40 Options 9-41 Configuring the Behavior of the SCE Platform in Case of Failure of the SM 9-41 Options 9-41 Configuring the SM-SCE Platform Connection Timeout 9-42 Options 9-42 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 17 Simultaneous Upgrade of Firmware and Application 10-13 Identifying and Preventing Distributed-Denial-Of-Service Attacks 11-1 C H A P T E R Introduction 11-1 Attack Filtering and Attack Detection 11-1 Attack Filtering 11-2 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 18 Sample Attack Detector Configuration 11-17 Configuring Subscriber Notifications 11-18 How to Configure the Subscriber Notification Port 11-18 Options 11-18 How to Remove the Subscriber Notification Port 11-18 Preventing and Forcing Attack Detection 11-19 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 19 12-4 VAS Traffic Forwarding and SCA BB 12-5 VLAN Tags for VAS Traffic Forwarding 12-5 Service Flow 12-6 Data Flow 12-6 Non-VAS Data Flow 12-7 VAS Data Flow 12-8 Cisco SCE 2000 and SCE 1000 Software Configuration Guide xvii OL-7827-12...
Page 20 How to Disable a VAS Server 12-21 How to Restore all VAS Server Properties to Default 12-21 How to Assign a VLAN ID to a VAS Server 12-21 Options 12-21 Cisco SCE 2000 and SCE 1000 Software Configuration Guide xviii OL-7827-12...
Page 21 How to Configure the Minimum Time between Link Switches 12-42 How to Set the Active VAS Link 12-43 How to Configure Health Check for VAS over 10G 12-43 How to Configure the Health Check IP Address 12-43 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 22 Service Control MPLS/VPN Concepts 13-6 Non-VPN-Based Subscribers 13-6 Bypassing Unknown VPNs 13-7 Additional MPLS Pattern Support 13-7 VPN Identifier (RD or RT) 13-8 Service Control MPLS/VPN Requirements 13-8 Topology 13-8 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 23 C H A P T E R Introduction 14-1 About SCMP 14-1 SCMP Terminology 14-2 Deployment Scenarios 14-3 Single ISG Router with a Single SCE Platform (1xISG – 1xSCE) 14-3 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 24 How to display the statistics for a specified SCMP peer device 14-18 Monitoring the RADIUS Client 14-18 Monitoring SCE Platform Utilization A P P E N D I X Introduction SCE Platform Utilization Indicators Cisco SCE 2000 and SCE 1000 Software Configuration Guide xxii OL-7827-12...
Page 25 (1.3.6.1.4.1.5655.4.0.9) B-20 rdrActiveConnectionTrap (1.3.6.1.4.1.5655.4.0.10) B-20 rdrNoActiveConnectionTrap (1.3.6.1.4.1.5655.4.0.11) B-20 rdrConnectionUpTrap (1.3.6.1.4.1.5655.4.0.12) B-20 rdrConnectionDownTrap (1.3.6.1.4.1.5655.4.0.13) B-20 loggerUserLogIsFullTrap (1.3.6.1.4.1.5655.4.0.18) B-20 sntpClockDriftWarnTrap (1.3.6.1.4.1.5655.4.0.19) B-20 linkModeBypassTrap (1.3.6.1.4.1.5655.4.0.20) B-20 linkModeForwardingTrap (1.3.6.1.4.1.5655.4.0.21) B-21 linkModeCutoffTrap (1.3.6.1.4.1.5655.4.0.22) B-21 Cisco SCE 2000 and SCE 1000 Software Configuration Guide xxiii OL-7827-12...
Page 26 (1.3.6.1.4.1.5655.4.1.2.3) B-32 pchassisTempAlarm (1.3.6.1.4.1.5655.4.1.2.4) B-33 pchassisVoltageAlarm (1.3.6.1.4.1.5655.4.1.2.5) B-33 pchassisNumSlots (1.3.6.1.4.1.5655.4.1.2.6) B-33 pchassisSlotConfig (1.3.6.1.4.1.5655.4.1.2.7) B-34 pchassisPsuType (1.3.6.1.4.1.5655.4.1.2.8) B-34 pchassisLineFeedAlarm (1.3.6.1.4.1.5655.4.1.2.9) B-34 pmoduleTable (1.3.6.1.4.1.5655.4.1.3.1) B-35 pmoduleEntry (1.3.6.1.4.1.5655.4.1.3.1.1) B-35 pmoduleIndex (1.3.6.1.4.1.5655.4.1.3.1.1.1) B-35 Cisco SCE 2000 and SCE 1000 Software Configuration Guide xxiv OL-7827-12...
Page 27 (1.3.6.1.4.1.5655.4.1.6.2.1.1) B-44 rdrFormatterDestPort (1.3.6.1.4.1.5655.4.1.6.2.1.2) B-44 rdrFormatterDestPriority (1.3.6.1.4.1.5655.4.1.6.2.1.3) B-44 rdrFormatterDestStatus (1.3.6.1.4.1.5655.4.1.6.2.1.4) B-45 rdrFormatterDestConnectionStatus (1.3.6.1.4.1.5655.4.1.6.2.1.5) B-45 rdrFormatterDestNumReportsSent (1.3.6.1.4.1.5655.4.1.6.2.1.6) B-45 rdrFormatterDestNumReportsDiscarded (1.3.6.1.4.1.5655.4.1.6.2.1.7) B-45 rdrFormatterDestReportRate (1.3.6.1.4.1.5655.4.1.6.2.1.8) B-46 rdrFormatterDestReportRatePeak (1.3.6.1.4.1.5655.4.1.6.2.1.9) B-46 rdrFormatterDestReportRatePeakTime (1.3.6.1.4.1.5655.4.1.6.2.1.10) B-46 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 28 (1.3.6.1.4.1.5655.4.1.8.1.1.1) B-54 subscribersNumFree (1.3.6.1.4.1.5655.4.1.8.1.1.2) B-54 subscribersNumIpAddrMappings (1.3.6.1.4.1.5655.4.1.8.1.1.3) B-54 subscribersNumIpAddrMappingsFree (1.3.6.1.4.1.5655.4.1.8.1.1.4) B-55 subscribersNumIpRangeMappings (1.3.6.1.4.1.5655.4.1.8.1.1.5) B-55 subscribersNumIpRangeMappingsFree (1.3.6.1.4.1.5655.4.1.8.1.1.6) B-55 subscribersNumVlanMappings (1.3.6.1.4.1.5655.4.1.8.1.1.7) B-55 subscribersNumVlanMappingsFree (1.3.6.1.4.1.5655.4.1.8.1.1.8) B-56 subscribersNumActive (1.3.6.1.4.1.5655.4.1.8.1.1.9) B-56 subscribersNumActivePeak (1.3.6.1.4.1.5655.4.1.8.1.1.10) B-56 Cisco SCE 2000 and SCE 1000 Software Configuration Guide xxvi OL-7827-12...
Page 29 (1.3.6.1.4.1.5655.4.1.9.1.1.8) B-65 TpNumTcpActiveFlowsPeak (1.3.6.1.4.1.5655.4.1.9.1.1.9) B-65 tpNumTcpActiveFlowsPeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.10) B-65 tpNumUdpActiveFlows (1.3.6.1.4.1.5655.4.1.9.1.1.11) B-66 tpNumUdpActiveFlowsPeak (1.3.6.1.4.1.5655.4.1.9.1.1.12) B-66 tpNumUdpActiveFlowsPeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.13) B-66 tpNumNonTcpUdpActiveFlows (1.3.6.1.4.1.5655.4.1.9.1.1.14) B-66 tpNumNonTcpUdpActiveFlowsPeak (1.3.6.1.4.1.5655.4.1.9.1.1.15) B-67 tpNumNonTcpUdpActiveFlowsPeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.16) B-67 tpTotalNumBlockedPackets (1.3.6.1.4.1.5655.4.1.9.1.1.17) B-67 Cisco SCE 2000 and SCE 1000 Software Configuration Guide xxvii OL-7827-12...
Page 30 (1.3.6.1.4.1.5655.4.1.10.1.1.5) B-75 pportAdminSpeed (1.3.6.1.4.1.5655.4.1.10.1.1.6) B-75 pportAdminDuplex (1.3.6.1.4.1.5655.4.1.10.1.1.7) B-75 pportOperDuplex (1.3.6.1.4.1.5655.4.1.10.1.1.8) B-76 pportLinkIndex (1.3.6.1.4.1.5655.4.1.10.1.1.9) B-76 pportOperStatus (1.3.6.1.4.1.5655.4.1.10.1.1.10) B-76 txQueuesTable (1.3.6.1.4.1.5655.4.1.11.1) B-76 txQueuesEntry (1.3.6.1.4.1.5655.4.1.11.1.1) B-77 txQueuesModuleIndex (1.3.6.1.4.1.5655.4.1.11.1.1.1) B-77 txQueuesPortIndex (1.3.6.1.4.1.5655.4.1.11.1.1.2) B-77 Cisco SCE 2000 and SCE 1000 Software Configuration Guide xxviii OL-7827-12...
Page 31 (1.3.6.1.4.1.5655.4.1.13.3) B-85 appPropertiesValueEntry (1.3.6.1.4.1.5655.4.1.13.3.1) B-85 apvIndex (1.3.6.1.4.1.5655.4.1.13.3.1.1) B-86 apvPropertyName (1.3.6.1.4.1.5655.4.1.13.3.1.2) B-86 apvRowStatus (1.3.6.1.4.1.5655.4.1.13.3.1.3) B-86 apvPropertyStringValue (1.3.6.1.4.1.5655.4.1.13.3.1.4) B-86 apvPropertyUintValue (1.3.6.1.4.1.5655.4.1.13.3.1.5) B-87 apvPropertyCounter64Value (1.3.6.1.4.1.5655.4.1.13.3.1.6) B-87 trafficCountersTable (1.3.6.1.4.1.5655.4.1.14.1) B-87 trafficCountersEntry (1.3.6.1.4.1.5655.4.1.14.1.1) B-87 Cisco SCE 2000 and SCE 1000 Software Configuration Guide xxix OL-7827-12...
Page 32 (1.3.6.1.4.1.5655.4.1.16.1.1) B-91 vasServerIndex (1.3.6.1.4.1.5655.4.1.16.1.1.1) B-91 vasServerId (1.3.6.1.4.1.5655.4.1.16.1.1.2) B-91 vasServerAdminStatus (1.3.6.1.4.1.5655.4.1.16.1.1.3) B-92 vasServerOperStatus (1.3.6.1.4.1.5655.4.1.16.1.1.4) B-92 mplsVpnSoftwareCountersTable (1.3.6.1.4.1.5655.4.1.17.1) B-92 mplsVpnSoftwareCountersEntry (1.3.6.1.4.1.5655.4.1.17.1.1) B-92 mplsVpnMaxHWMappings (1.3.6.1.4.1.5655.4.1.17.1.1.1) B-93 mplsVpnCurrentHWMappings (1.3.6.1.4.1.5655.4.1.17.1.1.2) B-93 Supported Standards B-94 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 33: About This Guide
This guide is for experienced network administrators who are responsible for configuring and maintaining the SCE platform. This guide applies to the Cisco SCE 2000 and the Cisco SCE1000 platforms. For information concerning Note configuring the Cisco SCE8000 platform, refer to the...
Page 34 Added the following new feature: May, 2007 • Asymmetric Routing Topology The following chapter was updated to include the NetflowV9 protocol option: • Raw Data Formatting: The RDR Formatter and NetFlow Exporting Cisco SCE 2000 and SCE 1000 Software Configuration Guide xxxii OL-7827-12...
Page 35 • Management Interface Security • TACACS+ Authentication, Authorization and • Accounting Dynamic Mapping of RDRs to Categories • OL-7827-02 2.5.7 Complete reorganization and revision of product August, 2005 documentation. Cisco SCE 2000 and SCE 1000 Software Configuration Guide xxxiii OL-7827-12...
Page 36 Cisco Service Control Overview, Overview of SCE platform management. page 1-1 Command Line Interface, page 2-1 Detailed explanation of how to use the Cisco SCE Command-line Interface. Operations, page 3-1 Explanation of how to manage configurations, install applications and upgrade the system software.
Page 37 Monitoring SCE Platform Utilization, Explanation of how to monitor SCE platforms that page A-1 are installed in real traffic. Proprietary MIB Reference, page B-1 Definition of the proprietary Service Control Enterprise MIB Cisco SCE 2000 and SCE 1000 Software Configuration Guide xxxv OL-7827-12...
Page 38: Related Publications
Cisco Service Control Application for Broadband User Guide – Cisco Service Control Application Reporter User Guide – To view Cisco documentation or obtain general information about the documentation, refer to the • following sources: Obtaining Documentation and Submitting a Service Request, page -xxxviii –...
Page 39 Means the described action saves time. You can save time by performing the action described in the paragraph. Warning Means reader be warned. In this situation, you might perform an action that could result in bodily injury. Cisco SCE 2000 and SCE 1000 Software Configuration Guide xxxvii OL-7827-12...
Page 40: Obtaining Documentation And Submitting A Service Request
Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
Page 41: Introduction
Revised: June 15, 2009, OL-7827-12 Introduction This chapter provides a general overview of the Cisco Service Control solution. It introduces the Cisco service control concept and capabilities. It also briefly describes the hardware capabilities of the service control engine (SCE) platform and the Cisco specific applications that together compose the total Cisco service control solution.
Page 42: Chapter 1 Cisco Service Control Overview
(BSS) and operational support systems (OSS) Cisco Service Control Capabilities The core of the Cisco service control solution is the network hardware device: the Service control engine (SCE). The core capabilities of the SCE platform, which support a wide range of applications for delivering service control solutions, include: Subscriber and application awareness—Application-level drilling into IP traffic for real-time...
Page 43: Sce Platform Description
Programmable system core for flexible reporting and bandwidth control Transparent network and BSS and OSS integration into existing networks • Subscriber awareness that relates traffic and usage to specific customers • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 44: Management And Collection
SUB LINE/CASCA DE NET SCE platform device CMTS Management and Collection The Cisco service control solution includes a complete management infrastructure that provides the following management components to manage all aspects of the solution: • Network management • Subscriber management •...
Page 45: Network Management
Subscriber Management Where the Cisco service control application for broadband (SCA BB) enforces policies on different subscribers and tracks usage on an individual subscriber basis, the Cisco service control management suite (SCMS) subscriber manager (SM) may be used as middleware software for bridging between OSS and SCE platforms.
Page 46: Service Configuration Management
Records (RDRs), which the SCE platform forwards using a simple TCP-based protocol (RDR-Protocol). RDRs are processed by the Cisco service control management suite collection manager. The collection manager software is an implementation of a collection system that receives RDRs from one or more SCE platforms. It collects these records and processes them in one of its adapters.
Page 47: Introduction
Authorization and Command Levels (Hierarchy), page 2-2 • CLI Help Features, page 2-9 • Navigational and Shortcut Features, page 2-11 • Managing Command Output, page 2-14 • • Creating a CLI Script, page 2-16 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 48: Chapter 2 Command Line Interface
Each authorization level has a value (number) corresponding to it. When using the CLI commands, use the values, not the name of the level, as shown in Table 2-1. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 49: Cli Command Mode Hierarchy
SCE platform. Global Configuration Configuration of general system Admin • • SCE (config)# parameters, such as DNS, host Root > • • SCE (config)# name, and time zone. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 50 The list of available commands in each mode can be viewed using the question mark ‘?’ at the end of the prompt. Figure 2-1 illustrates the hierarchical structure of the CLI modes, and the CLI commands used to enter and exit a mode. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 51 This means that any number you enter in the line vty command (0, 1, 2, 3 or 4 ) will act as a 0 and configure all five connections together. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 52: Prompt Indications
<hostname (mode-indication) level-indication> Authorization levels are indicated as shown in Table 2-3. Table 2-3 Prompt Indications: Authorization Levels This prompt... Indicates this... User and Viewer levels > Admin level Root level #> Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 53: Navigating Between Authorization Levels And Command Modes
From this command mode, the following Interface Command Modes can be accessed: Management Interface Configuration – Linecard Interface Configuration – GigabitEthernet Interface Configuration (GBE traffic interfaces) – – Interface Range Configuration (range of traffic interfaces) – Line Configuration Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 54 SCE 2000: interface range gigabitethernet 0/<port-range (any range between 1 and 4) SCE 1000: interface range gigabitethernet 0/1-2 Line Configuration line vty 0 exit (exits to Global Configuration) end (exits to User Exec) Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 55: Configuring The Physical Ports
Example: The following example illustrates how typing c? displays all available arguments that start with the letter SCE(config)#snmp-server c? Community contact SCE(config)#snmp-server c Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 56: Argument Help
SCE#copy ? running-config Copy running configuration file startup-config Backup the startup-config to a specified destination STRING Source file SCE#copy Cisco SCE 2000 and SCE 1000 Software Configuration Guide 2-10 OL-7827-12...
Page 57: Navigational And Shortcut Features
By default, the system saves the last 30 commands you typed. You can change the number of commands remembered using the history size command. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 2-11...
Page 58: Keyboard Shortcuts
Recall the last item deleted. CTRL-Y Completes the word when there is only one possible completion. <Tab> Completes the word when there is only one possible completion. (Same CTRL-I functionality as <Tab>.) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 2-12 OL-7827-12...
Page 59: Auto-Completion
FTP protocol. sce#ip FTP password 1234 sce#ip FTP username cisco sce#copy ftp://@10.10.10.10/h:/config.tmp myconf.txt connecting 10.1.1.253 (user name cisco password 1234) to retrieve config.tmp sce# Cisco SCE 2000 and SCE 1000 Software Configuration Guide 2-13...
Page 60: The "Do" Command: Executing Commands Without Exiting
Use the no more (on page ) command to disable this feature so that show commands display the complete output all at one time. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 2-14...
Page 61: Scrolling The Screen Display
— The new output of the command will be appended to the existing contents of the file. • The syntax of redirection commands is as follows: <command>| redirect <file-name> • • <command>| append <file-name> Cisco SCE 2000 and SCE 1000 Software Configuration Guide 2-15 OL-7827-12...
Page 62: Creating A Cli Script
Device ‘/tffs0/’ has 81154048 bytes free, 21447973 bytes are needed for extraction, all is well. Extracting files to temp locations... Renaming temp files... Extracted OK. Backing-up general configuration file... Copy temporary file to final location... sce#script stop sce# Cisco SCE 2000 and SCE 1000 Software Configuration Guide 2-16 OL-7827-12...
Page 63: Chapter 3 Operations
Viewing Configurations, page 3-2 • Removing the Configuration, page 3-3 • Saving the Configuration Settings, page 3-4 • Restoring a Previous Configuration, page 3-5 • Backing Up Configuration Files, page 3-6 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 64: Viewing Configurations
At the SCE# prompt, type show running-config and press Enter. Step 1 The specified configuration file is displayed. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 65: Viewing Configurations: Example
'factory default' state. At the SCE(config)# prompt, type erase startup-config-all and press Enter. Step 1 All configuration files are removed, including configuration files not explicitly managed by the user, as listed above. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 66: Saving The Configuration Settings
UDP 60 interface FastEthernet 0/0 ip address 10.1.5.109 255.255.0.0 interface FastEthernet 0/1 interface FastEthernet 0/2 exit line vty 0 4 no timeout exit Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 67: Restoring A Previous Configuration
At the SCE# prompt, type copy tffs0:system/prevconf/filename tffs0:system/filename and press Enter. Step 3 Overwrites the current startup configuration file with the contents of the specified backup configuration file. Backup configuration filenames are config.tx1-config.tx9. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 68: Restoring A Previous Configuration: Example
The backup file may be created via FTP or it may be a local file, as shown in the following examples: via FTP: ftp://user:pass@host/drive:/dir/bckupcfg.txt – local: /tffs0/bckupcfg.txt – Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 69: Upgrading The Sce Platform Firmware
SCE2# Upgrading the SCE Platform Firmware Cisco distributes upgrades to the software and firmware on the SCE platform. Cisco distributes upgrade software as a file with the extension.pkg that is installed directly from the ftp site without being copied to the disk. This procedure walks you through installation and rebooting of the SCE platform with the new firmware.
Page 70: Upgrading Sce Platform Firmware: Example
Use the procedure described in Upgrading the SCE Platform Firmware, page 3-7. Install the desired application version. Step 3 Use the pqi install file command (see How to Install an Application, page 3-10). Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 71: Managing Application Files
(in this case upgrade should be used). You should always run the pqi uninstall command before installing a new pqi file. This prevents old files from accumulating on the disk. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 72: How To Display Information About An Application File
From the SCE(config if)# prompt, type pqi uninstall file filename and press Enter. Uninstalls the specified pqi file. You must specify the last pqi file that was installed. Note that this may take up to five minutes. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 3-10 OL-7827-12...
Page 73: How To Upgrade An Application
Note that this may take up to five minutes. How to Display the Last pqi File that was Installed From the SCE> prompt, type pqi last-installed and press Enter Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 3-11 OL-7827-12...
Page 74: Monitoring The Operational Status Of The Sce Platform
Platform configured to enter Failure mode consequent to failure-induced reboot (this is configurable using CLI command) Note: Depending on the cause of failure, the management interface and the platform configuration may or may not be active/available. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 3-12 OL-7827-12...
Page 75: How To Display The Current Operational Status Of The Sce Platform
Version ID : V01 Deviation Part number : 800-26601-01 Revision : B0 Software revision : G001 LineCard S/N : CAT09370L1Q Power Supply type : AC SML Application information is: Cisco SCE 2000 and SCE 1000 Software Configuration Guide 3-13 OL-7827-12...
Page 76: Displaying The Sce Platform Inventory
SCE> Displaying the SCE Platform Inventory Unique Device Identification (UDI) is a Cisco baseline feature that is supported by all Cisco platforms. This feature allows network administrators to remotely manage the assets in their network by tracing specific devices through either CLI or SNMP. The user can display inventory information for a remote...
Page 77: Displaying The System Uptime
Type Y to confirm the reboot request and press Enter. Rebooting the SCE Platform: Example SCE# reload Are you sure? y the system is about to reboot, this will end your CLI session Cisco SCE 2000 and SCE 1000 Software Configuration Guide 3-15 OL-7827-12...
Page 78: Rebooting And Shutting Down The Sce Platform
Telnet session, and then realizes that he or she has no physical access to the SCE platform. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 3-16 OL-7827-12...
Page 79: Utilities
IP address of the SCE platform. subnet mask Subnet mask of the SCE platform. default gateway Default gateway. hostname Character string used to identify the SCE platform. Maximum length is 20 characters. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 80: Chapter 4 Utilitie
(maximum 20 per list) IP address, and whether permitted or denied access. IP access ACL ID number of the ACL controlling IP access. telnet ACL ID number of the ACL controlling telnet access. SNMP Configuration Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 81 Information regarding these parameters can be found in the appropriate sections throughout this guide. For more information regarding SCE platform topology, and for a step-by-step description of the setup utility, see the Cisco SCE 2000/SCE 1000 Installation and Configuration Guides. Cisco SCE 2000 and SCE 1000 Software Configuration Guide...
Page 82: Entering The Setup Command
Please choose one of the following options: 1. Leave the running configuration unchanged. 2. Clear the existing lists and configure new ones. 3. Add new entries. Enter your choice: Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 83: Working With Sce Platform Files
How to Display your Working Directory, page 4-6 • How to List the Files in a Directory, page 4-6 • How to Create a Directory From the SCE# prompt, type mkdir directory-name and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 84: How To Change Directories
How to List the Files in the Current Directory, page 4-7 How to List the Applications in the Current Directory, page 4-7 • How to Include Files in Sub-Directories in the Directory Files List, page 4-7 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 85: Working With Files
From the SCE# prompt, type rename current-file-name new-file-name and press Enter. Step 1 How to Delete a File Step 1 From the SCE# prompt, type delete file-name and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 86: Copying Files
The following example uploads the analysis.sli file located on the local flash file system to the host 10.1.1.105, specifying Passive FTP. SCE#copy-passive /appli/analysis.sli ftp://myname:mypw@10.1.1.105/p:/appli/analysis.sli sce# How to Display File Contents Step 1 From the SCE# prompt, type more file-name and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 87: How To Unzip A File
SCE platform disk or any external host running a FTP server. Copying the User Log to an External Source, page 4-10 • Copying the User Log to an Internal Source, page 4-10 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 88: Enabling And Disabling The User Log
Non-volatile counters — are not cleared during boot time • Viewing the user log counters for the current session From the SCE# prompt, type show logger device user-file-log counters and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 4-10 OL-7827-12...
Page 89: Viewing The User Log
FTP site, not on the local file system. This operation may take some time. Generating a File for Technical Support: Example SCE# logger get support-file ftp://user:1234@10.10.10.10/c:/support.zip Cisco SCE 2000 and SCE 1000 Software Configuration Guide 4-11 OL-7827-12...
Page 90: Flow Capture
(Configuring a Flow Capture Traffic Rule, page 4-13) Configure the flow capture settings. (Optional) (Configuring the Flow Capture Settings, page 4-13) Perform the actual flow capture. (Performing the Flow Capture, page 4-14) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 4-12 OL-7827-12...
Page 91: Configuring A Flow Capture Traffic Rule
SCE platform, since the validity of the TCP and UDP checksum cannot be checked for the captured packets due to missing bytes. The cap file contains the information to retrieve the original length of each packet that was – truncated. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 4-13 OL-7827-12...
Page 92: Performing The Flow Capture
— name and FTP location to which to record the flow capture data in the format • ftp://<username>:<password>@<IP_address>/<path>/<file_name>. From the SCE(config if)# prompt, type flow-capture start format cap filename and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 4-14 OL-7827-12...
Page 93: Monitoring The Flow Capture
• • configured values of the different controllers How to Monitor the Flow Capture From the SCE> prompt, type show interface linecard 0 flow-capture and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 4-15 OL-7827-12...
Page 94 Chapter 4 Utilities Flow Capture Cisco SCE 2000 and SCE 1000 Software Configuration Guide 4-16 OL-7827-12...
Page 95: Introduction
Configuring Time Clocks and Time Zone, page 5-58 • Configure SNTP, page 5-64 • Configuring Domain Name Server (DNS) Settings, page 5-67 • Configuring the Management Port Physical Parameters, page 5-70 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 96: C H A P T E R 5 Configuring The Management Interface And Security
If fail-over mode is disabled, specify the active port (optional). • To configure the system with management interface redundancy, see Configuring Management Interface Redundancy, page 5-7 Configuring the Management Ports for Redundancy. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 97: Entering Management Interface Configuration Mode
Setting the IP Address and Subnet Mask of the Management Interface, page 5-4 • Configuring the Management Interface Speed and Duplex Parameters, page 5-5 • Specifying the Active Management Port, page 5-6 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 98: Setting The Ip Address And Subnet Mask Of The Management Interface
Setting the IP Address and Subnet Mask of the Management Interface: Example The following example shows how to set the IP address of the SCE platform to 10.1.1.1 and the subnet mask to 255.255.0.0. SCE(config if)#ip address 10.1.1.1 255.255.0.0 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 99: Configuring The Management Interface Speed And Duplex Parameters
If the duplex parameter is configured to auto, changing the speed parameter has no effect (see ). Step 1 From the SCE(config if)# prompt, type speed 10|100|auto and press Enter. Specify the desired speed option. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 100: How To Configure The Duplex Operation Of The Management Interface
This command is a Privileged Exec command, unlike the other commands in this section, which are Mng Note Interface Configuration commands. If in Mng interface configuration mode, you must exit to the privileged exec mode and see the SCE# prompt displayed. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 101: Options
Service does not revert to the default active port if/when that link recovers. The currently active • MNG port remains active until link failure causes a switch to the other MNG port. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 102: How To Configure The Management Ports For Redundancy
— Enable or disable automatic fail-over switching mode • Default — auto (automatic mode) – How to Enable Automatic Fail-Over Mode From the SCE(config if)# prompt, type auto-fail-over and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 103: How To Disable Automatic Fail-Over Mode
How to Enable the IP Fragment Filter, page 5-10 • How to Disable the IP Fragment Filter, page 5-10 Options The following options are available: • enable/disable — Enable or disable IP fragment filtering – Default — disable Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 104: How To Enable The Ip Fragment Filter
Default — 10 – From the SCE(config)# prompt, type p filter monitor {ip_permited|ip_not_permited} low_rate Step 1 low_rate high_rate high_rate burst burst size and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-10 OL-7827-12...
Page 105: Monitoring Management Interface Ip Filtering
Configuring AAA Login Authentication, page 5-22 • Configuring AAA Privilege Level Authorization Methods, page 5-24 • Configuring AAA Accounting, page 5-25 • Monitoring TACACS+ Servers, page 5-25 • • Monitoring TACACS+ Users, page 5-26 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-11 OL-7827-12...
Page 106: Information About Tacacs+ Authentication, Authorization, And Accounting
SCE platform user log and the telnet session is terminated (unless the user is connected to the console port.) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-12...
Page 107 Verifies that the user has sufficient privileges to enter the requested privilege level. • Once the user privilege level has been determined, the user is granted access to a specified set of commands according to the level granted. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-13 OL-7827-12...
Page 108 The configuration should always include the root user, giving it the privilege level of 15. – – Viewer (privilege level 5) and superuser (privilege level 10) user IDs should be established at this time also. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-14 OL-7827-12...
Page 109: Configuring The Sce Platform Tacacs+ Client
How to Remove a TACACS+ Server Host, page 5-17 • How to Configure the Global Default Key, page 5-17 • How to Configure the Global Default Timeout, page 5-18 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-15 OL-7827-12...
Page 110 — time in seconds that the server waits for a reply from the server host before • timing out Default = 5 seconds or user-configured global default timeout interval (see How to Define the – Global Default Timeout, page 5-18.) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-16 OL-7827-12...
Page 111 Make sure that the specified key is actually configured on the TACACS+ server hosts. Default = no encryption – How to Define a Global Default Key From the SCE(config)# prompt, type TACACS-server key key-string and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-17 OL-7827-12...
Page 112 However, any server host that does not have a timeout interval explicitly defined (uses the global default timeout interval) is now configured to a five second timeout interval. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-18...
Page 113: How To Manage The User Database
— a clear text password. May be saved in the local list in either of two formats: • as clear text – in MD5 encrypted form if the secret keyword is used – encrypted-secret — an MD5 encryption string password • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-19 OL-7827-12...
Page 114 The SCE platform grants the requested privilege level only after the TACACS+ server authenticates the " enable " command password and verifies that the user has sufficient privileges the enter the requested privilege level. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-20 OL-7827-12...
Page 115 — a clear text password. May be saved in the local list in either of two formats: • as clear text I – n MD5 encrypted form if the secret keyword is used – encrypted-secret — an MD5 encryption string password • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-21 OL-7827-12...
Page 116: Configuring Aaa Login Authentication
The authentication methods used at login (see General AAA Fallback and Recovery Mechanism.) • The procedures for configuring login authentication are explained in the following sections: Configuring Maximum Login Attempts, page 5-23 • Configuring the Login Authentication Methods, page 5-23 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-22 OL-7827-12...
Page 117 From the SCE(config)# prompt, type aaa authentication login default method1 [method2...] and press Step 1 Enter. You may list a maximum of four methods; all four methods explained above. List them in the order of priority. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-23 OL-7827-12...
Page 118: Configuring Aaa Privilege Level Authorization Methods
From the SCE(config)# prompt, type no aaa authentication enable default and press Enter. If the privilege level authorization methods list is deleted, the default login authentication method only (enable password) will be used. TACACS+ authentication will not be used. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-24 OL-7827-12...
Page 119: Configuring Aaa Accounting
How to Display Statistics, Keys and Timeouts for TACACS+ Servers, page 5-26 • How to Display Statistics for TACACS+ Servers From the SCE# prompt, type show TACACS and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-25 OL-7827-12...
Page 120: Monitoring Tacacs+ Users
(that is, the IP address being checked is found within the IP address range defined by the entry) determines the result, according to the permit/deny flag in the matched entry. If no matching entry is found in the access list, access is denied. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-26 OL-7827-12...
Page 121: Options
The following keywords are available: permit — the specified IP addresses have permission to access the SCE platform. • deny — the specified IP addresses are denied access to the SCE platform. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-27 OL-7827-12...
Page 122: How To Add Entries To An Acl
How to Configure the Telnet Timeout, page 5-30 This section discusses the Telnet interface of the SCE platform. A Telnet session is the most common way to connect to the SCE platform CLI interface. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-28 OL-7827-12...
Page 123: How To Prevent Telnet Access
ID number of an existing access list. Assigning an ACL to the Telnet Interface: Example The following example shows how to assign ACL #1 to the Telnet interface. SCE#configure SCE(config)#line vty 0 SCE(config-line)#access-class 1 in Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-29 OL-7827-12...
Page 124: How To Configure The Telnet Timeout
An Access Control List (ACL) can be configured for SSH as for any other management protocol, limiting SSH access to a specific set of IP addresses (see Configuring Access Control Lists (ACLs), page 5-26). Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-30 OL-7827-12...
Page 125: Managing The Ssh Server
From the SCE(config)# prompt, type ip ssh and press Enter. How to Disable the SSH Server Step 1 From the SCE(config)# prompt, type no ip ssh and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-31 OL-7827-12...
Page 126: How To Monitor The Status Of The Ssh Server
From the SCE> prompt, type show ip ssh and press Enter. This is a User Exec command. Make sure that you are in User Exec command mode by exiting any other modes. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-32 OL-7827-12...
Page 127: Enabling The Snmp Interface
This section explains how to configure the SNMP agent parameters. It also provides a brief overview of SNMP notifications and the supported MIBs, and explains the order in which the MIB must be loaded. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-33...
Page 128: The Snmp Interface
Get Next Request Requests the Object Identifier(s) and value(s) of the next object(s) managed by an agent. Get Response Contains the data returned by an agent. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-34 OL-7827-12...
Page 129: Security Considerations
• [no] snmp-server community [all] [ • no | default] snmp-server enable traps • [no] snmp-server host [all] • [no] snmp-server contact • [no] snmp-server location • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-35 OL-7827-12...
Page 130: Mibs
Since the acquisition of P-cube, Inc by Cisco Systems, Inc, the existing proprietary MIBs have undergone a process of updating to make them conform to Cisco standards. Note that all Pcube MIBs since SCOS version 3.0.3 are compiled using SMICNG and are in conformation with Cisco standards and styling.
Page 131 An addition to the ifTable, intended for high capacity interfaces ifStackTable A table containing information about sublayers of interfaces ifRcvAddressTable A table meant for interfaces that support more than one receive address Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-37 OL-7827-12...
Page 132 • The SCOS implements only the physical and the general groups of the Entity-MIB, since the other groups are not relevant to the SCE platform. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-38 OL-7827-12...
Page 133 SCE platform after their creation at boot time. Information About pcube Enterprise MIB • pcube Enterprise MIB, page 5-40 Loading the MIB Files, page 5-41 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-39 OL-7827-12...
Page 134 Enterprise MIB Structure Pcube 5655 pcubeProducts pcubeModules pcubeMgmt pcubeWorkgroups se100 se1000 se2000 pcubeConfigCopyMIB pcubeProductsMIB pcubeSeMIB pcubeEngageMIB pcubeSeConformance pcubeEngageConformance pcubeSeEvents pcubeSEObjs pcubeEngageObjs pcubeSeMIB (Pcube SCEMIB) pcubeEngageMIB pcubeSeGroups pcubeEngageGroups (CISCO-SCAS-BB MIB) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-40 OL-7827-12...
Page 135: Configuration Via Snmp
Setting a variable via SNMP (as via the CLI) takes effect immediately and affects only the running-configuration. To make this configuration stored for next reboots (startup-configuration) the user must specify it explicitly via CLI or via SNMP using the Cisco enterprise MIB objects (see Figure 5-1pcube Enterprise MIB Structure, page 5-40).
Page 136: Configuring Snmp Community Strings
This example shows how to configure a community string called “mycommunity” with read-only rights and access list number “1”. Since read-only is the default, it does not need to be defined explicitly. SCE(config)#snmp-server community mycommunity 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-42 OL-7827-12...
Page 137: How To Remove A Community String
SCE platform except for the AuthenticationFailure notification. The SCE platform provides the option to enable or disable the sending of this notification, as well as some of the SCE enterprise notifications, explicitly. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-43 OL-7827-12...
Page 138: How To Define Snmp Hosts
The following example shows how to configure the SCE platform to send SNMPv1 notifications to several hosts. SCE(config)#snmp-server host 10.10.10.10 mycommunity SCE(config)#snmp-server host 20.20.20.20 mycommunity SCE(config)#snmp-server host 30.30.30.30 mycommunity SCE(config)#snmp-server host 40.40.40.40 mycommunity Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-44 OL-7827-12...
Page 139 To enable/disable only one specific trap: Specify snmp or enterprise with the additional trap name • parameter naming the desired trap. To enable/disable all traps: Do not specify either snmp or enterprise. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-45 OL-7827-12...
Page 140: Managing Passwords
Resets all notifications supported by the SCE platform to their default status. Managing Passwords • About Passwords, page 5-47 • Changing Your Password, page 5-47 • Password Encryption, page 5-49 Password Recovery, page 5-49 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-46 OL-7827-12...
Page 141: About Passwords
Managing Passwords About Passwords Cisco CLI passwords are an access-level authorization setting, not individual user passwords. All Admin users, for example, log in with the same password. This means that the system does not identify you as an individual, but as a user with certain privileges.
Page 142: How To Change Your Password
If you enter an incorrect password, the password prompt will appear again. Repeat these steps as necessary to check additional passwords. The encryption feature will encrypt the passwords in the platform configuration files. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-48 OL-7827-12...
Page 143: Password Encryption
How to Recover the Passwords: Reverting to Default the Configuration, page 5-50 • How to Recover the Passwords: Saving the Current Configuration, page 5-50 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-49 OL-7827-12...
Page 144 Step 1 Press Enter so that the prompt appears. Step 2 Connects to the SCE platform. Type cd system and press Enter. Step 3 Navigates to the system directory. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-50 OL-7827-12...
Page 145 If passwords were not encrypted—the user-configured passwords that you viewed in the copied file are restored, since the configuration file was not changed. If passwords were encrypted—the default password Cisco remains, since the encrypted lines were • removed from the configuration file before it was copied back to the SCE platform.
Page 146: How To Recover The Passwords: Scos Versions 2.5.5 Or Later
IP Configuration Configuring the IP Routing Table, page 5-53 • IP Advertising, page 5-55 • Configuring the IP Address of the Management Interface, page 5-57 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-52 OL-7827-12...
Page 147: Configuring The Ip Routing Table
Enter your password if prompted. • Configuring the Default Gateway: Example The following example shows how to set the default gateway IP of the SCE platform to 10.1.1.1. SCE(config)#ip default-gateway 10.1.1.1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-53 OL-7827-12...
Page 148: How To Add An Entry To The Ip Routing Table
10.1.1.5 How to Display the IP Routing Table for a Specified Subnet • Options, page 5-55 • Displaying the IP Routing Table for a Specified Subnet: Example, page 5-55 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-54 OL-7827-12...
Page 149: Ip Advertising
(interval). If no destination or interval is explicitly configured, the default values are assumed. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-55...
Page 150: How To Display The Current Ip Advertising Configuration
From the SCE> prompt, type show ip advertising and press Enter. Step 1 Displays the status of IP advertising (enabled or disabled), the configured destination, and the configured interval Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-56 OL-7827-12...
Page 151: Configuring The Ip Address Of The Management Interface
Configuring the IP Address of the Management Interface: Example The following example shows how to set the IP address of the SCE platform to 10.1.1.1 and the subnet mask to 255.255.0.0. SCE(config if)#ip address 10.1.1.1 255.255.0.0 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-57 OL-7827-12...
Page 152: Configuring Time Clocks And Time Zone
From the SCE(config)# prompt, type show clock and press Enter. Step 1 Displaying the System Time: Example The following example shows the current system clock. SCE#show clock 12:50:03 November 13 2001 sce# Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-58 OL-7827-12...
Page 153: How To Display The Calendar Time
How to Set the Calendar The calendar is a system clock that continues functioning even when the system shuts down. Options, page 5-60 • Setting the Calendar: Example, page 5-60 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-59 OL-7827-12...
Page 154: Setting The Calendar: Example
From the SCE(config)# prompt, type clock timezone zone hours minutes, and press Enter. Step 1 Sets the timezone to the specified timezone name with the configured offset in hours and minutes. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-60 OL-7827-12...
Page 155: Setting The Time Zone: Example
(Note that "year" is not necessarily a calendar year. If the transition days are determined in the fall, the transitions for that fall and the next spring may be configured.) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-61...
Page 156: Guidelines
For the clock summer-time recurring command, the default values are the United States transition • rules: Daylight saving time begins: 2:00 (AM) on the second Sunday of March. – Daylight saving time ends: 2:00 (AM) on the first Sunday of November. – Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-62 OL-7827-12...
Page 157: How To Define Recurring Daylight Saving Time Transitions
SCE(config)# clock summer-time DST April 16 2004 00:00 October 23 2004 23:59 How to Cancel the Daylight Saving Time Configuration From the SCE(config)# prompt, type no clock summer-time and press Enter. Step 1 Removes all daylight saving configuration. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-63 OL-7827-12...
Page 158: How To Display The Current Daylight Saving Time Configuration
How to Enable the SNTP Multicast Client From the SCE(config)# prompt, type sntp broadcast client and press Enter. Step 1 Enables the SNTP multicast client. It will accept time updates from any broadcast server. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-64 OL-7827-12...
Page 159: How To Disable The Sntp Multicast Client
How to Disable the SNTP Unicast Client and Remove All Servers Step 1 From the SCE(config)# prompt, type no sntp server all and press Enter. Removes all SNTP unicast servers, preventing unicast SNTP query. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-65 OL-7827-12...
Page 160: How To Remove One Sntp Server
How to Display SNTP Information From the SCE> prompt, type show sntp and press Enter. Step 1 Displays the configuration of both the SNTP unicast client and the SNTP multicast client. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-66 OL-7827-12...
Page 161: Displaying Sntp Information: Example
• ip domain-lookup • show hosts • Configuring DNS Lookup How to Enable DNS Lookup, page 5-68 • How to Disable DNS Lookup, page 5-68 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-67 OL-7827-12...
Page 162: How To Enable Dns Lookup
Defines the servers at the specified addresses as domain name servers. Defining Domain Name Servers: Example The following example shows how to configure the two name server (DNS) IP addresses. SCE(config)#ip name-server 10.1.1.60 10.1.1.61 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-68 OL-7827-12...
Page 163: How To Remove A Domain Name Server
The following example shows how to add a host to the host table. SCE(config)#ip host PC85 10.1.1.61 The following example shows how to remove a hostname together with all its IP mappings. SCE(config)#no ip host PC85 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-69 OL-7827-12...
Page 164: How To Display Current Dns Settings
Both these parameters must be configured separately for each port. • How to Configure the Duplex Operation of the Management Interface, page 5-71 How to Configure the Speed of the Management Interface, page 5-71 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-70 OL-7827-12...
Page 165: How To Configure The Speed Of The Management Interface
If the duplex parameter is configured to auto, changing the speed parameter has no effect (see ). From the SCE(config if)# prompt, type speed 10|100|auto and press Enter. Step 1 Configures the speed of the currently selected management interface. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-71 OL-7827-12...
Page 166: Monitoring The Management Interface
Displays the specified management interface configuration. If no option is specified, all management interface information is displayed. • The displayed speed and duplex mode are for the management interface specified in the command. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-72 OL-7827-12...
Page 167: Line Interfaces
(Cisco SCE 2000 4xGBE Installation and Configuration Guide Cisco SCE 1000 2xGBE Installation and Configuration Guide.) The SCE 1000 2xGBE and the SCE 2000 4xGBE have Gigabit Ethernet line interfaces. You should configure auto-negotiate for these interfaces. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 168: Chapter 6 Configuring The Line Interface
Exits to global configuration mode, from which you can access a different Gigabit Ethernet interface. Repeat steps 2 and 3 for the remaining Gigabit Ethernet interfaces. Step 5 Auto-negotiation must enabled separately and explicitly for each Gigabit Ethernet interface. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 169: How To Configure A Range Of Gigabit Ethernet Line Interfaces
The SCE platform is able to either ignore the tunneling protocols ("skip" the header) or treat the tunneling information as subscriber information ("classify"). A special case of classification by tunneling information is MPLS/VPN with private IP support Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 170 IP, UDP, and L2TP headers, reaching the internal IP, which is the actual subscriber traffic. If L2TP is not configured, the system treats the external IP header as the subscriber traffic, thus all the flows in the tunnel are seen as a single flow. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 171: Managed Vpns
(VLAN or VPN) to which the IP addresses of the flow belong: MPLS VPN auto-learn • VLAN symmetric classify • Capacity The system supports: 2015 VPNs • • 80,000 IP mappings over VPNs Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 172: Selecting The Tunneling Mode
VPN, but only if the IP mappings are the full range of the VPN (0.0.0.0/0). (This option is provided for backwards compatibility, supporting legacy multi-VLAN subscribers.) Selecting the Tunneling Mode Use these commands to configure tunneling: ip-tunnel • vlan • mpls • • L2TP identify-by Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 173: Configuring L2Tp Ip Tunnels
Fragmentation should be avoided whenever possible. If it is not possible to avoid fragmentation, it is recommended to opt for internal fragmentation. If that is also not possible, the SCE platform can be operated under conditions of external fragmentation. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 174 Step 2 From the SCE(config if)# prompt, type no ip-tunnel IPinIP skip and press Enter. Step 3 Restart the linecard. From the SCE(config if)#> prompt, type no shutdown and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 175: Configuring Dscp Marking For Ipinip Tunnels
Manage DSCP ToS Marker Values" in the chapter "Using the Service Configuration Editor: Traffic Control" in the Cisco Service Control Application for Broadband User Guide for further information. Use this command to configure the SCE platform to mark the DSCP bits of the internal IP header. This command takes effect only when IPinIP skip is enabled.
Page 176: Configuring The Vlan Environment
Using the a-symmetric skip value incurs a performance penalty. Note From the SCE(config if)# prompt, type vlan {symmetric classify | symmetric skip |a-symmetric skip} Step 1 and press Enter. Specify the desired VLAN mode. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-10 OL-7827-12...
Page 177: Configuring The Mpls Environment
The following example selects VLAN-based classification. SCE(config if)#vlan symmetric classify Configuring the MPLS Environment Use this command to set the MPLS environment. Note For more information regarding the Cisco Service Control MPLS/VPN solution, see the "MPLS/VPN Support " chapter. Options, page 6-11 • •...
Page 178: Configuring The L2Tp Environment
IPs in the tunnel (as allocated by the LNS), or simply for all of the traffic passing through the SCE platform. Note that flow redirection and flow blocking cannot be performed on quick-forwarded traffic. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-12 OL-7827-12...
Page 179: Asymmetric L2 Support
Step 1 Displaying the Tunneling Configuration Step 1 From the SCE# prompt, type show interface linecard 0 MPLS|VLAN|L2TP|IP-tunnel and press Enter. Displays the current configuration for the specified tunnel option. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-13 OL-7827-12...
Page 180: How To Display The Ipinip Configuration
Some topologies require the SCE platform to be able to translate between different VLAN tags. Figure 6-2 illustrates an example of such a system, in which one router acts as a dispatcher, forwarding traffic and performing load balancing between two SCE 2000 platforms. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-14 OL-7827-12...
Page 181: Vlan Translation Features And Limitations
X on the network side, it is decremented by X on the subscriber side. VLAN tagged packets are changed (incremented or decremented) before transmission. • Non-tagged packet are not changed. • This feature allows seamless processing with non-VLAN traffic. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-15 OL-7827-12...
Page 182: Setting The Vlan Translation Constant
Sets the VLAN translation constant. Setting the VLAN Translation Constant: Example The following example sets the translation constant to 10, decremented at the network side. SCE(config if)#vlan translation decrement value 10 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-16 OL-7827-12...
Page 183: How To Disable Vlan Translation
Managing Traffic Rules and Counters, page 6-25 • Information About Traffic Rules and Counters What are Traffic Rules and Counters?, page 6-18 • Traffic Rules, page 6-18 • Traffic Counters, page 6-19 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-17 OL-7827-12...
Page 184: What Are Traffic Rules And Counters?
TCP/UDP Ports — A single port or a port range can be specified for each of the line ports • (Subscriber / Network). Valid for the TCP/UDP protocols only. Direction (Upstream/Downstream) (TCP only). • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-18 OL-7827-12...
Page 185: Traffic Counters
How to Create a Traffic Counter, page 6-20 • How to Delete a Traffic Counter, page 6-20 • How to Delete all Existing Traffic Counters, page 6-20 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-19 OL-7827-12...
Page 186: How To Create A Traffic Counter
How to Delete all Traffic Rules, page 6-24 • How to Delete All Flow Control Traffic Rules, page 6-24 How to Create a Traffic Rule • Options, page 6-21 • Configuring Traffic Rules: Examples, page 6-22 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-20 OL-7827-12...
Page 187 The keyword name must appear as well as the actual name of the counter. none — If none is specified, then an action must be explicitly defined via the action option. • action: (not required if the action is count only) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-21 OL-7827-12...
Page 188 Traffic counter = counter1 • The only action performed will be counting • SCE(config if)# traffic-rule rule1 IP-addresses subscriber-side all network-side 10.10.10.10 protocol other direction both traffic-counter name counter1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-22 OL-7827-12...
Page 189 Action = ignore (required since traffic-counter = none) • The only action performed will be Ignore. • SCE(config if)# traffic-rule rule3 IP-addresses all protocol IS-IS direction upstream traffic-counter none action ignore Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-23 OL-7827-12...
Page 190: How To Delete A Traffic Rule
Removes all existing traffic rules. How to Delete All Flow Control Traffic Rules From the SCE(config if)# prompt, type no traffic-rule capture and press Enter. Step 1 Removes all flow capture traffic rules. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-24 OL-7827-12...
Page 191: Managing Traffic Rules And Counters
Viewing a Traffic Counter: Example The following example displays information for the traffic counter “cnt”. SCE# show interface linecard 0 traffic-counter name cnt Counter 'cnt' value: 0 packets. Rules using it: None. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-25 OL-7827-12...
Page 192: How To View All Traffic Counters
TOS marking (enabled or disabled) for each interface and to display the TOS translation table. For information on configuring TOS marking, please refer to the Cisco Service Control Application for Broadband User Guide, Rel 3.1.5. Note TOS marking in release 3.1.5 is not backwards compatible with any previous SCOS releases.
Page 193: How To Display The Tos Marking Configuration
Use this command to disable the drop-red-packets-by-hardware mode, enabling the software to count all dropped packets. Step 1 From the SCE(config if)# prompt, type no accelerate-packet-drops and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-27 OL-7827-12...
Page 194: How To Enable The Hardware Packet Drop
Counting Dropped Packets How to Enable the Hardware Packet Drop Use this command to enable the drop-red-packets-by-hardware mode. Step 1 From the SCE(config if)# prompt, type accelerate-packet-drops and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 6-28 OL-7827-12...
Page 195: Configuring The Connection Mode
SCE platform, the command will fail with an error message and help instructions. Options, page 7-2 • Configuring the Connection Mode: Examples, page 7-3 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 196: Chapter 7 Configuring The Connection
(0 or 1) will be defined as the of number of the physically-connected-link. For backwards compatibility, the physically-connected-link parameter is currently still recognized. Note Possible values are '0' and '1'. Not applicable to single SCE platform topologies. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 197: Configuring The Connection Mode: Examples
Monitoring the Connection Mode and Related Parameters How to View the Current Connection Mode From the SCE> prompt, type show interface linecard 0 connection-mode and press Enter. Step 1 Displays the connection mode configuration. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 198: How To View The Sce-Id
Viewing the Current Redundancy Status of the SCE Platform: Example The following example shows typical output of this command. SCE>enable 5 Password:<cisco> SCE>show interface linecard 0 cascade redundancy-status Redundancy status is active Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 199: How To View Information About The Peer Sce Platform
Port 0/3 must be connected to port 0/4 at peer Port 0/4 must be connected to port 0/3 at peer SCE> How to Configure the Link Mode About the Link Mode, page 7-6 • Options, page 7-6 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 200: About The Link Mode
Use the all-links option to configure the link mode for all links (SCE 2000 platforms only). It is recommended that both links be configured together. Use the all-links option. • Link mode is relevant only to inline topologies. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 201: Configuring Asymmetric Routing Topology
SCE platform to handle such traffic, allowing SCA BB to classify traffic based on a single direction and to apply basic reporting and global control features to uni-directional traffic. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 202: Asymmetric Routing And Other Service Control Capabilities
For more information, please see the Cisco Service Control Application for Broadband User Guide. How to Monitor Asymmetric Routing Use the command below to display the following information regarding asymmetric routing: Current status of asymmetric routing mode (enabled or disabled) •...
Page 203: Monitoring Asymmetric Routing: Example
Configuring the Failure Recovery Mode The failure-recovery operation-mode command defines the behavior of the system after boot resulting from failure. Options, page 7-10 • Configure the Failure Recovery Mode: Examples, page 7-10 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 204: Configure The Failure Recovery Mode: Examples
SCE platform if any loss of connection with the SM (may be due either to failure of the SM or failure of the connection itself). If SM functionality is not critical to the operation of the system — no action needs to be configured. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 7-10 OL-7827-12...
Page 205: Configuring The Behavior Of The Sce Platform In Case Of Failure Of The Sm
The following option is available: interval — the timeout interval in seconds • From the SCE(config if)# prompt, type subscriber sm-connection-failure timeout interval and press Step 1 Enter. Configures the connection timeout. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 7-11 OL-7827-12...
Page 206: Enabling And Disabling Link Failure Reflection
Note The link reflection on all ports feature cannot be used in a cascade mode, because in this mode one of the links is used to provide redundancy. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 7-12 OL-7827-12...
Page 207: How To Enable Link Failure Reflection On All Ports
MGSCP topologies. Use this option when the subscriber-side interface and the corresponding network-side interface of the same link of the SCE 2000 platform are connected to the same linecard in the router. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 7-13 OL-7827-12...
Page 208: How To Enable Linecard-Aware Mode
From the SCE(config if)# prompt, type no link failure-reflection linecard-aware-mode and press Enter. Disables linecard aware mode. Note that this command does not disable link failure reflection on all ports. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 7-14 OL-7827-12...
Page 209: Information About The Rdr Formatter And Netflow Exporting Support
Raw Data Formatting: The RDR Formatter and NetFlow Exporting Revised: June 15, 2009, OL-7827-12 Introduction Cisco Service Control is able to deliver gathered reporting data to an external application for collecting, aggregation, storage and processing over two protocols: RDRv1: the Service Control proprietary export protocol •...
Page 210: C H A P T E R 8 Raw Data Formatting: The Rdr Formatter And Netflow Exporting
As the exporting of NetFlow traffic is done by the RDR Formatter, any of the configurations of the RDR Formatter affects the exporting of NetFlowV9 reports. For more information regarding RDR types and a description of their formats, see the Cisco Service Control Application for Broadband Reference Guide.
Page 211: Netflow Exporting Support
IP address • port number • protocol (RDRv1 or NetFlow) • transport type (TCP or UDP) • The destination is assigned a priority for each category to which it is assigned. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 212: Categories
By default, the categories are referred to as Category 1 through Category 4. However, the user may define meaningful names for the categories. This generally reduces confusion and prevents errors. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 213: Priority
Some types of deployments using the NetFlow protocol require multicast forwarding mode. In a Note deployment where there are multiple destinations for at least one category, and at least one of those is a NetFlow destination, the multicast forwarding mode must be configured. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 214: Protocol
• Commands that are relevant only to the RDR formatter (may affect NetFlow exporting as well) • Commands relevant only to the NetFlowV9 protocol and the NetFlow exporting support • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 215: Configuring The Data Destinations: Examples
The same priority will automatically be assigned to both categories for each destination, but since the categories will be ignored, this is irrelevant. SCE(config)# rdr-formatter destination 10.1.1.205 port 33000 protocol RdrV1 transport tcp SCE(config)# rdr-formatter destination 10.1.1.206 port 33000 priority 80 protocol RdrV1 transport tcp Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 216: Configuring The Data Categories
The category may defined by either number or name. • A different priority may be assigned to each category. Note that within each category the priorities must be unique for each destination. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 217 SCE(config)# rdr-formatter category number 2 name prepaid SCE(config)# rdr-formatter destination 10.1.1.205 port 33000 category number 1 priority 90 protocol RdrV1 transport tcp SCE(config)# rdr-formatter destination 10.1.1.206 port 33000 category name prepaid protocol RdrV1 transport tcp Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 218 SCE(config)# rdr-formatter destination 10.1.1.205 port 33000 priority 90 protocol RdrV1 transport tcp SCE(config)# rdr-formatter destination 10.1.1.206 port 33000 priority 95 protocol RdrV1 transport tcp SCE(config)# no rdr-formatter destination 10.1.1.206 port 33000 category name prepaid protocol RdrV1 transport tcp Cisco SCE 2000 and SCE 1000 Software Configuration Guide 8-10 OL-7827-12...
Page 219 SCE(config)# rdr-formatter destination 10.10.10.96 port 33000 category name billing priority 90 protocol NetFlowV9 transport udp SCE(config)# rdr-formatter destination 10.1.96.0 port 33000 category name prepaid priority 80prepaid priority 80 protocol NetFlowV9 transport udp Cisco SCE 2000 and SCE 1000 Software Configuration Guide 8-11 OL-7827-12...
Page 220: Configuring The Forwarding Mode
In a deployment where there are multiple destinations for at least one category, and at least one of those is a NetFlow destination, the multicast forwarding mode must be configured. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 8-12...
Page 221: Configuring The Forwarding Mode: Example
Configuring Dynamic Mapping of RDRs to • Categories, page 8-15) How to Enable the RDR Formatter From the SCE(config)# prompt, type and press Enter. Step 1 service rdr-formatter, Enables the RDR formatter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 8-13 OL-7827-12...
Page 222: How To Disable The Rdr Formatter
Assigning a DSCP value to the NetFlow export packets to a specified destination for priority configuration. The DSCP value must be between 0 and 63, and be entered in HEX format. • Configuring the frequency of exporting the template records (template refresh interval) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 8-14 OL-7827-12...
Page 223: How To Configure A Dscp Value For Netflow
The user must provide the RDR tag ID and the category number to add or remove. The configuration is saved as part of the application configuration. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 8-15 OL-7827-12...
Page 224: How To Configuring Mappings
Enter. category-number How to Restore the Default Mapping for a Specified RDR Tag From the SCE(config)# prompt, type tag-number and Step 1 default rdr-formatter rdr-mapping tag-id press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 8-16 OL-7827-12...
Page 225: Displaying Data Destination Configuration And Statistics
• show rdr-formatter protocol NetFlowV9 dscp Refer to the Cisco SCE 2000 and SCE 1000 CLI Command Reference for a complete description of the other show rdr-formatter commands. How to the Display the Current RDR Formatter Configuration The system can display the complete data destination configuration, or just specific parameters.
Page 226: How To The Display The Current Rdr Formatter Statistics
Destination: 10.56.204.7 Port: 33000 Status: up Sent: 12134054 Rate: Max: Sent Templates: 13732 Sent Data Records: 12134054 Refresh Timeout (Sec): Last connection establishment: 17 hours, 5 minutes, 15 seconds Cisco SCE 2000 and SCE 1000 Software Configuration Guide 8-18 OL-7827-12...
Page 227: Disabling The Linecard From Sending Rdrs
Step 1 Stops the linecard from producing RDRs. How to Enable the Linecard to Send RDRs From the SCE(config if)# prompt, type no silent and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 8-19 OL-7827-12...
Page 228 Chapter 8 Raw Data Formatting: The RDR Formatter and NetFlow Exporting Disabling the Linecard from Sending RDRs Cisco SCE 2000 and SCE 1000 Software Configuration Guide 8-20 OL-7827-12...
Page 229: Information About Subscribers
• VPN-Based Subscribers, page 9-5 • Synchronizing Subscriber Information in a Cascade System, page 9-6 Anonymous Groups and Subscriber Templates, page 9-7 • Information About Subscriber Files, page 9-7 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 230: Chapter 9 Managing Subscriber
Subscriber ID including the GUID. • Each subscriber is assigned a Manager-Id based on the management entity that created the subscriber. The possible managers are the SM, CLI and an SCMP peer device. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 231: Subscriber Modes In Service Control Solutions
MPLS/VPN-based subscribers are supported only in the dynamic subscriber aware mode. The system must dynamically map the internal MPLS label and the MAC address of the PE to the correct VPN subscriber. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 232: Subscriber Database: Capacity And Limits
Configuring the Actual Maximum Number of Subscribers, page 9-37): This specific command overrides the capacity option configured when loading the application. It provides the following options: 40K, 80K, 120K, 200K Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 233: Subscriber Mapping Limits
The VPN name is a number in the range [0 to 2046] • The number is used as the VLAN mapping of the newly created VPN. VLAN mappings cannot be added to automatic VPNs. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 234: Synchronizing Subscriber Information In A Cascade System
SCE platform, but does not generate pull-response for them. • If SCE-SM connection failure, the SM handles the SCE recovery of the active SCE platform only. The active SCE platform propagates the information to the standby SCE platform. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 235: Anonymous Groups And Subscriber Templates
Subscriber template csv files are application-specific. Refer to the relevant Service Control Application documentation of the file format. Anonymous groups csv files are not application specific. Their format is described below. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 236: Subscriber Default Csv File Format
# Yet another comment line anon1, 10.1.1.0/24, 1, 1 anon2, 10.1.2.0/24, 2, 2 anon3, 10.1.3.0/32, 3, 3 anon4, 10.1.4.0/24, 3, 3 anon5, 10.1.5.0/31, 2 anon6, 10.1.6.0/30, 1 anon7, 0.0.0.0/0, 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 237: Importing And Exporting Subscriber Information
Imported subscriber information is added to the existing subscriber information. It does not overwrite the existing data. If the information in the imported file is not valid, the command will fail during the verification process before it is actually applied. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 238: How To Export Subscriber Information
How to Export Subscriber Information Only subscribers managed by CLI commands are exported. To export subscribers managed by the SM, Note use the SM GUI or CLU (see the Cisco Service Control Management Suite Subscriber Manager User Guide.) Step 1 From the SCE(config if)# prompt, type filename and press Enter.
Page 239: How To Remove A Specific Subscriber
Removes the specified subscriber. How to Remove All Introduced Subscribers From the SCE(config if)# prompt, type and press Enter. Step 1 no subscriber all Removes all introduced subscribers. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-11 OL-7827-12...
Page 240: How To Remove A Specific Anonymous Subscriber Group
Step 1 From the SCE(config if)# prompt, type and press Enter. default subscriber template all Removes all subscriber templates. All anonymous subscribers will be assigned to the default subscriber template. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-12 OL-7827-12...
Page 241: About Vpn-Based Subscribers
— the name of the SCMP peer device from which to clear the subscribers. • Step 1 From the SCE(config if)# prompt, type peer-device-name and press no subscriber scmp name Enter. Clears all subscribers from the specified SCMP peer device. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-13 OL-7827-12...
Page 242: Creating Anonymous Groups
If no template is specified, the default template is applied to all subscribers in this group. Importing and Exporting Anonymous Groups • How to Import Anonymous Groups, page 9-15 • How to Export Anonymous Groups, page 9-15 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-14 OL-7827-12...
Page 243: How To Import Anonymous Groups
The CLI provides several commands that allow you to monitor subscribers. These commands can be used to display information regarding the following: Subscriber Database • All subscribers meeting various criteria • Individual subscriber information, such as properties and mappings • • Anonymous subscribers Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-15 OL-7827-12...
Page 244: How To Monitor The Subscriber Database
Total number of aged subscribers – Total number of pull events – Number of traffic sessions currently assigned to the default subscriber – clear interface linecard 0 subscriber db counters • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-16 OL-7827-12...
Page 245: How To Display The Subscriber Database Counters
VLAN based VPNs with subscribers: 0 used out of 2047 Subscribers with open sessions: 0. Subscribers with TIR mappings: 0. Sessions mapped to the default subscriber: 0. Peak values: Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-17 OL-7827-12...
Page 246: Clearing The Subscriber Database Counters
0 subscriber [amount] mapping intersecting IP ‘iprange’ [VPN 'vpn-name'] show interface linecard 0 subscriber mapping VLAN-id ‘VLAN-id’ • show interface linecard 0 subscriber mapping MPLS-VPN PE-ID 'pe-id' BGP-label 'bgp-label' • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-18 OL-7827-12...
Page 247: Displaying Subscribers: All Current Subscriber Names
— value of that subscriber property to match • Step 1 From the SCE> prompt, type propertyname show interface linecard 0 subscriber property equals property-val and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-19 OL-7827-12...
Page 248 — value of that subscriber property to match • Step 1 From the SCE> prompt, type show interface linecard 0 subscriber amount property propertyname property-val and press Enter. equals Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-20 OL-7827-12...
Page 249: Displaying Subscribers: By Mapping (Ip Address, Vpn, Vlan Id, Or Mpls/Vpn)
A specified VLAN ID • A specified MPLS/VPN • no mapping • You can also display just the number of subscribers with a specified mapping, rather than listing the actual subscribers. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-21 OL-7827-12...
Page 250 — label of the relevant BGP LEG • Step 1 From the SCE> prompt, type pe-id show interface linecard 0 subscriber mapping MPLS-VPN PE-ID BGP-label and press Enter. bgp-label Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-22 OL-7827-12...
Page 251: Displaying Subscriber Information
You can display the following information about a specified subscriber: values of the various subscriber properties • mappings (IP address, VLAN-ID or MPLS/VPN) • OS counters: • current number of flows – bandwidth – Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-23 OL-7827-12...
Page 252: How To Display A Listing Of Subscriber Properties
How to display values of subscriber properties for a specified subscriber Options The following options are available: name — subscriber name • From the SCE> prompt, type name Step 1 show interface linecard 0 subscriber name properties press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-24 OL-7827-12...
Page 253: How To Display Mappings For A Specified Subscriber
0 subscriber anonymous-group [all] [name ‘groupname’] • show interface linecard 0 subscriber amount anonymous [name ‘groupname’] • • show interface linecard 0 subscriber anonymous [name ‘groupname’] Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-25 OL-7827-12...
Page 254: How To Display Currently Configured Anonymous Groups
0 subscriber anonymous name and press Enter. How to display all subscribers currently in anonymous groups From the SCE> prompt, type and press Enter. Step 1 show interface linecard 0 subscriber anonymous Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-26 OL-7827-12...
Page 255: How To Display The Number Of Subscribers In A Specified Anonymous Group
A listing of all currently logged-in VPNs that were created automatically • How to Display Mappings for a Specified VPN • Options, page 9-28 • Displaying Mappings for a Specified VPN: Example, page 9-28 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-27 OL-7827-12...
Page 256: How To Clear Upstream Mpls/Vpn Mappings
Therefore, this command is useful when you want to update the VPN mappings without waiting for the standard aging period. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-28 OL-7827-12...
Page 257: How To Clear Automatic Vpns
CMTS device/blade), and the subscriber that uses all these CPEs should be configured to a single traffic processor (a single PPC in the SCE platform). Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-29 OL-7827-12...
Page 258: Subscriber Mapping Modes
Conflicting mapping are rejected (any other subscriber mappings are accepted as is) in both cases below: Conflict between mappings of a single mapping request. • Additive subscriber mappings that conflict with existing mappings. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-30 OL-7827-12...
Page 259: Subscriber Rules For Tirs
How to Configure TIRs Options, page 9-32 • How to Create or Update a TIR, page 9-32 • How to update a TIR even if subscriber mappings exist, page 9-32 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-31 OL-7827-12...
Page 260: How To Create Or Update A Tir
How to Remove All TIRs, page 9-33 • How to Remove Mappings from a Specified TIR, page 9-33 • How to Remove Mappings from a Specified IP Range, page 9-34 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-32 OL-7827-12...
Page 261: How To Remove A Specified Tir
How to Remove Mappings from a Specified TIR From the SCE(config if)# prompt, type Step 1 no subscriber mappings included-in TP-IP-range name tir-name and press Enter. The remove-subscriber-mappings option is not applicable to this command. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-33 OL-7827-12...
Page 262: How To Remove Mappings From A Specified Ip Range
In this case the command will execute successfully even if subscriber mappings exist. Options The following option is available: filename — the name of the csv file. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-34 OL-7827-12...
Page 263: How To Import Tirs From A Csv File
Information for a specified subscriber, including assigned TIR, where applicable • • All subscriber mappings in a specified IP range • Number of subscribers with mappings in a specified IP range Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-35 OL-7827-12...
Page 264: How To Display Traffic Processor Mappings State
Step 1 From the SCE> prompt, type name and press Enter. show interface linecard 0 subscriber name Displays complete subscriber information, including which TIR the subscriber belongs to (if applicable). Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-36 OL-7827-12...
Page 265: How To Display All Subscribers Mapped To A Specified Ip Range
From the SCE(config if)# prompt, type subscriber capacity-options disable and press Enter. Step 3 Install the new application file. (The configured subscriber maximum takes effect only after a new application file has been loaded.) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-37 OL-7827-12...
Page 266: How To Restore The Configured Capacity Option
0 subscriber aging • How to Enable Aging for Anonymous Group Subscribers Step 1 From the SCE(config if)# prompt, type and press Enter. subscriber aging anonymous Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-38 OL-7827-12...
Page 267: How To Enable Aging For Introduced Subscribers
— the time interval, in minutes, after which an inactive subscriber sill be aged. • From the SCE(config if)# prompt, type aging-time and press Step 1 no subscriber aging anonymous timeout Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-39 OL-7827-12...
Page 268: How To Set The Aging Timeout Period For Introduced Subscribers
If SM functionality is not critical to the operation of the system — no action needs to be configured. • In this case you can specify that the system operational-status of the SCE platform should be 'warning' when the link is down. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-40 OL-7827-12...
Page 269: Options
To specify that the system operational-status of the SCE platform should be 'warning' if the SCE-SM connection fails, use this command. Step 1 From the SCE(config if)# prompt, type subscriber sm-connection-failure warning and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-41 OL-7827-12...
Page 270: Configuring The Sm-Sce Platform Connection Timeout
The following option is available: • interval — the timeout interval in seconds From the SCE(config if)# prompt, type subscriber sm-connection-failure timeout interval and press Step 1 Enter. Configures the connection timeout. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 9-42 OL-7827-12...
Page 271: Information About Redundancy And Fail-Over
SCE platform, including updated subscriber state. The information in this chapter applies to the SCE 2000 4xGBE and SCE 2000 4/8xFE platforms only. Note Cisco SCE 2000 and SCE 1000 Software Configuration Guide 10-1 OL-7827-12...
Page 272: Chapter 10 Redundancy And Fail-Over
Redundancy and Fail-Over Information About Redundancy and Fail-Over Terminology and Definitions Following is a list of definitions of terms used in the chapter as they apply to the Cisco fail-over solution, which is based on cascaded SCE platforms. • Fail-over — A situation in which the SCE platform experiences a problem that makes it impossible for it to provide its normal functionality, and a second SCE platform device immediately takes over for the failed SCE platform.
Page 273: In-Line Dual Link Redundant Topology
PWR A PWR B STATUS BYPASS LINK RX TX LINK RX TX LINK RX TX LINK RX GBE-1 GBE-2 LINE SUB LINE/CASCADE NET Network Link 2 Router Router Subscriber Cisco SCE 2000 and SCE 1000 Software Configuration Guide 10-3 OL-7827-12...
Page 274: Failure Detection
Link failure reflection is supported both when the SCE platform is operational and when it is in failure/boot status. Link reflection, like fail-over, is dependent on the bypass mechanism of the SCE platform Cisco SCE 2000 and SCE 1000 Software Configuration Guide 10-4 OL-7827-12...
Page 275: How To Configure Forced Failure
SCE platform where it is processed, and then returned to the standby SCE platform through the cascade ports to be forwarded to the original line from which it came. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 10-5...
Page 276: Fail-Over
If the failure is in the active SCE platform — the standby SCE platform takes over processing – the traffic, and becomes the active SCE platform. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 10-6 OL-7827-12...
Page 277: Failure In The Cascade Connection
Refer to the Cisco SCE 2000 and SCE 1000 CLI Command Reference for details of the CLI commands. When working with two SCE platforms with split-flow and redundancy, it is extremely important to Note follow this installation procedure.
Page 278: Recovery
• Failure in the communications with the SM — automatic by SM decisions after connection is re-established. • Hardware malfunction — manual recovery, after replacing the malfunctioning SCE platform. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 10-8 OL-7827-12...
Page 279: Replacing The Sce Platform (Manual Recovery)
Selection of the active SCE platform. Step 4 Synchronization of the recovered SCE platform with the SM. Step 5 Copying updated subscriber states from the active SCE platform to the standby. Step 6 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 10-9 OL-7827-12...
Page 280: Cli Commands For Cascaded Systems
To configure the connection mode, use the following command. From the SCE 2000 (config if)# prompt, type connection-mode inline-cascade|receive-only-cascade Step 1 [physically-connected-links {link-0|link-1}][priority {primary|secondary}] [on-failure {bypass|cutoff}] and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 10-10 OL-7827-12...
Page 281: Examples
Step 1 show interface linecard 0 link mode How to View Current Link Mappings From the SCE 2000> prompt, type Step 1 show interface linecard 0 physically-connected-links press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 10-11 OL-7827-12...
Page 282: System Upgrades
After the former active SCE platform reboots and is ready to work manually, it may be left as standby Step 6 or we can manually switch the SCE platforms to their original state. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 10-12 OL-7827-12...
Page 283: Application Upgrade
This makes the updated SCE platform the active one, and it begins to give the NEW service. Repeat step 1 for the (now) standby SCE platform. Step 3 Since this includes a reboot, it is not necessary to undo the force failure command. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 10-13 OL-7827-12...
Page 284 Chapter 10 Redundancy and Fail-Over System Upgrades Cisco SCE 2000 and SCE 1000 Software Configuration Guide 10-14 OL-7827-12...
Page 285: Attack Filtering And Attack Detection
Attack Filtering, page 11-2 • Specific Attack Filtering, page 11-2 • Attack Detection, page 11-3 • Attack Detection Thresholds, page 11-4 • Attack Handling, page 11-5 • Hardware Filtering, page 11-6 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-1 OL-7827-12...
Page 286: C H A P T E R 11 Identifying And Preventing Distributed-Denial-Of-Service Attacks
The suspected flows rate exceeds a configured threshold and the ratio of suspected flows rate to total new flow rate exceeds a configured threshold. When the rates stop satisfying this criterion, the end of that attack is declared. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-2 OL-7827-12...
Page 287: Attack Detection
Attack-direction — If a single IP address is specified, the IP address is an attack-source or an • attack-destination address. The system can identify a maximum of 1000 independent, simultaneous attacks. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-3 OL-7827-12...
Page 288: Attack Detection Thresholds
IP addresses and ports (using access lists and port lists). This enables the user to set different detection criteria for different types of network entities, such as a server farm, DNS server, or large enterprise customer. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-4 OL-7827-12...
Page 289: Attack Handling
Service Control Application. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-5 OL-7827-12...
Page 290: Hardware Filtering
Monitoring Attack Filtering, page 11-21): • Check the " HW-filter " field in the show interface linecard attack-filter current-attacks command. Check the " HW-filter " field in the attack log file. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-6 OL-7827-12...
Page 291: Configuring Attack Detectors
• Sample Attack Detector Configuration, page 11-17 • The Cisco attack detection mechanism is controlled by defining and configuring special entities called Attack Detectors. There is one attack detector called ‘default’, which is always enabled, and 99 attack detectors (numbered 1-99), which are disabled by default.
Page 292 • default attack-detector number default attack-detector (all-numbered|all) • attack-detector number access-list comment • attack-detector number (TCP-dest-ports|UDP-dest-ports) (all|(port1 [port2 …])) • [no] attack-filter subscriber-notification ports port1 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-8 OL-7827-12...
Page 293: How To Enable Specific-Ip Detection
(single-side-source|single-side-destination|single-side-both|dual-sided|all)] and press Enter. How to Enable Specific-IP Detection for the TCP Protocol Only for all Attack Directions From the SCE(config if)# prompt, type attack-filter protocol TCP and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-9 OL-7827-12...
Page 294: How To Enable Specific-Ip Detection For The Tcp Protocol For Port-Based Detections Only For Dual-Sided Attacks
• Subscriber notification • Sending an SNMP trap • If a specific attack detector is defined for a particular attack type, it will override the configured default attack detector. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-10 OL-7827-12...
Page 295: How To Define The Default Action And Optionally The Default Thresholds
The default values for the default attack detector are: Action — Report • Thresholds — Varies according to the attack type • • Subscriber notification — Disabled • Sending an SNMP trap — Disabled Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-11 OL-7827-12...
Page 296: How To Reinstate The System Defaults For A Selected Set Of Attack Types
How to Reinstate the System Defaults for All Attack Types From the SCE(config if)# prompt, type default attack-detector default and press Enter. Step 1 Reinstates the system defaults for the defined attack types. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-12 OL-7827-12...
Page 297: Specific Attack Detectors
Configuring a TCP/UDP port list for a given attack detector affects only attack types that have the same protocol (TCP/UDP) and are port-based (i.e. detect a specific destination port). Settings for other attack types are not affected by the configured port list(s). Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-13 OL-7827-12...
Page 298: How To Enable A Specific Attack Detector And Assign It An Acl
From the SCE(config if)# prompt, type attack-detector number protocol (((TCP|UDP) [dest-port Step 1 (specific|not- specific|both)])|ICMP|other|all) attack-direction (single-side-source|single-side-destination|single-side-both|dual-sided|all) side (subscriber|network|both) [action (report|block)] [open-flows-rate number suspected-flows-rate rate suspected-flows-ratio ratio and press Enter. Defines the action of the specified attack detector Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-14 OL-7827-12...
Page 299: How To Define The Subscriber Notification Setting For A Specific Attack Detector
From the SCE(config if)# prompt, type attack-detector number Step 1 TCP-port-list|UDP-port-list port1 port2, port3… and press Enter. (all|( Defines the port list for the specified protocol and attack detector. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-15 OL-7827-12...
Page 300: How To Delete User-Defined Values
Use the following command to disable all attack detectors, configuring them to use the default values. From the SCE(config if)# prompt, type default attack-detector all and press Enter. Step 1 Disables all attack detectors. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-16 OL-7827-12...
Page 301: Sample Attack Detector Configuration
Exits the linecard interface configuration mode. Configure ACL #3, which has been assigned to the attack detector. Step 7 SCE(config)# access-list 3 permit 10.1.1.10 SCE(config)# access-list 3 permit 10.1.1.13 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-17 OL-7827-12...
Page 302: Configuring Subscriber Notifications
From the SCE(config if)# prompt, type attack-filter subscriber-notification ports portnumber and press Enter. How to Remove the Subscriber Notification Port Step 1 From the SCE(config if)# prompt, type no attack-filter subscriber-notification ports and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-18 OL-7827-12...
Page 303: Preventing And Forcing Attack Detection
— the IP address for which to prevent attack filtering. If attack -direction is dual-sided, an IP address must be configured for both the source (source-ip-address ) and the destination (dest-ip-address ) sides. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-19 OL-7827-12...
Page 304: Preventing Attack Filtering
How to Configure a force-filter Setting for a Specified Situation, page 11-21 • How to Remove a force-filter Setting from a Specified Situation, page 11-21 • How to Remove All force-filter Settings, page 11-21 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-20 OL-7827-12...
Page 305: How To Configure A Force-Filter Setting For A Specified Situation
The system sends a trap at the start of a specific attack detection event, and also when a specific detection event ends, as follows: STARTED_FILTERING trap – String with the attack information • STOPPED_FILTERING • String with the attack information – – String with the reason for stopping Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-21 OL-7827-12...
Page 306 IP addresses were detected from IP address A.B.C.D – on IP address A.B.C.D – from IP address A.B.C.D to IP address A.B.C.D – 'side' • – subscriber – network Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-22 OL-7827-12...
Page 307: Monitoring Attack Filtering Using Cli Commands
0 attack-filter current-attacks • • show interface linecard 0 attack-filter don't-filter • show interface linecard 0 attack-filter force-filter • show interface linecard 0 attack-filter subscriber-notification ports Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-23 OL-7827-12...
Page 308: How To Display A Specified Attack Detector Configuration
|Sub- |Alarm |Open flows|Ddos-Suspected flows|notif| |rate |rate |ratio --------|----|-----------||------|----------|------------|-------|-----|----- |net.|source-only|| |net.|dest-only |sub.|source-only|| |sub.|dest-only |net.|source+dest|| |sub.|source+dest|| TCP+port|net.|source-only||Block | |Yes TCP+port|net.|dest-only TCP+port|sub.|source-only||Block | |Yes TCP+port|sub.|dest-only TCP+port|net.|source+dest|| TCP+port|sub.|source+dest|| |net.|source-only|| |net.|dest-only |sub.|source-only|| |sub.|dest-only Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-24 OL-7827-12...
Page 309: How To Display The Default Attack Detector Configuration
500|50 UDP+port|sub.|dest-only ||Report| 1000| 500|50 UDP+port|net.|source+dest||Report| 100| 50|50 UDP+port|sub.|source+dest||Report| 100| 50|50 ICMP |net.|source-only||Report| 500| 250|50 ICMP |net.|dest-only ||Report| 500| 250|50 ICMP |sub.|source-only||Report| 500| 250|50 ICMP |sub.|dest-only ||Report| 500| 250|50 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-25 OL-7827-12...
Page 310: How To Display All Attack Detector Configurations
Use this command to display the configured threshold values and actions a specified IP address (and port), taking into account the various specific attack detector access list configurations Options, page 11-27 • Example 1, page 11-27 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-26 OL-7827-12...
Page 311 |net.|dst.|Report| 500| 250| 50|No other |sub.|src.|Report| 500| 250| 50|No other |sub.|dst.|Report| 500| 250| 50|No (N) below a value means that the value is set through attack-detector #N. SCE#> Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-27 OL-7827-12...
Page 312: How To Display The Current Counters
From the SCE> prompt, type show interface linecard 0 attack-filter force-filter and press Enter. Step 1 How to display all existing don't-filter settings From the SCE> prompt, type show interface linecard 0 attack-filter don't-filter and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-28 OL-7827-12...
Page 313: How To Display The List Of Ports Selected For Subscriber Notification
• Interface of IP address (subscriber or network) • Open-flows-rate, suspected-flows-rate and suspected-flows-ratio at the time of attack detection • Threshold values for the detection • Action taken • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-29 OL-7827-12...
Page 314: How To View The Attack Log
How to Copy the Attack Log to a File From the SCE# prompt, type more line-attack-log redirect filename and press Enter. Step 1 Writes the log information to the specified file. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 11-30 OL-7827-12...
Page 315: Information About Vas Traffic Forwarding
Possible use cases for this functionality would be intrusion detection and content-filtering. These value added services are provided on top of the services and functions of the SCA BB solution. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-1...
Page 316: C H A P T E R 12 Value Added Services (Vas) Traffic Forwarding
Group. It is able to identify the active servers among the defined servers through a dedicated Health Check mechanism. There is also a VAS over 10G solution, which is a special case of the Cisco Multi-Gigabit Service Control Platform (MGSCP) solution, supporting only one external 10G link and using a Cisco...
Page 317 The exact performance envelope is specific to the traffic mix in the customer network and should be sized in advance. The following sections provide a more detailed description of how VAS traffic forwarding works. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-3 OL-7827-12...
Page 318: Requirements For Vas Servers
The switches that are connected to the VAS devices should be configured so management traffic will • be sent directly to the router and not through the SCE platform. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-4 OL-7827-12...
Page 319: Vas Traffic Forwarding And Sca Bb
These nine bits must be the same for all VAS servers attached to a specific SCE platform. • These nine bits must be different for VAS servers attached to different SCE platforms. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-5 OL-7827-12...
Page 320: Service Flow
For the sake of illustration, the SCE platform traffic flow direction is left to right while the VAS • traffic flow is right to left. The arrow below the name of the element indicates the traffic flow direction. The Ethernet switches are omitted. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-6 OL-7827-12...
Page 321: Non-Vas Data Flow
A subscriber packet is received at the SCE platform port 1 (S). • The SCE platform classifies the flow as non-VAS flow. • The packet is sent to the network on port 2 (N). • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-7 OL-7827-12...
Page 322: Vas Data Flow
VAS server may be bearing from a different SCE platform. It is the responsibility of the user to allocate available VAS servers to the SCE platforms in a way that ensures proper total load on each VAS server. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-8 OL-7827-12...
Page 323: Load Balancing And Subscribers
In addition to failure of an individual VAS server, a complete VAS Server Group is considered to be failed if a defined minimum number of servers are not active. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-9 OL-7827-12...
Page 324: Vas Server Failure
The Ethernet switches are a single point of failure in the VAS topology. A complete failure of an Ethernet switch causes all the VAS services to be declared as failed and the configured action (on-failure) will be taken for all new VAS flows. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-10 OL-7827-12...
Page 325: Disabling A Vas Server
To check the connectivity with the VAS server before enabling it to handle traffic, the server should not be assigned to any group. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-11 OL-7827-12...
Page 326: Vas Server States
12-32, which is a special case of Cisco Multi-Gigabit Service Control Platform (MGSCP) solution, supporting only one external 10G link and using a Cisco 6500/7600 Series router as a dispatcher to distribute the external 10G link and as the switch towards the VAS servers.
Page 327: Data Flow
SCE platform should be the only port with this VLAN tag allowed). The SCE platform receives the packet on port #3 (Subscriber), strips the VLAN tag and forwards • the packet to the network via port #2 (Network) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-13 OL-7827-12...
Page 328: Multiple Sce Platforms, Multiple Vas Servers
VAS server 1 Ethernet Ethernet switch switch VAS server 2 VLAN 306 VLAN 306 VAS server 3 VLAN 307 VLAN 307 4 (N) 3 (S) 1 (S) 2 (N) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-14 OL-7827-12...
Page 329: Snmp Support For Vas
Network side packets are handled by the attack-detector in the first pass, when they open a flow, so they also are not counted twice. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-15 OL-7827-12...
Page 330: Specific Ip Attack Filter
How to Configure a VAS Server, page 12-20 • How to Assign a VLAN ID to a VAS Server, page 12-21 • How to Configure a VAS Server Group, page 12-25 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-16 OL-7827-12...
Page 331: Configuring Vas Traffic Forwarding From The Sca Bb Console
Note Additional VAS traffic forwarding configuration and monitoring options are available from the SCA BB Console. See Managing VAS Traffic Forwarding Settings in the Cisco Service Control Application for Broadband User Guide. Following is a high-level description of the steps in configuring VAS traffic forwarding.
Page 332: Enabling Vas Traffic Forwarding
Therefore, it is also highly recommended to shutdown the line card before you disable the VAS traffic forwarding in the SCE platform to avoid inconsistency with flows that were already forwarded to the VAS servers. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-18 OL-7827-12...
Page 333: How To Configure The Vas Traffic Link
From the SCE(config if)# prompt, type VAS-traffic-forwarding traffic-link {link-0|link-1} and press Step 1 Enter. How to Revert to the Default Link for VAS Traffic From the SCE(config if)# prompt, type no VAS-traffic-forwarding traffic-link and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-19 OL-7827-12...
Page 334: How To Configure A Vas Server
The server is not operational until a VLAN tag has also been defined From the SCE(config if)# prompt, type VAS-traffic-forwarding VAS server-id number enable and Step 1 press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-20 OL-7827-12...
Page 335: How To Disable A Vas Server
How to Configure the VLAN Tag Number for a Specified VAS Server From the SCE(config if)# prompt, type VAS-traffic-forwarding VAS server-id number VLAN vlan-id Step 1 and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-21 OL-7827-12...
Page 336: How To Remove The Vlan Tag Number From A Specified Vas Server
If the health check of the server is disabled, its operational status depends on the following (requirements for Up state are in parentheses): admin status (enable) • VLAN tag configuration (VLAN tag defined) • group mapping (assigned to group) • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-22 OL-7827-12...
Page 337: How To Configure Pseudo Ip Addresses For The Health Check Packets
About Pseudo IP Addresses, page 12-24 • Options, page 12-24 • How to Define the pseudo IP Address, page 12-24 • How to Delete the pseudo IP Address, page 12-24 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-23 OL-7827-12...
Page 338 From the SCE(config if)#>prompt, type pseudo-ip ip-address [mask] and press Enter. Step 1 How to Delete the pseudo IP Address From the SCE(config if)#>prompt, type no pseudo-ip ip-address [mask] and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-24 OL-7827-12...
Page 339: How To Configure A Vas Server Group
How to Remove all VAS Servers from a Specified VAS Server Group, page 12-26 • Options The following options are available: • group-number — The ID number of the VAS server group • id-number — The ID number of the VAS server Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-25 OL-7827-12...
Page 340: How To Configure Vas Server Group Failure Parameters
Block — all new flows assigned to the failed VAS server group will be blocked by the SCE platform. – Pass — all new flows assigned to the failed VAS server group will be considered as regular non-VAS flows, and will be processed without VAS service. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-26 OL-7827-12...
Page 341 Use this command to revert the failure action configuration for the specified VAS server group to the default value (pass). From the SCE(config if)# prompt, type default VAS-traffic-forwarding VAS server-group Step 1 group-number failure action and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-27 OL-7827-12...
Page 342: Monitoring Vas Traffic Forwarding
From the SCE> prompt, type show interface linecard 0 VAS-traffic-forwarding and press Enter. Step 1 Example SCE>show interface linecard 0 VAS-traffic-forwarding VAS traffic forwarding is enabled VAS traffic link configured: Link-1 actual: Link-1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-28 OL-7827-12...
Page 343: How To Display Operational And Configuration Information For A Specific Vas Server Group
Configured mode: enable actual mode: enable VLAN: server group: State: UP Health Check configured mode: enable status: running Health Check source port: 63140 destination port: 63141 Number of subscribers: Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-29 OL-7827-12...
Page 344: How To Display Operational And Configuration Information For All Vas Servers
Reordered packets Bad Length packets IP Checksum error packets L4 Checksum error packets L7 Checksum error packets Bad VLAN tag packets Bad Device ID packets Bad Server ID packets Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-30 OL-7827-12...
Page 345: How To Display Health Check Counters For All Vas Servers
VAS server id 0: VAS server id 1: VAS server id 2: VAS server id 3: VAS server id 4: VAS server id 5: VAS server id 6: VAS server id 7: Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-31 OL-7827-12...
Page 346: About Vas Over 10G
A specific configuration of VAS traffic forwarding is VAS over 10G using a Cisco 6500/7600 Series router as a dispatcher. The VAS over 10G topology is a specific application of the Cisco Multi-Gigabit Service Control Platform (MGSCP) solution in which only one external 10G link is supported. The 7600 distributes the external 10G link and also functions as the switch for the VAS servers.
Page 347: Data Flow In Vas Over 10G Topology
VAS data in the VAS solution over 10G topology. Note that the path between the SCE platform and the VAS servers has the same VLAN tag for all SCE platforms in the same EtherChannel. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-33 OL-7827-12...
Page 348 VLAN tag used for the VAS servers. This VLAN tag must be defined as native in the trunk ports towards the SCE platforms, so that the external traffic arrives at the SCE platform without a VLAN tag. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-34 OL-7827-12...
Page 349: Vas Data Flow: To The Vas Server
The figures assume that the VAS link is link 1. • VAS Data Flow: To the VAS Server Figure 12-8 Data Flow in VAS over 10G Topology: To the VAS Server 7600 505,525 505,525 Native: 100 Native: 101 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-35 OL-7827-12...
Page 350: Vas Data Flow: From The Vas Server
The packet has no VLAN tag when it arrives at the VAS server. VAS Data Flow: From the VAS Server Figure 12-9 Data Flow in VAS over 10G Topology: From the VAS Server 7600 505,525 505,525 Native: 100 Native: 101 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-36 OL-7827-12...
Page 351: Failover Support
SCE platform switches to its backup subscriber and network ports, so that the VAS traffic is forwarded to the redundant set of VAS devices, as illustrated in the following figure. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-37...
Page 352 Once there is a successful health check on the VAS link, the link switches immediately upon failure (see How to Configure the Minimum Time between Link Switches, page 12-42). Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-38 OL-7827-12...
Page 353: Health Check In Vas Over 10G Topology
To prevent this from happening, the SCE platform opens eight flows per VAS server. This ensures that at least one of the flows will be mapped to the correct SCE platform; the other SCE platforms disregard health check packets not initiated by them. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-39 OL-7827-12...
Page 354: Configuring Vas Over 10G: General Guidelines
The VLAN tags and configuration of the two sets of VAS servers must be identical. Note Additional VAS traffic forwarding configuration and monitoring options are available from the SCA BB Console. See Managing VAS Traffic Forwarding Settings in the Cisco Service Control Application for Broadband User Guide. Configuring the 7600/6500 for VAS over 10G This section explains some important points to keep in mind when configuring the 7600/6500 as part of the VAS over 10G solution.
Page 355: Configuring Vas Over 10G
VAS traffic-link {link-0|link-1|auto-select} — The link number on which to transmit VAS traffic – For VAS over 10G, specify auto-select. From the SCE(config if)# prompt, type no VAS-traffic-forwarding traffic-link and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-41 OL-7827-12...
Page 356: How To Configure The Minimum Time Between Link Switches
From the SCE(config if)# prompt, type no VAS-traffic-forwarding traffic-link auto-select Step 1 link-switch-delay and press Enter. You can also use the default form of the command: default VAS-traffic-forwarding traffic-link auto-select link-switch-delay Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-42 OL-7827-12...
Page 357: How To Set The Active Vas Link
Enable health check compatibility for VAS over 10G How to Configure the Health Check IP Address About the Health Check IP Address, page 12-44 • Options, page 12-44 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-43 OL-7827-12...
Page 358 From the SCE(config if)# prompt, type no VAS-traffic-forwarding health-check ip-address and press Step 1 Enter. You can also use the default form of the command: default VAS-traffic-forwarding health-check ip-address Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-44 OL-7827-12...
Page 359: How To Enable The Health Check For Vas Over 10G Topology
From the SCE(config if)# prompt, type no VAS-traffic-forwarding health-check topology MGSCP Step 1 and press Enter. You can also use the default form of the command: default VAS-traffic-forwarding health-check topology MGSCP Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-45 OL-7827-12...
Page 360: Vas Over 10G Sample Configuration
SCE(config if)#VAS-traffic-forwarding VAS server-group 1 server-id 2 SCE(config if)#VAS-traffic-forwarding VAS server-group 1 server-id 3 Step 9 SCE(config if)#VAS-traffic-forwarding Set the SCE platform to forward VAS traffic (enable VAS traffic forwarding). Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-46 OL-7827-12...
Page 361: Intelligent Traffic Mirroring
Today WEB advertising is being executed by content providers (or publishers) in collaboration with ad-networks, which actually handle the syndication of ads from advertisers to web sites. The Cisco Service Control behavioral targeting solution provides the means for service providers to participate in the business of the online advertising.
Page 362: Traffic Mirroring And Sca Bb
Subscribers browse web For more information regarding targeted advertising, see the following documents: Cisco Service Control Online Advertising Solution Guide: Behavioral Profile Creation Using RDRs • Cisco Service Control Online Advertising Solution Guide: Behavioral Profile Creation Using Traffic •...
Page 363: Mirroring Exceptions
Network Network Subscribers Subscribers Mirrored Traffic leaves the SCE through GBE ports 3 (subscriber) and 4 (network) using predefined Original Traffic VLANs Mirrored Traffic Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-49 OL-7827-12...
Page 364: Configuring Traffic Mirroring
Note Additional traffic mirroring configuration and monitoring options are available from the SCA BB Console. See Managing Traffic Mirroring Settings in the Cisco Service Control Application for Broadband User Guide. Traffic mirroring is not compatible with regular VAS traffic forwarding.
Page 365: Monitoring Traffic Mirroring
Monitoring Traffic Mirroring Use the same commands to monitor traffic mirroring as for regular VAS functionality. (See Monitoring VAS Traffic Forwarding, page 12-28) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-51 OL-7827-12...
Page 366: Traffic Mirroring Sample Configuration
1 respectively, allowing server redundancy within SCE(config if)#VAS-traffic-forwarding VAS server-group each group. 0 server-id 1 SCE(config if)#VAS-traffic-forwarding VAS server-group 1 server-id 2 SCE(config if)#VAS-traffic-forwarding VAS server-group 1 server-id 3 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 12-52 OL-7827-12...
Page 367: Mpls/Vpn Support
The following assumptions and requirements allow the SCE platform to operate in an MPLS/VPN environment: The MPLS/VPN architecture is according to RFC-2547. • The specific type of encapsulation used is the MPLS shim header over Ethernet (described in • RFC-3032). Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-1 OL-7827-12...
Page 368: Chapter 13 Mpl/Vpn Support
Mechanism used to build per-interface routing tables. Each PE has Forwarding instance) several VRFs, one for each site it connects to. This is how the private IPs remain unique. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-2 OL-7827-12...
Page 369: What Are The Challenges For Service Control For Mpls/Vpn Support?
Upstream – the combination of the external label, the BGP label, and the MAC address of the P router (two labels that are relevant to the classification) Upstream labels are learned from the data plane. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-3 OL-7827-12...
Page 370: Private Ip Subscriber Support
All the IP addresses of a CE router, defined by a BGP community over a VPN. The network configuration that provides the division into VPNs and VPN-based subscribers is controlled by the SM. (For more information, see the Cisco Service Control Management Suite Subscriber Manager User Guide )
Page 371: How The Service Control Mpls/Vpn Solution Works
VPN-based subscriber • The SCE platform runs the SCA-BB application for the network flows, which are classified to VPNs, thus providing subscriber aware service control and reporting Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-5 OL-7827-12...
Page 372: Service Control Mpls/Vpn Concepts
IP header, rather than the label. This process requires learning of the upstream labels in use for such flows, and is done using the flow detection mechanism described above (see Flow Detection, page 13-3). Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-6 OL-7827-12...
Page 373 SM. However, they can be bypassed in the SCE platform without any service and without harming the service for other VPNs. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-7...
Page 374: Service Control Mpls/Vpn Requirements
The data link between the P and the PE is connected via the other interfaces on each SCE platform, as described above: – Subscriber side of each SCE platform connected toward the PE router – Network side of each SCE platform connected toward the P router Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-8 OL-7827-12...
Page 375: Capacity
80,000 IP mappings over VPNs – 57,344 different labels (including upstream and downstream, and including the bypassed VPNs) • 256 PEs per SCE platform • – 4 interfaces per PE Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-9 OL-7827-12...
Page 376: Limitations
PE-PE route in each period of time. The higher the rate of TCP flows from the subscriber side, the higher the accuracy of the mechanism can be. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-10...
Page 377: Backwards Compatibility
VLAN support, indicating that they are all in default mode. Step 1 From the SCE# prompt, type and press Enter. show running-config Displays the running configuration. Check that no VLAN or L2TP configuration appears. Step 2 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-11 OL-7827-12...
Page 378: How To Configure The Mpls Environment
Configuring the MAC Resolver, page 13-14.) Defining the PE Routers Options, page 13-13 • How to Add a PE Router, page 13-13 • How to Remove PE Routers, page 13-13 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-12 OL-7827-12...
Page 379 PE routers. How to Remove a Specified PE Router Step 1 From the SCE(config if)# prompt, type no MPLS VPN PE-ID pe-id and press Enter. Removes the specified PE router. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-13 OL-7827-12...
Page 380: Configuring The Mac Resolver
Benefit: it works even if the MAC address of the PE interface changes. – Drawback: depending on the specific network topology, the MAC resolution convergence time may • be undesirably long. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-14 OL-7827-12...
Page 381: Monitoring The Mac Resolver
These two modes can function simultaneously; therefore selected PE routers can be configured statically, while the rest are resolved dynamically For more information regarding the MAC resolver, refer to the Cisco Service Control Engine Software Configuration Guide. Options The following options are available: •...
Page 382: Configuring The Sm For Mpls/Vpn Support
# The following section enables SM operation with MPLS-VPN support. [MPLS-VPN] # The following parameter defines the BGP attribute to use to identify VPN subscribers # possible values: "rd" or "rt". # (default: rt) vpn_id=rt Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-16 OL-7827-12...
Page 383: How To Configure The Sm To Allow Ip Ranges
Managing MPLS/VPN Support via SM CLU, page 13-24 • Managing MPLS/VPN Support via SNMP SNMP support for MPLS/VPN auto-learn is provided in two ways: MIB variables • SNMP traps • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-17 OL-7827-12...
Page 384: Mpls/Vpn Mib Objects
The objects in the mplsVpnAutoLearnGrp provide the following information: maximum number of mappings • allowed current number of mappings • For more information, see the "Proprietary MIB Reference" in the Cisco Service Control Engine Software Configuration Guide. MPLS/VPN Traps There is one MPLS/VPN-related trap: mplsVpnTotalHWMappingsThresholdExceeded (pcubeSeEvents 45) •...
Page 385 How to Display Subscriber Mappings for an IP range on a Specified VPN Options, page 13-20 • Displaying Subscribers Mapped to a IP range on a Specified VPN: Example, page 13-20 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-19 OL-7827-12...
Page 386 Displaying the Number of Subscribers Mapped to range on a Specified VPN: Example SCE> show interface linecard 0 subscriber amount mapping included-in IP 0.0.0.0/0 VPN vpn1 There are 2 subscribers with 4 IP mappings included in IP range '0.0.0.0/0'. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-20 OL-7827-12...
Page 387: Clearing Upstream Vpn Mappings
Therefore, this command is useful when you want to update the VPN mappings without waiting for the standard aging period. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-21 OL-7827-12...
Page 388: Monitoring Subscriber Counters
Peak number of subscribers with mappings: 2 Peak number occurred at: 14:56:55 ISR MON June 9 2007 Peak number cleared at: 15:29:39 ISR MON June 9 2007 Event counters: =============== Subscriber introduced: 2. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-22 OL-7827-12...
Page 389: Monitoring Mpls/Vpn Counters
How to Display the Configuration of a Specified PE Router From the SCE# prompt, type show interface linecard 0 MPLS VPN PE-Database PE-ID pe-id and Step 1 press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-23 OL-7827-12...
Page 390: Monitoring Bypassed Vpns
The SM CLU allows you to do the following: Add and remove VPNs • Display VPN information • Clear MPLS/VPN mappings • For more information, see the Cisco Service Control Management Suite Subscriber Manager User Guide. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-24 OL-7827-12...
Page 391: Managing Vpns
• To Display the Mappings for a Specified VPN, page 13-26 • To List All Existing VPNs From the shell prompt, type the following command: Step 1 p3vpn -–show-all Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-25 OL-7827-12...
Page 392 From the shell prompt, type the following command: p3vpn –-remove-all-mappings Step 1 --vpn=VPN-Name To Remove a Specified Mapping from a Specified VPN From the shell prompt, type the following command: p3vpn –-remove-mappings --vpn=VPN-Name Step 1 --mpls-vpn=RT@PE,(RT@PE2, RT@PE3,...) Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-26 OL-7827-12...
Page 393: How To Add Mappings To Vpn-Based Subscribers
--additive-mappings — Use this option to add the new mapping(s) to any existing ones. (Without • this option, any existing mappings are overwritten.) From the shell prompt, type the following command: p3subs –-add -–subscriber=SUB-NAME Step 1 –-vpn=VPN-NAME [--additive-mappings] Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-27 OL-7827-12...
Page 394: How To Remove Vpn Mappings From Subscribers
From the shell prompt, type the following command: p3subs –-remove-all-mappings Step 1 -–subscriber=SUB-NAME To Remove a Specified IP Mapping from a Specified Subscriber From the shell prompt, type the following command: p3psubs –-remove-mappings Step 1 -–subscriber=SUB-NAME --ip=IP1[/RANGE][,...]@VPN-NAME Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-28 OL-7827-12...
Page 395: How To Monitor Subscriber Mpls/Vpn Mappings
Step 1 -–subscriber=SUB-NAME --community=AS:value@VPN-NAME How to Monitor Subscriber MPLS/VPN Mappings Use the p3subs utility to manage VPNs. Step 1 From the shell prompt, type the following command: p3subs --show-all-mappings --subscriber=SUB-NAME Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-29 OL-7827-12...
Page 396 Chapter 13 MPLS/VPN Support Managing MPLS/VPN Support Cisco SCE 2000 and SCE 1000 Software Configuration Guide 13-30 OL-7827-12...
Page 397: About Scmp
SCMP Subscriber Management, page 14-8 • The SCMP is a Cisco proprietary protocol that uses the RADIUS protocol with CoA (Change of Authorization) support as a transport layer. The SCMP provides connection management messages, subscriber management and subscriber accounting messages. Each subscriber in the SCE platform represents a session in the SCMP peer (as defined by the ISG terminology).
Page 398: Chapter 14 Managing The Scmp
• destination IP address, source port, destination port, protocol and in some cases direction. SCMP Peer – A Cisco device running IOS with the ISG module enabled. • Identity Key – One of the keys that help identify a Session. The identity keys that are relevant to the •...
Page 399: Deployment Scenarios
However, note that deploying only one SCE platform results in a single point of failure, which is not generally acceptable in an actual deployment. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-3...
Page 400: Single Isg Router With Two Cascaded Sce Platforms (1Xisg – 2Xsce)
SCE platform. An ISG device cannot push sessions to two SCE platforms at the same time • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-4 OL-7827-12...
Page 401: Multiple Isg Routers With Two Cascaded Sce Platforms (Nxisg – 2Xsce)
SCE platform. An ISG device cannot push sessions to two SCE platforms at the same time. • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-5 OL-7827-12...
Page 402: Multiple Isg Routers With Multiple Sce Platforms Via Load Balancing (Nxisg – Mxsce)
An ISG device cannot push sessions to two SCE platforms at the same time. • You must configure multiple SCE platforms with load-balancing (MGSCP) to work in pull integration mode. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-6 OL-7827-12...
Page 403: Scmp Peer Devices
About SCMP SCMP Peer Devices An SCMP peer device is a Cisco device running IOS with the ISG module enabled. The SCE platform supports the ability to communicate with several SCMP peer devices at the same time. However, each peer device manages its own subscribers and the corresponding subscriber network IDs. The SCE platform recognizes which subscribers belong to which peer device.
Page 404: Scmp Subscriber Management
Deleting Subscribers Managed by an SCMP Peer Device, page 14-13 Deleting an SCMP Peer Device, page 14-14 • Defining the Subscriber ID, page 14-14 • Configuring the RADIUS Client, page 14-15 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-8 OL-7827-12...
Page 405: Configuring Scmp Parameters
Use this command to specify push mode. Use the no form of the command to specify pull mode. This configuration takes effect only after the connection is re-established. Default is disabled (pull mode). Step 1 From the SCE(config)# prompt, type scmp subscriber send-session-start and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-9 OL-7827-12...
Page 406: Configuring The Scmp Peer Device To Force Each Subscriber To Single Sce Platform
Use this command to disable forcing each subscriber to only one SCE platform. This allow subscribers to be provisioned to more than one SCE platform. From the SCE(config)# prompt, type no scmp subscriber force-single-sce and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-10 OL-7827-12...
Page 407: How To Define The Keep-Alive Interval Parameter
The following options are available: interval — Loss of sync timeout interval in seconds • Default = 90 seconds – From the SCE(config)# prompt, type scmp loss-of-sync-timeout interval and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-11 OL-7827-12...
Page 408: Adding An Scmp Peer Device
— 1812 • acct-port# — 1813 • From the SCE(config)# prompt, type scmp name radius secret Step 1 peer_device_name radius_hostname [auth-port acct-port ] and press Enter. shared_secret auth-portnumber acct-portnumber Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-12 OL-7827-12...
Page 409: Assigning The Scmp Peer Device To An Anonymous Group
The following options are available: peer_device_name — User-assigned name of the SCMP peer device • From the SCE(config if)# prompt, type no subscriber scmp name all and press Step 1 peer-device-name Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-13 OL-7827-12...
Page 410: Deleting An Scmp Peer Device
• The GUID is always appended at the end of the subscriber ID as defined by this command. You must disable the SCMP interface before executing this command. Note Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-14 OL-7827-12...
Page 411: Configuring The Radius Client
The RADIUS client polls the sockets to receive the next message and calls the SCMP engine to handle it, based on the type of the received message. Messages that were not acknowledged can be retransmitted up to the configured maximum number of retries. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-15 OL-7827-12...
Page 412: Monitoring The Scmp Environment
Statistics for either all SCMP peer devices or a specified SCMP peer device. • Options The following options are available: device-name — The name of the specific SCMP peer device for which to display the configuration • or statistics. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-16 OL-7827-12...
Page 413: How To Display The General Scmp Configuration
Send session start: Time connected: 9 seconds How to display the statistics for all SCMP peer devices From the SCE> prompt, type show scmp all counters and press Enter. Step 1 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-17 OL-7827-12...
Page 414: How To Display The Statistics For A Specified Scmp Peer Device
Use the following command to monitor the SCMP RADIUS client. This command displays the general configuration of the RADIUS client. Step 1 From the SCE> prompt, type show ip radius-client and press Enter. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 14-18 OL-7827-12...
Page 415: Introduction
No UDP traffic is being reported (this is because the SCE platform will automatically filter all UDP • traffic in certain cases as a last resort). Monitoring the SCE platform can be divided onto two main areas: Monitoring SCE platform utilization • Monitoring service loss • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 416: A P P E N D I X A Monitoring Sce Platform Utilization
You should make sure that the number of Introduced Subscribers plus the number of Anonymous Subscribers stays below this figure. It is advisable that when subscribers utilization exceeds 90%, special attention should be given and sizing should be reconsidered. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 417: Service Loss
It is expected that the SCE platform user will define timeslots in which this variable is monitored (reset it between timeslots). Note that the units for this variable are 0.001% and the information is rounded down. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 418 Appendix A Monitoring SCE Platform Utilization Service Loss Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 419: Introduction
Note http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml under the Cisco Service Routing Products section. pcube Enterprise MIB, page B-2 • pcubeModules (1.3.6.1.4.1.5655.2), page B-6 • pcubeWorkgroup (1.3.6.1.4.1.5655.4), page B-16 • Supported Standards, page B-94 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 420: Appendix B Proprietary Mib Reference
(CISCO-SCAS-BB MIB) The pcubeProducts subtree The pcubeProducts subtree contains the OIDs of Cisco Service Control products. These OIDs are used only to describe the Cisco Service Control platforms, not as roots for other OIDs. This subtree does not contain online data, just global definitions.
Page 421: Application Mib Integration
OIDs and notifications. This means that the branches in this subtree are defined in multiple MIB files. The pcubeConfigCopyMib subtree The pcubeConfigCopy MIB is a subset of the Cisco Config-Copy-MIB ported to the pcube enterprise subtree. It supports only local copying of running config to startup config. The pcubeConfigCopyMIB is defined the MIB file: PCUBE-CONFIG-COPY-MIB.my The config copy MIB is intended for use by all pcube products, and is therefore placed under the pcubeMgmt subtree.
Page 422: Application And Subscriber Groups
Note that the values cannot be changed through SNMP. Tuneables and Viewables are the same in this respect, they can only be viewed. Note as well that all the properties in the application group are global properties. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 423: The Engage Mib (Pcubeengagemib)
MIB Updates The definitions of the following MIB objects have been updated in this document, but the updated definitions may not yet appear in the online MIB. Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 424: Tpserviceloss
MIB Reference" chapter in the Cisco SCA BB Reference Guide for a description of the CISCO-SCAS-BB-MIB.) pcubeSeMIB (1.3.6.1.4.1.5655.2.3) Main SNMP MIB for the Cisco SCE products such as SCE 2000 and SCE 1000. This MIB provides configuration and runtime status for chassis, control modules, and line modules on the SCOS systems. •...
Page 425: Pcubesemib Object Groups (1.3.6.1.4.1.5655.2.3.1.1)
• Global Controllers Group: pcubeGlobalControllersGroup (1.3.6.1.4.1.5655.2.3.1.1.12), page B-14 • Application Group: pcubeApplicationGroup (1.3.6.1.4.1.5655.2.3.1.1.13), page B-14 Traffic Counters Group: pcubeTrafficCountersGroup (1.3.6.1.4.1.5655.2.3.1.1.14), page B-14 • Attack Group: pcubeaAtackGroup (1.3.6.1.4.1.5655.2.3.1.1.15), page B-15 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 426 (1.3.6.1.4.1.5655.4.1.2.2), page B-32 pchassisFansAlarm (1.3.6.1.4.1.5655.4.1.2.3), page B-32 pchassisTempAlarm (1.3.6.1.4.1.5655.4.1.2.4), page B-33 pchassisVoltageAlarm (1.3.6.1.4.1.5655.4.1.2.5), page B-33 pchassisNumSlots (1.3.6.1.4.1.5655.4.1.2.6), page B-33 pchassisSlotConfig (1.3.6.1.4.1.5655.4.1.2.7), page B-34 pchassisPsuType (1.3.6.1.4.1.5655.4.1.2.8), page B-34 pchassisLineFeedAlarm (1.3.6.1.4.1.5655.4.1.2.9), page B-34 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 427 (1.3.6.1.4.1.5655.4.1.4.1.1.7), page B-42 linkNetworkSidePortIndex (1.3.6.1.4.1.5655.4.1.4.1.1.8), page B-42 Disk Group: pcubeDiskGroup (1.3.6.1.4.1.5655.2.3.1.1.5) The Disk group provides data regarding the space utilization on the disk. Objects: diskNumUsedBytes (1.3.6.1.4.1.5655.4.1.5.1), page B-42 diskNumFreeBytes (1.3.6.1.4.1.5655.4.1.5.2), page B-43 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12...
Page 428 (1.3.6.1.4.1.5655.4.1.6.12.1.2), page B-52 Logger Group: pcubeLoggerGroup (1.3.6.1.4.1.5655.2.3.1.1.7) The Logger group is responsible for logging the system synchronous and asynchronous events. Objects: loggerUserLogEnable (1.3.6.1.4.1.5655.4.1.7.1), page B-52 loggerUserLogNumInfo (1.3.6.1.4.1.5655.4.1.7.2), page B-52 Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-10 OL-7827-12...
Page 429 (1.3.6.1.4.1.5655.4.1.8.2.1.2), page B-59 spType (1.3.6.1.4.1.5655.4.1.8.2.1.3), page B-59 spvSubName (1.3.6.1.4.1.5655.4.1.8.3.1.2), page B-61 spvPropertyName (1.3.6.1.4.1.5655.4.1.8.3.1.3), page B-61 spvRowStatus (1.3.6.1.4.1.5655.4.1.8.3.1.4), page B-61 spvPropertyStringValue (1.3.6.1.4.1.5655.4.1.8.3.1.5), page B-61 spvPropertyUintValue (1.3.6.1.4.1.5655.4.1.8.3.1.6), page B-62 spvPropertyCounter64Value (1.3.6.1.4.1.5655.4.1.8.3.1.7), page B-62 Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-11 OL-7827-12...
Page 430 (1.3.6.1.4.1.5655.4.1.9.1.1.27), page B-70 tpClearCountersTime (1.3.6.1.4.1.5655.4.1.9.1.1.28), page B-70 tpHandledPacketsRate (1.3.6.1.4.1.5655.4.1.9.1.1.29), page B-70 tpHandledPacketsRatePeak (1.3.6.1.4.1.5655.4.1.9.1.1.30), page B-70 tpHandledPacketsRatePeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.31), page B-71 tpHandledFlowsRate (1.3.6.1.4.1.5655.4.1.9.1.1.32), page B-71 tpHandledFlowsRatePeak (1.3.6.1.4.1.5655.4.1.9.1.1.33), page B-71 tpHandledFlowsRatePeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.34), page B-71 Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-12 OL-7827-12...
Page 431 (1.3.6.1.4.1.5655.4.1.11.1.1.3), page B-77 txQueuesDescription (1.3.6.1.4.1.5655.4.1.11.1.1.4), page B-78 txQueuesBandwidth (1.3.6.1.4.1.5655.4.1.11.1.1.5), page B-78 txQueuesUtilization (1.3.6.1.4.1.5655.4.1.11.1.1.6), page B-78 txQueuesUtilizationPeak (1.3.6.1.4.1.5655.4.1.11.1.1.7), page B-78 txQueuesUtilizationPeakTime (1.3.6.1.4.1.5655.4.1.11.1.1.8), page B-79 txQueuesClearCountersTime (1.3.6.1.4.1.5655.4.1.11.1.1.9), page B-79 txQueuesDroppedBytes (1.3.6.1.4.1.5655.4.1.11.1.1.10), page B-79 Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-13 OL-7827-12...
Page 432 The Traffic Counters group provides information regarding the value of different the traffic counters. Objects: trafficCounterIndex (1.3.6.1.4.1.5655.4.1.14.1.1.1), page B-88 trafficCounterValue (1.3.6.1.4.1.5655.4.1.14.1.1.2), page B-88 trafficCounterName (1.3.6.1.4.1.5655.4.1.14.1.1.3), page B-88 trafficCounterType (1.3.6.1.4.1.5655.4.1.14.1.1.4), page B-88 Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-14 OL-7827-12...
Page 433: Pcubecompliances (1.3.6.1.4.1.5655.2.3.1.2)
Module compliance is a compliance statement defined in this MIB module that defines which groups must be implemented. pcubeCompliance module-compliances (1.3.6.1.4.1.5655.2.3.1.2.1) A compliance statement defined in this MIB module, for SCE platform SNMP agents. Module Name: pcubeSeMIB Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-15 OL-7827-12...
Page 434: Pcubeworkgroup (1.3.6.1.4.1.5655.4)
(1.3.6.1.4.1.5655.4) pcubeWorkgroup is the main subtree for objects and events of the Cisco SCE platform products. Notification Types, page B-17 • • pcubeSe Objects, page B-25 Cisco SCE 2000 and SCE 1000 Software Configuration Guide...
Page 435: Notification Types
{1.3.6.1.4.1.5655.4.0.27} linkModeSniffingTrap {1.3.6.1.4.1.5655.4.0.28} moduleRedundancyReadyTrap {1.3.6.1.4.1.5655.4.0.29} moduleRedundantConfigurationMismatchTrap {1.3.6.1.4.1.5655.4.0.30} moduleLostRedundancyTrap {1.3.6.1.4.1.5655.4.0.31} moduleSmConnectionDownTrap {1.3.6.1.4.1.5655.4.0.32} moduleSmConnectionUpTrap {1.3.6.1.4.1.5655.4.0.33} moduleOperStatusChangeTrap {1.3.6.1.4.1.5655.4.0.34} portOperStatusChangeTrap {1.3.6.1.4.1.5655.4.0.35} chassisLineFeedAlarmOnTrap {1.3.6.1.4.1.5655.4.0.36} rdrFormatterCategoryDiscardingReportsTrap {1.3.6.1.4.1.5655.4.0.37} rdrFormatterCategoryStoppedDiscardingReports {1.3.6.1.4.1.5655.4.0.38} Trap sessionStartedTrap {1.3.6.1.4.1.5655.4.0.39} sessionEndedTrap {1.3.6.1.4.1.5655.4.0.40} Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-17 OL-7827-12...
Page 436 (1.3.6.1.4.1.5655.4.0.29), page B-22 • moduleRedundantConfigurationMismatchTrap (1.3.6.1.4.1.5655.4.0.30), page B-22 • moduleLostRedundancyTrap (1.3.6.1.4.1.5655.4.0.31), page B-22 • moduleSmConnectionDownTrap (1.3.6.1.4.1.5655.4.0.32), page B-23 • moduleSmConnectionUpTrap (1.3.6.1.4.1.5655.4.0.33), page B-23 • moduleOperStatusChangeTrap (1.3.6.1.4.1.5655.4.0.34), page B-23 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-18 OL-7827-12...
Page 437: Operationalstatusoperationaltrap (1.3.6.1.4.1.5655.4.0.1)
The chassisTempAlarm object in this MIB has transitioned to the On (3) state, indicating that the temperature is too high. chassisTempAlarmOffTrap (1.3.6.1.4.1.5655.4.0.6) The chassisTempAlarm object in this MIB has transitioned to the Off (2) state, indicating that the temperature level is back to normal. Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-19 OL-7827-12...
Page 438: Chassisvoltagealarmontrap (1.3.6.1.4.1.5655.4.0.7)
The SNTP agent has not received an SNTP time update for a long period, which may result in a time drift of the agent entity’s clock. linkModeBypassTrap (1.3.6.1.4.1.5655.4.0.20) The link mode has changed to bypass. Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-20 OL-7827-12...
Page 439: Linkmodeforwardingtrap (1.3.6.1.4.1.5655.4.0.21)
When the action is ‘report’, attack-direction is attack-destination, side is subscriber, IP address – = 10.1.1.1, and protocol is Other: Attack filter: Forced report to IP address 10.1.1.1, from network side, protocol Other. Attack forced using a force-filter command. Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-21 OL-7827-12...
Page 440: Moduleattackfilterdeactivatedtrap (1.3.6.1.4.1.5655.4.0.26)
Attack end forced using a 'no force-filter' or a 'dont-filter' command. Duration 13 seconds, attack comprised of 1 flows. moduleEmAgentGenericTrap (1.3.6.1.4.1.5655.4.0.27) A generic trap used by the Cisco management agent. Trap name — in pcubeSeEventGenericString1 (refer to corresponding • moduleAttackFilterActivatedTrap) Relevant parameter —...
Page 441: Modulesmconnectiondowntrap (1.3.6.1.4.1.5655.4.0.32)
(telnet/SSH) and client IP address. sessionDeniedAccessTrap (1.3.6.1.4.1.5655.4.0.41) The agent entity has refused a session from unauthorized source. The pcubeSeEventGenericString1 contains the session type (telnet/SSH) and client IP address. Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-23 OL-7827-12...
Page 442: Sessionbadlogintrap (1.3.6.1.4.1.5655.4.0.42)
An unknown subscriber could not be identified after a certain number of pull requests, and is suspected to be an intruder. pcubeSeEventGenericString1 contains subscriber ID. mplsVpnTotalHWMappingsThresholdExceededTrap (1.3.6.1.4.1.5655.4.0.48) The value of mplsVpnCurrentHWMappings exceeds the allowed threshold. Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-24 OL-7827-12...
Page 443: Pcubese Objects
(1.3.6.1.4.1.5655.4.1.3.1.1.16), page B-39 • linkTable (1.3.6.1.4.1.5655.4.1.4.1), page B-39 • linkEntry (1.3.6.1.4.1.5655.4.1.4.1.1), page B-40 • linkModuleIndex (1.3.6.1.4.1.5655.4.1.4.1.1.1), page B-40 • linkIndex (1.3.6.1.4.1.5655.4.1.4.1.1.2), page B-40 • linkAdminModeOnActive (1.3.6.1.4.1.5655.4.1.4.1.1.3), page B-41 • Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-25 OL-7827-12...
Page 444 (1.3.6.1.4.1.5655.4.1.6.11.1.3), page B-49 • rdrFormatterCategoryNumReportsDiscarded (1.3.6.1.4.1.5655.4.1.6.11.1.4), page B-50 • rdrFormatterCategoryReportRate (1.3.6.1.4.1.5655.4.1.6.11.1.5), page B-50 • rdrFormatterCategoryReportRatePeak (1.3.6.1.4.1.5655.4.1.6.11.1.6), page B-50 • rdrFormatterCategoryReportRatePeakTime (1.3.6.1.4.1.5655.4.1.6.11.1.7), page B-50 • • rdrFormatterCategoryNumReportsQueued (1.3.6.1.4.1.5655.4.1.6.11.1.8), page B-51 Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-26 OL-7827-12...
Page 445 (1.3.6.1.4.1.5655.4.1.8.2.1.2), page B-59 • spType (1.3.6.1.4.1.5655.4.1.8.2.1.3), page B-59 • subscriberPropertiesValuesTable (1.3.6.1.4.1.5655.4.1.8.3), page B-60 • subscriberPropertiesValueEntry (1.3.6.1.4.1.5655.4.1.8.3.1), page B-60 • spvIndex (1.3.6.1.4.1.5655.4.1.8.3.1.1), page B-60 • • spvSubName (1.3.6.1.4.1.5655.4.1.8.3.1.2), page B-61 Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-27 OL-7827-12...
Page 446 (1.3.6.1.4.1.5655.4.1.9.1.1.26), page B-69 • tpTotalNumTcpUdpCrcErrPackets (1.3.6.1.4.1.5655.4.1.9.1.1.27), page B-70 • tpClearCountersTime (1.3.6.1.4.1.5655.4.1.9.1.1.28), page B-70 • tpHandledPacketsRate (1.3.6.1.4.1.5655.4.1.9.1.1.29), page B-70 • tpHandledPacketsRatePeak (1.3.6.1.4.1.5655.4.1.9.1.1.30), page B-70 • • tpHandledPacketsRatePeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.31), page B-71 Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-28 OL-7827-12...
Page 447 (1.3.6.1.4.1.5655.4.1.11.1.1.9), page B-79 • txQueuesDroppedBytes (1.3.6.1.4.1.5655.4.1.11.1.1.10), page B-79 • globalControllersTable (1.3.6.1.4.1.5655.4.1.12.1), page B-79 • globalControllersEntry (1.3.6.1.4.1.5655.4.1.12.1.1), page B-80 • globalControllersModuleIndex (1.3.6.1.4.1.5655.4.1.12.1.1.1), page B-80 • • globalControllersPortIndex (1.3.6.1.4.1.5655.4.1.12.1.1.2), page B-80 Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-29 OL-7827-12...
Page 448 (1.3.6.1.4.1.5655.4.1.15.1), page B-89 • attackTypeEntry (1.3.6.1.4.1.5655.4.1.15.1.1), page B-89 • attackTypeIndex (1.3.6.1.4.1.5655.4.1.15.1.1.1), page B-89 • attackTypeName (1.3.6.1.4.1.5655.4.1.15.1.1.2), page B-89 • attackTypeCurrentNumAttacks (1.3.6.1.4.1.5655.4.1.15.1.1.3), page B-90 • • attackTypeTotalNumAttacks (1.3.6.1.4.1.5655.4.1.15.1.1.4), page B-90 Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-30 OL-7827-12...
Page 449: Sysoperationalstatus (1.3.6.1.4.1.5655.4.1.1.1)
INTEGER {1 (other) — none of the following2 (operational) — the system should enter Operational mode after abnormal boot3 (non-operational) — the system should enter Failure mode after abnormal boot Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-31 OL-7827-12...
Page 450: Sysversion (1.3.6.1.4.1.5655.4.1.1.3)
Indicates whether all the fans on the chassis are functional. Access Syntax INTEGER {1 (other) — none of the following2 (off) — all fans are functional3 (on) — one or more fans is not functional. Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-32 OL-7827-12...
Page 451: Pchassistempalarm (1.3.6.1.4.1.5655.4.1.2.4)
(on) — voltage level is out of the acceptable bounds. pchassisNumSlots (1.3.6.1.4.1.5655.4.1.2.6) Indicates the number of slots in the chassis available for plug-in modules, including both currently occupied and empty slots. Access Syntax INTEGER (0..255) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-33 OL-7827-12...
Page 452: Pchassisslotconfig (1.3.6.1.4.1.5655.4.1.2.7)
(ON) — The line feed to the chassis is not normal. One or both of the line feeds may not be connected properly or have no power. Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-34 OL-7827-12...
Page 453: Pmoduletable (1.3.6.1.4.1.5655.4.1.3.1)
} pmoduleIndex (1.3.6.1.4.1.5655.4.1.3.1.1.1) An ID number identifying the module. A unique value for each module within the chassis. Access Syntax INTEGER (1..255) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-35 OL-7827-12...
Page 454: Pmoduletype (1.3.6.1.4.1.5655.4.1.3.1.1.2)
The number of the slot in the chassis in which the module is installed. Valid entries are from 1 to the value of pchassisNumSlot s. Access Syntax INTEGER (1..255) pmoduleHwVersion (1.3.6.1.4.1.5655.4.1.3.1.1.5) The hardware version of the module. Access Syntax DisplayString Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-36 OL-7827-12...
Page 455: Pmodulenumports (1.3.6.1.4.1.5655.4.1.3.1.1.6)
(receive-only-cascade) — SCE can only receive packets from the line and the cascade ports. This mode is suitable for external splitting topology pmoduleSerialNumber (1.3.6.1.4.1.5655.4.1.3.1.1.9) The serial number of the module. Access Syntax DisplayString Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-37 OL-7827-12...
Page 456: Pmoduleupstreamattackfilteringtime (1.3.6.1.4.1.5655.4.1.3.1.1.10)
The accumulated time (in hundredths of a second) during which attack down-stream traffic was filtered. Access Syntax TimeTicks pmoduleDownStreamLastAttackFilteringTime (1.3.6.1.4.1.5655.4.1.3.1.1.13) The time (in hundredths of a second) since the previous attack filtered in the down-stream traffic. Access Syntax TimeTicks Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-38 OL-7827-12...
Page 457: Pmoduleattackobjectscleartime (1.3.6.1.4.1.5655.4.1.3.1.1.14)
SCE platform and carry in-band traffic. The number of entries is determined by the number of modules in the chassis and the number of links on each module. Access not-accessible Syntax Sequence of linkEntry Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-39 OL-7827-12...
Page 458: Linkentry (1.3.6.1.4.1.5655.4.1.4.1.1)
(1.3.6.1.4.1.5655.4.1.4.1.1.2) An index value that uniquely identifies the link within the specified module. Valid entries are 1 to the value of pmoduleNumLinks for this module. Access Syntax INTEGER (1..255) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-40 OL-7827-12...
Page 459: Linkadminmodeonactive (1.3.6.1.4.1.5655.4.1.4.1.1.3)
Sniffing — the traffic is forwarded in the same manner as in Bypass mode, however it passes through • and is analysed by the internal software and hardware modules of the SCE platform. Access Syntax LinkModeType Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-41 OL-7827-12...
Page 460: Linkstatusreflectionenable (1.3.6.1.4.1.5655.4.1.4.1.1.6)
An index value that uniquely identifies this link with the related port that is connected to the network side. Access Syntax INTEGER (0..255) diskNumUsedBytes (1.3.6.1.4.1.5655.4.1.5.1) The number of used bytes on the disk. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-42 OL-7827-12...
Page 461: Disknumfreebytes (1.3.6.1.4.1.5655.4.1.5.2)
The table may contain a maximum of three entries. Access not-accessible Syntax Sequence of rdrFormatterDestEntry Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-43 OL-7827-12...
Page 462: Rdrformatterdestentry (1.3.6.1.4.1.5655.4.1.6.2.1)
(1.3.6.1.4.1.5655.4.1.6.2.1.3) The priority given to the Collection Manager. The active Collection Manager is the Collection Manager with the highest priority whose TCP connection is up. Access Syntax (1...100) INTEGER Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-44 OL-7827-12...
Page 463: Rdrformatterdeststatus (1.3.6.1.4.1.5655.4.1.6.2.1.4)
The number of reports sent by the RDR-formatter to this destination. Access Syntax Unsigned32 (0...4294967295) rdrFormatterDestNumReportsDiscarded (1.3.6.1.4.1.5655.4.1.6.2.1.7) The number of reports dropped by the RDR-formatter at this destination. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-45 OL-7827-12...
Page 464: Rdrformatterdestreportrate (1.3.6.1.4.1.5655.4.1.6.2.1.8)
The time (in hundredths of a second) since the rdrFormatterDestReportRatePeak value occurred. Access Syntax TimeTicks rdrFormatterNumReportsSent (1.3.6.1.4.1.5655.4.1.6.3) The number of reports sent by the RDR-formatter. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-46 OL-7827-12...
Page 465: Rdrformatternumreportsdiscarded (1.3.6.1.4.1.5655.4.1.6.4)
The current rate (in reports per second) of sending reports to all destinations. Access Syntax Unsigned32 (0...4294967295) rdrFormatterReportRatePeak (1.3.6.1.4.1.5655.4.1.6.7) The maximum rate of sending reports to all destinations. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-47 OL-7827-12...
Page 466: Rdrformatterreportratepeaktime (1.3.6.1.4.1.5655.4.1.6.8)
(1.3.6.1.4.1.5655.4.1.6.11) This table describes the different categories of RDRs and supplies some statistical information about the RDRs sent to these categories Access not-accessible Syntax Sequence of rdrFormatterCategoryEntry Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-48 OL-7827-12...
Page 467: Rdrformattercategoryentry (1.3.6.1.4.1.5655.4.1.6.11.1)
INTEGER (1..4) rdrFormatterCategoryName (1.3.6.1.4.1.5655.4.1.6.11.1.2) The name of the category. Access Syntax DisplayString rdrFormatterCategoryNumReportsSent (1.3.6.1.4.1.5655.4.1.6.11.1.3) The number of reports sent by the RDR-formatter to this category. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-49 OL-7827-12...
Page 468: Rdrformattercategorynumreportsdiscarded (1.3.6.1.4.1.5655.4.1.6.11.1.4)
The maximum report rate sent to this category. Access Syntax Unsigned32 (0...4294967295) rdrFormatterCategoryReportRatePeakTime (1.3.6.1.4.1.5655.4.1.6.11.1.7) The time (in hundredths of a second) since the rdrFormatterCategoryReportRatePeak value occurred. Access Syntax TimeTicks Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-50 OL-7827-12...
Page 469: Rdrformattercategorynumreportsqueued (1.3.6.1.4.1.5655.4.1.6.11.1.8)
The priority assigned to the Collection Manager for this category. The active Collection Manager is the Collection Manager with the highest priority and a TCP connection that is up. Access Syntax INTEGER (1...100) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-51 OL-7827-12...
Page 470: Rdrformattercategorydeststatus (1.3.6.1.4.1.5655.4.1.6.12.1.2)
Unsigned32 (0...4294967295) loggerUserLogNumWarning (1.3.6.1.4.1.5655.4.1.7.3) The number of Warning messages logged into the user log file since last reboot or last time the counter was cleared. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-52 OL-7827-12...
Page 471: Loggeruserlognumerror (1.3.6.1.4.1.5655.4.1.7.4)
Writing a 0 to this object causes the user log counters to be cleared. Access Syntax TimeTicks subscribersInfoTable (1.3.6.1.4.1.5655.4.1.8.1) Data regarding subscriber management operations performed. Access not-accessible Syntax Sequence of subscribersInfoEntry Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-53 OL-7827-12...
Page 472: Subscribersinfoentry (1.3.6.1.4.1.5655.4.1.8.1.1)
The number of subscribers that may be introduced in addition to the currently introduced subscribers. Access Syntax Unsigned32 (0...4294967295) subscribersNumIpAddrMappings (1.3.6.1.4.1.5655.4.1.8.1.1.3) The current number of IP address to subscriber mappings. Access Syntax (0...4294967295) Unsigned32 Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-54 OL-7827-12...
Page 473: Subscribersnumipaddrmappingsfree (1.3.6.1.4.1.5655.4.1.8.1.1.4)
The number of free IP range to subscriber mappings that are available for defining new mappings. Access Syntax Unsigned32 (0...4294967295) subscribersNumVlanMappings (1.3.6.1.4.1.5655.4.1.8.1.1.7) The current number of VLAN to subscriber mappings Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-55 OL-7827-12...
Page 474: Subscribersnumvlanmappingsfree (1.3.6.1.4.1.5655.4.1.8.1.1.8)
The peak value of subscribersNumActive since the last time it was cleared or the system started. Access Syntax Unsigned32 (0...4294967295) subscribersNumActivePeakTime (1.3.6.1.4.1.5655.4.1.8.1.1.11) The time (in hundredths of a second) since the subscribersNumActivePeak value occurred. Access Syntax TimeTicks Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-56 OL-7827-12...
Page 475: Subscribersnumupdates (1.3.6.1.4.1.5655.4.1.8.1.1.12)
The current number of IP range to Traffic Processor mappings. Access Syntax Unsigned32 (0...4294967295) subscribersNumTpIpRangeMappingsFree (1.3.6.1.4.1.5655.4.1.8.1.1.15) The current number of IP range to Traffic Processor mappings that are available for defining new mappings. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-57 OL-7827-12...
Page 476: Subscribersnumanonymous (1.3.6.1.4.1.5655.4.1.8.1.1.16)
Syntax Sequence of subscribersPropertiesEntry subscribersPropertiesEntry (1.3.6.1.4.1.5655.4.1.8.2.1) Entry describing subscriber properties of the application relevant for a certain module. Access not-accessible Index {pmoduleIndex, spIndex} Syntax SEQUENCE {spIndex spName spType } Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-58 OL-7827-12...
Page 477: Spindex (1.3.6.1.4.1.5655.4.1.8.2.1.1)
Access Syntax DisplayString spType (1.3.6.1.4.1.5655.4.1.8.2.1.3) Property type in respect to: variable type (integer, boolean, string etc), number of elements (scalar or array), and restrictions, if any. Access Syntax DisplayString Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-59 OL-7827-12...
Page 478: Subscriberpropertiesvaluestable (1.3.6.1.4.1.5655.4.1.8.3)
Index {pmoduleIndex, spvIndex} Syntax SEQUENCE {SpvIndex spvSubName spvPropertyName spvRowStatus spvPropertyStringValue spvPropertyUintValue spvPropertyCounter64Value } spvIndex (1.3.6.1.4.1.5655.4.1.8.3.1.1) An index value that uniquely identifies the entry. Access Syntax INTEGER (1.. 1024) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-60 OL-7827-12...
Page 479: Spvsubname (1.3.6.1.4.1.5655.4.1.8.3.1.2)
Controls creation of a table entry. Only setting CreateAndGo (4) and Destroy (6) will change the status of the entry. Access Syntax RowStatus spvPropertyStringValue (1.3.6.1.4.1.5655.4.1.8.3.1.5) The value of the subscriber property in display string format. Access Syntax DisplayString (SIZE 0...128) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-61 OL-7827-12...
Page 480: Spvpropertyuintvalue (1.3.6.1.4.1.5655.4.1.8.3.1.6)
Counter64 tpInfoTable (1.3.6.1.4.1.5655.4.1.9.1) The Traffic Processor Info table consists of data regarding traffic handled by the traffic processors, classified by packets and flows. Access not-accessible Syntax Sequence of tpInfoEntry Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-62 OL-7827-12...
Page 481: Tpinfoentry (1.3.6.1.4.1.5655.4.1.9.1.1)
An index value that uniquely identifies the traffic processor within the specified module. The value is determined by the location of the traffic processor on the module. Valid entries are 1 to the value of pmoduleNumTrafficProcessors for the specified module. Access Syntax INTEGER (1...255) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-63 OL-7827-12...
Page 482: Tptotalnumhandledpackets (1.3.6.1.4.1.5655.4.1.9.1.1.3)
The number of flows currently being handled by this traffic processor. Access Syntax Unsigned32 (0...4294967295) tpNumActiveFlowsPeak (1.3.6.1.4.1.5655.4.1.9.1.1.6) The peak value of tpNumActiveFlows since the last time it was cleared or the system started. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-64 OL-7827-12...
Page 483: Tpnumactiveflowspeaktime (1.3.6.1.4.1.5655.4.1.9.1.1.7)
The peak value of tpNumTcpActiveFlows since the last time it was cleared or the system started. Access Syntax Unsigned32 (0...4294967295) tpNumTcpActiveFlowsPeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.10) The time (in hundredths of a second) since the tpNumTcpActiveFlowsPeak value occurred. Access Syntax TimeTicks Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-65 OL-7827-12...
Page 484: Tpnumudpactiveflows (1.3.6.1.4.1.5655.4.1.9.1.1.11)
The time (in hundredths of a second) since the tpNumUdpActiveFlowsPeak value occurred. Access Syntax TimeTicks tpNumNonTcpUdpActiveFlows (1.3.6.1.4.1.5655.4.1.9.1.1.14) The number of non TCP/UDP flows currently being handled by the traffic processor. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-66 OL-7827-12...
Page 485: Tpnumnontcpudpactiveflowspeak (1.3.6.1.4.1.5655.4.1.9.1.1.15)
The accumulated number of packets discarded by the traffic processor according to application blocking rules. Access Syntax Unsigned32 (0...4294967295) tpTotalNumBlockedFlows (1.3.6.1.4.1.5655.4.1.9.1.1.18) The accumulated number of flows discarded by the traffic processor according to application blocking rules. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-67 OL-7827-12...
Page 486: Tptotalnumdiscardedpacketsduetobwlimit (1.3.6.1.4.1.5655.4.1.9.1.1.19)
The accumulated number of fragmented packets handled by the traffic processor. Access Syntax Unsigned32 (0...4294967295) tpTotalNumNonIpPackets (1.3.6.1.4.1.5655.4.1.9.1.1.22) The accumulated number of non IP packets handled by the traffic processor. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-68 OL-7827-12...
Page 487: Tptotalnumipcrcerrpackets (1.3.6.1.4.1.5655.4.1.9.1.1.23)
The accumulated number of IP broadcast packets handled by the traffic processor. Access Syntax Unsigned32 (0...4294967295) tpTotalNumTtlErrPackets (1.3.6.1.4.1.5655.4.1.9.1.1.26) The accumulated number of packets with TTL error handled by the traffic processor. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-69 OL-7827-12...
Page 488: Tptotalnumtcpudpcrcerrpackets (1.3.6.1.4.1.5655.4.1.9.1.1.27)
The rate in packets per second of the packets handled by this traffic processor.. Access Syntax Unsigned32 (0... 4294967295) tpHandledPacketsRatePeak (1.3.6.1.4.1.5655.4.1.9.1.1.30) The peak value of tpHandledPacketsRate since the last time it was cleared or the system started. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-70 OL-7827-12...
Page 489: Tphandledpacketsratepeaktime (1.3.6.1.4.1.5655.4.1.9.1.1.31)
The peak value of tpHandledFlowsRate since the last time it was cleared or the system started. Access Syntax Unsigned32 (0...4294967295) tpHandledFlowsRatePeakTime (1.3.6.1.4.1.5655.4.1.9.1.1.34) The time (in hundredths of a second) since the tpHandledFlowsRatePeak value occurred. Access Syntax TimeTicks Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-71 OL-7827-12...
Page 490: Tpcpuutilization (1.3.6.1.4.1.5655.4.1.9.1.1.35)
(1.3.6.1.4.1.5655.4.1.9.1.1.37) The time (in hundredths of a second) since the pCpuUtilizationPeak value occurred. Access Syntax TimeTicks tpFlowsCapacityUtilization (1.3.6.1.4.1.5655.4.1.9.1.1.38) The percentage of flows capacity utilization. Access Syntax INTEGER (1..100) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-72 OL-7827-12...
Page 491: Tpflowscapacityutilizationpeak (1.3.6.1.4.1.5655.4.1.9.1.1.39)
A list of port entries. The number of entries is determined by the number of modules in the chassis and the number of ports on each module. Access not-accessible Syntax Sequence of pportEntry Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-73 OL-7827-12...
Page 492: Pportentry (1.3.6.1.4.1.5655.4.1.10.1.1)
The type of physical layer medium dependent interface on the port. Access Syntax INTEGER {1 (other) — none of the following11 (e100BaseTX) — UTP Fast Ethernet (Cat 5)28 (e1000BaseSX) — Short Wave fiber Giga Ethernet Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-74 OL-7827-12...
Page 493: Pportnumtxqueues (1.3.6.1.4.1.5655.4.1.10.1.1.4)
(s10000000) — 10 Mbps100000000 (s100000000) — 100 Mbps1000000000 (s1000000000) — 1 Gbps pportAdminDuplex (1.3.6.1.4.1.5655.4.1.10.1.1.7) The desired duplex of the port. Access Syntax INTEGER {1 (half) 2 (full) 4 (auto) } Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-75 OL-7827-12...
Page 494: Pportoperduplex (1.3.6.1.4.1.5655.4.1.10.1.1.8)
(otherDown) — the port is down due to other reasons txQueuesTable (1.3.6.1.4.1.5655.4.1.11.1) A list of information for each SCE platform transmit queue. Access not-accessible Syntax Sequence of txQueuesEntry Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-76 OL-7827-12...
Page 495: Txqueuesentry (1.3.6.1.4.1.5655.4.1.11.1.1)
An index value that uniquely identifies the queue within the specified port. The value is determined by the location of the queue on the port. Valid entries are 1 to the value of pportNumTxQueues for the specified port. Access Syntax INTEGER (1..255) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-77 OL-7827-12...
Page 496: Txqueuesdescription (1.3.6.1.4.1.5655.4.1.11.1.1.4)
The percentage of bandwidth utilization relative to the to the configured rate. Access Syntax INTEGER (0...100) txQueuesUtilizationPeak (1.3.6.1.4.1.5655.4.1.11.1.1.7) The peak value of txQueuesUtilization since the last time it was cleared or the system started. Access Syntax INTEGER (0...100) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-78 OL-7827-12...
Page 497: Txqueuesutilizationpeaktime (1.3.6.1.4.1.5655.4.1.11.1.1.8)
Number of dropped bytes. Valid only if the system is configured to count dropped bytes per TX queue. Access Syntax Counter64 globalControllersTable (1.3.6.1.4.1.5655.4.1.12.1) A list of information for each global controller. Access not-accessible Syntax Sequence of globalControllersEntry Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-79 OL-7827-12...
Page 498: Globalcontrollersentry (1.3.6.1.4.1.5655.4.1.12.1.1)
An index value that uniquely identifies the port on which the Global Controller is located. Access Syntax INTEGER (1..255) globalControllersIndex (1.3.6.1.4.1.5655.4.1.12.1.1.3) An index value that uniquely identifies this Global Controller within the specified port. Access Syntax INTEGER (1..255) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-80 OL-7827-12...
Page 499: Globalcontrollersdescription (1.3.6.1.4.1.5655.4.1.12.1.1.4)
The percentage of bandwidth utilization relative to the configured rate ( globalControllersBandwidth ). Access Syntax INTEGER (0...100) globalControllersUtilizationPeak (1.3.6.1.4.1.5655.4.1.12.1.1.7) The peak value of bwLimitersUtilization since the last time it was cleared or the system started. Access Syntax INTEGER (0...100) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-81 OL-7827-12...
Page 500: Globalcontrollersutilizationpeaktime (1.3.6.1.4.1.5655.4.1.12.1.1.8)
Number of dropped bytes. Valid only if the system is configured to count dropped bytes per global controller. Access Syntax Counter64 appInfoTable (1.3.6.1.4.1.5655.4.1.13.1) Information identifying the application that is currently installed in the SCE platform. Access not-accessible Syntax Sequence of appInfoEntry Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-82 OL-7827-12...
Page 501: Appinfoentry (1.3.6.1.4.1.5655.4.1.13.1.1)
Description of the application currently installed in the SCE platform. Access Syntax DisplayString appVersion (1.3.6.1.4.1.5655.4.1.13.1.1.3) Version information for the application currently installed in the SCE platform. Access Syntax DisplayString Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-83 OL-7827-12...
Page 502: Apppropertiestable (1.3.6.1.4.1.5655.4.1.13.2)
Syntax SEQUENCE {apIndex apName apType } apIndex (1.3.6.1.4.1.5655.4.1.13.2.1.1) An index value that uniquely identifies the property. Access Syntax INTEGER (1..255) apName (1.3.6.1.4.1.5655.4.1.13.2.1.2) Name of the property. Access Syntax DisplayString Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-84 OL-7827-12...
Page 503: Aptype (1.3.6.1.4.1.5655.4.1.13.2.1.3)
(1.3.6.1.4.1.5655.4.1.13.3.1) Entry providing information on the value of one of the specified application properties. Access not-accessible Index {moduleIndex, apvIndex} Syntax SEQUENCE {apvIndex apvPropertyName apvRowStatus apvPropertyStringValue apvPropertyUintValue apvPropertyCounter64Value } Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-85 OL-7827-12...
Page 504: Apvindex (1.3.6.1.4.1.5655.4.1.13.3.1.1)
DisplayString apvRowStatus (1.3.6.1.4.1.5655.4.1.13.3.1.3) Controls creation of a table entry. Access Syntax RowStatus apvPropertyStringValue (1.3.6.1.4.1.5655.4.1.13.3.1.4) The value of the application property in display string format. Access Syntax DisplayString (SIZE 0...128) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-86 OL-7827-12...
Page 505: Apvpropertyuintvalue (1.3.6.1.4.1.5655.4.1.13.3.1.5)
A list of information for each traffic counter. Access not-accessible Syntax Sequence of trafficCountersEntry trafficCountersEntry (1.3.6.1.4.1.5655.4.1.14.1.1) Entry containing information for a specified traffic counter. Access not-accessible Index {trafficCounterIndex} Syntax SEQUENCE {trafficCounterIndex trafficCounterValue trafficCounterName trafficCounterType } Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-87 OL-7827-12...
Page 506: Trafficcounterindex (1.3.6.1.4.1.5655.4.1.14.1.1.1)
Defines whether the traffic counters counts by packets (3) or by bytes (2). Access Syntax INTEGER {1 (other) — none of the following2 (bytes) — counts by bytes3 (packets) — counts by packets Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-88 OL-7827-12...
Page 507: Attacktypetable (1.3.6.1.4.1.5655.4.1.15.1)
} attackTypeIndex (1.3.6.1.4.1.5655.4.1.15.1.1.1) An index value that uniquely identifies the attack type. Access Syntax INTEGER (1..255) attackTypeName (1.3.6.1.4.1.5655.4.1.15.1.1.2) The name of the attack type. Access Syntax DisplayString Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-89 OL-7827-12...
Page 508: Attacktypecurrentnumattacks (1.3.6.1.4.1.5655.4.1.15.1.1.3)
The total number of flows in attacks of this type detected since last clear. Access Syntax Counter64 attackTypeTotalNumSeconds (1.3.6.1.4.1.5655.4.1.15.1.1.6) The total duration (in seconds) of attacks of this type detected since last clear. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-90 OL-7827-12...
Page 509: Vasserverstable (1.3.6.1.4.1.5655.4.1.16.1)
(1.3.6.1.4.1.5655.4.1.16.1.1.1) An index value that uniquely identifies the VAS server. Access Syntax Unsigned32 (0...4294967295) vasServerId (1.3.6.1.4.1.5655.4.1.16.1.1.2) The VAS server ID number in the system. Access Syntax Unsigned32 (0...4294967295) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-91 OL-7827-12...
Page 510: Vasserveradminstatus (1.3.6.1.4.1.5655.4.1.16.1.1.3)
A list of information on various system software counters related to MPLS/VPN auto-learning. Access not-accessible Syntax Sequence of mplsVpnSoftwareCountersEntry mplsVpnSoftwareCountersEntry (1.3.6.1.4.1.5655.4.1.17.1.1) Entry containing information regarding MPLS/VPN auto-learning. Access not-accessible Syntax SEQUENCE {mplsVpnMaxHWMappings mplsVpnCurrentHWMappings } Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-92 OL-7827-12...
Page 511: Mplsvpnmaxhwmappings (1.3.6.1.4.1.5655.4.1.17.1.1.1)
(1.3.6.1.4.1.5655.4) mplsVpnMaxHWMappings (1.3.6.1.4.1.5655.4.1.17.1.1.1) The maximum number of hardware mappings permitted. Access Syntax INTEGER (1..1000000) mplsVpnCurrentHWMappings (1.3.6.1.4.1.5655.4.1.17.1.1.2) The current number of hardware mappings in the system. Access Syntax INTEGER (1..1000000) Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-93 OL-7827-12...
Page 512: Supported Standards
RFC 1906: Transport Mappings for Version 2 of Obsoletes: 1449 (January 1996) the Simple Network Management Protocol (SNMPv2) RFC 2233: The Interfaces Group MIB using Extensions for the ifTable. SMIv2. Obsoleted by RFC-2863: The Interfaces Group Cisco SCE 2000 and SCE 1000 Software Configuration Guide B-94 OL-7827-12...

This manual is also suitable for:

Sce 2000 Sce 1000